openstack/openstack-ansible-os_adjutant
Code Issues Proposed changes

Initial try for 0.5.0 support

Browse Source
This commit is contained in:
Andreas Holmsten 2020-04-08 09:51:44 +02:00
parent 0279ac0167
commit 0c672405b4
4 changed files with 328 additions and 391 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
defaults/main.yml
View File

@ -106,7 +106,7 @@ adjutant_email_reply_address: no-reply@example.com
adjutant_email_from_address: bounce+%(task_uuid)s@example.com
adjutant_email_notification_address: example@example.com
adjutant_email_signups_notification_address: signups@example.com
adjutant_active_taskviews:
adjutant_active_delegate_apis:
- RoleList
- SignUp
- UpdateProjectQuotas
@ -114,7 +114,6 @@ adjutant_active_taskviews:
- UserList
- UserResetPassword
- UserRoles
- UserSetPassword
- UserUpdateEmail
adjutant_role_mapping:
admin:
@ -131,8 +130,12 @@ adjutant_role_mapping:
- project_mod
- heat_stack_owner
- _member_
adjutant_default_users_to_project_action: []
adjutant_default_roles_to_project_action: []
adjutant_default_quota_size: small
adjutant_signup_allow_auto_approve: False
adjutant_quota_allow_auto_approve: False
adjutant_quota_size_difference_threshold: 0.1
adjutant_quota_auto_approve_days: 30
adjutant_quota_sizes:
small:
@ -140,18 +143,6 @@ adjutant_quota_sizes:
gigabytes: 5000
snapshots: 50
volumes: 20
nova:
instances: 10
cores: 20
ram: 65536
floating_ips: 10
fixed_ips: 0
metadata_items: 128
injected_files: 5
injected_file_content_bytes: 10240
key_pairs: 50
security_groups: 20
security_group_rules: 100
neutron:
floatingip: 10
network: 3
@ -160,23 +151,29 @@ adjutant_quota_sizes:
security_group: 20
security_group_rule: 100
subnet: 3
nova:
cores: 20
fixed_ips: 0
floating_ips: 10
injected_file_content_bytes: 10240
injected_files: 5
instances: 10
key_pairs: 50
metadata_items: 128
ram: 65536
security_group_rules: 100
security_groups: 20
octavia:
health_monitor: 5
listener: 1
load_balancer: 1
member: 2
pool: 1
medium:
cinder:
gigabytes: 10000
snapshots: 300
volumes: 100
nova:
instances: 50
cores: 100
ram: 327680
floating_ips: 25
fixed_ips: 0
metadata_items: 128
injected_files: 5
injected_file_content_bytes: 10240
key_pairs: 50
security_groups: 50
security_group_rules: 400
neutron:
floatingip: 25
network: 5
@ -185,23 +182,29 @@ adjutant_quota_sizes:
security_group: 50
security_group_rule: 400
subnet: 5
nova:
cores: 100
fixed_ips: 0
floating_ips: 25
injected_file_content_bytes: 10240
injected_files: 5
instances: 50
key_pairs: 50
metadata_items: 128
ram: 327680
security_group_rules: 400
security_groups: 50
octavia:
health_monitor: 50
listener: 5
load_balancer: 5
member: 5
pool: 5
large:
cinder:
gigabytes: 50000
snapshots: 600
volumes: 200
nova:
instances: 100
cores: 200
ram: 655360
floating_ips: 50
fixed_ips: 0
metadata_items: 128
injected_files: 5
injected_file_content_bytes: 10240
key_pairs: 50
security_groups: 100
security_group_rules: 800
neutron:
floatingip: 50
network: 10
@ -210,6 +213,24 @@ adjutant_quota_sizes:
security_group: 100
security_group_rule: 800
subnet: 10
nova:
cores: 200
fixed_ips: 0
floating_ips: 50
injected_file_content_bytes: 10240
injected_files: 5
instances: 100
key_pairs: 50
metadata_items: 128
ram: 655360
security_group_rules: 800
security_groups: 100
octavia:
health_monitor: 100
listener: 10
load_balancer: 10
member: 10
pool: 10
adjutant_quota_sizes_asc:
- small
@ -239,7 +260,7 @@ adjutant_venv_python_executable: python3
adjutant_venv_rebuild: no
adjutant_pip3_packages:
- git+git://github.com/openstack/adjutant.git@d62eada1264f5f574394e3d6f1666a5f2d443f68
- python-adjutant==0.5.0
- cryptography
- mod_wsgi

4
tasks/adjutant_post_install.yml
View File

@ -25,8 +25,8 @@
config_overrides: "{{ item.config_overrides }}"
config_type: "{{ item.config_type }}"
with_items:
- src: "conf.yaml.j2"
dest: "/etc/adjutant/conf.yaml"
- src: "adjutant.yaml.j2"
dest: "/etc/adjutant/adjutant.yaml"
config_overrides: "{{ adjutant_adjutant_conf_overrides }}"
config_type: "yaml"
notify:

266
templates/adjutant.yaml.j2 Normal file
View File

@ -0,0 +1,266 @@
django:
secret_key: '{{ adjutant_secret_key }}'
debug: False
allowed_hosts:
- '*'
secure_proxy_ssl_header: HTTP_X_FORWARDED_PROTO
secure_proxy_ssl_header_value: https
databases:
default:
ENGINE: django.db.backends.mysql
HOST: '{{ adjutant_galera_address }}'
NAME: '{{ adjutant_galera_database }}'
PASSWORD: '{{ adjutant_container_mysql_password }}'
USER: '{{ adjutant_galera_user }}'
log_file: adjutant.log
email:
email_backend: {{ adjutant_email_backend }}
host: {{ adjutant_email_host }}
port: {{ adjutant_email_port }}
host_user: {{ adjutant_email_host_user }}
host_password: {{ adjutant_email_host_password }}
use_tls: {{ adjutant_email_use_tls }}
use_ssl: {{ adjutant_email_use_ssl }}
identity:
token_cache_time: 0
can_edit_users: True
username_is_email: True
role_mapping:
{{ adjutant_role_mapping | to_nice_yaml(indent=2, width=140) | indent(2, True) }}
auth:
username: {{ adjutant_service_user_name }}
password: {{ adjutant_service_password }}
project_name: service
project_domain_id: default
user_domain_id: {{ adjutant_user_domain_id }}
auth_url: {{ keystone_service_adminurl }}
api:
active_delegate_apis:
{{ adjutant_active_delegate_apis | to_nice_yaml(indent=2, width=140) | indent(2, True) }}
delegate_apis:
CreateProjectAndUser:
default_region: {{ adjutant_service_region }}
default_domain_id: default
UserList:
blacklisted_roles:
- admin
- rating
UserDetail:
blacklisted_roles:
- admin
- rating
UserRoles:
blacklisted_roles:
- admin
- rating
SignUp:
default_region: {{ adjutant_service_region }}
default_domain_id: default
notifications:
handler_defaults:
EmailNotification:
emails:
- {{ adjutant_email_notification_address }}
from: {{ adjutant_email_from_address }}
reply: {{ adjutant_email_reply_address }}
template: notification.txt
# html_template: <your_value>
workflow:
horizon_url: {{ adjutant_horizon_publicurl }}
default_token_expiry: 86400
task_defaults:
emails:
initial:
subject: Task Confirmation
from: {{ adjutant_email_from_address }}
reply: {{ adjutant_email_reply_address }}
template: initial.txt
# html_template: <your_value>
token:
subject: Task Token
from: {{ adjutant_email_from_address }}
reply: {{ adjutant_email_reply_address }}
template: token.txt
completed:
subject: Task Completed
from: {{ adjutant_email_from_address }}
reply: {{ adjutant_email_reply_address }}
template: completed.txt
notifications:
standard_handlers:
- EmailNotification
error_handlers:
- EmailNotification
# standard_handler_config:
# error_handler_config:
safe_errors:
- SMTPException
action_defaults:
NewProjectAction:
default_roles:
{{ adjutant_role_mapping.project_admin | to_nice_yaml(indent=2, width=140) | indent(2, True) }}
NewProjectWithUserAction:
default_roles:
{{ adjutant_role_mapping.project_admin | to_nice_yaml(indent=2, width=140) | indent(2, True) }}
AddDefaultUsersToProjectAction:
default_users:
{{ adjutant_default_users_to_project_action | to_nice_yaml(indent=2, width=140) | indent(2, True) }}
default_roles:
{{ adjutant_default_roles_to_project_action | to_nice_yaml(indent=2, width=140) | indent(2, True) }}
NewDefaultNetworkAction:
region_defaults:
network_name: default_network
subnet_name: default_subnet
router_name: default_router
public_network: 04b958fd-5edc-4210-a0ca-8d8b065f9ed6
subnet_cidr: 192.168.1.0/24
dns_nameservers:
- 8.8.8.8
- 8.8.4.4
# regions:
NewProjectDefaultNetworkAction:
region_defaults:
network_name: default_network
subnet_name: default_subnet
router_name: default_router
public_network: 04b958fd-5edc-4210-a0ca-8d8b065f9ed6
subnet_cidr: 192.168.1.0/24
dns_nameservers:
- 8.8.8.8
- 8.8.4.4
# regions:
SetProjectQuotaAction:
size_difference_threshold: {{ adjutant_quota_size_difference_threshold }}
days_between_autoapprove: {{ adjutant_quota_auto_approve_days }}
region_sizes:
{{ adjutant_service_region }}: {{ adjutant_default_quota_size }}
UpdateProjectQuotasAction:
size_difference_threshold: {{ adjutant_quota_size_difference_threshold }}
days_between_autoapprove: {{ adjutant_quota_auto_approve_days }}
ResetUserPasswordAction:
blacklisted_roles:
- admin
- rating
SendAdditionalEmailAction:
prepare:
subject: Openstack Email Notification
from: {{ adjutant_email_from_address }}
reply: {{ adjutant_email_reply_address }}
# template: <your_value>
# html_template: <your_value>
email_current_user: False
email_task_cache: False
# Send emails to the given roles on the project.
# email_roles:
# - project_admin
# Send emails to an arbitrary admin emails
# email_additional_addresses:
# - admin@example.org
approve:
subject: Openstack Email Notification
from: {{ adjutant_email_from_address }}
reply: {{ adjutant_email_reply_address }}
email_current_user: False
email_task_cache: False
submit:
subject: Openstack Email Notification
from: {{ adjutant_email_from_address }}
reply: {{ adjutant_email_reply_address }}
email_current_user: False
email_task_cache: False
tasks:
create_project_and_user:
allow_auto_approve: {{ adjutant_signup_allow_auto_approve }}
additional_actions:
- NewProjectDefaultNetworkAction
- AddDefaultUsersToProjectAction
- SetProjectQuotaAction
emails:
completed:
subject: signup completed
template: create_project_and_user_completed.txt
initial:
subject: signup received
template: create_project_and_user_initial.txt
token:
subject: signup approved
template: create_project_and_user_token.txt
notifications:
error_handler_config:
EmailNotification:
emails:
- {{ adjutant_email_signups_notification_address }}
reply: {{ adjutant_email_reply_address }}
error_handlers:
- EmailNotification
standard_handler_config:
EmailNotification:
emails:
- {{ adjutant_email_signups_notification_address }}
reply: {{ adjutant_email_reply_address }}
standard_handlers:
- EmailNotification
edit_user_roles:
allow_auto_approve: True
emails:
completed: null
initial: null
token: null
invite_user_to_project:
allow_auto_approve: True
emails:
completed:
subject: invite_user_to_project
template: invite_user_to_project_completed.txt
initial: null
token:
subject: invite_user_to_project
template: invite_user_to_project_token.txt
reset_user_password:
allow_auto_approve: True
emails:
completed:
subject: Password Reset for OpenStack
template: reset_user_password_completed.txt
initial: null
token:
subject: Password Reset for OpenStack
template: reset_user_password_token.txt
update_user_email:
allow_auto_approve: True
additional_actions:
- SendAdditionalEmailAction
actions:
SendAdditionalEmailAction:
initial:
email_current_user: true
subject: OpenStack Email Update Requested
template: update_user_email_started.txt
emails:
completed:
subject: Email Update Complete
template: update_user_email_completed.txt
initial: null
token:
subject: update_user_email_token
template: update_user_email_token.txt
update_quota:
allow_auto_approve: {{ adjutant_quota_allow_auto_approve | bool }}
emails:
completed:
subject: signup completed
template: create_project_and_user_completed.txt
initial: null
token: null
quota:
sizes:
{{ adjutant_quota_sizes | to_nice_yaml(indent=2, width=140) | indent(2, True) }}
sizes_ascending:
{{ adjutant_quota_sizes_asc | to_nice_yaml(indent=2, width=140) | indent(2, True) }}
services:
{{ adjutant_quota_services | to_nice_yaml(indent=2, width=140) | indent(2, True) }}

350
templates/conf.yaml.j2
View File

@ -1,350 +0,0 @@
# General settings
SECRET_KEY: '{{ adjutant_secret_key }}'
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG: False
ALLOWED_HOSTS:
- "*"
ADDITIONAL_APPS:
- adjutant.api.v1
- adjutant.actions.v1
DATABASES:
default:
ENGINE: django.db.backends.mysql
NAME: {{ adjutant_galera_database }}
USER: {{ adjutant_galera_user }}
PASSWORD: {{ adjutant_container_mysql_password }}
HOST: {{ adjutant_galera_address }}
LOGGING:
version: 1
disable_existing_loggers: False
handlers:
file:
level: INFO
class: logging.FileHandler
filename: reg_log.log
loggers:
adjutant:
handlers:
- file
level: INFO
propagate: False
django:
handlers:
- file
level: INFO
propagate: False
keystonemiddleware:
handlers:
- file
level: INFO
propagate: False
EMAIL_SETTINGS:
EMAIL_BACKEND: {{ adjutant_email_backend }}
EMAIL_HOST: {{ adjutant_email_host }}
EMAIL_PORT: {{ adjutant_email_port }}
EMAIL_HOST_USER: {{ adjutant_email_host_user }}
EMAIL_HOST_PASSWORD: {{ adjutant_email_host_password }}
EMAIL_USE_TLS: {{ adjutant_email_use_tls }}
EMAIL_USE_SSL: {{ adjutant_email_use_ssl }}
# setting to control if user name and email are allowed
# to have different values.
USERNAME_IS_EMAIL: True
# Keystone config
KEYSTONE:
username: {{ adjutant_service_user_name }}
password: {{ adjutant_service_password }}
project_name: service
# MUST BE V3 API:
auth_url: {{ keystone_service_adminurl }}
domain_id: {{ adjutant_user_domain_id }}
can_edit_users: True
HORIZON_URL: {{ adjutant_horizon_publicurl }}
# time for the token to expire in hours
TOKEN_EXPIRE_TIME: 24
ACTIVE_TASKVIEWS:
{{ adjutant_active_taskviews | to_nice_yaml(indent=2, width=140) | indent(2, True) }}
DEFAULT_TASK_SETTINGS:
emails:
initial:
subject: Initial Confirmation
reply: {{ adjutant_email_reply_address }}
from: {{ adjutant_email_from_address }}
template: initial.txt
# html_template: initial.txt
# If the related actions 'can' send a token,
# this field should here.
token:
subject: Your Token
reply: {{ adjutant_email_reply_address }}
from: {{ adjutant_email_from_address }}
template: token.txt
# html_template: token.txt
completed:
subject: Task completed
reply: {{ adjutant_email_reply_address }}
from: {{ adjutant_email_from_address }}
template: completed.txt
# html_template: completed.txt
notifications:
EmailNotification:
standard:
emails:
- {{ adjutant_email_notification_address }}
reply: {{ adjutant_email_reply_address }}
from: {{ adjutant_email_from_address }}
template: notification.txt
# html_template: completed.txt
error:
emails:
- {{ adjutant_email_notification_address }}
reply: {{ adjutant_email_reply_address }}
from: {{ adjutant_email_from_address }}
template: notification.txt
# html_template: completed.txt
# Default Action settings:
# These can be overridden at a per task level below in the
# task settings so that multiple tasks can use the same actions
# slightly differently.
#
# TASK_SETTINGS:
# <task_type>:
# <othersettings> ....
# ....
# action_settings:
# <action_class_name>:
# <action_settings_overrides> ....
DEFAULT_ACTION_SETTINGS:
NewProjectAction:
default_roles:
- project_admin
- project_mod
- heat_stack_owner
- _member_
- creator
- swiftoperator
- load-balancer_member
NewProjectWithUserAction:
default_roles:
- project_admin
- project_mod
- heat_stack_owner
- _member_
- creator
- swiftoperator
- load-balancer_member
NewUserAction:
allowed_roles:
- project_admin
- project_mod
- heat_stack_owner
- _member_
- creator
- swiftoperator
- load-balancer_member
ResetUserPasswordAction:
blacklisted_roles:
- admin
- rating
NewDefaultNetworkAction:
"{{ adjutant_service_region }}":
network_name: default_network
subnet_name: default_subnet
router_name: default_router
public_network: 04b958fd-5edc-4210-a0ca-8d8b065f9ed6
DNS_NAMESERVERS:
- 8.8.8.8
- 8.8.4.4
SUBNET_CIDR: 192.168.1.0/24
NewProjectDefaultNetworkAction:
"{{ adjutant_service_region }}":
network_name: default_network
subnet_name: default_subnet
router_name: default_router
public_network: 04b958fd-5edc-4210-a0ca-8d8b065f9ed6
DNS_NAMESERVERS:
- 8.8.8.8
- 8.8.4.4
SUBNET_CIDR: 192.168.1.0/24
AddDefaultUsersToProjectAction:
default_users:
- cloudkitty
default_roles:
- rating
SetProjectQuotaAction:
regions:
"{{ adjutant_service_region }}":
quota_size: {{ adjutant_default_quota_size }}
UpdateProjectQuotasAction:
days_between_autoapprove: {{ adjutant_quota_auto_approve_days }}
SendAdditionalEmailAction:
initial:
email_current_user: False
reply: {{ adjutant_email_reply_address }}
from: {{ adjutant_email_from_address }}
subject: "Openstack Email Notification"
template: null
token:
email_current_user: False
reply: {{ adjutant_email_reply_address }}
from: {{ adjutant_email_from_address }}
subject: "Openstack Email Notification"
template: null
completed:
email_current_user: False
reply: {{ adjutant_email_reply_address }}
from: {{ adjutant_email_from_address }}
subject: "Openstack Email Notification"
template: null
# A null template will cause the email not to send
# Also emails to the given roles on the project
# email_roles:
# - project_admin
# Or sends to an email set in the task cache
# email_task_cache: True
# Or sends to an arbitrary admin email
# email_additional_addresses:
# - admin@example.org
# These are cascading overrides for the default settings:
TASK_SETTINGS:
signup:
# You can override 'default_actions' if needed for given taskviews
# The order of the actions is order of execution.
#
# default_actions:
# - NewProjectAction
#
# Additional actions for views
# These will run after the default actions, in the given order.
additional_actions:
- NewProjectDefaultNetworkAction
- AddDefaultUsersToProjectAction
- SetProjectQuotaAction
emails:
initial:
subject: Your OpenStack signup has been received
template: signup_initial.txt
token:
subject: Your OpenStack signup has been approved
template: signup_token.txt
completed:
subject: Your OpenStack signup has been completed
template: signup_completed.txt
notifications:
EmailNotification:
standard:
emails:
- {{ adjutant_email_signups_notification_address }}
error:
emails:
- {{ adjutant_email_signups_notification_address }}
default_region: {{ adjutant_service_region }}
# If 'None' (null in yaml) will default to domain as parent.
# If domain isn't set explicity will service user domain (see KEYSTONE).
default_parent_id: null
invite_user:
duplicate_policy: cancel
emails:
# To not send this email set the value to null
initial: null
token:
subject: Invitation to an OpenStack project
template: invite_user_token.txt
completed:
subject: Invitation Completed
template: invite_user_completed.txt
errors:
SMTPException:
notification: acknowledge
engines: False
reset_password:
duplicate_policy: cancel
emails:
initial: null
token:
subject: Password Reset for OpenStack
template: password_reset_token.txt
completed:
subject: Password Reset Completed
template: password_reset_completed.txt
force_password:
duplicate_policy: cancel
emails:
initial: null
token:
subject: Set your OpenStack password
template: initial_password_token.txt
completed:
subject: Welcome to OpenStack!
template: initial_password_completed.txt
edit_user:
duplicate_policy: cancel
emails:
initial: null
token: null
role_blacklist:
- admin
- rating
edit_roles:
duplicate_policy: cancel
emails:
initial: null
token: null
update_email:
duplicate_policy: cancel
additional_actions:
- SendAdditionalEmailAction
emails:
initial: null
token:
subject: Confirm OpenStack Email Update
template: email_update_token.txt
completed:
subject: OpenStack Email Updated
template: email_update_completed.txt
action_settings:
SendAdditionalEmailAction:
initial:
subject: OpenStack Email Update Requested
template: email_update_started.txt
email_current_user: True
update_quota:
allow_auto_approve: {{ adjutant_quota_allow_auto_approve | bool }}
duplicate_policy: cancel
size_difference_threshold: 0.1
emails:
initial: null
token: null
completed:
subject: Openstack Quota updated
template: quota_completed.txt
# mapping between roles and managable roles
ROLES_MAPPING:
{{ adjutant_role_mapping | to_nice_yaml(indent=2, width=140) | indent(2, True) }}
PROJECT_QUOTA_SIZES:
{{ adjutant_quota_sizes | to_nice_yaml(indent=2, width=140) | indent(2, True) }}
# Time in seconds to cache token from Keystone
TOKEN_CACHE_TIME: 0
# Ordered list of quota sizes from smallest to biggest
QUOTA_SIZES_ASC:
{{ adjutant_quota_sizes_asc | to_nice_yaml(indent=2, width=140) | indent(2, True) }}
# Services to check through the quotas for
QUOTA_SERVICES:
{{ adjutant_quota_services | to_nice_yaml(indent=2, width=140) | indent(2, True) }}