Add qdrouterd role for messaging infrastructure component

Adding the role needed to run the qdrouterd as an infrastructure
component which provides a messaging backend for the
oslo.messaging AMQP 1.0 driver. The qdrouterd will provide direct
messaging capabilities for the RPC messaging pattern in support
of hybrid messaging deployments.

Implements: blueprint qdrouterd-role
Change-Id: I74c654b3c70f61f81c2c7efa87f076a62a4a2dd8

ansible/group_vars/all.yml

@@ -234,6 +234,8 @@ panko_api_port: "8977"
 
 placement_api_port: "8780"
 
+qdrouterd_port: "15676"
+
 rabbitmq_port: "5672"
 rabbitmq_management_port: "15672"
 rabbitmq_cluster_port: "25672"
@@ -385,6 +387,7 @@ enable_octavia: "no"
 enable_openvswitch: "{{ neutron_plugin_agent != 'linuxbridge' | bool }}"
 enable_osprofiler: "no"
 enable_panko: "no"
+enable_qdrouterd: "no"
 enable_rally: "no"
 enable_sahara: "no"
 enable_searchlight: "no"
@@ -430,6 +433,11 @@ rabbitmq_user: "openstack"
 rabbitmq_version: "rabbitmq_server-3.6/plugins/rabbitmq_clusterer-3.6.x.ez/rabbitmq_clusterer-3.6.x-667f92b0/ebin"
 outward_rabbitmq_user: "openstack"
 
+####################
+# Qdrouterd options
+####################
+qdrouterd_user: "openstack"
+
 ####################
 # HAProxy options
 ####################

ansible/inventory/all-in-one

@@ -80,6 +80,9 @@ control
 [outward-rabbitmq:children]
 control
 
+[qdrouterd:children]
+control
+
 [mongodb:children]
 control
 

ansible/inventory/multinode

@@ -101,6 +101,9 @@ control
 [outward-rabbitmq:children]
 control
 
+[qdrouterd:children]
+control
+
 [mongodb:children]
 control
 

ansible/roles/qdrouterd/defaults/main.yml

@@ -0,0 +1,22 @@
+---
+project_name: "qdrouterd"
+
+qdrouterd_services:
+  qdrouterd:
+    container_name: qdrouterd
+    group: qdrouterd
+    enabled: true
+    image: "{{ qdrouterd_image_full }}"
+    volumes:
+      - "{{ node_config_directory }}/qdrouterd/:{{ container_config_directory }}/:ro"
+      - "/etc/localtime:/etc/localtime:ro"
+      - "qdrouterd:/var/lib/qdrouterd/"
+      - "kolla_logs:/var/log/kolla/"
+
+
+####################
+# Docker
+####################
+qdrouterd_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-qdrouterd"
+qdrouterd_tag: "{{ openstack_release }}"
+qdrouterd_image_full: "{{ qdrouterd_image }}:{{ qdrouterd_tag }}"

ansible/roles/qdrouterd/handlers/main.yml

@@ -0,0 +1,21 @@
+---
+- name: Restart qdrouterd container
+  vars:
+    service_name: "qdrouterd"
+    service: "{{ qdrouterd_services[service_name] }}"
+    config_json: "{{ qdrouterd_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    qdrouterd_container: "{{ check_qdrouterd_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
+  kolla_docker:
+    action: "recreate_or_restart_container"
+    common_options: "{{ docker_common_options }}"
+    name: "{{ service.container_name }}"
+    image: "{{ service.image }}"
+    volumes: "{{ service.volumes }}"
+  when:
+    - action != "config"
+    - inventory_hostname in groups[service.group]
+    - service.enabled | bool
+    - config_json.changed | bool
+      or qdrouterd_confs.changed | bool
+      or qdrouterd_sasl_confs.changed | bool
+      or qdrouterd_container.changed | bool

ansible/roles/qdrouterd/meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - { role: common }

ansible/roles/qdrouterd/tasks/add_sasl_user.yml

@@ -0,0 +1,16 @@
+---
+- name: Wait for qdrouterd is up
+  wait_for:
+    host: "{{ api_interface_address }}"
+    port: "{{ qdrouterd_port }}"
+    connect_timeout: 1
+    state: started
+  when:
+    - action != "config"
+
+- name: Create qdrouterd sasl user
+  shell: echo {{ qdrouterd_password }} | docker exec -u root -i qdrouterd saslpasswd2 -c -p -f /var/lib/qdrouterd/qdrouterd.sasldb -u AMQP {{ qdrouterd_user }}
+  run_once: true
+  changed_when: true
+  when:
+    - action != "config"

