From 113b77c8cb3255b0c43dee89ca1864f1dfdf3272 Mon Sep 17 00:00:00 2001 From: yangshaoxue Date: Thu, 23 Sep 2021 16:50:17 +0800 Subject: [PATCH] Add skyline service Support to deploy skyline by kolla-ansible. Implements: blueprint skyline Depends-On: https://review.opendev.org/c/openstack/kolla/+/826948 Change-Id: Ice5621491a432ba32138abd6f62d1f815cc219e0 --- ansible/group_vars/all.yml | 8 + ansible/inventory/all-in-one | 10 + ansible/inventory/multinode | 10 + ansible/roles/common/tasks/config.yml | 1 + .../templates/conf/filter/01-rewrite.conf.j2 | 5 + .../templates/cron-logrotate-skyline.conf.j2 | 3 + ansible/roles/skyline/defaults/main.yml | 186 +++++++++++++ ansible/roles/skyline/handlers/main.yml | 32 +++ ansible/roles/skyline/tasks/bootstrap.yml | 38 +++ .../roles/skyline/tasks/bootstrap_service.yml | 20 ++ .../roles/skyline/tasks/check-containers.yml | 17 ++ ansible/roles/skyline/tasks/check.yml | 1 + ansible/roles/skyline/tasks/config.yml | 69 +++++ .../roles/skyline/tasks/config_validate.yml | 1 + ansible/roles/skyline/tasks/copy-certs.yml | 6 + ansible/roles/skyline/tasks/deploy.yml | 11 + ansible/roles/skyline/tasks/loadbalancer.yml | 7 + ansible/roles/skyline/tasks/main.yml | 2 + ansible/roles/skyline/tasks/precheck.yml | 37 +++ ansible/roles/skyline/tasks/pull.yml | 3 + ansible/roles/skyline/tasks/reconfigure.yml | 2 + ansible/roles/skyline/tasks/register.yml | 7 + ansible/roles/skyline/tasks/stop.yml | 11 + ansible/roles/skyline/tasks/upgrade.yml | 7 + .../roles/skyline/templates/gunicorn.py.j2 | 66 +++++ ansible/roles/skyline/templates/nginx.conf.j2 | 258 ++++++++++++++++++ .../templates/skyline-apiserver.json.j2 | 36 +++ .../skyline/templates/skyline-console.json.j2 | 36 +++ .../roles/skyline/templates/skyline.yaml.j2 | 92 +++++++ ansible/roles/skyline/vars/main.yml | 2 + ansible/site.yml | 16 ++ etc/kolla/globals.yml | 1 + etc/kolla/passwords.yml | 4 + .../add-skyline-support-a3fb6aabeeb1d8da.yaml | 3 + 34 files changed, 1008 insertions(+) create mode 100644 ansible/roles/common/templates/cron-logrotate-skyline.conf.j2 create mode 100644 ansible/roles/skyline/defaults/main.yml create mode 100644 ansible/roles/skyline/handlers/main.yml create mode 100644 ansible/roles/skyline/tasks/bootstrap.yml create mode 100644 ansible/roles/skyline/tasks/bootstrap_service.yml create mode 100644 ansible/roles/skyline/tasks/check-containers.yml create mode 100644 ansible/roles/skyline/tasks/check.yml create mode 100644 ansible/roles/skyline/tasks/config.yml create mode 100644 ansible/roles/skyline/tasks/config_validate.yml create mode 100644 ansible/roles/skyline/tasks/copy-certs.yml create mode 100644 ansible/roles/skyline/tasks/deploy.yml create mode 100644 ansible/roles/skyline/tasks/loadbalancer.yml create mode 100644 ansible/roles/skyline/tasks/main.yml create mode 100644 ansible/roles/skyline/tasks/precheck.yml create mode 100644 ansible/roles/skyline/tasks/pull.yml create mode 100644 ansible/roles/skyline/tasks/reconfigure.yml create mode 100644 ansible/roles/skyline/tasks/register.yml create mode 100644 ansible/roles/skyline/tasks/stop.yml create mode 100644 ansible/roles/skyline/tasks/upgrade.yml create mode 100644 ansible/roles/skyline/templates/gunicorn.py.j2 create mode 100644 ansible/roles/skyline/templates/nginx.conf.j2 create mode 100644 ansible/roles/skyline/templates/skyline-apiserver.json.j2 create mode 100644 ansible/roles/skyline/templates/skyline-console.json.j2 create mode 100644 ansible/roles/skyline/templates/skyline.yaml.j2 create mode 100644 ansible/roles/skyline/vars/main.yml create mode 100644 releasenotes/notes/add-skyline-support-a3fb6aabeeb1d8da.yaml diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 7be989f87f..aa30b4923f 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -515,6 +515,13 @@ senlin_external_fqdn: "{{ kolla_external_fqdn }}" senlin_api_port: "8778" senlin_api_listen_port: "{{ senlin_api_port }}" +skyline_internal_fqdn: "{{ kolla_internal_fqdn }}" +skyline_external_fqdn: "{{ kolla_external_fqdn }}" +skyline_apiserver_port: "9998" +skyline_apiserver_listen_port: "{{ skyline_apiserver_port }}" +skyline_console_port: "9999" +skyline_console_listen_port: "{{ skyline_console_port }}" + solum_application_deployment_port: "9777" solum_image_builder_port: "9778" @@ -735,6 +742,7 @@ enable_proxysql: "no" enable_redis: "no" enable_sahara: "no" enable_senlin: "no" +enable_skyline: "no" enable_solum: "no" enable_swift: "no" enable_swift_s3api: "no" diff --git a/ansible/inventory/all-in-one b/ansible/inventory/all-in-one index a720a7d069..ec8ee3d548 100644 --- a/ansible/inventory/all-in-one +++ b/ansible/inventory/all-in-one @@ -198,6 +198,9 @@ control [zun:children] control +[skyline:children] +control + [redis:children] control @@ -621,6 +624,13 @@ compute [zun-cni-daemon:children] compute +# Skyline +[skyline-apiserver:children] +skyline + +[skyline-console:children] +skyline + # Tacker [tacker-server:children] tacker diff --git a/ansible/inventory/multinode b/ansible/inventory/multinode index b8479c6ae7..fbb0975394 100644 --- a/ansible/inventory/multinode +++ b/ansible/inventory/multinode @@ -216,6 +216,9 @@ control [zun:children] control +[skyline:children] +control + [redis:children] control @@ -639,6 +642,13 @@ compute [zun-cni-daemon:children] compute +# Skyline +[skyline-apiserver:children] +skyline + +[skyline-console:children] +skyline + # Tacker [tacker-server:children] tacker diff --git a/ansible/roles/common/tasks/config.yml b/ansible/roles/common/tasks/config.yml index 0ce60a126a..77213486f1 100644 --- a/ansible/roles/common/tasks/config.yml +++ b/ansible/roles/common/tasks/config.yml @@ -189,6 +189,7 @@ - { name: "rabbitmq", enabled: "{{ enable_rabbitmq | bool }}" } - { name: "sahara", enabled: "{{ enable_sahara | bool }}" } - { name: "senlin", enabled: "{{ enable_senlin | bool }}" } + - { name: "skyline", enabled: "{{ enable_skyline | bool }}" } - { name: "solum", enabled: "{{ enable_solum | bool }}" } - { name: "swift", enabled: "{{ enable_swift | bool }}" } - { name: "tacker", enabled: "{{ enable_tacker | bool }}" } diff --git a/ansible/roles/common/templates/conf/filter/01-rewrite.conf.j2 b/ansible/roles/common/templates/conf/filter/01-rewrite.conf.j2 index 44b1515c41..45b8d6d4c3 100644 --- a/ansible/roles/common/templates/conf/filter/01-rewrite.conf.j2 +++ b/ansible/roles/common/templates/conf/filter/01-rewrite.conf.j2 @@ -166,6 +166,11 @@ pattern ^(venus-api|venus-manager)$ tag openstack_python + + key programname + pattern ^(skyline)$ + tag openstack_python + key programname pattern .+ diff --git a/ansible/roles/common/templates/cron-logrotate-skyline.conf.j2 b/ansible/roles/common/templates/cron-logrotate-skyline.conf.j2 new file mode 100644 index 0000000000..847870d9a6 --- /dev/null +++ b/ansible/roles/common/templates/cron-logrotate-skyline.conf.j2 @@ -0,0 +1,3 @@ +"/var/log/kolla/skyline/*.log" +{ +} diff --git a/ansible/roles/skyline/defaults/main.yml b/ansible/roles/skyline/defaults/main.yml new file mode 100644 index 0000000000..ca78515714 --- /dev/null +++ b/ansible/roles/skyline/defaults/main.yml @@ -0,0 +1,186 @@ +--- +skyline_services: + skyline-apiserver: + container_name: skyline_apiserver + group: skyline-apiserver + enabled: true + image: "{{ skyline_apiserver_image_full }}" + volumes: "{{ skyline_apiserver_default_volumes + skyline_apiserver_extra_volumes }}" + dimensions: "{{ skyline_apiserver_dimensions }}" + healthcheck: "{{ skyline_apiserver_healthcheck }}" + haproxy: + skyline_apiserver: + enabled: "{{ enable_skyline }}" + mode: "http" + external: false + port: "{{ skyline_apiserver_port }}" + listen_port: "{{ skyline_apiserver_listen_port }}" + tls_backend: "{{ skyline_enable_tls_backend }}" + skyline_apiserver_external: + enabled: "{{ enable_skyline }}" + mode: "http" + external: true + port: "{{ skyline_apiserver_port }}" + listen_port: "{{ skyline_apiserver_listen_port }}" + tls_backend: "{{ skyline_enable_tls_backend }}" + skyline-console: + container_name: skyline_console + group: skyline-console + enabled: true + image: "{{ skyline_console_image_full }}" + volumes: "{{ skyline_console_default_volumes + skyline_console_extra_volumes }}" + dimensions: "{{ skyline_console_dimensions }}" + healthcheck: "{{ skyline_console_healthcheck }}" + haproxy: + skyline_console: + enabled: "{{ enable_skyline }}" + mode: "http" + external: false + port: "{{ skyline_console_port }}" + listen_port: "{{ skyline_console_listen_port }}" + tls_backend: "{{ skyline_enable_tls_backend }}" + skyline_console_external: + enabled: "{{ enable_skyline }}" + mode: "http" + external: true + port: "{{ skyline_console_port }}" + listen_port: "{{ skyline_console_listen_port }}" + tls_backend: "{{ skyline_enable_tls_backend }}" + +#################### +# Database +#################### +skyline_database_name: "skyline" +skyline_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}skyline{% endif %}" +skyline_database_address: "{{ database_address | put_address_in_context('url') }}:{{ database_port }}" + +#################### +# Database sharding +#################### +skyline_database_shard_root_user: "{% if enable_proxysql | bool %}root_shard_{{ skyline_database_shard_id }}{% else %}{{ database_user }}{% endif %}" +skyline_database_shard_id: "{{ mariadb_default_database_shard_id | int }}" +skyline_database_shard: + users: + - user: "{{ skyline_database_user }}" + password: "{{ skyline_database_password }}" + rules: + - schema: "{{ skyline_database_name }}" + shard_id: "{{ skyline_database_shard_id }}" + +#################### +# Docker +#################### +skyline_tag: "{{ openstack_tag }}" + +skyline_apiserver_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/skyline-apiserver" +skyline_apiserver_tag: "{{ skyline_tag }}" +skyline_apiserver_image_full: "{{ skyline_apiserver_image }}:{{ skyline_apiserver_tag }}" + +skyline_console_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/skyline-console" +skyline_console_tag: "{{ skyline_tag }}" +skyline_console_image_full: "{{ skyline_console_image }}:{{ skyline_console_tag }}" + +skyline_apiserver_dimensions: "{{ default_container_dimensions }}" +skyline_console_dimensions: "{{ default_container_dimensions }}" + +skyline_apiserver_enable_healthchecks: "{{ enable_container_healthchecks }}" +skyline_apiserver_healthcheck_interval: "{{ default_container_healthcheck_interval }}" +skyline_apiserver_healthcheck_retries: "{{ default_container_healthcheck_retries }}" +skyline_apiserver_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}" +skyline_apiserver_healthcheck_test: ["CMD-SHELL", "healthcheck_curl {{ 'https' if skyline_enable_tls_backend | bool else 'http' }}://{{ api_interface_address | put_address_in_context('url') }}:{{ skyline_apiserver_listen_port }}/docs"] +skyline_apiserver_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" +skyline_apiserver_healthcheck: + interval: "{{ skyline_apiserver_healthcheck_interval }}" + retries: "{{ skyline_apiserver_healthcheck_retries }}" + start_period: "{{ skyline_apiserver_healthcheck_start_period }}" + test: "{% if skyline_apiserver_enable_healthchecks | bool %}{{ skyline_apiserver_healthcheck_test }}{% else %}NONE{% endif %}" + timeout: "{{ skyline_apiserver_healthcheck_timeout }}" + +skyline_console_enable_healthchecks: "{{ enable_container_healthchecks }}" +skyline_console_healthcheck_interval: "{{ default_container_healthcheck_interval }}" +skyline_console_healthcheck_retries: "{{ default_container_healthcheck_retries }}" +skyline_console_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}" +skyline_console_healthcheck_test: ["CMD-SHELL", "healthcheck_curl {{ 'https' if skyline_enable_tls_backend | bool else 'http' }}://{{ api_interface_address | put_address_in_context('url') }}:{{ skyline_console_listen_port }}/docs"] +skyline_console_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" +skyline_console_healthcheck: + interval: "{{ skyline_console_healthcheck_interval }}" + retries: "{{ skyline_console_healthcheck_retries }}" + start_period: "{{ skyline_console_healthcheck_start_period }}" + test: "{% if skyline_console_enable_healthchecks | bool %}{{ skyline_console_healthcheck_test }}{% else %}NONE{% endif %}" + timeout: "{{ skyline_console_healthcheck_timeout }}" + +skyline_apiserver_default_volumes: + - "{{ node_config_directory }}/skyline-apiserver/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}" + - "kolla_logs:/var/log/kolla/" + +skyline_console_default_volumes: + - "{{ node_config_directory }}/skyline-console/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}" + - "kolla_logs:/var/log/kolla/" + +skyline_extra_volumes: "{{ default_extra_volumes }}" +skyline_apiserver_extra_volumes: "{{ skyline_extra_volumes }}" +skyline_console_extra_volumes: "{{ skyline_extra_volumes }}" + +#################### +# OpenStack +#################### +skyline_internal_endpoint: "{{ internal_protocol }}://{{ skyline_internal_fqdn | put_address_in_context('url') }}:{{ skyline_apiserver_port }}" +skyline_public_endpoint: "{{ public_protocol }}://{{ skyline_external_fqdn | put_address_in_context('url') }}:{{ skyline_apiserver_port }}" + +skyline_logging_debug: "{{ openstack_logging_debug }}" + +openstack_skyline_auth: "{{ openstack_auth }}" + +#################### +# Skyline +#################### +log_dir: /var/log/kolla/skyline +skyline_access_token_expire_seconds: 3600 +skyline_access_token_renew_seconds: 1800 +skyline_backend_cors_origins: [] +skyline_nginx_prefix: /api/openstack +# if set skyline_base_domains_ignore as true, we will not display +# the domains like heat_user_domain when we login from skyline. +skyline_base_domains_ignore: true +skyline_system_admin_roles: + - admin +skyline_system_reader_roles: + - system_reader +skyline_keystone_url: "{{ keystone_internal_url }}/v3/" +skyline_session_name: session +skyline_reclaim_instance_interval: 604800 + +skyline_gunicorn_debug_level: "{% if openstack_logging_debug | bool %}DEBUG{% else %}INFO{% endif %}" +skyline_gunicorn_timeout: 300 +skyline_gunicorn_keepalive: 5 +skyline_gunicorn_workers: "{{ openstack_service_workers }}" + +skyline_ssl_certfile: "{{ '/etc/skyline/certs/skyline-cert.pem' if skyline_enable_tls_backend | bool else '' }}" +skyline_ssl_keyfile: "{{ '/etc/skyline/certs/skyline-key.pem' if skyline_enable_tls_backend | bool else '' }}" + +#################### +# Keystone +#################### +skyline_keystone_user: skyline +skyline_ks_services: + - name: "skyline" + type: "panel" + description: "OpenStack Dashboard Service" + endpoints: + - {'interface': 'internal', 'url': '{{ skyline_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ skyline_public_endpoint }}'} + +skyline_ks_users: + - project: "service" + user: "{{ skyline_keystone_user }}" + password: "{{ skyline_keystone_password }}" + role: "admin" + +#################### +# TLS +#################### +skyline_enable_tls_backend: "{{ kolla_enable_tls_backend }}" diff --git a/ansible/roles/skyline/handlers/main.yml b/ansible/roles/skyline/handlers/main.yml new file mode 100644 index 0000000000..d9b83cb765 --- /dev/null +++ b/ansible/roles/skyline/handlers/main.yml @@ -0,0 +1,32 @@ +--- +- name: Restart skyline-apiserver container + vars: + service_name: "skyline-apiserver" + service: "{{ skyline_services[service_name] }}" + become: true + kolla_docker: + action: "recreate_or_restart_container" + common_options: "{{ docker_common_options }}" + name: "{{ service.container_name }}" + image: "{{ service.image }}" + volumes: "{{ service.volumes | reject('equalto', '') | list }}" + dimensions: "{{ service.dimensions }}" + healthcheck: "{{ service.healthcheck | default(omit) }}" + when: + - kolla_action != "config" + +- name: Restart skyline-console container + vars: + service_name: "skyline-console" + service: "{{ skyline_services[service_name] }}" + become: true + kolla_docker: + action: "recreate_or_restart_container" + common_options: "{{ docker_common_options }}" + name: "{{ service.container_name }}" + image: "{{ service.image }}" + volumes: "{{ service.volumes | reject('equalto', '') | list }}" + dimensions: "{{ service.dimensions }}" + healthcheck: "{{ service.healthcheck | default(omit) }}" + when: + - kolla_action != "config" diff --git a/ansible/roles/skyline/tasks/bootstrap.yml b/ansible/roles/skyline/tasks/bootstrap.yml new file mode 100644 index 0000000000..38b7d84448 --- /dev/null +++ b/ansible/roles/skyline/tasks/bootstrap.yml @@ -0,0 +1,38 @@ +--- +- name: Creating Skyline database + become: true + kolla_toolbox: + container_engine: "{{ kolla_container_engine }}" + module_name: mysql_db + module_args: + login_host: "{{ database_address }}" + login_port: "{{ database_port }}" + login_user: "{{ skyline_database_shard_root_user }}" + login_password: "{{ database_password }}" + name: "{{ skyline_database_name }}" + run_once: True + delegate_to: "{{ groups['skyline-apiserver'][0] }}" + when: + - not use_preconfigured_databases | bool + +- name: Creating Skyline database user and setting permissions + become: true + kolla_toolbox: + container_engine: "{{ kolla_container_engine }}" + module_name: mysql_user + module_args: + login_host: "{{ database_address }}" + login_port: "{{ database_port }}" + login_user: "{{ skyline_database_shard_root_user }}" + login_password: "{{ database_password }}" + name: "{{ skyline_database_user }}" + password: "{{ skyline_database_password }}" + host: "%" + priv: "{{ skyline_database_name }}.