diff options
11 files changed, 305 insertions, 24 deletions
diff --git a/build/os/centos/rhel7/mitaka/Dockerfile.tmpl b/build/os/centos/rhel7/mitaka/Dockerfile.tmpl index adb930ff..2ea2b828 100644 --- a/build/os/centos/rhel7/mitaka/Dockerfile.tmpl +++ b/build/os/centos/rhel7/mitaka/Dockerfile.tmpl @@ -1,4 +1,4 @@ -FROM centos:7.1.1503 +FROM centos:7.2.1511 MAINTAINER Chigang(Justin) <chigang@huawei.com> # set cache enable diff --git a/build/templates/RedHat_mitaka.tmpl b/build/templates/RedHat_mitaka.tmpl index 07728289..4d6b26fd 100644 --- a/build/templates/RedHat_mitaka.tmpl +++ b/build/templates/RedHat_mitaka.tmpl @@ -10,11 +10,12 @@ yum repolist yum clean all yum install yum-plugin-priorities -y -yum install http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-6.noarch.rpm -y -yum install http://rdo.fedorapeople.org/openstack-$OPV/rdo-release-${OPV}.rpm -y +# yum install http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-6.noarch.rpm -y +# yum install http://rdo.fedorapeople.org/openstack-$OPV/rdo-release-${OPV}.rpm -y +yum install -y centos-release-openstack-${OPV} # modify centos7 repo for workaround -sed -i 's/epel-Derived from Red Hat Enterprise Linux 7.1 (Source)/epel-7/g' /etc/yum.repos.d/rdo-release.repo +# sed -i 's/epel-Derived from Red Hat Enterprise Linux 7.1 (Source)/epel-7/g' /etc/yum.repos.d/rdo-release.repo # add mongodb repo cat <<EOF >/etc/yum.repos.d/mongodb.repo @@ -44,26 +45,6 @@ gpgkey=http://rpms.adiscon.com/RPM-GPG-KEY-Adiscon protect=1 EOF -cat <<EOF >/etc/yum.repos.d/ceph.repo -[ceph] -name=Ceph packages for x86_64 -baseurl=http://ceph.com/rpm-hammer/rhel7/x86_64 -enabled=1 -priority=2 -gpgcheck=1 -type=rpm-md -gpgkey=https://ceph.com/git/?p=ceph.git;a=blob_plain;f=keys/release.asc - -[ceph-noarch] -name=Ceph noarch packages -baseurl=http://ceph.com/rpm-hammer/rhel7/noarch -enabled=1 -priority=2 -gpgcheck=1 -type=rpm-md -gpgkey=https://ceph.com/git/?p=ceph.git;a=blob_plain;f=keys/release.asc -EOF - cat <<EOF >>/etc/yum.conf exclude=mongodb-org,mongodb-org-server EOF diff --git a/deploy/adapters/ansible/openstack_mitaka/roles/apache/files/index.html b/deploy/adapters/ansible/openstack_mitaka/roles/apache/files/index.html new file mode 100644 index 00000000..f083c4f1 --- /dev/null +++ b/deploy/adapters/ansible/openstack_mitaka/roles/apache/files/index.html @@ -0,0 +1,10 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> +<html> + <head> + <title>Index</title> + </head> + <body> + <a href="/horizon">Openstack Dashboard</a> + </body> +</html> + diff --git a/deploy/adapters/ansible/openstack_mitaka/roles/apache/tasks/main.yml b/deploy/adapters/ansible/openstack_mitaka/roles/apache/tasks/main.yml new file mode 100755 index 00000000..44407bef --- /dev/null +++ b/deploy/adapters/ansible/openstack_mitaka/roles/apache/tasks/main.yml @@ -0,0 +1,38 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- include_vars: "{{ ansible_os_family }}.yml" + +- name: install packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=latest update_cache=yes" + with_items: packages | union(packages_noarch) + +- name: assure listen port exist + template: + dest: '{{ apache_config_dir }}/ports.conf' + src: ports.conf.j2 + notify: + - restart apache related services + +- name: remove default listen port on centos + lineinfile: + dest: /etc/httpd/conf/httpd.conf + state: absent + regexp: 'Listen 80' + when: ansible_os_family == 'RedHat' + +- name: copy index.html file + copy: src=index.html dest=/var/www/html/index.html mode=0644 + when: ansible_os_family == 'RedHat' + +- name: copy index.html file + copy: src=index.html dest=/var/www/index.html mode=0644 + when: ansible_os_family == 'Debian' + +- meta: flush_handlers diff --git a/deploy/adapters/ansible/openstack_mitaka/roles/ceph-purge/tasks/main.yml b/deploy/adapters/ansible/openstack_mitaka/roles/ceph-purge/tasks/main.yml