diff options
Diffstat (limited to 'deploy/adapters/ansible')
35 files changed, 634 insertions, 57 deletions
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2 b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2 new file mode 100755 index 00000000..89a70686 --- /dev/null +++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2 @@ -0,0 +1,18 @@ +{% set work_threads = (ansible_processor_vcpus + 1) // 2 %} +{% if work_threads > 10 %} + set work_threads = 10 +{% endif %} + +<VirtualHost {{ internal_ip }}:80> + WSGIScriptAlias /horizon {{ horizon_dir }}/wsgi/django.wsgi + WSGIDaemonProcess horizon user=horizon group=horizon processes=4 threads={{ work_threads }} + WSGIProcessGroup horizon + Alias /static {{ horizon_dir }}/static/ + Alias /horizon/static {{ horizon_dir }}/static/ + <Directory {{ horizon_dir }}/wsgi> + Order allow,deny + Allow from all + </Directory> +</VirtualHost> + + diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/templates/wsgi-keystone.conf.j2 b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/templates/wsgi-keystone.conf.j2 new file mode 100644 index 00000000..f5f9d339 --- /dev/null +++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/templates/wsgi-keystone.conf.j2 @@ -0,0 +1,50 @@ +{% set work_threads = (ansible_processor_vcpus + 1) // 2 %} +{% if work_threads > 10 %} + set work_threads = 10 +{% endif %} + +<VirtualHost {{ internal_ip }}:5000> + WSGIDaemonProcess keystone-public processes=4 threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP} + WSGIProcessGroup keystone-public + WSGIScriptAlias / /usr/bin/keystone-wsgi-public + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + <IfVersion >= 2.4> + ErrorLogFormat "%{cu}t %M" + </IfVersion> + ErrorLog /var/log/{{ http_service_name }}/keystone.log + CustomLog /var/log/{{ http_service_name }}/keystone_access.log combined + + <Directory /usr/bin> + <IfVersion >= 2.4> + Require all granted + </IfVersion> + <IfVersion < 2.4> + Order allow,deny + Allow from all + </IfVersion> + </Directory> +</VirtualHost> + +<VirtualHost {{ internal_ip }}:35357> + WSGIDaemonProcess keystone-admin processes=4 threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP} + WSGIProcessGroup keystone-admin + WSGIScriptAlias / /usr/bin/keystone-wsgi-admin + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + <IfVersion >= 2.4> + ErrorLogFormat "%{cu}t %M" + </IfVersion> + ErrorLog /var/log/{{ http_service_name }}/keystone.log + CustomLog /var/log/{{ http_service_name }}/keystone_access.log combined + + <Directory /usr/bin> + <IfVersion >= 2.4> + Require all granted + </IfVersion> + <IfVersion < 2.4> + Order allow,deny + Allow from all + </IfVersion> + </Directory> +</VirtualHost> diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/files/controllers.py b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/files/controllers.py index b4466ef6..f6ec8be5 100644 --- a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/files/controllers.py +++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/files/controllers.py @@ -7,7 +7,7 @@ from keystone.common import controller from keystone import config from keystone import exception from keystone.models import token_model -from keystone.contrib.moon.exception import * # noqa +from keystone.contrib.moon.exception import * # noqa: F403 from oslo_log import log from uuid import uuid4 import requests @@ -17,7 +17,7 @@ CONF = config.CONF LOG = log.getLogger(__name__) -@dependency.requires('configuration_api') +@dependency.requires('configuration_api') # noqa: F405 class Configuration(controller.V3Controller): collection_name = 'configurations' member_name = 'configuration' @@ -48,7 +48,7 @@ class Configuration(controller.V3Controller): user_id) -@dependency.requires('tenant_api', 'resource_api') +@dependency.requires('tenant_api', 'resource_api') # noqa: F405 class Tenants(controller.V3Controller): def __init__(self): @@ -152,7 +152,7 @@ def callback(self, context, prep_info, *args, **kwargs): raise exception.Unauthorized -@dependency.requires('authz_api') +@dependency.requires('authz_api') # noqa: F405 class Authz_v3(controller.V3Controller): def __init__(self): @@ -168,7 +168,7 @@ class Authz_v3(controller.V3Controller): return {'authz': False, 'comment': unicode(e)} -@dependency.requires('admin_api', 'root_api') +@dependency.requires('admin_api', 'root_api') # noqa: F405 class IntraExtensions(controller.V3Controller): collection_name = 'intra_extensions' member_name = 'intra_extension' @@ -926,7 +926,7 @@ class IntraExtensions(controller.V3Controller): user_id, intra_extension_id, sub_meta_rule_id, rule_id, rule_list) -@dependency.requires('authz_api') +@dependency.requires('authz_api') # noqa: F405 class InterExtensions(controller.V3Controller): def __init__(self): @@ -968,7 +968,7 @@ class InterExtensions(controller.V3Controller): # self.interextension_api.delete_inter_extension(kw['inter_extension_id']) -@dependency.requires('moonlog_api', 'authz_api') +@dependency.requires('moonlog_api', 'authz_api') # noqa: F405 class Logs(controller.V3Controller): def __init__(self): @@ -987,7 +987,7 @@ class Logs(controller.V3Controller): return self.moonlog_api.get_logs(user_id, options) -@dependency.requires('identity_api', "token_provider_api", "resource_api") +@dependency.requires('identity_api', "token_provider_api", "resource_api") # noqa: F405 class MoonAuth(controller.V3Controller): def __init__(self): diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon-controller.yml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon-controller.yml index 7a507c88..95dd2e89 100644 --- a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon-controller.yml +++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon-controller.yml @@ -142,7 +142,7 @@ ############################################# - name: wait for keystone ready - wait_for: port=35357 delay=3 timeout=10 host={{ internal_vip.ip }} + wait_for: port=35357 delay=3 timeout=10 host={{ internal_ip }} #- name: cron job to purge expired tokens hourly # cron: diff --git a/deploy/adapters/ansible/openstack_newton_xenial/HA-ansible-multinodes.yml b/deploy/adapters/ansible/openstack_newton_xenial/HA-ansible-multinodes.yml index 9fb2ee19..25847ce5 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/HA-ansible-multinodes.yml +++ b/deploy/adapters/ansible/openstack_newton_xenial/HA-ansible-multinodes.yml @@ -71,7 +71,7 @@ - glance - neutron-common - neutron-network -# - ceilometer_controller + - ceilometer_controller - dashboard - heat # - aodh diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_compute/handlers/main.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_compute/handlers/main.yml new file mode 100644 index 00000000..10b7c683 --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_compute/handlers/main.yml @@ -0,0 +1,16 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: restart ceilometer service + service: name={{ item }} state=restarted enabled=yes + with_items: ceilometer_services + +- name: restart nova service + service: name={{ item }} state=restarted enabled=yes + with_items: nova_services diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_compute/tasks/ceilometer_config.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_compute/tasks/ceilometer_config.yml new file mode 100644 index 00000000..b429d65b --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_compute/tasks/ceilometer_config.yml @@ -0,0 +1,37 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- include_vars: "{{ ansible_os_family }}.yml" + +- name: copy configs + template: + src: "{{ item }}" + dest: /opt/os_templates + with_items: + - ceilometer.conf.j2 + - nova.conf.j2 + +- name: update ceilometer configs + shell: crudini --merge {{ item.dest }} < /opt/os_templates/{{ item.src }} + with_items: + - src: nova.conf.j2 + dest: /etc/nova/nova.conf + notify: restart nova service + +- name: delete config + file: + path: /opt/os_templates/nova.conf.j2 + state: absent + +- name: write services to monitor list + lineinfile: dest=/opt/service create=yes line='{{ item }}' + with_items: ceilometer_services + +- meta: flush_handlers + diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_compute/tasks/ceilometer_install.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_compute/tasks/ceilometer_install.yml new file mode 100644 index 00000000..0f2ba3d2 --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_compute/tasks/ceilometer_install.yml @@ -0,0 +1,35 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- include_vars: "{{ ansible_os_family }}.yml" + +- name: disable auto start + copy: + content: "#!/bin/sh\nexit 101" + dest: "/usr/sbin/policy-rc.d" + mode: 0755 + when: ansible_os_family == "Debian" + +- name: install ceilometer packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: ceilometer_packages | union(packages_noarch) + +- name: enable auto start + file: + path=/usr/sbin/policy-rc.d + state=absent + when: ansible_os_family == "Debian" + +- name: update ceilometer configs + template: + src: ceilometer.conf.j2 + dest: /etc/ceilometer/ceilometer.conf + backup: yes + notify: restart ceilometer service + diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_compute/tasks/main.