diff options
Diffstat (limited to 'deploy/adapters/ansible/roles/congress')
13 files changed, 0 insertions, 845 deletions
diff --git a/deploy/adapters/ansible/roles/congress/handlers/main.yml b/deploy/adapters/ansible/roles/congress/handlers/main.yml deleted file mode 100755 index b4ea8e90..00000000 --- a/deploy/adapters/ansible/roles/congress/handlers/main.yml +++ /dev/null @@ -1,12 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: restart congress services - service: name={{ item }} state=restarted enabled=yes - with_items: "{{ services | union(services_noarch) }}" diff --git a/deploy/adapters/ansible/roles/congress/tasks/congress_database.yml b/deploy/adapters/ansible/roles/congress/tasks/congress_database.yml deleted file mode 100755 index 009e3488..00000000 --- a/deploy/adapters/ansible/roles/congress/tasks/congress_database.yml +++ /dev/null @@ -1,34 +0,0 @@ -############################################################################# -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: create congress db - mysql_db: - login_unix_socket: /var/run/mysqld/mysqld.sock - name: "{{ item.db }}" - state: present - with_items: "{{ congress_database }}" - -- name: create congress db user - mysql_user: - login_unix_socket: /var/run/mysqld/mysqld.sock - name: "{{ item[0].user }}" - password: "{{ item[0].password }}" - priv: "*.*:ALL,GRANT" - host: "{{ item[1] }}" - state: present - with_nested: - - "{{ congress_database }}" - - ['%', 'localhost'] - -- name: congress db sync - shell: | - "{{ congress_path }}"/congress-db-manage \ - --config-file /etc/congress/congress.conf upgrade head - notify: - - restart congress services diff --git a/deploy/adapters/ansible/roles/congress/tasks/congress_install.yml b/deploy/adapters/ansible/roles/congress/tasks/congress_install.yml deleted file mode 100755 index 40d5d78e..00000000 --- a/deploy/adapters/ansible/roles/congress/tasks/congress_install.yml +++ /dev/null @@ -1,39 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: install congress packages - pip: name={{ item }} state=present - with_items: "{{ pip_packages | union(packages_noarch) }}" - -- name: create congress etc directory - file: path=/etc/congress state=directory - -- name: update congress conf - template: src={{ item }} dest=/etc/congress/{{ item }} - backup=yes - with_items: - - congress.conf - - api-paste.ini - - policy.json - notify: - - restart congress services - -- name: create congress service - template: src=congress.service dest=/lib/systemd/system/ - notify: - - restart congress services - -- name: create congress service work dir - file: path=/var/lib/congress state=directory - -- name: link the congress service - file: - src: /lib/systemd/system/congress.service - dest: /etc/systemd/system/multi-user.target.wants/congress.service - state: link diff --git a/deploy/adapters/ansible/roles/congress/tasks/congress_keystone.yml b/deploy/adapters/ansible/roles/congress/tasks/congress_keystone.yml deleted file mode 100755 index b7f00b88..00000000 --- a/deploy/adapters/ansible/roles/congress/tasks/congress_keystone.yml +++ /dev/null @@ -1,70 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################### ---- -- name: add service - os_keystone_service: - cloud: opnfv - name: "{{ item.name }}" - description: "{{ item.description }}" - service_type: "{{ item.type }}" - with_items: "{{ congress_service }}" - -- name: add user - os_user: - cloud: opnfv - domain: default - name: "{{ item.user }}" - password: "{{ item.password }}" - default_project: "{{ item.tenant }}" - email: "{{ item.email }}" - with_items: "{{ congress_user }}" - -- name: grant roles - os_user_role: - cloud: opnfv - user: "{{ item.user }}" - role: "{{ item.role }}" - project: "{{ item.tenant }}" - with_items: "{{ congress_user }}" - -- name: create admin url for service's endpoint - keystone_endpoint: - cloud: opnfv - endpoint_type: admin - name: "{{ item.name }}" - service_type: "{{ item.type }}" - state: present - interface: admin - region: "{{ item.region}}" - url: "{{ item.adminurl }}" - with_items: "{{ congress_service }}" - -- name: create internal url for service's endpoint - keystone_endpoint: - cloud: opnfv - endpoint_type: admin - name: "{{ item.name }}" - service_type: "{{ item.type }}" - state: present - interface: internal - region: "{{ item.region}}" - url: "{{ item.internalurl }}" - with_items: "{{ congress_service }}" - -- name: create public url for service'e endpoint - keystone_endpoint: - cloud: opnfv - endpoint_type: admin - name: "{{ item.name }}" - service_type: "{{ item.type }}" - state: present - interface: public - region: "{{ item.region}}" - url: "{{ item.publicurl }}" - with_items: "{{ congress_service }}" diff --git a/deploy/adapters/ansible/roles/congress/tasks/congress_start.yml b/deploy/adapters/ansible/roles/congress/tasks/congress_start.yml deleted file mode 100755 index 1d7d5e52..00000000 --- a/deploy/adapters/ansible/roles/congress/tasks/congress_start.yml +++ /dev/null @@ -1,12 +0,0 @@ -############################################################################## -## Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -## -## All rights reserved. This program and the accompanying materials -## are made available under the terms of the Apache License, Version 2.0 -## which accompanies this distribution, and is available at -## http://www.apache.org/licenses/LICENSE-2.0 -############################################################################### ---- -- name: start congress services - service: name={{ item }} state=started enabled=yes - with_items: "{{ services | union(services_noarch) }}" diff --git a/deploy/adapters/ansible/roles/congress/tasks/main.yml b/deploy/adapters/ansible/roles/congress/tasks/main.yml deleted file mode 100755 index 6aad108f..00000000 --- a/deploy/adapters/ansible/roles/congress/tasks/main.yml +++ /dev/null @@ -1,39 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - tags: - - install - - start - -- include: congress_install.yml - tags: - - install - -- include: congress_keystone.yml - when: - - inventory_hostname == haproxy_hosts.keys()[0] - tags: - - keystone - -- include: congress_database.yml - when: - - inventory_hostname == haproxy_hosts.keys()[0] - tags: - - database - -- include: congress_start.yml - tags: - - start - -- meta: flush_handlers - tags: - - install - - keystone - - database diff --git a/deploy/adapters/ansible/roles/congress/templates/api-paste.ini b/deploy/adapters/ansible/roles/congress/templates/api-paste.ini deleted file mode 100755 index 39be570b..00000000 --- a/deploy/adapters/ansible/roles/congress/templates/api-paste.ini +++ /dev/null @@ -1,34 +0,0 @@ -[composite:congress] -use = egg:Paste#urlmap -/: congressversions -/v1: congress_api_v1 - -[pipeline:congressversions] -pipeline = cors catch_errors congressversionapp - -[app:congressversionapp] -paste.app_factory = congress.api.versions:Versions.factory - -[composite:congress_api_v1] -use = call:congress.auth:pipeline_factory -keystone = cors request_id catch_errors authtoken keystonecontext congress_api -noauth = cors request_id catch_errors congress_api - -[app:congress_api] -paste.app_factory = congress.service:congress_app_factory - -[filter:request_id] -paste.filter_factory = oslo_middleware:RequestId.factory - -[filter:catch_errors] -paste.filter_factory = oslo_middleware:CatchErrors.factory - -[filter:keystonecontext] -paste.filter_factory = congress.auth:CongressKeystoneContext.factory - -[filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory - -[filter:cors] -paste.filter_factory = oslo_middleware.cors:filter_factory -oslo_config_project = congress diff --git a/deploy/adapters/ansible/roles/congress/templates/congress.conf b/deploy/adapters/ansible/roles/congress/templates/congress.conf deleted file mode 100755 index 0305b418..00000000 --- a/deploy/adapters/ansible/roles/congress/templates/congress.conf +++ /dev/null @@ -1,510 +0,0 @@ -{% set memcached_servers = [] %} -{% set rabbitmq_servers = [] %} -{% for host in haproxy_hosts.values() %} -{% set _ = memcached_servers.append('%s:11211'% host) %} -{% set _ = rabbitmq_servers.append('%s:5672'% host) %} -{% endfor %} -{% set memcached_servers = memcached_servers|join(',') %} -{% set rabbitmq_servers = rabbitmq_servers|join(',') %} -[DEFAULT] - -# -# From congress -# -# The host IP to bind to (string tmq_serversvalue) -bind_host = {{ internal_ip }} - -# The port to bind to (port value) -# Minimum value: 0 -# Maximum value: 65535 -bind_port = 1789 - -# Thread pool size for eventlet. (integer value) -#max_simultaneous_requests = 1024 - -# Set this to true to enable TCP_KEEALIVE socket option on connections received -# by the API server. (boolean value) -#tcp_keepalive = false - -# Sets the value of TCP_KEEPIDLE in seconds