diff --git a/README.rst b/README.rst index 2879441..ee1e765 100644 --- a/README.rst +++ b/README.rst @@ -25,7 +25,7 @@ Required Variables adjutant_service_password adjutant_rabbitmq_password - adjutant_container_mysql_password + adjutant_galera_password adjutant_galera_address Example Playbook @@ -42,6 +42,6 @@ Example Playbook external_lb_vip_address: 172.16.24.1 internal_lb_vip_address: 192.168.0.1 adjutant_galera_address: "{{ internal_lb_vip_address }}" - adjutant_container_mysql_password: "SuperSecretePassword1" + adjutant_galera_password: "SuperSecretePassword1" adjutant_service_password: "SuperSecretePassword2" adjutant_rabbitmq_password: "SuperSecretePassword3" diff --git a/defaults/main.yml b/defaults/main.yml index 42e774d..35eebd5 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -32,16 +32,12 @@ adjutant_system_home_folder: "/var/lib/{{ adjutant_system_user_name }}" adjutant_venv_tag: untagged adjutant_bin: "/openstack/venvs/adjutant-{{ adjutant_venv_tag }}/bin" -# venv_download, even when true, will use the fallback method of building the -# venv from scratch if the venv download fails. -adjutant_venv_download: "{{ not adjutant_developer_mode | bool }}" -adjutant_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/adjutant.tgz - adjutant_git_repo: https://opendev.org/openstack/adjutant -adjutant_git_install_branch: stable/queens - -adjutant_developer_constraints: +adjutant_git_install_branch: master +adjutant_upper_constraints_url: "{{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }}" +adjutant_git_constraints: - "git+{{ adjutant_git_repo }}@{{ adjutant_git_install_branch }}#egg=adjutant" + - "--constraint {{ adjutant_upper_constraints_url }}" adjutant_user_domain_name: Default adjutant_user_domain_id: default @@ -50,12 +46,24 @@ adjutant_keystone_auth_plugin: password adjutant_galera_address: "{{ galera_address | default('127.0.0.1') }}" adjutant_galera_database: adjutant adjutant_galera_user: adjutant +adjutant_galera_use_ssl: "{{ galera_use_ssl | default(False) }}" +adjutant_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}" +adjutant_galera_port: 3306 +adjutant_galera_setup_host: "{{ openstack_db_setup_host | default('localhost') }}" +adjutant_galera_setup_python_interpreter: "{{ openstack_db_setup_python_interpreter | default((adjutant_galera_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable'])) }}" ## Service Type and Data +adjutant_role_name: admin adjutant_service_region: RegionOne adjutant_service_name: adjutant adjutant_service_type: registration +adjutant_service_description: "Adjutant Registration Service" adjutant_service_port: 5050 +adjutant_service_project_name: service +adjutant_service_in_ldap: false +adjutant_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}" +adjutant_service_setup_host_python_interpreter: "{{ openstack_service_setup_host_python_interpreter | default((adjutant_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable'])) }}" +adjutant_bind_address: "{{ openstack_service_bind_address | default('0.0.0.0') }}" adjutant_service_proto: http adjutant_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(adjutant_service_proto) }}" adjutant_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(adjutant_service_proto) }}" @@ -68,33 +76,11 @@ adjutant_service_internaluri: "{{ adjutant_service_internaluri_proto }}://{{ int adjutant_service_internalurl: "{{ adjutant_service_internaluri }}/v1/" adjutant_horizon_publicurl: "{{ openstack_service_publicuri_proto | default(adjutant_service_proto) }}://{{ external_lb_vip_address }}/" -#: Set this to false to disable API service through Apache + mod_wsgi -adjutant_use_mod_wsgi: true - -# Apache setup -adjutant_apache_log_level: info -adjutant_apache_servertokens: "Prod" -adjutant_apache_serversignature: "Off" +# uWSGI settings adjutant_wsgi_threads: 1 adjutant_wsgi_processes_max: 16 adjutant_wsgi_processes: "{{ [[ansible_processor_vcpus|default(1), 1] | max * 2, adjutant_wsgi_processes_max] | min }}" - -# set adjutant_ssl to true to enable SSL configuration on the adjutant containers -adjutant_ssl: false -adjutant_ssl_cert: /etc/ssl/certs/adjutant.pem -adjutant_ssl_key: /etc/ssl/private/adjutant.key -adjutant_ssl_ca_cert: /etc/ssl/certs/adjutant-ca.pem -adjutant_ssl_protocol: "{{ ssl_protocol | default('ALL -SSLv2 -SSLv3') }}" -adjutant_ssl_cipher_suite: "{{ ssl_cipher_suite | default('ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS') }}" - -# if using a self-signed certificate, set this to true to regenerate it -adjutant_ssl_self_signed_regen: false -adjutant_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ internal_lb_vip_address }}/subjectAltName=IP.1={{ external_lb_vip_address }}" - -# Set these in user_variables to deploy custom certificates -#adjutant_user_ssl_cert: -#adjutant_user_ssl_key: -#adjutant_user_ssl_ca_cert: +adjutant_use_uwsgi: True adjutant_email_backend: django.core.mail.backends.smtp.EmailBackend adjutant_email_host: localhost @@ -239,6 +225,7 @@ adjutant_quota_sizes_asc: - small - medium - large + adjutant_quota_services: "*": - cinder @@ -248,6 +235,7 @@ adjutant_quota_services: # - octavia adjutant_adjutant_conf_overrides: {} +adjutant_api_uwsgi_ini_overrides: {} adjutant_api_init_overrides: {} ## Service Name-Group Mapping @@ -255,20 +243,19 @@ adjutant_services: adjutant-api: group: adjutant_api service_name: adjutant-api - service_enabled: "{{ adjutant_use_mod_wsgi | ternary(false, true) }}" + service_enabled: true init_config_overrides: "{{ adjutant_api_init_overrides }}" + execstarts: "{{ adjutant_bin }}/adjutant-api" + wsgi_app: "{{ adjutant_use_uwsgi }}" + wsgi_name: adjutant-api-wsgi + uwsgi_overrides: "{{ adjutant_api_uwsgi_ini_overrides }}" + uwsgi_bind_address: "{{ adjutant_bind_address }}" + uwsgi_port: "{{ adjutant_service_port }}" -adjutant_pip3_install_args: "{{ pip_install_options | default('') }}" -adjutant_venv_python_executable: python3 -adjutant_venv_rebuild: no +adjutant_pip_install_args: "{{ pip_install_options | default('') }}" +adjutant_venv_python_executable: "{{ openstack_venv_python_executable | default('python3') }}" -adjutant_pip3_packages: - - python-adjutant==0.5.0 +adjutant_pip_packages: + - python-adjutant - cryptography - - mod_wsgi - -# This variable is used by the repo_build process to determine -# which host group to check for members of before building the -# pip packages required by this role. The value is picked up -# by the py_pkgs lookup. -adjutant_role_project_group: adjutant_all + - systemd-python diff --git a/doc/requirements.txt b/doc/requirements.txt new file mode 100644 index 0000000..07801f8 --- /dev/null +++ b/doc/requirements.txt @@ -0,0 +1,16 @@ +# The order of packages is significant, because pip processes them in the order +# of appearance. Changing the order has an impact on the overall integration +# process, which may cause wedges in the gate later. + +# WARNING: +# This file is maintained in the openstack-ansible-tests repository. +# https://opendev.org/openstack/openstack-ansible-tests/src/branch/master/sync/doc/requirements.txt +# If you need to modify this file, update the one in the +# openstack-ansible-tests repository. Once it merges there, the changes will +# automatically be proposed to all the repositories which use it. + +sphinx>=2.0.0,!=2.1.0 # BSD +sphinxcontrib-svg2pdfconverter>=0.1.0 # BSD +openstackdocstheme>=2.2.1 # Apache-2.0 +reno>=3.1.0 # Apache-2.0 +doc8>=0.6.0 # Apache-2.0 diff --git a/doc/source/_static/ .placeholder b/doc/source/_static/ .placeholder new file mode 100644 index 0000000..e69de29 diff --git a/doc/source/conf.py b/doc/source/conf.py index 530dcd8..cecf1e9 100644 --- a/doc/source/conf.py +++ b/doc/source/conf.py @@ -22,9 +22,6 @@ # All configuration values have a default; values that are commented out # serve to show the default. -import pbr.version -import os - # If extensions (or modules to document with autodoc) are in another directory, # add these directories to sys.path here. If the directory is relative to the # documentation root, use os.path.abspath to make it absolute, like shown here. @@ -41,7 +38,7 @@ import os extensions = [ 'openstackdocstheme', 'sphinx.ext.autodoc', - 'sphinxmark' + 'sphinxcontrib.rsvgconverter', ] # Add any paths that contain templates here, relative to this directory. @@ -66,28 +63,13 @@ description = 'OpenStack-Ansible deploys OpenStack environments using Ansible.' project = 'OpenStack-Ansible' role_name = 'os_adjutant' target_name = 'openstack-ansible-' + role_name -title = 'OpenStack-Ansible Documentation: ' + role_name + 'role' - -# The link to the browsable source code (for the left hand menu) -oslosphinx_cgit_link = ( - "https://git.openstack.org/cgit/openstack/{}".format(target_name) -) - -# The version info for the project you're documenting, acts as replacement for -# |version| and |release|, also used in various other places throughout the -# built documents. -# -# The short X.Y version. -version_info = pbr.version.VersionInfo(target_name) -# The full version, including alpha/beta/rc tags. -release = version_info.version_string_with_vcs() -# The short X.Y version. -version = version_info.canonical_version_string() +title = 'OpenStack-Ansible Documentation: ' + role_name + ' role' # openstackdocstheme options -repository_name = 'openstack/' + target_name -bug_project = project.lower() -bug_tag = '' +openstackdocs_repo_name = 'openstack/' + target_name +openstackdocs_pdf_link = True +openstackdocs_bug_project = project.lower() +openstackdocs_bug_tag = '' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. @@ -122,7 +104,7 @@ exclude_patterns = [] # show_authors = False # The name of the Pygments (syntax highlighting) style to use. -pygments_style = 'sphinx' +pygments_style = 'native' # A list of ignored prefixes for module index sorting. # modindex_common_prefix = [] @@ -174,10 +156,6 @@ html_static_path = ['_static'] # directly to the root of the documentation. # html_extra_path = [] -# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, -# using the given strftime format. -html_last_updated_fmt = '%Y-%m-%d %H:%M' - # If true, SmartyPants will be used to convert quotes and dashes to # typographically correct entities. # html_use_smartypants = True @@ -252,10 +230,12 @@ latex_elements = { # (source start file, target name, title, # author, documentclass [howto, manual, or own class]). latex_documents = [ - (master_doc, target_name + '.tex', - title, author, 'manual'), + (master_doc, 'doc-' + target_name + '.tex', + title.replace("_", r"\_"), author, 'manual'), ] +latex_use_xindy = False + # The name of an image file (relative to this directory) to place at the top of # the title page. # latex_logo = None @@ -312,17 +292,11 @@ texinfo_documents = [ # If true, do not generate a @detailmenu in the "Top" node's menu. # texinfo_no_detailmenu = False +# -- Options for PDF output -------------------------------------------------- +pdf_documents = [ + (master_doc, target_name, + title, author) +] -watermark = os.popen("git branch --contains $(git rev-parse HEAD)\ -| awk -F/ '/stable/ {print $2}'").read().strip(' \n\t').capitalize() -if watermark == "": - watermark = "Pre-release" - -# -- Options for sphinxmark ----------------------------------------------- -sphinxmark_enable = True -sphinxmark_div = 'docs-body' -sphinxmark_image = 'text' -sphinxmark_text = watermark -sphinxmark_text_color = (128, 128, 128) -sphinxmark_text_size = 70 +locale_dirs = ['locale/'] diff --git a/examples/playbook.yml b/examples/playbook.yml new file mode 100644 index 0000000..2b1ea22 --- /dev/null +++ b/examples/playbook.yml @@ -0,0 +1,6 @@ +--- +- name: Install os_adjutant service + hosts: localhost + user: root + roles: + - role: "os_adjutant" diff --git a/extras/user_secrets_adjutant.yml b/extras/user_secrets_adjutant.yml index f1338d5..9279fe0 100644 --- a/extras/user_secrets_adjutant.yml +++ b/extras/user_secrets_adjutant.yml @@ -1,4 +1,4 @@ ## Adjutant passwords