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_compute/tasks/main.yml new file mode 100644 index 00000000..1e3c04d7 --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_compute/tasks/main.yml @@ -0,0 +1,22 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- include: ceilometer_install.yml + tags: + - install + - ceilometer_install + - ceilometer + +- include: ceilometer_config.yml + tags: + - config + - ceilometer_config + - ceilometer + +- meta: flush_handlers diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_compute/templates/ceilometer.conf.j2 b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_compute/templates/ceilometer.conf.j2 new file mode 100644 index 00000000..f388df41 --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_compute/templates/ceilometer.conf.j2 @@ -0,0 +1,45 @@ +{% set memcached_servers = [] %} +{% for host in haproxy_hosts.values() %} +{% set _ = memcached_servers.append('%s:11211'% host) %} +{% endfor %} +{% set memcached_servers = memcached_servers|join(',') %} + +[DEFAULT] +verbose = True +rpc_backend = rabbit +auth_strategy = keystone + +[publisher] +metering_secret = {{ metering_secret }} + +[keystone_authtoken] +auth_uri = http://{{ internal_vip.ip }}:5000 +auth_url = http://{{ internal_vip.ip }}:35357 +memcached_servers = {{ memcached_servers }} +auth_type = password +project_domain_name = default +user_domain_name = default +project_name = service +username = ceilometer +password = {{ CEILOMETER_PASS }} + +auth_plugin = password +project_domain_id = default +user_domain_id = default + +[oslo_messaging_rabbit] +rabbit_host = {{ rabbit_host }} +rabbit_userid = {{ RABBIT_USER }} +rabbit_password = {{ RABBIT_PASS }} + +[service_credentials] +auth_url = http://{{ internal_vip.ip }}:5000 +project_domain_id = default +user_domain_id = default +auth_type = password +username = ceilometer +project_name = service +password = {{ CEILOMETER_PASS }} +interface = internalURL +region_name = RegionOne + diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_compute/templates/nova.conf.j2 b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_compute/templates/nova.conf.j2 new file mode 100644 index 00000000..68ffdc0a --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_compute/templates/nova.conf.j2 @@ -0,0 +1,7 @@ +[DEFAULT] +instance_usage_audit = True +instance_usage_audit_period = hour +notify_on_state_change = vm_and_task_state + +[oslo_messaging_notifications] +driver = messagingv2 diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_compute/vars/Debian.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_compute/vars/Debian.yml new file mode 100644 index 00000000..1bf3956f --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_compute/vars/Debian.yml @@ -0,0 +1,17 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +ceilometer_packages: + - ceilometer-agent-compute + +ceilometer_services: + - ceilometer-agent-compute + +nova_services: + - nova-compute diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_compute/vars/RedHat.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_compute/vars/RedHat.yml new file mode 100644 index 00000000..c5778a49 --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_compute/vars/RedHat.yml @@ -0,0 +1,17 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +ceilometer_packages: + - openstack-ceilometer-compute + - python-ceilometerclient + - python-pecan + +ceilometer_services: + - openstack-ceilometer-compute + - openstack-nova-compute diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_compute/vars/main.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_compute/vars/main.yml new file mode 100644 index 00000000..209e1e00 --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_compute/vars/main.yml @@ -0,0 +1,11 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +packages_noarch: [] +metering_secret: 1c5df72079b31fb47747 diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/handlers/main.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/handlers/main.yml new file mode 100644 index 00000000..a3bfb85d --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/handlers/main.yml @@ -0,0 +1,22 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: restart ceilometer service + service: name={{ item }} state=restarted enabled=yes + with_items: ceilometer_services + +- name: restart glance_cinder service + service: name={{ item }} state=restarted enabled=yes + with_items: glance_cinder_services + +- name: reload apache server + service: name=apache2 state=reloaded + +- name: restart apache server + service: name=apache2 state=restarted enabled=yes diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/tasks/ceilometer_config.