diff options
Diffstat (limited to 'deploy/adapters/ansible/openstack_newton_xenial/roles')
21 files changed, 1274 insertions, 63 deletions
diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/aodh/templates/aodh.conf.j2 b/deploy/adapters/ansible/openstack_newton_xenial/roles/aodh/templates/aodh.conf.j2 index d4d232be..b580d78c 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/aodh/templates/aodh.conf.j2 +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/aodh/templates/aodh.conf.j2 @@ -35,12 +35,22 @@ token_cache_time = 300 revocation_cache_time = 60 [service_credentials] -os_auth_url = http://{{ internal_vip.ip }}:5000/v2.0 +os_auth_url = http://{{ internal_vip.ip }}:5000/v3 os_username = aodh os_tenant_name = service os_password = {{ AODH_PASS }} os_endpoint_type = internalURL os_region_name = RegionOne +auth_type = password +auth_url = http://{{ internal_vip.ip }}:5000/v3 +project_domain_name = default +user_domain_name = default +project_name = service +username = aodh +password = {{ AODH_PASS }} +interface = internalURL +region_name = RegionOne + [api] host = {{ internal_ip }} diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/cinder-controller/templates/cinder.conf b/deploy/adapters/ansible/openstack_newton_xenial/roles/cinder-controller/templates/cinder.conf new file mode 100644 index 00000000..d428a078 --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/cinder-controller/templates/cinder.conf @@ -0,0 +1,85 @@ +{% set memcached_servers = [] %} +{% for host in haproxy_hosts.values() %} +{% set _ = memcached_servers.append('%s:11211'% host) %} +{% endfor %} +{% set memcached_servers = memcached_servers|join(',') %} + +[DEFAULT] +rootwrap_config = /etc/cinder/rootwrap.conf +api_paste_confg = /etc/cinder/api-paste.ini +iscsi_helper = tgtadm +volume_name_template = volume-%s +volume_group = storage-volumes +verbose = {{ VERBOSE }} +debug = {{ DEBUG }} +auth_strategy = keystone +state_path = /var/lib/cinder +lock_path = /var/lock/cinder +notification_driver = cinder.openstack.common.notifier.rpc_notifier +volumes_dir = /var/lib/cinder/volumes +transport_url = rabbit://{{ RABBIT_USER }}:{{ RABBIT_PASS }}@{{ rabbit_host }} +log_file = /var/log/cinder/cinder.log + +control_exchange = cinder +rpc_backend = rabbit +my_ip = {{ storage_controller_host }} + +glance_host = {{ internal_vip.ip }} +glance_port = 9292 +api_rate_limit = False +storage_availability_zone = nova + +quota_volumes = 10 +quota_gigabytes = 1000 +quota_driver = cinder.quota.DbQuotaDriver + +osapi_volume_listen = {{ storage_controller_host }} +osapi_volume_listen_port = 8776 + +db_backend = sqlalchemy +volume_name_template = volume-%s +snapshot_name_template = snapshot-%s + +max_gigabytes = 10000 + +volume_clear = zero +volume_clear_size = 10 + +iscsi_ip_address = {{ storage_controller_host }} +iscsi_port = 3260 +iscsi_helper = tgtadm + +volumes_dir = /var/lib/cinder/volumes +volume_driver = cinder.volume.drivers.lvm.LVMISCSIDriver + +[database] +connection = mysql://cinder:{{ CINDER_DBPASS }}@{{ db_host }}/cinder +idle_timeout = 30 + +[keystone_authtoken] +auth_uri = http://{{ internal_vip.ip }}:5000 +auth_url = http://{{ internal_vip.ip }}:35357 +memcached_servers = {{ memcached_servers }} +auth_type = password +project_domain_name = default +user_domain_name = default +project_name = service +username = cinder +password = {{ CINDER_PASS }} + +identity_uri = http://{{ internal_vip.ip }}:35357 +admin_tenant_name = service +admin_user = cinder +admin_password = {{ CINDER_PASS }} + +[keymgr] +encryption_auth_url=http://{{ internal_vip.ip }}:5000/v3 + +[oslo_messaging_rabbit] +rabbit_host = {{ rabbit_host }} +rabbit_port = 5672 +rabbit_userid = {{ RABBIT_USER }} +rabbit_password = {{ RABBIT_PASS }} + +[oslo_concurrency] +lock_path = /var/lib/cinder/tmp diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/cinder-volume/templates/cinder.conf b/deploy/adapters/ansible/openstack_newton_xenial/roles/cinder-volume/templates/cinder.conf new file mode 100644 index 00000000..e4f98e82 --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/cinder-volume/templates/cinder.conf @@ -0,0 +1,82 @@ +{% set memcached_servers = [] %} +{% for host in haproxy_hosts.values() %} +{% set _ = memcached_servers.append('%s:11211'% host) %} +{% endfor %} +{% set memcached_servers = memcached_servers|join(',') %} + +[DEFAULT] +rootwrap_config = /etc/cinder/rootwrap.conf +api_paste_confg = /etc/cinder/api-paste.ini +iscsi_helper = tgtadm +volume_name_template = volume-%s +volume_group = storage-volumes +verbose = True +auth_strategy = keystone +state_path = /var/lib/cinder +lock_path = /var/lib/cinder/tmp +notification_driver=cinder.openstack.common.notifier.rpc_notifier +volumes_dir = /var/lib/cinder/volumes +transport_url = rabbit://{{ RABBIT_USER }}:{{ RABBIT_PASS }}@{{ rabbit_host }} +log_file=/var/log/cinder/cinder.log + +control_exchange = cinder +rpc_backend = rabbit +my_ip = {{ storage_controller_host }} + +glance_host = {{ internal_vip.ip }} +glance_port = 9292 +glance_api_servers = http://{{ internal_vip.ip }}:9292 +api_rate_limit = False +storage_availability_zone = nova + +quota_volumes = 10 +quota_gigabytes = 1000 +quota_driver = cinder.quota.DbQuotaDriver + +osapi_volume_listen = {{ storage_controller_host }} +osapi_volume_listen_port = 8776 + +db_backend = sqlalchemy +volume_name_template = volume-%s +snapshot_name_template = snapshot-%s + +max_gigabytes = 10000 + +volume_clear = zero +volume_clear_size = 10 + +iscsi_ip_address = {{ storage_controller_host }} +iscsi_port=3260 +iscsi_helper=tgtadm + +volumes_dir=/var/lib/cinder/volumes +volume_driver=cinder.volume.drivers.lvm.LVMISCSIDriver + +[database] +connection = mysql://cinder:{{ CINDER_DBPASS }}@{{ db_host }}/cinder +idle_timeout = 30 + +[keystone_authtoken] +auth_uri = http://{{ internal_vip.ip }}:5000 +auth_url = http://{{ internal_vip.ip }}:35357 +memcached_servers = {{ memcached_servers }} +auth_type = password +project_domain_name = default +user_domain_name = default +project_name = service +username = cinder +password = {{ CINDER_PASS }} + +identity_uri = http://{{ internal_vip.ip }}:35357 +admin_tenant_name = service +admin_user = cinder +admin_password = {{ CINDER_PASS }} + +[lvm] +volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver +volume_group = cinder-volumes +iscsi_protocol = iscsi +iscsi_helper = tgtadm + +[oslo_concurrency] +lock_path = /var/lib/cinder/tmp diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/dashboard/tasks/main.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/dashboard/tasks/main.yml new file mode 100644 index 00000000..9be6fd6c --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/dashboard/tasks/main.yml @@ -0,0 +1,106 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- include_vars: "{{ ansible_os_family }}.yml" + +- name: disable auto start + copy: + content: "#!/bin/sh\nexit 101" + dest: "/usr/sbin/policy-rc.d" + mode: 0755 + when: ansible_os_family == "Debian" + +- name: install dashboard packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: packages | union(packages_noarch) + +- name: enable auto start + file: + path=/usr/sbin/policy-rc.d + state=absent + when: ansible_os_family == "Debian" + +- name: remove ubuntu theme + action: "{{ ansible_pkg_mgr }} name=openstack-dashboard-ubuntu-theme state=absent" + when: ansible_os_family == 'Debian' and not enable_ubuntu_theme + notify: + - restart dashboard services + +- name: remove default apache2 config + file: + path: '{{ item }}' + state: absent + when: ansible_os_family == 'Debian' + with_items: + - '{{ apache_config_dir }}/conf-available/openstack-dashboard.conf' + - '{{ apache_config_dir }}/conf-enabled/openstack-dashboard.conf' + - '{{ apache_config_dir }}/sites-available/000-default.conf' + - '{{ apache_config_dir }}/sites-enabled/000-default.conf' + notify: + - restart dashboard services + +- name: update apache2 configs + template: + src: openstack-dashboard.conf.j2 + dest: '{{ apache_config_dir }}/sites-available/openstack-dashboard.conf' + when: ansible_os_family == 'Debian' + notify: + - restart dashboard services + +- name: update apache2 configs redhat + template: + src: openstack-dashboard-redhat.conf.j2 + dest: '{{ apache_config_dir }}/conf.d/openstack-dashboard.conf' + when: ansible_os_family == 'RedHat' + notify: + - restart dashboard services + +- name: enable dashboard + file: + src: "/etc/apache2/sites-available/openstack-dashboard.conf" + dest: "/etc/apache2/sites-enabled/openstack-dashboard.conf" + state: "link" + when: ansible_os_family == 'Debian' + notify: + - restart dashboard services + +- name: update ubuntu horizon settings + template: + src: local_settings.py.j2 + dest: "/etc/openstack-dashboard/local_settings.py" + when: ansible_os_family == 'Debian' + notify: + - restart dashboard services + +- name: precompile horizon css + shell: /usr/bin/python /usr/share/openstack-dashboard/manage.py compress --force + ignore_errors: True + when: ansible_os_family == 'Debian' + notify: + - restart dashboard services + +- name: update redhat version horizon settings + lineinfile: + dest: /etc/openstack-dashboard/local_settings + regexp: '{{ item.regexp }}' + line: '{{ item.line }}' + with_items: + - regexp: '^WEBROOT[ \t]*=.*' + line: 'WEBROOT = "/horizon"' + - regexp: '^COMPRESS_OFFLINE[ \t]*=.*' + line: 'COMPRESS_OFFLINE=False' + - regexp: '^ALLOWED_HOSTS[ \t]*=.*' + line: 'ALLOWED_HOSTS = ["*"]' + - regexp: '^OPENSTACK_HOST[ \t]*=.*' + line: 'OPENSTACK_HOST = "{{ internal_ip }}"' + when: ansible_os_family == 'RedHat' + notify: + - restart dashboard services + +- meta: flush_handlers diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/dashboard/templates/local_settings.py.j2 b/deploy/adapters/ansible/openstack_newton_xenial/roles/dashboard/templates/local_settings.py.j2 new file mode 100644 index 00000000..7278d5c2 --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/dashboard/templates/local_settings.py.j2 @@ -0,0 +1,326 @@ +# -*- coding: utf-8 -*- + +import os + +from django.utils.translation import ugettext_lazy as _ + +from horizon.utils import secret_key + +from openstack_dashboard import exceptions +from openstack_dashboard.settings import HORIZON_CONFIG + +DEBUG = False + +WEBROOT = '/' + +LOCAL_PATH = os.path.dirname(os.path.abspath(__file__)) + +SECRET_KEY = secret_key.generate_or_read_from_file('/var/lib/openstack-dashboard/secret_key') + +SESSION_ENGINE = 'django.contrib.sessions.backends.cache' + +CACHES = { + 'default': { + 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', + 'LOCATION': '{{ internal_vip.ip }}:11211', + }, +} + +EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' + +OPENSTACK_HOST = "{{ internal_ip }}" +OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST +OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default" +OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_" +OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True + +OPENSTACK_API_VERSIONS = { + "identity": 3, + "image": 2, + "volume": 2, +} + +OPENSTACK_KEYSTONE_BACKEND = { + 'name': 'native', + 'can_edit_user': True, + 'can_edit_group': True, + 'can_edit_project': True, + 'can_edit_domain': True, + 