aboutsummaryrefslogtreecommitdiffstats
path: root/deploy/adapters/ansible
diff options
context:
space:
mode:
Diffstat (limited to 'deploy/adapters/ansible')
-rw-r--r--deploy/adapters/ansible/openstack_mitaka_xenial/HA-ansible-multinodes.yml74
-rw-r--r--deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/files/controllers.py920
-rw-r--r--deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/main.yml9
-rw-r--r--deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon-controller.yml4
-rw-r--r--deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon.yml16
-rw-r--r--deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/files/odl-aaa-moon.tar.gzbin0 -> 619269 bytes
-rw-r--r--deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/tasks/moon-odl.yml58
-rwxr-xr-xdeploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/tasks/odl_controller.yml15
-rwxr-xr-xdeploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/templates/jetty.xml88
-rwxr-xr-xdeploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/templates/ml2_conf.sh14
-rw-r--r--deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/templates/settings.xml82
-rwxr-xr-xdeploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/templates/tomcat-server.xml61
-rwxr-xr-xdeploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/vars/main.yml29
-rw-r--r--deploy/adapters/ansible/openstack_mitaka_xenial/roles/swift/tasks/main.yml108
-rw-r--r--deploy/adapters/ansible/openstack_mitaka_xenial/roles/swift/tasks/swift.yml79
15 files changed, 1406 insertions, 151 deletions
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/HA-ansible-multinodes.yml b/deploy/adapters/ansible/openstack_mitaka_xenial/HA-ansible-multinodes.yml
index dbb170e5..1300ab64 100644
--- a/deploy/adapters/ansible/openstack_mitaka_xenial/HA-ansible-multinodes.yml
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/HA-ansible-multinodes.yml
@@ -67,7 +67,7 @@
- keystone
- nova-controller
- neutron-controller
-# - cinder-controller
+ - cinder-controller
- glance
- neutron-common
- neutron-network
@@ -91,7 +91,7 @@
roles:
- nova-compute
- neutron-compute
-# - cinder-volume
+ - cinder-volume
- ceilometer_compute
- hosts: all
@@ -109,41 +109,41 @@
roles:
- secgroup
-#- hosts: ceph_adm
-# remote_user: root
-# accelerate: true
-# max_fail_percentage: 0
-# roles: []
-# # - ceph-deploy
-#
-#- hosts: ceph
-# remote_user: root
-# accelerate: true
-# max_fail_percentage: 0
-# roles:
-# - ceph-purge
-# - ceph-config
-#
-#- hosts: ceph_mon
-# remote_user: root
-# accelerate: true
-# max_fail_percentage: 0
-# roles:
-# - ceph-mon
-#
-#- hosts: ceph_osd
-# remote_user: root
-# accelerate: true
-# max_fail_percentage: 0
-# roles:
-# - ceph-osd
-#
-#- hosts: ceph
-# remote_user: root
-# accelerate: true
-# max_fail_percentage: 0
-# roles:
-# - ceph-openstack
+- hosts: ceph_adm
+ remote_user: root
+ accelerate: true
+ max_fail_percentage: 0
+ roles: []
+ # - ceph-deploy
+
+- hosts: ceph
+ remote_user: root
+ accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - ceph-purge
+ - ceph-config
+
+- hosts: ceph_mon
+ remote_user: root
+ accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - ceph-mon
+
+- hosts: ceph_osd
+ remote_user: root
+ accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - ceph-osd
+
+- hosts: ceph
+ remote_user: root
+ accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - ceph-openstack
- hosts: all
remote_user: root
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/files/controllers.py b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/files/controllers.py
new file mode 100644
index 00000000..6da5b423
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/files/controllers.py
@@ -0,0 +1,920 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+from keystone.common import controller
+from keystone import config
+from keystone import exception
+from keystone.models import token_model
+from keystone.contrib.moon.exception import *
+from oslo_log import log
+from uuid import uuid4
+import requests
+
+
+CONF = config.CONF
+LOG = log.getLogger(__name__)
+
+
+@dependency.requires('configuration_api')
+class Configuration(controller.V3Controller):
+ collection_name = 'configurations'
+ member_name = 'configuration'
+
+ def __init__(self):
+ super(Configuration, self).__init__()
+
+ def _get_user_id_from_token(self, token_id):
+ response = self.token_provider_api.validate_token(token_id)
+ token_ref = token_model.KeystoneToken(token_id=token_id, token_data=response)
+ return token_ref.get('user')
+
+ @controller.protected()
+ def get_policy_templates(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ return self.configuration_api.get_policy_templates_dict(user_id)
+
+ @controller.protected()
+ def get_aggregation_algorithms(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ return self.configuration_api.get_aggregation_algorithms_dict(user_id)
+
+ @controller.protected()
+ def get_sub_meta_rule_algorithms(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ return self.configuration_api.get_sub_meta_rule_algorithms_dict(user_id)
+
+
+@dependency.requires('tenant_api', 'resource_api')
+class Tenants(controller.V3Controller):
+
+ def __init__(self):
+ super(Tenants, self).__init__()
+
+ def _get_user_id_from_token(self, token_id):
+ response = self.token_provider_api.validate_token(token_id)
+ token_ref = token_model.KeystoneToken(token_id=token_id, token_data=response)
+ return token_ref.get('user')
+
+ @controller.protected()
+ def get_tenants(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ return self.tenant_api.get_tenants_dict(user_id)
+
+ def __get_keystone_tenant_dict(self, tenant_id="", tenant_name="", tenant_description="", domain="default"):
+ tenants = self.resource_api.list_projects()
+ for tenant in tenants:
+ if tenant_id and tenant_id == tenant['id']:
+ return tenant
+ if tenant_name and tenant_name == tenant['name']:
+ return tenant
+ if not tenant_id:
+ tenant_id = uuid4().hex
+ if not tenant_name:
+ tenant_name = tenant_id
+ tenant = {
+ "id": tenant_id,
+ "name": tenant_name,
+ "description": tenant_description,
+ "enabled": True,
+ "domain_id": domain
+ }
+ keystone_tenant = self.resource_api.create_project(tenant["id"], tenant)
+ return keystone_tenant
+
+ @controller.protected()
+ def add_tenant(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ k_tenant_dict = self.__get_keystone_tenant_dict(
+ tenant_name=kw.get('tenant_name'),
+ tenant_description=kw.get('tenant_description', kw.get('tenant_name')),
+ domain=kw.get('tenant_domain', "default"),
+
+ )
+ tenant_dict = dict()
+ tenant_dict['id'] = k_tenant_dict['id']
+ tenant_dict['name'] = kw.get('tenant_name', None)
+ tenant_dict['description'] = kw.get('tenant_description', None)
+ tenant_dict['intra_authz_extension_id'] = kw.get('tenant_intra_authz_extension_id', None)
+ tenant_dict['intra_admin_extension_id'] = kw.get('tenant_intra_admin_extension_id', None)
+ return self.tenant_api.add_tenant_dict(user_id, tenant_dict['id'], tenant_dict)
+
+ @controller.protected()
+ def get_tenant(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ tenant_id = kw.get('tenant_id', None)
+ return self.tenant_api.get_tenant_dict(user_id, tenant_id)
