Merge "Added Ansible playbook for congress deploy"
This commit is contained in:
commit
f1927b717c
@ -118,6 +118,8 @@ aodh_api_port: "8042"
|
||||
|
||||
ceilometer_api_port: "8777"
|
||||
|
||||
congress_api_port: "1789"
|
||||
|
||||
iscsi_port: "3260"
|
||||
|
||||
mariadb_port: "{{ database_port }}"
|
||||
@ -227,6 +229,7 @@ enable_ceph: "no"
|
||||
enable_ceph_rgw: "no"
|
||||
enable_cinder: "no"
|
||||
enable_cinder_backend_lvm: "no"
|
||||
enable_congress: "no"
|
||||
enable_heat: "yes"
|
||||
enable_horizon: "yes"
|
||||
enable_ironic: "no"
|
||||
|
@ -90,6 +90,9 @@ control
|
||||
[aodh:children]
|
||||
control
|
||||
|
||||
[congress:children]
|
||||
control
|
||||
|
||||
# Tempest
|
||||
[tempest:children]
|
||||
control
|
||||
@ -269,6 +272,16 @@ ceilometer
|
||||
[ceilometer-compute:children]
|
||||
compute
|
||||
|
||||
# Congress
|
||||
[congress-api:children]
|
||||
congress
|
||||
|
||||
[congress-datasource:children]
|
||||
congress
|
||||
|
||||
[congress-policy-engine:children]
|
||||
congress
|
||||
|
||||
# Multipathd
|
||||
[multipathd:children]
|
||||
compute
|
||||
|
@ -107,6 +107,9 @@ control
|
||||
[aodh:children]
|
||||
control
|
||||
|
||||
[congress:children]
|
||||
control
|
||||
|
||||
# Tempest
|
||||
[tempest:children]
|
||||
control
|
||||
@ -286,6 +289,16 @@ aodh
|
||||
[aodh-notifier:children]
|
||||
aodh
|
||||
|
||||
# Congress
|
||||
[congress-api:children]
|
||||
congress
|
||||
|
||||
[congress-datasource:children]
|
||||
congress
|
||||
|
||||
[congress-policy-engine:children]
|
||||
congress
|
||||
|
||||
# Multipathd
|
||||
[multipathd:children]
|
||||
compute
|
||||
|
39
ansible/roles/congress/defaults/main.yml
Normal file
39
ansible/roles/congress/defaults/main.yml
Normal file
@ -0,0 +1,39 @@
|
||||
---
|
||||
project_name: "congress"
|
||||
|
||||
####################
|
||||
# Database
|
||||
####################
|
||||
congress_database_name: "congress"
|
||||
congress_database_user: "congress"
|
||||
congress_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}"
|
||||
|
||||
|
||||
####################
|
||||
# Docker
|
||||
####################
|
||||
congress_policy_engine_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-congress-policy-engine"
|
||||
congress_policy_engine_tag: "{{ openstack_release }}"
|
||||
congress_policy_engine_image_full: "{{ congress_policy_engine_image }}:{{ congress_policy_engine_tag }}"
|
||||
|
||||
congress_datasource_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-congress-datasource"
|
||||
congress_datasource_tag: "{{ openstack_release }}"
|
||||
congress_datasource_image_full: "{{ congress_datasource_image }}:{{ congress_datasource_tag }}"
|
||||
|
||||
congress_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-congress-api"
|
||||
congress_api_tag: "{{ openstack_release }}"
|
||||
congress_api_image_full: "{{ congress_api_image }}:{{ congress_api_tag }}"
|
||||
|
||||
|
||||
####################
|
||||
# OpenStack
|
||||
####################
|
||||
congress_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ congress_api_port }}"
|
||||
congress_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ congress_api_port }}"
|
||||
congress_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ congress_api_port }}"
|
||||
|
||||
congress_logging_debug: "{{ openstack_logging_debug }}"
|
||||
|
||||
congress_keystone_user: "congress"
|
||||
|
||||
openstack_congress_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}"
|
3
ansible/roles/congress/meta/main.yml
Normal file
3
ansible/roles/congress/meta/main.yml
Normal file
@ -0,0 +1,3 @@
|
||||
---
|
||||
dependencies:
|
||||
- { role: common }
|
41
ansible/roles/congress/tasks/bootstrap.yml
Normal file
