add panko role

Change-Id: I515fdcdf6093e9e59dbbdc97221d23ed7f4e0a3d
Partially-Implements: blueprint add-panko-ansible-role
This commit is contained in:
zhubingbing 2016-11-07 07:32:04 +00:00 committed by zhubingbing
parent eaa1af8f73
commit 3e7ed2c42c
29 changed files with 499 additions and 1 deletions

View File

@ -133,6 +133,8 @@ mariadb_wsrep_port: "4567"
mariadb_ist_port: "4568"
mariadb_sst_port: "4444"
panko_api_port: "8977"
rabbitmq_port: "5672"
rabbitmq_management_port: "15672"
rabbitmq_cluster_port: "25672"
@ -291,6 +293,7 @@ enable_neutron_lbaas: "no"
enable_neutron_qos: "no"
enable_neutron_agent_ha: "no"
enable_octavia: "no"
enable_panko: "no"
enable_rally: "no"
enable_sahara: "no"
enable_searchlight: "no"
@ -372,6 +375,16 @@ glance_backend_ceph: "{{ enable_ceph }}"
# Valid options are [ mongodb, mysql, gnocchi ]
ceilometer_database_type: "mongodb"
# Valid options are [ mongodb, gnocchi, panko ]
ceilometer_event_type: "mongodb"
########################
### Panko options
########################
# Valid options are [ mongodb, mysql ]
panko_database_type: "mysql"
#################
# Gnocchi options

View File

@ -114,6 +114,9 @@ control
[manila:children]
control
[panko:children]
control
[gnocchi:children]
control
@ -367,6 +370,10 @@ aodh
[aodh-notifier:children]
aodh
# Panko
[panko-api:children]
panko
# Gnocchi
[gnocchi-api:children]
gnocchi

View File

@ -139,6 +139,9 @@ control
[congress:children]
control
[panko:children]
control
[gnocchi:children]
control
@ -406,6 +409,10 @@ congress
[congress-policy-engine:children]
congress
# Panko
[panko-api:children]
panko
# Gnocchi
[gnocchi-api:children]
gnocchi

View File

@ -5,9 +5,16 @@ log_dir = /var/log/kolla/ceilometer
transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
{% if ceilometer_event_type == "mongodb" %}
event_dispatchers = database
{% elif ceilometer_event_type == "gnocchi" %}
event_dispatchers = gnocchi
{% elif ceilometer_event_type == "panko" %}
event_dispatchers = panko
{% endif %}
{% if ceilometer_database_type == 'gnocchi' %}
meter_dispatchers = gnocchi
event_dispatchers = gnocchi
{% endif %}
[api]

View File

@ -37,6 +37,7 @@
- { name: "keepalived", enabled: "{{ enable_haproxy }}" }
- { name: "keystone", enabled: "{{ enable_keystone }}" }
- { name: "mariadb", enabled: "{{ enable_mariadb }}" }
- { name: "panko", enabled: "{{ enable_panko }}" }
- { name: "openstack", enabled: "yes" }
- { name: "rabbitmq", enabled: "{{ enable_rabbitmq }}" }
- { name: "swift-account-auditor", src: "swift", enabled: "{{ enable_swift }}" }
@ -95,6 +96,7 @@
- { name: "neutron", enabled: "{{ enable_neutron }}" }
- { name: "nova", enabled: "{{ enable_nova }}" }
- { name: "octavia", enabled: "{{ enable_octavia }}" }
- { name: "panko", enabled: "{{ enable_panko }}" }
- { name: "rabbitmq", enabled: "{{ enable_rabbitmq }}" }
- { name: "sahara", enabled: "{{ enable_sahara }}" }
- { name: "searchlight", enabled: "{{ enable_searchlight }}" }

View File

@ -0,0 +1,3 @@
"/var/log/kolla/panko/*.log"
{
}

View File

@ -22,6 +22,7 @@
( 'murano', enable_murano ),
( 'neutron', enable_neutron ),
( 'nova', enable_nova ),
( 'panko', enable_panko ),
( 'rabbitmq', enable_rabbitmq ),
( 'sahara', enable_sahara ),
( 'searchlight', enable_searchlight ),

