commit 72531160574a10c6da13e22839fca94baf235b43 Author: Andreas Holmsten Date: Wed Nov 13 14:49:48 2019 +0100 Initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5421f90 --- /dev/null +++ b/.gitignore @@ -0,0 +1,71 @@ +# Compiled source # +################### +*.com +*.class +*.dll +*.exe +*.o +*.so +*.pyc +build/ +dist/ +doc/build/ + +# Packages # +############ +# it's better to unpack these files and commit the raw source +# git has its own built in compression methods +*.7z +*.dmg +*.gz +*.iso +*.jar +*.rar +*.tar +*.zip + +# Logs and databases # +###################### +*.log +*.sql +*.sqlite +logs/* + +# OS generated files # +###################### +.DS_Store +.DS_Store? +._* +.Spotlight-V100 +.Trashes +.idea +.tox +*.sublime* +*.egg-info +Icon? +ehthumbs.db +Thumbs.db +.eggs + +# User driven backup files # +############################ +*.bak +*.swp + +# Generated by pbr while building docs +###################################### +AUTHORS +ChangeLog + +# Files created by releasenotes build +releasenotes/build + +# Test temp files +tests/common +tests/*.retry + +# Vagrant artifacts +.vagrant + +# Git clones +openstack-ansible-ops diff --git a/.gitreview b/.gitreview new file mode 100644 index 0000000..b7b1f74 --- /dev/null +++ b/.gitreview @@ -0,0 +1,5 @@ +[gerrit] +host=review.opendev.org +port=29418 +project=openstack/openstack-ansible-os_adjutant.git +defaultbranch=stable/queens diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst new file mode 100644 index 0000000..009b276 --- /dev/null +++ b/CONTRIBUTING.rst @@ -0,0 +1,100 @@ +OpenStack-Ansible Adjutant +############################ +:tags: openstack, adjutant, cloud, ansible +:category: \*nix + +contributor guidelines +^^^^^^^^^^^^^^^^^^^^^^ + +Filing Bugs +----------- + +Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net +/openstack-ansible" + + +When submitting a bug, or working on a bug, please ensure the following +criteria are met: + * The description clearly states or describes the original problem or root + cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * The provided information should be totally self-contained. External + access to web services/sites should not be needed. + * Steps to reproduce the problem if possible. + + +Submitting Code +--------------- + +Changes to the project should be submitted for review via the Gerrit tool, +following the workflow documented at: +"http://docs.openstack.org/infra/manual/developers.html#development-workflow" + +Pull requests submitted through GitHub will be ignored and closed without +regard. + + +Extra +----- + +Tags: If it's a bug that needs fixing in a branch in addition to Master, add a + '\-backport-potential' tag (eg ``juno-backport-potential``). + There are predefined tags that will autocomplete. + +Status: + Please leave this alone, it should be New till someone triages the issue. + +Importance: + Should only be touched if it is a Blocker/Gating issue. If it is, please + set to High, and only use Critical if you have found a bug that can take + down whole infrastructures. + + +Style guide +----------- + +When creating tasks and other roles for use in Ansible please create then +using the YAML dictionary format. + +Example YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: + thing1: "some-stuff" + thing2: "some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Example **NOT** in YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: thing1="some-stuff" thing2="some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Usage of the ">" and "|" operators should be limited to Ansible conditionals +and command modules such as the ansible ``shell`` module. + + +Issues +------ + +When submitting an issue, or working on an issue please ensure the following +criteria are met: + * The description clearly states or describes the original problem or root + cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * If the issue is a bug that needs fixing in a branch other than Master, + add the ‘backport potential’ tag TO THE ISSUE (not the PR). + * The provided information should be totally self-contained. External + access to web services/sites should not be needed. + * If the issue is needed for a hotfix release, add the 'expedite' label. + * Steps to reproduce the problem if possible. diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..50d8447 --- /dev/null +++ b/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2016 Michael Rice + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README.rst b/README.rst new file mode 100644 index 0000000..2879441 --- /dev/null +++ b/README.rst @@ -0,0 +1,47 @@ +======================== +Team and repository tags +======================== + +.. image:: http://governance.openstack.org/badges/openstack-ansible-os_adjutant.svg + :target: http://governance.openstack.org/reference/tags/index.html + +.. Change things from this point on + +OpenStack-Ansible Adjutant +############################ +:tags: openstack, adjutant, cloud, ansible +:category: \*nix + +This Ansible role installs and configures OpenStack adjutant. + +This role will install the following Upstart services: + * adjutant-api + * adjutant-processor + +Required Variables +================== + +.. code-block:: yaml + + adjutant_service_password + adjutant_rabbitmq_password + adjutant_container_mysql_password + adjutant_galera_address + +Example Playbook +================ + +.. code-block:: yaml + + - name: Install adjutant server + hosts: adjutant_all + user: root + roles: + - { role: "os_adjutant", tags: [ "os-adjutant" ] } + vars: + external_lb_vip_address: 172.16.24.1 + internal_lb_vip_address: 192.168.0.1 + adjutant_galera_address: "{{ internal_lb_vip_address }}" + adjutant_container_mysql_password: "SuperSecretePassword1" + adjutant_service_password: "SuperSecretePassword2" + adjutant_rabbitmq_password: "SuperSecretePassword3" diff --git a/Vagrantfile b/Vagrantfile new file mode 100644 index 0000000..79d67de --- /dev/null +++ b/Vagrantfile @@ -0,0 +1,49 @@ +# Note: +# This file is maintained in the openstack-ansible-tests repository. +# https://git.openstack.org/cgit/openstack/openstack-ansible-tests/tree/Vagrantfile +# +# If you need to perform any change on it, you should modify the central file, +# then, an OpenStack CI job will propagate your changes to every OSA repository +# since every repo uses the same Vagrantfile + +# Verify whether required plugins are installed. +required_plugins = [ "vagrant-disksize" ] +required_plugins.each do |plugin| + if not Vagrant.has_plugin?(plugin) + raise "The vagrant plugin #{plugin} is required. Please run `vagrant plugin install #{plugin}`" + end +end + +Vagrant.configure(2) do |config| + config.vm.provider "virtualbox" do |v| + v.memory = 4096 + v.cpus = 2 + end + + config.vm.synced_folder ".", "/vagrant", type: "rsync" + + config.vm.provision "shell", + privileged: false, + inline: <<-SHELL + cd /vagrant + ./run_tests.sh + SHELL + + config.vm.define "ubuntu1604" do |xenial| + xenial.disksize.size = "40GB" + xenial.vm.box = "ubuntu/xenial64" + end + + config.vm.define "opensuse422" do |leap422| + leap422.vm.box = "opensuse/openSUSE-42.2-x86_64" + end + + config.vm.define "opensuse423" do |leap423| + leap423.vm.box = "opensuse/openSUSE-42.3-x86_64" + end + + config.vm.define "centos7" do |centos7| + centos7.vm.box = "centos/7" + end + +end diff --git a/bindep.txt b/bindep.txt new file mode 100644 index 0000000..4e1c0a5 --- /dev/null +++ b/bindep.txt @@ -0,0 +1,49 @@ +# This file facilitates OpenStack-CI package installation +# before the execution of any tests. +# +# See the following for details: +# - https://docs.openstack.org/infra/bindep/ +# - https://git.openstack.org/cgit/openstack-infra/bindep +# +# Even if the role does not make use of this facility, it +# is better to have this file empty, otherwise OpenStack-CI +# will fall back to installing its default packages which +# will potentially be detrimental to the tests executed. +# +# Note: +# This file is maintained in the openstack-ansible-tests repository. +# https://git.openstack.org/cgit/openstack/openstack-ansible-tests/tree/bindep.txt +# If you need to remove or add extra dependencies, you should modify +# the central file instead and once your change is accepted then update +# this file as well. The purpose of this file is to ensure that Python and +# Ansible have all their necessary binary requirements on the test host before +# tox executes. Any binary requirements needed by services/roles should be +# installed by those roles in their applicable package install tasks, not through +# using this file. +# + +# The gcc compiler +gcc + +# Base requirements for Ubuntu +git-core [platform:dpkg] +libssl-dev [platform:dpkg] +libffi-dev [platform:dpkg] +python2.7 [platform:dpkg] +python-apt [platform:dpkg] +python-dev [platform:dpkg] + +# Base requirements for RPM distros +gcc-c++ [platform:rpm] +git [platform:rpm] +libffi-devel [platform:rpm] +openssl-devel [platform:rpm] +python-devel [platform:rpm] +python2-dnf [platform:fedora] + +# For SELinux +libselinux-python [platform:redhat] +libsemanage-python [platform:redhat] + +# Required for compressing collected log files in CI +gzip diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..d44337c --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,125 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +## Verbosity Options +debug: False + +# Set the package install state for distribution and pip packages +# Options are 'present' and 'latest' +adjutant_package_state: "latest" +adjutant_pip_package_state: "latest" + +adjutant_service_user_name: adjutant + +adjutant_system_group_name: adjutant +adjutant_system_user_name: adjutant +adjutant_system_comment: adjutant system user +adjutant_system_shell: /bin/false +adjutant_system_home_folder: "/var/lib/{{ adjutant_system_user_name }}" + +adjutant_venv_tag: untagged +adjutant_bin: "/openstack/venvs/adjutant-{{ adjutant_venv_tag }}/bin" + +# venv_download, even when true, will use the fallback method of building the +# venv from scratch if the venv download fails. +adjutant_venv_download: "{{ not adjutant_developer_mode | bool }}" +adjutant_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/adjutant.tgz + +adjutant_git_repo: https://git.openstack.org/openstack/adjutant +adjutant_git_install_branch: stable/queens + +adjutant_developer_constraints: + - "git+{{ adjutant_git_repo }}@{{ adjutant_git_install_branch }}#egg=adjutant" + +adjutant_user_domain_name: Default +adjutant_keystone_auth_plugin: password + +adjutant_galera_address: "{{ galera_address | default('127.0.0.1') }}" +adjutant_galera_database: adjutant +adjutant_galera_user: adjutant + +## Service Type and Data +adjutant_service_region: RegionOne +adjutant_service_name: adjutant +adjutant_service_type: registration +adjutant_service_port: 5050 +adjutant_service_proto: http +adjutant_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(adjutant_service_proto) }}" +adjutant_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(adjutant_service_proto) }}" +adjutant_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(adjutant_service_proto) }}" +adjutant_service_publicuri: "{{ adjutant_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ adjutant_service_port }}" +adjutant_service_publicurl: "{{ adjutant_service_publicuri }}/" +adjutant_service_adminuri: "{{ adjutant_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ adjutant_service_port }}" +adjutant_service_adminurl: "{{ adjutant_service_adminuri }}/" +adjutant_service_internaluri: "{{ adjutant_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ adjutant_service_port }}" +adjutant_service_internalurl: "{{ adjutant_service_internaluri }}/" + +#: Set this to false to disable API service through Apache + mod_wsgi +adjutant_use_mod_wsgi: true + +# Apache setup +adjutant_apache_log_level: info +adjutant_apache_servertokens: "Prod" +adjutant_apache_serversignature: "Off" +adjutant_wsgi_threads: 1 +adjutant_wsgi_processes_max: 16 +adjutant_wsgi_processes: "{{ [[ansible_processor_vcpus|default(1), 1] | max * 2, adjutant_wsgi_processes_max] | min }}" + +# set adjutant_ssl to true to enable SSL configuration on the adjutant containers +adjutant_ssl: false +adjutant_ssl_cert: /etc/ssl/certs/adjutant.pem +adjutant_ssl_key: /etc/ssl/private/adjutant.key +adjutant_ssl_ca_cert: /etc/ssl/certs/adjutant-ca.pem +adjutant_ssl_protocol: "{{ ssl_protocol | default('ALL -SSLv2 -SSLv3') }}" +adjutant_ssl_cipher_suite: "{{ ssl_cipher_suite | default('ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS') }}" + +# if using a self-signed certificate, set this to true to regenerate it +adjutant_ssl_self_signed_regen: false +adjutant_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ internal_lb_vip_address }}/subjectAltName=IP.1={{ external_lb_vip_address }}" + +# Set these in user_variables to deploy custom certificates +#adjutant_user_ssl_cert: +#adjutant_user_ssl_key: +#adjutant_user_ssl_ca_cert: + +adjutant_adjutant_conf_overrides: {} +adjutant_api_init_overrides: {} + +## Service Name-Group Mapping +adjutant_services: + adjutant-api: + group: adjutant_api + service_name: adjutant-api + service_enabled: "{{ adjutant_use_mod_wsgi | ternary(false, true) }}" + init_config_overrides: "{{ adjutant_api_init_overrides }}" + +adjutant_pip3_install_args: "{{ pip_install_options | default('') }}" +adjutant_venv_rebuild: no + +adjutant_pip3_packages: + - git+git://opendev.org/openstack/adjutant.git@d00e3a0b1e93f1fbbad0025588f8f101fbd0ba21 + - cryptography + - mod_wsgi + +adjutant_requires_pip3_packages: + - virtualenv + - python-keystoneclient + - httplib2 + +# This variable is used by the repo_build process to determine +# which host group to check for members of before building the +# pip packages required by this role. The value is picked up +# by the py_pkgs lookup. +adjutant_role_project_group: adjutant_all diff --git a/doc/Makefile b/doc/Makefile new file mode 100644 index 0000000..a1b72d5 --- /dev/null +++ b/doc/Makefile @@ -0,0 +1,195 @@ +# Makefile for Sphinx documentation +# + +# You can set these variables from the command line. +SPHINXOPTS = +SPHINXBUILD = sphinx-build +PAPER = +BUILDDIR = build + +# User-friendly check for sphinx-build +ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1) +$(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don't have Sphinx installed, grab it from http://sphinx-doc.org/) +endif + +# Internal variables. +PAPEROPT_a4 = -D latex_paper_size=a4 +PAPEROPT_letter = -D latex_paper_size=letter +ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source +# the i18n builder cannot share the environment and doctrees with the others +I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source + +.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest coverage gettext + +help: + @echo "Please use \`make ' where is one of" + @echo " html to make standalone HTML files" + @echo " dirhtml to make HTML files named index.html in directories" + @echo " singlehtml to make a single large HTML file" + @echo " pickle to make pickle files" + @echo " json to make JSON files" + @echo " htmlhelp to make HTML files and a HTML help project" + @echo " qthelp to make HTML files and a qthelp project" + @echo " applehelp to make an Apple Help Book" + @echo " devhelp to make HTML files and a Devhelp project" + @echo " epub to make an epub" + @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" + @echo " latexpdf to make LaTeX files and run them through pdflatex" + @echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx" + @echo " text to make text files" + @echo " man to make manual pages" + @echo " texinfo to make Texinfo files" + @echo " info to make Texinfo files and run them through makeinfo" + @echo " gettext to make PO message catalogs" + @echo " changes to make an overview of all changed/added/deprecated items" + @echo " xml to make Docutils-native XML files" + @echo " pseudoxml to make pseudoxml-XML files for display purposes" + @echo " linkcheck to check all external links for integrity" + @echo " doctest to run all doctests embedded in the documentation (if enabled)" + @echo " coverage to run coverage check of the documentation (if enabled)" + +clean: + rm -rf $(BUILDDIR)/* + +html: + $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." + +dirhtml: + $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." + +singlehtml: + $(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml + @echo + @echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml." + +pickle: + $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle + @echo + @echo "Build finished; now you can process the pickle files." + +json: + $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json + @echo + @echo "Build finished; now you can process the JSON files." + +htmlhelp: + $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp + @echo + @echo "Build finished; now you can run HTML Help Workshop with the" \ + ".hhp project file in $(BUILDDIR)/htmlhelp." + +qthelp: + $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp + @echo + @echo "Build finished; now you can run "qcollectiongenerator" with the" \ + ".qhcp project file in $(BUILDDIR)/qthelp, like this:" + @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/openstack-ansible-os_adjutant.qhcp" + @echo "To view the help file:" + @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/openstack-ansible-os_adjutant.qhc" + +applehelp: + $(SPHINXBUILD) -b applehelp $(ALLSPHINXOPTS) $(BUILDDIR)/applehelp + @echo + @echo "Build finished. The help book is in $(BUILDDIR)/applehelp." + @echo "N.B. You won't be able to view it unless you put it in" \ + "~/Library/Documentation/Help or install it in your application" \ + "bundle." + +devhelp: + $(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp + @echo + @echo "Build finished." + @echo "To view the help file:" + @echo "# mkdir -p $$HOME/.local/share/devhelp/openstack-ansible-os_adjutant" + @echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/openstack-ansible-os_adjutant" + @echo "# devhelp" + +epub: + $(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub + @echo + @echo "Build finished. The epub file is in $(BUILDDIR)/epub." + +latex: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo + @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." + @echo "Run \`make' in that directory to run these through (pdf)latex" \ + "(use \`make latexpdf' here to do that automatically)." + +latexpdf: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo "Running LaTeX files through pdflatex..." + $(MAKE) -C $(BUILDDIR)/latex all-pdf + @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." + +latexpdfja: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo "Running LaTeX files through platex and dvipdfmx..." + $(MAKE) -C $(BUILDDIR)/latex all-pdf-ja + @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." + +text: + $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text + @echo + @echo "Build finished. The text files are in $(BUILDDIR)/text." + +man: + $(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man + @echo + @echo "Build finished. The manual pages are in $(BUILDDIR)/man." + +texinfo: + $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo + @echo + @echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo." + @echo "Run \`make' in that directory to run these through makeinfo" \ + "(use \`make info' here to do that automatically)." + +info: + $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo + @echo "Running Texinfo files through makeinfo..." + make -C $(BUILDDIR)/texinfo info + @echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo." + +gettext: + $(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale + @echo + @echo "Build finished. The message catalogs are in $(BUILDDIR)/locale." + +changes: + $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes + @echo + @echo "The overview file is in $(BUILDDIR)/changes." + +linkcheck: + $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck + @echo + @echo "Link check complete; look for any errors in the above output " \ + "or in $(BUILDDIR)/linkcheck/output.txt." + +doctest: + $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest + @echo "Testing of doctests in the sources finished, look at the " \ + "results in $(BUILDDIR)/doctest/output.txt." + +coverage: + $(SPHINXBUILD) -b coverage $(ALLSPHINXOPTS) $(BUILDDIR)/coverage + @echo "Testing of coverage in the sources finished, look at the " \ + "results in $(BUILDDIR)/coverage/python.txt." + +xml: + $(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml + @echo + @echo "Build finished. The XML files are in $(BUILDDIR)/xml." + +pseudoxml: + $(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml + @echo + @echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml." + +livehtml: html + sphinx-autobuild -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html diff --git a/doc/source/conf.py b/doc/source/conf.py new file mode 100644 index 0000000..530dcd8 --- /dev/null +++ b/doc/source/conf.py @@ -0,0 +1,328 @@ +#!