'can_edit_role': True, +} + +OPENSTACK_HYPERVISOR_FEATURES = { + 'can_set_mount_point': False, + 'can_set_password': False, + 'requires_keypair': False, + 'enable_quotas': True +} + +OPENSTACK_CINDER_FEATURES = { + 'enable_backup': False, +} + +OPENSTACK_NEUTRON_NETWORK = { + 'enable_router': True, + 'enable_quotas': True, + 'enable_ipv6': True, + 'enable_distributed_router': False, + 'enable_ha_router': False, + 'enable_lb': True, + 'enable_firewall': True, + 'enable_vpn': True, + 'enable_fip_topology_check': True, + 'profile_support': None, + 'supported_vnic_types': ['*'], +} + +OPENSTACK_HEAT_STACK = { + 'enable_user_pass': True, +} + +IMAGE_CUSTOM_PROPERTY_TITLES = { + "architecture": _("Architecture"), + "kernel_id": _("Kernel ID"), + "ramdisk_id": _("Ramdisk ID"), + "image_state": _("Euca2ools state"), + "project_id": _("Project ID"), + "image_type": _("Image Type"), +} + +IMAGE_RESERVED_CUSTOM_PROPERTIES = [] + +API_RESULT_LIMIT = 1000 +API_RESULT_PAGE_SIZE = 20 +SWIFT_FILE_TRANSFER_CHUNK_SIZE = 512 * 1024 +INSTANCE_LOG_LENGTH = 35 +DROPDOWN_MAX_ITEMS = 30 + +TIME_ZONE = "UTC" + +LOGGING = { + 'version': 1, + 'disable_existing_loggers': False, + 'formatters': { + 'operation': { + 'format': '%(asctime)s %(message)s' + }, + }, + 'handlers': { + 'null': { + 'level': 'DEBUG', + 'class': 'logging.NullHandler', + }, + 'console': { + 'level': 'INFO', + 'class': 'logging.StreamHandler', + }, + 'operation': { + 'level': 'INFO', + 'class': 'logging.StreamHandler', + 'formatter': 'operation', + }, + }, + 'loggers': { + 'django.db.backends': { + 'handlers': ['null'], + 'propagate': False, + }, + 'requests': { + 'handlers': ['null'], + 'propagate': False, + }, + 'horizon': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'horizon.operation_log': { + 'handlers': ['operation'], + 'level': 'INFO', + 'propagate': False, + }, + 'openstack_dashboard': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'novaclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'cinderclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'keystoneclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'glanceclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'neutronclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'heatclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'ceilometerclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'swiftclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'openstack_auth': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'nose.plugins.manager': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'django': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'iso8601': { + 'handlers': ['null'], + 'propagate': False, + }, + 'scss': { + 'handlers': ['null'], + 'propagate': False, + }, + }, +} + +SECURITY_GROUP_RULES = { + 'all_tcp': { + 'name': _('All TCP'), + 'ip_protocol': 'tcp', + 'from_port': '1', + 'to_port': '65535', + }, + 'all_udp': { + 'name': _('All UDP'), + 'ip_protocol': 'udp', + 'from_port': '1', + 'to_port': '65535', + }, + 'all_icmp': { + 'name': _('All ICMP'), + 'ip_protocol': 'icmp', + 'from_port': '-1', + 'to_port': '-1', + }, + 'ssh': { + 'name': 'SSH', + 'ip_protocol': 'tcp', + 'from_port': '22', + 'to_port': '22', + }, + 'smtp': { + 'name': 'SMTP', + 'ip_protocol': 'tcp', + 'from_port': '25', + 'to_port': '25', + }, + 'dns': { + 'name': 'DNS', + 'ip_protocol': 'tcp', + 'from_port': '53', + 'to_port': '53', + }, + 'http': { + 'name': 'HTTP', + 'ip_protocol': 'tcp', + 'from_port': '80', + 'to_port': '80', + }, + 'pop3': { + 'name': 'POP3', + 'ip_protocol': 'tcp', + 'from_port': '110', + 'to_port': '110', + }, + 'imap': { + 'name': 'IMAP', + 'ip_protocol': 'tcp', + 'from_port': '143', + 'to_port': '143', + }, + 'ldap': { + 'name': 'LDAP', + 'ip_protocol': 'tcp', + 'from_port': '389', + 'to_port': '389', + }, + 'https': { + 'name': 'HTTPS', + 'ip_protocol': 'tcp', + 'from_port': '443', + 'to_port': '443', + }, + 'smtps': { + 'name': 'SMTPS', + 'ip_protocol': 'tcp', + 'from_port': '465', + 'to_port': '465', + }, + 'imaps': { + 'name': 'IMAPS', + 'ip_protocol': 'tcp', + 'from_port': '993', + 'to_port': '993', + }, + 'pop3s': { + 'name': 'POP3S', + 'ip_protocol': 'tcp', + 'from_port': '995', + 'to_port': '995', + }, + 'ms_sql': { + 'name': 'MS SQL', + 'ip_protocol': 'tcp', + 'from_port': '1433', + 'to_port': '1433', + }, + 'mysql': { + 'name': 'MYSQL', + 'ip_protocol': 'tcp', + 'from_port': '3306', + 'to_port': '3306', + }, + 'rdp': { + 'name': 'RDP', + 'ip_protocol': 'tcp', + 'from_port': '3389', + 'to_port': '3389', + }, +} + +REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES', + 'LAUNCH_INSTANCE_DEFAULTS', + 'OPENSTACK_IMAGE_FORMATS'] + +DEFAULT_THEME = 'ubuntu' +WEBROOT='/horizon/' +ALLOWED_HOSTS = ['*',] +COMPRESS_OFFLINE = True +ALLOWED_PRIVATE_SUBNET_CIDR = {'ipv4': [], 'ipv6': []} diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/ext-network/tasks/main.