*:ALL" + append_privs: "yes" + run_once: True + delegate_to: "{{ groups['skyline-apiserver'][0] }}" + when: + - not use_preconfigured_databases | bool + +- import_tasks: bootstrap_service.yml diff --git a/ansible/roles/skyline/tasks/bootstrap_service.yml b/ansible/roles/skyline/tasks/bootstrap_service.yml new file mode 100644 index 0000000000..657ac3d8eb --- /dev/null +++ b/ansible/roles/skyline/tasks/bootstrap_service.yml @@ -0,0 +1,20 @@ +--- +- name: Running Skyline bootstrap container + vars: + skyline_apiserver: "{{ skyline_services['skyline-apiserver'] }}" + become: true + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + detach: False + environment: + KOLLA_BOOTSTRAP: + KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}" + image: "{{ skyline_apiserver.image }}" + labels: + BOOTSTRAP: + name: "bootstrap_skyline" + restart_policy: no + volumes: "{{ skyline_apiserver.volumes | reject('equalto', '') | list }}" + run_once: True + delegate_to: "{{ groups[skyline_apiserver.group][0] }}" diff --git a/ansible/roles/skyline/tasks/check-containers.yml b/ansible/roles/skyline/tasks/check-containers.yml new file mode 100644 index 0000000000..f70cb87482 --- /dev/null +++ b/ansible/roles/skyline/tasks/check-containers.yml @@ -0,0 +1,17 @@ +--- +- name: Check skyline container + become: true + kolla_docker: + action: "compare_container" + common_options: "{{ docker_common_options }}" + name: "{{ item.value.container_name }}" + image: "{{ item.value.image }}" + volumes: "{{ item.value.volumes | reject('equalto', '') | list }}" + dimensions: "{{ item.value.dimensions }}" + healthcheck: "{{ horizon.healthcheck | default(omit) }}" + when: + - inventory_hostname in groups[item.value.group] + - item.value.enabled | bool + with_dict: "{{ skyline_services }}" + notify: + - "Restart {{ item.key }} container" diff --git a/ansible/roles/skyline/tasks/check.yml b/ansible/roles/skyline/tasks/check.yml new file mode 100644 index 0000000000..ed97d539c0 --- /dev/null +++ b/ansible/roles/skyline/tasks/check.yml @@ -0,0 +1 @@ +--- diff --git a/ansible/roles/skyline/tasks/config.yml b/ansible/roles/skyline/tasks/config.yml new file mode 100644 index 0000000000..13d620d2a8 --- /dev/null +++ b/ansible/roles/skyline/tasks/config.yml @@ -0,0 +1,69 @@ +--- +- name: Ensuring config directories exist + file: + path: "{{ node_config_directory }}/{{ item.key }}" + state: "directory" + owner: "{{ config_owner_user }}" + group: "{{ config_owner_group }}" + mode: "0770" + become: true + when: + - inventory_hostname in groups[item.value.group] + - item.value.enabled | bool + with_dict: "{{ skyline_services }}" + +- include_tasks: copy-certs.yml + when: + - kolla_copy_ca_into_containers | bool or skyline_enable_tls_backend | bool + +- name: Copying over skyline.yaml files for services + template: + src: "skyline.yaml.j2" + dest: "{{ node_config_directory }}/{{ item.key }}/skyline.yaml" + mode: "0660" + become: true + when: + - inventory_hostname in groups[item.value.group] + - item.value.enabled | bool + with_dict: "{{ skyline_services }}" + notify: + - "Restart {{ item.key }} container" + +- name: Copying over gunicorn.py files for services + template: + src: "gunicorn.py.j2" + dest: "{{ node_config_directory }}/{{ item.key }}/gunicorn.py" + mode: "0660" + become: true + when: + - inventory_hostname in groups['skyline-apiserver'] + - item.value.enabled | bool + with_dict: "{{ skyline_services }}" + notify: + - "Restart {{ item.key }} container" + +- name: Copying over nginx.conf files for services + template: + src: "nginx.conf.j2" + dest: "{{ node_config_directory }}/{{ item.key }}/nginx.conf" + mode: "0660" + become: true + when: + - inventory_hostname in groups['skyline-console'] + - item.value.enabled | bool + with_dict: "{{ skyline_services }}" + notify: + - "Restart {{ item.key }} container" + +- name: Copying over config.json files for services + template: + src: "{{ item.key }}.json.j2" + dest: "{{ node_config_directory }}/{{ item.key }}/config.json" + mode: "0660" + become: true + when: + - inventory_hostname in groups[item.value.group] + - item.value.enabled | bool + with_dict: "{{ skyline_services }}" + notify: + - "Restart {{ item.key }} container" diff --git a/ansible/roles/skyline/tasks/config_validate.yml b/ansible/roles/skyline/tasks/config_validate.yml new file mode 100644 index 0000000000..ed97d539c0 --- /dev/null +++ b/ansible/roles/skyline/tasks/config_validate.yml @@ -0,0 +1 @@ +--- diff --git a/ansible/roles/skyline/tasks/copy-certs.yml b/ansible/roles/skyline/tasks/copy-certs.yml new file mode 100644 index 0000000000..3f39794746 --- /dev/null +++ b/ansible/roles/skyline/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ skyline_services }}" diff --git a/ansible/roles/skyline/tasks/deploy.yml b/ansible/roles/skyline/tasks/deploy.yml new file mode 100644 index 0000000000..d793a349da --- /dev/null +++ b/ansible/roles/skyline/tasks/deploy.yml @@ -0,0 +1,11 @@ +--- +- import_tasks: register.yml + +- import_tasks: config.yml + +- import_tasks: check-containers.yml + +- import_tasks: bootstrap.yml + +- name: Flush handlers + meta: flush_handlers diff --git a/ansible/roles/skyline/tasks/loadbalancer.yml b/ansible/roles/skyline/tasks/loadbalancer.yml new file mode 100644 index 0000000000..82cf637f3b --- /dev/null +++ b/ansible/roles/skyline/tasks/loadbalancer.yml @@ -0,0 +1,7 @@ +--- +- name: "Configure loadbalancer for {{ project_name }}" + import_role: + name: loadbalancer-config + vars: + project_services: "{{ skyline_services }}" + tags: always diff --git a/ansible/roles/skyline/tasks/main.yml b/ansible/roles/skyline/tasks/main.yml new file mode 100644 index 0000000000..bc5d1e6257 --- /dev/null +++ b/ansible/roles/skyline/tasks/main.yml @@ -0,0 +1,2 @@ +--- +- include_tasks: "{{ kolla_action }}.yml" diff --git a/ansible/roles/skyline/tasks/precheck.yml b/ansible/roles/skyline/tasks/precheck.yml new file mode 100644 index 0000000000..104797dc89 --- /dev/null +++ b/ansible/roles/skyline/tasks/precheck.yml @@ -0,0 +1,37 @@ +--- +- import_role: + name: service-precheck + vars: + service_precheck_services: "{{ skyline_services }}" + service_name: "{{ project_name }}" + +- name: Get container facts + become: true + kolla_container_facts: + container_engine: "{{ kolla_container_engine }}" + name: + - skyline_apiserver + - skyline_console + register: container_facts + +- name: Checking free port for Skyline APIServer + wait_for: + host: "{{ api_interface_address }}" + port: "{{ skyline_apiserver_listen_port }}" + connect_timeout: 1 + timeout: 1 + state: stopped + when: + - container_facts['skyline_apiserver'] is not defined + - inventory_hostname in groups['skyline-apiserver'] + +- name: Checking free port for Skyline Console + wait_for: + host: "{{ api_interface_address }}" + port: "{{ skyline_console_listen_port }}" + connect_timeout: 1 + timeout: 1 + state: stopped + when: + - container_facts['skyline_console'] is not defined + - inventory_hostname in groups['skyline-console'] diff --git a/ansible/roles/skyline/tasks/pull.yml b/ansible/roles/skyline/tasks/pull.yml new file mode 100644 index 0000000000..53f9c5fda1 --- /dev/null +++ b/ansible/roles/skyline/tasks/pull.yml @@ -0,0 +1,3 @@ +--- +- import_role: + role: service-images-pull diff --git a/ansible/roles/skyline/tasks/reconfigure.yml b/ansible/roles/skyline/tasks/reconfigure.yml new file mode 100644 index 0000000000..f670a5b78d --- /dev/null +++ b/ansible/roles/skyline/tasks/reconfigure.yml @@ -0,0 +1,2 @@ +--- +- include_tasks: deploy.yml diff --git a/ansible/roles/skyline/tasks/register.yml b/ansible/roles/skyline/tasks/register.yml new file mode 100644 index 0000000000..8cd7530f9d --- /dev/null +++ b/ansible/roles/skyline/tasks/register.yml @@ -0,0 +1,7 @@ +--- +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_skyline_auth }}" + service_ks_register_services: "{{ skyline_ks_services }}" + service_ks_register_users: "{{ skyline_ks_users }}" diff --git a/ansible/roles/skyline/tasks/stop.yml b/ansible/roles/skyline/tasks/stop.yml new file mode 100644 index 0000000000..a8e927807d --- /dev/null +++ b/ansible/roles/skyline/tasks/stop.yml @@ -0,0 +1,11 @@ +--- +- name: "Stopping skyline containers" + vars: + service: "{{ item.value }}" + docker_container: + name: "{{ service.container_name }}" + state: stopped + when: + - service.enabled | bool + - service.container_name not in skip_stop_containers + with_dict: "{{ skyline_services }}" diff --git a/ansible/roles/skyline/tasks/upgrade.yml b/ansible/roles/skyline/tasks/upgrade.yml new file mode 100644 index 0000000000..49edff81e3 --- /dev/null +++ b/ansible/roles/skyline/tasks/upgrade.yml @@ -0,0 +1,7 @@ +--- +- import_tasks: config.yml + +- import_tasks: check-containers.yml + +- name: Flush handlers + meta: flush_handlers diff --git a/ansible/roles/skyline/templates/gunicorn.py.j2 b/ansible/roles/skyline/templates/gunicorn.py.j2 new file mode 100644 index 0000000000..ba8289ee2b --- /dev/null +++ b/ansible/roles/skyline/templates/gunicorn.py.j2 @@ -0,0 +1,66 @@ +# Copyright 2022 99cloud +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +bind = "{{ api_interface_address }}:{{ skyline_apiserver_port }}" +workers = {{ skyline_gunicorn_workers }} +worker_class = "uvicorn.workers.UvicornWorker" +timeout = {{ skyline_gunicorn_timeout }} +keepalive = {{ skyline_gunicorn_keepalive }} +reuse_port = True +proc_name = "{{ project_name }}" + +logconfig_dict = { + "version": 1, + "disable_existing_loggers": False, + "root": {"level": "{{ skyline_gunicorn_debug_level }}", "handlers": ["console"]}, + "loggers": { + "gunicorn.error": { + "level": "{{ skyline_gunicorn_debug_level }}", + "handlers": ["error_file"], + "propagate": 0, + "qualname": "gunicorn_error", + }, + "gunicorn.access": { + "level": "{{ skyline_gunicorn_debug_level }}", + "handlers": ["access_file"], + "propagate": 0, + "qualname": "access", + }, + }, + "handlers": { + "error_file": { + "class": "logging.handlers.RotatingFileHandler", + "formatter": "generic", + "filename": "{{ log_dir }}/skyline-error.log", + }, + "access_file": { + "class": "logging.handlers.RotatingFileHandler", + "formatter": "generic", + "filename": "{{ log_dir }}/skyline-access.log", + }, + "console": { + "class": "logging.StreamHandler", + "level": "{{ skyline_gunicorn_debug_level }}", + "formatter": "generic", + }, + }, + "formatters": { + "generic": { + "format": "%(asctime)s.