View File

@ -0,0 +1,13 @@
[panko_apache_log_decoder]
type = "SandboxDecoder"
filename = "lua_decoders/os_panko_apache_log.lua"
[panko_apache_log_decoder.config]
apache_log_pattern = '%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"'
[panko_apache_logstreamer_input]
type = "LogstreamerInput"
decoder = "panko_apache_log_decoder"
log_directory = "/var/log/kolla"
file_match = 'panko/panko-apache-(?P<Service>.+)-access\.log\.?(?P<Seq>\d*)$'
priority = ["^Seq"]
differentiator = ["panko-apache-", "Service"]

View File

@ -91,6 +91,13 @@
"perm": "0600",
"optional": {{ (not enable_mariadb | bool) | string | lower }}
},
{
"source": "{{ container_config_directory }}/heka-panko.toml",
"dest": "/etc/heka/heka-panko.toml",
"owner": "heka",
"perm": "0600",
"optional": {{ (not enable_panko | bool) | string | lower }}
},
{
"source": "{{ container_config_directory }}/heka-keystone.toml",
"dest": "/etc/heka/heka-keystone.toml",

View File

@ -274,6 +274,25 @@ listen octavia_api_external
{% endif %}
{% endif %}
{% if enable_panko | bool %}
listen panko_api
bind {{ kolla_internal_vip_address }}:{{ panko_api_port }}
http-request del-header X-Forwarded-Proto
{% for host in groups['panko-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ panko_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
{% if haproxy_enable_external_vip | bool %}
listen panko_api_external
bind {{ kolla_external_vip_address }}:{{ panko_api_port }} {{ tls_bind_info }}
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for host in groups['panko-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ panko_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
{% endif %}
{% endif %}
{% if enable_heat | bool %}
listen heat_api
bind {{ kolla_internal_vip_address }}:{{ heat_api_port }}

View File

@ -0,0 +1,31 @@
---
project_name: "panko"
####################
# Database
####################
panko_database_name: "panko"
panko_database_user: "panko"
panko_database_port: "{{ mongodb_port if panko_database_type == 'mongodb' else database_port }}"
panko_database_mongodb_address: "{% for host in groups['mongodb'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ pankor_database_port }}{% if not loop.last %},{% endif %}{% endfor %}"
panko_database_mysql_address: "{{ kolla_internal_fqdn }}"
####################
# Docker
####################
panko_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-panko-api"
panko_api_tag: "{{ openstack_release }}"
panko_api_image_full: "{{ panko_api_image }}:{{ panko_api_tag }}"
####################
# OpenStack
####################
panko_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ panko_api_port }}"
panko_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ panko_api_port }}"
panko_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ panko_api_port }}"
panko_logging_debug: "{{ openstack_logging_debug }}"
panko_keystone_user: "panko"
openstack_panko_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}','domain_name':'default'}"

