diff options
619 files changed, 6883 insertions, 18996 deletions
@@ -8,192 +8,93 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## set -ex -#COMPASS_PATH=$(cd "$(dirname "$0")"/..; pwd) + COMPASS_PATH=`cd ${BASH_SOURCE[0]%/*};pwd` WORK_DIR=$COMPASS_PATH/work/building +export CACHE_DIR=$WORK_DIR/cache echo $COMPASS_PATH -# REPO related setting -REPO_PATH=$COMPASS_PATH/repo -WORK_PATH=$COMPASS_PATH - -PACKAGES="fuse fuseiso createrepo genisoimage curl" +REDHAT_REL=${REDHAT_REL:-"false"} -# PACKAGE_URL will be reset in Jenkins for different branch -export PACKAGE_URL=${PACKAGE_URL:-http://205.177.226.237:9999} +PACKAGES="curl python-pip" -mkdir -p $WORK_DIR +mkdir -p $WORK_DIR $CACHE_DIR -cd $WORK_DIR -function prepare_env() +function install_docker_ubuntu() { - set +e - for i in $PACKAGES; do - if ! apt --installed list 2>/dev/null |grep "\<$i\>" - then - sudo apt-get install -y --force-yes $i - fi - done - set -e - - if [[ ! -d $CACHE_DIR ]]; then - mkdir -p $CACHE_DIR - fi + sudo apt-get install -y linux-image-extra-$(uname -r) linux-image-extra-virtual + sudo apt-get install -y apt-transport-https ca-certificates curl \ + software-properties-common + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - + sudo apt-key fingerprint 0EBFCD88 + sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ + $(lsb_release -cs) \ + stable" + sudo apt-get update + sudo apt-get install -y docker-ce + + sudo service docker start + sudo service docker restart } -function download_git() +function install_docker_redhat() { - file_dir=$CACHE_DIR/${1%.*} - if [[ -d $file_dir/.git ]]; then - cd $file_dir - source=`git remote -v | head -n 1 | awk '{print $2}'` - if [[ $2 == $source ]]; then - git pull origin master - if [[ $? -eq 0 ]]; then - cd - - return - fi - fi - cd - - fi - rm -rf $CACHE_DIR/${1%.*} - git clone $2 $file_dir + echo "TODO" + exit 1 } -function download_url() -{ - rm -f $CACHE_DIR/$1.md5 - curl --connect-timeout 10 -o $CACHE_DIR/$1.md5 $2.md5 2>/dev/null || true - if [[ -f $CACHE_DIR/$1 ]]; then - local_md5=`md5sum $CACHE_DIR/$1 | cut -d ' ' -f 1` - repo_md5=`cat $CACHE_DIR/$1.md5 | cut -d ' ' -f 1` - if [[ $local_md5 == $repo_md5 ]]; then - return - fi - fi - - curl --connect-timeout 10 -o $CACHE_DIR/$1 $2 -} - -function download_local() -{ - if [[ $2 != $CACHE_DIR/$1 ]]; then - cp $2 $CACHE_DIR/ -rf - fi -} - -function download_packages() -{ - for i in $CENTOS_BASE $LOADERS $CIRROS $APP_PACKAGE \ - $COMPASS_CORE $COMPASS_WEB $COMPASS_INSTALL $COMPASS_PKG \ - $PIP_REPO $PIP_OPENSTACK_REPO \ - $UBUNTU_ISO $CENTOS_ISO $XENIAL_NEWTON_PPA $CENTOS7_NEWTON_PPA; do - - if [[ ! $i ]]; then - continue - fi - name=`basename $i` - - if [[ ${name##*.} == git ]]; then - download_git $name $i - elif [[ "https?" =~ ${i%%:*} || "file://" =~ ${i%%:*} ]]; then - download_url $name $i - else - download_local $name $i - fi - done - -} - -function copy_file() +function prepare_env() { - new=$1 - - # main process - mkdir -p $new/compass $new/bootstrap $new/pip $new/pip-openstack $new/guestimg $new/app_packages $new/ansible - mkdir -p $new/repos/cobbler/{ubuntu,centos,redhat}/{iso,ppa} - - rm -rf $new/.rr_moved - - if [[ $UBUNTU_ISO ]]; then - cp $CACHE_DIR/`basename $UBUNTU_ISO` $new/repos/cobbler/ubuntu/iso/ -rf + if [[ -f /etc/redhat-release ]]; then + REDHAT_REL=true fi - if [[ $XENIAL_NEWTON_PPA ]]; then - cp $CACHE_DIR/`basename $XENIAL_NEWTON_PPA` $new/repos/cobbler/ubuntu/ppa/ -rf - fi - - if [[ $CENTOS_ISO ]]; then - cp $CACHE_DIR/`basename $CENTOS_ISO` $new/repos/cobbler/centos/iso/ -rf - fi - - if [[ $CENTOS7_NEWTON_PPA ]]; then - cp $CACHE_DIR/`basename $CENTOS7_NEWTON_PPA` $new/repos/cobbler/centos/ppa/ -rf - fi - - cp $CACHE_DIR/`basename $LOADERS` $new/ -rf || exit 1 - cp $CACHE_DIR/`basename $APP_PACKAGE` $new/app_packages/ -rf || exit 1 - - if [[ $CIRROS ]]; then - cp $CACHE_DIR/`basename $CIRROS` $new/guestimg/ -rf || exit 1 + set +e + sudo docker version >/dev/null 2>&1 + if [[ $? -ne 0 ]]; then + if [[ $REDHAT_REL == false ]]; then + install_docker_ubuntu + else + install_docker_redhat + fi fi - for i in $COMPASS_CORE $COMPASS_INSTALL $COMPASS_WEB; do - cp $CACHE_DIR/`basename $i | sed 's/.git//g'` $new/compass/ -rf + for i in $PACKAGES; do + if [[ $REDHAT_REL == false ]]; then + if ! apt --installed list 2>/dev/null |grep "\<$i\>" + then + sudo apt-get install -y --force-yes $i + sudo pip install pyyaml + fi + fi + if [[ $REDHAT_REL == true ]]; then + sudo yum install $i -y + sudo pip install pyyaml + fi done - - cp $COMPASS_PATH/deploy/adapters $new/compass/compass-adapters -rf - cp $COMPASS_PATH/deploy/compass_conf/* $new/compass/compass-core/conf -rf - - tar -zxvf $CACHE_DIR/`basename $PIP_REPO` -C $new/ - tar -zxvf $CACHE_DIR/`basename $PIP_OPENSTACK_REPO` -C $new/ - - find $new/compass -name ".git" | xargs rm -rf + set -e } -function rebuild_ppa() +function download_packages() { - name=`basename $COMPASS_PKG` - rm -rf ${name%%.*} $name - cp $CACHE_DIR/$name $WORK_DIR - cp $COMPASS_PATH/repo/openstack/make_ppa/centos/comps.xml $WORK_DIR - tar -zxvf $name - cp ${name%%.*}/*.rpm $1/Packages -f - rm -rf $1/repodata/* - createrepo -g $WORK_DIR/comps.xml $1 + python $COMPASS_PATH/build/parser.py $COMPASS_PATH/build/build.yaml } -function make_iso() +function build_tar() { - download_packages - name=`basename $CENTOS_BASE` - cp $CACHE_DIR/$name ./ -f - # mount base iso - mkdir -p base new - fuseiso $name base - cd base;find .|cpio -pd ../new ;cd - - fusermount -u base - chmod 755 ./new -R - - copy_file new - rebuild_ppa new - - mkisofs -quiet -r -J -R -b isolinux/isolinux.bin \ - -no-emul-boot -boot-load-size 4 \ - -boot-info-table -hide-rr-moved \ - -x "lost+found:" \ - -o compass.iso new/ - - md5sum compass.iso > compass.iso.md5 - - # delete tmp file - rm -rf new base $name + cd $CACHE_DIR + sudo rm -rf compass_dists + mkdir -p compass_dists + sudo cp -f *.tar *.iso compass_dists + sudo tar -zcf compass.tar.gz compass-docker-compose compass_dists + sudo mv compass.tar.gz $TAR_DIR/$TAR_NAME + cd - } function process_param() { - TEMP=`getopt -o c:d:f:s:t: --long iso-dir:,iso-name:,cache-dir:,openstack_build:,feature_build:,feature_version: -n 'build.sh' -- "$@"` + TEMP=`getopt -o c:d:f:s:t: --long tar-dir:,tar-name:,cache-dir:,openstack_build:,feature_build:,feature_version: -n 'build.sh' -- "$@"` if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi @@ -201,9 +102,9 @@ function process_param() while :; do case "$1" in - -d|--iso-dir) export ISO_DIR=$2; shift 2;; - -f|--iso-name) export ISO_NAME=$2; shift 2;; - -c|--cache-dir) export CACHE_DIR=$2; shift 2;; + -d|--tar-dir) export TAR_DIR=$2; shift 2;; + -f|--tar-name) export TAR_NAME=$2; shift 2;; + -c|--cache-dir) export WORK_DIR=$2; shift 2;; -s|--openstack_build) export OPENSTACK_BUILD=$2; shift 2;; -t|--feature_build) export FEATURE_BUILD=$2; shift 2;; -v|--feature_version) export FEATURE_VERSION=$2; shift 2;; @@ -212,59 +113,15 @@ function process_param() esac done - export CACHE_DIR=${CACHE_DIR:-$WORK_DIR/cache} - export ISO_DIR=${ISO_DIR:-$WORK_DIR} - export ISO_NAME=${ISO_NAME:-"compass.iso"} + export WORK_DIR=${WORK_DIR:-$WORK_DIR/cache} + export TAR_DIR=${TAR_DIR:-$WORK_DIR} + export TAR_NAME=${TAR_NAME:-"compass.tar.gz"} export OPENSTACK_BUILD=${OPENSTACK_BUILD:-"stable"} export FEATURE_BUILD=${FEATURE_BUILD:-"stable"} # export FEATURE_VERSION=${FEATURE_VERSION:-"colorado"} } -function copy_iso() -{ - if [[ $ISO_DIR/$ISO_NAME == $WORK_DIR/compass.iso ]]; then - return - fi - - cp $WORK_DIR/compass.iso $ISO_DIR/$ISO_NAME -f -} - -# get daily repo or stable repo -function get_repo_pkg() -{ - source $COMPASS_PATH/repo/repo_func.sh - - # switch to compass4nfv directory - cd $COMPASS_PATH - - # set openstack ppa url - if [[ $OPENSTACK_BUILD == daily ]]; then - process_env - make_osppa - export PPA_URL=${PPA_URL:-$COMPASS_PATH/work/repo} - else - export PPA_URL=${PPA_URL:-$PACKAGE_URL} - fi - - # set feature pkg url - if [[ $FEATURE_BUILD == daily ]]; then - process_env - make_repo --package-tag feature - -###TODO should the packages.tar.gz include all the packages from different OPNFV versions? - - export FEATURE_URL=${FEATURE_URL:-$COMPASS_PATH/work/repo} - else - export FEATURE_URL=${FEATURE_URL:-$PACKAGE_URL} - fi - - source $COMPASS_PATH/build/build.conf - - # switch to building directory - cd $WORK_DIR -} process_param $* prepare_env -get_repo_pkg -make_iso -copy_iso +download_packages +build_tar diff --git a/build/build.conf b/build/build.conf deleted file mode 100644 index cb56e32a..00000000 --- a/build/build.conf +++ /dev/null @@ -1,32 +0,0 @@ -TIMEOUT=10 - -# PACKAGE_URL will be reset in Jenkins for different branch -#export PACKAGE_URL=${PACKAGE_URL:-http://205.177.226.237:9999} - -# Jumphost OS version -export CENTOS_BASE=${CENTOS_BASE:-$PACKAGE_URL/CentOS-7-x86_64-Minimal-1511.iso} - -# Compass git repository -export COMPASS_CORE=${COMPASS_CORE:-https://github.com/openstack/compass-core.git} -export COMPASS_WEB=${COMPASS_WEB:-https://github.com/openstack/compass-web.git} -export COMPASS_INSTALL=${COMPASS_INSTALL:-http://github.com/baigk/compass-install.git} - -# Compass core packages -export COMPASS_PKG=${COMPASS_PKG:-$PACKAGE_URL/centos7-compass-core.tar.gz} -export PIP_REPO=${PIP_REPO:-$PACKAGE_URL/pip.tar.gz} -export PIP_OPENSTACK_REPO=${PIP_OPENSTACK_REPO:-$PACKAGE_URL/pip-openstack.tar.gz} - -# OS ISO for provisioning -export CENTOS_ISO=${CENTOS_ISO:-$PACKAGE_URL/CentOS-7-x86_64-Minimal-1611.iso} # centos 7.3 -export UBUNTU_ISO=${UBUNTU_ISO:-$PACKAGE_URL/ubuntu-16.04-server-amd64.iso} # ubuntu 16.04 - -# OpenStack Packages for deployment -export XENIAL_NEWTON_PPA=${XENIAL_NEWTON_PPA:-$PPA_URL/xenial-newton-ppa.tar.gz} -export CENTOS7_NEWTON_PPA=${CENTOS7_NEWTON_PPA:-$PPA_URL/centos7-newton-ppa.tar.gz} - -# SDN Packages for integration -export APP_PACKAGE=${APP_PACKAGE:-$FEATURE_URL/packages.tar.gz} - -# Other Packages -export LOADERS=${LOADERS:-$PACKAGE_URL/loaders.tar.gz} -export CIRROS=${CIRROS:-$PACKAGE_URL/cirros-0.3.3-x86_64-disk.img} diff --git a/build/build.yaml b/build/build.yaml new file mode 100644 index 00000000..251de5bd --- /dev/null +++ b/build/build.yaml @@ -0,0 +1,46 @@ +--- +packages: + - name: CentOS-7-x86_64-Minimal-1611.iso + description: "Centos ISO of each host for provisioning" + get_method: cached + url: http://artifacts.opnfv.org/compass4nfv/package/master/CentOS-7-x86_64-Minimal-1611.iso + + - name: ubuntu-16.04-server-amd64.iso + description: "Ubuntu ISO of each host for provisioning" + get_method: cached + url: http://artifacts.opnfv.org/compass4nfv/package/master/ubuntu-16.04-server-amd64.iso + + - name: compass-deck + description: "RESTful API and DB Handlers for Compass" + get_method: docker + url: compass4nfv/compass-deck + + - name: compass-tasks-osa + description: "compass task container for openstack deployment via openstack-ansible" + get_method: docker + url: compass4nfv/compass-tasks-osa + + - name: compass-cobbler + description: "cobbler container for compass" + get_method: docker + url: compass4nfv/compass-cobbler + + - name: compass-db + description: "datebase container for compass" + get_method: docker + url: compass4nfv/compass-db + + - name: compass-mq + description: "message queue container for compass" + get_method: docker + url: compass4nfv/compass-mq + + - name: yardstick + description: "yardstick container for compass" + get_method: docker + url: opnfv/yardstick + + - name: compass-docker-compose + description: "containerized compass compose ansible" + get_method: git + url: https://github.com/Compass4NFV/compass-docker-compose.git diff --git a/build/parser.py b/build/parser.py new file mode 100644 index 00000000..b80709cb --- /dev/null +++ b/build/parser.py @@ -0,0 +1,112 @@ +############################################################################## +# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +import yaml +import os +import sys + + +def load_env(): + cache_dir = os.environ.get('CACHE_DIR') + print "Read local Cache dir is %s" % cache_dir + return cache_dir + + +def get_from_cache(cache, package): + filename = package.get("name") + remotefile = package.get("url") + localfile = cache + "/" + filename + localmd5file = localfile + ".md5" + remotemd5file = remotefile + ".md5" + print "removing local md5 file...." + cmd = "rm -f " + localmd5file + os.system(cmd) + print "downloading remote md5 file to local...." + cmd = "curl --connect-timeout 10 -o " + localmd5file + " " + remotemd5file + os.system(cmd) + if os.path.exists(localmd5file): + print "calculate md5sum of local file" + cmd = "md5sum " + localfile + "|cut -d ' ' -f 1" + localmd5sum = os.popen(cmd).readlines() + cmd = "cat " + localmd5file + "|cut -d ' ' -f 1" + remotemd5sum = os.popen(cmd).readlines() + print "md5 local %s remote %s" % (localmd5sum, remotemd5sum) + if (remotemd5sum == localmd5sum): + print "Same with remote, no need to download...." + return + print "downloading remote file to local...." + cmd = "curl --connect-timeout 10 -o " + localfile + " " + remotefile + print cmd + rc = os.system(cmd) + if rc != 0: + sys.exit(1) + + +def get_from_git(cache, package): + localfile = cache + "/" + package.get("name") + cmd = "rm -rf " + localfile + print cmd + os.system(cmd) + cmd = "git clone " + package.get("url") + " " + localfile + print cmd + rc = os.system(cmd) + if rc != 0: + sys.exit(1) + + +def get_from_docker(cache, package): + cmd = "sudo docker pull "+package.get("url") + os.system(cmd) + cmd = "sudo docker save "+package.get("url")+" -o "+cache+"/" + cmd += package.get("name")+".tar" + rc = os.system(cmd) + if rc != 0: + sys.exit(1) + + +def get_from_curl(cache, package): + cmd = "curl --connect-timeout 10 -o " + cache + "/" + cmd += package.get("name") + " " + package.get("url") + print cmd + rc = os.system(cmd) + if rc != 0: + sys.exit(1) + + +def usage(): + print "cached : Download from a cached server" + print "git : Download from git url" + print "curl : Download from a url link by curl" + print "docker : Download from docker hub" + + +def build_parser(build_file_name): + cache = load_env() + cfg = yaml.safe_load(file(build_file_name, 'r')) + + print "Starting building...." + for pkg in cfg.get("packages"): + print "processing %s" % pkg.get("description") + + if pkg.get("get_method") == "cached": + get_from_cache(cache, pkg) + elif pkg.get("get_method") == "git": + get_from_git(cache, pkg) + elif pkg.get("get_method") == "docker": + get_from_docker(cache, pkg) + elif pkg.get("get_method") == "curl": + get_from_curl(cache, pkg) + else: + usage + +if __name__ == "__main__": + if len(sys.argv) != 2: + print("parameter wrong%d %s" % (len(sys.argv), sys.argv)) + sys.exit(1) + build_parser(sys.argv[1]) diff --git a/ci/deploy_ci.sh b/ci/deploy_ci.sh index 1f206210..55a0129d 100755 --- a/ci/deploy_ci.sh +++ b/ci/deploy_ci.sh @@ -14,10 +14,6 @@ CI_DIR=$(cd $(dirname ${BASH_SOURCE:-$0});pwd) # FIXME: Some scenarios need to update. case $DEPLOY_SCENARIO in - os-odl_l2-moon-ha) - echo "os-odl_l2-moon-ha scenario supports xenial mitaka only" - exit 1 - ;; os-onos-sfc-ha) echo "os-onos-sfc-ha scenario supports mitaka only" exit 1 @@ -54,4 +50,7 @@ echo 'OPENSTACK_VERSION='$OPENSTACK_VERSION echo "#############################################" set -x +# clean up +export TAR_URL=${TAR_URL:-$ISO_URL} +sudo docker rm -f $(docker ps -aq) $CI_DIR/../deploy.sh @@ -13,8 +13,8 @@ #export OS_VERSION=xenial/centos7 # Set ISO image corresponding to your code -# export ISO_URL=file:///home/compass/compass4nfv.iso -#export ISO_URL= +# export TAR_URL=file:///home/compass/compass4nfv.iso +#export TAR_URL= # Set hardware deploy jumpserver PXE NIC # You need to comment out it when virtual deploy. @@ -28,7 +28,7 @@ # export NETWORK=/home/compass4nfv/deploy/conf/vm_environment/huawei-virtual1/network.yml #export NETWORK= -export OPENSTACK_VERSION=${OPENSTACK_VERSION:-newton} +export OPENSTACK_VERSION=${OPENSTACK_VERSION:-ocata} COMPASS_DIR=`cd ${BASH_SOURCE[0]%/*}/;pwd` export COMPASS_DIR diff --git a/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml b/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml index f328d959..f253afcc 100644 --- a/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml +++ b/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml @@ -1,259 +1,49 @@ -############################################################################## +# ############################################################################# # Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others. # # All rights reserved. This program and the accompanying materials # are made available under the terms of the Apache License, Version 2.0 # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - +# ############################################################################# --- - hosts: all remote_user: root - pre_tasks: - - name: make sure ssh dir exist - file: - path: '{{ item.path }}' - owner: '{{ item.owner }}' - group: '{{ item.group }}' - state: directory - mode: 0755 - with_items: - - path: /root/.ssh - owner: root - group: root - - - name: write ssh config - copy: - content: "UserKnownHostsFile /dev/null\nStrictHostKeyChecking no" - dest: '{{ item.dest }}' - owner: '{{ item.owner }}' - group: '{{ item.group }}' - mode: 0600 - with_items: - - dest: /root/.ssh/config - owner: root - group: root - - - name: generate ssh keys - shell: if [ ! -f ~/.ssh/id_rsa.pub ]; \ - then ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -N ""; \ - else echo "already gen ssh key!"; fi; - - - name: fetch ssh keys - fetch: - src: /root/.ssh/id_rsa.pub - dest: /tmp/ssh-keys-{{ ansible_hostname }} - flat: "yes" - - - authorized_key: - user: root - key: "{{ lookup('file', item) }}" - with_fileglob: - - /tmp/ssh-keys-* - max_fail_percentage: 0 roles: - - common - -- hosts: all - remote_user: root - max_fail_percentage: 0 - roles: - - setup-network - -- hosts: ha - remote_user: root - max_fail_percentage: 0 - roles: - - ha + - pre-openstack - hosts: controller remote_user: root - max_fail_percentage: 0 - roles: - - memcached - - apache - - database - - mq - - keystone - - nova-controller - - neutron-controller - - cinder-controller - - glance - - neutron-common - - neutron-network - - ceilometer_controller - - dashboard - - heat - - aodh - - congress - -- hosts: all - remote_user: root - max_fail_percentage: 0 roles: - - storage + - config-controller - hosts: compute remote_user: root - max_fail_percentage: 0 roles: - - nova-compute - - neutron-compute - - cinder-volume - - ceilometer_compute - -- hosts: all - remote_user: root - max_fail_percentage: 0 - roles: [] -# - moon - -- hosts: all - remote_user: root - max_fail_percentage: 0 - roles: - - secgroup - -- hosts: ceph_adm - remote_user: root - max_fail_percentage: 0 - roles: [] -# - ceph-deploy - -- hosts: ceph - remote_user: root - max_fail_percentage: 0 - roles: - - ceph-purge - - ceph-config - -- hosts: ceph_mon - remote_user: root - max_fail_percentage: 0 - roles: - - ceph-mon - -- hosts: ceph_osd - remote_user: root - max_fail_percentage: 0 - roles: - - ceph-osd - -- hosts: ceph - remote_user: root - max_fail_percentage: 0 - roles: - - ceph-openstack - -- hosts: all - remote_user: root - max_fail_percentage: 0 - roles: - - monitor - -- hosts: all - remote_user: root - max_fail_percentage: 0 - tasks: - - name: set bash to nova - user: - name: nova - shell: /bin/bash - - - name: make sure ssh dir exist - file: - path: '{{ item.path }}' - owner: '{{ item.owner }}' - group: '{{ item.group }}' - state: directory - mode: 0755 - with_items: - - path: /var/lib/nova/.ssh - owner: nova - group: nova - - - name: copy ssh keys for nova - shell: cp -rf /root/.ssh/id_rsa /var/lib/nova/.ssh; - - - name: write ssh config - copy: - content: "UserKnownHostsFile /dev/null\nStrictHostKeyChecking no" - dest: '{{ item.dest }}' - owner: '{{ item.owner }}' - group: '{{ item.group }}' - mode: 0600 - with_items: - - dest: /var/lib/nova/.ssh/config - owner: nova - group: nova - - - authorized_key: - user: nova - key: "{{ lookup('file', item) }}" - with_fileglob: - - /tmp/ssh-keys-* - - - name: chown ssh file - shell: chown -R nova:nova /var/lib/nova/.ssh; - -- hosts: all - remote_user: root - max_fail_percentage: 0 - roles: - - odl_cluster - -- hosts: all - remote_user: root - max_fail_percentage: 0 - roles: - - onos_cluster - -- hosts: all - remote_user: root - serial: 1 - max_fail_percentage: 0 - roles: - - odl_cluster_neutron + - config-compute + - storage + - rt_kvm - hosts: all remote_user: root - max_fail_percentage: 0 - roles: - - odl_cluster_post - -- hosts: controller - remote_user: root - max_fail_percentage: 0 - roles: - - ext-network - -- hosts: controller - remote_user: root - max_fail_percentage: 0 roles: -# - tacker + - sfc-pre -- hosts: controller - remote_user: root - max_fail_percentage: 0 - roles: - - openstack-post - -- hosts: controller +- hosts: localhost remote_user: root - max_fail_percentage: 0 roles: - - boot-recovery + - sfc-pre-2 + - config-osa + - setup-host + - setup-infrastructure + - setup-openstack + - sync-inventory + - setup-openvswitch + - setup-sfc + - setup-opendaylight + - post-openstack -- hosts: controller - remote_user: root - max_fail_percentage: 0 - roles: - - controller-recovery - -- hosts: compute +- hosts: moon remote_user: root - max_fail_percentage: 0 roles: - - compute-recovery + - moon diff --git a/deploy/adapters/ansible/openstack/templates/nova.conf b/deploy/adapters/ansible/openstack/templates/nova.conf index eb7ec053..114453ee 100644 --- a/deploy/adapters/ansible/openstack/templates/nova.conf +++ b/deploy/adapters/ansible/openstack/templates/nova.conf @@ -37,7 +37,6 @@ instance_usage_audit_period = hour notify_on_state_change = vm_and_task_state notification_driver = nova.openstack.common.notifier.rpc_notifier notification_driver = ceilometer.compute.nova_notifier -memcached_servers = {{ memcached_servers }} osapi_compute_workers = {{ api_workers }} metadata_workers = {{ api_workers }} @@ -119,3 +118,7 @@ rabbit_password = {{ RABBIT_PASS }} rabbit_port = 5672 rabbit_userid = {{ RABBIT_USER }} +[cache] +backend = dogpile.cache.memcached +enabled = True +memcache_servers = {{ memcached_servers }} diff --git a/deploy/adapters/ansible/openstack_newton/.gitkeep b/deploy/adapters/ansible/openstack_ocata/.gitkeep index e69de29b..e69de29b 100644 --- a/deploy/adapters/ansible/openstack_newton/.gitkeep +++ b/deploy/adapters/ansible/openstack_ocata/.gitkeep diff --git a/deploy/adapters/ansible/roles/aodh/handlers/main.yml b/deploy/adapters/ansible/roles/aodh/handlers/main.yml deleted file mode 100644 index 983de9fc..00000000 --- a/deploy/adapters/ansible/roles/aodh/handlers/main.yml +++ /dev/null @@ -1,20 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: restart aodh services - service: name={{ item }} state=restarted enabled=yes - with_items: "{{ services | union(services_noarch) }}" - -- name: aodh reload apache - service: name={{ item }} state=reloaded - with_items: "{{ http_service_name }}" - -- name: aodh restart apache - service: name={{ item }} state=restarted enabled=yes - with_items: "{{ http_service_name }}" diff --git a/deploy/adapters/ansible/roles/aodh/tasks/aodh_config.yml b/deploy/adapters/ansible/roles/aodh/tasks/aodh_config.yml deleted file mode 100644 index e165121f..00000000 --- a/deploy/adapters/ansible/roles/aodh/tasks/aodh_config.yml +++ /dev/null @@ -1,13 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: aodh db sync - shell: su -s /bin/sh -c "aodh-dbsync" aodh - notify: - - restart aodh services diff --git a/deploy/adapters/ansible/roles/aodh/tasks/aodh_install.yml b/deploy/adapters/ansible/roles/aodh/tasks/aodh_install.yml deleted file mode 100644 index 4e2e8655..00000000 --- a/deploy/adapters/ansible/roles/aodh/tasks/aodh_install.yml +++ /dev/null @@ -1,71 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - -- name: install aodh packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: "{{ packages | union(packages_noarch) }}" - -- name: update aodh conf - template: src={{ item }} dest=/etc/aodh/aodh.conf backup=yes - with_items: - - aodh.conf.j2 - notify: - - restart aodh services - -- name: write services to monitor list - lineinfile: dest=/opt/service create=yes line={{ item }} - with_items: "{{ services | union(services_noarch) }}" - -- name: remove default sqlite db - shell: rm /var/lib/aodh/aodh.sqlite || touch aodh.sqllite.db.removed - -- name: disable aodh-api service - service: name={{ item }} state=stopped enabled=no - with_items: "{{ api_service }}" - -- name: add listen port - lineinfile: - dest: '{{ apache_config_dir }}/ports.conf' - regexp: "^Listen {{ internal_ip }}:8042" - line: "Listen {{ internal_ip }}:8042" - notify: aodh restart apache - -- name: create WSGIScriptAlias Path - file: - path: /var/www/cgi-bin/aodh - state: directory - mode: 0755 - -- name: copy WSGIScriptAlias file - shell: | - cp {{WSGIScriptAlias_file}} /var/www/cgi-bin/aodh/app; - -- name: update apache2 configs - template: - src: wsgi-aodh.conf.j2 - dest: '{{ apache_config_dir }}/sites-available/aodh.conf' - when: ansible_os_family == 'Debian' - notify: aodh reload apache - -- name: enable aodh server - file: - src: "{{ apache_config_dir }}/sites-available/aodh.conf" - dest: "{{ apache_config_dir }}/sites-enabled/aodh.conf" - state: "link" - when: ansible_os_family == 'Debian' - notify: aodh reload apache - -- name: update apache2 configs - template: - src: wsgi-aodh.conf.j2 - dest: '{{ apache_config_dir }}/aodh.conf' - when: ansible_os_family == 'RedHat' - notify: aodh reload apache diff --git a/deploy/adapters/ansible/roles/aodh/templates/aodh.conf.j2 b/deploy/adapters/ansible/roles/aodh/templates/aodh.conf.j2 deleted file mode 100644 index d9eb0599..00000000 --- a/deploy/adapters/ansible/roles/aodh/templates/aodh.conf.j2 +++ /dev/null @@ -1,56 +0,0 @@ -{% set memcached_servers = [] %} -{% for host in haproxy_hosts.values() %} -{% set _ = memcached_servers.append('%s:11211'% host) %} -{% endfor %} -{% set memcached_servers = memcached_servers|join(',') %} - -[DEFAULT] -transport_url = rabbit://{{ RABBIT_USER }}:{{ RABBIT_PASS }}@{{ rabbit_host }} -rpc_backend = rabbit - -bind_host = {{ internal_ip }} -bind_port = 8042 -auth_strategy = keystone -debug = True - -[api] -host = {{ internal_ip }} - -[database] -connection = mysql://aodh:{{ AODH_DBPASS }}@{{ db_host }}/aodh - -[keystone_authtoken] -auth_uri = http://{{ internal_vip.ip }}:5000 -auth_url = http://{{ internal_vip.ip }}:35357 -memcached_servers = {{ memcached_servers }} -auth_type = password -project_domain_name = default -user_domain_name = default -project_name = service -username = aodh -password = {{ AODH_PASS }} - -identity_uri = http://{{ internal_vip.ip }}:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default -token_cache_time = 300 -revocation_cache_time = 60 - -[oslo_messaging_rabbit] -rabbit_hosts = {{ internal_vip.ip }} -rabbit_userid = {{ RABBIT_USER }} -rabbit_password = {{ RABBIT_PASS }} - -[service_credentials] -auth_type = password -auth_url = http://{{ internal_vip.ip }}:5000/v3 -project_domain_name = default -user_domain_name = default -project_name = service -username = aodh -password = {{ AODH_PASS }} -interface = internalURL -region_name = RegionOne - -endpoint_type = internalURL diff --git a/deploy/adapters/ansible/roles/aodh/templates/wsgi-aodh.conf.j2 b/deploy/adapters/ansible/roles/aodh/templates/wsgi-aodh.conf.j2 deleted file mode 100644 index 8d71075e..00000000 --- a/deploy/adapters/ansible/roles/aodh/templates/wsgi-aodh.conf.j2 +++ /dev/null @@ -1,28 +0,0 @@ -{% set work_threads = (ansible_processor_vcpus + 1) // 2 %} -{% if work_threads > 10 %} -{% set work_threads = 10 %} -{% endif %} - -<VirtualHost {{ internal_ip }}:8042> - WSGIDaemonProcess aodh-api processes=4 threads={{ work_threads }} user=aodh group=aodh display-name=%{GROUP} - WSGIProcessGroup aodh-api - WSGIScriptAlias / /var/www/cgi-bin/aodh/app - WSGIApplicationGroup %{GLOBAL} - <IfVersion >= 2.4> - ErrorLogFormat "%{cu}t %M" - </IfVersion> - ErrorLog /var/log/{{ http_service_name }}/aodh.log - CustomLog /var/log/{{ http_service_name }}/aodh_access.log combined - - <Directory /usr/lib/python2.7/dist-packages/aodh/api/> - <IfVersion >= 2.4> - Require all granted - </IfVersion> - <IfVersion < 2.4> - Order allow,deny - Allow from all - </IfVersion> - </Directory> -</VirtualHost> - -WSGISocketPrefix /var/run/{{ http_service_name }} diff --git a/deploy/adapters/ansible/roles/aodh/vars/Debian.yml b/deploy/adapters/ansible/roles/aodh/vars/Debian.yml deleted file mode 100644 index edf73641..00000000 --- a/deploy/adapters/ansible/roles/aodh/vars/Debian.yml +++ /dev/null @@ -1,27 +0,0 @@ -############################################################################# -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################# ---- -packages: - - aodh-api - - aodh-evaluator - - aodh-notifier - - aodh-listener - - aodh-expirer - - python-aodhclient - -services: - - aodh-notifier - - aodh-evaluator - - aodh-listener - -api_service: aodh-api - -apache_config_dir: /etc/apache2 -http_service_name: apache2 -WSGIScriptAlias_file: /usr/lib/python2.7/dist-packages/aodh/api/app.wsgi diff --git a/deploy/adapters/ansible/roles/aodh/vars/RedHat.yml b/deploy/adapters/ansible/roles/aodh/vars/RedHat.yml deleted file mode 100644 index dba345fb..00000000 --- a/deploy/adapters/ansible/roles/aodh/vars/RedHat.yml +++ /dev/null @@ -1,27 +0,0 @@ -############################################################################# -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################# ---- -packages: - - openstack-aodh-api - - openstack-aodh-evaluator - - openstack-aodh-notifier - - openstack-aodh-listener - - openstack-aodh-expirer - - python-aodhclient - -services: - - openstack-aodh-notifier - - openstack-aodh-evaluator - - openstack-aodh-listener - -api_service: openstack-aodh-api - -apache_config_dir: /etc/httpd/conf.d -http_service_name: httpd -WSGIScriptAlias_file: /usr/lib/python2.7/site-packages/aodh/api/app.wsgi diff --git a/deploy/adapters/ansible/roles/apache/handlers/main.yml b/deploy/adapters/ansible/roles/apache/handlers/main.yml deleted file mode 100755 index 53e600dd..00000000 --- a/deploy/adapters/ansible/roles/apache/handlers/main.yml +++ /dev/null @@ -1,12 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: restart apache related services - service: name={{ item }} state=restarted enabled=yes - with_items: "{{ services| union(services_noarch) }}" diff --git a/deploy/adapters/ansible/roles/apache/tasks/main.yml b/deploy/adapters/ansible/roles/apache/tasks/main.yml deleted file mode 100755 index f87633a6..00000000 --- a/deploy/adapters/ansible/roles/apache/tasks/main.yml +++ /dev/null @@ -1,30 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - -- name: install packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=latest update_cache=yes" - with_items: "{{ packages | union(packages_noarch) }}" - -- name: assure listen port exist - template: - dest: '{{ apache_config_dir }}/ports.conf' - src: ports.conf.j2 - notify: - - restart apache related services - -- name: remove default listen port on centos - lineinfile: - dest: /etc/httpd/conf/httpd.conf - state: absent - regexp: 'Listen 80' - when: ansible_os_family == 'RedHat' - -- meta: flush_handlers diff --git a/deploy/adapters/ansible/roles/apache/templates/openstack-dashboard.conf.j2 b/deploy/adapters/ansible/roles/apache/templates/openstack-dashboard.conf.j2 deleted file mode 100755 index 403fcc22..00000000 --- a/deploy/adapters/ansible/roles/apache/templates/openstack-dashboard.conf.j2 +++ /dev/null @@ -1,15 +0,0 @@ -{% set work_threads = (ansible_processor_vcpus + 1) // 2 %} - -<VirtualHost {{ internal_ip }}:80> - WSGIScriptAlias /horizon {{ horizon_dir }}/wsgi/django.wsgi - WSGIDaemonProcess horizon user=horizon group=horizon processes={{ work_threads }} threads={{ work_threads }} - WSGIProcessGroup horizon - Alias /static {{ horizon_dir }}/static/ - Alias /horizon/static {{ horizon_dir }}/static/ - <Directory {{ horizon_dir }}/wsgi> - Order allow,deny - Allow from all - </Directory> -</VirtualHost> - - diff --git a/deploy/adapters/ansible/roles/apache/templates/ports.conf.j2 b/deploy/adapters/ansible/roles/apache/templates/ports.conf.j2 deleted file mode 100644 index be27d195..00000000 --- a/deploy/adapters/ansible/roles/apache/templates/ports.conf.j2 +++ /dev/null @@ -1 +0,0 @@ -Listen {{ internal_ip }}:80 diff --git a/deploy/adapters/ansible/roles/boot-recovery/tasks/main.yml b/deploy/adapters/ansible/roles/boot-recovery/tasks/main.yml deleted file mode 100755 index 1521f2ff..00000000 --- a/deploy/adapters/ansible/roles/boot-recovery/tasks/main.yml +++ /dev/null @@ -1,25 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: Register RECOVERY - set_fact: RECOVERY_ENV={{RECOVERY_ENV | default('False')}} - tags: - - recovery-stop-service - -- include_vars: "{{ ansible_os_family }}.yml" - when: RECOVERY_ENV - tags: - - recovery-stop-service - -- name: stop controller services - service: name={{ item }} state=stopped enabled=yes - with_items: "{{ controller_services | union(controller_services_noarch) }}" - when: RECOVERY_ENV - tags: - - recovery-stop-service diff --git a/deploy/adapters/ansible/roles/boot-recovery/vars/Debian.yml b/deploy/adapters/ansible/roles/boot-recovery/vars/Debian.yml deleted file mode 100755 index 084deebc..00000000 --- a/deploy/adapters/ansible/roles/boot-recovery/vars/Debian.yml +++ /dev/null @@ -1,14 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -controller_services: - - cron - - aodh-expirer - - neutron-openvswitch-agent - - mysql diff --git a/deploy/adapters/ansible/roles/boot-recovery/vars/RedHat.yml b/deploy/adapters/ansible/roles/boot-recovery/vars/RedHat.yml deleted file mode 100755 index 42d9aed9..00000000 --- a/deploy/adapters/ansible/roles/boot-recovery/vars/RedHat.yml +++ /dev/null @@ -1,14 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -controller_services: - - cron - - neutron-openvswitch-agent - - openstack-aodh-expirer - - mysql diff --git a/deploy/adapters/ansible/roles/ceilometer_compute/tasks/ceilometer_config.yml b/deploy/adapters/ansible/roles/ceilometer_compute/tasks/ceilometer_config.yml deleted file mode 100644 index a5a78281..00000000 --- a/deploy/adapters/ansible/roles/ceilometer_compute/tasks/ceilometer_config.yml +++ /dev/null @@ -1,36 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - -- name: copy configs - template: - src: "{{ item }}" - dest: /opt/os_templates - with_items: - - ceilometer.conf.j2 - - nova.conf.j2 - -- name: update ceilometer configs - shell: crudini --merge {{ item.dest }} < /opt/os_templates/{{ item.src }} - with_items: - - src: nova.conf.j2 - dest: /etc/nova/nova.conf - notify: restart nova service - -- name: delete config - file: - path: /opt/os_templates/nova.conf.j2 - state: absent - -- name: write services to monitor list - lineinfile: dest=/opt/service create=yes line='{{ item }}' - with_items: "{{ ceilometer_services }}" - -- meta: flush_handlers diff --git a/deploy/adapters/ansible/roles/ceilometer_compute/tasks/ceilometer_install.yml b/deploy/adapters/ansible/roles/ceilometer_compute/tasks/ceilometer_install.yml deleted file mode 100644 index e2414262..00000000 --- a/deploy/adapters/ansible/roles/ceilometer_compute/tasks/ceilometer_install.yml +++ /dev/null @@ -1,34 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - -- name: disable auto start - copy: - content: "#!/bin/sh\nexit 101" - dest: "/usr/sbin/policy-rc.d" - mode: 0755 - when: ansible_os_family == "Debian" - -- name: install ceilometer packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: "{{ ceilometer_packages | union(packages_noarch) }}" - -- name: enable auto start - file: - path=/usr/sbin/policy-rc.d - state=absent - when: ansible_os_family == "Debian" - -- name: update ceilometer configs - template: - src: ceilometer.conf.j2 - dest: /etc/ceilometer/ceilometer.conf - backup: "yes" - notify: restart ceilometer service diff --git a/deploy/adapters/ansible/roles/ceilometer_compute/templates/ceilometer.conf.j2 b/deploy/adapters/ansible/roles/ceilometer_compute/templates/ceilometer.conf.j2 deleted file mode 100644 index bffd6068..00000000 --- a/deploy/adapters/ansible/roles/ceilometer_compute/templates/ceilometer.conf.j2 +++ /dev/null @@ -1,38 +0,0 @@ -[DEFAULT] -verbose = True -rpc_backend = rabbit -auth_strategy = keystone - -[publisher] -metering_secret = {{ metering_secret }} - -[keystone_authtoken] -auth_uri = http://{{ internal_vip.ip }}:5000 -auth_url = http://{{ internal_vip.ip }}:35357 -auth_type = password -project_domain_name = default -user_domain_name = default -project_name = service -username = ceilometer -password = {{ CEILOMETER_PASS }} - -auth_plugin = password -project_domain_id = default -user_domain_id = default - -[oslo_messaging_rabbit] -rabbit_host = {{ rabbit_host }} -rabbit_userid = {{ RABBIT_USER }} -rabbit_password = {{ RABBIT_PASS }} - -[service_credentials] -auth_url = http://{{ internal_vip.ip }}:5000 -project_domain_id = default -user_domain_id = default -auth_type = password -username = ceilometer -project_name = service -password = {{ CEILOMETER_PASS }} -interface = internalURL -region_name = RegionOne - diff --git a/deploy/adapters/ansible/roles/ceilometer_compute/templates/nova.conf.j2 b/deploy/adapters/ansible/roles/ceilometer_compute/templates/nova.conf.j2 deleted file mode 100644 index 68ffdc0a..00000000 --- a/deploy/adapters/ansible/roles/ceilometer_compute/templates/nova.conf.j2 +++ /dev/null @@ -1,7 +0,0 @@ -[DEFAULT] -instance_usage_audit = True -instance_usage_audit_period = hour -notify_on_state_change = vm_and_task_state - -[oslo_messaging_notifications] -driver = messagingv2 diff --git a/deploy/adapters/ansible/roles/ceilometer_compute/vars/Debian.yml b/deploy/adapters/ansible/roles/ceilometer_compute/vars/Debian.yml deleted file mode 100644 index 1bf3956f..00000000 --- a/deploy/adapters/ansible/roles/ceilometer_compute/vars/Debian.yml +++ /dev/null @@ -1,17 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -ceilometer_packages: - - ceilometer-agent-compute - -ceilometer_services: - - ceilometer-agent-compute - -nova_services: - - nova-compute diff --git a/deploy/adapters/ansible/roles/ceilometer_compute/vars/RedHat.yml b/deploy/adapters/ansible/roles/ceilometer_compute/vars/RedHat.yml deleted file mode 100644 index f3d5f0e1..00000000 --- a/deploy/adapters/ansible/roles/ceilometer_compute/vars/RedHat.yml +++ /dev/null @@ -1,20 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -ceilometer_packages: - - openstack-ceilometer-compute - - python-ceilometerclient - - python-pecan - -ceilometer_services: - - openstack-ceilometer-compute - - openstack-nova-compute - -nova_services: - - openstack-nova-compute diff --git a/deploy/adapters/ansible/roles/ceilometer_controller/handlers/main.yml b/deploy/adapters/ansible/roles/ceilometer_controller/handlers/main.yml deleted file mode 100644 index 2d0e3159..00000000 --- a/deploy/adapters/ansible/roles/ceilometer_controller/handlers/main.yml +++ /dev/null @@ -1,24 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: restart ceilometer service - service: name={{ item }} state=restarted enabled=yes - with_items: "{{ ceilometer_services }}" - -- name: restart glance_cinder service - service: name={{ item }} state=restarted enabled=yes - with_items: "{{ glance_cinder_services }}" - -- name: reload apache server - service: name={{ item }} state=reloaded - with_items: "{{ services }}" - -- name: restart apache server - service: name={{ item }} state=restarted enabled=yes - with_items: "{{ services }}" diff --git a/deploy/adapters/ansible/roles/ceilometer_controller/tasks/ceilometer_config.yml b/deploy/adapters/ansible/roles/ceilometer_controller/tasks/ceilometer_config.yml deleted file mode 100644 index 0a1b9735..00000000 --- a/deploy/adapters/ansible/roles/ceilometer_controller/tasks/ceilometer_config.yml +++ /dev/null @@ -1,91 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - -- name: assure listen port exist - lineinfile: - dest: '{{ apache_config_dir }}/ports.conf' - regexp: "^Listen {{ internal_ip }}:8777" - line: "Listen {{ internal_ip }}:8777" - notify: restart apache server - -- name: create WSGIScriptAlias Path - file: - path: /var/www/cgi-bin/ceilometer - state: directory - mode: 0755 - -- name: copy WSGIScriptAlias file - shell: | - cp {{WSGIScriptAlias_file}} /var/www/cgi-bin/ceilometer/app; - -- name: update apache2 configs - template: - src: wsgi-ceilometer.conf.j2 - dest: '{{ apache_config_dir }}/sites-available/ceilometer.conf' - when: ansible_os_family == 'Debian' - notify: reload apache server - -- name: enable ceilometer server - file: - src: "{{ apache_config_dir }}/sites-available/ceilometer.conf" - dest: "{{ apache_config_dir }}/sites-enabled/ceilometer.conf" - state: "link" - when: ansible_os_family == 'Debian' - notify: reload apache server - -- name: update apache2 configs - template: - src: wsgi-ceilometer.conf.j2 - dest: '{{ apache_config_dir }}/ceilometer.conf' - when: ansible_os_family == 'RedHat' - notify: reload apache server - -- name: copy glance & cinder configs - template: - src: "{{ item }}" - dest: /opt/os_templates - with_items: - - cinder.conf.j2 - - glance-api.conf.j2 - - glance-registry.conf.j2 - -- name: update configs - shell: crudini --merge {{ item.dest }} < /opt/os_templates/{{ item.src }} - with_items: - - src: cinder.conf.j2 - dest: /etc/cinder/cinder.conf - - src: glance-api.conf.j2 - dest: /etc/glance/glance-api.conf - - src: glance-registry.conf.j2 - dest: /etc/glance/glance-registry.conf - notify: restart glance_cinder service - -- name: delete configs - file: - path: /opt/os_templates/{{ item }} - state: absent - with_items: - - cinder.conf.j2 - - glance-api.conf.j2 - - glance-registry.conf.j2 - -- name: change meter polling interval to 300s - replace: - dest: /etc/ceilometer/pipeline.yaml - regexp: 'interval: .+' - replace: 'interval: 300' - notify: restart ceilometer service - -- name: write services to monitor list - lineinfile: dest=/opt/service create=yes line='{{ item }}' - with_items: "{{ ceilometer_services }}" - -- meta: flush_handlers diff --git a/deploy/adapters/ansible/roles/ceilometer_controller/tasks/ceilometer_install.yml b/deploy/adapters/ansible/roles/ceilometer_controller/tasks/ceilometer_install.yml deleted file mode 100644 index e2414262..00000000 --- a/deploy/adapters/ansible/roles/ceilometer_controller/tasks/ceilometer_install.yml +++ /dev/null @@ -1,34 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - -- name: disable auto start - copy: - content: "#!/bin/sh\nexit 101" - dest: "/usr/sbin/policy-rc.d" - mode: 0755 - when: ansible_os_family == "Debian" - -- name: install ceilometer packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: "{{ ceilometer_packages | union(packages_noarch) }}" - -- name: enable auto start - file: - path=/usr/sbin/policy-rc.d - state=absent - when: ansible_os_family == "Debian" - -- name: update ceilometer configs - template: - src: ceilometer.conf.j2 - dest: /etc/ceilometer/ceilometer.conf - backup: "yes" - notify: restart ceilometer service diff --git a/deploy/adapters/ansible/roles/ceilometer_controller/tasks/main.yml b/deploy/adapters/ansible/roles/ceilometer_controller/tasks/main.yml deleted file mode 100644 index 1e3c04d7..00000000 --- a/deploy/adapters/ansible/roles/ceilometer_controller/tasks/main.yml +++ /dev/null @@ -1,22 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include: ceilometer_install.yml - tags: - - install - - ceilometer_install - - ceilometer - -- include: ceilometer_config.yml - tags: - - config - - ceilometer_config - - ceilometer - -- meta: flush_handlers diff --git a/deploy/adapters/ansible/roles/ceilometer_controller/templates/ceilometer.conf.j2 b/deploy/adapters/ansible/roles/ceilometer_controller/templates/ceilometer.conf.j2 deleted file mode 100644 index 50271732..00000000 --- a/deploy/adapters/ansible/roles/ceilometer_controller/templates/ceilometer.conf.j2 +++ /dev/null @@ -1,52 +0,0 @@ -{% set memcached_servers = [] %} -{% for host in haproxy_hosts.values() %} -{% set _ = memcached_servers.append('%s:11211'% host) %} -{% endfor %} -{% set memcached_servers = memcached_servers|join(',') %} - -[DEFAULT] -rpc_backend = rabbit -auth_strategy = keystone -verbose = True - -[api] -host = {{ internal_ip }} - -[database] -connection = mongodb://ceilometer:{{ CEILOMETER_DBPASS }}@{{ internal_vip.ip }}:27017/ceilometer - -[keystone_authtoken] -auth_uri = http://{{ internal_vip.ip }}:5000 -auth_url = http://{{ internal_vip.ip }}:35357 -memcached_servers = {{ memcached_servers }} -auth_type = password -project_domain_name = default -user_domain_name = default -project_name = service -username = ceilometer -password = {{ CEILOMETER_PASS }} - -identity_uri = http://{{ internal_vip.ip }}:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default - -[oslo_messaging_rabbit] -rabbit_host = {{ rabbit_host }} -rabbit_userid = {{ RABBIT_USER }} -rabbit_password = {{ RABBIT_PASS }} - -[publisher] -metering_secret = {{ metering_secret }} - -[service_credentials] -auth_type = password -auth_url = http://{{ internal_vip.ip }}:5000/v3 -project_domain_name = default -user_domain_name = default -project_name = service -username = ceilometer -password = {{ CEILOMETER_PASS }} -interface = internalURL -region_name = RegionOne - diff --git a/deploy/adapters/ansible/roles/ceilometer_controller/templates/cinder.conf.j2 b/deploy/adapters/ansible/roles/ceilometer_controller/templates/cinder.conf.j2 deleted file mode 100644 index e2d19cc3..00000000 --- a/deploy/adapters/ansible/roles/ceilometer_controller/templates/cinder.conf.j2 +++ /dev/null @@ -1,2 +0,0 @@ -[oslo_messaging_notifications] -driver = messagingv2 diff --git a/deploy/adapters/ansible/roles/ceilometer_controller/templates/glance-api.conf.j2 b/deploy/adapters/ansible/roles/ceilometer_controller/templates/glance-api.conf.j2 deleted file mode 100644 index e2d19cc3..00000000 --- a/deploy/adapters/ansible/roles/ceilometer_controller/templates/glance-api.conf.j2 +++ /dev/null @@ -1,2 +0,0 @@ -[oslo_messaging_notifications] -driver = messagingv2 diff --git a/deploy/adapters/ansible/roles/ceilometer_controller/templates/glance-registry.conf.j2 b/deploy/adapters/ansible/roles/ceilometer_controller/templates/glance-registry.conf.j2 deleted file mode 100644 index e2d19cc3..00000000 --- a/deploy/adapters/ansible/roles/ceilometer_controller/templates/glance-registry.conf.j2 +++ /dev/null @@ -1,2 +0,0 @@ -[oslo_messaging_notifications] -driver = messagingv2 diff --git a/deploy/adapters/ansible/roles/ceilometer_controller/templates/wsgi-ceilometer.conf.j2 b/deploy/adapters/ansible/roles/ceilometer_controller/templates/wsgi-ceilometer.conf.j2 deleted file mode 100644 index 70ad8172..00000000 --- a/deploy/adapters/ansible/roles/ceilometer_controller/templates/wsgi-ceilometer.conf.j2 +++ /dev/null @@ -1,25 +0,0 @@ -{% set work_threads = (ansible_processor_vcpus + 1) // 2 %} -{% if work_threads > 10 %} -{% set work_threads = 10 %} -{% endif %} - -<VirtualHost {{ internal_ip }}:8777> - WSGIDaemonProcess ceilometer-api processes=4 threads={{ work_threads }} user=ceilometer group=ceilometer display-name=%{GROUP} - WSGIProcessGroup ceilometer-api - WSGIScriptAlias / /var/www/cgi-bin/ceilometer/app - WSGIApplicationGroup %{GLOBAL} - ErrorLog /var/log/{{ http_service_name }}/ceilometer_error.log - CustomLog /var/log/{{ http_service_name }}/ceilometer_access.log combined - - <Directory /usr/lib/python2.7/dist-packages/ceilometer/api/> - <IfVersion >= 2.4> - Require all granted - </IfVersion> - <IfVersion < 2.4> - Order allow,deny - Allow from all - </IfVersion> - </Directory> -</VirtualHost> - -WSGISocketPrefix /var/run/{{ http_service_name }} diff --git a/deploy/adapters/ansible/roles/ceilometer_controller/vars/Debian.yml b/deploy/adapters/ansible/roles/ceilometer_controller/vars/Debian.yml deleted file mode 100644 index cf76113f..00000000 --- a/deploy/adapters/ansible/roles/ceilometer_controller/vars/Debian.yml +++ /dev/null @@ -1,34 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -ceilometer_packages: - - ceilometer-api - - ceilometer-collector - - ceilometer-agent-central - - ceilometer-agent-notification - - ceilometer-agent-compute - - python-ceilometerclient - -ceilometer_services: - - ceilometer-agent-central - - ceilometer-agent-notification - - ceilometer-collector - -glance_cinder_services: - - glance-registry - - glance-api - - cinder-api - - cinder-scheduler - -services: - - apache2 - -apache_config_dir: /etc/apache2 -http_service_name: apache2 -WSGIScriptAlias_file: /usr/lib/python2.7/dist-packages/ceilometer/api/app.wsgi diff --git a/deploy/adapters/ansible/roles/ceilometer_controller/vars/RedHat.yml b/deploy/adapters/ansible/roles/ceilometer_controller/vars/RedHat.yml deleted file mode 100644 index f55e0e83..00000000 --- a/deploy/adapters/ansible/roles/ceilometer_controller/vars/RedHat.yml +++ /dev/null @@ -1,34 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -ceilometer_packages: - - openstack-ceilometer-api - - openstack-ceilometer-collector - - openstack-ceilometer-central - - openstack-ceilometer-notification - - openstack-ceilometer-compute - - python-ceilometerclient - -ceilometer_services: - - openstack-ceilometer-central - - openstack-ceilometer-notification - - openstack-ceilometer-collector - -glance_cinder_services: - - openstack-glance-registry - - openstack-glance-api - - openstack-cinder-api - - openstack-cinder-scheduler - -services: - - httpd - -apache_config_dir: /etc/httpd/conf.d -http_service_name: httpd -WSGIScriptAlias_file: /usr/lib/python2.7/site-packages/ceilometer/api/app.wsgi diff --git a/deploy/adapters/ansible/roles/ceph-config/files/create_osd.sh b/deploy/adapters/ansible/roles/ceph-config/files/create_osd.sh deleted file mode 100755 index dd815c22..00000000 --- a/deploy/adapters/ansible/roles/ceph-config/files/create_osd.sh +++ /dev/null @@ -1,39 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## -if [ -d "/var/local/osd" ]; then -echo "clear /var/local/osd" -rm -r /var/local/osd/ -umount /var/local/osd -rm -r /var/local/osd -fi - - -#safe check -ps -ef |grep lvremove |awk '{print $2}' |xargs kill -9 -ps -ef |grep vgremove |awk '{print $2}' |xargs kill -9 -ps -ef |grep vgcreate |awk '{print $2}' |xargs kill -9 -ps -ef |grep lvcreate |awk '{print $2}' |xargs kill -9 - -if [ -L "/dev/storage-volumes/ceph0" ]; then -echo "remove lv vg" -lvremove -f /dev/storage-volumes/ceph0 -fi - - -echo "lvcreate" -lvcreate -l 100%FREE -nceph0 storage-volumes -echo "mkfs" -mkfs.xfs -f /dev/storage-volumes/ceph0 - -if [ ! -d "/var/local/osd" ]; then -echo "mount osd" -mkdir -p /var/local/osd -mount /dev/storage-volumes/ceph0 /var/local/osd -fi - diff --git a/deploy/adapters/ansible/roles/ceph-config/tasks/create_config.yml b/deploy/adapters/ansible/roles/ceph-config/tasks/create_config.yml deleted file mode 100755 index b0be0f2e..00000000 --- a/deploy/adapters/ansible/roles/ceph-config/tasks/create_config.yml +++ /dev/null @@ -1,94 +0,0 @@ ---- -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## -- name: gen ceph fsid - shell: uuidgen - register: ceph_fsid - when: inventory_hostname in groups['ceph_adm'] - -- name: gen ceph conf - local_action: - module: "template" - src: "ceph.j2" - dest: "/tmp/ceph.conf" - when: inventory_hostname in groups['ceph_adm'] - -- name: fetch ceph conf from ceph_adm - fetch: src="/etc/ceph/ceph.conf" dest="/tmp/ceph.conf" flat=yes - delegate_to: "{{ public_vip.ip }}" - when: compute_expansion - -- name: "make directory for ceph config file" - file: path="/etc/ceph" state="directory" - -- name: copy ceph conf to dest mon node - copy: src="/tmp/ceph.conf" dest="/etc/ceph/ceph.conf" - -- name: install ceph-related packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: - - ceph - -- name: gen create monmap script - local_action: template src="create_monmap.j2" dest="/tmp/create_monmap.sh" mode=0755 - when: inventory_hostname in groups['ceph_adm'] - -- name: create monmap - script: /tmp/create_monmap.sh - when: inventory_hostname in groups['ceph_mon'] - -- name: create mon.keyring - shell: "ceph-authtool --create-keyring /tmp/ceph.mon.keyring \ - --gen-key -n mon. --cap mon 'allow *'" - when: inventory_hostname in groups['ceph_adm'] - -- name: create admin.keyring - shell: "ceph-authtool --create-keyring /etc/ceph/ceph.client.admin.keyring \ - --gen-key -n client.admin --set-uid=0 \ - --cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow'" - when: inventory_hostname in groups['ceph_adm'] - -- name: Add the client.admin key to the ceph.mon.keyring - shell: "ceph-authtool /tmp/ceph.mon.keyring \ - --import-keyring /etc/ceph/ceph.client.admin.keyring" - when: inventory_hostname in groups['ceph_adm'] - -- name: fetch mon.keyring to local - fetch: src="/tmp/ceph.mon.keyring" dest="/tmp/ceph.mon.keyring" flat=yes - when: inventory_hostname in groups['ceph_adm'] - -- name: fetch mon.keyring from ceph_adm - fetch: src="/tmp/ceph.mon.keyring" dest="/tmp/ceph.mon.keyring" flat=yes - delegate_to: "{{ public_vip.ip }}" - when: compute_expansion - -- name: fetch client.admin.keyring to local - fetch: - src: "/etc/ceph/ceph.client.admin.keyring" - dest: "/tmp/ceph.client.admin.keyring" - flat: "yes" - when: inventory_hostname in groups['ceph_adm'] - -- name: fetch mon.keyring from ceph_adm - fetch: - src: "/etc/ceph/ceph.client.admin.keyring" - dest: "/tmp/ceph.client.admin.keyring" - flat: "yes" - delegate_to: "{{ public_vip.ip }}" - when: compute_expansion - -- name: copy mon.keyring to remote nodes - copy: src="/tmp/ceph.mon.keyring" dest="/tmp/ceph.mon.keyring" - -- name: copy admin.keyring to remote nodes - copy: - src: "/tmp/ceph.client.admin.keyring" - dest: "/etc/ceph/ceph.client.admin.keyring" - -- meta: flush_handlers diff --git a/deploy/adapters/ansible/roles/ceph-config/tasks/main.yml b/deploy/adapters/ansible/roles/ceph-config/tasks/main.yml deleted file mode 100755 index 49feab61..00000000 --- a/deploy/adapters/ansible/roles/ceph-config/tasks/main.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## -- include: create_config.yml - tags: - - ceph_config - - ceph_deploy - - ceph_mon diff --git a/deploy/adapters/ansible/roles/ceph-config/templates/ceph.j2 b/deploy/adapters/ansible/roles/ceph-config/templates/ceph.j2 deleted file mode 100755 index bd0e3f5d..00000000 --- a/deploy/adapters/ansible/roles/ceph-config/templates/ceph.j2 +++ /dev/null @@ -1,25 +0,0 @@ -[global] -fsid = {{ ceph_fsid.stdout }} -mon initial members = {{ groups["ceph_mon"] | join(", ")}} -mon host = -{%- for host in groups["ceph_mon"] -%} -{{ ', ' if not loop.first else ''}}{{ ip_settings[host].mgmt.ip }} -{%- endfor %} - -public network = {{ mgmt_cidr }} -cluster network = {{ storage_cidr }} - -auth cluster required = cephx -auth service required = cephx -auth client required = cephx - -osd journal size = 1024 -filestore xattr use omap = true -osd pool default size = 1 -osd pool default min size = 1 -osd pool default pg num = 333 -osd pool default pgp num = 333 -osd crush chooseleaf type = 1 - -debug mon = 1 -debug ms = 0 diff --git a/deploy/adapters/ansible/roles/ceph-config/templates/create_monmap.j2 b/deploy/adapters/ansible/roles/ceph-config/templates/create_monmap.j2 deleted file mode 100644 index 7d1eb9d7..00000000 --- a/deploy/adapters/ansible/roles/ceph-config/templates/create_monmap.j2 +++ /dev/null @@ -1,5 +0,0 @@ -monmaptool --create --clobber --fsid {{ ceph_fsid.stdout }} -{%- for host in groups['ceph_mon']%} - --add {{host}} {{ ip_settings[host].mgmt.ip }}:6789 -{%- endfor %} - /tmp/monmap diff --git a/deploy/adapters/ansible/roles/ceph-config/templates/dump_var.j2 b/deploy/adapters/ansible/roles/ceph-config/templates/dump_var.j2 deleted file mode 100755 index a4a9b155..00000000 --- a/deploy/adapters/ansible/roles/ceph-config/templates/dump_var.j2 +++ /dev/null @@ -1,8 +0,0 @@ -HOSTVARS (ANSIBLE GATHERED, group_vars, host_vars) : - -{{ hostvars[inventory_hostname] | to_yaml }} - -PLAYBOOK VARS: - -{{ vars | to_yaml }} - diff --git a/deploy/adapters/ansible/roles/ceph-mon/tasks/install_mon.yml b/deploy/adapters/ansible/roles/ceph-mon/tasks/install_mon.yml deleted file mode 100644 index f5600bec..00000000 --- a/deploy/adapters/ansible/roles/ceph-mon/tasks/install_mon.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - -- include_vars: "{{ ansible_os_family }}.yml" - -- name: Create a default data directory - file: path="/var/lib/ceph/mon/ceph-{{ inventory_hostname }}" state="directory" - -- name: Populate the monitor daemon - shell: "ceph-mon --mkfs -i {{ inventory_hostname }} --monmap /tmp/monmap \ - --keyring /tmp/ceph.mon.keyring" - -- name: Change ceph/mon dir owner to ceph - shell: "chown -R ceph:ceph /var/lib/ceph/mon" - when: ansible_os_family == "Debian" - -- name: copy templates - template: - src: ceph-mon.service - dest: /lib/systemd/system/ceph-mon.service - mode: 0755 - when: ansible_os_family == "Debian" - -- name: Touch the done and auto start file - file: - path: "/var/lib/ceph/mon/ceph-{{ inventory_hostname }}/{{ item }}" - state: "touch" - with_items: - - "done" - - "{{ ceph_start_type }}" - -- name: start mon daemon - shell: "{{ ceph_start_script }}" - -- name: wait for creating osd keyring - wait_for: path=/var/lib/ceph/bootstrap-osd/ceph.keyring - -- name: fetch osd keyring - fetch: - src: "/var/lib/ceph/bootstrap-osd/ceph.keyring" - dest: "/tmp/ceph.osd.keyring" - flat: "yes" - run_once: "True" diff --git a/deploy/adapters/ansible/roles/ceph-mon/tasks/main.yml b/deploy/adapters/ansible/roles/ceph-mon/tasks/main.yml deleted file mode 100644 index 5aa0694d..00000000 --- a/deploy/adapters/ansible/roles/ceph-mon/tasks/main.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## -- include: install_mon.yml - when: inventory_hostname in groups["ceph_mon"] - tags: - - ceph_mon - - ceph_deploy diff --git a/deploy/adapters/ansible/roles/ceph-mon/templates/ceph-mon.service b/deploy/adapters/ansible/roles/ceph-mon/templates/ceph-mon.service deleted file mode 100644 index 5a3cf753..00000000 --- a/deploy/adapters/ansible/roles/ceph-mon/templates/ceph-mon.service +++ /dev/null @@ -1,22 +0,0 @@ -[Unit] -Description=Ceph cluster monitor daemon -Documentation=man:ceph-mon - -After=network-online.target local-fs.target ceph-create-keys.service -Wants=network-online.target local-fs.target ceph-create-keys.service - -PartOf=ceph.target - -[Service] -LimitNOFILE=1048576 -LimitNPROC=1048576 -EnvironmentFile=-/etc/default/ceph -Environment=CLUSTER=ceph -ExecStart=/usr/bin/ceph-mon -f --cluster ${CLUSTER} --id {{ inventory_hostname }} --setuser ceph --setgroup ceph -ExecReload=/bin/kill -HUP $MAINPID -Restart=on-failure -RestartSec=30 -TasksMax=infinity - -[Install] -WantedBy=multi-user.target diff --git a/deploy/adapters/ansible/roles/ceph-mon/vars/Debian.yml b/deploy/adapters/ansible/roles/ceph-mon/vars/Debian.yml deleted file mode 100644 index a792acad..00000000 --- a/deploy/adapters/ansible/roles/ceph-mon/vars/Debian.yml +++ /dev/null @@ -1,12 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- - -ceph_start_script: "service ceph-mon start" -ceph_start_type: "systemd" diff --git a/deploy/adapters/ansible/roles/ceph-mon/vars/RedHat.yml b/deploy/adapters/ansible/roles/ceph-mon/vars/RedHat.yml deleted file mode 100644 index fa19fc08..00000000 --- a/deploy/adapters/ansible/roles/ceph-mon/vars/RedHat.yml +++ /dev/null @@ -1,12 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- - -ceph_start_script: "/etc/init.d/ceph start mon.{{ inventory_hostname }}" -ceph_start_type: "sysvinit" diff --git a/deploy/adapters/ansible/roles/ceph-mon/vars/main.yml b/deploy/adapters/ansible/roles/ceph-mon/vars/main.yml deleted file mode 100644 index d760b4e6..00000000 --- a/deploy/adapters/ansible/roles/ceph-mon/vars/main.yml +++ /dev/null @@ -1,9 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- diff --git a/deploy/adapters/ansible/roles/ceph-openstack/tasks/ceph_openstack_conf.yml b/deploy/adapters/ansible/roles/ceph-openstack/tasks/ceph_openstack_conf.yml deleted file mode 100755 index 84515267..00000000 --- a/deploy/adapters/ansible/roles/ceph-openstack/tasks/ceph_openstack_conf.yml +++ /dev/null @@ -1,124 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: chown of glance/api.log - shell: chown -R glance:glance /var/log/glance - when: inventory_hostname in groups['controller'] - tags: - - ceph_conf_glance - ignore_errors: "True" - -- name: modify glance-api.conf for ceph - shell: | - sed -i 's/^\(default_store\).*/\1 = rbd/g' /etc/glance/glance-api.conf; - sed -i '/^\[glance_store/a rbd_store_pool = images' \ - /etc/glance/glance-api.conf; - sed -i '/^\[glance_store/a rbd_store_user = glance' \ - /etc/glance/glance-api.conf; - sed -i '/^\[glance_store/a rbd_store_ceph_conf = /etc/ceph/ceph.conf' \ - /etc/glance/glance-api.conf; - sed -i '/^\[glance_store/a rbd_store_chunk_size = 8' \ - /etc/glance/glance-api.conf; - sed -i '/^\[glance_store/a show_image_direct_url=True' \ - /etc/glance/glance-api.conf; - when: inventory_hostname in groups['controller'] - tags: - - ceph_conf_glance - -- name: remove glance-api log - shell: | - rm -f /var/log/glance/api.log; - chown -R glance:glance /var/log/glance; - when: inventory_hostname in groups['controller'] - tags: - - ceph_conf_glance - ignore_errors: "True" - -- name: restart glance service - shell: service {{ glance_service }} restart - register: result - until: result.rc == 0 - retries: 10 - delay: 3 - when: inventory_hostname in groups['controller'] - tags: - - ceph_conf_glance - -- name: modify cinder.conf for ceph - shell: | - sed -i 's/^\(volume_driver\).*/\1 = cinder.volume.drivers.rbd.RBDDriver/g' \ - /etc/cinder/cinder.conf; - sed -i 's/^\(rbd_secret_uuid\).*/\1 = {{ ceph_uuid }}/g' \ - /etc/cinder/cinder.conf; - sed -i '/^\[DEFAULT/a rbd_pool = volumes' \ - /etc/cinder/cinder.conf; - sed -i '/^\[DEFAULT/a rbd_ceph_conf = /etc/ceph/ceph.conf' \ - /etc/cinder/cinder.conf; - sed -i '/^\[DEFAULT/a rbd_flatten_volume_from_snapshot = false' \ - /etc/cinder/cinder.conf; - sed -i '/^\[DEFAULT/a rbd_max_clone_depth = 5' \ - /etc/cinder/cinder.conf; - sed -i '/^\[DEFAULT/a rbd_store_chunk_size = 4' \ - /etc/cinder/cinder.conf; - sed -i '/^\[DEFAULT/a rados_connect_timeout = -1' \ - /etc/cinder/cinder.conf; - sed -i '/^\[DEFAULT/a glance_api_version = 2' \ - /etc/cinder/cinder.conf; - sed -i '/^\[DEFAULT/a rbd_user = cinder' \ - /etc/cinder/cinder.conf; - sed -i '/^\[DEFAULT/a rbd_secret_uuid = {{ ceph_uuid }}' \ - /etc/cinder/cinder.conf; - when: inventory_hostname in groups['compute'] - tags: - - ceph_conf_cinder - -- name: restart cinder service - shell: service {{ cinder_service }} restart - register: result - until: result.rc == 0 - retries: 10 - delay: 3 - when: inventory_hostname in groups['compute'] - tags: - - ceph_conf_cinder - -- name: modify nova.conf for ceph - shell: | - sed -i 's/^\(images_type\).*/\1 = rbd/g' \ - /etc/nova/nova-compute.conf; - sed -i 's/^\(rbd_secret_uuid\).*/\1 = {{ ceph_uuid }}/g' \ - /etc/nova/nova-compute.conf; - when: inventory_hostname in groups['compute'] - tags: - - ceph_conf_nova - -- name: modify nova.conf libvirt for ceph - blockinfile: - dest: /etc/nova/nova-compute.conf - insertafter: "libvirt" - block: | - images_rbd_pool = vms - images_rbd_ceph_conf = /etc/ceph/ceph.conf - rbd_user = cinder - rbd_secret_uuid = {{ ceph_uuid }} - disk_cachemodes = "network=writeback" - live_migration_flag = "{{ live_migration_flag | join(',') }}" - when: inventory_hostname in groups['compute'] - tags: - - ceph_conf_nova - -- name: restart nova service - shell: service {{ nova_service }} restart - register: result - until: result.rc == 0 - retries: 10 - delay: 3 - when: inventory_hostname in groups['compute'] - tags: - - ceph_conf_nova diff --git a/deploy/adapters/ansible/roles/ceph-openstack/tasks/ceph_openstack_pre.yml b/deploy/adapters/ansible/roles/ceph-openstack/tasks/ceph_openstack_pre.yml deleted file mode 100755 index a9eb81af..00000000 --- a/deploy/adapters/ansible/roles/ceph-openstack/tasks/ceph_openstack_pre.yml +++ /dev/null @@ -1,120 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: gen ceph uuid - shell: uuidgen - register: ceph_uuid_out - run_once: true - tags: - - ceph_copy_secret - -- name: set ceph uuid var - set_fact: - ceph_uuid: "{{ ceph_uuid_out.stdout_lines[0] }}" - when: not compute_expansion - tags: - - ceph_copy_secret - -- name: save ceph uuid for expansion - copy: content="{{ ceph_uuid }}" dest=/etc/ceph/ceph.uuid.libvirt - when: not compute_expansion and inventory_hostname in groups['controller'] - tags: - - ceph_copy_secret - -- name: fetch ceph uuid from controller node for expansion - shell: cat /etc/ceph/ceph.uuid.libvirt - register: ceph_uuid_out - delegate_to: "{{ public_vip.ip }}" - when: compute_expansion and inventory_hostname in groups['compute'] - tags: - - ceph_copy_secret - -- name: set ceph uuid var for expansion - set_fact: - ceph_uuid: "{{ ceph_uuid_out.stdout_lines[0] }}" - when: compute_expansion and inventory_hostname in groups['compute'] - tags: - - ceph_copy_secret - -- name: gen template secret.xml - local_action: - module: "template" - src: "secret.j2" - dest: "/tmp/secret.xml" - mode: "0777" - when: inventory_hostname in groups['ceph_adm'] - tags: - - ceph_copy_secret - -- name: create pool - shell: ceph osd pool create {{ item }} 50 - with_items: - - volumes - - images - - backups - - vms - when: inventory_hostname in groups['ceph_adm'] - -# yamllint disable rule:line-length -- name: create ceph users for openstack - shell: | - ceph auth get-or-create client.cinder mon 'allow r' osd \ - 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rx pool=images'; - ceph auth get-or-create client.glance mon 'allow r' osd \ - 'allow class-read object_prefix rbd_children, allow rwx pool=images'; - when: inventory_hostname in groups['ceph_adm'] -# yamllint enable rule:line-length - -- name: send glance key to controller nodes - shell: | - ceph auth get-or-create client.glance | \ - tee /etc/ceph/ceph.client.glance.keyring; - chown glance:glance /etc/ceph/ceph.client.glance.keyring; - when: inventory_hostname in groups['controller'] - -- name: send cinder key to compute nodes - shell: | - ceph auth get-or-create client.cinder | \ - tee /etc/ceph/ceph.client.cinder.keyring; - chown cinder:cinder /etc/ceph/ceph.client.cinder.keyring; - when: inventory_hostname in groups['compute'] - tags: - - ceph_send_key - -- name: copy cinder key to compute node - shell: ceph auth get-key client.cinder | tee client.cinder.key - when: inventory_hostname in groups['compute'] - tags: - - ceph_copy_secret - -- name: copy secret.xml to compute nodes - copy: src="/tmp/secret.xml" dest="~/secret.xml" - when: inventory_hostname in groups['compute'] - tags: - - ceph_copy_secret - -- name: undefine libvirt secret in case of repeatedly execute ceph_deploy - shell: | - virsh secret-list | awk '$1 ~ /[0-9]+/ {print $1}' | \ - xargs virsh secret-undefine - when: inventory_hostname in groups['compute'] - tags: - - ceph_copy_secret - ignore_errors: "True" - - -- name: create key for libvirt on compute nodes - shell: | - virsh secret-define --file ~/secret.xml; - virsh secret-set-value --secret {{ ceph_uuid }} \ - --base64 $(cat client.cinder.key); - when: inventory_hostname in groups['compute'] - tags: - - ceph_copy_secret - ignore_errors: "True" diff --git a/deploy/adapters/ansible/roles/ceph-openstack/tasks/main.yml b/deploy/adapters/ansible/roles/ceph-openstack/tasks/main.yml deleted file mode 100644 index c34d1376..00000000 --- a/deploy/adapters/ansible/roles/ceph-openstack/tasks/main.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## -- include_vars: "{{ ansible_os_family }}.yml" - tags: - - ceph_deploy - - ceph_openstack_pre - - ceph_openstack_conf - - ceph_openstack_post - - ceph_openstack - -- include: ceph_openstack_pre.yml - tags: - - ceph_deploy - - ceph_openstack_pre - - ceph_openstack - -- include: ceph_openstack_conf.yml - tags: - - ceph_deploy - - ceph_openstack_conf - - ceph_openstack - -- include: ceph_openstack_post.yml - tags: - - ceph_deploy - - ceph_openstack_post - - ceph_openstack diff --git a/deploy/adapters/ansible/roles/ceph-openstack/templates/secret.j2 b/deploy/adapters/ansible/roles/ceph-openstack/templates/secret.j2 deleted file mode 100644 index 0195e099..00000000 --- a/deploy/adapters/ansible/roles/ceph-openstack/templates/secret.j2 +++ /dev/null @@ -1,6 +0,0 @@ -<secret ephemeral='no' private='no'> - <uuid>{{ ceph_uuid }}</uuid> - <usage type='ceph'> - <name>client.cinder secret</name> - </usage> -</secret> diff --git a/deploy/adapters/ansible/roles/ceph-openstack/vars/Debian.yml b/deploy/adapters/ansible/roles/ceph-openstack/vars/Debian.yml deleted file mode 100755 index db10bd14..00000000 --- a/deploy/adapters/ansible/roles/ceph-openstack/vars/Debian.yml +++ /dev/null @@ -1,30 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages: - - ceph-deploy - - python-flask - - libgoogle-perftools4 - - libleveldb1v5 - - liblttng-ust0 - - libsnappy1v5 - - librbd1 - - librados2 - - python-ceph - - ceph - - ceph-mds - - ceph-common - - ceph-fs-common - - gdisk - -services: [] - -cinder_service: cinder-volume -nova_service: nova-compute -glance_service: glance-api diff --git a/deploy/adapters/ansible/roles/ceph-openstack/vars/RedHat.yml b/deploy/adapters/ansible/roles/ceph-openstack/vars/RedHat.yml deleted file mode 100755 index fc60bf55..00000000 --- a/deploy/adapters/ansible/roles/ceph-openstack/vars/RedHat.yml +++ /dev/null @@ -1,19 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages: - - ceph-radosgw - - fcgi - - ceph - -services: [] - -cinder_service: openstack-cinder-volume -nova_service: openstack-nova-compute -glance_service: openstack-glance-api diff --git a/deploy/adapters/ansible/roles/ceph-openstack/vars/main.yml b/deploy/adapters/ansible/roles/ceph-openstack/vars/main.yml deleted file mode 100755 index 32ebfc5f..00000000 --- a/deploy/adapters/ansible/roles/ceph-openstack/vars/main.yml +++ /dev/null @@ -1,20 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages_noarch: [] - -ceph_cluster_dir: - - /root/ceph-cluster - -live_migration_flag: - - 'VIR_MIGRATE_UNDEFINE_SOURCE' - - 'VIR_MIGRATE_PEER2PEER' - - 'VIR_MIGRATE_LIVE' - - 'VIR_MIGRATE_PERSIST_DEST' - - 'VIR_MIGRATE_TUNNELLED' diff --git a/deploy/adapters/ansible/roles/ceph-osd/files/ceph-crush-location.in b/deploy/adapters/ansible/roles/ceph-osd/files/ceph-crush-location.in deleted file mode 100644 index d7637510..00000000 --- a/deploy/adapters/ansible/roles/ceph-osd/files/ceph-crush-location.in +++ /dev/null @@ -1,79 +0,0 @@ -#!/bin/sh -# -# Generate a CRUSH location for the given entity -# -# The CRUSH location consists of a list of key=value pairs, separated -# by spaces, all on a single line. This describes where in CRUSH -# hierarhcy this entity should be placed. -# -# Arguments: -# --cluster <clustername> name of the cluster (see /etc/ceph/$cluster.conf) -# --type <osd|mds|client> daemon/entity type -# --id <id> id (osd number, mds name, client name) -# - -# if we start up as ./ceph-crush-location, assume everything else is -# in the current directory too. -if [ `dirname $0` = "." ] && [ $PWD != "/usr/bin" ]; then - BINDIR=. - SBINDIR=. - LIBDIR=. - ETCDIR=. -else - BINDIR=@bindir@ - SBINDIR=@prefix@/sbin - LIBDIR=@libdir@/ceph - ETCDIR=@sysconfdir@/ceph -fi - -usage_exit() { - echo "usage: $0 [--cluster <cluster>] --id <id> --type <osd|mds|client>" - exit -} - -cluster="ceph" -type="" -id="" -while [ $# -ge 1 ]; do - case $1 in - --cluster | -C) - shift - cluster="$1" - shift - ;; - --id | -i) - shift - id="$1" - shift - ;; - --type | -t) - shift - type="$1" - shift - ;; - *) - echo "unrecognized option '$1'" - usage_exit - ;; - esac -done - -if [ -z "$type" ]; then - echo "must specify entity type" - usage_exit -fi - -if [ -z "$id" ]; then - echo "must specify id" - usage_exit -fi - -# try a generic location -location="$($BINDIR/ceph-conf --cluster=${cluster:-ceph} --name=$type.$id --lookup crush_location || :)" -if [ -n "$location" ]; then - echo $location - exit 0 -fi - -# spit out something generic -echo "host=$(hostname -s) root=default" diff --git a/deploy/adapters/ansible/roles/ceph-osd/files/create_osd.sh b/deploy/adapters/ansible/roles/ceph-osd/files/create_osd.sh deleted file mode 100755 index dd815c22..00000000 --- a/deploy/adapters/ansible/roles/ceph-osd/files/create_osd.sh +++ /dev/null @@ -1,39 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## -if [ -d "/var/local/osd" ]; then -echo "clear /var/local/osd" -rm -r /var/local/osd/ -umount /var/local/osd -rm -r /var/local/osd -fi - - -#safe check -ps -ef |grep lvremove |awk '{print $2}' |xargs kill -9 -ps -ef |grep vgremove |awk '{print $2}' |xargs kill -9 -ps -ef |grep vgcreate |awk '{print $2}' |xargs kill -9 -ps -ef |grep lvcreate |awk '{print $2}' |xargs kill -9 - -if [ -L "/dev/storage-volumes/ceph0" ]; then -echo "remove lv vg" -lvremove -f /dev/storage-volumes/ceph0 -fi - - -echo "lvcreate" -lvcreate -l 100%FREE -nceph0 storage-volumes -echo "mkfs" -mkfs.xfs -f /dev/storage-volumes/ceph0 - -if [ ! -d "/var/local/osd" ]; then -echo "mount osd" -mkdir -p /var/local/osd -mount /dev/storage-volumes/ceph0 /var/local/osd -fi - diff --git a/deploy/adapters/ansible/roles/ceph-osd/tasks/install_osd.yml b/deploy/adapters/ansible/roles/ceph-osd/tasks/install_osd.yml deleted file mode 100644 index 2a9ea3a5..00000000 --- a/deploy/adapters/ansible/roles/ceph-osd/tasks/install_osd.yml +++ /dev/null @@ -1,64 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: create osd lv and mount it on /var/local/osd - script: create_osd.sh - -- name: fetch osd keyring from ceph_adm - fetch: - src: "/var/lib/ceph/bootstrap-osd/ceph.keyring" - dest: "/tmp/ceph.osd.keyring" - flat: "yes" - delegate_to: "{{ public_vip.ip }}" - when: compute_expansion - -- name: copy osd keyring - copy: - src: "/tmp/ceph.osd.keyring" - dest: "/var/lib/ceph/bootstrap-osd/ceph.keyring" - -- name: prepare osd disk - shell: ceph-disk prepare --fs-type xfs /var/local/osd - -- name: change local/osd dir owner to ceph - shell: chown -R ceph:ceph /var/local/osd - when: ansible_os_family == "Debian" - -- name: copy ceph-crush-location to osd host - copy: - src: ceph-crush-location.in - dest: /usr/bin/ceph-crush-location - mode: 0755 - when: ansible_os_family == "RedHat" - -- name: activate osd node - shell: ceph-disk activate /var/local/osd - -- name: enable ceph service - service: name=ceph enabled=yes - -- name: rebuild osd after reboot - blockinfile: - dest: /etc/init/ceph-osd-all-starter.conf - insertafter: "^task" - block: | - pre-start script - set -e - /opt/setup_storage/losetup.sh - sleep 3 - mount /dev/storage-volumes/ceph0 /var/local/osd - end script - when: ansible_os_family == "Debian" - -- name: rebuild osd after reboot for centos - lineinfile: - dest: /etc/init.d/ceph - insertafter: "^### END INIT INFO" - line: "\nsleep 1\nmount /dev/storage-volumes/ceph0 /var/local/osd" - when: ansible_os_family == "RedHat" diff --git a/deploy/adapters/ansible/roles/ceph-osd/tasks/main.yml b/deploy/adapters/ansible/roles/ceph-osd/tasks/main.yml deleted file mode 100644 index bc1b29b6..00000000 --- a/deploy/adapters/ansible/roles/ceph-osd/tasks/main.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## -- include: install_osd.yml - when: inventory_hostname in groups["ceph_osd"] - tags: - - ceph_osd - - ceph_deploy diff --git a/deploy/adapters/ansible/roles/ceph-purge/tasks/main.yml b/deploy/adapters/ansible/roles/ceph-purge/tasks/main.yml deleted file mode 100644 index 663641ba..00000000 --- a/deploy/adapters/ansible/roles/ceph-purge/tasks/main.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## -- name: clear tmp files - local_action: shell rm -rf /tmp/ceph* - tags: - - ceph_purge - - ceph_deploy - -- name: install ceph-related packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: - - ceph-deploy - tags: - - ceph_purge - - ceph_deploy - when: ansible_os_family == "Debian" - -- name: purge ceph - shell: | - ceph-deploy purge {{ inventory_hostname }}; - ceph-deploy purgedata {{ inventory_hostname }}; - ceph-deploy forgetkeys - tags: - - ceph_purge - - ceph_deploy - when: ansible_os_family == "Debian" - -- name: remove monmap - file: path="/tmp/monmap" state="absent" - tags: - - ceph_purge - - ceph_deploy diff --git a/deploy/adapters/ansible/roles/cinder-controller/handlers/main.yml b/deploy/adapters/ansible/roles/cinder-controller/handlers/main.yml deleted file mode 100644 index 5791cd18..00000000 --- a/deploy/adapters/ansible/roles/cinder-controller/handlers/main.yml +++ /dev/null @@ -1,12 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: restart cinder control serveice - service: name={{ item }} state=restarted enabled=yes - with_items: "{{ services | union(services_noarch) }}" diff --git a/deploy/adapters/ansible/roles/cinder-controller/tasks/cinder_config.yml b/deploy/adapters/ansible/roles/cinder-controller/tasks/cinder_config.yml deleted file mode 100644 index 12af52f1..00000000 --- a/deploy/adapters/ansible/roles/cinder-controller/tasks/cinder_config.yml +++ /dev/null @@ -1,18 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: upload cinder conf - template: src=cinder.conf dest=/etc/cinder/cinder.conf - -- name: sync cinder db - shell: su -s /bin/sh -c 'cinder-manage db sync' cinder - ignore_errors: true - changed_when: true - notify: - - restart cinder control serveice diff --git a/deploy/adapters/ansible/roles/cinder-controller/tasks/cinder_install.yml b/deploy/adapters/ansible/roles/cinder-controller/tasks/cinder_install.yml deleted file mode 100644 index 0a0d57f3..00000000 --- a/deploy/adapters/ansible/roles/cinder-controller/tasks/cinder_install.yml +++ /dev/null @@ -1,34 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: disable auto start - copy: - content: "#!/bin/sh\nexit 101" - dest: "/usr/sbin/policy-rc.d" - mode: 0755 - when: ansible_os_family == "Debian" - -- name: install cinder packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: "{{ packages | union(packages_noarch) }}" - -- name: enable auto start - file: - path=/usr/sbin/policy-rc.d - state=absent - when: ansible_os_family == "Debian" - -- name: generate common cinder service list - lineinfile: dest=/opt/service create=yes line='{{ item }}' - with_items: "{{ services | union(services_noarch) }}" - -- name: upload cinder conf - template: src=cinder.conf dest=/etc/cinder/cinder.conf - notify: - - restart cinder control serveice diff --git a/deploy/adapters/ansible/roles/cinder-controller/tasks/main.yml b/deploy/adapters/ansible/roles/cinder-controller/tasks/main.yml deleted file mode 100644 index c719ca28..00000000 --- a/deploy/adapters/ansible/roles/cinder-controller/tasks/main.yml +++ /dev/null @@ -1,25 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - -- include: cinder_install.yml - tags: - - install - - cinder-install - - cinder - -- include: cinder_config.yml - when: inventory_hostname == groups['controller'][0] - tags: - - config - - cinder-config - - cinder - -- meta: flush_handlers diff --git a/deploy/adapters/ansible/roles/cinder-controller/templates/api-paste.ini b/deploy/adapters/ansible/roles/cinder-controller/templates/api-paste.ini deleted file mode 100644 index 0eb04e29..00000000 --- a/deploy/adapters/ansible/roles/cinder-controller/templates/api-paste.ini +++ /dev/null @@ -1,71 +0,0 @@ -############# -# OpenStack # -############# - -[composite:osapi_volume] -use = call:cinder.api:root_app_factory -/: apiversions -/v1: openstack_volume_api_v1 -/v2: openstack_volume_api_v2 - -[composite:openstack_volume_api_v1] -use = call:cinder.api.middleware.auth:pipeline_factory -noauth = request_id faultwrap sizelimit osprofiler noauth apiv1 -keystone = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1 -keystone_nolimit = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1 - -[composite:openstack_volume_api_v2] -use = call:cinder.api.middleware.auth:pipeline_factory -noauth = request_id faultwrap sizelimit osprofiler noauth apiv2 -keystone = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2 -keystone_nolimit = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2 - -[filter:request_id] -paste.filter_factory = cinder.openstack.common.middleware.request_id:RequestIdMiddleware.factory - -[filter:faultwrap] -paste.filter_factory = cinder.api.middleware.fault:FaultWrapper.factory - -[filter:osprofiler] -paste.filter_factory = osprofiler.web:WsgiMiddleware.factory -hmac_keys = SECRET_KEY -enabled = yes - -[filter:noauth] -paste.filter_factory = cinder.api.middleware.auth:NoAuthMiddleware.factory - -[filter:sizelimit] -paste.filter_factory = cinder.api.middleware.sizelimit:RequestBodySizeLimiter.factory - -[app:apiv1] -paste.app_factory = cinder.api.v1.router:APIRouter.factory - -[app:apiv2] -paste.app_factory = cinder.api.v2.router:APIRouter.factory - -[pipeline:apiversions] -pipeline = faultwrap osvolumeversionapp - -[app:osvolumeversionapp] -paste.app_factory = cinder.api.versions:Versions.factory - -[filter:authtoken] -paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory -# auth_host = 127.0.0.1 -# auth_port = 35357 -# auth_protocol = http -auth_uri = http://{{ internal_vip.ip }}:5000/v2.0 -identity_uri = http://{{ internal_vip.ip }}:35357 -admin_tenant_name = service -admin_user = cinder -admin_password = {{ CINDER_PASS }} - -########## -# Shared # -########## - -[filter:keystonecontext] -paste.filter_factory = cinder.api.middleware.auth:CinderKeystoneContext.factory - -[filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory diff --git a/deploy/adapters/ansible/roles/cinder-controller/templates/cinder.conf b/deploy/adapters/ansible/roles/cinder-controller/templates/cinder.conf deleted file mode 100644 index 4ad2da2e..00000000 --- a/deploy/adapters/ansible/roles/cinder-controller/templates/cinder.conf +++ /dev/null @@ -1,86 +0,0 @@ -{% set memcached_servers = [] %} -{% for host in haproxy_hosts.values() %} -{% set _ = memcached_servers.append('%s:11211'% host) %} -{% endfor %} -{% set memcached_servers = memcached_servers|join(',') %} - -[DEFAULT] -rootwrap_config = /etc/cinder/rootwrap.conf -api_paste_confg = /etc/cinder/api-paste.ini -iscsi_helper = tgtadm -volume_name_template = volume-%s -volume_group = storage-volumes -verbose = {{ VERBOSE }} -debug = {{ DEBUG }} -auth_strategy = keystone -state_path = /var/lib/cinder -lock_path = /var/lock/cinder -notification_driver = cinder.openstack.common.notifier.rpc_notifier -volumes_dir = /var/lib/cinder/volumes -transport_url = rabbit://{{ RABBIT_USER }}:{{ RABBIT_PASS }}@{{ rabbit_host }} -log_file = /var/log/cinder/cinder.log - -control_exchange = cinder -rpc_backend = rabbit -my_ip = {{ storage_controller_host }} - -glance_host = {{ internal_vip.ip }} -glance_port = 9292 -api_rate_limit = False -storage_availability_zone = nova - -quota_volumes = 10 -quota_gigabytes = 1000 -quota_driver = cinder.quota.DbQuotaDriver - -osapi_volume_listen = {{ storage_controller_host }} -osapi_volume_listen_port = 8776 -osapi_volume_workers = {{ api_workers }} - -db_backend = sqlalchemy -volume_name_template = volume-%s -snapshot_name_template = snapshot-%s - -max_gigabytes = 10000 - -volume_clear = zero -volume_clear_size = 10 - -iscsi_ip_address = {{ storage_controller_host }} -iscsi_port = 3260 -iscsi_helper = tgtadm - -volumes_dir = /var/lib/cinder/volumes -volume_driver = cinder.volume.drivers.lvm.LVMISCSIDriver - -[database] -connection = mysql://cinder:{{ CINDER_DBPASS }}@{{ db_host }}/cinder -idle_timeout = 30 - -[keystone_authtoken] -auth_uri = http://{{ internal_vip.ip }}:5000 -auth_url = http://{{ internal_vip.ip }}:35357 -memcached_servers = {{ memcached_servers }} -auth_type = password -project_domain_name = default -user_domain_name = default -project_name = service -username = cinder -password = {{ CINDER_PASS }} - -identity_uri = http://{{ internal_vip.ip }}:35357 -admin_tenant_name = service -admin_user = cinder -admin_password = {{ CINDER_PASS }} - -[keymgr] -encryption_auth_url=http://{{ internal_vip.ip }}:5000/v3 - -[oslo_messaging_rabbit] -rabbit_host = {{ rabbit_host }} -rabbit_port = 5672 -rabbit_userid = {{ RABBIT_USER }} -rabbit_password = {{ RABBIT_PASS }} - -[oslo_concurrency] -lock_path = /var/lib/cinder/tmp diff --git a/deploy/adapters/ansible/roles/cinder-controller/vars/Debian.yml b/deploy/adapters/ansible/roles/cinder-controller/vars/Debian.yml deleted file mode 100644 index 801296b3..00000000 --- a/deploy/adapters/ansible/roles/cinder-controller/vars/Debian.yml +++ /dev/null @@ -1,17 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- - -packages: - - cinder-api - - cinder-scheduler - -services: - - cinder-api - - cinder-scheduler diff --git a/deploy/adapters/ansible/roles/cinder-controller/vars/RedHat.yml b/deploy/adapters/ansible/roles/cinder-controller/vars/RedHat.yml deleted file mode 100644 index e11bef97..00000000 --- a/deploy/adapters/ansible/roles/cinder-controller/vars/RedHat.yml +++ /dev/null @@ -1,16 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages: - - openstack-cinder - - python-oslo-db - -services: - - openstack-cinder-api - - openstack-cinder-scheduler diff --git a/deploy/adapters/ansible/roles/cinder-volume/handlers/main.yml b/deploy/adapters/ansible/roles/cinder-volume/handlers/main.yml deleted file mode 100644 index c7ec8d8e..00000000 --- a/deploy/adapters/ansible/roles/cinder-volume/handlers/main.yml +++ /dev/null @@ -1,12 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: restart cinder-volume services - service: name={{ item }} state=restarted enabled=yes - with_items: "{{ services | union(services_noarch) }}" diff --git a/deploy/adapters/ansible/roles/cinder-volume/tasks/main.yml b/deploy/adapters/ansible/roles/cinder-volume/tasks/main.yml deleted file mode 100644 index 5394b8e8..00000000 --- a/deploy/adapters/ansible/roles/cinder-volume/tasks/main.yml +++ /dev/null @@ -1,38 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - -- name: disable auto start - copy: - content: "#!/bin/sh\nexit 101" - dest: "/usr/sbin/policy-rc.d" - mode: 0755 - when: ansible_os_family == "Debian" - -- name: install cinder-volume and lvm2 packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: "{{ packages | union(packages_noarch) }}" - -- name: enable auto start - file: - path=/usr/sbin/policy-rc.d - state=absent - when: ansible_os_family == "Debian" - -- name: generate cinder volume service list - lineinfile: dest=/opt/service create=yes line='{{ item }}' - with_items: "{{ services | union(services_noarch) }}" - -- name: upload cinder-volume configuration - template: src=cinder.conf dest=/etc/cinder/cinder.conf backup=yes - notify: - - restart cinder-volume services - -- meta: flush_handlers diff --git a/deploy/adapters/ansible/roles/cinder-volume/templates/cinder.conf b/deploy/adapters/ansible/roles/cinder-volume/templates/cinder.conf deleted file mode 100644 index e7946b5c..00000000 --- a/deploy/adapters/ansible/roles/cinder-volume/templates/cinder.conf +++ /dev/null @@ -1,75 +0,0 @@ -[DEFAULT] -rootwrap_config = /etc/cinder/rootwrap.conf -api_paste_confg = /etc/cinder/api-paste.ini -iscsi_helper = tgtadm -volume_name_template = volume-%s -volume_group = storage-volumes -verbose = True -auth_strategy = keystone -state_path = /var/lib/cinder -lock_path = /var/lib/cinder/tmp -notification_driver=cinder.openstack.common.notifier.rpc_notifier -volumes_dir = /var/lib/cinder/volumes -transport_url = rabbit://{{ RABBIT_USER }}:{{ RABBIT_PASS }}@{{ rabbit_host }} -log_file=/var/log/cinder/cinder.log - -control_exchange = cinder -rpc_backend = rabbit -my_ip = {{ storage_controller_host }} - -glance_host = {{ internal_vip.ip }} -glance_port = 9292 -glance_api_servers = http://{{ internal_vip.ip }}:9292 -api_rate_limit = False -storage_availability_zone = nova - -quota_volumes = 10 -quota_gigabytes = 1000 -quota_driver = cinder.quota.DbQuotaDriver - -osapi_volume_listen = {{ storage_controller_host }} -osapi_volume_listen_port = 8776 - -db_backend = sqlalchemy -volume_name_template = volume-%s -snapshot_name_template = snapshot-%s - -max_gigabytes = 10000 - -volume_clear = zero -volume_clear_size = 10 - -iscsi_ip_address = {{ storage_controller_host }} -iscsi_port=3260 -iscsi_helper=tgtadm - -volumes_dir=/var/lib/cinder/volumes -volume_driver=cinder.volume.drivers.lvm.LVMISCSIDriver - -[database] -connection = mysql://cinder:{{ CINDER_DBPASS }}@{{ db_host }}/cinder -idle_timeout = 30 - -[keystone_authtoken] -auth_uri = http://{{ internal_vip.ip }}:5000 -auth_url = http://{{ internal_vip.ip }}:35357 -auth_type = password -project_domain_name = default -user_domain_name = default -project_name = service -username = cinder -password = {{ CINDER_PASS }} - -identity_uri = http://{{ internal_vip.ip }}:35357 -admin_tenant_name = service -admin_user = cinder -admin_password = {{ CINDER_PASS }} - -[lvm] -volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver -volume_group = cinder-volumes -iscsi_protocol = iscsi -iscsi_helper = tgtadm - -[oslo_concurrency] -lock_path = /var/lib/cinder/tmp diff --git a/deploy/adapters/ansible/roles/cinder-volume/vars/Debian.yml b/deploy/adapters/ansible/roles/cinder-volume/vars/Debian.yml deleted file mode 100644 index d95b779c..00000000 --- a/deploy/adapters/ansible/roles/cinder-volume/vars/Debian.yml +++ /dev/null @@ -1,14 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages: - - cinder-volume - -services: - - cinder-volume diff --git a/deploy/adapters/ansible/roles/cinder-volume/vars/RedHat.yml b/deploy/adapters/ansible/roles/cinder-volume/vars/RedHat.yml deleted file mode 100644 index 6d596f4b..00000000 --- a/deploy/adapters/ansible/roles/cinder-volume/vars/RedHat.yml +++ /dev/null @@ -1,19 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages: - - openstack-cinder - - targetcli - - python-oslo-db - - MySQL-python - - lvm2 - -services: - - openstack-cinder-volume - - lvm2-lvmetad diff --git a/deploy/adapters/ansible/roles/common/tasks/main.yml b/deploy/adapters/ansible/roles/common/tasks/main.yml deleted file mode 100644 index 69fc1d49..00000000 --- a/deploy/adapters/ansible/roles/common/tasks/main.yml +++ /dev/null @@ -1,101 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - -- name: speed up ansible by purging landscape-common - apt: pkg=landscape-common state=absent purge=yes - when: ansible_os_family == "Debian" - -- name: update hosts files to all hosts - template: src=hosts dest=/etc/hosts backup=yes - -- name: get compass-core hostname - local_action: shell hostname - register: name - -- name: get compass-core addr - shell: awk -F'=' '/compass_server/ {print $2}' /etc/compass.conf - register: COMPASS_SERVER - -- name: add yum repository for openstack - template: src=openstack_ppa_repo.repo.j2 dest=/etc/yum.repos.d/openstack_ppa_repo.repo - when: ansible_os_family == "RedHat" - -- name: update compass-core name and ip to hosts files - shell: | - echo "# compass" >> /etc/hosts; - echo {{ COMPASS_SERVER.stdout_lines[0] }} {{ name.stdout_lines[0] }} \ - >> /etc/hosts; - -- name: install python-crypto - yum: name=python-crypto state=present - register: python_crypto_result - ignore_errors: "yes" - when: ansible_os_family == "RedHat" - -- name: remove python crypt egg file to work-around - shell: rm -rf /usr/lib64/python2.7/site-packages/pycrypto-2.6.1-py2.7.egg-info - when: ansible_os_family == "RedHat" - and python_crypto_result.msg | match("Error unpack.*crypto-2.6.1-9.*") - -- name: install packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=latest update_cache=yes" - with_items: "{{ packages | union(packages_noarch) }}" - -- name: make config template dir exist - file: path=/opt/os_templates state=directory mode=0755 - -- name: create pip config directory - file: path=~/.pip state=directory - -- name: update pip.conf - template: src=pip.conf dest=~/.pip/{{ pip_conf }} - -- name: upgrade pip - pip: name=pip state=latest - -- name: install pip packages - pip: name={{ item }} state=present extra_args='--pre' - with_items: "{{ pip_packages }}" - -- name: install keyczar for accelerate - pip: name=python-keyczar state=present extra_args='--pre' - delegate_to: 127.0.0.1 - run_once: true - -- name: update ntp conf - template: src=ntp.conf dest=/etc/ntp.conf backup=yes - -- name: use ntpdate once for initial sync time - shell: ntpdate {{ ntp_server }} - ignore_errors: "True" - -- name: sync sys clock to hard clock - shell: hwclock --systohc - ignore_errors: "True" - -- name: create fireball keys dir - file: path=~/.fireball.keys state=directory mode=0700 - delegate_to: 127.0.0.1 - run_once: true - -- name: restart services - service: name={{ item }} state=restarted enabled=yes - with_items: "{{ services| union(services_noarch) }}" - -- name: write services to monitor list - lineinfile: dest=/opt/service create=yes line='{{ item }}' - with_items: "{{ services| union(services_noarch) }}" - -- name: kill daemon for accelerate - shell: lsof -ni :5099|grep LISTEN|awk '{print $2}'|xargs kill -9 - ignore_errors: true - -- meta: flush_handlers diff --git a/deploy/adapters/ansible/roles/common/templates/ntp.conf b/deploy/adapters/ansible/roles/common/templates/ntp.conf deleted file mode 100644 index 2d560be2..00000000 --- a/deploy/adapters/ansible/roles/common/templates/ntp.conf +++ /dev/null @@ -1,54 +0,0 @@ -# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help - -driftfile /var/lib/ntp/ntp.drift - - -# Enable this if you want statistics to be logged. -#statsdir /var/log/ntpstats/ - -statistics loopstats peerstats clockstats -filegen loopstats file loopstats type day enable -filegen peerstats file peerstats type day enable -filegen clockstats file clockstats type day enable - -# Specify one or more NTP servers. - -# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board -# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for -# more information. -server {{ ntp_server }} -server {{ internal_vip.ip }} - -# Use local server as a fallback. -server 127.127.1.0 # local clock -fudge 127.127.1.0 stratum 10 - -# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for -# details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions> -# might also be helpful. -# -# Note that "restrict" applies to both servers and clients, so a configuration -# that might be intended to block requests from certain clients could also end -# up blocking replies from your own upstream servers. - -# By default, exchange time with everybody, but don't allow configuration. -restrict -4 default kod notrap nomodify -restrict -6 default kod notrap nomodify - -# Local users may interrogate the ntp server more closely. -restrict 127.0.0.1 -restrict ::1 - -# Clients from this (example!) subnet have unlimited access, but only if -# cryptographically authenticated. -#restrict 192.168.123.0 mask 255.255.255.0 notrust - - -# If you want to provide time to your local subnet, change the next line. -# (Again, the address is an example only.) -#broadcast 192.168.123.255 - -# If you want to listen to time broadcasts on your local subnet, de-comment the -# next lines. Please do this only if you trust everybody on the network! -#disable auth -#broadcastclient diff --git a/deploy/adapters/ansible/roles/common/templates/openstack_ppa_repo.repo.j2 b/deploy/adapters/ansible/roles/common/templates/openstack_ppa_repo.repo.j2 deleted file mode 100644 index bc95ef45..00000000 --- a/deploy/adapters/ansible/roles/common/templates/openstack_ppa_repo.repo.j2 +++ /dev/null @@ -1,7 +0,0 @@ -[openstack_ppa_repo] -name=openstack - openstack_repo -proxy=_none_ -baseurl=http://{{ COMPASS_SERVER.stdout_lines[0] }}/cblr/repo_mirror/centos7-newton-ppa -enabled=1 -gpgcheck=0 -skip_if_unavailable=1 diff --git a/deploy/adapters/ansible/roles/common/templates/pip.conf b/deploy/adapters/ansible/roles/common/templates/pip.conf deleted file mode 100644 index 59981258..00000000 --- a/deploy/adapters/ansible/roles/common/templates/pip.conf +++ /dev/null @@ -1,5 +0,0 @@ -[global] -find-links = http://{{ COMPASS_SERVER.stdout_lines[0] }}/pip-openstack -no-index = true -[install] -trusted-host={{ COMPASS_SERVER.stdout_lines[0] }} diff --git a/deploy/adapters/ansible/roles/common/vars/Debian.yml b/deploy/adapters/ansible/roles/common/vars/Debian.yml deleted file mode 100644 index ed11bdd6..00000000 --- a/deploy/adapters/ansible/roles/common/vars/Debian.yml +++ /dev/null @@ -1,28 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages: - - ubuntu-cloud-keyring - - python-dev - - openvswitch-switch - - openvswitch-switch-dpdk - - python-memcache - - python-iniparse - - python-lxml - - python-crypto - -pip_packages: - - crudini - - python-keyczar - - yang2tosca - -pip_conf: pip.conf - -services: - - ntp diff --git a/deploy/adapters/ansible/roles/common/vars/RedHat.yml b/deploy/adapters/ansible/roles/common/vars/RedHat.yml deleted file mode 100644 index 0697fec7..00000000 --- a/deploy/adapters/ansible/roles/common/vars/RedHat.yml +++ /dev/null @@ -1,32 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages: - - openvswitch - - python-devel - - python-memcached - - gcc - - redhat-lsb-core - - python-crypto - - wget - - yum-plugin-priorities - - vim - - lsof - - strace - - net-tools - -pip_packages: - - crudini - - python-keyczar - -pip_conf: pip.conf - -services: - - openvswitch - - ntpd diff --git a/deploy/adapters/ansible/roles/compute-recovery/tasks/main.yml b/deploy/adapters/ansible/roles/compute-recovery/tasks/main.yml deleted file mode 100644 index 23b4a948..00000000 --- a/deploy/adapters/ansible/roles/compute-recovery/tasks/main.yml +++ /dev/null @@ -1,25 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: Register RECOVERY - set_fact: RECOVERY_ENV={{RECOVERY_ENV | default('False')}} - tags: - - recovery - -- include_vars: "{{ ansible_os_family }}.yml" - when: RECOVERY_ENV - tags: - - recovery - -- name: restart compute services - service: name={{ item }} state=restarted enabled=yes - with_items: "{{ compute_services | union(compute_services_noarch) }}" - when: RECOVERY_ENV - tags: - - recovery diff --git a/deploy/adapters/ansible/roles/compute-recovery/vars/Debian.yml b/deploy/adapters/ansible/roles/compute-recovery/vars/Debian.yml deleted file mode 100644 index 4e843d03..00000000 --- a/deploy/adapters/ansible/roles/compute-recovery/vars/Debian.yml +++ /dev/null @@ -1,14 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -compute_services: - - nova-compute - - neutron-openvswitch-agent - - cinder-volume - - ceilometer-agent-compute diff --git a/deploy/adapters/ansible/roles/compute-recovery/vars/RedHat.yml b/deploy/adapters/ansible/roles/compute-recovery/vars/RedHat.yml deleted file mode 100644 index 7b9488f8..00000000 --- a/deploy/adapters/ansible/roles/compute-recovery/vars/RedHat.yml +++ /dev/null @@ -1,14 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -compute_services: - - openstack-nova-compute - - neutron-openvswitch-agent - - openstack-cinder-volume - - openstack-ceilometer-compute diff --git a/deploy/adapters/ansible/roles/compute-recovery/vars/main.yml b/deploy/adapters/ansible/roles/compute-recovery/vars/main.yml deleted file mode 100644 index c2c0d8ee..00000000 --- a/deploy/adapters/ansible/roles/compute-recovery/vars/main.yml +++ /dev/null @@ -1,10 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -compute_services_noarch: [] diff --git a/deploy/adapters/ansible/roles/ceph-openstack/tasks/ceph_openstack_post.yml b/deploy/adapters/ansible/roles/config-compute/handlers/main.yml index b7ec4a23..c565498f 100644 --- a/deploy/adapters/ansible/roles/ceph-openstack/tasks/ceph_openstack_post.yml +++ b/deploy/adapters/ansible/roles/config-compute/handlers/main.yml @@ -1,18 +1,14 @@ ############################################################################## ## Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -## ## All rights reserved. This program and the accompanying materials ## are made available under the terms of the Apache License, Version 2.0 ## which accompanies this distribution, and is available at ## http://www.apache.org/licenses/LICENSE-2.0 -############################################################################### +############################################################################## --- -- name: get mount info - command: mount - register: mount_info +- name: restart network service + shell: "/sbin/ifconfig eth0 0 &&/sbin/ifdown -a && \ + /sbin/ifup --ignore-errors -a" -- name: try unmount image nfs directory - shell: | - umount /var/lib/glance/images - sed -i '/\/var\/lib\/glance\/images/d' /etc/fstab - when: mount_info.stdout.find('images') != -1 +- name: restart nfs service + service: name=nfs-kernel-server state=restarted diff --git a/deploy/adapters/ansible/roles/config-compute/tasks/RedHat.yml b/deploy/adapters/ansible/roles/config-compute/tasks/RedHat.yml new file mode 100644 index 00000000..4c6d2465 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-compute/tasks/RedHat.yml @@ -0,0 +1,105 @@ +############################################################################## +# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: make nfs dircetory + file: "dest=/images mode=0777 state=directory" + +- name: configure service + shell: "echo 'nfs 2049/tcp' >> /etc/services; \ + echo 'nfs 2049/udp' >> /etc/services" + +# yamllint disable rule:line-length +- name: generate ifcfg-if.vxlan + template: + src: ifcfg-if.vxlan + dest: /etc/sysconfig/network-scripts/ifcfg-{{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}} + +- name: generate ifcfg-if.storage + template: + src: ifcfg-if.storage + dest: /etc/sysconfig/network-scripts/ifcfg-{{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} + +- name: add br-vlan to interface script + lineinfile: + dest: /etc/sysconfig/network-scripts/ifcfg-{{ network_cfg["provider_net_mappings"][0]["interface"] }} + line: "BRIDGE=br-vlan" + +- name: remove eth0 ip addresss + lineinfile: + dest: /etc/sysconfig/network-scripts/ifcfg-eth0 + regexp: "^IPADDR=*" + state: absent + +- name: remove eth0 netmask + lineinfile: + dest: /etc/sysconfig/network-scripts/ifcfg-eth0 + regexp: "^NETMASK=*" + state: absent + +- name: add br-mgmt to eth0 script + lineinfile: + dest: /etc/sysconfig/network-scripts/ifcfg-eth0 + line: "BRIDGE=br-mgmt" + +- name: add br-vlan to interface script + lineinfile: + dest: /etc/sysconfig/network-scripts/ifcfg-{{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} + line: "BRIDGE=br-storage" + +- name: add br-vxlan to interface script + lineinfile: + dest: /etc/sysconfig/network-scripts/ifcfg-{{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}} + line: "BRIDGE=br-vxlan" +# yamllint enable rule:line-length + +- name: generate ifcfg-br-mgmt script + template: + src: ifcfg-br-mgmt + dest: /etc/sysconfig/network-scripts/ + +- name: generate ifcfg-br-vlan script + template: + src: ifcfg-br-vlan + dest: /etc/sysconfig/network-scripts/ + +- name: generate ifcfg-br-storage script + template: + src: ifcfg-br-storage + dest: /etc/sysconfig/network-scripts/ + +- name: generate ifcfg-br-vxlan script + template: + src: ifcfg-br-vxlan + dest: /etc/sysconfig/network-scripts/ + +- name: restart the network + shell: systemctl restart network + +- name: Install apt packages + yum: + pkg: "{{item}}" + state: "present" + with_items: + - nfs-utils + - rpcbind + +- name: configure NFS + template: + src: exports + dest: /etc/exports + +- name: exportfs + shell: exportfs -r + +- name: start nfs + shell: | + service rpcbind start; + service nfs start; + chkconfig rpcbind on; + chkconfig nfs on; diff --git a/deploy/adapters/ansible/roles/config-compute/tasks/Ubuntu.yml b/deploy/adapters/ansible/roles/config-compute/tasks/Ubuntu.yml new file mode 100644 index 00000000..6e6cae85 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-compute/tasks/Ubuntu.yml @@ -0,0 +1,54 @@ +############################################################################## +# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: configure network + template: + src: compute.j2 + dest: /etc/network/interfaces + notify: + - restart network service + +- meta: flush_handlers + +- name: check apt source + shell: "ping -c 2 {{ LOCAL_REPOSITORY_IP }} > /dev/null" + register: checkresult + ignore_errors: "true" + +- name: change sources list(apt) + template: + src: sources.list.lab + dest: /etc/apt/sources.list + when: checkresult.rc == 0 + +- name: change sources list(apt) + template: + src: sources.list.official + dest: /etc/apt/sources.list + when: checkresult.rc != 0 + +- name: Install apt packages + apt: + pkg: "nfs-kernel-server" + state: "present" + update_cache: "yes" + +- name: make nfs dircetory + file: "dest=/images mode=0777 state=directory" + +- name: configure service + shell: "echo 'nfs 2049/tcp' >> /etc/services; \ + echo 'nfs 2049/udp' >> /etc/services" + +- name: configure NFS + template: + src: exports + dest: /etc/exports + notify: + - restart nfs service diff --git a/deploy/adapters/ansible/roles/common/vars/main.yml b/deploy/adapters/ansible/roles/config-compute/tasks/main.yml index 713b6b5f..674c80cc 100644 --- a/deploy/adapters/ansible/roles/common/vars/main.yml +++ b/deploy/adapters/ansible/roles/config-compute/tasks/main.yml @@ -1,5 +1,5 @@ ############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others. # # All rights reserved. This program and the accompanying materials # are made available under the terms of the Apache License, Version 2.0 @@ -7,8 +7,8 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## --- -packages_noarch: - - python-pip - - ntp +- include: "{{ ansible_distribution }}.yml" + when: ansible_distribution == 'Ubuntu' -services_noarch: [] +- include: "{{ ansible_os_family }}.yml" + when: ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7' diff --git a/deploy/adapters/ansible/roles/config-compute/templates/compute.j2 b/deploy/adapters/ansible/roles/config-compute/templates/compute.j2 new file mode 100644 index 00000000..66c3297b --- /dev/null +++ b/deploy/adapters/ansible/roles/config-compute/templates/compute.j2 @@ -0,0 +1,81 @@ +# This file describes the network interfaces available on your system +# and how to activate them. For more information, see interfaces(5). + +# The loopback network interface +auto lo +iface lo inet loopback + + +# Physical interface +auto eth0 +iface eth0 inet manual + + +# OpenStack Networking VXLAN (tunnel/overlay) VLAN interface +auto {{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}} +iface {{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}} inet manual + vlan-raw-device {{sys_intf_mappings["mgmt"]["interface"]}} + +# Storage network VLAN interface (optional) +auto {{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} +iface {{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} inet manual + vlan-raw-device {{sys_intf_mappings["storage"]["interface"]}} + +# Container/Host management bridge +auto br-mgmt +iface br-mgmt inet static + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + bridge_ports eth0 + address {{host_info[inventory_hostname].MGMT_IP}} + netmask 255.255.255.0 + +# compute1 VXLAN (tunnel/overlay) bridge config +auto br-vxlan +iface br-vxlan inet static + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + bridge_ports {{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}} + address {{host_info[inventory_hostname].VXLAN_IP}} + netmask 255.255.252.0 + +# OpenStack Networking VLAN bridge +auto br-vlan +iface br-vlan inet static + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + bridge_ports {{ network_cfg["provider_net_mappings"][0]["interface"] }} + address {{ip_settings[inventory_hostname]["br-prv"]["ip"]}} + netmask 255.255.255.0 + gateway {{ip_settings[inventory_hostname]["br-prv"]["gw"]}} + offload-sg off + # Create veth pair, don't bomb if already exists + pre-up ip link add br-vlan-veth type veth peer name eth12 || true + # Set both ends UP + pre-up ip link set br-vlan-veth up + pre-up ip link set eth12 up + # Delete veth pair on DOWN + post-down ip link del br-vlan-veth || true + bridge_ports br-vlan-veth + +# Add an additional address to br-vlan +iface br-vlan inet static + # Flat network default gateway + # -- This needs to exist somewhere for network reachability + # -- from the router namespace for floating IP paths. + # -- Putting this here is primarily for tempest to work. + address {{host_info[inventory_hostname].VLAN_IP_SECOND}} + netmask 255.255.252.0 + +# compute storage bridge +auto br-storage +iface br-storage inet static + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + bridge_ports {{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} + address {{ip_settings[inventory_hostname]["storage"]["ip"]}} + netmask 255.255.252.0 diff --git a/deploy/adapters/ansible/roles/config-compute/templates/exports b/deploy/adapters/ansible/roles/config-compute/templates/exports new file mode 100644 index 00000000..c2749c85 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-compute/templates/exports @@ -0,0 +1,11 @@ +# /etc/exports: the access control list for filesystems which may be exported +# to NFS clients. See exports(5). +# +# Example for NFSv2 and NFSv3: +# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check) +# +# Example for NFSv4: +# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check) +# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check) +# +/images *(rw,sync,no_subtree_check,no_root_squash) diff --git a/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-br-mgmt b/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-br-mgmt new file mode 100644 index 00000000..7f1931c8 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-br-mgmt @@ -0,0 +1,7 @@ +DEVICE=br-mgmt +TYPE=Bridge +IPADDR={{host_info[inventory_hostname].MGMT_IP}} +PREFIX=24 +BOOTPROTO=none +ONBOOT=yes +DELAY=0 diff --git a/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-br-storage b/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-br-storage new file mode 100644 index 00000000..3c1db126 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-br-storage @@ -0,0 +1,8 @@ +DEVICE=br-storage +TYPE=Bridge +IPADDR={{ ip_settings[inventory_hostname]["storage"]["ip"] }} +NETMASK=255.255.255.0 +BOOTPROTO=none +DEFROUTE="no" +ONBOOT=yes +DELAY=0 diff --git a/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-br-vlan b/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-br-vlan new file mode 100644 index 00000000..4349a3f1 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-br-vlan @@ -0,0 +1,11 @@ +DEVICE=br-vlan +TYPE=Bridge +IPADDR={{ ip_settings[inventory_hostname]["br-prv"]["ip"] }} +PREFIX=24 +GATEWAY={{ ip_settings[inventory_hostname]["br-prv"]["gw"] }} +BOOTPROTO=none +ONBOOT=yes +DELAY=0 +DEFROUTE="yes" +DNS1=8.8.8.8 +DNS2=8.8.4.4 diff --git a/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-br-vxlan b/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-br-vxlan new file mode 100644 index 00000000..d2a0cb86 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-br-vxlan @@ -0,0 +1,8 @@ +DEVICE=br-vxlan +TYPE=Bridge +IPADDR={{host_info[inventory_hostname].VXLAN_IP}} +NETMASK=255.255.252.0 +BOOTPROTO=none +DEFROUTE="no" +ONBOOT=yes +DELAY=0 diff --git a/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-if.storage b/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-if.storage new file mode 100644 index 00000000..96afb1bd --- /dev/null +++ b/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-if.storage @@ -0,0 +1,4 @@ +DEVICE={{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} +BOOTPROTO=none +ONBOOT=yes +VLAN=yes diff --git a/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-if.vxlan b/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-if.vxlan new file mode 100644 index 00000000..9fb19b0c --- /dev/null +++ b/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-if.vxlan @@ -0,0 +1,4 @@ +DEVICE={{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}} +BOOTPROTO=none +ONBOOT=yes +VLAN=yes diff --git a/deploy/adapters/ansible/roles/config-compute/templates/sources.list.lab b/deploy/adapters/ansible/roles/config-compute/templates/sources.list.lab new file mode 100644 index 00000000..b1e00d05 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-compute/templates/sources.list.lab @@ -0,0 +1,7 @@ +deb [ arch=amd64 ] http://{{LOCAL_REPOSITORY_IP}}/ubuntu/ xenial main restricted universe multiverse +deb [ arch=amd64 ] http://{{LOCAL_REPOSITORY_IP}}/ubuntu/ xenial-security main restricted universe multiverse +deb [ arch=amd64 ] http://{{LOCAL_REPOSITORY_IP}}/ubuntu/ xenial-updates main restricted universe multiverse + +deb-src [ arch=amd64 ] http://{{LOCAL_REPOSITORY_IP}}/ubuntu/ xenial main restricted universe multiverse +deb-src [ arch=amd64 ] http://{{LOCAL_REPOSITORY_IP}}/ubuntu/ xenial-security main restricted universe multiverse +deb-src [ arch=amd64 ] http://{{LOCAL_REPOSITORY_IP}}/ubuntu/ xenial-updates main restricted universe multiverse diff --git a/deploy/adapters/ansible/roles/config-compute/templates/sources.list.official b/deploy/adapters/ansible/roles/config-compute/templates/sources.list.official new file mode 100644 index 00000000..799e4b58 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-compute/templates/sources.list.official @@ -0,0 +1,36 @@ +# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to +# newer versions of the distribution. + +deb http://archive.ubuntu.com/ubuntu/ xenial main restricted +deb-src http://archive.ubuntu.com/ubuntu/ xenial main restricted + +## Major bug fix updates produced after the final release of the +## distribution. +deb http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted +deb-src http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted + +## Uncomment the following two lines to add software from the 'universe' +## repository. +## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu +## team. Also, please note that software in universe WILL NOT receive any +## review or updates from the Ubuntu security team. +deb http://archive.ubuntu.com/ubuntu/ xenial universe +deb-src http://archive.ubuntu.com/ubuntu/ xenial universe +deb http://archive.ubuntu.com/ubuntu/ xenial-updates universe +deb-src http://archive.ubuntu.com/ubuntu/ xenial-updates universe + +## N.B. software from this repository may not have been tested as +## extensively as that contained in the main release, although it includes +## newer versions of some applications which may provide useful features. +## Also, please note that software in backports WILL NOT receive any review +## or updates from the Ubuntu security team. +# deb http://archive.ubuntu.com/ubuntu/ xenial-backports main restricted +# deb-src http://archive.ubuntu.com/ubuntu/ xenial-backports main restricted + +deb http://archive.ubuntu.com/ubuntu/ xenial-security main restricted +deb-src http://archive.ubuntu.com/ubuntu/ xenial-security main restricted +deb http://archive.ubuntu.com/ubuntu/ xenial-security universe +deb-src http://archive.ubuntu.com/ubuntu/ xenial-security universe +# deb http://archive.ubuntu.com/ubuntu/ xenial-security multiverse +# deb-src http://archive.ubuntu.com/ubuntu/ xenial-security multiverse + diff --git a/deploy/adapters/ansible/roles/config-compute/vars/main.yml b/deploy/adapters/ansible/roles/config-compute/vars/main.yml new file mode 100644 index 00000000..783ea0d0 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-compute/vars/main.yml @@ -0,0 +1,10 @@ +# ############################################################################# +# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +# ############################################################################# +--- +LOCAL_REPOSITORY_IP: "192.168.137.222" diff --git a/deploy/adapters/ansible/roles/congress/tasks/congress_start.yml b/deploy/adapters/ansible/roles/config-controller/handlers/main.yml index 1d7d5e52..3d979e6a 100755..100644 --- a/deploy/adapters/ansible/roles/congress/tasks/congress_start.yml +++ b/deploy/adapters/ansible/roles/config-controller/handlers/main.yml @@ -1,12 +1,11 @@ ############################################################################## ## Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -## ## All rights reserved. This program and the accompanying materials ## are made available under the terms of the Apache License, Version 2.0 ## which accompanies this distribution, and is available at ## http://www.apache.org/licenses/LICENSE-2.0 -############################################################################### +############################################################################## --- -- name: start congress services - service: name={{ item }} state=started enabled=yes - with_items: "{{ services | union(services_noarch) }}" +- name: restart network service + shell: "/sbin/ifconfig eth0 0 &&/sbin/ifdown -a && \ + /sbin/ifup --ignore-errors -a" diff --git a/deploy/adapters/ansible/roles/config-controller/tasks/RedHat.yml b/deploy/adapters/ansible/roles/config-controller/tasks/RedHat.yml new file mode 100644 index 00000000..728dc559 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-controller/tasks/RedHat.yml @@ -0,0 +1,75 @@ +############################################################################## +# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +# yamllint disable rule:line-length +- name: generate vxlan vlan ifcfg-if script + template: + src: ifcfg-if.vxlan + dest: /etc/sysconfig/network-scripts/ifcfg-{{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}} + +- name: generate storage