From 79df5d84f8eab95cb46bb807b493dfcffdc87dd2 Mon Sep 17 00:00:00 2001 From: Eduardo Gonzalez Date: Tue, 15 Nov 2016 18:51:52 +0000 Subject: [PATCH] Tacker NFV Ansible support Add Ansible configuration for Tacker NFV service Change-Id: I472d96e13a5270d1ee219c2f72f57d9c361f87a6 Partially-Implements: blueprint tacker-support --- README.rst | 1 + ansible/group_vars/all.yml | 3 + ansible/inventory/all-in-one | 3 + ansible/inventory/multinode | 3 + ansible/roles/common/tasks/config.yml | 1 + .../templates/cron-logrotate-tacker.conf.j2 | 3 + ansible/roles/common/templates/cron.json.j2 | 3 +- .../common/templates/heka-openstack.toml.j2 | 2 +- .../roles/haproxy/templates/haproxy.cfg.j2 | 16 +++++ .../roles/neutron/templates/ml2_conf.ini.j2 | 4 ++ ansible/roles/prechecks/tasks/port_checks.yml | 20 ++++++ ansible/roles/tacker/defaults/main.yml | 29 +++++++++ ansible/roles/tacker/meta/main.yml | 3 + ansible/roles/tacker/tasks/bootstrap.yml | 41 ++++++++++++ .../roles/tacker/tasks/bootstrap_service.yml | 20 ++++++ ansible/roles/tacker/tasks/config.yml | 44 +++++++++++++ ansible/roles/tacker/tasks/deploy.yml | 8 +++ ansible/roles/tacker/tasks/main.yml | 2 + ansible/roles/tacker/tasks/pull.yml | 6 ++ ansible/roles/tacker/tasks/reconfigure.yml | 64 +++++++++++++++++++ ansible/roles/tacker/tasks/register.yml | 40 ++++++++++++ ansible/roles/tacker/tasks/start.yml | 11 ++++ ansible/roles/tacker/tasks/upgrade.yml | 6 ++ ansible/roles/tacker/templates/tacker.conf.j2 | 59 +++++++++++++++++ ansible/roles/tacker/templates/tacker.json.j2 | 25 ++++++++ ansible/site.yml | 7 ++ etc/kolla/globals.yml | 1 + etc/kolla/passwords.yml | 3 + .../tacker-support-49dd2c2c1bd2ef61.yaml | 4 ++ 29 files changed, 430 insertions(+), 2 deletions(-) create mode 100644 ansible/roles/common/templates/cron-logrotate-tacker.conf.j2 create mode 100644 ansible/roles/tacker/defaults/main.yml create mode 100644 ansible/roles/tacker/meta/main.yml create mode 100644 ansible/roles/tacker/tasks/bootstrap.yml create mode 100644 ansible/roles/tacker/tasks/bootstrap_service.yml create mode 100644 ansible/roles/tacker/tasks/config.yml create mode 100644 ansible/roles/tacker/tasks/deploy.yml create mode 100644 ansible/roles/tacker/tasks/main.yml create mode 100644 ansible/roles/tacker/tasks/pull.yml create mode 100644 ansible/roles/tacker/tasks/reconfigure.yml create mode 100644 ansible/roles/tacker/tasks/register.yml create mode 100644 ansible/roles/tacker/tasks/start.yml create mode 100644 ansible/roles/tacker/tasks/upgrade.yml create mode 100644 ansible/roles/tacker/templates/tacker.conf.j2 create mode 100644 ansible/roles/tacker/templates/tacker.json.j2 create mode 100644 releasenotes/notes/tacker-support-49dd2c2c1bd2ef61.yaml diff --git a/README.rst b/README.rst index 65544b5fb9..ca7b92ab55 100644 --- a/README.rst +++ b/README.rst @@ -89,6 +89,7 @@ Kolla provides images to deploy the following OpenStack projects: - `Senlin `__ - `Solum `__ - `Swift `__ +- `Tacker `__ - `Tempest `__ - `Trove `__ - `Vmtp `__ diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 494790e6bc..3be6d62e2d 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -210,6 +210,8 @@ searchlight_api_port: "9393" grafana_server_port: "3000" +tacker_server_port: "9890" + public_protocol: "{{ 'https' if kolla_enable_tls_external | bool else 'http' }}" internal_protocol: "http" admin_protocol: "http" @@ -291,6 +293,7 @@ enable_searchlight: "no" enable_senlin: "no" enable_solum: "no" enable_swift: "no" +enable_tacker: "no" enable_telegraf: "no" enable_tempest: "no" enable_trove: "no" diff --git a/ansible/inventory/all-in-one b/ansible/inventory/all-in-one index ca693c0ff4..4a19ef581c 100644 --- a/ansible/inventory/all-in-one +++ b/ansible/inventory/all-in-one @@ -126,6 +126,9 @@ control [congress:children] control +[tacker:children] +control + # Tempest [tempest:children] control diff --git a/ansible/inventory/multinode b/ansible/inventory/multinode index 728be081ea..d941b677ff 100644 --- a/ansible/inventory/multinode +++ b/ansible/inventory/multinode @@ -141,6 +141,9 @@ control [gnocchi:children] control +[tacker:children] +control + [trove:children] control diff --git a/ansible/roles/common/tasks/config.yml b/ansible/roles/common/tasks/config.yml index 00a83a7b86..f07d9a610c 100644 --- a/ansible/roles/common/tasks/config.yml +++ b/ansible/roles/common/tasks/config.yml @@ -100,4 +100,5 @@ - { name: "senlin", enabled: "{{ enable_senlin }}" } - { name: "solum", enabled: "{{ enable_solum }}" } - { name: "swift", enabled: "{{ enable_swift }}" } + - { name: "tacker", enabled: "{{ enable_tacker }}" } - { name: "watcher", enabled: "{{ enable_watcher }}" } diff --git a/ansible/roles/common/templates/cron-logrotate-tacker.conf.j2 b/ansible/roles/common/templates/cron-logrotate-tacker.conf.j2 new file mode 100644 index 0000000000..6815816451 --- /dev/null +++ b/ansible/roles/common/templates/cron-logrotate-tacker.conf.j2 @@ -0,0 +1,3 @@ +"/var/log/kolla/tacker/*.log" +{ +} diff --git a/ansible/roles/common/templates/cron.json.j2 b/ansible/roles/common/templates/cron.json.j2 index 610145f25b..adc437a489 100644 --- a/ansible/roles/common/templates/cron.json.j2 +++ b/ansible/roles/common/templates/cron.json.j2 @@ -27,7 +27,8 @@ ( 'searchlight', enable_searchlight ), ( 'senlin', enable_senlin ), ( 'solum', enable_solum ), - ( 'swift', enable_swift ) + ( 'swift', enable_swift ), + ( 'tacker', enable_tacker ) ] %} { "command": "{{ cron_cmd }}", diff --git a/ansible/roles/common/templates/heka-openstack.toml.j2 b/ansible/roles/common/templates/heka-openstack.toml.j2 index 1a22733805..56c008b804 100644 --- a/ansible/roles/common/templates/heka-openstack.toml.j2 +++ b/ansible/roles/common/templates/heka-openstack.toml.j2 @@ -6,6 +6,6 @@ filename = "lua_decoders/os_openstack_log.lua" type = "LogstreamerInput" decoder = "openstack_log_decoder" log_directory = "/var/log/kolla" -file_match = '(?Pcloudkitty|nova|glance|keystone|neutron|ceph|cinder|heat|murano|magnum|mistral|manila|searchlight|senlin|sahara)/(?P.*)\.log\.?(?P\d*)$' +file_match = '(?Pcloudkitty|nova|glance|keystone|neutron|ceph|cinder|heat|murano|magnum|mistral|manila|searchlight|senlin|sahara|tacker)/(?P.*)\.log\.?(?P\d*)$' priority = ["^Seq"] differentiator = ["Service", "_", "Program"] diff --git a/ansible/roles/haproxy/templates/haproxy.cfg.j2 b/ansible/roles/haproxy/templates/haproxy.cfg.j2 index abedfbf024..cceae6a2e5 100644 --- a/ansible/roles/haproxy/templates/haproxy.cfg.j2 +++ b/ansible/roles/haproxy/templates/haproxy.cfg.j2 @@ -647,6 +647,22 @@ listen mistral_api_external {% endif %} {% endif %} +{% if enable_tacker | bool %} +listen tacker_server + bind {{ kolla_internal_vip_address }}:{{ tacker_server_port }} +{% for host in groups['tacker'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ tacker_server_port }} check inter 2000 rise 2 fall 5 +{% endfor %} +{% if haproxy_enable_external_vip | bool %} + +listen tacker_server_external + bind {{ kolla_external_vip_address }}:{{ tacker_server_port }} {{ tls_bind_info }} +{% for host in groups['tacker'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ tacker_server_port }} check inter 2000 rise 2 fall 5 +{% endfor %} +{% endif %} +{% endif %} + # (NOTE): This defaults section deletes forwardfor as recommended by: # https://marc.info/?l=haproxy&m=141684110710132&w=1 diff --git a/ansible/roles/neutron/templates/ml2_conf.ini.j2 b/ansible/roles/neutron/templates/ml2_conf.ini.j2 index b689440e0d..b9cb102af3 100644 --- a/ansible/roles/neutron/templates/ml2_conf.ini.j2 +++ b/ansible/roles/neutron/templates/ml2_conf.ini.j2 @@ -19,6 +19,10 @@ mechanism_drivers = linuxbridge,l2population extension_drivers = qos {% endif %} +{% if enable_tacker | bool %} +extension_drivers = port_security +{% endif %} + [ml2_type_vlan] {% if enable_ironic | bool %} network_vlan_ranges = physnet1 diff --git a/ansible/roles/prechecks/tasks/port_checks.yml b/ansible/roles/prechecks/tasks/port_checks.yml