+
+ @controller.protected()
+ def del_tenant(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ tenant_id = kw.get('tenant_id', None)
+ return self.tenant_api.del_tenant(user_id, tenant_id)
+
+ @controller.protected()
+ def set_tenant(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ # Next line will raise an error if tenant doesn't exist
+ k_tenant_dict = self.resource_api.get_project(kw.get('tenant_id', None))
+ tenant_id = kw.get('tenant_id', None)
+ tenant_dict = dict()
+ tenant_dict['name'] = k_tenant_dict.get('name', None)
+ if 'tenant_description' in kw:
+ tenant_dict['description'] = kw.get('tenant_description', None)
+ if 'tenant_intra_authz_extension_id' in kw:
+ tenant_dict['intra_authz_extension_id'] = kw.get('tenant_intra_authz_extension_id', None)
+ if 'tenant_intra_admin_extension_id' in kw:
+ tenant_dict['intra_admin_extension_id'] = kw.get('tenant_intra_admin_extension_id', None)
+ self.tenant_api.set_tenant_dict(user_id, tenant_id, tenant_dict)
+
+
+def callback(self, context, prep_info, *args, **kwargs):
+ token_ref = ""
+ if context.get('token_id') is not None:
+ token_ref = token_model.KeystoneToken(
+ token_id=context['token_id'],
+ token_data=self.token_provider_api.validate_token(
+ context['token_id']))
+ if not token_ref:
+ raise exception.Unauthorized
+
+
+@dependency.requires('authz_api')
+class Authz_v3(controller.V3Controller):
+
+ def __init__(self):
+ super(Authz_v3, self).__init__()
+
+ @controller.protected(callback)
+ def get_authz(self, context, tenant_id, subject_k_id, object_name, action_name):
+ try:
+ return self.authz_api.authz(tenant_id, subject_k_id, object_name, action_name)
+ except Exception as e:
+ return {'authz': False, 'comment': unicode(e)}
+
+
+@dependency.requires('admin_api', 'root_api')
+class IntraExtensions(controller.V3Controller):
+ collection_name = 'intra_extensions'
+ member_name = 'intra_extension'
+
+ def __init__(self):
+ super(IntraExtensions, self).__init__()
+
+ def _get_user_id_from_token(self, token_id):
+ response = self.token_provider_api.validate_token(token_id)
+ token_ref = token_model.KeystoneToken(token_id=token_id, token_data=response)
+ return token_ref.get('user')['id']
+
+ # IntraExtension functions
+ @controller.protected()
+ def get_intra_extensions(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ return self.admin_api.get_intra_extensions_dict(user_id)
+
+ @controller.protected()
+ def add_intra_extension(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_dict = dict()
+ intra_extension_dict['name'] = kw.get('intra_extension_name', None)
+ intra_extension_dict['model'] = kw.get('intra_extension_model', None)
+ intra_extension_dict['genre'] = kw.get('intra_extension_genre', None)
+ intra_extension_dict['description'] = kw.get('intra_extension_description', None)
+ intra_extension_dict['subject_categories'] = kw.get('intra_extension_subject_categories', dict())
+ intra_extension_dict['object_categories'] = kw.get('intra_extension_object_categories', dict())
+ intra_extension_dict['action_categories'] = kw.get('intra_extension_action_categories', dict())
+ intra_extension_dict['subjects'] = kw.get('intra_extension_subjects', dict())
+ intra_extension_dict['objects'] = kw.get('intra_extension_objects', dict())
+ intra_extension_dict['actions'] = kw.get('intra_extension_actions', dict())
+ intra_extension_dict['subject_scopes'] = kw.get('intra_extension_subject_scopes', dict())
+ intra_extension_dict['object_scopes'] = kw.get('intra_extension_object_scopes', dict())
+ intra_extension_dict['action_scopes'] = kw.get('intra_extension_action_scopes', dict())
+ intra_extension_dict['subject_assignments'] = kw.get('intra_extension_subject_assignments', dict())
+ intra_extension_dict['object_assignments'] = kw.get('intra_extension_object_assignments', dict())
+ intra_extension_dict['action_assignments'] = kw.get('intra_extension_action_assignments', dict())
+ intra_extension_dict['aggregation_algorithm'] = kw.get('intra_extension_aggregation_algorithm', dict())
+ intra_extension_dict['sub_meta_rules'] = kw.get('intra_extension_sub_meta_rules', dict())
+ intra_extension_dict['rules'] = kw.get('intra_extension_rules', dict())
+ ref = self.admin_api.load_intra_extension_dict(user_id, intra_extension_dict=intra_extension_dict)
+ return self.admin_api.populate_default_data(ref)
+
+ @controller.protected()
+ def get_intra_extension(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ return self.admin_api.get_intra_extension_dict(user_id, intra_extension_id)
+
+ @controller.protected()
+ def del_intra_extension(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ self.admin_api.del_intra_extension(user_id, intra_extension_id)
+
+ @controller.protected()
+ def set_intra_extension(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ intra_extension_dict = dict()
+ intra_extension_dict['name'] = kw.get('intra_extension_name', None)
+ intra_extension_dict['model'] = kw.get('intra_extension_model', None)
+ intra_extension_dict['genre'] = kw.get('intra_extension_genre', None)
+ intra_extension_dict['description'] = kw.get('intra_extension_description', None)
+ return self.admin_api.set_intra_extension_dict(user_id, intra_extension_id, intra_extension_dict)
+
+ @controller.protected()
+ def load_root_intra_extension(self, context, **kw):
+ self.root_api.load_root_intra_extension_dict()
+
+ # Metadata functions
+ @controller.protected()
+ def get_subject_categories(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ return self.admin_api.get_subject_categories_dict(user_id, intra_extension_id)
+
+ @controller.protected()
+ def add_subject_category(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ subject_category_dict = dict()
+ subject_category_dict['name'] = kw.get('subject_category_name', None)
+ subject_category_dict['description'] = kw.get('subject_category_description', None)
+ return self.admin_api.add_subject_category_dict(user_id, intra_extension_id, subject_category_dict)
+
+ @controller.protected()
+ def get_subject_category(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ subject_category_id = kw.get('subject_category_id', None)
+ return self.admin_api.get_subject_category_dict(user_id, intra_extension_id, subject_category_id)
+
+ @controller.protected()
+ def del_subject_category(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ subject_category_id = kw.get('subject_category_id', None)
+ self.admin_api.del_subject_category(user_id, intra_extension_id, subject_category_id)
+
+ @controller.protected()
+ def set_subject_category(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ subject_category_id = kw.get('subject_category_id', None)
+ subject_category_dict = dict()
+ subject_category_dict['name'] = kw.get('subject_category_name', None)
+ subject_category_dict['description'] = kw.get('subject_category_description', None)
+ return self.admin_api.set_subject_category_dict(user_id, intra_extension_id, subject_category_id, subject_category_dict)
+
+ @controller.protected()
+ def get_object_categories(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ return self.admin_api.get_object_categories_dict(user_id, intra_extension_id)
