From facfabf3bbf57d5302f1b53f29396c532ea87352 Mon Sep 17 00:00:00 2001 From: Jeffrey Zhang Date: Wed, 1 Feb 2017 21:46:32 +0800 Subject: [PATCH] Implement nova placement service Closes-Bug: #1660987 Depends-On: I30efc20e6d918e08860584c017455e6d5fa91a35 Change-Id: If0a79b6013f28871dc9f13c510c919078f3304d5 --- ansible/group_vars/all.yml | 2 ++ ansible/inventory/all-in-one | 7 ++++ ansible/inventory/multinode | 7 ++++ .../roles/haproxy/templates/haproxy.cfg.j2 | 15 +++++++++ ansible/roles/nova/defaults/main.yml | 19 +++++++++++ ansible/roles/nova/handlers/main.yml | 24 ++++++++++++++ ansible/roles/nova/tasks/config.yml | 15 +++++++++ ansible/roles/nova/tasks/register.yml | 22 +++++++++++++ ansible/roles/nova/templates/nova.conf.j2 | 10 ++++++ .../nova/templates/placement-api-wsgi.conf.j2 | 23 +++++++++++++ .../nova/templates/placement-api.json.j2 | 33 +++++++++++++++++++ etc/kolla/passwords.yml | 2 ++ 12 files changed, 179 insertions(+) create mode 100644 ansible/roles/nova/templates/placement-api-wsgi.conf.j2 create mode 100644 ansible/roles/nova/templates/placement-api.json.j2 diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 534639bf64..96198d87f2 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -172,6 +172,8 @@ glance_registry_port: "9191" octavia_api_port: "9876" octavia_health_manager_port: "5555" +placement_api_port: "8780" + nova_api_port: "8774" nova_metadata_port: "8775" nova_novncproxy_port: "6080" diff --git a/ansible/inventory/all-in-one b/ansible/inventory/all-in-one index 2e4fa86592..e42742d239 100644 --- a/ansible/inventory/all-in-one +++ b/ansible/inventory/all-in-one @@ -175,6 +175,9 @@ control [designate:children] control +[placement:children] +control + # Additional control implemented here. These groups allow you to control which # services run on which hosts at a per-service level. # @@ -511,3 +514,7 @@ designate [designate-backend-bind9:children] designate + +# Placement +[placement-api:children] +placement diff --git a/ansible/inventory/multinode b/ansible/inventory/multinode index 38e0de1c32..37484dc495 100644 --- a/ansible/inventory/multinode +++ b/ansible/inventory/multinode @@ -192,6 +192,9 @@ control [designate:children] control +[placement:children] +control + # Additional control implemented here. These groups allow you to control which # services run on which hosts at a per-service level. # @@ -528,3 +531,7 @@ designate [designate-backend-bind9:children] designate + +# Placement +[placement-api:children] +placement diff --git a/ansible/roles/haproxy/templates/haproxy.cfg.j2 b/ansible/roles/haproxy/templates/haproxy.cfg.j2 index 54f3d53e8c..3e9405edb6 100644 --- a/ansible/roles/haproxy/templates/haproxy.cfg.j2 +++ b/ansible/roles/haproxy/templates/haproxy.cfg.j2 @@ -115,6 +115,13 @@ listen nova_metadata server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_metadata_port }} check inter 2000 rise 2 fall 5 {% endfor %} +listen placement_api + bind {{ kolla_internal_vip_address }}:{{ placement_api_port }} + http-request del-header X-Forwarded-Proto +{% for host in groups['placement-api'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ placement_api_port }} check inter 2000 rise 2 fall 5 +{% endfor %} + {% if nova_console == 'novnc' %} listen nova_novncproxy bind {{ kolla_internal_vip_address }}:{{ nova_novncproxy_port }} @@ -156,6 +163,14 @@ listen nova_metadata_external server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ nova_metadata_port }} check inter 2000 rise 2 fall 5 {% endfor %} +listen placement_api_external + bind {{ kolla_internal_vip_address }}:{{ placement_api_port }} + http-request del-header X-Forwarded-Proto + http-request set-header X-Forwarded-Proto https if { ssl_fc } +{% for host in groups['placement-api'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ placement_api_port }} check inter 2000 rise 2 fall 5 +{% endfor %} + {% if nova_console == 'novnc' %} listen nova_novncproxy_external bind {{ kolla_external_vip_address }}:{{ nova_novncproxy_port }} {{ tls_bind_info }} diff --git a/ansible/roles/nova/defaults/main.yml b/ansible/roles/nova/defaults/main.yml index b22b4222d1..93a3970f07 100644 --- a/ansible/roles/nova/defaults/main.yml +++ b/ansible/roles/nova/defaults/main.yml @@ -33,6 +33,15 @@ nova_services: - "nova_compute:/var/lib/nova" - "/var/lib/nova/mnt:/var/lib/nova/mnt:shared" - "heka_socket:/var/lib/kolla/heka/" + placement-api: + container_name: "placement_api" + group: "placement-api" + image: "{{ placement_api_image_full }}" + enabled: True + volumes: + - "{{ node_config_directory }}/placement-api/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" nova-api: container_name: "nova_api" group: "nova-api" @@ -200,6 +209,10 @@ nova_serialproxy_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{ nova_serialproxy_tag: "{{ openstack_release }}" nova_serialproxy_image_full: "{{ nova_serialproxy_image }}:{{ nova_serialproxy_tag }}" +placement_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-nova-placement-api" +placement_api_tag: "{{ openstack_release }}" +placement_api_image_full: "{{ placement_api_image }}:{{ placement_api_tag }}" + #################### # OpenStack #################### @@ -211,8 +224,14 @@ nova_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ nova_a nova_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ nova_api_port }}/v2.1/%(tenant_id)s" nova_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ nova_api_port }}/v2.1/%(tenant_id)s" +placement_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ placement_api_port }}" +placement_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ placement_api_port }}" +placement_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ placement_api_port }}" + nova_logging_debug: "{{ openstack_logging_debug }}" openstack_nova_auth: "{{ openstack_auth }}" +openstack_placement_auth: "{{ openstack_auth }}" + nova_ssh_port: "8022" diff --git a/ansible/roles/nova/handlers/main.yml b/ansible/roles/nova/handlers/main.yml index 168506f32f..9c32c4c6b8 100644 --- a/ansible/roles/nova/handlers/main.yml +++ b/ansible/roles/nova/handlers/main.yml @@ -46,6 +46,30 @@ or nova_libvirt_confs.changed | bool or nova_libvirt_container.changed | bool +- name: Restart placement-api container + vars: + service_name: "placement-api" + service: "{{ nova_services[service_name] }}" + config_json: "{{ config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + nova_conf: "{{ nova_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_json: "{{ policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + placement_api_container: "{{ check_nova_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" + kolla_docker: + action: "recreate_or_restart_container" + common_options: "{{ docker_common_options }}" + name: "{{ service.container_name }}" + image: "{{ service.image }}" + volumes: "{{ service.volumes|reject('equalto', '')|list }}" + when: + - action != "config" + - inventory_hostname in groups[service.group] + - service.enabled | bool + - config_json.changed | bool + or nova_conf.changed | bool + or policy_json.changed | bool + or placement_api_wsgi_conf | changed + or placement_api_container.changed | bool + - name: Restart nova-api container vars: service_name: "nova-api" diff --git a/ansible/roles/nova/tasks/config.yml b/ansible/roles/nova/tasks/config.yml index f770711274..2085d50d4f 100644 --- a/ansible/roles/nova/tasks/config.yml +++ b/ansible/roles/nova/tasks/config.yml @@ -35,6 +35,7 @@ - name: Copying over nova.conf vars: services_require_nova_conf: + - placement-api - nova-api - nova-compute - nova-compute-ironic @@ -81,6 +82,19 @@ notify: - Restart nova-libvirt container +- name: Copying over placement-api wsgi configuration + vars: + service: "{{ nova_services['placement-api'] }}" + template: + src: "placement-api-wsgi.conf.j2" + dest: "{{ node_config_directory }}/placement-api/placement-api-wsgi.conf" + register: placement_api_wsgi_conf + when: + - inventory_hostname in groups[service.group] + - service.enabled | bool + notify: + - Restart placement-api container + - name: Copying files for nova-ssh vars: service: "{{ nova_services['nova-ssh'] }}" @@ -106,6 +120,7 @@ - name: Copying over existing policy.json vars: services_require_policy_json: + - placement-api - nova-api - nova-compute - nova-compute-ironic diff --git a/ansible/roles/nova/tasks/register.yml b/ansible/roles/nova/tasks/register.yml index 68f2275b5c..fe72bc877d 100644 --- a/ansible/roles/nova/tasks/register.yml +++ b/ansible/roles/nova/tasks/register.yml @@ -25,6 +25,10 @@ - {'name': 'nova', 'service_type': 'compute', 'interface': 'admin', 'url': '{{ nova_admin_endpoint }}', 'description': 'OpenStack Compute Service'} - {'name': 'nova', 'service_type': 'compute', 'interface': 'internal', 'url': '{{ nova_internal_endpoint }}', 'description': 'OpenStack