index eef306fc2f..dc7dfa1159 100644 --- a/ansible/roles/prechecks/tasks/port_checks.yml +++ b/ansible/roles/prechecks/tasks/port_checks.yml @@ -929,3 +929,23 @@ when: - inventory_hostname in groups['haproxy'] - enable_searchlight | bool + +- name: Checking free port for Tacker Server + wait_for: + host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}" + port: "{{ tacker_server_port }}" + connect_timeout: 1 + state: stopped + when: + - inventory_hostname in groups['tacker'] + - enable_tacker | bool + +- name: Checking free port for Tacker Server HAProxy + wait_for: + host: "{{ kolla_internal_vip_address }}" + port: "{{ tacker_server_port }}" + connect_timeout: 1 + state: stopped + when: + - inventory_hostname in groups['haproxy'] + - enable_tacker | bool diff --git a/ansible/roles/tacker/defaults/main.yml b/ansible/roles/tacker/defaults/main.yml new file mode 100644 index 0000000000..6c1fc6c0e3 --- /dev/null +++ b/ansible/roles/tacker/defaults/main.yml @@ -0,0 +1,29 @@ +--- +project_name: "tacker" + +#################### +# Database +#################### +tacker_database_name: "tacker" +tacker_database_user: "tacker" +tacker_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}" + +######## +# Docker +######## +tacker_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-tacker" +tacker_tag: "{{ openstack_release }}" +tacker_image_full: "{{ tacker_image }}:{{ tacker_tag }}" + +#################### +# OpenStack +#################### +tacker_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ tacker_server_port }}" +tacker_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ tacker_server_port }}" +tacker_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ tacker_server_port }}" + +tacker_logging_debug: "{{ openstack_logging_debug }}" + +tacker_keystone_user: "tacker" + +openstack_tacker_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}" diff --git a/ansible/roles/tacker/meta/main.yml b/ansible/roles/tacker/meta/main.yml new file mode 100644 index 0000000000..6b4fff8fef --- /dev/null +++ b/ansible/roles/tacker/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - { role: common } diff --git a/ansible/roles/tacker/tasks/bootstrap.yml b/ansible/roles/tacker/tasks/bootstrap.yml new file mode 100644 index 0000000000..5937c2add8 --- /dev/null +++ b/ansible/roles/tacker/tasks/bootstrap.yml @@ -0,0 +1,41 @@ +--- +- name: Creating tacker database + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m mysql_db + -a "login_host='{{ database_address }}' + login_port='{{ database_port }}' + login_user='{{ database_user }}' + login_password='{{ database_password }}' + name='{{ tacker_database_name }}'" + register: database + changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and + (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + failed_when: database.stdout.split()[2] != 'SUCCESS' + run_once: True + delegate_to: "{{ groups['tacker'][0] }}" + +- name: Reading json from variable + set_fact: + database_created: "{{ (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + +- name: Creating tacker database user and setting permissions + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m mysql_user + -a "login_host='{{ database_address }}' + login_port='{{ database_port }}' + login_user='{{ database_user }}' + login_password='{{ database_password }}' + name='{{ tacker_database_name }}' + password='{{ tacker_database_password }}' + host='%' + priv='{{ tacker_database_name }}.*:ALL' + append_privs='yes'" + register: database_user_create + changed_when: "{{ database_user_create.stdout.find('localhost | SUCCESS => ') != -1 and + (database_user_create.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + failed_when: database_user_create.stdout.split()[2] != 'SUCCESS' + run_once: True + delegate_to: "{{ groups['tacker'][0] }}" + +- include: bootstrap_service.yml + when: database_created diff --git a/ansible/roles/tacker/tasks/bootstrap_service.yml b/ansible/roles/tacker/tasks/bootstrap_service.yml new file mode 100644 index 0000000000..039f3e6d99 --- /dev/null +++ b/ansible/roles/tacker/tasks/bootstrap_service.yml @@ -0,0 +1,20 @@ +--- +- name: Running tacker bootstrap container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + detach: False + environment: + KOLLA_BOOTSTRAP: + KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}" + image: "{{ tacker_image_full }}" + labels: + BOOTSTRAP: + name: "bootstrap_tacker" + restart_policy: "never" + volumes: + - "{{ node_config_directory }}/tacker/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + run_once: True + delegate_to: "{{ groups['tacker'][0] }}" diff --git a/ansible/roles/tacker/tasks/config.yml b/ansible/roles/tacker/tasks/config.yml new file mode 100644 index 0000000000..b7d821d0dd --- /dev/null +++ b/ansible/roles/tacker/tasks/config.yml @@ -0,0 +1,44 @@ +--- +- name: Ensuring config directories exist + file: + path: "{{ node_config_directory }}/{{ item }}" + state: "directory" + recurse: yes + with_items: + - "tacker" + +- name: Copying over config.json files for services + template: + src: "{{ item }}.json.j2" + dest: "{{ node_config_directory }}/{{ item }}/config.json" + with_items: + - "tacker" + +- name: Copying over tacker.conf + merge_configs: + vars: + service_name: "{{ item }}" + sources: + - "{{ role_path }}/templates/tacker.conf.j2" + - "{{ node_custom_config }}/global.conf" + - "{{ node_custom_config }}/database.conf" + - "{{ node_custom_config }}/messaging.conf" + - "{{ node_custom_config }}/tacker.conf" + - "{{ node_custom_config }}/tacker/{{ item }}.conf" + - "{{ node_custom_config }}/tacker/{{ inventory_hostname }}/tacker.conf" + dest: "{{ node_config_directory }}/{{ item }}/tacker.conf" + with_items: + - "tacker" + +- name: Check if policies shall be overwritten + local_action: stat path="{{ node_custom_config }}/tacker/policy.json" + register: tacker_policy + +- name: Copying over existing policy.json + template: + src: "{{ node_custom_config }}/tacker/policy.json" + dest: "{{ node_config_directory }}/{{ item }}/policy.json" + with_items: + - "tacker" + when: + tacker_policy.stat.exists diff --git a/ansible/roles/tacker/tasks/deploy.yml b/ansible/roles/tacker/tasks/deploy.yml new file mode 100644 index 0000000000..5c48120b7c --- /dev/null +++ b/ansible/roles/tacker/tasks/deploy.yml @@ -0,0 +1,8 @@ +--- +- include: register.yml + +- include: config.yml + +- include: bootstrap.yml + +- include: start.yml diff --git a/ansible/roles/tacker/tasks/main.yml b/ansible/roles/tacker/tasks/main.yml new file mode 100644 index 0000000000..b017e8b4ad --- /dev/null +++ b/ansible/roles/tacker/tasks/main.yml @@ -0,0 +1,2 @@ +--- +- include: "{{ action }}.yml" diff --git a/ansible/roles/tacker/tasks/pull.yml b/ansible/roles/tacker/tasks/pull.yml new file mode 100644 index 0000000000..c1e1bd19af --- /dev/null +++ b/ansible/roles/tacker/tasks/pull.yml @@ -0,0 +1,6 @@ +--- +- name: Pulling tacker image + kolla_docker: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ tacker_image_full }}" diff --git a/ansible/roles/tacker/tasks/reconfigure.yml b/ansible/roles/tacker/tasks/reconfigure.yml new file mode 100644 index 0000000000..60a29c0f06 --- /dev/null +++ b/ansible/roles/tacker/tasks/reconfigure.yml @@ -0,0 +1,64 @@ +--- +- name: Ensuring the containers up + kolla_docker: + name: "{{ item.name }}" + action: "get_container_state" + register: container_state + failed_when: container_state.Running == false + when: inventory_hostname in groups[item.group] + with_items: + - { name: tacker, group: tacker } + +- include: config.yml + +- name: Check the configs + command: docker exec {{ item.name }} /usr/local/bin/kolla_set_configs --check + changed_when: false + failed_when: false + register: check_results + when: inventory_hostname in groups[item.group] + with_items: + - { name: tacker, group: tacker } + +# NOTE(jeffrey4l): when config_strategy == 'COPY_ALWAYS' +# and container env['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE', +# just remove the container and start again +- name: Containers config strategy + kolla_docker: + name: "{{ item.name }}" + action: "get_container_env" + register: container_envs + when: inventory_hostname in groups[item.group] + with_items: + - { name: tacker, group: tacker } + +- name: Remove the containers + kolla_docker: + name: "{{ item[0]['name'] }}" + action: "remove_container" + register: remove_containers + when: + - config_strategy == "COPY_ONCE" or item[1]['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE' + - item[2]['rc'] == 1 + - inventory_hostname in groups[item[0]['group']] + with_together: + - [{ name: tacker, group: tacker }] + - "{{ container_envs.results }}" + - "{{ check_results.results }}" + +- include: start.yml + when: remove_containers.changed + +- name: Restart containers + kolla_docker: + name: "{{ item[0]['name'] }}" + action: "restart_container" + when: + - config_strategy == 'COPY_ALWAYS' + - item[1]['KOLLA_CONFIG_STRATEGY'] != 'COPY_ONCE' + - item[2]['rc'] == 1 + - inventory_hostname in groups[item[0]['group']] + with_together: + - [{ name: tacker, group: tacker }] + - "{{ container_envs.results }}" + - "{{ check_results.results }}" diff --git a/ansible/roles/tacker/tasks/register.yml b/ansible/roles/tacker/tasks/register.yml new file mode 100644 index 0000000000..c039e9afb1 --- /dev/null +++ b/ansible/roles/tacker/tasks/register.yml @@ -0,0 +1,40 @@ +--- +- name: Creating the Tacker service and endpoint + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m kolla_keystone_service + -a "service_name=tacker + service_type=nfv-orchestration + description='Tacker Service' + endpoint_region={{ openstack_region_name }} + url='{{ item.url }}' + interface='{{ item.interface }}' + region_name={{ openstack_region_name }} + auth={{ '{{ openstack_tacker_auth }}' }}" + -e "{'openstack_tacker_auth':{{ openstack_tacker_auth }}}" + register: tacker_endpoint + changed_when: "{{ tacker_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (tacker_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + until: tacker_endpoint.stdout.split()[2] == 'SUCCESS' + retries: 10 + delay: 5 + run_once: True + with_items: + - {'interface': 'admin', 'url': '{{ tacker_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ tacker_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ tacker_public_endpoint }}'} + +- name: Creating the Tacker project, user, and role + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m kolla_keystone_user + -a "project=service + user=tacker + password={{ tacker_keystone_password }} + role=admin + region_name={{ openstack_region_name }} + auth={{ '{{ openstack_tacker_auth }}' }}" + -e "{'openstack_tacker_auth':{{ openstack_tacker_auth }}}" + register: tacker_user + changed_when: "{{ tacker_user.stdout.find('localhost | SUCCESS => ') != -1 and (tacker_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + until: tacker_user.stdout.split()[2] == 'SUCCESS' + retries: 10 + delay: 5 + run_once: True diff --git a/ansible/roles/tacker/tasks/start.yml b/ansible/roles/tacker/tasks/start.yml new file mode 100644 index 0000000000..2d8214fe7b --- /dev/null +++ b/ansible/roles/tacker/tasks/start.yml @@ -0,0 +1,11 @@ +--- +- name: Starting tacker container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + image: "{{ tacker_image_full }}" + name: "tacker" + volumes: + - "{{ node_config_directory }}/tacker/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" diff --git a/ansible/roles/tacker/tasks/upgrade.yml b/ansible/roles/tacker/tasks/upgrade.yml new file mode 100644 index 0000000000..308053080c --- /dev/null +++ b/ansible/roles/tacker/tasks/upgrade.yml @@ -0,0 +1,6 @@ +--- +- include: config.yml + +- include: bootstrap_service.yml + +- include: start.yml diff --git a/ansible/roles/tacker/templates/tacker.conf.j2 b/ansible/roles/tacker/templates/tacker.conf.j2 new file mode 100644 index 0000000000..ebdc278c42 --- /dev/null +++ b/ansible/roles/tacker/templates/tacker.conf.j2 @@ -0,0 +1,59 @@ +[DEFAULT] +debug = {{ tacker_logging_debug }} + +log_dir = /var/log/kolla/tacker + +transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %} + +bind_host = {{ api_interface_address }} +bind_port = {{ tacker_server_port }} + +{% if enable_nova | bool %} +nova_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ nova_api_port }} +nova_admin_user_name = nova +nova_admin_password = {{ nova_keystone_password }} +nova_admin_tenant_id = service +nova_admin_auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} + +[tacker_nova] +auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} +auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_type = password +project_domain_id = default +user_domain_id = default +project_name = service +username = {{ nova_keystone_user }} +password = {{ nova_keystone_password }} +auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +{% endif %} + +[database] +connection = mysql+pymysql://{{ tacker_database_user }}:{{ tacker_database_password }}@{{ tacker_database_address }}/{{ tacker_database_name }} +max_retries = -1 + +[keystone_authtoken] +auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} +auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_type = password +project_domain_id = default +user_domain_id = default +project_name = service +username = {{ tacker_keystone_user }} +password = {{ tacker_keystone_password }} + +memcache_security_strategy = ENCRYPT +memcache_secret_key = {{ memcache_secret_key }} +memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} + +{% if enable_heat | bool %} +[tacker_heat] +heat_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ heat_api_port }}/v1 +{% endif %} + +[oslo_messaging_notifications] +{% if enable_ceilometer | bool %} +driver = messagingv2 +topics = notifications +{% else %} +driver = noop +{% endif %} diff --git a/ansible/roles/tacker/templates/tacker.json.j2 b/ansible/roles/tacker/templates/tacker.json.j2 new file mode 100644 index 0000000000..81a519cf89 --- /dev/null +++ b/ansible/roles/tacker/templates/tacker.json.j2 @@ -0,0 +1,25 @@ +{ + "command": "tacker-server --config-file /etc/tacker/tacker.conf", + "config_files":[ + { + "source": "{{ container_config_directory }}/tacker.conf", + "dest": "/etc/tacker/tacker.conf", + "owner": "tacker", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/tacker/policy.json", + "owner": "tacker", + "perm": "0600", + "optional": true + } + ], + "permissions": [ + { + "path": "/var/log/kolla/tacker", + "owner": "tacker:tacker", + "recurse": true + } + ] +} diff --git a/ansible/site.yml b/ansible/site.yml index 62c53f5a4d..0055a13515 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -433,3 +433,10 @@ - { role: searchlight, tags: searchlight, when: enable_searchlight | bool } + +- hosts: tacker + serial: '{{ serial|default("0") }}' + roles: + - { role: tacker, + tags: tacker, + when: enable_tacker | bool } diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml index 2e13289802..c5b4d57acc 100644 --- a/etc/kolla/globals.yml +++ b/etc/kolla/globals.yml @@ -155,6 +155,7 @@ kolla_internal_vip_address: "10.10.10.254" #enable_solum: "no" #enable_swift: "no" #enable_telegraf: "no" +#enable_tacker: "no" #enable_tempest: "no" #enable_watcher: "no" diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml index da095040a0..b37451d1bb 100644 --- a/etc/kolla/passwords.yml +++ b/etc/kolla/passwords.yml @@ -108,6 +108,9 @@ manila_keystone_password: searchlight_keystone_password: +tacker_database_password: +tacker_keystone_password: + memcache_secret_key: nova_ssh_key: diff --git a/releasenotes/notes/tacker-support-49dd2c2c1bd2ef61.yaml b/releasenotes/notes/tacker-support-49dd2c2c1bd2ef61.yaml new file mode 100644 index 0000000000..ac98611120 --- /dev/null +++ b/releasenotes/notes/tacker-support-49dd2c2c1bd2ef61.yaml @@ -0,0 +1,4 @@ +--- +features: + - OpenStack Tacker NFV service Ansible support is included + in Kolla.