Add Kuryr ansible role

Change-Id: I7134bffab940ee780e5f5010d639af56f97b41d6 Co-authored-by: Mohammad Banikazemi <mb@us.ibm.com> Co-Authored-By: zhubingbing <zhubingbing10@gmail.com> Co-Authored-By: Antoni Segura Puimedon <antonisp@celebdor.com> Partially-implements: bp kuryr-docker-plugin
2016-03-29 13:25:43 -04:00 · 2016-03-29 13:25:43 -04:00 · 0d28b311eb
commit 0d28b311eb
parent 97c99a9214
18 changed files with 229 additions and 0 deletions
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@ -198,6 +198,8 @@ senlin_api_port: "8778"
 etcd_client_port: "2379"
 etcd_peer_port: "2380"

+kuryr_port: "23750"
+
 public_protocol: "{{ 'https' if kolla_enable_tls_external | bool else 'http' }}"
 internal_protocol: "http"
 admin_protocol: "http"
@ -255,6 +257,7 @@ enable_heat: "yes"
 enable_horizon: "yes"
 enable_influxdb: "no"
 enable_ironic: "no"
+enable_kuryr: "no"
 enable_magnum: "no"
 enable_manila: "no"
 enable_mistral: "no"
--- a/ansible/roles/kuryr/defaults/main.yml
+++ b/ansible/roles/kuryr/defaults/main.yml
@ -0,0 +1,20 @@
+---
+project_name: "kuryr"
+
+
+####################
+# Docker
+####################
+kuryr_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-kuryr-libnetwork"
+kuryr_tag: "{{ openstack_release }}"
+kuryr_image_full: "{{ kuryr_image }}:{{ kuryr_tag }}"
+
+
+####################
+# OpenStack
+####################
+kuryr_logging_debug: "{{ openstack_logging_debug }}"
+
+kuryr_keystone_user: "kuryr"
+
+openstack_kuryr_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}','domain_name':'default'}"
--- a/ansible/roles/kuryr/tasks/bootstrap.yml
+++ b/ansible/roles/kuryr/tasks/bootstrap.yml
@ -0,0 +1,18 @@
+---
+- name: Running Kuryr bootstrap container
+  kolla_docker:
+    action: "start_container"
+    common_options: "{{ docker_common_options }}"
+    detach: False
+    environment:
+      KOLLA_BOOTSTRAP:
+      KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
+    image: "{{ kuryr_image_full }}"
+    labels:
+      BOOTSTRAP:
+    name: "bootstrap_kuryr"
+    restart_policy: "never"
+    volumes:
+      - "{{ node_config_directory }}/kuryr/:{{ container_config_directory }}/:ro"
+      - "/run:/run"
+      - "/usr/lib/docker:/usr/lib/docker"
--- a/ansible/roles/kuryr/tasks/config.yml
+++ b/ansible/roles/kuryr/tasks/config.yml
@ -0,0 +1,25 @@
+---
+- name: Ensuring config directories exist
+  file:
+    path: "{{ node_config_directory }}/{{ item }}"
+    state: "directory"
+    recurse: yes
+  with_items:
+    - "kuryr"
+
+- name: Copying over config.json files for services
+  template:
+    src: "{{ item }}.json.j2"
+    dest: "{{ node_config_directory }}/{{ item }}/config.json"
+  with_items:
+    - "kuryr"
+
+- name: Copying over kuryr.conf
+  template:
+    src: "kuryr.conf.j2"
+    dest: "{{ node_config_directory }}/kuryr/kuryr.conf"
+
+- name: Copying over kuryr.spec
+  template:
+    src: "kuryr.spec.j2"
+    dest: "{{ node_config_directory }}/kuryr/kuryr.spec"
--- a/ansible/roles/kuryr/tasks/deploy.yml
+++ b/ansible/roles/kuryr/tasks/deploy.yml
@ -0,0 +1,8 @@
+---
+- include: register.yml
+
+- include: config.yml
+
+- include: bootstrap.yml
+
+- include: start.yml
--- a/ansible/roles/kuryr/tasks/main.yml
+++ b/ansible/roles/kuryr/tasks/main.yml
@ -0,0 +1,2 @@
+---
+- include: "{{ action }}.yml"
--- a/ansible/roles/kuryr/tasks/pull.yml
+++ b/ansible/roles/kuryr/tasks/pull.yml
@ -0,0 +1,6 @@
+---
+- name: Pulling kuryr image
+  kolla_docker:
+    action: "pull_image"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ kuryr_image_full }}"
--- a/ansible/roles/kuryr/tasks/register.yml
+++ b/ansible/roles/kuryr/tasks/register.yml
@ -0,0 +1,17 @@
+---
+- name: Creating the Kuryr project, user, and role
+  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+    -m kolla_keystone_user
+    -a "project=service
+        user={{ kuryr_keystone_user }}
+        password={{ kuryr_keystone_password }}
+        role=admin
+        region_name={{ openstack_region_name }}
+        auth={{ '{{ openstack_kuryr_auth }}' }}"
+    -e "{'openstack_kuryr_auth':{{ openstack_kuryr_auth }}}"
+  register: kuryr_user
+  changed_when: "{{ kuryr_user.stdout.find('localhost | SUCCESS => ') != -1 and (kuryr_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  until: kuryr_user.stdout.split()[2] == 'SUCCESS'
+  retries: 10
+  delay: 5
+  run_once: True
--- a/ansible/roles/kuryr/tasks/start.yml
+++ b/ansible/roles/kuryr/tasks/start.yml
@ -0,0 +1,18 @@
+---
+# NOTE(huikang, apuimedo): when you request a driver in a docker operation, such
+# as docker network create, docker searches /usr/lib/docker or /etc/docker
+# subdirs for network/storage plugin specs or json definitions. so it's either
+# have ansible place the file there, or volume mount it and let the container
+# place the file there
+- name: Starting kuryr container
+  kolla_docker:
+    action: "start_container"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ kuryr_image_full }}"
+    name: "kuryr"
+    privileged: True
+    volumes:
+      - "{{ node_config_directory }}/kuryr/:{{ container_config_directory }}/:ro"
+      - "/run:/run"
+      - "/usr/lib/docker:/usr/lib/docker"
+  when: inventory_hostname in groups['compute']
--- a/ansible/roles/kuryr/templates/kuryr.conf.j2
+++ b/ansible/roles/kuryr/templates/kuryr.conf.j2
@ -0,0 +1,17 @@
+[DEFAULT]
+kuryr_uri = http://{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ kuryr_port }}
+debug = {{ kuryr_logging_debug }}
+
+[binding]
+
+[neutron]
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
+auth_type = password
+project_domain_name = Default
+project_name = service
+user_domain_name = Default
+project_domain_id = default
+user_domain_id = default
+password = {{ kuryr_keystone_password }}
+username = {{ kuryr_keystone_user }}
--- a/ansible/roles/kuryr/templates/kuryr.json.j2
+++ b/ansible/roles/kuryr/templates/kuryr.json.j2
@ -0,0 +1,17 @@
+{
+    "command": "kuryr-server --config-file /etc/kuryr/kuryr.conf",
+    "config_files": [
+        {
+            "source": "{{ container_config_directory }}/kuryr.conf",
+            "dest": "/etc/kuryr/kuryr.conf",
+            "owner": "root",
+            "perm": "0600"
+        },
+        {
+            "source": "{{ container_config_directory }}/kuryr.spec",
+            "dest": "/usr/lib/docker/plugins/kuryr/kuryr.spec",
+            "owner": "root",
+            "perm": "0600"
+        }
+    ]
+}
--- a/ansible/roles/kuryr/templates/kuryr.spec.j2
+++ b/ansible/roles/kuryr/templates/kuryr.spec.j2
@ -0,0 +1 @@
+http://{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ kuryr_port }}
--- a/ansible/site.yml
+++ b/ansible/site.yml
@ -144,6 +144,13 @@
        tags: nova,
        when: enable_nova | bool }