+
+ @controller.protected()
+ def add_object_category(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ object_category_dict = dict()
+ object_category_dict['name'] = kw.get('object_category_name', None)
+ object_category_dict['description'] = kw.get('object_category_description', None)
+ return self.admin_api.add_object_category_dict(user_id, intra_extension_id, object_category_dict)
+
+ @controller.protected()
+ def get_object_category(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ object_category_id = kw.get('object_category_id', None)
+ return self.admin_api.get_object_categories_dict(user_id, intra_extension_id, object_category_id)
+
+ @controller.protected()
+ def del_object_category(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ object_category_id = kw.get('object_category_id', None)
+ self.admin_api.del_object_category(user_id, intra_extension_id, object_category_id)
+
+ @controller.protected()
+ def set_object_category(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ object_category_id = kw.get('object_category_id', None)
+ object_category_dict = dict()
+ object_category_dict['name'] = kw.get('object_category_name', None)
+ object_category_dict['description'] = kw.get('object_category_description', None)
+ return self.admin_api.set_object_category_dict(user_id, intra_extension_id, object_category_id, object_category_dict)
+
+ @controller.protected()
+ def get_action_categories(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ return self.admin_api.get_action_categories_dict(user_id, intra_extension_id)
+
+ @controller.protected()
+ def add_action_category(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ action_category_dict = dict()
+ action_category_dict['name'] = kw.get('action_category_name', None)
+ action_category_dict['description'] = kw.get('action_category_description', None)
+ return self.admin_api.add_action_category_dict(user_id, intra_extension_id, action_category_dict)
+
+ @controller.protected()
+ def get_action_category(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ action_category_id = kw.get('action_category_id', None)
+ return self.admin_api.get_action_categories_dict(user_id, intra_extension_id, action_category_id)
+
+ @controller.protected()
+ def del_action_category(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ action_category_id = kw.get('action_category_id', None)
+ self.admin_api.del_action_category(user_id, intra_extension_id, action_category_id)
+
+ @controller.protected()
+ def set_action_category(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ action_category_id = kw.get('action_category_id', None)
+ action_category_dict = dict()
+ action_category_dict['name'] = kw.get('action_category_name', None)
+ action_category_dict['description'] = kw.get('action_category_description', None)
+ return self.admin_api.set_action_category_dict(user_id, intra_extension_id, action_category_id, action_category_dict)
+
+ # Perimeter functions
+ @controller.protected()
+ def get_subjects(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ return self.admin_api.get_subjects_dict(user_id, intra_extension_id)
+
+ @controller.protected()
+ def add_subject(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ subject_dict = dict()
+ subject_dict['name'] = kw.get('subject_name', None)
+ subject_dict['description'] = kw.get('subject_description', None)
+ subject_dict['password'] = kw.get('subject_password', None)
+ subject_dict['email'] = kw.get('subject_email', None)
+ return self.admin_api.add_subject_dict(user_id, intra_extension_id, subject_dict)
+
+ @controller.protected()
+ def get_subject(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ subject_id = kw.get('subject_id', None)
+ return self.admin_api.get_subject_dict(user_id, intra_extension_id, subject_id)
+
+ @controller.protected()
+ def del_subject(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ subject_id = kw.get('subject_id', None)
+ self.admin_api.del_subject(user_id, intra_extension_id, subject_id)
+
+ @controller.protected()
+ def set_subject(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ subject_id = kw.get('subject_id', None)
+ subject_dict = dict()
+ subject_dict['name'] = kw.get('subject_name', None)
+ subject_dict['description'] = kw.get('subject_description', None)
+ return self.admin_api.set_subject_dict(user_id, intra_extension_id, subject_id, subject_dict)
+
+ @controller.protected()
+ def get_objects(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ return self.admin_api.get_objects_dict(user_id, intra_extension_id)
+
+ @controller.protected()
+ def add_object(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ object_dict = dict()
+ object_dict['name'] = kw.get('object_name', None)
+ object_dict['description'] = kw.get('object_description', None)
+ return self.admin_api.add_object_dict(user_id, intra_extension_id, object_dict)
+
+ @controller.protected()
+ def get_object(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ object_id = kw.get('object_id', None)
+ return self.admin_api.get_object_dict(user_id, intra_extension_id, object_id)
+
+ @controller.protected()
+ def del_object(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ object_id = kw.get('object_id', None)
+ self.admin_api.del_object(user_id, intra_extension_id, object_id)
+
+ @controller.protected()
+ def set_object(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ object_id = kw.get('object_id', None)
+ object_dict = dict()
+ object_dict['name'] = kw.get('object_name', None)
+ object_dict['description'] = kw.get('object_description', None)
+ return self.admin_api.set_object_dict(user_id, intra_extension_id, object_id, object_dict)
+
+ @controller.protected()
+ def get_actions(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ return self.admin_api.get_actions_dict(user_id, intra_extension_id)
+
+ @controller.protected()
+ def add_action(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ action_dict = dict()
+ action_dict['name'] = kw.get('action_name', None)
+ action_dict['description'] = kw.get('action_description', None)
+ return self.admin_api.add_action_dict(user_id, intra_extension_id, action_dict)
+
+ @controller.protected()
+ def get_action(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ action_id = kw.get('action_id', None)
+ return self.admin_api.get_action_dict(user_id, intra_extension_id, action_id)
+
+ @controller.protected()
+ def del_action(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ action_id = kw.get('action_id', None)
+ self.admin_api.del_action(user_id, intra_extension_id, action_id)
+
+ @controller.protected()
+ def set_action(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ action_id = kw.get('action_id', None)
+ action_dict = dict()
+ action_dict['name'] = kw.get('action_name', None)
+ action_dict['description'] = kw.get('action_description', None)
+ return self.admin_api.set_action_dict(user_id, intra_extension_id, action_id, action_dict)
+
+ # Scope functions
+ @controller.protected()
+ def get_subject_scopes(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ subject_category_id = kw.get('subject_category_id', None)