ansible/roles/qdrouterd/tasks/check.yml

@@ -0,0 +1 @@
+---

ansible/roles/qdrouterd/tasks/config.yml

@@ -0,0 +1,72 @@
+---
+- name: Ensuring config directories exist
+  file:
+    path: "{{ node_config_directory }}/{{ item.key }}"
+    state: "directory"
+    recurse: yes
+  when:
+    - inventory_hostname in groups[item.value.group]
+    - item.value.enabled | bool
+  with_dict: "{{ qdrouterd_services }}"
+
+- name: Copying over config.json files for services
+  template:
+    src: "{{ item.key }}.json.j2"
+    dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
+  register: qdrouterd_config_jsons
+  when:
+    - inventory_hostname in groups[item.value.group]
+    - item.value.enabled | bool
+  with_dict: "{{ qdrouterd_services }}"
+  notify:
+    - Restart qdrouterd container
+
+- name: Copying over qdrouterd config
+  vars:
+    service: "{{ qdrouterd_services['qdrouterd'] }}"
+  template:
+    src: "{{ item }}"
+    dest: "{{ node_config_directory }}/qdrouterd/qdrouterd.conf"
+  register: qdrouterd_confs
+  when:
+    - inventory_hostname in groups[service.group]
+    - service.enabled | bool
+  with_first_found:
+    - "{{ node_custom_config }}/qdrouterd/{{ inventory_hostname }}/qdrouterd.conf"
+    - "{{ node_custom_config }}/qdrouterd/qdrouterd.conf"
+    - "qdrouterd.conf.j2"
+  notify:
+    - Restart qdrouterd container
+
+- name: Copying over qdrouterd sasl config
+  vars:
+    service: "{{ qdrouterd_services['qdrouterd'] }}"
+  template:
+    src: "{{ item }}"
+    dest: "{{ node_config_directory }}/qdrouterd/qdrouterd-sasl.conf"
+  register: qdrouterd_sasl_confs
+  when:
+    - inventory_hostname in groups[service.group]
+    - service.enabled | bool
+  with_first_found:
+    - "{{ node_custom_config }}/qdrouterd/{{ inventory_hostname }}/qdrouterd-sasl.conf"
+    - "{{ node_custom_config }}/qdrouterd/qdrouterd-sasl.conf"
+    - "qdrouterd-sasl.conf.j2"
+  notify:
+    - Restart qdrouterd container
+
+- name: Check qdrouterd containers
+  kolla_docker:
+    action: "compare_container"
+    common_options: "{{ docker_common_options }}"
+    name: "{{ item.value.container_name }}"
+    image: "{{ item.value.image }}"
+    volumes: "{{ item.value.volumes }}"
+  register: check_qdrouterd_containers
+  when:
+    - action != "config"
+    - inventory_hostname in groups[item.value.group]
+    - item.value.enabled | bool
+  with_dict: "{{ qdrouterd_services }}"
+  notify:
+    - Restart qdrouterd container

ansible/roles/qdrouterd/tasks/deploy.yml

@@ -0,0 +1,7 @@
+---
+- include: config.yml
+
+- name: Flush handlers
+  meta: flush_handlers
+
+- include: add_sasl_user.yml

ansible/roles/qdrouterd/tasks/main.yml

@@ -0,0 +1,2 @@
+---
+- include: "{{ action }}.yml"

ansible/roles/qdrouterd/tasks/precheck.yml

@@ -0,0 +1,28 @@
+---
+- name: Get container facts
+  kolla_container_facts:
+    name:
+      - qdrouterd
+  register: container_facts
+
+- name: Checking free port for Qdrouterd
+  wait_for:
+    host: "{{ api_interface_address }}"
+    port: "{{ qdrouterd_port }}"
+    connect_timeout: 1
+    timeout: 1
+    state: stopped
+  when:
+    - container_facts['qdrouterd'] is not defined
+    - inventory_hostname in groups['qdrouterd']
+
+- name: Check if all qdrouterd hostnames are resolvable
+  command: "getent ahostsv4 {{ hostvars[item]['ansible_hostname'] }}"
+  changed_when: false
+  register: qdrouterd_hostnames
+  with_items: "{{ groups['qdrouterd'] }}"
+
+- fail: msg="Hostname has to resolve to IP address of api_interface"
+  with_items: "{{ qdrouterd_hostnames.results }}"
+  when:
+    - "item.stdout.find(hostvars[item['item']]['ansible_' ~ hostvars[item['item']]['api_interface']]['ipv4']['address']) == -1"

ansible/roles/qdrouterd/tasks/pull.yml

@@ -0,0 +1,10 @@
+---
+- name: Pulling qdrouterd image
+  kolla_docker:
+    action: "pull_image"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ item.value.image }}"
+  when:
+    - inventory_hostname in groups[item.value.group]
+    - item.value.enabled | bool
+  with_dict: "{{ qdrouterd_services }}"