for each server socket. Only -# applies if tcp_keepalive is true. Not supported on OS X. (integer value) -#tcp_keepidle = 600 - -# The path to the latest policy dump (string value) -policy_path = /etc/congress/policy.json - -# The file containing datasource configuration (string value) -#datasource_file = <None> - -# The absolute path to the congress repo (string value) -#root_path = <None> - -# The number of worker processes to serve the congress API application. -# (integer value) -#api_workers = 1 - -# The API paste config file to use (string value) -#api_paste_config = api-paste.ini - -# The type of authentication to use (string value) -auth_strategy = keystone - -# List of driver class paths to import. (list value) -drivers = congress.datasources.neutronv2_driver.NeutronV2Driver,congress.datasources.glancev2_driver.GlanceV2Driver,congress.datasources.nova_driver.NovaDriver,congress.datasources.keystone_driver.KeystoneDriver,congress.datasources.ceilometer_driver.CeilometerDriver,congress.datasources.cinder_driver.CinderDriver,congress.datasources.swift_driver.SwiftDriver,congress.datasources.plexxi_driver.PlexxiDriver,congress.datasources.vCenter_driver.VCenterDriver,congress.datasources.cloudfoundryv2_driver.CloudFoundryV2Driver,congress.datasources.murano_driver.MuranoDriver,congress.datasources.ironic_driver.IronicDriver - - -# The number of seconds to wait between synchronizing datasource config from -# the database (integer value) -#datasource_sync_period = 0 - -# Sets the flag to False if you don't want the congress to execute actions. -# (boolean value) -#enable_execute_action = true - -# The flag to use congress new distributed architecture.Don't set it to True in -# L release since the new architecture is under implementation. (boolean value) -#distributed_architecture = false - -# Explicitly specify the temporary working directory (string value) -#tempdir = <None> - -# Make exception message format errors fatal (boolean value) -#fatal_exception_format_errors = false - -# -# From oslo.log -# - -# If set to true, the logging level will be set to DEBUG instead of the default -# INFO level. (boolean value) -# Note: This option can be changed without restarting. -debug = True - -# DEPRECATED: If set to false, the logging level will be set to WARNING instead -# of the default INFO level. (boolean value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -#verbose = true - -# The name of a logging configuration file. This file is appended to any -# existing logging configuration files. For details about logging configuration -# files, see the Python logging module documentation. Note that when logging -# configuration files are used then all logging configuration is set in the -# configuration file and other logging configuration options are ignored (for -# example, logging_context_format_string). (string value) -# Note: This option can be changed without restarting. -# Deprecated group/name - [DEFAULT]/log_config -#log_config_append = <None> - -# Defines the format string for %%(asctime)s in log records. Default: -# %(default)s . This option is ignored if log_config_append is set. (string -# value) -#log_date_format = %Y-%m-%d %H:%M:%S - -# (Optional) Name of log file to send logging output to. If no default is set, -# logging will go to stderr as defined by use_stderr. This option is ignored if -# log_config_append is set. (string value) -# Deprecated group/name - [DEFAULT]/logfile -log_file = congress.log - -# (Optional) The base directory used for relative log_file paths. This option -# is ignored if log_config_append is set. (string value) -# Deprecated group/name - [DEFAULT]/logdir -log_dir = /var/log/congress - -# Uses logging handler designed to watch file system. When log file is moved or -# removed this handler will open a new log file with specified path -# instantaneously. It makes sense only if log_file option is specified and -# Linux platform is used. This option is ignored if log_config_append is set. -# (boolean value) -#watch_log_file = false - -# Use syslog for logging. Existing syslog format is DEPRECATED and will be -# changed later to honor RFC5424. This option is ignored if log_config_append -# is set. (boolean value) -#use_syslog = false - -# Syslog facility to receive log lines. This option is ignored if -# log_config_append is set. (string value) -#syslog_log_facility = LOG_USER - -# Log output to standard error. This option is ignored if log_config_append is -# set. (boolean value) -#use_stderr = true - -# Format string to use for log messages with context. (string value) -#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages when context is undefined. (string -# value) -#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Additional data to append to log message when logging level for the message -# is DEBUG. (string value) -#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format. (string value) -#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s - -# Defines the format string for %(user_identity)s that is used in -# logging_context_format_string. (string value) -#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s - -# List of package logging levels in logger=LEVEL pairs. This option is ignored -# if log_config_append is set. (list value) -#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO - -# Enables or disables publication of error events. (boolean value) -#publish_errors = false - -# The format for an instance that is passed with the log message. (string -# value) -#instance_format = "[instance: %(uuid)s] " - -# The format for an instance UUID that is passed with the log message. (string -# value) -#instance_uuid_format = "[instance: %(uuid)s] " - -# Enables or disables fatal status of deprecations. (boolean value) -#fatal_deprecations = false - - -[cors] - -# -# From oslo.middleware.cors -# - -# Indicate whether this resource may be shared with the domain received in the -# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing -# slash. Example: https://horizon.example.com (list value) -#allowed_origin = <None> - -# Indicate that the actual request can include user credentials (boolean value) -#allow_credentials = true - -# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple -# Headers. (list value) -#expose_headers = X-Auth-Token,X-OpenStack-Request-ID,X-Subject-Token,X-Service-Token - -# Maximum cache age of CORS preflight requests. (integer value) -#max_age = 3600 - -# Indicate which methods can be used during the actual request. (list value) -#allow_methods = GET,PUT,POST,DELETE,PATCH - -# Indicate which header field names may be used during the actual request. -# (list value) -#allow_headers = X-Auth-Token,X-OpenStack-Request-ID,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id - - -[cors.subdomain] - -# -# From oslo.middleware.cors -# - -# Indicate whether this resource may be shared with the domain received in the -# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing -# slash. Example: https://horizon.example.com (list value) -#allowed_origin = <None> - -# Indicate that the actual request can include user credentials (boolean value) -#allow_credentials = true - -# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple -# Headers. (list value) -#expose_headers = X-Auth-Token,X-OpenStack-Request-ID,X-Subject-Token,X-Service-Token - -# Maximum cache age of CORS preflight requests. (integer value) -#max_age = 3600 - -# Indicate which methods can be used during the actual request. (list value) -#allow_methods = GET,PUT,POST,DELETE,PATCH - -# Indicate which header field names may be used during the actual request. -# (list value) -#allow_headers = X-Auth-Token,X-OpenStack-Request-ID,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id - - -[database] - -# -# From oslo.db -# - -# DEPRECATED: The file name to use with SQLite. (string value) -# Deprecated group/name - [DEFAULT]/sqlite_db -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Should use config option connection or slave_connection to connect -# the database. -#sqlite_db = oslo.sqlite - -# If True, SQLite uses synchronous mode. (boolean value) -# Deprecated group/name - [DEFAULT]/sqlite_synchronous -#sqlite_synchronous = true - -# The back end to use for the database. (string value) -# Deprecated group/name - [DEFAULT]/db_backend -#backend = sqlalchemy - -# The SQLAlchemy connection string to use to connect to the database. (string -# value) -# Deprecated group/name - [DEFAULT]/sql_connection -# Deprecated group/name - [DATABASE]/sql_connection -# Deprecated group/name - [sql]/connection -connection = mysql+pymysql://congress:{{ CONGRESS_DBPASS }}@{{ db_host }}/congress - -# The SQLAlchemy connection string to use to connect to the slave database. -# (string