+ return self.admin_api.get_subject_scopes_dict(user_id, intra_extension_id, subject_category_id)
+
+ @controller.protected()
+ def add_subject_scope(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ subject_category_id = kw.get('subject_category_id', None)
+ subject_scope_dict = dict()
+ subject_scope_dict['name'] = kw.get('subject_scope_name', None)
+ subject_scope_dict['description'] = kw.get('subject_scope_description', None)
+ return self.admin_api.add_subject_scope_dict(user_id, intra_extension_id, subject_category_id, subject_scope_dict)
+
+ @controller.protected()
+ def get_subject_scope(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ subject_category_id = kw.get('subject_category_id', None)
+ subject_scope_id = kw.get('subject_scope_id', None)
+ return self.admin_api.get_subject_scope_dict(user_id, intra_extension_id, subject_category_id, subject_scope_id)
+
+ @controller.protected()
+ def del_subject_scope(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ subject_category_id = kw.get('subject_category_id', None)
+ subject_scope_id = kw.get('subject_scope_id', None)
+ self.admin_api.del_subject_scope(user_id, intra_extension_id, subject_category_id, subject_scope_id)
+
+ @controller.protected()
+ def set_subject_scope(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ subject_category_id = kw.get('subject_category_id', None)
+ subject_scope_id = kw.get('subject_scope_id', None)
+ subject_scope_dict = dict()
+ subject_scope_dict['name'] = kw.get('subject_scope_name', None)
+ subject_scope_dict['description'] = kw.get('subject_scope_description', None)
+ return self.admin_api.set_subject_scope_dict(user_id, intra_extension_id, subject_category_id, subject_scope_id, subject_scope_dict)
+
+ @controller.protected()
+ def get_object_scopes(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ object_category_id = kw.get('object_category_id', None)
+ return self.admin_api.get_object_scopes_dict(user_id, intra_extension_id, object_category_id)
+
+ @controller.protected()
+ def add_object_scope(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ object_category_id = kw.get('object_category_id', None)
+ object_scope_dict = dict()
+ object_scope_dict['name'] = kw.get('object_scope_name', None)
+ object_scope_dict['description'] = kw.get('object_scope_description', None)
+ return self.admin_api.add_object_scope_dict(user_id, intra_extension_id, object_category_id, object_scope_dict)
+
+ @controller.protected()
+ def get_object_scope(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ object_category_id = kw.get('object_category_id', None)
+ object_scope_id = kw.get('object_scope_id', None)
+ return self.admin_api.get_object_scope_dict(user_id, intra_extension_id, object_category_id, object_scope_id)
+
+ @controller.protected()
+ def del_object_scope(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ object_category_id = kw.get('object_category_id', None)
+ object_scope_id = kw.get('object_scope_id', None)
+ self.admin_api.del_object_scope(user_id, intra_extension_id, object_category_id, object_scope_id)
+
+ @controller.protected()
+ def set_object_scope(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ object_category_id = kw.get('object_category_id', None)
+ object_scope_id = kw.get('object_scope_id', None)
+ object_scope_dict = dict()
+ object_scope_dict['name'] = kw.get('object_scope_name', None)
+ object_scope_dict['description'] = kw.get('object_scope_description', None)
+ return self.admin_api.set_object_scope_dict(user_id, intra_extension_id, object_category_id, object_scope_id, object_scope_dict)
+
+ @controller.protected()
+ def get_action_scopes(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ action_category_id = kw.get('action_category_id', None)
+ return self.admin_api.get_action_scopes_dict(user_id, intra_extension_id, action_category_id)
+
+ @controller.protected()
+ def add_action_scope(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ action_category_id = kw.get('action_category_id', None)
+ action_scope_dict = dict()
+ action_scope_dict['name'] = kw.get('action_scope_name', None)
+ action_scope_dict['description'] = kw.get('action_scope_description', None)
+ return self.admin_api.add_action_scope_dict(user_id, intra_extension_id, action_category_id, action_scope_dict)
+
+ @controller.protected()
+ def get_action_scope(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ action_category_id = kw.get('action_category_id', None)
+ action_scope_id = kw.get('action_scope_id', None)
+ return self.admin_api.get_action_scope_dict(user_id, intra_extension_id, action_category_id, action_scope_id)
+
+ @controller.protected()
+ def del_action_scope(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ action_category_id = kw.get('action_category_id', None)
+ action_scope_id = kw.get('action_scope_id', None)
+ self.admin_api.del_action_scope(user_id, intra_extension_id, action_category_id, action_scope_id)
+
+ @controller.protected()
+ def set_action_scope(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ action_category_id = kw.get('action_category_id', None)
+ action_scope_id = kw.get('action_scope_id', None)
+ action_scope_dict = dict()
+ action_scope_dict['name'] = kw.get('action_scope_name', None)
+ action_scope_dict['description'] = kw.get('action_scope_description', None)
+ return self.admin_api.set_action_scope_dict(user_id, intra_extension_id, action_category_id, action_scope_id, action_scope_dict)
+
+ # Assignment functions
+
+ @controller.protected()
+ def add_subject_assignment(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ subject_id = kw.get('subject_id', None)
+ subject_category_id = kw.get('subject_category_id', None)
+ subject_scope_id = kw.get('subject_scope_id', None)
+ return self.admin_api.add_subject_assignment_list(user_id, intra_extension_id, subject_id, subject_category_id, subject_scope_id)
+
+ @controller.protected()
+ def get_subject_assignment(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ subject_id = kw.get('subject_id', None)
+ subject_category_id = kw.get('subject_category_id', None)
+ return self.admin_api.get_subject_assignment_list(user_id, intra_extension_id, subject_id, subject_category_id)
+
+ @controller.protected()
+ def del_subject_assignment(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ subject_id = kw.get('subject_id', None)
+ subject_category_id = kw.get('subject_category_id', None)
+ subject_scope_id = kw.get('subject_scope_id', None)
+ self.admin_api.del_subject_assignment(user_id, intra_extension_id, subject_id, subject_category_id, subject_scope_id)
+
+ @controller.protected()
+ def add_object_assignment(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ object_id = kw.get('object_id', None)
+ object_category_id = kw.get('object_category_id', None)
+ object_scope_id = kw.get('object_scope_id', None)
+ return self.admin_api.add_object_assignment_list(user_id, intra_extension_id, object_id, object_category_id, object_scope_id)
+
+ @controller.protected()
+ def get_object_assignment(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ object_id = kw.get('object_id', None)
+ object_category_id = kw.get('object_category_id', None)