ansible/roles/qdrouterd/tasks/reconfigure.yml

@@ -0,0 +1,2 @@
+---
+- include: deploy.yml

ansible/roles/qdrouterd/tasks/upgrade.yml

@@ -0,0 +1,5 @@
+---
+- include: config.yml
+
+- name: Flush handlers
+  meta: flush_handlers

ansible/roles/qdrouterd/templates/qdrouterd-sasl.conf.j2

@@ -0,0 +1,4 @@
+pwcheck_method: auxprop
+auxprop_plugin: sasldb
+sasldb_path: /var/lib/qdrouterd/qdrouterd.sasldb
+mech_list: ANONYMOUS PLAIN

ansible/roles/qdrouterd/templates/qdrouterd.conf.j2

@@ -0,0 +1,58 @@
+
+router {
+    mode: standalone
+    id: Router.A
+    workerThreads: 4
+    saslConfigPath: /etc/sasl2
+    saslConfigName: qdrouterd
+}
+
+listener {
+    addr: {{ api_interface_address }}
+    port: {{ qdrouterd_port }}
+    role: normal
+    authenticatePeer: no
+}
+
+address {
+    prefix: unicast
+    distribution: closest
+}
+address {
+    prefix: exclusive
+    distribution: closest
+}
+address {
+    prefix: broadcast
+    distribution: multicast
+}
+address {
+    prefix: openstack.org/om/rpc/multicast
+    distribution: multicast
+}
+address {
+    prefix: openstack.org/om/rpc/unicast
+    distribution: closest
+}
+address {
+    prefix: openstack.org/om/rpc/anycast
+    distribution: balanced
+}
+address {
+    prefix: openstack.org/om/notify/multicast
+    distribution: multicast
+}
+address {
+    prefix: openstack.org/om/notify/unicast
+    distribution: closest
+}
+address {
+    prefix: openstack.org/om/notify/anycast
+    distribution: balanced
+}
+
+log {
+    module: DEFAULT
+    enable: info+
+    output: /var/log/kolla/qdrouterd/qdrouterd.log
+}

ansible/roles/qdrouterd/templates/qdrouterd.json.j2

@@ -0,0 +1,29 @@
+{
+    "command": "/usr/sbin/qdrouterd",
+    "config_files": [
+        {
+            "source": "{{ container_config_directory }}/qdrouterd.conf",
+            "dest": "/etc/qpid-dispatch/qdrouterd.conf",
+            "owner": "qdrouterd",
+            "perm": "0600"
+        },
+        {
+            "source": "{{ container_config_directory }}/qdrouterd-sasl.conf",
+            "dest": "/etc/sasl2/qdrouterd.conf",
+            "owner": "qdrouterd",
+            "perm": "0600"
+        }
+    ],
+    "permissions": [
+        {
+            "path": "/var/lib/qdrouterd",
+            "owner": "qdrouterd:qdrouterd",
+            "recurse": true
+        },
+        {
+            "path": "/var/log/kolla/qdrouterd",
+            "owner": "qdrouterd:qdrouterd",
+            "recurse": true
+        }
+    ]
+}

ansible/site.yml

@@ -192,6 +192,15 @@
         role_rabbitmq_user: '{{ outward_rabbitmq_user }}',
         when: enable_outward_rabbitmq | bool }
 
+- name: Apply role qdrouterd
+  gather_facts: false
+  hosts: qdrouterd
+  serial: '{{ serial|default("0") }}'
+  roles:
+    - { role: qdrouterd,
+        tags: qdrouterd,
+        when: enable_qdrouterd | bool }
+
 - name: Apply role etcd
   gather_facts: false
   hosts: etcd

etc/kolla/globals.yml

@@ -185,6 +185,7 @@ kolla_internal_vip_address: "10.10.10.254"
 #enable_openvswitch: "{{ neutron_plugin_agent != 'linuxbridge' | bool }}"
 #enable_osprofiler: "no"
 #enable_panko: "no"
+#enable_qdrouterd: "no"
 #enable_rally: "no"
 #enable_sahara: "no"
 #enable_searchlight: "no"

etc/kolla/passwords.yml

@@ -175,6 +175,11 @@ gnocchi_project_id:
 gnocchi_resource_id:
 gnocchi_user_id:
 
+####################
+# Qdrouterd options
+####################
+qdrouterd_password:
+
 ####################
 # RabbitMQ options
 ####################

releasenotes/notes/add-qdrouterd-role-3bb4c184804e1f98.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - Add qdrouterd ansible role (apache qpid-dispatch-router) for direct
+    messaging infrastructure component. Oslo.messaging amqp driver supports
+    qdrouterd for rpc messaging backend communications.