41
ansible/roles/congress/tasks/bootstrap.yml
Normal file
@ -0,0 +1,41 @@
|
||||
---
|
||||
- name: Creating congress database
|
||||
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
|
||||
-m mysql_db
|
||||
-a "login_host='{{ database_address }}'
|
||||
login_port='{{ database_port }}'
|
||||
login_user='{{ database_user }}'
|
||||
login_password='{{ database_password }}'
|
||||
name='{{ congress_database_name }}'"
|
||||
register: database
|
||||
changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and
|
||||
(database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
|
||||
failed_when: database.stdout.split()[2] != 'SUCCESS'
|
||||
run_once: True
|
||||
delegate_to: "{{ groups['congress-api'][0] }}"
|
||||
|
||||
- name: Reading json from variable
|
||||
set_fact:
|
||||
database_created: "{{ (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
|
||||
|
||||
- name: Creating congress database user and setting permissions
|
||||
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
|
||||
-m mysql_user
|
||||
-a "login_host='{{ database_address }}'
|
||||
login_port='{{ database_port }}'
|
||||
login_user='{{ database_user }}'
|
||||
login_password='{{ database_password }}'
|
||||
name='{{ congress_database_name }}'
|
||||
password='{{ congress_database_password }}'
|
||||
host='%'
|
||||
priv='{{ congress_database_name }}.*:ALL'
|
||||
append_privs='yes'"
|
||||
register: database_user_create
|
||||
changed_when: "{{ database_user_create.stdout.find('localhost | SUCCESS => ') != -1 and
|
||||
(database_user_create.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
|
||||
failed_when: database_user_create.stdout.split()[2] != 'SUCCESS'
|
||||
run_once: True
|
||||
delegate_to: "{{ groups['congress-api'][0] }}"
|
||||
|
||||
- include: bootstrap_service.yml
|
||||
when: database_created
|
20
ansible/roles/congress/tasks/bootstrap_service.yml
Normal file
20
ansible/roles/congress/tasks/bootstrap_service.yml
Normal file
@ -0,0 +1,20 @@
|
||||
---
|
||||
- name: Running congress bootstrap container
|
||||
kolla_docker:
|
||||
action: "start_container"
|
||||
common_options: "{{docker_common_options}}"
|
||||
detach: False
|
||||
environment:
|
||||
KOLLA_BOOTSTRAP:
|
||||
KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
|
||||
image: "{{ congress_api_image_full }}"
|
||||
labels:
|
||||
BOOTSTRAP:
|
||||
name: "bootstrap_congress"
|
||||
restart_policy: "never"
|
||||
volumes:
|
||||
- "{{ node_config_directory }}/congress-api/:{{ container_config_directory }}/:ro"
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
run_once: True
|
||||
delegate_to: "{{ groups['congress-api'][0] }}"
|
37
ansible/roles/congress/tasks/config.yml
Normal file
37
ansible/roles/congress/tasks/config.yml
Normal file
@ -0,0 +1,37 @@
|
||||
---
|
||||
- name: Ensuring config directories exist
|
||||
file:
|
||||
path: "{{ node_config_directory }}/{{ item }}"
|
||||
state: "directory"
|
||||
recurse: yes
|
||||
with_items:
|
||||
- "congress-api"
|
||||
- "congress-policy-engine"
|
||||
- "congress-datasource"
|
||||
|
||||
- name: Copying over config.json files for services
|
||||
template:
|
||||
src: "{{ item }}.json.j2"
|
||||
dest: "{{ node_config_directory }}/{{ item }}/config.json"
|
||||
with_items:
|
||||
- "congress-api"
|
||||
- "congress-policy-engine"
|
||||
- "congress-datasource"
|
||||
|
||||
- name: Copying over congress.conf
|
||||
merge_configs:
|
||||
vars:
|
||||
service_name: "{{ item }}"
|
||||
sources:
|
||||
- "{{ role_path }}/templates/congress.conf.j2"
|
||||
- "{{ node_custom_config }}/global.conf"
|
||||
- "{{ node_custom_config }}/database.conf"
|
||||
- "{{ node_custom_config }}/messaging.conf"
|
||||