+ return self.admin_api.get_object_assignment_list(user_id, intra_extension_id, object_id, object_category_id)
+
+ @controller.protected()
+ def del_object_assignment(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ object_id = kw.get('object_id', None)
+ object_category_id = kw.get('object_category_id', None)
+ object_scope_id = kw.get('object_scope_id', None)
+ self.admin_api.del_object_assignment(user_id, intra_extension_id, object_id, object_category_id, object_scope_id)
+
+ @controller.protected()
+ def add_action_assignment(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ action_id = kw.get('action_id', None)
+ action_category_id = kw.get('action_category_id', None)
+ action_scope_id = kw.get('action_scope_id', None)
+ return self.admin_api.add_action_assignment_list(user_id, intra_extension_id, action_id, action_category_id, action_scope_id)
+
+ @controller.protected()
+ def get_action_assignment(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ action_id = kw.get('action_id', None)
+ action_category_id = kw.get('action_category_id', None)
+ return self.admin_api.get_action_assignment_list(user_id, intra_extension_id, action_id, action_category_id)
+
+ @controller.protected()
+ def del_action_assignment(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ action_id = kw.get('action_id', None)
+ action_category_id = kw.get('action_category_id', None)
+ action_scope_id = kw.get('action_scope_id', None)
+ self.admin_api.del_action_assignment(user_id, intra_extension_id, action_id, action_category_id, action_scope_id)
+
+ # Metarule functions
+
+ @controller.protected()
+ def get_aggregation_algorithm(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ return self.admin_api.get_aggregation_algorithm_id(user_id, intra_extension_id)
+
+ @controller.protected()
+ def set_aggregation_algorithm(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ aggregation_algorithm_id = kw.get('aggregation_algorithm_id', None)
+ return self.admin_api.set_aggregation_algorithm_id(user_id, intra_extension_id, aggregation_algorithm_id)
+
+ @controller.protected()
+ def get_sub_meta_rules(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ return self.admin_api.get_sub_meta_rules_dict(user_id, intra_extension_id)
+
+ @controller.protected()
+ def add_sub_meta_rule(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ sub_meta_rule_dict = dict()
+ sub_meta_rule_dict['name'] = kw.get('sub_meta_rule_name', None)
+ sub_meta_rule_dict['algorithm'] = kw.get('sub_meta_rule_algorithm', None)
+ sub_meta_rule_dict['subject_categories'] = kw.get('sub_meta_rule_subject_categories', None)
+ sub_meta_rule_dict['object_categories'] = kw.get('sub_meta_rule_object_categories', None)
+ sub_meta_rule_dict['action_categories'] = kw.get('sub_meta_rule_action_categories', None)
+ return self.admin_api.add_sub_meta_rule_dict(user_id, intra_extension_id, sub_meta_rule_dict)
+
+ @controller.protected()
+ def get_sub_meta_rule(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ sub_meta_rule_id = kw.get('sub_meta_rule_id', None)
+ return self.admin_api.get_sub_meta_rule_dict(user_id, intra_extension_id, sub_meta_rule_id)
+
+ @controller.protected()
+ def del_sub_meta_rule(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ sub_meta_rule_id = kw.get('sub_meta_rule_id', None)
+ self.admin_api.del_sub_meta_rule(user_id, intra_extension_id, sub_meta_rule_id)
+
+ @controller.protected()
+ def set_sub_meta_rule(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ sub_meta_rule_id = kw.get('sub_meta_rule_id', None)
+ sub_meta_rule_dict = dict()
+ sub_meta_rule_dict['name'] = kw.get('sub_meta_rule_name', None)
+ sub_meta_rule_dict['algorithm'] = kw.get('sub_meta_rule_algorithm', None)
+ sub_meta_rule_dict['subject_categories'] = kw.get('sub_meta_rule_subject_categories', None)
+ sub_meta_rule_dict['object_categories'] = kw.get('sub_meta_rule_object_categories', None)
+ sub_meta_rule_dict['action_categories'] = kw.get('sub_meta_rule_action_categories', None)
+ return self.admin_api.set_sub_meta_rule_dict(user_id, intra_extension_id, sub_meta_rule_id, sub_meta_rule_dict)
+
+ # Rules functions
+ @controller.protected()
+ def get_rules(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ sub_meta_rule_id = kw.get('sub_meta_rule_id', None)
+ return self.admin_api.get_rules_dict(user_id, intra_extension_id, sub_meta_rule_id)
+
+ @controller.protected()
+ def add_rule(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ sub_meta_rule_id = kw.get('sub_meta_rule_id', None)
+ subject_category_list = kw.get('subject_categories', [])
+ object_category_list = kw.get('object_categories', [])
+ action_category_list = kw.get('action_categories', [])
+ enabled_bool = kw.get('enabled', True)
+ rule_list = subject_category_list + action_category_list + object_category_list + [enabled_bool, ]
+ return self.admin_api.add_rule_dict(user_id, intra_extension_id, sub_meta_rule_id, rule_list)
+
+ @controller.protected()
+ def get_rule(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ sub_meta_rule_id = kw.get('sub_meta_rule_id', None)
+ rule_id = kw.get('rule_id', None)
+ return self.admin_api.get_rule_dict(user_id, intra_extension_id, sub_meta_rule_id, rule_id)
+
+ @controller.protected()
+ def del_rule(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ sub_meta_rule_id = kw.get('sub_meta_rule_id', None)
+ rule_id = kw.get('rule_id', None)
+ self.admin_api.del_rule(user_id, intra_extension_id, sub_meta_rule_id, rule_id)
+
+ @controller.protected()
+ def set_rule(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ intra_extension_id = kw.get('intra_extension_id', None)
+ sub_meta_rule_id = kw.get('sub_meta_rule_id', None)
+ rule_id = kw.get('rule_id', None)
+ rule_list = list()
+ subject_category_list = kw.get('subject_categories', [])
+ object_category_list = kw.get('object_categories', [])
+ action_category_list = kw.get('action_categories', [])
+ rule_list = subject_category_list + action_category_list + object_category_list
+ return self.admin_api.set_rule_dict(user_id, intra_extension_id, sub_meta_rule_id, rule_id, rule_list)
+
+
+@dependency.requires('authz_api')
+class InterExtensions(controller.V3Controller):
+
+ def __init__(self):
+ super(InterExtensions, self).__init__()
+
+ def _get_user_from_token(self, token_id):
+ response = self.token_provider_api.validate_token(token_id)
+ token_ref = token_model.KeystoneToken(token_id=token_id, token_data=response)
+ return token_ref['user']
+
+ # @controller.protected()
+ # def get_inter_extensions(self, context, **kw):
+ # user = self._get_user_from_token(context.get('token_id'))
+ # return {
+ # 'inter_extensions':
+ # self.interextension_api.get_inter_extensions()
+ # }
+
+ # @controller.protected()
+ # def get_inter_extension(self, context, **kw):
+ # user = self._get_user_from_token(context.get('token_id'))
+ # return {
+ # 'inter_extensions':
+ # self.interextension_api.get_inter_extension(uuid=kw['inter_extension_id'])
+ # }
+
+ # @controller.protected()
+ # def create_inter_extension(self, context, **kw):
+ # user = self._get_user_from_token(context.get('token_id'))
+ # return self.interextension_api.create_inter_extension(kw)
+
+ # @controller.protected()