View File

@ -0,0 +1,3 @@
---
dependencies:
- { role: common }

View File

@ -0,0 +1,70 @@
---
- name: Creating Panko MongoDB database
command: docker exec -t mongodb mongo --host {{ panko_database_mongodb_address }} --eval 'db = db.getSiblingDB("{{ panko_database_name }}"); db.createUser({user':' "{{ panko_database_user }}", pwd':' "{{ panko_database_password}}", roles':' [ "readWrite", "dbAdmin" ]})'
register: mongodb_panko_database
run_once: true
failed_when:
- "'already' not in mongodb_panko_database.stdout"
- mongodb_panko_database.stdout.split()[4] != 'connecting'
delegate_to: "{{ groups['mongodb'][0] }}"
when:
- panko_database_type == "mongodb"
- name: Checking Panko mysql database
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
-m mysql_db
-a "login_host='{{ panko_database_mysql_address }}'
login_port='{{ panko_database_port }}'
login_user='{{ panko_database_user }}'
login_password='{{ panko_database_password }}'
name='{{ panko_database_name }}'"
register: mysql_access
failed_when: False
changed_when: False
run_once: True
when:
- panko_database_type == "mysql"
- name: Creating panko mysql database
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
-m mysql_db
-a "login_host='{{ panko_database_mysql_address }}'
login_port='{{ panko_database_port }}'
login_user='{{ database_user }}'
login_password='{{ database_password }}'
name='{{ panko_database_name }}'"
register: mysql_panko_database
changed_when: "{{ mysql_panko_database.stdout.find('localhost | SUCCESS => ') != -1 and
(mysql_panko_database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
failed_when: mysql_panko_database.stdout.split()[2] != 'SUCCESS'
run_once: True
delegate_to: "{{ groups['panko-api'][0] }}"
when:
- panko_database_type == "mysql"
- "'FAILED' in mysql_access.stdout"
- name: Creating panko database user and setting permissions
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
-m mysql_user
-a "login_host='{{ panko_database_mysql_address }}'
login_port='{{ panko_database_port }}'
login_user='{{ database_user }}'
login_password='{{ database_password }}'
name='{{ panko_database_name }}'
password='{{ panko_database_password }}'
host='%'
priv='{{ panko_database_name }}.*:ALL'
append_privs='yes'"
register: database_user_create
changed_when: "{{ database_user_create.stdout.find('localhost | SUCCESS => ') != -1 and
(database_user_create.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
failed_when: database_user_create.stdout.split()[2] != 'SUCCESS'
run_once: True
delegate_to: "{{ groups['panko-api'][0] }}"
when:
- panko_database_type == "mysql"
- "'FAILED' in mysql_access.stdout"
- include: bootstrap_service.yml
when: ((panko_database_type == "mongodb" and mongodb_panko_database.changed)
or panko_database_type == "mysql" and mysql_panko_database.changed)

View File

@ -0,0 +1,21 @@
---
- name: Running panko bootstrap container
kolla_docker:
action: "start_container"
common_options: "{{ docker_common_options }}"
detach: False
environment:
KOLLA_BOOTSTRAP:
KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
PANKO_DATABASE_TYPE: "{{ panko_database_type }}"
image: "{{ panko_api_image_full }}"
labels:
BOOTSTRAP:
name: "bootstrap_panko"
restart_policy: "never"
volumes:
- "{{ node_config_directory }}/panko-api/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
run_once: True
delegate_to: "{{ groups['panko-api'][0] }}"

View File

@ -0,0 +1,51 @@
---
- name: Ensuring config directories exist
file:
path: "{{ node_config_directory }}/{{ item }}"
state: "directory"
recurse: yes
with_items:
- "panko-api"
- name: Copying over config.json files for services
template:
src: "{{ item }}.json.j2"
dest: "{{ node_config_directory }}/{{ item }}/config.json"
with_items:
- "panko-api"
- name: Copying over panko.conf
merge_configs:
vars:
service_name: "{{ item }}"
sources:
- "{{ role_path }}/templates/panko.conf.j2"
- "{{ node_custom_config }}/global.conf"
- "{{ node_custom_config }}/database.conf"
- "{{ node_custom_config }}/messaging.conf"
- "{{ node_custom_config }}/panko.conf"
- "{{ node_custom_config }}/panko/{{ item }}.conf"
- "{{ node_custom_config }}/panko/{{ inventory_hostname }}/{{ item }}.conf"
dest: "{{ node_config_directory }}/{{ item }}/panko.conf"
with_items:
- "panko-api"
- name: Copying over wsgi-panko files for services
template:
src: "wsgi-panko.conf.j2"
dest: "{{ node_config_directory }}/{{ item }}/wsgi-panko.conf"
with_items:
- "panko-api"
- name: Check if policies shall be overwritten
local_action: stat path="{{ node_custom_config }}/panko/policy.json"
register: panko_policy
- name: Copying over existing policy.json
template:
src: "{{ node_custom_config }}/panko/policy.json"
dest: "{{ node_config_directory }}/{{ item }}/policy.json"
with_items:
- "panko-api"
when:
panko_policy.stat.exists

View File

@ -0,0 +1,12 @@
---
- include: register.yml
when: inventory_hostname in groups['panko-api']
- include: config.yml
when: inventory_hostname in groups['panko-api']
- include: bootstrap.yml
when: inventory_hostname in groups['panko-api']
- include: start.yml
when: inventory_hostname in groups['panko-api']

View File

@ -0,0 +1,2 @@
---
- include: "{{ action }}.yml"

View File

@ -0,0 +1,7 @@
---
- name: Pulling panko-api image
kolla_docker:
action: "pull_image"
common_options: "{{ docker_common_options }}"
image: "{{ panko_api_image_full }}"
when: inventory_hostname in groups['panko-api']

View File

@ -0,0 +1,64 @@
---
- name: Ensuring the containers up
kolla_docker:
name: "{{ item.name }}"
action: "get_container_state"
register: container_state
failed_when: container_state.Running == false
when: inventory_hostname in groups[item.group]
with_items:
- { name: panko_api, group: panko-api }
- include: config.yml
- name: Check the configs
command: docker exec {{ item.name }} /usr/local/bin/kolla_set_configs --check
changed_when: false
failed_when: false
register: check_results
when: inventory_hostname in groups[item.group]
with_items:
- { name: panko_api, group: panko-api }
# NOTE(jeffrey4l): when config_strategy == 'COPY_ALWAYS'
# and container env['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE',
# just remove the container and start again
- name: Containers config strategy
kolla_docker:
name: "{{ item.name }}"
action: "get_container_env"
register: container_envs
when: inventory_hostname in groups[item.group]
with_items:
- { name: panko_api, group: panko-api }
- name: Remove the containers
kolla_docker:
name: "{{ item[0]['name'] }}"
action: "remove_container"
register: remove_containers
when:
- inventory_hostname in groups[item[0]['group']]
- config_strategy == "COPY_ONCE" or item[1]['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE'
- item[2]['rc'] == 1
with_together:
- [{ name: panko_api, group: panko-api }]
- "{{ container_envs.results }}"
- "{{ check_results.results }}"
- include: start.yml
when: remove_containers.changed
- name: Restart containers
kolla_docker:
name: "{{ item[0]['name'] }}"
action: "restart_container"
when:
- inventory_hostname in groups[item[0]['group']]
- config_strategy == 'COPY_ALWAYS'
- item[1]['KOLLA_CONFIG_STRATEGY'] != 'COPY_ONCE'
- item[2]['rc'] == 1
with_together:
- [{ name: panko_api, group: panko-api }]
- "{{ container_envs.results }}"
- "{{ check_results.results }}"

View File

@ -0,0 +1,40 @@
---
- name: Creating the panko service and endpoint
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
-m kolla_keystone_service
-a "service_name=panko
service_type=event
description='Panko Service'
endpoint_region={{ openstack_region_name }}
url='{{ item.url }}'
interface='{{ item.interface }}'
region_name={{ openstack_region_name }}
auth={{ '{{ openstack_panko_auth }}' }}"
-e "{'openstack_panko_auth':{{ openstack_panko_auth }}}"
register: panko_endpoint
changed_when: "{{ panko_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (panko_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
until: panko_endpoint.stdout.split()[2] == 'SUCCESS'
retries: 10
delay: 5
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ panko_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ panko_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ panko_public_endpoint }}'}
- name: Creating the panko project, user, and role
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
-m kolla_keystone_user
-a "project=service
user=panko
password={{ panko_keystone_password }}
role=admin
region_name={{ openstack_region_name }}
auth={{ '{{ openstack_panko_auth }}' }}"
-e "{'openstack_panko_auth':{{ openstack_panko_auth }}}"
register: panko_user
changed_when: "{{ panko_user.stdout.find('localhost | SUCCESS => ') != -1 and (panko_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
until: panko_user.stdout.split()[2] == 'SUCCESS'
retries: 10
delay: 5
run_once: True

View File

@ -0,0 +1,12 @@
---
- name: Starting panko-api container
kolla_docker:
action: "start_container"
common_options: "{{ docker_common_options }}"
image: "{{ panko_api_image_full }}"
name: "panko_api"
volumes:
- "{{ node_config_directory }}/panko-api/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
when: inventory_hostname in groups['panko-api']

View File

@ -0,0 +1,6 @@
---
- include: config.yml
- include: bootstrap_service.yml
- include: start.yml

View File

@ -0,0 +1,33 @@
{% set panko_cmd = 'apache2' if kolla_base_distro in ['ubuntu', 'debian'] else 'httpd' %}
{% set panko_dir = 'apache2/conf-enabled' if kolla_base_distro in ['ubuntu', 'debian'] else 'httpd/conf.d' %}
{
"command": "{{ panko_cmd }} -DFOREGROUND",
"config_files": [
{
"source": "{{ container_config_directory }}/panko.conf",
"dest": "/etc/panko/panko.conf",
"owner": "panko",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/panko/policy.json",
"owner": "panko",
"perm": "0600",
"optional": true
},
{
"source": "{{ container_config_directory }}/wsgi-panko.conf",
"dest": "/etc/{{ panko_dir }}/wsgi-panko.conf",
"owner": "panko",
"perm": "0640"
}
],
"permissions": [
{
"path": "/var/log/kolla/panko",
"owner": "panko:panko",
"recurse": true
}
]
}

View File

@ -0,0 +1,28 @@
#jinja2: trim_blocks: False
[DEFAULT]
log_dir = /var/log/kolla/panko
debug = {{ panko_logging_debug }}
[database]
{% if panko_database_type == "mongodb" %}
event_connection = mongodb://{{ panko_database_user }}:{{ panko_database_password }}@{{ panko_database_mongodb_address }}/{{ panko_database_name }}
metering_connection = mongodb://{{ panko_database_user }}:{{ panko_database_password }}@{{ panko_database_mongodb_address }}/{{ panko_database_name }}
{% elif panko_database_type == "mysql" %}
event_connection = mysql+pymysql://{{ panko_database_user }}:{{ panko_database_password }}@{{ panko_database_mysql_address }}:{{ panko_database_port }}/{{ panko_database_name }}
metering_connection = mysql+pymysql://{{ panko_database_user }}:{{ panko_database_password }}@{{ panko_database_mysql_address }}:{{ panko_database_port }}/{{ panko_database_name }}
{% endif %}
[keystone_authtoken]
auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
project_domain_name = Default
project_name = service
user_domain_name = Default
username = {{ panko_keystone_user }}
password = {{ panko_keystone_password }}
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
auth_type = password
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}

View File

@ -0,0 +1,17 @@
{% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %}
Listen {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ panko_api_port }}
<VirtualHost *:{{ panko_api_port }}>
ErrorLog "/var/log/kolla/panko/panko-api-error.log"
CustomLog "/var/log/kolla/panko/panko-api-access.log" combined
WSGIApplicationGroup %{GLOBAL}
WSGIDaemonProcess panko group=panko processes={{ openstack_service_workers }} threads=1 user=panko python-path={{ python_path }}
WSGIProcessGroup panko
WSGIScriptAlias / "{{ python_path }}/panko/api/app.wsgi"
<Directory "{{ python_path }}/panko/api">
Require all granted
</Directory>
</VirtualHost>

View File

@ -207,6 +207,14 @@
tags: nova,
when: enable_nova | bool }
- name: Apply role panko
hosts: panko-api
serial: '{{ serial|default("0") }}'
roles:
- { role: panko,
tags: panko,
when: enable_panko | bool }
- name: Apply role kuryr
hosts:
- compute

View File

@ -203,6 +203,14 @@ kolla_internal_vip_address: "10.10.10.254"
# Valid options are [ mongodb, mysql, gnocchi ]
#ceilometer_database_type: "mongodb"
# Valid options are [ mongodb, gnocchi, panko ]
#ceilometer_event_type: "mongodb"
#######################
## Panko options
#######################
# Valid options are [ mongodb, mysql ]
#panko_database_type: "mysql"
#######################
# Gnocchi options

View File

@ -55,6 +55,9 @@ cinder_keystone_password:
cloudkitty_database_password:
cloudkitty_keystone_password:
panko_database_password:
panko_keystone_password:
sahara_database_password:
sahara_keystone_password:

View File

@ -0,0 +1,3 @@
---
features:
- Add Panko role, Panko is a component of the Telemetry project