summaryrefslogtreecommitdiffstats
path: root/deploy
diff options
context:
space:
mode:
Diffstat (limited to 'deploy')
-rwxr-xr-xdeploy/adapters/ansible/openstack_mitaka_xenial/roles/dashboard/templates/openstack-dashboard.conf.j218
-rw-r--r--deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/templates/wsgi-keystone.conf.j250
-rw-r--r--deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/files/controllers.py16
-rw-r--r--deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon-controller.yml2
-rwxr-xr-xdeploy/adapters/ansible/openstack_newton_xenial/roles/dashboard/templates/openstack-dashboard.conf.j218
-rw-r--r--deploy/adapters/ansible/openstack_newton_xenial/roles/ext-network/tasks/main.yml2
-rw-r--r--deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/tasks/keystone_config.yml2
-rw-r--r--deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/templates/wsgi-keystone.conf.j250
-rw-r--r--deploy/adapters/ansible/openstack_newton_xenial/roles/moon/files/controllers.py16
-rw-r--r--deploy/adapters/ansible/openstack_newton_xenial/roles/moon/tasks/moon-controller.yml2
-rw-r--r--deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml2
11 files changed, 157 insertions, 21 deletions
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2 b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2
new file mode 100755
index 00000000..89a70686
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2
@@ -0,0 +1,18 @@
+{% set work_threads = (ansible_processor_vcpus + 1) // 2 %}
+{% if work_threads > 10 %}
+ set work_threads = 10
+{% endif %}
+
+<VirtualHost {{ internal_ip }}:80>
+ WSGIScriptAlias /horizon {{ horizon_dir }}/wsgi/django.wsgi
+ WSGIDaemonProcess horizon user=horizon group=horizon processes=4 threads={{ work_threads }}
+ WSGIProcessGroup horizon
+ Alias /static {{ horizon_dir }}/static/
+ Alias /horizon/static {{ horizon_dir }}/static/
+ <Directory {{ horizon_dir }}/wsgi>
+ Order allow,deny
+ Allow from all
+ </Directory>
+</VirtualHost>
+
+
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/templates/wsgi-keystone.conf.j2 b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/templates/wsgi-keystone.conf.j2
new file mode 100644
index 00000000..f5f9d339
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/templates/wsgi-keystone.conf.j2
@@ -0,0 +1,50 @@
+{% set work_threads = (ansible_processor_vcpus + 1) // 2 %}
+{% if work_threads > 10 %}
+ set work_threads = 10
+{% endif %}
+
+<VirtualHost {{ internal_ip }}:5000>
+ WSGIDaemonProcess keystone-public processes=4 threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP}
+ WSGIProcessGroup keystone-public
+ WSGIScriptAlias / /usr/bin/keystone-wsgi-public
+ WSGIApplicationGroup %{GLOBAL}
+ WSGIPassAuthorization On
+ <IfVersion >= 2.4>
+ ErrorLogFormat "%{cu}t %M"
+ </IfVersion>
+ ErrorLog /var/log/{{ http_service_name }}/keystone.log
+ CustomLog /var/log/{{ http_service_name }}/keystone_access.log combined
+
+ <Directory /usr/bin>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ </Directory>
+</VirtualHost>
+
+<VirtualHost {{ internal_ip }}:35357>
+ WSGIDaemonProcess keystone-admin processes=4 threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP}
+ WSGIProcessGroup keystone-admin
+ WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
+ WSGIApplicationGroup %{GLOBAL}
+ WSGIPassAuthorization On
+ <IfVersion >= 2.4>
+ ErrorLogFormat "%{cu}t %M"
+ </IfVersion>
+ ErrorLog /var/log/{{ http_service_name }}/keystone.log
+ CustomLog /var/log/{{ http_service_name }}/keystone_access.log combined
+
+ <Directory /usr/bin>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ </Directory>
+</VirtualHost>
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/files/controllers.py b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/files/controllers.py
index b4466ef6..f6ec8be5 100644
--- a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/files/controllers.py
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/files/controllers.py
@@ -7,7 +7,7 @@ from keystone.common import controller
from keystone import config
from keystone import exception
from keystone.models import token_model
-from keystone.contrib.moon.exception import * # noqa
+from keystone.contrib.moon.exception import * # noqa: F403
from oslo_log import log
from uuid import uuid4
import requests
@@ -17,7 +17,7 @@ CONF = config.CONF
LOG = log.getLogger(__name__)
-@dependency.requires('configuration_api')
+@dependency.requires('configuration_api') # noqa: F405
class Configuration(controller.V3Controller):
collection_name = 'configurations'
member_name = 'configuration'
@@ -48,7 +48,7 @@ class Configuration(controller.V3Controller):
user_id)
-@dependency.requires('tenant_api', 'resource_api')
+@dependency.requires('tenant_api', 'resource_api') # noqa: F405
class Tenants(controller.V3Controller):
def __init__(self):
@@ -152,7 +152,7 @@ def callback(self, context, prep_info, *args, **kwargs):