+ # def delete_inter_extension(self, context, **kw):
+ # user = self._get_user_from_token(context.get('token_id'))
+ # if 'inter_extension_id' not in kw:
+ # raise exception.Error
+ # return self.interextension_api.delete_inter_extension(kw['inter_extension_id'])
+
+
+@dependency.requires('moonlog_api', 'authz_api')
+class Logs(controller.V3Controller):
+
+ def __init__(self):
+ super(Logs, self).__init__()
+
+ def _get_user_id_from_token(self, token_id):
+ response = self.token_provider_api.validate_token(token_id)
+ token_ref = token_model.KeystoneToken(token_id=token_id, token_data=response)
+ return token_ref['user']
+
+ @controller.protected()
+ def get_logs(self, context, **kw):
+ user_id = self._get_user_id_from_token(context.get('token_id'))
+ options = kw.get('options', '')
+ return self.moonlog_api.get_logs(user_id, options)
+
+
+@dependency.requires('identity_api', "token_provider_api", "resource_api")
+class MoonAuth(controller.V3Controller):
+
+ def __init__(self):
+ super(MoonAuth, self).__init__()
+
+ def _get_project(self, uuid="", name=""):
+ projects = self.resource_api.list_projects()
+ for project in projects:
+ if uuid and uuid == project['id']:
+ return project
+ elif name and name == project['name']:
+ return project
+
+ def get_token(self, context, **kw):
+ data_auth = {
+ "auth": {
+ "identity": {
+ "methods": [
+ "password"
+ ],
+ "password": {
+ "user": {
+ "domain": {
+ "id": "Default"
+ },
+ "name": kw['username'],
+ "password": kw['password']
+ }
+ }
+ }
+ }
+ }
+
+ message = {}
+ if "project" in kw:
+ project = self._get_project(name=kw['project'])
+ if project:
+ data_auth["auth"]["scope"] = dict()
+ data_auth["auth"]["scope"]['project'] = dict()
+ data_auth["auth"]["scope"]['project']['id'] = project['id']
+ else:
+ message = {
+ "error": {
+ "message": "Unable to find project {}".format(kw['project']),
+ "code": 200,
+ "title": "UnScopedToken"
+ }}
+
+# req = requests.post("http://localhost:5000/v3/auth/tokens",
+# json=data_auth,
+# headers={"Content-Type": "application/json"}
+# )
+ req = requests.post("http://172.16.1.222:5000/v3/auth/tokens",
+ json=data_auth,
+ headers={"Content-Type": "application/json"}
+ )
+ if req.status_code not in (200, 201):
+ LOG.error(req.text)
+ else:
+ _token = req.headers['X-Subject-Token']
+ _data = req.json()
+ _result = {
+ "token": _token,
+ 'message': message
+ }
+ try:
+ _result["roles"] = map(lambda x: x['name'], _data["token"]["roles"])
+ except KeyError:
+ pass
+ return _result
+ return {"token": None, 'message': req.json()}
+
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/main.yml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/main.yml
index 40e1c98c..a3511de7 100644
--- a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/main.yml
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/main.yml
@@ -7,10 +7,5 @@
# http://www.apache.org/licenses/LICENSE-2.0
##############################################################################
---
-- include_vars: "{{ ansible_os_family }}.yml"
-
-- include: moon-controller.yml
- when: inventory_hostname in groups['controller']
-
-- include: moon-compute.yml
- when: inventory_hostname in groups['compute']
+- include: moon.yml
+ when: moon == "Enable"
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon-controller.yml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon-controller.yml
index f2efaa65..62f53ab9 100644
--- a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon-controller.yml
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon-controller.yml
@@ -151,7 +151,9 @@
# job: '/usr/bin/keystone-manage token_flush > /var/log/keystone/keystone-tokenflush.log 2>&1'
#############################################
-
+# moon workaround
+- name: copy scripts
+ copy: src=controllers.py dest=/usr/lib/python2.7/dist-packages/keystone/contrib/moon/controllers.py
# apache2 restart
- name: restart apache2
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon.yml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon.yml
new file mode 100644
index 00000000..40e1c98c
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon.yml
@@ -0,0 +1,16 @@
+#############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- include: moon-controller.yml
+ when: inventory_hostname in groups['controller']
+
+- include: moon-compute.yml
+ when: inventory_hostname in groups['compute']
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/files/odl-aaa-moon.tar.gz b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/files/odl-aaa-moon.tar.gz
new file mode 100644
index 00000000..dd03749c
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/files/odl-aaa-moon.tar.gz
Binary files differ
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/tasks/moon-odl.yml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/tasks/moon-odl.yml
new file mode 100644
index 00000000..a2ad56c2
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/tasks/moon-odl.yml
@@ -0,0 +1,58 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+
+- name: delete data journal snapshots
+ shell: rm -rf {{ odl_home }}/{{ item }}
+ with_items:
+ - journal
+ - data
+ - snapshots
+
+- name: remove aaa feature
+ shell: rm -rf {{ odl_home }}/system/org/opendaylight/aaa/
+
+- name: download apache maven package file
+ get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/odl/apache-maven-3.3.9-bin.tar.gz" dest=/opt/apache-maven-3.3.9-bin.tar.gz
+
+- name: create maven folder
+ shell: mkdir -p /opt/apache-maven-3.3.9/
+
+- name: extract maven
+ command: su -s /bin/sh -c "tar zxf /opt/apache-maven-3.3.9-bin.tar.gz -C /opt/apache-maven-3.3.9/ --strip-components 1 --no-overwrite-dir -k --skip-old-files" root
+
+- name: install maven
+ shell: ln -s /opt/apache-maven-3.3.9/bin/mvn /usr/local/bin/mvn;
+
+- name: create m2 directory
+ file: path=/root/.m2/ state=directory mode=0755
+
+- name: copy settings.xml
+ template: src=settings.xml dest=/root/.m2/settings.xml
+
+- name: upload swift lib
+ unarchive: src=odl-aaa-moon.tar.gz dest=/home/
+
+- name: install aaa
+ shell: >
+ export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/lib/jvm/java-8-oracle/bin:/opt/apache-maven-3.3.3/bin";
+ export JAVA_HOME="/usr/lib/jvm/java-8-oracle";
+ export _JAVA_OPTIONS="-Djava.net.preferIPv4Stack=true";
+ export MAVEN_OPTS="-Xmx1024m -XX:MaxPermSize=512m";
+ cd /home/odl-aaa-moon/aaa/;
+ mvn clean install -DskipTests;
+
+- name: remove shiro ini
+ shell: rm -f {{ odl_home }}/etc/shiro.ini
+
+- name: set moon env
+ shell: >
+ export MOON_SERVER_ADDR={{ internal_vip.ip }};
+ export MOON_SERVER_PORT=5000;
+ export no_proxy="localhost,127.0.0.1";
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/tasks/odl_controller.yml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/tasks/odl_controller.yml
index 6de7da66..9de5f478 100755
--- a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/tasks/odl_controller.yml
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/tasks/odl_controller.yml
@@ -100,6 +100,11 @@
src: tomcat-server.xml
dest: "{{ odl_home }}/configuration/tomcat-server.xml"
+- name: create tomcat config
+ template:
+ src: jetty.xml
+ dest: "{{ odl_home }}/etc/jetty.xml"
+