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/ext-network/tasks/main.yml index a8bce16e..2c61ff66 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/ext-network/tasks/main.yml +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/ext-network/tasks/main.yml @@ -18,37 +18,27 @@ - name: restart neutron server service: name=neutron-server state=restarted enabled=yes +- name: wait for neutron ready + wait_for: port=9696 delay=10 timeout=30 host={{ internal_vip.ip }} + - name: create external net - neutron_network: - login_username: ADMIN - login_password: "{{ ADMIN_PASS }}" - login_tenant_name: admin - auth_url: "http://{{ internal_vip.ip }}:35357/v2.0" - name: "{{ public_net_info.network }}" - provider_network_type: "{{ public_net_info.type }}" - provider_physical_network: "{{ public_net_info.provider_network }}" - provider_segmentation_id: "{{ public_net_info.segment_id}}" - shared: false - router_external: yes - state: present - run_once: true - when: 'public_net_info.enable == True' + shell: + . /opt/admin-openrc.sh; + neutron net-create \ + {{ public_net_info.network }} \ + --provider:network_type {{ public_net_info.type }} \ + --provider:physical_network {{ public_net_info.provider_network }} \ + --router:external True + when: public_net_info.enable == True and inventory_hostname == groups['controller'][0] - name: create external subnet - neutron_subnet: - login_username: ADMIN - login_password: "{{ ADMIN_PASS }}" - login_tenant_name: admin - auth_url: "http://{{ internal_vip.ip }}:35357/v2.0" - name: "{{ public_net_info.subnet }}" - network_name: "{{ public_net_info.network }}" - cidr: "{{ public_net_info.floating_ip_cidr }}" - enable_dhcp: "{{ public_net_info.enable_dhcp }}" - no_gateway: "{{ public_net_info.no_gateway }}" - gateway_ip: "{{ public_net_info.external_gw }}" - allocation_pool_start: "{{ public_net_info.floating_ip_start }}" - allocation_pool_end: "{{ public_net_info.floating_ip_end }}" - state: present - run_once: true - when: 'public_net_info.enable == True' + shell: + . /opt/admin-openrc.sh; + neutron subnet-create \ + --name {{ public_net_info.subnet }} \ + --gateway {{ public_net_info.external_gw }} \ + --allocation-pool \ + start={{ public_net_info.floating_ip_start }},end={{ public_net_info.floating_ip_end }} \ + {{ public_net_info.network }} {{ public_net_info.floating_ip_cidr }} + when: public_net_info.enable == True and inventory_hostname == groups['controller'][0] diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/glance/templates/glance-api.conf b/deploy/adapters/ansible/openstack_newton_xenial/roles/glance/templates/glance-api.conf new file mode 100644 index 00000000..241f04ce --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/glance/templates/glance-api.conf @@ -0,0 +1,93 @@ +{% set workers = ansible_processor_vcpus // 2 %} +{% set workers = workers if workers else 1 %} +{% set memcached_servers = [] %} +{% set rabbitmq_servers = [] %} +{% for host in haproxy_hosts.values() %} +{% set _ = memcached_servers.append('%s:11211'% host) %} +{% set _ = rabbitmq_servers.append('%s:5672'% host) %} +{% endfor %} +{% set memcached_servers = memcached_servers|join(',') %} +{% set rabbitmq_servers = rabbitmq_servers|join(',') %} + +[DEFAULT] +verbose = {{ VERBOSE }} +debug = {{ DEBUG }} +log_file = /var/log/glance/api.log +bind_host = {{ image_host }} +bind_port = 9292 +backlog = 4096 +workers = {{ workers }} +registry_host = {{ internal_ip }} +registry_port = 9191 +registry_client_protocol = http +cinder_catalog_info = volume:cinder:internalURL + +enable_v1_api = True +enable_v1_registry = True +enable_v2_api = True +enable_v2_registry = True + +notification_driver = messagingv2 +rpc_backend = rabbit + +delayed_delete = False +scrubber_datadir = /var/lib/glance/scrubber +scrub_time = 43200 +image_cache_dir = /var/lib/glance/image-cache/ +show_image_direct_url = True + +[database] +backend = sqlalchemy +connection = mysql://glance:{{ GLANCE_DBPASS }}@{{ db_host }}/glance?charset=utf8 +idle_timeout = 30 +sqlite_db = /var/lib/glance/glance.sqlite + +[task] +task_executor = taskflow + +[glance_store] +default_store = file +stores = file,http,cinder,rbd +filesystem_store_datadir = /var/lib/glance/images/ + +[image_format] +disk_formats = ami,ari,aki,vhd,vhdx,vmdk,raw,qcow2,vdi,iso,root-tar + +[profiler] +enabled = True + +[keystone_authtoken] +auth_uri = http://{{ internal_vip.ip }}:5000 +auth_url = http://{{ internal_vip.ip }}:35357 +memcached_servers = {{ memcached_servers }} +auth_type = password +project_domain_name = default +user_domain_name = default +project_name = service +username = glance +password = {{ GLANCE_PASS }} +token_cache_time = 300 +revocation_cache_time = 60 + +identity_uri = http://{{ internal_vip.ip }}:35357 +admin_tenant_name = service +admin_user = glance +admin_password = {{ GLANCE_PASS }} + +[paste_deploy] +flavor= keystone + +[oslo_messaging_amqp] +idle_timeout = 7200 + +[oslo_messaging_rabbit] +rabbit_hosts = {{ rabbitmq_servers }} +rabbit_use_ssl = false +rabbit_userid = {{ RABBIT_USER }} +rabbit_password = {{ RABBIT_PASS }} +rabbit_virtual_host = / +default_notification_exchange = glance + +rabbit_notification_exchange = glance +rabbit_notification_topic = notifications +rabbit_durable_queues = False diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/glance/templates/glance-registry.conf b/deploy/adapters/ansible/openstack_newton_xenial/roles/glance/templates/glance-registry.conf new file mode 100644 index 00000000..ccd8f1bb --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/glance/templates/glance-registry.conf @@ -0,0 +1,64 @@ +{% set workers = ansible_processor_vcpus // 2 %} +{% set workers = workers if workers else 1 %} +{% set memcached_servers = [] %} +{% set rabbitmq_servers = [] %} +{% for host in haproxy_hosts.values() %} +{% set _ = memcached_servers.append('%s:11211'% host) %} +{% set _ = rabbitmq_servers.append('%s:5672'% host) %} +{% endfor %} +{% set memcached_servers = memcached_servers|join(',') %} +{% set rabbitmq_servers = rabbitmq_servers|join(',') %} + +[DEFAULT] +verbose = {{ VERBOSE }} +debug = {{ DEBUG }} +log_file = /var/log/glance/api.log +bind_host = {{ image_host }} +bind_port = 9191 +backlog = 4096 +workers = {{ workers }} + +notification_driver = messagingv2 +rpc_backend = rabbit + +[database] +backend = sqlalchemy +connection = mysql://glance:{{ GLANCE_DBPASS }}@{{ db_host }}/glance?charset=utf8 +idle_timeout = 30 + +[profiler] +enabled = True + +[keystone_authtoken] +auth_uri = http://{{ internal_vip.ip }}:5000 +auth_url = http://{{ internal_vip.ip }}:35357 +memcached_servers = {{ memcached_servers }} +auth_type = password +project_domain_name = default +user_domain_name = default +project_name = service +username = glance +password = {{ GLANCE_PASS }} + +identity_uri = http://{{ internal_vip.ip }}:35357 +admin_tenant_name = service +admin_user = glance +admin_password = {{ GLANCE_PASS }} +token_cache_time = 300 +revocation_cache_time = 60 + +[paste_deploy] +flavor= keystone + +[oslo_messaging_amqp] +idle_timeout = 7200 + +[oslo_messaging_rabbit] +rabbit_hosts = {{ rabbitmq_servers }} +rabbit_use_ssl = false +rabbit_userid = {{ RABBIT_USER }} +rabbit_password = {{ RABBIT_PASS }} +rabbit_virtual_host = / +rabbit_notification_exchange = glance +rabbit_notification_topic = notifications +rabbit_durable_queues = False diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/heat/tasks/heat_install.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/heat/tasks/heat_install.yml index b90e6402..6a0f1c73 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/heat/tasks/heat_install.yml +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/heat/tasks/heat_install.yml @@ -21,7 +21,7 @@ - name: create heat user domain shell: > - . /opt/admin-openrc-v3.sh; + . /opt/admin-openrc.sh; openstack domain create --description "Stack projects and users" heat; openstack user create --domain heat --password {{ HEAT_PASS }} heat_domain_admin; openstack role add --domain heat --user-domain heat --user heat_domain_admin admin; diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/heat/templates/heat.j2 b/deploy/adapters/ansible/openstack_newton_xenial/roles/heat/templates/heat.j2 index 62df9fd9..72d4b61e 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/heat/templates/heat.j2 +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/heat/templates/heat.j2 @@ -1,10 +1,13 @@ +{% set memcached_servers = [] %} +{% for host in haproxy_hosts.values() %} +{% set _ = memcached_servers.append('%s:11211'% host) %} +{% endfor %} +{% set memcached_servers = memcached_servers|join(',') %} + [DEFAULT] heat_metadata_server_url = http://{{ internal_vip.ip }}:8000 heat_waitcondition_server_url = http://{{ internal_vip.ip }}:8000/v1/waitcondition rpc_backend = rabbit -rabbit_host = {{ rabbit_host }} -rabbit_userid = {{ RABBIT_USER }} -rabbit_password = {{ RABBIT_PASS }} log_dir = /var/log/heat stack_domain_admin = heat_domain_admin stack_domain_admin_password = {{ HEAT_PASS }} @@ -17,12 +20,35 @@ use_db_reconnect = True pool_timeout = 10 [ec2authtoken] -auth_uri = http://{{ internal_vip.ip }}:5000/v2.0 +auth_uri = http://{{ internal_vip.ip }}:5000 + +[clients_keystone] +auth_uri = http://{{ internal_vip.ip }}:35357 [keystone_authtoken] -auth_uri = http://{{ internal_vip.ip }}:5000/v2.0 +auth_uri = http://{{ internal_vip.ip }}:5000 +auth_url = http://{{ internal_vip.ip }}:35357 +memcached_servers = {{ memcached_servers }} +auth_type = password +project_domain_name = default +user_domain_name = default +project_name = service +username = heat +password = {{ HEAT_PASS }} + identity_uri = http://{{ internal_vip.ip }}:35357 admin_tenant_name = service admin_user = heat admin_password = {{ HEAT_PASS }} +[oslo_messaging_rabbit] +rabbit_host = {{ rabbit_host }} +rabbit_userid = {{ RABBIT_USER }} +rabbit_password = {{ RABBIT_PASS }} + +[trustee] +auth_type = password +auth_url = http://{{ internal_vip.ip }}:35357 +username = heat +password = {{ HEAT_PASS }} +user_domain_name = default diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/tasks/keystone_config.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/tasks/keystone_config.yml new file mode 100644 index 00000000..35c84ce8 --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/tasks/keystone_config.yml @@ -0,0 +1,101 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- include_vars: "{{ ansible_os_family }}.yml" + +- name: keystone-manage db-sync + shell: su -s /bin/sh -c 'keystone-manage db_sync' keystone + +- name: Check if fernet keys already exist + stat: + path: "/etc/keystone/fernet-keys/0" + register: fernet_keys_0 + +- name: Create fernet keys for Keystone + command: + keystone-manage fernet_setup + --keystone-user keystone + --keystone-group keystone + when: not fernet_keys_0.stat.exists + notify: + - restart keystone services + +- name: Rotate fernet keys for Keystone + command: + keystone-manage fernet_rotate + --keystone-user keystone + --keystone-group keystone + when: fernet_keys_0.stat.exists + notify: + - restart keystone services + +- name: Distribute the fernet key repository + shell: rsync -e 'ssh -o StrictHostKeyChecking=no' \ + -avz \ + --delete \ + /etc/keystone/fernet-keys \ + root@{{ hostvars[ item ].ansible_eth0.ipv4.address }}:/etc/keystone/ + with_items: groups['controller'][1:] + notify: + - restart keystone services + +- name: Check if credential keys already exist + stat: + path: "/etc/keystone/credential-keys/0" + register: credential_keys_0 + +- name: Create credential keys for Keystone + command: + keystone-manage credential_setup + --keystone-user keystone + --keystone-group keystone + when: not credential_keys_0.stat.exists + notify: + - restart keystone services + +- name: Rotate credential keys for Keystone + command: + keystone-manage credential_rotate + --keystone-user keystone + --keystone-group keystone + when: credential_keys_0.stat.exists + notify: + - restart keystone services + +- name: Distribute the credential key repository + shell: rsync -e 'ssh -o StrictHostKeyChecking=no' \ + -avz \ + --delete \ + /etc/keystone/credential-keys \ + root@{{ hostvars[ item ].ansible_eth0.ipv4.address }}:/etc/keystone/ + with_items: groups['controller'][1:] + notify: + - restart keystone services + +- name: Bootstrap the Identity service + shell: + keystone-manage bootstrap \ + --bootstrap-password {{ ADMIN_PASS }} \ + --bootstrap-admin-url http://{{ internal_ip }}:35357/v3/ \ + --bootstrap-internal-url http://{{ internal_ip }}:35357/v3/ \ + --bootstrap-public-url http://{{ internal_ip }}:5000/v3/ + --bootstrap-region-id RegionOne \ + notify: + - restart keystone services + +- meta: flush_handlers + +- name: wait for keystone ready + wait_for: port=35357 delay=3 timeout=30 host={{ internal_vip.ip }} + +- name: cron job to purge expired tokens hourly + cron: + name: 'purge expired tokens' + special_time: hourly + job: '/usr/bin/keystone-manage token_flush > /var/log/keystone/keystone-tokenflush.log 2>&1' diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/tasks/keystone_create.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/tasks/keystone_create.yml new file mode 100644 index 00000000..53077776 --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/tasks/keystone_create.yml @@ -0,0 +1,93 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: set keystone endpoint + shell: + . /opt/admin-openrc.sh; + openstack endpoint set \ + --interface public \ + --url {{ item.publicurl }} \ + $(openstack endpoint list | grep keystone | grep public | awk '{print $2}'); + openstack endpoint set \ + --interface internal \ + --url {{ item.internalurl }} \ + $(openstack endpoint list | grep keystone | grep internal | awk '{print $2}'); + openstack endpoint set \ + --interface admin \ + --url {{ item.adminurl }} \ + $(openstack endpoint list | grep keystone | grep admin | awk '{print $2}'); + with_items: "{{ os_services[0:1] }}" + +- name: add service + shell: + . /opt/admin-openrc.sh; + openstack service create \ + --name "{{ item.name }}" + --description "{{ item.description }}" \ + {{ item.type }} + with_items: "{{ os_services[1:] }}" + +- name: add project + shell: + . /opt/admin-openrc.sh; + openstack project create --description "Service Project" service; + openstack project create --domain default --description "Demo Project" demo; + +- name: set admin user + shell: + . /opt/admin-openrc.sh; + openstack user set \ + --email "{{ item.email }}" \ + --project "{{ item.tenant }}" \ + --description "{{ item.tenant_description }}" \ + --password "{{ item.password }}" \ + {{ item.user }} + with_items: "{{ os_users }}" + when: item["user"] == "admin" + +- name: add user + shell: + . /opt/admin-openrc.sh; + openstack user create \ + --email "{{ item.email }}" \ + --project "{{ item.tenant }}" \ + --description "{{ item.tenant_description }}" \ + --password "{{ item.password }}" \ + {{ item.user }} + with_items: "{{ os_users[1:] }}" + +- name: add roles + shell: + . /opt/admin-openrc.sh; + openstack role create {{ item.role }} + with_items: "{{ os_users }}" + when: item["user"] == "demo" + +- name: grant roles + shell: + . /opt/admin-openrc.sh; + openstack role add \ + --project "{{ item.tenant }}" \ + --user "{{ item.user }}" \ + {{ item.role }} + with_items: "{{ os_users }}" + +- name: add endpoints + shell: + . /opt/admin-openrc.sh; + openstack endpoint create \ + --region {{ item.region }} \ + {{ item.name }} public {{ item.publicurl }}; + openstack endpoint create \ + --region {{ item.region }} \ + {{ item.name }} internal {{ item.internalurl }}; + openstack endpoint create \ + --region {{ item.region }} \ + {{ item.name }} admin {{ item.adminurl }}; + with_items: "{{ os_services[1:] }}" diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/tasks/keystone_install.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/tasks/keystone_install.yml index 8ff087ce..e9a36d42 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/tasks/keystone_install.yml +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/tasks/keystone_install.yml @@ -93,6 +93,5 @@ with_items: - admin-openrc.sh - demo-openrc.sh - - admin-openrc-v3.sh - meta: flush_handlers diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/tasks/main.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/tasks/main.yml new file mode 100644 index 00000000..ad619d40 --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/tasks/main.yml @@ -0,0 +1,30 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- include: keystone_install.yml + tags: + - install + - keystone_install + - keystone + +- include: keystone_config.yml + when: inventory_hostname == groups['controller'][0] + tags: + - config + - keystone_config + - keystone + +- include: keystone_create.yml + when: inventory_hostname == groups['controller'][0] + tags: + - config + - keystone_create + - keystone + +- meta: flush_handlers diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/templates/admin-openrc.sh b/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/templates/admin-openrc.sh new file mode 100644 index 00000000..94d5850f --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/templates/admin-openrc.sh @@ -0,0 +1,18 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +# Verify the Identity Service installation +export OS_PROJECT_DOMAIN_NAME=default +export OS_USER_DOMAIN_NAME=default +export OS_TENANT_NAME=admin +export OS_PROJECT_NAME=admin +export OS_USERNAME=admin +export OS_PASSWORD={{ ADMIN_PASS }} +export OS_AUTH_URL=http://{{ internal_vip.ip }}:35357/v3 +export OS_IDENTITY_API_VERSION=3 +export OS_IMAGE_API_VERSION=2 diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/templates/demo-openrc.sh b/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/templates/demo-openrc.sh new file mode 100644 index 00000000..920f42ed --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/templates/demo-openrc.sh @@ -0,0 +1,17 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +export OS_PROJECT_DOMAIN_NAME=default +export OS_USER_DOMAIN_NAME=default +export OS_TENANT_NAME=demo +export OS_PROJECT_NAME=demo +export OS_USERNAME=demo +export OS_PASSWORD={{ DEMO_PASS }} +export OS_AUTH_URL=http://{{ internal_vip.ip }}:5000/v3 +export OS_IDENTITY_API_VERSION=3 +export OS_IMAGE_API_VERSION=2 diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/templates/keystone.conf b/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/templates/keystone.conf new file mode 100644 index 00000000..919be344 --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/templates/keystone.conf @@ -0,0 +1,60 @@ +{% set memcached_servers = [] %} +{% set rabbitmq_servers = [] %} +{% for host in haproxy_hosts.values() %} +{% set _ = memcached_servers.append('%s:11211'% host) %} +{% set _ = rabbitmq_servers.append('%s:5672'% host) %} +{% endfor %} +{% set memcached_servers = memcached_servers|join(',') %} +{% set rabbitmq_servers = rabbitmq_servers|join(',') %} +[DEFAULT] +debug={{ DEBUG }} +log_dir = /var/log/keystone + +[cache] +backend = keystone.cache.memcache_pool +memcache_servers = {{ memcached_servers}} +enabled=true + +[revoke] +driver = sql +expiration_buffer = 3600 +caching = true + +[database] +connection = mysql://keystone:{{ KEYSTONE_DBPASS }}@{{ db_host }}/keystone?charset=utf8 +idle_timeout = 30 +min_pool_size = 5 +max_pool_size = 120 +pool_timeout = 30 + +[fernet_tokens] +key_repository = /etc/keystone/fernet-keys/ + +[identity] +default_domain_id = default +driver = sql + +[assignment] +driver = sql + +[resource] +driver = sql +caching = true +cache_time = 3600 + +[token] +enforce_token_bind = permissive +expiration = 43200 +provider = fernet +driver = sql +caching = true +cache_time = 3600 + +[eventlet_server] +public_bind_host = {{ identity_host }} +admin_bind_host = {{ identity_host }} + +[oslo_messaging_rabbit] +rabbit_userid = {{ RABBIT_USER }} +rabbit_password = {{ RABBIT_PASS }} +rabbit_hosts = {{ rabbitmq_servers }} diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/vars/main.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/vars/main.yml index 79ed06fe..90977372 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/vars/main.yml +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/vars/main.yml @@ -17,9 +17,9 @@ os_services: type: identity region: RegionOne description: "OpenStack Identity" - publicurl: "http://{{ public_vip.ip }}:5000/v2.0" - internalurl: "http://{{ internal_vip.ip }}:5000/v2.0" - adminurl: "http://{{ internal_vip.ip }}:35357/v2.0" + publicurl: "http://{{ public_vip.ip }}:5000/v3" + internalurl: "http://{{ internal_vip.ip }}:5000/v3" + adminurl: "http://{{ internal_vip.ip }}:35357/v3" - name: glance type: image @@ -33,9 +33,9 @@ os_services: type: compute region: RegionOne description: "OpenStack Compute" - publicurl: "http://{{ public_vip.ip }}:8774/v2/%(tenant_id)s" - internalurl: "http://{{ internal_vip.ip }}:8774/v2/%(tenant_id)s" - adminurl: "http://{{ internal_vip.ip }}:8774/v2/%(tenant_id)s" + publicurl: "http://{{ public_vip.ip }}:8774/v2.1/%\\(tenant_id\\)s" + internalurl: "http://{{ internal_vip.ip }}:8774/v2.1/%\\(tenant_id\\)s" + adminurl: "http://{{ internal_vip.ip }}:8774/v2.1/%\\(tenant_id\\)s" - name: neutron type: network @@ -65,25 +65,25 @@ os_services: type: volume region: RegionOne description: "OpenStack Block Storage" - publicurl: "http://{{ public_vip.ip }}:8776/v1/%(tenant_id)s" - internalurl: "http://{{ internal_vip.ip }}:8776/v1/%(tenant_id)s" - adminurl: "http://{{ internal_vip.ip }}:8776/v1/%(tenant_id)s" + publicurl: "http://{{ public_vip.ip }}:8776/v1/%\\(tenant_id\\)s" + internalurl: "http://{{ internal_vip.ip }}:8776/v1/%\\(tenant_id\\)s" + adminurl: "http://{{ internal_vip.ip }}:8776/v1/%\\(tenant_id\\)s" - name: cinderv2 type: volumev2 region: RegionOne description: "OpenStack Block Storage v2" - publicurl: "http://{{ public_vip.ip }}:8776/v2/%(tenant_id)s" - internalurl: "http://{{ internal_vip.ip }}:8776/v2/%(tenant_id)s" - adminurl: "http://{{ internal_vip.ip }}:8776/v2/%(tenant_id)s" + publicurl: "http://{{ public_vip.ip }}:8776/v2/%\\(tenant_id\\)s" + internalurl: "http://{{ internal_vip.ip }}:8776/v2/%\\(tenant_id\\)s" + adminurl: "http://{{ internal_vip.ip }}:8776/v2/%\\(tenant_id\\)s" - name: heat type: orchestration region: RegionOne description: "OpenStack Orchestration" - publicurl: "http://{{ public_vip.ip }}:8004/v1/%(tenant_id)s" - internalurl: "http://{{ internal_vip.ip }}:8004/v1/%(tenant_id)s" - adminurl: "http://{{ internal_vip.ip }}:8004/v1/%(tenant_id)s" + publicurl: "http://{{ public_vip.ip }}:8004/v1/%\\(tenant_id\\)s" + internalurl: "http://{{ internal_vip.ip }}:8004/v1/%\\(tenant_id\\)s" + adminurl: "http://{{ internal_vip.ip }}:8004/v1/%\\(tenant_id\\)s" - name: heat-cfn type: cloudformation @@ -97,9 +97,9 @@ os_services: # type: object-store # region: RegionOne # description: "OpenStack Object Storage" -# publicurl: "http://{{ public_vip.ip }}:8080/v1/AUTH_%(tenant_id)s" -# internalurl: "http://{{ internal_vip.ip }}:8080/v1/AUTH_%(tenant_id)s" -# adminurl: "http://{{ internal_vip.ip }}:8080/v1/AUTH_%(tenant_id)s" +# publicurl: "http://{{ public_vip.ip }}:8080/v1/AUTH_%\\(tenant_id\\)s" +# internalurl: "http://{{ internal_vip.ip }}:8080/v1/AUTH_%\\(tenant_id\\)s" +# adminurl: "http://{{ internal_vip.ip }}:8080/v1/AUTH_%\\(tenant_id\\)s" os_users: - user: admin @@ -178,3 +178,4 @@ os_users: # role: admin # tenant: service # tenant_description: "Service Tenant" + diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/neutron-controller/tasks/neutron_install.