Compute Service'} - {'name': 'nova', 'service_type': 'compute', 'interface': 'public', 'url': '{{ nova_public_endpoint }}', 'description': 'OpenStack Compute Service'} + - {'name': 'placement', 'service_type': 'placement', 'interface': 'admin', 'url': '{{ placement_admin_endpoint }}', 'description': 'Placement Service'} + - {'name': 'placement', 'service_type': 'placement', 'interface': 'internal', 'url': '{{ placement_internal_endpoint }}', 'description': 'Placement Service'} + - {'name': 'placement', 'service_type': 'placement', 'interface': 'public', 'url': '{{ placement_public_endpoint }}', 'description': 'Placement Service'} + - name: Creating the Nova project, user, and role kolla_toolbox: @@ -43,3 +47,21 @@ retries: 10 delay: 5 run_once: True + +- name: Creating the placement project, user, and role + kolla_toolbox: + module_name: "kolla_keystone_user" + module_args: + project: "service" + user: "placement" + password: "{{ placement_keystone_password }}" + role: "admin" + region_name: "{{ openstack_region_name }}" + auth: "{{ '{{ openstack_placement_auth }}' }}" + module_extra_vars: + openstack_placement_auth: "{{ openstack_placement_auth }}" + register: placement_user + until: placement_user|success + retries: 10 + delay: 5 + run_once: True diff --git a/ansible/roles/nova/templates/nova.conf.j2 b/ansible/roles/nova/templates/nova.conf.j2 index d729fa37c3..f593180b7b 100644 --- a/ansible/roles/nova/templates/nova.conf.j2 +++ b/ansible/roles/nova/templates/nova.conf.j2 @@ -215,3 +215,13 @@ api_paste_config = /etc/nova/api-paste.ini [scheduler] max_attempts = 10 + +[placement] +auth_type = password +auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +username = placement +password = {{ placement_keystone_password }} +user_domain_name = default +project_name = service +project_domain_name = default +os_region_name = {{ openstack_region_name }} diff --git a/ansible/roles/nova/templates/placement-api-wsgi.conf.j2 b/ansible/roles/nova/templates/placement-api-wsgi.conf.j2 new file mode 100644 index 0000000000..0eadd2d1fb --- /dev/null +++ b/ansible/roles/nova/templates/placement-api-wsgi.conf.j2 @@ -0,0 +1,23 @@ +{% set log_dir = '/var/log/kolla/nova' %} +{% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %} +{% set wsgi_directory = '/usr/bin' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/bin' %} +Listen {{ api_interface_address }}:{{ placement_api_port }} + + + WSGIDaemonProcess placement-api processes={{ openstack_service_workers }} threads=1 user=nova group=nova display-name=%{GROUP} python-path={{ python_path }} + WSGIProcessGroup placement-api + WSGIScriptAlias / {{ wsgi_directory }}/nova-placement-api + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + = 2.4> + ErrorLogFormat "%{cu}t %M" + + ErrorLog "{{ log_dir }}/placement-api.log" + LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"" logformat + CustomLog "{{ log_dir }}/placement-api-access.log" logformat + + + Require all granted + + + diff --git a/ansible/roles/nova/templates/placement-api.json.j2 b/ansible/roles/nova/templates/placement-api.json.j2 new file mode 100644 index 0000000000..10ff1cfaac --- /dev/null +++ b/ansible/roles/nova/templates/placement-api.json.j2 @@ -0,0 +1,33 @@ +{% set apache_binary = 'apache2' if kolla_base_distro in ['ubuntu', 'debian'] else 'httpd' %} +{% set apache_conf_dir = 'apache2/conf-enabled' if kolla_base_distro in ['ubuntu', 'debian'] else 'httpd/conf.d' %} +{ + "command": "/usr/sbin/{{ apache_binary }} -DFOREGROUND", + "config_files": [ + { + "source": "{{ container_config_directory }}/nova.conf", + "dest": "/etc/nova/nova.conf", + "owner": "nova", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/nova/policy.json", + "owner": "nova", + "perm": "0600", + "optional": true + }, + { + "source": "{{ container_config_directory }}/placement-api-wsgi.conf", + "dest": "/etc/{{ apache_conf_dir }}/placement-api-wsgi.conf", + "owner": "nova", + "perm": "0644" + } + ], + "permissions": [ + { + "path": "/var/log/kolla/nova", + "owner": "nova:nova", + "recurse": true + } + ] +} diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml index 1179381fae..142d22c3db 100644 --- a/etc/kolla/passwords.yml +++ b/etc/kolla/passwords.yml @@ -49,6 +49,8 @@ nova_database_password: nova_api_database_password: nova_keystone_password: +placement_keystone_password: + neutron_database_password: neutron_keystone_password: metadata_secret: