4 files changed, 261 insertions, 104 deletions
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/keystone-moon-install.yml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/keystone-moon-install.yml
deleted file mode 100644
index a9b98c1a..00000000
--- a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/keystone-moon-install.yml
+++ /dev/null
@@ -1,78 +0,0 @@
-
-# Note (asteroide): this part is specific but when Keystone-Moon packages will be installed in a true repository
-#                   we will not have to do that.
-
-
-- name: get image http server
-  shell: awk -F'=' '/compass_server/ {print $2}' /etc/compass.conf
-  register: http_server
-
-- name: download keystone-moon packages
-  get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/moon/master.zip"  dest=/tmp/master.zip mode=0444
-
-- name: extract keystone-moon packages
-  unarchive: src=/tmp/master.zip dest=/tmp copy=no
-
-# Pre-Configuration of the Keystone package
-
-- name: pre-configure Keystone
-  debconf: name=keystone question=keystone/auth-token value={{ ADMIN_TOKEN }} vtype="string"
-
-- name: pre-configure Keystone
-  debconf: name=keystone question=keystone/admin-password value={{ ADMIN_PASS }} vtype="string"
-
-- name: pre-configure Keystone
-  debconf: name=keystone question=keystone/admin-password-confirm value={{ ADMIN_PASS }} vtype="string"
-
-- name: pre-configure Keystone
-  debconf: name=keystone question=keystone/register-endpoint value=false vtype="boolean"
-
-- name: pre-configure Keystone
-  debconf: name=keystone question=keystone/region-name value="regionOne" vtype="string"
-
-- name: pre-configure Keystone
-  debconf: name=keystone question=keystone/admin-user value="admin" vtype="string"
-
-- name: pre-configure Keystone
-  debconf: name=keystone question=keystone/create-admin-tenant value=false vtype="boolean"
-
-- name: pre-configure Keystone
-  debconf: name=keystone question=keystone/configure_db value=false vtype="boolean"
-
-- name: pre-configure Keystone
-  debconf: name=keystone question=keystone/admin-tenant-name value="admin" vtype="string"
-
-- name: pre-configure Keystone
-  debconf: name=keystone question=keystone/admin-role-name value="admin" vtype="string"
-
-#  debconf: name=keystone question=keystone/endpoint-ip:
-
-- name: pre-configure Keystone
-  debconf: name=keystone question=keystone/admin-email value="root@localhost" vtype="string"
-
-# install dependencies
-
-- name: install keystone-moon dependencies
-  shell: "apt-get install `python3 scripts/get_deb_depends.py /tmp/moon-bin-master/keystone*.deb`"
-  when: ansible_os_family == "Debian"
-
-- name: install keystone-moon packages
-  shell: "cd /tmp/moon-bin-master; dpkg --force-depends -i *.deb"
-  when: ansible_os_family == "Debian"
-
-- name: install keystone-moon packages
-  shell: "cd /tmp/moon-bin-master; rpm -i *.rpm"
-  when: ansible_os_family == "RedHat"
-
-- name: update keystone conf
-  template: src=keystone.conf dest=/etc/keystone/keystone.conf backup=yes
-  notify:
-    - restart keystone services
-
-# Note (asteroide): the next task is really specific to Moon
-
-- name: update keystone-paste.ini
-  template: src=keystone-paste.ini dest=/etc/keystone/keystone-paste.ini backup=yes
-  notify:
-    - restart keystone services
-
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/main.yml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/main.yml
index 31802e10..40e1c98c 100644
--- a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/main.yml
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/main.yml
@@ -1,4 +1,4 @@
-##############################################################################
+#############################################################################
 # Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
 #
 # All rights reserved. This program and the accompanying materials
@@ -9,29 +9,8 @@
 ---
 - include_vars: "{{ ansible_os_family }}.yml"
 
-- name: disable auto start
-  copy:
-    content: "#!/bin/sh\nexit 101"
-    dest: "/usr/sbin/policy-rc.d"
-    mode: 0755
-  when: ansible_os_family == "Debian"
-
-- name: install keystone package dependencies
-  action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
-  with_items: packages | union(packages_noarch)
-
-- include: keystone-moon-install.yml
-
-
-
-
-- name: enable auto start
-  file:
-    path=/usr/sbin/policy-rc.d
