diff options
Diffstat (limited to 'deploy/adapters/ansible')
15 files changed, 1406 insertions, 151 deletions
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/HA-ansible-multinodes.yml b/deploy/adapters/ansible/openstack_mitaka_xenial/HA-ansible-multinodes.yml index dbb170e5..1300ab64 100644 --- a/deploy/adapters/ansible/openstack_mitaka_xenial/HA-ansible-multinodes.yml +++ b/deploy/adapters/ansible/openstack_mitaka_xenial/HA-ansible-multinodes.yml @@ -67,7 +67,7 @@ - keystone - nova-controller - neutron-controller -# - cinder-controller + - cinder-controller - glance - neutron-common - neutron-network @@ -91,7 +91,7 @@ roles: - nova-compute - neutron-compute -# - cinder-volume + - cinder-volume - ceilometer_compute - hosts: all @@ -109,41 +109,41 @@ roles: - secgroup -#- hosts: ceph_adm -# remote_user: root -# accelerate: true -# max_fail_percentage: 0 -# roles: [] -# # - ceph-deploy -# -#- hosts: ceph -# remote_user: root -# accelerate: true -# max_fail_percentage: 0 -# roles: -# - ceph-purge -# - ceph-config -# -#- hosts: ceph_mon -# remote_user: root -# accelerate: true -# max_fail_percentage: 0 -# roles: -# - ceph-mon -# -#- hosts: ceph_osd -# remote_user: root -# accelerate: true -# max_fail_percentage: 0 -# roles: -# - ceph-osd -# -#- hosts: ceph -# remote_user: root -# accelerate: true -# max_fail_percentage: 0 -# roles: -# - ceph-openstack +- hosts: ceph_adm + remote_user: root + accelerate: true + max_fail_percentage: 0 + roles: [] + # - ceph-deploy + +- hosts: ceph + remote_user: root + accelerate: true + max_fail_percentage: 0 + roles: + - ceph-purge + - ceph-config + +- hosts: ceph_mon + remote_user: root + accelerate: true + max_fail_percentage: 0 + roles: + - ceph-mon + +- hosts: ceph_osd + remote_user: root + accelerate: true + max_fail_percentage: 0 + roles: + - ceph-osd + +- hosts: ceph + remote_user: root + accelerate: true + max_fail_percentage: 0 + roles: + - ceph-openstack - hosts: all remote_user: root diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/files/controllers.py b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/files/controllers.py new file mode 100644 index 00000000..6da5b423 --- /dev/null +++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/files/controllers.py @@ -0,0 +1,920 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +from keystone.common import controller +from keystone import config +from keystone import exception +from keystone.models import token_model +from keystone.contrib.moon.exception import * +from oslo_log import log +from uuid import uuid4 +import requests + + +CONF = config.CONF +LOG = log.getLogger(__name__) + + +@dependency.requires('configuration_api') +class Configuration(controller.V3Controller): + collection_name = 'configurations' + member_name = 'configuration' + + def __init__(self): + super(Configuration, self).__init__() + + def _get_user_id_from_token(self, token_id): + response = self.token_provider_api.validate_token(token_id) + token_ref = token_model.KeystoneToken(token_id=token_id, token_data=response) + return token_ref.get('user') + + @controller.protected() + def get_policy_templates(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + return self.configuration_api.get_policy_templates_dict(user_id) + + @controller.protected() + def get_aggregation_algorithms(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + return self.configuration_api.get_aggregation_algorithms_dict(user_id) + + @controller.protected() + def get_sub_meta_rule_algorithms(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + return self.configuration_api.get_sub_meta_rule_algorithms_dict(user_id) + + +@dependency.requires('tenant_api', 'resource_api') +class Tenants(controller.V3Controller): + + def __init__(self): + super(Tenants, self).__init__() + + def _get_user_id_from_token(self, token_id): + response = self.token_provider_api.validate_token(token_id) + token_ref = token_model.KeystoneToken(token_id=token_id, token_data=response) + return token_ref.get('user') + + @controller.protected() + def get_tenants(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + return self.tenant_api.get_tenants_dict(user_id) + + def __get_keystone_tenant_dict(self, tenant_id="", tenant_name="", tenant_description="", domain="default"): + tenants = self.resource_api.list_projects() + for tenant in tenants: + if tenant_id and tenant_id == tenant['id']: + return tenant + if tenant_name and tenant_name == tenant['name']: + return tenant + if not tenant_id: + tenant_id = uuid4().hex + if not tenant_name: + tenant_name = tenant_id + tenant = { + "id": tenant_id, + "name": tenant_name, + "description": tenant_description, + "enabled": True, + "domain_id": domain + } + keystone_tenant = self.resource_api.create_project(tenant["id"], tenant) + return keystone_tenant + + @controller.protected() + def add_tenant(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + k_tenant_dict = self.__get_keystone_tenant_dict( + tenant_name=kw.get('tenant_name'), + tenant_description=kw.get('tenant_description', kw.get('tenant_name')), + domain=kw.get('tenant_domain', "default"), + + ) + tenant_dict = dict() + tenant_dict['id'] = k_tenant_dict['id'] + tenant_dict['name'] = kw.get('tenant_name', None) + tenant_dict['description'] = kw.get('tenant_description', None) + tenant_dict['intra_authz_extension_id'] = kw.get('tenant_intra_authz_extension_id', None) + tenant_dict['intra_admin_extension_id'] = kw.get('tenant_intra_admin_extension_id', None) + return self.tenant_api.add_tenant_dict(user_id, tenant_dict['id'], tenant_dict) + + @controller.protected() + def get_tenant(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + tenant_id = kw.get('tenant_id', None) + return self.tenant_api.get_tenant_dict(user_id, tenant_id) + + @controller.protected() + def del_tenant(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + tenant_id = kw.get('tenant_id', None) + return self.tenant_api.del_tenant(user_id, tenant_id) + + @controller.protected() + def set_tenant(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + # Next line will raise an error if tenant doesn't exist + k_tenant_dict = self.resource_api.get_project(kw.get('tenant_id', None)) + tenant_id = kw.get('tenant_id', None) + tenant_dict = dict() + tenant_dict['name'] = k_tenant_dict.get('name', None) + if 'tenant_description' in kw: + tenant_dict['description'] = kw.get('tenant_description', None) + if 'tenant_intra_authz_extension_id' in kw: + tenant_dict['intra_authz_extension_id'] = kw.get('tenant_intra_authz_extension_id', None) + if 'tenant_intra_admin_extension_id' in kw: + tenant_dict['intra_admin_extension_id'] = kw.get('tenant_intra_admin_extension_id', None) + self.tenant_api.set_tenant_dict(user_id, tenant_id, tenant_dict) + + +def callback(self, context, prep_info, *args, **kwargs): + token_ref = "" + if context.get('token_id') is not None: + token_ref = token_model.KeystoneToken( + token_id=context['token_id'], + token_data=self.token_provider_api.validate_token( + context['token_id'])) + if not token_ref: + raise exception.Unauthorized + + +@dependency.requires('authz_api') +class Authz_v3(controller.V3Controller): + + def __init__(self): + super(Authz_v3, self).