- name: download odl pip package
get_url: url="http://{{ http_server.stdout_lines[0] }}/pip/{{ networking_odl_pkg_name }}" dest=/opt/{{ networking_odl_pkg_name }}
@@ -204,6 +209,16 @@
service: name=keepalived state=stopped
when: ansible_os_family == "Debian"
+
+#################################################################
+########################### moon ################################
+#################################################################
+
+- include: moon-odl.yml
+ when: moon == "Enable"
+
+#################################################################
+
- name: chown opendaylight directory and files
shell: >
chown -R odl:odl "{{ odl_home }}";
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/templates/jetty.xml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/templates/jetty.xml
new file mode 100755
index 00000000..50ac7c35
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/templates/jetty.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//
+DTD Configure//EN" "http://jetty.mortbay.org/configure.dtd">
+
+<Configure class="org.eclipse.jetty.server.Server">
+
+ <!-- =========================================================== -->
+ <!-- Set connectors -->
+ <!-- =========================================================== -->
+ <!-- One of each type! -->
+ <!-- =========================================================== -->
+
+ <!-- Use this connector for many frequently idle connections and for
+ threadless continuations. -->
+ <Call name="addConnector">
+ <Arg>
+ <New class="org.eclipse.jetty.server.nio.SelectChannelConnector">
+ <Set name="host">
+ <Property name="jetty.host"/>
+ </Set>
+ <Set name="port">
+ <Property name="jetty.port" default="8181" />
+ </Set>
+ <Set name="maxIdleTime">300000</Set>
+ <Set name="Acceptors">2</Set>
+ <Set name="statsOn">false</Set>
+ <Set name="confidentialPort">8543</Set>
+ <Set name="lowResourcesConnections">20000</Set>
+ <Set name="lowResourcesMaxIdleTime">5000</Set>
+ </New>
+ </Arg>
+ </Call>
+
+ <!-- =========================================================== -->
+ <!-- Configure Authentication Realms -->
+ <!-- Realms may be configured for the entire server here, or -->
+ <!-- they can be configured for a specific web app in a context -->
+ <!-- configuration (see $(jetty.home)/contexts/test.xml for an -->
+ <!-- example). -->
+ <!-- =========================================================== -->
+ <Call name="addBean">
+ <Arg>
+ <New class="org.eclipse.jetty.plus.jaas.JAASLoginService">
+ <Set name="name">karaf</Set>
+ <Set name="loginModuleName">karaf</Set>
+ <Set name="roleClassNames">
+ <Array type="java.lang.String">
+ <Item>org.apache.karaf.jaas.boot.principal.RolePrincipal
+ </Item>
+ </Array>
+ </Set>
+ </New>
+ </Arg>
+ </Call>
+ <Call name="addBean">
+ <Arg>
+ <New class="org.eclipse.jetty.plus.jaas.JAASLoginService">
+ <Set name="name">default</Set>
+ <Set name="loginModuleName">karaf</Set>
+ <Set name="roleClassNames">
+ <Array type="java.lang.String">
+ <Item>org.apache.karaf.jaas.boot.principal.RolePrincipal
+ </Item>
+ </Array>
+ </Set>
+ </New>
+ </Arg>
+ </Call>
+
+</Configure>
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/templates/ml2_conf.sh b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/templates/ml2_conf.sh
new file mode 100755
index 00000000..5e3627bf
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/templates/ml2_conf.sh
@@ -0,0 +1,14 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+cat <<EOT>> /etc/neutron/plugins/ml2/ml2_conf.ini
+[ml2_odl]
+password = admin
+username = admin
+url = http://{{ internal_vip.ip }}:8181/controller/nb/v2/neutron
+EOT
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/templates/settings.xml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/templates/settings.xml
new file mode 100644
index 00000000..5ba3b50c
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/templates/settings.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- vi: set et smarttab sw=2 tabstop=2: -->
+<!--
+ Copyright (c) 2014, 2015 Cisco Systems, Inc. and others. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ and is available at http://www.eclipse.org/legal/epl-v10.html
+-->
+<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
+ <localRepository>{{ odl_home }}/system/ </localRepository>
+ <profiles>
+ <profile>
+ <id>opendaylight-release</id>
+ <repositories>
+ <repository>
+ <id>opendaylight-mirror</id>
+ <name>opendaylight-mirror</name>
+ <url>https://nexus.opendaylight.org/content/repositories/public/</url>
+ <releases>
+ <enabled>true</enabled>
+ <updatePolicy>never</updatePolicy>
+ </releases>
+ <snapshots>
+ <enabled>false</enabled>
+ </snapshots>
+ </repository>
+ </repositories>
+ <pluginRepositories>
+ <pluginRepository>
+ <id>opendaylight-mirror</id>
+ <name>opendaylight-mirror</name>
+ <url>https://nexus.opendaylight.org/content/repositories/public/</url>
+ <releases>
+ <enabled>true</enabled>
+ <updatePolicy>never</updatePolicy>
+ </releases>
+ <snapshots>
+ <enabled>false</enabled>
+ </snapshots>
+ </pluginRepository>
+ </pluginRepositories>
+ </profile>
+
+ <profile>
+ <id>opendaylight-snapshots</id>
+ <repositories>
+ <repository>
+ <id>opendaylight-snapshot</id>
+ <name>opendaylight-snapshot</name>
+ <url>https://nexus.opendaylight.org/content/repositories/opendaylight.snapshot/</url>
+ <releases>
+ <enabled>false</enabled>
+ </releases>
+ <snapshots>
+ <enabled>true</enabled>
+ </snapshots>
+ </repository>
+ </repositories>
+ <pluginRepositories>
+ <pluginRepository>
+ <id>opendaylight-snapshot</id>
+ <name>opendaylight-snapshot</name>
+ <url>https://nexus.opendaylight.org/content/repositories/opendaylight.snapshot/</url>
+ <releases>
+ <enabled>false</enabled>
+ </releases>
+ <snapshots>
+ <enabled>true</enabled>
+ </snapshots>
+ </pluginRepository>
+ </pluginRepositories>
+ </profile>
+ </profiles>
+
+ <activeProfiles>
+ <activeProfile>opendaylight-release</activeProfile>
+ <activeProfile>opendaylight-snapshots</activeProfile>
+ </activeProfiles>
+</settings>
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/templates/tomcat-server.xml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/templates/tomcat-server.xml
new file mode 100755
index 00000000..bc7ab13d
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/templates/tomcat-server.xml
@@ -0,0 +1,61 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<Server>
+ <!--APR library loader. Documentation at /docs/apr.html -->
+ <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+ <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
+ <Listener className="org.apache.catalina.core.JasperListener" />
+ <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+ <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+ <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+ <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+ <Service name="Catalina">
+ <Connector port="{{ odl_api_port }}" protocol="HTTP/1.1"
+ connectionTimeout="20000"
+ redirectPort="8443" />
+
+<!--
+ Please remove the comments around the following Connector tag to enable HTTPS Authentication support.
+ Remember to add a valid keystore in the configuration folder.