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/tasks/ceilometer_config.yml new file mode 100644 index 00000000..7f5209c1 --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/tasks/ceilometer_config.yml @@ -0,0 +1,71 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- include_vars: "{{ ansible_os_family }}.yml" + +- name: update apache2 configs + template: + src: wsgi-ceilometer.conf.j2 + dest: /etc/apache2/sites-available/ceilometer.conf + notify: reload apache server + +- name: enable ceilometer server + file: + src: /etc/apache2/sites-available/ceilometer.conf + dest: /etc/apache2/sites-enabled/ceilometer.conf + state: "link" + when: ansible_os_family == 'Debian' + notify: reload apache server + +- name: assure listen port exist + shell: echo "Listen {{ internal_ip }}:8777" >> /etc/apache2/ports.conf + notify: + - restart apache server + +- name: copy glance & cinder configs + template: + src: "{{ item }}" + dest: /opt/os_templates + with_items: + - cinder.conf.j2 + - glance-api.conf.j2 + - glance-registry.conf.j2 + +- name: update configs + shell: crudini --merge {{ item.dest }} < /opt/os_templates/{{ item.src }} + with_items: + - src: cinder.conf.j2 + dest: /etc/cinder/cinder.conf + - src: glance-api.conf.j2 + dest: /etc/glance/glance-api.conf + - src: glance-registry.conf.j2 + dest: /etc/glance/glance-registry.conf + notify: restart glance_cinder service + +- name: delete configs + file: + path: /opt/os_templates/{{ item }} + state: absent + with_items: + - cinder.conf.j2 + - glance-api.conf.j2 + - glance-registry.conf.j2 + +- name: change meter polling interval to 300s + replace: + dest: /etc/ceilometer/pipeline.yaml + regexp: 'interval: .+' + replace: 'interval: 300' + notify: restart ceilometer service + +- name: write services to monitor list + lineinfile: dest=/opt/service create=yes line='{{ item }}' + with_items: ceilometer_services + +- meta: flush_handlers diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/tasks/ceilometer_install.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/tasks/ceilometer_install.yml new file mode 100644 index 00000000..0f2ba3d2 --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/tasks/ceilometer_install.yml @@ -0,0 +1,35 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- include_vars: "{{ ansible_os_family }}.yml" + +- name: disable auto start + copy: + content: "#!/bin/sh\nexit 101" + dest: "/usr/sbin/policy-rc.d" + mode: 0755 + when: ansible_os_family == "Debian" + +- name: install ceilometer packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: ceilometer_packages | union(packages_noarch) + +- name: enable auto start + file: + path=/usr/sbin/policy-rc.d + state=absent + when: ansible_os_family == "Debian" + +- name: update ceilometer configs + template: + src: ceilometer.conf.j2 + dest: /etc/ceilometer/ceilometer.conf + backup: yes + notify: restart ceilometer service + diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/tasks/main.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/tasks/main.yml new file mode 100644 index 00000000..1e3c04d7 --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/tasks/main.yml @@ -0,0 +1,22 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- include: ceilometer_install.yml + tags: + - install + - ceilometer_install + - ceilometer + +- include: ceilometer_config.yml + tags: + - config + - ceilometer_config + - ceilometer + +- meta: flush_handlers diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/templates/ceilometer.conf.j2 b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/templates/ceilometer.conf.j2 new file mode 100644 index 00000000..50271732 --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/templates/ceilometer.conf.j2 @@ -0,0 +1,52 @@ +{% set memcached_servers = [] %} +{% for host in haproxy_hosts.values() %} +{% set _ = memcached_servers.append('%s:11211'% host) %} +{% endfor %} +{% set memcached_servers = memcached_servers|join(',') %} + +[DEFAULT] +rpc_backend = rabbit +auth_strategy = keystone +verbose = True + +[api] +host = {{ internal_ip }} + +[database] +connection = mongodb://ceilometer:{{ CEILOMETER_DBPASS }}@{{ internal_vip.ip }}:27017/ceilometer + +[keystone_authtoken] +auth_uri = http://{{ internal_vip.ip }}:5000 +auth_url = http://{{ internal_vip.ip }}:35357 +memcached_servers = {{ memcached_servers }} +auth_type = password +project_domain_name = default +user_domain_name = default +project_name = service +username = ceilometer +password = {{ CEILOMETER_PASS }} + +identity_uri = http://{{ internal_vip.ip }}:35357 +auth_plugin = password +project_domain_id = default +user_domain_id = default + +[oslo_messaging_rabbit] +rabbit_host = {{ rabbit_host }} +rabbit_userid = {{ RABBIT_USER }} +rabbit_password = {{ RABBIT_PASS }} + +[publisher] +metering_secret = {{ metering_secret }} + +[service_credentials] +auth_type = password +auth_url = http://{{ internal_vip.ip }}:5000/v3 +project_domain_name = default +user_domain_name = default +project_name = service +username = ceilometer +password = {{ CEILOMETER_PASS }} +interface = internalURL +region_name = RegionOne + diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/templates/cinder.conf.j2 b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/templates/cinder.conf.j2 new file mode 100644 index 00000000..e2d19cc3 --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/templates/cinder.conf.j2 @@ -0,0 +1,2 @@ +[oslo_messaging_notifications] +driver = messagingv2 diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/templates/glance-api.conf.j2 b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/templates/glance-api.conf.j2 new file mode 100644 index 00000000..e2d19cc3 --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/templates/glance-api.conf.j2 @@ -0,0 +1,2 @@ +[oslo_messaging_notifications] +driver = messagingv2 diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/templates/glance-registry.conf.j2 b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/templates/glance-registry.conf.j2 new file mode 100644 index 00000000..e2d19cc3 --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/templates/glance-registry.conf.j2 @@ -0,0 +1,2 @@ +[oslo_messaging_notifications] +driver = messagingv2 diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/templates/wsgi-ceilometer.conf.j2 b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/templates/wsgi-ceilometer.conf.j2 new file mode 100644 index 00000000..a6fd6840 --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/templates/wsgi-ceilometer.conf.j2 @@ -0,0 +1,25 @@ +{% set work_threads = (ansible_processor_vcpus + 1) // 2 %} +{% if work_threads > 10 %} + set work_threads = 10 +{% endif %} + +<VirtualHost {{ internal_ip }}:8777> + WSGIDaemonProcess ceilometer-api processes=4 threads={{ work_threads }} user=ceilometer group=ceilometer display-name=%{GROUP} + WSGIProcessGroup ceilometer-api + WSGIScriptAlias / /usr/lib/python2.7/dist-packages/ceilometer/api/app.wsgi + WSGIApplicationGroup %{GLOBAL} + ErrorLog /var/log/apache2/ceilometer_error.log + CustomLog /var/log/apache2/ceilometer_access.log combined + + <Directory /usr/lib/python2.7/dist-packages/ceilometer/api/> + <IfVersion >= 2.4> + Require all granted + </IfVersion> + <IfVersion < 2.4> + Order allow,deny + Allow from all + </IfVersion> + </Directory> +</VirtualHost> + +WSGISocketPrefix /var/run/apache2 diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/vars/Debian.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/vars/Debian.yml index 2a3c3249..de860533 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/vars/Debian.yml +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/vars/Debian.yml @@ -12,23 +12,15 @@ ceilometer_packages: - ceilometer-collector - ceilometer-agent-central - ceilometer-agent-notification -# - ceilometer-alarm-evaluator -# - ceilometer-alarm-notifier - python-ceilometerclient ceilometer_services: - ceilometer-agent-central - ceilometer-agent-notification - - ceilometer-api - ceilometer-collector -# - ceilometer-alarm-evaluator -# - ceilometer-alarm-notifier -ceilometer_configs_templates: - - src: ceilometer.j2 - dest: - - /etc/ceilometer/ceilometer.conf - - src: glance.j2 - dest: - - /etc/glance/glance-api.conf - - /etc/glance/glance-registry.conf +glance_cinder_services: + - glance-registry + - glance-api + - cinder-api + - cinder-scheduler diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/vars/RedHat.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/vars/RedHat.yml index 6c5f53ec..de860533 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/vars/RedHat.yml +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/vars/RedHat.yml @@ -8,29 +8,19 @@ ############################################################################## --- ceilometer_packages: - - openstack-ceilometer-api - - openstack-ceilometer-collector - - openstack-ceilometer-central - - openstack-ceilometer-notification -# - openstack-ceilometer-alarm + - ceilometer-api + - ceilometer-collector + - ceilometer-agent-central + - ceilometer-agent-notification - python-ceilometerclient ceilometer_services: - - openstack-ceilometer-central - - openstack-ceilometer-notification - - openstack-ceilometer-api - - openstack-ceilometer-collector -# - openstack-ceilometer-alarm-evaluator -# - openstack-ceilometer-alarm-notifier + - ceilometer-agent-central + - ceilometer-agent-notification + - ceilometer-collector -ceilometer_configs_templates: - - src: ceilometer.j2 - dest: - - /etc/ceilometer/ceilometer.conf - - src: cinder.j2 - dest: - - /etc/cinder/cinder.conf - - src: glance.j2 - dest: - - /etc/glance/glance-api.conf - - /etc/glance/glance-registry.conf +glance_cinder_services: + - glance-registry + - glance-api + - cinder-api + - cinder-scheduler diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/vars/main.