vlan ifcfg-if script + template: + src: ifcfg-if.storage + dest: /etc/sysconfig/network-scripts/ifcfg-{{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} + +- name: add br-vlan to interface script + lineinfile: + dest: /etc/sysconfig/network-scripts/ifcfg-{{ network_cfg["provider_net_mappings"][0]["interface"] }} + line: "BRIDGE=br-vlan" + +- name: add br-storage to interface script + lineinfile: + dest: /etc/sysconfig/network-scripts/ifcfg-{{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} + line: "BRIDGE=br-storage" + +- name: add br-vxlan to interface script + lineinfile: + dest: /etc/sysconfig/network-scripts/ifcfg-{{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}} + line: "BRIDGE=br-vxlan" +# yamllint enable rule:line-length + +- name: remove eth0 ip addresss + lineinfile: + dest: /etc/sysconfig/network-scripts/ifcfg-eth0 + regexp: "^IPADDR=*" + state: absent + +- name: remove eth0 netmask + lineinfile: + dest: /etc/sysconfig/network-scripts/ifcfg-eth0 + regexp: "^NETMASK=*" + state: absent + +- name: add br-mgmt to eth0 script + lineinfile: + dest: /etc/sysconfig/network-scripts/ifcfg-eth0 + line: "BRIDGE=br-mgmt" + +- name: generate ifcfg-br-mgmt script + template: + src: ifcfg-br-mgmt + dest: /etc/sysconfig/network-scripts/ + +- name: generate ifcfg-br-vlan script + template: + src: ifcfg-br-vlan + dest: /etc/sysconfig/network-scripts/ + +- name: generate ifcfg-br-storag script + template: + src: ifcfg-br-storage + dest: /etc/sysconfig/network-scripts/ + +- name: generate ifcfg-br-vxlan script + template: + src: ifcfg-br-vxlan + dest: /etc/sysconfig/network-scripts/ + +- name: restart the network + shell: systemctl restart network diff --git a/deploy/adapters/ansible/roles/config-controller/tasks/Ubuntu.yml b/deploy/adapters/ansible/roles/config-controller/tasks/Ubuntu.yml new file mode 100644 index 00000000..e3b467cf --- /dev/null +++ b/deploy/adapters/ansible/roles/config-controller/tasks/Ubuntu.yml @@ -0,0 +1,34 @@ +############################################################################## +# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: configure controller network + template: + src: controller.j2 + dest: /etc/network/interfaces + notify: + - restart network service + +- meta: flush_handlers + +- name: check apt source + shell: "ping -c 2 {{LOCAL_REPOSITORY_IP}} > /dev/null" + register: checkresult + ignore_errors: "true" + +- name: change sources list(apt) + template: + src: sources.list.lab + dest: /etc/apt/sources.list + when: checkresult.rc == 0 + +- name: change sources list(apt) + template: + src: sources.list.official + dest: /etc/apt/sources.list + when: checkresult.rc != 0 diff --git a/deploy/adapters/ansible/roles/config-controller/tasks/main.yml b/deploy/adapters/ansible/roles/config-controller/tasks/main.yml new file mode 100644 index 00000000..674c80cc --- /dev/null +++ b/deploy/adapters/ansible/roles/config-controller/tasks/main.yml @@ -0,0 +1,14 @@ +############################################################################## +# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- include: "{{ ansible_distribution }}.yml" + when: ansible_distribution == 'Ubuntu' + +- include: "{{ ansible_os_family }}.yml" + when: ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7' diff --git a/deploy/adapters/ansible/roles/config-controller/templates/controller.j2 b/deploy/adapters/ansible/roles/config-controller/templates/controller.j2 new file mode 100755 index 00000000..215807f0 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-controller/templates/controller.j2 @@ -0,0 +1,65 @@ +# This file describes the network interfaces available on your system +# and how to activate them. For more information, see interfaces(5). + +# The loopback network interface +auto lo +iface lo inet loopback + +# Physical interface +auto eth0 +iface eth0 inet manual + +# OpenStack Networking VXLAN (tunnel/overlay) VLAN interface +auto {{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}} +iface {{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}} inet manual + vlan-raw-device {{sys_intf_mappings["mgmt"]["interface"]}} + +# Storage network VLAN interface (optional) +auto {{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} +iface {{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} inet manual + vlan-raw-device {{sys_intf_mappings["storage"]["interface"]}} + +# Container/Host management bridge +auto br-mgmt +iface br-mgmt inet static + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + bridge_ports eth0 + address {{host_info[inventory_hostname].MGMT_IP}} + netmask 255.255.255.0 + +# OpenStack Networking VXLAN (tunnel/overlay) bridge +# +# Only the COMPUTE and NETWORK nodes must have an IP address +# on this bridge. When used by infrastructure nodes, the +# IP addresses are assigned to containers which use this +# bridge. +# +auto br-vxlan +iface br-vxlan inet manual + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + bridge_ports {{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}} + +# OpenStack Networking VLAN bridge +auto br-vlan +iface br-vlan inet static + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + bridge_ports {{ network_cfg["provider_net_mappings"][0]["interface"] }} + address {{ ip_settings[inventory_hostname]["br-prv"]["ip"] }} + netmask 255.255.255.0 + gateway {{ ip_settings[inventory_hostname]["br-prv"]["gw"] }} + +# compute1 Storage bridge +auto br-storage +iface br-storage inet static + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + bridge_ports {{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} + address {{ ip_settings[inventory_hostname]["storage"]["ip"] }} + netmask 255.255.252.0 diff --git a/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-br-mgmt b/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-br-mgmt new file mode 100644 index 00000000..7f1931c8 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-br-mgmt @@ -0,0 +1,7 @@ +DEVICE=br-mgmt +TYPE=Bridge +IPADDR={{host_info[inventory_hostname].MGMT_IP}} +PREFIX=24 +BOOTPROTO=none +ONBOOT=yes +DELAY=0 diff --git a/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-br-storage b/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-br-storage new file mode 100644 index 00000000..3c1db126 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-br-storage @@ -0,0 +1,8 @@ +DEVICE=br-storage +TYPE=Bridge +IPADDR={{ ip_settings[inventory_hostname]["storage"]["ip"] }} +NETMASK=255.255.255.0 +BOOTPROTO=none +DEFROUTE="no" +ONBOOT=yes +DELAY=0 diff --git a/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-br-vlan b/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-br-vlan new file mode 100644 index 00000000..7dd7165b --- /dev/null +++ b/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-br-vlan @@ -0,0 +1,11 @@ +DEVICE=br-vlan +TYPE=Bridge +IPADDR={{ ip_settings[inventory_hostname]["br-prv"]["ip"] }} +PREFIX=24 +BOOTPROTO=none +ONBOOT=yes +DELAY=0 +DEFROUTE="yes" +GATEWAY={{ ip_settings[inventory_hostname]["br-prv"]["gw"] }} +DNS1=8.8.8.8 +DNS2=8.8.4.4 diff --git a/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-br-vxlan b/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-br-vxlan new file mode 100644 index 00000000..d672919c --- /dev/null +++ b/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-br-vxlan @@ -0,0 +1,6 @@ +DEVICE=br-vxlan +TYPE=Bridge +BOOTPROTO=none +DEFROUTE="no" +ONBOOT=yes +DELAY=0 diff --git a/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-if.storage b/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-if.storage new file mode 100644 index 00000000..96afb1bd --- /dev/null +++ b/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-if.storage @@ -0,0 +1,4 @@ +DEVICE={{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} +BOOTPROTO=none +ONBOOT=yes +VLAN=yes diff --git a/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-if.vxlan b/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-if.vxlan new file mode 100644 index 00000000..9fb19b0c --- /dev/null +++ b/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-if.vxlan @@ -0,0 +1,4 @@ +DEVICE={{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}} +BOOTPROTO=none +ONBOOT=yes +VLAN=yes diff --git a/deploy/adapters/ansible/roles/config-controller/templates/sources.list.lab b/deploy/adapters/ansible/roles/config-controller/templates/sources.list.lab new file mode 100644 index 00000000..b1e00d05 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-controller/templates/sources.list.lab @@ -0,0 +1,7 @@ +deb [ arch=amd64 ] http://{{LOCAL_REPOSITORY_IP}}/ubuntu/ xenial main restricted universe multiverse +deb [ arch=amd64 ] http://{{LOCAL_REPOSITORY_IP}}/ubuntu/ xenial-security main restricted universe multiverse +deb [ arch=amd64 ] http://{{LOCAL_REPOSITORY_IP}}/ubuntu/ xenial-updates main restricted universe multiverse + +deb-src [ arch=amd64 ] http://{{LOCAL_REPOSITORY_IP}}/ubuntu/ xenial main restricted universe multiverse +deb-src [ arch=amd64 ] http://{{LOCAL_REPOSITORY_IP}}/ubuntu/ xenial-security main restricted universe multiverse +deb-src [ arch=amd64 ] http://{{LOCAL_REPOSITORY_IP}}/ubuntu/ xenial-updates main restricted universe multiverse diff --git a/deploy/adapters/ansible/roles/config-controller/templates/sources.list.official b/deploy/adapters/ansible/roles/config-controller/templates/sources.list.official new file mode 100644 index 00000000..799e4b58 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-controller/templates/sources.list.official @@ -0,0 +1,36 @@ +# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to +# newer versions of the distribution. + +deb http://archive.ubuntu.com/ubuntu/ xenial main restricted +deb-src http://archive.ubuntu.com/ubuntu/ xenial main restricted + +## Major bug fix updates produced after the final release of the +## distribution. +deb http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted +deb-src http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted + +## Uncomment the following two lines to add software from the 'universe' +## repository. +## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu +## team. Also, please note that software in universe WILL NOT receive any +## review or updates from the Ubuntu security team. +deb http://archive.ubuntu.com/ubuntu/ xenial universe +deb-src http://archive.ubuntu.com/ubuntu/ xenial universe +deb http://archive.ubuntu.com/ubuntu/ xenial-updates universe +deb-src http://archive.ubuntu.com/ubuntu/ xenial-updates universe + +## N.B. software from this repository may not have been tested as +## extensively as that contained in the main release, although it includes +## newer versions of some applications which may provide useful features. +## Also, please note that software in backports WILL NOT receive any review +## or updates from the Ubuntu security team. +# deb http://archive.ubuntu.com/ubuntu/ xenial-backports main restricted +# deb-src http://archive.ubuntu.com/ubuntu/ xenial-backports main restricted + +deb http://archive.ubuntu.com/ubuntu/ xenial-security main restricted +deb-src http://archive.ubuntu.com/ubuntu/ xenial-security main restricted +deb http://archive.ubuntu.com/ubuntu/ xenial-security universe +deb-src http://archive.ubuntu.com/ubuntu/ xenial-security universe +# deb http://archive.ubuntu.com/ubuntu/ xenial-security multiverse +# deb-src http://archive.ubuntu.com/ubuntu/ xenial-security multiverse + diff --git a/deploy/adapters/ansible/roles/config-controller/vars/main.yml b/deploy/adapters/ansible/roles/config-controller/vars/main.yml new file mode 100644 index 00000000..783ea0d0 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-controller/vars/main.yml @@ -0,0 +1,10 @@ +# ############################################################################# +# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +# ############################################################################# +--- +LOCAL_REPOSITORY_IP: "192.168.137.222" diff --git a/deploy/adapters/ansible/roles/config-osa/files/cinder.yml b/deploy/adapters/ansible/roles/config-osa/files/cinder.yml new file mode 100755 index 00000000..3a39935a --- /dev/null +++ b/deploy/adapters/ansible/roles/config-osa/files/cinder.yml @@ -0,0 +1,13 @@ +--- +# This file contains an example to show how to set +# the cinder-volume service to run in a container. +# +# Important note: +# When using LVM or any iSCSI-based cinder backends, such as NetApp with +# iSCSI protocol, the cinder-volume service *must* run on metal. +# Reference: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1226855 + +container_skel: + cinder_volumes_container: + properties: + is_metal: true diff --git a/deploy/adapters/ansible/roles/config-osa/files/fetch-files.yml b/deploy/adapters/ansible/roles/config-osa/files/fetch-files.yml new file mode 100644 index 00000000..346ef2fd --- /dev/null +++ b/deploy/adapters/ansible/roles/config-osa/files/fetch-files.yml @@ -0,0 +1,28 @@ +# ############################################################################# +# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +# ############################################################################# +--- +- name: Fetch openrc + hosts: utility_all[0] + max_fail_percentage: 20 + user: root + tasks: + - fetch: + src: /root/openrc + dest: /opt/openrc + flat: "yes" + +- name: Fetch haproxy.cert + hosts: haproxy_hosts[0] + max_fail_percentage: 20 + user: root + tasks: + - fetch: + src: /etc/ssl/certs/haproxy.cert + dest: /opt/os_cacert + flat: "yes" diff --git a/deploy/adapters/ansible/roles/openstack-post/tasks/main.yml b/deploy/adapters/ansible/roles/config-osa/files/os-flavor/tasks/main.yml index 882f4884..03b57120 100644 --- a/deploy/adapters/ansible/roles/openstack-post/tasks/main.yml +++ b/deploy/adapters/ansible/roles/config-osa/files/os-flavor/tasks/main.yml @@ -7,14 +7,11 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## --- + - name: create openstack flavors - os_nova_flavor: - cloud: opnfv - state: present - flavorid: "{{ item.id }}" - name: "{{ item.name }}" - vcpus: "{{ item.vcpus }}" - ram: "{{ item.ram }}" - disk: "{{ item.disk }}" + shell: | + . /root/openrc; + openstack flavor create {{ item.name }} \ + --id {{ item.id }} --ram {{ item.ram }} \ + --disk {{ item.disk }} --vcpus {{ item.vcpus }} || true with_items: "{{ flavors }}" - when: inventory_hostname == groups['controller'][0] diff --git a/deploy/adapters/ansible/roles/openstack-post/vars/main.yml b/deploy/adapters/ansible/roles/config-osa/files/os-flavor/vars/main.yml index d9c36d42..d9c36d42 100644 --- a/deploy/adapters/ansible/roles/openstack-post/vars/main.yml +++ b/deploy/adapters/ansible/roles/config-osa/files/os-flavor/vars/main.yml diff --git a/deploy/adapters/ansible/roles/config-osa/files/setup-ovs.yml b/deploy/adapters/ansible/roles/config-osa/files/setup-ovs.yml new file mode 100644 index 00000000..9f65cd5d --- /dev/null +++ b/deploy/adapters/ansible/roles/config-osa/files/setup-ovs.yml @@ -0,0 +1,65 @@ +# ############################################################################# +# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +# ############################################################################# +--- +- name: Installation and setup of Neutron + hosts: neutron_openvswitch_agent + gather_facts: "{{ gather_facts | default(True) }}" + max_fail_percentage: 20 + user: root + tasks: + - name: stop neutron-openvswitch-agent + service: + name: neutron-openvswitch-agent + state: stopped + + # yamllint disable rule:line-length + - name: change the openvswitch_agent.ini + lineinfile: + dest: /etc/neutron/plugins/ml2/openvswitch_agent.ini + insertafter: '^bridge_mappings' + line: "local_ip = {{ hostvars[inventory_hostname]['container_networks']['tunnel_address']['address'] }}" + when: + - inventory_hostname not in groups['nova_compute'] + + - name: change the openvswitch_agent.ini + lineinfile: + dest: /etc/neutron/plugins/ml2/openvswitch_agent.ini + regexp: '^bridge_mappings' + insertafter: '^bridge_mappings' + line: "local_ip = {{hostvars[inventory_hostname]['ansible_br_vxlan']['ipv4']['address']}}" + notify: + - Restart neutron-openvswitch-agent + when: + - inventory_hostname in groups['nova_compute'] + # yamllint enable rule:line-length + + - name: Setup br-provider + openvswitch_bridge: + bridge: br-provider + state: present + notify: + - Restart neutron-openvswitch-agent + when: + - inventory_hostname not in groups['nova_compute'] + + - name: Add port to br-provider + openvswitch_port: + bridge: br-provider + port: "eth12" + state: present + notify: + - Restart neutron-openvswitch-agent + when: + - inventory_hostname not in groups['nova_compute'] + + handlers: + - name: Restart neutron-openvswitch-agent + service: + name: neutron-openvswitch-agent + state: restarted diff --git a/deploy/adapters/ansible/roles/config-osa/tasks/main.yml b/deploy/adapters/ansible/roles/config-osa/tasks/main.yml new file mode 100644 index 00000000..b1b32f77 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-osa/tasks/main.yml @@ -0,0 +1,79 @@ +# ############################################################################# +# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +# ############################################################################# +--- +- name: create osa log directory + file: + path: /var/log/osa/ + state: directory + +- name: disable kernel update in rt_kvm scenario + lineinfile: + dest: /etc/ansible/roles/openstack_hosts/vars/ubuntu-16.04.yml + state: absent + regexp: 'linux-image-extra-*' + when: rt_kvm is defined and rt_kvm == "Enable" + +- name: copy openstack_user_config + template: + src: openstack_user_config.yml.j2 + dest: /etc/openstack_deploy/openstack_user_config.yml + +- name: copy user_variables + template: + src: user_variables.yml.j2 + dest: /etc/openstack_deploy/user_variables.yml + +- name: check apt source + shell: "ping -c 2 {{ LOCAL_REPOSITORY_IP }} > /dev/null" + register: checkresult + ignore_errors: "true" + +- name: add mariadb local repository + blockinfile: + dest: /etc/openstack_deploy/user_variables.yml + block: | + galera_client_apt_repo_url: "http://192.168.137.222/mariadb" + galera_repo_url: "[ arch=amd64 ] http://192.168.137.222/mariadb" + uca_apt_repo_url: "[ arch=amd64 ] http://192.168.137.222/ubuntu-cloud" + when: checkresult.rc == 0 + +- name: copy cinder.yml + copy: + src: cinder.yml + dest: /etc/openstack_deploy/env.d/cinder.yml + +- name: copy ansible.cfg + template: + src: ansible.cfg + dest: /opt/openstack-ansible/playbooks/ + +- name: copy setup-ovs.yml + copy: + src: setup-ovs.yml + dest: /opt/openstack-ansible/playbooks + +- name: copy flavor roles + copy: + src: os-flavor + dest: /etc/ansible/roles/ + +- name: generate create-network.yml + template: + src: create-network.yml.j2 + dest: /opt/openstack-ansible/playbooks/create-network.yml + +- name: generate create-flavor.yml + template: + src: create-flavor.yml.j2 + dest: /opt/openstack-ansible/playbooks/create-flavor.yml + +- name: copy fetch-files.yml + copy: + src: fetch-files.yml + dest: /opt/openstack-ansible/playbooks/fetch-files.yml diff --git a/deploy/adapters/ansible/roles/config-osa/templates/ansible.cfg b/deploy/adapters/ansible/roles/config-osa/templates/ansible.cfg new file mode 100644 index 00000000..41502fbf --- /dev/null +++ b/deploy/adapters/ansible/roles/config-osa/templates/ansible.cfg @@ -0,0 +1,3 @@ +[ssh_connection] +retries = 5 +scp_if_ssh = True diff --git a/deploy/adapters/ansible/roles/apache/vars/RedHat.yml b/deploy/adapters/ansible/roles/config-osa/templates/create-flavor.yml.j2 index 5211a12f..b33cd414 100755..100644 --- a/deploy/adapters/ansible/roles/apache/vars/RedHat.yml +++ b/deploy/adapters/ansible/roles/config-osa/templates/create-flavor.yml.j2 @@ -7,11 +7,9 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## --- -packages: - - mod_wsgi - - httpd - -services: - - httpd - -apache_config_dir: /etc/httpd/conf.d +- name: Create flavor + hosts: utility_container[0] + max_fail_percentage: 20 + user: root + roles: + - os-flavor diff --git a/deploy/adapters/ansible/roles/config-osa/templates/create-network.yml.j2 b/deploy/adapters/ansible/roles/config-osa/templates/create-network.yml.j2 new file mode 100644 index 00000000..301bf9da --- /dev/null +++ b/deploy/adapters/ansible/roles/config-osa/templates/create-network.yml.j2 @@ -0,0 +1,41 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: Create external network + hosts: utility_container[0] + max_fail_percentage: 20 + user: root + tasks: + - name: create external net + shell: | + . /root/openrc; + openstack network create --external \ + --provider-physical-network {{ public_net_info.provider_network }} \ + --provider-network-type {{ public_net_info.type }} {{ public_net_info.network }}; + when: {{ public_net_info.enable }} == True + and "{{ public_net_info.type }}" == "flat" + + - name: create external net + shell: | + . /root/openrc; + openstack network create --external \ + --network-segment {{ public_net_info.segment_id }} \ + --provider-network-type {{ public_net_info.type }} {{ public_net_info.network }}; + when: {{public_net_info.enable}} == True + and "{{ public_net_info.type }}" != "flat" + + - name: create external subnet + shell: | + . /root/openrc; + openstack subnet create --network "{{ public_net_info.network }}" \ + --allocation-pool \ + start={{ public_net_info.floating_ip_start }},end={{ public_net_info.floating_ip_end }} \ + --gateway "{{ public_net_info.external_gw }}" \ + --subnet-range "{{ public_net_info.floating_ip_cidr }}" \ + "{{ public_net_info.subnet }}" diff --git a/deploy/adapters/ansible/roles/config-osa/templates/openstack_user_config.yml.j2 b/deploy/adapters/ansible/roles/config-osa/templates/openstack_user_config.yml.j2 new file mode 100644 index 00000000..2a24113b --- /dev/null +++ b/deploy/adapters/ansible/roles/config-osa/templates/openstack_user_config.yml.j2 @@ -0,0 +1,232 @@ +--- +cidr_networks: + container: 10.1.0.0/24 + tunnel: 172.29.240.0/22 + storage: 172.16.2.0/24 + +used_ips: + - "10.1.0.1,10.1.0.55" + - "10.1.0.100,10.1.0.110" + - "172.29.240.1,172.29.240.50" + - "172.16.2.1,172.16.2.50" + - "172.29.248.1,172.29.248.50" + +global_overrides: + internal_lb_vip_address: 10.1.0.22 + external_lb_vip_address: {{ public_vip.ip }} + tunnel_bridge: "br-vxlan" + management_bridge: "br-mgmt" + provider_networks: + - network: + container_bridge: "br-mgmt" + container_type: "veth" + container_interface: "eth1" + ip_from_q: "container" + type: "raw" + group_binds: + - all_containers + - hosts + is_container_address: true + is_ssh_address: true + - network: + container_bridge: "br-vxlan" + container_type: "veth" + container_interface: "eth10" + ip_from_q: "tunnel" + type: "vxlan" + range: "1:1000" + net_name: "vxlan" + group_binds: +{% if "linuxbridge" == NEUTRON_MECHANISM_DRIVERS[0] %} + - neutron_linuxbridge_agent +{% else %} + - neutron_openvswitch_agent +{% endif %} + - network: + container_bridge: "br-vlan" + container_type: "veth" + container_interface: "eth12" + host_bind_override: "eth12" + type: "flat" + net_name: "{{ public_net_info.provider_network }}" + group_binds: +{% if "linuxbridge" == NEUTRON_MECHANISM_DRIVERS[0] %} + - neutron_linuxbridge_agent +{% else %} + - neutron_openvswitch_agent +{% endif %} + - network: + container_bridge: "br-vlan" + container_type: "veth" + container_interface: "eth11" + type: "vlan" + range: "1:1" + net_name: "vlan" + group_binds: +{% if "linuxbridge" == NEUTRON_MECHANISM_DRIVERS[0] %} + - neutron_linuxbridge_agent +{% else %} + - neutron_openvswitch_agent +{% endif %} + - network: + container_bridge: "br-storage" + container_type: "veth" + container_interface: "eth2" + ip_from_q: "storage" + type: "raw" + group_binds: + - glance_api + - cinder_api + - cinder_volume + - nova_compute + +### +### Infrastructure +### + +# galera, memcache, rabbitmq, utility +shared-infra_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# repository (apt cache, python packages, etc) +repo-infra_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# load balancer +# Ideally the load balancer should not use the Infrastructure hosts. +# Dedicated hardware is best for improved performance and security. +haproxy_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# rsyslog server +#log_hosts: + # log1: + # ip: 10.1.0.53 + +### +### OpenStack +### + +# keystone +identity_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# cinder api services +storage-infra_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# glance +# The settings here are repeated for each infra host. +# They could instead be applied as global settings in +# user_variables, but are left here to illustrate that +# each container could have different storage targets. +image_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} + container_vars: + limit_container_types: glance + glance_nfs_client: + - server: "{{ip_settings[groups.compute[0]]['storage']['ip']}}" + remote_path: "/images" + local_path: "/var/lib/glance/images" + type: "nfs" + options: "_netdev,auto" +{% endfor %} + +# nova api, conductor, etc services +compute-infra_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# heat +orchestration_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# horizon +dashboard_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# neutron server, agents (L3, etc) +network_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# ceilometer (telemetry API) +metering-infra_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# aodh (telemetry alarm service) +metering-alarm_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# gnocchi (telemetry metrics storage) +metrics_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# nova hypervisors +compute_hosts: +{% for host in groups.compute%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# ceilometer compute agent (telemetry) +metering-compute_hosts: +{% for host in groups.compute%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# cinder volume hosts (NFS-backed) +# The settings here are repeated for each infra host. +# They could instead be applied as global settings in +# user_variables, but are left here to illustrate that +# each container could have different storage targets. +storage_hosts: +{% for host in groups.compute%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} + container_vars: + cinder_backends: + limit_container_types: cinder_volume + lvm: + volume_group: cinder-volumes + volume_driver: cinder.volume.drivers.lvm.LVMVolumeDriver + volume_backend_name: LVM_iSCSI + iscsi_ip_address: "{{ip_settings[host]['storage']['ip']}}" +{% endfor %} diff --git a/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2 b/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2 new file mode 100644 index 00000000..7f29d5fe --- /dev/null +++ b/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2 @@ -0,0 +1,47 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# ## +# ## This file contains commonly used overrides for convenience. Please inspect +# ## the defaults for each role to find additional override options. +# ## + +# # Debug and Verbose options. +debug: false + +haproxy_keepalived_external_vip_cidr: "{{ public_vip.ip }}/32" +haproxy_keepalived_internal_vip_cidr: "10.1.0.22/32" +haproxy_keepalived_external_interface: br-vlan +haproxy_keepalived_internal_interface: br-mgmt +keepalived_ping_address: "{{ ntp_server }}" + +{% if "openvswitch" == NEUTRON_MECHANISM_DRIVERS[0] or + "opendaylight" == NEUTRON_MECHANISM_DRIVERS[0] +%} +openstack_host_specific_kernel_modules: + - name: "openvswitch" + pattern: "CONFIG_OPENVSWITCH=" + group: "network_hosts" + +neutron_plugin_type: ml2.ovs + +neutron_ml2_drivers_type: "local,flat,vlan,vxlan" + +neutron_provider_networks: + network_flat_networks: "*" + network_types: "vxlan" + network_vxlan_ranges: "1:1000" + network_mappings: "physnet:br-provider" +{% endif %} diff --git a/deploy/adapters/ansible/roles/config-osa/vars/main.yml b/deploy/adapters/ansible/roles/config-osa/vars/main.yml new file mode 100644 index 00000000..783ea0d0 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-osa/vars/main.yml @@ -0,0 +1,10 @@ +# ############################################################################# +# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +# ############################################################################# +--- +LOCAL_REPOSITORY_IP: "192.168.137.222" diff --git a/deploy/adapters/ansible/roles/congress/handlers/main.yml b/deploy/adapters/ansible/roles/congress/handlers/main.yml deleted file mode 100755 index b4ea8e90..00000000 --- a/deploy/adapters/ansible/roles/congress/handlers/main.yml +++ /dev/null @@ -1,12 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: restart congress services - service: name={{ item }} state=restarted enabled=yes - with_items: "{{ services | union(services_noarch) }}" diff --git a/deploy/adapters/ansible/roles/congress/tasks/congress_database.yml b/deploy/adapters/ansible/roles/congress/tasks/congress_database.yml deleted file mode 100755 index 009e3488..00000000 --- a/deploy/adapters/ansible/roles/congress/tasks/congress_database.yml +++ /dev/null @@ -1,34 +0,0 @@ -############################################################################# -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: create congress db - mysql_db: - login_unix_socket: /var/run/mysqld/mysqld.sock - name: "{{ item.db }}" - state: present - with_items: "{{ congress_database }}" - -- name: create congress db user - mysql_user: - login_unix_socket: /var/run/mysqld/mysqld.sock - name: "{{ item[0].user }}" - password: "{{ item[0].password }}" - priv: "*.*:ALL,GRANT" - host: "{{ item[1] }}" - state: present - with_nested: - - "{{ congress_database }}" - - ['%', 'localhost'] - -- name: congress db sync - shell: | - "{{ congress_path }}"/congress-db-manage \ - --config-file /etc/congress/congress.conf upgrade head - notify: - - restart congress services diff --git a/deploy/adapters/ansible/roles/congress/tasks/congress_install.yml b/deploy/adapters/ansible/roles/congress/tasks/congress_install.yml deleted file mode 100755 index 40d5d78e..00000000 --- a/deploy/adapters/ansible/roles/congress/tasks/congress_install.yml +++ /dev/null @@ -1,39 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: install congress packages - pip: name={{ item }} state=present - with_items: "{{ pip_packages | union(packages_noarch) }}" - -- name: create congress etc directory - file: path=/etc/congress state=directory - -- name: update congress conf - template: src={{ item }} dest=/etc/congress/{{ item }} - backup=yes - with_items: - - congress.conf - - api-paste.ini - - policy.json - notify: - - restart congress services - -- name: create congress service - template: src=congress.service dest=/lib/systemd/system/ - notify: - - restart congress services - -- name: create congress service work dir - file: path=/var/lib/congress state=directory - -- name: link the congress service - file: - src: /lib/systemd/system/congress.service - dest: /etc/systemd/system/multi-user.target.wants/congress.service - state: link diff --git a/deploy/adapters/ansible/roles/congress/tasks/congress_keystone.yml b/deploy/adapters/ansible/roles/congress/tasks/congress_keystone.yml deleted file mode 100755 index b7f00b88..00000000 --- a/deploy/adapters/ansible/roles/congress/tasks/congress_keystone.yml +++ /dev/null @@ -1,70 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################### ---- -- name: add service - os_keystone_service: - cloud: opnfv - name: "{{ item.name }}" - description: "{{ item.description }}" - service_type: "{{ item.type }}" - with_items: "{{ congress_service }}" - -- name: add user - os_user: - cloud: opnfv - domain: default - name: "{{ item.user }}" - password: "{{ item.password }}" - default_project: "{{ item.tenant }}" - email: "{{ item.email }}" - with_items: "{{ congress_user }}" - -- name: grant roles - os_user_role: - cloud: opnfv - user: "{{ item.user }}" - role: "{{ item.role }}" - project: "{{ item.tenant }}" - with_items: "{{ congress_user }}" - -- name: create admin url for service's endpoint - keystone_endpoint: - cloud: opnfv - endpoint_type: admin - name: "{{ item.name }}" - service_type: "{{ item.type }}" - state: present - interface: admin - region: "{{ item.region}}" - url: "{{ item.adminurl }}" - with_items: "{{ congress_service }}" - -- name: create internal url for service's endpoint - keystone_endpoint: - cloud: opnfv - endpoint_type: admin - name: "{{ item.name }}" - service_type: "{{ item.type }}" - state: present - interface: internal - region: "{{ item.region}}" - url: "{{ item.internalurl }}" - with_items: "{{ congress_service }}" - -- name: create public url for service'e endpoint - keystone_endpoint: - cloud: opnfv - endpoint_type: admin - name: "{{ item.name }}" - service_type: "{{ item.type }}" - state: present - interface: public - region: "{{ item.region}}" - url: "{{ item.publicurl }}" - with_items: "{{ congress_service }}" diff --git a/deploy/adapters/ansible/roles/congress/tasks/main.yml b/deploy/adapters/ansible/roles/congress/tasks/main.yml deleted file mode 100755 index 6aad108f..00000000 --- a/deploy/adapters/ansible/roles/congress/tasks/main.yml +++ /dev/null @@ -1,39 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - tags: - - install - - start - -- include: congress_install.yml - tags: - - install - -- include: congress_keystone.yml - when: - - inventory_hostname == haproxy_hosts.keys()[0] - tags: - - keystone - -- include: congress_database.yml - when: - - inventory_hostname == haproxy_hosts.keys()[0] - tags: - - database - -- include: congress_start.yml - tags: - - start - -- meta: flush_handlers - tags: - - install - - keystone - - database diff --git a/deploy/adapters/ansible/roles/congress/templates/api-paste.ini b/deploy/adapters/ansible/roles/congress/templates/api-paste.ini deleted file mode 100755 index 39be570b..00000000 --- a/deploy/adapters/ansible/roles/congress/templates/api-paste.ini +++ /dev/null @@ -1,34 +0,0 @@ -[composite:congress] -use = egg:Paste#urlmap -/: congressversions -/v1: congress_api_v1 - -[pipeline:congressversions] -pipeline = cors catch_errors congressversionapp - -[app:congressversionapp] -paste.app_factory = congress.api.versions:Versions.factory - -[composite:congress_api_v1] -use = call:congress.auth:pipeline_factory -keystone = cors request_id catch_errors authtoken keystonecontext congress_api -noauth = cors request_id catch_errors congress_api - -[app:congress_api] -paste.app_factory = congress.service:congress_app_factory - -[filter:request_id] -paste.filter_factory = oslo_middleware:RequestId.factory - -[filter:catch_errors] -paste.filter_factory = oslo_middleware:CatchErrors.factory - -[filter:keystonecontext] -paste.filter_factory = congress.auth:CongressKeystoneContext.factory - -[filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory - -[filter:cors] -paste.filter_factory = oslo_middleware.cors:filter_factory -oslo_config_project = congress diff --git a/deploy/adapters/ansible/roles/congress/templates/congress.conf b/deploy/adapters/ansible/roles/congress/templates/congress.conf deleted file mode 100755 index 0305b418..00000000 --- a/deploy/adapters/ansible/roles/congress/templates/congress.conf +++ /dev/null @@ -1,510 +0,0 @@ -{% set memcached_servers = [] %} -{% set rabbitmq_servers = [] %} -{% for host in haproxy_hosts.values() %} -{% set _ = memcached_servers.append('%s:11211'% host) %} -{% set _ = rabbitmq_servers.append('%s:5672'% host) %} -{% endfor %} -{% set memcached_servers = memcached_servers|join(',') %} -{% set rabbitmq_servers = rabbitmq_servers|join(',') %} -[DEFAULT] - -# -# From congress -# -# The host IP to bind to (string tmq_serversvalue) -bind_host = {{ internal_ip }} - -# The port to bind to (port value) -# Minimum value: 0 -# Maximum value: 65535 -bind_port = 1789 - -# Thread pool size for eventlet. (integer value) -#max_simultaneous_requests = 1024 - -# Set this to true to enable TCP_KEEALIVE socket option on connections received -# by the API server. (boolean value) -#tcp_keepalive = false - -# Sets the value of TCP_KEEPIDLE in seconds for each server socket. Only -# applies if tcp_keepalive is true. Not supported on OS X. (integer value) -#tcp_keepidle = 600 - -# The path to the latest policy dump (string value) -policy_path = /etc/congress/policy.json - -# The file containing datasource configuration (string value) -#datasource_file = <None> - -# The absolute path to the congress repo (string value) -#root_path = <None> - -# The number of worker processes to serve the congress API application. -# (integer value) -#api_workers = 1 - -# The API paste config file to use (string value) -#api_paste_config = api-paste.ini - -# The type of authentication to use (string value) -auth_strategy = keystone - -# List of driver class paths to import. (list value) -drivers = congress.datasources.neutronv2_driver.NeutronV2Driver,congress.datasources.glancev2_driver.GlanceV2Driver,congress.datasources.nova_driver.NovaDriver,congress.datasources.keystone_driver.KeystoneDriver,congress.datasources.ceilometer_driver.CeilometerDriver,congress.datasources.cinder_driver.CinderDriver,congress.datasources.swift_driver.SwiftDriver,congress.datasources.plexxi_driver.PlexxiDriver,congress.datasources.vCenter_driver.VCenterDriver,congress.datasources.cloudfoundryv2_driver.CloudFoundryV2Driver,congress.datasources.murano_driver.MuranoDriver,congress.datasources.ironic_driver.IronicDriver - - -# The number of seconds to wait between synchronizing datasource config from -# the database (integer value) -#datasource_sync_period = 0 - -# Sets the flag to False if you don't want the congress to execute actions. -# (boolean value) -#enable_execute_action = true - -# The flag to use congress new distributed architecture.Don't set it to True in -# L release since the new architecture is under implementation. (boolean value) -#distributed_architecture = false - -# Explicitly specify the temporary working directory (string value) -#tempdir = <None> - -# Make exception message format errors fatal (boolean value) -#fatal_exception_format_errors = false - -# -# From oslo.log -# - -# If set to true, the logging level will be set to DEBUG instead of the default -# INFO level. (boolean value) -# Note: This option can be changed without restarting. -debug = True - -# DEPRECATED: If set to false, the logging level will be set to WARNING instead -# of the default INFO level. (boolean value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -#verbose = true - -# The name of a logging configuration file. This file is appended to any -# existing logging configuration files. For details about logging configuration -# files, see the Python logging module documentation. Note that when logging -# configuration files are used then all logging configuration is set in the -# configuration file and other logging configuration options are ignored (for -# example, logging_context_format_string). (string value) -# Note: This option can be changed without restarting. -# Deprecated group/name - [DEFAULT]/log_config -#log_config_append = <None> - -# Defines the format string for %%(asctime)s in log records. Default: -# %(default)s . This option is ignored if log_config_append is set. (string -# value) -#log_date_format = %Y-%m-%d %H:%M:%S - -# (Optional) Name of log file to send logging output to. If no default is set, -# logging will go to stderr as defined by use_stderr. This option is ignored if -# log_config_append is set. (string value) -# Deprecated group/name - [DEFAULT]/logfile -log_file = congress.log - -# (Optional) The base directory used for relative log_file paths. This option -# is ignored if log_config_append is set. (string value) -# Deprecated group/name - [DEFAULT]/logdir -log_dir = /var/log/congress - -# Uses logging handler designed to watch file system. When log file is moved or -# removed this handler will open a new log file with specified path -# instantaneously. It makes sense only if log_file option is specified and -# Linux platform is used. This option is ignored if log_config_append is set. -# (boolean value) -#watch_log_file = false - -# Use syslog for logging. Existing syslog format is DEPRECATED and will be -# changed later to honor RFC5424. This option is ignored if log_config_append -# is set. (boolean value) -#use_syslog = false - -# Syslog facility to receive log lines. This option is ignored if -# log_config_append is set. (string value) -#syslog_log_facility = LOG_USER - -# Log output to standard error. This option is ignored if log_config_append is -# set. (boolean value) -#use_stderr = true - -# Format string to use for log messages with context. (string value) -#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages when context is undefined. (string -# value) -#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Additional data to append to log message when logging level for the message -# is DEBUG. (string value) -#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format. (string value) -#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s - -# Defines the format string for %(user_identity)s that is used in -# logging_context_format_string. (string value) -#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s - -# List of package logging levels in logger=LEVEL pairs. This option is ignored -# if log_config_append is set. (list value) -#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO - -# Enables or disables publication of error events. (boolean value) -#publish_errors = false - -# The format for an instance that is passed with the log message. (string -# value) -#instance_format = "[instance: %(uuid)s] " - -# The format for an instance UUID that is passed with the log message. (string -# value) -#instance_uuid_format = "[instance: %(uuid)s] " - -# Enables or disables fatal status of deprecations. (boolean value) -#fatal_deprecations = false - - -[cors] - -# -# From oslo.middleware.cors -# - -# Indicate whether this resource may be shared with the domain received in the -# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing -# slash. Example: https://horizon.example.com (list value) -#allowed_origin = <None> - -# Indicate that the actual request can include user credentials (boolean value) -#allow_credentials = true - -# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple -# Headers. (list value) -#expose_headers = X-Auth-Token,X-OpenStack-Request-ID,X-Subject-Token,X-Service-Token - -# Maximum cache age of CORS preflight requests. (integer value) -#max_age = 3600 - -# Indicate which methods can be used during the actual request. (list value) -#allow_methods = GET,PUT,POST,DELETE,PATCH - -# Indicate which header field names may be used during the actual request. -# (list value) -#allow_headers = X-Auth-Token,X-OpenStack-Request-ID,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id - - -[cors.subdomain] - -# -# From oslo.middleware.cors -# - -# Indicate whether this resource may be shared with the domain received in the -# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing -# slash. Example: https://horizon.example.com (list value) -#allowed_origin = <None> - -# Indicate that the actual request can include user credentials (boolean value) -#allow_credentials = true - -# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple -# Headers. (list value) -#expose_headers = X-Auth-Token,X-OpenStack-Request-ID,X-Subject-Token,X-Service-Token - -# Maximum cache age of CORS preflight requests. (integer value) -#max_age = 3600 - -# Indicate which methods can be used during the actual request. (list value) -#allow_methods = GET,PUT,POST,DELETE,PATCH - -# Indicate which header field names may be used during the actual request. -# (list value) -#allow_headers = X-Auth-Token,X-OpenStack-Request-ID,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id - - -[database] - -# -# From oslo.db -# - -# DEPRECATED: The file name to use with SQLite. (string value) -# Deprecated group/name - [DEFAULT]/sqlite_db -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Should use config option connection or slave_connection to connect -# the database. -#sqlite_db = oslo.sqlite - -# If True, SQLite uses synchronous mode. (boolean value) -# Deprecated group/name - [DEFAULT]/sqlite_synchronous -#sqlite_synchronous = true - -# The back end to use for the database. (string value) -# Deprecated group/name - [DEFAULT]/db_backend -#backend = sqlalchemy - -# The SQLAlchemy connection string to use to connect to the database. (string -# value) -# Deprecated group/name - [DEFAULT]/sql_connection -# Deprecated group/name - [DATABASE]/sql_connection -# Deprecated group/name - [sql]/connection -connection = mysql+pymysql://congress:{{ CONGRESS_DBPASS }}@{{ db_host }}/congress - -# The SQLAlchemy connection string to use to connect to the slave database. -# (string value) -#slave_connection = <None> - -# The SQL mode to be used for MySQL sessions. This option, including the -# default, overrides any server-set SQL mode. To use whatever SQL mode is set -# by the server configuration, set this to no value. Example: mysql_sql_mode= -# (string value) -#mysql_sql_mode = TRADITIONAL - -# Timeout before idle SQL connections are reaped. (integer value) -# Deprecated group/name - [DEFAULT]/sql_idle_timeout -# Deprecated group/name - [DATABASE]/sql_idle_timeout -# Deprecated group/name - [sql]/idle_timeout -#idle_timeout = 3600 - -# Minimum number of SQL connections to keep open in a pool. (integer value) -# Deprecated group/name - [DEFAULT]/sql_min_pool_size -# Deprecated group/name - [DATABASE]/sql_min_pool_size -#min_pool_size = 1 - -# Maximum number of SQL connections to keep open in a pool. Setting a value of -# 0 indicates no limit. (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_pool_size -# Deprecated group/name - [DATABASE]/sql_max_pool_size -#max_pool_size = 5 - -# Maximum number of database connection retries during startup. Set to -1 to -# specify an infinite retry count. (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_retries -# Deprecated group/name - [DATABASE]/sql_max_retries -#max_retries = 10 - -# Interval between retries of opening a SQL connection. (integer value) -# Deprecated group/name - [DEFAULT]/sql_retry_interval -# Deprecated group/name - [DATABASE]/reconnect_interval -#retry_interval = 10 - -# If set, use this value for max_overflow with SQLAlchemy. (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_overflow -# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow -#max_overflow = 50 - -# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer -# value) -# Minimum value: 0 -# Maximum value: 100 -# Deprecated group/name - [DEFAULT]/sql_connection_debug -#connection_debug = 0 - -# Add Python stack traces to SQL as comment strings. (boolean value) -# Deprecated group/name - [DEFAULT]/sql_connection_trace -#connection_trace = false - -# If set, use this value for pool_timeout with SQLAlchemy. (integer value) -# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout -#pool_timeout = <None> - -# Enable the experimental use of database reconnect on connection lost. -# (boolean value) -#use_db_reconnect = false - -# Seconds between retries of a database transaction. (integer value) -#db_retry_interval = 1 - -# If True, increases the interval between retries of a database operation up to -# db_max_retry_interval. (boolean value) -#db_inc_retry_interval = true - -# If db_inc_retry_interval is set, the maximum seconds between retries of a -# database operation. (integer value) -#db_max_retry_interval = 10 - -# Maximum retries in case of connection error or deadlock error before error is -# raised. Set to -1 to specify an infinite retry count. (integer value) -#db_max_retries = 20 - - -[keystone_authtoken] - -# -# From keystonemiddleware.auth_token -# - -# Complete "public" Identity API endpoint. This endpoint should not be an -# "admin" endpoint, as it should be accessible by all end users. -# Unauthenticated clients are redirected to this endpoint to authenticate. -# Although this endpoint should ideally be unversioned, client support in the -# wild varies. If you're using a versioned v2 endpoint here, then this should -# *not* be the same endpoint the service user utilizes for validating tokens, -# because normal end users may not be able to reach that endpoint. (string -# value) -auth_uri = http://{{ internal_vip.ip }}:5000 -auth_url = http://{{ internal_vip.ip }}:35357 -memcached_servers = {{ memcached_servers }} -project_name = service -password = {{ CONGRESS_PASS }} -username = congress -auth_type = password -# API version of the admin Identity API endpoint. (string value) - -# Do not handle authorization requests within the middleware, but delegate the -# authorization decision to downstream WSGI components. (boolean value) -#delay_auth_decision = false - -# Request timeout value for communicating with Identity API server. (integer -# value) -#http_connect_timeout = <None> - -# How many times are we trying to reconnect when communicating with Identity -# API Server. (integer value) -#http_request_max_retries = 3 - -# Request environment key where the Swift cache object is stored. When -# auth_token middleware is deployed with a Swift cache, use this option to have -# the middleware share a caching backend with swift. Otherwise, use the -# ``memcached_servers`` option instead. (string value) -#cache = <None> - -# Required if identity server requires client certificate (string value) -#certfile = <None> - -# Required if identity server requires client certificate (string value) -#keyfile = <None> - -# A PEM encoded Certificate Authority to use when verifying HTTPs connections. -# Defaults to system CAs. (string value) -#cafile = <None> - -# Verify HTTPS connections. (boolean value) -#insecure = false - -# The region in which the identity server can be found. (string value) -#region_name = <None> - -# Directory used to cache files related to PKI tokens. (string value) -#signing_dir = <None> - -# Optionally specify a list of memcached server(s) to use for caching. If left -# undefined, tokens will instead be cached in-process. (list value) -# Deprecated group/name - [keystone_authtoken]/memcache_servers -#memcached_servers = <None> - -# In order to prevent excessive effort spent validating tokens, the middleware -# caches previously-seen tokens for a configurable duration (in seconds). Set -# to -1 to disable caching completely. (integer value) -#token_cache_time = 300 - -# Determines the frequency at which the list of revoked tokens is retrieved -# from the Identity service (in seconds). A high number of revocation events -# combined with a low cache duration may significantly reduce performance. Only -# valid for PKI tokens. (integer value) -#revocation_cache_time = 10 - -# (Optional) If defined, indicate whether token data should be authenticated or -# authenticated and encrypted. If MAC, token data is authenticated (with HMAC) -# in the cache. If ENCRYPT, token data is encrypted and authenticated in the -# cache. If the value is not one of these options or empty, auth_token will -# raise an exception on initialization. (string value) -# Allowed values: None, MAC, ENCRYPT -#memcache_security_strategy = None - -# (Optional, mandatory if memcache_security_strategy is defined) This string is -# used for key derivation. (string value) -#memcache_secret_key = <None> - -# (Optional) Number of seconds memcached server is considered dead before it is -# tried again. (integer value) -#memcache_pool_dead_retry = 300 - -# (Optional) Maximum total number of open connections to every memcached -# server. (integer value) -#memcache_pool_maxsize = 10 - -# (Optional) Socket timeout in seconds for communicating with a memcached -# server. (integer value) -#memcache_pool_socket_timeout = 3 - -# (Optional) Number of seconds a connection to memcached is held unused in the -# pool before it is closed. (integer value) -#memcache_pool_unused_timeout = 60 - -# (Optional) Number of seconds that an operation will wait to get a memcached -# client connection from the pool. (integer value) -#memcache_pool_conn_get_timeout = 10 - -# (Optional) Use the advanced (eventlet safe) memcached client pool. The -# advanced pool will only work under python 2.x. (boolean value) -#memcache_use_advanced_pool = false - -# (Optional) Indicate whether to set the X-Service-Catalog header. If False, -# middleware will not ask for service catalog on token validation and will not -# set the X-Service-Catalog header. (boolean value) -#include_service_catalog = true - -# Used to control the use and type of token binding. Can be set to: "disabled" -# to not check token binding. "permissive" (default) to validate binding -# information if the bind type is of a form known to the server and ignore it -# if not. "strict" like "permissive" but if the bind type is unknown the token -# will be rejected. "required" any form of token binding is needed to be -# allowed. Finally the name of a binding method that must be present in tokens. -# (string value) -#enforce_token_bind = permissive - -# If true, the revocation list will be checked for cached tokens. This requires -# that PKI tokens are configured on the identity server. (boolean value) -#check_revocations_for_cached = false - -# Hash algorithms to use for hashing PKI tokens. This may be a single algorithm -# or multiple. The algorithms are those supported by Python standard -# hashlib.new(). The hashes will be tried in the order given, so put the -# preferred one first for performance. The result of the first hash will be -# stored in the cache. This will typically be set to multiple values only while -# migrating from a less secure algorithm to a more secure one. Once all the old -# tokens are expired this option should be set to a single value for better -# performance. (list value) -#hash_algorithms = md5 - -# Authentication type to load (string value) -# Deprecated group/name - [keystone_authtoken]/auth_plugin -#auth_type = <None> - -# Config Section from which to load plugin specific options (string value) -#auth_section = <None> - - -[oslo_policy] - -# -# From oslo.policy -# - -# The JSON file that defines policies. (string value) -# Deprecated group/name - [DEFAULT]/policy_file -#policy_file = policy.json - -# Default rule. Enforced when a requested rule is not found. (string value) -# Deprecated group/name - [DEFAULT]/policy_default_rule -#policy_default_rule = default - -# Directories where policy configuration files are stored. They can be relative -# to any directory in the search path defined by the config_dir option, or -# absolute paths. The file defined by policy_file must exist for these -# directories to be searched. Missing or empty directories are ignored. (multi -# valued) -# Deprecated group/name - [DEFAULT]/policy_dirs -#policy_dirs = policy.d - -[oslo_messaging_rabbit] -rabbit_userid = {{ RABBIT_USER }} -rabbit_password = {{ RABBIT_PASS }} -rabbit_hosts = {{ rabbitmq_servers }} diff --git a/deploy/adapters/ansible/roles/congress/templates/congress.service b/deploy/adapters/ansible/roles/congress/templates/congress.service deleted file mode 100755 index f92ee1b6..00000000 --- a/deploy/adapters/ansible/roles/congress/templates/congress.service +++ /dev/null @@ -1,19 +0,0 @@ -[Unit] -Description=OpenStack Congress server -After= - -[Service] -User=root -Group=root -Type=simple -WorkingDirectory=/var/lib/congress -PermissionsStartOnly=true -ExecStartPre=/bin/mkdir -p /var/lock/congress /var/log/congress /var/lib/congress -ExecStartPre=/usr/bin/touch /var/log/congress/congress.log -ExecStart={{ congress_path }}/congress-server --config-file /etc/congress/congress.conf -Restart=on-failure -LimitNOFILE=65535 -TimeoutStopSec=15 - -[Install] -WantedBy=multi-user.target diff --git a/deploy/adapters/ansible/roles/congress/templates/policy.json b/deploy/adapters/ansible/roles/congress/templates/policy.json deleted file mode 100755 index 4476051d..00000000 --- a/deploy/adapters/ansible/roles/congress/templates/policy.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "context_is_admin": "role:admin", - "admin_only": "rule:context_is_admin", - "regular_user": "", - "default": "rule:admin_only" -} diff --git a/deploy/adapters/ansible/roles/congress/vars/Debian.yml b/deploy/adapters/ansible/roles/congress/vars/Debian.yml deleted file mode 100755 index 1f0820c8..00000000 --- a/deploy/adapters/ansible/roles/congress/vars/Debian.yml +++ /dev/null @@ -1,18 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -pip_packages: - - congress - - python-congressclient - - python-cloudfoundryclient - -services: - - congress - -congress_path: /usr/local/bin diff --git a/deploy/adapters/ansible/roles/congress/vars/RedHat.yml b/deploy/adapters/ansible/roles/congress/vars/RedHat.yml deleted file mode 100755 index 0b5e9678..00000000 --- a/deploy/adapters/ansible/roles/congress/vars/RedHat.yml +++ /dev/null @@ -1,18 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -pip_packages: - - congress - - python-congressclient - - python-cloudfoundryclient - -services: - - congress - -congress_path: /usr/bin diff --git a/deploy/adapters/ansible/roles/congress/vars/main.yml b/deploy/adapters/ansible/roles/congress/vars/main.yml deleted file mode 100755 index 18c4c845..00000000 --- a/deploy/adapters/ansible/roles/congress/vars/main.yml +++ /dev/null @@ -1,34 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages_noarch: [] - -services_noarch: [] - -congress_service: - - name: congress - type: policy - region: RegionOne - description: "OpenStack Policy Service" - publicurl: "http://{{ public_vip.ip }}:1789" - internalurl: "http://{{ internal_vip.ip }}:1789" - adminurl: "http://{{ internal_vip.ip }}:1789" - -congress_user: - - user: congress - password: "{{ CONGRESS_PASS }}" - email: congress@admin.com - role: admin - tenant: service - tenant_description: "Service Tenant" - -congress_database: - - user: congress - db: congress - password: "{{ CONGRESS_DBPASS }}" diff --git a/deploy/adapters/ansible/roles/controller-recovery/tasks/main.yml b/deploy/adapters/ansible/roles/controller-recovery/tasks/main.yml deleted file mode 100644 index eb7c4309..00000000 --- a/deploy/adapters/ansible/roles/controller-recovery/tasks/main.yml +++ /dev/null @@ -1,25 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: Register RECOVERY - set_fact: RECOVERY_ENV={{RECOVERY_ENV | default('False')}} - tags: - - recovery - -- include_vars: "{{ ansible_os_family }}.yml" - when: RECOVERY_ENV - tags: - - recovery - -- name: restart controller services - service: name={{ item }} state=restarted enabled=yes - with_items: "{{ controller_services | union(controller_services_noarch) }}" - when: RECOVERY_ENV - tags: - - recovery diff --git a/deploy/adapters/ansible/roles/controller-recovery/vars/Debian.yml b/deploy/adapters/ansible/roles/controller-recovery/vars/Debian.yml deleted file mode 100644 index 730ce830..00000000 --- a/deploy/adapters/ansible/roles/controller-recovery/vars/Debian.yml +++ /dev/null @@ -1,40 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -controller_services: - - keepalived - - apache2 - - nova-api - - nova-cert - - nova-conductor - - nova-consoleauth - - nova-novncproxy - - nova-scheduler - - neutron-server - - cinder-api - - cinder-scheduler - - glance-registry - - glance-api - - openvswitch-switch - - neutron-openvswitch-agent - - neutron-l3-agent - - neutron-dhcp-agent - - neutron-metadata-agent - - ceilometer-agent-central - - ceilometer-agent-notification - - ceilometer-api - - ceilometer-collector - - heat-api - - heat-api-cfn - - heat-engine - - aodh-api - - aodh-notifier - - aodh-evaluator - - aodh-listener - - cron diff --git a/deploy/adapters/ansible/roles/controller-recovery/vars/RedHat.yml b/deploy/adapters/ansible/roles/controller-recovery/vars/RedHat.yml deleted file mode 100644 index 75a69e7d..00000000 --- a/deploy/adapters/ansible/roles/controller-recovery/vars/RedHat.yml +++ /dev/null @@ -1,39 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -controller_services: - - keepalived - - httpd - - openstack-nova-api - - openstack-nova-cert - - openstack-nova-conductor - - openstack-nova-consoleauth - - openstack-nova-novncproxy - - openstack-nova-scheduler - - neutron-server - - openstack-cinder-api - - openstack-cinder-scheduler - - openstack-glance-api - - openstack-glance-registry - - neutron-openvswitch-agent - - neutron-l3-agent - - neutron-dhcp-agent - - neutron-metadata-agent - - openstack-ceilometer-central - - openstack-ceilometer-notification - - openstack-ceilometer-api - - openstack-ceilometer-collector - - openstack-heat-api - - openstack-heat-api-cfn - - openstack-heat-engine - - openstack-aodh-api - - openstack-aodh-notifier - - openstack-aodh-evaluator - - openstack-aodh-listener - - cron diff --git a/deploy/adapters/ansible/roles/controller-recovery/vars/main.yml b/deploy/adapters/ansible/roles/controller-recovery/vars/main.yml deleted file mode 100644 index 89c1e8f0..00000000 --- a/deploy/adapters/ansible/roles/controller-recovery/vars/main.yml +++ /dev/null @@ -1,10 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -controller_services_noarch: [] diff --git a/deploy/adapters/ansible/roles/dashboard/handlers/main.yml b/deploy/adapters/ansible/roles/dashboard/handlers/main.yml deleted file mode 100755 index 8e28bbf6..00000000 --- a/deploy/adapters/ansible/roles/dashboard/handlers/main.yml +++ /dev/null @@ -1,12 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: restart dashboard services - service: name={{ item }} state=restarted enabled=yes - with_items: "{{ services | union(services_noarch) }}" diff --git a/deploy/adapters/ansible/roles/dashboard/tasks/main.yml b/deploy/adapters/ansible/roles/dashboard/tasks/main.yml deleted file mode 100644 index f52d802b..00000000 --- a/deploy/adapters/ansible/roles/dashboard/tasks/main.yml +++ /dev/null @@ -1,105 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - tags: - - horizon_theme - -- name: disable auto start - copy: - content: "#!/bin/sh\nexit 101" - dest: "/usr/sbin/policy-rc.d" - mode: 0755 - when: ansible_os_family == "Debian" - -- name: install dashboard packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: "{{ packages | union(packages_noarch) }}" - -- name: enable auto start - file: - path=/usr/sbin/policy-rc.d - state=absent - when: ansible_os_family == "Debian" - -- name: remove default apache2 config - file: - path: '{{ item }}' - state: absent - when: ansible_os_family == 'Debian' - with_items: - - '{{ apache_config_dir }}/conf-available/openstack-dashboard.conf' - - '{{ apache_config_dir }}/conf-enabled/openstack-dashboard.conf' - - '{{ apache_config_dir }}/sites-available/000-default.conf' - - '{{ apache_config_dir }}/sites-enabled/000-default.conf' - notify: - - restart dashboard services - -- name: update apache2 configs - template: - src: openstack-dashboard.conf.j2 - dest: '{{ apache_config_dir }}/sites-available/openstack-dashboard.conf' - when: ansible_os_family == 'Debian' - notify: - - restart dashboard services - -- name: update apache2 configs redhat - template: - src: openstack-dashboard-redhat.conf.j2 - dest: '{{ apache_config_dir }}/conf.d/openstack-dashboard.conf' - when: ansible_os_family == 'RedHat' - notify: - - restart dashboard services - -- name: enable dashboard - file: - src: "/etc/apache2/sites-available/openstack-dashboard.conf" - dest: "/etc/apache2/sites-enabled/openstack-dashboard.conf" - state: "link" - when: ansible_os_family == 'Debian' - notify: - - restart dashboard services - -- name: update ubuntu horizon settings - template: - src: local_settings.py.j2 - dest: "/etc/openstack-dashboard/local_settings.py" - when: ansible_os_family == 'Debian' - notify: - - restart dashboard services - tags: - - horizon_theme - -- name: precompile horizon css - shell: | - /usr/bin/python /usr/share/openstack-dashboard/manage.py compress --force - ignore_errors: "True" - when: ansible_os_family == 'Debian' - notify: - - restart dashboard services - -- name: update redhat version horizon settings - lineinfile: - dest: /etc/openstack-dashboard/local_settings - regexp: '{{ item.regexp }}' - line: '{{ item.line }}' - with_items: - - regexp: '^WEBROOT[ \t]*=.*' - line: 'WEBROOT = "/horizon"' - - regexp: '^COMPRESS_OFFLINE[ \t]*=.*' - line: 'COMPRESS_OFFLINE=False' - - regexp: '^ALLOWED_HOSTS[ \t]*=.*' - line: 'ALLOWED_HOSTS = ["*"]' - - regexp: '^OPENSTACK_HOST[ \t]*=.*' - line: 'OPENSTACK_HOST = "{{ internal_ip }}"' - when: ansible_os_family == 'RedHat' - notify: - - restart dashboard services - -- meta: flush_handlers diff --git a/deploy/adapters/ansible/roles/dashboard/templates/local_settings.py.j2 b/deploy/adapters/ansible/roles/dashboard/templates/local_settings.py.j2 deleted file mode 100644 index c9530b93..00000000 --- a/deploy/adapters/ansible/roles/dashboard/templates/local_settings.py.j2 +++ /dev/null @@ -1,333 +0,0 @@ -# -*- coding: utf-8 -*- - -import os - -from django.utils.translation import ugettext_lazy as _ - -from horizon.utils import secret_key - -from openstack_dashboard import exceptions -from openstack_dashboard.settings import HORIZON_CONFIG - -DEBUG = False - -WEBROOT = '/' - -LOCAL_PATH = os.path.dirname(os.path.abspath(__file__)) - -SECRET_KEY = secret_key.generate_or_read_from_file('/var/lib/openstack-dashboard/secret_key') - -SESSION_ENGINE = 'django.contrib.sessions.backends.cache' - -CACHES = { - 'default': { - 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', - 'LOCATION': '{{ internal_vip.ip }}:11211', - }, -} - -EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' - -OPENSTACK_HOST = "{{ internal_ip }}" -OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST -OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default" -OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_" -OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True - -OPENSTACK_API_VERSIONS = { - "identity": 3, - "image": 2, - "volume": 2, -} - -OPENSTACK_KEYSTONE_BACKEND = { - 'name': 'native', - 'can_edit_user': True, - 'can_edit_group': True, - 'can_edit_project': True, - 'can_edit_domain': True, - 'can_edit_role': True, -} - -OPENSTACK_HYPERVISOR_FEATURES = { - 'can_set_mount_point': False, - 'can_set_password': False, - 'requires_keypair': False, - 'enable_quotas': True -} - -OPENSTACK_CINDER_FEATURES = { - 'enable_backup': False, -} - -OPENSTACK_NEUTRON_NETWORK = { - 'enable_router': True, - 'enable_quotas': True, - 'enable_ipv6': True, - 'enable_distributed_router': False, - 'enable_ha_router': False, - 'enable_lb': True, - 'enable_firewall': True, - 'enable_vpn': True, - 'enable_fip_topology_check': True, - 'profile_support': None, - 'supported_vnic_types': ['*'], -} - -OPENSTACK_HEAT_STACK = { - 'enable_user_pass': True, -} - -IMAGE_CUSTOM_PROPERTY_TITLES = { - "architecture": _("Architecture"), - "kernel_id": _("Kernel ID"), - "ramdisk_id": _("Ramdisk ID"), - "image_state": _("Euca2ools state"), - "project_id": _("Project ID"), - "image_type": _("Image Type"), -} - -IMAGE_RESERVED_CUSTOM_PROPERTIES = [] - -API_RESULT_LIMIT = 1000 -API_RESULT_PAGE_SIZE = 20 -SWIFT_FILE_TRANSFER_CHUNK_SIZE = 512 * 1024 -INSTANCE_LOG_LENGTH = 35 -DROPDOWN_MAX_ITEMS = 30 - -TIME_ZONE = "UTC" - -{% if enable_ubuntu_theme == False %} -AVAILABLE_THEMES = [ - ('default', 'Default', 'themes/default'), - ('material', 'Material', 'themes/material'), -] -{% endif %} - -LOGGING = { - 'version': 1, - 'disable_existing_loggers': False, - 'formatters': { - 'operation': { - 'format': '%(asctime)s %(message)s' - }, - }, - 'handlers': { - 'null': { - 'level': 'DEBUG', - 'class': 'logging.NullHandler', - }, - 'console': { - 'level': 'INFO', - 'class': 'logging.StreamHandler', - }, - 'operation': { - 'level': 'INFO', - 'class': 'logging.StreamHandler', - 'formatter': 'operation', - }, - }, - 'loggers': { - 'django.db.backends': { - 'handlers': ['null'], - 'propagate': False, - }, - 'requests': { - 'handlers': ['null'], - 'propagate': False, - }, - 'horizon': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'horizon.operation_log': { - 'handlers': ['operation'], - 'level': 'INFO', - 'propagate': False, - }, - 'openstack_dashboard': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'novaclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'cinderclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'keystoneclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'glanceclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'neutronclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'heatclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'ceilometerclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'swiftclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'openstack_auth': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'nose.plugins.manager': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'django': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'iso8601': { - 'handlers': ['null'], - 'propagate': False, - }, - 'scss': { - 'handlers': ['null'], - 'propagate': False, - }, - }, -} - -SECURITY_GROUP_RULES = { - 'all_tcp': { - 'name': _('All TCP'), - 'ip_protocol': 'tcp', - 'from_port': '1', - 'to_port': '65535', - }, - 'all_udp': { - 'name': _('All UDP'), - 'ip_protocol': 'udp', - 'from_port': '1', - 'to_port': '65535', - }, - 'all_icmp': { - 'name': _('All ICMP'), - 'ip_protocol': 'icmp', - 'from_port': '-1', - 'to_port': '-1', - }, - 'ssh': { - 'name': 'SSH', - 'ip_protocol': 'tcp', - 'from_port': '22', - 'to_port': '22', - }, - 'smtp': { - 'name': 'SMTP', - 'ip_protocol': 'tcp', - 'from_port': '25', - 'to_port': '25', - }, - 'dns': { - 'name': 'DNS', - 'ip_protocol': 'tcp', - 'from_port': '53', - 'to_port': '53', - }, - 'http': { - 'name': 'HTTP', - 'ip_protocol': 'tcp', - 'from_port': '80', - 'to_port': '80', - }, - 'pop3': { - 'name': 'POP3', - 'ip_protocol': 'tcp', - 'from_port': '110', - 'to_port': '110', - }, - 'imap': { - 'name': 'IMAP', - 'ip_protocol': 'tcp', - 'from_port': '143', - 'to_port': '143', - }, - 'ldap': { - 'name': 'LDAP', - 'ip_protocol': 'tcp', - 'from_port': '389', - 'to_port': '389', - }, - 'https': { - 'name': 'HTTPS', - 'ip_protocol': 'tcp', - 'from_port': '443', - 'to_port': '443', - }, - 'smtps': { - 'name': 'SMTPS', - 'ip_protocol': 'tcp', - 'from_port': '465', - 'to_port': '465', - }, - 'imaps': { - 'name': 'IMAPS', - 'ip_protocol': 'tcp', - 'from_port': '993', - 'to_port': '993', - }, - 'pop3s': { - 'name': 'POP3S', - 'ip_protocol': 'tcp', - 'from_port': '995', - 'to_port': '995', - }, - 'ms_sql': { - 'name': 'MS SQL', - 'ip_protocol': 'tcp', - 'from_port': '1433', - 'to_port': '1433', - }, - 'mysql': { - 'name': 'MYSQL', - 'ip_protocol': 'tcp', - 'from_port': '3306', - 'to_port': '3306', - }, - 'rdp': { - 'name': 'RDP', - 'ip_protocol': 'tcp', - 'from_port': '3389', - 'to_port': '3389', - }, -} - -REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES', - 'LAUNCH_INSTANCE_DEFAULTS', - 'OPENSTACK_IMAGE_FORMATS'] - -DEFAULT_THEME = 'ubuntu' -WEBROOT='/horizon/' -ALLOWED_HOSTS = ['*',] -COMPRESS_OFFLINE = True -ALLOWED_PRIVATE_SUBNET_CIDR = {'ipv4': [], 'ipv6': []} diff --git a/deploy/adapters/ansible/roles/dashboard/templates/openstack-dashboard-redhat.conf.j2 b/deploy/adapters/ansible/roles/dashboard/templates/openstack-dashboard-redhat.conf.j2 deleted file mode 100644 index d4d1f297..00000000 --- a/deploy/adapters/ansible/roles/dashboard/templates/openstack-dashboard-redhat.conf.j2 +++ /dev/null @@ -1,21 +0,0 @@ -{% set work_threads = (ansible_processor_vcpus + 1) // 2 %} - -WSGIDaemonProcess horizon processes={{ work_threads }} threads={{ work_threads }} -WSGIProcessGroup horizon -WSGISocketPrefix run/wsgi - -WSGIScriptAlias /horizon {{ horizon_dir }}/openstack_dashboard/wsgi/django.wsgi -Alias /horizon/static {{ horizon_dir }}/static - -<Directory {{ horizon_dir }}/openstack_dashboard/wsgi> - Options All - AllowOverride All - Require all granted -</Directory> - -<Directory {{ horizon_dir }}/static> - Options All - AllowOverride All - Require all granted -</Directory> - diff --git a/deploy/adapters/ansible/roles/dashboard/templates/openstack-dashboard.conf b/deploy/adapters/ansible/roles/dashboard/templates/openstack-dashboard.conf deleted file mode 100644 index a5a791a3..00000000 --- a/deploy/adapters/ansible/roles/dashboard/templates/openstack-dashboard.conf +++ /dev/null @@ -1,14 +0,0 @@ -<VirtualHost *:80> - -WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi -WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10 -Alias /static /usr/share/openstack-dashboard/openstack_dashboard/static/ - -<Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi> -Order allow,deny -Allow from all -</Directory> - - -</VirtualHost> - diff --git a/deploy/adapters/ansible/roles/dashboard/templates/openstack-dashboard.conf.j2 b/deploy/adapters/ansible/roles/dashboard/templates/openstack-dashboard.conf.j2 deleted file mode 100755 index 664af687..00000000 --- a/deploy/adapters/ansible/roles/dashboard/templates/openstack-dashboard.conf.j2 +++ /dev/null @@ -1,18 +0,0 @@ -{% set work_threads = (ansible_processor_vcpus + 1) // 2 %} -{% if work_threads > 10 %} -{% set work_threads = 10 %} -{% endif %} - -<VirtualHost {{ internal_ip }}:80> - WSGIScriptAlias /horizon {{ horizon_dir }}/wsgi/django.wsgi - WSGIDaemonProcess horizon user=horizon group=horizon processes=4 threads={{ work_threads }} - WSGIProcessGroup horizon - Alias /static {{ horizon_dir }}/static/ - Alias /horizon/static {{ horizon_dir }}/static/ - <Directory {{ horizon_dir }}/wsgi> - Order allow,deny - Allow from all - </Directory> -</VirtualHost> - - diff --git a/deploy/adapters/ansible/roles/dashboard/templates/ports.j2 b/deploy/adapters/ansible/roles/dashboard/templates/ports.j2 deleted file mode 100755 index 0bfa0428..00000000 --- a/deploy/adapters/ansible/roles/dashboard/templates/ports.j2 +++ /dev/null @@ -1,15 +0,0 @@ -# if you just change the port or add more ports here, you will likely also -# have to change the VirtualHost statement in -# /etc/apache2/sites-enabled/000-default.conf - -Listen {{ internal_ip }}:80 - -<IfModule ssl_module> - Listen 443 -</IfModule> - -<IfModule mod_gnutls.c> - Listen 443 -</IfModule> - -# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/deploy/adapters/ansible/roles/dashboard/vars/Debian.yml b/deploy/adapters/ansible/roles/dashboard/vars/Debian.yml deleted file mode 100644 index aaeb8cdb..00000000 --- a/deploy/adapters/ansible/roles/dashboard/vars/Debian.yml +++ /dev/null @@ -1,17 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages: [] - -services: - - memcached - - apache2 - -apache_config_dir: /etc/apache2 -horizon_dir: /usr/share/openstack-dashboard/openstack_dashboard diff --git a/deploy/adapters/ansible/roles/dashboard/vars/RedHat.yml b/deploy/adapters/ansible/roles/dashboard/vars/RedHat.yml deleted file mode 100644 index 651cbee3..00000000 --- a/deploy/adapters/ansible/roles/dashboard/vars/RedHat.yml +++ /dev/null @@ -1,19 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages: - - mod_wsgi - - httpd - -services: - - httpd - -http_config_file: "/etc/httpd/conf/httpd.conf" -apache_config_dir: /etc/httpd -horizon_dir: /usr/share/openstack-dashboard diff --git a/deploy/adapters/ansible/roles/dashboard/vars/main.yml b/deploy/adapters/ansible/roles/dashboard/vars/main.yml deleted file mode 100644 index 2c940ede..00000000 --- a/deploy/adapters/ansible/roles/dashboard/vars/main.yml +++ /dev/null @@ -1,13 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages_noarch: - - openstack-dashboard - -services_noarch: [] diff --git a/deploy/adapters/ansible/roles/database/files/remove_user.sh b/deploy/adapters/ansible/roles/database/files/remove_user.sh deleted file mode 100644 index dc0b43fa..00000000 --- a/deploy/adapters/ansible/roles/database/files/remove_user.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - -mysql -uroot -Dmysql <<EOF -use mysql; -delete from user where user=''; -EOF diff --git a/deploy/adapters/ansible/roles/database/tasks/mariadb_cluster.yml b/deploy/adapters/ansible/roles/database/tasks/mariadb_cluster.yml deleted file mode 100644 index 84704fa4..00000000 --- a/deploy/adapters/ansible/roles/database/tasks/mariadb_cluster.yml +++ /dev/null @@ -1,14 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include: mariadb_cluster_debian.yml - when: ansible_os_family == "Debian" - -- include: mariadb_cluster_redhat.yml - when: ansible_os_family == "RedHat" diff --git a/deploy/adapters/ansible/roles/database/tasks/mariadb_cluster_debian.yml b/deploy/adapters/ansible/roles/database/tasks/mariadb_cluster_debian.yml deleted file mode 100644 index 9752b550..00000000 --- a/deploy/adapters/ansible/roles/database/tasks/mariadb_cluster_debian.yml +++ /dev/null @@ -1,73 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: get cluster status - shell: | - mysql --silent --skip-column-names -e 'SHOW STATUS LIKE "wsrep_evs_state"' \ - | awk '{print $2}' - register: cluster_status - when: - - inventory_hostname == haproxy_hosts.keys()[0] - -- name: start first node to create new cluster - shell: > - service mysql bootstrap; - service mysql start; - when: | - inventory_hostname == haproxy_hosts.keys()[0] - and not cluster_status.stdout | search("OPERATIONAL") - -- name: wait for cluster ready - shell: | - mysql --silent --skip-column-names -e 'SHOW STATUS LIKE "wsrep_evs_state"' \ - | awk '{print $2}' - register: cluster_status - until: cluster_status|success - failed_when: not cluster_status.stdout | search("OPERATIONAL") - retries: 10 - delay: 3 - when: | - inventory_hostname == haproxy_hosts.keys()[0] - and not cluster_status.stdout | search("OPERATIONAL") - -- name: if I in the cluster nodes - shell: | - mysql --silent --skip-column-names \ - -e 'SHOW STATUS LIKE "wsrep_incoming_addresses"' | awk '{print $2}' - register: cluster_nodes - changed_when: false - -- name: restart other nodes and join cluster1 - shell: service mysql restart; - when: | - inventory_hostname != haproxy_hosts.keys()[0] - and not cluster_nodes.stdout | search( "{{ internal_ip }}" ) - ignore_errors: "True" - -- name: delay 60 seconds - shell: sleep 60 - -- name: restart other nodes and join cluster2 - shell: service mysql restart; - when: | - inventory_hostname != haproxy_hosts.keys()[0] - and not cluster_nodes.stdout | search( "{{ internal_ip }}" ) - -- name: chmod directory - shell: > - chmod 755 -R /var/lib/mysql/; - chmod 755 -R /var/log/mysql/; - chmod 755 -R /etc/mysql/conf.d/; - -- name: restart first nodes - shell: service mysql restart - when: | - (inventory_hostname == haproxy_hosts.keys()[0] - and haproxy_hosts|length > 1 - and not cluster_nodes.stdout | search( '{{ internal_ip }}' )) diff --git a/deploy/adapters/ansible/roles/database/tasks/mariadb_cluster_redhat.yml b/deploy/adapters/ansible/roles/database/tasks/mariadb_cluster_redhat.yml deleted file mode 100644 index 77b18702..00000000 --- a/deploy/adapters/ansible/roles/database/tasks/mariadb_cluster_redhat.yml +++ /dev/null @@ -1,71 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: Register RECOVERY - set_fact: RECOVERY_ENV={{RECOVERY_ENV | default('False')}} - -- name: killall mysqld processes - shell: sudo killall -9 mysqld - when: RECOVERY_ENV - ignore_errors: "True" - -- name: get cluster status - shell: | - mysql --silent --skip-column-names -e 'SHOW STATUS LIKE "wsrep_evs_state"' \ - | awk '{print $2}' - register: cluster_status - when: - - inventory_hostname == haproxy_hosts.keys()[0] - -- name: start first node to create new cluster - shell: service mysql start --wsrep-new-cluster - when: | - inventory_hostname == haproxy_hosts.keys()[0] - and not cluster_status.stdout | search("OPERATIONAL") - -- name: wait for cluster ready - shell: | - mysql --silent --skip-column-names -e 'SHOW STATUS LIKE "wsrep_evs_state"' \ - | awk '{print $2}' - register: cluster_status - until: cluster_status|success - failed_when: not cluster_status.stdout | search("OPERATIONAL") - retries: 10 - delay: 3 - when: | - inventory_hostname == haproxy_hosts.keys()[0] - and not cluster_status.stdout | search("OPERATIONAL") - -- name: if I in the cluster nodes - shell: | - mysql --silent --skip-column-names \ - -e 'SHOW STATUS LIKE "wsrep_incoming_addresses"' | awk '{print $2}' - register: cluster_nodes - changed_when: false - -- name: restart other nodes and join cluster - service: - name: mysql - state: restarted - enabled: "yes" - when: | - inventory_hostname != haproxy_hosts.keys()[0] - and not cluster_nodes.stdout | search( "{{ internal_ip }}") - -- name: remove unused user - script: remove_user.sh - when: ansible_os_family == "RedHat" - -- name: restart first nodes - service: - name: mysql - state: restarted - when: | - inventory_hostname == haproxy_hosts.keys()[0] - and haproxy_hosts|length > 1 diff --git a/deploy/adapters/ansible/roles/database/tasks/mariadb_config.yml b/deploy/adapters/ansible/roles/database/tasks/mariadb_config.yml deleted file mode 100644 index 22b5d60c..00000000 --- a/deploy/adapters/ansible/roles/database/tasks/mariadb_config.yml +++ /dev/null @@ -1,88 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: create all needed db - mysql_db: - login_unix_socket=/var/run/mysqld/mysqld.sock - name={{ item.db }} - state=present - with_items: "{{ credentials }}" - tags: - - test_db - -- name: create service db user - mysql_user: - login_unix_socket=/var/run/mysqld/mysqld.sock - name={{ item[0].user }} - password={{ item[0].password }} - priv=*.*:ALL,GRANT - host={{ item[1] }} - state=present - with_nested: - - "{{ credentials }}" - - ['%', 'localhost'] - tags: - - test_user - -- name: create wsrep db user - mysql_user: - login_unix_socket=/var/run/mysqld/mysqld.sock - name={{ WSREP_SST_USER }} - password={{ WSREP_SST_PASS }} - priv=*.*:ALL,GRANT - host={{ item }} - state=present - with_items: ['%', 'localhost'] - -- name: remove unused user - script: remove_user.sh - when: ansible_os_family == "RedHat" - -- name: restart mysql for centos noha - service: - name: mysql - state: restarted - when: > - inventory_hostname == haproxy_hosts.keys()[0] - and haproxy_hosts|length == 1 - and ansible_os_family == "RedHat" - -- name: restart mysql second time for centos noha - service: - name: mysql - state: restarted - when: > - inventory_hostname == haproxy_hosts.keys()[0] - and haproxy_hosts|length == 1 - and ansible_os_family == "RedHat" - -- name: restart first nodes - service: - name: mysql - state: restarted - when: inventory_hostname == haproxy_hosts.keys()[0] - and haproxy_hosts|length > 1 - -- name: wait for cluster ready - command: mysql -e"show status like 'wsrep%'" - register: cluster_status - until: cluster_status|success - failed_when: not cluster_status.stdout | search("ON") - retries: 10 - delay: 3 - when: - - inventory_hostname == haproxy_hosts.keys()[0] - -- name: restart other nodes - service: - name: mysql - state: restarted - enabled: "yes" - when: - - inventory_hostname != haproxy_hosts.keys()[0] diff --git a/deploy/adapters/ansible/roles/database/tasks/mariadb_install.yml b/deploy/adapters/ansible/roles/database/tasks/mariadb_install.yml deleted file mode 100644 index ba800dca..00000000 --- a/deploy/adapters/ansible/roles/database/tasks/mariadb_install.yml +++ /dev/null @@ -1,75 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: disable auto start - copy: - content: "#!/bin/sh\nexit 101" - dest: "/usr/sbin/policy-rc.d" - mode: 0755 - when: ansible_os_family == "Debian" - -- name: change open file limit - copy: - content: "* - nofile 65536 }}" - dest: "/etc/security/limits.conf" - mode: 0755 - -- name: install python-mysqldb - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: "{{ maridb_packages | union(packages_noarch) }}" - -- name: create conf dir for wsrep - file: path=/etc/my.cnf.d state=directory mode=0755 - when: ansible_os_family == "RedHat" - -- name: update mariadb config file - template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - backup: "yes" - mode: 0644 - with_items: "{{ mysql_config }}" - -- name: bugfix for rsync version 3.1 - lineinfile: - dest: /usr/bin/wsrep_sst_rsync - state: absent - regexp: '{{ item }}' - with_items: - - "\\s*uid = \\$MYUID$" - - "\\s*gid = \\$MYGID$" - -- name: enable auto start - file: - path=/usr/sbin/policy-rc.d - state=absent - when: ansible_os_family == "Debian" - -- name: set owner - file: - path: /var/lib/mysql - owner: mysql - group: mysql - recurse: "yes" - state: directory - mode: 0755 - -- name: get logfile stat - stat: path='{{ mysql_data_dir }}/ib_logfile0' - register: logfile_stat - -- debug: msg='{{ logfile_stat.stat.exists}}' -- debug: msg='{{ logfile_stat.stat.size }}' - when: logfile_stat.stat.exists - -- name: rm logfile if exist and size mismatch - shell: 'rm -rf {{ mysql_data_dir }}/ib_logfile*' - when: | - logfile_stat.stat.exists - and logfile_stat.stat.size != 1073741824 diff --git a/deploy/adapters/ansible/roles/database/tasks/mongodb_config.yml b/deploy/adapters/ansible/roles/database/tasks/mongodb_config.yml deleted file mode 100755 index 10f0322c..00000000 --- a/deploy/adapters/ansible/roles/database/tasks/mongodb_config.yml +++ /dev/null @@ -1,70 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: copy mongo js - template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - with_items: - - src: replica.js - dest: /opt/replica.js - -- name: init replica servers - shell: mongo compass /opt/replica.js - -- name: wait replica servers are ready - shell: | - mongo compass --eval 'printjson(rs.status())'| \ - grep -E 'PRIMARY|SECONDARY'| wc -l - register: servers - until: servers.stdout|int == {{ haproxy_hosts|length }} - retries: 60 - delay: 10 - -- debug: msg='{{ servers.stdout |int }}' - -- name: wait replica servers are ready - shell: mongo compass --eval 'printjson(rs.status())'|grep -E 'PRIMARY'|wc -l - register: servers - until: servers.stdout|int == 1 - retries: 60 - delay: 10 - -- debug: msg='{{ servers.stdout |int }}' - -- name: Add admin user - mongodb_user: - login_host: "{{ internal_vip.ip }}" - database: admin - name: root - password: root - roles: 'root' - state: present - -- name: create mongodb user and db - mongodb_user: - login_host: "{{ internal_vip.ip }}" - login_user: root - login_password: root - database: ceilometer - name: ceilometer - password: "{{ CEILOMETER_DBPASS }}" - roles: 'readWrite,dbAdmin' - state: present - -- name: grant user privilege - mongodb_user: - login_host: "{{ internal_vip.ip }}" - login_user: root - login_password: root - database: ceilometer - name: ceilometer - password: "{{ CEILOMETER_DBPASS }}" - roles: 'readWrite,dbAdmin' - state: present diff --git a/deploy/adapters/ansible/roles/database/tasks/mongodb_install.yml b/deploy/adapters/ansible/roles/database/tasks/mongodb_install.yml deleted file mode 100755 index 67bc0499..00000000 --- a/deploy/adapters/ansible/roles/database/tasks/mongodb_install.yml +++ /dev/null @@ -1,40 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: install mongodb packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: "{{ mongodb_packages | union(packages_noarch) }}" - -- name: install pymongod packages - pip: name={{ item }} state=present extra_args='--pre' - with_items: "{{ pip_packages }}" - -- name: copy ceilometer configs - template: src=mongodb.conf dest=/opt/os_templates backup=yes - -- name: update mongodb config file - shell: | - crudini --merge {{ mongodb_config.dest }} < /opt/os_templates/mongodb.conf - -- name: rm prealloc files - file: - dest: "{{ item }}" - state: absent - with_fileglob: - - "{{ mongodb_config.journal }}" - -- name: manually restart mongodb server - service: name={{ mongodb_service }} state=restarted enabled=yes - ignore_errors: true - -- name: write mongodb to monitor list - lineinfile: dest=/opt/service create=yes line={{ mongodb_service}} - -- name: wait for mongod ready - wait_for: host=0.0.0.0 port=27017 delay=10 diff --git a/deploy/adapters/ansible/roles/database/templates/data.j2 b/deploy/adapters/ansible/roles/database/templates/data.j2 deleted file mode 100644 index 66c2fead..00000000 --- a/deploy/adapters/ansible/roles/database/templates/data.j2 +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/sh -mysql -uroot -Dmysql <<EOF -drop database if exists keystone; -drop database if exists glance; -drop database if exists neutron; -drop database if exists nova; -drop database if exists cinder; -drop database if exists heat; -drop database if exists aodh; - -CREATE DATABASE keystone; -{% for host in ['%', 'localhost', inventory_hostname] %} -GRANT ALL ON keystone.* TO 'keystone'@'{{ host }}' IDENTIFIED BY '{{ KEYSTONE_DBPASS }}'; -{% endfor %} - -CREATE DATABASE glance; -{% for host in ['%', 'localhost', inventory_hostname] %} -GRANT ALL ON glance.* TO 'glance'@'{{ host }}' IDENTIFIED BY '{{ GLANCE_DBPASS }}'; -{% endfor %} - -CREATE DATABASE neutron; -{% for host in ['%', 'localhost', inventory_hostname] %} -GRANT ALL ON neutron.* TO 'neutron'@'{{ host }}' IDENTIFIED BY '{{ NEUTRON_DBPASS }}'; -{% endfor %} - -CREATE DATABASE nova; -{% for host in ['%', 'localhost', inventory_hostname] %} -GRANT ALL ON nova.* TO 'nova'@'{{ host }}' IDENTIFIED BY '{{ NOVA_DBPASS }}'; -{% endfor %} - -CREATE DATABASE cinder; -{% for host in ['%', 'localhost', inventory_hostname] %} -GRANT ALL ON cinder.* TO 'cinder'@'{{ host }}' IDENTIFIED BY '{{ CINDER_DBPASS }}'; -{% endfor %} - -CREATE DATABASE heat; -{% for host in ['%', 'localhost', inventory_hostname] %} -GRANT ALL ON heat.* TO 'heat'@'{{ host }}' IDENTIFIED BY '{{ HEAT_DBPASS }}'; -{% endfor %} - -CREATE DATABASE aodh; -{% for host in ['%', 'localhost', inventory_hostname] %} -GRANT ALL ON aodh.* TO 'aodh'@'{{ host }}' IDENTIFIED BY '{{ AODH_DBPASS }}'; -{% endfor %} - -{% if WSREP_SST_USER is defined %} -{% for host in ['%', 'localhost', inventory_hostname] %} -GRANT ALL ON *.* TO '{{ WSREP_SST_USER }}'@'{{ host }}' IDENTIFIED BY '{{ WSREP_SST_PASS }}'; -{% endfor %} -{% endif %} -EOF diff --git a/deploy/adapters/ansible/roles/database/templates/mongodb.conf b/deploy/adapters/ansible/roles/database/templates/mongodb.conf deleted file mode 100644 index 7d6dda93..00000000 --- a/deploy/adapters/ansible/roles/database/templates/mongodb.conf +++ /dev/null @@ -1,6 +0,0 @@ -# mongodb.conf -bind_ip = 0.0.0.0 -replSet = compass -port = 27017 -smallfiles = true -oplogSize = 10240 diff --git a/deploy/adapters/ansible/roles/database/templates/my.cnf b/deploy/adapters/ansible/roles/database/templates/my.cnf deleted file mode 100644 index 1ed9b931..00000000 --- a/deploy/adapters/ansible/roles/database/templates/my.cnf +++ /dev/null @@ -1,59 +0,0 @@ -[client] -port = 3306 -socket = /var/run/mysqld/mysqld.sock - - -[mysqld_safe] -socket = /var/run/mysqld/mysqld.sock -nice = 0 - - -[mysql] -default-character-set = utf8 - -[mysqld] -user = mysql -collation-server = utf8_unicode_ci -init-connect = 'SET NAMES utf8' -character-set-server = utf8 -datadir = /var/lib/mysql -bind-address = {{ internal_ip }} - -max-allowed-packet = 16M -max-connect-errors = 1000000 - -max_connections = {{ ansible_processor_vcpus * 100 }} - -wait_timeout = 28800 -tmp-table-size = 32M -max-heap-table-size = 32M -query-cache-type = 0 -query-cache-size = 0M -thread-cache-size = {{ ansible_processor_vcpus * 10 }} -open-files-limit = 65535 -table-definition-cache = 4096 -table-open-cache = 10240 - -innodb-flush-method = O_DIRECT -innodb-additional-mem-pool-size = 24M -innodb-log-file-size = 1024M -innodb-file-per-table = 1 -innodb-buffer-pool-size = 4096M - -innodb-read-io-threads = 4 -innodb-write-io-threads = 4 -innodb-doublewrite = 1 -innodb-log-buffer-size = 1024M -innodb-buffer-pool-instances = 8 -innodb-log-files-in-group = 2 -innodb-thread-concurrency = {{ ansible_processor_vcpus * 2 }} - -innodb_stats_on_metadata = 0 - -[mysqldump] -quick -quote-names -max_allowed_packet = 16M - - -!includedir {{ mysql_config_dir }} diff --git a/deploy/adapters/ansible/roles/database/templates/replica.js b/deploy/adapters/ansible/roles/database/templates/replica.js deleted file mode 100644 index 7e7072ff..00000000 --- a/deploy/adapters/ansible/roles/database/templates/replica.js +++ /dev/null @@ -1,8 +0,0 @@ -config = { _id:"compass", members:[ -{% for hostname, host in haproxy_hosts.items() %} -{% set pair = '%s:27017' % host %} - {_id:{{ loop.index0 }},host:"{{ pair }}",priority:{{ host_index[hostname] + 1 }}}, - {% endfor %} - ] -}; -rs.initiate(config); diff --git a/deploy/adapters/ansible/roles/database/templates/wsrep.cnf b/deploy/adapters/ansible/roles/database/templates/wsrep.cnf deleted file mode 100644 index 4dc6fb7b..00000000 --- a/deploy/adapters/ansible/roles/database/templates/wsrep.cnf +++ /dev/null @@ -1,105 +0,0 @@ -[mysqld] -binlog_format=ROW -innodb_autoinc_lock_mode=2 -innodb_locks_unsafe_for_binlog=1 - -# Query Cache is not supported with wsrep -query_cache_size=0 -query_cache_type=0 - -default_storage_engine = InnoDB - -## -## WSREP options -## - -# Full path to wsrep provider library or 'none' -wsrep_provider={{ wsrep_provider_file }} - -# Provider specific configuration options -wsrep_provider_options="gcache.size=1024M" - -# Logical cluster name. Should be the same for all nodes. -wsrep_cluster_name="my_wsrep_cluster" - -# Group communication system handle -{% if haproxy_hosts|length == 1 %} -wsrep_cluster_address=gcomm:// -{% else %} -wsrep_cluster_address=gcomm://{{ haproxy_hosts.values()|join(",") }} -{% endif %} - -# Human-readable node name (non-unique). Hostname by default. -#wsrep_node_name= - -# Base replication <address|hostname>[:port] of the node. -# The values supplied will be used as defaults for state transfer receiving, -# listening ports and so on. Default: address of the first network interface. -wsrep_node_address={{ internal_ip }} - -# Address for incoming client connections. Autodetect by default. -#wsrep_node_incoming_address= - -# How many threads will process writesets from other nodes -wsrep_slave_threads={{ ansible_processor_vcpus }} - -# DBUG options for wsrep provider -#wsrep_dbug_option - -# Generate fake primary keys for non-PK tables (required for multi-master -# and parallel applying operation) -wsrep_certify_nonPK=1 - -# Maximum number of rows in write set -wsrep_max_ws_rows=131072 - -# Maximum size of write set -wsrep_max_ws_size=1073741824 - -# to enable debug level logging, set this to 1 -wsrep_debug=1 - -# convert locking sessions into transactions -wsrep_convert_LOCK_to_trx=0 - -# how many times to retry deadlocked autocommits -wsrep_retry_autocommit=3 - -# change auto_increment_increment and auto_increment_offset automatically -wsrep_auto_increment_control=1 - -# retry autoinc insert, which failed for duplicate key error -wsrep_drupal_282555_workaround=0 - -# enable "strictly synchronous" semantics for read operations -wsrep_causal_reads=0 - -# Command to call when node status or cluster membership changes. -# Will be passed all or some of the following options: -# --status - new status of this node -# --uuid - UUID of the cluster -# --primary - whether the component is primary or not ("yes"/"no") -# --members - comma-separated list of members -# --index - index of this node in the list -wsrep_notify_cmd= - -## -## WSREP State Transfer options -## - -# State Snapshot Transfer method -wsrep_sst_method=rsync - -# Address on THIS node to receive SST at. DON'T SET IT TO DONOR ADDRESS!!! -# (SST method dependent. Defaults to the first IP of the first interface) -#wsrep_sst_receive_address= - -# SST authentication string. This will be used to send SST to joining nodes. -# Depends on SST method. For mysqldump method it is root:<root password> -wsrep_sst_auth={{ WSREP_SST_USER }}:{{ WSREP_SST_PASS }} - -# Desired SST donor name. -#wsrep_sst_donor= - -# Protocol version to use -# wsrep_protocol_version= diff --git a/deploy/adapters/ansible/roles/database/vars/Debian.yml b/deploy/adapters/ansible/roles/database/vars/Debian.yml deleted file mode 100644 index c657f62e..00000000 --- a/deploy/adapters/ansible/roles/database/vars/Debian.yml +++ /dev/null @@ -1,55 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -mongodb_packages: - - mongodb-server - - mongodb-clients - - python-pymongo - -mysql_packages: - - python-mysqldb - - mysql-server - -maridb_packages: - - apt-transport-https - - debconf-utils - - libaio1 - - libc6 - - libdbd-mysql-perl - - libgcc1 - - libgcrypt20 - - libstdc++6 - - python-software-properties - - mariadb-client - - galera-3 - - rsync - - socat - - mariadb-galera-server-10.0 - - python-mysqldb - -pip_packages: [] - -services: [] - -mongodb_service: mongodb -mysql_config: - - dest: /etc/mysql/my.cnf - src: my.cnf - - dest: /etc/mysql/conf.d/wsrep.cnf - src: wsrep.cnf - -mysql_config_dir: /etc/mysql/conf.d -mysql_data_dir: /var/lib/mysql - -mongodb_config: - dest: /etc/mongodb.conf - src: mongodb.conf - journal: /var/lib/mongodb/journal/* - -wsrep_provider_file: "/usr/lib/galera/libgalera_smm.so" diff --git a/deploy/adapters/ansible/roles/database/vars/RedHat.yml b/deploy/adapters/ansible/roles/database/vars/RedHat.yml deleted file mode 100644 index 62f331c7..00000000 --- a/deploy/adapters/ansible/roles/database/vars/RedHat.yml +++ /dev/null @@ -1,45 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -mysql_packages: - - MySQL-python - - mysql-server - -maridb_packages: - - MySQL-python - - MariaDB-Galera-server - - MariaDB-client - - galera - -mongodb_packages: - - mongo-10gen-server - - mongo-10gen - -pip_packages: - - pymongo - -services: [] - -mongodb_service: mongod - -mysql_config: - - dest: /etc/my.cnf - src: my.cnf - - dest: /etc/my.cnf.d/wsrep.cnf - src: wsrep.cnf - -mysql_config_dir: /etc/my.cnf.d -mysql_data_dir: /var/lib/mysql - -mongodb_config: - dest: /etc/mongod.conf - src: mongodb.conf - journal: /var/lib/mongo/journal/* - -wsrep_provider_file: "/usr/lib64/galera/libgalera_smm.so" diff --git a/deploy/adapters/ansible/roles/database/vars/main.yml b/deploy/adapters/ansible/roles/database/vars/main.yml deleted file mode 100644 index a32897f0..00000000 --- a/deploy/adapters/ansible/roles/database/vars/main.yml +++ /dev/null @@ -1,39 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages_noarch: [] - -services_noarch: - - mysql - -credentials: - - user: keystone - db: keystone - password: "{{ KEYSTONE_DBPASS }}" - - user: neutron - db: neutron - password: "{{ NEUTRON_DBPASS }}" - - user: glance - db: glance - password: "{{ GLANCE_DBPASS }}" - - user: nova - db: nova_api - password: "{{ NOVA_DBPASS }}" - - user: nova - db: nova - password: "{{ NOVA_DBPASS }}" - - user: cinder - db: cinder - password: "{{ CINDER_DBPASS }}" - - user: heat - db: heat - password: "{{ HEAT_DBPASS }}" - - user: aodh - db: aodh - password: "{{ AODH_DBPASS }}" diff --git a/deploy/adapters/ansible/roles/ext-network/handlers/main.yml b/deploy/adapters/ansible/roles/ext-network/handlers/main.yml deleted file mode 100644 index 263b2c5f..00000000 --- a/deploy/adapters/ansible/roles/ext-network/handlers/main.yml +++ /dev/null @@ -1,29 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: restart neutron-plugin-openvswitch-agent - service: name=neutron-openvswitch-agent state=restarted enabled=yes - when: "'opendaylight' not in {{ NEUTRON_MECHANISM_DRIVERS }}" - -- name: restart neutron-l3-agent - service: name=neutron-l3-agent state=restarted enabled=yes - -- name: kill dnsmasq - command: killall dnsmasq - ignore_errors: "True" - -- name: restart neutron-dhcp-agent - service: name=neutron-dhcp-agent state=restarted enabled=yes - -- name: restart neutron-metadata-agent - service: name=neutron-metadata-agent state=restarted enabled=yes - -- name: restart xorp - service: name=xorp state=restarted enabled=yes sleep=10 - ignore_errors: "True" diff --git a/deploy/adapters/ansible/roles/ext-network/tasks/main.yml b/deploy/adapters/ansible/roles/ext-network/tasks/main.yml deleted file mode 100644 index eb95f636..00000000 --- a/deploy/adapters/ansible/roles/ext-network/tasks/main.yml +++ /dev/null @@ -1,63 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - -# FIXME: temporary workaround for openstack api access random failure -- name: restart api server - service: name={{ item }} state=restarted enabled=yes - with_items: api_services | union(api_services_noarch) - ignore_errors: "True" - -- name: restart neutron server - service: name=neutron-server state=restarted enabled=yes - -- name: wait for neutron ready - wait_for: port=9696 delay=10 timeout=60 host={{ internal_ip }} - -- name: create external net - os_network: - cloud: opnfv - name: "{{ public_net_info.network }}" - provider_network_type: "{{ public_net_info.type }}" - provider_physical_network: "{{ public_net_info.provider_network }}" - shared: false - external: "yes" - state: present - run_once: true - when: public_net_info.enable == "True" - and public_net_info.type == "flat" - -- name: create external net - os_network: - cloud: opnfv - name: "{{ public_net_info.network }}" - provider_network_type: "{{ public_net_info.type }}" - provider_segmentation_id: "{{ public_net_info.segment_id }}" - shared: false - external: "yes" - state: present - run_once: true - when: public_net_info.enable == "True" - and public_net_info.type != "flat" - -- name: create external subnet - os_subnet: - cloud: opnfv - name: "{{ public_net_info.subnet }}" - network_name: "{{ public_net_info.network }}" - cidr: "{{ public_net_info.floating_ip_cidr }}" - enable_dhcp: "{{ public_net_info.enable_dhcp }}" - no_gateway_ip: "{{ public_net_info.no_gateway }}" - gateway_ip: "{{ public_net_info.external_gw }}" - allocation_pool_start: "{{ public_net_info.floating_ip_start }}" - allocation_pool_end: "{{ public_net_info.floating_ip_end }}" - state: present - run_once: true - when: public_net_info.enable == "True" diff --git a/deploy/adapters/ansible/roles/ext-network/vars/Debian.yml b/deploy/adapters/ansible/roles/ext-network/vars/Debian.yml deleted file mode 100644 index 069afc14..00000000 --- a/deploy/adapters/ansible/roles/ext-network/vars/Debian.yml +++ /dev/null @@ -1,15 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -api_services: - - nova-api - - glance-api - - heat-api - - heat-api-cfn - - cinder-api diff --git a/deploy/adapters/ansible/roles/ext-network/vars/RedHat.yml b/deploy/adapters/ansible/roles/ext-network/vars/RedHat.yml deleted file mode 100644 index 47fc4a32..00000000 --- a/deploy/adapters/ansible/roles/ext-network/vars/RedHat.yml +++ /dev/null @@ -1,15 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -api_services: - - openstack-nova-api - - openstack-glance-api - - openstack-heat-api - - openstack-heat-api-cfn - - openstack-cinder-api diff --git a/deploy/adapters/ansible/roles/ext-network/vars/main.yml b/deploy/adapters/ansible/roles/ext-network/vars/main.yml deleted file mode 100644 index b19b6ebf..00000000 --- a/deploy/adapters/ansible/roles/ext-network/vars/main.yml +++ /dev/null @@ -1,10 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -api_services_noarch: [] diff --git a/deploy/adapters/ansible/roles/glance/handlers/main.yml b/deploy/adapters/ansible/roles/glance/handlers/main.yml deleted file mode 100644 index 22f31cea..00000000 --- a/deploy/adapters/ansible/roles/glance/handlers/main.yml +++ /dev/null @@ -1,12 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: restart glance services - service: name={{ item }} state=restarted enabled=yes - with_items: "{{ services | union(services_noarch) }}" diff --git a/deploy/adapters/ansible/roles/glance/tasks/glance_config.yml b/deploy/adapters/ansible/roles/glance/tasks/glance_config.yml deleted file mode 100644 index 6ea5112f..00000000 --- a/deploy/adapters/ansible/roles/glance/tasks/glance_config.yml +++ /dev/null @@ -1,16 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: sync glance db - shell: su -s /bin/sh -c 'glance-manage db sync' glance - ignore_errors: "True" - notify: - - restart glance services - -- meta: flush_handlers diff --git a/deploy/adapters/ansible/roles/glance/tasks/glance_install.yml b/deploy/adapters/ansible/roles/glance/tasks/glance_install.yml deleted file mode 100644 index 9c95546d..00000000 --- a/deploy/adapters/ansible/roles/glance/tasks/glance_install.yml +++ /dev/null @@ -1,26 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: install glance packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=latest" - with_items: "{{ packages | union(packages_noarch) }}" - -- name: generate glance service list - lineinfile: dest=/opt/service create=yes line='{{ item }}' - with_items: "{{ services | union(services_noarch) }}" - -- name: update glance conf - template: src={{ item }} dest=/etc/glance/{{ item }} - backup=yes - with_items: - - glance-api.conf - - glance-registry.conf - -- name: remove default sqlite db - shell: rm /var/lib/glance/glance.sqlite || touch glance.sqllite.db.removed diff --git a/deploy/adapters/ansible/roles/glance/tasks/main.yml b/deploy/adapters/ansible/roles/glance/tasks/main.yml deleted file mode 100644 index caece26c..00000000 --- a/deploy/adapters/ansible/roles/glance/tasks/main.yml +++ /dev/null @@ -1,31 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - tags: - - recovery - -- include: glance_install.yml - tags: - - install - - glance_install - - glance - -- include: nfs.yml - tags: - - nfs - -- include: glance_config.yml - when: inventory_hostname == groups['controller'][0] - tags: - - config - - glance_config - - glance - -- meta: flush_handlers diff --git a/deploy/adapters/ansible/roles/glance/tasks/nfs.yml b/deploy/adapters/ansible/roles/glance/tasks/nfs.yml deleted file mode 100644 index 36d176f2..00000000 --- a/deploy/adapters/ansible/roles/glance/tasks/nfs.yml +++ /dev/null @@ -1,70 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: install nfs packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: "{{ nfs_packages }}" - -- name: install nfs - local_action: yum name={{ item }} state=present - with_items: - - rpcbind - - nfs-utils - run_once: "True" - -- name: create image directory - local_action: file path=/opt/images state=directory mode=0777 - run_once: "True" - -- name: remove nfs config item if exist - local_action: lineinfile dest=/etc/exports state=absent - regexp="^/opt/images" - run_once: "True" - -- name: update nfs config - local_action: lineinfile dest=/etc/exports state=present - line="/opt/images *(rw,insecure,sync,all_squash)" - run_once: "True" - -- name: restart compass nfs service - local_action: service name={{ item }} state=restarted enabled=yes - with_items: - - rpcbind - - nfs-server - run_once: "True" - -- name: get mount info - command: mount - register: mount_info - tags: - - recovery - -- name: get nfs server - shell: awk -F'=' '/compass_server/ {print $2}' /etc/compass.conf - register: ip_info - tags: - - recovery - -- name: restart host nfs service - service: name={{ item }} state=restarted enabled=yes - with_items: '{{ nfs_services }}' - -- name: mount image directory - shell: | - mkdir -p /var/lib/glance/images; - mount -t nfs -onfsvers=3 {{ ip_info.stdout_lines[0] }}:/opt/images \ - /var/lib/glance/images; - sed -i '/\/var\/lib\/glance\/images/d' /etc/fstab; - echo {{ ip_info.stdout_lines[0] }}:/opt/images /var/lib/glance/images/ nfs \ - fsvers=3 >> /etc/fstab; - when: mount_info.stdout.find('images') == -1 - retries: 5 - delay: 3 - tags: - - recovery diff --git a/deploy/adapters/ansible/roles/glance/templates/glance-api.conf b/deploy/adapters/ansible/roles/glance/templates/glance-api.conf deleted file mode 100644 index 241f04ce..00000000 --- a/deploy/adapters/ansible/roles/glance/templates/glance-api.conf +++ /dev/null @@ -1,93 +0,0 @@ -{% set workers = ansible_processor_vcpus // 2 %} -{% set workers = workers if workers else 1 %} -{% set memcached_servers = [] %} -{% set rabbitmq_servers = [] %} -{% for host in haproxy_hosts.values() %} -{% set _ = memcached_servers.append('%s:11211'% host) %} -{% set _ = rabbitmq_servers.append('%s:5672'% host) %} -{% endfor %} -{% set memcached_servers = memcached_servers|join(',') %} -{% set rabbitmq_servers = rabbitmq_servers|join(',') %} - -[DEFAULT] -verbose = {{ VERBOSE }} -debug = {{ DEBUG }} -log_file = /var/log/glance/api.log -bind_host = {{ image_host }} -bind_port = 9292 -backlog = 4096 -workers = {{ workers }} -registry_host = {{ internal_ip }} -registry_port = 9191 -registry_client_protocol = http -cinder_catalog_info = volume:cinder:internalURL - -enable_v1_api = True -enable_v1_registry = True -enable_v2_api = True -enable_v2_registry = True - -notification_driver = messagingv2 -rpc_backend = rabbit - -delayed_delete = False -scrubber_datadir = /var/lib/glance/scrubber -scrub_time = 43200 -image_cache_dir = /var/lib/glance/image-cache/ -show_image_direct_url = True - -[database] -backend = sqlalchemy -connection = mysql://glance:{{ GLANCE_DBPASS }}@{{ db_host }}/glance?charset=utf8 -idle_timeout = 30 -sqlite_db = /var/lib/glance/glance.sqlite - -[task] -task_executor = taskflow - -[glance_store] -default_store = file -stores = file,http,cinder,rbd -filesystem_store_datadir = /var/lib/glance/images/ - -[image_format] -disk_formats = ami,ari,aki,vhd,vhdx,vmdk,raw,qcow2,vdi,iso,root-tar - -[profiler] -enabled = True - -[keystone_authtoken] -auth_uri = http://{{ internal_vip.ip }}:5000 -auth_url = http://{{ internal_vip.ip }}:35357 -memcached_servers = {{ memcached_servers }} -auth_type = password -project_domain_name = default -user_domain_name = default -project_name = service -username = glance -password = {{ GLANCE_PASS }} -token_cache_time = 300 -revocation_cache_time = 60 - -identity_uri = http://{{ internal_vip.ip }}:35357 -admin_tenant_name = service -admin_user = glance -admin_password = {{ GLANCE_PASS }} - -[paste_deploy] -flavor= keystone - -[oslo_messaging_amqp] -idle_timeout = 7200 - -[oslo_messaging_rabbit] -rabbit_hosts = {{ rabbitmq_servers }} -rabbit_use_ssl = false -rabbit_userid = {{ RABBIT_USER }} -rabbit_password = {{ RABBIT_PASS }} -rabbit_virtual_host = / -default_notification_exchange = glance - -rabbit_notification_exchange = glance -rabbit_notification_topic = notifications -rabbit_durable_queues = False diff --git a/deploy/adapters/ansible/roles/glance/templates/glance-registry.conf b/deploy/adapters/ansible/roles/glance/templates/glance-registry.conf deleted file mode 100644 index ccd8f1bb..00000000 --- a/deploy/adapters/ansible/roles/glance/templates/glance-registry.conf +++ /dev/null @@ -1,64 +0,0 @@ -{% set workers = ansible_processor_vcpus // 2 %} -{% set workers = workers if workers else 1 %} -{% set memcached_servers = [] %} -{% set rabbitmq_servers = [] %} -{% for host in haproxy_hosts.values() %} -{% set _ = memcached_servers.append('%s:11211'% host) %} -{% set _ = rabbitmq_servers.append('%s:5672'% host) %} -{% endfor %} -{% set memcached_servers = memcached_servers|join(',') %} -{% set rabbitmq_servers = rabbitmq_servers|join(',') %} - -[DEFAULT] -verbose = {{ VERBOSE }} -debug = {{ DEBUG }} -log_file = /var/log/glance/api.log -bind_host = {{ image_host }} -bind_port = 9191 -backlog = 4096 -workers = {{ workers }} - -notification_driver = messagingv2 -rpc_backend = rabbit - -[database] -backend = sqlalchemy -connection = mysql://glance:{{ GLANCE_DBPASS }}@{{ db_host }}/glance?charset=utf8 -idle_timeout = 30 - -[profiler] -enabled = True - -[keystone_authtoken] -auth_uri = http://{{ internal_vip.ip }}:5000 -auth_url = http://{{ internal_vip.ip }}:35357 -memcached_servers = {{ memcached_servers }} -auth_type = password -project_domain_name = default -user_domain_name = default -project_name = service -username = glance -password = {{ GLANCE_PASS }} - -identity_uri = http://{{ internal_vip.ip }}:35357 -admin_tenant_name = service -admin_user = glance -admin_password = {{ GLANCE_PASS }} -token_cache_time = 300 -revocation_cache_time = 60 - -[paste_deploy] -flavor= keystone - -[oslo_messaging_amqp] -idle_timeout = 7200 - -[oslo_messaging_rabbit] -rabbit_hosts = {{ rabbitmq_servers }} -rabbit_use_ssl = false -rabbit_userid = {{ RABBIT_USER }} -rabbit_password = {{ RABBIT_PASS }} -rabbit_virtual_host = / -rabbit_notification_exchange = glance -rabbit_notification_topic = notifications -rabbit_durable_queues = False diff --git a/deploy/adapters/ansible/roles/glance/templates/image_upload.sh b/deploy/adapters/ansible/roles/glance/templates/image_upload.sh deleted file mode 100644 index 39cf9272..00000000 --- a/deploy/adapters/ansible/roles/glance/templates/image_upload.sh +++ /dev/null @@ -1,10 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## -sleep 10 -glance --os-username=admin --os-password={{ ADMIN_PASS }} --os-tenant-name=admin --os-auth-url=http://{{ internal_vip.ip }}:35357/v2.0 image-create --name="cirros" --disk-format=qcow2 --container-format=bare --is-public=true < /opt/{{ build_in_image_name }} && touch glance.import.completed diff --git a/deploy/adapters/ansible/roles/glance/vars/Debian.yml b/deploy/adapters/ansible/roles/glance/vars/Debian.yml deleted file mode 100644 index d1825012..00000000 --- a/deploy/adapters/ansible/roles/glance/vars/Debian.yml +++ /dev/null @@ -1,21 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages: - - glance - - nfs-common - -nfs_packages: - - nfs-common - -nfs_services: [] - -services: - - glance-registry - - glance-api diff --git a/deploy/adapters/ansible/roles/glance/vars/RedHat.yml b/deploy/adapters/ansible/roles/glance/vars/RedHat.yml deleted file mode 100644 index 2987d0c4..00000000 --- a/deploy/adapters/ansible/roles/glance/vars/RedHat.yml +++ /dev/null @@ -1,23 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages: - - openstack-glance - - rpcbind - -nfs_packages: - - nfs-utils - - rpcbind - -nfs_services: - - rpcbind - -services: - - openstack-glance-api - - openstack-glance-registry diff --git a/deploy/adapters/ansible/roles/glance/vars/main.yml b/deploy/adapters/ansible/roles/glance/vars/main.yml deleted file mode 100644 index d34d42fd..00000000 --- a/deploy/adapters/ansible/roles/glance/vars/main.yml +++ /dev/null @@ -1,13 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages_noarch: - - python-glanceclient - -services_noarch: [] diff --git a/deploy/adapters/ansible/roles/ha/files/galera_chk b/deploy/adapters/ansible/roles/ha/files/galera_chk deleted file mode 100644 index 9fd165c0..00000000 --- a/deploy/adapters/ansible/roles/ha/files/galera_chk +++ /dev/null @@ -1,10 +0,0 @@ -#! /bin/sh - -code=`mysql -uroot -e "show status" | awk '/Threads_running/{print $2}'` - -if [ "$code"=="1" ] -then - echo "HTTP/1.1 200 OK\r\n" -else - echo "HTTP/1.1 503 Service Unavailable\r\n" -fi diff --git a/deploy/adapters/ansible/roles/ha/files/mysqlchk b/deploy/adapters/ansible/roles/ha/files/mysqlchk deleted file mode 100644 index 7c5eaad5..00000000 --- a/deploy/adapters/ansible/roles/ha/files/mysqlchk +++ /dev/null @@ -1,15 +0,0 @@ -# default: off -# description: An xinetd internal service which echo's characters back to -# clients. -# This is the tcp version. -service mysqlchk -{ - disable = no - flags = REUSE - socket_type = stream - protocol = tcp - user = root - wait = no - server = /usr/local/bin/galera_chk - port = 9200 -} diff --git a/deploy/adapters/ansible/roles/ha/handlers/main.yml b/deploy/adapters/ansible/roles/ha/handlers/main.yml deleted file mode 100644 index 34d7a578..00000000 --- a/deploy/adapters/ansible/roles/ha/handlers/main.yml +++ /dev/null @@ -1,17 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: restart haproxy - service: name=haproxy state=restarted enabled=yes - -- name: restart xinetd - service: name=xinetd state=restarted enabled=yes - -- name: restart keepalived - service: name=keepalived state=restarted enabled=yes diff --git a/deploy/adapters/ansible/roles/ha/tasks/main.yml b/deploy/adapters/ansible/roles/ha/tasks/main.yml deleted file mode 100644 index e2f172e7..00000000 --- a/deploy/adapters/ansible/roles/ha/tasks/main.yml +++ /dev/null @@ -1,96 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - -- name: install keepalived xinet haproxy - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: "{{ packages | union(packages_noarch) }}" - -- name: generate ha service list - lineinfile: dest=/opt/service create=yes line='{{ item }}' - with_items: "{{ services | union(services_noarch) }}" - -- name: install pexpect - pip: name=pexpect state=present extra_args='--pre' - -- name: activate ip_nonlocal_bind - sysctl: name=net.ipv4.ip_nonlocal_bind value=1 - state=present reload=yes - -- name: set net.ipv4.tcp_keepalive_intvl - sysctl: name=net.ipv4.tcp_keepalive_intvl value=1 - state=present reload=yes - -- name: set net.ipv4.tcp_keepalive_probes - sysctl: name=net.ipv4.tcp_keepalive_probes value=5 - state=present reload=yes - -- name: set net.ipv4.tcp_keepalive_time - sysctl: name=net.ipv4.tcp_keepalive_time value=5 - state=present reload=yes - -- name: update haproxy cfg - template: src=haproxy.cfg dest=/etc/haproxy/haproxy.cfg - notify: restart haproxy - -- name: set haproxy enable flag - lineinfile: dest=/etc/default/haproxy state=present - regexp="ENABLED=*" - line="ENABLED=1" - notify: restart haproxy - when: ansible_os_family == "Debian" - -- name: set haproxy log - lineinfile: dest=/etc/rsyslog.conf state=present - regexp="local0.* /var/log/haproxy.log" - line="local0.