From 4c2da9e6d18d9bb18d13b2549746fd8cffa0ad20 Mon Sep 17 00:00:00 2001 From: caowei Date: Fri, 25 Nov 2016 06:21:35 +0800 Subject: [PATCH] Add karbor ansible role Co-Authored-By: zhubingbing Co-Authored-By: zhangshuai <446077695@qq.com> Co-Authored-By: Mauricio Lima Change-Id: I7aebe544e3495767d6389dbf220d633a98c137da Partially-implements: bp karbor-ansible-role --- ansible/group_vars/all.yml | 3 + ansible/inventory/all-in-one | 13 ++++ ansible/inventory/multinode | 13 ++++ ansible/roles/common/tasks/config.yml | 1 + .../templates/cron-logrotate-karbor.conf.j2 | 3 + ansible/roles/common/templates/cron.json.j2 | 1 + ansible/roles/haproxy/tasks/precheck.yml | 10 +++ .../roles/haproxy/templates/haproxy.cfg.j2 | 16 +++++ ansible/roles/karbor/defaults/main.yml | 39 ++++++++++ ansible/roles/karbor/meta/main.yml | 3 + ansible/roles/karbor/tasks/bootstrap.yml | 41 +++++++++++ .../roles/karbor/tasks/bootstrap_service.yml | 20 ++++++ ansible/roles/karbor/tasks/config.yml | 47 ++++++++++++ ansible/roles/karbor/tasks/deploy.yml | 16 +++++ ansible/roles/karbor/tasks/main.yml | 2 + ansible/roles/karbor/tasks/precheck.yml | 16 +++++ ansible/roles/karbor/tasks/pull.yml | 21 ++++++ ansible/roles/karbor/tasks/reconfigure.yml | 71 +++++++++++++++++++ ansible/roles/karbor/tasks/register.yml | 40 +++++++++++ ansible/roles/karbor/tasks/start.yml | 36 ++++++++++ ansible/roles/karbor/tasks/upgrade.yml | 6 ++ .../roles/karbor/templates/karbor-api.json.j2 | 18 +++++ .../templates/karbor-operationengine.json.j2 | 18 +++++ .../templates/karbor-protection.json.j2 | 24 +++++++ ansible/roles/karbor/templates/karbor.conf.j2 | 46 ++++++++++++ .../providers.d/openstack-infra.conf.j2 | 21 ++++++ ansible/site.yml | 11 ++- etc/kolla/globals.yml | 1 + etc/kolla/passwords.yml | 4 ++ kolla/cmd/genpwd.py | 3 +- .../add-karbor-role-96e8956cce8a7175.yaml | 5 ++ 31 files changed, 566 insertions(+), 3 deletions(-) create mode 100644 ansible/roles/common/templates/cron-logrotate-karbor.conf.j2 create mode 100644 ansible/roles/karbor/defaults/main.yml create mode 100644 ansible/roles/karbor/meta/main.yml create mode 100644 ansible/roles/karbor/tasks/bootstrap.yml create mode 100644 ansible/roles/karbor/tasks/bootstrap_service.yml create mode 100644 ansible/roles/karbor/tasks/config.yml create mode 100644 ansible/roles/karbor/tasks/deploy.yml create mode 100644 ansible/roles/karbor/tasks/main.yml create mode 100644 ansible/roles/karbor/tasks/precheck.yml create mode 100644 ansible/roles/karbor/tasks/pull.yml create mode 100644 ansible/roles/karbor/tasks/reconfigure.yml create mode 100644 ansible/roles/karbor/tasks/register.yml create mode 100644 ansible/roles/karbor/tasks/start.yml create mode 100644 ansible/roles/karbor/tasks/upgrade.yml create mode 100644 ansible/roles/karbor/templates/karbor-api.json.j2 create mode 100644 ansible/roles/karbor/templates/karbor-operationengine.json.j2 create mode 100644 ansible/roles/karbor/templates/karbor-protection.json.j2 create mode 100644 ansible/roles/karbor/templates/karbor.conf.j2 create mode 100644 ansible/roles/karbor/templates/providers.d/openstack-infra.conf.j2 create mode 100644 releasenotes/notes/add-karbor-role-96e8956cce8a7175.yaml diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 54b6268661..b51b98903e 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -216,6 +216,8 @@ trove_api_port: "8779" etcd_client_port: "2379" etcd_peer_port: "2380" +karbor_api_port: "8799" + kuryr_port: "23750" searchlight_api_port: "9393" @@ -299,6 +301,7 @@ enable_horizon_watcher: "{{ enable_watcher | bool }}" enable_influxdb: "no" enable_ironic: "no" enable_iscsid: "{{ enable_cinder_backend_iscsi | bool or enable_cinder_backend_lvm | bool or enable_ironic | bool }}" +enable_karbor: "no" enable_kuryr: "no" enable_magnum: "no" enable_manila: "no" diff --git a/ansible/inventory/all-in-one b/ansible/inventory/all-in-one index 2b182070ba..5daa04f1a0 100644 --- a/ansible/inventory/all-in-one +++ b/ansible/inventory/all-in-one @@ -29,6 +29,9 @@ monitoring [etcd:children] control +[karbor:children] +control + [kibana:children] control @@ -254,6 +257,16 @@ ironic-conductor [tgtd:children] storage +# Karbor +[karbor-api:children] +karbor + +[karbor-protection:children] +karbor + +[karbor-operationengine:children] +karbor + # Manila [manila-api:children] manila diff --git a/ansible/inventory/multinode b/ansible/inventory/multinode index dc6a8b1169..129883e9de 100644 --- a/ansible/inventory/multinode +++ b/ansible/inventory/multinode @@ -48,6 +48,9 @@ control [influxdb:children] monitoring +[karbor:children] +control + [kibana:children] control @@ -270,6 +273,16 @@ ironic-conductor [tgtd:children] storage +# Karbor +[karbor-api:children] +karbor + +[karbor-protection:children] +karbor + +[karbor-operationengine:children] +karbor + # Manila [manila-api:children] manila diff --git a/ansible/roles/common/tasks/config.yml b/ansible/roles/common/tasks/config.yml index 4fb093683d..a456bb81b0 100644 --- a/ansible/roles/common/tasks/config.yml +++ b/ansible/roles/common/tasks/config.yml @@ -87,6 +87,7 @@ - { name: "haproxy", enabled: "{{ enable_haproxy }}" } - { name: "heat", enabled: "{{ enable_heat }}" } - { name: "iscsid", enabled: "{{ enable_iscsid }}" } + - { name: "karbor", enabled: "{{ enable_karbor }}" } - { name: "keepalived", enabled: "{{ enable_haproxy }}" } - { name: "keystone", enabled: "{{ enable_keystone }}" } - { name: "magnum", enabled: "{{ enable_magnum }}" } diff --git a/ansible/roles/common/templates/cron-logrotate-karbor.conf.j2 b/ansible/roles/common/templates/cron-logrotate-karbor.conf.j2 new file mode 100644 index 0000000000..7c77eb239d --- /dev/null +++ b/ansible/roles/common/templates/cron-logrotate-karbor.conf.j2 @@ -0,0 +1,3 @@ +"/var/log/kolla/karbor/*.log" +{ +} diff --git a/ansible/roles/common/templates/cron.json.j2 b/ansible/roles/common/templates/cron.json.j2 index bb94d55d1c..bbf028a311 100644 --- a/ansible/roles/common/templates/cron.json.j2 +++ b/ansible/roles/common/templates/cron.json.j2 @@ -14,6 +14,7 @@ ( 'haproxy', enable_haproxy ), ( 'heat', enable_heat ), ( 'iscsid', enable_iscsid ), + ( 'karbor', enable_karbor ), ( 'keepalived', enable_haproxy ), ( 'keystone', enable_keystone ), ( 'magnum', enable_magnum ), diff --git a/ansible/roles/haproxy/tasks/precheck.yml b/ansible/roles/haproxy/tasks/precheck.yml index 9d9fcb53f3..90d3d3b99e 100644 --- a/ansible/roles/haproxy/tasks/precheck.yml +++ b/ansible/roles/haproxy/tasks/precheck.yml @@ -221,6 +221,16 @@ when: - enable_keystone | bool - "{{ 'keystone_external' not in haproxy_stat }}" + +- name: Checking free port for Karbor Admin HAProxy + wait_for: + host: "{{ kolla_internal_vip_address }}" + port: "{{ karbor_api_port }}" + connect_timeout: 1 + state: stopped + when: + - enable_karbor | bool + - "{{ 'karbor_api' not in haproxy_stat }}" - inventory_hostname in groups['haproxy'] - name: Checking free port for Kibana HAProxy diff --git a/ansible/roles/haproxy/templates/haproxy.cfg.j2 b/ansible/roles/haproxy/templates/haproxy.cfg.j2 index ee83f3f37b..b9eb13c4e3 100644 --- a/ansible/roles/haproxy/templates/haproxy.cfg.j2 +++ b/ansible/roles/haproxy/templates/haproxy.cfg.j2 @@ -363,6 +363,22 @@ listen ironic_api_external {% endif %} {% endif %} +{% if enable_karbor | bool %} +listen karbor_api + bind {{ kolla_internal_vip_address }}:{{ karbor_api_port }} +{% for host in groups['karbor-api'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ karbor_api_port }} check inter 2000 rise 2 fall 5 +{% endfor %} +{% if haproxy_enable_external_vip | bool %} + +listen karbor_api_external + bind {{ kolla_external_vip_address }}:{{ karbor_api_port }} {{ tls_bind_info }} +{% for host in groups['karbor-api'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ karbor_api_port }} check inter 2000 rise 2 fall 5 +{% endfor %} +{% endif %} +{% endif %} + {% if enable_senlin | bool %} listen senlin_api bind {{ kolla_internal_vip_address }}:{{ senlin_api_port }} diff --git a/ansible/roles/karbor/defaults/main.yml b/ansible/roles/karbor/defaults/main.yml new file mode 100644 index 0000000000..1b2e659be1 --- /dev/null +++ b/ansible/roles/karbor/defaults/main.yml @@ -0,0 +1,39 @@ +--- +project_name: "karbor" + +#################### +# Database +#################### +karbor_database_name: "karbor" +karbor_database_user: "karbor" +karbor_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}" + + +#################### +# Docker +#################### +karbor_protection_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-karbor-protection" +karbor_protection_tag: "{{ openstack_release }}" +karbor_protection_image_full: "{{ karbor_protection_image }}:{{ karbor_protection_tag }}" + +karbor_operationengine_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-karbor-operationengine" +karbor_operationengine_tag: "{{ openstack_release }}" +karbor_operationengine_image_full: "{{ karbor_operationengine_image }}:{{ karbor_operationengine_tag }}" + +karbor_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-karbor-api" +karbor_api_tag: "{{ openstack_release }}" +karbor_api_image_full: "{{ karbor_api_image }}:{{ karbor_api_tag }}" + + +#################### +# OpenStack +#################### +karbor_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ karbor_api_port }}/v1/%(tenant_id)s" +karbor_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ karbor_api_port }}/v1/%(tenant_id)s" +karbor_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ karbor_api_port }}/v1/%(tenant_id)s" + +karbor_logging_debug: "{{ openstack_logging_debug }}" + +karbor_keystone_user: "karbor" + +openstack_karbor_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}" diff --git a/ansible/roles/karbor/meta/main.yml b/ansible/roles/karbor/meta/main.yml new file mode 100644 index 0000000000..6b4fff8fef --- /dev/null +++ b/ansible/roles/karbor/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - { role: common } diff --git a/ansible/roles/karbor/tasks/bootstrap.yml b/ansible/roles/karbor/tasks/bootstrap.yml new file mode 100644 index 0000000000..8c36eedd3d --- /dev/null +++ b/ansible/roles/karbor/tasks/bootstrap.yml @@ -0,0 +1,41 @@ +--- +- name: Creating Karbor database + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m mysql_db + -a "login_host='{{ database_address }}' + login_port='{{ database_port }}' + login_user='{{ database_user }}' + login_password='{{ database_password }}' + name='{{ karbor_database_name }}'" + register: database + changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and + (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + failed_when: database.stdout.split()[2] != 'SUCCESS' + run_once: True + delegate_to: "{{ groups['karbor-api'][0] }}" + +- name: Reading json from variable + set_fact: + database_created: "{{ (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + +- name: Creating Karbor database user and setting permissions + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m mysql_user + -a "login_host='{{ database_address }}' + login_port='{{ database_port }}' + login_user='{{ database_user }}' + login_password='{{ database_password }}' + name='{{ karbor_database_name }}' + password='{{ karbor_database_password }}' + host='%' + priv='{{ karbor_database_name }}.*:ALL' + append_privs='yes'" + register: database_user_create + changed_when: "{{ database_user_create.stdout.find('localhost | SUCCESS => ') != -1 and + (database_user_create.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + failed_when: database_user_create.stdout.split()[2] != 'SUCCESS' + run_once: True + delegate_to: "{{ groups['karbor-api'][0] }}" + +- include: bootstrap_service.yml + when: database_created diff --git a/ansible/roles/karbor/tasks/bootstrap_service.yml b/ansible/roles/karbor/tasks/bootstrap_service.yml new file mode 100644 index 0000000000..f2cb6f9362 --- /dev/null +++ b/ansible/roles/karbor/tasks/bootstrap_service.yml @@ -0,0 +1,20 @@ +--- +- name: Running Karbor bootstrap container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + detach: False + environment: + KOLLA_BOOTSTRAP: + KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}" + image: "{{ karbor_api_image_full }}" + labels: + BOOTSTRAP: + name: "bootstrap_karbor" + restart_policy: "never" + volumes: + - "{{ node_config_directory }}/karbor-api/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + run_once: True + delegate_to: "{{ groups['karbor-api'][0] }}" diff --git a/ansible/roles/karbor/tasks/config.yml b/ansible/roles/karbor/tasks/config.yml new file mode 100644 index 0000000000..204b966629 --- /dev/null +++ b/ansible/roles/karbor/tasks/config.yml @@ -0,0 +1,47 @@ +--- +- name: Ensuring config directories exist + file: + path: "{{ node_config_directory }}/{{ item }}" + path: "{{ node_config_directory }}/{{ item }}/providers.d" + state: "directory" + recurse: yes + with_items: + - "karbor-api" + - "karbor-protection" + - "karbor-operationengine" + +- name: Copying over config.json files for services + template: + src: "{{ item }}.json.j2" + dest: "{{ node_config_directory }}/{{ item }}/config.json" + with_items: + - "karbor-api" + - "karbor-protection" + - "karbor-operationengine" + +- name: Copying over karbor.conf + merge_configs: + vars: + service_name: "{{ item }}" + sources: + - "{{ role_path }}/templates/karbor.conf.j2" + - "{{ node_config_directory }}/config/global.conf" + - "{{ node_config_directory }}/config/database.conf" + - "{{ node_config_directory }}/config/messaging.conf" + - "{{ node_config_directory }}/config/karbor.conf" + - "{{ node_config_directory }}/config/karbor/{{ item }}.conf" + - "{{ node_config_directory }}/config/karbor/{{ inventory_hostname }}/karbor.conf" + dest: "{{ node_config_directory }}/{{ item }}/karbor.conf" + with_items: + - "karbor-api" + - "karbor-protection" + - "karbor-operationengine" + +- name: Copying over openstack-infra.conf + template: + src: "providers.d/openstack-infra.conf.j2" + dest: "{{ node_config_directory }}/{{ item }}/providers.d/openstack-infra.conf" + with_items: + - "karbor-api" + - "karbor-protection" + - "karbor-operationengine" diff --git a/ansible/roles/karbor/tasks/deploy.yml b/ansible/roles/karbor/tasks/deploy.yml new file mode 100644 index 0000000000..4cb15ce2f6 --- /dev/null +++ b/ansible/roles/karbor/tasks/deploy.yml @@ -0,0 +1,16 @@ +--- +- include: register.yml + when: inventory_hostname in groups['karbor-api'] + +- include: config.yml + when: inventory_hostname in groups['karbor-api'] or + inventory_hostname in groups['karbor-protection'] or + inventory_hostname in groups['karbor-operationengine'] + +- include: bootstrap.yml + when: inventory_hostname in groups['karbor-api'] + +- include: start.yml + when: inventory_hostname in groups['karbor-api'] or + inventory_hostname in groups['karbor-protection'] or + inventory_hostname in groups['karbor-operationengine'] diff --git a/ansible/roles/karbor/tasks/main.yml b/ansible/roles/karbor/tasks/main.yml new file mode 100644 index 0000000000..b017e8b4ad --- /dev/null +++ b/ansible/roles/karbor/tasks/main.yml @@ -0,0 +1,2 @@ +--- +- include: "{{ action }}.yml" diff --git a/ansible/roles/karbor/tasks/precheck.yml b/ansible/roles/karbor/tasks/precheck.yml new file mode 100644 index 0000000000..1d5c0f3b77 --- /dev/null +++ b/ansible/roles/karbor/tasks/precheck.yml @@ -0,0 +1,16 @@ +--- +- name: Get container facts + kolla_container_facts: + name: + - karbor_api + register: container_facts + +- name: Checking free port for Karbor Admin + wait_for: + host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}" + port: "{{ karbor_api_port }}" + connect_timeout: 1 + state: stopped + when: + - inventory_hostname in groups['karbor-api'] + - container_facts['karbor-api'] is not defined diff --git a/ansible/roles/karbor/tasks/pull.yml b/ansible/roles/karbor/tasks/pull.yml new file mode 100644 index 0000000000..f000a878d4 --- /dev/null +++ b/ansible/roles/karbor/tasks/pull.yml @@ -0,0 +1,21 @@ +--- +- name: Pulling karbor-api image + kolla_docker: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ karbor_api_image_full }}" + when: inventory_hostname in groups['karbor-api'] + +- name: Pulling karbor-protection image + kolla_docker: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ karbor_protection_image_full }}" + when: inventory_hostname in groups['karbor-protection'] + +- name: Pulling karbor-operationengine image + kolla_docker: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ karbor_operationengine_image_full }}" + when: inventory_hostname in groups['karbor-operationengine'] diff --git a/ansible/roles/karbor/tasks/reconfigure.yml b/ansible/roles/karbor/tasks/reconfigure.yml new file mode 100644 index 0000000000..33776caa8a --- /dev/null +++ b/ansible/roles/karbor/tasks/reconfigure.yml @@ -0,0 +1,71 @@ +--- +- name: Ensuring the containers up + kolla_docker: + name: "{{ item.name }}" + action: "get_container_state" + register: container_state + failed_when: container_state.Running == false + when: inventory_hostname in groups[item.group] + with_items: + - { name: karbor_api, group: karbor-api } + - { name: karbor_protection, group: karbor-protection } + - { name: karbor_operationengine, group: karbor-operationengine } + +- include: config.yml + +- name: Check the configs + command: docker exec {{ item.name }} /usr/local/bin/kolla_set_configs --check + changed_when: false + failed_when: false + register: check_results + when: inventory_hostname in groups[item.group] + with_items: + - { name: karbor_api, group: karbor-api } + - { name: karbor_protection, group: karbor-protection } + - { name: karbor_operationengine, group: karbor-operationengine } + +- name: Containers config strategy + kolla_docker: + name: "{{ item.name }}" + action: "get_container_env" + register: container_envs + when: inventory_hostname in groups[item.group] + with_items: + - { name: karbor_api, group: karbor-api } + - { name: karbor_protection, group: karbor-protection } + - { name: karbor_operationengine, group: karbor-operationengine } + +- name: Remove the containers + kolla_docker: + name: "{{ item[0]['name'] }}" + action: "remove_container" + register: remove_containers + when: + - inventory_hostname in groups[item[0]['group']] + - config_strategy == "COPY_ONCE" or item[1]['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE' + - item[2]['rc'] == 1 + with_together: + - [{ name: karbor_api, group: karbor-api }, + { name: karbor_protection, group: karbor-protection }, + { name: karbor_operationengine, group: karbor-operationengine }] + - "{{ container_envs.results }}" + - "{{ check_results.results }}" + +- include: start.yml + when: remove_containers.changed + +- name: Restart containers + kolla_docker: + name: "{{ item[0]['name'] }}" + action: "restart_container" + when: + - inventory_hostname in groups[item[0]['group']] + - config_strategy == 'COPY_ALWAYS' + - item[1]['KOLLA_CONFIG_STRATEGY'] != 'COPY_ONCE' + - item[2]['rc'] == 1 + with_together: + - [{ name: karbor_api, group: karbor-api }, + { name: karbor_protection, group: karbor-protection }, + { name: karbor_operationengine, group: karbor-operationengine }] + - "{{ container_envs.results }}" + - "{{ check_results.results }}" diff --git a/ansible/roles/karbor/tasks/register.yml b/ansible/roles/karbor/tasks/register.yml new file mode 100644 index 0000000000..6ee562a605 --- /dev/null +++ b/ansible/roles/karbor/tasks/register.yml @@ -0,0 +1,40 @@ +--- +- name: Creating the Karbor service and endpoint + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m kolla_keystone_service + -a "service_name=karbor + service_type=data-protect + description='Application Data Protection Service' + endpoint_region={{ openstack_region_name }} + url='{{ item.url }}' + interface='{{ item.interface }}' + region_name={{ openstack_region_name }} + auth={{ '{{ openstack_karbor_auth }}' }}" + -e "{'openstack_karbor_auth':{{ openstack_karbor_auth }}}" + register: karbor_endpoint + changed_when: "{{ karbor_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (karbor_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + until: karbor_endpoint.stdout.split()[2] == 'SUCCESS' + retries: 10 + delay: 5 + run_once: True + with_items: + - {'interface': 'admin', 'url': '{{ karbor_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ karbor_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ karbor_public_endpoint }}'} + +- name: Creating the Karbor project, user, and role + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m kolla_keystone_user + -a "project=service + user=karbor + password={{ karbor_keystone_password }} + role=admin + region_name={{ openstack_region_name }} + auth={{ '{{ openstack_karbor_auth }}' }}" + -e "{'openstack_karbor_auth':{{ openstack_karbor_auth }}}" + register: karbor_user + changed_when: "{{ karbor_user.stdout.find('localhost | SUCCESS => ') != -1 and (karbor_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + until: karbor_user.stdout.split()[2] == 'SUCCESS' + retries: 10 + delay: 5 + run_once: True diff --git a/ansible/roles/karbor/tasks/start.yml b/ansible/roles/karbor/tasks/start.yml new file mode 100644 index 0000000000..f66173e083 --- /dev/null +++ b/ansible/roles/karbor/tasks/start.yml @@ -0,0 +1,36 @@ +--- +- name: Starting karbor-api container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + image: "{{ karbor_api_image_full }}" + name: "karbor_api" + volumes: + - "{{ node_config_directory }}/karbor-api/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + when: inventory_hostname in groups['karbor-api'] + +- name: Starting karbor-protection container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + image: "{{ karbor_protection_image_full }}" + name: "karbor_protection" + volumes: + - "{{ node_config_directory }}/karbor-protection/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + when: inventory_hostname in groups['karbor-protection'] + +- name: Starting karbor-operationengine container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + image: "{{ karbor_operationengine_image_full }}" + name: "karbor_operationengine" + volumes: + - "{{ node_config_directory }}/karbor-operationengine/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + when: inventory_hostname in groups['karbor-operationengine'] diff --git a/ansible/roles/karbor/tasks/upgrade.yml b/ansible/roles/karbor/tasks/upgrade.yml new file mode 100644 index 0000000000..308053080c --- /dev/null +++ b/ansible/roles/karbor/tasks/upgrade.yml @@ -0,0 +1,6 @@ +--- +- include: config.yml + +- include: bootstrap_service.yml + +- include: start.yml diff --git a/ansible/roles/karbor/templates/karbor-api.json.j2 b/ansible/roles/karbor/templates/karbor-api.json.j2 new file mode 100644 index 0000000000..cc67e710e9 --- /dev/null +++ b/ansible/roles/karbor/templates/karbor-api.json.j2 @@ -0,0 +1,18 @@ +{ + "command": "karbor-api --config-file /etc/karbor/karbor.conf", + "config_files": [ + { + "source": "{{ container_config_directory }}/karbor.conf", + "dest": "/etc/karbor/karbor.conf", + "owner": "karbor", + "perm": "0644" + } + ], + "permissions": [ + { + "path": "/var/log/kolla/karbor", + "owner": "karbor:karbor", + "recurse": true + } + ] +} diff --git a/ansible/roles/karbor/templates/karbor-operationengine.json.j2 b/ansible/roles/karbor/templates/karbor-operationengine.json.j2 new file mode 100644 index 0000000000..d07e481fcd --- /dev/null +++ b/ansible/roles/karbor/templates/karbor-operationengine.json.j2 @@ -0,0 +1,18 @@ +{ + "command": "karbor-operationengine --config-file /etc/karbor/karbor.conf", + "config_files": [ + { + "source": "{{ container_config_directory }}/karbor.conf", + "dest": "/etc/karbor/karbor.conf", + "owner": "karbor", + "perm": "0644" + } + ], + "permissions": [ + { + "path": "/var/log/kolla/karbor", + "owner": "karbor:karbor", + "recurse": true + } + ] +} diff --git a/ansible/roles/karbor/templates/karbor-protection.json.j2 b/ansible/roles/karbor/templates/karbor-protection.json.j2 new file mode 100644 index 0000000000..4094d4f447 --- /dev/null +++ b/ansible/roles/karbor/templates/karbor-protection.json.j2 @@ -0,0 +1,24 @@ +{ + "command": "karbor-protection --config-file /etc/karbor/karbor.conf", + "config_files": [ + { + "source": "{{ container_config_directory }}/karbor.conf", + "dest": "/etc/karbor/karbor.conf", + "owner": "karbor", + "perm": "0644" + }, + { + "source": "{{ container_config_directory }}/providers.d/openstack-infra.conf", + "dest": "/etc/karbor/providers.d/openstack-infra.conf", + "owner": "karbor", + "perm": "0644" + } + ], + "permissions": [ + { + "path": "/var/log/kolla/karbor", + "owner": "karbor:karbor", + "recurse": true + } + ] +} diff --git a/ansible/roles/karbor/templates/karbor.conf.j2 b/ansible/roles/karbor/templates/karbor.conf.j2 new file mode 100644 index 0000000000..62b1640cf2 --- /dev/null +++ b/ansible/roles/karbor/templates/karbor.conf.j2 @@ -0,0 +1,46 @@ +[DEFAULT] +debug = {{ karbor_logging_debug }} +log_dir = /var/log/kolla/karbor +transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{% if orchestration_engine == 'KUBERNETES' %}rabbitmq{% else %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}{% endif %}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %} + +{% if service_name == 'karbor-api' %} +osapi_karbor_listen = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }} +osapi_karbor_listen_port = {{ karbor_api_port }} +{% endif %} + +[database] +connection = mysql+pymysql://{{ karbor_database_user }}:{{ karbor_database_password }}@{{ karbor_database_address }}/{{ karbor_database_name }} +max_retries = -1 + +[trustee] +user_domain_id = default +username = {{ karbor_keystone_user }} +password = {{ karbor_keystone_password }} +auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:35357 +auth_type = password + +[clients_keystone] +auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:5000 + +[karbor_client] +version = 1 +service_type = data-protect +service_name = karbor + +[keystone_authtoken] +auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:5000 +auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:35357 +project_domain_name = Default +auth_type = password +project_domain_id = default +user_domain_id = default +project_name = service +username = {{ karbor_keystone_user }} +password = {{ karbor_keystone_password }} + +memcache_security_strategy = ENCRYPT +memcache_secret_key = {{ memcache_secret_key }} +memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} + +[oslo_messaging_rabbit] +transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{% if orchestration_engine == 'KUBERNETES' %}rabbitmq{% else %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}{% endif %}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %} diff --git a/ansible/roles/karbor/templates/providers.d/openstack-infra.conf.j2 b/ansible/roles/karbor/templates/providers.d/openstack-infra.conf.j2 new file mode 100644 index 0000000000..577f797ce2 --- /dev/null +++ b/ansible/roles/karbor/templates/providers.d/openstack-infra.conf.j2 @@ -0,0 +1,21 @@ +[provider] +name = OS Infra Provider +description = This provider uses OpenStack's own services (swift, cinder) as storage +id = {{ karbor_openstack_infra_id }} + +plugin=karbor-volume-protection-plugin +plugin=karbor-image-protection-plugin +plugin=karbor-server-protection-plugin +bank=karbor-swift-bank-plugin + +[swift_client] +swift_auth_url={{ internal_protocol }}://{{ kolla_internal_fqdn }}:5000/v2.0/ +swift_auth_version=2 +swift_user=admin +swift_key={{ keystone_admin_password }} +swift_tenant_name=admin + +[swift_bank_plugin] +lease_expire_window=120 +lease_renew_window=100 +lease_validity_window=100 diff --git a/ansible/site.yml b/ansible/site.yml index 9fe92f13ad..4596dc93b2 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -138,8 +138,7 @@ when: enable_etcd | bool } - name: Apply role keystone - hosts: - - keystone + hosts: keystone serial: '{{ serial|default("0") }}' roles: - { role: keystone, @@ -157,6 +156,14 @@ tags: ceph, when: enable_ceph | bool } +- name: Apply role karbor + hosts: karbor + serial: '{{ serial|default("0") }}' + roles: + - { role: karbor, + tags: karbor, + when: enable_karbor | bool } + - name: Apply role swift hosts: - swift-account-server diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml index fb6c1d7f95..e8e288fbf3 100644 --- a/etc/kolla/globals.yml +++ b/etc/kolla/globals.yml @@ -150,6 +150,7 @@ kolla_internal_vip_address: "10.10.10.254" #enable_horizon_watcher: "{{ enable_watcher | bool }}" #enable_influxdb: "no" #enable_ironic: "no" +#enable_karbor: "no" #enable_kuryr: "no" #enable_magnum: "no" #enable_manila: "no" diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml index 5ddb283973..bafe4906b9 100644 --- a/etc/kolla/passwords.yml +++ b/etc/kolla/passwords.yml @@ -39,6 +39,10 @@ glance_keystone_password: gnocchi_database_password: gnocchi_keystone_password: +karbor_database_password: +karbor_keystone_password: +karbor_openstack_infra_id: + kuryr_keystone_password: nova_database_password: diff --git a/kolla/cmd/genpwd.py b/kolla/cmd/genpwd.py index ed716b58e0..11d15fbd80 100755 --- a/kolla/cmd/genpwd.py +++ b/kolla/cmd/genpwd.py @@ -53,7 +53,8 @@ def main(): # These keys should be random uuids uuid_keys = ['ceph_cluster_fsid', 'rbd_secret_uuid', 'gnocchi_project_id', 'gnocchi_resource_id', - 'gnocchi_user_id', 'designate_pool_id'] + 'gnocchi_user_id', 'designate_pool_id', + 'karbor_openstack_infra_id'] # SSH key pair ssh_keys = ['kolla_ssh_key', 'nova_ssh_key', diff --git a/releasenotes/notes/add-karbor-role-96e8956cce8a7175.yaml b/releasenotes/notes/add-karbor-role-96e8956cce8a7175.yaml new file mode 100644 index 0000000000..0f3f407cce --- /dev/null +++ b/releasenotes/notes/add-karbor-role-96e8956cce8a7175.yaml @@ -0,0 +1,5 @@ +--- +features: + - Add Karbor ansible role, Karbor is an OpenStack project + that provides a pluggable framework for protecting and + restoring Data and Metadata.