new file mode 100644 index 00000000..02013762 --- /dev/null +++ b/deploy/adapters/ansible/openstack_mitaka/roles/ceph-purge/tasks/main.yml @@ -0,0 +1,37 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +- name: clear tmp files + local_action: shell rm -rf /tmp/ceph* + tags: + - ceph_purge + - ceph_deploy + +- name: install ceph-related packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: + - ceph-deploy + tags: + - ceph_purge + - ceph_deploy + when: ansible_os_family == "Debian" + +- name: purge ceph + shell: "ceph-deploy purge {{ inventory_hostname }}; ceph-deploy purgedata {{ inventory_hostname }}; ceph-deploy forgetkeys" + tags: + - ceph_purge + - ceph_deploy + when: ansible_os_family == "Debian" + +- name: remove monmap + file: path="/tmp/monmap" state="absent" + tags: + - ceph_purge + - ceph_deploy + + diff --git a/deploy/adapters/ansible/openstack_mitaka/roles/heat/tasks/heat_install.yml b/deploy/adapters/ansible/openstack_mitaka/roles/heat/tasks/heat_install.yml new file mode 100644 index 00000000..b90e6402 --- /dev/null +++ b/deploy/adapters/ansible/openstack_mitaka/roles/heat/tasks/heat_install.yml @@ -0,0 +1,39 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- include_vars: "{{ ansible_os_family }}.yml" + +- name: install heat related packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: packages | union(packages_noarch) + +- name: generate heat service list + lineinfile: dest=/opt/service create=yes line='{{ item }}' + with_items: services | union(services_noarch) + +# ' + +- name: create heat user domain + shell: > + . /opt/admin-openrc-v3.sh; + openstack domain create --description "Stack projects and users" heat; + openstack user create --domain heat --password {{ HEAT_PASS }} heat_domain_admin; + openstack role add --domain heat --user-domain heat --user heat_domain_admin admin; + openstack role create heat_stack_owner; + openstack role add --project demo --user demo heat_stack_owner; + when: inventory_hostname == groups['controller'][0] + +- name: update heat conf + template: src=heat.j2 + dest=/etc/heat/heat.conf + backup=yes + notify: + - restart heat service + - remove heat-sqlite-db + diff --git a/deploy/adapters/ansible/openstack_mitaka/roles/heat/templates/heat.j2 b/deploy/adapters/ansible/openstack_mitaka/roles/heat/templates/heat.j2 new file mode 100644 index 00000000..62df9fd9 --- /dev/null +++ b/deploy/adapters/ansible/openstack_mitaka/roles/heat/templates/heat.j2 @@ -0,0 +1,28 @@ +[DEFAULT] +heat_metadata_server_url = http://{{ internal_vip.ip }}:8000 +heat_waitcondition_server_url = http://{{ internal_vip.ip }}:8000/v1/waitcondition +rpc_backend = rabbit +rabbit_host = {{ rabbit_host }} +rabbit_userid = {{ RABBIT_USER }} +rabbit_password = {{ RABBIT_PASS }} +log_dir = /var/log/heat +stack_domain_admin = heat_domain_admin +stack_domain_admin_password = {{ HEAT_PASS }} +stack_user_domain_name = heat + +[database] +connection = mysql://heat:{{ HEAT_DBPASS }}@{{ db_host }}/heat +idle_timeout = 30 +use_db_reconnect = True +pool_timeout = 10 + +[ec2authtoken] +auth_uri = http://{{ internal_vip.ip }}:5000/v2.0 + +[keystone_authtoken] +auth_uri = http://{{ internal_vip.ip }}:5000/v2.0 +identity_uri = http://{{ internal_vip.ip }}:35357 +admin_tenant_name = service +admin_user = heat +admin_password = {{ HEAT_PASS }} + diff --git a/deploy/adapters/ansible/openstack_mitaka/roles/keystone/tasks/keystone_install.yml b/deploy/adapters/ansible/openstack_mitaka/roles/keystone/tasks/keystone_install.yml new file mode 100644 index 00000000..ea6926f4 --- /dev/null +++ b/deploy/adapters/ansible/openstack_mitaka/roles/keystone/tasks/keystone_install.yml @@ -0,0 +1,88 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- include_vars: "{{ ansible_os_family }}.yml" + +- name: disable auto start + copy: + content: "#!