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/vars/main.yml new file mode 100644 index 00000000..209e1e00 --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/vars/main.yml @@ -0,0 +1,11 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +packages_noarch: [] +metering_secret: 1c5df72079b31fb47747 diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/common/templates/pip.conf b/deploy/adapters/ansible/openstack_newton_xenial/roles/common/templates/pip.conf new file mode 100644 index 00000000..59981258 --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/common/templates/pip.conf @@ -0,0 +1,5 @@ +[global] +find-links = http://{{ COMPASS_SERVER.stdout_lines[0] }}/pip-openstack +no-index = true +[install] +trusted-host={{ COMPASS_SERVER.stdout_lines[0] }} diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2 b/deploy/adapters/ansible/openstack_newton_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2 new file mode 100755 index 00000000..89a70686 --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2 @@ -0,0 +1,18 @@ +{% set work_threads = (ansible_processor_vcpus + 1) // 2 %} +{% if work_threads > 10 %} + set work_threads = 10 +{% endif %} + +<VirtualHost {{ internal_ip }}:80> + WSGIScriptAlias /horizon {{ horizon_dir }}/wsgi/django.wsgi + WSGIDaemonProcess horizon user=horizon group=horizon processes=4 threads={{ work_threads }} + WSGIProcessGroup horizon + Alias /static {{ horizon_dir }}/static/ + Alias /horizon/static {{ horizon_dir }}/static/ + <Directory {{ horizon_dir }}/wsgi> + Order allow,deny + Allow from all + </Directory> +</VirtualHost> + + diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/ext-network/tasks/main.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/ext-network/tasks/main.yml index 2c61ff66..f68105f1 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/ext-network/tasks/main.yml +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/ext-network/tasks/main.yml @@ -19,7 +19,7 @@ service: name=neutron-server state=restarted enabled=yes - name: wait for neutron ready - wait_for: port=9696 delay=10 timeout=30 host={{ internal_vip.ip }} + wait_for: port=9696 delay=10 timeout=60 host={{ internal_ip }} - name: create external net shell: diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/tasks/keystone_config.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/tasks/keystone_config.yml index 35c84ce8..3fea6e28 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/tasks/keystone_config.yml +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/tasks/keystone_config.yml @@ -92,7 +92,7 @@ - meta: flush_handlers - name: wait for keystone ready - wait_for: port=35357 delay=3 timeout=30 host={{ internal_vip.ip }} + wait_for: port=35357 delay=10 timeout=60 host={{ internal_ip }} - name: cron job to purge expired tokens hourly cron: diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/templates/wsgi-keystone.conf.j2 b/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/templates/wsgi-keystone.conf.j2 new file mode 100644 index 00000000..f5f9d339 --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/templates/wsgi-keystone.conf.j2 @@ -0,0 +1,50 @@ +{% set work_threads = (ansible_processor_vcpus + 1) // 2 %} +{% if work_threads > 10 %} + set work_threads = 10 +{% endif %} + +<VirtualHost {{ internal_ip }}:5000> + WSGIDaemonProcess keystone-public processes=4 threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP} + WSGIProcessGroup keystone-public + WSGIScriptAlias / /usr/bin/keystone-wsgi-public + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + <IfVersion >= 2.4> + ErrorLogFormat "%{cu}t %M" + </IfVersion> + ErrorLog /var/log/{{ http_service_name }}/keystone.log + CustomLog /var/log/{{ http_service_name }}/keystone_access.log combined + + <Directory /usr/bin> + <IfVersion >= 2.4> + Require all granted + </IfVersion> + <IfVersion < 2.4> + Order allow,deny + Allow from all + </IfVersion> + </Directory> +</VirtualHost> + +<VirtualHost {{ internal_ip }}:35357> + WSGIDaemonProcess keystone-admin processes=4 threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP} + WSGIProcessGroup keystone-admin + WSGIScriptAlias / /usr/bin/keystone-wsgi-admin + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + <IfVersion >= 2.4> + ErrorLogFormat "%{cu}t %M" + </IfVersion> + ErrorLog /var/log/{{ http_service_name }}/keystone.log + CustomLog /var/log/{{ http_service_name }}/keystone_access.log combined + + <Directory /usr/bin> + <IfVersion >= 2.4> + Require all granted + </IfVersion> + <IfVersion < 2.4> + Order allow,deny + Allow from all + </IfVersion> + </Directory> +</VirtualHost> diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/moon/files/controllers.py b/deploy/adapters/ansible/openstack_newton_xenial/roles/moon/files/controllers.py index f55191d4..fd107a5e 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/moon/files/controllers.py +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/moon/files/controllers.py @@ -7,7 +7,7 @@ from keystone.common import controller from keystone import config from keystone import exception from keystone.models import token_model -from keystone.contrib.moon.exception import * # noqa +from keystone.contrib.moon.exception import * # noqa: F403 from oslo_log import log from uuid import uuid4 import requests @@ -17,7 +17,7 @@ CONF = config.CONF LOG = log.getLogger(__name__) -@dependency.requires('configuration_api') +@dependency.requires('configuration_api') # noqa: 405 class Configuration(controller.V3Controller): collection_name = 'configurations' member_name = 'configuration' @@ -48,7 +48,7 @@ class Configuration(controller.V3Controller): user_id) -@dependency.requires('tenant_api', 'resource_api') +@dependency.requires('tenant_api', 'resource_api') # noqa: 405 class Tenants(controller.V3Controller): def __init__(self): @@ -152,7 +152,7 @@ def callback(self, context, prep_info, *args, **kwargs): raise exception.Unauthorized -@dependency.requires('authz_api') +@dependency.requires('authz_api') # noqa: 405 class Authz_v3(controller.V3Controller): def __init__(self): @@ -168,7 +168,7 @@ class Authz_v3(controller.V3Controller): return {'authz': False, 'comment': unicode(e)} -@dependency.requires('admin_api', 'root_api') +@dependency.requires('admin_api', 'root_api') # noqa: 405 class IntraExtensions(controller.V3Controller): collection_name = 'intra_extensions' member_name = 'intra_extension' @@ -926,7 +926,7 @@ class IntraExtensions(controller.V3Controller): user_id, intra_extension_id, sub_meta_rule_id, rule_id, rule_list) -@dependency.requires('authz_api') +@dependency.requires('authz_api') # noqa: 405 class InterExtensions(controller.V3Controller): def __init__(self): @@ -968,7 +968,7 @@ class InterExtensions(controller.V3Controller): # self.interextension_api.delete_inter_extension(kw['inter_extension_id']) -@dependency.requires('moonlog_api', 'authz_api') +@dependency.requires('moonlog_api', 'authz_api') # noqa: 405 class Logs(controller.V3Controller): def __init__(self): @@ -987,7 +987,7 @@ class Logs(controller.V3Controller): return self.moonlog_api.get_logs(user_id, options) -@dependency.requires('identity_api', "token_provider_api", "resource_api") +@dependency.requires('identity_api', "token_provider_api", "resource_api") # noqa: 405 class MoonAuth(controller.V3Controller): def __init__(self): diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/moon/tasks/moon-controller.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/moon/tasks/moon-controller.yml index 7a507c88..95dd2e89 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/moon/tasks/moon-controller.yml +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/moon/tasks/moon-controller.yml @@ -142,7 +142,7 @@ ############################################# - name: wait for keystone ready - wait_for: port=35357 delay=3 timeout=10 host={{ internal_vip.ip }} + wait_for: port=35357 delay=3 timeout=10 host={{ internal_ip }} #- name: cron job to purge expired tokens hourly # cron: diff --git a/deploy/adapters/ansible/roles/common/tasks/main.yml b/deploy/adapters/ansible/roles/common/tasks/main.yml index f004e98d..8da5603c 100644 --- a/deploy/adapters/ansible/roles/common/tasks/main.yml +++ b/deploy/adapters/ansible/roles/common/tasks/main.yml @@ -46,6 +46,9 @@ - name: make config template dir exist file: path=/opt/os_templates state=directory mode=0755 +- name: upgrade pip + pip: name=pip state=latest + - name: create pip config directory file: path=~/.pip state=directory diff --git a/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml b/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml index 574ebabd..e7e9297e 100644 --- a/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml +++ b/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml @@ -12,7 +12,7 @@ shell: su -s /bin/sh -c 'keystone-manage db_sync' keystone - name: wait for keystone ready - wait_for: port=35357 delay=3 timeout=10 host={{ internal_vip.ip }} + wait_for: port=35357 delay=3 timeout=10 host={{ internal_ip }} - name: cron job to purge expired tokens hourly cron: |