-    state=absent
-  when: ansible_os_family == "Debian"
-
-- name: restart keystone services
-  service: name={{ item }} state=restarted enabled=yes
-  with_items: services | union(services_noarch)
+- include: moon-controller.yml
+  when: inventory_hostname in groups['controller']
 
+- include: moon-compute.yml
+  when: inventory_hostname in groups['compute']
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon-compute.yml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon-compute.yml
new file mode 100644
index 00000000..9edd22dc
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon-compute.yml
@@ -0,0 +1,20 @@
+#############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: update api-paste.ini
+  template: src=api-paste.ini dest=/etc/nova/api-paste.ini backup=yes
+
+- name: restart nova task
+  service: name={{ item }} state=restarted enabled=yes
+  with_items:
+    - nova-compute
+
+- name: restart swift task
+  shell: swift-init all start
+  ignore_errors: True
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon-controller.yml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon-controller.yml
new file mode 100644
index 00000000..f2efaa65
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon-controller.yml
@@ -0,0 +1,236 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+# install all packages
+- name: install keystone packages
+  shell: apt-get install -y python-pip unzip
+
+# download master.zip
+- name: get image http server
+  shell: awk -F'=' '/compass_server/ {print $2}' /etc/compass.conf
+  register: http_server
+
+- name: download keystone-moon packages
+  get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/moon/master.zip"  dest=/tmp/master.zip mode=0444
+
+- name: extract keystone-moon packages
+  unarchive: src=/tmp/master.zip dest=/tmp copy=no
+
+# install all dependencies
+- name: copy scripts
+  copy:  src=get_deb_depends.py dest=/tmp/get_deb_depends.py
+
+- name: install keystone-moon dependencies
+  shell: "apt-get install `python /tmp/get_deb_depends.py /tmp/moon-bin-master/*.deb`"
+  when: ansible_os_family == "Debian"
+
+- name: delete configuration file
+  shell: >
+    rm -f {{ apache_config_dir }}/sites-enabled/wsgi-keystone.conf;
+    rm -f {{ apache_config_dir }}/sites-available/wsgi-keystone.conf;
+
+# install keystone moon
+- name: copy scripts
+  copy:  src=deb.conf dest=/tmp/deb.conf
+
+- name: install keystone moon
+  shell: >
+    export DEBIAN_FRONTEND="noninteractive";
+    sudo -E dpkg -i /tmp/moon-bin-master/*moon*.deb;
+
+#- name: install keystone moon
+#  shell: >
+#    export DEBIAN_FRONTEND="noninteractive";
+#    sudo -E debconf-set-selections python-keystone < /tmp/deb.conf;
+#    sudo -E dpkg -i /tmp/moon-bin-master/*moon*.deb;
+
+- name: stop keystone task
+  shell: >
+    service keystone stop;
+    mv /etc/init.d/keystone /home/;
+    mv /etc/init/keystone.conf /home/;
+    mv /lib/systemd/system/keystone.service /home/;
+
+# config keystone and apache2
+- name: delete sqlite database
+  file:
+    path: /var/lib/keystone/keystone.db
+    state: absent
+
+#- name: update keystone conf
+#  template: src=keystone.conf dest=/etc/keystone/keystone.conf backup=yes
+
+
+#- name: assure listen port exist
+#  lineinfile:
+#    dest: '{{ apache_config_dir }}/ports.conf'
+#    regexp: '{{ item.regexp }}'
+#    line: '{{ item.line}}'
+#  with_items:
+#    - regexp: "^Listen {{ internal_ip }}:5000"
+#      line: "Listen {{ internal_ip }}:5000"
+#    - regexp: "^Listen {{ internal_ip }}:35357"
+#      line: "Listen {{ internal_ip }}:35357"
+
+- name: update apache2 configs
+  template:
+    src: wsgi-keystone.conf.j2
+    dest: '{{ apache_config_dir }}/sites-available/wsgi-keystone.conf'
+  when: ansible_os_family == 'Debian'
+
+- name: enable keystone server
+  file:
+    src: "{{ apache_config_dir }}/sites-available/wsgi-keystone.conf"
+    dest: "{{ apache_config_dir }}/sites-enabled/wsgi-keystone.conf"
+    state: "link"
+  when: ansible_os_family == 'Debian'
+
+#- name: keystone source files
+#  template: src={{ item }} dest=/opt/{{ item }}
+#  with_items:
+#    - admin-openrc.sh
+#    - demo-openrc.sh
+
+# keystone paste ini
+- name: keystone paste ini 1
+  shell: sudo cp /etc/keystone/keystone-paste.ini /etc/keystone/keystone-paste.ini.bak;
+
+- name: keystone paste ini 2
+  shell: sudo sed "3i[pipeline:moon_pipeline]\npipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension_v3 s3_extension moon_service\n\n[app:moon_service]\nuse = egg:keystone#moon_service\n" /etc/keystone/keystone-paste.ini > /tmp/keystone-paste.ini;
+
+- name: keystone paste ini 3
+  shell: sudo cp /tmp/keystone-paste.ini /etc/keystone/keystone-paste.ini;
+
+- name: keystone paste ini 4
+  shell: sudo sed "s/use = egg:Paste#urlmap/use = egg:Paste#urlmap\n\/moon = moon_pipeline/" /etc/keystone/keystone-paste.ini > /tmp/keystone-paste.ini;
+
+- name: keystone paste ini 5
+  shell: sudo cp /tmp/keystone-paste.ini /etc/keystone/keystone-paste.ini;
+
+# moon log
+- name: moon log
+  shell: >
+    sudo mkdir /var/log/moon/;
+    sudo chown keystone /var/log/moon/;
+    sudo addgroup moonlog;
+    sudo chgrp moonlog /var/log/moon/;
+    sudo touch /var/log/moon/keystonemiddleware.log;
+    sudo touch /var/log/moon/system.log;
+    sudo chgrp moonlog /var/log/moon/keystonemiddleware.log;
+    sudo chgrp moonlog /var/log/moon/system.log;
+    sudo chmod g+rw /var/log/moon;
+    sudo chmod g+rw /var/log/moon/keystonemiddleware.log;
+    sudo chmod g+rw /var/log/moon/system.log;
+    sudo adduser keystone moonlog;
+    sudo adduser swift moonlog;
+    sudo adduser nova moonlog;
+
+
+# keystone db sync
+- name: keystone db sync
+  shell: >
+    sudo /usr/bin/keystone-manage db_sync;
+    sudo /usr/bin/keystone-manage db_sync --extension moon;
+  when: inventory_hostname == haproxy_hosts.keys()[0]
+
+
+#############################################
+- name: wait for keystone ready
+  wait_for: port=35357 delay=3 timeout=10 host={{ internal_vip.ip }}
+
+#- name: cron job to purge expired tokens hourly
+#  cron:
+#    name: 'purge expired tokens'
+#    special_time: hourly
+#    job: '/usr/bin/keystone-manage token_flush > /var/log/keystone/keystone-tokenflush.log 2>&1'
+
+#############################################
+
+
+# apache2 restart
+- name: restart apache2
+  service: name={{ item }} state=restarted enabled=yes
+  with_items: services | union(services_noarch)
+
+# install moonclient
+- name: install moon client
+  shell: sudo pip install /tmp/moon-bin-master/python-moonclient-0.1.tar.gz
+
+###################################################
+
+
+#- name: add tenants
+#  keystone_user:
+#    token: "{{ ADMIN_TOKEN }}"
+#    endpoint: "http://{{ internal_ip }}:35357/v2.0"
+#    tenant: "{{ item.tenant }}"
+#    tenant_description: "{{ item.tenant_description }}"
+#  with_items: "{{ os_users }}"
+#  when: inventory_hostname == groups['controller'][0]
+#
+#- name: add users
+#  keystone_user:
+#    token: "{{ ADMIN_TOKEN }}"
+#    endpoint: "http://{{ internal_ip }}:35357/v2.0"
+#    user: "{{ item.user }}"
+#    tenant: "{{ item.tenant }}"
+#    password: "{{ item.password }}"
+#    email: "{{ item.email }}"
+#  with_items: "{{ os_users }}"
+#  when: inventory_hostname == groups['controller'][0]
+#
+#- name: grant roles
+#  keystone_user:
+#    token: "{{ ADMIN_TOKEN }}"
+#    endpoint: "http://{{ internal_ip }}:35357/v2.0"
+#    user: "{{ item.user }}"
+#    role: "{{ item.role }}"
+#    tenant: "{{ item.tenant }}"
+#  with_items: "{{ os_users }}"
+#  when: inventory_hostname == groups['controller'][0]
+#
+#- name: add endpoints
+#  keystone_service:
+#    token: "{{ ADMIN_TOKEN }}"
+#    endpoint: "http://{{ internal_ip }}:35357/v2.0"
+#    name: "{{ item.name }}"
+#    type: "{{ item.type }}"
+#    region: "{{ item.region}}"
+#    description: "{{ item.description }}"
+#    publicurl: "{{ item.publicurl }}"
+#    internalurl: "{{ item.internalurl }}"
+#    adminurl: "{{ item.adminurl }}"
+#  with_items: "{{ os_services }}"
+#  when: inventory_hostname == groups['controller'][0]
+
+
+###################################################
+
+- name: update api-paste.ini
+  template: src=api-paste.ini dest=/etc/nova/api-paste.ini backup=yes
+
+- name: update proxy-server conf
+  template: src=proxy-server.conf dest=/etc/swift/proxy-server.conf backup=yes
+
+# restart nova
+- name: restart nova
+  service: name={{ item }} state=restarted enabled=yes
+  with_items:
+    - nova-api
+    - nova-cert
+    - nova-conductor
+    - nova-consoleauth
+    - nova-scheduler
+
+# restart swift
+- name: restart swift
+  service: name={{ item }} state=restarted enabled=yes
+  with_items:
+    - swift-proxy
+    - memcached