__init__() + + @controller.protected(callback) + def get_authz(self, context, tenant_id, subject_k_id, object_name, action_name): + try: + return self.authz_api.authz(tenant_id, subject_k_id, object_name, action_name) + except Exception as e: + return {'authz': False, 'comment': unicode(e)} + + +@dependency.requires('admin_api', 'root_api') +class IntraExtensions(controller.V3Controller): + collection_name = 'intra_extensions' + member_name = 'intra_extension' + + def __init__(self): + super(IntraExtensions, self).__init__() + + def _get_user_id_from_token(self, token_id): + response = self.token_provider_api.validate_token(token_id) + token_ref = token_model.KeystoneToken(token_id=token_id, token_data=response) + return token_ref.get('user')['id'] + + # IntraExtension functions + @controller.protected() + def get_intra_extensions(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + return self.admin_api.get_intra_extensions_dict(user_id) + + @controller.protected() + def add_intra_extension(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_dict = dict() + intra_extension_dict['name'] = kw.get('intra_extension_name', None) + intra_extension_dict['model'] = kw.get('intra_extension_model', None) + intra_extension_dict['genre'] = kw.get('intra_extension_genre', None) + intra_extension_dict['description'] = kw.get('intra_extension_description', None) + intra_extension_dict['subject_categories'] = kw.get('intra_extension_subject_categories', dict()) + intra_extension_dict['object_categories'] = kw.get('intra_extension_object_categories', dict()) + intra_extension_dict['action_categories'] = kw.get('intra_extension_action_categories', dict()) + intra_extension_dict['subjects'] = kw.get('intra_extension_subjects', dict()) + intra_extension_dict['objects'] = kw.get('intra_extension_objects', dict()) + intra_extension_dict['actions'] = kw.get('intra_extension_actions', dict()) + intra_extension_dict['subject_scopes'] = kw.get('intra_extension_subject_scopes', dict()) + intra_extension_dict['object_scopes'] = kw.get('intra_extension_object_scopes', dict()) + intra_extension_dict['action_scopes'] = kw.get('intra_extension_action_scopes', dict()) + intra_extension_dict['subject_assignments'] = kw.get('intra_extension_subject_assignments', dict()) + intra_extension_dict['object_assignments'] = kw.get('intra_extension_object_assignments', dict()) + intra_extension_dict['action_assignments'] = kw.get('intra_extension_action_assignments', dict()) + intra_extension_dict['aggregation_algorithm'] = kw.get('intra_extension_aggregation_algorithm', dict()) + intra_extension_dict['sub_meta_rules'] = kw.get('intra_extension_sub_meta_rules', dict()) + intra_extension_dict['rules'] = kw.get('intra_extension_rules', dict()) + ref = self.admin_api.load_intra_extension_dict(user_id, intra_extension_dict=intra_extension_dict) + return self.admin_api.populate_default_data(ref) + + @controller.protected() + def get_intra_extension(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + return self.admin_api.get_intra_extension_dict(user_id, intra_extension_id) + + @controller.protected() + def del_intra_extension(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + self.admin_api.del_intra_extension(user_id, intra_extension_id) + + @controller.protected() + def set_intra_extension(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + intra_extension_dict = dict() + intra_extension_dict['name'] = kw.get('intra_extension_name', None) + intra_extension_dict['model'] = kw.get('intra_extension_model', None) + intra_extension_dict['genre'] = kw.get('intra_extension_genre', None) + intra_extension_dict['description'] = kw.get('intra_extension_description', None) + return self.admin_api.set_intra_extension_dict(user_id, intra_extension_id, intra_extension_dict) + + @controller.protected() + def load_root_intra_extension(self, context, **kw): + self.root_api.load_root_intra_extension_dict() + + # Metadata functions + @controller.protected() + def get_subject_categories(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + return self.admin_api.get_subject_categories_dict(user_id, intra_extension_id) + + @controller.protected() + def add_subject_category(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + subject_category_dict = dict() + subject_category_dict['name'] = kw.get('subject_category_name', None) + subject_category_dict['description'] = kw.get('subject_category_description', None) + return self.admin_api.add_subject_category_dict(user_id, intra_extension_id, subject_category_dict) + + @controller.protected() + def get_subject_category(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + subject_category_id = kw.get('subject_category_id', None) + return self.admin_api.get_subject_category_dict(user_id, intra_extension_id, subject_category_id) + + @controller.protected() + def del_subject_category(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + subject_category_id = kw.get('subject_category_id', None) + self.admin_api.del_subject_category(user_id, intra_extension_id, subject_category_id) + + @controller.protected() + def set_subject_category(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + subject_category_id = kw.get('subject_category_id', None) + subject_category_dict = dict() + subject_category_dict['name'] = kw.get('subject_category_name', None) + subject_category_dict['description'] = kw.get('subject_category_description', None) + return self.admin_api.set_subject_category_dict(user_id, intra_extension_id, subject_category_id, subject_category_dict) + + @controller.protected() + def get_object_categories(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + return self.admin_api.get_object_categories_dict(user_id, intra_extension_id) + + @controller.protected() + def add_object_category(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + object_category_dict = dict() + object_category_dict['name'] = kw.get('object_category_name', None) + object_category_dict['description'] = kw.get('object_category_description', None) + return self.admin_api.add_object_category_dict(user_id, intra_extension_id, object_category_dict) + + @controller.protected() + def get_object_category(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + object_category_id = kw.get('object_category_id', None) + return self.admin_api.get_object_categories_dict(user_id, intra_extension_id, object_category_id) + + @controller.protected() + def del_object_category(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + object_category_id = kw.get('object_category_id', None) + self.admin_api.del_object_category(user_id, intra_extension_id, object_category_id) + + @controller.protected() + def set_object_category(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + object_category_id = kw.get('object_category_id', None) + object_category_dict = dict() + object_category_dict['name'] = kw.get('object_category_name', None) + object_category_dict['description'] = kw.get('object_category_description', None) + return