- "{{ node_custom_config }}/congress.conf"
|
||||
- "{{ node_custom_config }}/congress/{{ item }}.conf"
|
||||
- "{{ node_custom_config }}/congress/{{ inventory_hostname }}/congress.conf"
|
||||
dest: "{{ node_config_directory }}/{{ item }}/congress.conf"
|
||||
with_items:
|
||||
- "congress-api"
|
||||
- "congress-policy-engine"
|
||||
- "congress-datasource"
|
16
ansible/roles/congress/tasks/deploy.yml
Normal file
16
ansible/roles/congress/tasks/deploy.yml
Normal file
@ -0,0 +1,16 @@
|
||||
---
|
||||
- include: register.yml
|
||||
when: inventory_hostname in groups['congress-api']
|
||||
|
||||
- include: config.yml
|
||||
when: inventory_hostname in groups['congress-api'] or
|
||||
inventory_hostname in groups['congress-policy-engine'] or
|
||||
inventory_hostname in groups['congress-datasource']
|
||||
|
||||
- include: bootstrap.yml
|
||||
when: inventory_hostname in groups['congress-api']
|
||||
|
||||
- include: start.yml
|
||||
when: inventory_hostname in groups['congress-api'] or
|
||||
inventory_hostname in groups['congress-policy-engine'] or
|
||||
inventory_hostname in groups['congress-datasource']
|
2
ansible/roles/congress/tasks/main.yml
Normal file
2
ansible/roles/congress/tasks/main.yml
Normal file
@ -0,0 +1,2 @@
|
||||
---
|
||||
- include: "{{ action }}.yml"
|
21
ansible/roles/congress/tasks/pull.yml
Normal file
21
ansible/roles/congress/tasks/pull.yml
Normal file
@ -0,0 +1,21 @@
|
||||
---
|
||||
- name: Pulling congress-api image
|
||||
kolla_docker:
|
||||
action: "pull_image"
|
||||
common_options: "{{ docker_common_options }}"
|
||||
image: "{{ congress_api_image_full }}"
|
||||
when: inventory_hostname in groups['congress-api']
|
||||
|
||||
- name: Pulling congress-policy-engine image
|
||||
kolla_docker:
|
||||
action: "pull_image"
|
||||
common_options: "{{ docker_common_options }}"
|
||||
image: "{{ congress_policy_engine_image_full }}"
|
||||
when: inventory_hostname in groups['congress-policy-engine']
|
||||
|
||||
- name: Pulling congress-datasource image
|
||||
kolla_docker:
|
||||
action: "pull_image"
|
||||
common_options: "{{ docker_common_options }}"
|
||||
image: "{{ congress_datasource_image_full }}"
|
||||
when: inventory_hostname in groups['congress-datasource']
|
40
ansible/roles/congress/tasks/register.yml
Normal file
40
ansible/roles/congress/tasks/register.yml
Normal file
@ -0,0 +1,40 @@
|
||||
---
|
||||
- name: Creating the congress service and endpoint
|
||||
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
|
||||
-m kolla_keystone_service
|
||||
-a "service_name=congress
|
||||
service_type=application_catalog
|
||||
description='Openstack Application Catalog'
|
||||
endpoint_region={{ openstack_region_name }}
|
||||
url='{{ item.url }}'
|
||||
interface='{{ item.interface }}'
|
||||
region_name={{ openstack_region_name }}
|
||||
auth={{ '{{ openstack_congress_auth }}' }}"
|
||||
-e "{'openstack_congress_auth':{{ openstack_congress_auth }}}"
|
||||
register: congress_endpoint
|
||||
changed_when: "{{ congress_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (congress_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
|
||||
until: congress_endpoint.stdout.split()[2] == 'SUCCESS'
|
||||
retries: 10
|
||||
delay: 5
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ congress_admin_endpoint }}'}
|
||||
- {'interface': 'internal', 'url': '{{ congress_internal_endpoint }}'}
|
||||
- {'interface': 'public', 'url': '{{ congress_public_endpoint }}'}
|
||||
|
||||
- name: Creating the congress project, user, and role
|
||||
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
|
||||
-m kolla_keystone_user
|
||||
-a "project=service
|
||||
user=congress
|
||||
password={{ congress_keystone_password }}