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/neutron-controller/tasks/neutron_install.yml index 0a30af7a..917a8356 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/neutron-controller/tasks/neutron_install.yml +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/neutron-controller/tasks/neutron_install.yml @@ -31,12 +31,9 @@ with_items: services | union(services_noarch) - name: get tenant id to fill neutron.conf - shell: openstack project show \ - --os-username=admin \ - --os-password=console \ - --os-auth-url=http://{{ internal_vip.ip }}:35357/v2.0 \ - --os-tenant-name=admin \ - service | grep id | awk '{print $4}' + shell: + . /opt/admin-openrc.sh; + openstack project show service | grep id | sed -n "2,1p" | awk '{print $4}' register: NOVA_ADMIN_TENANT_ID - name: update neutron conf diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/nova-compute/templates/nova.conf b/deploy/adapters/ansible/openstack_newton_xenial/roles/nova-compute/templates/nova.conf new file mode 100644 index 00000000..5f8fb887 --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/nova-compute/templates/nova.conf @@ -0,0 +1,113 @@ +{% set memcached_servers = [] %} +{% for host in haproxy_hosts.values() %} +{% set _ = memcached_servers.append('%s:11211'% host) %} +{% endfor %} +{% set memcached_servers = memcached_servers|join(',') %} + +[DEFAULT] +dhcpbridge_flagfile=/etc/nova/nova.conf +dhcpbridge=/usr/bin/nova-dhcpbridge +log-dir=/var/log/nova +state_path=/var/lib/nova +force_dhcp_release=True +verbose={{ VERBOSE }} +ec2_private_dns_show_ip=True +enabled_apis=osapi_compute,metadata + +auth_strategy = keystone +my_ip = {{ internal_ip }} +use_neutron = True +firewall_driver = nova.virt.firewall.NoopFirewallDriver +transport_url = rabbit://openstack:{{ RABBIT_PASS }}@{{ rabbit_host }} +default_floating_pool={{ public_net_info.network }} +metadata_listen={{ internal_ip }} +linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver + +iscsi_helper=tgtadm +connection_type=libvirt +root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf +debug={{ DEBUG }} +volumes_path=/var/lib/nova/volumes +rpc_backend = rabbit +rabbit_host = {{ rabbit_host }} +rabbit_userid = {{ RABBIT_USER }} +rabbit_password = {{ RABBIT_PASS }} +osapi_compute_listen={{ internal_ip }} +network_api_class = nova.network.neutronv2.api.API +security_group_api = neutron +instance_usage_audit = True +instance_usage_audit_period = hour +notify_on_state_change = vm_and_task_state +notification_driver = nova.openstack.common.notifier.rpc_notifier +notification_driver = ceilometer.compute.nova_notifier +memcached_servers = {{ memcached_servers }} + +[database] +# The SQLAlchemy connection string used to connect to the database +connection = mysql://nova:{{ NOVA_DBPASS }}@{{ db_host }}/nova +idle_timeout = 30 +pool_timeout = 10 +use_db_reconnect = True + +[api_database] +connection = mysql://nova:{{ NOVA_DBPASS }}@{{ db_host }}/nova_api +idle_timeout = 30 +pool_timeout = 10 +use_db_reconnect = True + +[oslo_concurrency] +lock_path=/var/lib/nova/tmp + +[libvirt] +use_virtio_for_bridges=True + +[wsgi] +api_paste_config=/etc/nova/api-paste.ini + +[keystone_authtoken] +auth_uri = http://{{ internal_vip.ip }}:5000 +auth_url = http://{{ internal_vip.ip }}:35357 +memcached_servers = {{ memcached_servers }} +auth_type = password +project_domain_name = default +user_domain_name = default +project_name = service +username = nova +password = {{ NOVA_PASS }} + +identity_uri = http://{{ internal_vip.ip }}:35357 +admin_tenant_name = service +admin_user = nova +admin_password = {{ NOVA_PASS }} + +[vnc] +enabled = True +vncserver_listen = {{ internal_ip }} +vncserver_proxyclient_address = {{ internal_ip }} +novncproxy_base_url = http://{{ public_vip.ip }}:6080/vnc_auto.html +novncproxy_host = {{ internal_ip }} +novncproxy_port = 6080 + +[glance] +api_servers = http://{{ internal_vip.ip }}:9292 +host = {{ internal_vip.ip }} + +[neutron] +url = http://{{ internal_vip.ip }}:9696 +auth_url = http://{{ internal_vip.ip }}:35357 +auth_type = password +project_domain_name = default +user_domain_name = default +region_name = RegionOne +project_name = service +username = neutron +password = {{ NEUTRON_PASS }} +service_metadata_proxy = True +metadata_proxy_shared_secret = {{ METADATA_SECRET }} + +auth_strategy = keystone +admin_tenant_name = service +admin_username = neutron +admin_password = {{ NEUTRON_PASS }} +admin_auth_url = http://{{ internal_vip.ip }}:35357/v3 + diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/tacker/templates/tacker.j2 b/deploy/adapters/ansible/openstack_newton_xenial/roles/tacker/templates/tacker.j2 index f1d9125b..ae0f644a 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/tacker/templates/tacker.j2 +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/tacker/templates/tacker.j2 @@ -286,7 +286,7 @@ notification_driver = tacker.openstack.common.notifier.rpc_notifier # notify_nova_on_port_data_changes = True # URL for connection to nova (Only supports one nova region currently). -# nova_url = http://127.0.0.1:8774/v2 +# nova_url = http://127.0.0.1:8774/v3 # Name of nova region to use. Useful if keystone manages more than one region # nova_region_name = |