self.admin_api.set_object_category_dict(user_id, intra_extension_id, object_category_id, object_category_dict) + + @controller.protected() + def get_action_categories(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + return self.admin_api.get_action_categories_dict(user_id, intra_extension_id) + + @controller.protected() + def add_action_category(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + action_category_dict = dict() + action_category_dict['name'] = kw.get('action_category_name', None) + action_category_dict['description'] = kw.get('action_category_description', None) + return self.admin_api.add_action_category_dict(user_id, intra_extension_id, action_category_dict) + + @controller.protected() + def get_action_category(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + action_category_id = kw.get('action_category_id', None) + return self.admin_api.get_action_categories_dict(user_id, intra_extension_id, action_category_id) + + @controller.protected() + def del_action_category(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + action_category_id = kw.get('action_category_id', None) + self.admin_api.del_action_category(user_id, intra_extension_id, action_category_id) + + @controller.protected() + def set_action_category(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + action_category_id = kw.get('action_category_id', None) + action_category_dict = dict() + action_category_dict['name'] = kw.get('action_category_name', None) + action_category_dict['description'] = kw.get('action_category_description', None) + return self.admin_api.set_action_category_dict(user_id, intra_extension_id, action_category_id, action_category_dict) + + # Perimeter functions + @controller.protected() + def get_subjects(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + return self.admin_api.get_subjects_dict(user_id, intra_extension_id) + + @controller.protected() + def add_subject(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + subject_dict = dict() + subject_dict['name'] = kw.get('subject_name', None) + subject_dict['description'] = kw.get('subject_description', None) + subject_dict['password'] = kw.get('subject_password', None) + subject_dict['email'] = kw.get('subject_email', None) + return self.admin_api.add_subject_dict(user_id, intra_extension_id, subject_dict) + + @controller.protected() + def get_subject(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + subject_id = kw.get('subject_id', None) + return self.admin_api.get_subject_dict(user_id, intra_extension_id, subject_id) + + @controller.protected() + def del_subject(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + subject_id = kw.get('subject_id', None) + self.admin_api.del_subject(user_id, intra_extension_id, subject_id) + + @controller.protected() + def set_subject(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + subject_id = kw.get('subject_id', None) + subject_dict = dict() + subject_dict['name'] = kw.get('subject_name', None) + subject_dict['description'] = kw.get('subject_description', None) + return self.admin_api.set_subject_dict(user_id, intra_extension_id, subject_id, subject_dict) + + @controller.protected() + def get_objects(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + return self.admin_api.get_objects_dict(user_id, intra_extension_id) + + @controller.protected() + def add_object(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + object_dict = dict() + object_dict['name'] = kw.get('object_name', None) + object_dict['description'] = kw.get('object_description', None) + return self.admin_api.add_object_dict(user_id, intra_extension_id, object_dict) + + @controller.protected() + def get_object(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + object_id = kw.get('object_id', None) + return self.admin_api.get_object_dict(user_id, intra_extension_id, object_id) + + @controller.protected() + def del_object(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + object_id = kw.get('object_id', None) + self.admin_api.del_object(user_id, intra_extension_id, object_id) + + @controller.protected() + def set_object(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + object_id = kw.get('object_id', None) + object_dict = dict() + object_dict['name'] = kw.get('object_name', None) + object_dict['description'] = kw.get('object_description', None) + return self.admin_api.set_object_dict(user_id, intra_extension_id, object_id, object_dict) + + @controller.protected() + def get_actions(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + return self.admin_api.get_actions_dict(user_id, intra_extension_id) + + @controller.protected() + def add_action(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + action_dict = dict() + action_dict['name'] = kw.get('action_name', None) + action_dict['description'] = kw.get('action_description', None) + return self.admin_api.add_action_dict(user_id, intra_extension_id, action_dict) + + @controller.protected() + def get_action(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + action_id = kw.get('action_id', None) + return self.admin_api.get_action_dict(user_id, intra_extension_id, action_id) + + @controller.protected() + def del_action(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + action_id = kw.get('action_id', None) + self.admin_api.del_action(user_id, intra_extension_id, action_id) + + @controller.protected() + def set_action(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + action_id = kw.get('action_id', None) + action_dict = dict() + action_dict['name'] = kw.get('action_name', None) + action_dict['description'] = kw.get('action_description', None) + return self.admin_api.set_action_dict(user_id, intra_extension_id, action_id, action_dict) + + # Scope functions + @controller.protected() + def get_subject_scopes(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + subject_category_id = kw.get('subject_category_id', None) + return self.admin_api.get_subject_scopes_dict(user_id, intra_extension_id, subject_category_id) + + @controller.protected() + def add_subject_scope(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + subject_category_id = kw.get('subject_category_id', None) + subject_scope_dict = dict() + subject_scope_dict['name'] = kw.get('subject_scope_name', None) + subject_scope_dict['description'] = kw.get('subject_scope_description', None) + return self.admin_api.add_subject_scope_dict(user_id, intra_extension_id, subject_category_id, subject_scope_dict) + + @controller.protected() + def get_subject_scope(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + subject_category_id = kw.get('subject_category_id', None) + subject_scope_id = kw.get('subject_scope_id', None) + return self.admin_api.get_subject_scope_dict(user_id, intra_extension_id, subject_category_id, subject_scope_id) + + @controller.protected() + def del_subject_scope(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + subject_category_id = kw.get('subject_category_id', None) + subject_scope_id = kw.get('subject_scope_id', None) + self.admin_api.del_subject_scope(user_id, intra_extension_id, subject_category_id, subject_scope_id) + + @controller.protected() + def