value) -#slave_connection = <None> - -# The SQL mode to be used for MySQL sessions. This option, including the -# default, overrides any server-set SQL mode. To use whatever SQL mode is set -# by the server configuration, set this to no value. Example: mysql_sql_mode= -# (string value) -#mysql_sql_mode = TRADITIONAL - -# Timeout before idle SQL connections are reaped. (integer value) -# Deprecated group/name - [DEFAULT]/sql_idle_timeout -# Deprecated group/name - [DATABASE]/sql_idle_timeout -# Deprecated group/name - [sql]/idle_timeout -#idle_timeout = 3600 - -# Minimum number of SQL connections to keep open in a pool. (integer value) -# Deprecated group/name - [DEFAULT]/sql_min_pool_size -# Deprecated group/name - [DATABASE]/sql_min_pool_size -#min_pool_size = 1 - -# Maximum number of SQL connections to keep open in a pool. Setting a value of -# 0 indicates no limit. (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_pool_size -# Deprecated group/name - [DATABASE]/sql_max_pool_size -#max_pool_size = 5 - -# Maximum number of database connection retries during startup. Set to -1 to -# specify an infinite retry count. (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_retries -# Deprecated group/name - [DATABASE]/sql_max_retries -#max_retries = 10 - -# Interval between retries of opening a SQL connection. (integer value) -# Deprecated group/name - [DEFAULT]/sql_retry_interval -# Deprecated group/name - [DATABASE]/reconnect_interval -#retry_interval = 10 - -# If set, use this value for max_overflow with SQLAlchemy. (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_overflow -# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow -#max_overflow = 50 - -# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer -# value) -# Minimum value: 0 -# Maximum value: 100 -# Deprecated group/name - [DEFAULT]/sql_connection_debug -#connection_debug = 0 - -# Add Python stack traces to SQL as comment strings. (boolean value) -# Deprecated group/name - [DEFAULT]/sql_connection_trace -#connection_trace = false - -# If set, use this value for pool_timeout with SQLAlchemy. (integer value) -# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout -#pool_timeout = <None> - -# Enable the experimental use of database reconnect on connection lost. -# (boolean value) -#use_db_reconnect = false - -# Seconds between retries of a database transaction. (integer value) -#db_retry_interval = 1 - -# If True, increases the interval between retries of a database operation up to -# db_max_retry_interval. (boolean value) -#db_inc_retry_interval = true - -# If db_inc_retry_interval is set, the maximum seconds between retries of a -# database operation. (integer value) -#db_max_retry_interval = 10 - -# Maximum retries in case of connection error or deadlock error before error is -# raised. Set to -1 to specify an infinite retry count. (integer value) -#db_max_retries = 20 - - -[keystone_authtoken] - -# -# From keystonemiddleware.auth_token -# - -# Complete "public" Identity API endpoint. This endpoint should not be an -# "admin" endpoint, as it should be accessible by all end users. -# Unauthenticated clients are redirected to this endpoint to authenticate. -# Although this endpoint should ideally be unversioned, client support in the -# wild varies. If you're using a versioned v2 endpoint here, then this should -# *not* be the same endpoint the service user utilizes for validating tokens, -# because normal end users may not be able to reach that endpoint. (string -# value) -auth_uri = http://{{ internal_vip.ip }}:5000 -auth_url = http://{{ internal_vip.ip }}:35357 -memcached_servers = {{ memcached_servers }} -project_name = service -password = {{ CONGRESS_PASS }} -username = congress -auth_type = password -# API version of the admin Identity API endpoint. (string value) - -# Do not handle authorization requests within the middleware, but delegate the -# authorization decision to downstream WSGI components. (boolean value) -#delay_auth_decision = false - -# Request timeout value for communicating with Identity API server. (integer -# value) -#http_connect_timeout = <None> - -# How many times are we trying to reconnect when communicating with Identity -# API Server. (integer value) -#http_request_max_retries = 3 - -# Request environment key where the Swift cache object is stored. When -# auth_token middleware is deployed with a Swift cache, use this option to have -# the middleware share a caching backend with swift. Otherwise, use the -# ``memcached_servers`` option instead. (string value) -#cache = <None> - -# Required if identity server requires client certificate (string value) -#certfile = <None> - -# Required if identity server requires client certificate (string value) -#keyfile = <None> - -# A PEM encoded Certificate Authority to use when verifying HTTPs connections. -# Defaults to system CAs. (string value) -#cafile = <None> - -# Verify HTTPS connections. (boolean value) -#insecure = false - -# The region in which the identity server can be found. (string value) -#region_name = <None> - -# Directory used to cache files related to PKI tokens. (string value) -#signing_dir = <None> - -# Optionally specify a list of memcached server(s) to use for caching. If left -# undefined, tokens will instead be cached in-process. (list value) -# Deprecated group/name - [keystone_authtoken]/memcache_servers -#memcached_servers = <None> - -# In order to prevent excessive effort spent validating tokens, the middleware -# caches previously-seen tokens for a configurable duration (in seconds). Set -# to -1 to disable caching completely. (integer value) -#token_cache_time = 300 - -# Determines the frequency at which the list of revoked tokens is retrieved -# from the Identity service (in seconds). A high number of revocation events -# combined with a low cache duration may significantly reduce performance. Only -# valid for PKI tokens. (integer value) -#revocation_cache_time = 10 - -# (Optional) If defined, indicate whether token data should be authenticated or -# authenticated and encrypted. If MAC, token data is authenticated (with HMAC) -# in the cache. If ENCRYPT, token data is encrypted and authenticated in the -# cache. If the value is not one of these options or empty, auth_token will -# raise an exception on initialization. (string value) -# Allowed values: None, MAC, ENCRYPT -#memcache_security_strategy = None - -# (Optional, mandatory if memcache_security_strategy is defined) This string is -# used for key derivation. (string value) -#memcache_secret_key = <None> - -# (Optional) Number of seconds memcached server is considered dead before it is -# tried again. (integer value) -#memcache_pool_dead_retry = 300 - -# (Optional) Maximum total number of open connections to every memcached -# server. (integer value) -#memcache_pool_maxsize = 10 - -# (Optional) Socket timeout in seconds for communicating with a memcached -# server. (integer value) -#memcache_pool_socket_timeout = 3 - -# (Optional) Number of seconds a connection to memcached is held unused in the -# pool before it is closed. (integer value) -#memcache_pool_unused_timeout = 60 - -# (Optional) Number of seconds that an operation will wait to get a memcached -# client connection from the pool. (integer value) -#memcache_pool_conn_get_timeout = 10 - -# (Optional) Use the advanced (eventlet safe) memcached client pool. The -# advanced pool will only work under python 2.x. (boolean value) -#memcache_use_advanced_pool = false - -# (Optional) Indicate whether to set the X-Service-Catalog header. If False, -# middleware will not ask for service catalog on token validation and will not -# set the X-Service-Catalog header. (boolean value) -#include_service_catalog = true - -# Used to control the use and type of token binding. Can be set to: "disabled" -# to not check token binding. "permissive" (default) to validate binding -# information if the bind type is of a form known to the server and ignore it -# if not. "strict" like "permissive" but if the bind type is unknown the token -# will be rejected. "required" any form of token binding is needed to be -# allowed. Finally the name of a binding method that must be present in tokens. -# (string value) -#enforce_token_bind = permissive - -# If true, the revocation list will be checked for cached tokens. This requires -# that PKI tokens are configured on the identity server. (boolean value) -#check_revocations_for_cached = false - -# Hash algorithms to use for hashing PKI tokens. This may be a single algorithm -# or multiple. The algorithms are those supported by Python standard -# hashlib.new(). The hashes will be tried in the order given, so put the -# preferred one first for performance. The result of the first hash will be -# stored in the cache. This will typically be set to multiple values only while -# migrating from a less secure algorithm to a more secure one. Once all the old -# tokens are expired this option should be set to a single value for better -# performance. (list value) -#hash_algorithms = md5 - -# Authentication type to load (string value) -# Deprecated group/name - [keystone_authtoken]/auth_plugin -#auth_type = <None> - -# Config Section from which to load plugin specific options (string value) -#auth_section = <None> - - -[oslo_policy] - -# -# From oslo.policy -# - -# The JSON file that defines policies. (string value) -# Deprecated group/name - [DEFAULT]/policy_file -#policy_file = policy.json - -# Default rule. Enforced when a requested rule is not found. (string value) -# Deprecated group/name - [DEFAULT]/policy_default_rule -#policy_default_rule = default - -# Directories where policy configuration files are stored. They can be relative -# to any directory in the search path defined by the config_dir option, or -# absolute paths. The file defined by policy_file must exist for these -# directories to be searched. Missing or empty directories are ignored. (multi -# valued) -# Deprecated group/name - [DEFAULT]/policy_dirs -#policy_dirs = policy.d - -[oslo_messaging_rabbit] -rabbit_userid = {{ RABBIT_USER }} -rabbit_password = {{ RABBIT_PASS }} -rabbit_hosts = {{ rabbitmq_servers }} diff --git a/deploy/adapters/ansible/roles/congress/templates/congress.service b/deploy/adapters/ansible/roles/congress/templates/congress.service deleted file mode 100755 index f92ee1b6..00000000 --- a/deploy/adapters/ansible/roles/congress/templates/congress.service +++ /dev/null @@ -1,19 +0,0 @@ -[Unit] -Description=OpenStack Congress server -After= - -[Service] -User=root -Group=root -Type=simple -WorkingDirectory=/var/lib/congress -PermissionsStartOnly=true -ExecStartPre=/bin/mkdir -p /var/lock/congress /var/log/congress /var/lib/congress -ExecStartPre=/usr/bin/touch /var/log/congress/congress.log -ExecStart={{ congress_path }}/congress-server --config-file /etc/congress/congress.conf -Restart=on-failure -LimitNOFILE=65535 -TimeoutStopSec=15 - -[Install] -WantedBy=multi-user.target diff --git a/deploy/adapters/ansible/roles/congress/templates/policy.json b/deploy/adapters/ansible/roles/congress/templates/policy.json deleted file mode 100755 index 4476051d..00000000 --- a/deploy/adapters/ansible/roles/congress/templates/policy.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "context_is_admin": "role:admin", - "admin_only": "rule:context_is_admin", - "regular_user": "", - "default": "rule:admin_only" -} diff --git a/deploy/adapters/ansible/roles/congress/vars/Debian.yml b/deploy/adapters/ansible/roles/congress/vars/Debian.yml deleted file mode 100755 index 1f0820c8..00000000 --- a/deploy/adapters/ansible/roles/congress/vars/Debian.yml +++ /dev/null @@ -1,18 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -pip_packages: - - congress - - python-congressclient - - python-cloudfoundryclient - -services: - - congress - -congress_path: /usr/local/bin diff --git a/deploy/adapters/ansible/roles/congress/vars/RedHat.yml b/deploy/adapters/ansible/roles/congress/vars/RedHat.yml deleted file mode 100755 index 0b5e9678..00000000 --- a/deploy/adapters/ansible/roles/congress/vars/RedHat.yml +++ /dev/null @@ -1,18 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -pip_packages: - - congress - - python-congressclient - - python-cloudfoundryclient - -services: - - congress - -congress_path: /usr/bin diff --git a/deploy/adapters/ansible/roles/congress/vars/main.yml b/deploy/adapters/ansible/roles/congress/vars/main.yml deleted file mode 100755 index 18c4c845..00000000 --- a/deploy/adapters/ansible/roles/congress/vars/main.yml +++ /dev/null @@ -1,34 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -packages_noarch: [] - -services_noarch: [] - -congress_service: - - name: congress - type: policy - region: RegionOne - description: "OpenStack Policy Service" - publicurl: "http://{{ public_vip.ip }}:1789" - internalurl: "http://{{ internal_vip.ip }}:1789" - adminurl: "http://{{ internal_vip.ip }}:1789" - -congress_user: - - user: congress - password: "{{ CONGRESS_PASS }}" - email: congress@admin.com - role: admin - tenant: service - tenant_description: "Service Tenant" - -congress_database: - - user: congress - db: congress - password: "{{ CONGRESS_DBPASS }}" |