%(msecs)03d %(process)d %(levelname)s [-] %(message)s", + "datefmt": "[%Y-%m-%d %H:%M:%S %z]", + "class": "logging.Formatter", + } + }, +} diff --git a/ansible/roles/skyline/templates/nginx.conf.j2 b/ansible/roles/skyline/templates/nginx.conf.j2 new file mode 100644 index 0000000000..60a31f0d4a --- /dev/null +++ b/ansible/roles/skyline/templates/nginx.conf.j2 @@ -0,0 +1,258 @@ +daemon off; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 1024; + multi_accept on; +} + +http { + + ## + # Basic Settings + ## + sendfile on; + tcp_nopush on; + tcp_nodelay on; + client_max_body_size 0; + types_hash_max_size 2048; + proxy_request_buffering off; + server_tokens off; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + {% if skyline_ssl_certfile and skyline_ssl_keyfile %} + ## + # SSL Settings + ## + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + ssl_certificate {{ skyline_ssl_certfile }}; + ssl_certificate_key {{ skyline_ssl_keyfile }}; + {% endif %} + ## + # Logging Settings + ## + log_format main '$remote_addr - $remote_user [$time_local] "$request_time" ' + '"$upstream_response_time" "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + access_log {{ log_dir | default('/var/log/skyline') }}/skyline-nginx-access.log main; + error_log {{ log_dir | default('/var/log/skyline') }}/skyline-nginx-error.log; + + ## + # Gzip Settings + ## + gzip on; + gzip_static on; + gzip_disable "msie6"; + + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_buffers 16 8k; + # gzip_http_version 1.1; + gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Virtual Host Configs + ## + server { + listen {{ api_interface_address | put_address_in_context('url') }}:{{ skyline_console_listen_port }}{% if skyline_ssl_certfile and skyline_ssl_keyfile %} ssl http2{% endif %} default_server; + + root /var/lib/kolla/venv/lib/python{{ distro_python_version }}/site-packages/skyline_console/static; + + # Add index.php to the list if you are using PHP + index index.html; + + server_name _; + + error_page 497 https://$http_host$request_uri; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ /index.html; + expires 1d; + add_header Cache-Control "public"; + } + + # Service: skyline + location {{ skyline_nginx_prefix }}/skyline/ { + proxy_pass {{ internal_protocol }}://{{ skyline_internal_fqdn | put_address_in_context('url') }}:{{ skyline_apiserver_port }}/; + proxy_redirect {{ internal_protocol }}://{{ skyline_internal_fqdn | put_address_in_context('url') }}:{{ skyline_apiserver_port }}/ {{ skyline_nginx_prefix }}/skyline/; + proxy_buffering off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Host $http_host; + } + + {% if enable_keystone | bool %}# Region: {{ openstack_region_name }}, Service: keystone + location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/keystone { + proxy_pass {{ internal_protocol }}://{{ keystone_internal_fqdn | put_address_in_context('url') }}:{{ keystone_public_port }}/; + proxy_redirect {{ internal_protocol }}://{{ keystone_internal_fqdn | put_address_in_context('url') }}:{{ keystone_public_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/keystone/; + proxy_buffering off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Host $http_host; + } + {% endif %} + + {% if enable_glance | bool %}# Region: {{ openstack_region_name }}, Service: glance + location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/glance { + proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ glance_api_port }}/; + proxy_redirect {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ glance_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/glance/; + proxy_buffering off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Host $http_host; + } + {% endif %} + + {% if enable_neutron | bool %}# Region: {{ openstack_region_name }}, Service: neutron + location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/neutron { + proxy_pass {{ internal_protocol }}://{{ neutron_internal_fqdn | put_address_in_context('url') }}:{{ neutron_server_port }}/; + proxy_redirect {{ internal_protocol }}://{{ neutron_internal_fqdn | put_address_in_context('url') }}:{{ neutron_server_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/neutron/; + proxy_buffering off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Host $http_host; + } + {% endif %} + + {% if enable_nova | bool %}# Region: {{ openstack_region_name }}, Service: nova + location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/nova { + proxy_pass {{ internal_protocol }}://{{ nova_internal_fqdn | put_address_in_context('url') }}:{{ nova_api_port }}/; + proxy_redirect {{ internal_protocol }}://{{ nova_internal_fqdn | put_address_in_context('url') }}:{{ nova_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/nova/; + proxy_buffering off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Host $http_host; + } + {% endif %} + + {% if enable_placement | bool %}# Region: {{ openstack_region_name }}, Service: placement + location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/placement { + proxy_pass {{ internal_protocol }}://{{ placement_internal_fqdn | put_address_in_context('url') }}:{{ placement_api_port }}/; + proxy_redirect {{ internal_protocol }}://{{ placement_internal_fqdn | put_address_in_context('url') }}:{{ placement_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/placement/; + proxy_buffering off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Host $http_host; + } + {% endif %} + + {% if enable_cinder | bool %}# Region: {{ openstack_region_name }}, Service: cinder + location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/cinder { + proxy_pass {{ internal_protocol }}://{{ cinder_internal_fqdn | put_address_in_context('url') }}:{{ cinder_api_port }}/; + proxy_redirect {{ internal_protocol }}://{{ cinder_internal_fqdn | put_address_in_context('url') }}:{{ cinder_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/cinder/; + proxy_buffering off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Host $http_host; + } + {% endif %} + + {% if enable_heat | bool %}# Region: {{ openstack_region_name }}, Service: heat + location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/heat { + proxy_pass {{ internal_protocol }}://{{ heat_internal_fqdn | put_address_in_context('url') }}:{{ heat_api_port }}/; + proxy_redirect {{ internal_protocol }}://{{ heat_internal_fqdn | put_address_in_context('url') }}:{{ heat_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/heat/; + proxy_buffering off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Host $http_host; + } + {% endif %} + + {% if enable_octavia | bool %}# Region: {{ openstack_region_name }}, Service: octavia + location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/octavia { + proxy_pass {{ internal_protocol }}://{{ octavia_internal_fqdn | put_address_in_context('url') }}:{{ octavia_api_port }}/; + proxy_redirect {{ internal_protocol }}://{{ octavia_internal_fqdn | put_address_in_context('url') }}:{{ octavia_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/octavia/; + proxy_buffering off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Host $http_host; + } + {% endif %} + + {% if enable_manila | bool %}# Region: {{ openstack_region_name }}, Service: manilav2 + location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/manilav2 { + proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ manila_api_port }}/; + proxy_redirect {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ manila_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/manilav2/; + proxy_buffering off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Host $http_host; + } + {% endif %} + + {% if enable_ironic | bool %}# Region: {{ openstack_region_name }}, Service: ironic + location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/ironic { + proxy_pass {{ internal_protocol }}://{{ ironic_internal_fqdn | put_address_in_context('url') }}:{{ ironic_api_port }}/; + proxy_redirect {{ internal_protocol }}://{{ ironic_internal_fqdn | put_address_in_context('url') }}:{{ ironic_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/ironic/; + proxy_buffering off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Host $http_host; + } + {% endif %} + + {% if enable_zun | bool %}# Region: {{ openstack_region_name }}, Service: zun + location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/zun { + proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ zun_api_port }}/; + proxy_redirect {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ zun_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/zun/; + proxy_buffering off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Host $http_host; + } + {% endif %} + + {% if enable_magnum | bool %}# Region: {{ openstack_region_name }}, Service: magnum + location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/magnum { + proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ magnum_api_port }}/; + proxy_redirect {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ magnum_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/magnum/; + proxy_buffering off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Host $http_host; + } + {% endif %} + + {% if enable_trove | bool %}# Region: {{ openstack_region_name }}, Service: trove + location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/trove { + proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ trove_api_port }}/; + proxy_redirect {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ trove_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/trove/; + proxy_buffering off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Host $http_host; + } + {% endif %} + + } + +} + diff --git a/ansible/roles/skyline/templates/skyline-apiserver.json.j2 b/ansible/roles/skyline/templates/skyline-apiserver.json.j2 new file mode 100644 index 0000000000..ee4559d4f8 --- /dev/null +++ b/ansible/roles/skyline/templates/skyline-apiserver.json.j2 @@ -0,0 +1,36 @@ +{ + "command": "gunicorn -c /etc/skyline/gunicorn.py skyline_apiserver.main:app", + "config_files": [ + { + "source": "{{ container_config_directory }}/skyline.yaml", + "dest": "/etc/skyline/skyline.yaml", + "owner": "skyline", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/gunicorn.py", + "dest": "/etc/skyline/gunicorn.py", + "owner": "skyline", + "perm": "0600" + }{% if skyline_enable_tls_backend | bool %}, + { + "source": "{{ container_config_directory }}/skyline-cert.pem", + "dest": "/etc/skyline/certs/skyline-cert.pem", + "owner": "skyline", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/skyline-key.pem", + "dest": "/etc/skyline/certs/skyline-key.pem", + "owner": "skyline", + "perm": "0600" + }{% endif %} + ], + "permissions": [ + { + "path": "/var/log/kolla/skyline", + "owner": "skyline:skyline", + "recurse": true + } + ] +} diff --git a/ansible/roles/skyline/templates/skyline-console.json.j2 b/ansible/roles/skyline/templates/skyline-console.json.j2 new file mode 100644 index 0000000000..905202f229 --- /dev/null +++ b/ansible/roles/skyline/templates/skyline-console.json.j2 @@ -0,0 +1,36 @@ +{ + "command": "nginx", + "config_files": [ + { + "source": "{{ container_config_directory }}/skyline.yaml", + "dest": "/etc/skyline/skyline.yaml", + "owner": "skyline", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/nginx.conf", + "dest": "/etc/nginx/nginx.conf", + "owner": "skyline", + "perm": "0600" + }{% if