raise exception.Unauthorized
-@dependency.requires('authz_api')
+@dependency.requires('authz_api') # noqa: F405
class Authz_v3(controller.V3Controller):
def __init__(self):
@@ -168,7 +168,7 @@ class Authz_v3(controller.V3Controller):
return {'authz': False, 'comment': unicode(e)}
-@dependency.requires('admin_api', 'root_api')
+@dependency.requires('admin_api', 'root_api') # noqa: F405
class IntraExtensions(controller.V3Controller):
collection_name = 'intra_extensions'
member_name = 'intra_extension'
@@ -926,7 +926,7 @@ class IntraExtensions(controller.V3Controller):
user_id, intra_extension_id, sub_meta_rule_id, rule_id, rule_list)
-@dependency.requires('authz_api')
+@dependency.requires('authz_api') # noqa: F405
class InterExtensions(controller.V3Controller):
def __init__(self):
@@ -968,7 +968,7 @@ class InterExtensions(controller.V3Controller):
# self.interextension_api.delete_inter_extension(kw['inter_extension_id'])
-@dependency.requires('moonlog_api', 'authz_api')
+@dependency.requires('moonlog_api', 'authz_api') # noqa: F405
class Logs(controller.V3Controller):
def __init__(self):
@@ -987,7 +987,7 @@ class Logs(controller.V3Controller):
return self.moonlog_api.get_logs(user_id, options)
-@dependency.requires('identity_api', "token_provider_api", "resource_api")
+@dependency.requires('identity_api', "token_provider_api", "resource_api") # noqa: F405
class MoonAuth(controller.V3Controller):
def __init__(self):
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon-controller.yml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon-controller.yml
index 7a507c88..95dd2e89 100644
--- a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon-controller.yml
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon/tasks/moon-controller.yml
@@ -142,7 +142,7 @@
#############################################
- name: wait for keystone ready
- wait_for: port=35357 delay=3 timeout=10 host={{ internal_vip.ip }}
+ wait_for: port=35357 delay=3 timeout=10 host={{ internal_ip }}
#- name: cron job to purge expired tokens hourly
# cron:
diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2 b/deploy/adapters/ansible/openstack_newton_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2
new file mode 100755
index 00000000..89a70686
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2
@@ -0,0 +1,18 @@
+{% set work_threads = (ansible_processor_vcpus + 1) // 2 %}
+{% if work_threads > 10 %}
+ set work_threads = 10
+{% endif %}
+
+<VirtualHost {{ internal_ip }}:80>
+ WSGIScriptAlias /horizon {{ horizon_dir }}/wsgi/django.wsgi
+ WSGIDaemonProcess horizon user=horizon group=horizon processes=4 threads={{ work_threads }}
+ WSGIProcessGroup horizon
+ Alias /static {{ horizon_dir }}/static/
+ Alias /horizon/static {{ horizon_dir }}/static/
+ <Directory {{ horizon_dir }}/wsgi>
+ Order allow,deny
+ Allow from all
+ </Directory>
+</VirtualHost>
+
+
diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/ext-network/tasks/main.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/ext-network/tasks/main.yml
index 2c61ff66..f68105f1 100644
--- a/deploy/adapters/ansible/openstack_newton_xenial/roles/ext-network/tasks/main.yml
+++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/ext-network/tasks/main.yml
@@ -19,7 +19,7 @@
service: name=neutron-server state=restarted enabled=yes
- name: wait for neutron ready
- wait_for: port=9696 delay=10 timeout=30 host={{ internal_vip.ip }}
+ wait_for: port=9696 delay=10 timeout=60 host={{ internal_ip }}
- name: create external net
shell:
diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/tasks/keystone_config.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/tasks/keystone_config.yml
index 35c84ce8..3fea6e28 100644
--- a/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/tasks/keystone_config.yml
+++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/tasks/keystone_config.yml
@@ -92,7 +92,7 @@
- meta: flush_handlers
- name: wait for keystone ready
- wait_for: port=35357 delay=3 timeout=30 host={{ internal_vip.ip }}
+ wait_for: port=35357 delay=10 timeout=60 host={{ internal_ip }}
- name: cron job to purge expired tokens hourly
cron:
diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/templates/wsgi-keystone.conf.j2 b/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/templates/wsgi-keystone.conf.j2
new file mode 100644
index 00000000..f5f9d339
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/templates/wsgi-keystone.conf.j2
@@ -0,0 +1,50 @@
+{% set work_threads = (ansible_processor_vcpus + 1) // 2 %}
+{% if work_threads > 10 %}
+ set work_threads = 10
+{% endif %}
+
+<VirtualHost {{ internal_ip }}:5000>
+ WSGIDaemonProcess keystone-public processes=4 threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP}
+ WSGIProcessGroup keystone-public
+ WSGIScriptAlias / /usr/bin/keystone-wsgi-public
+ WSGIApplicationGroup %{GLOBAL}
+ WSGIPassAuthorization On
+ <IfVersion >= 2.4>
+ ErrorLogFormat "%{cu}t %M"
+ </IfVersion>
+ ErrorLog /var/log/{{ http_service_name }}/keystone.log
+ CustomLog /var/log/{{ http_service_name }}/keystone_access.log combined
+
+ <Directory /usr/bin>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ </Directory>
+</VirtualHost>
+
+<VirtualHost {{ internal_ip }}:35357>
+ WSGIDaemonProcess keystone-admin processes=4 threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP}
+ WSGIProcessGroup keystone-admin
+ WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
+ WSGIApplicationGroup %{GLOBAL}
+ WSGIPassAuthorization On
+ <IfVersion >= 2.4>
+ ErrorLogFormat "%{cu}t %M"
+ </IfVersion>
+ ErrorLog /var/log/{{ http_service_name }}/keystone.log
+ CustomLog /var/log/{{ http_service_name }}/keystone_access.log combined
+
+ <Directory /usr/bin>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ </Directory>
+</VirtualHost>
diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/moon/files/controllers.py b/deploy/adapters/ansible/openstack_newton_xenial/roles/moon/files/controllers.py
index f55191d4..fd107a5e 100644
--- a/deploy/adapters/ansible/openstack_newton_xenial/roles/moon/files/controllers.py
+++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/moon/files/controllers.py
@@ -7,7 +7,7 @@ from keystone.common import controller
from keystone import config
from keystone import exception
from keystone.models import token_model
-from keystone.contrib.moon.exception import * # noqa
+from keystone.contrib.moon.exception import * # noqa: F403
from oslo_log import log
from uuid import uuid4
import requests
@@ -17,7 +17,7 @@ CONF = config.CONF
LOG = log.getLogger(__name__)
-@dependency.requires('configuration_api')
+@dependency.requires('configuration_api') # noqa: 405
class Configuration(controller.V3Controller):
collection_name = 'configurations'
member_name = 'configuration'
@@ -48,7 +48,7 @@ class Configuration(controller.V3Controller):
user_id)
-@dependency.requires('tenant_api', 'resource_api')
+@dependency.requires('tenant_api', 'resource_api') # noqa: 405
class Tenants(controller.V3Controller):
def __init__(self):
@@ -152,7 +152,7 @@ def callback(self, context, prep_info, *args, **kwargs):
raise exception.Unauthorized
-@dependency.requires('authz_api')
+@dependency.requires('authz_api') # noqa: 405
class Authz_v3(controller.V3Controller):
def __init__(self):
@@ -168,7 +168,7 @@ class Authz_v3(controller.V3Controller):
return {'authz': False, 'comment': unicode(e)}
-@dependency.requires('admin_api', 'root_api')
+@dependency.requires('admin_api', 'root_api') # noqa: 405
class IntraExtensions(controller.V3Controller):
collection_name = 'intra_extensions'
member_name = 'intra_extension'
@@ -926,7 +926,7 @@ class IntraExtensions(controller.V3Controller):
user_id, intra_extension_id, sub_meta_rule_id, rule_id, rule_list)
-@dependency.requires('authz_api')
+@dependency.requires('authz_api') # noqa: 405
class InterExtensions(controller.V3Controller):
def __init__(self):
@@ -968,7 +968,7 @@ class InterExtensions(controller.V3Controller):
# self.interextension_api.delete_inter_extension(kw['inter_extension_id'])
-@dependency.requires('moonlog_api', 'authz_api')
+@dependency.requires('moonlog_api', 'authz_api') # noqa: 405
class Logs(controller.V3Controller):
def __init__(self):
@@ -987,7 +987,7 @@ class Logs(controller.V3Controller):
return self.moonlog_api.get_logs(user_id, options)
-@dependency.requires('identity_api', "token_provider_api", "resource_api")
+@dependency.requires('identity_api', "token_provider_api", "resource_api") # noqa: 405
class MoonAuth(controller.V3Controller):
def __init__(self):
diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/moon/tasks/moon-controller.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/moon/tasks/moon-controller.yml
index 7a507c88..95dd2e89 100644
--- a/deploy/adapters/ansible/openstack_newton_xenial/roles/moon/tasks/moon-controller.yml
+++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/moon/tasks/moon-controller.yml
@@ -142,7 +142,7 @@
#############################################
- name: wait for keystone ready
- wait_for: port=35357 delay=3 timeout=10 host={{ internal_vip.ip }}
+ wait_for: port=35357 delay=3 timeout=10 host={{ internal_ip }}
#- name: cron job to purge expired tokens hourly
# cron:
diff --git a/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml b/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml
index 574ebabd..e7e9297e 100644
--- a/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml
+++ b/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml
@@ -12,7 +12,7 @@
shell: su -s /bin/sh -c 'keystone-manage db_sync' keystone
- name: wait for keystone ready
- wait_for: port=35357 delay=3 timeout=10 host={{ internal_vip.ip }}
+ wait_for: port=35357 delay=3 timeout=10 host={{ internal_ip }}
- name: cron job to purge expired tokens hourly
cron: