aboutsummaryrefslogtreecommitdiffstats
path: root/deploy/adapters/ansible/roles/moon/tasks/moon-controller.yml
blob: ad030bda73e9e545c50aa6720768259bb76685dd (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
##############################################################################
# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
#
# All rights reserved. This program and the accompanying materials
# are made available under the terms of the Apache License, Version 2.0
# which accompanies this distribution, and is available at
# http://www.apache.org/licenses/LICENSE-2.0
##############################################################################
---
# install all packages
- name: install unzip packages
  shell: apt-get install -y python-pip unzip

# download master.zip
- name: get image http server
  shell: awk -F'=' '/compass_server/ {print $2}' /etc/compass.conf
  register: http_server

- name: download keystone-moon packages
  get_url:
    url: "http://{{ http_server.stdout_lines[0] }}/packages/moon/master.zip"
    dest: /tmp/master.zip
    mode: 0444

- name: extract keystone-moon packages
  unarchive: src=/tmp/master.zip dest=/tmp copy=no

# install all dependencies
- name: copy scripts
  copy: src=get_deb_depends.py dest=/tmp/get_deb_depends.py

- name: install keystone-moon dependencies
  shell: |
    apt-get install \
        $(python /tmp/get_deb_depends.py /tmp/moon-bin-master/*.deb)
  when: ansible_os_family == "Debian"

- name: delete configuration file
  shell: >
    rm -f {{ apache_config_dir }}/sites-enabled/wsgi-keystone.conf;
    rm -f {{ apache_config_dir }}/sites-available/wsgi-keystone.conf;

# install keystone moon
- name: copy scripts
  copy: src=deb.conf dest=/tmp/deb.conf

- name: install keystone moon
  shell: >
    export DEBIAN_FRONTEND="noninteractive";
    sudo -E dpkg -i /tmp/moon-bin-master/*moon*.deb;

# - name: install keystone moon
#   shell: >
#     export DEBIAN_FRONTEND="noninteractive";
#     sudo -E debconf-set-selections python-keystone < /tmp/deb.conf;
#     sudo -E dpkg -i /tmp/moon-bin-master/*moon*.deb;

- name: stop keystone task
  shell: >
    service keystone stop;
    mv /etc/init.d/keystone /home/;
    mv /etc/init/keystone.conf /home/;
    mv /lib/systemd/system/keystone.service /home/;

# config keystone and apache2
- name: delete sqlite database
  file:
    path: /var/lib/keystone/keystone.db
    state: absent

# - name: update keystone conf
#   template: src=keystone.conf dest=/etc/keystone/keystone.conf backup=yes


# - name: assure listen port exist
#   lineinfile:
#     dest: '{{ apache_config_dir }}/ports.conf'
#     regexp: '{{ item.regexp }}'
#     line: '{{ item.line}}'
#   with_items:
#     - regexp: "^Listen {{ internal_ip }}:5000"
#       line: "Listen {{ internal_ip }}:5000"
#     - regexp: "^Listen {{ internal_ip }}:35357"
#       line: "Listen {{ internal_ip }}:35357"

- name: update apache2 configs
  template:
    src: wsgi-keystone.conf.j2
    dest: '{{ apache_config_dir }}/sites-available/wsgi-keystone.conf'
  when: ansible_os_family == 'Debian'

- name: enable keystone server
  file:
    src: "{{ apache_config_dir }}/sites-available/wsgi-keystone.conf"
    dest: "{{ apache_config_dir }}/sites-enabled/wsgi-keystone.conf"
    state: "link"
  when: ansible_os_family == 'Debian'

# - name: keystone source files
#   template: src={{ item }} dest=/opt/{{ item }}
#   with_items:
#     - admin-openrc.sh
#     - demo-openrc.sh

# keystone paste ini
- name: backup keystone-paste.ini
  shell: >
    cp /etc/keystone/keystone-paste.ini /etc/keystone/keystone-paste.ini.bak;

- name: config keystone-paste.ini
  shell: >
    sed -i "3i[pipeline:moon_pipeline]\n" /etc/keystone/keystone-paste.ini;
    sed -i "5i[app:moon_service]\nuse = egg:keystone#moon_service\n" \
        /etc/keystone/keystone-paste.ini;
    sed -i "s/use = egg:Paste#urlmap/use = egg:Paste#urlmap\n\/moon = moon_pipeline/" \
        /etc/keystone/keystone-paste.ini;