/usr/bin/env python3 + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This file is execfile()d with the current directory set to its +# containing dir. +# +# Note that not all possible configuration values are present in this +# autogenerated file. +# +# All configuration values have a default; values that are commented out +# serve to show the default. + +import pbr.version +import os + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +# sys.path.insert(0, os.path.abspath('.')) + +# -- General configuration ------------------------------------------------ + +# If your documentation needs a minimal Sphinx version, state it here. +# needs_sphinx = '1.0' + +# Add any Sphinx extension module names here, as strings. They can be +# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom +# ones. +extensions = [ + 'openstackdocstheme', + 'sphinx.ext.autodoc', + 'sphinxmark' +] + +# Add any paths that contain templates here, relative to this directory. +templates_path = ['_templates'] + +# The suffix(es) of source filenames. +# You can specify multiple suffix as a list of string: +# source_suffix = ['.rst', '.md'] +source_suffix = '.rst' + +# The encoding of source files. +# source_encoding = 'utf-8-sig' + +# The master toctree document. +master_doc = 'index' + +# General information about the project. +author = 'OpenStack-Ansible Contributors' +category = 'Miscellaneous' +copyright = '2014-2016, OpenStack-Ansible Contributors' +description = 'OpenStack-Ansible deploys OpenStack environments using Ansible.' +project = 'OpenStack-Ansible' +role_name = 'os_adjutant' +target_name = 'openstack-ansible-' + role_name +title = 'OpenStack-Ansible Documentation: ' + role_name + 'role' + +# The link to the browsable source code (for the left hand menu) +oslosphinx_cgit_link = ( + "https://git.openstack.org/cgit/openstack/{}".format(target_name) +) + +# The version info for the project you're documenting, acts as replacement for +# |version| and |release|, also used in various other places throughout the +# built documents. +# +# The short X.Y version. +version_info = pbr.version.VersionInfo(target_name) +# The full version, including alpha/beta/rc tags. +release = version_info.version_string_with_vcs() +# The short X.Y version. +version = version_info.canonical_version_string() + +# openstackdocstheme options +repository_name = 'openstack/' + target_name +bug_project = project.lower() +bug_tag = '' + +# The language for content autogenerated by Sphinx. Refer to documentation +# for a list of supported languages. +# +# This is also used if you do content translation via gettext catalogs. +# Usually you set "language" from the command line for these cases. +language = None + +# There are two options for replacing |today|: either, you set today to some +# non-false value, then it is used: +# today = '' +# Else, today_fmt is used as the format for a strftime call. +# today_fmt = '%B %d, %Y' + +# List of patterns, relative to source directory, that match files and +# directories to ignore when looking for source files. +exclude_patterns = [] + +# The reST default role (used for this markup: `text`) to use for all +# documents. +# default_role = None + +# If true, '()' will be appended to :func: etc. cross-reference text. +# add_function_parentheses = True + +# If true, the current module name will be prepended to all description +# unit titles (such as .. function::). +# add_module_names = True + +# If true, sectionauthor and moduleauthor directives will be shown in the +# output. They are ignored by default. +# show_authors = False + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = 'sphinx' + +# A list of ignored prefixes for module index sorting. +# modindex_common_prefix = [] + +# If true, keep warnings as "system message" paragraphs in the built documents. +# keep_warnings = False + +# If true, `todo` and `todoList` produce output, else they produce nothing. +todo_include_todos = False + + +# -- Options for HTML output ---------------------------------------------- + +# The theme to use for HTML and HTML Help pages. See the documentation for +# a list of builtin themes. +html_theme = 'openstackdocs' + +# Theme options are theme-specific and customize the look and feel of a theme +# further. For a list of options available for each theme, see the +# documentation. +# html_theme_options = {} + +# Add any paths that contain custom themes here, relative to this directory. +# html_theme_path = [] + +# The name for this set of Sphinx documents. If None, it defaults to +# " v documentation". +# html_title = None + +# A shorter title for the navigation bar. Default is the same as html_title. +# html_short_title = None + +# The name of an image file (relative to this directory) to place at the top +# of the sidebar. +# html_logo = None + +# The name of an image file (within the static path) to use as favicon of the +# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 +# pixels large. +# html_favicon = None + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +html_static_path = ['_static'] + +# Add any extra paths that contain custom files (such as robots.txt or +# .htaccess) here, relative to this directory. These files are copied +# directly to the root of the documentation. +# html_extra_path = [] + +# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, +# using the given strftime format. +html_last_updated_fmt = '%Y-%m-%d %H:%M' + +# If true, SmartyPants will be used to convert quotes and dashes to +# typographically correct entities. +# html_use_smartypants = True + +# Custom sidebar templates, maps document names to template names. +# html_sidebars = {} + +# Additional templates that should be rendered to pages, maps page names to +# template names. +# html_additional_pages = {} + +# If false, no module index is generated. +# html_domain_indices = True + +# If false, no index is generated. +# html_use_index = True + +# If true, the index is split into individual pages for each letter. +# html_split_index = False + +# If true, links to the reST sources are added to the pages. +# html_show_sourcelink = True + +# If true, "Created using Sphinx" is shown in the HTML footer. Default is True. +# html_show_sphinx = True + +# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. +# html_show_copyright = True + +# If true, an OpenSearch description file will be output, and all pages will +# contain a tag referring to it. The value of this option must be the +# base URL from which the finished HTML is served. +# html_use_opensearch = '' + +# This is the file name suffix for HTML files (e.g. ".xhtml"). +# html_file_suffix = None + +# Language to be used for generating the HTML full-text search index. +# Sphinx supports the following languages: +# 'da', 'de', 'en', 'es', 'fi', 'fr', 'h', 'it', 'ja' +# 'nl', 'no', 'pt', 'ro', 'r', 'sv', 'tr' +# html_search_language = 'en' + +# A dictionary with options for the search language support, empty by default. +# Now only 'ja' uses this config value +# html_search_options = {'type': 'default'} + +# The name of a javascript file (relative to the configuration directory) that +# implements a search results scorer. If empty, the default will be used. +# html_search_scorer = 'scorer.js' + +# Output file base name for HTML help builder. +htmlhelp_basename = target_name + '-docs' + +# -- Options for LaTeX output --------------------------------------------- + +latex_elements = { + # The paper size ('letterpaper' or 'a4paper'). + # 'papersize': 'letterpaper', + + # The font size ('10pt', '11pt' or '12pt'). + # 'pointsize': '10pt', + + # Additional stuff for the LaTeX preamble. + # 'preamble': '', + + # Latex figure (float) alignment + # 'figure_align': 'htbp', +} + +# Grouping the document tree into LaTeX files. List of tuples +# (source start file, target name, title, +# author, documentclass [howto, manual, or own class]). +latex_documents = [ + (master_doc, target_name + '.tex', + title, author, 'manual'), +] + +# The name of an image file (relative to this directory) to place at the top of +# the title page. +# latex_logo = None + +# For "manual" documents, if this is true, then toplevel headings are parts, +# not chapters. +# latex_use_parts = False + +# If true, show page references after internal links. +# latex_show_pagerefs = False + +# If true, show URL addresses after external links. +# latex_show_urls = False + +# Documents to append as an appendix to all manuals. +# latex_appendices = [] + +# If false, no module index is generated. +# latex_domain_indices = True + + +# -- Options for manual page output --------------------------------------- + +# One entry per manual page. List of tuples +# (source start file, name, description, authors, manual section). +man_pages = [ + (master_doc, target_name, + title, [author], 1) +] + +# If true, show URL addresses after external links. +# man_show_urls = False + + +# -- Options for Texinfo output ------------------------------------------- + +# Grouping the document tree into Texinfo files. List of tuples +# (source start file, target name, title, author, +# dir menu entry, description, category) +texinfo_documents = [ + (master_doc, target_name, + title, author, project, + description, category), +] + +# Documents to append as an appendix to all manuals. +# texinfo_appendices = [] + +# If false, no module index is generated. +# texinfo_domain_indices = True + +# How to display URL addresses: 'footnote', 'no', or 'inline'. +# texinfo_show_urls = 'footnote' + +# If true, do not generate a @detailmenu in the "Top" node's menu. +# texinfo_no_detailmenu = False + + +watermark = os.popen("git branch --contains $(git rev-parse HEAD)\ +| awk -F/ '/stable/ {print $2}'").read().strip(' \n\t').capitalize() +if watermark == "": + watermark = "Pre-release" + +# -- Options for sphinxmark ----------------------------------------------- +sphinxmark_enable = True +sphinxmark_div = 'docs-body' +sphinxmark_image = 'text' +sphinxmark_text = watermark +sphinxmark_text_color = (128, 128, 128) +sphinxmark_text_size = 70 diff --git a/doc/source/index.rst b/doc/source/index.rst new file mode 100644 index 0000000..4cc1eb4 --- /dev/null +++ b/doc/source/index.rst @@ -0,0 +1,6 @@ +.. include:: ../../README.rst + +Dependencies +~~~~~~~~~~~~ + +This role needs pip >= 7.1 installed on the target host. diff --git a/extras/env.d/adjutant.yml b/extras/env.d/adjutant.yml new file mode 100644 index 0000000..4a47bec --- /dev/null +++ b/extras/env.d/adjutant.yml @@ -0,0 +1,36 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +component_skel: + adjutant_api: + belongs_to: + - adjutant_all + +container_skel: + adjutant_container: + belongs_to: + - adjutant-infra_containers + contains: + - adjutant_api + properties: + service_name: adjutant + +physical_skel: + adjutant-infra_containers: + belongs_to: + - all_containers + adjutant-infra_hosts: + belongs_to: + - hosts diff --git a/extras/haproxy_adjutant.yml b/extras/haproxy_adjutant.yml new file mode 100644 index 0000000..91e5d0d --- /dev/null +++ b/extras/haproxy_adjutant.yml @@ -0,0 +1,10 @@ +haproxy_service_configs: + - service: + haproxy_service_name: adjutant_api + haproxy_backend_nodes: "{{ groups['adjutant_api'] | default([]) }}" + haproxy_port: 5050 + haproxy_balance_type: http + haproxy_backend_options: + - "forwardfor" + - "httpchk" + - "httplog" diff --git a/extras/horizon/horizon_post_install.yml b/extras/horizon/horizon_post_install.yml new file mode 100644 index 0000000..1fea761 --- /dev/null +++ b/extras/horizon/horizon_post_install.yml @@ -0,0 +1,28 @@ +- name: Enable the adjutant-dashboard Horizon panel + file: + src: "{{ item.src }}" + path: "{{ item.path }}" + state: "{{ item.state }}" + notify: Restart apache2 + with_items: + - src: "{{ horizon_lib_dir }}/adjutantdashboard/enabled/_10_admin_group.py" + path: "{{ horizon_lib_dir }}/openstack_dashboard/local/enabled/_10_admin_group.py" + state: "{{ (horizon_enable_adjutant_ui | bool) | ternary('link', 'absent') }}" + - src: "{{ horizon_lib_dir }}/adjutantdashboard/enabled/_10_project_group.py" + path: "{{ horizon_lib_dir }}/openstack_dashboard/local/enabled/_10_project_group.py" + state: "{{ (horizon_enable_adjutant_ui | bool) | ternary('link', 'absent') }}" + - src: "{{ horizon_lib_dir }}/adjutantdashboard/enabled/_11_admin_hashmap_panel.py" + path: "{{ horizon_lib_dir }}/openstack_dashboard/local/enabled/_11_admin_hashmap_panel.py" + state: "{{ (horizon_enable_adjutant_ui | bool) | ternary('link', 'absent') }}" + - src: "{{ horizon_lib_dir }}/adjutantdashboard/enabled/_11_admin_rating_panel.py" + path: "{{ horizon_lib_dir }}/openstack_dashboard/local/enabled/_11_admin_rating_panel.py" + state: "{{ (horizon_enable_adjutant_ui | bool) | ternary('link', 'absent') }}" + - src: "{{ horizon_lib_dir }}/adjutantdashboard/enabled/_11_project_rating_panel.py" + path: "{{ horizon_lib_dir }}/openstack_dashboard/local/enabled/_11_project_rating_panel.py" + state: "{{ (horizon_enable_adjutant_ui | bool) | ternary('link', 'absent') }}" + - src: "{{ horizon_lib_dir }}/adjutantdashboard/enabled/_12_project_reporting_panel.py" + path: "{{ horizon_lib_dir }}/openstack_dashboard/local/enabled/_12_project_reporting_panel.py" + state: "{{ (horizon_enable_adjutant_ui | bool) | ternary('link', 'absent') }}" + - src: "{{ horizon_lib_dir }}/adjutantdashboard/enabled/_13_admin_pyscripts_panel.py" + path: "{{ horizon_lib_dir }}/openstack_dashboard/local/enabled/_13_admin_pyscripts_panel.py" + state: "{{ (horizon_enable_adjutant_ui | bool) | ternary('link', 'absent') }}" diff --git a/extras/horizon/horizon_vars.yml b/extras/horizon/horizon_vars.yml new file mode 100644 index 0000000..f4ba933 --- /dev/null +++ b/extras/horizon/horizon_vars.yml @@ -0,0 +1,6 @@ +## Adjutant +horizon_enable_adjutant_ui: False + +horizon_pip_packages: + - adjutant-dashboard + - python-adjutantclient diff --git a/extras/os-adjutant-install.yml b/extras/os-adjutant-install.yml new file mode 100644 index 0000000..9716ce6 --- /dev/null +++ b/extras/os-adjutant-install.yml @@ -0,0 +1,45 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install adjutant components + hosts: adjutant_all + user: root + pre_tasks: + - include: common-tasks/os-lxc-container-setup.yml + - include: common-tasks/os-log-dir-setup.yml + vars: + log_dirs: + - src: "/openstack/log/{{ inventory_hostname }}-adjutant" + dest: "/var/log/adjutant" + + roles: + - role: "os_adjutant" + - role: "rsyslog_client" + rsyslog_client_log_rotate_file: adjutant_log_rotate + rsyslog_client_log_dir: "/var/log/adjutant" + rsyslog_client_config_name: "99-adjutant-rsyslog-client.conf" + tags: + - rsyslog + - role: "system_crontab_coordination" + tags: + - crontab + vars: + is_metal: "{{ properties.is_metal|default(false) }}" + adjutant_galera_user: adjutant + adjutant_galera_database: adjutant + adjutant_galera_address: "{{ galera_address }}" + environment: "{{ deployment_environment_variables | default({}) }}" + tags: + - adjutant diff --git a/extras/user_secrets_adjutant.yml b/extras/user_secrets_adjutant.yml new file mode 100644 index 0000000..f1338d5 --- /dev/null +++ b/extras/user_secrets_adjutant.yml @@ -0,0 +1,4 @@ +## Adjutant passwords +adjutant_service_password: +adjutant_container_mysql_password: +adjutant_secret_key: diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..d8c390a --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,60 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Restart adjutant services + command: "/bin/true" + notify: + - Stop services + - Start services + +- name: Stop services + service: + name: "{{ item.value.service_name }}" + enabled: "{{ (item.value.service_enabled | bool) | ternary('yes', 'no') }}" + state: "stopped" + daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}" + with_dict: "{{ adjutant_services }}" + when: inventory_hostname in groups[item.value.group] + register: _stop + until: _stop | success + retries: 5 + delay: 2 + +- name: Start services + service: + name: "{{ item.value.service_name }}" + enabled: yes + state: "started" + daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}" + with_dict: "{{ adjutant_services }}" + when: + - inventory_hostname in groups[item.value.group] + - item.value.service_enabled | bool + register: _start + until: _start | success + retries: 5 + delay: 2 + +- name: Restart Apache + service: + name: "{{ adjutant_system_service_name }}" + enabled: yes + state: "restarted" + daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}" + when: adjutant_use_mod_wsgi | bool + register: _restart + until: _restart | success + retries: 5 + delay: 2 diff --git a/manual-test.rc b/manual-test.rc new file mode 100644 index 0000000..7016c45 --- /dev/null +++ b/manual-test.rc @@ -0,0 +1,33 @@ +export VIRTUAL_ENV=$(pwd) +export ANSIBLE_HOST_KEY_CHECKING=False +export ANSIBLE_SSH_CONTROL_PATH=/tmp/%%h-%%r + +# TODO (odyssey4me) These are only here as they are non-standard folder +# names for Ansible 1.9.x. We are using the standard folder names for +# Ansible v2.x. We can remove this when we move to Ansible 2.x. +export ANSIBLE_ACTION_PLUGINS=${HOME}/.ansible/plugins/action +export ANSIBLE_CALLBACK_PLUGINS=${HOME}/.ansible/plugins/callback +export ANSIBLE_FILTER_PLUGINS=${HOME}/.ansible/plugins/filter +export ANSIBLE_LOOKUP_PLUGINS=${HOME}/.ansible/plugins/lookup + +# This is required as the default is the current path or a path specified +# in ansible.cfg +export ANSIBLE_LIBRARY=${HOME}/.ansible/plugins/library + +# This is required as the default is '/etc/ansible/roles' or a path +# specified in ansible.cfg +export ANSIBLE_ROLES_PATH=${HOME}/.ansible/roles:$(pwd)/.. + +export ANSIBLE_SSH_ARGS="-o ControlMaster=no \ + -o UserKnownHostsFile=/dev/null \ + -o StrictHostKeyChecking=no \ + -o ServerAliveInterval=64 \ + -o ServerAliveCountMax=1024 \ + -o Compression=no \ + -o TCPKeepAlive=yes \ + -o VerifyHostKeyDNS=no \ + -o ForwardX11=no \ + -o ForwardAgent=yes" + +echo "Run manual functional tests by executing the following:" +echo "# ./.tox/functional/bin/ansible-playbook -i tests/inventory tests/test.yml" diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..cb1b7ce --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,34 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +galaxy_info: + author: holmsten + description: Installation and setup of Adjutant + company: ELASTX + license: Apache2 + min_ansible_version: 2.2 + platforms: + - name: Ubuntu + versions: + - xenial + categories: + - cloud + - python + - adjutant + - development + - openstack +dependencies: + - apt_package_pinning + - openstack_openrc diff --git a/run_tests.sh b/run_tests.sh new file mode 100755 index 0000000..4b72d3f --- /dev/null +++ b/run_tests.sh @@ -0,0 +1,59 @@ +#!/usr/bin/env bash +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Note: +# This file is maintained in the openstack-ansible-tests repository. +# https://git.openstack.org/cgit/openstack/openstack-ansible-tests/tree/run_tests.sh +# If you need to modify this file, update the one in the openstack-ansible-tests +# repository and then update this file as well. The purpose of this file is to +# prepare the host and then execute all the tox tests. +# + +## Shell Opts ---------------------------------------------------------------- +set -xeu + +## Vars ---------------------------------------------------------------------- + +export WORKING_DIR=${WORKING_DIR:-$(pwd)} + +## Main ---------------------------------------------------------------------- + +source /etc/os-release || source /usr/lib/os-release + +install_pkg_deps() { + pkg_deps="git" + + # Prefer dnf over yum for CentOS. + which dnf &>/dev/null && RHT_PKG_MGR='dnf' || RHT_PKG_MGR='yum' + + case ${ID,,} in + *suse*) pkg_mgr_cmd="zypper -n in" ;; + centos|rhel|fedora) pkg_mgr_cmd="${RHT_PKG_MGR} install -y" ;; + ubuntu|debian) pkg_mgr_cmd="apt-get install -y" ;; + *) echo "unsupported distribution: ${ID,,}"; exit 1 ;; + esac + + eval sudo $pkg_mgr_cmd $pkg_deps +} + +# Install the host distro package dependencies +install_pkg_deps + +# Clone the tests repo for access to the common test script +source tests/tests-repo-clone.sh + +# Execute the common test script +source tests/common/run_tests_common.sh + diff --git a/setup.cfg b/setup.cfg new file mode 100644 index 0000000..715d7e1 --- /dev/null +++ b/setup.cfg @@ -0,0 +1,24 @@ +[metadata] +name = openstack-ansible-os_adjutant +summary = os_adjutant for OpenStack Ansible +description-file = + README.rst +author = OpenStack +author-email = openstack-dev@lists.openstack.org +home-page = https://docs.openstack.org/openstack-ansible-os_adjutant/latest/ +classifier = + Intended Audience :: Developers + Intended Audience :: System Administrators + License :: OSI Approved :: Apache Software License + Operating System :: POSIX :: Linux + +[build_sphinx] +all_files = 1 +build-dir = doc/build +source-dir = doc/source + +[pbr] +warnerrors = True + +[wheel] +universal = 1 diff --git a/setup.py b/setup.py new file mode 100644 index 0000000..566d844 --- /dev/null +++ b/setup.py @@ -0,0 +1,29 @@ +# Copyright (c) 2013 Hewlett-Packard Development Company, L.P. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# THIS FILE IS MANAGED BY THE GLOBAL REQUIREMENTS REPO - DO NOT EDIT +import setuptools + +# In python < 2.7.4, a lazy loading of package `pbr` will break +# setuptools if some other modules registered functions in `atexit`. +# solution from: http://bugs.python.org/issue15881#msg170215 +try: + import multiprocessing # noqa +except ImportError: + pass + +setuptools.setup( + setup_requires=['pbr>=2.0.0'], + pbr=True) diff --git a/tasks/adjutant_apache.yml b/tasks/adjutant_apache.yml new file mode 100644 index 0000000..4d743f5 --- /dev/null +++ b/tasks/adjutant_apache.yml @@ -0,0 +1,85 @@ +--- +# Copyright 2018, Elastx AB. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Drop apache2 virtual host and ports file + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "root" + group: "root" + with_items: "{{ adjutant_apache_config }}" + notify: + - Restart Apache + +- name: Disable default apache site + file: + path: "{{ item }}" + state: "absent" + with_items: "{{ adjutant_apache_default_sites }}" + notify: + - Restart Apache + +- name: Enabled adjutant vhost + file: + src: "{{ adjutant_apache_site_available }}" + dest: "{{ adjutant_apache_site_enabled }}" + state: "link" + when: + - adjutant_apache_site_available is defined + - adjutant_apache_site_enabled is defined + notify: + - Restart Apache + +- name: Ensure Apache ServerName + lineinfile: + dest: "{{ adjutant_apache_conf }}" + line: "ServerName {{ inventory_hostname }}" + notify: + - Restart Apache + +- name: Ensure Apache ServerTokens + lineinfile: + dest: "{{ adjutant_apache_security_conf }}" + regexp: '^ServerTokens' + line: "ServerTokens {{ adjutant_apache_servertokens }}" + notify: + - Restart Apache + +- name: Ensure Apache ServerSignature + lineinfile: + dest: "{{ adjutant_apache_security_conf }}" + regexp: '^ServerSignature' + line: "ServerSignature {{ adjutant_apache_serversignature }}" + notify: + - Restart Apache + +- name: Remove Listen from Apache config + lineinfile: + dest: "{{ adjutant_apache_security_conf }}" + regexp: '^(Listen.*)' + backrefs: yes + line: '#\1' + notify: + - Restart Apache + +- name: Enable/disable mod_ssl for apache2 + apache2_module: + name: ssl + state: "{{ adjutant_ssl | bool | ternary('present', 'absent') }}" + when: + - ansible_pkg_mgr == 'apt' + notify: + - Restart Apache diff --git a/tasks/adjutant_db_setup.yml b/tasks/adjutant_db_setup.yml new file mode 100644 index 0000000..3a660cd --- /dev/null +++ b/tasks/adjutant_db_setup.yml @@ -0,0 +1,48 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# (C) 2016 Michael Rice +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create DB for service + mysql_db: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ adjutant_galera_address }}" + name: "{{ adjutant_galera_database }}" + state: "present" + delegate_to: "{{ groups['galera_all'][0] }}" + no_log: true + +- name: Grant access to the DB for the service + mysql_user: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ adjutant_galera_address }}" + name: "{{ adjutant_galera_user }}" + password: "{{ adjutant_container_mysql_password }}" + host: "{{ item }}" + state: "present" + priv: "{{ adjutant_galera_database }}.*:ALL" + delegate_to: "{{ groups['galera_all'][0] }}" + no_log: true + with_items: + - "localhost" + - "%" + +- name: Perform adjutant migrate + command: "{{ adjutant_bin }}/adjutant-api migrate" + become: yes + become_user: "{{ adjutant_system_user_name }}" + changed_when: false diff --git a/tasks/adjutant_domain_setup.yml b/tasks/adjutant_domain_setup.yml new file mode 100644 index 0000000..444ccfe --- /dev/null +++ b/tasks/adjutant_domain_setup.yml @@ -0,0 +1,96 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# (C) 2016 Michael Rice +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Ensure adjutant specific roles + keystone: + command: "ensure_role" + role_name: "{{ item }}" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + endpoint: "{{ keystone_service_adminurl }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + with_items: + - "project_admin" + - "project_mod" + no_log: True + +- name: Ensure adjutant user + keystone: + command: "ensure_user" + endpoint: "{{ keystone_service_adminurl }}" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + user_name: "{{ adjutant_service_user_name }}" + domain_name: "{{ adjutant_user_domain_name }}" + password: "{{ adjutant_service_password }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + no_log: True + +- name: Add adjutant user to service admin role + keystone: + command: "ensure_user_role" + user_name: "{{ adjutant_service_user_name }}" + project_name: "service" + role_name: "admin" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + endpoint: "{{ keystone_service_adminurl }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + no_log: True + +- name: Ensure adjutant service + keystone: + command: "ensure_service" + service_name: "{{ adjutant_service_name }}" + service_type: "{{ adjutant_service_type }}" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + endpoint: "{{ keystone_service_adminurl }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + register: add_service + until: add_service|success + retries: 5 + delay: 2 + no_log: True + +- name: Ensure adjutant endpoints + keystone: + command: "ensure_endpoint" + endpoint: "{{ keystone_service_adminurl }}" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + region_name: "{{ adjutant_service_region }}" + service_name: "{{ adjutant_service_name }}" + service_type: "{{ adjutant_service_type }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + endpoint_list: + - url: "{{ adjutant_service_publicurl }}" + interface: "public" + - url: "{{ adjutant_service_internalurl }}" + interface: "internal" + - url: "{{ adjutant_service_adminurl }}" + interface: "admin" + register: add_endpoint + until: add_endpoint|success + retries: 5 + delay: 10 + no_log: True diff --git a/tasks/adjutant_init_systemd.yml b/tasks/adjutant_init_systemd.yml new file mode 100644 index 0000000..b1bb3f2 --- /dev/null +++ b/tasks/adjutant_init_systemd.yml @@ -0,0 +1,60 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create TEMP run dir + file: + path: "/var/run/{{ item.value.service_name }}" + state: directory + owner: "{{ adjutant_system_user_name }}" + group: "{{ adjutant_system_group_name }}" + mode: "02755" + with_dict: "{{ adjutant_services }}" + when: inventory_hostname in groups[item.value.group] + +- name: Create TEMP lock dir + file: + path: "/var/lock/{{ item.value.service_name }}" + state: directory + owner: "{{ adjutant_system_user_name }}" + group: "{{ adjutant_system_group_name }}" + mode: "02755" + with_dict: "{{ adjutant_services }}" + when: inventory_hostname in groups[item.value.group] + +- name: Create tempfile.d entry + template: + src: "adjutant-systemd-tempfiles.j2" + dest: "/etc/tmpfiles.d/adjutant.conf" + mode: "0644" + owner: "root" + group: "root" + with_dict: "{{ adjutant_services }}" + when: inventory_hostname in groups[item.value.group] + notify: + - Restart adjutant services + +- name: Place the systemd init script + config_template: + src: "adjutant-systemd-init.j2" + dest: "/etc/systemd/system/{{ item.value.service_name }}.service" + mode: "0644" + owner: "root" + group: "root" + config_overrides: "{{ item.value.init_config_overrides }}" + config_type: "ini" + with_dict: "{{ adjutant_services }}" + when: inventory_hostname in groups[item.value.group] + notify: + - Restart adjutant services diff --git a/tasks/adjutant_post_install.yml b/tasks/adjutant_post_install.yml new file mode 100644 index 0000000..9003ce9 --- /dev/null +++ b/tasks/adjutant_post_install.yml @@ -0,0 +1,45 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# (C) 2016 Michael Rice +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Drop adjutant Config(s) + config_template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ adjutant_system_user_name }}" + group: "{{ adjutant_system_group_name }}" + mode: "0644" + config_overrides: "{{ item.config_overrides }}" + config_type: "{{ item.config_type }}" + with_items: + - src: "conf.yaml.j2" + dest: "/etc/adjutant/conf.yaml" + config_overrides: "{{ adjutant_adjutant_conf_overrides }}" + config_type: "yaml" + notify: + - Restart adjutant services + - Restart Apache + +- name: Drop Adjutant WSGI Configs + template: + src: wsgi.py.j2 + dest: /var/www/cgi-bin/adjutant/adjutant-api + owner: "{{ adjutant_system_user_name }}" + group: "{{ adjutant_system_group_name }}" + mode: "0755" + when: adjutant_use_mod_wsgi | bool + notify: + - Restart Apache diff --git a/tasks/adjutant_pre_install.yml b/tasks/adjutant_pre_install.yml new file mode 100644 index 0000000..d269724 --- /dev/null +++ b/tasks/adjutant_pre_install.yml @@ -0,0 +1,86 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# (C) 2016 Michael Rice +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create the system group + group: + name: "{{ adjutant_system_group_name }}" + state: "present" + system: "yes" + +- name: Create the adjutant system user + user: + name: "{{ adjutant_system_user_name }}" + group: "{{ adjutant_system_group_name }}" + comment: "{{ adjutant_system_comment }}" + shell: "{{ adjutant_system_shell }}" + system: "yes" + createhome: "yes" + home: "{{ adjutant_system_home_folder }}" + +- name: Create adjutant dir + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner|default(adjutant_system_user_name) }}" + group: "{{ item.group|default(adjutant_system_group_name) }}" + mode: "{{ item.mode|default('0755') }}" + with_items: + - { path: "/openstack", mode: "0755", owner: "root", group: "root" } + - { path: "/etc/adjutant" } + +- name: Create Apache mod_wsgi dirs + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner|default(adjutant_system_user_name) }}" + group: "{{ item.owner|default(adjutant_system_group_name) }}" + mode: "{{ item.mode|default('0755') }}" + with_items: + - { path: "/var/www/cgi-bin", owner: root, group: root } + - { path: "/var/www/cgi-bin/adjutant" } + when: adjutant_use_mod_wsgi | bool + +- name: Test for log directory or link + shell: | + if [ -h "/var/log/adjutant" ]; then + chown -h {{ adjutant_system_user_name }}:{{ adjutant_system_group_name }} "/var/log/adjutant" + chown -R {{ adjutant_system_user_name }}:{{ adjutant_system_group_name }} "$(readlink /var/log/adjutant)" + else + exit 1 + fi + register: log_dir + failed_when: false + changed_when: log_dir.rc != 0 + +- name: Create adjutant log dir + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner|default(adjutant_system_user_name) }}" + group: "{{ item.group|default(adjutant_system_group_name) }}" + mode: "{{ item.mode|default('0755') }}" + with_items: + - { path: "/var/log/adjutant" } + when: log_dir.rc != 0 + +- name: Create adjutant report dir + file: + path: "{{ adjutant_output_basepath }}" + state: directory + owner: "{{ adjutant_system_user_name }}" + group: "{{ adjutant_system_group_name }}" + mode: 0755 diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..19cc559 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,94 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# (C) 2016 Michael Rice +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Gather variables for each operating system + include_vars: "{{ item }}" + with_first_found: + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml" + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml" + - "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml" + - "{{ ansible_distribution | lower }}.yml" + - "{{ ansible_os_family | lower }}-{{ ansible_distribution_version.split('.')[0] }}.yml" + - "{{ ansible_os_family | lower }}.yml" + tags: + - always + +- name: Check init system + command: cat /proc/1/comm + changed_when: false + register: _pid1_name + tags: + - always + +- name: Set the name of pid1 + set_fact: + pid1_name: "{{ _pid1_name.stdout }}" + tags: + - always + +- include: adjutant_pre_install.yml + tags: + - adjutant-install + +- name: Install the python venv + import_role: + name: "python_venv_build" + vars: + venv_python_executable: "{{ adjutant_venv_python_executable }}" + venv_build_distro_package_list: "{{ adjutant_devel_distro_packages }}" + venv_install_destination_path: "{{ adjutant_bin | dirname }}" + venv_install_distro_package_list: "{{ adjutant_distro_packages }}" + venv_pip_install_args: "{{ adjutant_pip3_install_args }}" + venv_pip_packages: "{{ adjutant_pip3_packages }}" + venv_facts_when_changed: + - section: "adjutant" + option: "venv_tag" + value: "{{ adjutant_venv_tag }}" + venv_rebuild: "{{ adjutant_venv_rebuild | default('no') }}" + venv_wheel_build_enable: false + tags: + - adjutant-install + +- include: adjutant_post_install.yml + static: no + tags: + - adjutant-config + +- include: adjutant_domain_setup.yml + when: inventory_hostname == groups['adjutant_all'][0] + tags: + - adjutant-config + +- include: adjutant_db_setup.yml + when: inventory_hostname == groups['adjutant_all'][0] + tags: + - adjutant-config + +- include: "adjutant_init_{{ ansible_service_mgr }}.yml" + static: no + tags: + - adjutant-setup + +- include: adjutant_apache.yml + static: no + when: + - adjutant_use_mod_wsgi | bool + tags: + - adjutant-setup + +- name: Flush handlers + meta: flush_handlers diff --git a/templates/adjutant-httpd.conf.j2 b/templates/adjutant-httpd.conf.j2 new file mode 100644 index 0000000..26d9a5d --- /dev/null +++ b/templates/adjutant-httpd.conf.j2 @@ -0,0 +1,42 @@ +# {{ ansible_managed }} + + + WSGIDaemonProcess adjutant lang='en_US.UTF-8' locale='en_US.UTF-8' user={{ adjutant_system_user_name }} group={{ adjutant_system_group_name }} processes={{ adjutant_wsgi_processes }} threads={{ adjutant_wsgi_threads }} display-name=%{GROUP} + WSGIProcessGroup adjutant + WSGIScriptAlias / /var/www/cgi-bin/adjutant/adjutant-api + WSGIApplicationGroup %{GLOBAL} + + = 2.4> + ErrorLogFormat "%{cu}t %M" + + + LogLevel {{ adjutant_apache_log_level }} + ErrorLog /var/log/adjutant/adjutant-apache-error.log + CustomLog /var/log/adjutant/adjutant-access.log combined + +{% if adjutant_ssl | bool and adjutant_service_internaluri_proto == "https" -%} + SSLEngine on + SSLCertificateFile {{ adjutant_ssl_cert }} + SSLCertificateKeyFile {{ adjutant_ssl_key }} + {% if adjutant_user_ssl_ca_cert is defined -%} + SSLCACertificateFile {{ adjutant_ssl_ca_cert }} + {% endif -%} + SSLCompression Off + SSLProtocol {{ adjutant_ssl_protocol }} + SSLHonorCipherOrder On + SSLCipherSuite {{ adjutant_ssl_cipher_suite }} + SSLOptions +StdEnvVars +ExportCertData +{% endif %} + + + + AllowOverride None + Options +ExecCGI -Includes + + Require all granted + + + Order allow,deny + Allow from all + + diff --git a/templates/adjutant-ports.conf.j2 b/templates/adjutant-ports.conf.j2 new file mode 100644 index 0000000..b770a17 --- /dev/null +++ b/templates/adjutant-ports.conf.j2 @@ -0,0 +1,3 @@ +# {{ ansible_managed }} + +Listen {{ adjutant_service_port }} diff --git a/templates/adjutant-systemd-init.j2 b/templates/adjutant-systemd-init.j2 new file mode 100644 index 0000000..1f5caac --- /dev/null +++ b/templates/adjutant-systemd-init.j2 @@ -0,0 +1,34 @@ +# {{ ansible_managed }} + +[Unit] +Description=adjutant openstack service +After=syslog.target +After=network.target + +[Service] +Type=simple +User={{ adjutant_system_user_name }} +Group={{ adjutant_system_group_name }} + +{% if program_override is defined %} +ExecStart={{ program_override }} {{ program_config_options|default('') }} --log-file=/var/log/adjutant/{{ item.value.service_name }}.log +{% else %} +ExecStart={{ adjutant_bin }}/{{ item.value.service_name }} {{ program_config_options|default('') }} --log-file=/var/log/adjutant/{{ item.value.service_name }}.log +{% endif %} + +# Give a reasonable amount of time for the server to start up/shut down +TimeoutSec=120 +Restart=on-failure +RestartSec=2 + +# This creates a specific slice which all services will operate from +# The accounting options give us the ability to see resource usage through +# the `systemd-cgtop` command. +Slice=adjutant.slice +CPUAccounting=true +BlockIOAccounting=true +MemoryAccounting=false +TasksAccounting=true + +[Install] +WantedBy=multi-user.target diff --git a/templates/adjutant-systemd-tempfiles.j2 b/templates/adjutant-systemd-tempfiles.j2 new file mode 100644 index 0000000..921fdf4 --- /dev/null +++ b/templates/adjutant-systemd-tempfiles.j2 @@ -0,0 +1,4 @@ +# {{ ansible_managed }} + +D /var/lock/{{ item.value.service_name }} 2755 {{ adjutant_system_user_name }} {{ adjutant_system_group_name }} +D /var/run/{{ item.value.service_name }} 2755 {{ adjutant_system_user_name }} {{ adjutant_system_group_name }} diff --git a/templates/conf.yaml.j2 b/templates/conf.yaml.j2 new file mode 100644 index 0000000..d0825ea --- /dev/null +++ b/templates/conf.yaml.j2 @@ -0,0 +1,433 @@ +# General settings +SECRET_KEY: '{{ adjutant_secret_key }}' + +# SECURITY WARNING: don't run with debug turned on in production! +DEBUG: True +ALLOWED_HOSTS: + - "*" + +ADDITIONAL_APPS: + - adjutant.api.v1 + - adjutant.actions.v1 + +DATABASES: + default: + ENGINE: django.db.backends.mysql + NAME: {{ adjutant_galera_database }} + USER: {{ adjutant_galera_user }} + PASSWORD: {{ adjutant_container_mysql_password }} + HOST: {{ adjutant_galera_address }} + +LOGGING: + version: 1 + disable_existing_loggers: False + handlers: + file: + level: INFO + class: logging.FileHandler + filename: reg_log.log + loggers: + adjutant: + handlers: + - file + level: INFO + propagate: False + django: + handlers: + - file + level: INFO + propagate: False + keystonemiddleware: + handlers: + - file + level: INFO + propagate: False + +EMAIL_SETTINGS: + EMAIL_BACKEND: django.core.mail.backends.console.EmailBackend + +# setting to control if user name and email are allowed +# to have different values. +USERNAME_IS_EMAIL: True + +# Keystone config +KEYSTONE: + username: admin + password: openstack + project_name: admin + # MUST BE V3 API: + auth_url: http://localhost/identity/v3 + domain_id: default + can_edit_users: True + +HORIZON_URL: http://localhost:8080/ + +# time for the token to expire in hours +TOKEN_EXPIRE_TIME: 24 + +ACTIVE_TASKVIEWS: + - UserRoles + - UserDetail + - UserResetPassword + - UserSetPassword + - UserList + - RoleList + - SignUp + - UserUpdateEmail + - UpdateProjectQuotas + +DEFAULT_TASK_SETTINGS: + emails: + initial: + subject: Initial Confirmation + reply: no-reply@example.com + from: bounce+%(task_uuid)s@example.com + template: initial.txt + # html_template: initial.txt + # If the related actions 'can' send a token, + # this field should here. + token: + subject: Your Token + reply: no-reply@example.com + from: bounce+%(task_uuid)s@example.com + template: token.txt + # html_template: token.txt + completed: + subject: Task completed + reply: no-reply@example.com + from: bounce+%(task_uuid)s@example.com + template: completed.txt + # html_template: completed.txt + notifications: + EmailNotification: + standard: + emails: + - example@example.com + reply: no-reply@example.com + from: bounce+%(task_uuid)s@example.com + template: notification.txt + # html_template: completed.txt + error: + emails: + - example@example.com + reply: no-reply@example.com + from: bounce+%(task_uuid)s@example.com + template: notification.txt + # html_template: completed.txt + +# Default Action settings: +# These can be overridden at a per task level below in the +# task settings so that multiple tasks can use the same actions +# slightly differently. +# +# TASK_SETTINGS: +# : +# .... +# .... +# action_settings: +# : +# .... +DEFAULT_ACTION_SETTINGS: + NewProjectAction: + default_roles: + - project_admin + - project_mod + - heat_stack_owner + - _member_ + NewProjectWithUserAction: + default_roles: + - project_admin + - project_mod + - heat_stack_owner + - _member_ + NewUserAction: + allowed_roles: + - project_admin + - project_mod + - heat_stack_owner + - _member_ + ResetUserPasswordAction: + blacklisted_roles: + - admin + NewDefaultNetworkAction: + RegionOne: + network_name: default_network + subnet_name: default_subnet + router_name: default_router + public_network: 3cb50d61-5bce-4c03-96e6-8e262e12bb35 + DNS_NAMESERVERS: + - 193.168.1.2 + - 193.168.1.3 + SUBNET_CIDR: 192.168.1.0/24 + NewProjectDefaultNetworkAction: + RegionOne: + network_name: default_network + subnet_name: default_subnet + router_name: default_router + public_network: 3cb50d61-5bce-4c03-96e6-8e262e12bb35 + DNS_NAMESERVERS: + - 193.168.1.2 + - 193.168.1.3 + SUBNET_CIDR: 192.168.1.0/24 + AddDefaultUsersToProjectAction: + default_users: + - admin + default_roles: + - admin + SetProjectQuotaAction: + regions: + RegionOne: + quota_size: small + UpdateProjectQuotasAction: + days_between_autoapprove: 30 + SendAdditionalEmailAction: + initial: + email_current_user: False + reply: no-reply@example.com + from: bounce+%(task_uuid)s@example.com + subject: "Openstack Email Notification" + template: null + token: + email_current_user: False + reply: no-reply@example.com + from: bounce+%(task_uuid)s@example.com + subject: "Openstack Email Notification" + template: null + completed: + email_current_user: False + reply: no-reply@example.com + from: bounce+%(task_uuid)s@example.com + subject: "Openstack Email Notification" + template: null + # A null template will cause the email not to send + # Also emails to the given roles on the project + # email_roles: + # - project_admin + # Or sends to an email set in the task cache + # email_task_cache: True + # Or sends to an arbitrary admin email + # email_additional_addresses: + # - admin@example.org + +# These are cascading overrides for the default settings: +TASK_SETTINGS: + signup: + # You can override 'default_actions' if needed for given taskviews + # The order of the actions is order of execution. + # + # default_actions: + # - NewProjectAction + # + # Additional actions for views + # These will run after the default actions, in the given order. + additional_actions: + - NewProjectDefaultNetworkAction + - SetProjectQuotaAction + emails: + initial: + subject: Your OpenStack signup has been received + template: signup_initial.txt + token: + subject: Your OpenStack signup has been approved + template: signup_token.txt + completed: + subject: Your OpenStack signup has been completed + template: signup_completed.txt + notifications: + EmailNotification: + standard: + emails: + - signups@example.com + error: + emails: + - signups@example.com + default_region: RegionOne + # If 'None' (null in yaml) will default to domain as parent. + # If domain isn't set explicity will service user domain (see KEYSTONE). + default_parent_id: null + invite_user: + duplicate_policy: cancel + emails: + # To not send this email set the value to null + initial: null + token: + subject: Invitation to an OpenStack project + template: invite_user_token.txt + completed: + subject: Invitation Completed + template: invite_user_completed.txt + errors: + SMTPException: + notification: acknowledge + engines: False + reset_password: + duplicate_policy: cancel + emails: + initial: null + token: + subject: Password Reset for OpenStack + template: password_reset_token.txt + completed: + subject: Password Reset Completed + template: password_reset_completed.txt + force_password: + duplicate_policy: cancel + emails: + initial: null + token: + subject: Set your OpenStack password + template: initial_password_token.txt + completed: + subject: Welcome to OpenStack! + template: initial_password_completed.txt + edit_user: + duplicate_policy: cancel + emails: + initial: null + token: null + role_blacklist: + - admin + edit_roles: + duplicate_policy: cancel + emails: + initial: null + token: null + update_email: + duplicate_policy: cancel + additional_actions: + - SendAdditionalEmailAction + emails: + initial: null + token: + subject: Confirm OpenStack Email Update + template: email_update_token.txt + completed: + subject: OpenStack Email Updated + template: email_update_completed.txt + action_settings: + SendAdditionalEmailAction: + initial: + subject: OpenStack Email Update Requested + template: email_update_started.txt + email_current_user: True + update_quota: + duplicate_policy: cancel + size_difference_threshold: 0.1 + emails: + initial: null + token: null + completed: + subject: Openstack Quota updated + template: quota_completed.txt + +# mapping between roles and managable roles +ROLES_MAPPING: + admin: + - project_admin + - project_mod + - heat_stack_owner + - _member_ + project_admin: + - project_admin + - project_mod + - heat_stack_owner + - _member_ + project_mod: + - project_mod + - heat_stack_owner + - _member_ + +PROJECT_QUOTA_SIZES: + small: + nova: + instances: 10 + cores: 20 + ram: 65536 + floating_ips: 10 + fixed_ips: 0 + metadata_items: 128 + injected_files: 5 + injected_file_content_bytes: 10240 + key_pairs: 50 + security_groups: 20 + security_group_rules: 100 + cinder: + gigabytes: 5000 + snapshots: 50 + volumes: 20 + neutron: + floatingip: 10 + network: 3 + port: 50 + router: 3 + security_group: 20 + security_group_rule: 100 + subnet: 3 + medium: + cinder: + gigabytes: 10000 + volumes: 100 + snapshots: 300 + nova: + metadata_items: 128 + injected_file_content_bytes: 10240 + ram: 327680 + floating_ips: 25 + key_pairs: 50 + instances: 50 + security_group_rules: 400 + injected_files: 5 + cores: 100 + fixed_ips: 0 + security_groups: 50 + neutron: + security_group_rule: 400 + subnet: 5 + network: 5 + floatingip: 25 + security_group: 50 + router: 5 + port: 250 + large: + cinder: + gigabytes: 50000 + volumes: 200 + snapshots: 600 + nova: + metadata_items: 128 + injected_file_content_bytes: 10240 + ram: 655360 + floating_ips: 50 + key_pairs: 50 + instances: 100 + security_group_rules: 800 + injected_files: 5 + cores: 200 + fixed_ips: 0 + security_groups: 100 + neutron: + security_group_rule: 800 + subnet: 10 + network: 10 + floatingip: 50 + security_group: 100 + router: 10 + port: 500 + +# Time in seconds to cache token from Keystone +TOKEN_CACHE_TIME: 600 + +# Ordered list of quota sizes from smallest to biggest +QUOTA_SIZES_ASC: + - small + - medium + - large + +# Services to check through the quotas for +QUOTA_SERVICES: + "*": + - nova + - neutron + - cinder + # Additonal Quota Service + # - octavia diff --git a/templates/wsgi.py.j2 b/templates/wsgi.py.j2 new file mode 100644 index 0000000..1e37e98 --- /dev/null +++ b/templates/wsgi.py.j2 @@ -0,0 +1,49 @@ +# Copyright (C) 2015 Catalyst IT Ltd +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +""" +WSGI config for Adjutant. + +It exposes the WSGI callable as a module-level variable named ``application``. + +For more information on this file, see +https://docs.djangoproject.com/en/1.8/howto/deployment/wsgi/ +""" + +import os +from django.core.wsgi import get_wsgi_application +from django.conf import settings +from urlparse import urlparse +from keystonemiddleware.auth_token import AuthProtocol + +os.environ.setdefault("DJANGO_SETTINGS_MODULE", "adjutant.settings") + + +application = get_wsgi_application() + +# Here we replace the default application with one wrapped by +# the Keystone Auth Middleware. +identity_url = urlparse(settings.KEYSTONE['auth_url']) +conf = { + "auth_plugin": "password", + 'username': settings.KEYSTONE['username'], + 'password': settings.KEYSTONE['password'], + 'project_name': settings.KEYSTONE['project_name'], + "project_domain_id": settings.KEYSTONE.get('domain_id', "default"), + "user_domain_id": settings.KEYSTONE.get('domain_id', "default"), + "auth_url": settings.KEYSTONE['auth_url'], + 'delay_auth_decision': True, + 'include_service_catalog': False, +} +application = AuthProtocol(application, conf) diff --git a/test-requirements.txt b/test-requirements.txt new file mode 100644 index 0000000..e5f3efe --- /dev/null +++ b/test-requirements.txt @@ -0,0 +1,10 @@ +# The order of packages is significant, because pip processes them in the order +# of appearance. Changing the order has an impact on the overall integration +# process, which may cause wedges in the gate later. + +flake8>=3.7.7 # MIT + +coverage>=4.5.3 # Apache-2.0 +doc8>=0.8.0 # Apache-2.0 +mock>=3.0.0 # BSD +Pygments>=2.2.0 # BSD license diff --git a/tests/ansible-role-requirements.yml b/tests/ansible-role-requirements.yml new file mode 100644 index 0000000..eea4514 --- /dev/null +++ b/tests/ansible-role-requirements.yml @@ -0,0 +1,44 @@ +- name: apt_package_pinning + src: https://git.openstack.org/openstack/openstack-ansible-apt_package_pinning + scm: git + version: stable/queens +- name: pip_install + src: https://git.openstack.org/openstack/openstack-ansible-pip_install + scm: git + version: stable/queens +- name: memcached_server + src: https://git.openstack.org/openstack/openstack-ansible-memcached_server + scm: git + version: stable/queens +- name: openstack_hosts + src: https://git.openstack.org/openstack/openstack-ansible-openstack_hosts + scm: git + version: stable/queens +- name: lxc_hosts + src: https://git.openstack.org/openstack/openstack-ansible-lxc_hosts + scm: git + version: stable/queens +- name: lxc_container_create + src: https://git.openstack.org/openstack/openstack-ansible-lxc_container_create + scm: git + version: stable/queens +- name: galera_client + src: https://git.openstack.org/openstack/openstack-ansible-galera_client + scm: git + version: stable/queens +- name: galera_server + src: https://git.openstack.org/openstack/openstack-ansible-galera_server + scm: git + version: stable/queens +- name: rabbitmq_server + src: https://git.openstack.org/openstack/openstack-ansible-rabbitmq_server + scm: git + version: stable/queens +- name: os_keystone + src: https://git.openstack.org/openstack/openstack-ansible-os_keystone + scm: git + version: stable/queens +- name: openstack_openrc + src: https://git.openstack.org/openstack/openstack-ansible-openstack_openrc + scm: git + version: stable/queens diff --git a/tests/group_vars/all_containers.yml b/tests/group_vars/all_containers.yml new file mode 100644 index 0000000..f37df47 --- /dev/null +++ b/tests/group_vars/all_containers.yml @@ -0,0 +1,26 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +container_name: "{{ inventory_hostname }}" +container_networks: + management_address: + address: "{{ ansible_host }}" + bridge: "br-mgmt" + interface: "eth1" + netmask: "255.255.255.0" + type: "veth" +physical_host: localhost +properties: + service_name: "{{ inventory_hostname }}" diff --git a/tests/host_vars/localhost.yml b/tests/host_vars/localhost.yml new file mode 100644 index 0000000..65ddeaa --- /dev/null +++ b/tests/host_vars/localhost.yml @@ -0,0 +1,19 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +bridges: + - "br-mgmt" + +ansible_python_interpreter: "/usr/bin/python2" diff --git a/tests/inventory b/tests/inventory new file mode 100644 index 0000000..edb4965 --- /dev/null +++ b/tests/inventory @@ -0,0 +1,27 @@ +[all] +localhost +service1 ansible_host=10.100.100.2 ansible_become=True ansible_user=root +openstack1 ansible_host=10.100.100.3 ansible_become=True ansible_user=root + +[all_containers] +service1 +openstack1 + +[galera_all] +service1 + +[service_all:children] +galera_all + +[keystone_all] +openstack1 + +[adjutant_api] +openstack1 + +[adjutant_apis_container] +openstack1 + +[adjutant_all:children] +adjutant_api +adjutant_apis_container diff --git a/tests/os_adjutant-overrides.yml b/tests/os_adjutant-overrides.yml new file mode 100644 index 0000000..739aaa1 --- /dev/null +++ b/tests/os_adjutant-overrides.yml @@ -0,0 +1,21 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +adjutant_venv_tag: "testing" +adjutant_developer_mode: true +adjutant_galera_address: "{{ hostvars[groups['galera_all'][0]]['ansible_host'] }}" +adjutant_container_mysql_password: "SuperSecrete" +adjutant_service_password: "secrete" +adjutant_secret_key: "secretkey" diff --git a/tests/test-install-adjutant.yml b/tests/test-install-adjutant.yml new file mode 100644 index 0000000..b75b83b --- /dev/null +++ b/tests/test-install-adjutant.yml @@ -0,0 +1,24 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Playbook for role testing + hosts: adjutant_all + user: root + become: true + gather_facts: true + roles: + - role: "os_adjutant" + vars_files: + - common/test-vars.yml diff --git a/tests/test.yml b/tests/test.yml new file mode 100644 index 0000000..550a773 --- /dev/null +++ b/tests/test.yml @@ -0,0 +1,25 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Setup the host +- include: common/test-setup-host.yml + +# Install RabbitMQ/MariaDB +- include: common/test-install-infra.yml + +# Install Keystone +- include: common/test-install-keystone.yml + +- include: test-install-adjutant.yml diff --git a/tests/tests-repo-clone.sh b/tests/tests-repo-clone.sh new file mode 100755 index 0000000..95bff45 --- /dev/null +++ b/tests/tests-repo-clone.sh @@ -0,0 +1,117 @@ +#!/bin/bash +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# PURPOSE: +# This script clones the openstack-ansible-tests repository to the +# tests/common folder in order to be able to re-use test components +# for role testing. + +# WARNING: +# This file is maintained in the openstack-ansible-tests repository: +# https://git.openstack.org/cgit/openstack/openstack-ansible-tests +# If you need to change this script, then propose the change there. +# Once it merges, the change will be replicated to the other repositories. + +## Shell Opts ---------------------------------------------------------------- + +set -e + +## Vars ---------------------------------------------------------------------- + +export TESTING_HOME=${TESTING_HOME:-$HOME} +export WORKING_DIR=${WORKING_DIR:-$(pwd)} +export CLONE_UPGRADE_TESTS=${CLONE_UPGRADE_TESTS:-no} +export ZUUL_TESTS_CLONE_LOCATION="/home/zuul/src/opendev.org/openstack/openstack-ansible-tests" + +## Functions ----------------------------------------------------------------- + +function create_tests_clonemap { + +# Prepare the clonemap for zuul-cloner to use +cat > ${TESTING_HOME}/tests-clonemap.yaml << EOF +clonemap: + - name: openstack/openstack-ansible-tests + dest: ${WORKING_DIR}/tests/common +EOF + +} + +## Main ---------------------------------------------------------------------- + +# If zuul-cloner is present, use it so that we +# also include any dependent patches from the +# tests repo noted in the commit message. +# We only want to use zuul-cloner if we detect +# zuul v2 running, so we check for the presence +# of the ZUUL_REF environment variable. +# ref: http://git.openstack.org/cgit/openstack-infra/zuul/tree/zuul/ansible/filter/zuul_filters.py?h=feature/zuulv3#n17 +if [[ -x /usr/zuul-env/bin/zuul-cloner ]] && [[ "${ZUUL_REF:-none}" != "none" ]]; then + + # Prepare the clonemap for zuul-cloner to use + create_tests_clonemap + + # Execute the clone + /usr/zuul-env/bin/zuul-cloner \ + --cache-dir /opt/git \ + --map ${TESTING_HOME}/tests-clonemap.yaml \ + https://opendev.org \ + openstack/openstack-ansible-tests + + # Clean up the clonemap. + rm -f ${TESTING_HOME}/tests-clonemap.yaml + +# Alternatively, use a simple git-clone. We do +# not re-clone if the directory exists already +# to prevent overwriting any local changes which +# may have been made. +elif [[ ! -d tests/common ]]; then + + # The tests repo doesn't need a clone, we can just + # symlink it. As zuul v3 clones into a folder called + # 'workspace' we have to use one of its environment + # variables to determine the project name. + if [[ "${ZUUL_SHORT_PROJECT_NAME:-none}" == "openstack-ansible-tests" ]] ||\ + [[ "$(basename ${WORKING_DIR})" == "openstack-ansible-tests" ]]; then + ln -s ${WORKING_DIR} ${WORKING_DIR}/tests/common + + # In zuul v3 any dependent repository is placed into + # /home/zuul/src/git.openstack.org, so we check to see + # if there is a tests checkout there already. If so, we + # symlink that and use it. + elif [[ -d "${ZUUL_TESTS_CLONE_LOCATION}" ]]; then + ln -s "${ZUUL_TESTS_CLONE_LOCATION}" ${WORKING_DIR}/tests/common + + # Otherwise we're clearly not in zuul or using a previously setup + # repo in some way, so just clone it from upstream. + else + git clone -b stable/queens \ + https://opendev.org/openstack/openstack-ansible-tests \ + ${WORKING_DIR}/tests/common + fi +fi + +# If this test set includes an upgrade test, the +# previous stable release tests repo must also be +# cloned. +# Note: +# Dependent patches to the previous stable release +# tests repo are not supported. +if [[ "${CLONE_UPGRADE_TESTS}" == "yes" ]]; then + if [[ ! -d "${WORKING_DIR}/tests/common/previous" ]]; then + git clone -b stable/pike \ + https://opendev.org/openstack/openstack-ansible-tests \ + ${WORKING_DIR}/tests/common/previous + fi +fi diff --git a/tox.ini b/tox.ini new file mode 100644 index 0000000..64ff39f --- /dev/null +++ b/tox.ini @@ -0,0 +1,114 @@ +[tox] +minversion = 2.0 +skipsdist = True +envlist = docs,linters,functional + + +[testenv] +usedevelop = True +install_command = + pip install -c{env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt?h=stable/queens} {opts} {packages} +deps = + -r{toxinidir}/test-requirements.txt +commands = + /usr/bin/find . -type f -name "*.pyc" -delete +passenv = + HOME + http_proxy + HTTP_PROXY + https_proxy + HTTPS_PROXY + no_proxy + NO_PROXY +whitelist_externals = + bash +setenv = + PYTHONUNBUFFERED=1 + ROLE_NAME=os_adjutant + TEST_IDEMPOTENCE=false + VIRTUAL_ENV={envdir} + WORKING_DIR={toxinidir} + + +[testenv:docs] +commands= + bash -c "rm -rf doc/build" + doc8 doc + python setup.py build_sphinx + + +[doc8] +# Settings for doc8: +extensions = .rst + + +[testenv:releasenotes] +commands = + sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html + + +# environment used by the -infra templated docs job +[testenv:venv] +commands = + {posargs} + + +[testenv:pep8] +commands = + bash -c "{toxinidir}/tests/tests-repo-clone.sh" + bash -c "{toxinidir}/tests/common/test-pep8.sh" + + +[flake8] +# Ignores the following rules due to how ansible modules work in general +# F403 'from ansible.module_utils.basic import *' used; +# unable to detect undefined names +ignore=F403 + + +[testenv:bashate] +commands = + bash -c "{toxinidir}/tests/tests-repo-clone.sh" + bash -c "{toxinidir}/tests/common/test-bashate.sh" + + +[testenv:ansible] +deps = + {[testenv]deps} + -rhttps://git.openstack.org/cgit/openstack/openstack-ansible/plain/global-requirement-pins.txt?h=stable/queens + -rhttps://git.openstack.org/cgit/openstack/openstack-ansible-tests/plain/test-ansible-deps.txt?h=stable/queens + + +[testenv:ansible-syntax] +deps = + {[testenv:ansible]deps} +commands = + bash -c "{toxinidir}/tests/tests-repo-clone.sh" + bash -c "{toxinidir}/tests/common/test-ansible-syntax.sh" + + +[testenv:ansible-lint] +deps = + {[testenv:ansible]deps} +commands = + bash -c "{toxinidir}/tests/tests-repo-clone.sh" + bash -c "{toxinidir}/tests/common/test-ansible-lint.sh" + + +[testenv:functional] +deps = + {[testenv:ansible]deps} +commands = + bash -c "{toxinidir}/tests/tests-repo-clone.sh" + bash -c "{toxinidir}/tests/common/test-ansible-functional.sh" + + +[testenv:linters] +deps = + {[testenv:ansible]deps} +commands = + {[testenv:pep8]commands} + {[testenv:bashate]commands} + {[testenv:ansible-lint]commands} + {[testenv:ansible-syntax]commands} + {[testenv:docs]commands} diff --git a/vars/redhat-7.yml b/vars/redhat-7.yml new file mode 100644 index 0000000..3b76cc4 --- /dev/null +++ b/vars/redhat-7.yml @@ -0,0 +1,33 @@ +--- +# Copyright 2016, Walmart Stores, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +adjutant_distro_packages: + - git + - httpd + - httpd-tools + - mod_wsig + - libmysqlclient-dev + - openssl-devel + +adjutant_system_service_name: httpd +adjutant_apache_config: + - { src: "adjutant-ports.conf.j2", dest: "/etc/httpd/conf.d/ports.conf" } + - { src: "adjutant-httpd.conf.j2", dest: "/etc/httpd/conf.d/adjutant-httpd.conf" } +adjutant_apache_default_sites: + - "/etc/httpd/conf.d/userdir.conf" + - "/etc/httpd/conf.d/welcome.conf" + - "/etc/httpd/conf.d/ssl.conf" +adjutant_apache_conf: "/etc/httpd/conf/httpd.conf" +adjutant_apache_security_conf: "{{ adjutant_apache_conf }}" diff --git a/vars/ubuntu.yml b/vars/ubuntu.yml new file mode 100644 index 0000000..41bee42 --- /dev/null +++ b/vars/ubuntu.yml @@ -0,0 +1,40 @@ +--- +# Copyright 2016, Walmart Stores, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +## APT Cache options +cache_timeout: 600 + +adjutant_devel_distro_packages: + - cmake + - gcc + - python3-dev + - libmysqlclient-dev + - libssl-dev + +adjutant_distro_packages: + - apache2 + - apache2-utils + - git + +adjutant_system_service_name: apache2 +adjutant_apache_config: + - { src: "adjutant-ports.conf.j2", dest: "/etc/apache2/ports.conf" } + - { src: "adjutant-httpd.conf.j2", dest: "/etc/apache2/sites-available/adjutant-httpd.conf" } +adjutant_apache_default_sites: + - "/etc/apache2/sites-enabled/000-default.conf" +adjutant_apache_site_available: "/etc/apache2/sites-available/adjutant-httpd.conf" +adjutant_apache_site_enabled: "/etc/apache2/sites-enabled/adjutant-httpd.conf" +adjutant_apache_conf: "/etc/apache2/apache2.conf" +adjutant_apache_security_conf: "/etc/apache2/conf-available/security.conf" diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml new file mode 100644 index 0000000..01c1667 --- /dev/null +++ b/zuul.d/project.yaml @@ -0,0 +1,30 @@ +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- project: + templates: + - check-requirements + - publish-openstack-sphinx-docs + - release-notes-jobs + check: + jobs: + - openstack-ansible-linters + - openstack-ansible-functional-ubuntu-xenial + experimental: + jobs: + - openstack-ansible-integrated-deploy-aio + gate: + jobs: + - openstack-ansible-linters + - openstack-ansible-functional-ubuntu-xenial