adjutant_service_password: -adjutant_container_mysql_password: +adjutant_galera_password: adjutant_secret_key: diff --git a/handlers/main.yml b/handlers/main.yml index d8c390a..09dedab 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -22,13 +22,13 @@ - name: Stop services service: name: "{{ item.value.service_name }}" - enabled: "{{ (item.value.service_enabled | bool) | ternary('yes', 'no') }}" + enabled: yes state: "stopped" daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}" with_dict: "{{ adjutant_services }}" when: inventory_hostname in groups[item.value.group] register: _stop - until: _stop | success + until: _stop is success retries: 5 delay: 2 @@ -43,18 +43,6 @@ - inventory_hostname in groups[item.value.group] - item.value.service_enabled | bool register: _start - until: _start | success - retries: 5 - delay: 2 - -- name: Restart Apache - service: - name: "{{ adjutant_system_service_name }}" - enabled: yes - state: "restarted" - daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}" - when: adjutant_use_mod_wsgi | bool - register: _restart - until: _restart | success + until: _start is success retries: 5 delay: 2 diff --git a/releasenotes/notes/.placeholder b/releasenotes/notes/.placeholder new file mode 100644 index 0000000..e69de29 diff --git a/releasenotes/source/_static/ .placeholder b/releasenotes/source/_static/ .placeholder new file mode 100644 index 0000000..e69de29 diff --git a/releasenotes/source/conf.py b/releasenotes/source/conf.py new file mode 100644 index 0000000..a5363a5 --- /dev/null +++ b/releasenotes/source/conf.py @@ -0,0 +1,276 @@ +#!/usr/bin/env python3 + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This file is execfile()d with the current directory set to its +# containing dir. +# +# Note that not all possible configuration values are present in this +# autogenerated file. +# +# All configuration values have a default; values that are commented out +# serve to show the default. + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +# sys.path.insert(0, os.path.abspath('.')) + +# -- General configuration ------------------------------------------------ + +# If your documentation needs a minimal Sphinx version, state it here. +# needs_sphinx = '1.0' + +# Add any Sphinx extension module names here, as strings. They can be +# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom +# ones. +extensions = [ + 'openstackdocstheme', + 'reno.sphinxext', +] + +# Add any paths that contain templates here, relative to this directory. +templates_path = ['_templates'] + +# The suffix of source filenames. +source_suffix = '.rst' + +# The encoding of source files. +# source_encoding = 'utf-8-sig' + +# The master toctree document. +master_doc = 'index' + +# General information about the project. +author = 'OpenStack-Ansible Contributors' +category = 'Miscellaneous' +copyright = '2014-2016, OpenStack-Ansible Contributors' +description = 'OpenStack-Ansible deploys OpenStack environments using Ansible.' +project = 'OpenStack-Ansible' +role_name = 'os_adjutant' +target_name = 'openstack-ansible-' + role_name +title = 'OpenStack-Ansible Release Notes: ' + role_name + 'role' + +# Release notes do not need a version number in the title, they +# cover multiple releases. +# The full version, including alpha/beta/rc tags. +release = '' +# The short X.Y version. +version = '' + +# openstackdocstheme options +openstackdocs_repo_name = 'openstack/' + target_name +openstackdocs_bug_project = project.lower() +openstackdocs_bug_tag = '' + +# The language for content autogenerated by Sphinx. Refer to documentation +# for a list of supported languages. +# language = None + +# There are two options for replacing |today|: either, you set today to some +# non-false value, then it is used: +# today = '' +# Else, today_fmt is used as the format for a strftime call. +# today_fmt = '%B %d, %Y' + +# List of patterns, relative to source directory, that match files and +# directories to ignore when looking for source files. +exclude_patterns = [] + +# The reST default role (used for this markup: `text`) to use for all +# documents. +# default_role = None + +# If true, '()' will be appended to :func: etc. cross-reference text. +# add_function_parentheses = True + +# If true, the current module name will be prepended to all description +# unit titles (such as .. function::). +# add_module_names = True + +# If true, sectionauthor and moduleauthor directives will be shown in the +# output. They are ignored by default. +# show_authors = False + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = 'native' + +# A list of ignored prefixes for module index sorting. +# modindex_common_prefix = [] + +# If true, keep warnings as "system message" paragraphs in the built documents. +# keep_warnings = False + + +# -- Options for HTML output ---------------------------------------------- + +# The theme to use for HTML and HTML Help pages. See the documentation for +# a list of builtin themes. +html_theme = 'openstackdocs' + +# Theme options are theme-specific and customize the look and feel of a theme +# further. For a list of options available for each theme, see the +# documentation. +# html_theme_options = {} + +# Add any paths that contain custom themes here, relative to this directory. +# html_theme_path = [] + +# The name for this set of Sphinx documents. If None, it defaults to +# " v documentation". +# html_title = None + +# A shorter title for the navigation bar. Default is the same as html_title. +# html_short_title = None + +# The name of an image file (relative to this directory) to place at the top +# of the sidebar. +# html_logo = None + +# The name of an image file (within the static path) to use as favicon of the +# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 +# pixels large. +# html_favicon = None + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +html_static_path = ['_static'] + +# Add any extra paths that contain custom files (such as robots.txt or +# .htaccess) here, relative to this directory. These files are copied +# directly to the root of the documentation. +# html_extra_path = [] + +# If true, SmartyPants will be used to convert quotes and dashes to +# typographically correct entities. +# html_use_smartypants = True + +# Custom sidebar templates, maps document names to template names. +# html_sidebars = {} + +# Additional templates that should be rendered to pages, maps page names to +# template names. +# html_additional_pages = {} + +# If false, no module index is generated. +# html_domain_indices = True + +# If false, no index is generated. +# html_use_index = True + +# If true, the index is split into individual pages for each letter. +# html_split_index = False + +# If true, links to the reST sources are added to the pages. +# html_show_sourcelink = True + +# If true, "Created using Sphinx" is shown in the HTML footer. Default is True. +# html_show_sphinx = True + +# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. +# html_show_copyright = True + +# If true, an OpenSearch description file will be output, and all pages will +# contain a tag referring to it. The value of this option must be the +# base URL from which the finished HTML is served. +# html_use_opensearch = '' + +# This is the file name suffix for HTML files (e.g. ".xhtml"). +# html_file_suffix = None + +# Output file base name for HTML help builder. +htmlhelp_basename = target_name + '-docs' + + +# -- Options for LaTeX output --------------------------------------------- + +latex_elements = { + # The paper size ('letterpaper' or 'a4paper'). + # 'papersize': 'letterpaper', + + # The font size ('10pt', '11pt' or '12pt'). + # 'pointsize': '10pt', + + # Additional stuff for the LaTeX preamble. + # 'preamble': '', +} + +# Grouping the document tree into LaTeX files. List of tuples +# (source start file, target name, title, +# author, documentclass [howto, manual, or own class]). +latex_documents = [ + (master_doc, target_name + '.tex', + title, author, 'manual'), +] + +# The name of an image file (relative to this directory) to place at the top of +# the title page. +# latex_logo = None + +# For "manual" documents, if this is true, then toplevel headings are parts, +# not chapters. +# latex_use_parts = False + +# If true, show page references after internal links. +# latex_show_pagerefs = False + +# If true, show URL addresses after external links. +# latex_show_urls = False + +# Documents to append as an appendix to all manuals. +# latex_appendices = [] + +# If false, no module index is generated. +# latex_domain_indices = True + + +# -- Options for manual page output --------------------------------------- + +# One entry per manual page. List of tuples +# (source start file, name, description, authors, manual section). +man_pages = [ + (master_doc, target_name, + title, [author], 1) +] + +# If true, show URL addresses after external links. +# man_show_urls = False + + +# -- Options for Texinfo output ------------------------------------------- + +# Grouping the document tree into Texinfo files. List of tuples +# (source start file, target name, title, author, +# dir menu entry, description, category) +texinfo_documents = [ + (master_doc, target_name, + title, author, project, + description, category), +] + +# Documents to append as an appendix to all manuals. +# texinfo_appendices = [] + +# If false, no module index is generated. +# texinfo_domain_indices = True + +# How to display URL addresses: 'footnote', 'no', or 'inline'. +# texinfo_show_urls = 'footnote' + +# If true, do not generate a @detailmenu in the "Top" node's menu. +# texinfo_no_detailmenu = False + +# -- Options for Internationalization output ------------------------------ +locale_dirs = ['locale/'] \ No newline at end of file diff --git a/releasenotes/source/index.rst b/releasenotes/source/index.rst new file mode 100644 index 0000000..71f7357 --- /dev/null +++ b/releasenotes/source/index.rst @@ -0,0 +1,8 @@ +================================ + OpenStack-Ansible Release Notes +================================ + +.. toctree:: + :maxdepth: 1 + + unreleased diff --git a/releasenotes/source/unreleased.rst b/releasenotes/source/unreleased.rst new file mode 100644 index 0000000..cd22aab --- /dev/null +++ b/releasenotes/source/unreleased.rst @@ -0,0 +1,5 @@ +============================== + Current Series Release Notes +============================== + +.. release-notes:: diff --git a/tasks/adjutant_apache.yml b/tasks/adjutant_apache.yml deleted file mode 100644 index 0317db4..0000000 --- a/tasks/adjutant_apache.yml +++ /dev/null @@ -1,90 +0,0 @@ ---- -# Copyright 2018, Elastx AB. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Drop apache2 virtual host and ports file - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: "root" - group: "root" - with_items: "{{ adjutant_apache_config }}" - notify: - - Restart Apache - -- name: Disable default apache site - file: - path: "{{ item }}" - state: "absent" - with_items: "{{ adjutant_apache_default_sites }}" - notify: - - Restart Apache - -- name: Enabled adjutant vhost - file: - src: "{{ adjutant_apache_site_available }}" - dest: "{{ adjutant_apache_site_enabled }}" - state: "link" - when: - - adjutant_apache_site_available is defined - - adjutant_apache_site_enabled is defined - notify: - - Restart Apache - -- name: Ensure Apache ServerName - lineinfile: - dest: "{{ adjutant_apache_conf }}" - line: "ServerName {{ inventory_hostname }}" - notify: - - Restart Apache - -- name: Ensure Apache ServerTokens - lineinfile: - dest: "{{ adjutant_apache_security_conf }}" - regexp: '^ServerTokens' - line: "ServerTokens {{ adjutant_apache_servertokens }}" - notify: - - Restart Apache - -- name: Ensure Apache ServerSignature - lineinfile: - dest: "{{ adjutant_apache_security_conf }}" - regexp: '^ServerSignature' - line: "ServerSignature {{ adjutant_apache_serversignature }}" - notify: - - Restart Apache - -- name: Remove Listen from Apache config - lineinfile: - dest: "{{ adjutant_apache_security_conf }}" - regexp: '^(Listen.