- name: config keystone-paste.ini
  blockinfile:
    dest: /etc/keystone/keystone-paste.ini
    insertafter: "pipeline:moon_pipeline"
    block: >
      pipeline = sizelimit url_normalize request_id build_auth_context
      token_auth admin_token_auth json_body ec2_extension_v3 s3_extension moon_service

# moon log
- name: moon log
  shell: >
    sudo mkdir /var/log/moon/;
    sudo chown keystone /var/log/moon/;
    sudo addgroup moonlog;
    sudo chgrp moonlog /var/log/moon/;
    sudo touch /var/log/moon/keystonemiddleware.log;
    sudo touch /var/log/moon/system.log;
    sudo chgrp moonlog /var/log/moon/keystonemiddleware.log;
    sudo chgrp moonlog /var/log/moon/system.log;
    sudo chmod g+rw /var/log/moon;
    sudo chmod g+rw /var/log/moon/keystonemiddleware.log;
    sudo chmod g+rw /var/log/moon/system.log;
    sudo adduser keystone moonlog;
    # sudo adduser swift moonlog;
    sudo adduser nova moonlog;


# keystone db sync
- name: keystone db sync
  shell: >
    sudo /usr/bin/keystone-manage db_sync;
    sudo /usr/bin/keystone-manage db_sync --extension moon;
  when: inventory_hostname == haproxy_hosts.keys()[0]

- name: wait for keystone ready
  wait_for: port=35357 delay=3 timeout=10 host={{ internal_ip }}

# moon workaround
- name: copy scripts
  copy:
    src: controllers.py
    dest: /usr/lib/python2.7/dist-packages/keystone/contrib/moon/controllers.py

# apache2 restart
- name: restart apache2
  service: name={{ item }} state=restarted enabled=yes
  with_items: services | union(services_noarch)

# install moonclient
- name: install moon client
  shell: sudo pip install /tmp/moon-bin-master/python-moonclient-0.1.tar.gz

# - name: add tenants
#   keystone_user:
#     token: "{{ ADMIN_TOKEN }}"
#     endpoint: "http://{{ internal_ip }}:35357/v2.0"
#     tenant: "{{ item.tenant }}"
#     tenant_description: "{{ item.tenant_description }}"
#   with_items: "{{ os_users }}"
#   when: inventory_hostname == groups['controller'][0]

# - name: add users
#   keystone_user:
#     token: "{{ ADMIN_TOKEN }}"
#     endpoint: "http://{{ internal_ip }}:35357/v2.0"
#     user: "{{ item.user }}"
#     tenant: "{{ item.tenant }}"
#     password: "{{ item.password }}"
#     email: "{{ item.email }}"
#   with_items: "{{ os_users }}"
#   when: inventory_hostname == groups['controller'][0]

# - name: grant roles
#   keystone_user:
#     token: "{{ ADMIN_TOKEN }}"
#     endpoint: "http://{{ internal_ip }}:35357/v2.0"
#     user: "{{ item.user }}"
#     role: "{{ item.role }}"
#     tenant: "{{ item.tenant }}"
#   with_items: "{{ os_users }}"
#   when: inventory_hostname == groups['controller'][0]

# - name: add endpoints
#   keystone_service:
#     token: "{{ ADMIN_TOKEN }}"
#     endpoint: "http://{{ internal_ip }}:35357/v2.0"
#     name: "{{ item.name }}"
#     type: "{{ item.type }}"
#     region: "{{ item.region}}"
#     description: "{{ item.description }}"
#     publicurl: "{{ item.publicurl }}"
#     internalurl: "{{ item.internalurl }}"
#     adminurl: "{{ item.adminurl }}"
#   with_items: "{{ os_services }}"
#   when: inventory_hostname == groups['controller'][0]

- name: update api-paste.ini
  template: src=api-paste.ini dest=/etc/nova/api-paste.ini backup=yes

# - name: update proxy-server conf
#   template: src=proxy-server.conf dest=/etc/swift/proxy-server.conf backup=yes

# restart nova
- name: restart nova
  service: name={{ item }} state=restarted enabled=yes
  with_items:
    - nova-api
    - nova-cert
    - nova-conductor
    - nova-consoleauth
    - nova-scheduler

#  restart swift
# - name: restart swift
#   service: name={{ item }} state=restarted enabled=yes
#   with_items:
#     - swift-proxy
#     - memcached