* /var/log/haproxy.log" - -- name: set rsyslog udp module - lineinfile: dest=/etc/rsyslog.conf state=present - regexp="^#$ModLoad imudp" - line="$ModLoad imudp" - -- name: set rsyslog udp port - lineinfile: dest=/etc/rsyslog.conf state=present - regexp="^#$UDPServerRun 514" - line="$UDPServerRun 514" - -- name: copy galera_chk file - copy: src=galera_chk dest=/usr/local/bin/galera_chk mode=0777 - -- name: add network service - lineinfile: dest=/etc/services state=present - line="mysqlchk 9200/tcp" - insertafter="Local services" - notify: restart xinetd - -- name: copy mysqlchk file - copy: src=mysqlchk dest=/etc/xinetd.d/mysqlchk mode=0777 - notify: restart xinetd - -- name: set keepalived start param - lineinfile: dest=/etc/default/keepalived state=present - regexp="^DAEMON_ARGS=*" - line="DAEMON_ARGS=\"-D -d -S 1\"" - when: ansible_os_family == "Debian" - -- name: set keepalived log - lineinfile: dest=/etc/rsyslog.conf state=present - regexp="local1.* /var/log/keepalived.log" - line="local1.* /var/log/keepalived.log" - -- name: update keepalived info - template: src=keepalived.conf dest=/etc/keepalived/keepalived.conf - notify: restart keepalived - -- name: restart rsyslog - shell: service rsyslog restart - -- meta: flush_handlers diff --git a/deploy/adapters/ansible/roles/ha/templates/haproxy.cfg b/deploy/adapters/ansible/roles/ha/templates/haproxy.cfg deleted file mode 100644 index 5fbcc9d9..00000000 --- a/deploy/adapters/ansible/roles/ha/templates/haproxy.cfg +++ /dev/null @@ -1,227 +0,0 @@ - -global - #chroot /var/run/haproxy - daemon - user haproxy - group haproxy - maxconn 4000 - pidfile /var/run/haproxy/haproxy.pid - #log 127.0.0.1 local0 - tune.bufsize 1000000 - stats socket /var/run/haproxy.sock - stats timeout 2m - -defaults - log global - maxconn 8000 - option redispatch - option dontlognull - option splice-auto - timeout http-request 10s - timeout queue 1m - timeout connect 10s - timeout client 50s - timeout server 50s - timeout check 10s - retries 3 - -listen proxy-mysql - bind {{ internal_vip.ip }}:3306 - option tcpka - option tcplog - balance source -{% for host, ip in haproxy_hosts.items() %} -{% if loop.index == 1 %} - server {{ host }} {{ ip }}:3306 weight 1 check inter 2000 rise 2 fall 5 -{% else %} - server {{ host }} {{ ip }}:3306 weight 1 check inter 2000 rise 2 fall 5 backup -{% endif %} -{% endfor %} - -listen proxy-rabbit - bind {{ internal_vip.ip }}:5672 - bind {{ public_vip.ip }}:5672 - - option tcpka - option tcplog - timeout client 3h - timeout server 3h - balance source -{% for host,ip in haproxy_hosts.items() %} - server {{ host }} {{ ip }}:5672 weight 1 check inter 2000 rise 2 fall 5 -{% endfor %} - -listen proxy-glance_registry_cluster - bind {{ internal_vip.ip }}:9191 - bind {{ public_vip.ip }}:9191 - option tcpka - option tcplog - balance source -{% for host,ip in haproxy_hosts.items() %} - server {{ host }} {{ ip }}:9191 weight 1 check inter 2000 rise 2 fall 5 -{% endfor %} - -listen proxy-glance_api_cluster - bind {{ internal_vip.ip }}:9292 - bind {{ public_vip.ip }}:9292 - option tcpka - option tcplog - option httpchk - balance source -{% for host,ip in haproxy_hosts.items() %} - server {{ host }} {{ ip }}:9292 weight 1 check inter 2000 rise 2 fall 5 -{% endfor %} - -listen proxy-nova-novncproxy - bind {{ internal_vip.ip }}:6080 - bind {{ public_vip.ip }}:6080 - option tcpka - option tcplog - balance source -{% for host,ip in haproxy_hosts.items() %} - server {{ host }} {{ ip }}:6080 weight 1 check inter 2000 rise 2 fall 5 -{% endfor %} - -listen proxy-network - bind {{ internal_vip.ip }}:9696 - bind {{ public_vip.ip }}:9696 - option tcpka - option tcplog - balance source - option httpchk -{% for host,ip in haproxy_hosts.items() %} - server {{ host }} {{ ip }}:9696 weight 1 check inter 2000 rise 2 fall 5 -{% endfor %} - -listen proxy-volume - bind {{ internal_vip.ip }}:8776 - bind {{ public_vip.ip }}:8776 - option tcpka - option httpchk - option tcplog - balance source -{% for host,ip in haproxy_hosts.items() %} - server {{ host }} {{ ip }}:8776 weight 1 check inter 2000 rise 2 fall 5 -{% endfor %} - -listen proxy-keystone_admin_cluster - bind {{ internal_vip.ip }}:35357 - bind {{ public_vip.ip }}:35357 - option tcpka - option httpchk - option tcplog - balance source -{% for host,ip in haproxy_hosts.items() %} - server {{ host }} {{ ip }}:35357 weight 1 check inter 2000 rise 2 fall 5 -{% endfor %} - -listen proxy-keystone_public_internal_cluster - bind {{ internal_vip.ip }}:5000 - bind {{ public_vip.ip }}:5000 - option tcpka - option httpchk - option tcplog - balance source -{% for host,ip in haproxy_hosts.items() %} - server {{ host }} {{ ip }}:5000 weight 1 check inter 2000 rise 2 fall 5 -{% endfor %} - -listen proxy-nova_compute_api_cluster - bind {{ internal_vip.ip }}:8774 - bind {{ public_vip.ip }}:8774 - mode tcp - option httpchk - option tcplog - balance source -{% for host,ip in haproxy_hosts.items() %} - server {{ host }} {{ ip }}:8774 weight 1 check inter 2000 rise 2 fall 5 -{% endfor %} - -listen proxy-nova_metadata_api_cluster - bind {{ internal_vip.ip }}:8775 - bind {{ public_vip.ip }}:8775 - option tcpka - option tcplog - balance source -{% for host,ip in haproxy_hosts.items() %} - server {{ host }} {{ ip }}:8775 weight 1 check inter 2000 rise 2 fall 5 -{% endfor %} - -listen proxy-cinder_api_cluster - bind {{ internal_vip.ip }}:8776 - bind {{ public_vip.ip }}:8776 - mode tcp - option httpchk - option tcplog - balance source -{% for host,ip in haproxy_hosts.items() %} - server {{ host }} {{ ip }}:8776 weight 1 check inter 2000 rise 2 fall 5 -{% endfor %} - -#listen proxy-swift-proxy -# bind {{ internal_vip.ip }}:8080 -# bind {{ public_vip.ip }}:8080 -# balance source -# option tcpka -# option tcplog -#{% for host,ip in haproxy_hosts.items() %} -# server {{ host }} {{ ip }}:8080 weight 1 check inter 2000 rise 2 fall 5 -#{% endfor %} - -listen proxy-ceilometer_api_cluster - bind {{ internal_vip.ip }}:8777 - bind {{ public_vip.ip }}:8777 - mode tcp - option tcp-check - option tcplog - balance source -{% for host,ip in haproxy_hosts.items() %} - server {{ host }} {{ ip }}:8777 weight 1 check inter 2000 rise 2 fall 5 -{% endfor %} - -listen proxy-aodh_api_cluster - bind {{ internal_vip.ip }}:8042 - bind {{ public_vip.ip }}:8042 - mode tcp - option tcp-check - option tcplog - balance source -{% for host,ip in haproxy_hosts.items() %} - server {{ host }} {{ ip }}:8042 weight 1 check inter 2000 rise 2 fall 5 -{% endfor %} - -listen proxy-congress_api_cluster - bind {{ internal_vip.ip }}:1789 - bind {{ public_vip.ip }}:1789 - mode tcp - option tcp-check - option tcplog - balance source -{% for host,ip in haproxy_hosts.items() %} - server {{ host }} {{ ip }}:1789 weight 1 check inter 2000 rise 2 fall 5 -{% endfor %} - -listen proxy-dashboarad - bind {{ public_vip.ip }}:80 - mode http - balance source - capture cookie vgnvisitor= len 32 - cookie SERVERID insert indirect nocache - option forwardfor - option httpchk - option httpclose - rspidel ^Set-cookie:\ IP= -{% for host,ip in haproxy_hosts.items() %} - server {{ host }} {{ ip }}:80 cookie {{ host }} weight 1 check inter 2000 rise 2 fall 5 -{% endfor %} - -listen stats - mode http - bind 0.0.0.0:9999 - stats enable - stats refresh 30s - stats uri / - stats realm Global\ statistics - stats auth admin:admin - - diff --git a/deploy/adapters/ansible/roles/ha/templates/keepalived.conf b/deploy/adapters/ansible/roles/ha/templates/keepalived.conf deleted file mode 100644 index c2af86b0..00000000 --- a/deploy/adapters/ansible/roles/ha/templates/keepalived.conf +++ /dev/null @@ -1,47 +0,0 @@ -global_defs { - router_id {{ inventory_hostname }} -} - -vrrp_sync_group VG1 { - group { - internal_vip - public_vip - } -} - -vrrp_instance internal_vip { - interface {{ internal_vip.interface }} - virtual_router_id {{ vrouter_id_internal }} - state BACKUP - nopreempt - advert_int 1 - priority {{ 50 + (host_index[inventory_hostname] * 50) }} - - authentication { - auth_type PASS - auth_pass 1234 - } - - virtual_ipaddress { - {{ internal_vip.ip }}/{{ internal_vip.netmask }} dev {{ internal_vip.interface }} - } -} - -vrrp_instance public_vip { - interface {{ network_cfg.public_vip.interface }} - virtual_router_id {{ vrouter_id_public }} - state BACKUP - nopreempt - advert_int 1 - priority {{ 50 + (host_index[inventory_hostname] * 50) }} - - authentication { - auth_type PASS - auth_pass 4321 - } - - virtual_ipaddress { - {{ network_cfg.public_vip.ip }}/{{ network_cfg.public_vip.netmask }} dev {{ network_cfg.public_vip.interface }} - } - -} diff --git a/deploy/adapters/ansible/roles/ha/vars/Debian.yml b/deploy/adapters/ansible/roles/ha/vars/Debian.yml deleted file mode 100644 index b9f46bdf..00000000 --- a/deploy/adapters/ansible/roles/ha/vars/Debian.yml +++ /dev/null @@ -1,11 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -services: [] -packages: [] diff --git a/deploy/adapters/ansible/roles/ha/vars/RedHat.yml b/deploy/adapters/ansible/roles/ha/vars/RedHat.yml deleted file mode 100644 index b9f46bdf..00000000 --- a/deploy/adapters/ansible/roles/ha/vars/RedHat.yml +++ /dev/null @@ -1,11 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -services: [] -packages: [] diff --git a/deploy/adapters/ansible/roles/ha/vars/main.yml b/deploy/adapters/ansible/roles/ha/vars/main.yml deleted file mode 100644 index bd739699..00000000 --- a/deploy/adapters/ansible/roles/ha/vars/main.yml +++ /dev/null @@ -1,18 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages_noarch: - - keepalived - - xinetd - - haproxy - -services_noarch: - - keepalived - - xinetd - - haproxy diff --git a/deploy/adapters/ansible/roles/heat/handlers/main.yml b/deploy/adapters/ansible/roles/heat/handlers/main.yml deleted file mode 100644 index 84bda2e3..00000000 --- a/deploy/adapters/ansible/roles/heat/handlers/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: restart heat service - service: name={{ item }} state=restarted enabled=yes - with_items: "{{ services | union(services_noarch) }}" - -- name: remove heat-sqlite-db - shell: rm /var/lib/heat/heat.sqlite || touch heat.sqlite.db.removed diff --git a/deploy/adapters/ansible/roles/heat/tasks/heat_config.yml b/deploy/adapters/ansible/roles/heat/tasks/heat_config.yml deleted file mode 100644 index d0835860..00000000 --- a/deploy/adapters/ansible/roles/heat/tasks/heat_config.yml +++ /dev/null @@ -1,15 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: heat db sync - shell: su -s /bin/sh -c "heat-manage db_sync" heat - notify: - - restart heat service - -- meta: flush_handlers diff --git a/deploy/adapters/ansible/roles/heat/tasks/heat_install.yml b/deploy/adapters/ansible/roles/heat/tasks/heat_install.yml deleted file mode 100644 index ef50ec52..00000000 --- a/deploy/adapters/ansible/roles/heat/tasks/heat_install.yml +++ /dev/null @@ -1,71 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - -- name: install heat related packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: "{{ packages | union(packages_noarch) }}" - -- name: generate heat service list - lineinfile: dest=/opt/service create=yes line='{{ item }}' - with_items: "{{ services | union(services_noarch) }}" - -- name: create heat domain - os_keystone_domain: - cloud: opnfv - name: heat - state: present - description: "Stack projects and users" - register: heat_domain - when: inventory_hostname == groups['controller'][0] - -- name: create heat user - os_user: - cloud: opnfv - domain: heat - name: heat_domain_admin - password: "{{ HEAT_PASS }}" - when: inventory_hostname == groups['controller'][0] - -- name: grant heat admin role - shell: | - . /opt/admin-openrc.sh - openstack role assignment list | grep "{{ heat_domain.id }}" \ - || openstack role add --domain heat --user-domain heat \ - --user heat_domain_admin admin; - when: inventory_hostname == groups['controller'][0] - -- name: create heat role - os_keystone_role: - cloud: opnfv - name: heat_stack_owner - when: inventory_hostname == groups['controller'][0] - -- name: grant heat demo role - os_user_role: - cloud: opnfv - user: demo - project: demo - role: heat_stack_owner - when: inventory_hostname == groups['controller'][0] - -- name: create member role - os_keystone_role: - cloud: opnfv - name: _member_ - when: inventory_hostname == groups['controller'][0] - -- name: update heat conf - template: src=heat.j2 - dest=/etc/heat/heat.conf - backup=yes - notify: - - restart heat service - - remove heat-sqlite-db diff --git a/deploy/adapters/ansible/roles/heat/tasks/main.yml b/deploy/adapters/ansible/roles/heat/tasks/main.yml deleted file mode 100644 index 8fe31c15..00000000 --- a/deploy/adapters/ansible/roles/heat/tasks/main.yml +++ /dev/null @@ -1,23 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include: heat_install.yml - tags: - - install - - heat_install - - heat - -- include: heat_config.yml - when: inventory_hostname == groups['controller'][0] - tags: - - config - - heat_config - - heat - -- meta: flush_handlers diff --git a/deploy/adapters/ansible/roles/heat/templates/heat.j2 b/deploy/adapters/ansible/roles/heat/templates/heat.j2 deleted file mode 100644 index a8feb940..00000000 --- a/deploy/adapters/ansible/roles/heat/templates/heat.j2 +++ /dev/null @@ -1,58 +0,0 @@ -{% set memcached_servers = [] %} -{% for host in haproxy_hosts.values() %} -{% set _ = memcached_servers.append('%s:11211'% host) %} -{% endfor %} -{% set memcached_servers = memcached_servers|join(',') %} - -[DEFAULT] -heat_metadata_server_url = http://{{ internal_vip.ip }}:8000 -heat_waitcondition_server_url = http://{{ internal_vip.ip }}:8000/v1/waitcondition -rpc_backend = rabbit -log_dir = /var/log/heat -stack_domain_admin = heat_domain_admin -stack_domain_admin_password = {{ HEAT_PASS }} -stack_user_domain_name = heat -num_engine_workers = {{ api_workers}} - -[heat_api] -workers = {{ api_workers }} - -[database] -connection = mysql://heat:{{ HEAT_DBPASS }}@{{ db_host }}/heat -idle_timeout = 30 -use_db_reconnect = True -pool_timeout = 10 - -[ec2authtoken] -auth_uri = http://{{ internal_vip.ip }}:5000 - -[clients_keystone] -auth_uri = http://{{ internal_vip.ip }}:35357 - -[keystone_authtoken] -auth_uri = http://{{ internal_vip.ip }}:5000 -auth_url = http://{{ internal_vip.ip }}:35357 -memcached_servers = {{ memcached_servers }} -auth_type = password -project_domain_name = default -user_domain_name = default -project_name = service -username = heat -password = {{ HEAT_PASS }} - -identity_uri = http://{{ internal_vip.ip }}:35357 -admin_tenant_name = service -admin_user = heat -admin_password = {{ HEAT_PASS }} - -[oslo_messaging_rabbit] -rabbit_host = {{ rabbit_host }} -rabbit_userid = {{ RABBIT_USER }} -rabbit_password = {{ RABBIT_PASS }} - -[trustee] -auth_type = password -auth_url = http://{{ internal_vip.ip }}:35357 -username = heat -password = {{ HEAT_PASS }} -user_domain_name = default diff --git a/deploy/adapters/ansible/roles/heat/vars/Debian.yml b/deploy/adapters/ansible/roles/heat/vars/Debian.yml deleted file mode 100644 index 4c978517..00000000 --- a/deploy/adapters/ansible/roles/heat/vars/Debian.yml +++ /dev/null @@ -1,19 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages: - - heat-api - - heat-api-cfn - - heat-engine - - python-heatclient - -services: - - heat-api - - heat-api-cfn - - heat-engine diff --git a/deploy/adapters/ansible/roles/heat/vars/RedHat.yml b/deploy/adapters/ansible/roles/heat/vars/RedHat.yml deleted file mode 100644 index 435afd3f..00000000 --- a/deploy/adapters/ansible/roles/heat/vars/RedHat.yml +++ /dev/null @@ -1,19 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -services: - - openstack-heat-api - - openstack-heat-api-cfn - - openstack-heat-engine - -packages: - - openstack-heat-api - - openstack-heat-api-cfn - - openstack-heat-engine - - python-heatclient diff --git a/deploy/adapters/ansible/roles/heat/vars/main.yml b/deploy/adapters/ansible/roles/heat/vars/main.yml deleted file mode 100644 index f6fef749..00000000 --- a/deploy/adapters/ansible/roles/heat/vars/main.yml +++ /dev/null @@ -1,12 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages_noarch: [] - -services_noarch: [] diff --git a/deploy/adapters/ansible/roles/keystone/handlers/main.yml b/deploy/adapters/ansible/roles/keystone/handlers/main.yml deleted file mode 100755 index 82c1a553..00000000 --- a/deploy/adapters/ansible/roles/keystone/handlers/main.yml +++ /dev/null @@ -1,12 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: restart keystone services - service: name={{ item }} state=restarted enabled=yes - with_items: "{{ services | union(services_noarch) }}" diff --git a/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml b/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml deleted file mode 100644 index ac3ff8fe..00000000 --- a/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml +++ /dev/null @@ -1,97 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - -- name: keystone-manage db-sync - shell: su -s /bin/sh -c 'keystone-manage db_sync' keystone - -- name: Check if fernet keys already exist - stat: - path: "/etc/keystone/fernet-keys/0" - register: fernet_keys_0 - -- name: Create fernet keys for Keystone - command: - keystone-manage fernet_setup - --keystone-user keystone - --keystone-group keystone - when: not fernet_keys_0.stat.exists - notify: - - restart keystone services - -- name: Rotate fernet keys for Keystone - command: - keystone-manage fernet_rotate - --keystone-user keystone - --keystone-group keystone - when: fernet_keys_0.stat.exists - notify: - - restart keystone services - -- name: Distribute the fernet key repository - shell: | - rsync -e 'ssh -o StrictHostKeyChecking=no' \ - -avz \ - --delete \ - /etc/keystone/fernet-keys \ - root@{{ hostvars[ item ].ansible_eth0.ipv4.address }}:/etc/keystone/ - with_items: "{{ groups['controller'][1:] }}" - notify: - - restart keystone services - -- name: Check if credential keys already exist - stat: - path: "/etc/keystone/credential-keys/0" - register: credential_keys_0 - -- name: Create credential keys for Keystone - command: - keystone-manage credential_setup - --keystone-user keystone - --keystone-group keystone - when: not credential_keys_0.stat.exists - notify: - - restart keystone services - -- name: Rotate credential keys for Keystone - command: - keystone-manage credential_rotate - --keystone-user keystone - --keystone-group keystone - when: credential_keys_0.stat.exists - notify: - - restart keystone services - -- name: Distribute the credential key repository - shell: | - rsync -e 'ssh -o StrictHostKeyChecking=no' \ - -avz \ - --delete \ - /etc/keystone/credential-keys \ - root@{{ hostvars[ item ].ansible_eth0.ipv4.address }}:/etc/keystone/ - with_items: "{{ groups['controller'][1:] }}" - notify: - - restart keystone services - -- name: Bootstrap the Identity service - shell: - keystone-manage bootstrap \ - --bootstrap-password {{ ADMIN_PASS }} \ - --bootstrap-admin-url http://{{ internal_ip }}:35357/v3/ \ - --bootstrap-internal-url http://{{ internal_ip }}:35357/v3/ \ - --bootstrap-public-url http://{{ internal_ip }}:5000/v3/ - --bootstrap-region-id RegionOne \ - notify: - - restart keystone services - -- meta: flush_handlers - -- name: wait for keystone ready - wait_for: port=35357 delay=15 timeout=60 host={{ internal_ip }} diff --git a/deploy/adapters/ansible/roles/keystone/tasks/keystone_create.yml b/deploy/adapters/ansible/roles/keystone/tasks/keystone_create.yml deleted file mode 100644 index 10228952..00000000 --- a/deploy/adapters/ansible/roles/keystone/tasks/keystone_create.yml +++ /dev/null @@ -1,120 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: set admin url for keystone endpoint - keystone_endpoint: - cloud: opnfv - endpoint_type: admin - name: "{{ item.name }}" - service_type: "{{ item.type }}" - state: present - interface: admin - region: "{{ item.region}}" - url: "{{ item.adminurl }}" - with_items: "{{ os_services[0:1] }}" - -- name: set internal url for keystone endpointl - keystone_endpoint: - cloud: opnfv - endpoint_type: admin - name: "{{ item.name }}" - service_type: "{{ item.type }}" - state: present - interface: internal - region: "{{ item.region}}" - url: "{{ item.internalurl }}" - with_items: "{{ os_services[0:1] }}" - -- name: set public url for keystone endpoint - keystone_endpoint: - cloud: opnfv - endpoint_type: admin - name: "{{ item.name }}" - service_type: "{{ item.type }}" - state: present - interface: public - region: "{{ item.region}}" - url: "{{ item.publicurl }}" - with_items: "{{ os_services[0:1] }}" - -- name: add service - os_keystone_service: - cloud: opnfv - name: "{{ item.name }}" - description: "{{ item.description }}" - service_type: "{{ item.type }}" - with_items: "{{ os_services }}" - -- name: add project - os_project: - cloud: opnfv - domain_id: default - name: "{{ item.tenant }}" - description: "{{ item.tenant_description }}" - with_items: "{{ os_users }}" - -- name: add user - os_user: - cloud: opnfv - domain: default - name: "{{ item.user }}" - password: "{{ item.password }}" - default_project: "{{ item.tenant }}" - email: "{{ item.email }}" - with_items: "{{ os_users }}" - -- name: add roles - os_keystone_role: - cloud: opnfv - name: "{{ item.role }}" - with_items: "{{ os_users }}" - -- name: grant roles - os_user_role: - cloud: opnfv - user: "{{ item.user }}" - role: "{{ item.role }}" - project: "{{ item.tenant }}" - with_items: "{{ os_users }}" - -- name: create admin url for service's endpoint - keystone_endpoint: - cloud: opnfv - endpoint_type: admin - name: "{{ item.name }}" - service_type: "{{ item.type }}" - state: present - interface: admin - region: "{{ item.region}}" - url: "{{ item.adminurl }}" - with_items: "{{ os_services[1:] }}" - -- name: create internal url for service's endpoint - keystone_endpoint: - cloud: opnfv - endpoint_type: admin - name: "{{ item.name }}" - service_type: "{{ item.type }}" - state: present - interface: internal - region: "{{ item.region}}" - url: "{{ item.internalurl }}" - with_items: "{{ os_services[1:] }}" - -- name: create public url for service'e endpoint - keystone_endpoint: - cloud: opnfv - endpoint_type: admin - name: "{{ item.name }}" - service_type: "{{ item.type }}" - state: present - interface: public - region: "{{ item.region}}" - url: "{{ item.publicurl }}" - with_items: "{{ os_services[1:] }}" diff --git a/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml b/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml deleted file mode 100644 index a390ffca..00000000 --- a/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml +++ /dev/null @@ -1,110 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - -- name: disable auto start - copy: - content: "#!/bin/sh\nexit 101" - dest: "/usr/sbin/policy-rc.d" - mode: 0755 - when: ansible_os_family == "Debian" - -- name: install keystone packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: "{{ packages | union(packages_noarch) }}" - -- name: enable auto start - file: - path=/usr/sbin/policy-rc.d - state=absent - when: ansible_os_family == "Debian" - -- name: disable boot auto start - file: - path={{ item }} - state=absent - with_items: - - /etc/init.d/keystone - - /etc/init/keystone.conf - - /lib/systemd/system/keystone.service - when: ansible_os_family == "Debian" - -- name: generate keystone service list - lineinfile: dest=/opt/service create=yes line='{{ item }}' - with_items: "{{ services | union(services_noarch) }}" - -- name: delete sqlite database - file: - path: /var/lib/keystone/keystone.db - state: absent - -- name: update keystone conf - template: src=keystone.conf dest=/etc/keystone/keystone.conf backup=yes - notify: - - restart keystone services - -- name: assure listen port exist - lineinfile: - dest: '{{ apache_config_dir }}/ports.conf' - regexp: '{{ item.regexp }}' - line: '{{ item.line}}' - with_items: - - regexp: "^Listen {{ internal_ip }}:5000" - line: "Listen {{ internal_ip }}:5000" - - regexp: "^Listen {{ internal_ip }}:35357" - line: "Listen {{ internal_ip }}:35357" - notify: - - restart keystone services - -- name: update apache2 configs - template: - src: wsgi-keystone.conf.j2 - dest: '{{ apache_config_dir }}/sites-available/keystone.conf' - when: ansible_os_family == 'Debian' - notify: - - restart keystone services - -- name: update apache2 configs - template: - src: wsgi-keystone.conf.j2 - dest: '{{ apache_config_dir }}/keystone.conf' - when: ansible_os_family == 'RedHat' - notify: - - restart keystone services - -- name: enable keystone server - file: - src: "{{ apache_config_dir }}/sites-available/keystone.conf" - dest: "{{ apache_config_dir }}/sites-enabled/keystone.conf" - state: "link" - when: ansible_os_family == 'Debian' - notify: - - restart keystone services - -- name: install shade - pip: name=shade state=present - -- name: create path for os-client-config - file: - path: /etc/openstack - state: directory - mode: 0755 - -- name: copy os-client-config - template: - src: clouds.yml.j2 - dest: /etc/openstack/clouds.yml - -- name: keystone source files - template: src={{ item }} dest=/opt/{{ item }} - with_items: - - admin-openrc.sh - - admin-openrc-v2.sh - - demo-openrc.sh diff --git a/deploy/adapters/ansible/roles/keystone/tasks/main.yml b/deploy/adapters/ansible/roles/keystone/tasks/main.yml deleted file mode 100644 index 29b6cd61..00000000 --- a/deploy/adapters/ansible/roles/keystone/tasks/main.yml +++ /dev/null @@ -1,30 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include: keystone_install.yml - tags: - - install - - keystone_install - - keystone - -- include: keystone_config.yml - when: inventory_hostname == groups['controller'][0] - tags: - - config - - keystone_config - - keystone - -- meta: flush_handlers - -- include: keystone_create.yml - when: inventory_hostname == groups['controller'][0] - tags: - - config - - keystone_create - - keystone diff --git a/deploy/adapters/ansible/roles/keystone/templates/admin-openrc-v2.sh b/deploy/adapters/ansible/roles/keystone/templates/admin-openrc-v2.sh deleted file mode 100644 index 6ba620ff..00000000 --- a/deploy/adapters/ansible/roles/keystone/templates/admin-openrc-v2.sh +++ /dev/null @@ -1,15 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## -# Verify the Identity Service installation -export OS_PASSWORD={{ ADMIN_PASS }} -export OS_TENANT_NAME=admin -export OS_AUTH_URL=http://{{ internal_vip.ip }}:35357/v2.0 -export OS_USERNAME=admin -export OS_VOLUME_API_VERSION=2 - diff --git a/deploy/adapters/ansible/roles/keystone/templates/admin-openrc.sh b/deploy/adapters/ansible/roles/keystone/templates/admin-openrc.sh deleted file mode 100644 index 94d5850f..00000000 --- a/deploy/adapters/ansible/roles/keystone/templates/admin-openrc.sh +++ /dev/null @@ -1,18 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## -# Verify the Identity Service installation -export OS_PROJECT_DOMAIN_NAME=default -export OS_USER_DOMAIN_NAME=default -export OS_TENANT_NAME=admin -export OS_PROJECT_NAME=admin -export OS_USERNAME=admin -export OS_PASSWORD={{ ADMIN_PASS }} -export OS_AUTH_URL=http://{{ internal_vip.ip }}:35357/v3 -export OS_IDENTITY_API_VERSION=3 -export OS_IMAGE_API_VERSION=2 diff --git a/deploy/adapters/ansible/roles/keystone/templates/clouds.yml.j2 b/deploy/adapters/ansible/roles/keystone/templates/clouds.yml.j2 deleted file mode 100644 index b387f7b8..00000000 --- a/deploy/adapters/ansible/roles/keystone/templates/clouds.yml.j2 +++ /dev/null @@ -1,12 +0,0 @@ ---- -clouds: - opnfv: - auth: - username: 'admin' - password: {{ ADMIN_PASS }} - project_name: 'admin' - auth_url: 'http://{{ internal_vip.ip }}:35357/v3' - project_domain_name: default - user_domain_name: default - identity_api_version: 3 - region_name: RegionOne diff --git a/deploy/adapters/ansible/roles/keystone/templates/demo-openrc.sh b/deploy/adapters/ansible/roles/keystone/templates/demo-openrc.sh deleted file mode 100644 index 920f42ed..00000000 --- a/deploy/adapters/ansible/roles/keystone/templates/demo-openrc.sh +++ /dev/null @@ -1,17 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## -export OS_PROJECT_DOMAIN_NAME=default -export OS_USER_DOMAIN_NAME=default -export OS_TENANT_NAME=demo -export OS_PROJECT_NAME=demo -export OS_USERNAME=demo -export OS_PASSWORD={{ DEMO_PASS }} -export OS_AUTH_URL=http://{{ internal_vip.ip }}:5000/v3 -export OS_IDENTITY_API_VERSION=3 -export OS_IMAGE_API_VERSION=2 diff --git a/deploy/adapters/ansible/roles/keystone/templates/keystone.conf b/deploy/adapters/ansible/roles/keystone/templates/keystone.conf deleted file mode 100644 index 919be344..00000000 --- a/deploy/adapters/ansible/roles/keystone/templates/keystone.conf +++ /dev/null @@ -1,60 +0,0 @@ -{% set memcached_servers = [] %} -{% set rabbitmq_servers = [] %} -{% for host in haproxy_hosts.values() %} -{% set _ = memcached_servers.append('%s:11211'% host) %} -{% set _ = rabbitmq_servers.append('%s:5672'% host) %} -{% endfor %} -{% set memcached_servers = memcached_servers|join(',') %} -{% set rabbitmq_servers = rabbitmq_servers|join(',') %} -[DEFAULT] -debug={{ DEBUG }} -log_dir = /var/log/keystone - -[cache] -backend = keystone.cache.memcache_pool -memcache_servers = {{ memcached_servers}} -enabled=true - -[revoke] -driver = sql -expiration_buffer = 3600 -caching = true - -[database] -connection = mysql://keystone:{{ KEYSTONE_DBPASS }}@{{ db_host }}/keystone?charset=utf8 -idle_timeout = 30 -min_pool_size = 5 -max_pool_size = 120 -pool_timeout = 30 - -[fernet_tokens] -key_repository = /etc/keystone/fernet-keys/ - -[identity] -default_domain_id = default -driver = sql - -[assignment] -driver = sql - -[resource] -driver = sql -caching = true -cache_time = 3600 - -[token] -enforce_token_bind = permissive -expiration = 43200 -provider = fernet -driver = sql -caching = true -cache_time = 3600 - -[eventlet_server] -public_bind_host = {{ identity_host }} -admin_bind_host = {{ identity_host }} - -[oslo_messaging_rabbit] -rabbit_userid = {{ RABBIT_USER }} -rabbit_password = {{ RABBIT_PASS }} -rabbit_hosts = {{ rabbitmq_servers }} diff --git a/deploy/adapters/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 b/deploy/adapters/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 deleted file mode 100644 index 55c89839..00000000 --- a/deploy/adapters/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 +++ /dev/null @@ -1,50 +0,0 @@ -{% set work_threads = (ansible_processor_vcpus + 1) // 2 %} -{% if work_threads > 10 %} -{% set work_threads = 10 %} -{% endif %} - -<VirtualHost {{ internal_ip }}:5000> - WSGIDaemonProcess keystone-public processes=4 threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP} - WSGIProcessGroup keystone-public - WSGIScriptAlias / /usr/bin/keystone-wsgi-public - WSGIApplicationGroup %{GLOBAL} - WSGIPassAuthorization On - <IfVersion >= 2.4> - ErrorLogFormat "%{cu}t %M" - </IfVersion> - ErrorLog /var/log/{{ http_service_name }}/keystone.log - CustomLog /var/log/{{ http_service_name }}/keystone_access.log combined - - <Directory /usr/bin> - <IfVersion >= 2.4> - Require all granted - </IfVersion> - <IfVersion < 2.4> - Order allow,deny - Allow from all - </IfVersion> - </Directory> -</VirtualHost> - -<VirtualHost {{ internal_ip }}:35357> - WSGIDaemonProcess keystone-admin processes=4 threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP} - WSGIProcessGroup keystone-admin - WSGIScriptAlias / /usr/bin/keystone-wsgi-admin - WSGIApplicationGroup %{GLOBAL} - WSGIPassAuthorization On - <IfVersion >= 2.4> - ErrorLogFormat "%{cu}t %M" - </IfVersion> - ErrorLog /var/log/{{ http_service_name }}/keystone.log - CustomLog /var/log/{{ http_service_name }}/keystone_access.log combined - - <Directory /usr/bin> - <IfVersion >= 2.4> - Require all granted - </IfVersion> - <IfVersion < 2.4> - Order allow,deny - Allow from all - </IfVersion> - </Directory> -</VirtualHost> diff --git a/deploy/adapters/ansible/roles/keystone/vars/Debian.yml b/deploy/adapters/ansible/roles/keystone/vars/Debian.yml deleted file mode 100644 index 89bfbe0a..00000000 --- a/deploy/adapters/ansible/roles/keystone/vars/Debian.yml +++ /dev/null @@ -1,24 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- - -cron_path: "/var/spool/cron/crontabs" - -packages: - - apache2 - - libapache2-mod-wsgi - - python-keystone - - python-openstackclient - - keystone - -services: - - apache2 - -apache_config_dir: /etc/apache2 -http_service_name: apache2 diff --git a/deploy/adapters/ansible/roles/keystone/vars/RedHat.yml b/deploy/adapters/ansible/roles/keystone/vars/RedHat.yml deleted file mode 100644 index 63ddce3c..00000000 --- a/deploy/adapters/ansible/roles/keystone/vars/RedHat.yml +++ /dev/null @@ -1,20 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -cron_path: "/var/spool/cron" - -packages: - - openstack-keystone - - python-openstackclient - -services: - - httpd - -apache_config_dir: /etc/httpd/conf.d -http_service_name: httpd diff --git a/deploy/adapters/ansible/roles/keystone/vars/main.yml b/deploy/adapters/ansible/roles/keystone/vars/main.yml deleted file mode 100644 index 2e5f57ca..00000000 --- a/deploy/adapters/ansible/roles/keystone/vars/main.yml +++ /dev/null @@ -1,187 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages_noarch: - - python-keystoneclient - -services_noarch: [] -os_services: - - name: keystone - type: identity - region: RegionOne - description: "OpenStack Identity" - publicurl: "http://{{ public_vip.ip }}:5000/v3" - internalurl: "http://{{ internal_vip.ip }}:5000/v3" - adminurl: "http://{{ internal_vip.ip }}:35357/v3" - - - name: glance - type: image - region: RegionOne - description: "OpenStack Image Service" - publicurl: "http://{{ public_vip.ip }}:9292" - internalurl: "http://{{ internal_vip.ip }}:9292" - adminurl: "http://{{ internal_vip.ip }}:9292" - - - name: nova - type: compute - region: RegionOne - description: "OpenStack Compute" - publicurl: "http://{{ public_vip.ip }}:8774/v2.1/%(tenant_id)s" - internalurl: "http://{{ internal_vip.ip }}:8774/v2.1/%(tenant_id)s" - adminurl: "http://{{ internal_vip.ip }}:8774/v2.1/%(tenant_id)s" - - - name: neutron - type: network - region: RegionOne - description: "OpenStack Networking" - publicurl: "http://{{ public_vip.ip }}:9696" - internalurl: "http://{{ internal_vip.ip }}:9696" - adminurl: "http://{{ internal_vip.ip }}:9696" - - - name: ceilometer - type: metering - region: RegionOne - description: "OpenStack Telemetry" - publicurl: "http://{{ public_vip.ip }}:8777" - internalurl: "http://{{ internal_vip.ip }}:8777" - adminurl: "http://{{ internal_vip.ip }}:8777" - - - name: aodh - type: alarming - region: RegionOne - description: "OpenStack Telemetry" - publicurl: "http://{{ public_vip.ip }}:8042" - internalurl: "http://{{ internal_vip.ip }}:8042" - adminurl: "http://{{ internal_vip.ip }}:8042" - - - name: cinder - type: volume - region: RegionOne - description: "OpenStack Block Storage" - publicurl: "http://{{ public_vip.ip }}:8776/v1/%(tenant_id)s" - internalurl: "http://{{ internal_vip.ip }}:8776/v1/%(tenant_id)s" - adminurl: "http://{{ internal_vip.ip }}:8776/v1/%(tenant_id)s" - - - name: cinderv2 - type: volumev2 - region: RegionOne - description: "OpenStack Block Storage v2" - publicurl: "http://{{ public_vip.ip }}:8776/v2/%(tenant_id)s" - internalurl: "http://{{ internal_vip.ip }}:8776/v2/%(tenant_id)s" - adminurl: "http://{{ internal_vip.ip }}:8776/v2/%(tenant_id)s" - - - name: heat - type: orchestration - region: RegionOne - description: "OpenStack Orchestration" - publicurl: "http://{{ public_vip.ip }}:8004/v1/%(tenant_id)s" - internalurl: "http://{{ internal_vip.ip }}:8004/v1/%(tenant_id)s" - adminurl: "http://{{ internal_vip.ip }}:8004/v1/%(tenant_id)s" - - - name: heat-cfn - type: cloudformation - region: RegionOne - description: "OpenStack CloudFormation Orchestration" - publicurl: "http://{{ public_vip.ip }}:8000/v1" - internalurl: "http://{{ internal_vip.ip }}:8000/v1" - adminurl: "http://{{ internal_vip.ip }}:8000/v1" - -# - name: congress -# type: policy -# region: RegionOne -# description: "OpenStack Policy Service" -# publicurl: "http://{{ public_vip.ip }}:1789" -# internalurl: "http://{{ internal_vip.ip }}:1789" -# adminurl: "http://{{ internal_vip.ip }}:1789" - -# - name: swift -# type: object-store -# region: RegionOne -# description: "OpenStack Object Storage" -# publicurl: "http://{{ public_vip.ip }}:8080/v1/AUTH_%(tenant_id)s" -# internalurl: "http://{{ internal_vip.ip }}:8080/v1/AUTH_%(tenant_id)s" -# adminurl: "http://{{ internal_vip.ip }}:8080/v1/AUTH_%(tenant_id)s" - -os_users: - - user: admin - password: "{{ ADMIN_PASS }}" - email: admin@admin.com - role: admin - tenant: admin - tenant_description: "Admin Tenant" - - - user: glance - password: "{{ GLANCE_PASS }}" - email: glance@admin.com - role: admin - tenant: service - tenant_description: "Service Tenant" - - - user: nova - password: "{{ NOVA_PASS }}" - email: nova@admin.com - role: admin - tenant: service - tenant_description: "Service Tenant" - - - user: keystone - password: "{{ KEYSTONE_PASS }}" - email: keystone@admin.com - role: admin - tenant: service - tenant_description: "Service Tenant" - - - user: neutron - password: "{{ NEUTRON_PASS }}" - email: neutron@admin.com - role: admin - tenant: service - tenant_description: "Service Tenant" - - - user: ceilometer - password: "{{ CEILOMETER_PASS }}" - email: ceilometer@admin.com - role: admin - tenant: service - tenant_description: "Service Tenant" - - - user: cinder - password: "{{ CINDER_PASS }}" - email: cinder@admin.com - role: admin - tenant: service - tenant_description: "Service Tenant" - - - user: aodh - password: "{{ AODH_PASS }}" - email: aodh@admin.com - role: admin - tenant: service - tenant_description: "Service Tenant" - - - user: heat - password: "{{ HEAT_PASS }}" - email: heat@admin.com - role: admin - tenant: service - tenant_description: "Service Tenant" - - - user: demo - password: "{{ DEMO_PASS }}" - email: heat@demo.com - role: heat_stack_user - tenant: demo - tenant_description: "Demo Tenant" - -# - user: congress -# password: "{{ CONGRESS_PASS }}" -# email: congress@admin.com -# role: admin -# tenant: service -# tenant_description: "Service Tenant" diff --git a/deploy/adapters/ansible/roles/kvmfornfv/defaults/Debian.yml b/deploy/adapters/ansible/roles/kvmfornfv/defaults/Debian.yml deleted file mode 100644 index d273808a..00000000 --- a/deploy/adapters/ansible/roles/kvmfornfv/defaults/Debian.yml +++ /dev/null @@ -1,15 +0,0 @@ -############################################################################## -## Copyright (c) 2015 Nokia and others. -## -## All rights reserved. This program and the accompanying materials -## are made available under the terms of the Apache License, Version 2.0 -## which accompanies this distribution, and is available at -## http://www.apache.org/licenses/LICENSE-2.0 -############################################################################### ---- - -packages: - - qemu-kvm - - grub-pc - - zlib1g - - libglib2.0 diff --git a/deploy/adapters/ansible/roles/kvmfornfv/defaults/RedHat.yml b/deploy/adapters/ansible/roles/kvmfornfv/defaults/RedHat.yml deleted file mode 100644 index 8e6551e8..00000000 --- a/deploy/adapters/ansible/roles/kvmfornfv/defaults/RedHat.yml +++ /dev/null @@ -1,16 +0,0 @@ -############################################################################## -## Copyright (c) 2015 Nokia and others. -## -## All rights reserved. This program and the accompanying materials -## are made available under the terms of the Apache License, Version 2.0 -## which accompanies this distribution, and is available at -## http://www.apache.org/licenses/LICENSE-2.0 -############################################################################### ---- - -packages: - - zlib - - glib2 - - gettext - - qemu-kvm - - grub2 diff --git a/deploy/adapters/ansible/roles/kvmfornfv/tasks/main.yml b/deploy/adapters/ansible/roles/kvmfornfv/tasks/main.yml deleted file mode 100644 index a8b24b34..00000000 --- a/deploy/adapters/ansible/roles/kvmfornfv/tasks/main.yml +++ /dev/null @@ -1,28 +0,0 @@ -############################################################################## -## Copyright (c) 2015 Nokia and others. -## -## All rights reserved. This program and the accompanying materials -## are made available under the terms of the Apache License, Version 2.0 -## which accompanies this distribution, and is available at -## http://www.apache.org/licenses/LICENSE-2.0 -############################################################################### ---- -- name: get package http server - shell: awk -F'=' '/compass_server/ {print $2}' /etc/compass.conf - register: http_server - -- name: download kvmfornfv package file - get_url: - url: "http://{{ http_server.stdout_lines[0] }}/packages/kvmfornfv/{{ package }}" - dest: /tmp/{{ package }} - -- name: extract kvmfornfv files - command: su -s /bin/sh -c "tar xzf /tmp/{{ package }} -C /" - -- name: Update grub on Centos - shell: grub2-mkconfig -o /boot/grub2/grub.conf - when: ansible_os_family == 'RedHat' - -- name: Update grub on Ubuntu - shell: grub-mkconfig -o /boot/grub/grub.conf - when: ansible_os_family == 'Debian' diff --git a/deploy/adapters/ansible/roles/memcached/handlers/main.yml b/deploy/adapters/ansible/roles/memcached/handlers/main.yml deleted file mode 100755 index bcbcf8e0..00000000 --- a/deploy/adapters/ansible/roles/memcached/handlers/main.yml +++ /dev/null @@ -1,12 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: restart memcahed services - service: name={{ item }} state=restarted enabled=yes - with_items: "{{ services| union(services_noarch) }}" diff --git a/deploy/adapters/ansible/roles/memcached/tasks/main.yml b/deploy/adapters/ansible/roles/memcached/tasks/main.yml deleted file mode 100644 index a4457f36..00000000 --- a/deploy/adapters/ansible/roles/memcached/tasks/main.yml +++ /dev/null @@ -1,35 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - -- name: disable auto start - copy: - content: "#!/bin/sh\nexit 101" - dest: "/usr/sbin/policy-rc.d" - mode: 0755 - when: ansible_os_family == "Debian" - -- name: install packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=latest update_cache=yes" - with_items: "{{ packages | union(packages_noarch) }}" - -- name: enable auto start - file: - path=/usr/sbin/policy-rc.d - state=absent - when: ansible_os_family == "Debian" - -- name: change memcache listen ip - lineinfile: dest=/etc/memcached.conf regexp="^-l " line="-l 0.0.0.0" - when: ansible_os_family == "Debian" - notify: - - restart memcahed services - -- meta: flush_handlers diff --git a/deploy/adapters/ansible/roles/memcached/vars/Debian.yml b/deploy/adapters/ansible/roles/memcached/vars/Debian.yml deleted file mode 100644 index 348a26b3..00000000 --- a/deploy/adapters/ansible/roles/memcached/vars/Debian.yml +++ /dev/null @@ -1,13 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages: - - python-memcache - -services: [] diff --git a/deploy/adapters/ansible/roles/memcached/vars/RedHat.yml b/deploy/adapters/ansible/roles/memcached/vars/RedHat.yml deleted file mode 100644 index 521ac3eb..00000000 --- a/deploy/adapters/ansible/roles/memcached/vars/RedHat.yml +++ /dev/null @@ -1,15 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages: - - python-memcached - -pip_packages: [] - -services: [] diff --git a/deploy/adapters/ansible/roles/memcached/vars/main.yml b/deploy/adapters/ansible/roles/memcached/vars/main.yml deleted file mode 100644 index 908d2674..00000000 --- a/deploy/adapters/ansible/roles/memcached/vars/main.yml +++ /dev/null @@ -1,14 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages_noarch: - - memcached - -services_noarch: - - memcached diff --git a/deploy/adapters/ansible/roles/monitor/files/check_Debian_service.sh b/deploy/adapters/ansible/roles/monitor/files/check_Debian_service.sh deleted file mode 100644 index 5dea3e68..00000000 --- a/deploy/adapters/ansible/roles/monitor/files/check_Debian_service.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## -services=`cat /opt/service | uniq` -for service in $services; do - if [ `/sbin/initctl list|awk '/stop\/waiting/{print $1}'|uniq | grep $service` ]; then - /sbin/start $service - fi -done diff --git a/deploy/adapters/ansible/roles/monitor/files/check_RedHat_service.sh b/deploy/adapters/ansible/roles/monitor/files/check_RedHat_service.sh deleted file mode 100644 index 1111f63c..00000000 --- a/deploy/adapters/ansible/roles/monitor/files/check_RedHat_service.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## -services=`cat /opt/service | uniq` -for service in $services; do - /usr/sbin/service $service status >/dev/null 2>&1 - if [[ $? -ne 0 ]]; then - /usr/sbin/service $service start - fi -done diff --git a/deploy/adapters/ansible/roles/monitor/files/check_service.sh b/deploy/adapters/ansible/roles/monitor/files/check_service.sh deleted file mode 100644 index 5dea3e68..00000000 --- a/deploy/adapters/ansible/roles/monitor/files/check_service.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## -services=`cat /opt/service | uniq` -for service in $services; do - if [ `/sbin/initctl list|awk '/stop\/waiting/{print $1}'|uniq | grep $service` ]; then - /sbin/start $service - fi -done diff --git a/deploy/adapters/ansible/roles/monitor/files/root b/deploy/adapters/ansible/roles/monitor/files/root deleted file mode 100644 index 9c55c4f1..00000000 --- a/deploy/adapters/ansible/roles/monitor/files/root +++ /dev/null @@ -1 +0,0 @@ -* * * * * /usr/local/bin/check_service.sh >> /var/log/check_service.log 2>&1 diff --git a/deploy/adapters/ansible/roles/monitor/tasks/main.yml b/deploy/adapters/ansible/roles/monitor/tasks/main.yml deleted file mode 100644 index fc072585..00000000 --- a/deploy/adapters/ansible/roles/monitor/tasks/main.yml +++ /dev/null @@ -1,24 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - -- name: copy service check file - copy: - src: check_{{ ansible_os_family }}_service.sh - dest: /usr/local/bin/check_service.sh - mode: 0777 - -- name: copy cron file - copy: src=root dest={{ cron_path }}/root mode=0600 - -- name: restart cron - service: name={{ cron }} state=restarted - -- meta: flush_handlers diff --git a/deploy/adapters/ansible/roles/monitor/vars/Debian.yml b/deploy/adapters/ansible/roles/monitor/vars/Debian.yml deleted file mode 100644 index 405ab453..00000000 --- a/deploy/adapters/ansible/roles/monitor/vars/Debian.yml +++ /dev/null @@ -1,11 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -cron: cron -cron_path: "/var/spool/cron/crontabs" diff --git a/deploy/adapters/ansible/roles/monitor/vars/RedHat.yml b/deploy/adapters/ansible/roles/monitor/vars/RedHat.yml deleted file mode 100644 index 58ce03fb..00000000 --- a/deploy/adapters/ansible/roles/monitor/vars/RedHat.yml +++ /dev/null @@ -1,11 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -cron: crond -cron_path: "/var/spool/cron" diff --git a/deploy/adapters/ansible/roles/moon/files/controllers.py b/deploy/adapters/ansible/roles/moon/files/controllers.py deleted file mode 100644 index fd107a5e..00000000 --- a/deploy/adapters/ansible/roles/moon/files/controllers.py +++ /dev/null @@ -1,1062 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the -# 'Apache-2.0' license which can be found in the file 'LICENSE' in this -# package distribution or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -from keystone.common import controller -from keystone import config -from keystone import exception -from keystone.models import token_model -from keystone.contrib.moon.exception import * # noqa: F403 -from oslo_log import log -from uuid import uuid4 -import requests - - -CONF = config.CONF -LOG = log.getLogger(__name__) - - -@dependency.requires('configuration_api') # noqa: 405 -class Configuration(controller.V3Controller): - collection_name = 'configurations' - member_name = 'configuration' - - def __init__(self): - super(Configuration, self).__init__() - - def _get_user_id_from_token(self, token_id): - response = self.token_provider_api.validate_token(token_id) - token_ref = token_model.KeystoneToken( - token_id=token_id, token_data=response) - return token_ref.get('user') - - @controller.protected() - def get_policy_templates(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - return self.configuration_api.get_policy_templates_dict(user_id) - - @controller.protected() - def get_aggregation_algorithms(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - return self.configuration_api.get_aggregation_algorithms_dict(user_id) - - @controller.protected() - def get_sub_meta_rule_algorithms(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - return self.configuration_api.get_sub_meta_rule_algorithms_dict( - user_id) - - -@dependency.requires('tenant_api', 'resource_api') # noqa: 405 -class Tenants(controller.V3Controller): - - def __init__(self): - super(Tenants, self).__init__() - - def _get_user_id_from_token(self, token_id): - response = self.token_provider_api.validate_token(token_id) - token_ref = token_model.KeystoneToken( - token_id=token_id, token_data=response) - return token_ref.get('user') - - @controller.protected() - def get_tenants(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - return self.tenant_api.get_tenants_dict(user_id) - - def __get_keystone_tenant_dict( - self, tenant_id="", tenant_name="", tenant_description="", domain="default"): # noqa - tenants = self.resource_api.list_projects() - for tenant in tenants: - if tenant_id and tenant_id == tenant['id']: - return tenant - if tenant_name and tenant_name == tenant['name']: - return tenant - if not tenant_id: - tenant_id = uuid4().hex - if not tenant_name: - tenant_name = tenant_id - tenant = { - "id": tenant_id, - "name": tenant_name, - "description": tenant_description, - "enabled": True, - "domain_id": domain - } - keystone_tenant = self.resource_api.create_project( - tenant["id"], tenant) - return keystone_tenant - - @controller.protected() - def add_tenant(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - k_tenant_dict = self.__get_keystone_tenant_dict( - tenant_name=kw.get('tenant_name'), - tenant_description=kw.get( - 'tenant_description', kw.get('tenant_name')), - domain=kw.get('tenant_domain', "default"), - - ) - tenant_dict = dict() - tenant_dict['id'] = k_tenant_dict['id'] - tenant_dict['name'] = kw.get('tenant_name', None) - tenant_dict['description'] = kw.get('tenant_description', None) - tenant_dict['intra_authz_extension_id'] = kw.get( - 'tenant_intra_authz_extension_id', None) - tenant_dict['intra_admin_extension_id'] = kw.get( - 'tenant_intra_admin_extension_id', None) - return self.tenant_api.add_tenant_dict( - user_id, tenant_dict['id'], tenant_dict) - - @controller.protected() - def get_tenant(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - tenant_id = kw.get('tenant_id', None) - return self.tenant_api.get_tenant_dict(user_id, tenant_id) - - @controller.protected() - def del_tenant(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - tenant_id = kw.get('tenant_id', None) - return self.tenant_api.del_tenant(user_id, tenant_id) - - @controller.protected() - def set_tenant(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - # Next line will raise an error if tenant doesn't exist - k_tenant_dict = self.resource_api.get_project( - kw.get('tenant_id', None)) - tenant_id = kw.get('tenant_id', None) - tenant_dict = dict() - tenant_dict['name'] = k_tenant_dict.get('name', None) - if 'tenant_description' in kw: - tenant_dict['description'] = kw.get('tenant_description', None) - if 'tenant_intra_authz_extension_id' in kw: - tenant_dict['intra_authz_extension_id'] = kw.get( - 'tenant_intra_authz_extension_id', None) - if 'tenant_intra_admin_extension_id' in kw: - tenant_dict['intra_admin_extension_id'] = kw.get( - 'tenant_intra_admin_extension_id', None) - self.tenant_api.set_tenant_dict(user_id, tenant_id, tenant_dict) - - -def callback(self, context, prep_info, *args, **kwargs): - token_ref = "" - if context.get('token_id') is not None: - token_ref = token_model.KeystoneToken( - token_id=context['token_id'], - token_data=self.token_provider_api.validate_token( - context['token_id'])) - if not token_ref: - raise exception.Unauthorized - - -@dependency.requires('authz_api') # noqa: 405 -class Authz_v3(controller.V3Controller): - - def __init__(self): - super(Authz_v3, self).__init__() - - @controller.protected(callback) - def get_authz(self, context, tenant_id, subject_k_id, - object_name, action_name): - try: - return self.authz_api.authz( - tenant_id, subject_k_id, object_name, action_name) - except Exception as e: - return {'authz': False, 'comment': unicode(e)} - - -@dependency.requires('admin_api', 'root_api') # noqa: 405 -class IntraExtensions(controller.V3Controller): - collection_name = 'intra_extensions' - member_name = 'intra_extension' - - def __init__(self): - super(IntraExtensions, self).__init__() - - def _get_user_id_from_token(self, token_id): - response = self.token_provider_api.validate_token(token_id) - token_ref = token_model.KeystoneToken( - token_id=token_id, token_data=response) - return token_ref.get('user')['id'] - - # IntraExtension functions - @controller.protected() - def get_intra_extensions(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - return self.admin_api.get_intra_extensions_dict(user_id) - - @controller.protected() - def add_intra_extension(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_dict = dict() - intra_extension_dict['name'] = kw.get('intra_extension_name', None) - intra_extension_dict['model'] = kw.get('intra_extension_model', None) - intra_extension_dict['genre'] = kw.get('intra_extension_genre', None) - intra_extension_dict['description'] = kw.get( - 'intra_extension_description', None) - intra_extension_dict['subject_categories'] = kw.get( - 'intra_extension_subject_categories', dict()) - intra_extension_dict['object_categories'] = kw.get( - 'intra_extension_object_categories', dict()) - intra_extension_dict['action_categories'] = kw.get( - 'intra_extension_action_categories', dict()) - intra_extension_dict['subjects'] = kw.get( - 'intra_extension_subjects', dict()) - intra_extension_dict['objects'] = kw.get( - 'intra_extension_objects', dict()) - intra_extension_dict['actions'] = kw.get( - 'intra_extension_actions', dict()) - intra_extension_dict['subject_scopes'] = kw.get( - 'intra_extension_subject_scopes', dict()) - intra_extension_dict['object_scopes'] = kw.get( - 'intra_extension_object_scopes', dict()) - intra_extension_dict['action_scopes'] = kw.get( - 'intra_extension_action_scopes', dict()) - intra_extension_dict['subject_assignments'] = kw.get( - 'intra_extension_subject_assignments', dict()) - intra_extension_dict['object_assignments'] = kw.get( - 'intra_extension_object_assignments', dict()) - intra_extension_dict['action_assignments'] = kw.get( - 'intra_extension_action_assignments', dict()) - intra_extension_dict['aggregation_algorithm'] = kw.get( - 'intra_extension_aggregation_algorithm', dict()) - intra_extension_dict['sub_meta_rules'] = kw.get( - 'intra_extension_sub_meta_rules', dict()) - intra_extension_dict['rules'] = kw.get('intra_extension_rules', dict()) - ref = self.admin_api.load_intra_extension_dict( - user_id, intra_extension_dict=intra_extension_dict) - return self.admin_api.populate_default_data(ref) - - @controller.protected() - def get_intra_extension(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - return self.admin_api.get_intra_extension_dict( - user_id, intra_extension_id) - - @controller.protected() - def del_intra_extension(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - self.admin_api.del_intra_extension(user_id, intra_extension_id) - - @controller.protected() - def set_intra_extension(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - intra_extension_dict = dict() - intra_extension_dict['name'] = kw.get('intra_extension_name', None) - intra_extension_dict['model'] = kw.get('intra_extension_model', None) - intra_extension_dict['genre'] = kw.get('intra_extension_genre', None) - intra_extension_dict['description'] = kw.get( - 'intra_extension_description', None) - return self.admin_api.set_intra_extension_dict( - user_id, intra_extension_id, intra_extension_dict) - - @controller.protected() - def load_root_intra_extension(self, context, **kw): - self.root_api.load_root_intra_extension_dict() - - # Metadata functions - @controller.protected() - def get_subject_categories(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - return self.admin_api.get_subject_categories_dict( - user_id, intra_extension_id) - - @controller.protected() - def add_subject_category(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - subject_category_dict = dict() - subject_category_dict['name'] = kw.get('subject_category_name', None) - subject_category_dict['description'] = kw.get( - 'subject_category_description', None) - return self.admin_api.add_subject_category_dict( - user_id, intra_extension_id, subject_category_dict) - - @controller.protected() - def get_subject_category(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - subject_category_id = kw.get('subject_category_id', None) - return self.admin_api.get_subject_category_dict( - user_id, intra_extension_id, subject_category_id) - - @controller.protected() - def del_subject_category(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - subject_category_id = kw.get('subject_category_id', None) - self.admin_api.del_subject_category( - user_id, intra_extension_id, subject_category_id) - - @controller.protected() - def set_subject_category(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - subject_category_id = kw.get('subject_category_id', None) - subject_category_dict = dict() - subject_category_dict['name'] = kw.get('subject_category_name', None) - subject_category_dict['description'] = kw.get( - 'subject_category_description', None) - return self.admin_api.set_subject_category_dict( - user_id, intra_extension_id, subject_category_id, subject_category_dict) # noqa - - @controller.protected() - def get_object_categories(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - return self.admin_api.get_object_categories_dict( - user_id, intra_extension_id) - - @controller.protected() - def add_object_category(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - object_category_dict = dict() - object_category_dict['name'] = kw.get('object_category_name', None) - object_category_dict['description'] = kw.get( - 'object_category_description', None) - return self.admin_api.add_object_category_dict( - user_id, intra_extension_id, object_category_dict) - - @controller.protected() - def get_object_category(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - object_category_id = kw.get('object_category_id', None) - return self.admin_api.get_object_categories_dict( - user_id, intra_extension_id, object_category_id) - - @controller.protected() - def del_object_category(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - object_category_id = kw.get('object_category_id', None) - self.admin_api.del_object_category( - user_id, intra_extension_id, object_category_id) - - @controller.protected() - def set_object_category(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - object_category_id = kw.get('object_category_id', None) - object_category_dict = dict() - object_category_dict['name'] = kw.get('object_category_name', None) - object_category_dict['description'] = kw.get( - 'object_category_description', None) - return self.admin_api.set_object_category_dict( - user_id, intra_extension_id, object_category_id, object_category_dict) # noqa - - @controller.protected() - def get_action_categories(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - return self.admin_api.get_action_categories_dict( - user_id, intra_extension_id) - - @controller.protected() - def add_action_category(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - action_category_dict = dict() - action_category_dict['name'] = kw.get('action_category_name', None) - action_category_dict['description'] = kw.get( - 'action_category_description', None) - return self.admin_api.add_action_category_dict( - user_id, intra_extension_id, action_category_dict) - - @controller.protected() - def get_action_category(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - action_category_id = kw.get('action_category_id', None) - return self.admin_api.get_action_categories_dict( - user_id, intra_extension_id, action_category_id) - - @controller.protected() - def del_action_category(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - action_category_id = kw.get('action_category_id', None) - self.admin_api.del_action_category( - user_id, intra_extension_id, action_category_id) - - @controller.protected() - def set_action_category(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - action_category_id = kw.get('action_category_id', None) - action_category_dict = dict() - action_category_dict['name'] = kw.get('action_category_name', None) - action_category_dict['description'] = kw.get( - 'action_category_description', None) - return self.admin_api.set_action_category_dict( - user_id, intra_extension_id, action_category_id, action_category_dict) # noqa - - # Perimeter functions - @controller.protected() - def get_subjects(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - return self.admin_api.get_subjects_dict(user_id, intra_extension_id) - - @controller.protected() - def add_subject(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - subject_dict = dict() - subject_dict['name'] = kw.get('subject_name', None) - subject_dict['description'] = kw.get('subject_description', None) - subject_dict['password'] = kw.get('subject_password', None) - subject_dict['email'] = kw.get('subject_email', None) - return self.admin_api.add_subject_dict( - user_id, intra_extension_id, subject_dict) - - @controller.protected() - def get_subject(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - subject_id = kw.get('subject_id', None) - return self.admin_api.get_subject_dict( - user_id, intra_extension_id, subject_id) - - @controller.protected() - def del_subject(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - subject_id = kw.get('subject_id', None) - self.admin_api.del_subject(user_id, intra_extension_id, subject_id) - - @controller.protected() - def set_subject(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - subject_id = kw.get('subject_id', None) - subject_dict = dict() - subject_dict['name'] = kw.get('subject_name', None) - subject_dict['description'] = kw.get('subject_description', None) - return self.admin_api.set_subject_dict( - user_id, intra_extension_id, subject_id, subject_dict) - - @controller.protected() - def get_objects(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - return self.admin_api.get_objects_dict(user_id, intra_extension_id) - - @controller.protected() - def add_object(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - object_dict = dict() - object_dict['name'] = kw.get('object_name', None) - object_dict['description'] = kw.get('object_description', None) - return self.admin_api.add_object_dict( - user_id, intra_extension_id, object_dict) - - @controller.protected() - def get_object(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - object_id = kw.get('object_id', None) - return self.admin_api.get_object_dict( - user_id, intra_extension_id, object_id) - - @controller.protected() - def del_object(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - object_id = kw.get('object_id', None) - self.admin_api.del_object(user_id, intra_extension_id, object_id) - - @controller.protected() - def set_object(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - object_id = kw.get('object_id', None) - object_dict = dict() - object_dict['name'] = kw.get('object_name', None) - object_dict['description'] = kw.get('object_description', None) - return self.admin_api.set_object_dict( - user_id, intra_extension_id, object_id, object_dict) - - @controller.protected() - def get_actions(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - return self.admin_api.get_actions_dict(user_id, intra_extension_id) - - @controller.protected() - def add_action(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - action_dict = dict() - action_dict['name'] = kw.get('action_name', None) - action_dict['description'] = kw.get('action_description', None) - return self.admin_api.add_action_dict( - user_id, intra_extension_id, action_dict) - - @controller.protected() - def get_action(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - action_id = kw.get('action_id', None) - return self.admin_api.get_action_dict( - user_id, intra_extension_id, action_id) - - @controller.protected() - def del_action(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - action_id = kw.get('action_id', None) - self.admin_api.del_action(user_id, intra_extension_id, action_id) - - @controller.protected() - def set_action(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - action_id = kw.get('action_id', None) - action_dict = dict() - action_dict['name'] = kw.get('action_name', None) - action_dict['description'] = kw.get('action_description', None) - return self.admin_api.set_action_dict( - user_id, intra_extension_id, action_id, action_dict) - - # Scope functions - @controller.protected() - def get_subject_scopes(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - subject_category_id = kw.get('subject_category_id', None) - return self.admin_api.get_subject_scopes_dict( - user_id, intra_extension_id, subject_category_id) - - @controller.protected() - def add_subject_scope(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - subject_category_id = kw.get('subject_category_id', None) - subject_scope_dict = dict() - subject_scope_dict['name'] = kw.get('subject_scope_name', None) - subject_scope_dict['description'] = kw.get( - 'subject_scope_description', None) - return self.admin_api.add_subject_scope_dict( - user_id, intra_extension_id, subject_category_id, subject_scope_dict) # noqa - - @controller.protected() - def get_subject_scope(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - subject_category_id = kw.get('subject_category_id', None) - subject_scope_id = kw.get('subject_scope_id', None) - return self.admin_api.get_subject_scope_dict( - user_id, intra_extension_id, subject_category_id, subject_scope_id) - - @controller.protected() - def del_subject_scope(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - subject_category_id = kw.get('subject_category_id', None) - subject_scope_id = kw.get('subject_scope_id', None) - self.admin_api.del_subject_scope( - user_id, - intra_extension_id, - subject_category_id, - subject_scope_id) - - @controller.protected() - def set_subject_scope(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - subject_category_id = kw.get('subject_category_id', None) - subject_scope_id = kw.get('subject_scope_id', None) - subject_scope_dict = dict() - subject_scope_dict['name'] = kw.get('subject_scope_name', None) - subject_scope_dict['description'] = kw.get( - 'subject_scope_description', None) - return self.admin_api.set_subject_scope_dict( - user_id, intra_extension_id, subject_category_id, subject_scope_id, subject_scope_dict) # noqa - - @controller.protected() - def get_object_scopes(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - object_category_id = kw.get('object_category_id', None) - return self.admin_api.get_object_scopes_dict( - user_id, intra_extension_id, object_category_id) - - @controller.protected() - def add_object_scope(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - object_category_id = kw.get('object_category_id', None) - object_scope_dict = dict() - object_scope_dict['name'] = kw.get('object_scope_name', None) - object_scope_dict['description'] = kw.get( - 'object_scope_description', None) - return self.admin_api.add_object_scope_dict( - user_id, intra_extension_id, object_category_id, object_scope_dict) - - @controller.protected() - def get_object_scope(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - object_category_id = kw.get('object_category_id', None) - object_scope_id = kw.get('object_scope_id', None) - return self.admin_api.get_object_scope_dict( - user_id, intra_extension_id, object_category_id, object_scope_id) - - @controller.protected() - def del_object_scope(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - object_category_id = kw.get('object_category_id', None) - object_scope_id = kw.get('object_scope_id', None) - self.admin_api.del_object_scope( - user_id, - intra_extension_id, - object_category_id, - object_scope_id) - - @controller.protected() - def set_object_scope(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - object_category_id = kw.get('object_category_id', None) - object_scope_id = kw.get('object_scope_id', None) - object_scope_dict = dict() - object_scope_dict['name'] = kw.get('object_scope_name', None) - object_scope_dict['description'] = kw.get( - 'object_scope_description', None) - return self.admin_api.set_object_scope_dict( - user_id, intra_extension_id, object_category_id, object_scope_id, object_scope_dict) # noqa - - @controller.protected() - def get_action_scopes(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - action_category_id = kw.get('action_category_id', None) - return self.admin_api.get_action_scopes_dict( - user_id, intra_extension_id, action_category_id) - - @controller.protected() - def add_action_scope(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - action_category_id = kw.get('action_category_id', None) - action_scope_dict = dict() - action_scope_dict['name'] = kw.get('action_scope_name', None) - action_scope_dict['description'] = kw.get( - 'action_scope_description', None) - return self.admin_api.add_action_scope_dict( - user_id, intra_extension_id, action_category_id, action_scope_dict) - - @controller.protected() - def get_action_scope(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - action_category_id = kw.get('action_category_id', None) - action_scope_id = kw.get('action_scope_id', None) - return self.admin_api.get_action_scope_dict( - user_id, intra_extension_id, action_category_id, action_scope_id) - - @controller.protected() - def del_action_scope(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - action_category_id = kw.get('action_category_id', None) - action_scope_id = kw.get('action_scope_id', None) - self.admin_api.del_action_scope( - user_id, - intra_extension_id, - action_category_id, - action_scope_id) - - @controller.protected() - def set_action_scope(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - action_category_id = kw.get('action_category_id', None) - action_scope_id = kw.get('action_scope_id', None) - action_scope_dict = dict() - action_scope_dict['name'] = kw.get('action_scope_name', None) - action_scope_dict['description'] = kw.get( - 'action_scope_description', None) - return self.admin_api.set_action_scope_dict( - user_id, intra_extension_id, action_category_id, action_scope_id, action_scope_dict) # noqa - - # Assignment functions - - @controller.protected() - def add_subject_assignment(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - subject_id = kw.get('subject_id', None) - subject_category_id = kw.get('subject_category_id', None) - subject_scope_id = kw.get('subject_scope_id', None) - return self.admin_api.add_subject_assignment_list( - user_id, intra_extension_id, subject_id, subject_category_id, subject_scope_id) # noqa - - @controller.protected() - def get_subject_assignment(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - subject_id = kw.get('subject_id', None) - subject_category_id = kw.get('subject_category_id', None) - return self.admin_api.get_subject_assignment_list( - user_id, intra_extension_id, subject_id, subject_category_id) - - @controller.protected() - def del_subject_assignment(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - subject_id = kw.get('subject_id', None) - subject_category_id = kw.get('subject_category_id', None) - subject_scope_id = kw.get('subject_scope_id', None) - self.admin_api.del_subject_assignment( - user_id, - intra_extension_id, - subject_id, - subject_category_id, - subject_scope_id) - - @controller.protected() - def add_object_assignment(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - object_id = kw.get('object_id', None) - object_category_id = kw.get('object_category_id', None) - object_scope_id = kw.get('object_scope_id', None) - return self.admin_api.add_object_assignment_list( - user_id, intra_extension_id, object_id, object_category_id, object_scope_id) # noqa - - @controller.protected() - def get_object_assignment(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - object_id = kw.get('object_id', None) - object_category_id = kw.get('object_category_id', None) - return self.admin_api.get_object_assignment_list( - user_id, intra_extension_id, object_id, object_category_id) - - @controller.protected() - def del_object_assignment(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - object_id = kw.get('object_id', None) - object_category_id = kw.get('object_category_id', None) - object_scope_id = kw.get('object_scope_id', None) - self.admin_api.del_object_assignment( - user_id, - intra_extension_id, - object_id, - object_category_id, - object_scope_id) - - @controller.protected() - def add_action_assignment(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - action_id = kw.get('action_id', None) - action_category_id = kw.get('action_category_id', None) - action_scope_id = kw.get('action_scope_id', None) - return self.admin_api.add_action_assignment_list( - user_id, intra_extension_id, action_id, action_category_id, action_scope_id) # noqa - - @controller.protected() - def get_action_assignment(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - action_id = kw.get('action_id', None) - action_category_id = kw.get('action_category_id', None) - return self.admin_api.get_action_assignment_list( - user_id, intra_extension_id, action_id, action_category_id) - - @controller.protected() - def del_action_assignment(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - action_id = kw.get('action_id', None) - action_category_id = kw.get('action_category_id', None) - action_scope_id = kw.get('action_scope_id', None) - self.admin_api.del_action_assignment( - user_id, - intra_extension_id, - action_id, - action_category_id, - action_scope_id) - - # Metarule functions - - @controller.protected() - def get_aggregation_algorithm(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - return self.admin_api.get_aggregation_algorithm_id( - user_id, intra_extension_id) - - @controller.protected() - def set_aggregation_algorithm(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - aggregation_algorithm_id = kw.get('aggregation_algorithm_id', None) - return self.admin_api.set_aggregation_algorithm_id( - user_id, intra_extension_id, aggregation_algorithm_id) - - @controller.protected() - def get_sub_meta_rules(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - return self.admin_api.get_sub_meta_rules_dict( - user_id, intra_extension_id) - - @controller.protected() - def add_sub_meta_rule(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - sub_meta_rule_dict = dict() - sub_meta_rule_dict['name'] = kw.get('sub_meta_rule_name', None) - sub_meta_rule_dict['algorithm'] = kw.get( - 'sub_meta_rule_algorithm', None) - sub_meta_rule_dict['subject_categories'] = kw.get( - 'sub_meta_rule_subject_categories', None) - sub_meta_rule_dict['object_categories'] = kw.get( - 'sub_meta_rule_object_categories', None) - sub_meta_rule_dict['action_categories'] = kw.get( - 'sub_meta_rule_action_categories', None) - return self.admin_api.add_sub_meta_rule_dict( - user_id, intra_extension_id, sub_meta_rule_dict) - - @controller.protected() - def get_sub_meta_rule(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - sub_meta_rule_id = kw.get('sub_meta_rule_id', None) - return self.admin_api.get_sub_meta_rule_dict( - user_id, intra_extension_id, sub_meta_rule_id) - - @controller.protected() - def del_sub_meta_rule(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - sub_meta_rule_id = kw.get('sub_meta_rule_id', None) - self.admin_api.del_sub_meta_rule( - user_id, intra_extension_id, sub_meta_rule_id) - - @controller.protected() - def set_sub_meta_rule(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - sub_meta_rule_id = kw.get('sub_meta_rule_id', None) - sub_meta_rule_dict = dict() - sub_meta_rule_dict['name'] = kw.get('sub_meta_rule_name', None) - sub_meta_rule_dict['algorithm'] = kw.get( - 'sub_meta_rule_algorithm', None) - sub_meta_rule_dict['subject_categories'] = kw.get( - 'sub_meta_rule_subject_categories', None) - sub_meta_rule_dict['object_categories'] = kw.get( - 'sub_meta_rule_object_categories', None) - sub_meta_rule_dict['action_categories'] = kw.get( - 'sub_meta_rule_action_categories', None) - return self.admin_api.set_sub_meta_rule_dict( - user_id, intra_extension_id, sub_meta_rule_id, sub_meta_rule_dict) - - # Rules functions - @controller.protected() - def get_rules(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - sub_meta_rule_id = kw.get('sub_meta_rule_id', None) - return self.admin_api.get_rules_dict( - user_id, intra_extension_id, sub_meta_rule_id) - - @controller.protected() - def add_rule(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - sub_meta_rule_id = kw.get('sub_meta_rule_id', None) - subject_category_list = kw.get('subject_categories', []) - object_category_list = kw.get('object_categories', []) - action_category_list = kw.get('action_categories', []) - enabled_bool = kw.get('enabled', True) - rule_list = subject_category_list + action_category_list + \ - object_category_list + [enabled_bool, ] - return self.admin_api.add_rule_dict( - user_id, intra_extension_id, sub_meta_rule_id, rule_list) - - @controller.protected() - def get_rule(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - sub_meta_rule_id = kw.get('sub_meta_rule_id', None) - rule_id = kw.get('rule_id', None) - return self.admin_api.get_rule_dict( - user_id, intra_extension_id, sub_meta_rule_id, rule_id) - - @controller.protected() - def del_rule(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - sub_meta_rule_id = kw.get('sub_meta_rule_id', None) - rule_id = kw.get('rule_id', None) - self.admin_api.del_rule( - user_id, - intra_extension_id, - sub_meta_rule_id, - rule_id) - - @controller.protected() - def set_rule(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - intra_extension_id = kw.get('intra_extension_id', None) - sub_meta_rule_id = kw.get('sub_meta_rule_id', None) - rule_id = kw.get('rule_id', None) - rule_list = list() - subject_category_list = kw.get('subject_categories', []) - object_category_list = kw.get('object_categories', []) - action_category_list = kw.get('action_categories', []) - rule_list = subject_category_list + action_category_list + object_category_list # noqa - return self.admin_api.set_rule_dict( - user_id, intra_extension_id, sub_meta_rule_id, rule_id, rule_list) - - -@dependency.requires('authz_api') # noqa: 405 -class InterExtensions(controller.V3Controller): - - def __init__(self): - super(InterExtensions, self).__init__() - - def _get_user_from_token(self, token_id): - response = self.token_provider_api.validate_token(token_id) - token_ref = token_model.KeystoneToken( - token_id=token_id, token_data=response) - return token_ref['user'] - - # @controller.protected() - # def get_inter_extensions(self, context, **kw): - # user = self._get_user_from_token(context.get('token_id')) - # return { - # 'inter_extensions': - # self.interextension_api.get_inter_extensions() - # } - - # @controller.protected() - # def get_inter_extension(self, context, **kw): - # user = self._get_user_from_token(context.get('token_id')) - # return { - # 'inter_extensions': - # self.interextension_api.get_inter_extension(uuid=kw['inter_extension_id']) - # } - - # @controller.protected() - # def create_inter_extension(self, context, **kw): - # user = self._get_user_from_token(context.get('token_id')) - # return self.interextension_api.create_inter_extension(kw) - - # @controller.protected() - # def delete_inter_extension(self, context, **kw): - # user = self._get_user_from_token(context.get('token_id')) - # if 'inter_extension_id' not in kw: - # raise exception.Error - # return - # self.interextension_api.delete_inter_extension(kw['inter_extension_id']) - - -@dependency.requires('moonlog_api', 'authz_api') # noqa: 405 -class Logs(controller.V3Controller): - - def __init__(self): - super(Logs, self).__init__() - - def _get_user_id_from_token(self, token_id): - response = self.token_provider_api.validate_token(token_id) - token_ref = token_model.KeystoneToken( - token_id=token_id, token_data=response) - return token_ref['user'] - - @controller.protected() - def get_logs(self, context, **kw): - user_id = self._get_user_id_from_token(context.get('token_id')) - options = kw.get('options', '') - return self.moonlog_api.get_logs(user_id, options) - - -@dependency.requires('identity_api', "token_provider_api", "resource_api") # noqa: 405 -class MoonAuth(controller.V3Controller): - - def __init__(self): - super(MoonAuth, self).__init__() - - def _get_project(self, uuid="", name=""): - projects = self.resource_api.list_projects() - for project in projects: - if uuid and uuid == project['id']: - return project - elif name and name == project['name']: - return project - - def get_token(self, context, **kw): - data_auth = { - "auth": { - "identity": { - "methods": [ - "password" - ], - "password": { - "user": { - "domain": { - "id": "Default" - }, - "name": kw['username'], - "password": kw['password'] - } - } - } - } - } - - message = {} - if "project" in kw: - project = self._get_project(name=kw['project']) - if project: - data_auth["auth"]["scope"] = dict() - data_auth["auth"]["scope"]['project'] = dict() - data_auth["auth"]["scope"]['project']['id'] = project['id'] - else: - message = { - "error": { - "message": "Unable to find project {}".format(kw['project']), # noqa - "code": 200, - "title": "UnScopedToken" - }} - -# req = requests.post("http://localhost:5000/v3/auth/tokens", -# json=data_auth, -# headers={"Content-Type": "application/json"} -# ) - req = requests.post("http://172.16.1.222:5000/v3/auth/tokens", - json=data_auth, - headers={"Content-Type": "application/json"} - ) - if req.status_code not in (200, 201): - LOG.error(req.text) - else: - _token = req.headers['X-Subject-Token'] - _data = req.json() - _result = { - "token": _token, - 'message': message - } - try: - _result["roles"] = map( - lambda x: x['name'], _data["token"]["roles"]) - except KeyError: - pass - return _result - return {"token": None, 'message': req.json()} diff --git a/deploy/adapters/ansible/roles/moon/files/deb.conf b/deploy/adapters/ansible/roles/moon/files/deb.conf deleted file mode 100644 index 6e1159a1..00000000 --- a/deploy/adapters/ansible/roles/moon/files/deb.conf +++ /dev/null @@ -1,11 +0,0 @@ -keystone/admin-password: password -keystone/auth-token: password -keystone/admin-password-confirm: password -keystone/admin-email: root@localhost -keystone/admin-role-name: admin -keystone/admin-user: admin -keystone/create-admin-tenant: false -keystone/region-name: Orange -keystone/admin-tenant-name: admin -keystone/register-endpoint: false -keystone/configure_db: false diff --git a/deploy/adapters/ansible/roles/moon/files/get_deb_depends.py b/deploy/adapters/ansible/roles/moon/files/get_deb_depends.py deleted file mode 100644 index e01c1ff7..00000000 --- a/deploy/adapters/ansible/roles/moon/files/get_deb_depends.py +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/env python3 -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - - -import sys -import subprocess - -pkts = [] - -for arg in sys.argv[1:]: - proc = subprocess.Popen(["dpkg-deb", - "--info", - arg], - stdin=None, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE) - out = proc.stdout.read() - err = proc.stderr.read() - if err: - print("An error occurred with {} ({})".format(arg, err)) - continue - for line in out.splitlines(): - line = line.decode('utf-8') - if " Depends:" in line: - line = line.replace(" Depends:", "") - for _dep in line.split(','): - pkts.append(_dep.split()[0]) - -print(" ".join(pkts)) diff --git a/deploy/adapters/ansible/roles/moon/handlers/main.yml b/deploy/adapters/ansible/roles/moon/handlers/main.yml deleted file mode 100755 index 608a8a09..00000000 --- a/deploy/adapters/ansible/roles/moon/handlers/main.yml +++ /dev/null @@ -1,12 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: restart keystone services - service: name={{ item }} state=restarted enabled=yes - with_items: services | union(services_noarch) diff --git a/deploy/adapters/ansible/roles/moon/tasks/moon-compute.yml b/deploy/adapters/ansible/roles/moon/tasks/moon-compute.yml deleted file mode 100644 index c2ca2fcf..00000000 --- a/deploy/adapters/ansible/roles/moon/tasks/moon-compute.yml +++ /dev/null @@ -1,16 +0,0 @@ -############################################################################# -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: update api-paste.ini - template: src=api-paste.ini dest=/etc/nova/api-paste.ini backup=yes - -- name: restart nova task - service: name={{ item }} state=restarted enabled=yes - with_items: - - nova-compute diff --git a/deploy/adapters/ansible/roles/moon/tasks/moon-controller.yml b/deploy/adapters/ansible/roles/moon/tasks/moon-controller.yml deleted file mode 100644 index ad030bda..00000000 --- a/deploy/adapters/ansible/roles/moon/tasks/moon-controller.yml +++ /dev/null @@ -1,235 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -# install all packages -- name: install unzip packages - shell: apt-get install -y python-pip unzip - -# download master.zip -- name: get image http server - shell: awk -F'=' '/compass_server/ {print $2}' /etc/compass.conf - register: http_server - -- name: download keystone-moon packages - get_url: - url: "http://{{ http_server.stdout_lines[0] }}/packages/moon/master.zip" - dest: /tmp/master.zip - mode: 0444 - -- name: extract keystone-moon packages - unarchive: src=/tmp/master.zip dest=/tmp copy=no - -# install all dependencies -- name: copy scripts - copy: src=get_deb_depends.py dest=/tmp/get_deb_depends.py - -- name: install keystone-moon dependencies - shell: | - apt-get install \ - $(python /tmp/get_deb_depends.py /tmp/moon-bin-master/*.deb) - when: ansible_os_family == "Debian" - -- name: delete configuration file - shell: > - rm -f {{ apache_config_dir }}/sites-enabled/wsgi-keystone.conf; - rm -f {{ apache_config_dir }}/sites-available/wsgi-keystone.conf; - -# install keystone moon -- name: copy scripts - copy: src=deb.conf dest=/tmp/deb.conf - -- name: install keystone moon - shell: > - export DEBIAN_FRONTEND="noninteractive"; - sudo -E dpkg -i /tmp/moon-bin-master/*moon*.deb; - -# - name: install keystone moon -# shell: > -# export DEBIAN_FRONTEND="noninteractive"; -# sudo -E debconf-set-selections python-keystone < /tmp/deb.conf; -# sudo -E dpkg -i /tmp/moon-bin-master/*moon*.deb; - -- name: stop keystone task - shell: > - service keystone stop; - mv /etc/init.d/keystone /home/; - mv /etc/init/keystone.conf /home/; - mv /lib/systemd/system/keystone.service /home/; - -# config keystone and apache2 -- name: delete sqlite database - file: - path: /var/lib/keystone/keystone.db - state: absent - -# - name: update keystone conf -# template: src=keystone.conf dest=/etc/keystone/keystone.conf backup=yes - - -# - name: assure listen port exist -# lineinfile: -# dest: '{{ apache_config_dir }}/ports.conf' -# regexp: '{{ item.regexp }}' -# line: '{{ item.line}}' -# with_items: -# - regexp: "^Listen {{ internal_ip }}:5000" -# line: "Listen {{ internal_ip }}:5000" -# - regexp: "^Listen {{ internal_ip }}:35357" -# line: "Listen {{ internal_ip }}:35357" - -- name: update apache2 configs - template: - src: wsgi-keystone.conf.j2 - dest: '{{ apache_config_dir }}/sites-available/wsgi-keystone.conf' - when: ansible_os_family == 'Debian' - -- name: enable keystone server - file: - src: "{{ apache_config_dir }}/sites-available/wsgi-keystone.conf" - dest: "{{ apache_config_dir }}/sites-enabled/wsgi-keystone.conf" - state: "link" - when: ansible_os_family == 'Debian' - -# - name: keystone source files -# template: src={{ item }} dest=/opt/{{ item }} -# with_items: -# - admin-openrc.sh -# - demo-openrc.sh - -# keystone paste ini -- name: backup keystone-paste.ini - shell: > - cp /etc/keystone/keystone-paste.ini /etc/keystone/keystone-paste.ini.bak; - -- name: config keystone-paste.ini - shell: > - sed -i "3i[pipeline:moon_pipeline]\n" /etc/keystone/keystone-paste.ini; - sed -i "5i[app:moon_service]\nuse = egg:keystone#moon_service\n" \ - /etc/keystone/keystone-paste.ini; - sed -i "s/use = egg:Paste#urlmap/use = egg:Paste#urlmap\n\/moon = moon_pipeline/" \ - /etc/keystone/keystone-paste.ini; - -- name: config keystone-paste.ini - blockinfile: - dest: /etc/keystone/keystone-paste.ini - insertafter: "pipeline:moon_pipeline" - block: > - pipeline = sizelimit url_normalize request_id build_auth_context - token_auth admin_token_auth json_body ec2_extension_v3 s3_extension moon_service - -# moon log -- name: moon log - shell: > - sudo mkdir /var/log/moon/; - sudo chown keystone /var/log/moon/; - sudo addgroup moonlog; - sudo chgrp moonlog /var/log/moon/; - sudo touch /var/log/moon/keystonemiddleware.log; - sudo touch /var/log/moon/system.log; - sudo chgrp moonlog /var/log/moon/keystonemiddleware.log; - sudo chgrp moonlog /var/log/moon/system.log; - sudo chmod g+rw /var/log/moon; - sudo chmod g+rw /var/log/moon/keystonemiddleware.log; - sudo chmod g+rw /var/log/moon/system.log; - sudo adduser keystone moonlog; - # sudo adduser swift moonlog; - sudo adduser nova moonlog; - - -# keystone db sync -- name: keystone db sync - shell: > - sudo /usr/bin/keystone-manage db_sync; - sudo /usr/bin/keystone-manage db_sync --extension moon; - when: inventory_hostname == haproxy_hosts.keys()[0] - -- name: wait for keystone ready - wait_for: port=35357 delay=3 timeout=10 host={{ internal_ip }} - -# moon workaround -- name: copy scripts - copy: - src: controllers.py - dest: /usr/lib/python2.7/dist-packages/keystone/contrib/moon/controllers.py - -# apache2 restart -- name: restart apache2 - service: name={{ item }} state=restarted enabled=yes - with_items: services | union(services_noarch) - -# install moonclient -- name: install moon client - shell: sudo pip install /tmp/moon-bin-master/python-moonclient-0.1.tar.gz - -# - name: add tenants -# keystone_user: -# token: "{{ ADMIN_TOKEN }}" -# endpoint: "http://{{ internal_ip }}:35357/v2.0" -# tenant: "{{ item.tenant }}" -# tenant_description: "{{ item.tenant_description }}" -# with_items: "{{ os_users }}" -# when: inventory_hostname == groups['controller'][0] - -# - name: add users -# keystone_user: -# token: "{{ ADMIN_TOKEN }}" -# endpoint: "http://{{ internal_ip }}:35357/v2.0" -# user: "{{ item.user }}" -# tenant: "{{ item.tenant }}" -# password: "{{ item.password }}" -# email: "{{ item.email }}" -# with_items: "{{ os_users }}" -# when: inventory_hostname == groups['controller'][0] - -# - name: grant roles -# keystone_user: -# token: "{{ ADMIN_TOKEN }}" -# endpoint: "http://{{ internal_ip }}:35357/v2.0" -# user: "{{ item.user }}" -# role: "{{ item.role }}" -# tenant: "{{ item.tenant }}" -# with_items: "{{ os_users }}" -# when: inventory_hostname == groups['controller'][0] - -# - name: add endpoints -# keystone_service: -# token: "{{ ADMIN_TOKEN }}" -# endpoint: "http://{{ internal_ip }}:35357/v2.0" -# name: "{{ item.name }}" -# type: "{{ item.type }}" -# region: "{{ item.region}}" -# description: "{{ item.description }}" -# publicurl: "{{ item.publicurl }}" -# internalurl: "{{ item.internalurl }}" -# adminurl: "{{ item.adminurl }}" -# with_items: "{{ os_services }}" -# when: inventory_hostname == groups['controller'][0] - -- name: update api-paste.ini - template: src=api-paste.ini dest=/etc/nova/api-paste.ini backup=yes - -# - name: update proxy-server conf -# template: src=proxy-server.conf dest=/etc/swift/proxy-server.conf backup=yes - -# restart nova -- name: restart nova - service: name={{ item }} state=restarted enabled=yes - with_items: - - nova-api - - nova-cert - - nova-conductor - - nova-consoleauth - - nova-scheduler - -# restart swift -# - name: restart swift -# service: name={{ item }} state=restarted enabled=yes -# with_items: -# - swift-proxy -# - memcached diff --git a/deploy/adapters/ansible/roles/moon/tasks/moon.yml b/deploy/adapters/ansible/roles/moon/tasks/moon.yml deleted file mode 100644 index 40e1c98c..00000000 --- a/deploy/adapters/ansible/roles/moon/tasks/moon.yml +++ /dev/null @@ -1,16 +0,0 @@ -############################################################################# -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - -- include: moon-controller.yml - when: inventory_hostname in groups['controller'] - -- include: moon-compute.yml - when: inventory_hostname in groups['compute'] diff --git a/deploy/adapters/ansible/roles/moon/templates/admin-openrc.sh b/deploy/adapters/ansible/roles/moon/templates/admin-openrc.sh deleted file mode 100644 index 6ba620ff..00000000 --- a/deploy/adapters/ansible/roles/moon/templates/admin-openrc.sh +++ /dev/null @@ -1,15 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## -# Verify the Identity Service installation -export OS_PASSWORD={{ ADMIN_PASS }} -export OS_TENANT_NAME=admin -export OS_AUTH_URL=http://{{ internal_vip.ip }}:35357/v2.0 -export OS_USERNAME=admin -export OS_VOLUME_API_VERSION=2 - diff --git a/deploy/adapters/ansible/roles/moon/templates/api-paste.ini b/deploy/adapters/ansible/roles/moon/templates/api-paste.ini deleted file mode 100644 index f99689b7..00000000 --- a/deploy/adapters/ansible/roles/moon/templates/api-paste.ini +++ /dev/null @@ -1,106 +0,0 @@ -############ -# Metadata # -############ -[composite:metadata] -use = egg:Paste#urlmap -/: meta - -[pipeline:meta] -pipeline = cors metaapp - -[app:metaapp] -paste.app_factory = nova.api.metadata.handler:MetadataRequestHandler.factory - -############# -# OpenStack # -############# - -[composite:osapi_compute] -use = call:nova.api.openstack.urlmap:urlmap_factory -/: oscomputeversions -# starting in Liberty the v21 implementation replaces the v2 -# implementation and is suggested that you use it as the default. If -# this causes issues with your clients you can rollback to the -# *frozen* v2 api by commenting out the above stanza and using the -# following instead:: -# /v2: openstack_compute_api_legacy_v2 -# if rolling back to v2 fixes your issue please file a critical bug -# at - https://bugs.launchpad.net/nova/+bugs -# -# v21 is an exactly feature match for v2, except it has more stringent -# input validation on the wsgi surface (prevents fuzzing early on the -# API). It also provides new features via API microversions which are -# opt into for clients. Unaware clients will receive the same frozen -# v2 API feature set, but with some relaxed validation -/v2: openstack_compute_api_v21_legacy_v2_compatible -/v2.1: openstack_compute_api_v21 - -# NOTE: this is deprecated in favor of openstack_compute_api_v21_legacy_v2_compatible -[composite:openstack_compute_api_legacy_v2] -use = call:nova.api.auth:pipeline_factory -noauth2 = cors compute_req_id faultwrap sizelimit noauth2 legacy_ratelimit osapi_compute_app_legacy_v2 -keystone = cors compute_req_id faultwrap sizelimit authtoken keystonecontext moon legacy_ratelimit osapi_compute_app_legacy_v2 -keystone_nolimit = cors compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_legacy_v2 - -[composite:openstack_compute_api_v21] -use = call:nova.api.auth:pipeline_factory_v21 -noauth2 = cors compute_req_id faultwrap sizelimit noauth2 osapi_compute_app_v21 -keystone = cors compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v21 - -[composite:openstack_compute_api_v21_legacy_v2_compatible] -use = call:nova.api.auth:pipeline_factory_v21 -noauth2 = cors compute_req_id faultwrap sizelimit noauth2 legacy_v2_compatible osapi_compute_app_v21 -keystone = cors compute_req_id faultwrap sizelimit authtoken keystonecontext legacy_v2_compatible osapi_compute_app_v21 - -[filter:request_id] -paste.filter_factory = oslo_middleware:RequestId.factory - -[filter:compute_req_id] -paste.filter_factory = nova.api.compute_req_id:ComputeReqIdMiddleware.factory - -[filter:faultwrap] -paste.filter_factory = nova.api.openstack:FaultWrapper.factory - -[filter:noauth2] -paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory - -[filter:legacy_ratelimit] -paste.filter_factory = nova.api.openstack.compute.limits:RateLimitingMiddleware.factory - -[filter:sizelimit] -paste.filter_factory = oslo_middleware:RequestBodySizeLimiter.factory - -[filter:legacy_v2_compatible] -paste.filter_factory = nova.api.openstack:LegacyV2CompatibleWrapper.factory - -[app:osapi_compute_app_legacy_v2] -paste.app_factory = nova.api.openstack.compute:APIRouter.factory - -[app:osapi_compute_app_v21] -paste.app_factory = nova.api.openstack.compute:APIRouterV21.factory - -[pipeline:oscomputeversions] -pipeline = faultwrap oscomputeversionapp - -[app:oscomputeversionapp] -paste.app_factory = nova.api.openstack.compute.versions:Versions.factory - -########## -# Shared # -########## - -[filter:cors] -paste.filter_factory = oslo_middleware.cors:filter_factory -oslo_config_project = nova - -[filter:keystonecontext] -paste.filter_factory = nova.api.auth:NovaKeystoneContext.factory - -[filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory - -[filter:moon] -paste.filter_factory = keystonemiddleware.moon_agent:filter_factory -authz_login=admin -authz_password=password -logfile=/var/log/moon/keystonemiddleware.log diff --git a/deploy/adapters/ansible/roles/moon/templates/demo-openrc.sh b/deploy/adapters/ansible/roles/moon/templates/demo-openrc.sh deleted file mode 100644 index 5807e868..00000000 --- a/deploy/adapters/ansible/roles/moon/templates/demo-openrc.sh +++ /dev/null @@ -1,13 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## -export OS_USERNAME=demo -export OS_PASSWORD={{ DEMO_PASS }} -export OS_TENANT_NAME=demo -export OS_AUTH_URL=http://{{ internal_vip.ip }}:35357/v2.0 - diff --git a/deploy/adapters/ansible/roles/moon/templates/keystone-paste.ini b/deploy/adapters/ansible/roles/moon/templates/keystone-paste.ini deleted file mode 100644 index cd9ebede..00000000 --- a/deploy/adapters/ansible/roles/moon/templates/keystone-paste.ini +++ /dev/null @@ -1,96 +0,0 @@ -# Keystone PasteDeploy configuration file. - -[pipeline:moon_pipeline] -pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension_v3 s3_extension moon_service - -[app:moon_service] -use = egg:keystone#moon_service - -[filter:debug] -use = egg:oslo.middleware#debug - -[filter:request_id] -use = egg:oslo.middleware#request_id - -[filter:build_auth_context] -use = egg:keystone#build_auth_context - -[filter:token_auth] -use = egg:keystone#token_auth - -[filter:admin_token_auth] -# This is deprecated in the M release and will be removed in the O release. -# Use `keystone-manage bootstrap` and remove this from the pipelines below. -use = egg:keystone#admin_token_auth - -[filter:json_body] -use = egg:keystone#json_body - -[filter:cors] -use = egg:oslo.middleware#cors -oslo_config_project = keystone - -[filter:ec2_extension] -use = egg:keystone#ec2_extension - -[filter:ec2_extension_v3] -use = egg:keystone#ec2_extension_v3 - -[filter:s3_extension] -use = egg:keystone#s3_extension - -[filter:url_normalize] -use = egg:keystone#url_normalize - -[filter:sizelimit] -use = egg:oslo.middleware#sizelimit - -[app:public_service] -use = egg:keystone#public_service - -[app:service_v3] -use = egg:keystone#service_v3 - -[app:admin_service] -use = egg:keystone#admin_service - -[pipeline:public_api] -# The last item in this pipeline must be public_service or an equivalent -# application. It cannot be a filter. -pipeline = cors sizelimit url_normalize request_id admin_token_auth build_auth_context token_auth json_body ec2_extension public_service - -[pipeline:admin_api] -# The last item in this pipeline must be admin_service or an equivalent -# application. It cannot be a filter. -pipeline = cors sizelimit url_normalize request_id admin_token_auth build_auth_context token_auth json_body ec2_extension s3_extension admin_service - -[pipeline:api_v3] -# The last item in this pipeline must be service_v3 or an equivalent -# application. It cannot be a filter. -pipeline = cors sizelimit url_normalize request_id admin_token_auth build_auth_context token_auth json_body ec2_extension_v3 s3_extension service_v3 - -[app:public_version_service] -use = egg:keystone#public_version_service - -[app:admin_version_service] -use = egg:keystone#admin_version_service - -[pipeline:public_version_api] -pipeline = cors sizelimit url_normalize public_version_service - -[pipeline:admin_version_api] -pipeline = cors sizelimit url_normalize admin_version_service - -[composite:main] -use = egg:Paste#urlmap -/moon = moon_pipeline -/v2.0 = public_api -/v3 = api_v3 -/ = public_version_api - -[composite:admin] -use = egg:Paste#urlmap -/moon = moon_pipeline -/v2.0 = admin_api -/v3 = api_v3 -/ = admin_version_api diff --git a/deploy/adapters/ansible/roles/moon/templates/keystone.conf b/deploy/adapters/ansible/roles/moon/templates/keystone.conf deleted file mode 100644 index 649fc32c..00000000 --- a/deploy/adapters/ansible/roles/moon/templates/keystone.conf +++ /dev/null @@ -1,59 +0,0 @@ -{% set memcached_servers = [] %} -{% set rabbitmq_servers = [] %} -{% for host in haproxy_hosts.values() %} -{% set _ = memcached_servers.append('%s:11211'% host) %} -{% set _ = rabbitmq_servers.append('%s:5672'% host) %} -{% endfor %} -{% set memcached_servers = memcached_servers|join(',') %} -{% set rabbitmq_servers = rabbitmq_servers|join(',') %} -[DEFAULT] -admin_token={{ ADMIN_TOKEN }} -debug={{ DEBUG }} -log_dir = /var/log/keystone - -[cache] -backend=keystone.cache.memcache_pool -memcache_servers={{ memcached_servers}} -enabled=true - -[revoke] -driver=sql -expiration_buffer=3600 -caching=true - -[database] -connection = mysql://keystone:{{ KEYSTONE_DBPASS }}@{{ db_host }}/keystone?charset=utf8 -idle_timeout=30 -min_pool_size=5 -max_pool_size=120 -pool_timeout=30 - - -[identity] -default_domain_id=default -driver=sql - -[assignment] -driver=sql - -[resource] -driver=sql -caching=true -cache_time=3600 - -[token] -enforce_token_bind=permissive -expiration=43200 -provider=uuid -driver=sql -caching=true -cache_time=3600 - -[eventlet_server] -public_bind_host= {{ identity_host }} -admin_bind_host= {{ identity_host }} - -[oslo_messaging_rabbit] -rabbit_userid = {{ RABBIT_USER }} -rabbit_password = {{ RABBIT_PASS }} -rabbit_hosts = {{ rabbitmq_servers }} diff --git a/deploy/adapters/ansible/roles/moon/templates/proxy-server.conf b/deploy/adapters/ansible/roles/moon/templates/proxy-server.conf deleted file mode 100644 index 9bea7a8e..00000000 --- a/deploy/adapters/ansible/roles/moon/templates/proxy-server.conf +++ /dev/null @@ -1,775 +0,0 @@ -{% set memcached_servers = [] %} -{% for host in haproxy_hosts.values() %} -{% set _ = memcached_servers.append('%s:11211'% host) %} -{% endfor %} -{% set memcached_servers = memcached_servers|join(',') %} -[DEFAULT] -bind_ip = {{ internal_ip }} -bind_port = 8080 -# bind_timeout = 30 -# backlog = 4096 -swift_dir = /etc/swift -user = swift - -# Enables exposing configuration settings via HTTP GET /info. -# expose_info = true - -# Key to use for admin calls that are HMAC signed. Default is empty, -# which will disable admin calls to /info. -# admin_key = secret_admin_key -# -# Allows the ability to withhold sections from showing up in the public calls -# to /info. You can withhold subsections by separating the dict level with a -# ".". The following would cause the sections 'container_quotas' and 'tempurl' -# to not be listed, and the key max_failed_deletes would be removed from -# bulk_delete. Default value is 'swift.valid_api_versions' which allows all -# registered features to be listed via HTTP GET /info except -# swift.valid_api_versions information -# disallowed_sections = swift.valid_api_versions, container_quotas, tempurl - -# Use an integer to override the number of pre-forked processes that will -# accept connections. Should default to the number of effective cpu -# cores in the system. It's worth noting that individual workers will -# use many eventlet co-routines to service multiple concurrent requests. -# workers = auto -# -# Maximum concurrent requests per worker -# max_clients = 1024 -# -# Set the following two lines to enable SSL. This is for testing only. -# cert_file = /etc/swift/proxy.crt -# key_file = /etc/swift/proxy.key -# -# expiring_objects_container_divisor = 86400 -# expiring_objects_account_name = expiring_objects -# -# You can specify default log routing here if you want: -# log_name = swift -# log_facility = LOG_LOCAL0 -# log_level = INFO -# log_headers = false -# log_address = /dev/log -# The following caps the length of log lines to the value given; no limit if -# set to 0, the default. -# log_max_line_length = 0 -# -# This optional suffix (default is empty) that would be appended to the swift transaction -# id allows one to easily figure out from which cluster that X-Trans-Id belongs to. -# This is very useful when one is managing more than one swift cluster. -# trans_id_suffix = -# -# comma separated list of functions to call to setup custom log handlers. -# functions get passed: conf, name, log_to_console, log_route, fmt, logger, -# adapted_logger -# log_custom_handlers = -# -# If set, log_udp_host will override log_address -# log_udp_host = -# log_udp_port = 514 -# -# You can enable StatsD logging here: -# log_statsd_host = -# log_statsd_port = 8125 -# log_statsd_default_sample_rate = 1.0 -# log_statsd_sample_rate_factor = 1.0 -# log_statsd_metric_prefix = -# -# Use a comma separated list of full url (http://foo.bar:1234,https://foo.bar) -# cors_allow_origin = -# strict_cors_mode = True -# -# client_timeout = 60 -# eventlet_debug = false - -[pipeline:main] -# This sample pipeline uses tempauth and is used for SAIO dev work and -# testing. See below for a pipeline using keystone. -#pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk tempurl ratelimit tempauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server -pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging moon proxy-server - -# The following pipeline shows keystone integration. Comment out the one -# above and uncomment this one. Additional steps for integrating keystone are -# covered further below in the filter sections for authtoken and keystoneauth. -#pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk tempurl ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server - -[app:proxy-server] -use = egg:swift#proxy -account_autocreate = True -# You can override the default log routing for this app here: -# set log_name = proxy-server -# set log_facility = LOG_LOCAL0 -# set log_level = INFO -# set log_address = /dev/log -# -# log_handoffs = true -# recheck_account_existence = 60 -# recheck_container_existence = 60 -# object_chunk_size = 65536 -# client_chunk_size = 65536 -# -# How long the proxy server will wait on responses from the a/c/o servers. -# node_timeout = 10 -# -# How long the proxy server will wait for an initial response and to read a -# chunk of data from the object servers while serving GET / HEAD requests. -# Timeouts from these requests can be recovered from so setting this to -# something lower than node_timeout would provide quicker error recovery -# while allowing for a longer timeout for non-recoverable requests (PUTs). -# Defaults to node_timeout, should be overriden if node_timeout is set to a -# high number to prevent client timeouts from firing before the proxy server -# has a chance to retry. -# recoverable_node_timeout = node_timeout -# -# conn_timeout = 0.5 -# -# How long to wait for requests to finish after a quorum has been established. -# post_quorum_timeout = 0.5 -# -# How long without an error before a node's error count is reset. This will -# also be how long before a node is reenabled after suppression is triggered. -# error_suppression_interval = 60 -# -# How many errors can accumulate before a node is temporarily ignored. -# error_suppression_limit = 10 -# -# If set to 'true' any authorized user may create and delete accounts; if -# 'false' no one, even authorized, can. -# allow_account_management = false -# -# Set object_post_as_copy = false to turn on fast posts where only the metadata -# changes are stored anew and the original data file is kept in place. This -# makes for quicker posts. -# object_post_as_copy = true -# -# If set to 'true' authorized accounts that do not yet exist within the Swift -# cluster will be automatically created. -# account_autocreate = false -# -# If set to a positive value, trying to create a container when the account -# already has at least this maximum containers will result in a 403 Forbidden. -# Note: This is a soft limit, meaning a user might exceed the cap for -# recheck_account_existence before the 403s kick in. -# max_containers_per_account = 0 -# -# This is a comma separated list of account hashes that ignore the -# max_containers_per_account cap. -# max_containers_whitelist = -# -# Comma separated list of Host headers to which the proxy will deny requests. -# deny_host_headers = -# -# Prefix used when automatically creating accounts. -# auto_create_account_prefix = . -# -# Depth of the proxy put queue. -# put_queue_depth = 10 -# -# Storage nodes can be chosen at random (shuffle), by using timing -# measurements (timing), or by using an explicit match (affinity). -# Using timing measurements may allow for lower overall latency, while -# using affinity allows for finer control. In both the timing and -# affinity cases, equally-sorting nodes are still randomly chosen to -# spread load. -# The valid values for sorting_method are "affinity", "shuffle", or "timing". -# sorting_method = shuffle -# -# If the "timing" sorting_method is used, the timings will only be valid for -# the number of seconds configured by timing_expiry. -# timing_expiry = 300 -# -# By default on a GET/HEAD swift will connect to a storage node one at a time -# in a single thread. There is smarts in the order they are hit however. If you -# turn on concurrent_gets below, then replica count threads will be used. -# With addition of the concurrency_timeout option this will allow swift to send -# out GET/HEAD requests to the storage nodes concurrently and answer with the -# first to respond. With an EC policy the parameter only affects HEAD requests. -# concurrent_gets = off -# -# This parameter controls how long to wait before firing off the next -# concurrent_get thread. A value of 0 would be fully concurrent, any other -# number will stagger the firing of the threads. This number should be -# between 0 and node_timeout. The default is what ever you set for the -# conn_timeout parameter. -# concurrency_timeout = 0.5 -# -# Set to the number of nodes to contact for a normal request. You can use -# '* replicas' at the end to have it use the number given times the number of -# replicas for the ring being used for the request. -# request_node_count = 2 * replicas -# -# Which backend servers to prefer on reads. Format is r<N> for region -# N or r<N>z<M> for region N, zone M. The value after the equals is -# the priority; lower numbers are higher priority. -# -# Example: first read from region 1 zone 1, then region 1 zone 2, then -# anything in region 2, then everything else: -# read_affinity = r1z1=100, r1z2=200, r2=300 -# Default is empty, meaning no preference. -# read_affinity = -# -# Which backend servers to prefer on writes. Format is r<N> for region -# N or r<N>z<M> for region N, zone M. If this is set, then when -# handling an object PUT request, some number (see setting -# write_affinity_node_count) of local backend servers will be tried -# before any nonlocal ones. -# -# Example: try to write to regions 1 and 2 before writing to any other -# nodes: -# write_affinity = r1, r2 -# Default is empty, meaning no preference. -# write_affinity = -# -# The number of local (as governed by the write_affinity setting) -# nodes to attempt to contact first, before any non-local ones. You -# can use '* replicas' at the end to have it use the number given -# times the number of replicas for the ring being used for the -# request. -# write_affinity_node_count = 2 * replicas -# -# These are the headers whose values will only be shown to swift_owners. The -# exact definition of a swift_owner is up to the auth system in use, but -# usually indicates administrative responsibilities. -# swift_owner_headers = x-container-read, x-container-write, x-container-sync-key, x-container-sync-to, x-account-meta-temp-url-key, x-account-meta-temp-url-key-2, x-container-meta-temp-url-key, x-container-meta-temp-url-key-2, x-account-access-control - -[filter:tempauth] -use = egg:swift#tempauth -# You can override the default log routing for this filter here: -# set log_name = tempauth -# set log_facility = LOG_LOCAL0 -# set log_level = INFO -# set log_headers = false -# set log_address = /dev/log -# -# The reseller prefix will verify a token begins with this prefix before even -# attempting to validate it. Also, with authorization, only Swift storage -# accounts with this prefix will be authorized by this middleware. Useful if -# multiple auth systems are in use for one Swift cluster. -# The reseller_prefix may contain a comma separated list of items. The first -# item is used for the token as mentioned above. If second and subsequent -# items exist, the middleware will handle authorization for an account with -# that prefix. For example, for prefixes "AUTH, SERVICE", a path of -# /v1/SERVICE_account is handled the same as /v1/AUTH_account. If an empty -# (blank) reseller prefix is required, it must be first in the list. Two -# single quote characters indicates an empty (blank) reseller prefix. -# reseller_prefix = AUTH - -# -# The require_group parameter names a group that must be presented by -# either X-Auth-Token or X-Service-Token. Usually this parameter is -# used only with multiple reseller prefixes (e.g., SERVICE_require_group=blah). -# By default, no group is needed. Do not use .admin. -# require_group = - -# The auth prefix will cause requests beginning with this prefix to be routed -# to the auth subsystem, for granting tokens, etc. -# auth_prefix = /auth/ -# token_life = 86400 -# -# This allows middleware higher in the WSGI pipeline to override auth -# processing, useful for middleware such as tempurl and formpost. If you know -# you're not going to use such middleware and you want a bit of extra security, -# you can set this to false. -# allow_overrides = true -# -# This specifies what scheme to return with storage urls: -# http, https, or default (chooses based on what the server is running as) -# This can be useful with an SSL load balancer in front of a non-SSL server. -# storage_url_scheme = default -# -# Lastly, you need to list all the accounts/users you want here. The format is: -# user_<account>_<user> = <key> [group] [group] [...] [storage_url] -# or if you want underscores in <account> or <user>, you can base64 encode them -# (with no equal signs) and use this format: -# user64_<account_b64>_<user_b64> = <key> [group] [group] [...] [storage_url] -# There are special groups of: -# .reseller_admin = can do anything to any account for this auth -# .admin = can do anything within the account -# If neither of these groups are specified, the user can only access containers -# that have been explicitly allowed for them by a .admin or .reseller_admin. -# The trailing optional storage_url allows you to specify an alternate url to -# hand back to the user upon authentication. If not specified, this defaults to -# $HOST/v1/<reseller_prefix>_<account> where $HOST will do its best to resolve -# to what the requester would need to use to reach this host. -# Here are example entries, required for running the tests: -user_admin_admin = admin .admin .reseller_admin -user_test_tester = testing .admin -user_test2_tester2 = testing2 .admin -user_test_tester3 = testing3 -user_test5_tester5 = testing5 service - -# To enable Keystone authentication you need to have the auth token -# middleware first to be configured. Here is an example below, please -# refer to the keystone's documentation for details about the -# different settings. -# -# You'll also need to have the keystoneauth middleware enabled and have it in -# your main pipeline, as show in the sample pipeline at the top of this file. -# -# Following parameters are known to work with keystonemiddleware v2.3.0 -# (above v2.0.0), but checking the latest information in the wiki page[1] -# is recommended. -# 1. http://docs.openstack.org/developer/keystonemiddleware/middlewarearchitecture.html#configuration -# -[filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory -auth_uri = http://{{ internal_vip.ip }}:5000 -auth_url = http://{{ internal_vip.ip }}:35357 -identity_uri = http://{{ internal_vip.ip }}:35357 -memcached_servers = {{ memcached_servers }} -#auth_plugin = password -auth_type = password -project_domain_id = default -user_domain_id = default -project_name = service -username = swift -password = {{ CINDER_PASS }} -delay_auth_decision = True -admin_user=admin -admin_password={{ ADMIN_PASS }} -admin_token={{ ADMIN_TOKEN }} -# -# delay_auth_decision defaults to False, but leaving it as false will -# prevent other auth systems, staticweb, tempurl, formpost, and ACLs from -# working. This value must be explicitly set to True. -# delay_auth_decision = False -# -# cache = swift.cache -# include_service_catalog = False -# -[filter:keystoneauth] -use = egg:swift#keystoneauth -operator_roles = admin,user -# The reseller_prefix option lists account namespaces that this middleware is -# responsible for. The prefix is placed before the Keystone project id. -# For example, for project 12345678, and prefix AUTH, the account is -# named AUTH_12345678 (i.e., path is /v1/AUTH_12345678/...). -# Several prefixes are allowed by specifying a comma-separated list -# as in: "reseller_prefix = AUTH, SERVICE". The empty string indicates a -# single blank/empty prefix. If an empty prefix is required in a list of -# prefixes, a value of '' (two single quote characters) indicates a -# blank/empty prefix. Except for the blank/empty prefix, an underscore ('_') -# character is appended to the value unless already present. -# reseller_prefix = AUTH -# -# The user must have at least one role named by operator_roles on a -# project in order to create, delete and modify containers and objects -# and to set and read privileged headers such as ACLs. -# If there are several reseller prefix items, you can prefix the -# parameter so it applies only to those accounts (for example -# the parameter SERVICE_operator_roles applies to the /v1/SERVICE_<project> -# path). If you omit the prefix, the option applies to all reseller -# prefix items. For the blank/empty prefix, prefix with '' (do not put -# underscore after the two single quote characters). -# operator_roles = admin, swiftoperator -# -# The reseller admin role has the ability to create and delete accounts -# reseller_admin_role = ResellerAdmin -# -# This allows middleware higher in the WSGI pipeline to override auth -# processing, useful for middleware such as tempurl and formpost. If you know -# you're not going to use such middleware and you want a bit of extra security, -# you can set this to false. -# allow_overrides = true -# -# If the service_roles parameter is present, an X-Service-Token must be -# present in the request that when validated, grants at least one role listed -# in the parameter. The X-Service-Token may be scoped to any project. -# If there are several reseller prefix items, you can prefix the -# parameter so it applies only to those accounts (for example -# the parameter SERVICE_service_roles applies to the /v1/SERVICE_<project> -# path). If you omit the prefix, the option applies to all reseller -# prefix items. For the blank/empty prefix, prefix with '' (do not put -# underscore after the two single quote characters). -# By default, no service_roles are required. -# service_roles = -# -# For backwards compatibility, keystoneauth will match names in cross-tenant -# access control lists (ACLs) when both the requesting user and the tenant -# are in the default domain i.e the domain to which existing tenants are -# migrated. The default_domain_id value configured here should be the same as -# the value used during migration of tenants to keystone domains. -# default_domain_id = default -# -# For a new installation, or an installation in which keystone projects may -# move between domains, you should disable backwards compatible name matching -# in ACLs by setting allow_names_in_acls to false: -# allow_names_in_acls = true - -[filter:healthcheck] -use = egg:swift#healthcheck -# An optional filesystem path, which if present, will cause the healthcheck -# URL to return "503 Service Unavailable" with a body of "DISABLED BY FILE". -# This facility may be used to temporarily remove a Swift node from a load -# balancer pool during maintenance or upgrade (remove the file to allow the -# node back into the load balancer pool). -# disable_path = - -[filter:cache] -use = egg:swift#memcache -memcache_servers = {{ memcached_servers }} -# You can override the default log routing for this filter here: -# set log_name = cache -# set log_facility = LOG_LOCAL0 -# set log_level = INFO -# set log_headers = false -# set log_address = /dev/log -# -# If not set here, the value for memcache_servers will be read from -# memcache.conf (see memcache.conf-sample) or lacking that file, it will -# default to the value below. You can specify multiple servers separated with -# commas, as in: 10.1.2.3:11211,10.1.2.4:11211 (IPv6 addresses must -# follow rfc3986 section-3.2.2, i.e. [::1]:11211) -# memcache_servers = 127.0.0.1:11211 -# -# Sets how memcache values are serialized and deserialized: -# 0 = older, insecure pickle serialization -# 1 = json serialization but pickles can still be read (still insecure) -# 2 = json serialization only (secure and the default) -# If not set here, the value for memcache_serialization_support will be read -# from /etc/swift/memcache.conf (see memcache.conf-sample). -# To avoid an instant full cache flush, existing installations should -# upgrade with 0, then set to 1 and reload, then after some time (24 hours) -# set to 2 and reload. -# In the future, the ability to use pickle serialization will be removed. -# memcache_serialization_support = 2 -# -# Sets the maximum number of connections to each memcached server per worker -# memcache_max_connections = 2 -# -# More options documented in memcache.conf-sample - -[filter:ratelimit] -use = egg:swift#ratelimit -# You can override the default log routing for this filter here: -# set log_name = ratelimit -# set log_facility = LOG_LOCAL0 -# set log_level = INFO -# set log_headers = false -# set log_address = /dev/log -# -# clock_accuracy should represent how accurate the proxy servers' system clocks -# are with each other. 1000 means that all the proxies' clock are accurate to -# each other within 1 millisecond. No ratelimit should be higher than the -# clock accuracy. -# clock_accuracy = 1000 -# -# max_sleep_time_seconds = 60 -# -# log_sleep_time_seconds of 0 means disabled -# log_sleep_time_seconds = 0 -# -# allows for slow rates (e.g. running up to 5 sec's behind) to catch up. -# rate_buffer_seconds = 5 -# -# account_ratelimit of 0 means disabled -# account_ratelimit = 0 - -# DEPRECATED- these will continue to work but will be replaced -# by the X-Account-Sysmeta-Global-Write-Ratelimit flag. -# Please see ratelimiting docs for details. -# these are comma separated lists of account names -# account_whitelist = a,b -# account_blacklist = c,d - -# with container_limit_x = r -# for containers of size x limit write requests per second to r. The container -# rate will be linearly interpolated from the values given. With the values -# below, a container of size 5 will get a rate of 75. -# container_ratelimit_0 = 100 -# container_ratelimit_10 = 50 -# container_ratelimit_50 = 20 - -# Similarly to the above container-level write limits, the following will limit -# container GET (listing) requests. -# container_listing_ratelimit_0 = 100 -# container_listing_ratelimit_10 = 50 -# container_listing_ratelimit_50 = 20 - -[filter:domain_remap] -use = egg:swift#domain_remap -# You can override the default log routing for this filter here: -# set log_name = domain_remap -# set log_facility = LOG_LOCAL0 -# set log_level = INFO -# set log_headers = false -# set log_address = /dev/log -# -# storage_domain = example.com -# path_root = v1 - -# Browsers can convert a host header to lowercase, so check that reseller -# prefix on the account is the correct case. This is done by comparing the -# items in the reseller_prefixes config option to the found prefix. If they -# match except for case, the item from reseller_prefixes will be used -# instead of the found reseller prefix. When none match, the default reseller -# prefix is used. When no default reseller prefix is configured, any request -# with an account prefix not in that list will be ignored by this middleware. -# reseller_prefixes = AUTH -# default_reseller_prefix = - -[filter:catch_errors] -use = egg:swift#catch_errors -# You can override the default log routing for this filter here: -# set log_name = catch_errors -# set log_facility = LOG_LOCAL0 -# set log_level = INFO -# set log_headers = false -# set log_address = /dev/log - -[filter:cname_lookup] -# Note: this middleware requires python-dnspython -use = egg:swift#cname_lookup -# You can override the default log routing for this filter here: -# set log_name = cname_lookup -# set log_facility = LOG_LOCAL0 -# set log_level = INFO -# set log_headers = false -# set log_address = /dev/log -# -# Specify the storage_domain that match your cloud, multiple domains -# can be specified separated by a comma -# storage_domain = example.com -# -# lookup_depth = 1 - -# Note: Put staticweb just after your auth filter(s) in the pipeline -[filter:staticweb] -use = egg:swift#staticweb -# You can override the default log routing for this filter here: -# set log_name = staticweb -# set log_facility = LOG_LOCAL0 -# set log_level = INFO -# set log_headers = false -# set log_address = /dev/log - -# Note: Put tempurl before dlo, slo and your auth filter(s) in the pipeline -[filter:tempurl] -use = egg:swift#tempurl -# The methods allowed with Temp URLs. -# methods = GET HEAD PUT POST DELETE -# -# The headers to remove from incoming requests. Simply a whitespace delimited -# list of header names and names can optionally end with '*' to indicate a -# prefix match. incoming_allow_headers is a list of exceptions to these -# removals. -# incoming_remove_headers = x-timestamp -# -# The headers allowed as exceptions to incoming_remove_headers. Simply a -# whitespace delimited list of header names and names can optionally end with -# '*' to indicate a prefix match. -# incoming_allow_headers = -# -# The headers to remove from outgoing responses. Simply a whitespace delimited -# list of header names and names can optionally end with '*' to indicate a -# prefix match. outgoing_allow_headers is a list of exceptions to these -# removals. -# outgoing_remove_headers = x-object-meta-* -# -# The headers allowed as exceptions to outgoing_remove_headers. Simply a -# whitespace delimited list of header names and names can optionally end with -# '*' to indicate a prefix match. -# outgoing_allow_headers = x-object-meta-public-* - -# Note: Put formpost just before your auth filter(s) in the pipeline -[filter:formpost] -use = egg:swift#formpost - -# Note: Just needs to be placed before the proxy-server in the pipeline. -[filter:name_check] -use = egg:swift#name_check -# forbidden_chars = '"`<> -# maximum_length = 255 -# forbidden_regexp = /\./|/\.\./|/\.$|/\.\.$ - -[filter:list-endpoints] -use = egg:swift#list_endpoints -# list_endpoints_path = /endpoints/ - -[filter:proxy-logging] -use = egg:swift#proxy_logging -# If not set, logging directives from [DEFAULT] without "access_" will be used -# access_log_name = swift -# access_log_facility = LOG_LOCAL0 -# access_log_level = INFO -# access_log_address = /dev/log -# -# If set, access_log_udp_host will override access_log_address -# access_log_udp_host = -# access_log_udp_port = 514 -# -# You can use log_statsd_* from [DEFAULT] or override them here: -# access_log_statsd_host = -# access_log_statsd_port = 8125 -# access_log_statsd_default_sample_rate = 1.0 -# access_log_statsd_sample_rate_factor = 1.0 -# access_log_statsd_metric_prefix = -# access_log_headers = false -# -# If access_log_headers is True and access_log_headers_only is set only -# these headers are logged. Multiple headers can be defined as comma separated -# list like this: access_log_headers_only = Host, X-Object-Meta-Mtime -# access_log_headers_only = -# -# By default, the X-Auth-Token is logged. To obscure the value, -# set reveal_sensitive_prefix to the number of characters to log. -# For example, if set to 12, only the first 12 characters of the -# token appear in the log. An unauthorized access of the log file -# won't allow unauthorized usage of the token. However, the first -# 12 or so characters is unique enough that you can trace/debug -# token usage. Set to 0 to suppress the token completely (replaced -# by '...' in the log). -# Note: reveal_sensitive_prefix will not affect the value -# logged with access_log_headers=True. -# reveal_sensitive_prefix = 16 -# -# What HTTP methods are allowed for StatsD logging (comma-sep); request methods -# not in this list will have "BAD_METHOD" for the <verb> portion of the metric. -# log_statsd_valid_http_methods = GET,HEAD,POST,PUT,DELETE,COPY,OPTIONS -# -# Note: The double proxy-logging in the pipeline is not a mistake. The -# left-most proxy-logging is there to log requests that were handled in -# middleware and never made it through to the right-most middleware (and -# proxy server). Double logging is prevented for normal requests. See -# proxy-logging docs. - -# Note: Put before both ratelimit and auth in the pipeline. -[filter:bulk] -use = egg:swift#bulk -# max_containers_per_extraction = 10000 -# max_failed_extractions = 1000 -# max_deletes_per_request = 10000 -# max_failed_deletes = 1000 - -# In order to keep a connection active during a potentially long bulk request, -# Swift may return whitespace prepended to the actual response body. This -# whitespace will be yielded no more than every yield_frequency seconds. -# yield_frequency = 10 - -# Note: The following parameter is used during a bulk delete of objects and -# their container. This would frequently fail because it is very likely -# that all replicated objects have not been deleted by the time the middleware got a -# successful response. It can be configured the number of retries. And the -# number of seconds to wait between each retry will be 1.5**retry - -# delete_container_retry_count = 0 - -# Note: Put after auth and staticweb in the pipeline. -[filter:slo] -use = egg:swift#slo -# max_manifest_segments = 1000 -# max_manifest_size = 2097152 -# -# Rate limiting applies only to segments smaller than this size (bytes). -# rate_limit_under_size = 1048576 -# -# Start rate-limiting SLO segment serving after the Nth small segment of a -# segmented object. -# rate_limit_after_segment = 10 -# -# Once segment rate-limiting kicks in for an object, limit segments served -# to N per second. 0 means no rate-limiting. -# rate_limit_segments_per_sec = 1 -# -# Time limit on GET requests (seconds) -# max_get_time = 86400 - -# Note: Put after auth and staticweb in the pipeline. -# If you don't put it in the pipeline, it will be inserted for you. -[filter:dlo] -use = egg:swift#dlo -# Start rate-limiting DLO segment serving after the Nth segment of a -# segmented object. -# rate_limit_after_segment = 10 -# -# Once segment rate-limiting kicks in for an object, limit segments served -# to N per second. 0 means no rate-limiting. -# rate_limit_segments_per_sec = 1 -# -# Time limit on GET requests (seconds) -# max_get_time = 86400 - -# Note: Put after auth in the pipeline. -[filter:container-quotas] -use = egg:swift#container_quotas - -# Note: Put after auth in the pipeline. -[filter:account-quotas] -use = egg:swift#account_quotas - -[filter:gatekeeper] -use = egg:swift#gatekeeper -# Set this to false if you want to allow clients to set arbitrary X-Timestamps -# on uploaded objects. This may be used to preserve timestamps when migrating -# from a previous storage system, but risks allowing users to upload -# difficult-to-delete data. -# shunt_inbound_x_timestamp = true -# -# You can override the default log routing for this filter here: -# set log_name = gatekeeper -# set log_facility = LOG_LOCAL0 -# set log_level = INFO -# set log_headers = false -# set log_address = /dev/log - -[filter:container_sync] -use = egg:swift#container_sync -# Set this to false if you want to disallow any full url values to be set for -# any new X-Container-Sync-To headers. This will keep any new full urls from -# coming in, but won't change any existing values already in the cluster. -# Updating those will have to be done manually, as knowing what the true realm -# endpoint should be cannot always be guessed. -# allow_full_urls = true -# Set this to specify this clusters //realm/cluster as "current" in /info -# current = //REALM/CLUSTER - -# Note: Put it at the beginning of the pipeline to profile all middleware. But -# it is safer to put this after catch_errors, gatekeeper and healthcheck. -[filter:xprofile] -use = egg:swift#xprofile -# This option enable you to switch profilers which should inherit from python -# standard profiler. Currently the supported value can be 'cProfile', -# 'eventlet.green.profile' etc. -# profile_module = eventlet.green.profile -# -# This prefix will be used to combine process ID and timestamp to name the -# profile data file. Make sure the executing user has permission to write -# into this path (missing path segments will be created, if necessary). -# If you enable profiling in more than one type of daemon, you must override -# it with an unique value like: /var/log/swift/profile/proxy.profile -# log_filename_prefix = /tmp/log/swift/profile/default.profile -# -# the profile data will be dumped to local disk based on above naming rule -# in this interval. -# dump_interval = 5.0 -# -# Be careful, this option will enable profiler to dump data into the file with -# time stamp which means there will be lots of files piled up in the directory. -# dump_timestamp = false -# -# This is the path of the URL to access the mini web UI. -# path = /__profile__ -# -# Clear the data when the wsgi server shutdown. -# flush_at_shutdown = false -# -# unwind the iterator of applications -# unwind = false - -# Note: Put after slo, dlo in the pipeline. -# If you don't put it in the pipeline, it will be inserted automatically. -[filter:versioned_writes] -use = egg:swift#versioned_writes -# Enables using versioned writes middleware and exposing configuration -# settings via HTTP GET /info. -# WARNING: Setting this option bypasses the "allow_versions" option -# in the container configuration file, which will be eventually -# deprecated. See documentation for more details. -# allow_versioned_writes = false - - -[filter:moon] -paste.filter_factory = keystonemiddleware.moon_agent:filter_factory -authz_login=admin -authz_password={{ ADMIN_PASS }} -auth_host = {{ internal_vip.ip }} -logfile=/var/log/moon/keystonemiddleware.log diff --git a/deploy/adapters/ansible/roles/moon/templates/wsgi-keystone.conf.j2 b/deploy/adapters/ansible/roles/moon/templates/wsgi-keystone.conf.j2 deleted file mode 100644 index 64d864af..00000000 --- a/deploy/adapters/ansible/roles/moon/templates/wsgi-keystone.conf.j2 +++ /dev/null @@ -1,46 +0,0 @@ - {% set work_threads = (ansible_processor_vcpus + 1) // 2 %} -<VirtualHost {{ internal_ip }}:5000> - WSGIDaemonProcess keystone-public processes={{ work_threads }} threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP} - WSGIProcessGroup keystone-public - WSGIScriptAlias / /usr/bin/keystone-wsgi-public - WSGIApplicationGroup %{GLOBAL} - WSGIPassAuthorization On - <IfVersion >= 2.4> - ErrorLogFormat "%{cu}t %M" - </IfVersion> - ErrorLog /var/log/{{ http_service_name }}/keystone.log - CustomLog /var/log/{{ http_service_name }}/keystone_access.log combined - - <Directory /usr/bin> - <IfVersion >= 2.4> - Require all granted - </IfVersion> - <IfVersion < 2.4> - Order allow,deny - Allow from all - </IfVersion> - </Directory> -</VirtualHost> - -<VirtualHost {{ internal_ip }}:35357> - WSGIDaemonProcess keystone-admin processes={{ work_threads }} threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP} - WSGIProcessGroup keystone-admin - WSGIScriptAlias / /usr/bin/keystone-wsgi-admin - WSGIApplicationGroup %{GLOBAL} - WSGIPassAuthorization On - <IfVersion >= 2.4> - ErrorLogFormat "%{cu}t %M" - </IfVersion> - ErrorLog /var/log/{{ http_service_name }}/keystone.log - CustomLog /var/log/{{ http_service_name }}/keystone_access.log combined - - <Directory /usr/bin> - <IfVersion >= 2.4> - Require all granted - </IfVersion> - <IfVersion < 2.4> - Order allow,deny - Allow from all - </IfVersion> - </Directory> -</VirtualHost> diff --git a/deploy/adapters/ansible/roles/moon/vars/Debian.yml b/deploy/adapters/ansible/roles/moon/vars/Debian.yml deleted file mode 100644 index 0da81179..00000000 --- a/deploy/adapters/ansible/roles/moon/vars/Debian.yml +++ /dev/null @@ -1,168 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- - -packages: - - adduser - - dbconfig-common - - init-system-helpers - - python-keystone - - q-text-as-data - - sqlite3 - - ssl-cert - - debconf - - lsb-base - - python:any - - libjs-sphinxdoc - - python-pip - - unzip - - apache2 - - libapache2-mod-wsgi - -dependency_packages: - - python-cryptography - - python-dateutil - - python-dogpile.cache - - python-eventlet - - python-greenlet - - python-jsonschema - - python-keystoneclient - - python-keystonemiddleware - - python-ldap - - python-ldappool - - python-lxml - - python-memcache - - python-migrate - - python-msgpack - - python-mysqldb - - python-oauthlib - - python-openstackclient - - python-oslo.cache - - python-oslo.concurrency - - python-oslo.config - - python-oslo.context - - python-oslo.db - - python-oslo.i18n - - python-oslo.log - - python-oslo.messaging - - python-oslo.middleware - - python-oslo.policy - - python-oslo.serialization - - python-oslo.service - - python-oslo.utils - - python-pam - - python-passlib - - python-paste - - python-pastedeploy - - python-pbr - - python-pycadf - - python-pymysql - - python-pysaml2 - - python-pysqlite2 - - python-routes - - python-six - - python-sqlalchemy - - python-stevedore - - python-webob - - unzip - - python3-keystoneauth1 - - python3-keystoneclient - - python3-oslo.config - - python3-oslo.context - - python3-oslo.i18n - - python3-oslo.serialization - - python-oslo.service - - python-oslo.utils - - python-pam - - python-passlib - - python-paste - - python-pastedeploy - - python-pbr - - python-pycadf - - python-pymysql - - python-pysaml2 - - python-pysqlite2 - - python-routes - - python-six - - python-sqlalchemy - - python-stevedore - - python-webob - - unzip - - python3-keystoneauth1 - - python3-keystoneclient - - python3-oslo.config - - python3-oslo.context - - python3-oslo.i18n - - python3-oslo.serialization - - python3-oslo.utils - - apache2 - - libapache2-mod-wsgi - - python3-cryptography - - python3-dateutil - - python3-dogpile.cache - - python3-eventlet - - python3-greenlet - - python3-jsonschema - - python3-keystoneclient - - python3-keystonemiddleware - - python3-lxml - - python3-memcache - - python3-migrate - - python3-msgpack - - python3-mysqldb - - python3-oauthlib - - python3-openstackclient - - python3-oslo.cache - - python3-oslo.concurrency - - python3-oslo.config - - python3-oslo.context - - python3-oslo.db - - python3-oslo.i18n - - python3-oslo.log - - python3-oslo.messaging - - python3-oslo.middleware - - python3-oslo.policy - - python3-oslo.serialization - - python3-oslo.service - - python3-oslo.utils - - python3-pam - - python3-passlib - - python3-paste - - python3-pastedeploy - - python3-pbr - - python3-pycadf - - python3-pymysql - - python3-pysaml2 - - python3-routes - - python3-six - - python3-sqlalchemy - - python3-stevedore - - python3-webob - - python3-oslo.service - - python3-oslo.utils - - python3-pam - - python3-passlib - - python3-paste - - python3-pastedeploy - - python3-pbr - - python3-pycadf - - python3-pymysql - - python3-pysaml2 - - python3-routes - - python3-six - - python3-sqlalchemy - - python3-stevedore - - python3-webob - -services: - - apache2 - - -apache_config_dir: /etc/apache2 -http_service_name: apache2 diff --git a/deploy/adapters/ansible/roles/moon/vars/main.yml b/deploy/adapters/ansible/roles/moon/vars/main.yml deleted file mode 100644 index 6793c189..00000000 --- a/deploy/adapters/ansible/roles/moon/vars/main.yml +++ /dev/null @@ -1,165 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages_noarch: [] - -services_noarch: [] - -os_services: - - name: keystone - type: identity - region: RegionOne - description: "OpenStack Identity" - publicurl: "http://{{ public_vip.ip }}:5000/v2.0" - internalurl: "http://{{ internal_vip.ip }}:5000/v2.0" - adminurl: "http://{{ internal_vip.ip }}:35357/v2.0" - - - name: glance - type: image - region: RegionOne - description: "OpenStack Image Service" - publicurl: "http://{{ public_vip.ip }}:9292" - internalurl: "http://{{ internal_vip.ip }}:9292" - adminurl: "http://{{ internal_vip.ip }}:9292" - - - name: nova - type: compute - region: RegionOne - description: "OpenStack Compute" - publicurl: "http://{{ public_vip.ip }}:8774/v2/%(tenant_id)s" - internalurl: "http://{{ internal_vip.ip }}:8774/v2/%(tenant_id)s" - adminurl: "http://{{ internal_vip.ip }}:8774/v2/%(tenant_id)s" - - - name: neutron - type: network - region: RegionOne - description: "OpenStack Networking" - publicurl: "http://{{ public_vip.ip }}:9696" - internalurl: "http://{{ internal_vip.ip }}:9696" - adminurl: "http://{{ internal_vip.ip }}:9696" - - - name: ceilometer - type: metering - region: RegionOne - description: "OpenStack Telemetry" - publicurl: "http://{{ public_vip.ip }}:8777" - internalurl: "http://{{ internal_vip.ip }}:8777" - adminurl: "http://{{ internal_vip.ip }}:8777" - - - name: aodh - type: alarming - region: RegionOne - description: "OpenStack Telemetry" - publicurl: "http://{{ public_vip.ip }}:8042" - internalurl: "http://{{ internal_vip.ip }}:8042" - adminurl: "http://{{ internal_vip.ip }}:8042" - - - name: heat - type: orchestration - region: RegionOne - description: "OpenStack Orchestration" - publicurl: "http://{{ public_vip.ip }}:8004/v1/%(tenant_id)s" - internalurl: "http://{{ internal_vip.ip }}:8004/v1/%(tenant_id)s" - adminurl: "http://{{ internal_vip.ip }}:8004/v1/%(tenant_id)s" - - - name: heat-cfn - type: cloudformation - region: RegionOne - description: "OpenStack CloudFormation Orchestration" - publicurl: "http://{{ public_vip.ip }}:8000/v1" - internalurl: "http://{{ internal_vip.ip }}:8000/v1" - adminurl: "http://{{ internal_vip.ip }}:8000/v1" - -# - name: cinder -# type: volume -# region: RegionOne -# description: "OpenStack Block Storage" -# publicurl: "http://{{ public_vip.ip }}:8776/v1/%(tenant_id)s" -# internalurl: "http://{{ internal_vip.ip }}:8776/v1/%(tenant_id)s" -# adminurl: "http://{{ internal_vip.ip }}:8776/v1/%(tenant_id)s" - -# - name: cinderv2 -# type: volumev2 -# region: RegionOne -# description: "OpenStack Block Storage v2" -# publicurl: "http://{{ public_vip.ip }}:8776/v2/%(tenant_id)s" -# internalurl: "http://{{ internal_vip.ip }}:8776/v2/%(tenant_id)s" -# adminurl: "http://{{ internal_vip.ip }}:8776/v2/%(tenant_id)s" - -# - name: swift -# type: object-store -# region: RegionOne -# description: "OpenStack Object Storage" -# publicurl: "http://{{ public_vip.ip }}:8080/v1/AUTH_%(tenant_id)s" -# internalurl: "http://{{ internal_vip.ip }}:8080/v1/AUTH_%(tenant_id)s" -# adminurl: "http://{{ internal_vip.ip }}:8080/v1/AUTH_%(tenant_id)s" - -os_users: - - user: admin - password: "{{ ADMIN_PASS }}" - email: admin@admin.com - role: admin - tenant: admin - tenant_description: "Admin Tenant" - - - user: glance - password: "{{ GLANCE_PASS }}" - email: glance@admin.com - role: admin - tenant: service - tenant_description: "Service Tenant" - - - user: nova - password: "{{ NOVA_PASS }}" - email: nova@admin.com - role: admin - tenant: service - tenant_description: "Service Tenant" - - - user: keystone - password: "{{ KEYSTONE_PASS }}" - email: keystone@admin.com - role: admin - tenant: service - tenant_description: "Service Tenant" - - - user: neutron - password: "{{ NEUTRON_PASS }}" - email: neutron@admin.com - role: admin - tenant: service - tenant_description: "Service Tenant" - - - user: ceilometer - password: "{{ CEILOMETER_PASS }}" - email: ceilometer@admin.com - role: admin - tenant: service - tenant_description: "Service Tenant" - - - user: cinder - password: "{{ CINDER_PASS }}" - email: cinder@admin.com - role: admin - tenant: service - tenant_description: "Service Tenant" - - - user: heat - password: "{{ HEAT_PASS }}" - email: heat@admin.com - role: admin - tenant: service - tenant_description: "Service Tenant" - - - user: demo - password: "" - email: heat@demo.com - role: heat_stack_user - tenant: demo - tenant_description: "Demo Tenant" diff --git a/deploy/adapters/ansible/roles/mq/tasks/rabbitmq_cluster.yml b/deploy/adapters/ansible/roles/mq/tasks/rabbitmq_cluster.yml deleted file mode 100644 index b67df280..00000000 --- a/deploy/adapters/ansible/roles/mq/tasks/rabbitmq_cluster.yml +++ /dev/null @@ -1,37 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: check if i in the node list - shell: | - rabbitmqctl -q cluster_status | grep '\[{nodes,' \ - | grep {{ inventory_hostname }} - changed_when: is_member.rc != 0 - failed_when: false - register: is_member - delegate_to: '{{ haproxy_hosts.keys()[0] }}' - -- name: stop rabbitmq app - shell: | - rabbitmqctl stop_app; sleep 5 - failed_when: false - when: is_member.rc != 0 - -- name: join cluster - shell: rabbitmqctl join_cluster rabbit@{{ haproxy_hosts.keys()[0] }} - register: join_result - when: is_member.rc != 0 - until: join_result|success - failed_when: join_result|failed and not 'already_member' in join_result.stderr - changed_when: join_result|success - retries: 20 - delay: 3 - -- name: start rabbitmq app - shell: rabbitmqctl start_app - when: is_member.rc != 0 diff --git a/deploy/adapters/ansible/roles/mq/tasks/rabbitmq_config.yml b/deploy/adapters/ansible/roles/mq/tasks/rabbitmq_config.yml deleted file mode 100644 index e26b81b4..00000000 --- a/deploy/adapters/ansible/roles/mq/tasks/rabbitmq_config.yml +++ /dev/null @@ -1,23 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: remove default guest user is removed - rabbitmq_user: - user: guest - state: absent - -- name: add rabbitmq user - rabbitmq_user: - user='{{ RABBIT_USER }}' - password='{{ RABBIT_PASS }}' - vhost=/ - configure_priv=.* - write_priv=.* - read_priv=.* - state=present diff --git a/deploy/adapters/ansible/roles/mq/tasks/rabbitmq_install.yml b/deploy/adapters/ansible/roles/mq/tasks/rabbitmq_install.yml deleted file mode 100755 index 01a92efd..00000000 --- a/deploy/adapters/ansible/roles/mq/tasks/rabbitmq_install.yml +++ /dev/null @@ -1,91 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: create rabbitmq directory - file: path=/etc/rabbitmq state=directory mode=0755 - -- name: disable auto start - copy: - content: "#!/bin/sh\nexit 101" - dest: "/usr/sbin/policy-rc.d" - mode: 0755 - when: ansible_os_family == "Debian" - -- name: install rabbitmq-server - action: "{{ ansible_pkg_mgr }} name=rabbitmq-server state=present" - with_items: "{{ packages | union(packages_noarch) }}" - -- name: enable auto start - file: - path=/usr/sbin/policy-rc.d - state=absent - when: ansible_os_family == "Debian" - -- name: make sure rabbitmq-server stopped - service: - name: rabbitmq-server - state: stopped - enabled: "yes" - -- name: replace cookie - copy: - content: "{{ ERLANG_TOKEN }}" - dest: /var/lib/rabbitmq/.erlang.cookie - mode: 0400 - owner: rabbitmq - group: rabbitmq - -- name: replace config - copy: - content: "RABBITMQ_NODE_IP_ADDRESS={{ internal_ip }}" - dest: /etc/rabbitmq/rabbitmq-env.conf - mode: 0400 - owner: rabbitmq - group: rabbitmq - -- name: set open file limit for rabbitmq - copy: - content: "ulimit -n 65536" - dest: /etc/default/rabbitmq-server - mode: 0400 - owner: rabbitmq - group: rabbitmq - -- name: restart rabbitmq-server - service: - name: rabbitmq-server - state: restarted - -- name: enable queue mirroring - rabbitmq_policy: - name: "ha-all" - pattern: '^(?!amq\.).*' - tags: "ha-mode=all" - -- name: get cluster name - shell: | - rabbitmqctl cluster_status | grep -w '<<"compass">>' - register: cluster_status - failed_when: false - changed_when: cluster_status.rc != 0 - when: | - inventory_hostname == haproxy_hosts.keys()[0] - -- name: set cluster name - shell: rabbitmqctl set_cluster_name compass - when: | - inventory_hostname == haproxy_hosts.keys()[0] - and cluster_status.rc != 0 - -- include: rabbitmq_cluster.yml - when: inventory_hostname != haproxy_hosts.keys()[0] - -- name: generate mq service list - shell: echo {{ item }} >> /opt/service - with_items: "{{ services_noarch }}" diff --git a/deploy/adapters/ansible/roles/mq/templates/.erlang.cookie b/deploy/adapters/ansible/roles/mq/templates/.erlang.cookie deleted file mode 100644 index cadcfaf3..00000000 --- a/deploy/adapters/ansible/roles/mq/templates/.erlang.cookie +++ /dev/null @@ -1 +0,0 @@ -{{ ERLANG_TOKEN }} diff --git a/deploy/adapters/ansible/roles/mq/templates/rabbitmq-env.conf b/deploy/adapters/ansible/roles/mq/templates/rabbitmq-env.conf deleted file mode 100644 index 377c89d7..00000000 --- a/deploy/adapters/ansible/roles/mq/templates/rabbitmq-env.conf +++ /dev/null @@ -1 +0,0 @@ -RABBITMQ_NODE_IP_ADDRESS={{ internal_vip.ip }} diff --git a/deploy/adapters/ansible/roles/mq/vars/Debian.yml b/deploy/adapters/ansible/roles/mq/vars/Debian.yml deleted file mode 100644 index b9f46bdf..00000000 --- a/deploy/adapters/ansible/roles/mq/vars/Debian.yml +++ /dev/null @@ -1,11 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -services: [] -packages: [] diff --git a/deploy/adapters/ansible/roles/mq/vars/RedHat.yml b/deploy/adapters/ansible/roles/mq/vars/RedHat.yml deleted file mode 100644 index b9f46bdf..00000000 --- a/deploy/adapters/ansible/roles/mq/vars/RedHat.yml +++ /dev/null @@ -1,11 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -services: [] -packages: [] diff --git a/deploy/adapters/ansible/roles/mq/vars/main.yml b/deploy/adapters/ansible/roles/mq/vars/main.yml deleted file mode 100644 index 35c499d5..00000000 --- a/deploy/adapters/ansible/roles/mq/vars/main.yml +++ /dev/null @@ -1,14 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages_noarch: - - rabbitmq-server - -services_noarch: - - rabbitmq-server diff --git a/deploy/adapters/ansible/roles/neutron-common/handlers/main.yml b/deploy/adapters/ansible/roles/neutron-common/handlers/main.yml deleted file mode 100644 index fcb7e1cb..00000000 --- a/deploy/adapters/ansible/roles/neutron-common/handlers/main.yml +++ /dev/null @@ -1,12 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: restart neutron-plugin-openvswitch-agent - service: name={{ neutron_plugin_openvswitch_agent_services }} - state=restarted enabled=yes diff --git a/deploy/adapters/ansible/roles/neutron-compute/defaults/main.yml b/deploy/adapters/ansible/roles/neutron-compute/defaults/main.yml deleted file mode 100644 index d760b4e6..00000000 --- a/deploy/adapters/ansible/roles/neutron-compute/defaults/main.yml +++ /dev/null @@ -1,9 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- diff --git a/deploy/adapters/ansible/roles/neutron-compute/handlers/main.yml b/deploy/adapters/ansible/roles/neutron-compute/handlers/main.yml deleted file mode 100644 index 1e2ad35d..00000000 --- a/deploy/adapters/ansible/roles/neutron-compute/handlers/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: restart neutron compute service - service: name={{ item }} state=restarted enabled=yes - with_items: "{{ services | union(services_noarch) }}" - -- name: restart nova-compute services - service: name={{ nova_compute_service }} state=restarted enabled=yes diff --git a/deploy/adapters/ansible/roles/neutron-compute/tasks/main.yml b/deploy/adapters/ansible/roles/neutron-compute/tasks/main.yml deleted file mode 100644 index 2f3d6491..00000000 --- a/deploy/adapters/ansible/roles/neutron-compute/tasks/main.yml +++ /dev/null @@ -1,83 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - -- name: activate ipv4 forwarding - sysctl: name=net.ipv4.ip_forward value=1 - state=present reload=yes - -- name: deactivate ipv4 rp filter - sysctl: name=net.ipv4.conf.all.rp_filter value=0 - state=present reload=yes - -- name: deactivate ipv4 default rp filter - sysctl: name=net.ipv4.conf.default.rp_filter - value=0 state=present reload=yes - -- name: disable auto start - copy: - content: "#!/bin/sh\nexit 101" - dest: "/usr/sbin/policy-rc.d" - mode: 0755 - when: ansible_os_family == "Debian" - -- name: install compute-related neutron packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: "{{ packages | union(packages_noarch) }}" - -- name: enable auto start - file: - path=/usr/sbin/policy-rc.d - state=absent - when: ansible_os_family == "Debian" - -- name: fix openstack neutron plugin config file - shell: | - sed -i 's,plugins/ml2/openvswitch_agent.ini,plugin.ini,g' \ - /usr/lib/systemd/system/neutron-openvswitch-agent.service - systemctl daemon-reload - when: ansible_os_family == 'RedHat' - -- name: fix openstack neutron plugin config file ubuntu - shell: | - sed -i 's,plugins/ml2/openvswitch_agent.ini,plugin.ini,g' \ - /etc/init/neutron-openvswitch-agent.conf - sed -i 's,plugins/ml2/openvswitch_agent.ini,plugin.ini,g' \ - /etc/init.d/neutron-openvswitch-agent - when: ansible_os_family == "Debian" - -- name: generate neutron compute service list - lineinfile: dest=/opt/service create=yes line='{{ item }}' - with_items: "{{ services | union(services_noarch) }}" - -- name: config ml2 plugin - template: src=templates/ml2_conf.ini - dest=/etc/neutron/plugins/ml2/ml2_conf.ini - backup=yes - -- name: ln plugin.ini - file: - src: /etc/neutron/plugins/ml2/ml2_conf.ini - dest: /etc/neutron/plugin.ini - state: link - -- name: config neutron - template: - src: neutron.conf - dest: /etc/neutron/neutron.conf - backup: "yes" - notify: - - restart neutron compute service - - restart nova-compute services - -- meta: flush_handlers - -- include: ../../neutron-network/tasks/odl.yml - when: "'opendaylight' in {{ NEUTRON_MECHANISM_DRIVERS | to_json }}" diff --git a/deploy/adapters/ansible/roles/neutron-compute/templates/dhcp_agent.ini b/deploy/adapters/ansible/roles/neutron-compute/templates/dhcp_agent.ini deleted file mode 100644 index 19eb62ec..00000000 --- a/deploy/adapters/ansible/roles/neutron-compute/templates/dhcp_agent.ini +++ /dev/null @@ -1,90 +0,0 @@ -[DEFAULT] -# Show debugging output in log (sets DEBUG log level output) -# debug = False -verbose = True - -# The DHCP agent will resync its state with Neutron to recover from any -# transient notification or rpc errors. The interval is number of -# seconds between attempts. -resync_interval = 5 - -# The DHCP agent requires an interface driver be set. Choose the one that best -# matches your plugin. -# interface_driver = - -# Example of interface_driver option for OVS based plugins(OVS, Ryu, NEC, NVP, -# BigSwitch/Floodlight) -interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver - -# Name of Open vSwitch bridge to use -# ovs_integration_bridge = br-int - -# Use veth for an OVS interface or not. -# Support kernels with limited namespace support -# (e.g. RHEL 6.5) so long as ovs_use_veth is set to True. -ovs_use_veth = False - -# Example of interface_driver option for LinuxBridge -# interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver - -# The agent can use other DHCP drivers. Dnsmasq is the simplest and requires -# no additional setup of the DHCP server. -dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq - -# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and -# iproute2 package that supports namespaces). -use_namespaces = True - -# The DHCP server can assist with providing metadata support on isolated -# networks. Setting this value to True will cause the DHCP server to append -# specific host routes to the DHCP request. The metadata service will only -# be activated when the subnet does not contain any router port. The guest -# instance must be configured to request host routes via DHCP (Option 121). -enable_isolated_metadata = False - -# Allows for serving metadata requests coming from a dedicated metadata -# access network whose cidr is 169.254.169.254/16 (or larger prefix), and -# is connected to a Neutron router from which the VMs send metadata -# request. In this case DHCP Option 121 will not be injected in VMs, as -# they will be able to reach 169.254.169.254 through a router. -# This option requires enable_isolated_metadata = True -enable_metadata_network = False - -# Number of threads to use during sync process. Should not exceed connection -# pool size configured on server. -# num_sync_threads = 4 - -# Location to store DHCP server config files -# dhcp_confs = $state_path/dhcp - -# Domain to use for building the hostnames -dhcp_domain = openstacklocal - -# Override the default dnsmasq settings with this file -# dnsmasq_config_file = -dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf - -# Comma-separated list of DNS servers which will be used by dnsmasq -# as forwarders. -# dnsmasq_dns_servers = - -# Limit number of leases to prevent a denial-of-service. -dnsmasq_lease_max = 16777216 - -# Location to DHCP lease relay UNIX domain socket -# dhcp_lease_relay_socket = $state_path/dhcp/lease_relay - -# Location of Metadata Proxy UNIX domain socket -# metadata_proxy_socket = $state_path/metadata_proxy - -# dhcp_delete_namespaces, which is false by default, can be set to True if -# namespaces can be deleted cleanly on the host running the dhcp agent. -# Do not enable this until you understand the problem with the Linux iproute -# utility mentioned in https://bugs.launchpad.net/neutron/+bug/1052535 and -# you are sure that your version of iproute does not suffer from the problem. -# If True, namespaces will be deleted when a dhcp server is disabled. -# dhcp_delete_namespaces = False - -# Timeout for ovs-vsctl commands. -# If the timeout expires, ovs commands will fail with ALARMCLOCK error. -# ovs_vsctl_timeout = 10 diff --git a/deploy/adapters/ansible/roles/neutron-compute/templates/etc/xorp/config.boot b/deploy/adapters/ansible/roles/neutron-compute/templates/etc/xorp/config.boot deleted file mode 100644 index 32caf96d..00000000 --- a/deploy/adapters/ansible/roles/neutron-compute/templates/etc/xorp/config.boot +++ /dev/null @@ -1,25 +0,0 @@ -interfaces { - restore-original-config-on-shutdown: false - interface {{ hostvars[inventory_hostname][neutron_vxlan_interface|default(internal_interface)]['device'] }} { - description: "Internal pNodes interface" - disable: false - default-system-config - } -} - -protocols { - igmp { - disable: false - interface {{ hostvars[inventory_hostname][neutron_vxlan_interface|default(internal_interface)]['device'] }} { - vif {{ hostvars[inventory_hostname][neutron_vxlan_interface|default(internal_interface)]['device'] }} { - disable: false - version: 3 - } - } - traceoptions { - flag all { - disable: false - } - } - } -} diff --git a/deploy/adapters/ansible/roles/neutron-compute/templates/l3_agent.ini b/deploy/adapters/ansible/roles/neutron-compute/templates/l3_agent.ini deleted file mode 100644 index 5f499348..00000000 --- a/deploy/adapters/ansible/roles/neutron-compute/templates/l3_agent.ini +++ /dev/null @@ -1,81 +0,0 @@ -[DEFAULT] -# Show debugging output in log (sets DEBUG log level output) -# debug = False -verbose = True - -# L3 requires that an interface driver be set. Choose the one that best -# matches your plugin. -# interface_driver = - -# Example of interface_driver option for OVS based plugins (OVS, Ryu, NEC) -# that supports L3 agent -# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver -interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver - -# Use veth for an OVS interface or not. -# Support kernels with limited namespace support -# (e.g. RHEL 6.5) so long as ovs_use_veth is set to True. -# ovs_use_veth = False - -# Example of interface_driver option for LinuxBridge -# interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver - -# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and -# iproute2 package that supports namespaces). -use_namespaces = True - -# If use_namespaces is set as False then the agent can only configure one router. - -# This is done by setting the specific router_id. -# router_id = - -# When external_network_bridge is set, each L3 agent can be associated -# with no more than one external network. This value should be set to the UUID -# of that external network. To allow L3 agent support multiple external -# networks, both the external_network_bridge and gateway_external_network_id -# must be left empty. -# gateway_external_network_id = - -# Indicates that this L3 agent should also handle routers that do not have -# an external network gateway configured. This option should be True only -# for a single agent in a Neutron deployment, and may be False for all agents -# if all routers must have an external network gateway -handle_internal_only_routers = True - -# Name of bridge used for external network traffic. This should be set to -# empty value for the linux bridge. when this parameter is set, each L3 agent -# can be associated with no more than one external network. -external_network_bridge = - -# TCP Port used by Neutron metadata server -metadata_port = 9697 - -# Send this many gratuitous ARPs for HA setup. Set it below or equal to 0 -# to disable this feature. -send_arp_for_ha = 3 - -# seconds between re-sync routers' data if needed -periodic_interval = 40 - -# seconds to start to sync routers' data after -# starting agent -periodic_fuzzy_delay = 5 - -# enable_metadata_proxy, which is true by default, can be set to False -# if the Nova metadata server is not available -# enable_metadata_proxy = True - -# Location of Metadata Proxy UNIX domain socket -# metadata_proxy_socket = $state_path/metadata_proxy - -# router_delete_namespaces, which is false by default, can be set to True if -# namespaces can be deleted cleanly on the host running the L3 agent. -# Do not enable this until you understand the problem with the Linux iproute -# utility mentioned in https://bugs.launchpad.net/neutron/+bug/1052535 and -# you are sure that your version of iproute does not suffer from the problem. -# If True, namespaces will be deleted when a router is destroyed. -# router_delete_namespaces = False - -# Timeout for ovs-vsctl commands. -# If the timeout expires, ovs commands will fail with ALARMCLOCK error. -# ovs_vsctl_timeout = 10 diff --git a/deploy/adapters/ansible/roles/neutron-compute/templates/metadata_agent.ini b/deploy/adapters/ansible/roles/neutron-compute/templates/metadata_agent.ini deleted file mode 100644 index 994f0a63..00000000 --- a/deploy/adapters/ansible/roles/neutron-compute/templates/metadata_agent.ini +++ /dev/null @@ -1,46 +0,0 @@ -[DEFAULT] -# Show debugging output in log (sets DEBUG log level output) -debug = True - -# The Neutron user information for accessing the Neutron API. -auth_url = http://{{ internal_vip.ip }}:5000/v3 -auth_region = RegionOne -# Turn off verification of the certificate for ssl -# auth_insecure = False -# Certificate Authority public key (CA cert) file for ssl -# auth_ca_cert = -admin_tenant_name = service -admin_user = neutron -admin_password = {{ NEUTRON_PASS }} - -# Network service endpoint type to pull from the keystone catalog -# endpoint_type = adminURL - -# IP address used by Nova metadata server -nova_metadata_ip = {{ internal_vip.ip }} - -# TCP Port used by Nova metadata server -nova_metadata_port = 8775 - -# When proxying metadata requests, Neutron signs the Instance-ID header with a -# shared secret to prevent spoofing. You may select any string for a secret, -# but it must match here and in the configuration used by the Nova Metadata -# Server. NOTE: Nova uses a different key: neutron_metadata_proxy_shared_secret -metadata_proxy_shared_secret = {{ METADATA_SECRET }} - -# Location of Metadata Proxy UNIX domain socket -# metadata_proxy_socket = $state_path/metadata_proxy - -# Number of separate worker processes for metadata server -# metadata_workers = 0 - -# Number of backlog requests to configure the metadata server socket with -# metadata_backlog = 128 - -# URL to connect to the cache backend. -# Example of URL using memory caching backend -# with ttl set to 5 seconds: cache_url = memory://?default_ttl=5 -# default_ttl=0 parameter will cause cache entries to never expire. -# Otherwise default_ttl specifies time in seconds a cache entry is valid for. -# No cache is used in case no value is passed. -# cache_url = diff --git a/deploy/adapters/ansible/roles/neutron-compute/templates/neutron.conf b/deploy/adapters/ansible/roles/neutron-compute/templates/neutron.conf deleted file mode 100644 index d74435fe..00000000 --- a/deploy/adapters/ansible/roles/neutron-compute/templates/neutron.conf +++ /dev/null @@ -1,107 +0,0 @@ -[DEFAULT] -verbose = {{ VERBOSE }} -debug = {{ VERBOSE }} -state_path = /var/lib/neutron -notify_nova_on_port_status_changes = True -notify_nova_on_port_data_changes = True -log_dir = /var/log/neutron -bind_host = {{ network_server_host }} -bind_port = 9696 -core_plugin = ml2 -service_plugins = router -api_paste_config = api-paste.ini -auth_strategy = keystone -dhcp_lease_duration = 86400 -allow_overlapping_ips = True -rpc_backend = rabbit -rpc_thread_pool_size = 240 -rpc_conn_pool_size = 100 -rpc_response_timeout = 300 -rpc_cast_timeout = 300 -notification_driver = neutron.openstack.common.notifier.rpc_notifier -default_notification_level = INFO -notification_topics = notifications -agent_down_time = 75 -network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.ChanceScheduler -router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler -api_workers = 8 -rpc_workers = 8 -notify_nova_on_port_status_changes = True -notify_nova_on_port_data_changes = True -nova_url = http://{{ internal_vip.ip }}:8774/v3 -nova_region_name = RegionOne -nova_admin_username = nova -nova_admin_password = {{ NOVA_PASS }} -nova_admin_auth_url = http://{{ internal_vip.ip }}:35357/v3 -send_events_interval = 2 - -[quotas] -quota_driver = neutron.db.quota_db.DbQuotaDriver -quota_items = network,subnet,port -default_quota = -1 -quota_network = 100 -quota_subnet = 100 -quota_port = 8000 -quota_security_group = 1000 -quota_security_group_rule = 1000 - -[agent] -root_helper = "sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf" -report_interval = 30 - -[keystone_authtoken] -auth_uri = http://{{ internal_vip.ip }}:5000 -auth_url = http://{{ internal_vip.ip }}:35357 -auth_type = password -project_domain_name = default -user_domain_name = default -project_name = service -username = neutron -password = {{ NEUTRON_PASS }} - -identity_uri = http://{{ internal_vip.ip }}:35357 -admin_tenant_name = service -admin_user = neutron -admin_password = {{ NEUTRON_PASS }} -signing_dir = $state_path/keystone-signing - -[database] -connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/neutron -slave_connection = -max_retries = 10 -retry_interval = 10 -min_pool_size = 1 -max_pool_size = 100 -idle_timeout = 30 -use_db_reconnect = True -max_overflow = 100 -connection_debug = 0 -connection_trace = False -pool_timeout = 10 - -[service_providers] -service_provider=FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewllDriver:default - -{% if enable_fwaas %} -[fwaas] -driver = neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver -enabled = True -{% endif %} - -[nova] -auth_url = http://{{ internal_vip.ip }}:35357 -auth_type = password -project_domain_name = default -user_domain_name = default -project_name = service -username = nova -password = {{ NOVA_PASS }} - -[oslo_messaging_rabbit] -rabbit_host = {{ rabbit_host }} -rabbit_password = {{ RABBIT_PASS }} -rabbit_port = 5672 -rabbit_userid = {{ RABBIT_USER }} - -[oslo_concurrency] -lock_path = $state_path/lock diff --git a/deploy/adapters/ansible/roles/neutron-compute/vars/Debian.yml b/deploy/adapters/ansible/roles/neutron-compute/vars/Debian.yml deleted file mode 100644 index d0ae2bdd..00000000 --- a/deploy/adapters/ansible/roles/neutron-compute/vars/Debian.yml +++ /dev/null @@ -1,22 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- - -packages: - - neutron-common - - neutron-plugin-ml2 - - openvswitch-switch-dpdk - - openvswitch-switch - - neutron-plugin-openvswitch-agent - -services: - - neutron-openvswitch-agent - -nova_compute_service: - - nova-compute diff --git a/deploy/adapters/ansible/roles/neutron-compute/vars/RedHat.yml b/deploy/adapters/ansible/roles/neutron-compute/vars/RedHat.yml deleted file mode 100644 index 8486a1aa..00000000 --- a/deploy/adapters/ansible/roles/neutron-compute/vars/RedHat.yml +++ /dev/null @@ -1,21 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages: - - openstack-neutron - - openstack-neutron-ml2 - - openstack-neutron-openvswitch - -services: - - openvswitch - - neutron-openvswitch-agent - - libvirtd - -nova_compute_service: - - openstack-nova-compute diff --git a/deploy/adapters/ansible/roles/neutron-compute/vars/main.yml b/deploy/adapters/ansible/roles/neutron-compute/vars/main.yml deleted file mode 100644 index f6fef749..00000000 --- a/deploy/adapters/ansible/roles/neutron-compute/vars/main.yml +++ /dev/null @@ -1,12 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages_noarch: [] - -services_noarch: [] diff --git a/deploy/adapters/ansible/roles/neutron-controller/handlers/main.yml b/deploy/adapters/ansible/roles/neutron-controller/handlers/main.yml deleted file mode 100644 index 8b1bf281..00000000 --- a/deploy/adapters/ansible/roles/neutron-controller/handlers/main.yml +++ /dev/null @@ -1,13 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: restart neutron control services - service: name={{ item }} state=restarted enabled=yes - with_items: "{{ services | union(services_noarch) }}" - when: item != "neutron-server" diff --git a/deploy/adapters/ansible/roles/neutron-controller/tasks/main.yml b/deploy/adapters/ansible/roles/neutron-controller/tasks/main.yml deleted file mode 100644 index 018bea9a..00000000 --- a/deploy/adapters/ansible/roles/neutron-controller/tasks/main.yml +++ /dev/null @@ -1,31 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include: neutron_install.yml - tags: - - install - - neutron_install - - neutron - -- include: neutron_config.yml - when: inventory_hostname == groups['controller'][0] - tags: - - config - - neutron_config - - neutron - -- name: restart first neutron-server - service: name=neutron-server state=restarted enabled=yes - when: inventory_hostname == groups['controller'][0] - -- name: restart other neutron-server - service: name=neutron-server state=restarted enabled=yes - when: inventory_hostname != groups['controller'][0] - -- meta: flush_handlers diff --git a/deploy/adapters/ansible/roles/neutron-controller/tasks/neutron_config.yml b/deploy/adapters/ansible/roles/neutron-controller/tasks/neutron_config.yml deleted file mode 100644 index 6953a17b..00000000 --- a/deploy/adapters/ansible/roles/neutron-controller/tasks/neutron_config.yml +++ /dev/null @@ -1,21 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- - -- name: neutron-db-manage upgrade - shell: | - neutron-db-manage --config-file=/etc/neutron/neutron.conf \ - --config-file=/etc/neutron/plugins/ml2/ml2_conf.ini upgrade head - register: result - run_once: "True" - until: result.rc == 0 - retries: 10 - delay: 5 - notify: - - restart neutron control services diff --git a/deploy/adapters/ansible/roles/neutron-controller/tasks/neutron_install.yml b/deploy/adapters/ansible/roles/neutron-controller/tasks/neutron_install.yml deleted file mode 100644 index 63a80fa4..00000000 --- a/deploy/adapters/ansible/roles/neutron-controller/tasks/neutron_install.yml +++ /dev/null @@ -1,52 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - -- name: disable auto start - copy: - content: "#!/bin/sh\nexit 101" - dest: "/usr/sbin/policy-rc.d" - mode: 0755 - when: ansible_os_family == "Debian" - -- name: install controller-related neutron packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: "{{ packages | union(packages_noarch) }}" - -- name: enable auto start - file: - path=/usr/sbin/policy-rc.d - state=absent - when: ansible_os_family == "Debian" - -- name: generate neutron control service list - lineinfile: dest=/opt/service create=yes line='{{ item }}' - with_items: "{{ services | union(services_noarch) }}" - -- name: get tenant id to fill neutron.conf - shell: - . /opt/admin-openrc.sh; - openstack project show service | grep id | sed -n "2,1p" | awk '{print $4}' - register: NOVA_ADMIN_TENANT_ID - -- name: update neutron conf - template: src=templates/neutron.conf dest=/etc/neutron/neutron.conf backup=yes - -- name: update ml2 plugin conf - template: - src: templates/ml2_conf.ini - dest: /etc/neutron/plugins/ml2/ml2_conf.ini - backup: "yes" - -- name: ln plugin.ini - file: - src: /etc/neutron/plugins/ml2/ml2_conf.ini - dest: /etc/neutron/plugin.ini - state: link diff --git a/deploy/adapters/ansible/roles/neutron-controller/templates/dhcp_agent.ini b/deploy/adapters/ansible/roles/neutron-controller/templates/dhcp_agent.ini deleted file mode 100644 index 19eb62ec..00000000 --- a/deploy/adapters/ansible/roles/neutron-controller/templates/dhcp_agent.ini +++ /dev/null @@ -1,90 +0,0 @@ -[DEFAULT] -# Show debugging output in log (sets DEBUG log level output) -# debug = False -verbose = True - -# The DHCP agent will resync its state with Neutron to recover from any -# transient notification or rpc errors. The interval is number of -# seconds between attempts. -resync_interval = 5 - -# The DHCP agent requires an interface driver be set. Choose the one that best -# matches your plugin. -# interface_driver = - -# Example of interface_driver option for OVS based plugins(OVS, Ryu, NEC, NVP, -# BigSwitch/Floodlight) -interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver - -# Name of Open vSwitch bridge to use -# ovs_integration_bridge = br-int - -# Use veth for an OVS interface or not. -# Support kernels with limited namespace support -# (e.g. RHEL 6.5) so long as ovs_use_veth is set to True. -ovs_use_veth = False - -# Example of interface_driver option for LinuxBridge -# interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver - -# The agent can use other DHCP drivers. Dnsmasq is the simplest and requires -# no additional setup of the DHCP server. -dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq - -# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and -# iproute2 package that supports namespaces). -use_namespaces = True - -# The DHCP server can assist with providing metadata support on isolated -# networks. Setting this value to True will cause the DHCP server to append -# specific host routes to the DHCP request. The metadata service will only -# be activated when the subnet does not contain any router port. The guest -# instance must be configured to request host routes via DHCP (Option 121). -enable_isolated_metadata = False - -# Allows for serving metadata requests coming from a dedicated metadata -# access network whose cidr is 169.254.169.254/16 (or larger prefix), and -# is connected to a Neutron router from which the VMs send metadata -# request. In this case DHCP Option 121 will not be injected in VMs, as -# they will be able to reach 169.254.169.254 through a router. -# This option requires enable_isolated_metadata = True -enable_metadata_network = False - -# Number of threads to use during sync process. Should not exceed connection -# pool size configured on server. -# num_sync_threads = 4 - -# Location to store DHCP server config files -# dhcp_confs = $state_path/dhcp - -# Domain to use for building the hostnames -dhcp_domain = openstacklocal - -# Override the default dnsmasq settings with this file -# dnsmasq_config_file = -dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf - -# Comma-separated list of DNS servers which will be used by dnsmasq -# as forwarders. -# dnsmasq_dns_servers = - -# Limit number of leases to prevent a denial-of-service. -dnsmasq_lease_max = 16777216 - -# Location to DHCP lease relay UNIX domain socket -# dhcp_lease_relay_socket = $state_path/dhcp/lease_relay - -# Location of Metadata Proxy UNIX domain socket -# metadata_proxy_socket = $state_path/metadata_proxy - -# dhcp_delete_namespaces, which is false by default, can be set to True if -# namespaces can be deleted cleanly on the host running the dhcp agent. -# Do not enable this until you understand the problem with the Linux iproute -# utility mentioned in https://bugs.launchpad.net/neutron/+bug/1052535 and -# you are sure that your version of iproute does not suffer from the problem. -# If True, namespaces will be deleted when a dhcp server is disabled. -# dhcp_delete_namespaces = False - -# Timeout for ovs-vsctl commands. -# If the timeout expires, ovs commands will fail with ALARMCLOCK error. -# ovs_vsctl_timeout = 10 diff --git a/deploy/adapters/ansible/roles/neutron-controller/templates/etc/xorp/config.boot b/deploy/adapters/ansible/roles/neutron-controller/templates/etc/xorp/config.boot deleted file mode 100644 index 32caf96d..00000000 --- a/deploy/adapters/ansible/roles/neutron-controller/templates/etc/xorp/config.boot +++ /dev/null @@ -1,25 +0,0 @@ -interfaces { - restore-original-config-on-shutdown: false - interface {{ hostvars[inventory_hostname][neutron_vxlan_interface|default(internal_interface)]['device'] }} { - description: "Internal pNodes interface" - disable: false - default-system-config - } -} - -protocols { - igmp { - disable: false - interface {{ hostvars[inventory_hostname][neutron_vxlan_interface|default(internal_interface)]['device'] }} { - vif {{ hostvars[inventory_hostname][neutron_vxlan_interface|default(internal_interface)]['device'] }} { - disable: false - version: 3 - } - } - traceoptions { - flag all { - disable: false - } - } - } -} diff --git a/deploy/adapters/ansible/roles/neutron-controller/templates/l3_agent.ini b/deploy/adapters/ansible/roles/neutron-controller/templates/l3_agent.ini deleted file mode 100644 index 5f499348..00000000 --- a/deploy/adapters/ansible/roles/neutron-controller/templates/l3_agent.ini +++ /dev/null @@ -1,81 +0,0 @@ -[DEFAULT] -# Show debugging output in log (sets DEBUG log level output) -# debug = False -verbose = True - -# L3 requires that an interface driver be set. Choose the one that best -# matches your plugin. -# interface_driver = - -# Example of interface_driver option for OVS based plugins (OVS, Ryu, NEC) -# that supports L3 agent -# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver -interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver - -# Use veth for an OVS interface or not. -# Support kernels with limited namespace support -# (e.g. RHEL 6.5) so long as ovs_use_veth is set to True. -# ovs_use_veth = False - -# Example of interface_driver option for LinuxBridge -# interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver - -# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and -# iproute2 package that supports namespaces). -use_namespaces = True - -# If use_namespaces is set as False then the agent can only configure one router. - -# This is done by setting the specific router_id. -# router_id = - -# When external_network_bridge is set, each L3 agent can be associated -# with no more than one external network. This value should be set to the UUID -# of that external network. To allow L3 agent support multiple external -# networks, both the external_network_bridge and gateway_external_network_id -# must be left empty. -# gateway_external_network_id = - -# Indicates that this L3 agent should also handle routers that do not have -# an external network gateway configured. This option should be True only -# for a single agent in a Neutron deployment, and may be False for all agents -# if all routers must have an external network gateway -handle_internal_only_routers = True - -# Name of bridge used for external network traffic. This should be set to -# empty value for the linux bridge. when this parameter is set, each L3 agent -# can be associated with no more than one external network. -external_network_bridge = - -# TCP Port used by Neutron metadata server -metadata_port = 9697 - -# Send this many gratuitous ARPs for HA setup. Set it below or equal to 0 -# to disable this feature. -send_arp_for_ha = 3 - -# seconds between re-sync routers' data if needed -periodic_interval = 40 - -# seconds to start to sync routers' data after -# starting agent -periodic_fuzzy_delay = 5 - -# enable_metadata_proxy, which is true by default, can be set to False -# if the Nova metadata server is not available -# enable_metadata_proxy = True - -# Location of Metadata Proxy UNIX domain socket -# metadata_proxy_socket = $state_path/metadata_proxy - -# router_delete_namespaces, which is false by default, can be set to True if -# namespaces can be deleted cleanly on the host running the L3 agent. -# Do not enable this until you understand the problem with the Linux iproute -# utility mentioned in https://bugs.launchpad.net/neutron/+bug/1052535 and -# you are sure that your version of iproute does not suffer from the problem. -# If True, namespaces will be deleted when a router is destroyed. -# router_delete_namespaces = False - -# Timeout for ovs-vsctl commands. -# If the timeout expires, ovs commands will fail with ALARMCLOCK error. -# ovs_vsctl_timeout = 10 diff --git a/deploy/adapters/ansible/roles/neutron-controller/templates/metadata_agent.ini b/deploy/adapters/ansible/roles/neutron-controller/templates/metadata_agent.ini deleted file mode 100644 index 994f0a63..00000000 --- a/deploy/adapters/ansible/roles/neutron-controller/templates/metadata_agent.ini +++ /dev/null @@ -1,46 +0,0 @@ -[DEFAULT] -# Show debugging output in log (sets DEBUG log level output) -debug = True - -# The Neutron user information for accessing the Neutron API. -auth_url = http://{{ internal_vip.ip }}:5000/v3 -auth_region = RegionOne -# Turn off verification of the certificate for ssl -# auth_insecure = False -# Certificate Authority public key (CA cert) file for ssl -# auth_ca_cert = -admin_tenant_name = service -admin_user = neutron -admin_password = {{ NEUTRON_PASS }} - -# Network service endpoint type to pull from the keystone catalog -# endpoint_type = adminURL - -# IP address used by Nova metadata server -nova_metadata_ip = {{ internal_vip.ip }} - -# TCP Port used by Nova metadata server -nova_metadata_port = 8775 - -# When proxying metadata requests, Neutron signs the Instance-ID header with a -# shared secret to prevent spoofing. You may select any string for a secret, -# but it must match here and in the configuration used by the Nova Metadata -# Server. NOTE: Nova uses a different key: neutron_metadata_proxy_shared_secret -metadata_proxy_shared_secret = {{ METADATA_SECRET }} - -# Location of Metadata Proxy UNIX domain socket -# metadata_proxy_socket = $state_path/metadata_proxy - -# Number of separate worker processes for metadata server -# metadata_workers = 0 - -# Number of backlog requests to configure the metadata server socket with -# metadata_backlog = 128 - -# URL to connect to the cache backend. -# Example of URL using memory caching backend -# with ttl set to 5 seconds: cache_url = memory://?default_ttl=5 -# default_ttl=0 parameter will cause cache entries to never expire. -# Otherwise default_ttl specifies time in seconds a cache entry is valid for. -# No cache is used in case no value is passed. -# cache_url = diff --git a/deploy/adapters/ansible/roles/neutron-controller/vars/Debian.yml b/deploy/adapters/ansible/roles/neutron-controller/vars/Debian.yml deleted file mode 100644 index 70d652c3..00000000 --- a/deploy/adapters/ansible/roles/neutron-controller/vars/Debian.yml +++ /dev/null @@ -1,14 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages: - - neutron-server - - neutron-plugin-ml2 - -services: [] diff --git a/deploy/adapters/ansible/roles/neutron-controller/vars/RedHat.yml b/deploy/adapters/ansible/roles/neutron-controller/vars/RedHat.yml deleted file mode 100644 index 89f41ded..00000000 --- a/deploy/adapters/ansible/roles/neutron-controller/vars/RedHat.yml +++ /dev/null @@ -1,14 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages: - - openstack-neutron - - openstack-neutron-ml2 - -services: [] diff --git a/deploy/adapters/ansible/roles/neutron-controller/vars/main.yml b/deploy/adapters/ansible/roles/neutron-controller/vars/main.yml deleted file mode 100644 index aae4fe3c..00000000 --- a/deploy/adapters/ansible/roles/neutron-controller/vars/main.yml +++ /dev/null @@ -1,13 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages_noarch: [] - -services_noarch: - - neutron-server diff --git a/deploy/adapters/ansible/roles/neutron-network/files/vpnaas.filters b/deploy/adapters/ansible/roles/neutron-network/files/vpnaas.filters deleted file mode 100644 index c5eaa80c..00000000 --- a/deploy/adapters/ansible/roles/neutron-network/files/vpnaas.filters +++ /dev/null @@ -1,7 +0,0 @@ -[Filters] -ip: IpFilter, ip, root -ip_exec: IpNetnsExecFilter, ip, root -ipsec: CommandFilter, ipsec, root -strongswan: CommandFilter, strongswan, root -neutron_netns_wrapper: CommandFilter, neutron-vpn-netns-wrapper, root -neutron_netns_wrapper_local: CommandFilter, /usr/local/bin/neutron-vpn-netns-wrapper, root diff --git a/deploy/adapters/ansible/roles/neutron-network/files/xorp b/deploy/adapters/ansible/roles/neutron-network/files/xorp deleted file mode 100644 index 5a486107..00000000 --- a/deploy/adapters/ansible/roles/neutron-network/files/xorp +++ /dev/null @@ -1,23 +0,0 @@ -# Defaults for xorp initscript -# sourced by /etc/init.d/xorp -# installed at /etc/default/xorp by the maintainer scripts - -# -# This is a POSIX shell fragment -# - -# Master system-wide xorp switch. The initscript -# will not run if it is not set to yes. - -RUN="yes" - - -# Additional options that are passed to the rtrmgr Daemon. -# e.g. : -# -a <allowed host> Host allowed by the finder -# -n <allowed net> Subnet allowed by the finder -# -v Print verbose information -# -b <file> Specify boot file -# -d Run as a daemon, detach from tty - -DAEMON_OPTS="-b /etc/xorp/config.boot " diff --git a/deploy/adapters/ansible/roles/neutron-network/handlers/main.yml b/deploy/adapters/ansible/roles/neutron-network/handlers/main.yml deleted file mode 100644 index cd98581a..00000000 --- a/deploy/adapters/ansible/roles/neutron-network/handlers/main.yml +++ /dev/null @@ -1,31 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: restart neutron network relation service - service: name={{ item }} state=restarted enabled=yes - with_flattened: - - "{{ services_noarch }}" - - "{{ services }}" - -- name: restart openvswitch agent service - service: name=neutron-openvswitch-agent state=restarted enabled=yes - -- name: restart vpn agent service - service: name={{ item }} state=restarted enabled=yes - with_items: - - neutron-vpn-agent - - strongswan - -- name: kill dnsmasq - command: killall dnsmasq - ignore_errors: "True" - -- name: restart xorp - service: name=xorp state=restarted enabled=yes sleep=10 - ignore_errors: "True" diff --git a/deploy/adapters/ansible/roles/neutron-network/tasks/firewall.yml b/deploy/adapters/ansible/roles/neutron-network/tasks/firewall.yml deleted file mode 100755 index 9aa24045..00000000 --- a/deploy/adapters/ansible/roles/neutron-network/tasks/firewall.yml +++ /dev/null @@ -1,31 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - -- name: disable auto start - copy: - content: "#!/bin/sh\nexit 101" - dest: "/usr/sbin/policy-rc.d" - mode: 0755 - when: ansible_os_family == "Debian" - -- name: install firewall packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: "{{ firewall_packages }}" - -- name: enable auto start - file: - path=/usr/sbin/policy-rc.d - state=absent - when: ansible_os_family == "Debian" - -- name: update firewall related conf - shell: | - crudini --set --list /etc/neutron/neutron.conf DEFAULT service_plugins firewall diff --git a/deploy/adapters/ansible/roles/neutron-network/tasks/igmp-router.yml b/deploy/adapters/ansible/roles/neutron-network/tasks/igmp-router.yml deleted file mode 100644 index ec12b318..00000000 --- a/deploy/adapters/ansible/roles/neutron-network/tasks/igmp-router.yml +++ /dev/null @@ -1,32 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: Install XORP to provide IGMP router functionality - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: "{{ xorp_packages }}" - -- name: create xorp directory - file: path=/etc/xorp state=directory - -- name: configure xorp - template: src=etc/xorp/config.boot dest=/etc/xorp/config.boot - notify: - - restart xorp - -- name: set xorp defaults - copy: src=xorp dest=/etc/default/xorp - notify: - - restart xorp - -- meta: flush_handlers - -- name: start and enable xorp service - service: name=xorp state=started enabled=yes - retries: 2 - delay: 10 diff --git a/deploy/adapters/ansible/roles/neutron-network/tasks/main.yml b/deploy/adapters/ansible/roles/neutron-network/tasks/main.yml deleted file mode 100644 index 1e204405..00000000 --- a/deploy/adapters/ansible/roles/neutron-network/tasks/main.yml +++ /dev/null @@ -1,123 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - -- name: activate ipv4 forwarding - sysctl: name=net.ipv4.ip_forward value=1 - state=present reload=yes - -- name: deactivate ipv4 rp filter - sysctl: name=net.ipv4.conf.all.rp_filter value=0 - state=present reload=yes - -- name: deactivate ipv4 default rp filter - sysctl: name=net.ipv4.conf.default.rp_filter - value=0 state=present reload=yes - -- name: assert kernel support for vxlan - command: modinfo -F version vxlan - when: "'vxlan' in {{ NEUTRON_TUNNEL_TYPES | to_json }}" - -- name: assert iproute2 suppport for vxlan - command: ip link add type vxlan help - register: iproute_out - failed_when: iproute_out.rc == 255 - when: "'vxlan' in {{ NEUTRON_TUNNEL_TYPES | to_json }}" - -- name: disable auto start - copy: - content: "#!/bin/sh\nexit 101" - dest: "/usr/sbin/policy-rc.d" - mode: 0755 - when: ansible_os_family == "Debian" - -- name: install neutron network related packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: "{{ packages | union(packages_noarch) }}" - -- name: enable auto start - file: - path=/usr/sbin/policy-rc.d - state=absent - when: ansible_os_family == "Debian" - -- name: generate neutron network service list - lineinfile: dest=/opt/service create=yes line='{{ item }}' - with_items: "{{ services | union(services_noarch) }}" - -- name: fix openstack neutron plugin config file - shell: | - sed -i 's,plugins/ml2/openvswitch_agent.ini,plugin.ini,g' \ - /usr/lib/systemd/system/neutron-openvswitch-agent.service; - systemctl daemon-reload - when: ansible_os_family == 'RedHat' - -- name: fix openstack neutron plugin config file ubuntu - shell: | - sed -i 's,plugins/ml2/openvswitch_agent.ini,plugin.ini,g' \ - /etc/init/neutron-openvswitch-agent.con; - sed -i 's,plugins/ml2/openvswitch_agent.ini,plugin.ini,g' \ - /etc/init.d/neutron-openvswitch-agent; - when: ansible_os_family == "Debian" - -- name: config l3 agent - template: src=l3_agent.ini dest=/etc/neutron/l3_agent.ini - backup=yes - -- name: config dhcp agent - template: src=dhcp_agent.ini dest=/etc/neutron/dhcp_agent.ini - backup=yes - -- name: update dnsmasq-neutron.conf - template: src=templates/dnsmasq-neutron.conf - dest=/etc/neutron/dnsmasq-neutron.conf - -- name: config metadata agent - template: src=metadata_agent.ini - dest=/etc/neutron/metadata_agent.ini backup=yes - -- name: config ml2 plugin - template: src=templates/ml2_conf.ini - dest=/etc/neutron/plugins/ml2/ml2_conf.ini - backup=yes - -- name: ln plugin.ini - file: - src: /etc/neutron/plugins/ml2/ml2_conf.ini - dest: /etc/neutron/plugin.ini - state: link - -- name: config neutron - template: src=templates/neutron.conf - dest=/etc/neutron/neutron.conf backup=yes - -- name: force mtu to 1450 for vxlan - lineinfile: - dest: /etc/neutron/dnsmasq-neutron.conf - regexp: '^dhcp-option-force' - line: 'dhcp-option-force=26,1450' - when: "'vxlan' in {{ NEUTRON_TUNNEL_TYPES | to_json }}" - -- include: firewall.yml - when: enable_fwaas == True - -- include: vpn.yml - when: enable_vpnaas == True - -- include: odl.yml - when: "'opendaylight' in {{ NEUTRON_MECHANISM_DRIVERS | to_json }}" - -- name: restart neutron network relation service - service: name={{ item }} state=restarted enabled=yes - with_flattened: - - "{{ services_noarch }}" - - "{{ services }}" - -- meta: flush_handlers diff --git a/deploy/adapters/ansible/roles/neutron-network/tasks/odl.yml b/deploy/adapters/ansible/roles/neutron-network/tasks/odl.yml deleted file mode 100644 index 1105b45d..00000000 --- a/deploy/adapters/ansible/roles/neutron-network/tasks/odl.yml +++ /dev/null @@ -1,25 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: ovs set manager - command: ovs-vsctl set-manager tcp:{{ controller }}:6640 - -- name: get ovs uuid - shell: ovs-vsctl get Open_vSwitch . _uuid - register: ovs_uuid - -- name: set bridge_mappings - command: | - ovs-vsctl set Open_vSwitch {{ ovs_uuid.stdout }} \ - other_config:bridge_mappings=physnet1:{{ INTERFACE_NAME }} - -- name: set local ip - command: | - ovs-vsctl set Open_vSwitch {{ ovs_uuid.stdout }} \ - other_config:local_ip={{ internal_ip }} diff --git a/deploy/adapters/ansible/roles/neutron-network/tasks/vpn.yml b/deploy/adapters/ansible/roles/neutron-network/tasks/vpn.yml deleted file mode 100755 index 22f4411a..00000000 --- a/deploy/adapters/ansible/roles/neutron-network/tasks/vpn.yml +++ /dev/null @@ -1,49 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - -- name: disable auto start - copy: - content: "#!/bin/sh\nexit 101" - dest: "/usr/sbin/policy-rc.d" - mode: 0755 - when: ansible_os_family == "Debian" - -- name: install vpn packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: "{{ vpn_packages }}" - -- name: enable auto start - file: - path=/usr/sbin/policy-rc.d - state=absent - when: ansible_os_family == "Debian" - -- name: update vpn related conf - shell: | - crudini --set /etc/neutron/l3_agent.ini vpnagent vpn_device_driver \ - neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver; - crudini --set --list /etc/neutron/neutron.conf DEFAULT service_plugins vpnaas; - crudini --set /etc/neutron/neutron_vpnaas.conf service_providers service_provider \ - 'VPN:strongswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default' - -- name: make sure rootwrap.d dir exist - file: path=/etc/neutron/rootwrap.d state=directory mode=0755 - -- name: update rootwrap - copy: src=vpnaas.filters dest=/etc/neutron/rootwrap.d/vpnaas.filters - -- name: enable vpn service - service: name={{ item }} state=started enabled=yes - with_items: - - neutron-vpn-agent - - strongswan - notify: - - restart vpn agent service diff --git a/deploy/adapters/ansible/roles/neutron-network/templates/dhcp_agent.ini b/deploy/adapters/ansible/roles/neutron-network/templates/dhcp_agent.ini deleted file mode 100644 index 19eb62ec..00000000 --- a/deploy/adapters/ansible/roles/neutron-network/templates/dhcp_agent.ini +++ /dev/null @@ -1,90 +0,0 @@ -[DEFAULT] -# Show debugging output in log (sets DEBUG log level output) -# debug = False -verbose = True - -# The DHCP agent will resync its state with Neutron to recover from any -# transient notification or rpc errors. The interval is number of -# seconds between attempts. -resync_interval = 5 - -# The DHCP agent requires an interface driver be set. Choose the one that best -# matches your plugin. -# interface_driver = - -# Example of interface_driver option for OVS based plugins(OVS, Ryu, NEC, NVP, -# BigSwitch/Floodlight) -interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver - -# Name of Open vSwitch bridge to use -# ovs_integration_bridge = br-int - -# Use veth for an OVS interface or not. -# Support kernels with limited namespace support -# (e.g. RHEL 6.5) so long as ovs_use_veth is set to True. -ovs_use_veth = False - -# Example of interface_driver option for LinuxBridge -# interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver - -# The agent can use other DHCP drivers. Dnsmasq is the simplest and requires -# no additional setup of the DHCP server. -dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq - -# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and -# iproute2 package that supports namespaces). -use_namespaces = True - -# The DHCP server can assist with providing metadata support on isolated -# networks. Setting this value to True will cause the DHCP server to append -# specific host routes to the DHCP request. The metadata service will only -# be activated when the subnet does not contain any router port. The guest -# instance must be configured to request host routes via DHCP (Option 121). -enable_isolated_metadata = False - -# Allows for serving metadata requests coming from a dedicated metadata -# access network whose cidr is 169.254.169.254/16 (or larger prefix), and -# is connected to a Neutron router from which the VMs send metadata -# request. In this case DHCP Option 121 will not be injected in VMs, as -# they will be able to reach 169.254.169.254 through a router. -# This option requires enable_isolated_metadata = True -enable_metadata_network = False - -# Number of threads to use during sync process. Should not exceed connection -# pool size configured on server. -# num_sync_threads = 4 - -# Location to store DHCP server config files -# dhcp_confs = $state_path/dhcp - -# Domain to use for building the hostnames -dhcp_domain = openstacklocal - -# Override the default dnsmasq settings with this file -# dnsmasq_config_file = -dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf - -# Comma-separated list of DNS servers which will be used by dnsmasq -# as forwarders. -# dnsmasq_dns_servers = - -# Limit number of leases to prevent a denial-of-service. -dnsmasq_lease_max = 16777216 - -# Location to DHCP lease relay UNIX domain socket -# dhcp_lease_relay_socket = $state_path/dhcp/lease_relay - -# Location of Metadata Proxy UNIX domain socket -# metadata_proxy_socket = $state_path/metadata_proxy - -# dhcp_delete_namespaces, which is false by default, can be set to True if -# namespaces can be deleted cleanly on the host running the dhcp agent. -# Do not enable this until you understand the problem with the Linux iproute -# utility mentioned in https://bugs.launchpad.net/neutron/+bug/1052535 and -# you are sure that your version of iproute does not suffer from the problem. -# If True, namespaces will be deleted when a dhcp server is disabled. -# dhcp_delete_namespaces = False - -# Timeout for ovs-vsctl commands. -# If the timeout expires, ovs commands will fail with ALARMCLOCK error. -# ovs_vsctl_timeout = 10 diff --git a/deploy/adapters/ansible/roles/neutron-network/templates/etc/xorp/config.boot b/deploy/adapters/ansible/roles/neutron-network/templates/etc/xorp/config.boot deleted file mode 100644 index 426a8fd1..00000000 --- a/deploy/adapters/ansible/roles/neutron-network/templates/etc/xorp/config.boot +++ /dev/null @@ -1,25 +0,0 @@ -interfaces { - restore-original-config-on-shutdown: false - interface {{ internal_nic }} { - description: "Internal pNodes interface" - disable: false - default-system-config - } -} - -protocols { - igmp { - disable: false - interface {{ internal_nic }} { - vif {{ internal_nic }} { - disable: false - version: 3 - } - } - traceoptions { - flag all { - disable: false - } - } - } -} diff --git a/deploy/adapters/ansible/roles/neutron-network/templates/l3_agent.ini b/deploy/adapters/ansible/roles/neutron-network/templates/l3_agent.ini deleted file mode 100644 index 5f499348..00000000 --- a/deploy/adapters/ansible/roles/neutron-network/templates/l3_agent.ini +++ /dev/null @@ -1,81 +0,0 @@ -[DEFAULT] -# Show debugging output in log (sets DEBUG log level output) -# debug = False -verbose = True - -# L3 requires that an interface driver be set. Choose the one that best -# matches your plugin. -# interface_driver = - -# Example of interface_driver option for OVS based plugins (OVS, Ryu, NEC) -# that supports L3 agent -# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver -interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver - -# Use veth for an OVS interface or not. -# Support kernels with limited namespace support -# (e.g. RHEL 6.5) so long as ovs_use_veth is set to True. -# ovs_use_veth = False - -# Example of interface_driver option for LinuxBridge -# interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver - -# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and -# iproute2 package that supports namespaces). -use_namespaces = True - -# If use_namespaces is set as False then the agent can only configure one router. - -# This is done by setting the specific router_id. -# router_id = - -# When external_network_bridge is set, each L3 agent can be associated -# with no more than one external network. This value should be set to the UUID -# of that external network. To allow L3 agent support multiple external -# networks, both the external_network_bridge and gateway_external_network_id -# must be left empty. -# gateway_external_network_id = - -# Indicates that this L3 agent should also handle routers that do not have -# an external network gateway configured. This option should be True only -# for a single agent in a Neutron deployment, and may be False for all agents -# if all routers must have an external network gateway -handle_internal_only_routers = True - -# Name of bridge used for external network traffic. This should be set to -# empty value for the linux bridge. when this parameter is set, each L3 agent -# can be associated with no more than one external network. -external_network_bridge = - -# TCP Port used by Neutron metadata server -metadata_port = 9697 - -# Send this many gratuitous ARPs for HA setup. Set it below or equal to 0 -# to disable this feature. -send_arp_for_ha = 3 - -# seconds between re-sync routers' data if needed -periodic_interval = 40 - -# seconds to start to sync routers' data after -# starting agent -periodic_fuzzy_delay = 5 - -# enable_metadata_proxy, which is true by default, can be set to False -# if the Nova metadata server is not available -# enable_metadata_proxy = True - -# Location of Metadata Proxy UNIX domain socket -# metadata_proxy_socket = $state_path/metadata_proxy - -# router_delete_namespaces, which is false by default, can be set to True if -# namespaces can be deleted cleanly on the host running the L3 agent. -# Do not enable this until you understand the problem with the Linux iproute -# utility mentioned in https://bugs.launchpad.net/neutron/+bug/1052535 and -# you are sure that your version of iproute does not suffer from the problem. -# If True, namespaces will be deleted when a router is destroyed. -# router_delete_namespaces = False - -# Timeout for ovs-vsctl commands. -# If the timeout expires, ovs commands will fail with ALARMCLOCK error. -# ovs_vsctl_timeout = 10 diff --git a/deploy/adapters/ansible/roles/neutron-network/templates/metadata_agent.ini b/deploy/adapters/ansible/roles/neutron-network/templates/metadata_agent.ini deleted file mode 100644 index 994f0a63..00000000 --- a/deploy/adapters/ansible/roles/neutron-network/templates/metadata_agent.ini +++ /dev/null @@ -1,46 +0,0 @@ -[DEFAULT] -# Show debugging output in log (sets DEBUG log level output) -debug = True - -# The Neutron user information for accessing the Neutron API. -auth_url = http://{{ internal_vip.ip }}:5000/v3 -auth_region = RegionOne -# Turn off verification of the certificate for ssl -# auth_insecure = False -# Certificate Authority public key (CA cert) file for ssl -# auth_ca_cert = -admin_tenant_name = service -admin_user = neutron -admin_password = {{ NEUTRON_PASS }} - -# Network service endpoint type to pull from the keystone catalog -# endpoint_type = adminURL - -# IP address used by Nova metadata server -nova_metadata_ip = {{ internal_vip.ip }} - -# TCP Port used by Nova metadata server -nova_metadata_port = 8775 - -# When proxying metadata requests, Neutron signs the Instance-ID header with a -# shared secret to prevent spoofing. You may select any string for a secret, -# but it must match here and in the configuration used by the Nova Metadata -# Server. NOTE: Nova uses a different key: neutron_metadata_proxy_shared_secret -metadata_proxy_shared_secret = {{ METADATA_SECRET }} - -# Location of Metadata Proxy UNIX domain socket -# metadata_proxy_socket = $state_path/metadata_proxy - -# Number of separate worker processes for metadata server -# metadata_workers = 0 - -# Number of backlog requests to configure the metadata server socket with -# metadata_backlog = 128 - -# URL to connect to the cache backend. -# Example of URL using memory caching backend -# with ttl set to 5 seconds: cache_url = memory://?default_ttl=5 -# default_ttl=0 parameter will cause cache entries to never expire. -# Otherwise default_ttl specifies time in seconds a cache entry is valid for. -# No cache is used in case no value is passed. -# cache_url = diff --git a/deploy/adapters/ansible/roles/neutron-network/vars/Debian.yml b/deploy/adapters/ansible/roles/neutron-network/vars/Debian.yml deleted file mode 100644 index 3597f587..00000000 --- a/deploy/adapters/ansible/roles/neutron-network/vars/Debian.yml +++ /dev/null @@ -1,29 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages: - - neutron-plugin-ml2 - - openvswitch-switch-dpdk - - openvswitch-switch - - neutron-l3-agent - - neutron-dhcp-agent - - neutron-plugin-openvswitch-agent - -services: - - openvswitch-switch - - neutron-openvswitch-agent - -openvswitch_agent: neutron-plugin-openvswitch-agent - -firewall_packages: - -vpn_packages: - -xorp_packages: - - xorp diff --git a/deploy/adapters/ansible/roles/neutron-network/vars/main.yml b/deploy/adapters/ansible/roles/neutron-network/vars/main.yml deleted file mode 100644 index ddd983e2..00000000 --- a/deploy/adapters/ansible/roles/neutron-network/vars/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages_noarch: [] - -services_noarch: - - neutron-l3-agent - - neutron-dhcp-agent - - neutron-metadata-agent diff --git a/deploy/adapters/ansible/roles/nova-compute/handlers/main.yml b/deploy/adapters/ansible/roles/nova-compute/handlers/main.yml deleted file mode 100644 index cbf0bc1c..00000000 --- a/deploy/adapters/ansible/roles/nova-compute/handlers/main.yml +++ /dev/null @@ -1,12 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: restart nova-compute services - service: name={{ item }} state=restarted enabled=yes - with_items: "{{ services | union(services_noarch) }}" diff --git a/deploy/adapters/ansible/roles/nova-compute/tasks/main.yml b/deploy/adapters/ansible/roles/nova-compute/tasks/main.yml deleted file mode 100644 index 7842a73c..00000000 --- a/deploy/adapters/ansible/roles/nova-compute/tasks/main.yml +++ /dev/null @@ -1,100 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - -- name: disable auto start - copy: - content: "#!/bin/sh\nexit 101" - dest: "/usr/sbin/policy-rc.d" - mode: 0755 - when: ansible_os_family == "Debian" - -- name: install nova-compute related packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: "{{ packages | union(packages_noarch) }}" - -- name: restart virtlogd - service: name=virtlogd state=started enabled=yes - when: ansible_os_family == "Debian" - -- name: enable auto start - file: - path=/usr/sbin/policy-rc.d - state=absent - when: ansible_os_family == "Debian" - -- name: get number of cpu support virtualization - shell: egrep -c '(vmx|svm)' /proc/cpuinfo || echo 0 - register: kvm_cpu_num - -- name: update libvirt-bin conf - lineinfile: - dest: /etc/default/libvirt-bin - regexp: '^libvirtd_opts=.*' - insertafter: '^#libvirtd_opts=.*' - line: 'libvirtd_opts="-d -l"' - when: ansible_os_family == "Debian" - notify: - - restart nova-compute services - -- name: update libvirt-bin.conf - lineinfile: - dest: /etc/init/libvirt-bin.conf - regexp: '^env libvirtd_opts=.*' - line: 'env libvirtd_opts="-d -l"' - when: ansible_os_family == "Debian" - notify: - - restart nova-compute services - -- name: update libvirtd.conf - lineinfile: - dest: /etc/libvirt/libvirtd.conf - regexp: '{{ item.regexp }}' - insertafter: '{{ item.insertafter }}' - line: '{{ item.line }}' - with_items: - - regexp: '^listen_tls.*' - insertafter: '^#listen_tls.*' - line: 'listen_tls = 0' - - regexp: '^listen_tcp.*' - insertafter: '^#listen_tcp.*' - line: 'listen_tcp = 1' - - regexp: '^auth_tcp.*' - insertafter: '^#auth_tcp.*' - line: 'auth_tcp = "none"' - notify: - - restart nova-compute services - -- name: update sysconfig libvirtd - lineinfile: - dest: /etc/sysconfig/libvirtd - regexp: '^LIBVIRTD_ARGS.*' - insertafter: '^#LIBVIRTD_ARGS.*' - line: 'LIBVIRTD_ARGS="--listen"' - when: ansible_os_family == "RedHat" - notify: - - restart nova-compute services - -- name: update nova-compute conf - template: src={{ item }} dest=/etc/nova/{{ item }} - with_items: - - nova.conf - - nova-compute.conf - notify: - - restart nova-compute services - -- name: generate neutron control service list - lineinfile: dest=/opt/service create=yes line='{{ item }}' - with_items: "{{ services | union(services_noarch) }}" - -- name: remove nova sqlite db - shell: rm /var/lib/nova/nova.sqlite || touch nova.sqlite.removed - -- meta: flush_handlers diff --git a/deploy/adapters/ansible/roles/nova-compute/templates/nova-compute.conf b/deploy/adapters/ansible/roles/nova-compute/templates/nova-compute.conf deleted file mode 100644 index a46c6b8d..00000000 --- a/deploy/adapters/ansible/roles/nova-compute/templates/nova-compute.conf +++ /dev/null @@ -1,12 +0,0 @@ -[DEFAULT] -compute_driver = libvirt.LibvirtDriver -force_raw_images = true -[libvirt] -cpu_mode = none -{% if kvm_cpu_num.stdout_lines[0]|int == 0 %} -virt_type = qemu -{% else %} -virt_type = kvm -{% endif %} -images_type = raw -mem_stats_period_seconds = 0 diff --git a/deploy/adapters/ansible/roles/nova-compute/templates/nova.conf b/deploy/adapters/ansible/roles/nova-compute/templates/nova.conf deleted file mode 100644 index 8d7e9a5f..00000000 --- a/deploy/adapters/ansible/roles/nova-compute/templates/nova.conf +++ /dev/null @@ -1,104 +0,0 @@ -[DEFAULT] -transport_url = rabbit://{{ RABBIT_USER }}:{{ RABBIT_PASS }}@{{ rabbit_host }} -auth_strategy = keystone -my_ip = {{ internal_ip }} -use_neutron = True -firewall_driver = nova.virt.firewall.NoopFirewallDriver - -dhcpbridge_flagfile=/etc/nova/nova.conf -dhcpbridge=/usr/bin/nova-dhcpbridge -log-dir=/var/log/nova -state_path=/var/lib/nova -force_dhcp_release=True -verbose={{ VERBOSE }} -ec2_private_dns_show_ip=True -enabled_apis=osapi_compute,metadata -default_floating_pool={{ public_net_info.network }} -metadata_listen={{ internal_ip }} -linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver -iscsi_helper=tgtadm -connection_type=libvirt -root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf -debug={{ DEBUG }} -volumes_path=/var/lib/nova/volumes -rpc_backend = rabbit -osapi_compute_listen={{ internal_ip }} -network_api_class = nova.network.neutronv2.api.API -security_group_api = neutron -instance_usage_audit = True -instance_usage_audit_period = hour -notify_on_state_change = vm_and_task_state -notification_driver = nova.openstack.common.notifier.rpc_notifier -notification_driver = ceilometer.compute.nova_notifier - -[api_database] -connection = mysql://nova:{{ NOVA_DBPASS }}@{{ db_host }}/nova_api -idle_timeout = 30 -pool_timeout = 10 -use_db_reconnect = True - -[database] -connection = mysql://nova:{{ NOVA_DBPASS }}@{{ db_host }}/nova -idle_timeout = 30 -pool_timeout = 10 -use_db_reconnect = True - -[glance] -api_servers = http://{{ internal_vip.ip }}:9292 -host = {{ internal_vip.ip }} - -[keystone_authtoken] -auth_uri = http://{{ internal_vip.ip }}:5000 -auth_url = http://{{ internal_vip.ip }}:35357 -auth_type = password -project_domain_name = default -user_domain_name = default -project_name = service -username = nova -password = {{ NOVA_PASS }} - -identity_uri = http://{{ internal_vip.ip }}:35357 -admin_tenant_name = service -admin_user = nova -admin_password = {{ NOVA_PASS }} - -[libvirt] -use_virtio_for_bridges=True - -[neutron] -url = http://{{ internal_vip.ip }}:9696 -auth_url = http://{{ internal_vip.ip }}:35357 -auth_type = password -project_domain_name = default -user_domain_name = default -region_name = RegionOne -project_name = service -username = neutron -password = {{ NEUTRON_PASS }} -service_metadata_proxy = True -metadata_proxy_shared_secret = {{ METADATA_SECRET }} - -auth_strategy = keystone -admin_tenant_name = service -admin_username = neutron -admin_password = {{ NEUTRON_PASS }} -admin_auth_url = http://{{ internal_vip.ip }}:35357/v3 - -[oslo_concurrency] -lock_path=/var/lib/nova/tmp - -[oslo_messaging_rabbit] -rabbit_host = {{ rabbit_host }} -rabbit_userid = {{ RABBIT_USER }} -rabbit_password = {{ RABBIT_PASS }} - -[vnc] -enabled = True -vncserver_listen = {{ internal_ip }} -vncserver_proxyclient_address = {{ internal_ip }} -novncproxy_base_url = http://{{ public_vip.ip }}:6080/vnc_auto.html -novncproxy_host = {{ internal_ip }} -novncproxy_port = 6080 - -[wsgi] -api_paste_config=/etc/nova/api-paste.ini diff --git a/deploy/adapters/ansible/roles/nova-compute/vars/Debian.yml b/deploy/adapters/ansible/roles/nova-compute/vars/Debian.yml deleted file mode 100644 index 4e599500..00000000 --- a/deploy/adapters/ansible/roles/nova-compute/vars/Debian.yml +++ /dev/null @@ -1,16 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- - -packages: - - nova-compute-kvm - -services: - - nova-compute - - libvirt-bin diff --git a/deploy/adapters/ansible/roles/nova-compute/vars/RedHat.yml b/deploy/adapters/ansible/roles/nova-compute/vars/RedHat.yml deleted file mode 100644 index dab2cfdc..00000000 --- a/deploy/adapters/ansible/roles/nova-compute/vars/RedHat.yml +++ /dev/null @@ -1,16 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages: - - openstack-nova-compute - - sysfsutils - -services: - - libvirtd - - openstack-nova-compute diff --git a/deploy/adapters/ansible/roles/nova-compute/vars/main.yml b/deploy/adapters/ansible/roles/nova-compute/vars/main.yml deleted file mode 100644 index f6fef749..00000000 --- a/deploy/adapters/ansible/roles/nova-compute/vars/main.yml +++ /dev/null @@ -1,12 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages_noarch: [] - -services_noarch: [] diff --git a/deploy/adapters/ansible/roles/nova-controller/handlers/main.yml b/deploy/adapters/ansible/roles/nova-controller/handlers/main.yml deleted file mode 100644 index 259012c5..00000000 --- a/deploy/adapters/ansible/roles/nova-controller/handlers/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: restart nova service - service: name={{ item}} state=restarted enabled=yes - with_items: "{{ services | union(services_noarch) }}" - -- name: remove nova-sqlite-db - shell: rm /var/lib/nova/nova.sqlite || touch nova.sqlite.db.removed diff --git a/deploy/adapters/ansible/roles/nova-controller/tasks/main.yml b/deploy/adapters/ansible/roles/nova-controller/tasks/main.yml deleted file mode 100644 index 1ebe628f..00000000 --- a/deploy/adapters/ansible/roles/nova-controller/tasks/main.yml +++ /dev/null @@ -1,23 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include: nova_install.yml - tags: - - install - - nova_install - - nova - -- include: nova_config.yml - when: inventory_hostname == groups['controller'][0] - tags: - - config - - nova_config - - nova - -- meta: flush_handlers diff --git a/deploy/adapters/ansible/roles/nova-controller/tasks/nova_config.yml b/deploy/adapters/ansible/roles/nova-controller/tasks/nova_config.yml deleted file mode 100644 index 6be41aa4..00000000 --- a/deploy/adapters/ansible/roles/nova-controller/tasks/nova_config.yml +++ /dev/null @@ -1,21 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: nova api db sync - shell: su -s /bin/sh -c "nova-manage api_db sync" nova - ignore_errors: "True" - notify: - - restart nova service - -- name: nova db sync - shell: su -s /bin/sh -c "nova-manage db sync" nova - notify: - - restart nova service - -- meta: flush_handlers diff --git a/deploy/adapters/ansible/roles/nova-controller/tasks/nova_install.yml b/deploy/adapters/ansible/roles/nova-controller/tasks/nova_install.yml deleted file mode 100644 index c7d6cb72..00000000 --- a/deploy/adapters/ansible/roles/nova-controller/tasks/nova_install.yml +++ /dev/null @@ -1,39 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - -- name: disable auto start - copy: - content: "#!/bin/sh\nexit 101" - dest: "/usr/sbin/policy-rc.d" - mode: 0755 - when: ansible_os_family == "Debian" - -- name: install nova related packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: "{{ packages | union(packages_noarch) }}" - -- name: enable auto start - file: - path=/usr/sbin/policy-rc.d - state=absent - when: ansible_os_family == "Debian" - -- name: generate nova control service list - lineinfile: dest=/opt/service create=yes line='{{ item }}' - with_items: "{{ services | union(services_noarch) }}" - -- name: update nova conf - template: src=templates/nova.conf - dest=/etc/nova/nova.conf - backup=yes - notify: - - restart nova service - - remove nova-sqlite-db diff --git a/deploy/adapters/ansible/roles/nova-controller/templates/dhcp_agent.ini b/deploy/adapters/ansible/roles/nova-controller/templates/dhcp_agent.ini deleted file mode 100644 index 19eb62ec..00000000 --- a/deploy/adapters/ansible/roles/nova-controller/templates/dhcp_agent.ini +++ /dev/null @@ -1,90 +0,0 @@ -[DEFAULT] -# Show debugging output in log (sets DEBUG log level output) -# debug = False -verbose = True - -# The DHCP agent will resync its state with Neutron to recover from any -# transient notification or rpc errors. The interval is number of -# seconds between attempts. -resync_interval = 5 - -# The DHCP agent requires an interface driver be set. Choose the one that best -# matches your plugin. -# interface_driver = - -# Example of interface_driver option for OVS based plugins(OVS, Ryu, NEC, NVP, -# BigSwitch/Floodlight) -interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver - -# Name of Open vSwitch bridge to use -# ovs_integration_bridge = br-int - -# Use veth for an OVS interface or not. -# Support kernels with limited namespace support -# (e.g. RHEL 6.5) so long as ovs_use_veth is set to True. -ovs_use_veth = False - -# Example of interface_driver option for LinuxBridge -# interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver - -# The agent can use other DHCP drivers. Dnsmasq is the simplest and requires -# no additional setup of the DHCP server. -dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq - -# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and -# iproute2 package that supports namespaces). -use_namespaces = True - -# The DHCP server can assist with providing metadata support on isolated -# networks. Setting this value to True will cause the DHCP server to append -# specific host routes to the DHCP request. The metadata service will only -# be activated when the subnet does not contain any router port. The guest -# instance must be configured to request host routes via DHCP (Option 121). -enable_isolated_metadata = False - -# Allows for serving metadata requests coming from a dedicated metadata -# access network whose cidr is 169.254.169.254/16 (or larger prefix), and -# is connected to a Neutron router from which the VMs send metadata -# request. In this case DHCP Option 121 will not be injected in VMs, as -# they will be able to reach 169.254.169.254 through a router. -# This option requires enable_isolated_metadata = True -enable_metadata_network = False - -# Number of threads to use during sync process. Should not exceed connection -# pool size configured on server. -# num_sync_threads = 4 - -# Location to store DHCP server config files -# dhcp_confs = $state_path/dhcp - -# Domain to use for building the hostnames -dhcp_domain = openstacklocal - -# Override the default dnsmasq settings with this file -# dnsmasq_config_file = -dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf - -# Comma-separated list of DNS servers which will be used by dnsmasq -# as forwarders. -# dnsmasq_dns_servers = - -# Limit number of leases to prevent a denial-of-service. -dnsmasq_lease_max = 16777216 - -# Location to DHCP lease relay UNIX domain socket -# dhcp_lease_relay_socket = $state_path/dhcp/lease_relay - -# Location of Metadata Proxy UNIX domain socket -# metadata_proxy_socket = $state_path/metadata_proxy - -# dhcp_delete_namespaces, which is false by default, can be set to True if -# namespaces can be deleted cleanly on the host running the dhcp agent. -# Do not enable this until you understand the problem with the Linux iproute -# utility mentioned in https://bugs.launchpad.net/neutron/+bug/1052535 and -# you are sure that your version of iproute does not suffer from the problem. -# If True, namespaces will be deleted when a dhcp server is disabled. -# dhcp_delete_namespaces = False - -# Timeout for ovs-vsctl commands. -# If the timeout expires, ovs commands will fail with ALARMCLOCK error. -# ovs_vsctl_timeout = 10 diff --git a/deploy/adapters/ansible/roles/nova-controller/templates/etc/xorp/config.boot b/deploy/adapters/ansible/roles/nova-controller/templates/etc/xorp/config.boot deleted file mode 100644 index 32caf96d..00000000 --- a/deploy/adapters/ansible/roles/nova-controller/templates/etc/xorp/config.boot +++ /dev/null @@ -1,25 +0,0 @@ -interfaces { - restore-original-config-on-shutdown: false - interface {{ hostvars[inventory_hostname][neutron_vxlan_interface|default(internal_interface)]['device'] }} { - description: "Internal pNodes interface" - disable: false - default-system-config - } -} - -protocols { - igmp { - disable: false - interface {{ hostvars[inventory_hostname][neutron_vxlan_interface|default(internal_interface)]['device'] }} { - vif {{ hostvars[inventory_hostname][neutron_vxlan_interface|default(internal_interface)]['device'] }} { - disable: false - version: 3 - } - } - traceoptions { - flag all { - disable: false - } - } - } -} diff --git a/deploy/adapters/ansible/roles/nova-controller/templates/l3_agent.ini b/deploy/adapters/ansible/roles/nova-controller/templates/l3_agent.ini deleted file mode 100644 index 5f499348..00000000 --- a/deploy/adapters/ansible/roles/nova-controller/templates/l3_agent.ini +++ /dev/null @@ -1,81 +0,0 @@ -[DEFAULT] -# Show debugging output in log (sets DEBUG log level output) -# debug = False -verbose = True - -# L3 requires that an interface driver be set. Choose the one that best -# matches your plugin. -# interface_driver = - -# Example of interface_driver option for OVS based plugins (OVS, Ryu, NEC) -# that supports L3 agent -# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver -interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver - -# Use veth for an OVS interface or not. -# Support kernels with limited namespace support -# (e.g. RHEL 6.5) so long as ovs_use_veth is set to True. -# ovs_use_veth = False - -# Example of interface_driver option for LinuxBridge -# interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver - -# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and -# iproute2 package that supports namespaces). -use_namespaces = True - -# If use_namespaces is set as False then the agent can only configure one router. - -# This is done by setting the specific router_id. -# router_id = - -# When external_network_bridge is set, each L3 agent can be associated -# with no more than one external network. This value should be set to the UUID -# of that external network. To allow L3 agent support multiple external -# networks, both the external_network_bridge and gateway_external_network_id -# must be left empty. -# gateway_external_network_id = - -# Indicates that this L3 agent should also handle routers that do not have -# an external network gateway configured. This option should be True only -# for a single agent in a Neutron deployment, and may be False for all agents -# if all routers must have an external network gateway -handle_internal_only_routers = True - -# Name of bridge used for external network traffic. This should be set to -# empty value for the linux bridge. when this parameter is set, each L3 agent -# can be associated with no more than one external network. -external_network_bridge = - -# TCP Port used by Neutron metadata server -metadata_port = 9697 - -# Send this many gratuitous ARPs for HA setup. Set it below or equal to 0 -# to disable this feature. -send_arp_for_ha = 3 - -# seconds between re-sync routers' data if needed -periodic_interval = 40 - -# seconds to start to sync routers' data after -# starting agent -periodic_fuzzy_delay = 5 - -# enable_metadata_proxy, which is true by default, can be set to False -# if the Nova metadata server is not available -# enable_metadata_proxy = True - -# Location of Metadata Proxy UNIX domain socket -# metadata_proxy_socket = $state_path/metadata_proxy - -# router_delete_namespaces, which is false by default, can be set to True if -# namespaces can be deleted cleanly on the host running the L3 agent. -# Do not enable this until you understand the problem with the Linux iproute -# utility mentioned in https://bugs.launchpad.net/neutron/+bug/1052535 and -# you are sure that your version of iproute does not suffer from the problem. -# If True, namespaces will be deleted when a router is destroyed. -# router_delete_namespaces = False - -# Timeout for ovs-vsctl commands. -# If the timeout expires, ovs commands will fail with ALARMCLOCK error. -# ovs_vsctl_timeout = 10 diff --git a/deploy/adapters/ansible/roles/nova-controller/templates/metadata_agent.ini b/deploy/adapters/ansible/roles/nova-controller/templates/metadata_agent.ini deleted file mode 100644 index 5109d8b7..00000000 --- a/deploy/adapters/ansible/roles/nova-controller/templates/metadata_agent.ini +++ /dev/null @@ -1,46 +0,0 @@ -[DEFAULT] -# Show debugging output in log (sets DEBUG log level output) -debug = True - -# The Neutron user information for accessing the Neutron API. -auth_url = http://{{ internal_vip.ip }}:5000/v2.0 -auth_region = RegionOne -# Turn off verification of the certificate for ssl -# auth_insecure = False -# Certificate Authority public key (CA cert) file for ssl -# auth_ca_cert = -admin_tenant_name = service -admin_user = neutron -admin_password = {{ NEUTRON_PASS }} - -# Network service endpoint type to pull from the keystone catalog -# endpoint_type = adminURL - -# IP address used by Nova metadata server -nova_metadata_ip = {{ internal_vip.ip }} - -# TCP Port used by Nova metadata server -nova_metadata_port = 8775 - -# When proxying metadata requests, Neutron signs the Instance-ID header with a -# shared secret to prevent spoofing. You may select any string for a secret, -# but it must match here and in the configuration used by the Nova Metadata -# Server. NOTE: Nova uses a different key: neutron_metadata_proxy_shared_secret -metadata_proxy_shared_secret = {{ METADATA_SECRET }} - -# Location of Metadata Proxy UNIX domain socket -# metadata_proxy_socket = $state_path/metadata_proxy - -# Number of separate worker processes for metadata server -# metadata_workers = 0 - -# Number of backlog requests to configure the metadata server socket with -# metadata_backlog = 128 - -# URL to connect to the cache backend. -# Example of URL using memory caching backend -# with ttl set to 5 seconds: cache_url = memory://?default_ttl=5 -# default_ttl=0 parameter will cause cache entries to never expire. -# Otherwise default_ttl specifies time in seconds a cache entry is valid for. -# No cache is used in case no value is passed. -# cache_url = diff --git a/deploy/adapters/ansible/roles/nova-controller/templates/neutron_init.sh b/deploy/adapters/ansible/roles/nova-controller/templates/neutron_init.sh deleted file mode 100644 index 8ab43240..00000000 --- a/deploy/adapters/ansible/roles/nova-controller/templates/neutron_init.sh +++ /dev/null @@ -1,12 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## -# neutron --os-username=admin --os-password={{ ADMIN_PASS }} --os-tenant-name=admin --os-auth-url=http://{{ identity_host }}:35357/v2.0 net-create ext-net --shared --router:external=True - -# neutron --os-username=admin --os-password={{ ADMIN_PASS }} --os-tenant-name=admin --os-auth-url=http://{{ identity_host }}:35357/v2.0 subnet-create ext-net --name ext-subnet --allocation-pool start={{ FLOATING_IP_START }},end={{ FLOATING_IP_END}} --disable-dhcp --gateway {{EXTERNAL_NETWORK_GATEWAY}} {{EXTERNAL_NETWORK_CIDR}} - diff --git a/deploy/adapters/ansible/roles/nova-controller/vars/Debian.yml b/deploy/adapters/ansible/roles/nova-controller/vars/Debian.yml deleted file mode 100644 index 26178cf8..00000000 --- a/deploy/adapters/ansible/roles/nova-controller/vars/Debian.yml +++ /dev/null @@ -1,25 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages: - - nova-api - - nova-cert - - nova-conductor - - nova-consoleauth - - nova-novncproxy - - nova-scheduler - - python-oslo.rootwrap - -services: - - nova-api - - nova-cert - - nova-conductor - - nova-consoleauth - - nova-novncproxy - - nova-scheduler diff --git a/deploy/adapters/ansible/roles/nova-controller/vars/RedHat.yml b/deploy/adapters/ansible/roles/nova-controller/vars/RedHat.yml deleted file mode 100644 index 62913f92..00000000 --- a/deploy/adapters/ansible/roles/nova-controller/vars/RedHat.yml +++ /dev/null @@ -1,24 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages: - - openstack-nova-api - - openstack-nova-cert - - openstack-nova-conductor - - openstack-nova-console - - openstack-nova-novncproxy - - openstack-nova-scheduler - -services: - - openstack-nova-api - - openstack-nova-cert - - openstack-nova-conductor - - openstack-nova-consoleauth - - openstack-nova-novncproxy - - openstack-nova-scheduler diff --git a/deploy/adapters/ansible/roles/nova-controller/vars/main.yml b/deploy/adapters/ansible/roles/nova-controller/vars/main.yml deleted file mode 100644 index f6fef749..00000000 --- a/deploy/adapters/ansible/roles/nova-controller/vars/main.yml +++ /dev/null @@ -1,12 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages_noarch: [] - -services_noarch: [] diff --git a/deploy/adapters/ansible/roles/odl_cluster/files/recover_network.py b/deploy/adapters/ansible/roles/odl_cluster/files/recover_network.py deleted file mode 100644 index 2b15f4a2..00000000 --- a/deploy/adapters/ansible/roles/odl_cluster/files/recover_network.py +++ /dev/null @@ -1,79 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - -import yaml -import netaddr -import os -import log as logging - -LOG = logging.getLogger("net-recover") -config_path = os.path.join(os.path.dirname(__file__), "network.cfg") - - -def setup_bondings(bond_mappings): - print bond_mappings - - -def add_ovs_port(ovs_br, ifname, uplink, vlan_id=None): - LOG.info("add_ovs_port enter") - cmd = "ovs-vsctl --may-exist add-port %s %s" % (ovs_br, ifname) - if vlan_id: - cmd += " tag=%s" % vlan_id - cmd += " -- set Interface %s type=internal;" % ifname - cmd += "ip link set dev %s address `ip link show %s |awk '/link\/ether/{print $2}'`;" % (ifname, uplink) # noqa - cmd += "ip link set %s up;" % ifname - LOG.info("add_ovs_port: cmd=%s" % cmd) - os.system(cmd) - - -def setup_ips(ip_settings, sys_intf_mappings): - LOG.info("setup_ips enter") - for intf_info in ip_settings.values(): - network = netaddr.IPNetwork(intf_info["cidr"]) - if sys_intf_mappings[intf_info["name"]]["type"] == "ovs": - intf_name = intf_info["name"] - else: - intf_name = intf_info["alias"] - if "gw" in intf_info: - cmd = "ip addr add %s/%s brd %s dev %s;" \ - % (intf_info["ip"], intf_info["netmask"], str(network.broadcast), intf_name) # noqa - cmd += "route del default;" - cmd += "ip route add default via %s dev %s" % ( - intf_info["gw"], intf_name) - LOG.info("setup_ips: cmd=%s" % cmd) - os.system(cmd) - - -def setup_intfs(sys_intf_mappings, uplink_map): - LOG.info("setup_intfs enter") - for intf_name, intf_info in sys_intf_mappings.items(): - if intf_info["type"] == "ovs": - add_ovs_port( - intf_info["interface"], - intf_name, - uplink_map[intf_info["interface"]], - vlan_id=intf_info.get("vlan_tag")) - else: - pass - - -def main(config): - uplink_map = {} - setup_bondings(config["bond_mappings"]) - for provider_net in config["provider_net_mappings"]: - uplink_map[provider_net['name']] = provider_net['interface'] - - setup_intfs(config["sys_intf_mappings"], uplink_map) - setup_ips(config["ip_settings"], config["sys_intf_mappings"]) - - -if __name__ == "__main__": - os.system("service openvswitch-switch status|| service openvswitch-switch start") # noqa - config = yaml.load(open(config_path)) - main(config) diff --git a/deploy/adapters/ansible/roles/odl_cluster/files/recover_network_odl_l3.py b/deploy/adapters/ansible/roles/odl_cluster/files/recover_network_odl_l3.py deleted file mode 100644 index 0f7e32a5..00000000 --- a/deploy/adapters/ansible/roles/odl_cluster/files/recover_network_odl_l3.py +++ /dev/null @@ -1,43 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - -import yaml -import netaddr -import os -import log as logging - -LOG = logging.getLogger("net-recover-odl-l3") -config_path = os.path.join(os.path.dirname(__file__), "network.cfg") - - -def setup_bondings(bond_mappings): - print bond_mappings - - -def setup_ips_new(config): - LOG.info("setup_ips_new enter") - network = netaddr.IPNetwork(config["ip_settings"]["br-prv"]["cidr"]) -# intf_name = config["provider_net_mappings"][0]["interface"] - cmd = "ip link set br-ex up;" - cmd += "ip addr add %s/%s brd %s dev %s;" \ - % (config["ip_settings"]["br-prv"]["ip"], config["ip_settings"]["br-prv"]["netmask"], str(network.broadcast), 'br-ex') # noqa - cmd += "route del default;" - cmd += "ip route add default via %s dev %s" % ( - config["ip_settings"]["br-prv"]["gw"], 'br-ex') - LOG.info("setup_ips_new: cmd=%s" % cmd) - os.system(cmd) - - -def main(config): - setup_ips_new(config) - -if __name__ == "__main__": - os.system("service openvswitch-switch status|| service openvswitch-switch start") # noqa - config = yaml.load(open(config_path)) - main(config) diff --git a/deploy/adapters/ansible/roles/odl_cluster/files/setup_networks_odl_l3.py b/deploy/adapters/ansible/roles/odl_cluster/files/setup_networks_odl_l3.py deleted file mode 100644 index 74032d19..00000000 --- a/deploy/adapters/ansible/roles/odl_cluster/files/setup_networks_odl_l3.py +++ /dev/null @@ -1,111 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - -import yaml -import netaddr -import os -import log as logging - -LOG = logging.getLogger("net-init-l3") -config_path = os.path.join(os.path.dirname(__file__), "network.cfg") - - -def setup_bondings(bond_mappings): - print bond_mappings - - -def add_vlan_link(interface, ifname, vlan_id): - LOG.info("add_vlan_link enter") - cmd = "ip link add link %s name %s type vlan id %s; " % ( - ifname, interface, vlan_id) - cmd += "ip link set %s up; ip link set %s up" % (interface, ifname) - LOG.info("add_vlan_link: cmd=%s" % cmd) - os.system(cmd) - -# def add_ovs_port(ovs_br, ifname, uplink, vlan_id=None): -# LOG.info("add_ovs_port enter") -# cmd = "ovs-vsctl --may-exist add-port %s %s" % (ovs_br, ifname) -# if vlan_id: -# cmd += " tag=%s" % vlan_id -# cmd += " -- set Interface %s type=internal;" % ifname -# cmd += "ip link set dev %s address `ip link show %s |awk '/link\/ether/{print $2}'`;" \ # noqa -# % (ifname, uplink) -# cmd += "ip link set %s up;" % ifname -# LOG.info("add_ovs_port: cmd=%s" % cmd) -# os.system(cmd) - - -def setup_intfs(sys_intf_mappings, uplink_map): - LOG.info("setup_intfs enter") - for intf_name, intf_info in sys_intf_mappings.items(): - if intf_info["type"] == "vlan": - add_vlan_link( - intf_name, - intf_info["interface"], - intf_info["vlan_tag"]) -# elif intf_info["type"] == "ovs": -# add_ovs_port( -# intf_info["interface"], -# intf_name, -# uplink_map[intf_info["interface"]], -# vlan_id=intf_info.get("vlan_tag")) - else: - pass - - -def setup_ips(ip_settings, sys_intf_mappings): - LOG.info("setup_ips enter") - for intf_info in ip_settings.values(): - network = netaddr.IPNetwork(intf_info["cidr"]) - if sys_intf_mappings[intf_info["name"]]["type"] == "ovs": - intf_name = intf_info["name"] - else: - intf_name = intf_info["alias"] - if "gw" in intf_info: - continue - cmd = "ip addr add %s/%s brd %s dev %s;" \ - % (intf_info["ip"], intf_info["netmask"], str(network.broadcast), intf_name) # noqa -# if "gw" in intf_info: -# cmd += "route del default;" -# cmd += "ip route add default via %s dev %s" % (intf_info["gw"], intf_name) # noqa - LOG.info("setup_ips: cmd=%s" % cmd) - os.system(cmd) - - -def setup_ips_new(config): - LOG.info("setup_ips_new enter") - network = netaddr.IPNetwork(config["ip_settings"]["br-prv"]["cidr"]) -# intf_name = config["provider_net_mappings"][0]["interface"] -# cmd = "ip addr add %s/%s brd %s dev %s;" \ -# % (config["ip_settings"]["br-prv"]["ip"], config["ip_settings"]["br-prv"]["netmask"], str(network.broadcast), intf_name) # noqa - cmd = "ip link set br-ex up;" - cmd += "ip addr add %s/%s brd %s dev %s;" \ - % (config["ip_settings"]["br-prv"]["ip"], config["ip_settings"]["br-prv"]["netmask"], str(network.broadcast), 'br-ex') # noqa - cmd += "route del default;" -# cmd += "ip route add default via %s dev %s" % (config["ip_settings"]["br-prv"]["gw"], intf_name) # noqa - cmd += "ip route add default via %s dev %s" % ( - config["ip_settings"]["br-prv"]["gw"], 'br-ex') - LOG.info("setup_ips_new: cmd=%s" % cmd) - os.system(cmd) - - -def main(config): - uplink_map = {} - setup_bondings(config["bond_mappings"]) - for provider_net in config["provider_net_mappings"]: - uplink_map[provider_net['name']] = provider_net['interface'] - - setup_intfs(config["sys_intf_mappings"], uplink_map) - setup_ips(config["ip_settings"], config["sys_intf_mappings"]) - setup_ips_new(config) - -if __name__ == "__main__": - os.system("service openvswitch-switch status|| service openvswitch-switch start") # noqa - config = yaml.load(open(config_path)) - main(config) diff --git a/deploy/adapters/ansible/roles/odl_cluster/tasks/00_odl_common.yml b/deploy/adapters/ansible/roles/odl_cluster/tasks/00_odl_common.yml deleted file mode 100644 index 55b29b3e..00000000 --- a/deploy/adapters/ansible/roles/odl_cluster/tasks/00_odl_common.yml +++ /dev/null @@ -1,13 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- - -- name: install controller packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: "{{ common_packages | union(common_packages_noarch) }}" diff --git a/deploy/adapters/ansible/roles/odl_cluster/tasks/01_00_download_packages.yml b/deploy/adapters/ansible/roles/odl_cluster/tasks/01_00_download_packages.yml deleted file mode 100644 index 565fc7ef..00000000 --- a/deploy/adapters/ansible/roles/odl_cluster/tasks/01_00_download_packages.yml +++ /dev/null @@ -1,33 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- - -- name: get image http server - shell: awk -F'=' '/compass_server/ {print $2}' /etc/compass.conf - register: http_server - -- name: download oracle-jdk8 package file - get_url: - url: "http://{{ http_server.stdout_lines[0] }}/packages/java/{{ jdk8_pkg_name }}" - dest: /opt/{{ jdk8_pkg_name }} - -- name: download oracle-jdk8 script file - get_url: - url: "http://{{ http_server.stdout_lines[0] }}/packages/java/{{ jdk8_script_name }}" - dest: /opt/ - -- name: download odl package - get_url: - url: "http://{{ http_server.stdout_lines[0] }}/packages/odl/{{ odl_pkg_url }}" - dest: /opt/{{ odl_pkg_name }} - -- name: download odl pip package - get_url: - url: "http://{{ http_server.stdout_lines[0] }}/pip-openstack/{{ networking_odl_pkg_name }}" - dest: /opt/{{ networking_odl_pkg_name }} diff --git a/deploy/adapters/ansible/roles/odl_cluster/tasks/01_01_create_odl_user_and_group.yml b/deploy/adapters/ansible/roles/odl_cluster/tasks/01_01_create_odl_user_and_group.yml deleted file mode 100644 index cd6e9751..00000000 --- a/deploy/adapters/ansible/roles/odl_cluster/tasks/01_01_create_odl_user_and_group.yml +++ /dev/null @@ -1,21 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- - -- name: create odl group - group: name=odl system=yes state=present - -- name: create odl user - user: - name: odl - group: odl - home: "{{ odl_home }}" - createhome: "yes" - system: "yes" - shell: "/bin/false" diff --git a/deploy/adapters/ansible/roles/odl_cluster/tasks/01_02_unarchive_odl_and_jdk.yml b/deploy/adapters/ansible/roles/odl_cluster/tasks/01_02_unarchive_odl_and_jdk.yml deleted file mode 100644 index 9592a0ae..00000000 --- a/deploy/adapters/ansible/roles/odl_cluster/tasks/01_02_unarchive_odl_and_jdk.yml +++ /dev/null @@ -1,26 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- - -- name: clear jdk8 package - command: su -s /bin/sh -c "rm -rf /opt/install_jdk8" - -- name: unarchive onos driver package - command: su -s /bin/sh -c "tar xvf /opt/install_jdk8.tar -C /opt/" - -- name: install install_jdk8 package - command: su -s /bin/sh -c "/opt/install_jdk8/install_jdk8.sh" - -- name: clear odl package - command: su -s /bin/sh -c "rm -rf {{ odl_home }}/*" - -- name: extract odl package - command: | - su -s /bin/sh -c "tar xzf /opt/{{ odl_pkg_name }} -C {{ odl_home }} \ - --strip-components 1" odl diff --git a/deploy/adapters/ansible/roles/odl_cluster/tasks/01_03_copy_odl_configuration_files.yml b/deploy/adapters/ansible/roles/odl_cluster/tasks/01_03_copy_odl_configuration_files.yml deleted file mode 100644 index 0d4043e0..00000000 --- a/deploy/adapters/ansible/roles/odl_cluster/tasks/01_03_copy_odl_configuration_files.yml +++ /dev/null @@ -1,55 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: opendaylight system file - copy: - src: "{{ service_file.src }}" - dest: "{{ service_file.dst }}" - mode: 0755 - -- name: set l3 fwd enable in custom.properties - template: - src: custom.properties - dest: "{{ odl_home }}/etc/custom.properties" - owner: odl - group: odl - mode: 0775 - when: odl_l3_agent == "Enable" - -- name: create karaf config - template: - src: org.apache.karaf.features.cfg.Debian - dest: "{{ odl_home }}/etc/org.apache.karaf.features.cfg" - owner: odl - group: odl - mode: 0775 - when: ansible_os_family == "Debian" - -- name: create karaf config - template: - src: org.apache.karaf.features.cfg.Redhat - dest: "{{ odl_home }}/etc/org.apache.karaf.features.cfg" - owner: odl - group: odl - mode: 0775 - when: ansible_os_family == "RedHat" - -- name: copy acl configuration script - template: - src: acl_conf.sh - dest: "/opt/acl_conf.sh" - mode: 0777 - -- name: execute acl configuration script - command: su -s /bin/sh -c "/opt/acl_conf.sh;" - -- name: create tomcat config - shell: > - sed -i 's/port="8282"/port="{{ odl_api_port }}"/' - {{ odl_home }}configuration/tomcat-server.xml diff --git a/deploy/adapters/ansible/roles/odl_cluster/tasks/01_04_install_pip_packages.yml b/deploy/adapters/ansible/roles/odl_cluster/tasks/01_04_install_pip_packages.yml deleted file mode 100644 index fa418c6c..00000000 --- a/deploy/adapters/ansible/roles/odl_cluster/tasks/01_04_install_pip_packages.yml +++ /dev/null @@ -1,25 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- - -- name: patch odl pip package - shell: | - cd /opt - tar xf /opt/{{ networking_odl_pkg_name }} - rm -rf /opt/{{ networking_odl_pkg_name }} - sed -i 's/^neutron-lib.