+ More info : http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Configuration
+-->
+
+ <!--
+ <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
+ maxThreads="150" scheme="https" secure="true"
+ clientAuth="false" sslProtocol="TLS"
+ keystoreFile="configuration/keystore"
+ keystorePass="changeit"/>
+ -->
+
+ <Engine name="Catalina" defaultHost="localhost">
+ <Host name="localhost" appBase=""
+ unpackWARs="false" autoDeploy="false"
+ deployOnStartup="false" createDirs="false">
+ <Realm className="org.opendaylight.controller.karafsecurity.ControllerCustomRealm" />
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
+ <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
+ prefix="web_access_log_" suffix=".txt" resolveHosts="false"
+ rotatable="true" fileDateFormat="yyyy-MM"
+ pattern="%{yyyy-MM-dd HH:mm:ss.SSS z}t - [%a] - %r"/>
+ </Host>
+ </Engine>
+ </Service>
+</Server>
+
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/vars/main.yml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/vars/main.yml
new file mode 100755
index 00000000..da0c9efd
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/odl_cluster/vars/main.yml
@@ -0,0 +1,29 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+odl_username: admin
+odl_password: admin
+odl_api_port: 8181
+
+#odl_pkg_url: https://nexus.opendaylight.org/content/groups/public/org/opendaylight/integration/distribution-karaf/0.3.0-Lithium/distribution-karaf-0.3.0-Lithium.tar.gz
+odl_pkg_url: karaf.tar.gz
+odl_pkg_name: karaf.tar.gz
+odl_home: "/opt/opendaylight-0.3.0/"
+odl_base_features: ['config', 'standard', 'region', 'package', 'kar', 'ssh', 'management', 'odl-restconf','odl-l2switch-switch','odl-openflowplugin-all','odl-mdsal-apidocs','odl-dlux-all','odl-adsal-northbound','odl-nsf-all','odl-ovsdb-openstack','odl-ovsdb-northbound','odl-dlux-core']
+odl_extra_features: ['odl-restconf-all','odl-mdsal-clustering','odl-openflowplugin-flow-services','http','jolokia-osgi']
+odl_features: "{{ odl_base_features + odl_extra_features }}"
+
+jdk8_pkg_name: jdk-8u51-linux-x64.tar.gz
+
+controller_packages_noarch: []
+compute_packages_noarch: []
+
+odl_pip:
+ - networking_odl
+
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/swift/tasks/main.yml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/swift/tasks/main.yml
index 25c151a3..0f083146 100644
--- a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/swift/tasks/main.yml
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/swift/tasks/main.yml
@@ -7,109 +7,5 @@
# http://www.apache.org/licenses/LICENSE-2.0
##############################################################################
---
-- include_vars: "{{ ansible_os_family }}.yml"
-
-- include: swift-controller1.yml
- when: inventory_hostname in groups['controller']
-
-- include: swift-compute1.yml
- when: inventory_hostname in groups['compute']
-
-- include: swift-controller2.yml
- when: inventory_hostname == haproxy_hosts.keys()[0]
-
-- name: copy swift.conf
- template: src=swift.conf dest=/etc/swift/swift.conf backup=yes
-
-- name: chown /etc/swift
- shell: chown -R root:swift /etc/swift
-
-- name: restart tasks on controller
- service: name={{ item }} state=restarted enabled=yes
- with_items:
- - memcached
- - swift-proxy
- when: inventory_hostname in groups['controller']
-
-- name: restart tasks on compute
- shell: swift-init all start
- when: inventory_hostname in groups['compute']
- ignore_errors: True
-
-- name: restart tasks on controller
- service: name={{ item }} state=restarted enabled=yes
- with_items:
- - rsync
- when: inventory_hostname in groups['compute']
-
-- name: upload swift lib
- unarchive: src=swift-lib.tar.gz dest=/tmp/
-
-- name: copy swift lib
- command: su -s /bin/sh -c "cp /tmp/swift-lib/* /usr/lib/"
-
-- name: wait 30 seconds
- shell: sleep 30
-
-- name: stop tasks on compute
- service: name={{ item }} state=stop enabled=yes
- with_items:
- - swift-account
- - swift-account-replicator
- - swift-container-replicator
- - swift-object
- - swift-object-updater
- - swift-account-auditor
- - swift-container
- - swift-container-sync
- - swift-object-auditor
- - swift-account-reaper
- - swift-container-auditor
- - swift-container-updater
- - swift-object-replicator
- when: inventory_hostname in groups['compute']
- ignore_errors: True
-
-- name: sleep 10 second
- shell: sleep 10
-
-- name: start tasks on compute
- service: name={{ item }} state=start enabled=yes
- with_items:
- - swift-account
- - swift-account-replicator
- - swift-container-replicator
- - swift-object
- - swift-object-updater
- - swift-account-auditor
- - swift-container
- - swift-container-sync
- - swift-object-auditor
- - swift-account-reaper
- - swift-container-auditor
- - swift-container-updater
- - swift-object-replicator
- when: inventory_hostname in groups['compute']
- ignore_errors: True
-
-- name: sleep 10 second
- shell: sleep 10
-
-- name: start tasks on compute
- service: name={{ item }} state=start enabled=yes
- with_items:
- - swift-account
- - swift-account-replicator
- - swift-container-replicator
- - swift-object
- - swift-object-updater
- - swift-account-auditor
- - swift-container
- - swift-container-sync
- - swift-object-auditor
- - swift-account-reaper
- - swift-container-auditor
- - swift-container-updater
- - swift-object-replicator
- when: inventory_hostname in groups['compute']
- ignore_errors: True
+- include: swift.yml
+ when: moon == "Enable"
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/swift/tasks/swift.yml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/swift/tasks/swift.yml
new file mode 100644
index 00000000..4e2651a7
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/swift/tasks/swift.yml
@@ -0,0 +1,79 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- include: swift-controller1.yml
+ when: inventory_hostname in groups['controller']
+
+- include: swift-compute1.yml
+ when: inventory_hostname in groups['compute']
+
+- include: swift-controller2.yml
+ when: inventory_hostname == haproxy_hosts.keys()[0]
+
+- name: copy swift.conf
+ template: src=swift.conf dest=/etc/swift/swift.conf backup=yes
+
+- name: chown /etc/swift
+ shell: chown -R root:swift /etc/swift
+
+- name: restart tasks on controller
+ service: name={{ item }} state=restarted enabled=yes
+ with_items:
+ - memcached
+ - swift-proxy
+ when: inventory_hostname in groups['controller']
+
+- name: restart tasks on compute
+ shell: swift-init all start
+ when: inventory_hostname in groups['compute']
+ ignore_errors: True
+
+- name: restart tasks on controller
+ service: name={{ item }} state=restarted enabled=yes
+ with_items:
+ - rsync
+ when: inventory_hostname in groups['compute']
+
+- name: upload swift lib
+ unarchive: src=swift-lib.tar.gz dest=/tmp/
+
+- name: copy swift lib
+ command: su -s /bin/sh -c "cp /tmp/swift-lib/* /usr/lib/"
+
+- name: wait 30 seconds
+ shell: sleep 30
+
+- name: create swift task script
+ shell: echo {{ item }} >> /opt/swift-service
+ with_items:
+ - swift-account
+ - swift-account-replicator
+ - swift-container-replicator
+ - swift-object
+ - swift-object-updater
+ - swift-account-auditor
+ - swift-container
+ - swift-container-sync
+ - swift-object-auditor
+ - swift-account-reaper
+ - swift-container-auditor
+ - swift-container-updater
+ - swift-object-replicator
+ when: inventory_hostname in groups['compute']
+ ignore_errors: True
+
+- name: restart swift task
+ shell: >
+ for i in `cat /opt/swift-service`; do service $i start; done;
+ sleep 10;
+ for i in `cat /opt/swift-service`; do service $i restart; done;
+ when: inventory_hostname in groups['compute']
+ ignore_errors: True