set_subject_scope(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + subject_category_id = kw.get('subject_category_id', None) + subject_scope_id = kw.get('subject_scope_id', None) + subject_scope_dict = dict() + subject_scope_dict['name'] = kw.get('subject_scope_name', None) + subject_scope_dict['description'] = kw.get('subject_scope_description', None) + return self.admin_api.set_subject_scope_dict(user_id, intra_extension_id, subject_category_id, subject_scope_id, subject_scope_dict) + + @controller.protected() + def get_object_scopes(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + object_category_id = kw.get('object_category_id', None) + return self.admin_api.get_object_scopes_dict(user_id, intra_extension_id, object_category_id) + + @controller.protected() + def add_object_scope(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + object_category_id = kw.get('object_category_id', None) + object_scope_dict = dict() + object_scope_dict['name'] = kw.get('object_scope_name', None) + object_scope_dict['description'] = kw.get('object_scope_description', None) + return self.admin_api.add_object_scope_dict(user_id, intra_extension_id, object_category_id, object_scope_dict) + + @controller.protected() + def get_object_scope(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + object_category_id = kw.get('object_category_id', None) + object_scope_id = kw.get('object_scope_id', None) + return self.admin_api.get_object_scope_dict(user_id, intra_extension_id, object_category_id, object_scope_id) + + @controller.protected() + def del_object_scope(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + object_category_id = kw.get('object_category_id', None) + object_scope_id = kw.get('object_scope_id', None) + self.admin_api.del_object_scope(user_id, intra_extension_id, object_category_id, object_scope_id) + + @controller.protected() + def set_object_scope(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + object_category_id = kw.get('object_category_id', None) + object_scope_id = kw.get('object_scope_id', None) + object_scope_dict = dict() + object_scope_dict['name'] = kw.get('object_scope_name', None) + object_scope_dict['description'] = kw.get('object_scope_description', None) + return self.admin_api.set_object_scope_dict(user_id, intra_extension_id, object_category_id, object_scope_id, object_scope_dict) + + @controller.protected() + def get_action_scopes(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + action_category_id = kw.get('action_category_id', None) + return self.admin_api.get_action_scopes_dict(user_id, intra_extension_id, action_category_id) + + @controller.protected() + def add_action_scope(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + action_category_id = kw.get('action_category_id', None) + action_scope_dict = dict() + action_scope_dict['name'] = kw.get('action_scope_name', None) + action_scope_dict['description'] = kw.get('action_scope_description', None) + return self.admin_api.add_action_scope_dict(user_id, intra_extension_id, action_category_id, action_scope_dict) + + @controller.protected() + def get_action_scope(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + action_category_id = kw.get('action_category_id', None) + action_scope_id = kw.get('action_scope_id', None) + return self.admin_api.get_action_scope_dict(user_id, intra_extension_id, action_category_id, action_scope_id) + + @controller.protected() + def del_action_scope(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + action_category_id = kw.get('action_category_id', None) + action_scope_id = kw.get('action_scope_id', None) + self.admin_api.del_action_scope(user_id, intra_extension_id, action_category_id, action_scope_id) + + @controller.protected() + def set_action_scope(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + action_category_id = kw.get('action_category_id', None) + action_scope_id = kw.get('action_scope_id', None) + action_scope_dict = dict() + action_scope_dict['name'] = kw.get('action_scope_name', None) + action_scope_dict['description'] = kw.get('action_scope_description', None) + return self.admin_api.set_action_scope_dict(user_id, intra_extension_id, action_category_id, action_scope_id, action_scope_dict) + + # Assignment functions + + @controller.protected() + def add_subject_assignment(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + subject_id = kw.get('subject_id', None) + subject_category_id = kw.get('subject_category_id', None) + subject_scope_id = kw.get('subject_scope_id', None) + return self.admin_api.add_subject_assignment_list(user_id, intra_extension_id, subject_id, subject_category_id, subject_scope_id) + + @controller.protected() + def get_subject_assignment(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + subject_id = kw.get('subject_id', None) + subject_category_id = kw.get('subject_category_id', None) + return self.admin_api.get_subject_assignment_list(user_id, intra_extension_id, subject_id, subject_category_id) + + @controller.protected() + def del_subject_assignment(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + subject_id = kw.get('subject_id', None) + subject_category_id = kw.get('subject_category_id', None) + subject_scope_id = kw.get('subject_scope_id', None) + self.admin_api.del_subject_assignment(user_id, intra_extension_id, subject_id, subject_category_id, subject_scope_id) + + @controller.protected() + def add_object_assignment(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + object_id = kw.get('object_id', None) + object_category_id = kw.get('object_category_id', None) + object_scope_id = kw.get('object_scope_id', None) + return self.admin_api.add_object_assignment_list(user_id, intra_extension_id, object_id, object_category_id, object_scope_id) + + @controller.protected() + def get_object_assignment(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + object_id = kw.get('object_id', None) + object_category_id = kw.get('object_category_id', None) + return self.admin_api.get_object_assignment_list(user_id, intra_extension_id, object_id, object_category_id) + + @controller.protected() + def del_object_assignment(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + object_id = kw.get('object_id', None) + object_category_id = kw.get('object_category_id', None) + object_scope_id = kw.get('object_scope_id', None) + self.admin_api.del_object_assignment(user_id, intra_extension_id, object_id, object_category_id, object_scope_id) + + @controller.protected() + def add_action_assignment(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + action_id = kw.get('action_id', None) + action_category_id = kw.get('action_category_id', None) + action_scope_id = kw.get('action_scope_id', None) + return self.admin_api.add_action_assignment_list(user_id, intra_extension_id, action_id, action_category_id, action_scope_id) + + @controller.protected() + def get_action_assignment(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + action_id = kw.get('action_id', None) + action_category_id = kw.get('action_category_id', None) + return self.admin_api.get_action_assignment_list(user_id, intra_extension_id, action_id, action_category_id) + + @controller.protected() + def