+- hosts:
+    - compute
+  roles:
+    - { role: kuryr,
+        tags: kuryr,
+        when: enable_kuryr | bool }
+
 # (gmmaha): Please do not change the order listed here. The current order is a
 # workaround to fix the bug https://bugs.launchpad.net/kolla/+bug/1546789
 - hosts:
--- a/doc/index.rst
+++ b/doc/index.rst
@ -59,6 +59,7 @@ Kolla Services
   swift-guide
   kibana-guide
   bifrost
+   kuryr-guide

 Developer Docs
 ==============
--- a/doc/kuryr-guide.rst
+++ b/doc/kuryr-guide.rst
@ -0,0 +1,63 @@
+Kuryr in Kolla
+==============
+
+"Kuryr is a Docker network plugin that uses Neutron to provide networking
+services to Docker containers. It provides containerized images for the common
+Neutron plugins" [1]. Kuryr requires at least Keystone and neutron. Kolla makes
+kuryr deployment faster and accessible.
+
+Requirements
+------------
+
+* A minimum of 3 hosts for a vanilla deploy
+
+Preparation and Deployment
+--------------------------
+
+To allow docker daemon connect to the etcd, add the following in the docker.server
+file.
+
+::
+
+  ExecStart= -H tcp://172.16.1.13:2375 -H unix:///var/run/docker.sock --cluster-store=etcd://172.16.1.13:2379  --cluster-advertise=172.16.1.13:2375
+
+The IP address is host runnning the etcd service. ```2375``` is port that allows
+Docker daemon to be accessed remotely. ```2379``` is the etcd listening port.
+
+
+By default etcd and kuryr are disabled in the ``group_vars/all.yml``. In order to
+enable them, you need to edit the file globals.yml and set the following
+variables
+
+::
+
+  enable_etcd: "yes"
+  enable_kuryr: "yes"
+
+Deploy the OpenStack cloud and kuryr network plugin
+
+::
+
+  kolla-ansible deploy
+
+Create a Virtual Network
+--------------------------------
+
+::
+
+    docker network create -d kuryr --ipam-driver=kuryr --subnet=10.1.0.0/24 --gateway=10.1.0.1 docker-net1
+
+To list the created network:
+
+::
+
+    docker network ls
+
+The created network is also available from openstack CLI:
+
+::
+
+    openstack network list
+
+
+[1] https://github.com/openstack/kuryr
--- a/etc/kolla/globals.yml
+++ b/etc/kolla/globals.yml
@ -126,6 +126,7 @@ kolla_internal_vip_address: "10.10.10.254"
 #enable_horizon: "yes"
 #enable_influxdb: "no"
 #enable_ironic: "no"
+#enable_kuryr: "no"
 #enable_magnum: "no"
 #enable_manila: "no"
 #enable_mistral: "no"
--- a/etc/kolla/passwords.yml
+++ b/etc/kolla/passwords.yml
@ -39,6 +39,8 @@ glance_keystone_password:
 gnocchi_database_password:
 gnocchi_keystone_password:

+kuryr_keystone_password:
+
 nova_database_password:
 nova_api_database_password:
 nova_keystone_password:
--- a/releasenotes/notes/kuryr-libnetwork-1e6ab1916a8a0d10.yaml
+++ b/releasenotes/notes/kuryr-libnetwork-1e6ab1916a8a0d10.yaml
@ -0,0 +1,3 @@
+---
+features:
+  - Add kuryr ansible role
				`@ -0,0 +1 @@`
				`http://{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ kuryr_port }}`