*/neutron-lib/' {{ odl_pip }}/requirements.txt - tar zcf /opt/{{ networking_odl_pkg_name }} {{ odl_pip }} - cd - - -- name: odl pip package install - shell: | - cd /opt - pip install {{ networking_odl_pkg_name }} - rm -rf {{ networking_odl_pkg_name }} - cd - diff --git a/deploy/adapters/ansible/roles/odl_cluster/tasks/01_05_clean_up_karaf_data.yml b/deploy/adapters/ansible/roles/odl_cluster/tasks/01_05_clean_up_karaf_data.yml deleted file mode 100644 index 6ed317d6..00000000 --- a/deploy/adapters/ansible/roles/odl_cluster/tasks/01_05_clean_up_karaf_data.yml +++ /dev/null @@ -1,12 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- - -- name: remove karaf data directory - shell: rm -rf {{ odl_home }}/data/*; diff --git a/deploy/adapters/ansible/roles/odl_cluster/tasks/01_06_stop_openstack_services.yml b/deploy/adapters/ansible/roles/odl_cluster/tasks/01_06_stop_openstack_services.yml deleted file mode 100644 index 30ee61fb..00000000 --- a/deploy/adapters/ansible/roles/odl_cluster/tasks/01_06_stop_openstack_services.yml +++ /dev/null @@ -1,34 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- - -- name: turn off neutron server and agent Daemon on control node - shell: > - sed -i '/{{ service_ovs_agent_name }}/d' /opt/service ; - sed -i '/neutron-server/d' /opt/service; - sed -i '/keepalived/d' /opt/service; - -- name: turn off neutron-server on control node - service: name=neutron-server state=stopped - -- name: turn off keepalived on control node - service: name=keepalived state=stopped - when: ansible_os_family == "Debian" - -- name: stop neutron l3 agent - service: name=neutron-l3-agent state=stopped enabled=no - when: odl_l3_agent == "Enable" and inventory_hostname in groups['odl'] - -- name: remove neutron l3 agent - shell: > - sed -i '/neutron-l3-agent/d' /opt/service; - rm -rf /lib/systemd/system/neutron-l3-agent.service; - rm -rf /etc/init/neutron-l3-agent.conf; - rm -rf /etc/init.d/neutron-l3-agent; - when: odl_l3_agent == "Enable" and inventory_hostname in groups['odl'] diff --git a/deploy/adapters/ansible/roles/odl_cluster/tasks/01_08_configure_neutron.yml b/deploy/adapters/ansible/roles/odl_cluster/tasks/01_08_configure_neutron.yml deleted file mode 100644 index 80443f1b..00000000 --- a/deploy/adapters/ansible/roles/odl_cluster/tasks/01_08_configure_neutron.yml +++ /dev/null @@ -1,54 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- - -- name: configure l2 configuration - shell: | - crudini --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge \ - br-prv; - when: odl_l3_agent == "Disable" - -- name: configure l3 configuration - shell: | - crudini --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge \ - br-ex; - when: odl_l3_agent == "Enable" - -- name: configure odl l3 driver - shell: | - crudini --set /etc/neutron/neutron.conf DEFAULT service_plugins \ - networking_odl.l3.l3_odl.OpenDaylightL3RouterPlugin; - when: odl_l3_agent == "Enable" - -- name: configure metadata for l3 configuration - shell: | - crudini --set /etc/neutron/dhcp_agent.ini DEFAULT \ - enable_isolated_metadata "True"; - when: odl_l3_agent == "Enable" - -- name: force metadata for l3 configuration - shell: | - crudini --set /etc/neutron/dhcp_agent.ini DEFAULT \ - force_metadata "True"; - when: odl_l3_agent == "Enable" - - -- name: drop and recreate neutron database - shell: | - mysql -e "drop database if exists neutron;"; - mysql -e "create database neutron character set utf8;"; - mysql -e "grant all on neutron.* to 'neutron'@'%' identified by \ - '{{ NEUTRON_DBPASS }}';"; - su -s /bin/sh -c "neutron-db-manage \ - --config-file /etc/neutron/neutron.conf \ - --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ - upgrade head" neutron; - when: inventory_hostname == haproxy_hosts.keys()[0] - tags: - - test_odl diff --git a/deploy/adapters/ansible/roles/odl_cluster/tasks/01_odl_controller.yml b/deploy/adapters/ansible/roles/odl_cluster/tasks/01_odl_controller.yml deleted file mode 100644 index 7dd8bd88..00000000 --- a/deploy/adapters/ansible/roles/odl_cluster/tasks/01_odl_controller.yml +++ /dev/null @@ -1,43 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- - -- name: download packages - include: 01_00_download_packages.yml - -- name: create odl user and group - include: 01_01_create_odl_user_and_group.yml - -- name: unarchive odl and jdk - include: 01_02_unarchive_odl_and_jdk.yml - -- name: copy odl configuration files - include: 01_03_copy_odl_configuration_files.yml - -- name: install pip packages - include: 01_04_install_pip_packages.yml - -- name: clean up karaf data - include: 01_05_clean_up_karaf_data.yml - -- name: stop openstack services - include: 01_06_stop_openstack_services.yml - -# - name: set opendaylight cluster -# include: 05_set_opendaylight_cluster.yml -# when: groups['odl']|length > 1 - -- name: start and check odl - include: 01_07_start_check_odl.yml - -- name: run openswitch - include: 03_openvswitch.yml - -- name: configure neutron - include: 01_08_configure_neutron.yml diff --git a/deploy/adapters/ansible/roles/odl_cluster/tasks/02_odl_compute.yml b/deploy/adapters/ansible/roles/odl_cluster/tasks/02_odl_compute.yml deleted file mode 100644 index 7506200b..00000000 --- a/deploy/adapters/ansible/roles/odl_cluster/tasks/02_odl_compute.yml +++ /dev/null @@ -1,12 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- - -- name: Provision ODL on Compute nodes - include: 03_openvswitch.yml diff --git a/deploy/adapters/ansible/roles/odl_cluster/tasks/03_00_switch_off_neutron_openvswitch_agent.yml b/deploy/adapters/ansible/roles/odl_cluster/tasks/03_00_switch_off_neutron_openvswitch_agent.yml deleted file mode 100644 index 08f8a07c..00000000 --- a/deploy/adapters/ansible/roles/odl_cluster/tasks/03_00_switch_off_neutron_openvswitch_agent.yml +++ /dev/null @@ -1,23 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: remove neutron-openvswitch-agent service daemon - shell: sed -i '/{{ service_ovs_agent_name }}/d' /opt/service ; - -- name: shut down and disable Neutron's openvswitch agent services - service: name={{ service_ovs_agent_name }} state=stopped enabled=no - -- name: remove Neutron's openvswitch agent services - shell: > - update-rc.d -f {{ service_ovs_agent_name }} remove; - mv /etc/init.d/{{ service_ovs_agent_name }} \ - /home/{{ service_ovs_agent_name }}; - mv /etc/init/{{ service_ovs_agent_name }}.conf \ - /home/{{ service_ovs_agent_name }}.conf; - when: ansible_os_family == "Debian" diff --git a/deploy/adapters/ansible/roles/odl_cluster/tasks/03_01_clean_up_and_restart_openvswitch.yml b/deploy/adapters/ansible/roles/odl_cluster/tasks/03_01_clean_up_and_restart_openvswitch.yml deleted file mode 100644 index 48287857..00000000 --- a/deploy/adapters/ansible/roles/odl_cluster/tasks/03_01_clean_up_and_restart_openvswitch.yml +++ /dev/null @@ -1,16 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- - -- name: Stop the Open vSwitch service and clear existing OVSDB - shell: > - service {{ service_ovs_name }} stop ; - rm -rf /var/log/openvswitch/* ; - rm -rf /etc/openvswitch/conf.db ; - service {{ service_ovs_name }} start ; diff --git a/deploy/adapters/ansible/roles/odl_cluster/tasks/03_02_openvswitch_connect_opendaylight.yml b/deploy/adapters/ansible/roles/odl_cluster/tasks/03_02_openvswitch_connect_opendaylight.yml deleted file mode 100644 index 2a9622f9..00000000 --- a/deploy/adapters/ansible/roles/odl_cluster/tasks/03_02_openvswitch_connect_opendaylight.yml +++ /dev/null @@ -1,36 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- - -- name: add ovsdb_connection to neutron.conf - shell: crudini --set /etc/neutron/neutron.conf OVS ovsdb_connection tcp:127.0.0.1:6639 - -- name: restart keepalived to recover external IP before check br-int - shell: service keepalived restart - when: inventory_hostname in groups['odl'] - ignore_errors: "True" - -- name: restart opendaylight - shell: service opendaylight restart; sleep 60 - when: inventory_hostname in groups['odl'] - ignore_errors: "True" - -- name: set opendaylight as the manager - command: | - su -s /bin/sh -c "ovs-vsctl set-manager ptcp:6639:127.0.0.1 tcp:{{ internal_vip.ip }}:6640;" - -- name: check br-int - shell: | - ovs-vsctl list-br | grep br-int; while [ $? -ne 0 ]; do sleep 10; \ - ovs-vsctl list-br | grep br-int; done - -- name: set local ip in openvswitch - shell: | - ovs-vsctl set Open_vSwitch $(ovs-vsctl show | head -n 1) \ - other_config={'local_ip'=' {{ internal_ip }} '}; diff --git a/deploy/adapters/ansible/roles/odl_cluster/tasks/03_03_00_recover_external_network_l3.yml b/deploy/adapters/ansible/roles/odl_cluster/tasks/03_03_00_recover_external_network_l3.yml deleted file mode 100644 index f315ebbf..00000000 --- a/deploy/adapters/ansible/roles/odl_cluster/tasks/03_03_00_recover_external_network_l3.yml +++ /dev/null @@ -1,45 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: check br-ex - shell: | - ovs-vsctl list-br | grep br-ex; - while [ $? -ne 0 ]; do sleep 10; ovs-vsctl list-br | grep br-ex; done - -- name: add ovs uplink - openvswitch_port: bridge=br-ex port={{ item["interface"] }} state=present - with_items: "{{ network_cfg['provider_net_mappings'] }}" - when: item["type"] == "ovs" - -- name: wait 10 seconds - shell: sleep 10 - -- name: set external nic in openvswitch - shell: | - ovs-vsctl set Open_vSwitch $(ovs-vsctl show | head -n 1) \ - other_config:provider_mappings=br-ex:{{ item["interface"] }} - with_items: "{{ network_cfg['provider_net_mappings'] }}" - when: item["type"] == "ovs" - -- name: copy recovery script - copy: src={{ item }} dest=/opt/setup_networks - with_items: - - recover_network_odl_l3.py - - setup_networks_odl_l3.py - -- name: recover external script - shell: python /opt/setup_networks/recover_network_odl_l3.py - -- name: update keepalived info - template: src=keepalived.conf dest=/etc/keepalived/keepalived.conf - when: inventory_hostname in groups['odl'] - -- name: modify net-init - shell: sed -i 's/setup_networks.py/setup_networks_odl_l3.py/g' \ - /etc/init.d/net_init diff --git a/deploy/adapters/ansible/roles/odl_cluster/tasks/03_03_01_recover_external_network_l2.yml b/deploy/adapters/ansible/roles/odl_cluster/tasks/03_03_01_recover_external_network_l2.yml deleted file mode 100644 index 54630898..00000000 --- a/deploy/adapters/ansible/roles/odl_cluster/tasks/03_03_01_recover_external_network_l2.yml +++ /dev/null @@ -1,27 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: add ovs bridge - openvswitch_bridge: bridge={{ item["name"] }} state=present - with_items: "{{ network_cfg['provider_net_mappings'] }}" - when: item["type"] == "ovs" - -- name: add ovs uplink - openvswitch_port: bridge={{ item["name"] }} port={{ item["interface"] }} - state=present - with_items: "{{ network_cfg['provider_net_mappings'] }}" - when: item["type"] == "ovs" - -- name: copy recovery script - copy: src={{ item }} dest=/opt/setup_networks - with_items: - - recover_network.py - -- name: recover external script - shell: python /opt/setup_networks/recover_network.py diff --git a/deploy/adapters/ansible/roles/odl_cluster/tasks/03_03_recover_external_network.yml b/deploy/adapters/ansible/roles/odl_cluster/tasks/03_03_recover_external_network.yml deleted file mode 100644 index bffaf79f..00000000 --- a/deploy/adapters/ansible/roles/odl_cluster/tasks/03_03_recover_external_network.yml +++ /dev/null @@ -1,22 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- - -- name: recover external network for L3 - include: 03_03_00_recover_external_network_l3.yml - when: odl_l3_agent == "Enable" - -- name: recover external network for L2 - include: 03_03_01_recover_external_network_l2.yml - when: odl_l3_agent == "Disable" - -- name: restart keepalived to recover external IP - shell: service keepalived restart - when: inventory_hostname in groups['odl'] - ignore_errors: "True" diff --git a/deploy/adapters/ansible/roles/odl_cluster/tasks/03_04_setup_ml2.yml b/deploy/adapters/ansible/roles/odl_cluster/tasks/03_04_setup_ml2.yml deleted file mode 100644 index febe72be..00000000 --- a/deploy/adapters/ansible/roles/odl_cluster/tasks/03_04_setup_ml2.yml +++ /dev/null @@ -1,25 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- - -- name: configure opendaylight -> ml2 - shell: > - crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers opendaylight; - crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan; - crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs enable_tunneling "True"; - crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security; - -- name: copy ml2 configuration script - template: - src: ml2_conf.sh - dest: "/opt/ml2_conf.sh" - mode: 0777 - -- name: execute ml2 configuration script - command: su -s /bin/sh -c "/opt/ml2_conf.sh;" diff --git a/deploy/adapters/ansible/roles/odl_cluster/tasks/03_openvswitch.yml b/deploy/adapters/ansible/roles/odl_cluster/tasks/03_openvswitch.yml deleted file mode 100644 index 5c24be0b..00000000 --- a/deploy/adapters/ansible/roles/odl_cluster/tasks/03_openvswitch.yml +++ /dev/null @@ -1,24 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- - -- name: switch off neutron-openvswitch-agent - include: 03_00_switch_off_neutron_openvswitch_agent.yml - -- name: clean up and restart openvswitch - include: 03_01_clean_up_and_restart_openvswitch.yml - -- name: openvswitch connect with opendaylight and check br-int - include: 03_02_openvswitch_connect_opendaylight.yml - -- name: recover external network - include: 03_03_recover_external_network.yml - -- name: set up ml2 - include: 03_04_setup_ml2.yml diff --git a/deploy/adapters/ansible/roles/odl_cluster/tasks/04_odl_l3_nova.yml b/deploy/adapters/ansible/roles/odl_cluster/tasks/04_odl_l3_nova.yml deleted file mode 100644 index 8a6435b5..00000000 --- a/deploy/adapters/ansible/roles/odl_cluster/tasks/04_odl_l3_nova.yml +++ /dev/null @@ -1,15 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- - -- name: set file inject in nova.conf - shell: crudini --set /etc/nova/nova.conf DEFAULT force_config_drive true - -- name: restart all nova service - shell: for i in `cat /opt/service | grep nova` ; do service $i restart; done diff --git a/deploy/adapters/ansible/roles/odl_cluster/tasks/05_set_opendaylight_cluster.yml b/deploy/adapters/ansible/roles/odl_cluster/tasks/05_set_opendaylight_cluster.yml deleted file mode 100644 index c9d93709..00000000 --- a/deploy/adapters/ansible/roles/odl_cluster/tasks/05_set_opendaylight_cluster.yml +++ /dev/null @@ -1,34 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- - -- name: combine odl controller - shell: rm -f /opt/cluster; touch /opt/cluster; - -- name: combine odl controller - shell: | - echo "{{ ip_settings[item.1]['mgmt']['ip'] }} \c" >> /opt/cluster; \ - >> /opt/cluster; - with_indexed_items: groups['odl'] - -- name: combine odl controller - shell: cat /opt/cluster - register: cluster - -- name: combine odl controller - shell: uname -n | cut -b 5,5 - register: number - -- debug: msg="{{ odl_home }}/bin/configure_cluster.sh - {{ number.stdout_lines[0] }} {{ cluster.stdout_lines[0] }}" - -- name: configure odl controller in cluster - shell: | - "{{ odl_home }}/bin/configure_cluster.sh {{ number.stdout_lines[0] }} \ - {{ cluster.stdout_lines[0] }}" diff --git a/deploy/adapters/ansible/roles/odl_cluster/tasks/main.yml b/deploy/adapters/ansible/roles/odl_cluster/tasks/main.yml deleted file mode 100644 index 32952c51..00000000 --- a/deploy/adapters/ansible/roles/odl_cluster/tasks/main.yml +++ /dev/null @@ -1,24 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - tags: - - test_odl - -- name: Provision Common on all nodes - include: 00_odl_common.yml - when: groups['odl']|length !=0 - -- name: Provision ODL on Controller nodes - include: 01_odl_controller.yml - when: inventory_hostname in groups['odl'] - -- name: Provision ODL on Compute nodes - include: 02_odl_compute.yml - when: groups['odl']|length !=0 and inventory_hostname not in groups['odl'] diff --git a/deploy/adapters/ansible/roles/odl_cluster/templates/haproxy-odl.cfg b/deploy/adapters/ansible/roles/odl_cluster/templates/haproxy-odl.cfg deleted file mode 100755 index 1f3bc9ed..00000000 --- a/deploy/adapters/ansible/roles/odl_cluster/templates/haproxy-odl.cfg +++ /dev/null @@ -1,24 +0,0 @@ -listen odl-rest-api-1 - bind {{ internal_vip.ip }}:8080 - bind {{ public_vip.ip }}:8080 - mode http - balance source - option httplog - option nolinger - timeout client 3m - timeout server 3m -{% for host,ip in haproxy_hosts.items() %} - server {{ host }} {{ ip }}:8080 weight 1 check inter 2000 rise 2 fall 3 -{% endfor %} - -listen odl-rest-api-2 - bind {{ internal_vip.ip }}:8181 - bind {{ public_vip.ip }}:8181 - mode http - balance source - option httplog - timeout client 3m - timeout server 3m -{% for host,ip in haproxy_hosts.items() %} - server {{ host }} {{ ip }}:8181 weight 1 check inter 2000 rise 2 fall 3 -{% endfor %} diff --git a/deploy/adapters/ansible/roles/odl_cluster/templates/keepalived.conf b/deploy/adapters/ansible/roles/odl_cluster/templates/keepalived.conf deleted file mode 100755 index 4ccf1c43..00000000 --- a/deploy/adapters/ansible/roles/odl_cluster/templates/keepalived.conf +++ /dev/null @@ -1,47 +0,0 @@ -global_defs { - router_id {{ inventory_hostname }} -} - -vrrp_sync_group VG1 { - group { - internal_vip - public_vip - } -} - -vrrp_instance internal_vip { - interface {{ internal_vip.interface }} - virtual_router_id {{ vrouter_id_internal }} - state BACKUP - nopreempt - advert_int 1 - priority {{ 50 + (host_index[inventory_hostname] * 50) }} - - authentication { - auth_type PASS - auth_pass 1234 - } - - virtual_ipaddress { - {{ internal_vip.ip }}/{{ internal_vip.netmask }} dev {{ internal_vip.interface }} - } -} - -vrrp_instance public_vip { - interface br-ex - virtual_router_id {{ vrouter_id_public }} - state BACKUP - nopreempt - advert_int 1 - priority {{ 50 + (host_index[inventory_hostname] * 50) }} - - authentication { - auth_type PASS - auth_pass 4321 - } - - virtual_ipaddress { - {{ network_cfg.public_vip.ip }}/{{ network_cfg.public_vip.netmask }} dev br-ex - } - -} diff --git a/deploy/adapters/ansible/roles/odl_cluster/templates/module-shards.conf b/deploy/adapters/ansible/roles/odl_cluster/templates/module-shards.conf deleted file mode 100755 index 9a5d4c38..00000000 --- a/deploy/adapters/ansible/roles/odl_cluster/templates/module-shards.conf +++ /dev/null @@ -1,101 +0,0 @@ -# This file describes which shards live on which members -# The format for a module-shards is as follows, -# { -# name = "<friendly_name_of_the_module>" -# shards = [ -# { -# name="<any_name_that_is_unique_for_the_module>" -# replicas = [ -# "<name_of_member_on_which_to_run>" -# ] -# ] -# } -# -# For Helium we support only one shard per module. Beyond Helium -# we will support more than 1 -# The replicas section is a collection of member names. This information -# will be used to decide on which members replicas of a particular shard will be -# located. Once replication is integrated with the distributed data store then -# this section can have multiple entries. -# -# - - -module-shards = [ - { - name = "default" - shards = [ - { - name="default" - replicas = [ -{% set key = 0 %} -{% for host in groups['odl'] %} - {% set key = key + 1 %} - {% if loop.last %} - "member-{{ key }}" - {% else %} - "member-{{ key }}", - {% endif %} -{% endfor %} - ] - } - ] - }, - { - name = "topology" - shards = [ - { - name="topology" - replicas = [ -{% set key = 0 %} -{% for host in groups['odl'] %} - {% set key = key + 1 %} - {% if loop.last %} - "member-{{ key }}" - {% else %} - "member-{{ key }}", - {% endif %} -{% endfor %} - ] - } - ] - }, - { - name = "inventory" - shards = [ - { - name="inventory" - replicas = [ -{% set key = 0 %} -{% for host in groups['odl'] %} - {% set key = key + 1 %} - {% if loop.last %} - "member-{{ key }}" - {% else %} - "member-{{ key }}", - {% endif %} -{% endfor %} - ] - } - ] - }, - { - name = "toaster" - shards = [ - { - name="toaster" - replicas = [ -{% set key = 0 %} -{% for host in groups['odl'] %} - {% set key = key + 1 %} - {% if loop.last %} - "member-{{ key }}" - {% else %} - "member-{{ key }}", - {% endif %} -{% endfor %} - ] - } - ] - } -] diff --git a/deploy/adapters/ansible/roles/odl_cluster/templates/moon-environment b/deploy/adapters/ansible/roles/odl_cluster/templates/moon-environment deleted file mode 100755 index 9a13da8e..00000000 --- a/deploy/adapters/ansible/roles/odl_cluster/templates/moon-environment +++ /dev/null @@ -1,3 +0,0 @@ -MOON_SERVER_ADDR={{ internal_vip.ip }} -MOON_SERVER_PORT=5000 -no_proxy="localhost,127.0.0.1" diff --git a/deploy/adapters/ansible/roles/odl_cluster_neutron/tasks/main.yml b/deploy/adapters/ansible/roles/odl_cluster_neutron/tasks/main.yml deleted file mode 100644 index 07ed958a..00000000 --- a/deploy/adapters/ansible/roles/odl_cluster_neutron/tasks/main.yml +++ /dev/null @@ -1,31 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - ---- -- name: restart neutron-server - service: name=neutron-server state=restarted enabled=yes - when: inventory_hostname in groups['odl'] - -- name: add service daemon - shell: > - echo keepalived >> /opt/service ; - echo neutron-server >> /opt/service ; - when: inventory_hostname in groups['odl'] - -- name: restart neutron-l3-agent server - service: name=neutron-l3-agent state=restarted - when: inventory_hostname in groups['odl'] and odl_l3_agent == "Disable" - -- name: restart neutron-dhcp-agent server - service: name=neutron-dhcp-agent state=restarted - when: inventory_hostname in groups['odl'] - -- name: restart neutron-metadata-agent server - service: name=neutron-metadata-agent state=restarted - when: inventory_hostname in groups['odl'] diff --git a/deploy/adapters/ansible/roles/odl_cluster_post/tasks/main.yml b/deploy/adapters/ansible/roles/odl_cluster_post/tasks/main.yml deleted file mode 100644 index 5efc1bad..00000000 --- a/deploy/adapters/ansible/roles/odl_cluster_post/tasks/main.yml +++ /dev/null @@ -1,17 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - ---- -- name: restart opendaylight - shell: sleep 60; service opendaylight restart; sleep 300; - when: inventory_hostname in groups['odl'] - -- name: add service daemon - shell: echo opendaylight >> /opt/service ; - when: inventory_hostname in groups['odl'] diff --git a/deploy/adapters/ansible/roles/onos_cluster/files/onos.service b/deploy/adapters/ansible/roles/onos_cluster/files/onos.service deleted file mode 100755 index 2f4e8dd4..00000000 --- a/deploy/adapters/ansible/roles/onos_cluster/files/onos.service +++ /dev/null @@ -1,20 +0,0 @@ -[Unit] -Description=ONOS -After= - - -[Service] -User=root -Group=root -Type=simple -WorkingDirectory=/opt/onos/apache-karaf-3.0.5 -PermissionsStartOnly=true -ExecStartPre= -ExecStart=/usr/lib/jvm/java-8-oracle/bin/java -server -Xms128M -Xmx512M -XX:+UnlockDiagnosticVMOptions -XX:+UnsyncloadClass -Dcom.sun.management.jmxremote -Djava.endorsed.dirs=/usr/lib/jvm/java-8-oracle/jre/lib/endorsed:/usr/lib/jvm/java-8-oracle/lib/endorsed:/opt/onos/apache-karaf-3.0.5/lib/endorsed -Djava.ext.dirs=/usr/lib/jvm/java-8-oracle/jre/lib/ext:/usr/lib/jvm/java-8-oracle/lib/ext:/opt/onos/apache-karaf-3.0.5/lib/ext -Dkaraf.instances=/opt/onos/apache-karaf-3.0.5/instances -Dkaraf.home=/opt/onos/apache-karaf-3.0.5 -Dkaraf.base=/opt/onos/apache-karaf-3.0.5 -Dkaraf.data=/opt/onos/apache-karaf-3.0.5/data -Dkaraf.etc=/opt/onos/apache-karaf-3.0.5/etc -Djava.io.tmpdir=/opt/onos/apache-karaf-3.0.5/data/tmp -Djava.util.logging.config.file=/opt/onos/apache-karaf-3.0.5/etc/java.util.logging.properties -Dkaraf.startLocalConsole=true -Dkaraf.startRemoteShell=true -classpath /opt/onos/apache-karaf-3.0.5/lib/karaf-jaas-boot.jar:/opt/onos/apache-karaf-3.0.5/lib/karaf-org.osgi.core.jar:/opt/onos/apache-karaf-3.0.5/lib/karaf.jar org.apache.karaf.main.Main -Restart=on-failure -LimitNOFILE=65535 -TimeoutStopSec=15 - -[Install] -WantedBy=multi-user.target - diff --git a/deploy/adapters/ansible/roles/onos_cluster/files/setup_networks/log.py b/deploy/adapters/ansible/roles/onos_cluster/files/setup_networks/log.py deleted file mode 100755 index a22ff0fe..00000000 --- a/deploy/adapters/ansible/roles/onos_cluster/files/setup_networks/log.py +++ /dev/null @@ -1,43 +0,0 @@ -import logging -import os -loggers = {} -log_dir = "/var/log/setup_network" -try: - os.makedirs(log_dir) -except: - pass - - -def getLogger(name): - if name in loggers: - return loggers[name] - - logger = logging.getLogger(name) - logger.setLevel(logging.DEBUG) - - # create file handler which logs even debug messages - log_file = "%s/%s.log" % (log_dir, name) - try: - os.remove(log_file) - except: - pass - - fh = logging.FileHandler(log_file) - fh.setLevel(logging.DEBUG) - - # create console handler with a higher log level - ch = logging.StreamHandler() - ch.setLevel(logging.ERROR) - - # create formatter and add it to the handlers - formatter = logging.Formatter( - "%(asctime)s - %(name)s - %(levelname)s - %(message)s") - ch.setFormatter(formatter) - fh.setFormatter(formatter) - - # add the handlers to logger - logger.addHandler(ch) - logger.addHandler(fh) - - loggers[name] = logger - return logger diff --git a/deploy/adapters/ansible/roles/onos_cluster/files/setup_networks/net_init b/deploy/adapters/ansible/roles/onos_cluster/files/setup_networks/net_init deleted file mode 100755 index c27a8bf8..00000000 --- a/deploy/adapters/ansible/roles/onos_cluster/files/setup_networks/net_init +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -## BEGIN INIT INFO -# Provides: anamon.init -# Default-Start: 3 5 -# Default-Stop: 0 1 2 4 6 -# Required-Start: $network -# Short-Description: Starts the cobbler anamon boot notification program -# Description: anamon runs the first time a machine is booted after -# installation. -## END INIT INFO - -# -# anamon.init: Starts the cobbler post-install boot notification program -# -# chkconfig: 35 0 6 -# -# description: anamon runs the first time a machine is booted after -# installation. -# -python /opt/setup_networks/setup_networks.py diff --git a/deploy/adapters/ansible/roles/onos_cluster/files/setup_networks/setup_networks.py b/deploy/adapters/ansible/roles/onos_cluster/files/setup_networks/setup_networks.py deleted file mode 100755 index a25d7ea9..00000000 --- a/deploy/adapters/ansible/roles/onos_cluster/files/setup_networks/setup_networks.py +++ /dev/null @@ -1,86 +0,0 @@ -import yaml -import netaddr -import os -import log as logging - -LOG = logging.getLogger("net-init") -config_path = os.path.join(os.path.dirname(__file__), "network.cfg") - - -def setup_bondings(bond_mappings): - print bond_mappings - - -def add_vlan_link(interface, ifname, vlan_id): - LOG.info("add_vlan_link enter") - cmd = "ip link add link %s name %s type vlan id %s; " % ( - ifname, interface, vlan_id) - cmd += "ip link set %s up; ip link set %s up" % (interface, ifname) - LOG.info("add_vlan_link: cmd=%s" % cmd) - os.system(cmd) - - -def add_ovs_port(ovs_br, ifname, uplink, vlan_id=None): - LOG.info("add_ovs_port enter") - cmd = "ovs-vsctl --may-exist add-port %s %s" % (ovs_br, ifname) - if vlan_id: - cmd += " tag=%s" % vlan_id - cmd += " -- set Interface %s type=internal;" % ifname - cmd += "ip link set dev %s address `ip link show %s |awk \ - '/link\/ether/{print $2}'`;" \ - % (ifname, uplink) - cmd += "ip link set %s up;" % ifname - LOG.info("add_ovs_port: cmd=%s" % cmd) - os.system(cmd) - - -def setup_intfs(sys_intf_mappings, uplink_map): - LOG.info("setup_intfs enter") - for intf_name, intf_info in sys_intf_mappings.items(): - if intf_info["type"] == "vlan": - add_vlan_link( - intf_name, - intf_info["interface"], - intf_info["vlan_tag"]) - elif intf_info["type"] == "ovs": - add_ovs_port( - intf_info["interface"], - intf_name, - uplink_map[intf_info["interface"]], - vlan_id=intf_info.get("vlan_tag")) - else: - pass - - -def setup_ips(ip_settings, sys_intf_mappings): - LOG.info("setup_ips enter") - for intf_info in ip_settings.values(): - network = netaddr.IPNetwork(intf_info["cidr"]) - if sys_intf_mappings[intf_info["name"]]["type"] == "ovs": - intf_name = intf_info["name"] - else: - intf_name = intf_info["alias"] - cmd = "ip addr add %s/%s brd %s dev %s;" \ - % (intf_info["ip"], intf_info["netmask"], str(network.broadcast), intf_name) # noqa: E501 - if "gw" in intf_info: - cmd += "route del default;" - cmd += "ip route add default via %s dev %s" % ( - intf_info["gw"], intf_name) - LOG.info("setup_ips: cmd=%s" % cmd) - os.system(cmd) - - -def main(config): - uplink_map = {} - setup_bondings(config["bond_mappings"]) - for provider_net in config["provider_net_mappings"]: - uplink_map[provider_net['name']] = provider_net['interface'] - - setup_intfs(config["sys_intf_mappings"], uplink_map) - setup_ips(config["ip_settings"], config["sys_intf_mappings"]) - -if __name__ == "__main__": - os.system( - "service openvswitch-switch status|| service openvswitch-switch start") - config = yaml.load(open(config_path)) - main(config) diff --git a/deploy/adapters/ansible/roles/onos_cluster/handlers/main.yml b/deploy/adapters/ansible/roles/onos_cluster/handlers/main.yml deleted file mode 100755 index e099fcf4..00000000 --- a/deploy/adapters/ansible/roles/onos_cluster/handlers/main.yml +++ /dev/null @@ -1,11 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: restart onos service - service: name=onos state=restarted enabled=yes diff --git a/deploy/adapters/ansible/roles/onos_cluster/tasks/main.yml b/deploy/adapters/ansible/roles/onos_cluster/tasks/main.yml deleted file mode 100755 index b86b149e..00000000 --- a/deploy/adapters/ansible/roles/onos_cluster/tasks/main.yml +++ /dev/null @@ -1,125 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - -- name: install onos related packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: "{{ packages | union(packages_noarch) }}" - when: groups['onos']|length !=0 - -- name: remove neutron-openvswitch-agent auto start - shell: > - update-rc.d neutron-openvswitch-agent remove; - sed -i /neutron-openvswitch-agent/d /opt/service - when: groups['onos']|length !=0 - ignore_errors: "True" - -- name: shut down and disable Neutron's agent services - service: name=neutron-openvswitch-agent state=stopped - when: groups['onos']|length !=0 - ignore_errors: "True" - -- name: remove neutron-l3-agent auto start - shell: > - update-rc.d neutron-l3-agent remove; - sed -i /neutron-l3-agent/d /opt/service - when: inventory_hostname in groups['onos'] - ignore_errors: "True" - -- name: shut down and disable Neutron's l3 agent services - service: name=neutron-l3-agent state=stopped - when: inventory_hostname in groups['onos'] - ignore_errors: "True" - -- name: Stop the Open vSwitch service and clear existing OVSDB - shell: > - service openvswitch-switch stop ; - rm -rf /var/log/openvswitch/* ; - rm -rf /etc/openvswitch/conf.db ; - service openvswitch-switch start ; - when: groups['onos']|length !=0 - ignore_errors: "True" - -################################################################## -########### Recover External network ################# -################################################################## - -- name: add ovs bridge - openvswitch_bridge: bridge={{ item["name"] }} state=present - with_items: "{{ network_cfg['provider_net_mappings'] }}" - when: item["type"] == "ovs" and groups['onos']|length !=0 - -- name: add ovs uplink - openvswitch_port: bridge={{ item["name"] }} port={{ item["interface"] }} state=present - with_items: "{{ network_cfg['provider_net_mappings'] }}" - when: item["type"] == "ovs" and groups['onos']|length !=0 - -- name: add ovs uplink - shell: ip link set {{ item["interface"] }} up - with_items: "{{ network_cfg['provider_net_mappings'] }}" - when: item["type"] == "ovs" and groups['onos']|length !=0 - -- name: ensure script dir exist - shell: mkdir -p /opt/setup_networks - when: groups['onos']|length !=0 - -- name: copy scripts - copy: src={{ item }} dest=/opt/setup_networks - with_items: - - setup_networks/log.py - - setup_networks/setup_networks.py - when: groups['onos']|length !=0 - -- name: copy boot scripts - copy: src={{ item }} dest=/etc/init.d/ mode=0755 - with_items: - - setup_networks/net_init - when: groups['onos']|length !=0 - -- name: copy config files - template: src=network.cfg dest=/opt/setup_networks - when: groups['onos']|length !=0 - -- name: make sure python lib exist - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: - - python-yaml - - python-netaddr - when: groups['onos']|length !=0 - -- name: run scripts - shell: python /opt/setup_networks/setup_networks.py - when: groups['onos']|length !=0 - -- name: add to boot scripts - service: name=net_init enabled=yes - when: groups['onos']|length !=0 -################################################################## - -- name: restart keepalived to recover external IP - shell: service keepalived restart - when: inventory_hostname in groups['onos'] - ignore_errors: "True" - -- name: upgrade pbr - shell: | - pip install pbr --upgrade - -- name: Install ONOS Cluster on Controller - include: onos_controller.yml - when: inventory_hostname in groups['onos'] and onos_sfc == "Disable" - -- name: Install ONOS Cluster on Controller - include: onos_sfc_controller.yml - when: inventory_hostname in groups['onos'] and onos_sfc == "Enable" - -- name: Config ONOS Cluster - include: openvswitch.yml - when: groups['onos']|length !=0 diff --git a/deploy/adapters/ansible/roles/onos_cluster/tasks/onos_controller.yml b/deploy/adapters/ansible/roles/onos_cluster/tasks/onos_controller.yml deleted file mode 100755 index 87396bf0..00000000 --- a/deploy/adapters/ansible/roles/onos_cluster/tasks/onos_controller.yml +++ /dev/null @@ -1,175 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- - -- name: get image http server - shell: awk -F'=' '/compass_server/ {print $2}' /etc/compass.conf - register: http_server - -- name: download onos driver packages - get_url: - url: "http://{{ http_server.stdout_lines[0] }}/packages/onos/{{ onos_driver }}" - dest: /opt/ - -- name: unarchive onos driver package - command: su -s /bin/sh -c "tar xvf /opt/networking-onos.tar -C /opt/" - -- name: install onos driver - command: su -s /bin/sh -c "/opt/networking-onos/install_driver.sh" - -- name: download oracle-jdk8 package file - get_url: - url: "http://{{ http_server.stdout_lines[0] }}/packages/java/{{ jdk8_pkg_name }}" - dest: /opt/{{ jdk8_pkg_name }} - -- name: install onos required packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: "{{ packages }}" - -- name: download oracle-jdk8 script file - get_url: - url: "http://{{ http_server.stdout_lines[0] }}/packages/java/{{ jdk8_script_name }}" - dest: /opt/ - -- name: unarchive onos driver package - command: su -s /bin/sh -c "tar xvf /opt/install_jdk8.tar -C /opt/" - -- name: install install_jdk8 package - command: su -s /bin/sh -c "/opt/install_jdk8/install_jdk8.sh" - -- name: create JAVA_HOME environment variable - shell: > - export J2SDKDIR=/usr/lib/jvm/java-8-oracle; - export J2REDIR=/usr/lib/jvm/java-8-oracle/jre; - export PATH=$PATH:/usr/lib/jvm/java-8-oracle/bin; - export PATH=$PATH:/usr/lib/jvm/java-8-oracle/db/bin; - export PATH=$PATH:/usr/lib/jvm/java-8-oracle/jre/bin; - export JAVA_HOME=/usr/lib/jvm/java-8-oracle; - export DERBY_HOME=/usr/lib/jvm/java-8-oracle/db; - -- name: create onos group - group: name=onos system=yes state=present - -- name: create onos user - user: - name: onos - group: onos - home: "{{ onos_home }}" - createhome: "yes" - system: "yes" - shell: "/bin/false" - -- name: download onos package - get_url: - url: "http://{{ http_server.stdout_lines[0] }}/packages/onos/{{ onos_pkg_name }}" - dest: /opt/{{ onos_pkg_name }} - -- name: create new jar repository - command: su -s /bin/sh -c "mkdir ~/.m2" - ignore_errors: "True" - -- name: download jar repository - get_url: - url: "http://{{ http_server.stdout_lines[0] }}/packages/onos/{{ repository }}" - dest: ~/.m2/ - -- name: extract jar repository - command: su -s /bin/sh -c "tar xvf ~/.m2/repository.tar -C ~/.m2/" - -- name: extract onos package - command: | - su -s /bin/sh -c "tar xzf /opt/{{ onos_pkg_name }} -C {{ onos_home }} \ - --strip-components 1 --no-overwrite-dir -k --skip-old-files" onos - -- name: copy onos.service - copy: - src: "{{ onos_service_file.src }}" - dest: "{{ onos_service_file.dst }}" - mode: 0755 - -- name: configure onos service - shell: > - echo 'export ONOS_OPTS=debug' > {{ onos_home }}/options; - echo 'export ONOS_USER=root' >> {{ onos_home }}/options; - mkdir {{ onos_home }}/var; - mkdir {{ onos_home }}/config; - -- name: create karaf config - template: - src: org.apache.karaf.features.cfg - dest: "{{ onos_home }}/{{ karaf_dist }}/etc/org.apache.karaf.features.cfg" - owner: onos - group: onos - mode: 0775 - -- name: wait for config time - shell: "sleep 10" - -- name: chown onos directory and files - shell: > - chown -R onos:onos "{{ onos_home }}"; - chown onos:onos "{{ onos_service_file.dst }}"; - -- name: start onos service - service: name=onos state=started enabled=yes - -- name: wait for onos start time - shell: "sleep 200" - -- name: add onos auto start - shell: > - echo "onos">>/opt/service - -- name: Configure Neutron1 - shell: > - crudini --set /etc/neutron/neutron.conf DEFAULT service_plugins onos_router; - crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \ - mechanism_drivers onos_ml2; - crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \ - tenant_network_types vxlan; - crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers vxlan - -- name: configure metadata - shell: | - crudini --set /etc/neutron/dhcp_agent.ini DEFAULT \ - enable_isolated_metadata "True"; - -- name: force metadata - shell: | - crudini --set /etc/neutron/dhcp_agent.ini DEFAULT \ - force_metadata "True"; - -- name: configure vsctl for dhcp agent - shell: | - crudini --set /etc/neutron/dhcp_agent.ini OVS \ - ovsdb_interface vsctl; - -- name: Create ML2 Configuration File - template: - src: ml2_conf.sh - dest: "/opt/ml2_conf.sh" - mode: 0777 - -- name: Configure Neutron2 - command: su -s /bin/sh -c "/opt/ml2_conf.sh;" - -- name: Configure Neutron3 - shell: > - mysql -e "drop database if exists neutron_ml2;"; - mysql -e "create database neutron_ml2 character set utf8;"; - mysql -e "grant all on neutron_ml2.* to 'neutron'@'%';"; - su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ - --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" \ - neutron; - -- name: Restart neutron-dhcp-agent - service: name=neutron-dhcp-agent state=restarted - -- name: Restart neutron-server - service: name=neutron-server state=restarted diff --git a/deploy/adapters/ansible/roles/onos_cluster/tasks/onos_sfc_controller.yml b/deploy/adapters/ansible/roles/onos_cluster/tasks/onos_sfc_controller.yml deleted file mode 100755 index 26679373..00000000 --- a/deploy/adapters/ansible/roles/onos_cluster/tasks/onos_sfc_controller.yml +++ /dev/null @@ -1,160 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- - -- name: get image http server - shell: awk -F'=' '/compass_server/ {print $2}' /etc/compass.conf - register: http_server - -- name: download onos driver packages - get_url: - url: "http://{{ http_server.stdout_lines[0] }}/packages/onos/{{ onos_driver }}" - dest: /opt/ - -- name: download onos sfc driver package - get_url: - url: "http://{{ http_server.stdout_lines[0] }}/packages/onos/{{ onos_sfc_driver }}" - dest: /opt/ - -- name: unarchive onos driver package - command: su -s /bin/sh -c "tar xvf /opt/networking-onos.tar -C /opt/" - -- name: unarchive onos sfc driver package - command: su -s /bin/sh -c "tar xvf /opt/networking-sfc.tar -C /opt/" - -- name: install onos driver - command: su -s /bin/sh -c "/opt/networking-onos/install_driver.sh" - -- name: install onos sfc driver - command: su -s /bin/sh -c "/opt/networking-sfc/install_driver.sh" - -- name: install onos required packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: packages - -- name: download oracle-jdk8 package file - get_url: - url: "http://{{ http_server.stdout_lines[0] }}/packages/java/{{ jdk8_pkg_name }}" - dest: /opt/{{ jdk8_pkg_name }} - -- name: download oracle-jdk8 script file - get_url: - url: "http://{{ http_server.stdout_lines[0] }}/packages/java/{{ jdk8_script_name }}" - dest: /opt/ - -- name: unarchive onos driver package - command: su -s /bin/sh -c "tar xvf /opt/install_jdk8.tar -C /opt/" - -- name: install install_jdk8 package - command: su -s /bin/sh -c "/opt/install_jdk8/install_jdk8.sh" - -- name: create JAVA_HOME environment variable - shell: > - export J2SDKDIR=/usr/lib/jvm/java-8-oracle; - export J2REDIR=/usr/lib/jvm/java-8-oracle/jre; - export PATH=$PATH:/usr/lib/jvm/java-8-oracle/bin; - export PATH=$PATH:/usr/lib/jvm/java-8-oracle/db/bin; - export PATH=$PATH:/usr/lib/jvm/java-8-oracle/jre/bin; - export JAVA_HOME=/usr/lib/jvm/java-8-oracle; - export DERBY_HOME=/usr/lib/jvm/java-8-oracle/db; - -- name: create onos group - group: name=onos system=yes state=present - -- name: create onos user - user: - name: onos - group: onos - home: "{{ onos_home }}" - createhome: "yes" - system: "yes" - shell: "/bin/false" - -- name: download onos package - get_url: - url: "http://{{ http_server.stdout_lines[0] }}/packages/onos/{{ onos_pkg_name }}" - dest: /opt/{{ onos_pkg_name }} - -- name: create new jar repository - command: su -s /bin/sh -c "mkdir ~/.m2" - ignore_errors: "True" - -- name: download jar repository - get_url: - url: "http://{{ http_server.stdout_lines[0] }}/packages/onos/{{ repository }}" - dest: ~/.m2/ - -- name: extract jar repository - command: su -s /bin/sh -c "tar xvf ~/.m2/repository.tar -C ~/.m2/" - -- name: extract onos package - command: | - su -s /bin/sh -c "tar xzf /opt/{{ onos_pkg_name }} -C {{ onos_home }} \ - --strip-components 1 --no-overwrite-dir -k --skip-old-files" onos - -- name: configure onos service - shell: > - echo 'export ONOS_OPTS=debug' > {{ onos_home }}/options; - echo 'export ONOS_USER=root' >> {{ onos_home }}/options; - mkdir {{ onos_home }}/var; - mkdir {{ onos_home }}/config; - sed -i '/pre-stop/i\env JAVA_HOME=/usr/lib/jvm/java-8-oracle' {{ onos_home }}/init/onos.conf; - cp -rf {{ onos_home }}/init/onos.conf /etc/init/; - cp -rf {{ onos_home }}/init/onos.conf /etc/init.d/; - -- name: configure onos boot feature - shell: > - sed -i '/^featuresBoot=/c\featuresBoot={{ onos_boot_features }}' \ - {{ onos_home }}/{{ karaf_dist }}/etc/org.apache.karaf.features.cfg; - -- name: wait for config time - shell: "sleep 10" - -- name: start onos service - service: name=onos state=started enabled=yes - -- name: wait for onos start time - shell: "sleep 200" - -- name: add onos auto start - shell: > - echo "onos">>/opt/service - -######################################################################################### -################################ ONOS connect with OpenStack ####################### -######################################################################################### -- name: Configure Neutron1 - shell: > - crudini --set /etc/neutron/neutron.conf DEFAULT service_plugins \ - networking_sfc.services.sfc.plugin.SfcPlugin, \ - networking_sfc.services.flowclassifier.plugin.FlowClassifierPlugin,onos_router; - crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers onos_ml2; - crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan; - crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers vxlan - -- name: Create ML2 Configuration File - template: - src: ml2_conf.sh - dest: "/opt/ml2_conf.sh" - mode: 0777 - -- name: Configure Neutron2 - command: su -s /bin/sh -c "/opt/ml2_conf.sh;" - -- name: Configure Neutron3 - shell: > - mysql -e "drop database if exists neutron_ml2;"; - mysql -e "create database neutron_ml2 character set utf8;"; - mysql -e "grant all on neutron_ml2.* to 'neutron'@'%';"; - su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ - --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron; - su -s /bin/sh -c "neutron-db-manage --subproject networking-sfc upgrade head" neutron; - -- name: Restart neutron-server - service: name=neutron-server state=restarted diff --git a/deploy/adapters/ansible/roles/onos_cluster/tasks/openvswitch.yml b/deploy/adapters/ansible/roles/onos_cluster/tasks/openvswitch.yml deleted file mode 100755 index 7541d108..00000000 --- a/deploy/adapters/ansible/roles/onos_cluster/tasks/openvswitch.yml +++ /dev/null @@ -1,77 +0,0 @@ -############################################################################### -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################### ---- - -- name: set veth port - shell: > - ip link add onos_port1 type veth peer name onos_port2; - ifconfig onos_port1 up; - ifconfig onos_port2 up; - ignore_errors: "True" - -- name: set veth to ovs - shell: > - export externamMac=`ifconfig eth1 | grep -Eo '\<[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}'`; - ifconfig onos_port2 hw ether $externamMac; - ovs-vsctl add-port br-prv onos_port1; - ignore_errors: "True" - -- name: add onos optical model feature - command: | - su -s /bin/sh -c "/opt/onos/bin/onos 'feature:install onos-optical-model'"; - when: inventory_hostname in groups['onos'] - -- name: add openflow-base feature - command: | - su -s /bin/sh -c "/opt/onos/bin/onos 'feature:install onos-providers-openflow-base'"; - when: inventory_hostname in groups['onos'] - -- name: add openflow feature - command: | - su -s /bin/sh -c "/opt/onos/bin/onos 'feature:install onos-providers-openflow-message'"; - when: inventory_hostname in groups['onos'] - -- name: add ovsdb-base feature - command: | - su -s /bin/sh -c "/opt/onos/bin/onos 'feature:install onos-providers-ovsdb-base'"; - when: inventory_hostname in groups['onos'] - -- name: add onos driver ovsdb feature - command: | - su -s /bin/sh -c "/opt/onos/bin/onos 'feature:install onos-drivers-ovsdb'"; - when: inventory_hostname in groups['onos'] - -- name: add ovsdb provider host feature - command: | - su -s /bin/sh -c \ - "/opt/onos/bin/onos 'feature:install onos-providers-ovsdb-host'"; - when: inventory_hostname in groups['onos'] - -- name: add vtn feature - command: | - su -s /bin/sh -c \ - "/opt/onos/bin/onos 'feature:install onos-apps-vtn'"; - when: inventory_hostname in groups['onos'] - -- name: set public eth card start - command: | - su -s /bin/sh -c "/opt/onos/bin/onos 'externalportname-set -n onos_port2'" - when: inventory_hostname in groups['onos'] - -- name: set ONOS as the manager - command: | - su -s /bin/sh -c \ - "ovs-vsctl set-manager \ - tcp:{{ ip_settings[groups['onos'][0]]['mgmt']['ip'] }}:6640;" - -- name: delete default gateway - shell: > - route delete default; - when: inventory_hostname not in groups['onos'] - ignore_errors: "True" diff --git a/deploy/adapters/ansible/roles/onos_cluster/templates/cluster.json b/deploy/adapters/ansible/roles/onos_cluster/templates/cluster.json deleted file mode 100755 index 5982c434..00000000 --- a/deploy/adapters/ansible/roles/onos_cluster/templates/cluster.json +++ /dev/null @@ -1,10 +0,0 @@ -{ "ipPrefix": "{{ ip_settings[groups['onos'][0]]['mgmt']['cidr'] }}", - "nodes":[ -{% for host in groups['onos'] %} - {% if loop.last %} - { "id": "{{ ip_settings[host]['mgmt']['ip'] }}", "ip": "{{ ip_settings[host]['mgmt']['ip'] }}", "tcpPort": 9876 } - {% else %} - { "id": "{{ ip_settings[host]['mgmt']['ip'] }}", "ip": "{{ ip_settings[host]['mgmt']['ip'] }}", "tcpPort": 9876 }, - {% endif %} -{% endfor %} -]} diff --git a/deploy/adapters/ansible/roles/onos_cluster/templates/keepalived.conf b/deploy/adapters/ansible/roles/onos_cluster/templates/keepalived.conf deleted file mode 100755 index 4ccf1c43..00000000 --- a/deploy/adapters/ansible/roles/onos_cluster/templates/keepalived.conf +++ /dev/null @@ -1,47 +0,0 @@ -global_defs { - router_id {{ inventory_hostname }} -} - -vrrp_sync_group VG1 { - group { - internal_vip - public_vip - } -} - -vrrp_instance internal_vip { - interface {{ internal_vip.interface }} - virtual_router_id {{ vrouter_id_internal }} - state BACKUP - nopreempt - advert_int 1 - priority {{ 50 + (host_index[inventory_hostname] * 50) }} - - authentication { - auth_type PASS - auth_pass 1234 - } - - virtual_ipaddress { - {{ internal_vip.ip }}/{{ internal_vip.netmask }} dev {{ internal_vip.interface }} - } -} - -vrrp_instance public_vip { - interface br-ex - virtual_router_id {{ vrouter_id_public }} - state BACKUP - nopreempt - advert_int 1 - priority {{ 50 + (host_index[inventory_hostname] * 50) }} - - authentication { - auth_type PASS - auth_pass 4321 - } - - virtual_ipaddress { - {{ network_cfg.public_vip.ip }}/{{ network_cfg.public_vip.netmask }} dev br-ex - } - -} diff --git a/deploy/adapters/ansible/roles/onos_cluster/templates/my_configs.debian b/deploy/adapters/ansible/roles/onos_cluster/templates/my_configs.debian deleted file mode 100755 index 5ab1519b..00000000 --- a/deploy/adapters/ansible/roles/onos_cluster/templates/my_configs.debian +++ /dev/null @@ -1,14 +0,0 @@ -{%- for alias, intf in host_ip_settings.items() %} - -auto {{ alias }} -iface {{ alias }} inet static - address {{ intf["ip"] }} - netmask {{ intf["netmask"] }} -{% if "gw" in intf %} - gateway {{ intf["gw"] }} -{% endif %} -{% if intf["name"] == alias %} - pre-up ip link set {{ sys_intf_mappings[alias]["interface"] }} up - pre-up ip link add link {{ sys_intf_mappings[alias]["interface"] }} name {{ alias }} type vlan id {{ sys_intf_mappings[alias]["vlan_tag"] }} -{% endif %} -{% endfor %} diff --git a/deploy/adapters/ansible/roles/onos_cluster/templates/network.cfg b/deploy/adapters/ansible/roles/onos_cluster/templates/network.cfg deleted file mode 100755 index cf271ad6..00000000 --- a/deploy/adapters/ansible/roles/onos_cluster/templates/network.cfg +++ /dev/null @@ -1,5 +0,0 @@ -bond_mappings: {{ network_cfg["bond_mappings"] | to_json }} -ip_settings: {{ ip_settings[inventory_hostname] | to_json }} -sys_intf_mappings: {{ sys_intf_mappings | to_json }} -provider_net_mappings: {{ network_cfg["provider_net_mappings"] | to_json }} - diff --git a/deploy/adapters/ansible/roles/onos_cluster/templates/org.apache.karaf.features.cfg b/deploy/adapters/ansible/roles/onos_cluster/templates/org.apache.karaf.features.cfg deleted file mode 100755 index 321f0ab8..00000000 --- a/deploy/adapters/ansible/roles/onos_cluster/templates/org.apache.karaf.features.cfg +++ /dev/null @@ -1,49 +0,0 @@ -################################################################################ -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# -# Defines if the startlvl should be respected during feature startup. The default value is true. The default -# behavior for 2.x is false (!) for this property -# -# Be aware that this property is deprecated and will be removed in Karaf 4.0. So, if you need to -# set this to false, please use this only as a temporary solution! -# -#respectStartLvlDuringFeatureStartup=true - - -# -# Defines if the startlvl should be respected during feature uninstall. The default value is true. -# If true, means stop bundles respecting the descend order of start level in a certain feature. -# -#respectStartLvlDuringFeatureUninstall=true - -# -# Comma separated list of features repositories to register by default -# -featuresRepositories=mvn:org.apache.karaf.features/standard/3.0.5/xml/features,mvn:org.onosproject/onos-features/1.8.4/xml/features - -# -# Comma separated list of features to install at startup -# -featuresBoot=config,standard,region,package,kar,ssh,management,webconsole,onos-api,onos-core,onos-incubator,onos-cli,onos-rest,onos-gui - -# -# Defines if the boot features are started in asynchronous mode (in a dedicated thread) -# -featuresBootAsynchronous=false diff --git a/deploy/adapters/ansible/roles/onos_cluster/templates/tablets.json b/deploy/adapters/ansible/roles/onos_cluster/templates/tablets.json deleted file mode 100755 index f71be71f..00000000 --- a/deploy/adapters/ansible/roles/onos_cluster/templates/tablets.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "nodes": [ -{% for host in groups['onos'] %} - {% if loop.last %} - { - "ip": "{{ ip_settings[host]['mgmt']['ip'] }}", - "id": "{{ ip_settings[host]['mgmt']['ip'] }}", - "tcpPort": 9876 - } - {% else %} - { - "ip": "{{ ip_settings[host]['mgmt']['ip'] }}", - "id": "{{ ip_settings[host]['mgmt']['ip'] }}", - "tcpPort": 9876 - }, - {% endif %} -{% endfor %} - ], - "partitions": { - {% set key = 1 %} - {% for host in groups['onos'] %} - {% if loop.last %} - "p{{ key }}":[ - {% for host in groups['onos'] %} - {% if loop.last %} - { - "ip": "{{ ip_settings[host]['mgmt']['ip'] }}", - "id": "{{ ip_settings[host]['mgmt']['ip'] }}", - "tcpPort": 9876 - } - {% else %} - { - "ip": "{{ ip_settings[host]['mgmt']['ip'] }}", - "id": "{{ ip_settings[host]['mgmt']['ip'] }}", - "tcpPort": 9876 - }, - {% endif %} - {% endfor %} - ] - {% set key = key + 1 %} - {% else %} - "p{{ key }}":[ - {% for host in groups['onos'] %} - {% if loop.last %} - { - "ip": "{{ ip_settings[host]['mgmt']['ip'] }}", - "id": "{{ ip_settings[host]['mgmt']['ip'] }}", - "tcpPort": 9876 - } - {% else %} - { - "ip": "{{ ip_settings[host]['mgmt']['ip'] }}", - "id": "{{ ip_settings[host]['mgmt']['ip'] }}", - "tcpPort": 9876 - }, - {% endif %} - {% endfor %} - ], - {% set key = key + 1 %} - {% endif %} - {% endfor %} -} -} diff --git a/deploy/adapters/ansible/roles/onos_cluster/vars/RedHat.yml b/deploy/adapters/ansible/roles/onos_cluster/vars/RedHat.yml deleted file mode 100755 index 59a4dbd9..00000000 --- a/deploy/adapters/ansible/roles/onos_cluster/vars/RedHat.yml +++ /dev/null @@ -1,14 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages: - - software-properties-common - - crudini - -services: [] diff --git a/deploy/adapters/ansible/roles/onos_cluster/vars/main.yml b/deploy/adapters/ansible/roles/onos_cluster/vars/main.yml deleted file mode 100755 index eaf4ed53..00000000 --- a/deploy/adapters/ansible/roles/onos_cluster/vars/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## -packages_noarch: [] -onos_pkg_name: onos-1.8.4.tar.gz -onos_home: /opt/onos/ -karaf_dist: apache-karaf-3.0.5 -jdk8_pkg_name: jdk-8u51-linux-x64.tar.gz -jdk8_script_name: install_jdk8.tar -onos_driver: networking-onos.tar -onos_sfc_driver: networking-sfc.tar -repository: repository.tar -onos_service_file: - src: onos.service - dst: /lib/systemd/system/onos.service -onos_boot_features: - - config - - standard - - region - - package - - kar - - ssh - - management - - webconsole - - onos-api - - onos-core - - onos-incubator - - onos-cli - - onos-rest - - onos-gui - - onos-openflow-base - - onos-openflow - - onos-ovsdatabase - - onos-ovsdb-base - - onos-drivers-ovsdb - - onos-ovsdb-provider-host - - onos-app-vtn-onosfw diff --git a/deploy/adapters/ansible/roles/post-openstack/tasks/main.yml b/deploy/adapters/ansible/roles/post-openstack/tasks/main.yml new file mode 100644 index 00000000..10d8f727 --- /dev/null +++ b/deploy/adapters/ansible/roles/post-openstack/tasks/main.yml @@ -0,0 +1,41 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: create network + shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_ocata-opnfv2/ansible.log; \ + cd /opt/openstack-ansible/playbooks; \ + openstack-ansible create-network.yml > /dev/null" + +- name: create flavor + shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_ocata-opnfv2/ansible.log; \ + cd /opt/openstack-ansible/playbooks; \ + openstack-ansible create-flavor.yml > /dev/null" + +- name: run ansible yml to fetch openrc + shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_ocata-opnfv2/ansible.log; \ + cd /opt/openstack-ansible/playbooks; \ + openstack-ansible fetch-files.yml > /dev/null" + +- name: replace http with https in openrc + replace: + dest: /opt/openrc + regexp: "http://" + replace: "https://" + +- name: replace internalURL with publicURL in openrc + replace: + dest: /opt/openrc + regexp: "{{internal_vip}}" + replace: "{{ public_vip['ip']}}" + +- name: change the endpoint type + replace: + dest: /opt/openrc + regexp: "internalURL" + replace: "publicURL" diff --git a/deploy/adapters/ansible/roles/post-openstack/vars/main.yml b/deploy/adapters/ansible/roles/post-openstack/vars/main.yml new file mode 100644 index 00000000..19d9e225 --- /dev/null +++ b/deploy/adapters/ansible/roles/post-openstack/vars/main.yml @@ -0,0 +1,46 @@ +############################################################################## +# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +internal_vip: "10.1.0.22" +flavors: + - id: 0 + name: m1.nano + vcpus: 1 + ram: 64 + disk: 1 + + - id: 1 + name: m1.tiny + vcpus: 1 + ram: 512 + disk: 1 + + - id: 2 + name: m1.small + vcpus: 1 + ram: 2048 + disk: 20 + + - id: 3 + name: m1.medium + vcpus: 2 + ram: 4096 + disk: 40 + + - id: 4 + name: m1.large + vcpus: 4 + ram: 8192 + disk: 80 + + - id: 5 + name: m1.xlarge + vcpus: 8 + ram: 16384 + disk: 160 diff --git a/deploy/adapters/ansible/roles/pre-openstack/files/centos_base.repo b/deploy/adapters/ansible/roles/pre-openstack/files/centos_base.repo new file mode 100644 index 00000000..ba768e0a --- /dev/null +++ b/deploy/adapters/ansible/roles/pre-openstack/files/centos_base.repo @@ -0,0 +1,31 @@ +[base] +name=CentOS-$releasever - Base +mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra +#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/ +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 + +#released updates +[updates] +name=CentOS-$releasever - Updates +mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra +#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/ +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 + +#additional packages that may be useful +[extras] +name=CentOS-$releasever - Extras +mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra +#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/ +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 + +#additional packages that extend functionality of existing packages +[centosplus] +name=CentOS-$releasever - Plus +mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra +#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/ +gpgcheck=1 +enabled=0 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 diff --git a/deploy/adapters/ansible/roles/pre-openstack/files/modules b/deploy/adapters/ansible/roles/pre-openstack/files/modules new file mode 100644 index 00000000..c73925e6 --- /dev/null +++ b/deploy/adapters/ansible/roles/pre-openstack/files/modules @@ -0,0 +1,7 @@ +# /etc/modules: kernel modules to load at boot time. +# This file contains the names of kernel modules that should be loaded +# at boot time, one per line. Lines beginning with "#" are ignored. +# Parameters can be specified after the module name. + +bonding +8021q diff --git a/deploy/adapters/ansible/roles/pre-openstack/tasks/RedHat.yml b/deploy/adapters/ansible/roles/pre-openstack/tasks/RedHat.yml new file mode 100644 index 00000000..5456c9fc --- /dev/null +++ b/deploy/adapters/ansible/roles/pre-openstack/tasks/RedHat.yml @@ -0,0 +1,77 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: make sure ssh dir exist + file: + path: '{{ item.path }}' + owner: '{{ item.owner }}' + group: '{{ item.group }}' + state: directory + mode: 0755 + with_items: + - path: /root/.ssh + owner: root + group: root + +- name: write ssh config + copy: + content: "UserKnownHostsFile /dev/null\nStrictHostKeyChecking no" + dest: '{{ item.dest }}' + owner: '{{ item.owner }}' + group: '{{ item.group }}' + mode: 0600 + with_items: + - dest: /root/.ssh/config + owner: root + group: root + +- name: generate ssh keys + shell: if [ ! -f ~/.ssh/id_rsa.pub ]; \ + then ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -N ""; \ + else echo "already gen ssh key!"; fi; + +- name: fetch ssh keys + fetch: + src: /root/.ssh/id_rsa.pub + dest: /tmp/ssh-keys-{{ ansible_hostname }} + flat: "yes" + +- authorized_key: + user: root + key: "{{ lookup('file', item) }}" + with_fileglob: + - /tmp/ssh-keys-* + - /root/.ssh/id_rsa.pub + +- name: change sources(yum) list + copy: + src: centos_base.repo + dest: /etc/yum.repos.d/centos_base.repo + +- name: Install yum packages + yum: + pkg: "{{ item }}" + state: "present" + with_items: "{{ yumpackages }}" + +- name: add the appropriate kernel modules + copy: + src: modules + dest: /etc/modules-load.d/openstack-ansible.conf + +- name: restart ntp service + shell: "systemctl enable ntpd.service && systemctl start ntpd.service" + +- name: change the MaxSessions + lineinfile: + dest: /etc/ssh/sshd_config + line: "MaxSessions 500" + +- name: restart ssh service + shell: service sshd restart diff --git a/deploy/adapters/ansible/roles/pre-openstack/tasks/Ubuntu.yml b/deploy/adapters/ansible/roles/pre-openstack/tasks/Ubuntu.yml new file mode 100644 index 00000000..5bb77485 --- /dev/null +++ b/deploy/adapters/ansible/roles/pre-openstack/tasks/Ubuntu.yml @@ -0,0 +1,71 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: make sure ssh dir exist + file: + path: '{{ item.path }}' + owner: '{{ item.owner }}' + group: '{{ item.group }}' + state: directory + mode: 0755 + with_items: + - path: /root/.ssh + owner: root + group: root + +- name: write ssh config + copy: + content: "UserKnownHostsFile /dev/null\nStrictHostKeyChecking no" + dest: '{{ item.dest }}' + owner: '{{ item.owner }}' + group: '{{ item.group }}' + mode: 0600 + with_items: + - dest: /root/.ssh/config + owner: root + group: root + +- name: generate ssh keys + shell: if [ ! -f ~/.ssh/id_rsa.pub ]; \ + then ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -N ""; \ + else echo "already gen ssh key!"; fi; + +- name: fetch ssh keys + fetch: + src: /root/.ssh/id_rsa.pub + dest: /tmp/ssh-keys-{{ ansible_hostname }} + flat: "yes" + +- authorized_key: + user: root + key: "{{ lookup('file', item) }}" + with_fileglob: + - /tmp/ssh-keys-* + - /root/.ssh/id_rsa.pub + +- name: rm apt.conf + file: + path: /etc/apt/apt.conf + state: absent + +- name: restart ntp service + shell: "service ntp restart" + +- name: add the appropriate kernel modules + copy: + src: modules + dest: /etc/modules + +- name: change the MaxSessions + lineinfile: + dest: /etc/ssh/sshd_config + line: "MaxSessions 500" + +- name: restart ssh service + shell: service ssh restart diff --git a/deploy/adapters/ansible/roles/apache/vars/main.yml b/deploy/adapters/ansible/roles/pre-openstack/tasks/main.yml index f6fef749..76203440 100755..100644 --- a/deploy/adapters/ansible/roles/apache/vars/main.yml +++ b/deploy/adapters/ansible/roles/pre-openstack/tasks/main.yml @@ -7,6 +7,8 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## --- -packages_noarch: [] +- include: "{{ ansible_distribution }}.yml" + when: ansible_distribution == 'Ubuntu' -services_noarch: [] +- include: "{{ ansible_os_family }}.yml" + when: ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7' diff --git a/deploy/adapters/ansible/roles/common/templates/hosts b/deploy/adapters/ansible/roles/pre-openstack/templates/hosts index bb770d5b..bb770d5b 100644 --- a/deploy/adapters/ansible/roles/common/templates/hosts +++ b/deploy/adapters/ansible/roles/pre-openstack/templates/hosts diff --git a/deploy/adapters/ansible/roles/pre-openstack/vars/main.yml b/deploy/adapters/ansible/roles/pre-openstack/vars/main.yml new file mode 100644 index 00000000..f44a9f9f --- /dev/null +++ b/deploy/adapters/ansible/roles/pre-openstack/vars/main.yml @@ -0,0 +1,20 @@ +--- +aptpackages: +- bridge-utils +- debootstrap +- ifenslave +- ifenslave-2.6 +- lsof +- lvm2 +- ntp +- ntpdate +- sudo +- vlan +- tcpdump + +yumpackages: +- bridge-utils +- iputils +- lvm2 +- ntp +- tcpdump diff --git a/deploy/adapters/ansible/roles/secgroup/handlers/main.yml b/deploy/adapters/ansible/roles/secgroup/handlers/main.yml deleted file mode 100644 index a947c7cd..00000000 --- a/deploy/adapters/ansible/roles/secgroup/handlers/main.yml +++ /dev/null @@ -1,18 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: restart controller relation service - service: name={{ item }} state=restarted enabled=yes - ignore_errors: "True" - with_items: "{{ controller_services }}" - -- name: restart compute relation service - service: name={{ item }} state=restarted enabled=yes - ignore_errors: "True" - with_items: "{{ compute_services }}" diff --git a/deploy/adapters/ansible/roles/secgroup/tasks/main.yml b/deploy/adapters/ansible/roles/secgroup/tasks/main.yml deleted file mode 100644 index 43a3f7f9..00000000 --- a/deploy/adapters/ansible/roles/secgroup/tasks/main.yml +++ /dev/null @@ -1,20 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - tags: secgroup - -- debug: msg={{ enable_secgroup }} - tags: secgroup - -- include: secgroup.yml - when: '{{ enable_secgroup }} == False' - tags: secgroup - -- meta: flush_handlers diff --git a/deploy/adapters/ansible/roles/secgroup/tasks/secgroup.yml b/deploy/adapters/ansible/roles/secgroup/tasks/secgroup.yml deleted file mode 100644 index 4efb13e9..00000000 --- a/deploy/adapters/ansible/roles/secgroup/tasks/secgroup.yml +++ /dev/null @@ -1,41 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: make sure template dir exits - file: path=/opt/os_templates state=directory mode=0755 - tags: secgroup - -- name: copy configs - template: src={{ item }} dest=/opt/os_templates - with_items: - - nova.j2 - - neutron.j2 - tags: secgroup - -- name: update controller configs - shell: | - "[ -f '{{ item.1 }}' ] && crudini --merge '{{ item.1 }}' \ - < /opt/os_templates/{{ item.0.src }} || /bin/true" - tags: secgroup - with_subelements: - - "{{ configs_templates }}" - - dest - notify: restart controller relation service - when: inventory_hostname in "{{ groups['controller'] }}" - -- name: update compute configs - shell: | - "[ -f '{{ item.1 }}' ] && crudini --merge '{{ item.1 }}' \ - < /opt/os_templates/{{ item.0.src }} || /bin/true" - tags: secgroup - with_subelements: - - "{{ configs_templates }}" - - dest - notify: restart compute relation service - when: inventory_hostname in "{{ groups['compute'] }}" diff --git a/deploy/adapters/ansible/roles/secgroup/templates/neutron.j2 b/deploy/adapters/ansible/roles/secgroup/templates/neutron.j2 deleted file mode 100644 index e7107660..00000000 --- a/deploy/adapters/ansible/roles/secgroup/templates/neutron.j2 +++ /dev/null @@ -1,7 +0,0 @@ -[securitygroup] -firewall_driver = neutron.agent.firewall.NoopFirewallDriver -enable_security_group = True - -[agent] -prevent_arp_spoofing = False - diff --git a/deploy/adapters/ansible/roles/secgroup/templates/nova.j2 b/deploy/adapters/ansible/roles/secgroup/templates/nova.j2 deleted file mode 100644 index 7dbc216a..00000000 --- a/deploy/adapters/ansible/roles/secgroup/templates/nova.j2 +++ /dev/null @@ -1,3 +0,0 @@ -[DEFAULT] -firewall_driver = nova.virt.firewall.NoopFirewallDriver -security_group_api = neutron diff --git a/deploy/adapters/ansible/roles/secgroup/vars/Debian.yml b/deploy/adapters/ansible/roles/secgroup/vars/Debian.yml deleted file mode 100644 index 221a3d92..00000000 --- a/deploy/adapters/ansible/roles/secgroup/vars/Debian.yml +++ /dev/null @@ -1,35 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -configs_templates: - - src: nova.j2 - dest: - - /etc/nova/nova.conf - - src: neutron.j2 - dest: - - /etc/neutron/plugins/ml2/ml2_conf.ini - - /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini - - /etc/neutron/plugins/ml2/restproxy.ini - -controller_services: - - nova-api - - nova-cert - - nova-conductor - - nova-consoleauth - - nova-novncproxy - - nova-scheduler - - neutron-server - - neutron-openvswitch-agent - - neutron-l3-agent - - neutron-dhcp-agent - - neutron-metadata-agent - -compute_services: - - nova-compute - - neutron-openvswitch-agent diff --git a/deploy/adapters/ansible/roles/secgroup/vars/RedHat.yml b/deploy/adapters/ansible/roles/secgroup/vars/RedHat.yml deleted file mode 100644 index 4c04f6dc..00000000 --- a/deploy/adapters/ansible/roles/secgroup/vars/RedHat.yml +++ /dev/null @@ -1,35 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -configs_templates: - - src: nova.j2 - dest: - - /etc/nova/nova.conf - - src: neutron.j2 - dest: - - /etc/neutron/plugins/ml2/ml2_conf.ini - - /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini - - /etc/neutron/plugins/ml2/restproxy.ini - -controller_services: - - openstack-nova-api - - openstack-nova-cert - - openstack-nova-conductor - - openstack-nova-consoleauth - - openstack-nova-novncproxy - - openstack-nova-scheduler - - neutron-openvswitch-agent - - neutron-l3-agent - - neutron-dhcp-agent - - neutron-metadata-agent - - neutron-server - -compute_services: - - openstack-nova-compute - - neutron-openvswitch-agent diff --git a/deploy/adapters/ansible/roles/secgroup/vars/main.yml b/deploy/adapters/ansible/roles/secgroup/vars/main.yml deleted file mode 100644 index 209e1e00..00000000 --- a/deploy/adapters/ansible/roles/secgroup/vars/main.yml +++ /dev/null @@ -1,11 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages_noarch: [] -metering_secret: 1c5df72079b31fb47747 diff --git a/deploy/adapters/ansible/roles/setup-host/tasks/main.yml b/deploy/adapters/ansible/roles/setup-host/tasks/main.yml new file mode 100644 index 00000000..73f572ea --- /dev/null +++ b/deploy/adapters/ansible/roles/setup-host/tasks/main.yml @@ -0,0 +1,51 @@ +# ############################################################################# +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +# ############################################################################# +--- +- name: setup hosts + shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_ocata-opnfv2/ansible.log; \ + export ANSIBLE_SCP_IF_SSH=y; \ + cd /opt/openstack-ansible/playbooks; \ + openstack-ansible setup-hosts.yml \ + | tee -a /var/log/osa/host.log > /dev/null" + +- name: read the ansible log file + shell: cat /var/log/osa/host.log | tail -n 500 | grep failed=1 |awk '{print $1}' + register: failed_container + +- name: destroy the failed_container + shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_ocata-opnfv2/ansible.log; \ + export ANSIBLE_SCP_IF_SSH=y; \ + cd /opt/openstack-ansible/playbooks; \ + openstack-ansible lxc-containers-destroy.yml \ + -e container_name={{item}} -e force_containers_destroy=yes \ + -e force_containers_data_destroy=yes > /dev/null;" + with_items: + - "{{ failed_container.stdout_lines }}" + ignore_errors: "True" + +- name: retry to setup failed_container + shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_ocata-opnfv2/ansible.log; \ + export ANSIBLE_SCP_IF_SSH=y; \ + cd /opt/openstack-ansible/playbooks; \ + openstack-ansible setup-hosts.yml --limit {{item}} \ + | tee -a /var/log/osa/retry-host.log > /dev/null" + with_items: + - "{{ failed_container.stdout_lines }}" + +- name: read the ansible log file + shell: cat /var/log/osa/retry-host.log | tail -n 500 + register: setup_host_result + +- fail: + msg: "there are some task failed when setup host." + when: setup_host_result.stdout.find('failed=1') != -1 + +- fail: + msg: "some host are unreachable." + when: setup_host_result.stdout.find('unreachable=1') != -1 diff --git a/deploy/adapters/ansible/roles/setup-infrastructure/tasks/main.yml b/deploy/adapters/ansible/roles/setup-infrastructure/tasks/main.yml new file mode 100644 index 00000000..478c4d48 --- /dev/null +++ b/deploy/adapters/ansible/roles/setup-infrastructure/tasks/main.yml @@ -0,0 +1,28 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: setup infrastructure + shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_ocata-opnfv2/ansible.log; \ + export ANSIBLE_SCP_IF_SSH=y; \ + cd /opt/openstack-ansible/playbooks; \ + openstack-ansible setup-infrastructure.yml \ + | tee -a /var/log/osa/infrastructure.log > /dev/null" + +- name: read the ansible log file + shell: cat /var/log/osa/infrastructure.log | tail -n 1000 + register: setup_infrastructure_result + +- fail: + msg: "there are some task failed when setup infrastructure." + when: setup_infrastructure_result.stdout.find('failed={{item}}') != -1 + with_sequence: start=1 end={{ max_failed_times }} stride=1 + +- fail: + msg: "some host are unreachable." + when: setup_infrastructure_result.stdout.find('unreachable=1') != -1 diff --git a/deploy/adapters/ansible/roles/setup-infrastructure/vars/main.yml b/deploy/adapters/ansible/roles/setup-infrastructure/vars/main.yml new file mode 100644 index 00000000..22a990ef --- /dev/null +++ b/deploy/adapters/ansible/roles/setup-infrastructure/vars/main.yml @@ -0,0 +1,2 @@ +--- +max_failed_times: 9 diff --git a/deploy/adapters/ansible/roles/setup-network/files/setup_networks/check_network.py b/deploy/adapters/ansible/roles/setup-network/files/setup_networks/check_network.py deleted file mode 100644 index be3c552a..00000000 --- a/deploy/adapters/ansible/roles/setup-network/files/setup_networks/check_network.py +++ /dev/null @@ -1,71 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - -import yaml -import sys -import subprocess - -import log as logging - -LOG = logging.getLogger("net-check") - - -def is_ip_reachable(ip): - cmd = "ping -c 2 %s" % ip - process = subprocess.Popen( - cmd, - stdout=subprocess.PIPE, - stderr=None, - shell=True) - - output = process.communicate()[0] - if " 0% packet loss" in output: - LOG.info("%s is reachable", ip) - elif "100% packet loss" in output: - LOG.error("%s is unreachable" % (ip)) - return False - else: - LOG.warn("%r", output) - - return True - - -def is_host_ips_reachable(settings): - external = settings["br-prv"]["ip"] - external_gw = settings["br-prv"]["gw"] - storage = settings["storage"]["ip"] - mgmt = settings["mgmt"]["ip"] - - return is_ip_reachable(external) \ - and is_ip_reachable(external_gw) \ - and is_ip_reachable(storage) \ - and is_ip_reachable(mgmt) - - -def main(hostname, config): - LOG.info("host is %s", hostname) - - result = True - - for host, settings in config.iteritems(): - LOG.info("check %s network connectivity start", host) - result = result and is_host_ips_reachable(settings) - - if result: - LOG.info("All hosts ips are reachable") - else: - LOG.error("Some hosts ips are unreachable !!!") - sys.exit(-1) - -if __name__ == "__main__": - hostname = yaml.load(sys.argv[1]) - config = yaml.load(sys.argv[2]) - config.pop(hostname, None) - - main(hostname, config) diff --git a/deploy/adapters/ansible/roles/setup-network/files/setup_networks/log.py b/deploy/adapters/ansible/roles/setup-network/files/setup_networks/log.py deleted file mode 100644 index 422931bc..00000000 --- a/deploy/adapters/ansible/roles/setup-network/files/setup_networks/log.py +++ /dev/null @@ -1,52 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - -import logging -import os -loggers = {} -log_dir = "/var/log/setup_network" -try: - os.makedirs(log_dir) -except: - pass - - -def getLogger(name): - if name in loggers: - return loggers[name] - - logger = logging.getLogger(name) - logger.setLevel(logging.DEBUG) - - # create file handler which logs even debug messages - log_file = "%s/%s.log" % (log_dir, name) - try: - os.remove(log_file) - except: - pass - - fh = logging.FileHandler(log_file) - fh.setLevel(logging.DEBUG) - - # create console handler with a higher log level - ch = logging.StreamHandler() - ch.setLevel(logging.ERROR) - - # create formatter and add it to the handlers - formatter = logging.Formatter( - "%(asctime)s - %(name)s - %(levelname)s - %(message)s") - ch.setFormatter(formatter) - fh.setFormatter(formatter) - - # add the handlers to logger - logger.addHandler(ch) - logger.addHandler(fh) - - loggers[name] = logger - return logger diff --git a/deploy/adapters/ansible/roles/setup-network/files/setup_networks/net_init b/deploy/adapters/ansible/roles/setup-network/files/setup_networks/net_init deleted file mode 100755 index 41ccb988..00000000 --- a/deploy/adapters/ansible/roles/setup-network/files/setup_networks/net_init +++ /dev/null @@ -1,24 +0,0 @@ -#! /bin/sh -### BEGIN INIT INFO -# Provides: anamon.init -# Required-Start: $network -# Required-Stop: -# Should-Start: -# Should-Stop: -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Starts the cobbler anamon boot notification program -# Description: anamon runs the first time a machine is booted after installation. -### END INIT INFO - - - -# -# anamon.init: Starts the cobbler post-install boot notification program -# -# chkconfig: 35 0 6 -# -# description: anamon runs the first time a machine is booted after -# installation. -# -python /opt/setup_networks/setup_networks.py diff --git a/deploy/adapters/ansible/roles/setup-network/files/setup_networks/setup_networks.py b/deploy/adapters/ansible/roles/setup-network/files/setup_networks/setup_networks.py deleted file mode 100644 index 64c0469e..00000000 --- a/deploy/adapters/ansible/roles/setup-network/files/setup_networks/setup_networks.py +++ /dev/null @@ -1,100 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - -import yaml -import netaddr -import os -import platform -import re -import log as logging - -LOG = logging.getLogger("net-init") -config_path = os.path.join(os.path.dirname(__file__), "network.cfg") - - -def setup_bondings(bond_mappings): - print bond_mappings - - -def add_vlan_link(interface, ifname, vlan_id): - LOG.info("add_vlan_link enter") - cmd = "ip link add link %s name %s type vlan id %s; " % ( - ifname, interface, vlan_id) - cmd += "ip link set %s up; ip link set %s up" % (interface, ifname) - LOG.info("add_vlan_link: cmd=%s" % cmd) - os.system(cmd) - - -def add_ovs_port(ovs_br, ifname, uplink, vlan_id=None): - LOG.info("add_ovs_port enter") - cmd = "ovs-vsctl --may-exist add-port %s %s" % (ovs_br, ifname) - if vlan_id: - cmd += " tag=%s" % vlan_id - cmd += " -- set Interface %s type=internal;" % ifname - cmd += "ip link set dev %s address \ - `ip link show %s |awk '/link\/ether/{print $2}'`;" % (ifname, uplink) - cmd += "ip link set %s up;" % ifname - LOG.info("add_ovs_port: cmd=%s" % cmd) - os.system(cmd) - - -def setup_intfs(sys_intf_mappings, uplink_map): - LOG.info("setup_intfs enter") - for intf_name, intf_info in sys_intf_mappings.items(): - if intf_info["type"] == "vlan": - add_vlan_link( - intf_name, - intf_info["interface"], - intf_info["vlan_tag"]) - elif intf_info["type"] == "ovs": - add_ovs_port( - intf_info["interface"], - intf_name, - uplink_map[intf_info["interface"]], - vlan_id=intf_info.get("vlan_tag")) - else: - pass - - -def setup_ips(ip_settings, sys_intf_mappings): - LOG.info("setup_ips enter") - for intf_info in ip_settings.values(): - network = netaddr.IPNetwork(intf_info["cidr"]) - if sys_intf_mappings[intf_info["name"]]["type"] == "ovs": - intf_name = intf_info["name"] - else: - intf_name = intf_info["alias"] - cmd = "ip addr add %s/%s brd %s dev %s;" \ - % (intf_info["ip"], intf_info["netmask"], str(network.broadcast), intf_name) # noqa - if "gw" in intf_info: - cmd += "route del default;" - cmd += "ip route add default via %s dev %s" % ( - intf_info["gw"], intf_name) - LOG.info("setup_ips: cmd=%s" % cmd) - os.system(cmd) - - -def main(config): - uplink_map = {} - setup_bondings(config["bond_mappings"]) - for provider_net in config["provider_net_mappings"]: - uplink_map[provider_net['name']] = provider_net['interface'] - - setup_intfs(config["sys_intf_mappings"], uplink_map) - setup_ips(config["ip_settings"], config["sys_intf_mappings"]) - -if __name__ == "__main__": - if re.search('Ubuntu', platform.platform()): - os.system("service openvswitch-switch start") - elif re.search('redhat|centos', platform.platform()): - os.system("service openvswitch start") - else: - os.system("echo 'ERROR: no service named openvswitch'") - config = yaml.load(open(config_path)) - main(config) diff --git a/deploy/adapters/ansible/roles/setup-network/tasks/main.yml b/deploy/adapters/ansible/roles/setup-network/tasks/main.yml deleted file mode 100644 index 24d69f6e..00000000 --- a/deploy/adapters/ansible/roles/setup-network/tasks/main.yml +++ /dev/null @@ -1,87 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: disable NetworkManager - service: name=NetworkManager state=stopped enabled=no - when: ansible_os_family == 'RedHat' - -- name: enable network service - service: name=network state=started enabled=yes - when: ansible_os_family == 'RedHat' - -- name: add ovs bridge - openvswitch_bridge: bridge={{ item["name"] }} state=present - with_items: "{{ network_cfg['provider_net_mappings'] }}" - when: 'item["type"] == "ovs"' - -- name: add ovs uplink - openvswitch_port: bridge={{ item["name"] }} port={{ item["interface"] }} - state=present - with_items: "{{ network_cfg['provider_net_mappings'] }}" - when: 'item["type"] == "ovs"' - -- name: add ovs uplink - shell: ip link set {{ item["interface"] }} up - with_items: "{{ network_cfg['provider_net_mappings'] }}" - when: 'item["type"] == "ovs"' - -- name: ensure script dir exist - shell: mkdir -p /opt/setup_networks - -- name: copy scripts - copy: src={{ item }} dest=/opt/setup_networks - with_items: - - setup_networks/log.py - - setup_networks/setup_networks.py - - setup_networks/check_network.py - tags: - - network_check - -- name: copy boot scripts - copy: src={{ item }} dest=/etc/init.d/ mode=0755 - with_items: - - setup_networks/net_init - -- name: copy config files - template: src=network.cfg dest=/opt/setup_networks - -- name: make sure python lib exist - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: - - python-yaml - - python-netaddr - -- name: run scripts - shell: python /opt/setup_networks/setup_networks.py - tags: - - recovery - -- name: check basic network connectivity - shell: > - python /opt/setup_networks/check_network.py \ - "{{ inventory_hostname }}" \ - "{{ ip_settings | to_json }}" - register: result - until: result.stderr.find('unreachable')==-1 - retries: 3 - delay: 2 - tags: - - network_check - -- name: add to boot scripts - shell: update-rc.d net_init defaults - when: ansible_os_family == "Debian" - -- name: add to boot scripts - shell: | - chkconfig --add net_init; - chkconfig --level 2345 net_init on; - when: ansible_os_family == 'RedHat' - -- meta: flush_handlers diff --git a/deploy/adapters/ansible/roles/setup-network/templates/my_configs.debian b/deploy/adapters/ansible/roles/setup-network/templates/my_configs.debian deleted file mode 100644 index 5ab1519b..00000000 --- a/deploy/adapters/ansible/roles/setup-network/templates/my_configs.debian +++ /dev/null @@ -1,14 +0,0 @@ -{%- for alias, intf in host_ip_settings.items() %} - -auto {{ alias }} -iface {{ alias }} inet static - address {{ intf["ip"] }} - netmask {{ intf["netmask"] }} -{% if "gw" in intf %} - gateway {{ intf["gw"] }} -{% endif %} -{% if intf["name"] == alias %} - pre-up ip link set {{ sys_intf_mappings[alias]["interface"] }} up - pre-up ip link add link {{ sys_intf_mappings[alias]["interface"] }} name {{ alias }} type vlan id {{ sys_intf_mappings[alias]["vlan_tag"] }} -{% endif %} -{% endfor %} diff --git a/deploy/adapters/ansible/roles/setup-network/templates/network.cfg b/deploy/adapters/ansible/roles/setup-network/templates/network.cfg deleted file mode 100644 index cf271ad6..00000000 --- a/deploy/adapters/ansible/roles/setup-network/templates/network.cfg +++ /dev/null @@ -1,5 +0,0 @@ -bond_mappings: {{ network_cfg["bond_mappings"] | to_json }} -ip_settings: {{ ip_settings[inventory_hostname] | to_json }} -sys_intf_mappings: {{ sys_intf_mappings | to_json }} -provider_net_mappings: {{ network_cfg["provider_net_mappings"] | to_json }} - diff --git a/deploy/adapters/ansible/roles/setup-openstack/tasks/main.yml b/deploy/adapters/ansible/roles/setup-openstack/tasks/main.yml new file mode 100644 index 00000000..b71612f7 --- /dev/null +++ b/deploy/adapters/ansible/roles/setup-openstack/tasks/main.yml @@ -0,0 +1,27 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: setup openstack + shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_ocata-opnfv2/ansible.log; \ + export ANSIBLE_SCP_IF_SSH=y; \ + cd /opt/openstack-ansible/playbooks; \ + openstack-ansible setup-openstack.yml \ + | tee -a /var/log/osa/openstack.log > /dev/null" + +- name: read the ansible log file + shell: cat /var/log/osa/openstack.log | tail -n 1000 + register: setup_openstack_result + +- fail: + msg: "some task failed when setup openstack." + when: setup_openstack_result.stdout.find('failed=1') != -1 + +- fail: + msg: "some host are unreachable." + when: setup_openstack_result.stdout.find('unreachable=1') != -1 diff --git a/deploy/adapters/ansible/roles/aodh/tasks/main.yml b/deploy/adapters/ansible/roles/setup-openvswitch/tasks/main.yml index 9b61915f..a424f974 100644 --- a/deploy/adapters/ansible/roles/aodh/tasks/main.yml +++ b/deploy/adapters/ansible/roles/setup-openvswitch/tasks/main.yml @@ -7,17 +7,10 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## --- -- include: aodh_install.yml - tags: - - install - - aodh_install - - aodh - -- include: aodh_config.yml - when: inventory_hostname == groups['controller'][0] - tags: - - config - - aodh_config - - aodh - -- meta: flush_handlers +- name: setup openvswitch + shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_ocata-opnfv2/ansible.log; \ + cd /opt/openstack-ansible/playbooks; \ + openstack-ansible setup-ovs.yml \ + | tee -a /var/log/osa/ovs.log > /dev/null" + when: NEUTRON_MECHANISM_DRIVERS[0] == "openvswitch" or + NEUTRON_MECHANISM_DRIVERS[0] == "opendaylight" diff --git a/deploy/adapters/ansible/roles/storage/tasks/loop.yml b/deploy/adapters/ansible/roles/storage/tasks/loop.yml index b0fb9c21..599e2ced 100755 --- a/deploy/adapters/ansible/roles/storage/tasks/loop.yml +++ b/deploy/adapters/ansible/roles/storage/tasks/loop.yml @@ -27,5 +27,5 @@ register: loop_device_filterd - name: create physical and group volumes - lvg: vg=storage-volumes pvs={{ loop_device_filterd.stdout }} + lvg: vg=cinder-volumes pvs={{ loop_device_filterd.stdout }} vg_options=--force diff --git a/deploy/adapters/ansible/roles/storage/tasks/real.yml b/deploy/adapters/ansible/roles/storage/tasks/real.yml index 7845a235..6c2ac4a6 100755 --- a/deploy/adapters/ansible/roles/storage/tasks/real.yml +++ b/deploy/adapters/ansible/roles/storage/tasks/real.yml @@ -12,5 +12,5 @@ ignore_errors: "True" - name: create physical and group volumes - lvg: vg=storage-volumes pvs={{ physical_device }} + lvg: vg=cinder-volumes pvs={{ physical_device }} vg_options=--force diff --git a/deploy/adapters/ansible/roles/swift/tasks/main.yml b/deploy/adapters/ansible/roles/swift/tasks/main.yml deleted file mode 100644 index 0f083146..00000000 --- a/deploy/adapters/ansible/roles/swift/tasks/main.yml +++ /dev/null @@ -1,11 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include: swift.yml - when: moon == "Enable" diff --git a/deploy/adapters/ansible/roles/swift/tasks/swift-compute1.yml b/deploy/adapters/ansible/roles/swift/tasks/swift-compute1.yml deleted file mode 100644 index f4f4f7b9..00000000 --- a/deploy/adapters/ansible/roles/swift/tasks/swift-compute1.yml +++ /dev/null @@ -1,66 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: disable auto start - copy: - content: "#!/bin/sh\nexit 101" - dest: "/usr/sbin/policy-rc.d" - mode: 0755 - when: ansible_os_family == "Debian" - -- name: install swift-compute packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: compute_packages | union(compute_packages_noarch) - -- name: enable auto start - file: - path=/usr/sbin/policy-rc.d - state=absent - when: ansible_os_family == "Debian" - -- name: format devices - shell: > - dd if=/dev/zero of=/var/swift1 bs=1G count=10; - dd if=/dev/zero of=/var/swift2 bs=1G count=10; - mkfs.xfs /var/swift1; - mkfs.xfs /var/swift2; - -- name: create mount point dirertory - shell: > - mkdir -p /srv/node/swift1; - mkdir -p /srv/node/swift2; - -- name: edit /etc/fstab - shell: > - echo "/var/swift1 /srv/node/swift1/ xfs noatime,nodiratime,nobarrier,logbufs=8 0 2" \ - >> /etc/fstab; - echo "/var/swift2 /srv/node/swift2/ xfs noatime,nodiratime,nobarrier,logbufs=8 0 2" \ - >> /etc/fstab; - mount /srv/node/swift1; - mount /srv/node/swift2; - -- name: edit /etc/default/rsync - shell: sed -i 's/RSYNC_ENABLE=false/RSYNC_ENABLE=true/g' /etc/default/rsync - -- name: restart rsync service - service: name=rsync state=restarted enabled=yes - -- name: copy scripts - template: src={{ item }} dest=/etc/swift/ backup=yes - with_items: - - account-server.conf - - container-server.conf - - object-server.conf - -- name: change directory - shell: > - chown -R swift:swift /srv/node; - mkdir -p /var/cache/swift; - chown -R root:swift /var/cache/swift; - chmod -R 775 /var/cache/swift; diff --git a/deploy/adapters/ansible/roles/swift/tasks/swift-controller1.yml b/deploy/adapters/ansible/roles/swift/tasks/swift-controller1.yml deleted file mode 100644 index 7346da10..00000000 --- a/deploy/adapters/ansible/roles/swift/tasks/swift-controller1.yml +++ /dev/null @@ -1,32 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- - -- name: disable auto start - copy: - content: "#!/bin/sh\nexit 101" - dest: "/usr/sbin/policy-rc.d" - mode: 0755 - when: ansible_os_family == "Debian" - -- name: install swift-controllor packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: controller_packages | union(controller_packages_noarch) - -- name: enable auto start - file: - path=/usr/sbin/policy-rc.d - state=absent - when: ansible_os_family == "Debian" - -- name: make swift directory - file: path=/etc/swift state=directory mode=0755 - -- name: update proxy-server conf - template: src=proxy-server.conf dest=/etc/swift/proxy-server.conf backup=yes diff --git a/deploy/adapters/ansible/roles/swift/tasks/swift-controller2.yml b/deploy/adapters/ansible/roles/swift/tasks/swift-controller2.yml deleted file mode 100644 index 75e77882..00000000 --- a/deploy/adapters/ansible/roles/swift/tasks/swift-controller2.yml +++ /dev/null @@ -1,100 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: create account.builder file - shell: > - cd /etc/swift; - swift-ring-builder account.builder create 10 3 1; - -- name: add each storage node to the ring - shell: > - cd /etc/swift; - swift-ring-builder account.builder add --region 1 --zone 1 \ - --ip {{ ip_settings[item.1]['mgmt']['ip'] }} --port 6002 \ - --device swift1 --weight 100 ; - swift-ring-builder account.builder add --region 1 --zone 1 \ - --ip {{ ip_settings[item.1]['mgmt']['ip'] }} --port 6002 \ - --device swift2 --weight 100 ; - with_indexed_items: groups['compute'] - -- name: verify the ring contents 1 - shell: > - cd /etc/swift; - swift-ring-builder account.builder; - -- name: rebalance the ring - shell: > - cd /etc/swift; - swift-ring-builder account.builder rebalance; - -- name: create contrainer builder file - shell: > - cd /etc/swift; - swift-ring-builder container.builder create 10 3 1; - -- name: add each storage node to the ring - shell: > - cd /etc/swift; - swift-ring-builder container.builder add --region 1 --zone 1 \ - --ip {{ ip_settings[item.1]['mgmt']['ip'] }} --port 6001 \ - --device swift1 --weight 100; - swift-ring-builder container.builder add --region 1 --zone 1 \ - --ip {{ ip_settings[item.1]['mgmt']['ip'] }} --port 6001 \ - --device swift2 --weight 100; - with_indexed_items: groups['compute'] - -- name: verify the ring contents 2 - shell: > - cd /etc/swift; - swift-ring-builder container.builder; - -- name: rebalance the ring - shell: > - cd /etc/swift; - swift-ring-builder container.builder rebalance; - -- name: create object builder file - shell: > - cd /etc/swift; - swift-ring-builder object.builder create 10 3 1; - -- name: add each storage node to the ring - shell: > - cd /etc/swift; - swift-ring-builder object.builder add --region 1 --zone 1 \ - --ip {{ ip_settings[item.1]['mgmt']['ip'] }} --port 6000 \ - --device swift1 --weight 100; - swift-ring-builder object.builder add --region 1 --zone 1 \ - --ip {{ ip_settings[item.1]['mgmt']['ip'] }} --port 6000 \ - --device swift2 --weight 100; - with_indexed_items: groups['compute'] - -- name: verify the ring contents - shell: > - cd /etc/swift; - swift-ring-builder object.builder; - -- name: rebalance the ring - shell: > - cd /etc/swift; - swift-ring-builder object.builder rebalance; - -- name: distribute ring configuration files to the other controller - shell: > - cd /etc/swift; - scp account.ring.gz container.ring.gz object.ring.gz \ - root@{{ ip_settings[item.1]['mgmt']['ip'] }}:/etc/swift/; - with_indexed_items: groups['controller'] - -- name: distribute ring configuration files to the all compute - shell: > - cd /etc/swift; - scp account.ring.gz container.ring.gz object.ring.gz \ - root@{{ ip_settings[item.1]['mgmt']['ip'] }}:/etc/swift/; - with_indexed_items: groups['compute'] diff --git a/deploy/adapters/ansible/roles/swift/tasks/swift.yml b/deploy/adapters/ansible/roles/swift/tasks/swift.yml deleted file mode 100644 index 473c2710..00000000 --- a/deploy/adapters/ansible/roles/swift/tasks/swift.yml +++ /dev/null @@ -1,79 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - -- include: swift-controller1.yml - when: inventory_hostname in groups['controller'] - -- include: swift-compute1.yml - when: inventory_hostname in groups['compute'] - -- include: swift-controller2.yml - when: inventory_hostname == haproxy_hosts.keys()[0] - -- name: copy swift.conf - template: src=swift.conf dest=/etc/swift/swift.conf backup=yes - -- name: chown /etc/swift - shell: chown -R root:swift /etc/swift - -- name: restart tasks on controller - service: name={{ item }} state=restarted enabled=yes - with_items: - - memcached - - swift-proxy - when: inventory_hostname in groups['controller'] - -- name: restart tasks on compute - shell: swift-init all start - when: inventory_hostname in groups['compute'] - ignore_errors: "True" - -- name: restart tasks on controller - service: name={{ item }} state=restarted enabled=yes - with_items: - - rsync - when: inventory_hostname in groups['compute'] - -- name: upload swift lib - unarchive: src=swift-lib.tar.gz dest=/tmp/ - -- name: copy swift lib - command: su -s /bin/sh -c "cp /tmp/swift-lib/* /usr/lib/" - -- name: wait 30 seconds - shell: sleep 30 - -- name: create swift task script - shell: echo {{ item }} >> /opt/swift-service - with_items: - - swift-account - - swift-account-replicator - - swift-container-replicator - - swift-object - - swift-object-updater - - swift-account-auditor - - swift-container - - swift-container-sync - - swift-object-auditor - - swift-account-reaper - - swift-container-auditor - - swift-container-updater - - swift-object-replicator - when: inventory_hostname in groups['compute'] - ignore_errors: "True" - -- name: restart swift task - shell: > - for i in `cat /opt/swift-service`; do service $i start; done; - sleep 10; - for i in `cat /opt/swift-service`; do service $i restart; done; - when: inventory_hostname in groups['compute'] - ignore_errors: "True" diff --git a/deploy/adapters/ansible/roles/swift/templates/account-server.conf b/deploy/adapters/ansible/roles/swift/templates/account-server.conf deleted file mode 100644 index ea84799f..00000000 --- a/deploy/adapters/ansible/roles/swift/templates/account-server.conf +++ /dev/null @@ -1,200 +0,0 @@ -[DEFAULT] -bind_ip = {{ internal_ip }} -bind_port = 6002 -# bind_timeout = 30 -# backlog = 4096 -user = swift -swift_dir = /etc/swift -devices = /srv/node -mount_check = true -# disable_fallocate = false -# -# Use an integer to override the number of pre-forked processes that will -# accept connections. -# workers = auto -# -# Maximum concurrent requests per worker -# max_clients = 1024 -# -# You can specify default log routing here if you want: -# log_name = swift -# log_facility = LOG_LOCAL0 -# log_level = INFO -# log_address = /dev/log -# The following caps the length of log lines to the value given; no limit if -# set to 0, the default. -# log_max_line_length = 0 -# -# comma separated list of functions to call to setup custom log handlers. -# functions get passed: conf, name, log_to_console, log_route, fmt, logger, -# adapted_logger -# log_custom_handlers = -# -# If set, log_udp_host will override log_address -# log_udp_host = -# log_udp_port = 514 -# -# You can enable StatsD logging here: -# log_statsd_host = -# log_statsd_port = 8125 -# log_statsd_default_sample_rate = 1.0 -# log_statsd_sample_rate_factor = 1.0 -# log_statsd_metric_prefix = -# -# If you don't mind the extra disk space usage in overhead, you can turn this -# on to preallocate disk space with SQLite databases to decrease fragmentation. -# db_preallocation = off -# -# eventlet_debug = false -# -# You can set fallocate_reserve to the number of bytes you'd like fallocate to -# reserve, whether there is space for the given file size or not. -# fallocate_reserve = 0 - -[pipeline:main] -pipeline = healthcheck recon account-server - -[app:account-server] -use = egg:swift#account -# You can override the default log routing for this app here: -# set log_name = account-server -# set log_facility = LOG_LOCAL0 -# set log_level = INFO -# set log_requests = true -# set log_address = /dev/log -# -# auto_create_account_prefix = . -# -# Configure parameter for creating specific server -# To handle all verbs, including replication verbs, do not specify -# "replication_server" (this is the default). To only handle replication, -# set to a True value (e.g. "True" or "1"). To handle only non-replication -# verbs, set to "False". Unless you have a separate replication network, you -# should not specify any value for "replication_server". Default is empty. -# replication_server = false - -[filter:healthcheck] -use = egg:swift#healthcheck -# An optional filesystem path, which if present, will cause the healthcheck -# URL to return "503 Service Unavailable" with a body of "DISABLED BY FILE" -# disable_path = - -[filter:recon] -use = egg:swift#recon -recon_cache_path = /var/cache/swift - -[account-replicator] -# You can override the default log routing for this app here (don't use set!): -# log_name = account-replicator -# log_facility = LOG_LOCAL0 -# log_level = INFO -# log_address = /dev/log -# -# Maximum number of database rows that will be sync'd in a single HTTP -# replication request. Databases with less than or equal to this number of -# differing rows will always be sync'd using an HTTP replication request rather -# than using rsync. -# per_diff = 1000 -# -# Maximum number of HTTP replication requests attempted on each replication -# pass for any one container. This caps how long the replicator will spend -# trying to sync a given database per pass so the other databases don't get -# starved. -# max_diffs = 100 -# -# Number of replication workers to spawn. -# concurrency = 8 -# -# Time in seconds to wait between replication passes -# interval = 30 -# run_pause is deprecated, use interval instead -# run_pause = 30 -# -# node_timeout = 10 -# conn_timeout = 0.5 -# -# The replicator also performs reclamation -# reclaim_age = 604800 -# -# Allow rsync to compress data which is transmitted to destination node -# during sync. However, this is applicable only when destination node is in -# a different region than the local one. -# rsync_compress = no -# -# Format of the rysnc module where the replicator will send data. See -# etc/rsyncd.conf-sample for some usage examples. -# rsync_module = {replication_ip}::account -# -# recon_cache_path = /var/cache/swift - -[account-auditor] -# You can override the default log routing for this app here (don't use set!): -# log_name = account-auditor -# log_facility = LOG_LOCAL0 -# log_level = INFO -# log_address = /dev/log -# -# Will audit each account at most once per interval -# interval = 1800 -# -# accounts_per_second = 200 -# recon_cache_path = /var/cache/swift - -[account-reaper] -# You can override the default log routing for this app here (don't use set!): -# log_name = account-reaper -# log_facility = LOG_LOCAL0 -# log_level = INFO -# log_address = /dev/log -# -# concurrency = 25 -# interval = 3600 -# node_timeout = 10 -# conn_timeout = 0.5 -# -# Normally, the reaper begins deleting account information for deleted accounts -# immediately; you can set this to delay its work however. The value is in -# seconds; 2592000 = 30 days for example. -# delay_reaping = 0 -# -# If the account fails to be be reaped due to a persistent error, the -# account reaper will log a message such as: -# Account <name> has not been reaped since <date> -# You can search logs for this message if space is not being reclaimed -# after you delete account(s). -# Default is 2592000 seconds (30 days). This is in addition to any time -# requested by delay_reaping. -# reap_warn_after = 2592000 - -# Note: Put it at the beginning of the pipeline to profile all middleware. But -# it is safer to put this after healthcheck. -[filter:xprofile] -use = egg:swift#xprofile -# This option enable you to switch profilers which should inherit from python -# standard profiler. Currently the supported value can be 'cProfile', -# 'eventlet.green.profile' etc. -# profile_module = eventlet.green.profile -# -# This prefix will be used to combine process ID and timestamp to name the -# profile data file. Make sure the executing user has permission to write -# into this path (missing path segments will be created, if necessary). -# If you enable profiling in more than one type of daemon, you must override -# it with an unique value like: /var/log/swift/profile/account.profile -# log_filename_prefix = /tmp/log/swift/profile/default.profile -# -# the profile data will be dumped to local disk based on above naming rule -# in this interval. -# dump_interval = 5.0 -# -# Be careful, this option will enable profiler to dump data into the file with -# time stamp which means there will be lots of files piled up in the directory. -# dump_timestamp = false -# -# This is the path of the URL to access the mini web UI. -# path = /__profile__ -# -# Clear the data when the wsgi server shutdown. -# flush_at_shutdown = false -# -# unwind the iterator of applications -# unwind = false diff --git a/deploy/adapters/ansible/roles/swift/templates/container-server.conf b/deploy/adapters/ansible/roles/swift/templates/container-server.conf deleted file mode 100644 index 88cd2ebb..00000000 --- a/deploy/adapters/ansible/roles/swift/templates/container-server.conf +++ /dev/null @@ -1,229 +0,0 @@ -[DEFAULT] -bind_ip = {{ internal_ip }} -bind_port = 6001 -# bind_timeout = 30 -# backlog = 4096 -user = swift -swift_dir = /etc/swift -devices = /srv/node -mount_check = true -# disable_fallocate = false -# -# Use an integer to override the number of pre-forked processes that will -# accept connections. -# workers = auto -# -# Maximum concurrent requests per worker -# max_clients = 1024 -# -# This is a comma separated list of hosts allowed in the X-Container-Sync-To -# field for containers. This is the old-style of using container sync. It is -# strongly recommended to use the new style of a separate -# container-sync-realms.conf -- see container-sync-realms.conf-sample -# allowed_sync_hosts = 127.0.0.1 -# -# You can specify default log routing here if you want: -# log_name = swift -# log_facility = LOG_LOCAL0 -# log_level = INFO -# log_address = /dev/log -# The following caps the length of log lines to the value given; no limit if -# set to 0, the default. -# log_max_line_length = 0 -# -# comma separated list of functions to call to setup custom log handlers. -# functions get passed: conf, name, log_to_console, log_route, fmt, logger, -# adapted_logger -# log_custom_handlers = -# -# If set, log_udp_host will override log_address -# log_udp_host = -# log_udp_port = 514 -# -# You can enable StatsD logging here: -# log_statsd_host = -# log_statsd_port = 8125 -# log_statsd_default_sample_rate = 1.0 -# log_statsd_sample_rate_factor = 1.0 -# log_statsd_metric_prefix = -# -# If you don't mind the extra disk space usage in overhead, you can turn this -# on to preallocate disk space with SQLite databases to decrease fragmentation. -# db_preallocation = off -# -# eventlet_debug = false -# -# You can set fallocate_reserve to the number of bytes you'd like fallocate to -# reserve, whether there is space for the given file size or not. -# fallocate_reserve = 0 - -[pipeline:main] -pipeline = healthcheck recon container-server - -[app:container-server] -use = egg:swift#container -# You can override the default log routing for this app here: -# set log_name = container-server -# set log_facility = LOG_LOCAL0 -# set log_level = INFO -# set log_requests = true -# set log_address = /dev/log -# -# node_timeout = 3 -# conn_timeout = 0.5 -# allow_versions = false -# auto_create_account_prefix = . -# -# Configure parameter for creating specific server -# To handle all verbs, including replication verbs, do not specify -# "replication_server" (this is the default). To only handle replication, -# set to a True value (e.g. "True" or "1"). To handle only non-replication -# verbs, set to "False". Unless you have a separate replication network, you -# should not specify any value for "replication_server". -# replication_server = false - -[filter:healthcheck] -use = egg:swift#healthcheck -# An optional filesystem path, which if present, will cause the healthcheck -# URL to return "503 Service Unavailable" with a body of "DISABLED BY FILE" -# disable_path = - -[filter:recon] -use = egg:swift#recon -recon_cache_path = /var/cache/swift - -[container-replicator] -# You can override the default log routing for this app here (don't use set!): -# log_name = container-replicator -# log_facility = LOG_LOCAL0 -# log_level = INFO -# log_address = /dev/log -# -# Maximum number of database rows that will be sync'd in a single HTTP -# replication request. Databases with less than or equal to this number of -# differing rows will always be sync'd using an HTTP replication request rather -# than using rsync. -# per_diff = 1000 -# -# Maximum number of HTTP replication requests attempted on each replication -# pass for any one container. This caps how long the replicator will spend -# trying to sync a given database per pass so the other databases don't get -# starved. -# max_diffs = 100 -# -# Number of replication workers to spawn. -# concurrency = 8 -# -# Time in seconds to wait between replication passes -# interval = 30 -# run_pause is deprecated, use interval instead -# run_pause = 30 -# -# node_timeout = 10 -# conn_timeout = 0.5 -# -# The replicator also performs reclamation -# reclaim_age = 604800 -# -# Allow rsync to compress data which is transmitted to destination node -# during sync. However, this is applicable only when destination node is in -# a different region than the local one. -# rsync_compress = no -# -# Format of the rysnc module where the replicator will send data. See -# etc/rsyncd.conf-sample for some usage examples. -# rsync_module = {replication_ip}::container -# -# recon_cache_path = /var/cache/swift - -[container-updater] -# You can override the default log routing for this app here (don't use set!): -# log_name = container-updater -# log_facility = LOG_LOCAL0 -# log_level = INFO -# log_address = /dev/log -# -# interval = 300 -# concurrency = 4 -# node_timeout = 3 -# conn_timeout = 0.5 -# -# slowdown will sleep that amount between containers -# slowdown = 0.01 -# -# Seconds to suppress updating an account that has generated an error -# account_suppression_time = 60 -# -# recon_cache_path = /var/cache/swift - -[container-auditor] -# You can override the default log routing for this app here (don't use set!): -# log_name = container-auditor -# log_facility = LOG_LOCAL0 -# log_level = INFO -# log_address = /dev/log -# -# Will audit each container at most once per interval -# interval = 1800 -# -# containers_per_second = 200 -# recon_cache_path = /var/cache/swift - -[container-sync] -# You can override the default log routing for this app here (don't use set!): -# log_name = container-sync -# log_facility = LOG_LOCAL0 -# log_level = INFO -# log_address = /dev/log -# -# If you need to use an HTTP Proxy, set it here; defaults to no proxy. -# You can also set this to a comma separated list of HTTP Proxies and they will -# be randomly used (simple load balancing). -# sync_proxy = http://10.1.1.1:8888,http://10.1.1.2:8888 -# -# Will sync each container at most once per interval -# interval = 300 -# -# Maximum amount of time to spend syncing each container per pass -# container_time = 60 -# -# Maximum amount of time in seconds for the connection attempt -# conn_timeout = 5 -# Server errors from requests will be retried by default -# request_tries = 3 -# -# Internal client config file path -# internal_client_conf_path = /etc/swift/internal-client.conf - -# Note: Put it at the beginning of the pipeline to profile all middleware. But -# it is safer to put this after healthcheck. -[filter:xprofile] -use = egg:swift#xprofile -# This option enable you to switch profilers which should inherit from python -# standard profiler. Currently the supported value can be 'cProfile', -# 'eventlet.green.profile' etc. -# profile_module = eventlet.green.profile -# -# This prefix will be used to combine process ID and timestamp to name the -# profile data file. Make sure the executing user has permission to write -# into this path (missing path segments will be created, if necessary). -# If you enable profiling in more than one type of daemon, you must override -# it with an unique value like: /var/log/swift/profile/container.profile -# log_filename_prefix = /tmp/log/swift/profile/default.profile -# -# the profile data will be dumped to local disk based on above naming rule -# in this interval. -# dump_interval = 5.0 -# -# Be careful, this option will enable profiler to dump data into the file with -# time stamp which means there will be lots of files piled up in the directory. -# dump_timestamp = false -# -# This is the path of the URL to access the mini web UI. -# path = /__profile__ -# -# Clear the data when the wsgi server shutdown. -# flush_at_shutdown = false -# -# unwind the iterator of applications -# unwind = false diff --git a/deploy/adapters/ansible/roles/swift/templates/object-server.conf b/deploy/adapters/ansible/roles/swift/templates/object-server.conf deleted file mode 100644 index effd4f22..00000000 --- a/deploy/adapters/ansible/roles/swift/templates/object-server.conf +++ /dev/null @@ -1,347 +0,0 @@ -[DEFAULT] -bind_ip = {{ internal_ip }} -bind_port = 6000 -# bind_timeout = 30 -# backlog = 4096 -user = swift -swift_dir = /etc/swift -devices = /srv/node -mount_check = true -# disable_fallocate = false -# expiring_objects_container_divisor = 86400 -# expiring_objects_account_name = expiring_objects -# -# Use an integer to override the number of pre-forked processes that will -# accept connections. NOTE: if servers_per_port is set, this setting is -# ignored. -# workers = auto -# -# Make object-server run this many worker processes per unique port of -# "local" ring devices across all storage policies. This can help provide -# the isolation of threads_per_disk without the severe overhead. The default -# value of 0 disables this feature. -# servers_per_port = 0 -# -# Maximum concurrent requests per worker -# max_clients = 1024 -# -# You can specify default log routing here if you want: -# log_name = swift -# log_facility = LOG_LOCAL0 -# log_level = INFO -# log_address = /dev/log -# The following caps the length of log lines to the value given; no limit if -# set to 0, the default. -# log_max_line_length = 0 -# -# comma separated list of functions to call to setup custom log handlers. -# functions get passed: conf, name, log_to_console, log_route, fmt, logger, -# adapted_logger -# log_custom_handlers = -# -# If set, log_udp_host will override log_address -# log_udp_host = -# log_udp_port = 514 -# -# You can enable StatsD logging here: -# log_statsd_host = -# log_statsd_port = 8125 -# log_statsd_default_sample_rate = 1.0 -# log_statsd_sample_rate_factor = 1.0 -# log_statsd_metric_prefix = -# -# eventlet_debug = false -# -# You can set fallocate_reserve to the number of bytes you'd like fallocate to -# reserve, whether there is space for the given file size or not. -# fallocate_reserve = 0 -# -# Time to wait while attempting to connect to another backend node. -# conn_timeout = 0.5 -# Time to wait while sending each chunk of data to another backend node. -# node_timeout = 3 -# Time to wait while sending a container update on object update. -# container_update_timeout = 1.0 -# Time to wait while receiving each chunk of data from a client or another -# backend node. -# client_timeout = 60 -# -# network_chunk_size = 65536 -# disk_chunk_size = 65536 - -[pipeline:main] -pipeline = healthcheck recon object-server - -[app:object-server] -use = egg:swift#object -# You can override the default log routing for this app here: -# set log_name = object-server -# set log_facility = LOG_LOCAL0 -# set log_level = INFO -# set log_requests = true -# set log_address = /dev/log -# -# max_upload_time = 86400 -# -# slow is the total amount of seconds an object PUT/DELETE request takes at -# least. If it is faster, the object server will sleep this amount of time minus -# the already passed transaction time. This is only useful for simulating slow -# devices on storage nodes during testing and development. -# slow = 0 -# -# Objects smaller than this are not evicted from the buffercache once read -# keep_cache_size = 5242880 -# -# If true, objects for authenticated GET requests may be kept in buffer cache -# if small enough -# keep_cache_private = false -# -# on PUTs, sync data every n MB -# mb_per_sync = 512 -# -# Comma separated list of headers that can be set in metadata on an object. -# This list is in addition to X-Object-Meta-* headers and cannot include -# Content-Type, etag, Content-Length, or deleted -# allowed_headers = Content-Disposition, Content-Encoding, X-Delete-At, X-Object-Manifest, X-Static-Large-Object -# -# auto_create_account_prefix = . -# -# A value of 0 means "don't use thread pools". A reasonable starting point is -# 4. -# threads_per_disk = 0 -# -# Configure parameter for creating specific server -# To handle all verbs, including replication verbs, do not specify -# "replication_server" (this is the default). To only handle replication, -# set to a True value (e.g. "True" or "1"). To handle only non-replication -# verbs, set to "False". Unless you have a separate replication network, you -# should not specify any value for "replication_server". -# replication_server = false -# -# Set to restrict the number of concurrent incoming SSYNC requests -# Set to 0 for unlimited -# Note that SSYNC requests are only used by the object reconstructor or the -# object replicator when configured to use ssync. -# replication_concurrency = 4 -# -# Restricts incoming SSYNC requests to one per device, -# replication_currency above allowing. This can help control I/O to each -# device, but you may wish to set this to False to allow multiple SSYNC -# requests (up to the above replication_concurrency setting) per device. -# replication_one_per_device = True -# -# Number of seconds to wait for an existing replication device lock before -# giving up. -# replication_lock_timeout = 15 -# -# These next two settings control when the SSYNC subrequest handler will -# abort an incoming SSYNC attempt. An abort will occur if there are at -# least threshold number of failures and the value of failures / successes -# exceeds the ratio. The defaults of 100 and 1.0 means that at least 100 -# failures have to occur and there have to be more failures than successes for -# an abort to occur. -# replication_failure_threshold = 100 -# replication_failure_ratio = 1.0 -# -# Use splice() for zero-copy object GETs. This requires Linux kernel -# version 3.0 or greater. If you set "splice = yes" but the kernel -# does not support it, error messages will appear in the object server -# logs at startup, but your object servers should continue to function. -# -# splice = no - -[filter:healthcheck] -use = egg:swift#healthcheck -# An optional filesystem path, which if present, will cause the healthcheck -# URL to return "503 Service Unavailable" with a body of "DISABLED BY FILE" -# disable_path = - -[filter:recon] -use = egg:swift#recon -recon_cache_path = /var/cache/swift -recon_lock_path = /var/lock - -[object-replicator] -# You can override the default log routing for this app here (don't use set!): -# log_name = object-replicator -# log_facility = LOG_LOCAL0 -# log_level = INFO -# log_address = /dev/log -# -# daemonize = on -# -# Time in seconds to wait between replication passes -# interval = 30 -# run_pause is deprecated, use interval instead -# run_pause = 30 -# -# concurrency = 1 -# stats_interval = 300 -# -# default is rsync, alternative is ssync -# sync_method = rsync -# -# max duration of a partition rsync -# rsync_timeout = 900 -# -# bandwidth limit for rsync in kB/s. 0 means unlimited -# rsync_bwlimit = 0 -# -# passed to rsync for io op timeout -# rsync_io_timeout = 30 -# -# Allow rsync to compress data which is transmitted to destination node -# during sync. However, this is applicable only when destination node is in -# a different region than the local one. -# NOTE: Objects that are already compressed (for example: .tar.gz, .mp3) might -# slow down the syncing process. -# rsync_compress = no -# -# Format of the rysnc module where the replicator will send data. See -# etc/rsyncd.conf-sample for some usage examples. -# rsync_module = {replication_ip}::object -# -# node_timeout = <whatever's in the DEFAULT section or 10> -# max duration of an http request; this is for REPLICATE finalization calls and -# so should be longer than node_timeout -# http_timeout = 60 -# -# attempts to kill all workers if nothing replicates for lockup_timeout seconds -# lockup_timeout = 1800 -# -# The replicator also performs reclamation -# reclaim_age = 604800 -# -# ring_check_interval = 15 -# recon_cache_path = /var/cache/swift -# -# limits how long rsync error log lines are -# 0 means to log the entire line -# rsync_error_log_line_length = 0 -# -# handoffs_first and handoff_delete are options for a special case -# such as disk full in the cluster. These two options SHOULD NOT BE -# CHANGED, except for such an extreme situations. (e.g. disks filled up -# or are about to fill up. Anyway, DO NOT let your drives fill up) -# handoffs_first is the flag to replicate handoffs prior to canonical -# partitions. It allows to force syncing and deleting handoffs quickly. -# If set to a True value(e.g. "True" or "1"), partitions -# that are not supposed to be on the node will be replicated first. -# handoffs_first = False -# -# handoff_delete is the number of replicas which are ensured in swift. -# If the number less than the number of replicas is set, object-replicator -# could delete local handoffs even if all replicas are not ensured in the -# cluster. Object-replicator would remove local handoff partition directories -# after syncing partition when the number of successful responses is greater -# than or equal to this number. By default(auto), handoff partitions will be -# removed when it has successfully replicated to all the canonical nodes. -# handoff_delete = auto - -[object-reconstructor] -# You can override the default log routing for this app here (don't use set!): -# Unless otherwise noted, each setting below has the same meaning as described -# in the [object-replicator] section, however these settings apply to the EC -# reconstructor -# -# log_name = object-reconstructor -# log_facility = LOG_LOCAL0 -# log_level = INFO -# log_address = /dev/log -# -# daemonize = on -# -# Time in seconds to wait between reconstruction passes -# interval = 30 -# run_pause is deprecated, use interval instead -# run_pause = 30 -# -# concurrency = 1 -# stats_interval = 300 -# node_timeout = 10 -# http_timeout = 60 -# lockup_timeout = 1800 -# reclaim_age = 604800 -# ring_check_interval = 15 -# recon_cache_path = /var/cache/swift -# handoffs_first = False - -[object-updater] -# You can override the default log routing for this app here (don't use set!): -# log_name = object-updater -# log_facility = LOG_LOCAL0 -# log_level = INFO -# log_address = /dev/log -# -# interval = 300 -# concurrency = 1 -# node_timeout = <whatever's in the DEFAULT section or 10> -# slowdown will sleep that amount between objects -# slowdown = 0.01 -# -# recon_cache_path = /var/cache/swift - -[object-auditor] -# You can override the default log routing for this app here (don't use set!): -# log_name = object-auditor -# log_facility = LOG_LOCAL0 -# log_level = INFO -# log_address = /dev/log -# -# Time in seconds to wait between auditor passes -# interval = 30 -# -# You can set the disk chunk size that the auditor uses making it larger if -# you like for more efficient local auditing of larger objects -# disk_chunk_size = 65536 -# files_per_second = 20 -# concurrency = 1 -# bytes_per_second = 10000000 -# log_time = 3600 -# zero_byte_files_per_second = 50 -# recon_cache_path = /var/cache/swift - -# Takes a comma separated list of ints. If set, the object auditor will -# increment a counter for every object whose size is <= to the given break -# points and report the result after a full scan. -# object_size_stats = - -# The auditor will cleanup old rsync tempfiles after they are "old -# enough" to delete. You can configure the time elapsed in seconds -# before rsync tempfiles will be unlinked, or the default value of -# "auto" try to use object-replicator's rsync_timeout + 900 and fallback -# to 86400 (1 day). -# rsync_tempfile_timeout = auto - -# Note: Put it at the beginning of the pipleline to profile all middleware. But -# it is safer to put this after healthcheck. -[filter:xprofile] -use = egg:swift#xprofile -# This option enable you to switch profilers which should inherit from python -# standard profiler. Currently the supported value can be 'cProfile', -# 'eventlet.green.profile' etc. -# profile_module = eventlet.green.profile -# -# This prefix will be used to combine process ID and timestamp to name the -# profile data file. Make sure the executing user has permission to write -# into this path (missing path segments will be created, if necessary). -# If you enable profiling in more than one type of daemon, you must override -# it with an unique value like: /var/log/swift/profile/object.profile -# log_filename_prefix = /tmp/log/swift/profile/default.profile -# -# the profile data will be dumped to local disk based on above naming rule -# in this interval. -# dump_interval = 5.0 -# -# Be careful, this option will enable profiler to dump data into the file with -# time stamp which means there will be lots of files piled up in the directory. -# dump_timestamp = false -# -# This is the path of the URL to access the mini web UI. -# path = /__profile__ -# -# Clear the data when the wsgi server shutdown. -# flush_at_shutdown = false -# -# unwind the iterator of applications -# unwind = false diff --git a/deploy/adapters/ansible/roles/swift/templates/proxy-server.conf b/deploy/adapters/ansible/roles/swift/templates/proxy-server.conf deleted file mode 100644 index b76796cf..00000000 --- a/deploy/adapters/ansible/roles/swift/templates/proxy-server.conf +++ /dev/null @@ -1,764 +0,0 @@ -{% set memcached_servers = [] %} -{% for host in haproxy_hosts.values() %} -{% set _ = memcached_servers.append('%s:11211'% host) %} -{% endfor %} -{% set memcached_servers = memcached_servers|join(',') %} -[DEFAULT] -bind_ip = {{ internal_ip }} -bind_port = 8080 -# bind_timeout = 30 -# backlog = 4096 -swift_dir = /etc/swift -user = swift - -# Enables exposing configuration settings via HTTP GET /info. -# expose_info = true - -# Key to use for admin calls that are HMAC signed. Default is empty, -# which will disable admin calls to /info. -# admin_key = secret_admin_key -# -# Allows the ability to withhold sections from showing up in the public calls -# to /info. You can withhold subsections by separating the dict level with a -# ".". The following would cause the sections 'container_quotas' and 'tempurl' -# to not be listed, and the key max_failed_deletes would be removed from -# bulk_delete. Default value is 'swift.valid_api_versions' which allows all -# registered features to be listed via HTTP GET /info except -# swift.valid_api_versions information -# disallowed_sections = swift.valid_api_versions, container_quotas, tempurl - -# Use an integer to override the number of pre-forked processes that will -# accept connections. Should default to the number of effective cpu -# cores in the system. It's worth noting that individual workers will -# use many eventlet co-routines to service multiple concurrent requests. -# workers = auto -# -# Maximum concurrent requests per worker -# max_clients = 1024 -# -# Set the following two lines to enable SSL. This is for testing only. -# cert_file = /etc/swift/proxy.crt -# key_file = /etc/swift/proxy.key -# -# expiring_objects_container_divisor = 86400 -# expiring_objects_account_name = expiring_objects -# -# You can specify default log routing here if you want: -# log_name = swift -# log_facility = LOG_LOCAL0 -# log_level = INFO -# log_headers = false -# log_address = /dev/log -# The following caps the length of log lines to the value given; no limit if -# set to 0, the default. -# log_max_line_length = 0 -# -# This optional suffix (default is empty) that would be appended to the swift transaction -# id allows one to easily figure out from which cluster that X-Trans-Id belongs to. -# This is very useful when one is managing more than one swift cluster. -# trans_id_suffix = -# -# comma separated list of functions to call to setup custom log handlers. -# functions get passed: conf, name, log_to_console, log_route, fmt, logger, -# adapted_logger -# log_custom_handlers = -# -# If set, log_udp_host will override log_address -# log_udp_host = -# log_udp_port = 514 -# -# You can enable StatsD logging here: -# log_statsd_host = -# log_statsd_port = 8125 -# log_statsd_default_sample_rate = 1.0 -# log_statsd_sample_rate_factor = 1.0 -# log_statsd_metric_prefix = -# -# Use a comma separated list of full url (http://foo.bar:1234,https://foo.bar) -# cors_allow_origin = -# strict_cors_mode = True -# -# client_timeout = 60 -# eventlet_debug = false - -[pipeline:main] -# This sample pipeline uses tempauth and is used for SAIO dev work and -# testing. See below for a pipeline using keystone. -#pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk tempurl ratelimit tempauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server -pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server - -# The following pipeline shows keystone integration. Comment out the one -# above and uncomment this one. Additional steps for integrating keystone are -# covered further below in the filter sections for authtoken and keystoneauth. -#pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk tempurl ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server - -[app:proxy-server] -use = egg:swift#proxy -account_autocreate = True -# You can override the default log routing for this app here: -# set log_name = proxy-server -# set log_facility = LOG_LOCAL0 -# set log_level = INFO -# set log_address = /dev/log -# -# log_handoffs = true -# recheck_account_existence = 60 -# recheck_container_existence = 60 -# object_chunk_size = 65536 -# client_chunk_size = 65536 -# -# How long the proxy server will wait on responses from the a/c/o servers. -# node_timeout = 10 -# -# How long the proxy server will wait for an initial response and to read a -# chunk of data from the object servers while serving GET / HEAD requests. -# Timeouts from these requests can be recovered from so setting this to -# something lower than node_timeout would provide quicker error recovery -# while allowing for a longer timeout for non-recoverable requests (PUTs). -# Defaults to node_timeout, should be overriden if node_timeout is set to a -# high number to prevent client timeouts from firing before the proxy server -# has a chance to retry. -# recoverable_node_timeout = node_timeout -# -# conn_timeout = 0.5 -# -# How long to wait for requests to finish after a quorum has been established. -# post_quorum_timeout = 0.5 -# -# How long without an error before a node's error count is reset. This will -# also be how long before a node is reenabled after suppression is triggered. -# error_suppression_interval = 60 -# -# How many errors can accumulate before a node is temporarily ignored. -# error_suppression_limit = 10 -# -# If set to 'true' any authorized user may create and delete accounts; if -# 'false' no one, even authorized, can. -# allow_account_management = false -# -# Set object_post_as_copy = false to turn on fast posts where only the metadata -# changes are stored anew and the original data file is kept in place. This -# makes for quicker posts. -# object_post_as_copy = true -# -# If set to 'true' authorized accounts that do not yet exist within the Swift -# cluster will be automatically created. -# account_autocreate = false -# -# If set to a positive value, trying to create a container when the account -# already has at least this maximum containers will result in a 403 Forbidden. -# Note: This is a soft limit, meaning a user might exceed the cap for -# recheck_account_existence before the 403s kick in. -# max_containers_per_account = 0 -# -# This is a comma separated list of account hashes that ignore the -# max_containers_per_account cap. -# max_containers_whitelist = -# -# Comma separated list of Host headers to which the proxy will deny requests. -# deny_host_headers = -# -# Prefix used when automatically creating accounts. -# auto_create_account_prefix = . -# -# Depth of the proxy put queue. -# put_queue_depth = 10 -# -# Storage nodes can be chosen at random (shuffle), by using timing -# measurements (timing), or by using an explicit match (affinity). -# Using timing measurements may allow for lower overall latency, while -# using affinity allows for finer control. In both the timing and -# affinity cases, equally-sorting nodes are still randomly chosen to -# spread load. -# The valid values for sorting_method are "affinity", "shuffle", or "timing". -# sorting_method = shuffle -# -# If the "timing" sorting_method is used, the timings will only be valid for -# the number of seconds configured by timing_expiry. -# timing_expiry = 300 -# -# By default on a GET/HEAD swift will connect to a storage node one at a time -# in a single thread. There is smarts in the order they are hit however. If you -# turn on concurrent_gets below, then replica count threads will be used. -# With addition of the concurrency_timeout option this will allow swift to send -# out GET/HEAD requests to the storage nodes concurrently and answer with the -# first to respond. With an EC policy the parameter only affects HEAD requests. -# concurrent_gets = off -# -# This parameter controls how long to wait before firing off the next -# concurrent_get thread. A value of 0 would be fully concurrent, any other -# number will stagger the firing of the threads. This number should be -# between 0 and node_timeout. The default is what ever you set for the -# conn_timeout parameter. -# concurrency_timeout = 0.5 -# -# Set to the number of nodes to contact for a normal request. You can use -# '* replicas' at the end to have it use the number given times the number of -# replicas for the ring being used for the request. -# request_node_count = 2 * replicas -# -# Which backend servers to prefer on reads. Format is r<N> for region -# N or r<N>z<M> for region N, zone M. The value after the equals is -# the priority; lower numbers are higher priority. -# -# Example: first read from region 1 zone 1, then region 1 zone 2, then -# anything in region 2, then everything else: -# read_affinity = r1z1=100, r1z2=200, r2=300 -# Default is empty, meaning no preference. -# read_affinity = -# -# Which backend servers to prefer on writes. Format is r<N> for region -# N or r<N>z<M> for region N, zone M. If this is set, then when -# handling an object PUT request, some number (see setting -# write_affinity_node_count) of local backend servers will be tried -# before any nonlocal ones. -# -# Example: try to write to regions 1 and 2 before writing to any other -# nodes: -# write_affinity = r1, r2 -# Default is empty, meaning no preference. -# write_affinity = -# -# The number of local (as governed by the write_affinity setting) -# nodes to attempt to contact first, before any non-local ones. You -# can use '* replicas' at the end to have it use the number given -# times the number of replicas for the ring being used for the -# request. -# write_affinity_node_count = 2 * replicas -# -# These are the headers whose values will only be shown to swift_owners. The -# exact definition of a swift_owner is up to the auth system in use, but -# usually indicates administrative responsibilities. -# swift_owner_headers = x-container-read, x-container-write, x-container-sync-key, x-container-sync-to, x-account-meta-temp-url-key, x-account-meta-temp-url-key-2, x-container-meta-temp-url-key, x-container-meta-temp-url-key-2, x-account-access-control - -[filter:tempauth] -use = egg:swift#tempauth -# You can override the default log routing for this filter here: -# set log_name = tempauth -# set log_facility = LOG_LOCAL0 -# set log_level = INFO -# set log_headers = false -# set log_address = /dev/log -# -# The reseller prefix will verify a token begins with this prefix before even -# attempting to validate it. Also, with authorization, only Swift storage -# accounts with this prefix will be authorized by this middleware. Useful if -# multiple auth systems are in use for one Swift cluster. -# The reseller_prefix may contain a comma separated list of items. The first -# item is used for the token as mentioned above. If second and subsequent -# items exist, the middleware will handle authorization for an account with -# that prefix. For example, for prefixes "AUTH, SERVICE", a path of -# /v1/SERVICE_account is handled the same as /v1/AUTH_account. If an empty -# (blank) reseller prefix is required, it must be first in the list. Two -# single quote characters indicates an empty (blank) reseller prefix. -# reseller_prefix = AUTH - -# -# The require_group parameter names a group that must be presented by -# either X-Auth-Token or X-Service-Token. Usually this parameter is -# used only with multiple reseller prefixes (e.g., SERVICE_require_group=blah). -# By default, no group is needed. Do not use .admin. -# require_group = - -# The auth prefix will cause requests beginning with this prefix to be routed -# to the auth subsystem, for granting tokens, etc. -# auth_prefix = /auth/ -# token_life = 86400 -# -# This allows middleware higher in the WSGI pipeline to override auth -# processing, useful for middleware such as tempurl and formpost. If you know -# you're not going to use such middleware and you want a bit of extra security, -# you can set this to false. -# allow_overrides = true -# -# This specifies what scheme to return with storage urls: -# http, https, or default (chooses based on what the server is running as) -# This can be useful with an SSL load balancer in front of a non-SSL server. -# storage_url_scheme = default -# -# Lastly, you need to list all the accounts/users you want here. The format is: -# user_<account>_<user> = <key> [group] [group] [...] [storage_url] -# or if you want underscores in <account> or <user>, you can base64 encode them -# (with no equal signs) and use this format: -# user64_<account_b64>_<user_b64> = <key> [group] [group] [...] [storage_url] -# There are special groups of: -# .reseller_admin = can do anything to any account for this auth -# .admin = can do anything within the account -# If neither of these groups are specified, the user can only access containers -# that have been explicitly allowed for them by a .admin or .reseller_admin. -# The trailing optional storage_url allows you to specify an alternate url to -# hand back to the user upon authentication. If not specified, this defaults to -# $HOST/v1/<reseller_prefix>_<account> where $HOST will do its best to resolve -# to what the requester would need to use to reach this host. -# Here are example entries, required for running the tests: -user_admin_admin = admin .admin .reseller_admin -user_test_tester = testing .admin -user_test2_tester2 = testing2 .admin -user_test_tester3 = testing3 -user_test5_tester5 = testing5 service - -# To enable Keystone authentication you need to have the auth token -# middleware first to be configured. Here is an example below, please -# refer to the keystone's documentation for details about the -# different settings. -# -# You'll also need to have the keystoneauth middleware enabled and have it in -# your main pipeline, as show in the sample pipeline at the top of this file. -# -# Following parameters are known to work with keystonemiddleware v2.3.0 -# (above v2.0.0), but checking the latest information in the wiki page[1] -# is recommended. -# 1. http://docs.openstack.org/developer/keystonemiddleware/middlewarearchitecture.html#configuration -# -[filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory -auth_uri = http://{{ internal_vip.ip }}:5000 -auth_url = http://{{ internal_vip.ip }}:35357 -identity_uri = http://{{ internal_vip.ip }}:35357 -memcached_servers = {{ memcached_servers }} -#auth_plugin = password -auth_type = password -project_domain_id = default -user_domain_id = default -project_name = service -username = swift -password = {{ CINDER_PASS }} -delay_auth_decision = True -# -# delay_auth_decision defaults to False, but leaving it as false will -# prevent other auth systems, staticweb, tempurl, formpost, and ACLs from -# working. This value must be explicitly set to True. -# delay_auth_decision = False -# -# cache = swift.cache -# include_service_catalog = False -# -[filter:keystoneauth] -use = egg:swift#keystoneauth -operator_roles = admin,user -# The reseller_prefix option lists account namespaces that this middleware is -# responsible for. The prefix is placed before the Keystone project id. -# For example, for project 12345678, and prefix AUTH, the account is -# named AUTH_12345678 (i.e., path is /v1/AUTH_12345678/...). -# Several prefixes are allowed by specifying a comma-separated list -# as in: "reseller_prefix = AUTH, SERVICE". The empty string indicates a -# single blank/empty prefix. If an empty prefix is required in a list of -# prefixes, a value of '' (two single quote characters) indicates a -# blank/empty prefix. Except for the blank/empty prefix, an underscore ('_') -# character is appended to the value unless already present. -# reseller_prefix = AUTH -# -# The user must have at least one role named by operator_roles on a -# project in order to create, delete and modify containers and objects -# and to set and read privileged headers such as ACLs. -# If there are several reseller prefix items, you can prefix the -# parameter so it applies only to those accounts (for example -# the parameter SERVICE_operator_roles applies to the /v1/SERVICE_<project> -# path). If you omit the prefix, the option applies to all reseller -# prefix items. For the blank/empty prefix, prefix with '' (do not put -# underscore after the two single quote characters). -# operator_roles = admin, swiftoperator -# -# The reseller admin role has the ability to create and delete accounts -# reseller_admin_role = ResellerAdmin -# -# This allows middleware higher in the WSGI pipeline to override auth -# processing, useful for middleware such as tempurl and formpost. If you know -# you're not going to use such middleware and you want a bit of extra security, -# you can set this to false. -# allow_overrides = true -# -# If the service_roles parameter is present, an X-Service-Token must be -# present in the request that when validated, grants at least one role listed -# in the parameter. The X-Service-Token may be scoped to any project. -# If there are several reseller prefix items, you can prefix the -# parameter so it applies only to those accounts (for example -# the parameter SERVICE_service_roles applies to the /v1/SERVICE_<project> -# path). If you omit the prefix, the option applies to all reseller -# prefix items. For the blank/empty prefix, prefix with '' (do not put -# underscore after the two single quote characters). -# By default, no service_roles are required. -# service_roles = -# -# For backwards compatibility, keystoneauth will match names in cross-tenant -# access control lists (ACLs) when both the requesting user and the tenant -# are in the default domain i.e the domain to which existing tenants are -# migrated. The default_domain_id value configured here should be the same as -# the value used during migration of tenants to keystone domains. -# default_domain_id = default -# -# For a new installation, or an installation in which keystone projects may -# move between domains, you should disable backwards compatible name matching -# in ACLs by setting allow_names_in_acls to false: -# allow_names_in_acls = true - -[filter:healthcheck] -use = egg:swift#healthcheck -# An optional filesystem path, which if present, will cause the healthcheck -# URL to return "503 Service Unavailable" with a body of "DISABLED BY FILE". -# This facility may be used to temporarily remove a Swift node from a load -# balancer pool during maintenance or upgrade (remove the file to allow the -# node back into the load balancer pool). -# disable_path = - -[filter:cache] -use = egg:swift#memcache -memcache_servers = {{ memcached_servers }} -# You can override the default log routing for this filter here: -# set log_name = cache -# set log_facility = LOG_LOCAL0 -# set log_level = INFO -# set log_headers = false -# set log_address = /dev/log -# -# If not set here, the value for memcache_servers will be read from -# memcache.conf (see memcache.conf-sample) or lacking that file, it will -# default to the value below. You can specify multiple servers separated with -# commas, as in: 10.1.2.3:11211,10.1.2.4:11211 (IPv6 addresses must -# follow rfc3986 section-3.2.2, i.e. [::1]:11211) -# memcache_servers = 127.0.0.1:11211 -# -# Sets how memcache values are serialized and deserialized: -# 0 = older, insecure pickle serialization -# 1 = json serialization but pickles can still be read (still insecure) -# 2 = json serialization only (secure and the default) -# If not set here, the value for memcache_serialization_support will be read -# from /etc/swift/memcache.conf (see memcache.conf-sample). -# To avoid an instant full cache flush, existing installations should -# upgrade with 0, then set to 1 and reload, then after some time (24 hours) -# set to 2 and reload. -# In the future, the ability to use pickle serialization will be removed. -# memcache_serialization_support = 2 -# -# Sets the maximum number of connections to each memcached server per worker -# memcache_max_connections = 2 -# -# More options documented in memcache.conf-sample - -[filter:ratelimit] -use = egg:swift#ratelimit -# You can override the default log routing for this filter here: -# set log_name = ratelimit -# set log_facility = LOG_LOCAL0 -# set log_level = INFO -# set log_headers = false -# set log_address = /dev/log -# -# clock_accuracy should represent how accurate the proxy servers' system clocks -# are with each other. 1000 means that all the proxies' clock are accurate to -# each other within 1 millisecond. No ratelimit should be higher than the -# clock accuracy. -# clock_accuracy = 1000 -# -# max_sleep_time_seconds = 60 -# -# log_sleep_time_seconds of 0 means disabled -# log_sleep_time_seconds = 0 -# -# allows for slow rates (e.g. running up to 5 sec's behind) to catch up. -# rate_buffer_seconds = 5 -# -# account_ratelimit of 0 means disabled -# account_ratelimit = 0 - -# DEPRECATED- these will continue to work but will be replaced -# by the X-Account-Sysmeta-Global-Write-Ratelimit flag. -# Please see ratelimiting docs for details. -# these are comma separated lists of account names -# account_whitelist = a,b -# account_blacklist = c,d - -# with container_limit_x = r -# for containers of size x limit write requests per second to r. The container -# rate will be linearly interpolated from the values given. With the values -# below, a container of size 5 will get a rate of 75. -# container_ratelimit_0 = 100 -# container_ratelimit_10 = 50 -# container_ratelimit_50 = 20 - -# Similarly to the above container-level write limits, the following will limit -# container GET (listing) requests. -# container_listing_ratelimit_0 = 100 -# container_listing_ratelimit_10 = 50 -# container_listing_ratelimit_50 = 20 - -[filter:domain_remap] -use = egg:swift#domain_remap -# You can override the default log routing for this filter here: -# set log_name = domain_remap -# set log_facility = LOG_LOCAL0 -# set log_level = INFO -# set log_headers = false -# set log_address = /dev/log -# -# storage_domain = example.com -# path_root = v1 - -# Browsers can convert a host header to lowercase, so check that reseller -# prefix on the account is the correct case. This is done by comparing the -# items in the reseller_prefixes config option to the found prefix. If they -# match except for case, the item from reseller_prefixes will be used -# instead of the found reseller prefix. When none match, the default reseller -# prefix is used. When no default reseller prefix is configured, any request -# with an account prefix not in that list will be ignored by this middleware. -# reseller_prefixes = AUTH -# default_reseller_prefix = - -[filter:catch_errors] -use = egg:swift#catch_errors -# You can override the default log routing for this filter here: -# set log_name = catch_errors -# set log_facility = LOG_LOCAL0 -# set log_level = INFO -# set log_headers = false -# set log_address = /dev/log - -[filter:cname_lookup] -# Note: this middleware requires python-dnspython -use = egg:swift#cname_lookup -# You can override the default log routing for this filter here: -# set log_name = cname_lookup -# set log_facility = LOG_LOCAL0 -# set log_level = INFO -# set log_headers = false -# set log_address = /dev/log -# -# Specify the storage_domain that match your cloud, multiple domains -# can be specified separated by a comma -# storage_domain = example.com -# -# lookup_depth = 1 - -# Note: Put staticweb just after your auth filter(s) in the pipeline -[filter:staticweb] -use = egg:swift#staticweb -# You can override the default log routing for this filter here: -# set log_name = staticweb -# set log_facility = LOG_LOCAL0 -# set log_level = INFO -# set log_headers = false -# set log_address = /dev/log - -# Note: Put tempurl before dlo, slo and your auth filter(s) in the pipeline -[filter:tempurl] -use = egg:swift#tempurl -# The methods allowed with Temp URLs. -# methods = GET HEAD PUT POST DELETE -# -# The headers to remove from incoming requests. Simply a whitespace delimited -# list of header names and names can optionally end with '*' to indicate a -# prefix match. incoming_allow_headers is a list of exceptions to these -# removals. -# incoming_remove_headers = x-timestamp -# -# The headers allowed as exceptions to incoming_remove_headers. Simply a -# whitespace delimited list of header names and names can optionally end with -# '*' to indicate a prefix match. -# incoming_allow_headers = -# -# The headers to remove from outgoing responses. Simply a whitespace delimited -# list of header names and names can optionally end with '*' to indicate a -# prefix match. outgoing_allow_headers is a list of exceptions to these -# removals. -# outgoing_remove_headers = x-object-meta-* -# -# The headers allowed as exceptions to outgoing_remove_headers. Simply a -# whitespace delimited list of header names and names can optionally end with -# '*' to indicate a prefix match. -# outgoing_allow_headers = x-object-meta-public-* - -# Note: Put formpost just before your auth filter(s) in the pipeline -[filter:formpost] -use = egg:swift#formpost - -# Note: Just needs to be placed before the proxy-server in the pipeline. -[filter:name_check] -use = egg:swift#name_check -# forbidden_chars = '"`<> -# maximum_length = 255 -# forbidden_regexp = /\./|/\.\./|/\.$|/\.\.$ - -[filter:list-endpoints] -use = egg:swift#list_endpoints -# list_endpoints_path = /endpoints/ - -[filter:proxy-logging] -use = egg:swift#proxy_logging -# If not set, logging directives from [DEFAULT] without "access_" will be used -# access_log_name = swift -# access_log_facility = LOG_LOCAL0 -# access_log_level = INFO -# access_log_address = /dev/log -# -# If set, access_log_udp_host will override access_log_address -# access_log_udp_host = -# access_log_udp_port = 514 -# -# You can use log_statsd_* from [DEFAULT] or override them here: -# access_log_statsd_host = -# access_log_statsd_port = 8125 -# access_log_statsd_default_sample_rate = 1.0 -# access_log_statsd_sample_rate_factor = 1.0 -# access_log_statsd_metric_prefix = -# access_log_headers = false -# -# If access_log_headers is True and access_log_headers_only is set only -# these headers are logged. Multiple headers can be defined as comma separated -# list like this: access_log_headers_only = Host, X-Object-Meta-Mtime -# access_log_headers_only = -# -# By default, the X-Auth-Token is logged. To obscure the value, -# set reveal_sensitive_prefix to the number of characters to log. -# For example, if set to 12, only the first 12 characters of the -# token appear in the log. An unauthorized access of the log file -# won't allow unauthorized usage of the token. However, the first -# 12 or so characters is unique enough that you can trace/debug -# token usage. Set to 0 to suppress the token completely (replaced -# by '...' in the log). -# Note: reveal_sensitive_prefix will not affect the value -# logged with access_log_headers=True. -# reveal_sensitive_prefix = 16 -# -# What HTTP methods are allowed for StatsD logging (comma-sep); request methods -# not in this list will have "BAD_METHOD" for the <verb> portion of the metric. -# log_statsd_valid_http_methods = GET,HEAD,POST,PUT,DELETE,COPY,OPTIONS -# -# Note: The double proxy-logging in the pipeline is not a mistake. The -# left-most proxy-logging is there to log requests that were handled in -# middleware and never made it through to the right-most middleware (and -# proxy server). Double logging is prevented for normal requests. See -# proxy-logging docs. - -# Note: Put before both ratelimit and auth in the pipeline. -[filter:bulk] -use = egg:swift#bulk -# max_containers_per_extraction = 10000 -# max_failed_extractions = 1000 -# max_deletes_per_request = 10000 -# max_failed_deletes = 1000 - -# In order to keep a connection active during a potentially long bulk request, -# Swift may return whitespace prepended to the actual response body. This -# whitespace will be yielded no more than every yield_frequency seconds. -# yield_frequency = 10 - -# Note: The following parameter is used during a bulk delete of objects and -# their container. This would frequently fail because it is very likely -# that all replicated objects have not been deleted by the time the middleware got a -# successful response. It can be configured the number of retries. And the -# number of seconds to wait between each retry will be 1.5**retry - -# delete_container_retry_count = 0 - -# Note: Put after auth and staticweb in the pipeline. -[filter:slo] -use = egg:swift#slo -# max_manifest_segments = 1000 -# max_manifest_size = 2097152 -# -# Rate limiting applies only to segments smaller than this size (bytes). -# rate_limit_under_size = 1048576 -# -# Start rate-limiting SLO segment serving after the Nth small segment of a -# segmented object. -# rate_limit_after_segment = 10 -# -# Once segment rate-limiting kicks in for an object, limit segments served -# to N per second. 0 means no rate-limiting. -# rate_limit_segments_per_sec = 1 -# -# Time limit on GET requests (seconds) -# max_get_time = 86400 - -# Note: Put after auth and staticweb in the pipeline. -# If you don't put it in the pipeline, it will be inserted for you. -[filter:dlo] -use = egg:swift#dlo -# Start rate-limiting DLO segment serving after the Nth segment of a -# segmented object. -# rate_limit_after_segment = 10 -# -# Once segment rate-limiting kicks in for an object, limit segments served -# to N per second. 0 means no rate-limiting. -# rate_limit_segments_per_sec = 1 -# -# Time limit on GET requests (seconds) -# max_get_time = 86400 - -# Note: Put after auth in the pipeline. -[filter:container-quotas] -use = egg:swift#container_quotas - -# Note: Put after auth in the pipeline. -[filter:account-quotas] -use = egg:swift#account_quotas - -[filter:gatekeeper] -use = egg:swift#gatekeeper -# Set this to false if you want to allow clients to set arbitrary X-Timestamps -# on uploaded objects. This may be used to preserve timestamps when migrating -# from a previous storage system, but risks allowing users to upload -# difficult-to-delete data. -# shunt_inbound_x_timestamp = true -# -# You can override the default log routing for this filter here: -# set log_name = gatekeeper -# set log_facility = LOG_LOCAL0 -# set log_level = INFO -# set log_headers = false -# set log_address = /dev/log - -[filter:container_sync] -use = egg:swift#container_sync -# Set this to false if you want to disallow any full url values to be set for -# any new X-Container-Sync-To headers. This will keep any new full urls from -# coming in, but won't change any existing values already in the cluster. -# Updating those will have to be done manually, as knowing what the true realm -# endpoint should be cannot always be guessed. -# allow_full_urls = true -# Set this to specify this clusters //realm/cluster as "current" in /info -# current = //REALM/CLUSTER - -# Note: Put it at the beginning of the pipeline to profile all middleware. But -# it is safer to put this after catch_errors, gatekeeper and healthcheck. -[filter:xprofile] -use = egg:swift#xprofile -# This option enable you to switch profilers which should inherit from python -# standard profiler. Currently the supported value can be 'cProfile', -# 'eventlet.green.profile' etc. -# profile_module = eventlet.green.profile -# -# This prefix will be used to combine process ID and timestamp to name the -# profile data file. Make sure the executing user has permission to write -# into this path (missing path segments will be created, if necessary). -# If you enable profiling in more than one type of daemon, you must override -# it with an unique value like: /var/log/swift/profile/proxy.profile -# log_filename_prefix = /tmp/log/swift/profile/default.profile -# -# the profile data will be dumped to local disk based on above naming rule -# in this interval. -# dump_interval = 5.0 -# -# Be careful, this option will enable profiler to dump data into the file with -# time stamp which means there will be lots of files piled up in the directory. -# dump_timestamp = false -# -# This is the path of the URL to access the mini web UI. -# path = /__profile__ -# -# Clear the data when the wsgi server shutdown. -# flush_at_shutdown = false -# -# unwind the iterator of applications -# unwind = false - -# Note: Put after slo, dlo in the pipeline. -# If you don't put it in the pipeline, it will be inserted automatically. -[filter:versioned_writes] -use = egg:swift#versioned_writes -# Enables using versioned writes middleware and exposing configuration -# settings via HTTP GET /info. -# WARNING: Setting this option bypasses the "allow_versions" option -# in the container configuration file, which will be eventually -# deprecated. See documentation for more details. -# allow_versioned_writes = false diff --git a/deploy/adapters/ansible/roles/swift/templates/rsyncd.conf b/deploy/adapters/ansible/roles/swift/templates/rsyncd.conf deleted file mode 100644 index 703c55eb..00000000 --- a/deploy/adapters/ansible/roles/swift/templates/rsyncd.conf +++ /dev/null @@ -1,23 +0,0 @@ -uid = swift -gid = swift -log file = /var/log/rsyncd.log -pid file = /var/run/rsyncd.pid -address = {{ internal_ip }} - -[account] -max connections = 2 -path = /srv/node/ -read only = False -lock file = /var/lock/account.lock - -[container] -max connections = 2 -path = /srv/node/ -read only = False -lock file = /var/lock/container.lock - -[object] -max connections = 2 -path = /srv/node/ -read only = False -lock file = /var/lock/object.lock diff --git a/deploy/adapters/ansible/roles/swift/templates/swift.conf b/deploy/adapters/ansible/roles/swift/templates/swift.conf deleted file mode 100644 index 9a31501b..00000000 --- a/deploy/adapters/ansible/roles/swift/templates/swift.conf +++ /dev/null @@ -1,183 +0,0 @@ -[swift-hash] - -# swift_hash_path_suffix and swift_hash_path_prefix are used as part of the -# the hashing algorithm when determining data placement in the cluster. -# These values should remain secret and MUST NOT change -# once a cluster has been deployed. -# Use only printable chars (python -c "import string; print(string.printable)") - -swift_hash_path_suffix = 7c6a7cd34d07aed5 -swift_hash_path_prefix = 0c4629166f4de441 - -# storage policies are defined here and determine various characteristics -# about how objects are stored and treated. Policies are specified by name on -# a per container basis. Names are case-insensitive. The policy index is -# specified in the section header and is used internally. The policy with -# index 0 is always used for legacy containers and can be given a name for use -# in metadata however the ring file name will always be 'object.ring.gz' for -# backwards compatibility. If no policies are defined a policy with index 0 -# will be automatically created for backwards compatibility and given the name -# Policy-0. A default policy is used when creating new containers when no -# policy is specified in the request. If no other policies are defined the -# policy with index 0 will be declared the default. If multiple policies are -# defined you must define a policy with index 0 and you must specify a -# default. It is recommended you always define a section for -# storage-policy:0. Aliases are not required when defining a storage policy. -# -# A 'policy_type' argument is also supported but is not mandatory. Default -# policy type 'replication' is used when 'policy_type' is unspecified. -[storage-policy:0] -name = Policy-0 -default = yes -#policy_type = replication -aliases = yellow, orange - -# the following section would declare a policy called 'silver', the number of -# replicas will be determined by how the ring is built. In this example the -# 'silver' policy could have a lower or higher # of replicas than the -# 'Policy-0' policy above. The ring filename will be 'object-1.ring.gz'. You -# may only specify one storage policy section as the default. If you changed -# this section to specify 'silver' as the default, when a client created a new -# container w/o a policy specified, it will get the 'silver' policy because -# this config has specified it as the default. However if a legacy container -# (one created with a pre-policy version of swift) is accessed, it is known -# implicitly to be assigned to the policy with index 0 as opposed to the -# current default. Note that even without specifying any aliases, a policy -# always has at least the default name stored in aliases because this field is -# used to contain all human readable names for a storage policy. -# -#[storage-policy:1] -#name = silver -#policy_type = replication - -# The following declares a storage policy of type 'erasure_coding' which uses -# Erasure Coding for data reliability. Please refer to Swift documentation for -# details on how the 'erasure_coding' storage policy is implemented. -# -# Swift uses PyECLib, a Python Erasure coding API library, for encode/decode -# operations. Please refer to Swift documentation for details on how to -# install PyECLib. -# -# When defining an EC policy, 'policy_type' needs to be 'erasure_coding' and -# EC configuration parameters 'ec_type', 'ec_num_data_fragments' and -# 'ec_num_parity_fragments' must be specified. 'ec_type' is chosen from the -# list of EC backends supported by PyECLib. The ring configured for the -# storage policy must have it's "replica" count configured to -# 'ec_num_data_fragments' + 'ec_num_parity_fragments' - this requirement is -# validated when services start. 'ec_object_segment_size' is the amount of -# data that will be buffered up before feeding a segment into the -# encoder/decoder. More information about these configuration options and -# supported `ec_type` schemes is available in the Swift documentation. Please -# refer to Swift documentation for details on how to configure EC policies. -# -# The example 'deepfreeze10-4' policy defined below is a _sample_ -# configuration with an alias of 'df10-4' as well as 10 'data' and 4 'parity' -# fragments. 'ec_type' defines the Erasure Coding scheme. -# 'liberasurecode_rs_vand' (Reed-Solomon Vandermonde) is used as an example -# below. -# -#[storage-policy:2] -#name = deepfreeze10-4 -#aliases = df10-4 -#policy_type = erasure_coding -#ec_type = liberasurecode_rs_vand -#ec_num_data_fragments = 10 -#ec_num_parity_fragments = 4 -#ec_object_segment_size = 1048576 - - -# The swift-constraints section sets the basic constraints on data -# saved in the swift cluster. These constraints are automatically -# published by the proxy server in responses to /info requests. - -[swift-constraints] - -# max_file_size is the largest "normal" object that can be saved in -# the cluster. This is also the limit on the size of each segment of -# a "large" object when using the large object manifest support. -# This value is set in bytes. Setting it to lower than 1MiB will cause -# some tests to fail. It is STRONGLY recommended to leave this value at -# the default (5 * 2**30 + 2). - -#max_file_size = 5368709122 - - -# max_meta_name_length is the max number of bytes in the utf8 encoding -# of the name portion of a metadata header. - -#max_meta_name_length = 128 - - -# max_meta_value_length is the max number of bytes in the utf8 encoding -# of a metadata value - -#max_meta_value_length = 256 - - -# max_meta_count is the max number of metadata keys that can be stored -# on a single account, container, or object - -#max_meta_count = 90 - - -# max_meta_overall_size is the max number of bytes in the utf8 encoding -# of the metadata (keys + values) - -#max_meta_overall_size = 4096 - -# max_header_size is the max number of bytes in the utf8 encoding of each -# header. Using 8192 as default because eventlet use 8192 as max size of -# header line. This value may need to be increased when using identity -# v3 API tokens including more than 7 catalog entries. -# See also include_service_catalog in proxy-server.conf-sample -# (documented in overview_auth.rst) - -#max_header_size = 8192 - - -# By default the maximum number of allowed headers depends on the number of max -# allowed metadata settings plus a default value of 32 for regular http -# headers. If for some reason this is not enough (custom middleware for -# example) it can be increased with the extra_header_count constraint. - -#extra_header_count = 0 - - -# max_object_name_length is the max number of bytes in the utf8 encoding -# of an object name - -#max_object_name_length = 1024 - - -# container_listing_limit is the default (and max) number of items -# returned for a container listing request - -#container_listing_limit = 10000 - - -# account_listing_limit is the default (and max) number of items returned -# for an account listing request -#account_listing_limit = 10000 - - -# max_account_name_length is the max number of bytes in the utf8 encoding -# of an account name - -#max_account_name_length = 256 - - -# max_container_name_length is the max number of bytes in the utf8 encoding -# of a container name - -#max_container_name_length = 256 - - -# By default all REST API calls should use "v1" or "v1.0" as the version string, -# for example "/v1/account". This can be manually overridden to make this -# backward-compatible, in case a different version string has been used before. -# Use a comma-separated list in case of multiple allowed versions, for example -# valid_api_versions = v0,v1,v2 -# This is only enforced for account, container and object requests. The allowed -# api versions are by default excluded from /info. - -# valid_api_versions = v1,v1.0 diff --git a/deploy/adapters/ansible/roles/swift/vars/Debian.yml b/deploy/adapters/ansible/roles/swift/vars/Debian.yml deleted file mode 100644 index 39aea32d..00000000 --- a/deploy/adapters/ansible/roles/swift/vars/Debian.yml +++ /dev/null @@ -1,27 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- - -controller_packages: - - swift - - swift-proxy - - python-swiftclient - - python-keystoneclient - - memcached - -compute_packages: - - xfsprogs - - rsync - - swift - - swift-account - - swift-container - - swift-object - - -services: [] diff --git a/deploy/adapters/ansible/roles/swift/vars/main.yml b/deploy/adapters/ansible/roles/swift/vars/main.yml deleted file mode 100644 index 540068da..00000000 --- a/deploy/adapters/ansible/roles/swift/vars/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages_noarch: [] - -services_noarch: [] - -controller_packages_noarch: [] -compute_packages_noarch: [] diff --git a/deploy/adapters/ansible/roles/sync-inventory/tasks/main.yml b/deploy/adapters/ansible/roles/sync-inventory/tasks/main.yml new file mode 100644 index 00000000..0db1c7cc --- /dev/null +++ b/deploy/adapters/ansible/roles/sync-inventory/tasks/main.yml @@ -0,0 +1,15 @@ +# ############################################################################# +# # Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others. +# # +# # All rights reserved. This program and the accompanying materials +# # are made available under the terms of the Apache License, Version 2.0 +# # which accompanies this distribution, and is available at +# # http://www.apache.org/licenses/LICENSE-2.0 +# # ############################################################################# +--- +- name: sync inventory + shell: > + "{{ run_dir }}"/inventories/inventory.py --merge + /etc/openstack_deploy/openstack_inventory.json + +- meta: refresh_inventory diff --git a/deploy/adapters/ansible/roles/tacker/files/tacker.conf b/deploy/adapters/ansible/roles/tacker/files/tacker.conf deleted file mode 100644 index 0c90dcb9..00000000 --- a/deploy/adapters/ansible/roles/tacker/files/tacker.conf +++ /dev/null @@ -1,36 +0,0 @@ -description "OpenStack Tacker Server" -author "Yifei Xue <xueyifei@huawei.com>" - -start on runlevel [2345] -stop on runlevel [!2345] - -chdir /var/run - -respawn -respawn limit 20 5 -limit nofile 65535 65535 - -pre-start script - for i in lock run log lib ; do - mkdir -p /var/$i/tacker - chown root /var/$i/tacker - done -end script - -script - [ -x "/usr/local/bin/tacker-server" ] || exit 0 - DAEMON_ARGS="" - CONFIG_FILE="/usr/local/etc/tacker/tacker.conf" - USE_SYSLOG="" - USE_LOGFILE="" - NO_OPENSTACK_CONFIG_FILE_DAEMON_ARG="" - [ -r /etc/default/openstack ] && . /etc/default/openstack - [ -r /etc/default/$UPSTART_JOB ] && . /etc/default/$UPSTART_JOB - [ "x$USE_SYSLOG" = "xyes" ] && DAEMON_ARGS="$DAEMON_ARGS --use-syslog" - [ "x$USE_LOGFILE" != "xno" ] && DAEMON_ARGS="$DAEMON_ARGS --log-file=/var/log/tacker/tacker.log" - [ -z "$NO_OPENSTACK_CONFIG_FILE_DAEMON_ARG" ] && DAEMON_ARGS="$DAEMON_ARGS --config-file=$CONFIG_FILE" - - exec start-stop-daemon --start --chdir /var/lib/tacker \ - --chuid root:root --make-pidfile --pidfile /var/run/tacker/tacker.pid \ - --exec /usr/local/bin/tacker-server -- ${DAEMON_ARGS} -end script diff --git a/deploy/adapters/ansible/roles/tacker/files/tacker.service b/deploy/adapters/ansible/roles/tacker/files/tacker.service deleted file mode 100644 index 5fd61916..00000000 --- a/deploy/adapters/ansible/roles/tacker/files/tacker.service +++ /dev/null @@ -1,19 +0,0 @@ -[Unit] -Description=OpenStack Tacker Server -After= - -[Service] -User=root -Group=root -Type=simple -WorkingDirectory=/var/lib/tacker -PermissionsStartOnly=true -ExecStartPre=/bin/mkdir -p /var/lock/tacker /var/log/tacker /var/lib/tacker -ExecStartPre=/usr/bin/touch /var/log/tacker/tacker.log -ExecStart=/usr/local/bin/tacker-server --config-file /usr/local/etc/tacker/tacker.conf -Restart=on-failure -LimitNOFILE=65535 -TimeoutStopSec=15 - -[Install] -WantedBy=multi-user.target diff --git a/deploy/adapters/ansible/roles/tacker/tasks/main.yml b/deploy/adapters/ansible/roles/tacker/tasks/main.yml deleted file mode 100755 index 5df2253b..00000000 --- a/deploy/adapters/ansible/roles/tacker/tasks/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - -- name: Install Tacker on Controller - include: tacker_controller.yml - when: inventory_hostname in groups['controller'] - and ansible_os_family == "Debian" diff --git a/deploy/adapters/ansible/roles/tacker/tasks/tacker_controller.yml b/deploy/adapters/ansible/roles/tacker/tasks/tacker_controller.yml deleted file mode 100755 index f2c39bd7..00000000 --- a/deploy/adapters/ansible/roles/tacker/tasks/tacker_controller.yml +++ /dev/null @@ -1,211 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: edit ml2_conf.ini - shell: | - crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security; - -- name: Restart neutron-server - service: name=neutron-server state=restarted - -- name: "create haproxy configuration for tacker" - template: - src: "haproxy-tacker-cfg.j2" - dest: "/tmp/haproxy-tacker.cfg" - -- name: get the current haproxy configuration - shell: cat /etc/haproxy/haproxy.cfg - register: ha_cfg - -- name: "combination of the haproxy configuration" - shell: "cat /tmp/haproxy-tacker.cfg >> /etc/haproxy/haproxy.cfg" - when: ha_cfg.stdout.find('9890') == -1 - -- name: "delete temporary configuration file" - file: - dest: "/tmp/haproxy-tacker.cfg" - state: "absent" - -- name: "restart haproxy" - service: - name: "haproxy" - state: "restarted" - -- name: drop and recreate tacker database - shell: | - mysql -e "drop database if exists tacker;"; - mysql -e "create database tacker character set utf8;"; - mysql -e "grant all on tacker.* to 'tacker'@'%' identified by 'TACKER_DBPASS';"; - when: inventory_hostname == haproxy_hosts.keys()[0] - -- name: get the openstack user info - shell: . /opt/admin-openrc.sh; openstack user list - register: user_info - -- name: get the openstack service info - shell: . /opt/admin-openrc.sh; openstack service list - register: service_info - -- name: get the openstack endpoint info - shell: . /opt/admin-openrc.sh; openstack endpoint list - register: endpoint_info - -- name: delete the existed tacker endpoint - shell: | - . /opt/admin-openrc.sh; - openstack endpoint delete \ - $(openstack endpoint list | grep tacker | awk '{print $2}') - when: endpoint_info.stdout.find('tacker') != -1 - and inventory_hostname == haproxy_hosts.keys()[0] - -- name: delete the existed tacker service - shell: | - . /opt/admin-openrc.sh; - openstack service delete tacker; - when: service_info.stdout.find('tacker') != -1 - and inventory_hostname == haproxy_hosts.keys()[0] - -- name: delete the existed tacker user - shell: | - . /opt/admin-openrc.sh; - openstack user delete tacker; - when: user_info.stdout.find('tacker') != -1 - and inventory_hostname == haproxy_hosts.keys()[0] - -- name: create tacker user with admin privileges - shell: | - . /opt/admin-openrc.sh; - openstack user create --password console tacker; - openstack role add --project service --user tacker admin; - when: inventory_hostname == haproxy_hosts.keys()[0] - -- name: creat tacker service - shell: | - . /opt/admin-openrc.sh; - openstack service create --name tacker \ - --description "Tacker Project" nfv-orchestration - when: inventory_hostname == haproxy_hosts.keys()[0] - -- name: provide an endpoint to tacker service - shell: | - . /opt/admin-openrc.sh; \ - openstack endpoint create --region RegionOne \ - nfv-orchestration public 'http://{{ public_vip.ip }}:9890/'; - openstack endpoint create --region RegionOne \ - nfv-orchestration admin 'http://{{ internal_vip.ip }}:9890/'; - openstack endpoint create --region RegionOne \ - nfv-orchestration internal 'http://{{ internal_vip.ip }}:9890/'; - when: inventory_hostname == haproxy_hosts.keys()[0] - -- name: install tacker and tacker client - shell: | - pip install tacker python-tackerclient - -- name: create 'tacker' directory in '/var/cache' - shell: | - mkdir -p /var/cache/tacker - -- name: create 'tacker' directory in '/var/log' - shell: mkdir -p /var/log/tacker - -- name: get the policy file of heat - shell: cat /etc/heat/policy.json | grep Flavor - register: heat_info - -- name: update the policy file of heat - lineinfile: - dest: /etc/heat/policy.json - regexp: ' "resource_types:OS::Nova::Flavor' - line: ' "resource_types:OS::Nova::Flavor": "role:admin",' - when: heat_info.stdout.find('role') == -1 - -- name: restart heat services - service: name={{ item }} state=restarted enabled=yes - with_items: "{{ heat_services }}" - -- name: copy tacker configs - template: src={{ item.src }} dest=/opt/os_templates - with_items: "{{ tacker_configs_templates }}" - -- name: edit tacker configuration file - shell: | - crudini --merge /usr/local/etc/tacker/tacker.conf \ - < /opt/os_templates/tacker.j2 - -- name: populate tacker database - shell: | - . /opt/admin-openrc.sh; \ - /usr/local/bin/tacker-db-manage \ - --config-file /usr/local/etc/tacker/tacker.conf upgrade head - when: inventory_hostname == haproxy_hosts.keys()[0] - -- name: create tacker service - copy: src=tacker.service dest=/lib/systemd/system/ - -- name: create tacker service work dir - file: path=/var/lib/tacker state=directory - -- name: link the tacker service - file: - src: /lib/systemd/system/tacker.service - dest: /etc/systemd/system/multi-user.target.wants/tacker.service - state: link - -- name: start tacker service - shell: service tacker start - -- name: create tackerc file - template: src=tackerc.sh dest=/opt/tackerc.sh mode=777 - -- name: create nfvrc file - template: src=nfvrc.sh dest=/opt/nfvrc.sh mode=777 - -- name: get the nfv_user info - shell: . /opt/tackerc.sh; openstack user list - register: nfvuser_info - -- name: delete the existed nfv user - shell: . /opt/tackerc.sh; openstack user delete nfv_user - when: nfvuser_info.stdout.find('nfv') != -1 and inventory_hostname == haproxy_hosts.keys()[0] - -- name: get the openstack project info - shell: . /opt/tackerc.sh; openstack project list - register: nfvproject_info - -- name: delete the existed nfv project - shell: | - . /opt/tackerc.sh; - openstack project delete $(openstack project list | grep nfv | awk '{print $2}') - when: nfvproject_info.stdout.find('nfv') != -1 and inventory_hostname == haproxy_hosts.keys()[0] - -- name: create an nfv project - shell: . /opt/tackerc.sh; openstack project create --description "NFV Project" nfv - when: inventory_hostname == haproxy_hosts.keys()[0] - -- name: create nfv user with admin privileges - shell: | - . /opt/tackerc.sh; - openstack user create --password console nfv_user; - openstack role add --project nfv --user nfv_user admin; - when: inventory_hostname == haproxy_hosts.keys()[0] - -- name: create config.yml - template: src=config.yaml dest=/opt/config.yaml - -- name: check if tacker running - shell: . /opt/tackerc.sh; while (!(tacker ext-list)); do sleep 30; done - -- name: register VIM to tacker - shell: | - . /opt/tackerc.sh; - tacker vim-register --config-file /opt/config.yaml --description "Default VIM" VIM0 - when: inventory_hostname == haproxy_hosts.keys()[0] - -- name: restart tacker service - shell: service tacker stop; service tacker start diff --git a/deploy/adapters/ansible/roles/tacker/templates/config.yaml b/deploy/adapters/ansible/roles/tacker/templates/config.yaml deleted file mode 100644 index 0a0cea66..00000000 --- a/deploy/adapters/ansible/roles/tacker/templates/config.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- - -auth_url: http://{{ public_vip.ip }}:5000/v3 -username: nfv_user -password: console -project_name: nfv -project_domain_name: default -user_domain_name: default diff --git a/deploy/adapters/ansible/roles/tacker/templates/haproxy-tacker-cfg.j2 b/deploy/adapters/ansible/roles/tacker/templates/haproxy-tacker-cfg.j2 deleted file mode 100644 index 6cb294ac..00000000 --- a/deploy/adapters/ansible/roles/tacker/templates/haproxy-tacker-cfg.j2 +++ /dev/null @@ -1,10 +0,0 @@ -listen proxy-tacker_api_cluster - bind {{ internal_vip.ip }}:9890 - bind {{ public_vip.ip }}:9890 - mode tcp - option tcp-check - option tcplog - balance source -{% for host,ip in haproxy_hosts.items() %} - server {{ host }} {{ ip }}:9890 weight 1 check inter 2000 rise 2 fall 5 -{% endfor %} diff --git a/deploy/adapters/ansible/roles/tacker/templates/ml2_conf.j2 b/deploy/adapters/ansible/roles/tacker/templates/ml2_conf.j2 deleted file mode 100644 index a5ccdaf4..00000000 --- a/deploy/adapters/ansible/roles/tacker/templates/ml2_conf.j2 +++ /dev/null @@ -1,2 +0,0 @@ -[ml2] -extension_drivers = port_security diff --git a/deploy/adapters/ansible/roles/tacker/templates/nfvrc.sh b/deploy/adapters/ansible/roles/tacker/templates/nfvrc.sh deleted file mode 100644 index b8074052..00000000 --- a/deploy/adapters/ansible/roles/tacker/templates/nfvrc.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh -export LC_ALL=C -export OS_NO_CACHE=true -export OS_TENANT_NAME=nfv -export OS_PROJECT_NAME=nfv -export OS_USERNAME=nfv_user -export OS_PASSWORD=console -export OS_AUTH_URL=http://{{ internal_vip.ip }}:35357/v3 -export OS_PROJECT_DOMAIN_NAME=default -export OS_USER_DOMAIN_NAME=default -export OS_AUTH_STRATEGY=keystone -export OS_REGION_NAME=RegionOne -export OS_IDENTITY_API_VERSION=3 -export OS_IMAGE_API_VERSION=2 diff --git a/deploy/adapters/ansible/roles/tacker/templates/tacker.j2 b/deploy/adapters/ansible/roles/tacker/templates/tacker.j2 deleted file mode 100644 index 89c8fea1..00000000 --- a/deploy/adapters/ansible/roles/tacker/templates/tacker.j2 +++ /dev/null @@ -1,435 +0,0 @@ -{% set memcached_servers = [] %} -{% set rabbitmq_servers = [] %} -{% for host in haproxy_hosts.values() %} -{% set _ = memcached_servers.append('%s:11211'% host) %} -{% set _ = rabbitmq_servers.append('%s:5672'% host) %} -{% endfor %} -{% set memcached_servers = memcached_servers|join(',') %} -{% set rabbitmq_servers = rabbitmq_servers|join(',') %} - -[DEFAULT] -# Print more verbose output (set logging level to INFO instead of default WARNING level). -verbose = True - -# Print debugging output (set logging level to DEBUG instead of default WARNING level). -debug = True - -# Where to store Tacker state files. This directory must be writable by the -# user executing the agent. -state_path = /var/lib/tacker - -# Where to store lock files -lock_path = $state_path/lock - -auth_strategy = keystone -policy_file = /usr/local/etc/tacker/policy.json - -# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s -# log_date_format = %Y-%m-%d %H:%M:%S - -# use_syslog -> syslog -# log_file and log_dir -> log_dir/log_file -# (not log_file) and log_dir -> log_dir/{binary_name}.log -# use_stderr -> stderr -# (not user_stderr) and (not log_file) -> stdout -# publish_errors -> notification system - -use_syslog = False -# syslog_log_facility = LOG_USER - -# use_stderr = True -# log_file = -# log_dir = - -# publish_errors = False - -# Address to bind the API server to -bind_host = {{ internal_ip }} - -# Port the bind the API server to -bind_port = 9890 - -# Path to the extensions. Note that this can be a colon-separated list of -# paths. For example: -# api_extensions_path = extensions:/path/to/more/extensions:/even/more/extensions -# The __path__ of tacker.extensions is appended to this, so if your -# extensions are in there you don't need to specify them here -# api_extensions_path = - -# (StrOpt) Tacker core plugin entrypoint to be loaded from the -# tacker.core_plugins namespace. See setup.cfg for the entrypoint names of the -# plugins included in the tacker source distribution. For compatibility with -# previous versions, the class name of a plugin can be specified instead of its -# entrypoint name. -# -# core_plugin = -# Example: core_plugin = ml2 - -# (ListOpt) List of service plugin entrypoints to be loaded from the -# tacker.service_plugins namespace. See setup.cfg for the entrypoint names of -# the plugins included in the tacker source distribution. For compatibility -# with previous versions, the class name of a plugin can be specified instead -# of its entrypoint name. -# -# service_plugins = -# Example: service_plugins = router,firewall,lbaas,vpnaas,metering - -service_plugins = vnfm,nfvo - -# Paste configuration file -# api_paste_config = api-paste.ini - -# The strategy to be used for auth. -# Supported values are 'keystone'(default), 'noauth'. -# auth_strategy = keystone - -# Allow sending resource operation notification to DHCP agent -# dhcp_agent_notification = True - -# Enable or disable bulk create/update/delete operations -# allow_bulk = True -# Enable or disable pagination -# allow_pagination = False -# Enable or disable sorting -# allow_sorting = False -# Enable or disable overlapping IPs for subnets -# Attention: the following parameter MUST be set to False if Tacker is -# being used in conjunction with nova security groups -# allow_overlapping_ips = False -# Ensure that configured gateway is on subnet -# force_gateway_on_subnet = False - - -# RPC configuration options. Defined in rpc __init__ -# The messaging module to use, defaults to kombu. -# rpc_backend = tacker.openstack.common.rpc.impl_kombu -# Size of RPC thread pool -# rpc_thread_pool_size = 64 -# Size of RPC connection pool -# rpc_conn_pool_size = 30 -# Seconds to wait for a response from call or multicall -# rpc_response_timeout = 60 -# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq. -# rpc_cast_timeout = 30 -# Modules of exceptions that are permitted to be recreated -# upon receiving exception data from an rpc call. -# allowed_rpc_exception_modules = tacker.openstack.common.exception, nova.exception -# AMQP exchange to connect to if using RabbitMQ or QPID -# control_exchange = tacker - -# If passed, use a fake RabbitMQ provider -# fake_rabbit = False - -# Configuration options if sending notifications via kombu rpc (these are -# the defaults) -# SSL version to use (valid only if SSL enabled) -# kombu_ssl_version = -# SSL key file (valid only if SSL enabled) -# kombu_ssl_keyfile = -# SSL cert file (valid only if SSL enabled) -# kombu_ssl_certfile = -# SSL certification authority file (valid only if SSL enabled) -# kombu_ssl_ca_certs = -# IP address of the RabbitMQ installation -# rabbit_host = localhost -# Password of the RabbitMQ server -# rabbit_password = guest -# Port where RabbitMQ server is running/listening -# rabbit_port = 5672 -# RabbitMQ single or HA cluster (host:port pairs i.e: host1:5672, host2:5672) -# rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port' -# rabbit_hosts = localhost:5672 -# User ID used for RabbitMQ connections -# rabbit_userid = guest -# Location of a virtual RabbitMQ installation. -# rabbit_virtual_host = / -# Maximum retries with trying to connect to RabbitMQ -# (the default of 0 implies an infinite retry count) -# rabbit_max_retries = 0 -# RabbitMQ connection retry interval -# rabbit_retry_interval = 1 -# Use HA queues in RabbitMQ (x-ha-policy: all). You need to -# wipe RabbitMQ database when changing this option. (boolean value) -# rabbit_ha_queues = false - -# QPID -# rpc_backend=tacker.openstack.common.rpc.impl_qpid -# Qpid broker hostname -# qpid_hostname = localhost -# Qpid broker port -# qpid_port = 5672 -# Qpid single or HA cluster (host:port pairs i.e: host1:5672, host2:5672) -# qpid_hosts is defaulted to '$qpid_hostname:$qpid_port' -# qpid_hosts = localhost:5672 -# Username for qpid connection -# qpid_username = '' -# Password for qpid connection -# qpid_password = '' -# Space separated list of SASL mechanisms to use for auth -# qpid_sasl_mechanisms = '' -# Seconds between connection keepalive heartbeats -# qpid_heartbeat = 60 -# Transport to use, either 'tcp' or 'ssl' -# qpid_protocol = tcp -# Disable Nagle algorithm -# qpid_tcp_nodelay = True - -# ZMQ -# rpc_backend=tacker.openstack.common.rpc.impl_zmq -# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP. -# The "host" option should point or resolve to this address. -# rpc_zmq_bind_address = * - -# ============ Notification System Options ===================== - -# Notifications can be sent when network/subnet/port are created, updated or deleted. -# There are three methods of sending notifications: logging (via the -# log_file directive), rpc (via a message queue) and -# noop (no notifications sent, the default) - -# Notification_driver can be defined multiple times -# Do nothing driver -# notification_driver = tacker.openstack.common.notifier.no_op_notifier -# Logging driver -# notification_driver = tacker.openstack.common.notifier.log_notifier -# RPC driver. -notification_driver = tacker.openstack.common.notifier.rpc_notifier - -# default_notification_level is used to form actual topic name(s) or to set logging level -# default_notification_level = INFO - -# default_publisher_id is a part of the notification payload -# host = myhost.com -# default_publisher_id = $host - -# Defined in rpc_notifier, can be comma separated values. -# The actual topic names will be %s.%(default_notification_level)s -# notification_topics = notifications - -# Default maximum number of items returned in a single response, -# value == infinite and value < 0 means no max limit, and value must -# be greater than 0. If the number of items requested is greater than -# pagination_max_limit, server will just return pagination_max_limit -# of number of items. -# pagination_max_limit = -1 - -# Maximum number of DNS nameservers per subnet -# max_dns_nameservers = 5 - -# Maximum number of host routes per subnet -# max_subnet_host_routes = 20 - -# Maximum number of fixed ips per port -# max_fixed_ips_per_port = 5 - -# =========== items for agent management extension ============= -# Seconds to regard the agent as down; should be at least twice -# report_interval, to be sure the agent is down for good -# agent_down_time = 75 -# =========== end of items for agent management extension ===== - -# Allow auto scheduling networks to DHCP agent. It will schedule non-hosted -# networks to first DHCP agent which sends get_active_networks message to -# tacker server -# network_auto_schedule = True - -# Allow auto scheduling routers to L3 agent. It will schedule non-hosted -# routers to first L3 agent which sends sync_routers message to tacker server -# router_auto_schedule = True - -# Number of DHCP agents scheduled to host a network. This enables redundant -# DHCP agents for configured networks. -# dhcp_agents_per_network = 1 - -# =========== end of items for agent scheduler extension ===== - -# =========== WSGI parameters related to the API server ============== -# Number of separate worker processes to spawn. The default, 0, runs the -# worker thread in the current process. Greater than 0 launches that number of -# child processes as workers. The parent process manages them. -# api_workers = 0 - -# Number of separate RPC worker processes to spawn. The default, 0, runs the -# worker thread in the current process. Greater than 0 launches that number of -# child processes as RPC workers. The parent process manages them. -# This feature is experimental until issues are addressed and testing has been -# enabled for various plugins for compatibility. -# rpc_workers = 0 - -# Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when -# starting API server. Not supported on OS X. -# tcp_keepidle = 600 - -# Number of seconds to keep retrying to listen -# retry_until_window = 30 - -# Number of backlog requests to configure the socket with. -# backlog = 4096 - -# Max header line to accommodate large tokens -# max_header_line = 16384 - -# Enable SSL on the API server -# use_ssl = False - -# Certificate file to use when starting API server securely -# ssl_cert_file = /path/to/certfile - -# Private key file to use when starting API server securely -# ssl_key_file = /path/to/keyfile - -# CA certificate file to use when starting API server securely to -# verify connecting clients. This is an optional parameter only required if -# API clients need to authenticate to the API server using SSL certificates -# signed by a trusted CA -# ssl_ca_file = /path/to/cafile -# ======== end of WSGI parameters related to the API server ========== - - -# ======== tacker nova interactions ========== -# Send notification to nova when port status is active. -# notify_nova_on_port_status_changes = True - -# Send notifications to nova when port data (fixed_ips/floatingips) change -# so nova can update it's cache. -# notify_nova_on_port_data_changes = True - -# URL for connection to nova (Only supports one nova region currently). -# nova_url = http://127.0.0.1:8774/v3 - -# Name of nova region to use. Useful if keystone manages more than one region -# nova_region_name = - -# Username for connection to nova in admin context -# nova_admin_username = - -# The uuid of the admin nova tenant -# nova_admin_tenant_id = - -# Password for connection to nova in admin context. -# nova_admin_password = - -# Authorization URL for connection to nova in admin context. -# nova_admin_auth_url = - -# CA file for novaclient to verify server certificates -# nova_ca_certificates_file = - -# Boolean to control ignoring SSL errors on the nova url -# nova_api_insecure = False - -# Number of seconds between sending events to nova if there are any events to send -# send_events_interval = 2 - -# ======== end of tacker nova interactions ========== - -[agent] -# Use "sudo tacker-rootwrap /etc/tacker/rootwrap.conf" to use the real -# root filter facility. -# Change to "sudo" to skip the filtering and just run the comand directly -root_helper = sudo /usr/local/bin/tacker-rootwrap /usr/local/etc/tacker/rootwrap.conf - -# =========== items for agent management extension ============= -# seconds between nodes reporting state to server; should be less than -# agent_down_time, best if it is half or less than agent_down_time -# report_interval = 30 - -# =========== end of items for agent management extension ===== - -[keystone_authtoken] -signing_dir = /var/cache/tacker -#cafile = /opt/stack/data/ca-bundle.pem -#project_domain_id = default -project_name = service -#user_domain_id = default -project_domain_name = default -user_domain_name = default -region_name = RegionOne -memcached_servers = {{ memcached_servers }} -password = console -username = tacker -auth_url = http://{{ internal_vip.ip }}:35357 -auth_plugin = password -identity_uri = http://{{ internal_vip.ip }}:5000 -auth_uri = http://{{ internal_vip.ip }}:5000 - - -[database] -# This line MUST be changed to actually run the plugin. -# Example: -# connection = mysql://root:pass@127.0.0.1:3306/tacker -connection = mysql://tacker:TACKER_DBPASS@{{ internal_vip.ip }}:3306/tacker?charset=utf8 -# Replace 127.0.0.1 above with the IP address of the database used by the -# main tacker server. (Leave it as is if the database runs on this host.) -# connection = sqlite:// -# NOTE: In deployment the [database] section and its connection attribute may -# be set in the corresponding core plugin '.ini' file. However, it is suggested -# to put the [database] section and its connection attribute in this -# configuration file. - -# Database engine for which script will be generated when using offline -# migration -# engine = - -# The SQLAlchemy connection string used to connect to the slave database -# slave_connection = - -# Database reconnection retry times - in event connectivity is lost -# set to -1 implies an infinite retry count -# max_retries = 10 - -# Database reconnection interval in seconds - if the initial connection to the -# database fails -# retry_interval = 10 - -# Minimum number of SQL connections to keep open in a pool -# min_pool_size = 1 - -# Maximum number of SQL connections to keep open in a pool -# max_pool_size = 10 - -# Timeout in seconds before idle sql connections are reaped -# idle_timeout = 3600 - -# If set, use this value for max_overflow with sqlalchemy -# max_overflow = 20 - -# Verbosity of SQL debugging information. 0=None, 100=Everything -# connection_debug = 0 - -# Add python stack traces to SQL as comment strings -# connection_trace = False - -# If set, use this value for pool_timeout with sqlalchemy -# pool_timeout = 10 - -[tacker] -# Specify drivers for hosting device -# infra_driver = heat,nova,noop - -# Specify drivers for mgmt -# mgmt_driver = noop,openwrt - -# Specify drivers for monitoring -monitor_driver = ping, http_ping - -[nfvo] -vim_drivers = openstack - -[vim_keys] -#openstack = /etc/tacker/vim/fernet_keys -[tacker_nova] -# parameters for novaclient to talk to nova -region_name = RegionOne -#project_domain_id = default -project_name = service -#user_domain_id = default -password = console -username = nova -auth_url = http://{{ internal_vip.ip }}:35357 -auth_plugin = password - -[tacker_heat] -heat_uri = http://{{ internal_vip.ip }}:8004/v1 -stack_retries = 60 -stack_retry_wait = 5 diff --git a/deploy/adapters/ansible/roles/tacker/templates/tackerc.sh b/deploy/adapters/ansible/roles/tacker/templates/tackerc.sh deleted file mode 100644 index 83dc188a..00000000 --- a/deploy/adapters/ansible/roles/tacker/templates/tackerc.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh -export LC_ALL=C -export OS_NO_CACHE=true -export OS_TENANT_NAME=service -export OS_PROJECT_NAME=service -export OS_USERNAME=tacker -export OS_PASSWORD=console -export OS_AUTH_URL=http://{{ internal_vip.ip }}:35357/v3 -export OS_PROJECT_DOMAIN_NAME=default -export OS_USER_DOMAIN_NAME=default -export OS_AUTH_STRATEGY=keystone -export OS_REGION_NAME=RegionOne -export OS_IDENTITY_API_VERSION=3 -export OS_IMAGE_API_VERSION=2 diff --git a/deploy/adapters/ansible/roles/tacker/vars/RedHat.yml b/deploy/adapters/ansible/roles/tacker/vars/RedHat.yml deleted file mode 100755 index 59a4dbd9..00000000 --- a/deploy/adapters/ansible/roles/tacker/vars/RedHat.yml +++ /dev/null @@ -1,14 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages: - - software-properties-common - - crudini - -services: [] diff --git a/deploy/adapters/ansible/roles/tacker/vars/main.yml b/deploy/adapters/ansible/roles/tacker/vars/main.yml deleted file mode 100755 index c934090c..00000000 --- a/deploy/adapters/ansible/roles/tacker/vars/main.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - -tacker_configs_templates: - - src: tacker.j2 - dest: - - /usr/local/etc/tacker/tacker.conf diff --git a/deploy/adapters/cobbler/kickstarts/default16.seed b/deploy/adapters/cobbler/kickstarts/default16.seed index af6c9c39..660d6b30 100644 --- a/deploy/adapters/cobbler/kickstarts/default16.seed +++ b/deploy/adapters/cobbler/kickstarts/default16.seed @@ -108,7 +108,7 @@ $SNIPPET('preseed_apt_repo_config') #set $preseed_software = "preseed_software_%s" % $tool $SNIPPET($preseed_software) #else -d-i pkgsel/include string ntp ssh wget +d-i pkgsel/include string ntp ssh openssh-server wget vim bridge-utils ifenslave vlan #end if # Whether to upgrade packages after debootstrap. diff --git a/deploy/adapters/cobbler/snippets/kickstart_post_anamon b/deploy/adapters/cobbler/snippets/kickstart_post_anamon index d1dec7b4..379809a6 100644 --- a/deploy/adapters/cobbler/snippets/kickstart_post_anamon +++ b/deploy/adapters/cobbler/snippets/kickstart_post_anamon @@ -76,7 +76,7 @@ cat << EOF > /etc/init.d/set_state # #end raw -curl -H "Content-Type: application/json" -X POST -d '{"ready": true}' "http://$srv/api/hosts/${hostname}/state_internal" +curl -H "Content-Type: application/json" -X POST -d '{"ready": true}' "http://$srv:5050/api/hosts/${hostname}/state_internal" chkconfig set_state off mv /etc/init.d/set_state /tmp/set_state EOF diff --git a/deploy/adapters/cobbler/snippets/preseed_post_anamon b/deploy/adapters/cobbler/snippets/preseed_post_anamon index 76bbfad4..a5658e12 100644 --- a/deploy/adapters/cobbler/snippets/preseed_post_anamon +++ b/deploy/adapters/cobbler/snippets/preseed_post_anamon @@ -67,7 +67,7 @@ cat << EOF > /etc/init.d/set_state # installation. #end raw sleep 100 -wget -O /tmp/os_state --post-data='{"ready": true}' --header=Content-Type:application/json "http://$srv/api/hosts/${hostname}/state_internal" +wget -O /tmp/os_state --post-data='{"ready": true}' --header=Content-Type:application/json "http://$srv:5050/api/hosts/${hostname}/state_internal" update-rc.d -f set_state remove mv /etc/init.d/set_state /tmp/set_state EOF diff --git a/deploy/adapters/cobbler/snippets/preseed_software_ansible b/deploy/adapters/cobbler/snippets/preseed_software_ansible index 5516c893..2bd1a91f 100644 --- a/deploy/adapters/cobbler/snippets/preseed_software_ansible +++ b/deploy/adapters/cobbler/snippets/preseed_software_ansible @@ -1 +1 @@ -d-i pkgsel/include string ntp ssh openssh-server wget vim ifenslave +d-i pkgsel/include string ntp ssh openssh-server wget vim bridge-utils ifenslave vlan diff --git a/deploy/bonding.py b/deploy/bonding.py index 27e76daa..17b5b205 100644 --- a/deploy/bonding.py +++ b/deploy/bonding.py @@ -34,7 +34,7 @@ def create_bonding(network_info, rsa_file, compass_ip): if __name__ == "__main__": assert(len(sys.argv) == 4) create_bonding( - yaml.load( + yaml.safe_load( open( sys.argv[1])), sys.argv[2], diff --git a/deploy/client.py b/deploy/client.py index a0d70644..981924f1 100644 --- a/deploy/client.py +++ b/deploy/client.py @@ -25,6 +25,7 @@ import requests import json import itertools import threading +import multiprocessing from collections import defaultdict from restful import Client import log as logging @@ -192,6 +193,12 @@ opts = [ cfg.IntOpt('action_timeout', help='action timeout in seconds', default=60), + cfg.IntOpt('install_os_timeout', + help='OS install timeout in minutes', + default=60), + cfg.IntOpt('ansible_print_wait', + help='wait ansible-playbok ready', + default=5), cfg.IntOpt('deployment_timeout', help='deployment timeout in minutes', default=60), @@ -243,12 +250,15 @@ opts = [ cfg.StrOpt('odl_l3_agent', help='odl l3 agent enable flag', default='Disable'), - cfg.StrOpt('moon', - help='moon enable flag', - default='Disable'), + cfg.StrOpt('moon_cfg', + help='moon config', + default='master:flag=Disable,slave:flag=Disable,slave:name=slave1,slave:master_ip=master_ip'), # noqa cfg.StrOpt('onos_sfc', help='onos_sfc enable flag', default='Disable'), + cfg.StrOpt('plugins', + help='plugin dict', + default='{}'), ] CONF.register_cli_opts(opts) @@ -718,6 +728,30 @@ class CompassClient(object): 'password': password } + moon_cfgs = [ + cfg + for cfg in CONF.moon_cfg.split(',') + if cfg + ] + LOG.info( + 'moon configure: %s', moon_cfgs + ) + moon_cfg = {} + for cfg in moon_cfgs: + if ':' not in cfg: + raise Exception( + 'there is no : in cfg %s' % cfg # noqa + ) + role, conf_pair = cfg.split(':', 1) + if '=' not in conf_pair: + raise Exception( + 'there is no = in %s configure pair' % conf_pair + ) + key, value = conf_pair.split('=', 1) + moon_cfg[role] = {} if role not in moon_cfg else moon_cfg[role] + moon_cfg[role][key] = value + package_config["moon_cfg"] = moon_cfg + package_config["security"] = {"service_credentials": service_credential_cfg, # noqa "console_credentials": console_credential_cfg} # noqa @@ -730,11 +764,11 @@ class CompassClient(object): package_config['network_mapping'] = network_mapping assert(os.path.exists(CONF.network_cfg)) - network_cfg = yaml.load(open(CONF.network_cfg)) + network_cfg = yaml.safe_load(open(CONF.network_cfg)) package_config["network_cfg"] = network_cfg assert(os.path.exists(CONF.neutron_cfg)) - neutron_cfg = yaml.load(open(CONF.neutron_cfg)) + neutron_cfg = yaml.safe_load(open(CONF.neutron_cfg)) package_config["neutron_config"] = neutron_cfg """ @@ -751,12 +785,13 @@ class CompassClient(object): package_config['enable_secgroup'] = (CONF.enable_secgroup == "true") package_config['enable_fwaas'] = (CONF.enable_fwaas == "true") package_config['enable_vpnaas'] = (CONF.enable_vpnaas == "true") - package_config[ - 'odl_l3_agent'] = "Enable" if CONF.odl_l3_agent == "Enable" else "Disable" # noqa - package_config[ - 'moon'] = "Enable" if CONF.moon == "Enable" else "Disable" - package_config[ - 'onos_sfc'] = "Enable" if CONF.onos_sfc == "Enable" else "Disable" + package_config['odl_l3_agent'] = "Enable" if CONF.odl_l3_agent == "Enable" else "Disable" # noqa + package_config['onos_sfc'] = "Enable" if CONF.onos_sfc == "Enable" else "Disable" # noqa + package_config['plugins'] = [] + if CONF.plugins: + for item in CONF.plugins.split(','): + key, value = item.split(':') + package_config['plugins'].append({key: value}) status, resp = self.client.update_cluster_config( cluster_id, package_config=package_config) @@ -883,12 +918,63 @@ class CompassClient(object): return status, cluster_state - def get_installing_progress(self, cluster_id): + def get_ansible_print(self): + def print_log(log): + try: + with open(log, 'r') as file: + while True: + line = file.readline() + if not line: + time.sleep(0.1) + continue + line = line.replace('\n', '') + print line + sys.stdout.flush() + except: + raise RuntimeError("open ansible.log error") + + current_time = time.time() + install_timeout = current_time + 60 * CONF.install_os_timeout + while current_time < install_timeout: + ready = True + for id in self.host_mapping.values(): + status, response = self.client.get_host_state(id) + if response['state'] != 'SUCCESSFUL': + ready = False + break + + current_time = time.time() + if not ready: + time.sleep(8) + else: + break + + if current_time >= install_timeout: + raise RuntimeError("OS installation timeout") + else: + LOG.info("OS installation complete") + + # time.sleep(CONF.ansible_start_wait) + compass_dir = os.getenv('COMPASS_DIR') + ansible_log = "%s/work/deploy/docker/ansible/run/%s-%s/ansible.log" \ + % (compass_dir, CONF.adapter_name, CONF.cluster_name) + os.system("sudo touch %s" % ansible_log) + os.system("sudo chmod +x -R %s/work/deploy/docker/ansible/run/" + % compass_dir) + ansible_print = multiprocessing.Process(target=print_log, + args=(ansible_log,)) + ansible_print.start() + return ansible_print + + def get_installing_progress(self, cluster_id, ansible_print): def _get_installing_progress(): """get intalling progress.""" deployment_timeout = time.time() + 60 * float(CONF.deployment_timeout) # noqa current_time = time.time while current_time() < deployment_timeout: + if not ansible_print.is_alive(): + raise RuntimeError("can not get ansible log") + status, cluster_state = self.get_cluster_state(cluster_id) if not self.is_ok(status): raise RuntimeError("can not get cluster state") @@ -905,23 +991,20 @@ class CompassClient(object): (cluster_id, status, cluster_state) ) - time.sleep(5) + time.sleep(10) if current_time() >= deployment_timeout: LOG.info("current_time=%s, deployment_timeout=%s" % (current_time(), deployment_timeout)) LOG.info("cobbler status:") - os.system("ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \ - -i %s root@192.168.200.2 \ - 'cobbler status'" % (CONF.rsa_file)) + os.system("sudo docker exec compass-cobbler bash -c \ + 'cobbler status'") raise RuntimeError("installation timeout") try: _get_installing_progress() finally: - # do this twice, make sure process be killed - kill_print_proc() - kill_print_proc() + ansible_print.terminate() def check_dashboard_links(self, cluster_id): dashboard_url = CONF.dashboard_url @@ -946,17 +1029,11 @@ class CompassClient(object): def print_ansible_log(): - os.system("ssh -o StrictHostKeyChecking=no -o \ - UserKnownHostsFile=/dev/null -i %s root@192.168.200.2 \ - 'while ! tail -f \ - /var/ansible/run/%s-%s/ansible.log 2>/dev/null; do :; \ - sleep 1; done'" % - (CONF.rsa_file, CONF.adapter_name, CONF.cluster_name)) + pass def kill_print_proc(): - os.system( - "ps aux|grep -v grep|grep -E 'ssh.+root@192.168.200.2'|awk '{print $2}'|xargs kill -9") # noqa + pass def deploy(): @@ -981,8 +1058,8 @@ def deploy(): client.deploy_clusters(cluster_id) LOG.info("compass OS installtion is begin") - threading.Thread(target=print_ansible_log).start() - client.get_installing_progress(cluster_id) + ansible_print = client.get_ansible_print() + client.get_installing_progress(cluster_id, ansible_print) client.check_dashboard_links(cluster_id) else: diff --git a/deploy/compass_conf/adapter/ansible_openstack_newton.conf b/deploy/compass_conf/adapter/ansible_openstack_ocata.conf index 0e90e7bc..1444bf2b 100755 --- a/deploy/compass_conf/adapter/ansible_openstack_newton.conf +++ b/deploy/compass_conf/adapter/ansible_openstack_ocata.conf @@ -1,7 +1,7 @@ -NAME = 'openstack_newton' -DISPLAY_NAME = 'Openstack Newton' +NAME = 'openstack_ocata' +DISPLAY_NAME = 'Openstack Ocata' PARENT = 'openstack' -PACKAGE_INSTALLER = 'ansible_installer_newton' +PACKAGE_INSTALLER = 'ansible_installer_ocata' OS_INSTALLER = 'cobbler' SUPPORTED_OS_PATTERNS = ['(?i)ubuntu-16\.04', '(?i)CentOS-7.*16.*'] DEPLOYABLE = True diff --git a/deploy/compass_conf/celeryconfig b/deploy/compass_conf/celeryconfig index f4911279..4b4fd55f 100755 --- a/deploy/compass_conf/celeryconfig +++ b/deploy/compass_conf/celeryconfig @@ -1,9 +1,12 @@ ## Celery related setting: this is the default setting once we install RabbitMQ CELERY_RESULT_BACKEND ="amqp://" +BROKER_URL = "amqp://guest:guest@compass-mq:5672//" -BROKER_URL = "amqp://guest:guest@localhost:5672//" CELERY_IMPORTS=("compass.tasks.tasks",) CELERY_ACCEPT_CONTENT = ['pickle', 'json', 'msgpack', 'yaml'] C_FORCE_ROOT = 1 +CELERY_DEFAULT_QUEUE = 'admin@huawei.com' +CELERY_DEFAULT_EXCHANGE = 'admin@huawei.com' +CELERY_DEFAULT_ROUTING_KEY = 'admin@huawei.com' diff --git a/deploy/compass_conf/flavor/openstack_newton.conf b/deploy/compass_conf/flavor/openstack_ocata.conf index 2861ccdf..1179afae 100755 --- a/deploy/compass_conf/flavor/openstack_newton.conf +++ b/deploy/compass_conf/flavor/openstack_ocata.conf @@ -1,4 +1,4 @@ -ADAPTER_NAME = 'openstack_newton' +ADAPTER_NAME = 'openstack_ocata' FLAVORS = [{ 'flavor': 'allinone', 'display_name': 'All-In-One', @@ -21,11 +21,11 @@ FLAVORS = [{ 'dashboard', 'identity', 'storage-controller', 'storage-volume' ], }, { - 'flavor': 'HA-ansible-multinodes-newton', - 'display_name': 'HA-ansible-multinodes-newton', + 'flavor': 'HA-ansible-multinodes-ocata', + 'display_name': 'HA-ansible-multinodes-ocata', 'template': 'HA-ansible-multinodes.tmpl', 'roles': [ - 'controller', 'compute', 'ha', 'odl', 'onos', 'opencontrail', 'ceph', 'ceph-adm', 'ceph-mon', 'ceph-osd', 'sec-patch', 'ceph-osd-node' + 'controller', 'compute', 'ha', 'odl', 'onos', 'opencontrail', 'ceph', 'ceph-adm', 'ceph-mon', 'ceph-osd', 'ceph-osd-node', 'moon' ], }] diff --git a/deploy/compass_conf/flavor_mapping/HA-ansible-multinodes-newton.conf b/deploy/compass_conf/flavor_mapping/HA-ansible-multinodes-ocata.conf index 702f89cd..5771a645 100755 --- a/deploy/compass_conf/flavor_mapping/HA-ansible-multinodes-newton.conf +++ b/deploy/compass_conf/flavor_mapping/HA-ansible-multinodes-ocata.conf @@ -1,5 +1,5 @@ -ADAPTER = 'openstack_newton' -FLAVOR = 'HA-ansible-multinodes-newton' +ADAPTER = 'openstack_ocata' +FLAVOR = 'HA-ansible-multinodes-ocata' CONFIG_MAPPING = { "mapped_name": "flavor_config", "mapped_children": [{ diff --git a/deploy/compass_conf/flavor_metadata/HA-ansible-multinodes-newton.conf b/deploy/compass_conf/flavor_metadata/HA-ansible-multinodes-ocata.conf index f98be259..81b4e4c5 100755 --- a/deploy/compass_conf/flavor_metadata/HA-ansible-multinodes-newton.conf +++ b/deploy/compass_conf/flavor_metadata/HA-ansible-multinodes-ocata.conf @@ -1,5 +1,5 @@ -ADAPTER = 'openstack_newton' -FLAVOR = 'HA-ansible-multinodes-newton' +ADAPTER = 'openstack_ocata' +FLAVOR = 'HA-ansible-multinodes-ocata' METADATA = { 'ha_proxy': { '_self': { diff --git a/deploy/compass_conf/package_installer/ansible-newton.conf b/deploy/compass_conf/package_installer/ansible-newton.conf deleted file mode 100755 index 242193fb..00000000 --- a/deploy/compass_conf/package_installer/ansible-newton.conf +++ /dev/null @@ -1,13 +0,0 @@ -NAME = 'ansible_installer' -INSTANCE_NAME = 'ansible_installer_newton' -SETTINGS = { - 'ansible_dir': '/var/ansible', - 'ansible_run_dir': '/var/ansible/run', - 'ansible_config': 'ansible.cfg', - 'playbook_file': 'site.yml', - 'inventory_file': 'inventory.yml', - 'group_variable': 'all', - 'etc_hosts_path': 'roles/common/templates/hosts', - 'runner_dirs': ['roles','openstack_newton/templates','openstack_newton/roles'] -} - diff --git a/deploy/compass_conf/package_installer/ansible-ocata.conf b/deploy/compass_conf/package_installer/ansible-ocata.conf new file mode 100755 index 00000000..1df2153b --- /dev/null +++ b/deploy/compass_conf/package_installer/ansible-ocata.conf @@ -0,0 +1,15 @@ +NAME = 'ansible_installer' +INSTANCE_NAME = 'ansible_installer_ocata' +SETTINGS = { + 'ansible_dir': '/var/ansible', + 'ansible_run_dir': '/var/ansible/run', + 'ansible_config': 'ansible.cfg', + 'playbook_file': 'site.yml', + 'inventory_file': 'inventory.py', + 'inventory_json_file': 'inventory.json', + 'inventory_group': ['controller', 'compute', 'ha', 'odl', 'onos', 'opencontrail', 'ceph_adm', 'ceph_mon', 'ceph_osd', 'moon'], + 'group_variable': 'all', + 'etc_hosts_path': 'roles/pre-openstack/templates/hosts', + 'runner_dirs': ['roles','openstack_ocata/templates','openstack_ocata/roles'] +} + diff --git a/deploy/compass_conf/package_metadata/openstack.conf b/deploy/compass_conf/package_metadata/openstack.conf index b07efd4e..f045868e 100755 --- a/deploy/compass_conf/package_metadata/openstack.conf +++ b/deploy/compass_conf/package_metadata/openstack.conf @@ -113,12 +113,12 @@ METADATA = { 'default_value': 'Disable' } }, - 'moon': { + 'plugins': { '_self': { - 'mapping_to': 'moon', - 'field': 'anytype', + 'mapping_to': 'plugins', + 'field': 'general_list', 'is_required':False, - 'default_value': 'Disable' + 'default_value': '[]' } }, 'ha_network': { @@ -463,5 +463,50 @@ METADATA = { } } }, - + 'moon_cfg': { + '_self': { + 'required_in_whole_config': False, + 'mapping_to': 'moon_cfg' + }, + 'master': { + '_self': { + 'required_in_whole_config': False, + 'mapping_to': 'master' + }, + 'flag': { + '_self': { + 'is_required': False, + 'field': 'general', + 'mapping_to': 'flag' + } + }, + }, + 'slave': { + '_self': { + 'required_in_whole_config': False, + 'mapping_to': 'slave' + }, + 'flag': { + '_self': { + 'is_required': False, + 'field': 'general', + 'mapping_to': 'flag' + } + }, + 'name': { + '_self': { + 'is_required': False, + 'field': 'general', + 'mapping_to': 'name' + } + }, + 'master_ip': { + '_self': { + 'is_required': False, + 'field': 'general', + 'mapping_to': 'master_ip' + } + }, + } + } } diff --git a/deploy/compass_conf/repomd.xml b/deploy/compass_conf/repomd.xml new file mode 100644 index 00000000..07dd65c4 --- /dev/null +++ b/deploy/compass_conf/repomd.xml @@ -0,0 +1,55 @@ +<?xml version="1.0" encoding="UTF-8"?> +<repomd xmlns="http://linux.duke.edu/metadata/repo" xmlns:rpm="http://linux.duke.edu/metadata/rpm"> + <revision>1467350968</revision> +<data type="filelists"> + <checksum type="sha256">33b10dbe7bca8494bc1bec8cfb8edad979e2cba85fcbfe5f75cbcd6d246e7c28</checksum> + <open-checksum type="sha256">492476b2da75e2c3f7cf2c1aea8db833af88dcd8bd91e066182085443df9117d</open-checksum> + <location href="repodata/33b10dbe7bca8494bc1bec8cfb8edad979e2cba85fcbfe5f75cbcd6d246e7c28-filelists.xml.gz"/> + <timestamp>1467350969</timestamp> + <size>122292</size> + <open-size>1846481</open-size> +</data> +<data type="primary"> + <checksum type="sha256">aecb3a50baa1503202f5045f77bad0ac381972fb91fb76c0facc49a51bd96ae5</checksum> + <open-checksum type="sha256">69a62db980dbe216e75bf0268dd960f2e5d427eb99e3c7c7d3cbe2208cae99c7</open-checksum> + <location href="repodata/aecb3a50baa1503202f5045f77bad0ac381972fb91fb76c0facc49a51bd96ae5-primary.xml.gz"/> + <timestamp>1467350969</timestamp> + <size>56883</size> + <open-size>400637</open-size> +</data> +<data type="primary_db"> + <checksum type="sha256">413dc2303655da7638dbc38b2283df67b3ce9c9281d9c7d1c67afb9e85b8304a</checksum> + <open-checksum type="sha256">1422ad2d3bf66317336c5ca0b6bf76e20bbf156edafdb9bded408c0ddf6170b7</open-checksum> + <location href="repodata/413dc2303655da7638dbc38b2283df67b3ce9c9281d9c7d1c67afb9e85b8304a-primary.sqlite.bz2"/> + <timestamp>1467350970</timestamp> + <database_version>10</database_version> + <size>114072</size> + <open-size>525312</open-size> +</data> +<data type="other_db"> + <checksum type="sha256">2b6c78eb1fd91f6619a995e28d252eb06b8a1ddb3f32513b4ccd18d42beba092</checksum> + <open-checksum type="sha256">627d5c93c6e2693cf1e0f1b7fd4dcfc507ce48caa68f619ec0b54f7f87c19a7a</open-checksum> + <location href="repodata/2b6c78eb1fd91f6619a995e28d252eb06b8a1ddb3f32513b4ccd18d42beba092-other.sqlite.bz2"/> + <timestamp>1467350969</timestamp> + <database_version>10</database_version> + <size>69387</size> + <open-size>284672</open-size> +</data> +<data type="other"> + <checksum type="sha256">e8bc06739d823d3f3104db4a1f043da9c2ac8a23eddfd59e56f46d56a94ccad3</checksum> + <open-checksum type="sha256">dcabd4f594e2d696dbbec944756777b01cb74ba3908b5bea9d95afa022e66d1c</open-checksum> + <location href="repodata/e8bc06739d823d3f3104db4a1f043da9c2ac8a23eddfd59e56f46d56a94ccad3-other.xml.gz"/> + <timestamp>1467350969</timestamp> + <size>57313</size> + <open-size>305408</open-size> +</data> +<data type="filelists_db"> + <checksum type="sha256">cf9a38da9e0a6eed7c0e10a14f933e2bc6b6b29ed1d051174722ad58764d4f59</checksum> + <open-checksum type="sha256">d7c3ba6491ba8b885c7336984bf304d5982865fd3ed03dc30de654d56d82b178</open-checksum> + <location href="repodata/cf9a38da9e0a6eed7c0e10a14f933e2bc6b6b29ed1d051174722ad58764d4f59-filelists.sqlite.bz2"/> + <timestamp>1467350970</timestamp> + <database_version>10</database_version> + <size>164933</size> + <open-size>1020928</open-size> +</data> +</repomd> diff --git a/deploy/compass_conf/role/openstack_newton_ansible.conf b/deploy/compass_conf/role/openstack_ocata_ansible.conf index 508ccf24..bfb54173 100755 --- a/deploy/compass_conf/role/openstack_newton_ansible.conf +++ b/deploy/compass_conf/role/openstack_ocata_ansible.conf @@ -1,4 +1,4 @@ -ADAPTER_NAME = 'openstack_newton' +ADAPTER_NAME = 'openstack_ocata' ROLES = [{ 'role': 'allinone-compute', 'display_name': 'all in one', @@ -112,4 +112,14 @@ ROLES = [{ 'display': 'sec-patch node', 'description': 'Security Patch Node', 'optional': True +}, { + 'role': 'none', + 'display': 'none node', + 'description': 'Only install OS Node', + 'optional': True +}, { + 'role': 'moon', + 'display': 'moon master or slave node', + 'description': "Moon master/slave Node", + 'optional': True }] diff --git a/deploy/compass_conf/setting b/deploy/compass_conf/setting index a1e9bff2..d385939a 100755 --- a/deploy/compass_conf/setting +++ b/deploy/compass_conf/setting @@ -2,7 +2,7 @@ CONFIG_DIR = '/etc/compass' DATABASE_TYPE = 'mysql' DATABASE_USER = 'root' DATABASE_PASSWORD = 'root' -DATABASE_SERVER = '127.0.0.1:3306' +DATABASE_SERVER = 'compass-db:3306' DATABASE_NAME = 'compass' SQLALCHEMY_DATABASE_URI = '%s://%s:%s@%s/%s' % (DATABASE_TYPE, DATABASE_USER, DATABASE_PASSWORD, DATABASE_SERVER, DATABASE_NAME) SQLALCHEMY_DATABASE_POOL_TYPE = 'instant' diff --git a/deploy/compass_conf/templates/ansible_installer/openstack_newton/ansible_cfg/allinone.tmpl b/deploy/compass_conf/templates/ansible_installer/openstack_newton/ansible_cfg/allinone.tmpl deleted file mode 100755 index 8f0d3db3..00000000 --- a/deploy/compass_conf/templates/ansible_installer/openstack_newton/ansible_cfg/allinone.tmpl +++ /dev/null @@ -1,6 +0,0 @@ -#set cluster_name = $getVar('name', '') -[defaults] -log_path = /var/ansible/run/openstack_newton-$cluster_name/ansible.log -host_key_checking = False -callback_plugins = /opt/compass/bin/ansible_callbacks -pipelining=True diff --git a/deploy/compass_conf/templates/ansible_installer/openstack_newton/ansible_cfg/multinodes.tmpl b/deploy/compass_conf/templates/ansible_installer/openstack_newton/ansible_cfg/multinodes.tmpl deleted file mode 100755 index 8f0d3db3..00000000 --- a/deploy/compass_conf/templates/ansible_installer/openstack_newton/ansible_cfg/multinodes.tmpl +++ /dev/null @@ -1,6 +0,0 @@ -#set cluster_name = $getVar('name', '') -[defaults] -log_path = /var/ansible/run/openstack_newton-$cluster_name/ansible.log -host_key_checking = False -callback_plugins = /opt/compass/bin/ansible_callbacks -pipelining=True diff --git a/deploy/compass_conf/templates/ansible_installer/openstack_newton/ansible_cfg/single-controller.tmpl b/deploy/compass_conf/templates/ansible_installer/openstack_newton/ansible_cfg/single-controller.tmpl deleted file mode 100755 index 8f0d3db3..00000000 --- a/deploy/compass_conf/templates/ansible_installer/openstack_newton/ansible_cfg/single-controller.tmpl +++ /dev/null @@ -1,6 +0,0 @@ -#set cluster_name = $getVar('name', '') -[defaults] -log_path = /var/ansible/run/openstack_newton-$cluster_name/ansible.log -host_key_checking = False -callback_plugins = /opt/compass/bin/ansible_callbacks -pipelining=True diff --git a/deploy/compass_conf/templates/ansible_installer/openstack_newton/inventories/HA-ansible-multinodes.tmpl b/deploy/compass_conf/templates/ansible_installer/openstack_newton/inventories/HA-ansible-multinodes.tmpl deleted file mode 100755 index 94a6a153..00000000 --- a/deploy/compass_conf/templates/ansible_installer/openstack_newton/inventories/HA-ansible-multinodes.tmpl +++ /dev/null @@ -1,100 +0,0 @@ -#set controllers = $getVar('controller', []) -#set computes = $getVar('compute', []) -#set has = $getVar('ha', []) -#set odls = $getVar('odl', []) -#set onoss = $getVar('onos', []) -#set opencontrails = $getVar('opencontrail', []) -#set ceph_adm_list = $getVar('ceph_adm',[]) -#set ceph_mon_list = $getVar('ceph_mon',[]) -#set ceph_osd_list = $getVar('ceph_osd',[]) - -#if not $isinstance($controllers, list) - #set controllers = [$controllers] -#end if -#if not $isinstance($computes, list) - #set computes = [$computes] -#end if -#if not $isinstance(has, list) - #set has = [has] -#end if -#if not $isinstance(odls, list) - #set odls = [odls] -#end if -#if not $isinstance(onoss, list) - #set onoss = [onoss] -#end if -#if not $isinstance(opencontrails, list) - #set opencontrails = [opencontrails] -#end if -#if not $isinstance(ceph_adm_list, list) - #set ceph_adm_list = [ceph_adm_list] -#end if -#if not $isinstance(ceph_mon_list, list) - #set ceph_mon_list = [ceph_mon_list] -#end if -#if not $isinstance(ceph_osd_list, list) - #set ceph_osd_list = [ceph_osd_list] -#end if - -#set credentials = $getVar('server_credentials', {}) -#set username = $credentials.get('username', 'root') -#set password = $credentials.get('password', 'root') -[controller] -#for controller in $controllers - #set controller_ip = $controller.install.ip - #set controller_hostname = $controller.hostname -$controller_hostname ansible_ssh_host=$controller_ip ansible_ssh_user=$username ansible_ssh_password=$password -#end for -[compute] -#for compute in $computes - #set compute_ip = $compute.install.ip - #set compute_hostname = $compute.hostname -$compute_hostname ansible_ssh_host=$compute_ip ansible_ssh_user=$username ansible_ssh_password=$password -#end for -[ha] -#for ha in $has - #set ha_ip = $ha.install.ip - #set ha_hostname = $ha.hostname -$ha_hostname ansible_ssh_host=$ha_ip ansible_ssh_user=$username ansible_ssh_password=$password -#end for -[odl] -#for odl in $odls - #set odl_ip = $odl.install.ip - #set odl_hostname = $odl.hostname -$odl_hostname ansible_ssh_host=$odl_ip ansible_ssh_user=$username ansible_ssh_password=$password -#end for -[onos] -#for onos in $onoss - #set onos_ip = $onos.install.ip - #set onos_hostname = $onos.hostname -$onos_hostname ansible_ssh_host=$onos_ip ansible_ssh_user=$username ansible_ssh_password=$password -#end for -[opencontrail] -#for opencontrail in $opencontrails - #set opencontrail_ip = $opencontrail.install.ip - #set opencontrail_hostname = $opencontrail.hostname -$opencontrail_hostname ansible_ssh_host=$opencontrail_ip ansible_ssh_user=$username ansible_ssh_password=$password -#end for -[ceph_adm] -#for ceph_adm in $ceph_adm_list - #set ceph_adm_ip = $ceph_adm.install.ip - #set ceph_adm_hostname = $ceph_adm.hostname -$ceph_adm_hostname ansible_ssh_host=$ceph_adm_ip ansible_ssh_user=$username ansible_ssh_password=$password -#end for -[ceph_mon] -#for ceph_mon in $ceph_mon_list - #set ceph_mon_ip = $ceph_mon.install.ip - #set ceph_mon_hostname = $ceph_mon.hostname -$ceph_mon_hostname ansible_ssh_host=$ceph_mon_ip ansible_ssh_user=$username ansible_ssh_password=$password -#end for -[ceph_osd] -#for ceph_osd in $ceph_osd_list - #set ceph_osd_ip = $ceph_osd.install.ip - #set ceph_osd_hostname = $ceph_osd.hostname -$ceph_osd_hostname ansible_ssh_host=$ceph_osd_ip ansible_ssh_user=$username ansible_ssh_password=$password -#end for -[ceph:children] -ceph_adm -ceph_mon -ceph_osd - diff --git a/deploy/compass_conf/templates/ansible_installer/openstack_newton/ansible_cfg/HA-ansible-multinodes.tmpl b/deploy/compass_conf/templates/ansible_installer/openstack_ocata/ansible_cfg/HA-ansible-multinodes.tmpl index a1ad702c..6f7c5941 100755 --- a/deploy/compass_conf/templates/ansible_installer/openstack_newton/ansible_cfg/HA-ansible-multinodes.tmpl +++ b/deploy/compass_conf/templates/ansible_installer/openstack_ocata/ansible_cfg/HA-ansible-multinodes.tmpl @@ -1,11 +1,11 @@ #set cluster_name = $getVar('name', '') [defaults] -log_path = /var/ansible/run/openstack_newton-$cluster_name/ansible.log +log_path = /var/ansible/run/openstack_ocata-$cluster_name/ansible.log host_key_checking = False callback_whitelist = playbook_done, status_callback -callback_plugins = /opt/compass/bin/ansible_callbacks -library = /opt/ansible-modules +callback_plugins = /opt/ansible_callbacks forks=100 [ssh_connection] pipelining=True +retries = 5 diff --git a/deploy/compass_conf/templates/ansible_installer/openstack_ocata/ansible_cfg/allinone.tmpl b/deploy/compass_conf/templates/ansible_installer/openstack_ocata/ansible_cfg/allinone.tmpl new file mode 100755 index 00000000..7114aa1e --- /dev/null +++ b/deploy/compass_conf/templates/ansible_installer/openstack_ocata/ansible_cfg/allinone.tmpl @@ -0,0 +1,6 @@ +#set cluster_name = $getVar('name', '') +[defaults] +log_path = /var/ansible/run/openstack_ocata-$cluster_name/ansible.log +host_key_checking = False +callback_plugins = /opt/ansible_callbacks +pipelining=True diff --git a/deploy/compass_conf/templates/ansible_installer/openstack_ocata/ansible_cfg/multinodes.tmpl b/deploy/compass_conf/templates/ansible_installer/openstack_ocata/ansible_cfg/multinodes.tmpl new file mode 100755 index 00000000..7114aa1e --- /dev/null +++ b/deploy/compass_conf/templates/ansible_installer/openstack_ocata/ansible_cfg/multinodes.tmpl @@ -0,0 +1,6 @@ +#set cluster_name = $getVar('name', '') +[defaults] +log_path = /var/ansible/run/openstack_ocata-$cluster_name/ansible.log +host_key_checking = False +callback_plugins = /opt/ansible_callbacks +pipelining=True diff --git a/deploy/compass_conf/templates/ansible_installer/openstack_ocata/ansible_cfg/single-controller.tmpl b/deploy/compass_conf/templates/ansible_installer/openstack_ocata/ansible_cfg/single-controller.tmpl new file mode 100755 index 00000000..7114aa1e --- /dev/null +++ b/deploy/compass_conf/templates/ansible_installer/openstack_ocata/ansible_cfg/single-controller.tmpl @@ -0,0 +1,6 @@ +#set cluster_name = $getVar('name', '') +[defaults] +log_path = /var/ansible/run/openstack_ocata-$cluster_name/ansible.log +host_key_checking = False +callback_plugins = /opt/ansible_callbacks +pipelining=True diff --git a/deploy/compass_conf/templates/ansible_installer/openstack_newton/hosts/HA-ansible-multinodes.tmpl b/deploy/compass_conf/templates/ansible_installer/openstack_ocata/hosts/HA-ansible-multinodes.tmpl index 9d628b5e..9d628b5e 100755 --- a/deploy/compass_conf/templates/ansible_installer/openstack_newton/hosts/HA-ansible-multinodes.tmpl +++ b/deploy/compass_conf/templates/ansible_installer/openstack_ocata/hosts/HA-ansible-multinodes.tmpl diff --git a/deploy/compass_conf/templates/ansible_installer/openstack_newton/hosts/allinone.tmpl b/deploy/compass_conf/templates/ansible_installer/openstack_ocata/hosts/allinone.tmpl index b777815e..b777815e 100755 --- a/deploy/compass_conf/templates/ansible_installer/openstack_newton/hosts/allinone.tmpl +++ b/deploy/compass_conf/templates/ansible_installer/openstack_ocata/hosts/allinone.tmpl diff --git a/deploy/compass_conf/templates/ansible_installer/openstack_newton/hosts/multinodes.tmpl b/deploy/compass_conf/templates/ansible_installer/openstack_ocata/hosts/multinodes.tmpl index ca8c793f..ca8c793f 100755 --- a/deploy/compass_conf/templates/ansible_installer/openstack_newton/hosts/multinodes.tmpl +++ b/deploy/compass_conf/templates/ansible_installer/openstack_ocata/hosts/multinodes.tmpl diff --git a/deploy/compass_conf/templates/ansible_installer/openstack_newton/hosts/single-controller.tmpl b/deploy/compass_conf/templates/ansible_installer/openstack_ocata/hosts/single-controller.tmpl index 3ed94694..3ed94694 100755 --- a/deploy/compass_conf/templates/ansible_installer/openstack_newton/hosts/single-controller.tmpl +++ b/deploy/compass_conf/templates/ansible_installer/openstack_ocata/hosts/single-controller.tmpl diff --git a/deploy/compass_conf/templates/ansible_installer/openstack_ocata/inventories/HA-ansible-multinodes.tmpl b/deploy/compass_conf/templates/ansible_installer/openstack_ocata/inventories/HA-ansible-multinodes.tmpl new file mode 100755 index 00000000..7184d21d --- /dev/null +++ b/deploy/compass_conf/templates/ansible_installer/openstack_ocata/inventories/HA-ansible-multinodes.tmpl @@ -0,0 +1,74 @@ +#set inventory_json = $getVar('inventory_json', []) +#!/usr/bin/env python + +import os +import sys +import copy +import argparse + +try: + import json +except ImportError: + import simplejson as json + +local_inventory='$inventory_json' + +def _byteify(data, ignore_dicts = False): + if isinstance(data, unicode): + return data.encode('utf-8') + if isinstance(data, list): + return [ _byteify(item, ignore_dicts=True) for item in data ] + if isinstance(data, dict) and not ignore_dicts: + return { + _byteify(key, ignore_dicts=True): _byteify(value, ignore_dicts=True) + for key, value in data.iteritems() + } + return data + +def merge_dict(ldict, rdict, overwrite=True): + if not (ldict and rdict): + return + + if not isinstance(ldict, dict): + raise TypeError('ldict type is %s not dict' % type(ldict)) + + if not isinstance(rdict, dict): + raise TypeError('rdict type is %s not dict' % type(rdict)) + + for key, value in rdict.items(): + if isinstance(value, dict) and key in ldict and isinstance(ldict[key], + dict): + merge_dict(ldict[key], value, overwrite) + else: + if overwrite or key not in ldict: + ldict[key] = copy.deepcopy(value) + +def load_inventory(inventory): + if not os.path.exists(inventory): + raise RuntimeError('file: %s not exist' % inventory) + with open(inventory, 'r') as fd: + return json.load(fd, object_hook=_byteify) + +def dump_inventory(inventory, data): + with open(inventory, 'w') as fd: + json.dump(data, fd, indent=4) + +def merge_inventory(linv, rinv): + ldata = load_inventory(linv) + rdata = load_inventory(rinv) + merge_dict(ldata, rdata, overwrite=True) + dump_inventory(linv, ldata) + +def read_cli_args(): + parser = argparse.ArgumentParser() + parser.add_argument('--list', action = 'store_true') + parser.add_argument('--merge', action = 'store') + return parser.parse_args() + +if __name__ == '__main__': + get_args = read_cli_args() + new_inventory = get_args.merge + if get_args.list: + print load_inventory(local_inventory) + elif new_inventory: + merge_inventory(local_inventory, new_inventory) diff --git a/deploy/compass_conf/templates/ansible_installer/openstack_newton/inventories/allinone.tmpl b/deploy/compass_conf/templates/ansible_installer/openstack_ocata/inventories/allinone.tmpl index 38e0038b..b320b9c5 100755 --- a/deploy/compass_conf/templates/ansible_installer/openstack_newton/inventories/allinone.tmpl +++ b/deploy/compass_conf/templates/ansible_installer/openstack_ocata/inventories/allinone.tmpl @@ -22,26 +22,26 @@ #for controller in $controllers #set controller_ip = $controller.management.ip #set controller_hostname = $controller.hostname -$controller_hostname ansible_ssh_host=$controller_ip ansible_ssh_user=$username ansible_ssh_password=$password +$controller_hostname ansible_ssh_host=$controller_ip ansible_ssh_user=$username ansible_ssh_pass=$password #end for [compute] #for compute in $computes #set compute_ip = $compute.management.ip #set compute_hostname = $compute.hostname -$compute_hostname ansible_ssh_host=$compute_ip ansible_ssh_user=$username ansible_ssh_password=$password +$compute_hostname ansible_ssh_host=$compute_ip ansible_ssh_user=$username ansible_ssh_pass=$password #end for [network] #for network in $networks #set network_ip = $network.management.ip #set network_hostname = $network.hostname -$network_hostname ansible_ssh_host=$network_ip ansible_ssh_user=$username ansible_ssh_password=$password +$network_hostname ansible_ssh_host=$network_ip ansible_ssh_user=$username ansible_ssh_pass=$password #end for [storage] #for storage in storages #set storage_ip = $storage.management.ip #set storage_hostname = $storage.hostname -$storage_hostname ansible_ssh_host=$storage_ip ansible_ssh_user=$username ansible_ssh_password=$password +$storage_hostname ansible_ssh_host=$storage_ip ansible_ssh_user=$username ansible_ssh_pass=$password #end for diff --git a/deploy/compass_conf/templates/ansible_installer/openstack_newton/inventories/multinodes.tmpl b/deploy/compass_conf/templates/ansible_installer/openstack_ocata/inventories/multinodes.tmpl index 7cdfbef3..b342d22f 100755 --- a/deploy/compass_conf/templates/ansible_installer/openstack_newton/inventories/multinodes.tmpl +++ b/deploy/compass_conf/templates/ansible_installer/openstack_ocata/inventories/multinodes.tmpl @@ -49,75 +49,75 @@ #for controller in $compute_controllers #set controller_ip = $controller.management.ip #set controller_hostname = $controller.hostname -$controller_hostname ansible_ssh_host=$controller_ip ansible_ssh_user=$username ansible_ssh_password=$password +$controller_hostname ansible_ssh_host=$controller_ip ansible_ssh_user=$username ansible_ssh_pass=$password #end for [compute-worker] #for compute in $compute_workers #set compute_ip = $compute.management.ip #set compute_hostname = $compute.hostname -$compute_hostname ansible_ssh_host=$compute_ip ansible_ssh_user=$username ansible_ssh_password=$password +$compute_hostname ansible_ssh_host=$compute_ip ansible_ssh_user=$username ansible_ssh_pass=$password #end for [network-server] #for network in $network_servers #set network_ip = $network.management.ip #set network_hostname = $network.hostname -$network_hostname ansible_ssh_host=$network_ip ansible_ssh_user=$username ansible_ssh_password=$password +$network_hostname ansible_ssh_host=$network_ip ansible_ssh_user=$username ansible_ssh_pass=$password #end for [network-worker] #for network in $network_workers #set network_ip = $network.management.ip #set network_hostname = $network.hostname -$network_hostname ansible_ssh_host=$network_ip ansible_ssh_user=$username ansible_ssh_password=$password +$network_hostname ansible_ssh_host=$network_ip ansible_ssh_user=$username ansible_ssh_pass=$password #end for [database] #for worker in $databases #set worker_ip = $worker.management.ip #set worker_hostname = $worker.hostname -$worker_hostname ansible_ssh_host=$worker_ip ansible_ssh_user=$username ansible_ssh_password=$password +$worker_hostname ansible_ssh_host=$worker_ip ansible_ssh_user=$username ansible_ssh_pass=$password #end for [messaging] #for worker in $messagings #set worker_ip = $worker.management.ip #set worker_hostname = $worker.hostname -$worker_hostname ansible_ssh_host=$worker_ip ansible_ssh_user=$username ansible_ssh_password=$password +$worker_hostname ansible_ssh_host=$worker_ip ansible_ssh_user=$username ansible_ssh_pass=$password #end for [image] #for worker in $images #set worker_ip = $worker.management.ip #set worker_hostname = $worker.hostname -$worker_hostname ansible_ssh_host=$worker_ip ansible_ssh_user=$username ansible_ssh_password=$password +$worker_hostname ansible_ssh_host=$worker_ip ansible_ssh_user=$username ansible_ssh_pass=$password #end for [dashboard] #for worker in $dashboards #set worker_ip = $worker.management.ip #set worker_hostname = $worker.hostname -$worker_hostname ansible_ssh_host=$worker_ip ansible_ssh_user=$username ansible_ssh_password=$password +$worker_hostname ansible_ssh_host=$worker_ip ansible_ssh_user=$username ansible_ssh_pass=$password #end for [identity] #for worker in $identities #set worker_ip = $worker.management.ip #set worker_hostname = $worker.hostname -$worker_hostname ansible_ssh_host=$worker_ip ansible_ssh_user=$username ansible_ssh_password=$password +$worker_hostname ansible_ssh_host=$worker_ip ansible_ssh_user=$username ansible_ssh_pass=$password #end for [storage-controller] #for worker in $storage_controllers #set worker_ip = $worker.management.ip #set worker_hostname = $worker.hostname -$worker_hostname ansible_ssh_host=$worker_ip ansible_ssh_user=$username ansible_ssh_password=$password +$worker_hostname ansible_ssh_host=$worker_ip ansible_ssh_user=$username ansible_ssh_pass=$password #end for [storage-volume] #for worker in $storage_volumes #set worker_ip = $worker.management.ip #set worker_hostname = $worker.hostname -$worker_hostname ansible_ssh_host=$worker_ip ansible_ssh_user=$username ansible_ssh_password=$password +$worker_hostname ansible_ssh_host=$worker_ip ansible_ssh_user=$username ansible_ssh_pass=$password #end for diff --git a/deploy/compass_conf/templates/ansible_installer/openstack_newton/inventories/single-controller.tmpl b/deploy/compass_conf/templates/ansible_installer/openstack_ocata/inventories/single-controller.tmpl index e1bf72c4..1afb45fa 100755 --- a/deploy/compass_conf/templates/ansible_installer/openstack_newton/inventories/single-controller.tmpl +++ b/deploy/compass_conf/templates/ansible_installer/openstack_ocata/inventories/single-controller.tmpl @@ -30,38 +30,38 @@ #for controller in $controllers #set controller_ip = $controller.management.ip #set controller_hostname = $controller.hostname -$controller_hostname ansible_ssh_host=$controller_ip ansible_ssh_user=$username ansible_ssh_password=$password +$controller_hostname ansible_ssh_host=$controller_ip ansible_ssh_user=$username ansible_ssh_pass=$password #end for [compute] #for compute in $computes #set compute_ip = $compute.management.ip #set compute_hostname = $compute.hostname -$compute_hostname ansible_ssh_host=$compute_ip ansible_ssh_user=$username ansible_ssh_password=$password +$compute_hostname ansible_ssh_host=$compute_ip ansible_ssh_user=$username ansible_ssh_pass=$password #end for [network] #for network in $networks #set network_ip = $network.management.ip #set network_hostname = $network.hostname -$network_hostname ansible_ssh_host=$network_ip ansible_ssh_user=$username ansible_ssh_password=$password +$network_hostname ansible_ssh_host=$network_ip ansible_ssh_user=$username ansible_ssh_pass=$password #end for [storage] #for storage in storages #set storage_ip = $storage.management.ip #set storage_hostname = $storage.hostname -$storage_hostname ansible_ssh_host=$storage_ip ansible_ssh_user=$username ansible_ssh_password=$password +$storage_hostname ansible_ssh_host=$storage_ip ansible_ssh_user=$username ansible_ssh_pass=$password #end for [odl] #for odl in odls #set odl_ip = $odl.management.ip #set odl_hostname = $odl.hostname -$odl_hostname ansible_ssh_host=$odl_ip ansible_ssh_user=$username ansible_ssh_password=$password +$odl_hostname ansible_ssh_host=$odl_ip ansible_ssh_user=$username ansible_ssh_pass=$password #end for [storage] #for storage in storages #set storage_ip = $storage.management.ip #set storage_hostname = $storage.hostname -$storage_hostname ansible_ssh_host=$storage_ip ansible_ssh_user=$username ansible_ssh_password=$password +$storage_hostname ansible_ssh_host=$storage_ip ansible_ssh_user=$username ansible_ssh_pass=$password #end for diff --git a/deploy/compass_conf/templates/ansible_installer/openstack_newton/vars/HA-ansible-multinodes.tmpl b/deploy/compass_conf/templates/ansible_installer/openstack_ocata/vars/HA-ansible-multinodes.tmpl index bc349fce..1fdc5d5e 100755 --- a/deploy/compass_conf/templates/ansible_installer/openstack_newton/vars/HA-ansible-multinodes.tmpl +++ b/deploy/compass_conf/templates/ansible_installer/openstack_ocata/vars/HA-ansible-multinodes.tmpl @@ -8,6 +8,34 @@ #set $sys_intf_mappings[$intf_info["name"]] = $intf_info #end for +#set controllers = $getVar('controller', []) +#set computes = $getVar('compute', []) +#set vlan_ip_sec_start = $getVar('vlan_ip_sec_start', '173.29.241.1') +#set vxlan_ip_start = $getVar('vxlan_ip_start', '172.29.240.13') + +#def ipadd($ip, $inc) + #set list = $ip.split('.') + #set $list[3] = str(int($list[3]) + $inc) + #set res = '.'.join($list) +$res +#end def + +#set host_info = {} +#for host in controllers + #set $host_info[$host['hostname']] = {'MGMT_IP': $host['install']['ip']} +#end for + +#set inc = 0 +#for host in computes + #set info = {} + #set $info['MGMT_IP'] = $host['install']['ip'] + #set $info['VLAN_IP_SECOND'] = $ipadd($vlan_ip_sec_start, $inc).strip('\n').encode('utf-8') + #set $info['VXLAN_IP'] = $ipadd($vxlan_ip_start, $inc).strip('\n').encode('utf-8') + #set $host_info[$host['hostname']] = $info + #set $inc = $inc + 1 +#end for +host_info: $host_info + #set ip_settings={} #for k,v in $getVar('ip_settings', {}).items() #set host_ip_settings={} @@ -22,15 +50,12 @@ #set has = $getVar('ha', []) #set ha_vip = $getVar('ha_vip', []) - -#set controllers = $getVar('controller', []) -#set computers = $getVar('compute', []) +run_dir: $getVar('run_dir', '') enable_secgroup: $getVar('enable_secgroup', True) enable_fwaas: $getVar('enable_fwaas', True) enable_vpnaas: $getVar('enable_vpnaas', True) odl_l3_agent: $getVar('odl_l3_agent', 'Disable') -moon: $getVar('moon', 'Disable') ha_network: $getVar('ha_network', 'Disable') onos_nic: $getVar('onos_nic', 'eth2') onos_sfc: $getVar('onos_sfc', 'Disable') @@ -39,7 +64,7 @@ network_cfg: $network_cfg sys_intf_mappings: $sys_intf_mappings deploy_type: $getVar('deploy_type', 'virtual') -public_cidr: $computers[0]['install']['subnet'] +public_cidr: $computes[0]['install']['subnet'] storage_cidr: "{{ ip_settings[inventory_hostname]['storage']['cidr'] }}" mgmt_cidr: "{{ ip_settings[inventory_hostname]['mgmt']['cidr'] }}" @@ -131,8 +156,8 @@ NTP_SERVER_LOCAL: "{{ controllers_host }}" DB_HOST: "{{ db_host }}" MQ_BROKER: rabbitmq -OPENSTACK_REPO: cloudarchive-newton.list -newton_cloud_archive: deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/newton main +OPENSTACK_REPO: cloudarchive-ocata.list +ocata_cloud_archive: deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main ADMIN_TOKEN: admin CEILOMETER_TOKEN: c095d479023a0fd58a54 erlang.cookie: DJJVECFMCJPVYQTJTDWG @@ -161,6 +186,13 @@ CONGRESS_PASS: $congress_pass DEMO_PASS: $demo_pass ADMIN_PASS: $admin_pass +#set plugins = $getVar('plugins', []) +#for item in plugins +#set keys = $item.keys() +#set values = $item.values() +$keys[0]: $values[0] +#end for + #set neutron_service_plugins=['router'] #if $getVar('enable_fwaas', True) @@ -214,3 +246,9 @@ odl_base_features: ['config', 'standard', 'region', 'package', 'kar', 'ssh', 'ma odl_extra_features: ['odl-l2switch-switch', 'odl-ovsdb-plugin', 'odl-ovsdb-openstack', 'odl-ovsdb-northbound','odl-dlux-core', 'odl-restconf-all', 'odl-mdsal-clustering', 'odl-openflowplugin-flow-services', 'odl-netconf-connector', 'odl-netconf-connector-ssh', 'jolokia-osgi'] odl_features: "{{ odl_base_features + odl_extra_features }}" odl_api_port: 8080 + +#set moon_cfg = $getVar('moon_cfg', {}) +moon_master: $moon_cfg.master.flag +moon_slave: $moon_cfg.slave.flag +moon_slave_name: $moon_cfg.slave.name +moon_master_ip: $moon_cfg.slave.master_ip diff --git a/deploy/compass_conf/templates/ansible_installer/openstack_newton/vars/allinone.tmpl b/deploy/compass_conf/templates/ansible_installer/openstack_ocata/vars/allinone.tmpl index a28897b3..2fc97c41 100755 --- a/deploy/compass_conf/templates/ansible_installer/openstack_newton/vars/allinone.tmpl +++ b/deploy/compass_conf/templates/ansible_installer/openstack_ocata/vars/allinone.tmpl @@ -50,8 +50,8 @@ NTP_SERVER_LOCAL: "{{ controller_host }}" DB_HOST: "{{ controller_host }}" MQ_BROKER: rabbitmq -OPENSTACK_REPO: cloudarchive-newton.list -newton_cloud_archive: deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/newton main +OPENSTACK_REPO: cloudarchive-ocata.list +ocata_cloud_archive: deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main ADMIN_TOKEN: admin CEILOMETER_TOKEN: c095d479023a0fd58a54 diff --git a/deploy/compass_conf/templates/ansible_installer/openstack_newton/vars/multinodes.tmpl b/deploy/compass_conf/templates/ansible_installer/openstack_ocata/vars/multinodes.tmpl index 16134e71..9fa649bc 100755 --- a/deploy/compass_conf/templates/ansible_installer/openstack_newton/vars/multinodes.tmpl +++ b/deploy/compass_conf/templates/ansible_installer/openstack_ocata/vars/multinodes.tmpl @@ -111,8 +111,8 @@ NTP_SERVER_LOCAL: "{{ compute_controller_host }}" DB_HOST: "{{ db_host }}" MQ_BROKER: rabbitmq -OPENSTACK_REPO: cloudarchive-newton.list -newton_cloud_archive: deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/newton main +OPENSTACK_REPO: cloudarchive-ocata.list +ocata_cloud_archive: deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main ADMIN_TOKEN: admin CEILOMETER_TOKEN: c095d479023a0fd58a54 diff --git a/deploy/compass_conf/templates/ansible_installer/openstack_newton/vars/single-controller.tmpl b/deploy/compass_conf/templates/ansible_installer/openstack_ocata/vars/single-controller.tmpl index 70b01813..57c23366 100755 --- a/deploy/compass_conf/templates/ansible_installer/openstack_newton/vars/single-controller.tmpl +++ b/deploy/compass_conf/templates/ansible_installer/openstack_ocata/vars/single-controller.tmpl @@ -62,8 +62,8 @@ NTP_SERVER_LOCAL: "{{ controller_host }}" DB_HOST: "{{ controller_host }}" MQ_BROKER: rabbitmq -OPENSTACK_REPO: cloudarchive-newton.list -newton_cloud_archive: deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/newton main +OPENSTACK_REPO: cloudarchive-ocata.list +ocata_cloud_archive: deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main ADMIN_TOKEN: admin CEILOMETER_TOKEN: c095d479023a0fd58a54 diff --git a/deploy/compass_vm.sh b/deploy/compass_vm.sh index 61993716..58173455 100755 --- a/deploy/compass_vm.sh +++ b/deploy/compass_vm.sh @@ -27,13 +27,11 @@ function install_compass_core() { } function set_compass_machine() { - local config_file=$WORK_DIR/installer/compass-install/install/group_vars/all - - sed -i -e '/test: true/d' -e '/pxe_boot_macs/d' $config_file - echo "test: true" >> $config_file + local config_file=$WORK_DIR/installer/compass-docker-compose/group_vars/all + sed -i '/pxe_boot_macs/d' $config_file echo "pxe_boot_macs: [${machines}]" >> $config_file - install_compass "compass_machine.yml" + ansible-playbook $WORK_DIR/installer/compass-docker-compose/add_machine.yml } function install_compass() { @@ -93,8 +91,11 @@ function inject_compass_conf() { } function refresh_compass_core () { - cmd="/opt/compass/bin/refresh.sh" - exec_cmd_on_compass $cmd + sudo docker exec compass-deck bash -c "/opt/compass/bin/manage_db.py createdb" + sudo docker exec compass-deck bash -c "/root/compass-deck/bin/clean_installers.py" + sudo docker exec compass-tasks bash -c \ + "ps aux | grep -E '[a]nsible-playbook|[o]penstack-ansible' | awk '{print \$2}' | xargs kill -9" + sudo rm -rf $WORK_DIR/docker/ansible/run/* } function wait_ok() { @@ -128,86 +129,15 @@ function wait_ok() { } function launch_compass() { - local old_mnt=$compass_vm_dir/old - local new_mnt=$compass_vm_dir/new - local old_iso=$WORK_DIR/iso/centos.iso - local new_iso=$compass_vm_dir/centos.iso - - log_info "launch_compass enter" - tear_down_compass - - set -e - mkdir -p $compass_vm_dir $old_mnt - sudo mount -o loop $old_iso $old_mnt - cd $old_mnt;find .|cpio -pd $new_mnt;cd - - - sudo umount $old_mnt - - chmod 755 -R $new_mnt - - cp $COMPASS_DIR/util/isolinux.cfg $new_mnt/isolinux/ -f - cp $COMPASS_DIR/util/ks.cfg $new_mnt/isolinux/ -f - - sed -i -e "s/REPLACE_MGMT_IP/$MGMT_IP/g" \ - -e "s/REPLACE_MGMT_NETMASK/$MGMT_MASK/g" \ - -e "s/REPLACE_GW/$MGMT_GW/g" \ - -e "s/REPLACE_INSTALL_IP/$COMPASS_SERVER/g" \ - -e "s/REPLACE_INSTALL_NETMASK/$INSTALL_MASK/g" \ - -e "s/REPLACE_COMPASS_EXTERNAL_NETMASK/$COMPASS_EXTERNAL_MASK/g" \ - -e "s/REPLACE_COMPASS_EXTERNAL_IP/$COMPASS_EXTERNAL_IP/g" \ - -e "s/REPLACE_COMPASS_EXTERNAL_GW/$COMPASS_EXTERNAL_GW/g" \ - $new_mnt/isolinux/isolinux.cfg - - if [[ -n $COMPASS_DNS1 ]]; then - sed -i -e "s/REPLACE_COMPASS_DNS1/$COMPASS_DNS1/g" $new_mnt/isolinux/isolinux.cfg - fi - - if [[ -n $COMPASS_DNS2 ]]; then - sed -i -e "s/REPLACE_COMPASS_DNS2/$COMPASS_DNS2/g" $new_mnt/isolinux/isolinux.cfg - fi - - ssh-keygen -f $new_mnt/bootstrap/boot.rsa -t rsa -N '' - cp $new_mnt/bootstrap/boot.rsa $rsa_file - - rm -rf $new_mnt/.rr_moved $new_mnt/rr_moved - sudo mkisofs -quiet -r -J -R -b isolinux/isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table -hide-rr-moved -x "lost+found:" -o $new_iso $new_mnt - - rm -rf $old_mnt $new_mnt - - qemu-img create -f qcow2 $compass_vm_dir/disk.img 100G - - # create vm xml - sed -e "s/REPLACE_MEM/$COMPASS_VIRT_MEM/g" \ - -e "s/REPLACE_CPU/$COMPASS_VIRT_CPUS/g" \ - -e "s#REPLACE_IMAGE#$compass_vm_dir/disk.img#g" \ - -e "s#REPLACE_ISO#$compass_vm_dir/centos.iso#g" \ - -e "s/REPLACE_NET_MGMT/mgmt/g" \ - -e "s/REPLACE_NET_INSTALL/install/g" \ - -e "s/REPLACE_NET_EXTERNAL/external/g" \ - $COMPASS_DIR/deploy/template/vm/compass.xml \ - > $WORK_DIR/vm/compass/libvirt.xml + local group_vars=$WORK_DIR/installer/compass-docker-compose/group_vars/all + sed -i "s#^\(compass_dir:\).*#\1 $COMPASS_DIR#g" $group_vars + sed -i "s#^\(compass_deck:\).*#\1 $COMPASS_DECK#g" $group_vars + sed -i "s#^\(compass_tasks:\).*#\1 $COMPASS_TASKS#g" $group_vars + sed -i "s#^\(compass_cobbler:\).*#\1 $COMPASS_COBBLER#g" $group_vars + sed -i "s#^\(compass_db:\).*#\1 $COMPASS_DB#g" $group_vars + sed -i "s#^\(compass_mq:\).*#\1 $COMPASS_MQ#g" $group_vars - sudo virsh define $compass_vm_dir/libvirt.xml - sudo virsh start compass - - exit_status=$? - if [ $exit_status != 0 ];then - log_error "virsh start compass failed" - exit 1 - fi - - if ! wait_ok 500;then - log_error "install os timeout" - exit 1 - fi - - if ! install_compass_core;then - log_error "install compass core failed" - exit 1 - fi - - set +e - log_info "launch_compass exit" + ansible-playbook $WORK_DIR/installer/compass-docker-compose/bring_up_compass.yml } function recover_compass() { @@ -282,8 +212,6 @@ function wait_controller_nodes_ok() { } function get_public_vip () { - ssh $ssh_args root@$MGMT_IP " - cd /var/ansible/run/$ADAPTER_NAME'-'$CLUSTER_NAME - cat group_vars/all | grep -A 3 public_vip: | sed -n '2p' |sed -e 's/ ip: //g' - " + cat $WORK_DIR/docker/ansible/run/$ADAPTER_NAME'-'$CLUSTER_NAME/group_vars/all \ + | grep -A 3 public_vip: | sed -n '2p' |sed -e 's/ ip: //g' } diff --git a/deploy/conf/baremetal.conf b/deploy/conf/baremetal.conf index 56903c77..12f3acb7 100644 --- a/deploy/conf/baremetal.conf +++ b/deploy/conf/baremetal.conf @@ -1,5 +1,5 @@ export SWITCH_IPS="192.168.124.2" export SWITCH_CREDENTIAL="version=2c,community=public" -export DEPLOYMENT_TIMEOUT="150" +export DEPLOYMENT_TIMEOUT="300" export POLL_SWITCHES_FLAG="nopoll_switches" export INSTALL_NIC=${INSTALL_NIC:-eth3} diff --git a/deploy/conf/base.conf b/deploy/conf/base.conf index 7b9d8290..bdbea459 100644 --- a/deploy/conf/base.conf +++ b/deploy/conf/base.conf @@ -1,17 +1,17 @@ export DHA=${DHA:-$COMPASS_DIR/deploy/conf/vm_environment/os-nosdn-nofeature-ha.yml} export NEUTRON=${NEUTRON:-$COMPASS_DIR/deploy/conf/neutron_cfg.yaml} export NETWORK=${NETWORK:-$COMPASS_DIR/deploy/conf/network_cfg.yaml} -export ISO_URL=${ISO_URL:-file://`pwd`/work/building/compass.iso} -export INSTALL_IP=${INSTALL_IP:-10.1.0.12} +export TAR_URL=${TAR_URL:-file://`pwd`/work/building/compass.tar.gz} +export INSTALL_IP=${INSTALL_IP:-10.1.0.1} export INSTALL_MASK=${INSTALL_MASK:-255.255.255.0} export INSTALL_GW=${INSTALL_GW:-10.1.0.1} export INSTALL_IP_START=${INSTALL_IP_START:-10.1.0.1} export INSTALL_IP_END=${INSTALL_IP_END:-10.1.0.254} -export MGMT_IP=${MGMT_IP:-192.168.200.2} -export MGMT_MASK=${MGMT_MASK:-255.255.252.0} -export MGMT_GW=${MGMT_GW:-192.168.200.1} -export MGMT_IP_START=${MGMT_IP_START:-192.168.200.3} -export MGMT_IP_END=${MGMT_IP_END:-192.168.200.254} +export MGMT_IP=${MGMT_IP:-10.1.0.1} +export EXT_NAT_MASK=${EXT_NAT_MASK:-255.255.252.0} +export EXT_NAT_GW=${EXT_NAT_GW:-192.16.1.1} +export EXT_NAT_IP_START=${EXT_NAT_IP_START:-192.16.1.3} +export EXT_NAT_IP_END=${EXT_NAT_IP_END:-192.16.1.254} export EXTERNAL_NIC=${EXTERNAL_NIC:-eth0} export CLUSTER_NAME="opnfv2" export DOMAIN="ods.com" @@ -68,3 +68,4 @@ export OS_CONFIG_FILENAME="" export SERVICE_CREDENTIALS="image:service=service,compute:service=service,dashboard:service=service,identity:service=service,image:service=service,metering:service=service,network:service=service,rabbitmq:service=service,volume:service=service,mysql:service=service,heat:heat=heat_db_secret,alarming:aodh=aodh_db_secret,policy:congress=service" export CONSOLE_CREDENTIALS="admin:console=console,demo:console=console,compute:console=console,dashboard:console=console,identity:console=console,image:console=console,metering:console=console,network:console=console,object-store:console=console,volume:console=console,heat:heat=heat_secret,alarming:aodh=aodh_secret,policy:congress=console" export PACKAGE_CONFIG_FILENAME="" +export MOON_CFG=${MOON_CFG:-"master:flag=Disable,slave:flag=Disable,slave:name=slave1,slave:master_ip=master_ip"} diff --git a/deploy/conf/compass.conf b/deploy/conf/compass.conf index 6e38d703..4ea087d6 100644 --- a/deploy/conf/compass.conf +++ b/deploy/conf/compass.conf @@ -1,8 +1,8 @@ export COMPASS_VIRT_CPUS=4 export COMPASS_VIRT_MEM=4096 export COMPASS_SERVER=$INSTALL_IP -export COMPASS_SERVER_URL="http://$MGMT_IP/api" -export HTTP_SERVER_URL="http://$MGMT_IP/api" +export COMPASS_SERVER_URL="http://$MGMT_IP:5050/api" +export HTTP_SERVER_URL="http://$MGMT_IP:5050/api" export COMPASS_USER_EMAIL="admin@huawei.com" export COMPASS_USER_PASSWORD="admin" export COMPASS_DNS1=${COMPASS_DNS1:-'8.8.8.8'} @@ -11,6 +11,12 @@ export COMPASS_EXTERNAL_IP=${COMPASS_EXTERNAL_IP:-} export COMPASS_EXTERNAL_MASK=${COMPASS_EXTERNAL_MASK:-} export COMPASS_EXTERNAL_GW=${COMPASS_EXTERNAL_GW:-} export LANGUAGE="EN" -export TIMEZONE="Asia/Shanghai" +export TIMEZONE="America/Los_Angeles" export NTP_SERVER="$COMPASS_SERVER" export NAMESERVERS="$COMPASS_SERVER" + +export COMPASS_DECK="compass4nfv/compass-deck" +export COMPASS_TASKS="compass4nfv/compass-tasks-osa" +export COMPASS_COBBLER="compass4nfv/compass-cobbler" +export COMPASS_DB="compass4nfv/compass-db" +export COMPASS_MQ="compass4nfv/compass-mq" diff --git a/deploy/conf/hardware_environment/huawei-pod1/os-nosdn-kvm-ha.yml b/deploy/conf/hardware_environment/huawei-pod1/os-nosdn-kvm-ha.yml new file mode 100644 index 00000000..9c00916b --- /dev/null +++ b/deploy/conf/hardware_environment/huawei-pod1/os-nosdn-kvm-ha.yml @@ -0,0 +1,74 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +--- +TYPE: baremetal +FLAVOR: cluster +POWER_TOOL: ipmitool + +ipmiUser: root +ipmiVer: '2.0' + +plugins: + - rt_kvm: "Enable" + +hosts: + - name: host1 + mac: 'F8:4A:BF:55:A2:8D' + interfaces: + - eth1: 'F8:4A:BF:55:A2:8E' + ipmiIp: 172.16.130.26 + ipmiPass: Opnfv@pod1 + roles: + - controller + - ha + - ceph-adm + - ceph-mon + + - name: host2 + mac: 'D8:49:0B:DA:5A:B7' + interfaces: + - eth1: 'D8:49:0B:DA:5A:B8' + ipmiIp: 172.16.130.27 + ipmiPass: Opnfv@pod1 + roles: + - controller + - ha + - ceph-mon + + - name: host3 + mac: '78:D7:52:A0:B1:99' + interfaces: + - eth1: '78:D7:52:A0:B1:9A' + ipmiIp: 172.16.130.29 + ipmiPass: Opnfv@pod1 + roles: + - controller + - ha + - ceph-mon + + - name: host4 + mac: 'D8:49:0B:DA:5B:5D' + interfaces: + - eth1: 'D8:49:0B:DA:5B:5E' + ipmiIp: 172.16.130.30 + ipmiPass: Opnfv@pod1 + roles: + - compute + - ceph-osd + + - name: host5 + mac: 'D8:49:0B:DA:56:85' + interfaces: + - eth1: 'D8:49:0B:DA:56:86' + ipmiIp: 172.16.130.31 + ipmiPass: Opnfv@pod1 + roles: + - compute + - ceph-osd diff --git a/deploy/conf/hardware_environment/huawei-pod1/os-nosdn-nofeature-ha.yml b/deploy/conf/hardware_environment/huawei-pod1/os-nosdn-nofeature-ha.yml index 38e20bad..6b329be6 100644 --- a/deploy/conf/hardware_environment/huawei-pod1/os-nosdn-nofeature-ha.yml +++ b/deploy/conf/hardware_environment/huawei-pod1/os-nosdn-nofeature-ha.yml @@ -21,7 +21,7 @@ hosts: interfaces: - eth1: 'F8:4A:BF:55:A2:8E' ipmiIp: 172.16.130.26 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod1 roles: - controller - ha @@ -33,7 +33,7 @@ hosts: interfaces: - eth1: 'D8:49:0B:DA:5A:B8' ipmiIp: 172.16.130.27 - ipmiPass: huawei@123 + ipmiPass: Opnfv@pod1 roles: - controller - ha @@ -44,7 +44,7 @@ hosts: interfaces: - eth1: '78:D7:52:A0:B1:9A' ipmiIp: 172.16.130.29 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod1 roles: - controller - ha @@ -55,7 +55,7 @@ hosts: interfaces: - eth1: 'D8:49:0B:DA:5B:5E' ipmiIp: 172.16.130.30 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod1 roles: - compute - ceph-osd @@ -65,7 +65,7 @@ hosts: interfaces: - eth1: 'D8:49:0B:DA:56:86' ipmiIp: 172.16.130.31 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod1 roles: - compute - ceph-osd diff --git a/deploy/conf/hardware_environment/huawei-pod1/os-nosdn-openo-ha.yml b/deploy/conf/hardware_environment/huawei-pod1/os-nosdn-openo-ha.yml index 0d403bc2..6027bddb 100644 --- a/deploy/conf/hardware_environment/huawei-pod1/os-nosdn-openo-ha.yml +++ b/deploy/conf/hardware_environment/huawei-pod1/os-nosdn-openo-ha.yml @@ -29,7 +29,7 @@ hosts: interfaces: - eth1: 'F8:4A:BF:55:A2:8E' ipmiIp: 172.16.130.26 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod1 roles: - controller - ha @@ -41,7 +41,7 @@ hosts: interfaces: - eth1: 'D8:49:0B:DA:5A:B8' ipmiIp: 172.16.130.27 - ipmiPass: huawei@123 + ipmiPass: Opnfv@pod1 roles: - controller - ha @@ -52,7 +52,7 @@ hosts: interfaces: - eth1: '78:D7:52:A0:B1:9A' ipmiIp: 172.16.130.29 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod1 roles: - controller - ha @@ -63,7 +63,7 @@ hosts: interfaces: - eth1: 'D8:49:0B:DA:5B:5E' ipmiIp: 172.16.130.30 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod1 roles: - compute - ceph-osd @@ -73,7 +73,7 @@ hosts: interfaces: - eth1: 'D8:49:0B:DA:56:86' ipmiIp: 172.16.130.31 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod1 roles: - compute - ceph-osd diff --git a/deploy/conf/hardware_environment/huawei-pod1/os-ocl-nofeature-ha.yml b/deploy/conf/hardware_environment/huawei-pod1/os-ocl-nofeature-ha.yml index 3093645f..287383b2 100644 --- a/deploy/conf/hardware_environment/huawei-pod1/os-ocl-nofeature-ha.yml +++ b/deploy/conf/hardware_environment/huawei-pod1/os-ocl-nofeature-ha.yml @@ -21,7 +21,7 @@ hosts: interfaces: - eth1: 'F8:4A:BF:55:A2:8E' ipmiIp: 172.16.130.26 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod1 roles: - controller - ha @@ -34,7 +34,7 @@ hosts: interfaces: - eth1: 'D8:49:0B:DA:5A:B8' ipmiIp: 172.16.130.27 - ipmiPass: huawei@123 + ipmiPass: Opnfv@pod1 roles: - compute - ceph-osd @@ -44,7 +44,7 @@ hosts: interfaces: - eth1: '78:D7:52:A0:B1:9A' ipmiIp: 172.16.130.29 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod1 roles: - compute - ceph-osd @@ -54,7 +54,7 @@ hosts: interfaces: - eth1: 'D8:49:0B:DA:5B:5E' ipmiIp: 172.16.130.30 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod1 roles: - compute - ceph-osd @@ -64,7 +64,7 @@ hosts: interfaces: - eth1: 'D8:49:0B:DA:56:86' ipmiIp: 172.16.130.31 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod1 roles: - compute - ceph-osd diff --git a/deploy/conf/hardware_environment/huawei-pod1/os-odl-sfc-ha.yml b/deploy/conf/hardware_environment/huawei-pod1/os-odl-sfc-ha.yml new file mode 100644 index 00000000..8095fe03 --- /dev/null +++ b/deploy/conf/hardware_environment/huawei-pod1/os-odl-sfc-ha.yml @@ -0,0 +1,79 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +--- +TYPE: baremetal +FLAVOR: cluster +POWER_TOOL: ipmitool + +ipmiUser: root +ipmiVer: '2.0' + +odl_l3_agent: "Enable" +plugins: + - opendaylight: "Enable" + - odl_sfc: "Enable" + +hosts: + - name: host1 + mac: 'F8:4A:BF:55:A2:8D' + interfaces: + - eth1: 'F8:4A:BF:55:A2:8E' + ipmiIp: 172.16.130.26 + ipmiPass: Opnfv@pod1 + roles: + - controller + - ha + - odl + - ceph-adm + - ceph-mon + + - name: host2 + mac: 'D8:49:0B:DA:5A:B7' + interfaces: + - eth1: 'D8:49:0B:DA:5A:B8' + ipmiIp: 172.16.130.27 + ipmiPass: Opnfv@pod1 + roles: + - controller + - ha + - odl + - ceph-mon + + - name: host3 + mac: '78:D7:52:A0:B1:99' + interfaces: + - eth1: '78:D7:52:A0:B1:9A' + ipmiIp: 172.16.130.29 + ipmiPass: Opnfv@pod1 + roles: + - controller + - ha + - odl + - ceph-mon + + - name: host4 + mac: 'D8:49:0B:DA:5B:5D' + interfaces: + - eth1: 'D8:49:0B:DA:5B:5E' + ipmiIp: 172.16.130.30 + ipmiPass: Opnfv@pod1 + roles: + - compute + - ceph-osd + + - name: host5 + mac: 'D8:49:0B:DA:56:85' + interfaces: + - eth1: 'D8:49:0B:DA:56:86' + ipmiIp: 172.16.130.31 + ipmiPass: Opnfv@pod1 + roles: + - compute + - ceph-osd diff --git a/deploy/conf/hardware_environment/huawei-pod1/os-odl_l2-moon-ha.yml b/deploy/conf/hardware_environment/huawei-pod1/os-odl_l2-moon-ha.yml index f7066697..d2447c1d 100644 --- a/deploy/conf/hardware_environment/huawei-pod1/os-odl_l2-moon-ha.yml +++ b/deploy/conf/hardware_environment/huawei-pod1/os-odl_l2-moon-ha.yml @@ -15,7 +15,9 @@ POWER_TOOL: ipmitool ipmiUser: root ipmiVer: '2.0' -moon: "Enable" +plugins: + - opendaylight: "Enable" + - moon: "Enable" hosts: - name: host1 @@ -23,7 +25,7 @@ hosts: interfaces: - eth1: 'F8:4A:BF:55:A2:8E' ipmiIp: 172.16.130.26 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod1 roles: - controller - ha @@ -36,7 +38,7 @@ hosts: interfaces: - eth1: 'D8:49:0B:DA:5A:B8' ipmiIp: 172.16.130.27 - ipmiPass: huawei@123 + ipmiPass: Opnfv@pod1 roles: - controller - ha @@ -48,7 +50,7 @@ hosts: interfaces: - eth1: '78:D7:52:A0:B1:9A' ipmiIp: 172.16.130.29 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod1 roles: - controller - ha @@ -60,7 +62,7 @@ hosts: interfaces: - eth1: 'D8:49:0B:DA:5B:5E' ipmiIp: 172.16.130.30 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod1 roles: - compute - ceph-osd @@ -70,7 +72,6 @@ hosts: interfaces: - eth1: 'D8:49:0B:DA:56:86' ipmiIp: 172.16.130.31 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod1 roles: - - compute - - ceph-osd + - moon diff --git a/deploy/conf/hardware_environment/huawei-pod1/os-odl_l2-nofeature-ha.yml b/deploy/conf/hardware_environment/huawei-pod1/os-odl_l2-nofeature-ha.yml index 527c1bfb..71edf08c 100644 --- a/deploy/conf/hardware_environment/huawei-pod1/os-odl_l2-nofeature-ha.yml +++ b/deploy/conf/hardware_environment/huawei-pod1/os-odl_l2-nofeature-ha.yml @@ -15,13 +15,16 @@ POWER_TOOL: ipmitool ipmiUser: root ipmiVer: '2.0' +plugins: + - opendaylight: "Enable" + hosts: - name: host1 mac: 'F8:4A:BF:55:A2:8D' interfaces: - eth1: 'F8:4A:BF:55:A2:8E' ipmiIp: 172.16.130.26 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod1 roles: - controller - ha @@ -34,7 +37,7 @@ hosts: interfaces: - eth1: 'D8:49:0B:DA:5A:B8' ipmiIp: 172.16.130.27 - ipmiPass: huawei@123 + ipmiPass: Opnfv@pod1 roles: - controller - ha @@ -46,7 +49,7 @@ hosts: interfaces: - eth1: '78:D7:52:A0:B1:9A' ipmiIp: 172.16.130.29 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod1 roles: - controller - ha @@ -58,7 +61,7 @@ hosts: interfaces: - eth1: 'D8:49:0B:DA:5B:5E' ipmiIp: 172.16.130.30 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod1 roles: - compute - ceph-osd @@ -68,7 +71,7 @@ hosts: interfaces: - eth1: 'D8:49:0B:DA:56:86' ipmiIp: 172.16.130.31 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod1 roles: - compute - ceph-osd diff --git a/deploy/conf/hardware_environment/huawei-pod1/os-odl_l3-nofeature-ha.yml b/deploy/conf/hardware_environment/huawei-pod1/os-odl_l3-nofeature-ha.yml index e840380a..2aaf192f 100644 --- a/deploy/conf/hardware_environment/huawei-pod1/os-odl_l3-nofeature-ha.yml +++ b/deploy/conf/hardware_environment/huawei-pod1/os-odl_l3-nofeature-ha.yml @@ -16,6 +16,8 @@ ipmiUser: root ipmiVer: '2.0' odl_l3_agent: "Enable" +plugins: + - opendaylight: "Enable" hosts: - name: host1 @@ -23,7 +25,7 @@ hosts: interfaces: - eth1: 'F8:4A:BF:55:A2:8E' ipmiIp: 172.16.130.26 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod1 roles: - controller - ha @@ -36,7 +38,7 @@ hosts: interfaces: - eth1: 'D8:49:0B:DA:5A:B8' ipmiIp: 172.16.130.27 - ipmiPass: huawei@123 + ipmiPass: Opnfv@pod1 roles: - controller - ha @@ -48,7 +50,7 @@ hosts: interfaces: - eth1: '78:D7:52:A0:B1:9A' ipmiIp: 172.16.130.29 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod1 roles: - controller - ha @@ -60,7 +62,7 @@ hosts: interfaces: - eth1: 'D8:49:0B:DA:5B:5E' ipmiIp: 172.16.130.30 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod1 roles: - compute - ceph-osd @@ -70,7 +72,7 @@ hosts: interfaces: - eth1: 'D8:49:0B:DA:56:86' ipmiIp: 172.16.130.31 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod1 roles: - compute - ceph-osd diff --git a/deploy/conf/hardware_environment/huawei-pod1/os-onos-nofeature-ha.yml b/deploy/conf/hardware_environment/huawei-pod1/os-onos-nofeature-ha.yml index 1e4f32e2..fb4b1788 100644 --- a/deploy/conf/hardware_environment/huawei-pod1/os-onos-nofeature-ha.yml +++ b/deploy/conf/hardware_environment/huawei-pod1/os-onos-nofeature-ha.yml @@ -21,7 +21,7 @@ hosts: interfaces: - eth1: 'F8:4A:BF:55:A2:8E' ipmiIp: 172.16.130.26 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod1 roles: - controller - ha @@ -34,7 +34,7 @@ hosts: interfaces: - eth1: 'D8:49:0B:DA:5A:B8' ipmiIp: 172.16.130.27 - ipmiPass: huawei@123 + ipmiPass: Opnfv@pod1 roles: - controller - ha @@ -46,7 +46,7 @@ hosts: interfaces: - eth1: '78:D7:52:A0:B1:9A' ipmiIp: 172.16.130.29 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod1 roles: - controller - ha @@ -58,7 +58,7 @@ hosts: interfaces: - eth1: 'D8:49:0B:DA:5B:5E' ipmiIp: 172.16.130.30 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod1 roles: - compute - ceph-osd @@ -68,7 +68,7 @@ hosts: interfaces: - eth1: 'D8:49:0B:DA:56:86' ipmiIp: 172.16.130.31 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod1 roles: - compute - ceph-osd diff --git a/deploy/conf/hardware_environment/huawei-pod1/os-onos-sfc-ha.yml b/deploy/conf/hardware_environment/huawei-pod1/os-onos-sfc-ha.yml index 221dc0b3..1f40241f 100644 --- a/deploy/conf/hardware_environment/huawei-pod1/os-onos-sfc-ha.yml +++ b/deploy/conf/hardware_environment/huawei-pod1/os-onos-sfc-ha.yml @@ -23,7 +23,7 @@ hosts: interfaces: - eth1: 'F8:4A:BF:55:A2:8E' ipmiIp: 172.16.130.26 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod1 roles: - controller - ha @@ -36,7 +36,7 @@ hosts: interfaces: - eth1: 'D8:49:0B:DA:5A:B8' ipmiIp: 172.16.130.27 - ipmiPass: huawei@123 + ipmiPass: Opnfv@pod1 roles: - controller - ha @@ -48,7 +48,7 @@ hosts: interfaces: - eth1: '78:D7:52:A0:B1:9A' ipmiIp: 172.16.130.29 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod1 roles: - controller - ha @@ -60,7 +60,7 @@ hosts: interfaces: - eth1: 'D8:49:0B:DA:5B:5E' ipmiIp: 172.16.130.30 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod1 roles: - compute - ceph-osd @@ -70,7 +70,7 @@ hosts: interfaces: - eth1: 'D8:49:0B:DA:56:86' ipmiIp: 172.16.130.31 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod1 roles: - compute - ceph-osd diff --git a/deploy/conf/hardware_environment/huawei-pod2/os-nosdn-nofeature-ha.yml b/deploy/conf/hardware_environment/huawei-pod2/os-nosdn-nofeature-ha.yml index 53834c19..5b08ae53 100644 --- a/deploy/conf/hardware_environment/huawei-pod2/os-nosdn-nofeature-ha.yml +++ b/deploy/conf/hardware_environment/huawei-pod2/os-nosdn-nofeature-ha.yml @@ -19,7 +19,7 @@ hosts: - name: host1 mac: 'EC:38:8F:79:0C:2C' ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 ipmiIp: 172.16.130.20 interfaces: - eth1: 'EC:38:8F:79:0C:2D' @@ -33,7 +33,7 @@ hosts: mac: 'EC:38:8F:79:0C:48' ipmiIp: 172.16.130.19 ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 interfaces: - eth1: 'EC:38:8F:79:0C:49' roles: @@ -45,7 +45,7 @@ hosts: mac: 'EC:38:8F:79:10:CC' ipmiIp: 172.16.130.18 ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 interfaces: - eth1: 'EC:38:8F:79:10:CD' roles: @@ -57,7 +57,7 @@ hosts: mac: 'EC:38:8F:79:0C:6C' ipmiIp: 172.16.130.17 ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 interfaces: - eth1: 'EC:38:8F:79:0C:6D' roles: @@ -68,7 +68,7 @@ hosts: mac: 'EC:38:8F:7A:E6:ED' ipmiIp: 172.16.130.16 ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 interfaces: - eth1: 'EC:38:8F:7A:E6:EE' roles: diff --git a/deploy/conf/hardware_environment/huawei-pod2/os-nosdn-openo-ha.yml b/deploy/conf/hardware_environment/huawei-pod2/os-nosdn-openo-ha.yml index a6dcccfb..18366900 100644 --- a/deploy/conf/hardware_environment/huawei-pod2/os-nosdn-openo-ha.yml +++ b/deploy/conf/hardware_environment/huawei-pod2/os-nosdn-openo-ha.yml @@ -27,7 +27,7 @@ hosts: - name: host1 mac: 'EC:38:8F:79:0C:2C' ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 ipmiIp: 172.16.130.20 interfaces: - eth1: 'EC:38:8F:79:0C:2D' @@ -41,7 +41,7 @@ hosts: mac: 'EC:38:8F:79:0C:48' ipmiIp: 172.16.130.19 ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 interfaces: - eth1: 'EC:38:8F:79:0C:49' roles: @@ -53,7 +53,7 @@ hosts: mac: 'EC:38:8F:79:10:CC' ipmiIp: 172.16.130.18 ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 interfaces: - eth1: 'EC:38:8F:79:10:CD' roles: @@ -65,7 +65,7 @@ hosts: mac: 'EC:38:8F:79:0C:6C' ipmiIp: 172.16.130.17 ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 interfaces: - eth1: 'EC:38:8F:79:0C:6D' roles: @@ -76,7 +76,7 @@ hosts: mac: 'EC:38:8F:7A:E6:ED' ipmiIp: 172.16.130.16 ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 interfaces: - eth1: 'EC:38:8F:7A:E6:EE' roles: diff --git a/deploy/conf/hardware_environment/huawei-pod2/os-ocl-nofeature-ha.yml b/deploy/conf/hardware_environment/huawei-pod2/os-ocl-nofeature-ha.yml index 5fc6716c..e304169e 100644 --- a/deploy/conf/hardware_environment/huawei-pod2/os-ocl-nofeature-ha.yml +++ b/deploy/conf/hardware_environment/huawei-pod2/os-ocl-nofeature-ha.yml @@ -19,7 +19,7 @@ hosts: - name: host1 mac: 'EC:38:8F:79:0C:2C' ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 ipmiIp: 172.16.130.20 interfaces: - eth1: 'EC:38:8F:79:0C:2D' @@ -34,7 +34,7 @@ hosts: mac: 'EC:38:8F:79:0C:48' ipmiIp: 172.16.130.19 ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 interfaces: - eth1: 'EC:38:8F:79:0C:49' roles: @@ -45,7 +45,7 @@ hosts: mac: 'EC:38:8F:79:10:CC' ipmiIp: 172.16.130.18 ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 interfaces: - eth1: 'EC:38:8F:79:10:CD' roles: @@ -56,7 +56,7 @@ hosts: mac: 'EC:38:8F:79:0C:6C' ipmiIp: 172.16.130.17 ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 interfaces: - eth1: 'EC:38:8F:79:0C:6D' roles: @@ -67,7 +67,7 @@ hosts: mac: 'EC:38:8F:7A:E6:ED' ipmiIp: 172.16.130.16 ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 interfaces: - eth1: 'EC:38:8F:7A:E6:EE' roles: diff --git a/deploy/conf/hardware_environment/huawei-pod2/os-odl_l2-moon-ha.yml b/deploy/conf/hardware_environment/huawei-pod2/os-odl_l2-moon-ha.yml index d9d6d837..86da1dfb 100644 --- a/deploy/conf/hardware_environment/huawei-pod2/os-odl_l2-moon-ha.yml +++ b/deploy/conf/hardware_environment/huawei-pod2/os-odl_l2-moon-ha.yml @@ -16,12 +16,14 @@ POWER_TOOL: ipmitool ipmiVer: '2.0' moon: "Enable" +plugins: + - opendaylight: "Enable" hosts: - name: host1 mac: 'EC:38:8F:79:0C:2C' ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 ipmiIp: 172.16.130.20 interfaces: - eth1: 'EC:38:8F:79:0C:2D' @@ -36,7 +38,7 @@ hosts: mac: 'EC:38:8F:79:0C:48' ipmiIp: 172.16.130.19 ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 interfaces: - eth1: 'EC:38:8F:79:0C:49' roles: @@ -50,7 +52,7 @@ hosts: mac: 'EC:38:8F:79:10:CC' ipmiIp: 172.16.130.18 ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 interfaces: - eth1: 'EC:38:8F:79:10:CD' roles: @@ -64,7 +66,7 @@ hosts: mac: 'EC:38:8F:79:0C:6C' ipmiIp: 172.16.130.17 ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 interfaces: - eth1: 'EC:38:8F:79:0C:6D' roles: @@ -75,7 +77,7 @@ hosts: mac: 'EC:38:8F:7A:E6:ED' ipmiIp: 172.16.130.16 ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 interfaces: - eth1: 'EC:38:8F:7A:E6:EE' roles: diff --git a/deploy/conf/hardware_environment/huawei-pod2/os-odl_l2-nofeature-ha.yml b/deploy/conf/hardware_environment/huawei-pod2/os-odl_l2-nofeature-ha.yml index 923e1cbd..07e7d0f5 100644 --- a/deploy/conf/hardware_environment/huawei-pod2/os-odl_l2-nofeature-ha.yml +++ b/deploy/conf/hardware_environment/huawei-pod2/os-odl_l2-nofeature-ha.yml @@ -14,12 +14,14 @@ FLAVOR: cluster POWER_TOOL: ipmitool ipmiVer: '2.0' +plugins: + - opendaylight: "Enable" hosts: - name: host1 mac: 'EC:38:8F:79:0C:2C' ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 ipmiIp: 172.16.130.20 interfaces: - eth1: 'EC:38:8F:79:0C:2D' @@ -34,7 +36,7 @@ hosts: mac: 'EC:38:8F:79:0C:48' ipmiIp: 172.16.130.19 ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 interfaces: - eth1: 'EC:38:8F:79:0C:49' roles: @@ -48,7 +50,7 @@ hosts: mac: 'EC:38:8F:79:10:CC' ipmiIp: 172.16.130.18 ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 interfaces: - eth1: 'EC:38:8F:79:10:CD' roles: @@ -62,7 +64,7 @@ hosts: mac: 'EC:38:8F:79:0C:6C' ipmiIp: 172.16.130.17 ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 interfaces: - eth1: 'EC:38:8F:79:0C:6D' roles: @@ -73,7 +75,7 @@ hosts: mac: 'EC:38:8F:7A:E6:ED' ipmiIp: 172.16.130.16 ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 interfaces: - eth1: 'EC:38:8F:7A:E6:EE' roles: diff --git a/deploy/conf/hardware_environment/huawei-pod2/os-odl_l3-nofeature-ha.yml b/deploy/conf/hardware_environment/huawei-pod2/os-odl_l3-nofeature-ha.yml index 4502cd1e..5d8ed350 100644 --- a/deploy/conf/hardware_environment/huawei-pod2/os-odl_l3-nofeature-ha.yml +++ b/deploy/conf/hardware_environment/huawei-pod2/os-odl_l3-nofeature-ha.yml @@ -16,12 +16,14 @@ POWER_TOOL: ipmitool ipmiVer: '2.0' odl_l3_agent: "Enable" +plugins: + - opendaylight: "Enable" hosts: - name: host1 mac: 'EC:38:8F:79:0C:2C' ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 ipmiIp: 172.16.130.20 interfaces: - eth1: 'EC:38:8F:79:0C:2D' @@ -36,7 +38,7 @@ hosts: mac: 'EC:38:8F:79:0C:48' ipmiIp: 172.16.130.19 ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 interfaces: - eth1: 'EC:38:8F:79:0C:49' roles: @@ -50,7 +52,7 @@ hosts: mac: 'EC:38:8F:79:10:CC' ipmiIp: 172.16.130.18 ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 interfaces: - eth1: 'EC:38:8F:79:10:CD' roles: @@ -64,7 +66,7 @@ hosts: mac: 'EC:38:8F:79:0C:6C' ipmiIp: 172.16.130.17 ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 interfaces: - eth1: 'EC:38:8F:79:0C:6D' roles: @@ -75,7 +77,7 @@ hosts: mac: 'EC:38:8F:7A:E6:ED' ipmiIp: 172.16.130.16 ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 interfaces: - eth1: 'EC:38:8F:7A:E6:EE' roles: diff --git a/deploy/conf/hardware_environment/huawei-pod2/os-onos-nofeature-ha.yml b/deploy/conf/hardware_environment/huawei-pod2/os-onos-nofeature-ha.yml index 08753eb2..3770b6ac 100644 --- a/deploy/conf/hardware_environment/huawei-pod2/os-onos-nofeature-ha.yml +++ b/deploy/conf/hardware_environment/huawei-pod2/os-onos-nofeature-ha.yml @@ -19,7 +19,7 @@ hosts: - name: host1 mac: 'EC:38:8F:79:0C:2C' ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 ipmiIp: 172.16.130.20 interfaces: - eth1: 'EC:38:8F:79:0C:2D' @@ -34,7 +34,7 @@ hosts: mac: 'EC:38:8F:79:0C:48' ipmiIp: 172.16.130.19 ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 interfaces: - eth1: 'EC:38:8F:79:0C:49' roles: @@ -47,7 +47,7 @@ hosts: mac: 'EC:38:8F:79:10:CC' ipmiIp: 172.16.130.18 ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 interfaces: - eth1: 'EC:38:8F:79:10:CD' roles: @@ -60,7 +60,7 @@ hosts: mac: 'EC:38:8F:79:0C:6C' ipmiIp: 172.16.130.17 ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 interfaces: - eth1: 'EC:38:8F:79:0C:6D' roles: @@ -71,7 +71,7 @@ hosts: mac: 'EC:38:8F:7A:E6:ED' ipmiIp: 172.16.130.16 ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 interfaces: - eth1: 'EC:38:8F:7A:E6:EE' roles: diff --git a/deploy/conf/hardware_environment/huawei-pod2/os-onos-sfc-ha.yml b/deploy/conf/hardware_environment/huawei-pod2/os-onos-sfc-ha.yml index 25e984bf..0effc850 100644 --- a/deploy/conf/hardware_environment/huawei-pod2/os-onos-sfc-ha.yml +++ b/deploy/conf/hardware_environment/huawei-pod2/os-onos-sfc-ha.yml @@ -21,7 +21,7 @@ hosts: - name: host1 mac: 'EC:38:8F:79:0C:2C' ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 ipmiIp: 172.16.130.20 interfaces: - eth1: 'EC:38:8F:79:0C:2D' @@ -36,7 +36,7 @@ hosts: mac: 'EC:38:8F:79:0C:48' ipmiIp: 172.16.130.19 ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 interfaces: - eth1: 'EC:38:8F:79:0C:49' roles: @@ -49,7 +49,7 @@ hosts: mac: 'EC:38:8F:79:10:CC' ipmiIp: 172.16.130.18 ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 interfaces: - eth1: 'EC:38:8F:79:10:CD' roles: @@ -62,7 +62,7 @@ hosts: mac: 'EC:38:8F:79:0C:6C' ipmiIp: 172.16.130.17 ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 interfaces: - eth1: 'EC:38:8F:79:0C:6D' roles: @@ -73,7 +73,7 @@ hosts: mac: 'EC:38:8F:7A:E6:ED' ipmiIp: 172.16.130.16 ipmiUser: root - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod2 interfaces: - eth1: 'EC:38:8F:7A:E6:EE' roles: diff --git a/deploy/conf/hardware_environment/huawei-pod4/os-nosdn-nofeature-ha.yml b/deploy/conf/hardware_environment/huawei-pod4/os-nosdn-nofeature-ha.yml index deb9c459..632776be 100644 --- a/deploy/conf/hardware_environment/huawei-pod4/os-nosdn-nofeature-ha.yml +++ b/deploy/conf/hardware_environment/huawei-pod4/os-nosdn-nofeature-ha.yml @@ -21,7 +21,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:BA:63:4A' ipmiIp: 172.16.131.17 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - controller - ha @@ -33,7 +33,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:BB:AA:C6' ipmiIp: 172.16.131.18 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - controller - ha @@ -44,7 +44,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:B9:1F:4A' ipmiIp: 172.16.131.19 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - controller - ha @@ -55,7 +55,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:BB:AA:EA' ipmiIp: 172.16.131.20 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - compute - ceph-osd @@ -65,7 +65,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:BB:AB:1E' ipmiIp: 172.16.131.21 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - compute - ceph-osd diff --git a/deploy/conf/hardware_environment/huawei-pod4/os-ocl-nofeature-ha.yml b/deploy/conf/hardware_environment/huawei-pod4/os-ocl-nofeature-ha.yml index a86a1cf4..efe9ace7 100644 --- a/deploy/conf/hardware_environment/huawei-pod4/os-ocl-nofeature-ha.yml +++ b/deploy/conf/hardware_environment/huawei-pod4/os-ocl-nofeature-ha.yml @@ -21,7 +21,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:BA:63:4A' ipmiIp: 172.16.131.17 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - controller - ha @@ -34,7 +34,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:BB:AA:C6' ipmiIp: 172.16.131.18 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - compute - ceph-osd @@ -44,7 +44,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:B9:1F:4A' ipmiIp: 172.16.131.19 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - compute - ceph-osd @@ -54,7 +54,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:BB:AA:EA' ipmiIp: 172.16.131.20 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - compute - ceph-osd @@ -64,7 +64,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:BB:AB:1E' ipmiIp: 172.16.131.21 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - compute - ceph-osd diff --git a/deploy/conf/hardware_environment/huawei-pod4/os-odl_l2-moon-ha.yml b/deploy/conf/hardware_environment/huawei-pod4/os-odl_l2-moon-ha.yml index 5a37257e..fa034d30 100644 --- a/deploy/conf/hardware_environment/huawei-pod4/os-odl_l2-moon-ha.yml +++ b/deploy/conf/hardware_environment/huawei-pod4/os-odl_l2-moon-ha.yml @@ -23,7 +23,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:BA:63:4A' ipmiIp: 172.16.131.17 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - controller - ha @@ -36,7 +36,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:BB:AA:C6' ipmiIp: 172.16.131.18 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - controller - ha @@ -48,7 +48,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:B9:1F:4A' ipmiIp: 172.16.131.19 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - controller - ha @@ -60,7 +60,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:BB:AA:EA' ipmiIp: 172.16.131.20 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - compute - ceph-osd @@ -70,7 +70,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:BB:AB:1E' ipmiIp: 172.16.131.21 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - compute - ceph-osd diff --git a/deploy/conf/hardware_environment/huawei-pod4/os-odl_l2-nofeature-ha.yml b/deploy/conf/hardware_environment/huawei-pod4/os-odl_l2-nofeature-ha.yml index 80097b78..05543930 100644 --- a/deploy/conf/hardware_environment/huawei-pod4/os-odl_l2-nofeature-ha.yml +++ b/deploy/conf/hardware_environment/huawei-pod4/os-odl_l2-nofeature-ha.yml @@ -21,7 +21,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:BA:63:4A' ipmiIp: 172.16.131.17 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - controller - ha @@ -34,7 +34,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:BB:AA:C6' ipmiIp: 172.16.131.18 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - controller - ha @@ -46,7 +46,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:B9:1F:4A' ipmiIp: 172.16.131.19 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - controller - ha @@ -58,7 +58,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:BB:AA:EA' ipmiIp: 172.16.131.20 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - compute - ceph-osd @@ -68,7 +68,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:BB:AB:1E' ipmiIp: 172.16.131.21 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - compute - ceph-osd diff --git a/deploy/conf/hardware_environment/huawei-pod4/os-odl_l3-nofeature-ha.yml b/deploy/conf/hardware_environment/huawei-pod4/os-odl_l3-nofeature-ha.yml index 4d4c715f..46f7e791 100644 --- a/deploy/conf/hardware_environment/huawei-pod4/os-odl_l3-nofeature-ha.yml +++ b/deploy/conf/hardware_environment/huawei-pod4/os-odl_l3-nofeature-ha.yml @@ -23,7 +23,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:BA:63:4A' ipmiIp: 172.16.131.17 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - controller - ha @@ -36,7 +36,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:BB:AA:C6' ipmiIp: 172.16.131.18 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - controller - ha @@ -48,7 +48,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:B9:1F:4A' ipmiIp: 172.16.131.19 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - controller - ha @@ -60,7 +60,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:BB:AA:EA' ipmiIp: 172.16.131.20 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - compute - ceph-osd @@ -70,7 +70,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:BB:AB:1E' ipmiIp: 172.16.131.21 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - compute - ceph-osd diff --git a/deploy/conf/hardware_environment/huawei-pod4/os-onos-nofeature-ha.yml b/deploy/conf/hardware_environment/huawei-pod4/os-onos-nofeature-ha.yml index 01dd3a80..73068b50 100644 --- a/deploy/conf/hardware_environment/huawei-pod4/os-onos-nofeature-ha.yml +++ b/deploy/conf/hardware_environment/huawei-pod4/os-onos-nofeature-ha.yml @@ -21,7 +21,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:BA:63:4A' ipmiIp: 172.16.131.17 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - controller - ha @@ -34,7 +34,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:BB:AA:C6' ipmiIp: 172.16.131.18 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - controller - ha @@ -46,7 +46,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:B9:1F:4A' ipmiIp: 172.16.131.19 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - controller - ha @@ -58,7 +58,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:BB:AA:EA' ipmiIp: 172.16.131.20 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - compute - ceph-osd @@ -68,7 +68,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:BB:AB:1E' ipmiIp: 172.16.131.21 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - compute - ceph-osd diff --git a/deploy/conf/hardware_environment/huawei-pod4/os-onos-sfc-ha.yml b/deploy/conf/hardware_environment/huawei-pod4/os-onos-sfc-ha.yml index 01dd3a80..73068b50 100644 --- a/deploy/conf/hardware_environment/huawei-pod4/os-onos-sfc-ha.yml +++ b/deploy/conf/hardware_environment/huawei-pod4/os-onos-sfc-ha.yml @@ -21,7 +21,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:BA:63:4A' ipmiIp: 172.16.131.17 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - controller - ha @@ -34,7 +34,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:BB:AA:C6' ipmiIp: 172.16.131.18 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - controller - ha @@ -46,7 +46,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:B9:1F:4A' ipmiIp: 172.16.131.19 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - controller - ha @@ -58,7 +58,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:BB:AA:EA' ipmiIp: 172.16.131.20 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - compute - ceph-osd @@ -68,7 +68,7 @@ hosts: interfaces: - eth1: 'E8:4D:D0:BB:AB:1E' ipmiIp: 172.16.131.21 - ipmiPass: Huawei@123 + ipmiPass: Opnfv@pod4 roles: - compute - ceph-osd diff --git a/deploy/conf/hardware_environment/huawei-pod5/os-nosdn-nofeature-ha.yml b/deploy/conf/hardware_environment/huawei-pod5/os-nosdn-nofeature-ha.yml index b0fa1804..acf996d0 100644 --- a/deploy/conf/hardware_environment/huawei-pod5/os-nosdn-nofeature-ha.yml +++ b/deploy/conf/hardware_environment/huawei-pod5/os-nosdn-nofeature-ha.yml @@ -21,7 +21,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:67:8B' ipmiIp: 192.168.5.173 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - controller - ha @@ -33,7 +33,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:5A:D0' ipmiIp: 192.168.5.174 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - controller - ha @@ -44,7 +44,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:67:55' ipmiIp: 192.168.5.175 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - controller - ha @@ -55,7 +55,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:5D:4C' ipmiIp: 192.168.5.176 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - compute - ceph-osd @@ -65,7 +65,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:63:31' ipmiIp: 192.168.5.177 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - compute - ceph-osd diff --git a/deploy/conf/hardware_environment/huawei-pod5/os-ocl-nofeature-ha.yml b/deploy/conf/hardware_environment/huawei-pod5/os-ocl-nofeature-ha.yml index dd5158e5..6e486b57 100644 --- a/deploy/conf/hardware_environment/huawei-pod5/os-ocl-nofeature-ha.yml +++ b/deploy/conf/hardware_environment/huawei-pod5/os-ocl-nofeature-ha.yml @@ -21,7 +21,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:67:8B' ipmiIp: 192.168.5.173 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - controller - ha @@ -34,7 +34,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:5A:D0' ipmiIp: 192.168.5.174 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - compute - ceph-osd @@ -44,7 +44,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:67:55' ipmiIp: 192.168.5.175 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - compute - ceph-osd @@ -54,7 +54,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:5D:4C' ipmiIp: 192.168.5.176 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - compute - ceph-osd @@ -64,7 +64,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:63:31' ipmiIp: 192.168.5.177 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - compute - ceph-osd diff --git a/deploy/conf/hardware_environment/huawei-pod5/os-odl_l2-moon-ha.yml b/deploy/conf/hardware_environment/huawei-pod5/os-odl_l2-moon-ha.yml index defafed9..9829885f 100644 --- a/deploy/conf/hardware_environment/huawei-pod5/os-odl_l2-moon-ha.yml +++ b/deploy/conf/hardware_environment/huawei-pod5/os-odl_l2-moon-ha.yml @@ -23,7 +23,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:67:8B' ipmiIp: 192.168.5.173 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - controller - ha @@ -36,7 +36,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:5A:D0' ipmiIp: 192.168.5.174 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - controller - ha @@ -48,7 +48,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:67:55' ipmiIp: 192.168.5.175 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - controller - ha @@ -60,7 +60,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:5D:4C' ipmiIp: 192.168.5.176 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - compute - ceph-osd @@ -70,7 +70,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:63:31' ipmiIp: 192.168.5.177 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - compute - ceph-osd diff --git a/deploy/conf/hardware_environment/huawei-pod5/os-odl_l2-nofeature-ha.yml b/deploy/conf/hardware_environment/huawei-pod5/os-odl_l2-nofeature-ha.yml index 24e7f516..58c8edcb 100644 --- a/deploy/conf/hardware_environment/huawei-pod5/os-odl_l2-nofeature-ha.yml +++ b/deploy/conf/hardware_environment/huawei-pod5/os-odl_l2-nofeature-ha.yml @@ -21,7 +21,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:67:8B' ipmiIp: 192.168.5.173 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - controller - ha @@ -34,7 +34,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:5A:D0' ipmiIp: 192.168.5.174 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - controller - ha @@ -46,7 +46,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:67:55' ipmiIp: 192.168.5.175 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - controller - ha @@ -58,7 +58,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:5D:4C' ipmiIp: 192.168.5.176 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - compute - ceph-osd @@ -68,7 +68,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:63:31' ipmiIp: 192.168.5.177 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - compute - ceph-osd diff --git a/deploy/conf/hardware_environment/huawei-pod5/os-odl_l3-nofeature-ha.yml b/deploy/conf/hardware_environment/huawei-pod5/os-odl_l3-nofeature-ha.yml index 2b000e82..921fe81b 100644 --- a/deploy/conf/hardware_environment/huawei-pod5/os-odl_l3-nofeature-ha.yml +++ b/deploy/conf/hardware_environment/huawei-pod5/os-odl_l3-nofeature-ha.yml @@ -23,7 +23,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:67:8B' ipmiIp: 192.168.5.173 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - controller - ha @@ -36,7 +36,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:5A:D0' ipmiIp: 192.168.5.174 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - controller - ha @@ -48,7 +48,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:67:55' ipmiIp: 192.168.5.175 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - controller - ha @@ -60,7 +60,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:5D:4C' ipmiIp: 192.168.5.176 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - compute - ceph-osd @@ -70,7 +70,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:63:31' ipmiIp: 192.168.5.177 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - compute - ceph-osd diff --git a/deploy/conf/hardware_environment/huawei-pod5/os-onos-nofeature-ha.yml b/deploy/conf/hardware_environment/huawei-pod5/os-onos-nofeature-ha.yml index 70dd9d5d..59e94527 100644 --- a/deploy/conf/hardware_environment/huawei-pod5/os-onos-nofeature-ha.yml +++ b/deploy/conf/hardware_environment/huawei-pod5/os-onos-nofeature-ha.yml @@ -21,7 +21,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:67:8B' ipmiIp: 192.168.5.173 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - controller - ha @@ -34,7 +34,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:5A:D0' ipmiIp: 192.168.5.174 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - controller - ha @@ -46,7 +46,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:67:55' ipmiIp: 192.168.5.175 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - controller - ha @@ -58,7 +58,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:5D:4C' ipmiIp: 192.168.5.176 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - compute - ceph-osd @@ -68,7 +68,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:63:31' ipmiIp: 192.168.5.177 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - compute - ceph-osd diff --git a/deploy/conf/hardware_environment/huawei-pod5/os-onos-sfc-ha.yml b/deploy/conf/hardware_environment/huawei-pod5/os-onos-sfc-ha.yml index c47814c1..f81b9d21 100644 --- a/deploy/conf/hardware_environment/huawei-pod5/os-onos-sfc-ha.yml +++ b/deploy/conf/hardware_environment/huawei-pod5/os-onos-sfc-ha.yml @@ -23,7 +23,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:67:8B' ipmiIp: 192.168.5.173 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - controller - ha @@ -36,7 +36,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:5A:D0' ipmiIp: 192.168.5.174 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - controller - ha @@ -48,7 +48,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:67:55' ipmiIp: 192.168.5.175 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - controller - ha @@ -60,7 +60,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:5D:4C' ipmiIp: 192.168.5.176 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - compute - ceph-osd @@ -70,7 +70,7 @@ hosts: interfaces: - eth1: 'E0:97:96:10:63:31' ipmiIp: 192.168.5.177 - ipmiPass: Huawei12#$ + ipmiPass: Opnfv@pod5 roles: - compute - ceph-osd diff --git a/deploy/conf/hardware_environment/huawei-pod6/network.yml b/deploy/conf/hardware_environment/huawei-pod6/network.yml new file mode 100644 index 00000000..f6deed4b --- /dev/null +++ b/deploy/conf/hardware_environment/huawei-pod6/network.yml @@ -0,0 +1,100 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +--- +nic_mappings: [] +bond_mappings: [] + +provider_net_mappings: + - name: br-prv + network: physnet + interface: eth1 + type: ovs + role: + - controller + - compute + +sys_intf_mappings: + - name: mgmt + interface: eth1 + vlan_tag: 101 + type: vlan + role: + - controller + - compute + + - name: storage + interface: eth1 + vlan_tag: 102 + type: vlan + role: + - controller + - compute + + - name: external + interface: br-prv + type: ovs + role: + - controller + - compute + +ip_settings: + - name: mgmt + ip_ranges: + - - "172.16.1.1" + - "172.16.1.254" + cidr: "172.16.1.0/24" + role: + - controller + - compute + + - name: storage + ip_ranges: + - - "172.16.2.1" + - "172.16.2.254" + cidr: "172.16.2.0/24" + role: + - controller + - compute + + - name: external + ip_ranges: + - - "192.168.10.10" + - "192.168.10.50" + cidr: "192.168.10.0/24" + gw: "192.168.10.1" + role: + - controller + - compute + +internal_vip: + ip: 172.16.1.222 + netmask: "24" + interface: mgmt + +public_vip: + ip: 192.168.10.51 + netmask: "24" + interface: external + +onos_nic: eth2 +public_net_info: + enable: "True" + network: ext-net + type: flat + segment_id: 10 + subnet: ext-subnet + provider_network: physnet + router: router-ext + enable_dhcp: "False" + no_gateway: "False" + external_gw: "192.168.10.1" + floating_ip_cidr: "192.168.10.0/24" + floating_ip_start: "192.168.10.100" + floating_ip_end: "192.168.10.200" diff --git a/deploy/conf/hardware_environment/huawei-pod6/network_ocl.yml b/deploy/conf/hardware_environment/huawei-pod6/network_ocl.yml new file mode 100644 index 00000000..97c4e3c5 --- /dev/null +++ b/deploy/conf/hardware_environment/huawei-pod6/network_ocl.yml @@ -0,0 +1,100 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +--- +nic_mappings: [] +bond_mappings: [] + +provider_net_mappings: + - name: br-prv + network: physnet + interface: eth1 + type: ovs + role: + - controller + - compute + +sys_intf_mappings: + - name: mgmt + interface: eth1 + vlan_tag: 101 + type: vlan + role: + - controller + - compute + + - name: storage + interface: eth1 + vlan_tag: 102 + type: vlan + role: + - controller + - compute + + - name: external + interface: br-prv + type: ovs + role: + - controller + - compute + +ip_settings: + - name: mgmt + ip_ranges: + - - "172.16.1.1" + - "172.16.1.254" + cidr: "172.16.1.0/24" + role: + - controller + - compute + + - name: storage + ip_ranges: + - - "172.16.2.1" + - "172.16.2.254" + cidr: "172.16.2.0/24" + role: + - controller + - compute + + - name: external + ip_ranges: + - - "192.168.10.10" + - "192.168.10.50" + cidr: "192.168.10.0/24" + gw: "192.168.10.1" + role: + - controller + - compute + +internal_vip: + ip: 172.16.1.222 + netmask: "24" + interface: mgmt + +public_vip: + ip: 192.168.10.51 + netmask: "24" + interface: external + +onos_nic: eth2 +public_net_info: + enable: "True" + network: ext-net + type: flat + segment_id: 10 + subnet: ext-subnet + provider_network: physnet + router: router-ext + enable_dhcp: "False" + no_gateway: "False" + external_gw: "100.100.100.1" + floating_ip_cidr: "100.100.100.0/24" + floating_ip_start: "100.100.100.30" + floating_ip_end: "100.100.100.120" diff --git a/deploy/conf/hardware_environment/huawei-pod6/network_onos.yml b/deploy/conf/hardware_environment/huawei-pod6/network_onos.yml new file mode 100644 index 00000000..19fc95eb --- /dev/null +++ b/deploy/conf/hardware_environment/huawei-pod6/network_onos.yml @@ -0,0 +1,100 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +--- +nic_mappings: [] +bond_mappings: [] + +provider_net_mappings: + - name: br-prv + network: physnet + interface: eth1 + type: ovs + role: + - controller + - compute + +sys_intf_mappings: + - name: mgmt + interface: eth1 + vlan_tag: 101 + type: vlan + role: + - controller + - compute + + - name: storage + interface: eth1 + vlan_tag: 102 + type: vlan + role: + - controller + - compute + + - name: external + interface: br-prv + type: ovs + role: + - controller + - compute + +ip_settings: + - name: mgmt + ip_ranges: + - - "172.16.1.1" + - "172.16.1.254" + cidr: "172.16.1.0/24" + role: + - controller + - compute + + - name: storage + ip_ranges: + - - "172.16.2.1" + - "172.16.2.254" + cidr: "172.16.2.0/24" + role: + - controller + - compute + + - name: external + ip_ranges: + - - "192.168.10.10" + - "192.168.10.50" + cidr: "192.168.10.0/24" + gw: "192.168.10.1" + role: + - controller + - compute + +internal_vip: + ip: 172.16.1.222 + netmask: "24" + interface: mgmt + +public_vip: + ip: 192.168.10.51 + netmask: "24" + interface: external + +onos_nic: eth2 +public_net_info: + enable: "True" + network: ext-net + type: vxlan + segment_id: 10 + subnet: ext-subnet + provider_network: physnet + router: router-ext + enable_dhcp: "False" + no_gateway: "False" + external_gw: "192.168.10.1" + floating_ip_cidr: "192.168.10.0/24" + floating_ip_start: "192.168.10.100" + floating_ip_end: "192.168.10.200" diff --git a/deploy/conf/hardware_environment/huawei-pod6/network_openo.yml b/deploy/conf/hardware_environment/huawei-pod6/network_openo.yml new file mode 100644 index 00000000..6fc5bc45 --- /dev/null +++ b/deploy/conf/hardware_environment/huawei-pod6/network_openo.yml @@ -0,0 +1,105 @@ +############################################################################## +# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +--- +nic_mappings: [] +bond_mappings: [] + +provider_net_mappings: + - name: br-prv + network: physnet + interface: eth1 + type: ovs + role: + - controller + - compute + +sys_intf_mappings: + - name: mgmt + interface: eth1 + vlan_tag: 101 + type: vlan + role: + - controller + - compute + + - name: storage + interface: eth1 + vlan_tag: 102 + type: vlan + role: + - controller + - compute + + - name: external + interface: br-prv + type: ovs + role: + - controller + - compute + +ip_settings: + - name: mgmt + ip_ranges: + - - "172.16.1.1" + - "172.16.1.254" + cidr: "172.16.1.0/24" + role: + - controller + - compute + + - name: storage + ip_ranges: + - - "172.16.2.1" + - "172.16.2.254" + cidr: "172.16.2.0/24" + role: + - controller + - compute + + - name: external + ip_ranges: + - - "192.168.10.10" + - "192.168.10.50" + cidr: "192.168.10.0/24" + gw: "192.168.10.1" + role: + - controller + - compute + +internal_vip: + ip: 172.16.1.222 + netmask: "24" + interface: mgmt + +public_vip: + ip: 192.168.10.51 + netmask: "24" + interface: external + +openo_net: + openo_ip: 192.168.10.50 + openo_docker_gw: 172.11.1.1 + openo_docker_cidr: 172.11.1.0/24 + +onos_nic: eth2 +public_net_info: + enable: "True" + network: ext-net + type: flat + segment_id: 10 + subnet: ext-subnet + provider_network: physnet + router: router-ext + enable_dhcp: "False" + no_gateway: "False" + external_gw: "192.168.10.1" + floating_ip_cidr: "192.168.10.0/24" + floating_ip_start: "192.168.10.100" + floating_ip_end: "192.168.10.200" diff --git a/deploy/conf/hardware_environment/huawei-pod6/os-nosdn-nofeature-ha.yml b/deploy/conf/hardware_environment/huawei-pod6/os-nosdn-nofeature-ha.yml new file mode 100644 index 00000000..4e882227 --- /dev/null +++ b/deploy/conf/hardware_environment/huawei-pod6/os-nosdn-nofeature-ha.yml @@ -0,0 +1,71 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +--- +TYPE: baremetal +FLAVOR: cluster +POWER_TOOL: ipmitool + +ipmiUser: root +ipmiVer: '2.0' + +hosts: + - name: host1 + mac: 'F8:4A:BF:55:A2:8D' + interfaces: + - eth1: 'F8:4A:BF:55:A2:8E' + ipmiIp: 172.16.130.26 + ipmiPass: Opnfv@pod6 + roles: + - controller + - ha + - ceph-adm + - ceph-mon + + - name: host2 + mac: 'D8:49:0B:DA:5A:B7' + interfaces: + - eth1: 'D8:49:0B:DA:5A:B8' + ipmiIp: 172.16.130.27 + ipmiPass: Opnfv@pod6 + roles: + - controller + - ha + - ceph-mon + + - name: host3 + mac: '78:D7:52:A0:B1:99' + interfaces: + - eth1: '78:D7:52:A0:B1:9A' + ipmiIp: 172.16.130.29 + ipmiPass: Opnfv@pod6 + roles: + - controller + - ha + - ceph-mon + + - name: host4 + mac: 'D8:49:0B:DA:5B:5D' + interfaces: + - eth1: 'D8:49:0B:DA:5B:5E' + ipmiIp: 172.16.130.30 + ipmiPass: Opnfv@pod6 + roles: + - compute + - ceph-osd + + - name: host5 + mac: 'D8:49:0B:DA:56:85' + interfaces: + - eth1: 'D8:49:0B:DA:56:86' + ipmiIp: 172.16.130.31 + ipmiPass: Opnfv@pod6 + roles: + - compute + - ceph-osd diff --git a/deploy/conf/hardware_environment/huawei-pod6/os-nosdn-openo-ha.yml b/deploy/conf/hardware_environment/huawei-pod6/os-nosdn-openo-ha.yml new file mode 100644 index 00000000..715bb131 --- /dev/null +++ b/deploy/conf/hardware_environment/huawei-pod6/os-nosdn-openo-ha.yml @@ -0,0 +1,79 @@ +############################################################################## +# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +--- +TYPE: baremetal +FLAVOR: cluster +POWER_TOOL: ipmitool + +ipmiUser: root +ipmiVer: '2.0' + +deploy_options: + orchestrator: + type: open-o + version: 1.0.0 + + vnf: + type: + +hosts: + - name: host1 + mac: 'F8:4A:BF:55:A2:8D' + interfaces: + - eth1: 'F8:4A:BF:55:A2:8E' + ipmiIp: 172.16.130.26 + ipmiPass: Opnfv@pod6 + roles: + - controller + - ha + - ceph-adm + - ceph-mon + + - name: host2 + mac: 'D8:49:0B:DA:5A:B7' + interfaces: + - eth1: 'D8:49:0B:DA:5A:B8' + ipmiIp: 172.16.130.27 + ipmiPass: Opnfv@pod6 + roles: + - controller + - ha + - ceph-mon + + - name: host3 + mac: '78:D7:52:A0:B1:99' + interfaces: + - eth1: '78:D7:52:A0:B1:9A' + ipmiIp: 172.16.130.29 + ipmiPass: Opnfv@pod6 + roles: + - controller + - ha + - ceph-mon + + - name: host4 + mac: 'D8:49:0B:DA:5B:5D' + interfaces: + - eth1: 'D8:49:0B:DA:5B:5E' + ipmiIp: 172.16.130.30 + ipmiPass: Opnfv@pod6 + roles: + - compute + - ceph-osd + + - name: host5 + mac: 'D8:49:0B:DA:56:85' + interfaces: + - eth1: 'D8:49:0B:DA:56:86' + ipmiIp: 172.16.130.31 + ipmiPass: Opnfv@pod6 + roles: + - compute + - ceph-osd diff --git a/deploy/conf/hardware_environment/huawei-pod6/os-ocl-nofeature-ha.yml b/deploy/conf/hardware_environment/huawei-pod6/os-ocl-nofeature-ha.yml new file mode 100644 index 00000000..d0faeeda --- /dev/null +++ b/deploy/conf/hardware_environment/huawei-pod6/os-ocl-nofeature-ha.yml @@ -0,0 +1,70 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +--- +TYPE: baremetal +FLAVOR: cluster +POWER_TOOL: ipmitool + +ipmiUser: root +ipmiVer: '2.0' + +hosts: + - name: host1 + mac: 'F8:4A:BF:55:A2:8D' + interfaces: + - eth1: 'F8:4A:BF:55:A2:8E' + ipmiIp: 172.16.130.26 + ipmiPass: Opnfv@pod6 + roles: + - controller + - ha + - opencontrail + - ceph-adm + - ceph-mon + + - name: host2 + mac: 'D8:49:0B:DA:5A:B7' + interfaces: + - eth1: 'D8:49:0B:DA:5A:B8' + ipmiIp: 172.16.130.27 + ipmiPass: Opnfv@pod6 + roles: + - compute + - ceph-osd + + - name: host3 + mac: '78:D7:52:A0:B1:99' + interfaces: + - eth1: '78:D7:52:A0:B1:9A' + ipmiIp: 172.16.130.29 + ipmiPass: Opnfv@pod6 + roles: + - compute + - ceph-osd + + - name: host4 + mac: 'D8:49:0B:DA:5B:5D' + interfaces: + - eth1: 'D8:49:0B:DA:5B:5E' + ipmiIp: 172.16.130.30 + ipmiPass: Opnfv@pod6 + roles: + - compute + - ceph-osd + + - name: host5 + mac: 'D8:49:0B:DA:56:85' + interfaces: + - eth1: 'D8:49:0B:DA:56:86' + ipmiIp: 172.16.130.31 + ipmiPass: Opnfv@pod6 + roles: + - compute + - ceph-osd diff --git a/deploy/conf/hardware_environment/huawei-pod6/os-odl_l2-moon-ha.yml b/deploy/conf/hardware_environment/huawei-pod6/os-odl_l2-moon-ha.yml new file mode 100644 index 00000000..005e29c6 --- /dev/null +++ b/deploy/conf/hardware_environment/huawei-pod6/os-odl_l2-moon-ha.yml @@ -0,0 +1,76 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +--- +TYPE: baremetal +FLAVOR: cluster +POWER_TOOL: ipmitool + +ipmiUser: root +ipmiVer: '2.0' + +moon: "Enable" + +hosts: + - name: host1 + mac: 'F8:4A:BF:55:A2:8D' + interfaces: + - eth1: 'F8:4A:BF:55:A2:8E' + ipmiIp: 172.16.130.26 + ipmiPass: Opnfv@pod6 + roles: + - controller + - ha + - odl + - ceph-adm + - ceph-mon + + - name: host2 + mac: 'D8:49:0B:DA:5A:B7' + interfaces: + - eth1: 'D8:49:0B:DA:5A:B8' + ipmiIp: 172.16.130.27 + ipmiPass: Opnfv@pod6 + roles: + - controller + - ha + - odl + - ceph-mon + + - name: host3 + mac: '78:D7:52:A0:B1:99' + interfaces: + - eth1: '78:D7:52:A0:B1:9A' + ipmiIp: 172.16.130.29 + ipmiPass: Opnfv@pod6 + roles: + - controller + - ha + - odl + - ceph-mon + + - name: host4 + mac: 'D8:49:0B:DA:5B:5D' + interfaces: + - eth1: 'D8:49:0B:DA:5B:5E' + ipmiIp: 172.16.130.30 + ipmiPass: Opnfv@pod6 + roles: + - compute + - ceph-osd + + - name: host5 + mac: 'D8:49:0B:DA:56:85' + interfaces: + - eth1: 'D8:49:0B:DA:56:86' + ipmiIp: 172.16.130.31 + ipmiPass: Opnfv@pod6 + roles: + - compute + - ceph-osd diff --git a/deploy/conf/hardware_environment/huawei-pod6/os-odl_l2-nofeature-ha.yml b/deploy/conf/hardware_environment/huawei-pod6/os-odl_l2-nofeature-ha.yml new file mode 100644 index 00000000..bba97fdd --- /dev/null +++ b/deploy/conf/hardware_environment/huawei-pod6/os-odl_l2-nofeature-ha.yml @@ -0,0 +1,74 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +--- +TYPE: baremetal +FLAVOR: cluster +POWER_TOOL: ipmitool + +ipmiUser: root +ipmiVer: '2.0' + +hosts: + - name: host1 + mac: 'F8:4A:BF:55:A2:8D' + interfaces: + - eth1: 'F8:4A:BF:55:A2:8E' + ipmiIp: 172.16.130.26 + ipmiPass: Opnfv@pod6 + roles: + - controller + - ha + - odl + - ceph-adm + - ceph-mon + + - name: host2 + mac: 'D8:49:0B:DA:5A:B7' + interfaces: + - eth1: 'D8:49:0B:DA:5A:B8' + ipmiIp: 172.16.130.27 + ipmiPass: Opnfv@pod6 + roles: + - controller + - ha + - odl + - ceph-mon + + - name: host3 + mac: '78:D7:52:A0:B1:99' + interfaces: + - eth1: '78:D7:52:A0:B1:9A' + ipmiIp: 172.16.130.29 + ipmiPass: Opnfv@pod6 + roles: + - controller + - ha + - odl + - ceph-mon + + - name: host4 + mac: 'D8:49:0B:DA:5B:5D' + interfaces: + - eth1: 'D8:49:0B:DA:5B:5E' + ipmiIp: 172.16.130.30 + ipmiPass: Opnfv@pod6 + roles: + - compute + - ceph-osd + + - name: host5 + mac: 'D8:49:0B:DA:56:85' + interfaces: + - eth1: 'D8:49:0B:DA:56:86' + ipmiIp: 172.16.130.31 + ipmiPass: Opnfv@pod6 + roles: + - compute + - ceph-osd diff --git a/deploy/conf/hardware_environment/huawei-pod6/os-odl_l3-nofeature-ha.yml b/deploy/conf/hardware_environment/huawei-pod6/os-odl_l3-nofeature-ha.yml new file mode 100644 index 00000000..8710d420 --- /dev/null +++ b/deploy/conf/hardware_environment/huawei-pod6/os-odl_l3-nofeature-ha.yml @@ -0,0 +1,76 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +--- +TYPE: baremetal +FLAVOR: cluster +POWER_TOOL: ipmitool + +ipmiUser: root +ipmiVer: '2.0' + +odl_l3_agent: "Enable" + +hosts: + - name: host1 + mac: 'F8:4A:BF:55:A2:8D' + interfaces: + - eth1: 'F8:4A:BF:55:A2:8E' + ipmiIp: 172.16.130.26 + ipmiPass: Opnfv@pod6 + roles: + - controller + - ha + - odl + - ceph-adm + - ceph-mon + + - name: host2 + mac: 'D8:49:0B:DA:5A:B7' + interfaces: + - eth1: 'D8:49:0B:DA:5A:B8' + ipmiIp: 172.16.130.27 + ipmiPass: Opnfv@pod6 + roles: + - controller + - ha + - odl + - ceph-mon + + - name: host3 + mac: '78:D7:52:A0:B1:99' + interfaces: + - eth1: '78:D7:52:A0:B1:9A' + ipmiIp: 172.16.130.29 + ipmiPass: Opnfv@pod6 + roles: + - controller + - ha + - odl + - ceph-mon + + - name: host4 + mac: 'D8:49:0B:DA:5B:5D' + interfaces: + - eth1: 'D8:49:0B:DA:5B:5E' + ipmiIp: 172.16.130.30 + ipmiPass: Opnfv@pod6 + roles: + - compute + - ceph-osd + + - name: host5 + mac: 'D8:49:0B:DA:56:85' + interfaces: + - eth1: 'D8:49:0B:DA:56:86' + ipmiIp: 172.16.130.31 + ipmiPass: Opnfv@pod6 + roles: + - compute + - ceph-osd diff --git a/deploy/conf/hardware_environment/huawei-pod6/os-onos-nofeature-ha.yml b/deploy/conf/hardware_environment/huawei-pod6/os-onos-nofeature-ha.yml new file mode 100644 index 00000000..7b318d63 --- /dev/null +++ b/deploy/conf/hardware_environment/huawei-pod6/os-onos-nofeature-ha.yml @@ -0,0 +1,74 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +--- +TYPE: baremetal +FLAVOR: cluster +POWER_TOOL: ipmitool + +ipmiUser: root +ipmiVer: '2.0' + +hosts: + - name: host1 + mac: 'F8:4A:BF:55:A2:8D' + interfaces: + - eth1: 'F8:4A:BF:55:A2:8E' + ipmiIp: 172.16.130.26 + ipmiPass: Opnfv@pod6 + roles: + - controller + - ha + - onos + - ceph-adm + - ceph-mon + + - name: host2 + mac: 'D8:49:0B:DA:5A:B7' + interfaces: + - eth1: 'D8:49:0B:DA:5A:B8' + ipmiIp: 172.16.130.27 + ipmiPass: Opnfv@pod6 + roles: + - controller + - ha + - onos + - ceph-mon + + - name: host3 + mac: '78:D7:52:A0:B1:99' + interfaces: + - eth1: '78:D7:52:A0:B1:9A' + ipmiIp: 172.16.130.29 + ipmiPass: Opnfv@pod6 + roles: + - controller + - ha + - onos + - ceph-mon + + - name: host4 + mac: 'D8:49:0B:DA:5B:5D' + interfaces: + - eth1: 'D8:49:0B:DA:5B:5E' + ipmiIp: 172.16.130.30 + ipmiPass: Opnfv@pod6 + roles: + - compute + - ceph-osd + + - name: host5 + mac: 'D8:49:0B:DA:56:85' + interfaces: + - eth1: 'D8:49:0B:DA:56:86' + ipmiIp: 172.16.130.31 + ipmiPass: Opnfv@pod6 + roles: + - compute + - ceph-osd diff --git a/deploy/conf/hardware_environment/huawei-pod6/os-onos-sfc-ha.yml b/deploy/conf/hardware_environment/huawei-pod6/os-onos-sfc-ha.yml new file mode 100644 index 00000000..9908ec84 --- /dev/null +++ b/deploy/conf/hardware_environment/huawei-pod6/os-onos-sfc-ha.yml @@ -0,0 +1,76 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +--- +TYPE: baremetal +FLAVOR: cluster +POWER_TOOL: ipmitool + +ipmiUser: root +ipmiVer: '2.0' + +onos_sfc: "Enable" + +hosts: + - name: host1 + mac: 'F8:4A:BF:55:A2:8D' + interfaces: + - eth1: 'F8:4A:BF:55:A2:8E' + ipmiIp: 172.16.130.26 + ipmiPass: Opnfv@pod6 + roles: + - controller + - ha + - onos + - ceph-adm + - ceph-mon + + - name: host2 + mac: 'D8:49:0B:DA:5A:B7' + interfaces: + - eth1: 'D8:49:0B:DA:5A:B8' + ipmiIp: 172.16.130.27 + ipmiPass: Opnfv@pod6 + roles: + - controller + - ha + - onos + - ceph-mon + + - name: host3 + mac: '78:D7:52:A0:B1:99' + interfaces: + - eth1: '78:D7:52:A0:B1:9A' + ipmiIp: 172.16.130.29 + ipmiPass: Opnfv@pod6 + roles: + - controller + - ha + - onos + - ceph-mon + + - name: host4 + mac: 'D8:49:0B:DA:5B:5D' + interfaces: + - eth1: 'D8:49:0B:DA:5B:5E' + ipmiIp: 172.16.130.30 + ipmiPass: Opnfv@pod6 + roles: + - compute + - ceph-osd + + - name: host5 + mac: 'D8:49:0B:DA:56:85' + interfaces: + - eth1: 'D8:49:0B:DA:56:86' + ipmiIp: 172.16.130.31 + ipmiPass: Opnfv@pod6 + roles: + - compute + - ceph-osd diff --git a/deploy/conf/virtual.conf b/deploy/conf/virtual.conf index 7f4fcf02..1e9034f3 100644 --- a/deploy/conf/virtual.conf +++ b/deploy/conf/virtual.conf @@ -1,9 +1,9 @@ export VIRT_NUMBER=${VIRT_NUMBER:-5} -export VIRT_CPUS=${VIRT_CPU:-4} +export VIRT_CPUS=${VIRT_CPUS:-8} export VIRT_MEM=${VIRT_MEM:-16384} export VIRT_DISK=${VIRT_DISK:-200G} export SWITCH_IPS="1.1.1.1" export SWITCH_CREDENTIAL="version=2c,community=public" -export DEPLOYMENT_TIMEOUT="150" +export DEPLOYMENT_TIMEOUT="300" export POLL_SWITCHES_FLAG="nopoll_switches" diff --git a/deploy/conf/vm_environment/huawei-virtual1/network.yml b/deploy/conf/vm_environment/huawei-virtual1/network.yml index 5c2b0257..ab485a8d 100644 --- a/deploy/conf/vm_environment/huawei-virtual1/network.yml +++ b/deploy/conf/vm_environment/huawei-virtual1/network.yml @@ -65,10 +65,10 @@ ip_settings: - name: external ip_ranges: - - - "192.168.107.210" - - "192.168.107.220" - cidr: "192.168.107.0/24" - gw: "192.168.107.1" + - - "192.16.1.210" + - "192.16.1.220" + cidr: "192.16.1.0/24" + gw: "192.16.1.1" role: - controller - compute @@ -79,7 +79,7 @@ internal_vip: interface: mgmt public_vip: - ip: 192.168.107.222 + ip: 192.16.1.222 netmask: "24" interface: external @@ -94,7 +94,7 @@ public_net_info: router: router-ext enable_dhcp: "False" no_gateway: "False" - external_gw: "192.168.107.1" - floating_ip_cidr: "192.168.107.0/24" - floating_ip_start: "192.168.107.101" - floating_ip_end: "192.168.107.199" + external_gw: "192.16.1.1" + floating_ip_cidr: "192.16.1.0/24" + floating_ip_start: "192.16.1.101" + floating_ip_end: "192.16.1.199" diff --git a/deploy/conf/vm_environment/huawei-virtual1/network_openo.yml b/deploy/conf/vm_environment/huawei-virtual1/network_openo.yml index a31c2990..e0663439 100644 --- a/deploy/conf/vm_environment/huawei-virtual1/network_openo.yml +++ b/deploy/conf/vm_environment/huawei-virtual1/network_openo.yml @@ -65,10 +65,10 @@ ip_settings: - name: external ip_ranges: - - - "192.168.107.210" - - "192.168.107.220" - cidr: "192.168.107.0/24" - gw: "192.168.107.1" + - - "192.16.1.210" + - "192.16.1.220" + cidr: "192.16.1.0/24" + gw: "192.16.1.1" role: - controller - compute @@ -79,12 +79,12 @@ internal_vip: interface: mgmt public_vip: - ip: 192.168.107.222 + ip: 192.16.1.222 netmask: "24" interface: external openo_net: - openo_ip: 192.168.107.50 + openo_ip: 192.16.1.50 openo_docker_gw: 172.11.1.1 openo_docker_cidr: 172.11.1.0/24 @@ -99,7 +99,7 @@ public_net_info: router: router-ext enable_dhcp: "False" no_gateway: "False" - external_gw: "192.168.107.1" - floating_ip_cidr: "192.168.107.0/24" - floating_ip_start: "192.168.107.101" - floating_ip_end: "192.168.107.199" + external_gw: "192.16.1.1" + floating_ip_cidr: "192.16.1.0/24" + floating_ip_start: "192.16.1.101" + floating_ip_end: "192.16.1.199" diff --git a/deploy/conf/vm_environment/huawei-virtual2/network.yml b/deploy/conf/vm_environment/huawei-virtual2/network.yml index b869dd45..ab485a8d 100644 --- a/deploy/conf/vm_environment/huawei-virtual2/network.yml +++ b/deploy/conf/vm_environment/huawei-virtual2/network.yml @@ -65,10 +65,10 @@ ip_settings: - name: external ip_ranges: - - - "192.168.106.210" - - "192.168.106.220" - cidr: "192.168.106.0/24" - gw: "192.168.106.1" + - - "192.16.1.210" + - "192.16.1.220" + cidr: "192.16.1.0/24" + gw: "192.16.1.1" role: - controller - compute @@ -79,7 +79,7 @@ internal_vip: interface: mgmt public_vip: - ip: 192.168.106.222 + ip: 192.16.1.222 netmask: "24" interface: external @@ -94,7 +94,7 @@ public_net_info: router: router-ext enable_dhcp: "False" no_gateway: "False" - external_gw: "192.168.106.1" - floating_ip_cidr: "192.168.106.0/24" - floating_ip_start: "192.168.106.101" - floating_ip_end: "192.168.106.199" + external_gw: "192.16.1.1" + floating_ip_cidr: "192.16.1.0/24" + floating_ip_start: "192.16.1.101" + floating_ip_end: "192.16.1.199" diff --git a/deploy/conf/vm_environment/huawei-virtual2/network_openo.yml b/deploy/conf/vm_environment/huawei-virtual2/network_openo.yml index 98b3a83d..e0663439 100644 --- a/deploy/conf/vm_environment/huawei-virtual2/network_openo.yml +++ b/deploy/conf/vm_environment/huawei-virtual2/network_openo.yml @@ -65,10 +65,10 @@ ip_settings: - name: external ip_ranges: - - - "192.168.106.210" - - "192.168.106.220" - cidr: "192.168.106.0/24" - gw: "192.168.106.1" + - - "192.16.1.210" + - "192.16.1.220" + cidr: "192.16.1.0/24" + gw: "192.16.1.1" role: - controller - compute @@ -79,12 +79,12 @@ internal_vip: interface: mgmt public_vip: - ip: 192.168.106.222 + ip: 192.16.1.222 netmask: "24" interface: external openo_net: - openo_ip: 192.168.106.50 + openo_ip: 192.16.1.50 openo_docker_gw: 172.11.1.1 openo_docker_cidr: 172.11.1.0/24 @@ -99,7 +99,7 @@ public_net_info: router: router-ext enable_dhcp: "False" no_gateway: "False" - external_gw: "192.168.106.1" - floating_ip_cidr: "192.168.106.0/24" - floating_ip_start: "192.168.106.101" - floating_ip_end: "192.168.106.199" + external_gw: "192.16.1.1" + floating_ip_cidr: "192.16.1.0/24" + floating_ip_start: "192.16.1.101" + floating_ip_end: "192.16.1.199" diff --git a/deploy/conf/vm_environment/huawei-virtual5/network.yml b/deploy/conf/vm_environment/huawei-virtual5/network.yml new file mode 100644 index 00000000..ab485a8d --- /dev/null +++ b/deploy/conf/vm_environment/huawei-virtual5/network.yml @@ -0,0 +1,100 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +--- +nic_mappings: [] +bond_mappings: [] + +provider_net_mappings: + - name: br-prv + network: physnet + interface: eth1 + type: ovs + role: + - controller + - compute + +sys_intf_mappings: + - name: mgmt + interface: eth1 + vlan_tag: 101 + type: vlan + role: + - controller + - compute + + - name: storage + interface: eth1 + vlan_tag: 102 + type: vlan + role: + - controller + - compute + + - name: external + interface: br-prv + type: ovs + role: + - controller + - compute + +ip_settings: + - name: mgmt + ip_ranges: + - - "172.16.1.1" + - "172.16.1.254" + cidr: "172.16.1.0/24" + role: + - controller + - compute + + - name: storage + ip_ranges: + - - "172.16.2.1" + - "172.16.2.254" + cidr: "172.16.2.0/24" + role: + - controller + - compute + + - name: external + ip_ranges: + - - "192.16.1.210" + - "192.16.1.220" + cidr: "192.16.1.0/24" + gw: "192.16.1.1" + role: + - controller + - compute + +internal_vip: + ip: 172.16.1.222 + netmask: "24" + interface: mgmt + +public_vip: + ip: 192.16.1.222 + netmask: "24" + interface: external + +onos_nic: eth2 +public_net_info: + enable: "True" + network: ext-net + type: flat + segment_id: 1000 + subnet: ext-subnet + provider_network: physnet + router: router-ext + enable_dhcp: "False" + no_gateway: "False" + external_gw: "192.16.1.1" + floating_ip_cidr: "192.16.1.0/24" + floating_ip_start: "192.16.1.101" + floating_ip_end: "192.16.1.199" diff --git a/deploy/conf/vm_environment/huawei-virtual5/network_ocl.yml b/deploy/conf/vm_environment/huawei-virtual5/network_ocl.yml new file mode 100644 index 00000000..b5a57103 --- /dev/null +++ b/deploy/conf/vm_environment/huawei-virtual5/network_ocl.yml @@ -0,0 +1,100 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +--- +nic_mappings: [] +bond_mappings: [] + +provider_net_mappings: + - name: br-prv + network: physnet + interface: eth1 + type: ovs + role: + - controller + - compute + +sys_intf_mappings: + - name: mgmt + interface: eth1 + vlan_tag: 101 + type: vlan + role: + - controller + - compute + + - name: storage + interface: eth1 + vlan_tag: 102 + type: vlan + role: + - controller + - compute + + - name: external + interface: br-prv + type: ovs + role: + - controller + - compute + +ip_settings: + - name: mgmt + ip_ranges: + - - "172.16.1.1" + - "172.16.1.254" + cidr: "172.16.1.0/24" + role: + - controller + - compute + + - name: storage + ip_ranges: + - - "172.16.2.1" + - "172.16.2.254" + cidr: "172.16.2.0/24" + role: + - controller + - compute + + - name: external + ip_ranges: + - - "192.168.107.210" + - "192.168.107.220" + cidr: "192.168.107.0/24" + gw: "192.168.107.1" + role: + - controller + - compute + +internal_vip: + ip: 172.16.1.222 + netmask: "24" + interface: mgmt + +public_vip: + ip: 192.168.107.222 + netmask: "24" + interface: external + +onos_nic: eth2 +public_net_info: + enable: "True" + network: ext-net + type: flat + segment_id: 1000 + subnet: ext-subnet + provider_network: physnet + router: router-ext + enable_dhcp: "False" + no_gateway: "False" + external_gw: "100.100.100.1" + floating_ip_cidr: "100.100.100.0/24" + floating_ip_start: "100.100.100.30" + floating_ip_end: "100.100.100.120" diff --git a/deploy/conf/vm_environment/huawei-virtual5/network_onos.yml b/deploy/conf/vm_environment/huawei-virtual5/network_onos.yml new file mode 100644 index 00000000..ce5353eb --- /dev/null +++ b/deploy/conf/vm_environment/huawei-virtual5/network_onos.yml @@ -0,0 +1,100 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +--- +nic_mappings: [] +bond_mappings: [] + +provider_net_mappings: + - name: br-prv + network: physnet + interface: eth1 + type: ovs + role: + - controller + - compute + +sys_intf_mappings: + - name: mgmt + interface: eth1 + vlan_tag: 101 + type: vlan + role: + - controller + - compute + + - name: storage + interface: eth1 + vlan_tag: 102 + type: vlan + role: + - controller + - compute + + - name: external + interface: br-prv + type: ovs + role: + - controller + - compute + +ip_settings: + - name: mgmt + ip_ranges: + - - "172.16.1.1" + - "172.16.1.254" + cidr: "172.16.1.0/24" + role: + - controller + - compute + + - name: storage + ip_ranges: + - - "172.16.2.1" + - "172.16.2.254" + cidr: "172.16.2.0/24" + role: + - controller + - compute + + - name: external + ip_ranges: + - - "192.168.107.210" + - "192.168.107.220" + cidr: "192.168.107.0/24" + gw: "192.168.107.1" + role: + - controller + - compute + +internal_vip: + ip: 172.16.1.222 + netmask: "24" + interface: mgmt + +public_vip: + ip: 192.168.107.222 + netmask: "24" + interface: external + +onos_nic: eth2 +public_net_info: + enable: "True" + network: ext-net + type: vxlan + segment_id: 1000 + subnet: ext-subnet + provider_network: physnet + router: router-ext + enable_dhcp: "False" + no_gateway: "False" + external_gw: "192.168.107.1" + floating_ip_cidr: "192.168.107.0/24" + floating_ip_start: "192.168.107.101" + floating_ip_end: "192.168.107.199" diff --git a/deploy/conf/vm_environment/huawei-virtual5/network_openo.yml b/deploy/conf/vm_environment/huawei-virtual5/network_openo.yml new file mode 100644 index 00000000..e0663439 --- /dev/null +++ b/deploy/conf/vm_environment/huawei-virtual5/network_openo.yml @@ -0,0 +1,105 @@ +############################################################################## +# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +--- +nic_mappings: [] +bond_mappings: [] + +provider_net_mappings: + - name: br-prv + network: physnet + interface: eth1 + type: ovs + role: + - controller + - compute + +sys_intf_mappings: + - name: mgmt + interface: eth1 + vlan_tag: 101 + type: vlan + role: + - controller + - compute + + - name: storage + interface: eth1 + vlan_tag: 102 + type: vlan + role: + - controller + - compute + + - name: external + interface: br-prv + type: ovs + role: + - controller + - compute + +ip_settings: + - name: mgmt + ip_ranges: + - - "172.16.1.1" + - "172.16.1.254" + cidr: "172.16.1.0/24" + role: + - controller + - compute + + - name: storage + ip_ranges: + - - "172.16.2.1" + - "172.16.2.254" + cidr: "172.16.2.0/24" + role: + - controller + - compute + + - name: external + ip_ranges: + - - "192.16.1.210" + - "192.16.1.220" + cidr: "192.16.1.0/24" + gw: "192.16.1.1" + role: + - controller + - compute + +internal_vip: + ip: 172.16.1.222 + netmask: "24" + interface: mgmt + +public_vip: + ip: 192.16.1.222 + netmask: "24" + interface: external + +openo_net: + openo_ip: 192.16.1.50 + openo_docker_gw: 172.11.1.1 + openo_docker_cidr: 172.11.1.0/24 + +onos_nic: eth2 +public_net_info: + enable: "True" + network: ext-net + type: flat + segment_id: 1000 + subnet: ext-subnet + provider_network: physnet + router: router-ext + enable_dhcp: "False" + no_gateway: "False" + external_gw: "192.16.1.1" + floating_ip_cidr: "192.16.1.0/24" + floating_ip_start: "192.16.1.101" + floating_ip_end: "192.16.1.199" diff --git a/deploy/conf/vm_environment/network.yml b/deploy/conf/vm_environment/network.yml new file mode 100644 index 00000000..ab485a8d --- /dev/null +++ b/deploy/conf/vm_environment/network.yml @@ -0,0 +1,100 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +--- +nic_mappings: [] +bond_mappings: [] + +provider_net_mappings: + - name: br-prv + network: physnet + interface: eth1 + type: ovs + role: + - controller + - compute + +sys_intf_mappings: + - name: mgmt + interface: eth1 + vlan_tag: 101 + type: vlan + role: + - controller + - compute + + - name: storage + interface: eth1 + vlan_tag: 102 + type: vlan + role: + - controller + - compute + + - name: external + interface: br-prv + type: ovs + role: + - controller + - compute + +ip_settings: + - name: mgmt + ip_ranges: + - - "172.16.1.1" + - "172.16.1.254" + cidr: "172.16.1.0/24" + role: + - controller + - compute + + - name: storage + ip_ranges: + - - "172.16.2.1" + - "172.16.2.254" + cidr: "172.16.2.0/24" + role: + - controller + - compute + + - name: external + ip_ranges: + - - "192.16.1.210" + - "192.16.1.220" + cidr: "192.16.1.0/24" + gw: "192.16.1.1" + role: + - controller + - compute + +internal_vip: + ip: 172.16.1.222 + netmask: "24" + interface: mgmt + +public_vip: + ip: 192.16.1.222 + netmask: "24" + interface: external + +onos_nic: eth2 +public_net_info: + enable: "True" + network: ext-net + type: flat + segment_id: 1000 + subnet: ext-subnet + provider_network: physnet + router: router-ext + enable_dhcp: "False" + no_gateway: "False" + external_gw: "192.16.1.1" + floating_ip_cidr: "192.16.1.0/24" + floating_ip_start: "192.16.1.101" + floating_ip_end: "192.16.1.199" diff --git a/deploy/adapters/ansible/roles/neutron-network/vars/RedHat.yml b/deploy/conf/vm_environment/os-nosdn-kvm-ha.yml index 1d0243a4..fd2ede2f 100644 --- a/deploy/adapters/ansible/roles/neutron-network/vars/RedHat.yml +++ b/deploy/conf/vm_environment/os-nosdn-kvm-ha.yml @@ -6,23 +6,40 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## + --- -packages: - - openstack-neutron-ml2 - - openstack-neutron-openvswitch +TYPE: virtual +FLAVOR: cluster + +plugins: + - rt_kvm: "Enable" -vpn_packages: - - openstack-neutron-vpn-agent - - strongswan +hosts: + - name: host1 + roles: + - controller + - ha + - ceph-adm + - ceph-mon -firewall_packages: - - openstack-neutron-fwaas + - name: host2 + roles: + - controller + - ha + - ceph-mon -services: - - openvswitch - - neutron-openvswitch-agent + - name: host3 + roles: + - controller + - ha + - ceph-mon -openvswitch_agent: neutron-openvswitch-agent + - name: host4 + roles: + - compute + - ceph-osd -xorp_packages: - - openssl098e + - name: host5 + roles: + - compute + - ceph-osd diff --git a/deploy/conf/vm_environment/os-odl-sfc-ha.yml b/deploy/conf/vm_environment/os-odl-sfc-ha.yml new file mode 100644 index 00000000..4673c58d --- /dev/null +++ b/deploy/conf/vm_environment/os-odl-sfc-ha.yml @@ -0,0 +1,50 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +--- +TYPE: virtual +FLAVOR: cluster + +odl_l3_agent: "Enable" +plugins: + - opendaylight: "Enable" + - odl_sfc: "Enable" + +hosts: + - name: host1 + roles: + - controller + - ha + - odl + - ceph-adm + - ceph-mon + + - name: host2 + roles: + - controller + - ha + - odl + - ceph-mon + + - name: host3 + roles: + - controller + - ha + - odl + - ceph-mon + + - name: host4 + roles: + - compute + - ceph-osd + + - name: host5 + roles: + - compute + - ceph-osd diff --git a/deploy/conf/vm_environment/os-odl_l2-moon-ha.yml b/deploy/conf/vm_environment/os-odl_l2-moon-ha.yml index ffb9fa14..5a02cbf7 100644 --- a/deploy/conf/vm_environment/os-odl_l2-moon-ha.yml +++ b/deploy/conf/vm_environment/os-odl_l2-moon-ha.yml @@ -11,7 +11,9 @@ TYPE: virtual FLAVOR: cluster -moon: "Enable" +plugins: + - opendaylight: "Enable" + - moon: "Enable" hosts: - name: host1 @@ -43,5 +45,4 @@ hosts: - name: host5 roles: - - compute - - ceph-osd + - moon diff --git a/deploy/conf/vm_environment/os-odl_l2-nofeature-ha.yml b/deploy/conf/vm_environment/os-odl_l2-nofeature-ha.yml index 042367e6..4296ffda 100644 --- a/deploy/conf/vm_environment/os-odl_l2-nofeature-ha.yml +++ b/deploy/conf/vm_environment/os-odl_l2-nofeature-ha.yml @@ -11,6 +11,9 @@ TYPE: virtual FLAVOR: cluster +plugins: + - opendaylight: "Enable" + hosts: - name: host1 roles: diff --git a/deploy/conf/vm_environment/os-odl_l3-nofeature-ha.yml b/deploy/conf/vm_environment/os-odl_l3-nofeature-ha.yml index 10a27ebd..fb530012 100644 --- a/deploy/conf/vm_environment/os-odl_l3-nofeature-ha.yml +++ b/deploy/conf/vm_environment/os-odl_l3-nofeature-ha.yml @@ -12,6 +12,8 @@ TYPE: virtual FLAVOR: cluster odl_l3_agent: "Enable" +plugins: + - opendaylight: "Enable" hosts: - name: host1 diff --git a/deploy/config_parse.py b/deploy/config_parse.py index c7546eeb..8a1ac54b 100644 --- a/deploy/config_parse.py +++ b/deploy/config_parse.py @@ -15,7 +15,7 @@ from Cheetah.Template import Template def init(file): with open(file) as fd: - return yaml.load(fd) + return yaml.safe_load(fd) def decorator(func): @@ -54,6 +54,12 @@ def export_dha_file(s, dha_file, conf_dir, ofile): env.update(s) if env.get('hosts', []): env.pop('hosts') + if 'plugins' in env: + plugin_list = [] + for item in env.get('plugins'): + plugin_str = ':'.join([item.keys()[0], item.values()[0]]) + plugin_list.append(plugin_str) + env.update({'plugins': ','.join(plugin_list)}) env.update({'TYPE': s.get('TYPE', "virtual")}) env.update({'FLAVOR': s.get('FLAVOR', "cluster")}) diff --git a/deploy/deploy_host.sh b/deploy/deploy_host.sh index 8c863045..aa90dca6 100755 --- a/deploy/deploy_host.sh +++ b/deploy/deploy_host.sh @@ -19,11 +19,6 @@ function add_bonding(){ function deploy_host(){ export AYNC_TIMEOUT=20 - ssh $ssh_args root@${MGMT_IP} mkdir -p /opt/compass/bin/ansible_callbacks - scp $ssh_args -r ${COMPASS_DIR}/deploy/status_callback.py root@${MGMT_IP}:/opt/compass/bin/ansible_callbacks/status_callback.py - scp $ssh_args -r ${COMPASS_DIR}/deploy/playbook_done.py root@${MGMT_IP}:/opt/compass/bin/ansible_callbacks/playbook_done.py - ssh $ssh_args root@${MGMT_IP} mkdir -p /opt/ansible-modules - scp $ssh_args -r ${COMPASS_DIR}/deploy/adapters/ansible/ansible_modules/* root@${MGMT_IP}:/opt/ansible-modules # avoid nodes reboot to fast, cobbler can not give response (sleep $AYNC_TIMEOUT; add_bonding; rename_nics; reboot_hosts) & @@ -52,7 +47,8 @@ function deploy_host(){ --deployment_timeout="${DEPLOYMENT_TIMEOUT}" --${POLL_SWITCHES_FLAG} --dashboard_url="${DASHBOARD_URL}" \ --cluster_vip="${VIP}" --network_cfg="$NETWORK" --neutron_cfg="$NEUTRON" \ --enable_secgroup="${ENABLE_SECGROUP}" --enable_fwaas="${ENABLE_FWAAS}" --expansion="${EXPANSION}" \ - --rsa_file="$rsa_file" --enable_vpnaas="${ENABLE_VPNAAS}" --odl_l3_agent="${odl_l3_agent}" --moon="${moon}" --onos_sfc="${onos_sfc}" + --rsa_file="$rsa_file" --enable_vpnaas="${ENABLE_VPNAAS}" --odl_l3_agent="${odl_l3_agent}" \ + --moon_cfg="${MOON_CFG}" --onos_sfc="${onos_sfc}" --plugins="$plugins" RET=$? sleep $((AYNC_TIMEOUT+5)) diff --git a/deploy/host_virtual.sh b/deploy/host_virtual.sh index 0a991f11..52f8a7b4 100755 --- a/deploy/host_virtual.sh +++ b/deploy/host_virtual.sh @@ -42,8 +42,8 @@ function launch_host_vms() { -e "s#REPLACE_IMAGE#$vm_dir/disk.img#g" \ -e "s/REPLACE_BOOT_MAC/${mac_array[i]}/g" \ -e "s/REPLACE_NET_INSTALL/install/g" \ - -e "s/REPLACE_NET_IAAS/external/g" \ - -e "s/REPLACE_NET_TENANT/external/g" \ + -e "s/REPLACE_NET_IAAS/external_nat/g" \ + -e "s/REPLACE_NET_TENANT/external_nat/g" \ $COMPASS_DIR/deploy/template/vm/host.xml\ > $vm_dir/libvirt.xml diff --git a/deploy/launch.sh b/deploy/launch.sh index 51094b29..8bba3403 100755 --- a/deploy/launch.sh +++ b/deploy/launch.sh @@ -84,15 +84,10 @@ else log_info "deploy host macs: $machines" fi - -if [[ -z "$REDEPLOY_HOST" || "$REDEPLOY_HOST" == "false" ]]; then +if [[ "$REDEPLOY_HOST" != "true" ]]; then if ! set_compass_machine; then log_error "set_compass_machine fail" fi - - # FIXME: refactor compass adapter and conf code, instead of doing - # hack conf injection. - inject_compass_conf fi if [[ "$DEPLOY_HOST" == "true" || $REDEPLOY_HOST == "true" ]]; then @@ -125,20 +120,10 @@ set +x figlet -ctf slant Installation Complete! echo "" -echo "+-----------------+----------+--------------------------------+" -echo "| Dashboard | Web | http://$public_vip/horizon |" -echo "| | Domain | default |" -echo "| | User | admin |" -echo "| | Password | console |" -echo "+-------------------------------------------------------------+" -echo "| Compass | IP | $MGMT_IP |" -echo "| Virtual Machine | User | root |" -echo "| | Password | root |" -echo "+-------------------------------------------------------------+" -echo "| Openrc Path | admin | /opt/admin-openrc.sh |" -echo "| | demo | /opt/demo-openrc.sh |" -echo "+-----------------+----------+--------------------------------+" -echo "NOTE: openrc file is in the controller nodes" +echo "+------------------------------------------------------------------+" +echo "| To Use OpenStack CLI and Access Horizon, Follow instructions in |" +echo "| https://wiki.opnfv.org/display/compass4nfv/Containerized+Compass |" +echo "+------------------------------------------------------------------+" echo "" if [[ ${DHA##*/} =~ "openo" ]]; then diff --git a/deploy/network.sh b/deploy/network.sh index 558d690c..e50f52a6 100755 --- a/deploy/network.sh +++ b/deploy/network.sh @@ -47,6 +47,7 @@ function save_network_info() ip_info=`ip addr show $external_nic|grep -Eo '[^ ]+ brd [^ ]+ '` if [ $br_exist -eq 0 ]; then if [ "$external_nic" != "br-external" ]; then + sudo ip link set br-external up sudo ovs-vsctl --may-exist add-port br-external $external_nic sudo ip addr flush $external_nic sudo ip addr add $ip_info dev br-external @@ -54,6 +55,7 @@ function save_network_info() fi else sudo ovs-vsctl add-br br-external + sudo ip link set br-external up sudo ovs-vsctl add-port br-external $external_nic sudo ip addr flush $external_nic sudo ip addr add $ip_info dev br-external @@ -73,9 +75,9 @@ function setup_bridge_external() sudo virsh net-destroy external sudo virsh net-undefine external - save_network_info + #save_network_info sed -e "s/REPLACE_NAME/external/g" \ - -e "s/REPLACE_OVS/br-external/g" \ + -e "s/REPLACE_OVS/br-external_nat/g" \ $COMPASS_DIR/deploy/template/network/bridge_ovs.xml \ > $WORK_DIR/network/external.xml @@ -123,6 +125,7 @@ function recover_nat_net() { function setup_virtual_net() { setup_nat_net install $INSTALL_GW $INSTALL_MASK + setup_nat_net external_nat $EXT_NAT_GW $EXT_NAT_MASK $EXT_NAT_IP_START $EXT_NAT_IP_END } function recover_virtual_net() { @@ -133,7 +136,8 @@ function setup_baremetal_net() { if [[ -z $INSTALL_NIC ]]; then exit 1 fi - setup_bridge_net install $INSTALL_NIC + sudo ifconfig $INSTALL_NIC up + sudo ifconfig $INSTALL_NIC $INSTALL_GW } function recover_baremetal_net() { @@ -149,7 +153,7 @@ function setup_network_boot_scripts() { sudo cat << EOF >> /usr/sbin/network_setup sleep 2 -save_network_info +#save_network_info clear_forward_rejct_rules EOF sudo chmod 755 /usr/sbin/network_setup @@ -161,13 +165,12 @@ EOF } function create_nets() { - setup_nat_net mgmt $MGMT_GW $MGMT_MASK $MGMT_IP_START $MGMT_IP_END # create install network setup_"$TYPE"_net # create external network - setup_bridge_external +# setup_bridge_external clear_forward_rejct_rules setup_network_boot_scripts diff --git a/deploy/opera_adapter.py b/deploy/opera_adapter.py index 137aba54..fbf1b662 100644 --- a/deploy/opera_adapter.py +++ b/deploy/opera_adapter.py @@ -18,7 +18,7 @@ import traceback def load_file(file): with open(file) as fd: try: - return yaml.load(fd) + return yaml.safe_load(fd) except: traceback.print_exc() return None diff --git a/deploy/playbook_done.py b/deploy/playbook_done.py index c0a81a40..24c8c55b 100644 --- a/deploy/playbook_done.py +++ b/deploy/playbook_done.py @@ -24,14 +24,14 @@ current_dir = os.path.dirname(os.path.realpath(__file__)) sys.path.append(current_dir + '/..') -import switch_virtualenv # noqa +# import switch_virtualenv # noqa from compass.apiclient.restful import Client # noqa: E402 from compass.utils import flags # noqa: E402 flags.add('compass_server', help='compass server url', - default='http://127.0.0.1/api') + default='http://compass-deck/api') flags.add('compass_user_email', help='compass user email', default='admin@huawei.com') @@ -105,9 +105,3 @@ class CallbackModule(CallbackBase): if failures or unreachable: return - - self._login(self.client) - - for host in hosts: - clusterhost_name = host + "." + cluster_name - self.client.clusterhost_ready(clusterhost_name) diff --git a/deploy/prepare.sh b/deploy/prepare.sh index b7e5bfa1..a620ac98 100755 --- a/deploy/prepare.sh +++ b/deploy/prepare.sh @@ -14,52 +14,56 @@ function print_logo() set +x; sleep 2; set -x } -function download_iso() +function install_docker() { - iso_name=`basename $ISO_URL` - rm -f $WORK_DIR/cache/"$iso_name.md5" - curl --connect-timeout 10 -o $WORK_DIR/cache/"$iso_name.md5" $ISO_URL.md5 - if [[ -f $WORK_DIR/cache/$iso_name ]]; then - local_md5=`md5sum $WORK_DIR/cache/$iso_name | cut -d ' ' -f 1` - repo_md5=`cat $WORK_DIR/cache/$iso_name.md5 | cut -d ' ' -f 1` - if [[ "$local_md5" == "$repo_md5" ]]; then - return - fi - fi + sudo apt-get install -y linux-image-extra-$(uname -r) linux-image-extra-virtual + sudo apt-get install -y apt-transport-https ca-certificates curl \ + software-properties-common + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - + sudo apt-key fingerprint 0EBFCD88 + sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ + $(lsb_release -cs) \ + stable" + sudo apt-get update + sudo apt-get install -y docker-ce + + sudo service docker start + sudo service docker restart +} - curl --connect-timeout 10 -o $WORK_DIR/cache/$iso_name $ISO_URL +function extract_tar() +{ + tar_name=`basename $TAR_URL` + rm -f $WORK_DIR/cache/$tar_name + curl --connect-timeout 10 -o $WORK_DIR/cache/$tar_name $TAR_URL + tar -zxf $WORK_DIR/cache/$tar_name -C $WORK_DIR/installer } function prepare_env() { - sed -i -e 's/^#user =.*/user = "root"/g' /etc/libvirt/qemu.conf - sed -i -e 's/^#group =.*/group = "root"/g' /etc/libvirt/qemu.conf + sudo sed -i -e 's/^#user =.*/user = "root"/g' /etc/libvirt/qemu.conf + sudo sed -i -e 's/^#group =.*/group = "root"/g' /etc/libvirt/qemu.conf sudo service libvirt-bin restart if sudo service openvswitch-switch status|grep stop; then sudo service openvswitch-switch start fi # prepare work dir - rm -rf $WORK_DIR/{installer,vm,network,iso} + sudo rm -rf $WORK_DIR/{installer,vm,network,iso,docker} mkdir -p $WORK_DIR/installer mkdir -p $WORK_DIR/vm mkdir -p $WORK_DIR/network mkdir -p $WORK_DIR/iso mkdir -p $WORK_DIR/cache + mkdir -p $WORK_DIR/docker - download_iso - - cp $WORK_DIR/cache/`basename $ISO_URL` $WORK_DIR/iso/centos.iso -f - - # copy compass - mkdir -p $WORK_DIR/mnt - sudo mount -o loop $WORK_DIR/iso/centos.iso $WORK_DIR/mnt - cp -rf $WORK_DIR/mnt/compass/compass-core $WORK_DIR/installer/ - cp -rf $WORK_DIR/mnt/compass/compass-install $WORK_DIR/installer/ - sudo umount $WORK_DIR/mnt - rm -rf $WORK_DIR/mnt + extract_tar chmod 755 $WORK_DIR -R + if [[ ! -d /etc/libvirt/hooks ]]; then + sudo mkdir -p /etc/libvirt/hooks + fi + sudo cp ${COMPASS_DIR}/deploy/qemu_hook.sh /etc/libvirt/hooks/qemu } @@ -72,12 +76,22 @@ function _prepare_python_env() { if [[ ! -z "$JHPKG_URL" ]]; then _pre_env_setup else - sudo apt-get update -y - sudo apt-get install -y --force-yes mkisofs bc curl ipmitool openvswitch-switch - sudo apt-get install -y --force-yes git python-dev python-pip figlet sshpass - sudo apt-get install -y --force-yes libxslt-dev libxml2-dev libvirt-dev build-essential qemu-utils qemu-kvm libvirt-bin virtinst libmysqld-dev - sudo apt-get install -y --force-yes libffi-dev libssl-dev - + if [[ ! -f /etc/redhat-release ]]; then + sudo apt-get update -y + sudo apt-get install -y --force-yes mkisofs bc curl ipmitool openvswitch-switch + sudo apt-get install -y --force-yes git python-dev python-pip figlet sshpass + sudo apt-get install -y --force-yes libxslt-dev libxml2-dev libvirt-dev build-essential qemu-utils qemu-kvm libvirt-bin virtinst libmysqld-dev + sudo apt-get install -y --force-yes libffi-dev libssl-dev + else + sudo yum install -y centos-release-openstack-ocata + sudo yum install -y epel-release + sudo yum install openvswitch -y --nogpgcheck + sudo yum install -y git python-devel python-pip figlet sshpass mkisofs bc curl ipmitool + sudo yum install -y libxslt-devel libxml2-devel libvirt-devel libmysqld-devel + sudo yum install -y qemu-kvm qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer + sudo yum install -y libffi libffi-devel openssl-devel + sudo yum groupinstall -y 'Development Tools' + fi fi fi @@ -88,15 +102,17 @@ function _prepare_python_env() { virtualenv $WORK_DIR/venv source $WORK_DIR/venv/bin/activate - pip install --upgrade cffi - pip install --upgrade MarkupSafe - pip install --upgrade pip - pip install --upgrade cheetah - pip install --upgrade pyyaml - pip install --upgrade requests - pip install --upgrade netaddr - pip install --upgrade oslo.config - pip install --upgrade ansible + pip install cffi==1.10.0 + pip install MarkupSafe==1.0 + pip install pip==9.0.1 + pip install cheetah==2.4.4 + pip install pyyaml==3.12 + pip install requests==2.18.1 + pip install netaddr==0.7.19 + pip install oslo.config==4.6.0 + pip install ansible==2.3.1.0 + # For sudo use + sudo pip install docker-compose==1.14.0 fi } @@ -148,11 +164,21 @@ EOF build-essential qemu-utils qemu-kvm libvirt-bin \ virtinst libmysqld-dev \ libssl-dev libffi-dev python-cffi + + sudo docker version >/dev/null 2>&1 + if [[ $? -ne 0 ]]; then + install_docker + fi + pid=$(ps -ef | grep SimpleHTTPServer | grep 9998 | awk '{print $2}') echo $pid kill -9 $pid - sudo cp ${COMPASS_DIR}/deploy/qemu_hook.sh /etc/libvirt/hooks/qemu + if [[ ! -d /etc/libvirt/hooks ]]; then + sudo mkdir -p /etc/libvirt/hooks + fi + + sudo cp -f ${COMPASS_DIR}/deploy/qemu_hook.sh /etc/libvirt/hooks/qemu rm -rf /etc/apt/sources.list if [[ -f /etc/apt/sources.list.bak ]]; then diff --git a/deploy/rename_nics.py b/deploy/rename_nics.py index e9597595..f78b3979 100644 --- a/deploy/rename_nics.py +++ b/deploy/rename_nics.py @@ -26,19 +26,17 @@ def rename_nics(dha_info, rsa_file, compass_ip, os_version): nic_name = interface.keys()[0] mac = interface.values()[0] - exec_cmd("ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \ - -i %s root@%s \ - 'cobbler system edit --name=%s --interface=%s --mac=%s --static=1'" # noqa - % (rsa_file, compass_ip, host_name, nic_name, mac)) # noqa + exec_cmd("sudo docker exec compass-cobbler bash -c \ + 'cobbler system edit --name=%s --interface=%s --mac=%s --static=1'" # noqa + % (host_name, nic_name, mac)) # noqa - exec_cmd("ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \ - -i %s root@%s \ - 'cobbler sync'" % (rsa_file, compass_ip)) + exec_cmd("sudo docker exec compass-cobbler bash -c \ + 'cobbler sync'") if __name__ == "__main__": assert(len(sys.argv) == 5) rename_nics( - yaml.load( + yaml.safe_load( open( sys.argv[1])), sys.argv[2], diff --git a/deploy/reset_compute.py b/deploy/reset_compute.py index 86afc4f1..2e5103ba 100644 --- a/deploy/reset_compute.py +++ b/deploy/reset_compute.py @@ -20,7 +20,7 @@ def exec_cmd(cmd): def reset_baremetal(dha_info): print "reset_baremetal" - hosts_info = yaml.load(open(dha_info)) + hosts_info = yaml.safe_load(open(dha_info)) # print hosts_info ipmiUserDf = hosts_info.get('ipmiUser', 'root') @@ -48,7 +48,7 @@ def reset_baremetal(dha_info): def reset_virtual(dha_info): print "reset_virtual" - hosts_info = yaml.load(open(dha_info)) + hosts_info = yaml.safe_load(open(dha_info)) print hosts_info hosts_list = hosts_info.get('hosts', []) diff --git a/deploy/setup_vnic.py b/deploy/setup_vnic.py index 7dcd8d94..de3b5ed6 100644 --- a/deploy/setup_vnic.py +++ b/deploy/setup_vnic.py @@ -13,7 +13,7 @@ import yaml if __name__ == "__main__": network_config_file = os.environ["NETWORK"] - network_config = yaml.load(open(network_config_file, "r")) + network_config = yaml.safe_load(open(network_config_file, "r")) os.system( "sudo ovs-vsctl --may-exist add-port br-external mgmt_vnic -- set Interface mgmt_vnic type=internal") # noqa os.system("sudo ip addr flush mgmt_vnic") diff --git a/deploy/status_callback.py b/deploy/status_callback.py index 9136804f..4bbbc321 100644 --- a/deploy/status_callback.py +++ b/deploy/status_callback.py @@ -13,6 +13,8 @@ import sys # noqa:F401 from ansible.plugins.callback import CallbackBase +COMPASS_HOST = "compass-deck" + def task_error(display, host, data): display.display("task_error: host=%s,data=%s" % (host, data)) @@ -20,7 +22,7 @@ def task_error(display, host, data): # if isinstance(data, dict): # invocation = data.pop('invocation', {}) - notify_host(display, "localhost", host, "failed") + notify_host(display, COMPASS_HOST, host, "failed") class CallbackModule(CallbackBase): @@ -38,10 +40,11 @@ class CallbackModule(CallbackBase): def v2_on_any(self, *args, **kwargs): pass - def v2_runner_on_failed(self, host, res, ignore_errors=False): - task_error(self._display, host, res) + def v2_runner_on_failed(self, res, ignore_errors=False): + # task_error(self._display, host, res) + pass - def v2_runner_on_ok(self, host, res): + def v2_runner_on_ok(self, res): pass def v2_runner_on_skipped(self, host, item=None): @@ -60,7 +63,8 @@ class CallbackModule(CallbackBase): pass def v2_runner_on_async_failed(self, host, res, jid): - task_error(self._display, host, res) + # task_error(self._display, host, res) + pass def v2_playbook_on_start(self): pass @@ -97,29 +101,39 @@ class CallbackModule(CallbackBase): def v2_playbook_on_stats(self, stats): self._display.display("playbook_on_stats enter") - all_vars = self.play.get_variable_manager().get_vars(self.loader) - host_vars = all_vars["hostvars"] hosts = sorted(stats.processed.keys()) - cluster_name = host_vars[hosts[0]]['cluster_name'] failures = False unreachable = False for host in hosts: summary = stats.summarize(host) + # self._display.display("host: %s \nsummary: %s\n" % (host, summary)) # noqa if summary['failures'] > 0: failures = True if summary['unreachable'] > 0: unreachable = True + headers = {"Content-type": "application/json", + "Accept": "*/*"} + + conn = httplib.HTTPConnection(COMPASS_HOST, 80) + token = auth(conn) + headers["X-Auth-Token"] = token + get_url = "/api/hosts" + conn.request("GET", get_url, "", headers) + resp = conn.getresponse() + raise_for_status(resp) + host_data = json.loads(resp.read()) + clusterhosts = [item["name"] for item in host_data] + if failures or unreachable: - for host in hosts: - notify_host(self._display, "localhost", host, "error") - return + host_status = "error" + else: + host_status = "succ" - for host in hosts: - clusterhost_name = host + "." + cluster_name - notify_host(self._display, "localhost", clusterhost_name, "succ") + for host in clusterhosts: + notify_host(self._display, "compass-deck", host, host_status) def raise_for_status(resp): @@ -144,13 +158,13 @@ def auth(conn): def notify_host(display, compass_host, host, status): + display.display("hostname: %s" % host) + host = host.strip("host") + url = "/api/clusterhosts/%s/state" % host if status == "succ": - body = {"ready": True} - url = "/api/clusterhosts/%s/state_internal" % host + body = {"state": "SUCCESSFUL"} elif status == "error": body = {"state": "ERROR"} - host = host.strip("host") - url = "/api/clusterhosts/%s/state" % host else: display.error("notify_host: host %s with status %s is not supported" % (host, status)) diff --git a/deploy/template/vm/compass.xml b/deploy/template/vm/compass.xml index 182232f4..fb7cbb9a 100644 --- a/deploy/template/vm/compass.xml +++ b/deploy/template/vm/compass.xml @@ -13,11 +13,7 @@ <apic/> <pae/> </features> - <cpu mode='host-model'> - <model fallback='allow'/> - <feature policy='optional' name='vmx'/> - <feature policy='optional' name='svm'/> - </cpu> + <cpu mode='host-passthrough'/> <clock offset='utc'/> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> diff --git a/deploy/template/vm/host.xml b/deploy/template/vm/host.xml index f65d4f0e..092f0ece 100644 --- a/deploy/template/vm/host.xml +++ b/deploy/template/vm/host.xml @@ -14,6 +14,7 @@ <apic/> <pae/> </features> + <cpu mode='host-passthrough'/> <clock offset='utc'/> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> diff --git a/docs/release/installation/offline-deploy.rst b/docs/release/installation/offline-deploy.rst index c854f87d..0acfa180 100644 --- a/docs/release/installation/offline-deploy.rst +++ b/docs/release/installation/offline-deploy.rst @@ -15,7 +15,8 @@ Preparation for offline deploy generated by script build.sh in compass4nfv root directory.) 2. Download the Jumphost preparation package from our httpserver. (Download the - jumphost environment package from `here <http://205.177.226.237:9999/jh_env_package.tar.gz>`_. + jumphost environment package from + `here <http://artifacts.opnfv.org/compass4nfv/package/master/jh_env_package.tar.gz>`_. It should be awared that currently we only support ubuntu trusty as offline jumphost OS.) diff --git a/plugins/moon/plugins.desc b/plugins/moon/plugins.desc new file mode 100644 index 00000000..2d0e56f6 --- /dev/null +++ b/plugins/moon/plugins.desc @@ -0,0 +1,55 @@ +# ############################################################## +# This is an example for add a plugin into Compass4nfv +# It illustrates how feature components can be integrated into Compass4nfv +# together with scenarios. +# +# +# More details can be found in the development document. +# ############################################################## +--- +plugin: + # plugin name,it is also as the switch to enable/disable plugin in scenario + # files + name: moon + + description: plugin introduce and description + maintainers: + - ruan.he@orange.com + + # true: this plugin is deployed separately on a new node + # false: this plugin is deployed on controller or compute node + independent_hosts: true + + # artifact: packege download url for this plugin + artifacts: + url: + + # global_vars: + # define the parameters required by the plugin + # and its value will be defined and passed by compass4nfv + global_vars: + - xxx: yyy + - ntp_server: "pool.ntp.org" + + # orchestration + # A plugin can have mutiple components, each component may need to be + # installed on different inventory or have its own configuration. + # due to Compass4nfv currently only supports ansible, so each component + # of the installation and configuration script need to be use ansible. + # cm : congfiguration management tool : only ansible support + # role: each component corresponds to ansible script that locates in the same + # directory as plugin.desc. + # phrase: pre_openstack -- the component is installed after the OS + # provisioning, before the OpenStack deployment. + # phrase: post_openstack -- the component is installed before the OpenStack + # deployment. + # inventory: if the phrase is pre_openstack, inventory can be controller and + # compute. if the phrase is post_openstack, inventory can be get from the file + # openstack-ansible.inventory + orchestration: + cm: ansible + roles: + - role: moon + phrase: post_openstack + inventory: + - moon diff --git a/deploy/adapters/ansible/roles/kvmfornfv/defaults/main.yml b/plugins/moon/roles/moon/handlers/main.yml index d5549581..ab2a090b 100644..100755 --- a/deploy/adapters/ansible/roles/kvmfornfv/defaults/main.yml +++ b/plugins/moon/roles/moon/handlers/main.yml @@ -1,15 +1,15 @@ ############################################################################## -## Copyright (c) 2015 Nokia and others. -## +## Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. ## All rights reserved. This program and the accompanying materials ## are made available under the terms of the Apache License, Version 2.0 ## which accompanies this distribution, and is available at ## http://www.apache.org/licenses/LICENSE-2.0 -############################################################################### +############################################################################## --- +- name: restart network service + shell: "ifconfig eth0 down && ifconfig eth0 up && \ + /sbin/ifdown -a && \ + /sbin/ifup --ignore-errors -a" -path: /tmp/kvmfornfv -kernel_path: "{{ path }}/kernel" -qemu_path: "{{ path }}/qemu" -qemu_build_dir: "{{ qemu_path }}/build" -package: kvmfornfv.tar.gz +- name: restart nfs service + service: name=nfs-kernel-server state=restarted diff --git a/deploy/adapters/ansible/roles/moon/tasks/main.yml b/plugins/moon/roles/moon/tasks/main.yml index a3511de7..91283129 100644 --- a/deploy/adapters/ansible/roles/moon/tasks/main.yml +++ b/plugins/moon/roles/moon/tasks/main.yml @@ -1,5 +1,5 @@ -############################################################################# -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +############################################################################## +# Copyright (c) 2016-2017 HUAWEI TECHNOLOGIES CO.,LTD and others. # # All rights reserved. This program and the accompanying materials # are made available under the terms of the Apache License, Version 2.0 @@ -8,4 +8,4 @@ ############################################################################## --- - include: moon.yml - when: moon == "Enable" + when: moon is defined and moon == "Enable" and ansible_os_family == "Debian" diff --git a/plugins/moon/roles/moon/tasks/moon.yml b/plugins/moon/roles/moon/tasks/moon.yml new file mode 100644 index 00000000..22327007 --- /dev/null +++ b/plugins/moon/roles/moon/tasks/moon.yml @@ -0,0 +1,230 @@ +############################################################################# +# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: rm pip.conf + file: + path: /root/.pip/pip.conf + state: absent + +- name: configure network + template: + src: compute.j2 + dest: /etc/network/interfaces + notify: + - restart network service + +- meta: flush_handlers + +- name: check apt source + shell: "ping -c 2 {{ LOCAL_REPOSITORY_IP }} > /dev/null" + register: checkresult + ignore_errors: "true" + +- name: change sources list(apt) + template: + src: sources.list.lab + dest: /etc/apt/sources.list + when: checkresult.rc == 0 + +- name: change sources list(apt) + template: + src: sources.list.official + dest: /etc/apt/sources.list + when: checkresult.rc != 0 + +- name: check docker.list stat + stat: + path: /etc/apt/sources.list.d/docker.list + register: stat_result + +# [WARNING]: Consider using get_url or uri module rather than running wget +- name: install docker + remote_user: root + shell: wget -qO- https://get.docker.com/ | sh + when: stat_result.stat.exists == False + +- name: remove conflict packages + remote_user: root + action: "{{ ansible_pkg_mgr }} name={{ item }} state=absent" + with_items: + - python3-pkg-resources + +- name: install dependent packages + remote_user: root + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: + - git + - python3-dev + - python3-pip + - python3-venv + - python3-setuptools + +- name: make ubuntu dir + file: + path: /home/ubuntu + state: directory + mode: 0755 + +- name: check moon code dir exists + stat: + path: /home/ubuntu/moon + register: stat_result + +- name: fetch moon source code + shell: git clone https://git.opnfv.org/moon /home/ubuntu/moon + when: stat_result.stat.exists == False + +- name: create moon etc conf + remote_user: root + file: + src: /home/ubuntu/moon/moonv4/moon_orchestrator/conf + dest: /etc/moon + state: link + +- name: configure moon.conf + lineinfile: + dest: /etc/moon/moon.conf + regexp: '{{ item.regexp }}' + line: '{{ item.line }}' + with_items: + - regexp: '^dist_dir=.*' + line: 'dist_dir=/home/ubuntu/moon/moonv4/moon_orchestrator/dist' + - regexp: '^password=.*' + line: 'password={{ ADMIN_PASS }}' + +- name: configure moon.conf for moon slave + lineinfile: + dest: /etc/moon/moon.conf + regexp: '{{ item.regexp }}' + line: '{{ item.line }}' + with_items: + - regexp: '^slave_name=.*' + line: 'slave_name={{ moon_slave_name }}' + - regexp: '^master_url=.*' + line: 'master_url=rabbit://moon:p4sswOrd1@{{ moon_master_ip }}/moon' + - regexp: '^master_login.*' + line: 'master_login=moon' + - regexp: '^master_password=.*' + line: 'master_password=p4sswOrd1' + when: moon_slave == "Enable" + +- name: list container netwroks + shell: docker network ls --format \{\{.Name\}\} + register: result + +- name: dump template generated file content + debug: + msg: "{{ result.stdout }}" + +- name: create moon network + shell: docker network create -d bridge --subnet=172.18.0.0/16 --gateway=172.18.0.1 moon + when: result.stdout.find("moon") == -1 + +- name: list containers + shell: docker ps --format \{\{.Names\}\} + register: result + +- name: start rabbitmq + shell: | + docker run -dti \ + --net=moon \ + --hostname messenger \ + --name messenger \ + --link messenger:messenger \ + -e RABBITMQ_DEFAULT_USER=moon \ + -e RABBITMQ_DEFAULT_PASS=p4sswOrd1 \ + -e RABBITMQ_NODENAME=rabbit@messenger \ + -e RABBITMQ_DEFAULT_VHOST=moon \ + -p 5671:5671 \ + -p 5672:5672 \ + rabbitmq:3-management + when: result.stdout.find("messenger") == -1 + +- name: dump template generated file content + debug: + msg: "{{ result.stdout }}" + +- name: start mysql + shell: docker run -dti \ + --net=moon \ + --hostname db \ + --name db \ + -e MYSQL_ROOT_PASSWORD=p4sswOrd1 \ + -e MYSQL_DATABASE=moon \ + -e MYSQL_USER=moon \ + -e MYSQL_PASSWORD=p4sswOrd1 \ + -p 3306:3306 \ + mysql:latest + when: result.stdout.find("db") == -1 + +- name: set messenger and db hosts name + remote_user: root + lineinfile: + dest: /etc/hosts + regexp: 'messenger' + line: '127.0.0.1 messenger db' + +- name: set keystone hosts name + remote_user: root + lineinfile: + dest: /etc/hosts + regexp: 'keystone' + line: '{{ internal_vip.ip }} keystone' + +- name: update pip + remote_user: root + shell: pip3 install pip --upgrade + +- name: run moon build_all.sh + shell: | + export MOON_HOME=/home/ubuntu/moon/moonv4; + cd ${MOON_HOME}/bin; + source build_all.sh; + args: + executable: /bin/bash + +- name: modify moon start.sh + lineinfile: + dest: /home/ubuntu/moon/moonv4/bin/start.sh + state: absent + regexp: "{{ item }}" + with_items: + - "^sleep 20s" + - "^.*starting Keystone container.*" + - "^docker run .*keystone.*" + +- name: run moon start.sh + shell: | + export MOON_HOME=/home/ubuntu/moon/moonv4; + cd ${MOON_HOME}/moon_orchestrator; + if [ ! -d tests/venv ]; then + pyvenv tests/venv; + source tests/venv/bin/activate; + pip3 install -r requirements.txt --upgrade; + pip3 install dist/moon_db-0.1.0.tar.gz --upgrade; + pip3 install dist/moon_utilities-0.1.0.tar.gz --upgrade; + pip3 install . --upgrade; + cd ../moon_db/; + pip3 install -r requirements.txt --upgrade; + else + source tests/venv/bin/activate; + fi + killall -9 /home/ubuntu/moon/moonv4/moon_orchestrator/tests/venv/bin/python3.5 + sleep 3 + ( ( nohup ../bin/start.sh > /tmp/start.log 2>&1 ) & ); + args: + executable: /bin/bash + +- name: fetch template generated file content + shell: whoami + register: template_gen_out + +- name: dump template generated file content + debug: + msg: "{{ template_gen_out.stdout }}" diff --git a/plugins/moon/roles/moon/templates/compute.j2 b/plugins/moon/roles/moon/templates/compute.j2 new file mode 100755 index 00000000..7adfa12c --- /dev/null +++ b/plugins/moon/roles/moon/templates/compute.j2 @@ -0,0 +1,52 @@ +# This file describes the network interfaces available on your system +# and how to activate them. For more information, see interfaces(5). + +# The loopback network interface +auto lo +iface lo inet loopback + + +# Physical interface +auto eth0 +iface eth0 inet manual + + +# OpenStack Networking VXLAN (tunnel/overlay) VLAN interface +auto {{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}} +iface {{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}} inet manual + vlan-raw-device {{sys_intf_mappings["mgmt"]["interface"]}} + +# Storage network VLAN interface (optional) +auto {{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} +iface {{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} inet manual + vlan-raw-device {{sys_intf_mappings["storage"]["interface"]}} + +# OpenStack Networking VLAN bridge +auto br-vlan +iface br-vlan inet static + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + bridge_ports {{ network_cfg["provider_net_mappings"][0]["interface"] }} + address {{ip_settings[inventory_hostname]["br-prv"]["ip"]}} + netmask 255.255.255.0 + gateway {{ip_settings[inventory_hostname]["br-prv"]["gw"]}} + offload-sg off + # Create veth pair, don't bomb if already exists + pre-up ip link add br-vlan-veth type veth peer name eth12 || true + # Set both ends UP + pre-up ip link set br-vlan-veth up + pre-up ip link set eth12 up + # Delete veth pair on DOWN + post-down ip link del br-vlan-veth || true + bridge_ports br-vlan-veth + +# compute storage bridge +auto br-storage +iface br-storage inet static + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + bridge_ports {{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} + address {{ip_settings[inventory_hostname]["storage"]["ip"]}} + netmask 255.255.252.0 diff --git a/plugins/moon/roles/moon/templates/ifcfg-br-mgmt b/plugins/moon/roles/moon/templates/ifcfg-br-mgmt new file mode 100755 index 00000000..7f1931c8 --- /dev/null +++ b/plugins/moon/roles/moon/templates/ifcfg-br-mgmt @@ -0,0 +1,7 @@ +DEVICE=br-mgmt +TYPE=Bridge +IPADDR={{host_info[inventory_hostname].MGMT_IP}} +PREFIX=24 +BOOTPROTO=none +ONBOOT=yes +DELAY=0 diff --git a/plugins/moon/roles/moon/templates/ifcfg-br-storage b/plugins/moon/roles/moon/templates/ifcfg-br-storage new file mode 100755 index 00000000..3c1db126 --- /dev/null +++ b/plugins/moon/roles/moon/templates/ifcfg-br-storage @@ -0,0 +1,8 @@ +DEVICE=br-storage +TYPE=Bridge +IPADDR={{ ip_settings[inventory_hostname]["storage"]["ip"] }} +NETMASK=255.255.255.0 +BOOTPROTO=none +DEFROUTE="no" +ONBOOT=yes +DELAY=0 diff --git a/plugins/moon/roles/moon/templates/ifcfg-br-vlan b/plugins/moon/roles/moon/templates/ifcfg-br-vlan new file mode 100755 index 00000000..4349a3f1 --- /dev/null +++ b/plugins/moon/roles/moon/templates/ifcfg-br-vlan @@ -0,0 +1,11 @@ +DEVICE=br-vlan +TYPE=Bridge +IPADDR={{ ip_settings[inventory_hostname]["br-prv"]["ip"] }} +PREFIX=24 +GATEWAY={{ ip_settings[inventory_hostname]["br-prv"]["gw"] }} +BOOTPROTO=none +ONBOOT=yes +DELAY=0 +DEFROUTE="yes" +DNS1=8.8.8.8 +DNS2=8.8.4.4 diff --git a/plugins/moon/roles/moon/templates/ifcfg-br-vxlan b/plugins/moon/roles/moon/templates/ifcfg-br-vxlan new file mode 100755 index 00000000..d2a0cb86 --- /dev/null +++ b/plugins/moon/roles/moon/templates/ifcfg-br-vxlan @@ -0,0 +1,8 @@ +DEVICE=br-vxlan +TYPE=Bridge +IPADDR={{host_info[inventory_hostname].VXLAN_IP}} +NETMASK=255.255.252.0 +BOOTPROTO=none +DEFROUTE="no" +ONBOOT=yes +DELAY=0 diff --git a/plugins/moon/roles/moon/templates/ifcfg-if.storage b/plugins/moon/roles/moon/templates/ifcfg-if.storage new file mode 100755 index 00000000..96afb1bd --- /dev/null +++ b/plugins/moon/roles/moon/templates/ifcfg-if.storage @@ -0,0 +1,4 @@ +DEVICE={{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} +BOOTPROTO=none +ONBOOT=yes +VLAN=yes diff --git a/plugins/moon/roles/moon/templates/ifcfg-if.vxlan b/plugins/moon/roles/moon/templates/ifcfg-if.vxlan new file mode 100755 index 00000000..9fb19b0c --- /dev/null +++ b/plugins/moon/roles/moon/templates/ifcfg-if.vxlan @@ -0,0 +1,4 @@ +DEVICE={{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}} +BOOTPROTO=none +ONBOOT=yes +VLAN=yes diff --git a/plugins/moon/roles/moon/templates/sources.list.lab b/plugins/moon/roles/moon/templates/sources.list.lab new file mode 100755 index 00000000..b1e00d05 --- /dev/null +++ b/plugins/moon/roles/moon/templates/sources.list.lab @@ -0,0 +1,7 @@ +deb [ arch=amd64 ] http://{{LOCAL_REPOSITORY_IP}}/ubuntu/ xenial main restricted universe multiverse +deb [ arch=amd64 ] http://{{LOCAL_REPOSITORY_IP}}/ubuntu/ xenial-security main restricted universe multiverse +deb [ arch=amd64 ] http://{{LOCAL_REPOSITORY_IP}}/ubuntu/ xenial-updates main restricted universe multiverse + +deb-src [ arch=amd64 ] http://{{LOCAL_REPOSITORY_IP}}/ubuntu/ xenial main restricted universe multiverse +deb-src [ arch=amd64 ] http://{{LOCAL_REPOSITORY_IP}}/ubuntu/ xenial-security main restricted universe multiverse +deb-src [ arch=amd64 ] http://{{LOCAL_REPOSITORY_IP}}/ubuntu/ xenial-updates main restricted universe multiverse diff --git a/plugins/moon/roles/moon/templates/sources.list.official b/plugins/moon/roles/moon/templates/sources.list.official new file mode 100755 index 00000000..799e4b58 --- /dev/null +++ b/plugins/moon/roles/moon/templates/sources.list.official @@ -0,0 +1,36 @@ +# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to +# newer versions of the distribution. + +deb http://archive.ubuntu.com/ubuntu/ xenial main restricted +deb-src http://archive.ubuntu.com/ubuntu/ xenial main restricted + +## Major bug fix updates produced after the final release of the +## distribution. +deb http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted +deb-src http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted + +## Uncomment the following two lines to add software from the 'universe' +## repository. +## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu +## team. Also, please note that software in universe WILL NOT receive any +## review or updates from the Ubuntu security team. +deb http://archive.ubuntu.com/ubuntu/ xenial universe +deb-src http://archive.ubuntu.com/ubuntu/ xenial universe +deb http://archive.ubuntu.com/ubuntu/ xenial-updates universe +deb-src http://archive.ubuntu.com/ubuntu/ xenial-updates universe + +## N.B. software from this repository may not have been tested as +## extensively as that contained in the main release, although it includes +## newer versions of some applications which may provide useful features. +## Also, please note that software in backports WILL NOT receive any review +## or updates from the Ubuntu security team. +# deb http://archive.ubuntu.com/ubuntu/ xenial-backports main restricted +# deb-src http://archive.ubuntu.com/ubuntu/ xenial-backports main restricted + +deb http://archive.ubuntu.com/ubuntu/ xenial-security main restricted +deb-src http://archive.ubuntu.com/ubuntu/ xenial-security main restricted +deb http://archive.ubuntu.com/ubuntu/ xenial-security universe +deb-src http://archive.ubuntu.com/ubuntu/ xenial-security universe +# deb http://archive.ubuntu.com/ubuntu/ xenial-security multiverse +# deb-src http://archive.ubuntu.com/ubuntu/ xenial-security multiverse + diff --git a/plugins/moon/roles/moon/vars/main.yml b/plugins/moon/roles/moon/vars/main.yml new file mode 100755 index 00000000..783ea0d0 --- /dev/null +++ b/plugins/moon/roles/moon/vars/main.yml @@ -0,0 +1,10 @@ +# ############################################################################# +# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +# ############################################################################# +--- +LOCAL_REPOSITORY_IP: "192.168.137.222" diff --git a/plugins/ntp/plugins.desc b/plugins/ntp/plugins.desc new file mode 100644 index 00000000..35666764 --- /dev/null +++ b/plugins/ntp/plugins.desc @@ -0,0 +1,58 @@ +# This is an example for add a plugin into Compass4nfv +# It illustrates how feature components can be integrated into Compass4nfv +# together with scenarios. +# +# +# More details can be found in the development document. +# ############################################################## +--- +plugin: + # plugin name,it is also as the switch to enable/disable plugin in scenario + # files + name: ntp + + description: network time protocol + + maintainers: + - huangxiangyu5@huawei.com + + # host os type: ubuntu/centos + os_version: ubuntu + + # true: this plugin is deployed separately on a new node + # false: this plugin is deployed on controller or compute node + independent_hosts: false + + # artifact: packege download url for this plugin + artifacts: + url: http://archive.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.8p4+dfsg-3ubuntu5.4_amd64.deb + + # global_vars: + # define the parameters required by the plugin + # and its value will be defined and passed by compass4nfv + global_vars: + - ntp_server: "0.ubuntu.pool.ntp.org" + + # orchestration + # A plugin can have mutiple components, each component may need to be + # installed on different inventory or have its own configuration. + # due to Compass4nfv currently only supports ansible, so each component + # of the installation and configuration script need to be use ansible. + # cm : congfiguration management tool : only ansible support + # role: each component corresponds to ansible script that locates in the same + # directory as plugin.desc. + # phrase: pre_openstack -- the component is installed after the OS + # provisioning, before the OpenStack deployment. + # phrase: post_openstack -- the component is installed before the OpenStack + # deployment. + # inventory: if the phrase is pre_openstack, inventory can be controller and + # compute. if the phrase is post_openstack, inventory can be get from the file + # openstack-ansible.inventory + orchestration: + cm: ansible + roles: + - role: install ntp + phrase: pre_openstack + inventory: + - controller + - compute diff --git a/deploy/adapters/ansible/roles/ceilometer_compute/vars/main.yml b/plugins/ntp/roles/ntp/handlers/main.yml index 209e1e00..866f31c3 100644 --- a/deploy/adapters/ansible/roles/ceilometer_compute/vars/main.yml +++ b/plugins/ntp/roles/ntp/handlers/main.yml @@ -1,5 +1,5 @@ ############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# Copyright (c) 2016-2017 HUAWEI TECHNOLOGIES CO.,LTD and others. # # All rights reserved. This program and the accompanying materials # are made available under the terms of the Apache License, Version 2.0 @@ -7,5 +7,7 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## --- -packages_noarch: [] -metering_secret: 1c5df72079b31fb47747 +- name: restart ntp service + service: + name: ntp + state: restarted diff --git a/plugins/ntp/roles/ntp/tasks/main.yml b/plugins/ntp/roles/ntp/tasks/main.yml new file mode 100644 index 00000000..031fb36d --- /dev/null +++ b/plugins/ntp/roles/ntp/tasks/main.yml @@ -0,0 +1,32 @@ +############################################################################## +# Copyright (c) 2016-2017 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: download packages + get_url: + url: "{{ ntp_url }}" + dest: "{{ workspace }}" + +- name: install dependent packages + apt: + name: "{{ item }}" + state: present + with_items: + - "{{ dependancy }}" + +- name: install ntp package + command: dpkg -i "{{ workspace }}/{{ ntp_pkg }}" + +- name: config ntp + template: + src: ntp.con.j2 + dest: /etc/ntp.conf + notify: + - restart ntp service + +- meta: flush_handlers diff --git a/plugins/ntp/roles/ntp/templates/ntp.conf.j2 b/plugins/ntp/roles/ntp/templates/ntp.conf.j2 new file mode 100644 index 00000000..697e4078 --- /dev/null +++ b/plugins/ntp/roles/ntp/templates/ntp.conf.j2 @@ -0,0 +1,21 @@ +driftfile /var/lib/ntp/ntp.drift + +statistics loopstats peerstats clockstats +filegen loopstats file loopstats type day enable +filegen peerstats file peerstats type day enable +filegen clockstats file clockstats type day enable + +pool 0.ubuntu.pool.ntp.org iburst +pool 1.ubuntu.pool.ntp.org iburst +pool 2.ubuntu.pool.ntp.org iburst +pool 3.ubuntu.pool.ntp.org iburst + +pool "{{ ntp_server }}" + +restrict -4 default kod notrap nomodify nopeer noquery limited +restrict -6 default kod notrap nomodify nopeer noquery limited + +restrict 127.0.0.1 +restrict ::1 + +restrict source notrap nomodify noquery diff --git a/deploy/adapters/ansible/roles/mq/tasks/main.yml b/plugins/ntp/roles/ntp/vars/main.yml index 74be9ccb..708fa423 100644 --- a/deploy/adapters/ansible/roles/mq/tasks/main.yml +++ b/plugins/ntp/roles/ntp/vars/main.yml @@ -1,5 +1,5 @@ ############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# Copyright (c) 2016-2017 HUAWEI TECHNOLOGIES CO.,LTD and others. # # All rights reserved. This program and the accompanying materials # are made available under the terms of the Apache License, Version 2.0 @@ -7,11 +7,11 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## --- -- include_vars: "{{ ansible_os_family }}.yml" +workspace: /tmp/plugin -- include: rabbitmq_install.yml +ntp_url: http://archive.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.8p4+dfsg-3ubuntu5.4_amd64.deb -- include: rabbitmq_config.yml - when: inventory_hostname == haproxy_hosts.keys()[0] +ntp_pkg: ntp_4.2.8p4+dfsg-3ubuntu5.4_amd64.deb -- meta: flush_handlers +dependancy: + - libopts25 diff --git a/plugins/odl_cluster/plugins.desc b/plugins/odl_cluster/plugins.desc new file mode 100644 index 00000000..86413aef --- /dev/null +++ b/plugins/odl_cluster/plugins.desc @@ -0,0 +1,62 @@ +# ############################################################## +# This is an example for add a plugin into Compass4nfv +# It illustrates how feature components can be integrated into Compass4nfv +# together with scenarios. +# +# +# More details can be found in the development document. +# ############################################################## +--- +plugin: + # plugin name,it is also as the switch to enable/disable plugin in scenario + # files + name: opendaylight + + description: plugin introduce and description + maintainers: + - xueyifei@huawei.com + + # true: this plugin is deployed separately on a new node + # false: this plugin is deployed on controller or compute node + independent_hosts: false + + # artifact: packege download url for this plugin + artifacts: + url: + + # global_vars: + # define the parameters required by the plugin + # and its value will be defined and passed by compass4nfv + global_vars: + - xxx: yyy + - ntp_server: "pool.ntp.org" + + # orchestration + # A plugin can have mutiple components, each component may need to be + # installed on different inventory or have its own configuration. + # due to Compass4nfv currently only supports ansible, so each component + # of the installation and configuration script need to be use ansible. + # cm : congfiguration management tool : only ansible support + # role: each component corresponds to ansible script that locates in the same + # directory as plugin.desc. + # phrase: pre_openstack -- the component is installed after the OS + # provisioning, before the OpenStack deployment. + # phrase: post_openstack -- the component is installed before the OpenStack + # deployment. + # inventory: if the phrase is pre_openstack, inventory can be controller and + # compute. if the phrase is post_openstack, inventory can be get from the file + # openstack-ansible.inventory + orchestration: + cm: ansible + roles: + - role: setup_opendaylight + excute_after: setup_openvswitch + inventory: + - localhost + - role: odl_cluster + excute_in: setup_opendaylight + inventory: + - neutron_all + - galera_container + - network_hosts + - repo_container diff --git a/deploy/adapters/ansible/roles/odl_cluster/files/opendaylight.service b/plugins/odl_cluster/roles/odl_cluster/files/opendaylight.service index c2cf84ff..f4801a36 100644 --- a/deploy/adapters/ansible/roles/odl_cluster/files/opendaylight.service +++ b/plugins/odl_cluster/roles/odl_cluster/files/opendaylight.service @@ -10,7 +10,7 @@ Type=simple WorkingDirectory=/opt/opendaylight PermissionsStartOnly=true ExecStartPre= -ExecStart=/usr/lib/jvm/java-8-oracle/bin/java -Djava.security.properties=/opt/opendaylight/etc/odl.java.security -server -Xms128M -Xmx2048m -XX:+UnlockDiagnosticVMOptions -XX:+UnsyncloadClass -XX:+HeapDumpOnOutOfMemoryError -Dcom.sun.management.jmxremote -Djava.security.egd=file:/dev/./urandom -Djava.endorsed.dirs=/usr/lib/jvm/java-8-oracle/jre/lib/endorsed:/usr/lib/jvm/java-8-oracle/lib/endorsed:/opt/opendaylight/lib/endorsed -Djava.ext.dirs=/usr/lib/jvm/java-8-oracle/jre/lib/ext:/usr/lib/jvm/java-8-oracle/lib/ext:/opt/opendaylight/lib/ext -Dkaraf.instances=/opt/opendaylight/instances -Dkaraf.home=/opt/opendaylight -Dkaraf.base=/opt/opendaylight -Dkaraf.data=/opt/opendaylight/data -Dkaraf.etc=/opt/opendaylight/etc -Djava.io.tmpdir=/opt/opendaylight/data/tmp -Djava.util.logging.config.file=/opt/opendaylight/etc/java.util.logging.properties -Dkaraf.startLocalConsole=false -Dkaraf.startRemoteShell=true -classpath /opt/opendaylight/lib/karaf.branding-1.7.2-Boron-SR2.jar:/opt/opendaylight/lib/karaf-jaas-boot.jar:/opt/opendaylight/lib/karaf.jar:/opt/opendaylight/lib/karaf-org.osgi.core.jar org.apache.karaf.main.Main +ExecStart=/usr/lib/jvm/java-8-oracle/bin/java -Djava.security.properties=/opt/opendaylight/etc/odl.java.security -server -Xms128M -Xmx2048m -XX:+UnlockDiagnosticVMOptions -XX:+UnsyncloadClass -XX:+HeapDumpOnOutOfMemoryError -Dcom.sun.management.jmxremote -Djava.security.egd=file:/dev/./urandom -Djava.endorsed.dirs=/usr/lib/jvm/java-8-oracle/jre/lib/endorsed:/usr/lib/jvm/java-8-oracle/lib/endorsed:/opt/opendaylight/lib/endorsed -Djava.ext.dirs=/usr/lib/jvm/java-8-oracle/jre/lib/ext:/usr/lib/jvm/java-8-oracle/lib/ext:/opt/opendaylight/lib/ext -Dkaraf.instances=/opt/opendaylight/instances -Dkaraf.home=/opt/opendaylight -Dkaraf.base=/opt/opendaylight -Dkaraf.data=/opt/opendaylight/data -Dkaraf.etc=/opt/opendaylight/etc -Djava.io.tmpdir=/opt/opendaylight/data/tmp -Djava.util.logging.config.file=/opt/opendaylight/etc/java.util.logging.properties -Dkaraf.startLocalConsole=false -Dkaraf.startRemoteShell=true -classpath /opt/opendaylight/lib/karaf.branding-1.8.1-SNAPSHOT.jar:/opt/opendaylight/lib/karaf-jaas-boot.jar:/opt/opendaylight/lib/karaf.jar:/opt/opendaylight/lib/karaf-org.osgi.core.jar org.apache.karaf.main.Main Restart=on-failure LimitNOFILE=65535 TimeoutStopSec=15 diff --git a/deploy/adapters/ansible/roles/odl_cluster/handlers/main.yml b/plugins/odl_cluster/roles/odl_cluster/handlers/main.yml index 2650d072..2650d072 100755 --- a/deploy/adapters/ansible/roles/odl_cluster/handlers/main.yml +++ b/plugins/odl_cluster/roles/odl_cluster/handlers/main.yml diff --git a/plugins/odl_cluster/roles/odl_cluster/tasks/control-agents-1.yml b/plugins/odl_cluster/roles/odl_cluster/tasks/control-agents-1.yml new file mode 100644 index 00000000..dc071cc7 --- /dev/null +++ b/plugins/odl_cluster/roles/odl_cluster/tasks/control-agents-1.yml @@ -0,0 +1,39 @@ +--- + +- name: install crudini + package: + name: crudini + state: latest + +- name: install networking-odl + pip: + name: networking-odl + version: "{{ networking_odl_version }}" + virtualenv: /openstack/venvs/neutron-15.1.4 + +- name: configure vsctl for dhcp agent + shell: | + crudini --set /etc/neutron/dhcp_agent.ini OVS \ + ovsdb_interface vsctl; + when: + - inventory_hostname not in groups['nova_compute'] + +- name: configure vsctl for l3 agent + shell: | + crudini --set /etc/neutron/l3_agent.ini OVS \ + ovsdb_interface vsctl; + when: odl_l3_agent == "Disable" and inventory_hostname not in groups['nova_compute'] + +- name: stop neutron l3 agent + service: name=neutron-l3-agent state=stopped enabled=no + when: odl_l3_agent == "Enable" and inventory_hostname not in groups['nova_compute'] + +- name: shut down and disable Neutron's openvswitch agent services + service: name={{ service_ovs_agent_name }} state=stopped enabled=no + +- name: Stop the Open vSwitch service and clear existing OVSDB + shell: > + service {{ service_ovs_name }} stop ; + rm -rf /var/log/openvswitch/* ; + rm -rf /etc/openvswitch/conf.db ; + service {{ service_ovs_name }} start ; diff --git a/plugins/odl_cluster/roles/odl_cluster/tasks/control-agents-2.yml b/plugins/odl_cluster/roles/odl_cluster/tasks/control-agents-2.yml new file mode 100644 index 00000000..f53a3ac8 --- /dev/null +++ b/plugins/odl_cluster/roles/odl_cluster/tasks/control-agents-2.yml @@ -0,0 +1,87 @@ +--- + +- name: set opendaylight as the manager + command: | + su -s /bin/sh -c "ovs-vsctl set-manager tcp:{{ internal_lb_vip_address }}:6640;" + +- name: check br-int + shell: | + ovs-vsctl list-br | grep br-int; while [ $? -ne 0 ]; do sleep 10; \ + ovs-vsctl list-br | grep br-int; done + +# yamllint disable rule:line-length +- name: set local ip in openvswitch + shell: | + ovs-vsctl set Open_vSwitch $(ovs-vsctl show | head -n 1) \ + other_config={'local_ip'=' {{ hostvars[inventory_hostname]['container_networks']['tunnel_address']['address'] }} '}; + when: inventory_hostname not in groups['nova_compute'] + +- name: set local ip in openvswitch + shell: | + ovs-vsctl set Open_vSwitch $(ovs-vsctl show | head -n 1) \ + other_config={'local_ip'=' {{ hostvars[inventory_hostname]['ansible_br_vxlan']['ipv4']['address'] }} '}; + when: inventory_hostname in groups['nova_compute'] +# yamllint enable rule:line-length + +- name: Setup br-provider + openvswitch_bridge: + bridge: br-provider + state: present + when: + - inventory_hostname not in groups['nova_compute'] + - odl_l3_agent == "Disable" + +- name: add ovs uplink + openvswitch_port: + bridge: br-provider + port: "eth12" + state: present + when: + - inventory_hostname not in groups['nova_compute'] + - odl_l3_agent == "Disable" + +- name: set external nic in openvswitch + shell: | + ovs-vsctl set Open_vSwitch $(ovs-vsctl show | head -n 1) \ + other_config:provider_mappings=physnet:br-provider + when: + - odl_l3_agent == "Disable" + - inventory_hostname not in groups['nova_compute'] + +- name: set external nic in openvswitch + shell: | + ovs-vsctl set Open_vSwitch $(ovs-vsctl show | head -n 1) \ + other_config:provider_mappings=physnet:eth12 + when: + - odl_l3_agent == "Enable" + +- name: Set host OVS configurations + command: | + /openstack/venvs/neutron-15.1.4/bin/neutron-odl-ovs-hostconfig \ + --datapath_type=system --bridge_mappings=physnet:br-provider + when: + - inventory_hostname not in groups['nova_compute'] + - odl_l3_agent == "Disable" + +- name: Set host OVS configurations + command: | + /openstack/venvs/neutron-15.1.4/bin/neutron-odl-ovs-hostconfig + --datapath_type=system --bridge_mappings=physnet:eth12 + when: + - inventory_hostname not in groups['nova_compute'] + - odl_l3_agent == "Enable" + +- name: Set host OVS configurations + command: | + /openstack/venvs/neutron-15.1.4/bin/neutron-odl-ovs-hostconfig --datapath_type=system + when: + - inventory_hostname in groups['nova_compute'] + - odl_l3_agent == "Disable" + +- name: Set host OVS configurations + command: | + /openstack/venvs/neutron-15.1.4/bin/neutron-odl-ovs-hostconfig + --datapath_type=system --bridge_mappings=physnet:eth12 + when: + - inventory_hostname in groups['nova_compute'] + - odl_l3_agent == "Enable" diff --git a/plugins/odl_cluster/roles/odl_cluster/tasks/control-agents-3.yml b/plugins/odl_cluster/roles/odl_cluster/tasks/control-agents-3.yml new file mode 100644 index 00000000..68446a83 --- /dev/null +++ b/plugins/odl_cluster/roles/odl_cluster/tasks/control-agents-3.yml @@ -0,0 +1,42 @@ +--- + +- name: configure opendaylight -> ml2 + shell: > + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers opendaylight_v2; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs enable_tunneling "True"; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs bridge_mappings physnet:br-provider; + +- name: configure bridge_mappings for L3 + shell: | + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs bridge_mappings physnet:eth12; + when: odl_l3_agent == "Enable" + +- name: configure external bridge name for L2 + shell: | + crudini --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge br-provider; + when: odl_l3_agent == "Disable" + +- name: configure opendaylight in ml2 + shell: | + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_odl username admin; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_odl password admin; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_odl url \ + http://{{ internal_lb_vip_address }}:8080/controller/nb/v2/neutron; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_odl port_binding_controller \ + pseudo-agentdb-binding; + +- name: configure metadata for l3 configuration + shell: | + crudini --set /etc/neutron/dhcp_agent.ini DEFAULT \ + enable_isolated_metadata "True"; + when: + - inventory_hostname not in groups['nova_compute'] + +- name: force metadata for l3 configuration + shell: | + crudini --set /etc/neutron/dhcp_agent.ini DEFAULT \ + force_metadata "True"; + when: + - inventory_hostname not in groups['nova_compute'] diff --git a/plugins/odl_cluster/roles/odl_cluster/tasks/control-db-1.yml b/plugins/odl_cluster/roles/odl_cluster/tasks/control-db-1.yml new file mode 100644 index 00000000..3cef9792 --- /dev/null +++ b/plugins/odl_cluster/roles/odl_cluster/tasks/control-db-1.yml @@ -0,0 +1,8 @@ +--- + +- name: drop and recreate neutron database + shell: | + mysql -e "drop database if exists neutron;"; + mysql -e "create database neutron character set utf8;"; + mysql -e "grant all on neutron.* to 'neutron'@'%' identified by \ + '{{ neutron_container_mysql_password }}';"; diff --git a/plugins/odl_cluster/roles/odl_cluster/tasks/control-hosts-1.yml b/plugins/odl_cluster/roles/odl_cluster/tasks/control-hosts-1.yml new file mode 100644 index 00000000..6879340e --- /dev/null +++ b/plugins/odl_cluster/roles/odl_cluster/tasks/control-hosts-1.yml @@ -0,0 +1,100 @@ +--- + +- name: check sdn_package cache + stat: + path=/opt/sdn_package.tar.gz + register: sdn_cache # Todo: remove hard code and add md5 check + +- name: debug + debug: msg="{{ sdn_cache }}" + +- name: get sdn_package + get_url: + url: "{{ sdn_package }}" + dest: /opt/ + when: sdn_cache.stat.exists != 'true' + +- name: create odl group + group: name=odl system=yes state=present + +- name: create odl user + user: + name: odl + group: odl + home: "{{ odl_home }}" + createhome: "yes" + system: "yes" + shell: "/bin/false" + +- name: clear sdn_package + command: su -s /bin/sh -c "rm -rf /opt/sdn_package" + +- name: clear jdk8 package + command: su -s /bin/sh -c "rm -rf /opt/install_jdk8" + +- name: unarchive sdn_package + command: su -s /bin/sh -c "tar xzf /opt/sdn_package.tar.gz -C /opt/" + +- name: copy java package + command: su -s /bin/sh -c "cp /opt/sdn_package/java/jdk-8u51-linux-x64.tar.gz /opt/" + +- name: unarchive java_install package + command: su -s /bin/sh -c "tar xvf /opt/sdn_package/java/install_jdk8.tar -C /opt/" + +- name: install java + command: su -s /bin/sh -c "/opt/install_jdk8/install_jdk8.sh" + +- name: clear odl package + command: su -s /bin/sh -c "rm -rf {{ odl_home }}*" + +- name: extract odl package + command: | + su -s /bin/sh -c "tar xzf /opt/sdn_package/odl/{{ odl_pkg_name }} -C {{ odl_home }} \ + --strip-components 1" odl + +- name: opendaylight system file + copy: + src: "{{ service_file.src }}" + dest: "{{ service_file.dst }}" + mode: 0755 + +- name: set l3 fwd enable in custom.properties + template: + src: custom.properties + dest: "{{ odl_home }}/etc/custom.properties" + owner: odl + group: odl + mode: 0775 + when: odl_l3_agent == "Enable" + +- name: create karaf config + template: + src: org.apache.karaf.features.cfg + dest: "{{ odl_home }}/etc/org.apache.karaf.features.cfg" + owner: odl + group: odl + mode: 0775 + +- name: copy acl configuration script + template: + src: acl_conf.sh + dest: "/opt/acl_conf.sh" + mode: 0777 + +- name: execute acl configuration script + command: su -s /bin/sh -c "/opt/acl_conf.sh;" odl + +- name: create jetty config + shell: > + sed -i 's/default="8181"/default="8081"/' + {{ odl_home }}etc/jetty.xml + +- name: create tomcat config + shell: > + sed -i 's/port="8282"/port="8081"/' + {{ odl_home }}configuration/tomcat-server.xml + +- name: remove karaf data directory + file: + path: "{{ odl_home }}data" + state: absent diff --git a/deploy/adapters/ansible/roles/odl_cluster/tasks/01_07_start_check_odl.yml b/plugins/odl_cluster/roles/odl_cluster/tasks/control-hosts-2.yml index f52079de..b8d9403a 100644 --- a/deploy/adapters/ansible/roles/odl_cluster/tasks/01_07_start_check_odl.yml +++ b/plugins/odl_cluster/roles/odl_cluster/tasks/control-hosts-2.yml @@ -1,11 +1,3 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## --- - name: chown opendaylight directory and files diff --git a/plugins/odl_cluster/roles/odl_cluster/tasks/control-repos-1.yml b/plugins/odl_cluster/roles/odl_cluster/tasks/control-repos-1.yml new file mode 100644 index 00000000..8427e4f0 --- /dev/null +++ b/plugins/odl_cluster/roles/odl_cluster/tasks/control-repos-1.yml @@ -0,0 +1,17 @@ +--- + +- name: download networking-odl + get_url: + url: "{{ odl_pip }}" + dest: /var/www/repo/os-releases/15.1.4/ubuntu-16.04-x86_64 + +- name: patch networking-odl to fix a bug + shell: | + cd /var/www/repo/os-releases/15.1.4/ubuntu-16.04-x86_64/ + tar -zxf networking-odl-4.0.0.tar.gz # hard code, need to modify + rm -rf networking-odl-4.0.0.tar.gz + sed -i 's/^Babel.*/Babel!=2.4.0,>=2.3.4/' networking-odl-4.0.0/requirements.txt + tar -zcf networking-odl-4.0.0.tar.gz networking-odl-4.0.0/ + rm -rf networking-odl-4.0.0/ + pip install networking-odl-4.0.0.tar.gz -d ./ + cd - diff --git a/plugins/odl_cluster/roles/odl_cluster/tasks/control-servers-1.yml b/plugins/odl_cluster/roles/odl_cluster/tasks/control-servers-1.yml new file mode 100644 index 00000000..459c734a --- /dev/null +++ b/plugins/odl_cluster/roles/odl_cluster/tasks/control-servers-1.yml @@ -0,0 +1,15 @@ +--- + +- name: install crudini + package: + name: crudini + state: latest + +- name: install networking-odl + pip: + name: networking-odl + version: "{{ networking_odl_version }}" + virtualenv: /openstack/venvs/neutron-15.1.4 # Todo: hardcode, need to modify + +- name: turn off neutron-server on control node + service: name=neutron-server state=stopped diff --git a/plugins/odl_cluster/roles/odl_cluster/tasks/control-servers-2.yml b/plugins/odl_cluster/roles/odl_cluster/tasks/control-servers-2.yml new file mode 100644 index 00000000..59b3aa2f --- /dev/null +++ b/plugins/odl_cluster/roles/odl_cluster/tasks/control-servers-2.yml @@ -0,0 +1,34 @@ +--- + +- name: configure odl l3 driver + shell: | + crudini --set /etc/neutron/neutron.conf DEFAULT service_plugins \ + odl-router,metering; + when: odl_l3_agent == "Enable" + +- name: configure opendaylight -> ml2 + shell: > + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers opendaylight_v2; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs enable_tunneling "True"; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs bridge_mappings physnet:br-provider; + +- name: configure bridge_mappings for L3 + shell: | + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs bridge_mappings physnet:eth12; + when: odl_l3_agent == "Enable" + +- name: turn off l3 ha for odl l2 + shell: | + crudini --set /etc/neutron/neutron.conf DEFAULT l3_ha "False"; + when: odl_l3_agent == "Disable" + +- name: configure opendaylight in ml2 + shell: | + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_odl username admin; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_odl password admin; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_odl url \ + http://{{ internal_lb_vip_address }}:8080/controller/nb/v2/neutron; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_odl port_binding_controller \ + pseudo-agentdb-binding; diff --git a/plugins/odl_cluster/roles/odl_cluster/tasks/control-servers-3.yml b/plugins/odl_cluster/roles/odl_cluster/tasks/control-servers-3.yml new file mode 100644 index 00000000..3d5c307b --- /dev/null +++ b/plugins/odl_cluster/roles/odl_cluster/tasks/control-servers-3.yml @@ -0,0 +1,19 @@ +--- + +- name: Perform a Neutron DB online upgrade + command: | + /openstack/venvs/neutron-15.1.4/bin/neutron-db-manage + --config-file /etc/neutron/neutron.conf + --config-file /etc/neutron/plugins/ml2/ml2_conf.ini + upgrade --expand + become: "yes" + become_user: "neutron" + +- name: Perform a Neutron DB offline upgrade + command: | + /openstack/venvs/neutron-15.1.4/bin/neutron-db-manage + --config-file /etc/neutron/neutron.conf + --config-file /etc/neutron/plugins/ml2/ml2_conf.ini + upgrade --contract + become: "yes" + become_user: "neutron" diff --git a/plugins/odl_cluster/roles/odl_cluster/tasks/main.yml b/plugins/odl_cluster/roles/odl_cluster/tasks/main.yml new file mode 100644 index 00000000..44359056 --- /dev/null +++ b/plugins/odl_cluster/roles/odl_cluster/tasks/main.yml @@ -0,0 +1,39 @@ +--- + +- include_vars: "{{ ansible_os_family }}.yml" + +- include: control-hosts-1.yml + when: inventory_hostname in groups['network_hosts'] # Todo: modify to odl_hosts + +- include: control-repos-1.yml + vars: + odl_pip: "{{ networking_odl_url }}" + when: inventory_hostname in groups['repo_container'] + +- include: control-servers-1.yml + when: inventory_hostname in groups['neutron_server'] + +- include: control-agents-1.yml + when: inventory_hostname in groups['neutron_openvswitch_agent'] + +- include: control-hosts-2.yml + when: inventory_hostname in groups['network_hosts'] # Todo: modify to odl_hosts + +- include: control-agents-2.yml + when: inventory_hostname in groups['neutron_openvswitch_agent'] + +- include: control-servers-2.yml + when: inventory_hostname in groups['neutron_server'] + +- include: control-agents-3.yml + when: inventory_hostname in groups['neutron_openvswitch_agent'] + +- include: control-db-1.yml + when: inventory_hostname == groups['galera_container'][0] + +- include: control-servers-3.yml + when: + - inventory_hostname in groups['neutron_server'][0] + - inventory_hostname not in groups['network_hosts'] + +- include: odl-post.yml diff --git a/plugins/odl_cluster/roles/odl_cluster/tasks/odl-post.yml b/plugins/odl_cluster/roles/odl_cluster/tasks/odl-post.yml new file mode 100644 index 00000000..9f1cb79e --- /dev/null +++ b/plugins/odl_cluster/roles/odl_cluster/tasks/odl-post.yml @@ -0,0 +1,34 @@ +--- + +- name: restart neutron-server + service: name=neutron-server state=restarted enabled=yes + when: inventory_hostname in groups['neutron_server'] + +- name: restart neutron-l3-agent server + service: name=neutron-l3-agent state=restarted + when: + - odl_l3_agent == "Disable" + - inventory_hostname in groups['neutron_openvswitch_agent'] + - inventory_hostname not in groups['nova_compute'] + +- name: restart neutron-dhcp-agent server + service: name=neutron-dhcp-agent state=restarted + when: + - inventory_hostname in groups['neutron_openvswitch_agent'] + - inventory_hostname not in groups['nova_compute'] + +- name: restart neutron-metadata-agent server + service: name=neutron-metadata-agent state=restarted + when: + - inventory_hostname in groups['neutron_openvswitch_agent'] + - inventory_hostname not in groups['nova_compute'] + +- name: remove karaf data directory + file: + path: "{{ odl_home }}data" + state: absent + when: inventory_hostname in groups['network_hosts'] + +- name: restart opendaylight + shell: sleep 60; service opendaylight restart; sleep 60; + when: inventory_hostname in groups['network_hosts'] diff --git a/deploy/adapters/ansible/roles/odl_cluster/templates/acl_conf.sh b/plugins/odl_cluster/roles/odl_cluster/templates/acl_conf.sh index 4962a17c..4962a17c 100755 --- a/deploy/adapters/ansible/roles/odl_cluster/templates/acl_conf.sh +++ b/plugins/odl_cluster/roles/odl_cluster/templates/acl_conf.sh diff --git a/deploy/adapters/ansible/roles/odl_cluster/templates/custom.properties b/plugins/odl_cluster/roles/odl_cluster/templates/custom.properties index 4eb86184..f103c1b8 100755 --- a/deploy/adapters/ansible/roles/odl_cluster/templates/custom.properties +++ b/plugins/odl_cluster/roles/odl_cluster/templates/custom.properties @@ -1,5 +1,5 @@ # Extra packages to import from the boot class loader -org.osgi.framework.system.packages.extra=org.apache.karaf.branding,sun.reflect,sun.reflect.misc,sun.misc,sun.nio.ch +org.osgi.framework.system.packages.extra=org.apache.karaf.branding,sun.reflect,sun.reflect.misc,sun.misc,sun.nio.ch,com.sun.media.sound # https://bugs.eclipse.org/bugs/show_bug.cgi?id=325578 # Extend the framework to avoid the resources to be presented with @@ -13,20 +13,20 @@ org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true # Use Equinox as default OSGi Framework Implementation karaf.framework=equinox -# Netconf startup configuration -netconf.tcp.address=127.0.0.1 -netconf.tcp.port=8383 +# Show a progress bar on startup and start the console when all bundles are up and running. +# (If you are in a hurry you can still type enter to start the shell faster.) +karaf.delay.console=true -netconf.tcp.client.address=127.0.0.1 -netconf.tcp.client.port=8383 - -netconf.ssh.address=0.0.0.0 -netconf.ssh.port=1830 -# Use Linux style path -netconf.ssh.pk.path = ./configuration/RSA.pk # Set security provider to BouncyCastle org.apache.karaf.security.providers = org.bouncycastle.jce.provider.BouncyCastleProvider +# We set this to false to disable the Aries BlueprintExtender from doing its orderly container +# shutdown so we can do it after the CSS has shut down all its modules. Otherwise Aries will +# shutdown blueprint containers when the karaf framework starts shutdown (ie when bundle 0 is +# stopped) which can cause failures on CSS module shutdown due to the core blueprint containers +# and services already being shut down. This setting can be removed when/if CSS is removed +# completely from ODL. +org.apache.aries.blueprint.preemptiveShutdown=false netconf.config.persister.active=1 @@ -43,36 +43,6 @@ container.profile = Container # Connection manager configuration connection.scheme = ANY_CONTROLLER_ONE_MASTER -# Open Flow related system parameters -# TCP port on which the controller is listening (default 6633) -# of.listenPort=6633 -# IP address of the controller (default: wild card) -# of.address = 127.0.0.1 -# The time (in milliseconds) the controller will wait for a response after sending a Barrier Request or a Statistic Request message (default 2000 msec) -# of.messageResponseTimer=2000 -# The switch liveness timeout value (default 60500 msec) -# of.switchLivenessTimeout=60500 -# The size of the queue holding pending statistics requests (default 64). For large networks of n switches, it is recommended to set the queue size to n -# of.statsQueueSize = 64 -# The flow statistics polling interval in second (default 10 sec) -# of.flowStatsPollInterval=10 -# The port statistics polling interval in second (default 5 sec) -# of.portStatsPollInterval=5 -# The description statistics polling interval in second (default 60 sec) -# of.descStatsPollInterval=60 -# The table statistics polling interval in second (default 10 sec) -# of.tableStatsPollInterval=10 -# The maximum number of asynchronous messages can be sent before sending a Barrier Request (default 100) -# of.barrierMessagePriorCount=100 -# The interval which determines how often the discovery packets should be sent (default 300 sec) -# of.discoveryInterval=300 -# The timeout multiple of discovery interval -# of.discoveryTimeoutMultiple=2 -# For newly added ports, allow one more retry if the elapsed time exceeds this threshold (default 30 sec) -# of.discoveryThreshold=30 -# The maximum number of ports handled in one discovery batch (default 512) -# of.discoveryBatchMaxPorts=512 - # OVSDB configuration # ovsdb plugin supports both active and passive connections. It listens on port 6640 by default for Active connections. ovsdb.listenPort=6640 @@ -122,8 +92,8 @@ java.util.logging.config.file=configuration/tomcat-logging.properties hosttracker.keyscheme=IP # LISP Flow Mapping configuration -# Map-Register messages overwrite existing RLOC sets in EID-to-RLOC mappings (default: true) -lisp.mappingOverwrite = true +# Enable merging RLOC sets received from different xTR-IDs for the same EID (default: false) +lisp.mappingMerge = false # Enable the Solicit-Map-Request (SMR) mechanism (default: true) lisp.smr = true # Choose policy for Explicit Locator Path (ELP) handling diff --git a/deploy/adapters/ansible/roles/odl_cluster/templates/ml2_conf.sh b/plugins/odl_cluster/roles/odl_cluster/templates/ml2_conf.sh index 0d42e48b..0d42e48b 100755 --- a/deploy/adapters/ansible/roles/odl_cluster/templates/ml2_conf.sh +++ b/plugins/odl_cluster/roles/odl_cluster/templates/ml2_conf.sh diff --git a/deploy/adapters/ansible/roles/odl_cluster/templates/org.apache.karaf.features.cfg.Debian b/plugins/odl_cluster/roles/odl_cluster/templates/org.apache.karaf.features.cfg index eebd47a6..bc625cda 100755 --- a/deploy/adapters/ansible/roles/odl_cluster/templates/org.apache.karaf.features.cfg.Debian +++ b/plugins/odl_cluster/roles/odl_cluster/templates/org.apache.karaf.features.cfg @@ -36,12 +36,12 @@ # # Comma separated list of features repositories to register by default # -featuresRepositories = mvn:org.apache.karaf.features/standard/3.0.7/xml/features,mvn:org.apache.karaf.features/enterprise/3.0.7/xml/features,mvn:org.ops4j.pax.web/pax-web-features/3.2.9/xml/features,mvn:org.apache.karaf.features/spring/3.0.7/xml/features,mvn:org.opendaylight.integration/features-integration-index/0.5.2-Boron-SR2/xml/features +featuresRepositories = mvn:org.apache.karaf.features/standard/3.0.8/xml/features,mvn:org.apache.karaf.features/enterprise/3.0.8/xml/features,mvn:org.ops4j.pax.web/pax-web-features/3.2.9/xml/features,mvn:org.apache.karaf.features/spring/3.0.8/xml/features,mvn:org.opendaylight.integration/features-integration-index/0.6.1-SNAPSHOT/xml/features # # Comma separated list of features to install at startup # -featuresBoot=config,standard,region,package,kar,ssh,management,odl-restconf-all,odl-aaa-authn,odl-dlux-all,odl-ovsdb-openstack,odl-mdsal-apidocs,odl-dlux-core,odl-openflowplugin-nxm-extensions +featuresBoot=config,standard,region,package,kar,ssh,management,odl-restconf-all,odl-aaa-authn,odl-dlux-all,odl-netvirt-openstack,odl-mdsal-apidocs,odl-dlux-core,odl-dluxapps-nodes,odl-dluxapps-topology,odl-dluxapps-yangui,odl-dluxapps-yangvisualizer,odl-l2switch-switch,odl-l2switch-switch-ui,odl-ovsdb-hwvtepsouthbound-ui,odl-ovsdb-southbound-impl-ui,odl-netvirt-ui,odl-openflowplugin-flow-services-ui,odl-neutron-logger # # Defines if the boot features are started in asynchronous mode (in a dedicated thread) diff --git a/deploy/adapters/ansible/roles/odl_cluster/vars/Debian.yml b/plugins/odl_cluster/roles/odl_cluster/vars/Debian.yml index c78c5221..c78c5221 100755 --- a/deploy/adapters/ansible/roles/odl_cluster/vars/Debian.yml +++ b/plugins/odl_cluster/roles/odl_cluster/vars/Debian.yml diff --git a/deploy/adapters/ansible/roles/odl_cluster/vars/RedHat.yml b/plugins/odl_cluster/roles/odl_cluster/vars/RedHat.yml index a2e6d01d..a2e6d01d 100755 --- a/deploy/adapters/ansible/roles/odl_cluster/vars/RedHat.yml +++ b/plugins/odl_cluster/roles/odl_cluster/vars/RedHat.yml diff --git a/deploy/adapters/ansible/roles/odl_cluster/vars/main.yml b/plugins/odl_cluster/roles/odl_cluster/vars/main.yml index a968e3ec..42e1acb1 100755 --- a/deploy/adapters/ansible/roles/odl_cluster/vars/main.yml +++ b/plugins/odl_cluster/roles/odl_cluster/vars/main.yml @@ -11,11 +11,8 @@ odl_username: admin odl_password: admin odl_api_port: 8181 -# odl_pkg_url: https://nexus.opendaylight.org/content/groups/public/org/ -# opendaylight/integration/distribution-karaf/0.3.0-Lithium/ -# distribution-karaf-0.3.0-Lithium.tar.gz -odl_pkg_url: distribution-karaf-0.5.2-Boron-SR2.tar.gz -odl_pkg_name: distribution-karaf-0.5.2-Boron-SR2.tar.gz +odl_pkg_url: distribution-karaf-0.6.1-Carbon.tar.gz +odl_pkg_name: distribution-karaf-0.6.1-Carbon.tar.gz odl_home: "/opt/opendaylight/" odl_base_features: - config @@ -45,6 +42,11 @@ odl_extra_features: odl_features: "{{ odl_base_features + odl_extra_features }}" +sdn_package: http://artifacts.opnfv.org/compass4nfv/packages/master/sdn_package.tar.gz + +# yamllint disable rule:line-length +networking_odl_url: https://launchpad.net/networking-odl/4.0-ocata/4.0.0/+download/networking-odl-4.0.0.tar.gz +# yamllint enable rule:line-length jdk8_pkg_name: jdk-8u51-linux-x64.tar.gz jdk8_script_name: install_jdk8.tar @@ -53,4 +55,6 @@ common_packages_noarch: [] odl_pip: networking-odl-3.2.0 +networking_odl_version: 4.0.0 + networking_odl_pkg_name: networking-odl-3.2.0.tar.gz diff --git a/deploy/adapters/ansible/roles/database/tasks/main.yml b/plugins/odl_cluster/roles/setup-opendaylight/tasks/main.yml index f28da23b..3abca829 100644 --- a/deploy/adapters/ansible/roles/database/tasks/main.yml +++ b/plugins/odl_cluster/roles/setup-opendaylight/tasks/main.yml @@ -7,29 +7,19 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## --- -- include_vars: "{{ ansible_os_family }}.yml" - tags: - - test_mongo - - recovery -- include: mariadb_install.yml +- name: copy setup-odl.yml + template: + src: setup-odl.yml.j2 + dest: /opt/openstack-ansible/playbooks/setup-odl.yml -- include: mariadb_cluster.yml - tags: - - recovery +- name: copy odl_cluster role + copy: + src: /var/ansible/run/openstack_ocata-opnfv2/roles/odl_cluster + dest: /etc/ansible/roles/ -- include: mariadb_config.yml - when: - - inventory_hostname == haproxy_hosts.keys()[0] - -- include: mongodb_install.yml - tags: - - test_mongo - -- include: mongodb_config.yml - when: - - inventory_hostname == haproxy_hosts.keys()[0] - tags: - - test_mongo - -- meta: flush_handlers +- name: setup odl + shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_ocata-opnfv2/ansible.log; \ + cd /opt/openstack-ansible/playbooks; \ + openstack-ansible setup-odl.yml > /dev/null" + when: opendaylight is defined and opendaylight == "Enable" diff --git a/plugins/odl_cluster/roles/setup-opendaylight/templates/setup-odl.yml.j2 b/plugins/odl_cluster/roles/setup-opendaylight/templates/setup-odl.yml.j2 new file mode 100644 index 00000000..18446ce5 --- /dev/null +++ b/plugins/odl_cluster/roles/setup-opendaylight/templates/setup-odl.yml.j2 @@ -0,0 +1,12 @@ +--- + +- name: run opendaylight role + hosts: neutron_all | galera_container | network_hosts | repo_container + max_fail_percentage: 20 + user: root + roles: + - odl_cluster + vars: + - odl_l3_agent: "{{ odl_l3_agent }}" + tags: + - odl diff --git a/plugins/odl_sfc/plugins.desc b/plugins/odl_sfc/plugins.desc new file mode 100644 index 00000000..4658b3d2 --- /dev/null +++ b/plugins/odl_sfc/plugins.desc @@ -0,0 +1,63 @@ +# ############################################################## +# This is an example for add a plugin into Compass4nfv +# It illustrates how feature components can be integrated into Compass4nfv +# together with scenarios. +# +# +# More details can be found in the development document. +# ############################################################## +--- +plugin: + # plugin name,it is also as the switch to enable/disable plugin in scenario + # files + name: odl_sfc + + description: plugin introduce and description + maintainers: + - xueyifei@huawei.com + + # true: this plugin is deployed separately on a new node + # false: this plugin is deployed on controller or compute node + independent_hosts: false + + # artifact: packege download url for this plugin + artifacts: + url: + + # global_vars: + # define the parameters required by the plugin + # and its value will be defined and passed by compass4nfv + global_vars: + - xxx: yyy + - ntp_server: "pool.ntp.org" + + # orchestration + # A plugin can have mutiple components, each component may need to be + # installed on different inventory or have its own configuration. + # due to Compass4nfv currently only supports ansible, so each component + # of the installation and configuration script need to be use ansible. + # cm : congfiguration management tool : only ansible support + # role: each component corresponds to ansible script that locates in the same + # directory as plugin.desc. + # phrase: pre_openstack -- the component is installed after the OS + # provisioning, before the OpenStack deployment. + # phrase: post_openstack -- the component is installed before the OpenStack + # deployment. + # inventory: if the phrase is pre_openstack, inventory can be controller and + # compute. if the phrase is post_openstack, inventory can be get from the file + # openstack-ansible.inventory + orchestration: + cm: ansible + roles: + - role: sfc-pre + excute_after: rt_kvm + inventory: + - all + - role: sfc-pre-2 + excute_after: sfc-pre + inventory: + - localhost + - role: setup-sfc + excute_after: setup-openvswitch + inventory: + - localhost diff --git a/plugins/odl_sfc/roles/odl_cluster_sfc/files/opendaylight.service b/plugins/odl_sfc/roles/odl_cluster_sfc/files/opendaylight.service new file mode 100644 index 00000000..f4801a36 --- /dev/null +++ b/plugins/odl_sfc/roles/odl_cluster_sfc/files/opendaylight.service @@ -0,0 +1,20 @@ +[Unit] +Description=OpenDaylight +After= + + +[Service] +User=root +Group=root +Type=simple +WorkingDirectory=/opt/opendaylight +PermissionsStartOnly=true +ExecStartPre= +ExecStart=/usr/lib/jvm/java-8-oracle/bin/java -Djava.security.properties=/opt/opendaylight/etc/odl.java.security -server -Xms128M -Xmx2048m -XX:+UnlockDiagnosticVMOptions -XX:+UnsyncloadClass -XX:+HeapDumpOnOutOfMemoryError -Dcom.sun.management.jmxremote -Djava.security.egd=file:/dev/./urandom -Djava.endorsed.dirs=/usr/lib/jvm/java-8-oracle/jre/lib/endorsed:/usr/lib/jvm/java-8-oracle/lib/endorsed:/opt/opendaylight/lib/endorsed -Djava.ext.dirs=/usr/lib/jvm/java-8-oracle/jre/lib/ext:/usr/lib/jvm/java-8-oracle/lib/ext:/opt/opendaylight/lib/ext -Dkaraf.instances=/opt/opendaylight/instances -Dkaraf.home=/opt/opendaylight -Dkaraf.base=/opt/opendaylight -Dkaraf.data=/opt/opendaylight/data -Dkaraf.etc=/opt/opendaylight/etc -Djava.io.tmpdir=/opt/opendaylight/data/tmp -Djava.util.logging.config.file=/opt/opendaylight/etc/java.util.logging.properties -Dkaraf.startLocalConsole=false -Dkaraf.startRemoteShell=true -classpath /opt/opendaylight/lib/karaf.branding-1.8.1-SNAPSHOT.jar:/opt/opendaylight/lib/karaf-jaas-boot.jar:/opt/opendaylight/lib/karaf.jar:/opt/opendaylight/lib/karaf-org.osgi.core.jar org.apache.karaf.main.Main +Restart=on-failure +LimitNOFILE=65535 +TimeoutStopSec=15 + +[Install] +WantedBy=multi-user.target + diff --git a/plugins/odl_sfc/roles/odl_cluster_sfc/files/sfc.conf b/plugins/odl_sfc/roles/odl_cluster_sfc/files/sfc.conf new file mode 100644 index 00000000..acf2e2f4 --- /dev/null +++ b/plugins/odl_sfc/roles/odl_cluster_sfc/files/sfc.conf @@ -0,0 +1,9 @@ +[DEFAULT] + +service_plugins = odl-router,metering,networking_sfc.services.sfc.plugin.SfcPlugin,networking_sfc.services.flowclassifier.plugin.FlowClassifierPlugin + +[sfc] +drivers = odl + +[flowclassifier] +drivers = odl diff --git a/deploy/adapters/ansible/roles/ceilometer_controller/vars/main.yml b/plugins/odl_sfc/roles/odl_cluster_sfc/handlers/main.yml index 209e1e00..2650d072 100644 --- a/deploy/adapters/ansible/roles/ceilometer_controller/vars/main.yml +++ b/plugins/odl_sfc/roles/odl_cluster_sfc/handlers/main.yml @@ -7,5 +7,5 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## --- -packages_noarch: [] -metering_secret: 1c5df72079b31fb47747 +- name: restart odl service + service: name=opendaylight state=restarted diff --git a/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/control-agents-1.yml b/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/control-agents-1.yml new file mode 100644 index 00000000..dc071cc7 --- /dev/null +++ b/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/control-agents-1.yml @@ -0,0 +1,39 @@ +--- + +- name: install crudini + package: + name: crudini + state: latest + +- name: install networking-odl + pip: + name: networking-odl + version: "{{ networking_odl_version }}" + virtualenv: /openstack/venvs/neutron-15.1.4 + +- name: configure vsctl for dhcp agent + shell: | + crudini --set /etc/neutron/dhcp_agent.ini OVS \ + ovsdb_interface vsctl; + when: + - inventory_hostname not in groups['nova_compute'] + +- name: configure vsctl for l3 agent + shell: | + crudini --set /etc/neutron/l3_agent.ini OVS \ + ovsdb_interface vsctl; + when: odl_l3_agent == "Disable" and inventory_hostname not in groups['nova_compute'] + +- name: stop neutron l3 agent + service: name=neutron-l3-agent state=stopped enabled=no + when: odl_l3_agent == "Enable" and inventory_hostname not in groups['nova_compute'] + +- name: shut down and disable Neutron's openvswitch agent services + service: name={{ service_ovs_agent_name }} state=stopped enabled=no + +- name: Stop the Open vSwitch service and clear existing OVSDB + shell: > + service {{ service_ovs_name }} stop ; + rm -rf /var/log/openvswitch/* ; + rm -rf /etc/openvswitch/conf.db ; + service {{ service_ovs_name }} start ; diff --git a/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/control-agents-2.yml b/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/control-agents-2.yml new file mode 100644 index 00000000..f53a3ac8 --- /dev/null +++ b/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/control-agents-2.yml @@ -0,0 +1,87 @@ +--- + +- name: set opendaylight as the manager + command: | + su -s /bin/sh -c "ovs-vsctl set-manager tcp:{{ internal_lb_vip_address }}:6640;" + +- name: check br-int + shell: | + ovs-vsctl list-br | grep br-int; while [ $? -ne 0 ]; do sleep 10; \ + ovs-vsctl list-br | grep br-int; done + +# yamllint disable rule:line-length +- name: set local ip in openvswitch + shell: | + ovs-vsctl set Open_vSwitch $(ovs-vsctl show | head -n 1) \ + other_config={'local_ip'=' {{ hostvars[inventory_hostname]['container_networks']['tunnel_address']['address'] }} '}; + when: inventory_hostname not in groups['nova_compute'] + +- name: set local ip in openvswitch + shell: | + ovs-vsctl set Open_vSwitch $(ovs-vsctl show | head -n 1) \ + other_config={'local_ip'=' {{ hostvars[inventory_hostname]['ansible_br_vxlan']['ipv4']['address'] }} '}; + when: inventory_hostname in groups['nova_compute'] +# yamllint enable rule:line-length + +- name: Setup br-provider + openvswitch_bridge: + bridge: br-provider + state: present + when: + - inventory_hostname not in groups['nova_compute'] + - odl_l3_agent == "Disable" + +- name: add ovs uplink + openvswitch_port: + bridge: br-provider + port: "eth12" + state: present + when: + - inventory_hostname not in groups['nova_compute'] + - odl_l3_agent == "Disable" + +- name: set external nic in openvswitch + shell: | + ovs-vsctl set Open_vSwitch $(ovs-vsctl show | head -n 1) \ + other_config:provider_mappings=physnet:br-provider + when: + - odl_l3_agent == "Disable" + - inventory_hostname not in groups['nova_compute'] + +- name: set external nic in openvswitch + shell: | + ovs-vsctl set Open_vSwitch $(ovs-vsctl show | head -n 1) \ + other_config:provider_mappings=physnet:eth12 + when: + - odl_l3_agent == "Enable" + +- name: Set host OVS configurations + command: | + /openstack/venvs/neutron-15.1.4/bin/neutron-odl-ovs-hostconfig \ + --datapath_type=system --bridge_mappings=physnet:br-provider + when: + - inventory_hostname not in groups['nova_compute'] + - odl_l3_agent == "Disable" + +- name: Set host OVS configurations + command: | + /openstack/venvs/neutron-15.1.4/bin/neutron-odl-ovs-hostconfig + --datapath_type=system --bridge_mappings=physnet:eth12 + when: + - inventory_hostname not in groups['nova_compute'] + - odl_l3_agent == "Enable" + +- name: Set host OVS configurations + command: | + /openstack/venvs/neutron-15.1.4/bin/neutron-odl-ovs-hostconfig --datapath_type=system + when: + - inventory_hostname in groups['nova_compute'] + - odl_l3_agent == "Disable" + +- name: Set host OVS configurations + command: | + /openstack/venvs/neutron-15.1.4/bin/neutron-odl-ovs-hostconfig + --datapath_type=system --bridge_mappings=physnet:eth12 + when: + - inventory_hostname in groups['nova_compute'] + - odl_l3_agent == "Enable" diff --git a/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/control-agents-3.yml b/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/control-agents-3.yml new file mode 100644 index 00000000..68446a83 --- /dev/null +++ b/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/control-agents-3.yml @@ -0,0 +1,42 @@ +--- + +- name: configure opendaylight -> ml2 + shell: > + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers opendaylight_v2; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs enable_tunneling "True"; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs bridge_mappings physnet:br-provider; + +- name: configure bridge_mappings for L3 + shell: | + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs bridge_mappings physnet:eth12; + when: odl_l3_agent == "Enable" + +- name: configure external bridge name for L2 + shell: | + crudini --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge br-provider; + when: odl_l3_agent == "Disable" + +- name: configure opendaylight in ml2 + shell: | + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_odl username admin; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_odl password admin; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_odl url \ + http://{{ internal_lb_vip_address }}:8080/controller/nb/v2/neutron; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_odl port_binding_controller \ + pseudo-agentdb-binding; + +- name: configure metadata for l3 configuration + shell: | + crudini --set /etc/neutron/dhcp_agent.ini DEFAULT \ + enable_isolated_metadata "True"; + when: + - inventory_hostname not in groups['nova_compute'] + +- name: force metadata for l3 configuration + shell: | + crudini --set /etc/neutron/dhcp_agent.ini DEFAULT \ + force_metadata "True"; + when: + - inventory_hostname not in groups['nova_compute'] diff --git a/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/control-db-1.yml b/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/control-db-1.yml new file mode 100644 index 00000000..3cef9792 --- /dev/null +++ b/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/control-db-1.yml @@ -0,0 +1,8 @@ +--- + +- name: drop and recreate neutron database + shell: | + mysql -e "drop database if exists neutron;"; + mysql -e "create database neutron character set utf8;"; + mysql -e "grant all on neutron.* to 'neutron'@'%' identified by \ + '{{ neutron_container_mysql_password }}';"; diff --git a/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/control-hosts-1.yml b/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/control-hosts-1.yml new file mode 100644 index 00000000..6879340e --- /dev/null +++ b/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/control-hosts-1.yml @@ -0,0 +1,100 @@ +--- + +- name: check sdn_package cache + stat: + path=/opt/sdn_package.tar.gz + register: sdn_cache # Todo: remove hard code and add md5 check + +- name: debug + debug: msg="{{ sdn_cache }}" + +- name: get sdn_package + get_url: + url: "{{ sdn_package }}" + dest: /opt/ + when: sdn_cache.stat.exists != 'true' + +- name: create odl group + group: name=odl system=yes state=present + +- name: create odl user + user: + name: odl + group: odl + home: "{{ odl_home }}" + createhome: "yes" + system: "yes" + shell: "/bin/false" + +- name: clear sdn_package + command: su -s /bin/sh -c "rm -rf /opt/sdn_package" + +- name: clear jdk8 package + command: su -s /bin/sh -c "rm -rf /opt/install_jdk8" + +- name: unarchive sdn_package + command: su -s /bin/sh -c "tar xzf /opt/sdn_package.tar.gz -C /opt/" + +- name: copy java package + command: su -s /bin/sh -c "cp /opt/sdn_package/java/jdk-8u51-linux-x64.tar.gz /opt/" + +- name: unarchive java_install package + command: su -s /bin/sh -c "tar xvf /opt/sdn_package/java/install_jdk8.tar -C /opt/" + +- name: install java + command: su -s /bin/sh -c "/opt/install_jdk8/install_jdk8.sh" + +- name: clear odl package + command: su -s /bin/sh -c "rm -rf {{ odl_home }}*" + +- name: extract odl package + command: | + su -s /bin/sh -c "tar xzf /opt/sdn_package/odl/{{ odl_pkg_name }} -C {{ odl_home }} \ + --strip-components 1" odl + +- name: opendaylight system file + copy: + src: "{{ service_file.src }}" + dest: "{{ service_file.dst }}" + mode: 0755 + +- name: set l3 fwd enable in custom.properties + template: + src: custom.properties + dest: "{{ odl_home }}/etc/custom.properties" + owner: odl + group: odl + mode: 0775 + when: odl_l3_agent == "Enable" + +- name: create karaf config + template: + src: org.apache.karaf.features.cfg + dest: "{{ odl_home }}/etc/org.apache.karaf.features.cfg" + owner: odl + group: odl + mode: 0775 + +- name: copy acl configuration script + template: + src: acl_conf.sh + dest: "/opt/acl_conf.sh" + mode: 0777 + +- name: execute acl configuration script + command: su -s /bin/sh -c "/opt/acl_conf.sh;" odl + +- name: create jetty config + shell: > + sed -i 's/default="8181"/default="8081"/' + {{ odl_home }}etc/jetty.xml + +- name: create tomcat config + shell: > + sed -i 's/port="8282"/port="8081"/' + {{ odl_home }}configuration/tomcat-server.xml + +- name: remove karaf data directory + file: + path: "{{ odl_home }}data" + state: absent diff --git a/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/control-hosts-2.yml b/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/control-hosts-2.yml new file mode 100644 index 00000000..b8d9403a --- /dev/null +++ b/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/control-hosts-2.yml @@ -0,0 +1,23 @@ +--- + +- name: chown opendaylight directory and files + shell: > + chown -R odl:odl "{{ odl_home }}"; + chown odl:odl "{{ service_file.dst }}"; + +- name: start opendaylight + service: name=opendaylight state=started + when: ansible_os_family == "Debian" + +- name: set opendaylight autostart + shell: chkconfig opendaylight on + when: ansible_os_family == "RedHat" + +- name: start opendaylight + shell: service opendaylight start + when: ansible_os_family == "RedHat" + +- name: check if opendaylight running + shell: | + netstat -lpen --tcp | grep java | grep 6653; + while [ $? -ne 0 ]; do sleep 10; netstat -lpen --tcp | grep java | grep 6653; done diff --git a/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/control-repos-1.yml b/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/control-repos-1.yml new file mode 100644 index 00000000..2e58e141 --- /dev/null +++ b/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/control-repos-1.yml @@ -0,0 +1,27 @@ +--- + +- name: download networking-odl + get_url: + url: "{{ odl_pip }}" + dest: /var/www/repo/os-releases/15.1.4/ubuntu-16.04-x86_64 + +- name: download networking-sfc + shell: | + mkdir -p /opt/tmp + pip install networking-sfc==4.0.0 -d /opt/tmp/ + cp /opt/tmp/networking* /var/www/repo/os-releases/15.1.4/ubuntu-16.04-x86_64/ + rm -rf /opt/tmp + when: + - odl_sfc == "Enable" + - inventory_hostname in groups['repo_container'][0] + +- name: patch networking-odl to fix a bug + shell: | + cd /var/www/repo/os-releases/15.1.4/ubuntu-16.04-x86_64/ + tar -zxf networking-odl-4.0.0.tar.gz # hard code, need to modify + rm -rf networking-odl-4.0.0.tar.gz + sed -i 's/^Babel.*/Babel!=2.4.0,>=2.3.4/' networking-odl-4.0.0/requirements.txt + tar -zcf networking-odl-4.0.0.tar.gz networking-odl-4.0.0/ + rm -rf networking-odl-4.0.0/ + pip install networking-odl-4.0.0.tar.gz -d ./ + cd - diff --git a/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/control-servers-1.yml b/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/control-servers-1.yml new file mode 100644 index 00000000..e2dd128d --- /dev/null +++ b/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/control-servers-1.yml @@ -0,0 +1,22 @@ +--- + +- name: install crudini + package: + name: crudini + state: latest + +- name: install networking-odl + pip: + name: networking-odl + version: "{{ networking_odl_version }}" + virtualenv: /openstack/venvs/neutron-15.1.4 # Todo: hardcode, need to modify + +- name: install networking-sfc + pip: + name: networking-sfc + version: "4.0.0" + virtualenv: /openstack/venvs/neutron-15.1.4 + when: odl_sfc == "Enable" + +- name: turn off neutron-server on control node + service: name=neutron-server state=stopped diff --git a/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/control-servers-2.yml b/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/control-servers-2.yml new file mode 100644 index 00000000..5d743382 --- /dev/null +++ b/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/control-servers-2.yml @@ -0,0 +1,49 @@ +--- + +- name: configure odl l3 driver + shell: | + crudini --set /etc/neutron/neutron.conf DEFAULT service_plugins \ + odl-router,metering; + when: odl_l3_agent == "Enable" + +- name: configure opendaylight -> ml2 + shell: > + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers opendaylight_v2; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs enable_tunneling "True"; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs bridge_mappings physnet:br-provider; + +- name: configure bridge_mappings for L3 + shell: | + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs bridge_mappings physnet:eth12; + when: odl_l3_agent == "Enable" + +- name: turn off l3 ha for odl l2 + shell: | + crudini --set /etc/neutron/neutron.conf DEFAULT l3_ha "False"; + when: odl_l3_agent == "Disable" + +- name: configure opendaylight in ml2 + shell: | + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_odl username admin; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_odl password admin; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_odl url \ + http://{{ internal_lb_vip_address }}:8080/controller/nb/v2/neutron; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_odl port_binding_controller \ + pseudo-agentdb-binding; + +- name: copy sfc.conf + copy: + src: "{{ sfc_plugins.src }}" + dest: "{{ sfc_plugins.dst }}" + mode: 0755 + when: odl_sfc == "Enable" + +- name: Configure SFC driver + shell: crudini --merge /etc/neutron/neutron.conf < /opt/sfc.conf + when: odl_sfc == "Enable" + +- name: delete sfc.conf + shell: rm -rf {{ sfc_plugins.dst }} + when: odl_sfc == "Enable" diff --git a/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/control-servers-3.yml b/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/control-servers-3.yml new file mode 100644 index 00000000..0c11e36f --- /dev/null +++ b/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/control-servers-3.yml @@ -0,0 +1,28 @@ +--- + +- name: Perform a Neutron DB online upgrade + command: | + /openstack/venvs/neutron-15.1.4/bin/neutron-db-manage + --config-file /etc/neutron/neutron.conf + --config-file /etc/neutron/plugins/ml2/ml2_conf.ini + upgrade --expand + become: "yes" + become_user: "neutron" + +- name: Perform a Neutron DB offline upgrade + command: | + /openstack/venvs/neutron-15.1.4/bin/neutron-db-manage + --config-file /etc/neutron/neutron.conf + --config-file /etc/neutron/plugins/ml2/ml2_conf.ini + upgrade --contract + become: "yes" + become_user: "neutron" + +- name: SFC DB upgrade + command: | + /openstack/venvs/neutron-15.1.4/bin/neutron-db-manage + --subproject networking-sfc + upgrade head + become: "yes" + become_user: "neutron" + when: odl_sfc == "Enable" diff --git a/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/control-utility-1.yml b/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/control-utility-1.yml new file mode 100644 index 00000000..613c796b --- /dev/null +++ b/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/control-utility-1.yml @@ -0,0 +1,7 @@ +--- + +- name: Install networking-sfc for CLI + pip: + name: networking-sfc + version: "4.0.0" + when: odl_sfc == "Enable" diff --git a/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/main.yml b/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/main.yml new file mode 100644 index 00000000..91fc71fa --- /dev/null +++ b/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/main.yml @@ -0,0 +1,44 @@ +--- + +- include_vars: "{{ ansible_os_family }}.yml" + +- include: control-hosts-1.yml + when: inventory_hostname in groups['network_hosts'] # Todo: modify to odl_hosts + +- include: control-repos-1.yml + vars: + odl_pip: "{{ networking_odl_url }}" + when: inventory_hostname in groups['repo_container'] + +- include: control-servers-1.yml + when: inventory_hostname in groups['neutron_server'] + +- include: control-utility-1.yml + when: + - inventory_hostname in groups['utility'] + - odl_sfc == "Enable" + +- include: control-agents-1.yml + when: inventory_hostname in groups['neutron_openvswitch_agent'] + +- include: control-hosts-2.yml + when: inventory_hostname in groups['network_hosts'] # Todo: modify to odl_hosts + +- include: control-agents-2.yml + when: inventory_hostname in groups['neutron_openvswitch_agent'] + +- include: control-servers-2.yml + when: inventory_hostname in groups['neutron_server'] + +- include: control-agents-3.yml + when: inventory_hostname in groups['neutron_openvswitch_agent'] + +- include: control-db-1.yml + when: inventory_hostname == groups['galera_container'][0] + +- include: control-servers-3.yml + when: + - inventory_hostname in groups['neutron_server'][0] + - inventory_hostname not in groups['network_hosts'] + +- include: odl-post.yml diff --git a/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/odl-post.yml b/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/odl-post.yml new file mode 100644 index 00000000..9f1cb79e --- /dev/null +++ b/plugins/odl_sfc/roles/odl_cluster_sfc/tasks/odl-post.yml @@ -0,0 +1,34 @@ +--- + +- name: restart neutron-server + service: name=neutron-server state=restarted enabled=yes + when: inventory_hostname in groups['neutron_server'] + +- name: restart neutron-l3-agent server + service: name=neutron-l3-agent state=restarted + when: + - odl_l3_agent == "Disable" + - inventory_hostname in groups['neutron_openvswitch_agent'] + - inventory_hostname not in groups['nova_compute'] + +- name: restart neutron-dhcp-agent server + service: name=neutron-dhcp-agent state=restarted + when: + - inventory_hostname in groups['neutron_openvswitch_agent'] + - inventory_hostname not in groups['nova_compute'] + +- name: restart neutron-metadata-agent server + service: name=neutron-metadata-agent state=restarted + when: + - inventory_hostname in groups['neutron_openvswitch_agent'] + - inventory_hostname not in groups['nova_compute'] + +- name: remove karaf data directory + file: + path: "{{ odl_home }}data" + state: absent + when: inventory_hostname in groups['network_hosts'] + +- name: restart opendaylight + shell: sleep 60; service opendaylight restart; sleep 60; + when: inventory_hostname in groups['network_hosts'] diff --git a/plugins/odl_sfc/roles/odl_cluster_sfc/templates/acl_conf.sh b/plugins/odl_sfc/roles/odl_cluster_sfc/templates/acl_conf.sh new file mode 100644 index 00000000..4962a17c --- /dev/null +++ b/plugins/odl_sfc/roles/odl_cluster_sfc/templates/acl_conf.sh @@ -0,0 +1,12 @@ +############################################################################## +# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +mkdir -p {{ odl_home }}etc/opendaylight/datastore/initial/config/ +CONFFILE=$(find {{ odl_home }} -name "*aclservice*config.xml") +cp $CONFFILE {{ odl_home }}etc/opendaylight/datastore/initial/config/netvirt-aclservice-config.xml +sed -i s/stateful/transparent/ {{ odl_home }}etc/opendaylight/datastore/initial/config/netvirt-aclservice-config.xml diff --git a/plugins/odl_sfc/roles/odl_cluster_sfc/templates/custom.properties b/plugins/odl_sfc/roles/odl_cluster_sfc/templates/custom.properties new file mode 100644 index 00000000..f103c1b8 --- /dev/null +++ b/plugins/odl_sfc/roles/odl_cluster_sfc/templates/custom.properties @@ -0,0 +1,105 @@ +# Extra packages to import from the boot class loader +org.osgi.framework.system.packages.extra=org.apache.karaf.branding,sun.reflect,sun.reflect.misc,sun.misc,sun.nio.ch,com.sun.media.sound + +# https://bugs.eclipse.org/bugs/show_bug.cgi?id=325578 +# Extend the framework to avoid the resources to be presented with +# a URL of type bundleresource: but to be presented as file: +osgi.hook.configurators.include=org.eclipse.virgo.kernel.equinox.extensions.hooks.ExtensionsHookConfigurator + +# Embedded Tomcat configuration File +org.eclipse.gemini.web.tomcat.config.path=configuration/tomcat-server.xml +org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true + +# Use Equinox as default OSGi Framework Implementation +karaf.framework=equinox + +# Show a progress bar on startup and start the console when all bundles are up and running. +# (If you are in a hurry you can still type enter to start the shell faster.) +karaf.delay.console=true + +# Set security provider to BouncyCastle +org.apache.karaf.security.providers = org.bouncycastle.jce.provider.BouncyCastleProvider + +# We set this to false to disable the Aries BlueprintExtender from doing its orderly container +# shutdown so we can do it after the CSS has shut down all its modules. Otherwise Aries will +# shutdown blueprint containers when the karaf framework starts shutdown (ie when bundle 0 is +# stopped) which can cause failures on CSS module shutdown due to the core blueprint containers +# and services already being shut down. This setting can be removed when/if CSS is removed +# completely from ODL. +org.apache.aries.blueprint.preemptiveShutdown=false + +netconf.config.persister.active=1 + +netconf.config.persister.1.storageAdapterClass=org.opendaylight.controller.config.persist.storage.file.xml.XmlFileStorageAdapter +netconf.config.persister.1.properties.fileStorage=etc/opendaylight/current/controller.currentconfig.xml +netconf.config.persister.1.properties.numberOfBackups=1 + +# logback configuration +logback.configurationFile=configuration/logback.xml + +# Container configuration +container.profile = Container + +# Connection manager configuration +connection.scheme = ANY_CONTROLLER_ONE_MASTER + +# OVSDB configuration +# ovsdb plugin supports both active and passive connections. It listens on port 6640 by default for Active connections. +ovsdb.listenPort=6640 + +# ovsdb creates Openflow nodes/bridges. This configuration configures the bridge's Openflow version. +# default Openflow version = 1.0, we also support 1.3. +# ovsdb.of.version=1.3 + +# ovsdb can be configured with ml2 to perform l3 forwarding. The config below enables that functionality, which is +# disabled by default. +ovsdb.l3.fwd.enabled=yes + +# ovsdb can be configured with ml2 to perform arp responder, enabled by default. +ovsdb.l3.arp.responder.disabled=no + +# ovsdb can be configured with ml2 to perform l3 forwarding. When used in that scenario, the mac address of the default +# gateway --on the external subnet-- is expected to be resolved from its inet address. The config below overrides that +# specific arp/neighDiscovery lookup. +# ovsdb.l3gateway.mac=00:00:5E:00:02:01 + +# TLS configuration +# To enable TLS, set secureChannelEnabled=true and specify the location of controller Java KeyStore and TrustStore files. +# The Java KeyStore contains controller's private key and certificate. The Java TrustStore contains the trusted certificate +# entries, including switches' Certification Authority (CA) certificates. For example, +# secureChannelEnabled=true +# controllerKeyStore=./configuration/ctlKeyStore +# controllerKeyStorePassword=xxxxxxxx (this password should match the password used for KeyStore generation and at least 6 characters) +# controllerTrustStore=./configuration/ctlTrustStore +# controllerTrustStorePassword=xxxxxxxx (this password should match the password used for TrustStore generation and at least 6 characters) + +secureChannelEnabled=false +controllerKeyStore= +controllerKeyStorePassword= +controllerTrustStore= +controllerTrustStorePassword= + +# User Manager configurations +enableStrongPasswordCheck = false + +#Jolokia configurations +#org.jolokia.listenForHttpService=false + +# Logging configuration for Tomcat-JUL logging +java.util.logging.config.file=configuration/tomcat-logging.properties + +#Hosttracker hostsdb key scheme setting +hosttracker.keyscheme=IP + +# LISP Flow Mapping configuration +# Enable merging RLOC sets received from different xTR-IDs for the same EID (default: false) +lisp.mappingMerge = false +# Enable the Solicit-Map-Request (SMR) mechanism (default: true) +lisp.smr = true +# Choose policy for Explicit Locator Path (ELP) handling +# There are three options: +# default: don't add or remove locator records, return mapping as-is +# both: keep the ELP, but add the next hop as a standalone non-LCAF locator with a lower priority +# replace: remove the ELP, add the next hop as a standalone non-LCAF locator +lisp.elpPolicy = default + diff --git a/deploy/adapters/ansible/roles/onos_cluster/templates/ml2_conf.sh b/plugins/odl_sfc/roles/odl_cluster_sfc/templates/ml2_conf.sh index 8af03df4..0d42e48b 100755..100644 --- a/deploy/adapters/ansible/roles/onos_cluster/templates/ml2_conf.sh +++ b/plugins/odl_sfc/roles/odl_cluster_sfc/templates/ml2_conf.sh @@ -7,9 +7,8 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## cat <<EOT>> /etc/neutron/plugins/ml2/ml2_conf.ini -[onos] +[ml2_odl] password = admin username = admin -url_path = http://{{ ip_settings[groups['onos'][0]]['mgmt']['ip'] }}:8181/onos/vtn +url = http://{{ internal_vip.ip }}:8080/controller/nb/v2/neutron EOT - diff --git a/deploy/adapters/ansible/roles/odl_cluster/templates/org.apache.karaf.features.cfg.Redhat b/plugins/odl_sfc/roles/odl_cluster_sfc/templates/org.apache.karaf.features.cfg index 3ffe830e..b07e028f 100755 --- a/deploy/adapters/ansible/roles/odl_cluster/templates/org.apache.karaf.features.cfg.Redhat +++ b/plugins/odl_sfc/roles/odl_cluster_sfc/templates/org.apache.karaf.features.cfg @@ -36,14 +36,19 @@ # # Comma separated list of features repositories to register by default # -featuresRepositories = mvn:org.apache.karaf.features/standard/3.0.7/xml/features,mvn:org.apache.karaf.features/enterprise/3.0.7/xml/features,mvn:org.ops4j.pax.web/pax-web-features/3.2.9/xml/features,mvn:org.apache.karaf.features/spring/3.0.7/xml/features,mvn:org.opendaylight.integration/features-integration-index/0.5.2-Boron-SR2/xml/features +featuresRepositories = mvn:org.apache.karaf.features/standard/3.0.8/xml/features,mvn:org.apache.karaf.features/enterprise/3.0.8/xml/features,mvn:org.ops4j.pax.web/pax-web-features/3.2.9/xml/features,mvn:org.apache.karaf.features/spring/3.0.8/xml/features,mvn:org.opendaylight.integration/features-integration-index/0.6.1-SNAPSHOT/xml/features # # Comma separated list of features to install at startup # -featuresBoot=config,standard,region,package,kar,ssh,management,odl-restconf-all,odl-aaa-authn,odl-dlux-all,odl-ovsdb-openstack,odl-mdsal-apidocs,odl-dlux-core,odl-openflowplugin-nxm-extensions +featuresBoot=config,standard,region,package,kar,ssh,management,odl-restconf-all,odl-aaa-authn,odl-dlux-all,odl-netvirt-openstack,odl-mdsal-apidocs,odl-dlux-core,odl-dluxapps-nodes,odl-dluxapps-topology,odl-dluxapps-yangui,odl-dluxapps-yangvisualizer,odl-l2switch-switch,odl-l2switch-switch-ui,odl-ovsdb-hwvtepsouthbound-ui,odl-ovsdb-southbound-impl-ui,odl-netvirt-ui,odl-openflowplugin-flow-services-ui,odl-neutron-logger,odl-netvirt-sfc # # Defines if the boot features are started in asynchronous mode (in a dedicated thread) # featuresBootAsynchronous=false + +# +# Store cfg file for config element in feature +# +#configCfgStore=true diff --git a/deploy/adapters/ansible/roles/onos_cluster/vars/Debian.yml b/plugins/odl_sfc/roles/odl_cluster_sfc/vars/Debian.yml index 59a4dbd9..c78c5221 100755..100644 --- a/deploy/adapters/ansible/roles/onos_cluster/vars/Debian.yml +++ b/plugins/odl_sfc/roles/odl_cluster_sfc/vars/Debian.yml @@ -7,8 +7,15 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## --- -packages: - - software-properties-common + +common_packages: - crudini -services: [] +service_ovs_name: openvswitch-switch +service_ovs_agent_name: neutron-openvswitch-agent + +service_file: + src: opendaylight.service + dst: /lib/systemd/system/opendaylight.service + +# networking_odl_pkg_name: networking-odl-3.2.0.tar.gz diff --git a/deploy/adapters/ansible/roles/tacker/vars/Debian.yml b/plugins/odl_sfc/roles/odl_cluster_sfc/vars/RedHat.yml index 039e1680..a2e6d01d 100755..100644 --- a/deploy/adapters/ansible/roles/tacker/vars/Debian.yml +++ b/plugins/odl_sfc/roles/odl_cluster_sfc/vars/RedHat.yml @@ -7,13 +7,13 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## --- -packages: - - software-properties-common + +common_packages: - crudini -services: [] +service_ovs_name: openvswitch +service_ovs_agent_name: neutron-openvswitch-agent -heat_services: - - heat-api - - heat-api-cfn - - heat-engine +service_file: + src: opendaylight.service + dst: /lib/systemd/system/opendaylight.service diff --git a/plugins/odl_sfc/roles/odl_cluster_sfc/vars/main.yml b/plugins/odl_sfc/roles/odl_cluster_sfc/vars/main.yml new file mode 100644 index 00000000..a9466ea0 --- /dev/null +++ b/plugins/odl_sfc/roles/odl_cluster_sfc/vars/main.yml @@ -0,0 +1,65 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +odl_username: admin +odl_password: admin +odl_api_port: 8181 + +# odl_sfc +sfc_plugins: + src: sfc.conf + dst: /opt/sfc.conf + +odl_pkg_url: distribution-karaf-0.6.1-Carbon.tar.gz +odl_pkg_name: distribution-karaf-0.6.1-Carbon.tar.gz +odl_home: "/opt/opendaylight/" +odl_base_features: + - config + - standard + - region + - package + - kar + - ssh + - management + - odl-restconf + - odl-l2switch-switch + - odl-openflowplugin-all + - odl-mdsal-apidocs + - odl-dlux-all + - odl-adsal-northbound + - odl-nsf-all + - odl-ovsdb-openstack + - odl-ovsdb-northbound + - odl-dlux-core + +odl_extra_features: + - odl-restconf-all + - odl-mdsal-clustering + - odl-openflowplugin-flow-services + - http + - jolokia-osgi + +odl_features: "{{ odl_base_features + odl_extra_features }}" + +sdn_package: http://artifacts.opnfv.org/compass4nfv/packages/master/sdn_package.tar.gz + +# yamllint disable rule:line-length +networking_odl_url: https://launchpad.net/networking-odl/4.0-ocata/4.0.0/+download/networking-odl-4.0.0.tar.gz +# yamllint enable rule:line-length + +jdk8_pkg_name: jdk-8u51-linux-x64.tar.gz +jdk8_script_name: install_jdk8.tar + +common_packages_noarch: [] + +odl_pip: networking-odl-3.2.0 + +networking_odl_version: 4.0.0 + +networking_odl_pkg_name: networking-odl-3.2.0.tar.gz diff --git a/plugins/odl_sfc/roles/setup-sfc/files/setup-odl.yml.j2 b/plugins/odl_sfc/roles/setup-sfc/files/setup-odl.yml.j2 new file mode 100644 index 00000000..0d0cbe90 --- /dev/null +++ b/plugins/odl_sfc/roles/setup-sfc/files/setup-odl.yml.j2 @@ -0,0 +1,13 @@ +--- + +- name: run opendaylight role + hosts: neutron_all | galera_container | network_hosts | repo_container | utility + max_fail_percentage: 20 + user: root + roles: + - odl_cluster + vars: + - odl_l3_agent: "{{ odl_l3_agent }}" + - odl_sfc: "{{ odl_sfc }}" + tags: + - odl diff --git a/deploy/adapters/ansible/roles/cinder-volume/vars/main.yml b/plugins/odl_sfc/roles/setup-sfc/tasks/main.yml index e564e6c5..c4c01987 100644 --- a/deploy/adapters/ansible/roles/cinder-volume/vars/main.yml +++ b/plugins/odl_sfc/roles/setup-sfc/tasks/main.yml @@ -7,7 +7,6 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## --- -packages_noarch: - - lvm2 -services_noarch: [] +- include: setup_sfc.yml + when: odl_sfc is defined and odl_sfc == "Enable" diff --git a/plugins/odl_sfc/roles/setup-sfc/tasks/setup_sfc.yml b/plugins/odl_sfc/roles/setup-sfc/tasks/setup_sfc.yml new file mode 100644 index 00000000..9fa9175f --- /dev/null +++ b/plugins/odl_sfc/roles/setup-sfc/tasks/setup_sfc.yml @@ -0,0 +1,30 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +# yamllint disable rule:line-length +- name: clear setup-odl.yml.j2 + file: + path: "/var/ansible/run/openstack_ocata-opnfv2/roles/setup-opendaylight/templates/setup-odl.yml.j2" + state: absent +# yamllint enable rule:line-length + +- name: override setup-odl.yml.j2 + copy: + src: setup-odl.yml.j2 + dest: "/var/ansible/run/openstack_ocata-opnfv2/roles/setup-opendaylight/templates/" + +- name: clear odl_cluster for sfc + file: + path: "/var/ansible/run/openstack_ocata-opnfv2/roles/odl_cluster" + state: absent + +- name: copy odl_cluster role + shell: | + cp -r /var/ansible/run/openstack_ocata-opnfv2/roles/odl_cluster_sfc \ + /var/ansible/run/openstack_ocata-opnfv2/roles/odl_cluster diff --git a/deploy/adapters/ansible/roles/cinder-controller/vars/main.yml b/plugins/odl_sfc/roles/sfc-pre-2/tasks/main.yml index ebde9470..c4c01987 100644 --- a/deploy/adapters/ansible/roles/cinder-controller/vars/main.yml +++ b/plugins/odl_sfc/roles/sfc-pre-2/tasks/main.yml @@ -7,7 +7,6 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## --- -packages_noarch: - - python-cinderclient -services_noarch: [] +- include: setup_sfc.yml + when: odl_sfc is defined and odl_sfc == "Enable" diff --git a/plugins/odl_sfc/roles/sfc-pre-2/tasks/setup_sfc.yml b/plugins/odl_sfc/roles/sfc-pre-2/tasks/setup_sfc.yml new file mode 100644 index 00000000..a80a81ef --- /dev/null +++ b/plugins/odl_sfc/roles/sfc-pre-2/tasks/setup_sfc.yml @@ -0,0 +1,34 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: add ovs package in neutron + lineinfile: + dest: /etc/ansible/roles/os_neutron/vars/ubuntu-16.04.yml + insertbefore: 'openvswitch-common' + line: ' - openvswitch-datapath-dkms' + +- name: add ovs package in neutron + lineinfile: + dest: /etc/ansible/roles/os_neutron/vars/ubuntu-16.04.yml + insertafter: 'openvswitch-switch' + line: ' - python-openvswitch' + +- name: modify ovs installation in neutron + blockinfile: + dest: /etc/ansible/roles/os_neutron/tasks/neutron_install.yml + insertafter: '^# limitations' + block: | + - name: add ovs-nsh repo + apt_repository: + repo: "ppa:mardim/mardim-ppa" + update_cache: True + state: present + when: + - inventory_hostname in groups['neutron_openvswitch_agent'] + - inventory_hostname not in groups['nova_compute'] diff --git a/deploy/adapters/ansible/roles/aodh/vars/main.yml b/plugins/odl_sfc/roles/sfc-pre/handlers/main.yml index b17f6ed0..5356791a 100644..100755 --- a/deploy/adapters/ansible/roles/aodh/vars/main.yml +++ b/plugins/odl_sfc/roles/sfc-pre/handlers/main.yml @@ -1,12 +1,8 @@ ############################################################################## ## Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -## ## All rights reserved. This program and the accompanying materials ## are made available under the terms of the Apache License, Version 2.0 ## which accompanies this distribution, and is available at ## http://www.apache.org/licenses/LICENSE-2.0 -############################################################################### +############################################################################## --- -packages_noarch: [] - -services_noarch: [] diff --git a/deploy/adapters/ansible/roles/apache/vars/Debian.yml b/plugins/odl_sfc/roles/sfc-pre/tasks/Ubuntu.yml index 95e941eb..2a59c248 100755 --- a/deploy/adapters/ansible/roles/apache/vars/Debian.yml +++ b/plugins/odl_sfc/roles/sfc-pre/tasks/Ubuntu.yml @@ -1,5 +1,5 @@ ############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others. # # All rights reserved. This program and the accompanying materials # are made available under the terms of the Apache License, Version 2.0 @@ -7,11 +7,18 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## --- -packages: - - apache2 - - libapache2-mod-wsgi +- name: add ovs-nsh repo + apt_repository: + repo: "ppa:mardim/mardim-ppa" + update_cache: "True" + state: "present" -services: - - apache2 - -apache_config_dir: /etc/apache2 +- name: install ovs packages + package: + name: "{{ item }}" + state: "present" + with_items: + - "openvswitch-datapath-dkms" + - "openvswitch-common" + - "openvswitch-switch" + - "python-openvswitch" diff --git a/deploy/adapters/ansible/roles/ceilometer_compute/handlers/main.yml b/plugins/odl_sfc/roles/sfc-pre/tasks/main.yml index 78178130..cf14e372 100644..100755 --- a/deploy/adapters/ansible/roles/ceilometer_compute/handlers/main.yml +++ b/plugins/odl_sfc/roles/sfc-pre/tasks/main.yml @@ -1,5 +1,5 @@ ############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others. # # All rights reserved. This program and the accompanying materials # are made available under the terms of the Apache License, Version 2.0 @@ -7,10 +7,12 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## --- -- name: restart ceilometer service - service: name={{ item }} state=restarted enabled=yes - with_items: "{{ ceilometer_services }}" +- include: "{{ ansible_distribution }}.yml" + when: + - ansible_distribution == 'Ubuntu' + - odl_sfc is defined and odl_sfc == "Enable" -- name: restart nova service - service: name={{ item }} state=restarted enabled=yes - with_items: "{{ nova_services }}" +- include: "{{ ansible_os_family }}.yml" + when: + - ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7' + - odl_sfc is defined and odl_sfc == "Enable" diff --git a/plugins/rt_kvm/plugins.desc b/plugins/rt_kvm/plugins.desc new file mode 100644 index 00000000..0dd2680b --- /dev/null +++ b/plugins/rt_kvm/plugins.desc @@ -0,0 +1,50 @@ +# This rt_kvm plugin adds real time kvm feature from kvmfornfv project +# into Compass4nfv together with scenarios. +# +# +# More details can be found in the development document. +# ############################################################## +--- +plugin: + # plugin name,it is also as the switch to enable/disable plugin in scenario + # files + name: rt_kvm + + description: real time kvm based on kvmfornfv + + maintainers: + - david.j.chou@intel.com + + # host os type: ubuntu/centos + os_version: ubuntu + + # true: this plugin is deployed separately on a new node + # false: this plugin is deployed on controller or compute node + independent_hosts: false + + # artifact: packege download url for this plugin + artifacts: + url: http://artifacts.opnfv.org/kvmfornfv/kvmfornfv-4bfeded9-kernel-4.4.50_rt62_ubuntu.x86_64.deb + + # orchestration + # A plugin can have mutiple components, each component may need to be + # installed on different inventory or have its own configuration. + # due to Compass4nfv currently only supports ansible, so each component + # of the installation and configuration script need to be use ansible. + # cm : congfiguration management tool : only ansible support + # role: each component corresponds to ansible script that locates in the same + # directory as plugin.desc. + # phrase: pre_openstack -- the component is installed after the OS + # provisioning, before the OpenStack deployment. + # phrase: post_openstack -- the component is installed before the OpenStack + # deployment. + # inventory: if the phrase is pre_openstack, inventory can be controller and + # compute. if the phrase is post_openstack, inventory can be get from the file + # openstack-ansible.inventory + orchestration: + cm: ansible + roles: + - role: install real time kvm + phrase: pre_openstack + inventory: + - compute diff --git a/plugins/rt_kvm/roles/rt_kvm/tasks/kvm.yml b/plugins/rt_kvm/roles/rt_kvm/tasks/kvm.yml new file mode 100644 index 00000000..5d3ca7bc --- /dev/null +++ b/plugins/rt_kvm/roles/rt_kvm/tasks/kvm.yml @@ -0,0 +1,40 @@ +############################################################################## +# Copyright (c) 2016-2017 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: create workspace directory + file: + path: "{{ workspace }}" + state: directory + mode: 0755 + +- name: download rt_kvm kernel package + get_url: + url: "{{ rt_kvm_url }}" + dest: "{{ workspace }}/{{ rt_kvm_pkg }}" + +- name: install rt_kvm kernel + command: dpkg -i "{{ workspace }}/{{ rt_kvm_pkg }}" + +- name: update the grub + command: grub-mkconfig -o /boot/grub/grub.cfg + +- name: wait a moment + command: sleep 5 + +- name: reboot the node + shell: sleep 2 && shutdown -r now 'Reboot required' + become: true + async: 1 + poll: 0 + ignore_errors: true + +- name: wait for reboot + local_action: + module: wait_for + host={{ ansible_eth0.ipv4.address }} port=22 delay=1 timeout=600 diff --git a/deploy/adapters/ansible/roles/boot-recovery/vars/main.yml b/plugins/rt_kvm/roles/rt_kvm/tasks/main.yml index 89c1e8f0..e79fe9ff 100755..100644 --- a/deploy/adapters/ansible/roles/boot-recovery/vars/main.yml +++ b/plugins/rt_kvm/roles/rt_kvm/tasks/main.yml @@ -1,5 +1,5 @@ ############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# Copyright (c) 2016-2017 HUAWEI TECHNOLOGIES CO.,LTD and others. # # All rights reserved. This program and the accompanying materials # are made available under the terms of the Apache License, Version 2.0 @@ -7,4 +7,5 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## --- -controller_services_noarch: [] +- include: kvm.yml + when: rt_kvm is defined and rt_kvm == "Enable" diff --git a/deploy/adapters/ansible/roles/ceilometer_compute/tasks/main.yml b/plugins/rt_kvm/roles/rt_kvm/vars/main.yml index 1e3c04d7..9f32d13c 100644 --- a/deploy/adapters/ansible/roles/ceilometer_compute/tasks/main.yml +++ b/plugins/rt_kvm/roles/rt_kvm/vars/main.yml @@ -1,5 +1,5 @@ ############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# Copyright (c) 2016-2017 HUAWEI TECHNOLOGIES CO.,LTD and others. # # All rights reserved. This program and the accompanying materials # are made available under the terms of the Apache License, Version 2.0 @@ -7,16 +7,10 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## --- -- include: ceilometer_install.yml - tags: - - install - - ceilometer_install - - ceilometer +workspace: /tmp/plugin -- include: ceilometer_config.yml - tags: - - config - - ceilometer_config - - ceilometer +# yamllint disable rule:line-length +rt_kvm_url: http://artifacts.opnfv.org/kvmfornfv/kvmfornfv-4bfeded9-kernel-4.4.50_rt62_ubuntu.x86_64.deb +# yamllint enable rule:line-length -- meta: flush_handlers +rt_kvm_pkg: kvmfornfv-4bfeded9-kernel-4.4.50_rt62_ubuntu.x86_64.deb diff --git a/plugins/template/openstack-ansible.inventory b/plugins/template/openstack-ansible.inventory new file mode 100644 index 00000000..37a4b8e5 --- /dev/null +++ b/plugins/template/openstack-ansible.inventory @@ -0,0 +1,253 @@ +# ############################################################## +# This is OpenStack-ansible inventory list +# It is generated in runtime and located in "compass-tasks" +# container, the directory is: +# /etc/openstack_deploy/openstack_inventory.json +# +# The openstack_inventory.json includes hosts and lxc detailed +# information. +# ############################################################## +--- +aodh_alarm_evaluator +aodh_alarm_notifier +aodh_all +aodh_api +aodh_container +aodh_listener +barbican_all +barbican_api +barbican_container +ceilometer_agent_central +ceilometer_agent_compute +ceilometer_agent_notification +ceilometer_all +ceilometer_api +ceilometer_api_container +ceilometer_collector +ceilometer_collector_container +ceph-mon +ceph-mon_container +ceph-mon_containers +ceph-mon_hosts +ceph-osd +ceph-osd_container +ceph-osd_containers +ceph-osd_hosts +ceph_all +cinder_all +cinder_api +cinder_api_container +cinder_backup +cinder_scheduler +cinder_scheduler_container +cinder_volume +cinder_volumes_container +compute-infra_all +compute-infra_containers +compute-infra_hosts +compute_all +compute_containers +compute_hosts +dashboard_all +dashboard_containers +dashboard_hosts +database_containers +database_hosts +designate_all +designate_api +designate_central +designate_container +designate_mdns +designate_producer +designate_sink +designate_worker +dnsaas_containers +dnsaas_hosts +galera +galera_all +galera_container +glance_all +glance_api +glance_container +glance_registry +gnocchi_all +gnocchi_api +gnocchi_container +gnocchi_metricd +haproxy +haproxy_all +haproxy_container +haproxy_containers +haproxy_hosts +heat_all +heat_api +heat_api_cfn +heat_api_cloudwatch +heat_apis_container +heat_engine +heat_engine_container +horizon +horizon_all +horizon_container +host1-host_containers +host2-host_containers +host3-host_containers +hosts +identity_all +identity_containers +identity_hosts +image_all +image_containers +image_hosts +ironic-compute_containers +ironic-compute_hosts +ironic-infra_containers +ironic-infra_hosts +ironic-server_containers +ironic-server_hosts +ironic_all +ironic_api +ironic_api_container +ironic_compute +ironic_compute_container +ironic_conductor +ironic_conductor_container +ironic_server +ironic_server_container +ironic_servers +key-manager_containers +key-manager_hosts +keystone +keystone_all +keystone_container +log_containers +log_hosts +lxc_hosts +magnum +magnum-infra_containers +magnum-infra_hosts +magnum_all +magnum_container +memcached +memcached_all +memcached_container +memcaching_containers +memcaching_hosts +metering-alarm_all +metering-alarm_containers +metering-alarm_hosts +metering-compute_all +metering-compute_container +metering-compute_containers +metering-compute_hosts +metering-infra_all +metering-infra_containers +metering-infra_hosts +metrics_all +metrics_containers +metrics_hosts +mq_containers +mq_hosts +network_all +network_containers +network_hosts +neutron_agent +neutron_agents_container +neutron_all +neutron_bgp_dragent +neutron_dhcp_agent +neutron_l3_agent +neutron_lbaas_agent +neutron_linuxbridge_agent +neutron_metadata_agent +neutron_metering_agent +neutron_openvswitch_agent +neutron_server +neutron_server_container +neutron_sriov_nic_agent +nova_all +nova_api_metadata +nova_api_metadata_container +nova_api_os_compute +nova_api_os_compute_container +nova_api_placement +nova_api_placement_container +nova_compute +nova_compute_container +nova_conductor +nova_conductor_container +nova_console +nova_console_container +nova_scheduler +nova_scheduler_container +operator_containers +operator_hosts +orchestration_all +orchestration_containers +orchestration_hosts +os-infra_containers +os-infra_hosts +pkg_repo +rabbit_mq_container +rabbitmq +rabbitmq_all +remote +remote_containers +repo-infra_all +repo-infra_containers +repo-infra_hosts +repo_all +repo_container +rsyslog +rsyslog_all +rsyslog_container +sahara-infra_containers +sahara-infra_hosts +sahara_all +sahara_api +sahara_container +sahara_engine +shared-infra_all +shared-infra_containers +shared-infra_hosts +storage-infra_all +storage-infra_containers +storage-infra_hosts +storage_all +storage_containers +storage_hosts +swift-proxy_containers +swift-proxy_hosts +swift-remote_containers +swift-remote_hosts +swift_acc +swift_acc_container +swift_all +swift_cont +swift_cont_container +swift_containers +swift_hosts +swift_obj +swift_obj_container +swift_proxy +swift_proxy_container +swift_remote +swift_remote_all +swift_remote_container +trove-infra_containers +trove-infra_hosts +trove_all +trove_api +trove_api_container +trove_conductor +trove_conductor_container +trove_taskmanager +trove_taskmanager_container +unbound +unbound_all +unbound_container +unbound_containers +unbound_hosts +utility +utility_all +utility_container diff --git a/plugins/template/plugins.desc b/plugins/template/plugins.desc new file mode 100644 index 00000000..a7b93f65 --- /dev/null +++ b/plugins/template/plugins.desc @@ -0,0 +1,59 @@ +# ############################################################## +# This is an example for add a plugin into Compass4nfv +# It illustrates how feature components can be integrated into Compass4nfv +# together with scenarios. +# +# +# More details can be found in the development document. +# ############################################################## +--- +plugin: + # plugin name,it is also as the switch to enable/disable plugin in scenario + # files + name: plugin_p1 + + description: plugin introduce and description + maintainers: + - name@company.com + + # true: this plugin is deployed separately on a new node + # false: this plugin is deployed on controller or compute node + independent_hosts: false + + # artifact: packege download url for this plugin + artifacts: + url: + + # global_vars: + # define the parameters required by the plugin + # and its value will be defined and passed by compass4nfv + global_vars: + - xxx: yyy + - ntp_server: "pool.ntp.org" + + # orchestration + # A plugin can have mutiple components, each component may need to be + # installed on different inventory or have its own configuration. + # due to Compass4nfv currently only supports ansible, so each component + # of the installation and configuration script need to be use ansible. + # cm : congfiguration management tool : only ansible support + # role: each component corresponds to ansible script that locates in the same + # directory as plugin.desc. + # phrase: pre_openstack -- the component is installed after the OS + # provisioning, before the OpenStack deployment. + # phrase: post_openstack -- the component is installed before the OpenStack + # deployment. + # inventory: if the phrase is pre_openstack, inventory can be controller and + # compute. if the phrase is post_openstack, inventory can be get from the file + # openstack-ansible.inventory + orchestration: + cm: ansible + roles: + - role: add_interface + phrase: pre_openstack + inventory: + - controller + - compute + - role: add_flavor + phrase: post_openstack + inventory: diff --git a/quickstart.sh b/quickstart.sh new file mode 100755 index 00000000..db56ee2f --- /dev/null +++ b/quickstart.sh @@ -0,0 +1,26 @@ +#!/bin/bash +############################################################################## +# Copyright (c) 2016-2017 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +sudo apt-get update +sudo apt-get install -y git + +git clone https://gerrit.opnfv.org/gerrit/compass4nfv + +pushd compass4nfv + +CURRENT_DIR=$PWD +SCENARIO=${SCENARIO:-os-nosdn-nofeature-ha.yml} + +./build.sh + +export TAR_URL=file://$CURRENT_DIR/work/building/compass.tar.gz +export DHA=$CURRENT_DIR/deploy/conf/vm_environment/$SCENARIO +export NETWORK=$CURRENT_DIR/deploy/conf/vm_environment/network.yml + +./deploy.sh diff --git a/repo/gen_ins_pkg_script.py b/repo/gen_ins_pkg_script.py index 38d08c23..9af34143 100644 --- a/repo/gen_ins_pkg_script.py +++ b/repo/gen_ins_pkg_script.py @@ -32,7 +32,7 @@ def get_packages_name_list(file_list, special_packages): package_name_list = [] for file in file_list: - datas = yaml.load(open(file)) + datas = yaml.safe_load(open(file)) if not datas: continue diff --git a/repo/openstack/make_ppa/ubuntu/xenial/newton/download_pkg.tmpl b/repo/openstack/make_ppa/ubuntu/xenial/newton/download_pkg.tmpl index f2a14f48..7bec8878 100644 --- a/repo/openstack/make_ppa/ubuntu/xenial/newton/download_pkg.tmpl +++ b/repo/openstack/make_ppa/ubuntu/xenial/newton/download_pkg.tmpl @@ -65,7 +65,7 @@ rm -rf /var/cache/apt/python-pyasn1_0.1.7-1ubuntu2_all.deb # Ubuntu16.04.1 LTS only have gcc-5-base_5.4.0-6ubuntu1~16.04.1, nova-novncproxy need # gcc-5-base_5.4.0-6ubuntu1~16.04.2, but the docker could not download gcc-5-base package. -wget http://205.177.226.237:9999/nova-novncproxy_xenial_newton.tar.gz +wget http://artifacts.opnfv.org/compass4nfv/package/master/nova-novncproxy_xenial_newton.tar.gz tar -zxvf nova-novncproxy_xenial_newton.tar.gz --strip-components 1 -C /var/cache/apt/ mkdir deb diff --git a/repo/openstack/special_pkg/Debian/make_openvswitch-switch.sh b/repo/openstack/special_pkg/Debian/make_openvswitch-switch.sh index 2095e0dc..1c43253b 100644 --- a/repo/openstack/special_pkg/Debian/make_openvswitch-switch.sh +++ b/repo/openstack/special_pkg/Debian/make_openvswitch-switch.sh @@ -21,7 +21,7 @@ apt-get install -y build-essential fakeroot debhelper \ pushd . mkdir -p /home/package_yang/ cd /home/package_yang -wget http://205.177.226.237:9999/onosfw/package_ovs_debian.tar.gz +wget http://artifacts.opnfv.org/compass4nfv/package/master/onosfw/package_ovs_debian.tar.gz tar -zxvf package_ovs_debian.tar.gz #wget http://openvswitch.org/releases/openvswitch-2.3.1.tar.gz #tar -zxvf openvswitch-2.3.1.tar.gz diff --git a/repo/repo.conf b/repo/repo.conf index 8fbdd060..b688b80c 100644 --- a/repo/repo.conf +++ b/repo/repo.conf @@ -12,12 +12,12 @@ TIMEOUT=100 #export MAKE_ALL=${MAKE_ALL:-"false"} export JUMP_HOST="trusty" # PACKAGE_URL will be reset in Jenkins for different branch -export PACKAGE_URL=${PACKAGE_URL:-http://205.177.226.237:9999} +export PACKAGE_URL=${PACKAGE_URL:-http://artifacts.opnfv.org/compass4nfv/package/master} # feature packages export KVMFORNFV=${kvmfornfv:-https://gerrit.opnfv.org/gerrit/p/kvmfornfv.git} export ODL_PKG="$PACKAGE_URL/distribution-karaf-0.5.2-Boron.tar.gz" -export JAVA_PKG="$PACKAGE_URL/jdk-8u51-linux-x64.tar.gz \ +export JAVA_PKG="http://download.oracle.com/otn/java/jdk/8u51-b16/jdk-8u51-linux-x64.tar.gz \ $PACKAGE_URL/install_jdk8.tar" export ONOS_PKG="https://downloads.onosproject.org/release/onos-1.8.4.tar.gz \ $PACKAGE_URL/onosfw/networking-onos.tar \ diff --git a/util/check_valid.py b/util/check_valid.py index e3ad6bcd..e6a72e71 100644 --- a/util/check_valid.py +++ b/util/check_valid.py @@ -17,7 +17,7 @@ import traceback def load_file(file): with open(file) as fd: try: - return yaml.load(fd) + return yaml.safe_load(fd) except: traceback.print_exc() return None |