del_action_assignment(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + action_id = kw.get('action_id', None) + action_category_id = kw.get('action_category_id', None) + action_scope_id = kw.get('action_scope_id', None) + self.admin_api.del_action_assignment(user_id, intra_extension_id, action_id, action_category_id, action_scope_id) + + # Metarule functions + + @controller.protected() + def get_aggregation_algorithm(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + return self.admin_api.get_aggregation_algorithm_id(user_id, intra_extension_id) + + @controller.protected() + def set_aggregation_algorithm(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + aggregation_algorithm_id = kw.get('aggregation_algorithm_id', None) + return self.admin_api.set_aggregation_algorithm_id(user_id, intra_extension_id, aggregation_algorithm_id) + + @controller.protected() + def get_sub_meta_rules(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + return self.admin_api.get_sub_meta_rules_dict(user_id, intra_extension_id) + + @controller.protected() + def add_sub_meta_rule(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + sub_meta_rule_dict = dict() + sub_meta_rule_dict['name'] = kw.get('sub_meta_rule_name', None) + sub_meta_rule_dict['algorithm'] = kw.get('sub_meta_rule_algorithm', None) + sub_meta_rule_dict['subject_categories'] = kw.get('sub_meta_rule_subject_categories', None) + sub_meta_rule_dict['object_categories'] = kw.get('sub_meta_rule_object_categories', None) + sub_meta_rule_dict['action_categories'] = kw.get('sub_meta_rule_action_categories', None) + return self.admin_api.add_sub_meta_rule_dict(user_id, intra_extension_id, sub_meta_rule_dict) + + @controller.protected() + def get_sub_meta_rule(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + sub_meta_rule_id = kw.get('sub_meta_rule_id', None) + return self.admin_api.get_sub_meta_rule_dict(user_id, intra_extension_id, sub_meta_rule_id) + + @controller.protected() + def del_sub_meta_rule(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + sub_meta_rule_id = kw.get('sub_meta_rule_id', None) + self.admin_api.del_sub_meta_rule(user_id, intra_extension_id, sub_meta_rule_id) + + @controller.protected() + def set_sub_meta_rule(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + sub_meta_rule_id = kw.get('sub_meta_rule_id', None) + sub_meta_rule_dict = dict() + sub_meta_rule_dict['name'] = kw.get('sub_meta_rule_name', None) + sub_meta_rule_dict['algorithm'] = kw.get('sub_meta_rule_algorithm', None) + sub_meta_rule_dict['subject_categories'] = kw.get('sub_meta_rule_subject_categories', None) + sub_meta_rule_dict['object_categories'] = kw.get('sub_meta_rule_object_categories', None) + sub_meta_rule_dict['action_categories'] = kw.get('sub_meta_rule_action_categories', None) + return self.admin_api.set_sub_meta_rule_dict(user_id, intra_extension_id, sub_meta_rule_id, sub_meta_rule_dict) + + # Rules functions + @controller.protected() + def get_rules(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + sub_meta_rule_id = kw.get('sub_meta_rule_id', None) + return self.admin_api.get_rules_dict(user_id, intra_extension_id, sub_meta_rule_id) + + @controller.protected() + def add_rule(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + sub_meta_rule_id = kw.get('sub_meta_rule_id', None) + subject_category_list = kw.get('subject_categories', []) + object_category_list = kw.get('object_categories', []) + action_category_list = kw.get('action_categories', []) + enabled_bool = kw.get('enabled', True) + rule_list = subject_category_list + action_category_list + object_category_list + [enabled_bool, ] + return self.admin_api.add_rule_dict(user_id, intra_extension_id, sub_meta_rule_id, rule_list) + + @controller.protected() + def get_rule(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + sub_meta_rule_id = kw.get('sub_meta_rule_id', None) + rule_id = kw.get('rule_id', None) + return self.admin_api.get_rule_dict(user_id, intra_extension_id, sub_meta_rule_id, rule_id) + + @controller.protected() + def del_rule(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + sub_meta_rule_id = kw.get('sub_meta_rule_id', None) + rule_id = kw.get('rule_id', None) + self.admin_api.del_rule(user_id, intra_extension_id, sub_meta_rule_id, rule_id) + + @controller.protected() + def set_rule(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + intra_extension_id = kw.get('intra_extension_id', None) + sub_meta_rule_id = kw.get('sub_meta_rule_id', None) + rule_id = kw.get('rule_id', None) + rule_list = list() + subject_category_list = kw.get('subject_categories', []) + object_category_list = kw.get('object_categories', []) + action_category_list = kw.get('action_categories', []) + rule_list = subject_category_list + action_category_list + object_category_list + return self.admin_api.set_rule_dict(user_id, intra_extension_id, sub_meta_rule_id, rule_id, rule_list) + + +@dependency.requires('authz_api') +class InterExtensions(controller.V3Controller): + + def __init__(self): + super(InterExtensions, self).__init__() + + def _get_user_from_token(self, token_id): + response = self.token_provider_api.validate_token(token_id) + token_ref = token_model.KeystoneToken(token_id=token_id, token_data=response) + return token_ref['user'] + + # @controller.protected() + # def get_inter_extensions(self, context, **kw): + # user = self._get_user_from_token(context.get('token_id')) + # return { + # 'inter_extensions': + # self.interextension_api.get_inter_extensions() + # } + + # @controller.protected() + # def get_inter_extension(self, context, **kw): + # user = self._get_user_from_token(context.get('token_id')) + # return { + # 'inter_extensions': + # self.interextension_api.get_inter_extension(uuid=kw['inter_extension_id']) + # } + + # @controller.protected() + # def create_inter_extension(self, context, **kw): + # user = self._get_user_from_token(context.get('token_id')) + # return self.interextension_api.create_inter_extension(kw) + + # @controller.protected() + # def delete_inter_extension(self, context, **kw): + # user = self._get_user_from_token(context.get('token_id')) + # if 'inter_extension_id' not in kw: + # raise exception.Error + # return self.interextension_api.delete_inter_extension(kw['inter_extension_id']) + + +@dependency.requires('moonlog_api', 'authz_api') +class Logs(controller.V3Controller): + + def __init__(self): + super(Logs, self).__init__() + + def _get_user_id_from_token(self, token_id): + response = self.token_provider_api.validate_token(token_id) + token_ref = token_model.KeystoneToken(token_id=token_id, token_data=response) + return token_ref['user'] + + @controller.protected() + def get_logs(self, context, **kw): + user_id = self._get_user_id_from_token(context.get('token_id')) + options = kw.get('options', '') + return self.moonlog_api.get_logs(user_id, options) + + +@dependency.requires('identity_api', "token_provider_api", "resource_api") +class MoonAuth(controller.V3Controller): + + def __init__(self): + super(MoonAuth, self).__init__() + + def _get_project(self, uuid="", name=""): + projects = self.resource_api.list_projects() + for project in projects: + if uuid and uuid == project['id']: + return project + elif name and name == project['name']: + return project + + def get_token(self, context, **kw): + data_auth = { + "auth": { + "identity": { + "methods": [ + "password" + ], + "password": { + "user": { + "domain": { + "id": "Default" + }, + "name": kw['username'], + "password": kw['password'] + } + } + } + } + } + + message = {} + if "project" in kw: + project = self._get_project(name=kw['project']) + if project: + data_auth["auth"]["scope"] = dict() + data_auth["auth"]["scope"]['project'] = dict() + data_auth["auth"]["scope"]['project']['id'] = project['id'] + else: + message = { + "error": { + "message": "Unable to find project {}".format(kw['project']), + "code": 200, + "title": "UnScopedToken" + }} + +# req = requests.post("http://localhost:5000/v3/auth/tokens", +# json=data_auth, +# headers={"Content-Type": "application/json"} +# ) + req = requests.post("http://172.16.1.222:5000/v3/auth/tokens", + json=data_auth, + headers={"Content-Type": "application/json"} + ) + if req.status_code not in (200, 201): + LOG.error(req.text) + else: + _token = req.headers['X-Subject-Token'] + _data = req.json() + _result = { + "token": _token, + 'message': message + } + try: + _result["roles"] = map(lambda x: x['name'], _data["token"]["roles"]) + except KeyError: + pass + return _result + return {"token": None, 'message': req.json()} + diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/main.yml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/main.yml index 40e1c98c..a3511de7 100644 --- a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/main.yml +++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/main.yml @@ -7,10 +7,5 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## --- -- include_vars: "{{ ansible_os_family }}.yml" - -- include: moon-controller.yml - when: inventory_hostname in groups['controller'] - -- include: moon-compute.yml - when: inventory_hostname in groups['compute'] +- include: moon.yml + when: moon == "Enable" diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon-controller.yml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon-controller.yml index f2efaa65..62f53ab9 100644 --- a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon-controller.yml +++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon-controller.yml @@ -151,7 +151,9 @@ # job: '/usr/bin/keystone-manage token_flush > /var/log/keystone/keystone-tokenflush.log 2>&1' ############################################# - +# moon workaround +- name: copy scripts + copy: src=controllers.py dest=/usr/lib/python2.7/dist-packages/keystone/contrib/moon/controllers.py # apache2 restart - name: restart apache2 diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon.yml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon.yml new file mode 100644 index 00000000..40e1c98c --- /dev/null +++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon.yml @@ -0,0 +1,16 @@ +############################################################################# +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- include_vars: "{{ ansible_os_family }}.yml" + +- include: moon-controller.yml + when: inventory_hostname in groups['controller'] + +- include: moon-compute.yml + when: inventory_hostname in groups['compute'] diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/files/odl-aaa-moon.tar.gz b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/files/odl-aaa-moon.tar.gz Binary files differnew file mode 100644 index 00000000..dd03749c --- /dev/null +++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/files/odl-aaa-moon.tar.gz diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/tasks/moon-odl.yml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/tasks/moon-odl.yml new file mode 100644 index 00000000..a2ad56c2 --- /dev/null +++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/tasks/moon-odl.yml @@ -0,0 +1,58 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- + +- name: delete data journal snapshots + shell: rm -rf {{ odl_home }}/{{ item }} + with_items: + - journal + - data + - snapshots + +- name: remove aaa feature + shell: rm -rf {{ odl_home }}/system/org/opendaylight/aaa/ + +- name: download apache maven package file + get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/odl/apache-maven-3.3.9-bin.tar.gz" dest=/opt/apache-maven-3.3.9-bin.tar.gz + +- name: create maven folder + shell: mkdir -p /opt/apache-maven-3.3.9/ + +- name: extract maven + command: su -s /bin/sh -c "tar zxf /opt/apache-maven-3.3.9-bin.tar.gz -C /opt/apache-maven-3.3.9/ --strip-components 1 --no-overwrite-dir -k --skip-old-files" root + +- name: install maven + shell: ln -s /opt/apache-maven-3.3.9/bin/mvn /usr/local/bin/mvn; + +- name: create m2 directory + file: path=/root/.m2/ state=directory mode=0755 + +- name: copy settings.xml + template: src=settings.xml dest=/root/.m2/settings.xml + +- name: upload swift lib + unarchive: src=odl-aaa-moon.tar.gz dest=/home/ + +- name: install aaa + shell: > + export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/lib/jvm/java-8-oracle/bin:/opt/apache-maven-3.3.3/bin"; + export JAVA_HOME="/usr/lib/jvm/java-8-oracle"; + export _JAVA_OPTIONS="-Djava.net.preferIPv4Stack=true"; + export MAVEN_OPTS="-Xmx1024m -XX:MaxPermSize=512m"; + cd /home/odl-aaa-moon/aaa/; + mvn clean install -DskipTests; + +- name: remove shiro ini + shell: rm -f {{ odl_home }}/etc/shiro.ini + +- name: set moon env + shell: > + export MOON_SERVER_ADDR={{ internal_vip.ip }}; + export MOON_SERVER_PORT=5000; + export no_proxy="localhost,127.0.0.1"; diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/tasks/odl_controller.yml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/tasks/odl_controller.yml index 6de7da66..9de5f478 100755 --- a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/tasks/odl_controller.yml +++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/tasks/odl_controller.yml @@ -100,6 +100,11 @@ src: tomcat-server.xml dest: "{{ odl_home }}/configuration/tomcat-server.xml" +- name: create tomcat config + template: + src: jetty.xml + dest: "{{ odl_home }}/etc/jetty.xml" + - name: download odl pip package get_url: url="http://{{ http_server.stdout_lines[0] }}/pip/{{ networking_odl_pkg_name }}" dest=/opt/{{ networking_odl_pkg_name }} @@ -204,6 +209,16 @@ service: name=keepalived state=stopped when: ansible_os_family == "Debian" + +################################################################# +########################### moon ################################ +################################################################# + +- include: moon-odl.yml + when: moon == "Enable" + +################################################################# + - name: chown opendaylight directory and files shell: > chown -R odl:odl "{{ odl_home }}"; diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/templates/jetty.xml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/templates/jetty.xml new file mode 100755 index 00000000..50ac7c35 --- /dev/null +++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/templates/jetty.xml @@ -0,0 +1,88 @@ +<?xml version="1.0"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting// +DTD Configure//EN" "http://jetty.mortbay.org/configure.dtd"> + +<Configure class="org.eclipse.jetty.server.Server"> + + <!