|
||||
role=admin
|
||||
region_name={{ openstack_region_name }}
|
||||
auth={{ '{{ openstack_congress_auth }}' }}"
|
||||
-e "{'openstack_congress_auth':{{ openstack_congress_auth }}}"
|
||||
register: congress_user
|
||||
changed_when: "{{ congress_user.stdout.find('localhost | SUCCESS => ') != -1 and (congress_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
|
||||
until: congress_user.stdout.split()[2] == 'SUCCESS'
|
||||
retries: 10
|
||||
delay: 5
|
||||
run_once: True
|
36
ansible/roles/congress/tasks/start.yml
Normal file
36
ansible/roles/congress/tasks/start.yml
Normal file
@ -0,0 +1,36 @@
|
||||
---
|
||||
- name: Starting congress-policy-engine container
|
||||
kolla_docker:
|
||||
action: "start_container"
|
||||
name: "congress_policy_engine"
|
||||
common_options: "{{docker_common_options}}"
|
||||
image: "{{ congress_policy_engine_image_full }}"
|
||||
volumes:
|
||||
- "{{ node_config_directory }}/congress-policy-engine/:{{ container_config_directory }}/:ro"
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
when: inventory_hostname in groups['congress-policy-engine']
|
||||
|
||||
- name: Starting congress-datasource container
|
||||
kolla_docker:
|
||||
action: "start_container"
|
||||
name: "congress_datasource"
|
||||
common_options: "{{docker_common_options}}"
|
||||
image: "{{ congress_datasource_image_full }}"
|
||||
volumes:
|
||||
- "{{ node_config_directory }}/congress-datasource/:{{ container_config_directory }}/:ro"
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
when: inventory_hostname in groups['congress-datasource']
|
||||
|
||||
- name: Starting congress-api container
|
||||
kolla_docker:
|
||||
action: "start_container"
|
||||
name: "congress_api"
|
||||
common_options: "{{docker_common_options}}"
|
||||
image: "{{ congress_api_image_full }}"
|
||||
volumes:
|
||||
- "{{ node_config_directory }}/congress-api/:{{ container_config_directory }}/:ro"
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
when: inventory_hostname in groups['congress-api']
|
11
ansible/roles/congress/templates/congress-api.json.j2
Normal file
11
ansible/roles/congress/templates/congress-api.json.j2
Normal file
@ -0,0 +1,11 @@
|
||||
{
|
||||
"command": "congress-server --api --node_id=api-node --config-file /etc/congress/congress.conf",
|
||||
"config_files": [
|
||||
{
|
||||
"source": "{{ container_config_directory }}/congress.conf",
|
||||
"dest": "/etc/congress/congress.conf",
|
||||
"owner": "congress",
|
||||
"perm": "0644"
|
||||
}
|
||||
]
|
||||
}
|
11
ansible/roles/congress/templates/congress-datasource.json.j2
Normal file
11
ansible/roles/congress/templates/congress-datasource.json.j2
Normal file
@ -0,0 +1,11 @@
|
||||
{
|
||||
"command": "congress-server --datasources --node_id=data-node --config-file /etc/congress/congress.conf",
|
||||
"config_files": [
|
||||
{
|
||||
"source": "{{ container_config_directory }}/congress.conf",
|
||||
"dest": "/etc/congress/congress.conf",
|
||||
"owner": "congress",
|
||||
"perm": "0644"
|
||||
}
|
||||
]
|
||||
}
|
@ -0,0 +1,11 @@
|
||||
{
|
||||
"command": "congress-server --policy_engine --node_id=policy-node --config-file /etc/congress/congress.conf",
|
||||
"config_files": [
|
||||
{
|
||||
"source": "{{ container_config_directory }}/congress.conf",
|
||||
"dest": "/etc/congress/congress.conf",
|
||||
"owner": "congress",
|
||||
"perm": "0644"
|
||||
}
|
||||
]
|
||||
}
|
56
ansible/roles/congress/templates/congress.conf.j2
Normal file
56
ansible/roles/congress/templates/congress.conf.j2
Normal file
@ -0,0 +1,56 @@
|
||||
[DEFAULT]
|
||||
debug = {{ congress_logging_debug }}
|
||||
|
||||
log_dir = /var/log/kolla/congress
|
||||
|
||||