/bin/sh\nexit 101" + dest: "/usr/sbin/policy-rc.d" + mode: 0755 + when: ansible_os_family == "Debian" + +- name: install keystone packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: packages | union(packages_noarch) + +- name: enable auto start + file: + path=/usr/sbin/policy-rc.d + state=absent + when: ansible_os_family == "Debian" + +- name: generate keystone service list + lineinfile: dest=/opt/service create=yes line='{{ item }}' + with_items: services | union(services_noarch) + +- name: delete sqlite database + file: + path: /var/lib/keystone/keystone.db + state: absent + +- name: update keystone conf + template: src=keystone.conf dest=/etc/keystone/keystone.conf backup=yes + notify: + - restart keystone services + +- name: assure listen port exist + lineinfile: + dest: '{{ apache_config_dir }}/ports.conf' + regexp: '{{ item.regexp }}' + line: '{{ item.line}}' + with_items: + - regexp: "^Listen {{ internal_ip }}:5000" + line: "Listen {{ internal_ip }}:5000" + - regexp: "^Listen {{ internal_ip }}:35357" + line: "Listen {{ internal_ip }}:35357" + notify: + - restart keystone services + +- name: update apache2 configs + template: + src: wsgi-keystone.conf.j2 + dest: '{{ apache_config_dir }}/sites-available/wsgi-keystone.conf' + when: ansible_os_family == 'Debian' + notify: + - restart keystone services + +- name: update apache2 configs + template: + src: wsgi-keystone.conf.j2 + dest: '{{ apache_config_dir }}/wsgi-keystone.conf' + when: ansible_os_family == 'RedHat' + notify: + - restart keystone services + +- name: enable keystone server + file: + src: "{{ apache_config_dir }}/sites-available/wsgi-keystone.conf" + dest: "{{ apache_config_dir }}/sites-enabled/wsgi-keystone.conf" + state: "link" + when: ansible_os_family == 'Debian' + notify: + - restart keystone services + +- name: keystone source files + template: src={{ item }} dest=/opt/{{ item }} + with_items: + - admin-openrc.sh + - demo-openrc.sh + - admin-openrc-v3.sh + +- meta: flush_handlers diff --git a/deploy/adapters/ansible/openstack_mitaka/roles/keystone/templates/admin-openrc-v3.sh b/deploy/adapters/ansible/openstack_mitaka/roles/keystone/templates/admin-openrc-v3.sh new file mode 100644 index 00000000..c3d863e8 --- /dev/null +++ b/deploy/adapters/ansible/openstack_mitaka/roles/keystone/templates/admin-openrc-v3.sh @@ -0,0 +1,19 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +# Verify the Identity Service installation +export OS_PASSWORD={{ ADMIN_PASS }} +export OS_TENANT_NAME=admin +export OS_AUTH_URL=http://{{ internal_vip.ip }}:35357/v3 +export OS_IDENTITY_API_VERSION=3 +export OS_USERNAME=admin +export OS_VOLUME_API_VERSION=2 +export OS_USER_DOMAIN_NAME=Default +export OS_PROJECT_DOMAIN_NAME=Default + + diff --git a/deploy/adapters/ansible/openstack_mitaka/roles/keystone/vars/Debian.yml b/deploy/adapters/ansible/openstack_mitaka/roles/keystone/vars/Debian.yml new file mode 100644 index 00000000..b8d8e7c2 --- /dev/null +++ b/deploy/adapters/ansible/openstack_mitaka/roles/keystone/vars/Debian.yml @@ -0,0 +1,21 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- + +cron_path: "/var/spool/cron/crontabs" + +packages: + - keystone + - python-openstackclient + +services: + - apache2 + +apache_config_dir: /etc/apache2 +http_service_name: apache2 diff --git a/deploy/adapters/ansible/openstack_mitaka/roles/keystone/vars/RedHat.yml b/deploy/adapters/ansible/openstack_mitaka/roles/keystone/vars/RedHat.yml new file mode 100644 index 00000000..63ddce3c --- /dev/null +++ b/deploy/adapters/ansible/openstack_mitaka/roles/keystone/vars/RedHat.yml @@ -0,0 +1,20 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +cron_path: "/var/spool/cron" + +packages: + - openstack-keystone + - python-openstackclient + +services: + - httpd + +apache_config_dir: /etc/httpd/conf.d +http_service_name: httpd |