skyline_enable_tls_backend | bool %}, + { + "source": "{{ container_config_directory }}/skyline-cert.pem", + "dest": "/etc/skyline/certs/skyline-cert.pem", + "owner": "skyline", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/skyline-key.pem", + "dest": "/etc/skyline/certs/skyline-key.pem", + "owner": "skyline", + "perm": "0600" + }{% endif %} + ], + "permissions": [ + { + "path": "/var/log/kolla/skyline", + "owner": "skyline:skyline", + "recurse": true + } + ] +} diff --git a/ansible/roles/skyline/templates/skyline.yaml.j2 b/ansible/roles/skyline/templates/skyline.yaml.j2 new file mode 100644 index 0000000000..f998109546 --- /dev/null +++ b/ansible/roles/skyline/templates/skyline.yaml.j2 @@ -0,0 +1,92 @@ +default: + access_token_expire: {{ skyline_access_token_expire_seconds }} + access_token_renew: {{ skyline_access_token_renew_seconds }} + cors_allow_origins: {{ skyline_backend_cors_origins }} + database_url: mysql://{{ skyline_database_user }}:{{ skyline_database_password }}@{{ skyline_database_address }}/{{ skyline_database_name }} + debug: {{ skyline_logging_debug }} + log_dir: {{ log_dir }} + secret_key: {{ skyline_secret_key }} + session_name: {{ skyline_session_name }} +openstack: +{% if skyline_base_domains_ignore | bool %} + base_domains: +{% if enable_heat | bool %} + - heat_user_domain +{% endif %} +{% if enable_magnum | bool %} + - magnum +{% endif %} +{% endif %} + default_region: {{ openstack_region_name }} + extension_mapping: +{% if enable_neutron_port_forwarding | bool %} + floating-ip-port-forwarding: neutron_port_forwarding +{% endif %} +{% if enable_neutron_qos | bool %} + qos: neutron_qos +{% endif %} +{% if enable_neutron_vpnaas | bool %} + vpnaas: neutron_vpn +{% endif %} + keystone_url: {{ skyline_keystone_url }} + nginx_prefix: {{ skyline_nginx_prefix }} + reclaim_instance_interval: {{ skyline_reclaim_instance_interval }} + service_mapping: +{% if enable_ironic | bool %} + baremetal: ironic +{% endif %} +{% if enable_nova | bool %} + compute: nova +{% endif %} +{% if enable_zun | bool %} + container: zun +{% endif %} +{% if enable_magnum | bool %} + container-infra: magnum +{% endif %} +{% if enable_trove | bool %} + database: trove +{% endif %} +{% if enable_keystone | bool %} + identity: keystone +{% endif %} +{% if enable_glance | bool %} + image: glance +{% endif %} +{% if enable_barbican | bool %} + key-manager: barbican +{% endif %} +{% if enable_octavia | bool %} + load-balancer: octavia +{% endif %} +{% if enable_neutron | bool %} + network: neutron +{% endif %} +{% if enable_swift | bool %} + object-store: swift +{% endif %} +{% if enable_heat | bool %} + orchestration: heat +{% endif %} +{% if enable_placement | bool %} + placement: placement +{% endif %} +{% if enable_manila | bool %} + sharev2: manilav2 +{% endif %} +{% if enable_cinder | bool %} + volumev3: cinder +{% endif %} + system_admin_roles: +{% for skyline_system_admin_role in skyline_system_admin_roles %} + - {{ skyline_system_admin_role }} +{% endfor %} + system_project: service + system_project_domain: {{ default_project_domain_name }} + system_reader_roles: +{% for skyline_system_reader_role in skyline_system_reader_roles %} + - {{ skyline_system_reader_role }} +{% endfor %} + system_user_domain: {{ default_user_domain_name }} + system_user_name: skyline + system_user_password: {{ skyline_keystone_password }} diff --git a/ansible/roles/skyline/vars/main.yml b/ansible/roles/skyline/vars/main.yml new file mode 100644 index 0000000000..1969b04758 --- /dev/null +++ b/ansible/roles/skyline/vars/main.yml @@ -0,0 +1,2 @@ +--- +project_name: "skyline" diff --git a/ansible/site.yml b/ansible/site.yml index 3fe77b91bb..4df835f84c 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -64,6 +64,7 @@ - enable_redis_{{ enable_redis | bool }} - enable_sahara_{{ enable_sahara | bool }} - enable_senlin_{{ enable_senlin | bool }} + - enable_skyline_{{ enable_skyline | bool }} - enable_solum_{{ enable_solum | bool }} - enable_swift_{{ enable_swift | bool }} - enable_tacker_{{ enable_tacker | bool }} @@ -285,6 +286,11 @@ tasks_from: loadbalancer tags: senlin when: enable_senlin | bool + - include_role: + name: skyline + tasks_from: loadbalancer + tags: skyline + when: enable_skyline | bool - include_role: name: solum tasks_from: loadbalancer @@ -987,3 +993,13 @@ roles: - { role: venus, tags: venus } + +- name: Apply role skyline + gather_facts: false + hosts: + - skyline + - '&enable_skyline_True' + serial: '{{ kolla_serial|default("0") }}' + roles: + - { role: skyline, + tags: skyline } diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml index 5ac038ea17..d01f4a75cf 100644 --- a/etc/kolla/globals.yml +++ b/etc/kolla/globals.yml @@ -406,6 +406,7 @@ workaround_ansible_issue_8743: yes #enable_redis: "no" #enable_sahara: "no" #enable_senlin: "no" +#enable_skyline: "no" #enable_solum: "no" #enable_swift: "no" #enable_swift_s3api: "no" diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml index 1a1fa57cb7..8d0e7343a1 100644 --- a/etc/kolla/passwords.yml +++ b/etc/kolla/passwords.yml @@ -174,6 +174,10 @@ masakari_keystone_password: memcache_secret_key: +skyline_secret_key: +skyline_database_password: +skyline_keystone_password: + # HMAC secret key osprofiler_secret: diff --git a/releasenotes/notes/add-skyline-support-a3fb6aabeeb1d8da.yaml b/releasenotes/notes/add-skyline-support-a3fb6aabeeb1d8da.yaml new file mode 100644 index 0000000000..e760ee4da5 --- /dev/null +++ b/releasenotes/notes/add-skyline-support-a3fb6aabeeb1d8da.yaml @@ -0,0 +1,3 @@ +--- +features: + - Add skyline ansible role