drivers = congress.datasources.neutronv2_driver.NeutronV2Driver,congress.datasources.glancev2_driver.GlanceV2Driver,congress.datasources.nova_driver.NovaDriver,congress.datasources.keystone_driver.KeystoneDriver,congress.datasources.ceilometer_driver.CeilometerDriver,congress.datasources.cinder_driver.CinderDriver,congress.datasources.swift_driver.SwiftDriver,congress.datasources.plexxi_driver.PlexxiDriver,congress.datasources.vCenter_driver.VCenterDriver,congress.datasources.murano_driver.MuranoDriver,congress.datasources.ironic_driver.IronicDriver
|
||||
|
||||
rpc_backend = rabbit
|
||||
|
||||
auth_strategy = keystone
|
||||
|
||||
os_region_name = {{ openstack_region_name }}
|
||||
|
||||
# NOTE: set use_stderr to False or the logs will also be sent to
|
||||
# stderr and collected by Docker
|
||||
use_stderr = False
|
||||
|
||||
my_ip = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
|
||||
|
||||
api_paste_config = /etc/congress/api-paste.ini
|
||||
|
||||
{% if service_name == 'congress-api' %}
|
||||
bind_host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
|
||||
bind_port = {{ congress_api_port }}
|
||||
{% endif %}
|
||||
|
||||
[database]
|
||||
connection = mysql+pymysql://{{ congress_database_user }}:{{ congress_database_password }}@{{ congress_database_address }}/{{ congress_database_name }}
|
||||
max_retries = -1
|
||||
|
||||
[keystone_authtoken]
|
||||
auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
|
||||
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
|
||||
auth_type = password
|
||||
project_domain_id = default
|
||||
user_domain_id = default
|
||||
project_name = service
|
||||
username = {{ congress_keystone_user }}
|
||||
password = {{ congress_keystone_password }}
|
||||
|
||||
memcache_security_strategy = ENCRYPT
|
||||
memcache_secret_key = {{ memcache_secret_key }}
|
||||
memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
|
||||
|
||||
|
||||
[congress]
|
||||
url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ congress_api_port }}
|
||||
|
||||
[oslo_messaging_rabbit]
|
||||
rabbit_userid = {{ rabbitmq_user }}
|
||||
rabbit_password = {{ rabbitmq_password }}
|
||||
rabbit_ha_queues = true
|
||||
rabbit_hosts = {% for host in groups['rabbitmq'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
|
||||
|
||||
[oslo_messaging_notifications]
|
||||
driver = noop
|
@ -247,6 +247,17 @@
|
||||
tags: aodh,
|
||||
when: enable_aodh | bool }
|
||||
|
||||
- hosts:
|
||||
- congress-api
|
||||
- congress-policy-engine
|
||||
- congress-datasource
|
||||
- rabbitmq
|
||||
- memcached
|
||||
roles:
|
||||
- { role: congress,
|
||||
tags: congress,
|
||||
when: enable_congress | bool }
|
||||
|
||||
- hosts:
|
||||
- tempest
|
||||
roles:
|
||||
|
@ -127,6 +127,7 @@ kolla_internal_vip_address: "10.10.10.254"
|
||||
#enable_ceph_rgw: "no"
|
||||
#enable_cinder: "no"
|
||||
#enable_cinder_backend_lvm: "no"
|
||||
#enable_congress: "no"
|
||||
#enable_heat: "yes"
|
||||
#enable_horizon: "yes"
|
||||
#enable_ironic: "no"
|
||||
|
@ -67,6 +67,9 @@ ceilometer_keystone_password:
|
||||
watcher_database_password:
|
||||
watcher_keystone_password:
|
||||
|
||||
congress_database_password:
|
||||
congress_keystone_password:
|
||||
|
||||
horizon_secret_key:
|
||||
|
||||
telemetry_secret_key:
|
||||
|
5
releasenotes/notes/add-congress-877644b4b0e2ed0a.yaml
Normal file
5
releasenotes/notes/add-congress-877644b4b0e2ed0a.yaml
Normal file
@ -0,0 +1,5 @@
|
||||
---
|
||||
features:
|
||||
- Add ansible role for openstack congress project which provide
|
||||
policy as a service across any collection of cloud services in
|
||||
order to offer governance and compliance for dynamic infrastructures.
|
Loading…
Reference in New Issue
Block a user