-- =========================================================== --> + <!-- Set connectors --> + <!-- =========================================================== --> + <!-- One of each type! --> + <!-- =========================================================== --> + + <!-- Use this connector for many frequently idle connections and for + threadless continuations. --> + <Call name="addConnector"> + <Arg> + <New class="org.eclipse.jetty.server.nio.SelectChannelConnector"> + <Set name="host"> + <Property name="jetty.host"/> + </Set> + <Set name="port"> + <Property name="jetty.port" default="8181" /> + </Set> + <Set name="maxIdleTime">300000</Set> + <Set name="Acceptors">2</Set> + <Set name="statsOn">false</Set> + <Set name="confidentialPort">8543</Set> + <Set name="lowResourcesConnections">20000</Set> + <Set name="lowResourcesMaxIdleTime">5000</Set> + </New> + </Arg> + </Call> + + <!-- =========================================================== --> + <!-- Configure Authentication Realms --> + <!-- Realms may be configured for the entire server here, or --> + <!-- they can be configured for a specific web app in a context --> + <!-- configuration (see $(jetty.home)/contexts/test.xml for an --> + <!-- example). --> + <!-- =========================================================== --> + <Call name="addBean"> + <Arg> + <New class="org.eclipse.jetty.plus.jaas.JAASLoginService"> + <Set name="name">karaf</Set> + <Set name="loginModuleName">karaf</Set> + <Set name="roleClassNames"> + <Array type="java.lang.String"> + <Item>org.apache.karaf.jaas.boot.principal.RolePrincipal + </Item> + </Array> + </Set> + </New> + </Arg> + </Call> + <Call name="addBean"> + <Arg> + <New class="org.eclipse.jetty.plus.jaas.JAASLoginService"> + <Set name="name">default</Set> + <Set name="loginModuleName">karaf</Set> + <Set name="roleClassNames"> + <Array type="java.lang.String"> + <Item>org.apache.karaf.jaas.boot.principal.RolePrincipal + </Item> + </Array> + </Set> + </New> + </Arg> + </Call> + +</Configure> diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/templates/ml2_conf.sh b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/templates/ml2_conf.sh new file mode 100755 index 00000000..5e3627bf --- /dev/null +++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/templates/ml2_conf.sh @@ -0,0 +1,14 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +cat <<EOT>> /etc/neutron/plugins/ml2/ml2_conf.ini +[ml2_odl] +password = admin +username = admin +url = http://{{ internal_vip.ip }}:8181/controller/nb/v2/neutron +EOT diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/templates/settings.xml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/templates/settings.xml new file mode 100644 index 00000000..5ba3b50c --- /dev/null +++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/templates/settings.xml @@ -0,0 +1,82 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- vi: set et smarttab sw=2 tabstop=2: --> +<!-- + Copyright (c) 2014, 2015 Cisco Systems, Inc. and others. All rights reserved. + + This program and the accompanying materials are made available under the + terms of the Eclipse Public License v1.0 which accompanies this distribution, + and is available at http://www.eclipse.org/legal/epl-v10.html +--> +<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd"> + <localRepository>{{ odl_home }}/system/ </localRepository> + <profiles> + <profile> + <id>opendaylight-release</id> + <repositories> + <repository> + <id>opendaylight-mirror</id> + <name>opendaylight-mirror</name> + <url>https://nexus.opendaylight.org/content/repositories/public/</url> + <releases> + <enabled>true</enabled> + <updatePolicy>never</updatePolicy> + </releases> + <snapshots> + <enabled>false</enabled> + </snapshots> + </repository> + </repositories> + <pluginRepositories> + <pluginRepository> + <id>opendaylight-mirror</id> + <name>opendaylight-mirror</name> + <url>https://nexus.opendaylight.org/content/repositories/public/</url> + <releases> + <enabled>true</enabled> + <updatePolicy>never</updatePolicy> + </releases> + <snapshots> + <enabled>false</enabled> + </snapshots> + </pluginRepository> + </pluginRepositories> + </profile> + + <profile> + <id>opendaylight-snapshots</id> + <repositories> + <repository> + <id>opendaylight-snapshot</id> + <name>opendaylight-snapshot</name> + <url>https://nexus.opendaylight.org/content/repositories/opendaylight.snapshot/</url> + <releases> + <enabled>false</enabled> + </releases> + <snapshots> + <enabled>true</enabled> + </snapshots> + </repository> + </repositories> + <pluginRepositories> + <pluginRepository> + <id>opendaylight-snapshot</id> + <name>opendaylight-snapshot</name> + <url>https://nexus.opendaylight.org/content/repositories/opendaylight.snapshot/</url> + <releases> + <enabled>false</enabled> + </releases> + <snapshots> + <enabled>true</enabled> + </snapshots> + </pluginRepository> + </pluginRepositories> + </profile> + </profiles> + + <activeProfiles> + <activeProfile>opendaylight-release</activeProfile> + <activeProfile>opendaylight-snapshots</activeProfile> + </activeProfiles> +</settings> diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/templates/tomcat-server.xml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/templates/tomcat-server.xml new file mode 100755 index 00000000..bc7ab13d --- /dev/null +++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/templates/tomcat-server.xml @@ -0,0 +1,61 @@ +<?xml version='1.0' encoding='utf-8'?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<Server> + <!--APR library loader. Documentation at /docs/apr.html --> + <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> + <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html --> + <Listener className="org.apache.catalina.core.JasperListener" /> + <!-- Prevent memory leaks due to use of particular java/javax APIs--> + <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> + <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> + <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> + + <Service name="Catalina"> + <Connector port="{{ odl_api_port }}" protocol="HTTP/1.1" + connectionTimeout="20000" + redirectPort="8443" /> + +<!-- + Please remove the comments around the following Connector tag to enable HTTPS Authentication support. + Remember to add a valid keystore in the configuration folder. + More info : http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Configuration +--> + + <!-- + <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" + maxThreads="150" scheme="https" secure="true" + clientAuth="false" sslProtocol="TLS" + keystoreFile="configuration/keystore" + keystorePass="changeit"/> + --> + + <Engine name="Catalina" defaultHost="localhost"> + <Host name="localhost" appBase="" + unpackWARs="false" autoDeploy="false" + deployOnStartup="false" createDirs="false"> + <Realm className="org.opendaylight.controller.karafsecurity.ControllerCustomRealm" /> + <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> + <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" + prefix="web_access_log_" suffix=".txt" resolveHosts="false" + rotatable="true" fileDateFormat="yyyy-MM" + pattern="%{yyyy-MM-dd HH:mm:ss.SSS z}t - [%a] - %r"/> + </Host> + </Engine> + </Service> +</Server> + diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/vars/main.yml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/vars/main.yml new file mode 100755 index 00000000..da0c9efd --- /dev/null +++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/vars/main.yml @@ -0,0 +1,29 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +odl_username: admin +odl_password: admin +odl_api_port: 8181 + +#odl_pkg_url: https://nexus.opendaylight.org/content/groups/public/org/opendaylight/integration/distribution-karaf/0.3.0-Lithium/distribution-karaf-0.3.0-Lithium.tar.gz +odl_pkg_url: karaf.tar.gz +odl_pkg_name: karaf.tar.gz +odl_home: "/opt/opendaylight-0.3.0/" +odl_base_features: ['config', 'standard', 'region', 'package', 'kar', 'ssh', 'management', 'odl-restconf','odl-l2switch-switch','odl-openflowplugin-all','odl-mdsal-apidocs','odl-dlux-all','odl-adsal-northbound','odl-nsf-all','odl-ovsdb-openstack','odl-ovsdb-northbound','odl-dlux-core'] +odl_extra_features: ['odl-restconf-all','odl-mdsal-clustering','odl-openflowplugin-flow-services','http','jolokia-osgi'] +odl_features: "{{ odl_base_features + odl_extra_features }}" + +jdk8_pkg_name: jdk-8u51-linux-x64.tar.gz + +controller_packages_noarch: [] +compute_packages_noarch: [] + +odl_pip: + - networking_odl + diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/swift/tasks/main.yml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/swift/tasks/main.yml index 25c151a3..0f083146 100644 --- a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/swift/tasks/main.yml +++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/swift/tasks/main.yml @@ -7,109 +7,5 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## --- -- include_vars: "{{ ansible_os_family }}.yml" - -- include: swift-controller1.yml - when: inventory_hostname in groups['controller'] - -- include: swift-compute1.yml - when: inventory_hostname in groups['compute'] - -- include: swift-controller2.yml - when: inventory_hostname == haproxy_hosts.keys()[0] - -- name: copy swift.conf - template: src=swift.conf dest=/etc/swift/swift.conf backup=yes - -- name: chown /etc/swift - shell: chown -R root:swift /etc/swift - -- name: restart tasks on controller - service: name={{ item }} state=restarted enabled=yes - with_items: - - memcached - - swift-proxy - when: inventory_hostname in groups['controller'] - -- name: restart tasks on compute - shell: swift-init all start - when: inventory_hostname in groups['compute'] - ignore_errors: True - -- name: restart tasks on controller - service: name={{ item }} state=restarted enabled=yes - with_items: - - rsync - when: inventory_hostname in groups['compute'] - -- name: upload swift lib - unarchive: src=swift-lib.tar.gz dest=/tmp/ - -- name: copy swift lib - command: su -s /bin/sh -c "cp /tmp/swift-lib/* /usr/lib/" - -- name: wait 30 seconds - shell: sleep 30 - -- name: stop tasks on compute - service: name={{ item }} state=stop enabled=yes - with_items: - - swift-account - - swift-account-replicator - - swift-container-replicator - - swift-object - - swift-object-updater - - swift-account-auditor - - swift-container - - swift-container-sync - - swift-object-auditor - - swift-account-reaper - - swift-container-auditor - - swift-container-updater - - swift-object-replicator - when: inventory_hostname in groups['compute'] - ignore_errors: True - -- name: sleep 10 second - shell: sleep 10 - -- name: start tasks on compute - service: name={{ item }} state=start enabled=yes - with_items: - - swift-account - - swift-account-replicator - - swift-container-replicator - - swift-object - - swift-object-updater - - swift-account-auditor - - swift-container - - swift-container-sync - - swift-object-auditor - - swift-account-reaper - - swift-container-auditor - - swift-container-updater - - swift-object-replicator - when: inventory_hostname in groups['compute'] - ignore_errors: True - -- name: sleep 10 second - shell: sleep 10 - -- name: start tasks on compute - service: name={{ item }} state=start enabled=yes - with_items: - - swift-account - - swift-account-replicator - - swift-container-replicator - - swift-object - - swift-object-updater - - swift-account-auditor - - swift-container - - swift-container-sync - - swift-object-auditor - - swift-account-reaper - - swift-container-auditor - - swift-container-updater - - swift-object-replicator - when: inventory_hostname in groups['compute'] - ignore_errors: True +- include: swift.yml + when: moon == "Enable" diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/swift/tasks/swift.yml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/swift/tasks/swift.yml new file mode 100644 index 00000000..4e2651a7 --- /dev/null +++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/swift/tasks/swift.yml @@ -0,0 +1,79 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- include_vars: "{{ ansible_os_family }}.yml" + +- include: swift-controller1.yml + when: inventory_hostname in groups['controller'] + +- include: swift-compute1.yml + when: inventory_hostname in groups['compute'] + +- include: swift-controller2.yml + when: inventory_hostname == haproxy_hosts.keys()[0] + +- name: copy swift.conf + template: src=swift.conf dest=/etc/swift/swift.conf backup=yes + +- name: chown /etc/swift + shell: chown -R root:swift /etc/swift + +- name: restart tasks on controller + service: name={{ item }} state=restarted enabled=yes + with_items: + - memcached + - swift-proxy + when: inventory_hostname in groups['controller'] + +- name: restart tasks on compute + shell: swift-init all start + when: inventory_hostname in groups['compute'] + ignore_errors: True + +- name: restart tasks on controller + service: name={{ item }} state=restarted enabled=yes + with_items: + - rsync + when: inventory_hostname in groups['compute'] + +- name: upload swift lib + unarchive: src=swift-lib.tar.gz dest=/tmp/ + +- name: copy swift lib + command: su -s /bin/sh -c "cp /tmp/swift-lib/* /usr/lib/" + +- name: wait 30 seconds + shell: sleep 30 + +- name: create swift task script + shell: echo {{ item }} >> /opt/swift-service + with_items: + - swift-account + - swift-account-replicator + - swift-container-replicator + - swift-object + - swift-object-updater + - swift-account-auditor + - swift-container + - swift-container-sync + - swift-object-auditor + - swift-account-reaper + - swift-container-auditor + - swift-container-updater + - swift-object-replicator + when: inventory_hostname in groups['compute'] + ignore_errors: True + +- name: restart swift task + shell: > + for i in `cat /opt/swift-service`; do service $i start; done; + sleep 10; + for i in `cat /opt/swift-service`; do service $i restart; done; + when: inventory_hostname in groups['compute'] + ignore_errors: True |