*)' - backrefs: yes - line: '#\1' - notify: - - Restart Apache - -- name: Enable/disable mods for apache2 - apache2_module: - name: "{{ item.name }}" - state: "{{ item.state }}" - when: - - ansible_pkg_mgr == 'apt' - with_items: - - name: ssl - state: "{{ adjutant_ssl | bool | ternary('present', 'absent') }}" - - name: rewrite - state: present - notify: - - Restart Apache diff --git a/tasks/adjutant_db_setup.yml b/tasks/adjutant_db_sync.yml similarity index 50% rename from tasks/adjutant_db_setup.yml rename to tasks/adjutant_db_sync.yml index 3a660cd..662a21e 100644 --- a/tasks/adjutant_db_setup.yml +++ b/tasks/adjutant_db_sync.yml @@ -15,32 +15,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Create DB for service - mysql_db: - login_user: "{{ galera_root_user }}" - login_password: "{{ galera_root_password }}" - login_host: "{{ adjutant_galera_address }}" - name: "{{ adjutant_galera_database }}" - state: "present" - delegate_to: "{{ groups['galera_all'][0] }}" - no_log: true - -- name: Grant access to the DB for the service - mysql_user: - login_user: "{{ galera_root_user }}" - login_password: "{{ galera_root_password }}" - login_host: "{{ adjutant_galera_address }}" - name: "{{ adjutant_galera_user }}" - password: "{{ adjutant_container_mysql_password }}" - host: "{{ item }}" - state: "present" - priv: "{{ adjutant_galera_database }}.*:ALL" - delegate_to: "{{ groups['galera_all'][0] }}" - no_log: true - with_items: - - "localhost" - - "%" - - name: Perform adjutant migrate command: "{{ adjutant_bin }}/adjutant-api migrate" become: yes diff --git a/tasks/adjutant_domain_setup.yml b/tasks/adjutant_domain_setup.yml deleted file mode 100644 index 444ccfe..0000000 --- a/tasks/adjutant_domain_setup.yml +++ /dev/null @@ -1,96 +0,0 @@ ---- -# Copyright 2016, Rackspace US, Inc. -# -# (C) 2016 Michael Rice -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Ensure adjutant specific roles - keystone: - command: "ensure_role" - role_name: "{{ item }}" - login_user: "{{ keystone_admin_user_name }}" - login_password: "{{ keystone_auth_admin_password }}" - login_project_name: "{{ keystone_admin_tenant_name }}" - endpoint: "{{ keystone_service_adminurl }}" - insecure: "{{ keystone_service_adminuri_insecure }}" - with_items: - - "project_admin" - - "project_mod" - no_log: True - -- name: Ensure adjutant user - keystone: - command: "ensure_user" - endpoint: "{{ keystone_service_adminurl }}" - login_user: "{{ keystone_admin_user_name }}" - login_password: "{{ keystone_auth_admin_password }}" - login_project_name: "{{ keystone_admin_tenant_name }}" - user_name: "{{ adjutant_service_user_name }}" - domain_name: "{{ adjutant_user_domain_name }}" - password: "{{ adjutant_service_password }}" - insecure: "{{ keystone_service_adminuri_insecure }}" - no_log: True - -- name: Add adjutant user to service admin role - keystone: - command: "ensure_user_role" - user_name: "{{ adjutant_service_user_name }}" - project_name: "service" - role_name: "admin" - login_user: "{{ keystone_admin_user_name }}" - login_password: "{{ keystone_auth_admin_password }}" - login_project_name: "{{ keystone_admin_tenant_name }}" - endpoint: "{{ keystone_service_adminurl }}" - insecure: "{{ keystone_service_adminuri_insecure }}" - no_log: True - -- name: Ensure adjutant service - keystone: - command: "ensure_service" - service_name: "{{ adjutant_service_name }}" - service_type: "{{ adjutant_service_type }}" - login_user: "{{ keystone_admin_user_name }}" - login_password: "{{ keystone_auth_admin_password }}" - login_project_name: "{{ keystone_admin_tenant_name }}" - endpoint: "{{ keystone_service_adminurl }}" - insecure: "{{ keystone_service_adminuri_insecure }}" - register: add_service - until: add_service|success - retries: 5 - delay: 2 - no_log: True - -- name: Ensure adjutant endpoints - keystone: - command: "ensure_endpoint" - endpoint: "{{ keystone_service_adminurl }}" - login_user: "{{ keystone_admin_user_name }}" - login_password: "{{ keystone_auth_admin_password }}" - login_project_name: "{{ keystone_admin_tenant_name }}" - region_name: "{{ adjutant_service_region }}" - service_name: "{{ adjutant_service_name }}" - service_type: "{{ adjutant_service_type }}" - insecure: "{{ keystone_service_adminuri_insecure }}" - endpoint_list: - - url: "{{ adjutant_service_publicurl }}" - interface: "public" - - url: "{{ adjutant_service_internalurl }}" - interface: "internal" - - url: "{{ adjutant_service_adminurl }}" - interface: "admin" - register: add_endpoint - until: add_endpoint|success - retries: 5 - delay: 10 - no_log: True diff --git a/tasks/adjutant_init_systemd.yml b/tasks/adjutant_init_systemd.yml deleted file mode 100644 index b1bb3f2..0000000 --- a/tasks/adjutant_init_systemd.yml +++ /dev/null @@ -1,60 +0,0 @@ ---- -# Copyright 2016, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Create TEMP run dir - file: - path: "/var/run/{{ item.value.service_name }}" - state: directory - owner: "{{ adjutant_system_user_name }}" - group: "{{ adjutant_system_group_name }}" - mode: "02755" - with_dict: "{{ adjutant_services }}" - when: inventory_hostname in groups[item.value.group] - -- name: Create TEMP lock dir - file: - path: "/var/lock/{{ item.value.service_name }}" - state: directory - owner: "{{ adjutant_system_user_name }}" - group: "{{ adjutant_system_group_name }}" - mode: "02755" - with_dict: "{{ adjutant_services }}" - when: inventory_hostname in groups[item.value.group] - -- name: Create tempfile.d entry - template: - src: "adjutant-systemd-tempfiles.j2" - dest: "/etc/tmpfiles.d/adjutant.conf" - mode: "0644" - owner: "root" - group: "root" - with_dict: "{{ adjutant_services }}" - when: inventory_hostname in groups[item.value.group] - notify: - - Restart adjutant services - -- name: Place the systemd init script - config_template: - src: "adjutant-systemd-init.j2" - dest: "/etc/systemd/system/{{ item.value.service_name }}.service" - mode: "0644" - owner: "root" - group: "root" - config_overrides: "{{ item.value.init_config_overrides }}" - config_type: "ini" - with_dict: "{{ adjutant_services }}" - when: inventory_hostname in groups[item.value.group] - notify: - - Restart adjutant services diff --git a/tasks/adjutant_post_install.yml b/tasks/adjutant_post_install.yml index 99fc91f..0985d36 100644 --- a/tasks/adjutant_post_install.yml +++ b/tasks/adjutant_post_install.yml @@ -31,15 +31,14 @@ config_type: "yaml" notify: - Restart adjutant services - - Restart Apache - name: Drop Adjutant WSGI Configs template: src: wsgi.py.j2 - dest: /var/www/cgi-bin/adjutant/adjutant-api + dest: "{{ adjutant_bin }}/adjutant-api-wsgi" owner: "{{ adjutant_system_user_name }}" group: "{{ adjutant_system_group_name }}" mode: "0755" - when: adjutant_use_mod_wsgi | bool + when: adjutant_use_uwsgi | bool notify: - - Restart Apache + - Restart adjutant services diff --git a/tasks/adjutant_pre_install.yml b/tasks/adjutant_pre_install.yml index 1f29f0a..9c5ad7e 100644 --- a/tasks/adjutant_pre_install.yml +++ b/tasks/adjutant_pre_install.yml @@ -41,38 +41,4 @@ with_items: - { path: "/openstack", mode: "0755", owner: "root", group: "root" } - { path: "/etc/adjutant" } - -- name: Create Apache mod_wsgi dirs - file: - path: "{{ item.path }}" - state: directory - owner: "{{ item.owner|default(adjutant_system_user_name) }}" - group: "{{ item.owner|default(adjutant_system_group_name) }}" - mode: "{{ item.mode|default('0755') }}" - with_items: - - { path: "/var/www/cgi-bin", owner: root, group: root } - - { path: "/var/www/cgi-bin/adjutant" } - when: adjutant_use_mod_wsgi | bool - -- name: Test for log directory or link - shell: | - if [ -h "/var/log/adjutant" ]; then - chown -h {{ adjutant_system_user_name }}:{{ adjutant_system_group_name }} "/var/log/adjutant" - chown -R {{ adjutant_system_user_name }}:{{ adjutant_system_group_name }} "$(readlink /var/log/adjutant)" - else - exit 1 - fi - register: log_dir - failed_when: false - changed_when: log_dir.rc != 0 - -- name: Create adjutant log dir - file: - path: "{{ item.path }}" - state: directory - owner: "{{ item.owner|default(adjutant_system_user_name) }}" - group: "{{ item.group|default(adjutant_system_group_name) }}" - mode: "{{ item.mode|default('0755') }}" - with_items: - { path: "/var/log/adjutant" } - when: log_dir.rc != 0 diff --git a/tasks/db_setup.yml b/tasks/db_setup.yml new file mode 100644 index 0000000..09b01f8 --- /dev/null +++ b/tasks/db_setup.yml @@ -0,0 +1,48 @@ +--- +# Copyright 2019, VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# WARNING: +# This file is maintained in the openstack-ansible-tests repository. +# https://git.openstack.org/cgit/openstack/openstack-ansible-tests/tree/sync/tasks/db_setup.yml +# If you need to modify this file, update the one in the openstack-ansible-tests +# repository. Once it merges there, the changes will automatically be proposed to +# all the repositories which use it. + +- name: Setup Database Service (MariaDB) + delegate_to: "{{ _oslodb_setup_host }}" + vars: + ansible_python_interpreter: "{{ _oslodb_ansible_python_interpreter }}" + tags: + - common-mariadb + block: + - name: Create database for service + community.mysql.mysql_db: + name: "{{ item.name }}" + login_host: "{{ _oslodb_setup_endpoint | default(omit) }}" + login_port: "{{ _oslodb_setup_port | default(omit) }}" + loop: "{{ _oslodb_databases }}" + no_log: true + + - name: Grant access to the database for the service + community.mysql.mysql_user: + name: "{{ item.1.username }}" + password: "{{ item.1.password }}" + host: "{{ item.1.host | default('%') }}" + priv: "{{ item.0.name }}.*:{{ item.1.priv | default('ALL') }}" + append_privs: yes + login_host: "{{ _oslodb_setup_endpoint | default(omit) }}" + login_port: "{{ _oslodb_setup_port | default(omit) }}" + loop: "{{ _oslodb_databases | subelements('users') }}" + no_log: true diff --git a/tasks/main.yml b/tasks/main.yml index 4b4a245..aab5ac6 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -27,81 +27,122 @@ tags: - always -- name: Check init system - command: cat /proc/1/comm - changed_when: false - register: _pid1_name +- import_tasks: db_setup.yml + when: inventory_hostname == groups['adjutant_all'][0] + vars: + _oslodb_setup_host: "{{ adjutant_galera_setup_host }}" + _oslodb_ansible_python_interpreter: "{{ adjutant_galera_setup_python_interpreter }}" + _oslodb_setup_endpoint: "{{ adjutant_galera_address }}" + _oslodb_setup_port: "{{ adjutant_galera_port }}" + _oslodb_databases: + - name: "{{ adjutant_galera_database }}" + users: + - username: "{{ adjutant_galera_user }}" + password: "{{ adjutant_galera_password }}" tags: - - always + - common-db + - adjutant-config -- name: Set the name of pid1 - set_fact: - pid1_name: "{{ _pid1_name.stdout }}" - tags: - - always - -- include: adjutant_pre_install.yml - tags: - - adjutant-install - -- name: Install distro packages - package: - pkg: virtualenv - state: present - update_cache: "{{ (ansible_pkg_mgr == 'apt') | ternary('yes', omit) }}" - cache_valid_time: "{{ (ansible_pkg_mgr == 'apt') | ternary(cache_timeout, omit) }}" - register: install_packages - until: install_packages|success - retries: 5 - delay: 2 +- import_tasks: adjutant_pre_install.yml tags: - adjutant-install - name: Install the python venv import_role: - name: "ansible-role-python_venv_build" + name: "python_venv_build" vars: venv_python_executable: "{{ adjutant_venv_python_executable }}" + venv_build_constraints: "{{ adjutant_git_constraints }}" venv_build_distro_package_list: "{{ adjutant_devel_distro_packages }}" venv_install_destination_path: "{{ adjutant_bin | dirname }}" - venv_install_distro_package_list: "{{ adjutant_distro_packages }}" - venv_pip_install_args: "{{ adjutant_pip3_install_args }}" - venv_pip_packages: "{{ adjutant_pip3_packages }}" + venv_pip_install_args: "{{ adjutant_pip_install_args }}" + venv_pip_packages: "{{ adjutant_pip_packages }}" venv_facts_when_changed: - section: "adjutant" option: "venv_tag" value: "{{ adjutant_venv_tag }}" - venv_rebuild: "{{ adjutant_venv_rebuild | default('no') }}" - venv_wheel_build_enable: false tags: - adjutant-install -- include: adjutant_post_install.yml +- import_tasks: adjutant_post_install.yml static: no tags: - adjutant-config -- include: adjutant_domain_setup.yml +- import_tasks: adjutant_db_sync.yml when: inventory_hostname == groups['adjutant_all'][0] tags: - adjutant-config -- include: adjutant_db_setup.yml +- import_tasks: service_setup.yml + vars: + _service_adminuri_insecure: "{{ keystone_service_adminuri_insecure }}" + _service_in_ldap: "{{ adjutant_service_in_ldap }}" + _service_setup_host: "{{ adjutant_service_setup_host }}" + _service_setup_host_python_interpreter: "{{ adjutant_service_setup_host_python_interpreter }}" + _service_project_name: "{{ adjutant_service_project_name }}" + _service_region: "{{ adjutant_service_region }}" + _service_users: + - name: "{{ adjutant_service_user_name }}" + password: "{{ adjutant_service_password }}" + role: "{{ adjutant_role_name }}" + - role: "project_mod" + - role: "project_admin" + _service_catalog: + - name: "{{ adjutant_service_name }}" + type: "{{ adjutant_service_type }}" + description: "{{ adjutant_service_description }}" + _service_endpoints: + - interface: "public" + url: "{{ adjutant_service_publicurl }}" + service: "{{ adjutant_service_name }}" + - interface: "internal" + url: "{{ adjutant_service_internalurl }}" + service: "{{ adjutant_service_name }}" + - interface: "admin" + url: "{{ adjutant_service_adminurl }}" + service: "{{ adjutant_service_name }}" when: inventory_hostname == groups['adjutant_all'][0] tags: - adjutant-config -- include: "adjutant_init_{{ ansible_service_mgr }}.yml" - static: no +- name: Run the systemd service role + include_role: + name: systemd_service + vars: + systemd_user_name: "{{ adjutant_system_user_name }}" + systemd_group_name: "{{ adjutant_system_group_name }}" + systemd_tempd_prefix: openstack + systemd_slice_name: adjutant + systemd_lock_path: /var/lock/adjutant + systemd_CPUAccounting: true + systemd_BlockIOAccounting: true + systemd_MemoryAccounting: true + systemd_TasksAccounting: true + systemd_services: + - service_name: "{{ service_var.service_name }}" + enabled: yes + state: started + execstarts: "{{ service_var.execstarts }}" + execreloads: "{{ service_var.execreloads | default([]) }}" + config_overrides: "{{ service_var.init_config_overrides }}" + with_items: "{{ filtered_adjutant_services }}" + loop_control: + loop_var: service_var tags: - - adjutant-setup + - adjutant-config + - systemd-service -- include: adjutant_apache.yml - static: no - when: - - adjutant_use_mod_wsgi | bool +- name: Import uwsgi role + import_role: + name: uwsgi + vars: + uwsgi_services: "{{ uwsgi_adjutant_services }}" + uwsgi_install_method: "source" tags: - - adjutant-setup + - adjutant-install + - adjutant-config + - uwsgi - name: Flush handlers meta: flush_handlers diff --git a/tasks/service_setup.yml b/tasks/service_setup.yml new file mode 100644 index 0000000..9ab3cc9 --- /dev/null +++ b/tasks/service_setup.yml @@ -0,0 +1,162 @@ +--- +# Copyright 2019, VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# WARNING: +# This file is maintained in the openstack-ansible-tests repository. +# https://opendev.org/openstack/openstack-ansible-tests/src/sync/tasks/service_setup.yml +# If you need to modify this file, update the one in the openstack-ansible-tests +# repository. Once it merges there, the changes will automatically be proposed to +# all the repositories which use it. + +# We set the python interpreter to the ansible runtime venv if +# the delegation is to localhost so that we get access to the +# appropriate python libraries in that venv. If the delegation +# is to another host, we assume that it is accessible by the +# system python instead. + +- name: Setup the OS service + delegate_to: "{{ _service_setup_host }}" + vars: + ansible_python_interpreter: "{{ _service_setup_host_python_interpreter }}" + block: + - name: Add keystone domain + openstack.cloud.os_keystone_domain: + cloud: default + state: present + description: "{{ _domain_name_description | default(omit) }}" + name: "{{ _domain_name }}" + endpoint_type: admin + verify: "{{ not _service_adminuri_insecure }}" + register: add_domain + when: _domain_name is defined + until: add_domain is success + retries: 5 + delay: 10 + + - name: Add service project + openstack.cloud.os_project: + cloud: default + state: present + name: "{{ _project_name }}" + description: "{{ _project_description | default(omit) }}" + domain_id: "{{ _project_domain | default('default') }}" + endpoint_type: admin + validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}" + register: add_service + when: + - not (_service_in_ldap | default(False) | bool) + - _project_name is defined + until: add_service is success + retries: 5 + delay: 10 + + - name: Add services to the keystone service catalog + openstack.cloud.os_keystone_service: + cloud: default + state: "{{ item.state | default('present') }}" + name: "{{ item.name }}" + service_type: "{{ item.type }}" + description: "{{ item.description | default('') }}" + endpoint_type: admin + validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}" + register: add_service + with_items: "{{ _service_catalog }}" + when: _service_catalog is defined + until: add_service is success + retries: 5 + delay: 10 + + - name: Add keystone roles + openstack.cloud.os_keystone_role: + cloud: default + state: present + name: "{{ item.role }}" + endpoint_type: admin + validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}" + register: add_service + when: + - not (_service_in_ldap | default(False) | bool) + - _service_users is defined + - "'role' in item" + - (item.condition | default(True)) | bool + until: add_service is success + with_items: "{{ _service_users }}" + retries: 5 + delay: 10 + no_log: True + + - name: Add service users + openstack.cloud.os_user: + cloud: default + state: present + name: "{{ item.name }}" + password: "{{ item.password }}" + domain: "{{ item.domain | default('default') }}" + default_project: "{{ item.project | default(_service_project_name) }}" + endpoint_type: admin + validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}" + update_password: always + register: add_service + when: + - not (_service_in_ldap | default(False) | bool) + - _service_users is defined + - "'name' in item" + - "'password' in item" + - (item.condition | default(True)) | bool + until: add_service is success + with_items: "{{ _service_users }}" + retries: 5 + delay: 10 + no_log: True + + - name: Add service users to the role + openstack.cloud.os_user_role: + cloud: default + state: present + user: "{{ item.name }}" + role: "{{ item.role }}" + project: "{{ item.project | default(_service_project_name) }}" + domain: "{{ item.domain | default(omit) }}" + endpoint_type: admin + validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}" + register: add_service + when: + - not (_service_in_ldap | default(False) | bool) + - _service_users is defined + - "'name' in item" + - "'role' in item" + - (item.condition | default(True)) | bool + until: add_service is success + with_items: "{{ _service_users }}" + retries: 5 + delay: 10 + no_log: True + + - name: Add endpoints to keystone endpoint catalog + openstack.cloud.os_keystone_endpoint: + cloud: default + state: "{{ item.state | default('present') }}" + service: "{{ item.service }}" + endpoint_interface: "{{ item.interface }}" + url: "{{ item.url }}" + region: "{{ _service_region | default('RegionOne') }}" + endpoint_type: admin + validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}" + register: add_service + until: add_service is success + retries: 5 + delay: 10 + with_items: "{{ _service_endpoints }}" + when: _service_endpoints is defined diff --git a/templates/adjutant-httpd.conf.j2 b/templates/adjutant-httpd.conf.j2 deleted file mode 100644 index 11c9217..0000000 --- a/templates/adjutant-httpd.conf.j2 +++ /dev/null @@ -1,44 +0,0 @@ -# {{ ansible_managed }} - - - ServerName {{ ansible_hostname }} - - WSGIDaemonProcess adjutant lang='en_US.UTF-8' locale='en_US.UTF-8' user={{ adjutant_system_user_name }} group={{ adjutant_system_group_name }} processes={{ adjutant_wsgi_processes }} threads={{ adjutant_wsgi_threads }} display-name=%{GROUP} - WSGIProcessGroup adjutant - WSGIScriptAlias / /var/www/cgi-bin/adjutant/adjutant-api - WSGIApplicationGroup %{GLOBAL} - - = 2.4> - ErrorLogFormat "%{cu}t %M" - - - LogLevel {{ adjutant_apache_log_level }} - ErrorLog /var/log/adjutant/adjutant-apache-error.log - CustomLog /var/log/adjutant/adjutant-access.log combined - -{% if adjutant_ssl | bool and adjutant_service_internaluri_proto == "https" -%} - SSLEngine on - SSLCertificateFile {{ adjutant_ssl_cert }} - SSLCertificateKeyFile {{ adjutant_ssl_key }} - {% if adjutant_user_ssl_ca_cert is defined -%} - SSLCACertificateFile {{ adjutant_ssl_ca_cert }} - {% endif -%} - SSLCompression Off - SSLProtocol {{ adjutant_ssl_protocol }} - SSLHonorCipherOrder On - SSLCipherSuite {{ adjutant_ssl_cipher_suite }} - SSLOptions +StdEnvVars +ExportCertData -{% endif %} - - - - AllowOverride None - Options +ExecCGI -Includes - - Require all granted - - - Order allow,deny - Allow from all - - diff --git a/templates/adjutant-ports.conf.j2 b/templates/adjutant-ports.conf.j2 deleted file mode 100644 index b770a17..0000000 --- a/templates/adjutant-ports.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -# {{ ansible_managed }} - -Listen {{ adjutant_service_port }} diff --git a/templates/adjutant-systemd-init.j2 b/templates/adjutant-systemd-init.j2 deleted file mode 100644 index 1f5caac..0000000 --- a/templates/adjutant-systemd-init.j2 +++ /dev/null @@ -1,34 +0,0 @@ -# {{ ansible_managed }} - -[Unit] -Description=adjutant openstack service -After=syslog.target -After=network.target - -[Service] -Type=simple -User={{ adjutant_system_user_name }} -Group={{ adjutant_system_group_name }} - -{% if program_override is defined %} -ExecStart={{ program_override }} {{ program_config_options|default('') }} --log-file=/var/log/adjutant/{{ item.value.service_name }}.log -{% else %} -ExecStart={{ adjutant_bin }}/{{ item.value.service_name }} {{ program_config_options|default('') }} --log-file=/var/log/adjutant/{{ item.value.service_name }}.log -{% endif %} - -# Give a reasonable amount of time for the server to start up/shut down -TimeoutSec=120 -Restart=on-failure -RestartSec=2 - -# This creates a specific slice which all services will operate from -# The accounting options give us the ability to see resource usage through -# the `systemd-cgtop` command. -Slice=adjutant.slice -CPUAccounting=true -BlockIOAccounting=true -MemoryAccounting=false -TasksAccounting=true - -[Install] -WantedBy=multi-user.target diff --git a/templates/adjutant-systemd-tempfiles.j2 b/templates/adjutant-systemd-tempfiles.j2 deleted file mode 100644 index 921fdf4..0000000 --- a/templates/adjutant-systemd-tempfiles.j2 +++ /dev/null @@ -1,4 +0,0 @@ -# {{ ansible_managed }} - -D /var/lock/{{ item.value.service_name }} 2755 {{ adjutant_system_user_name }} {{ adjutant_system_group_name }} -D /var/run/{{ item.value.service_name }} 2755 {{ adjutant_system_user_name }} {{ adjutant_system_group_name }} diff --git a/templates/adjutant-wsgi.load.j2 b/templates/adjutant-wsgi.load.j2 deleted file mode 100644 index 40c66a2..0000000 --- a/templates/adjutant-wsgi.load.j2 +++ /dev/null @@ -1,4 +0,0 @@ -# {{ ansible_managed }} - -LoadModule wsgi_module "/openstack/venvs/adjutant-{{ adjutant_venv_tag }}/lib/python3.5/site-packages/mod_wsgi/server/mod_wsgi-py35.cpython-35m-x86_64-linux-gnu.so" -WSGIPythonHome "/openstack/venvs/adjutant-{{ adjutant_venv_tag }}" diff --git a/templates/adjutant.yaml.j2 b/templates/adjutant.yaml.j2 index 0635e89..0ea07b8 100644 --- a/templates/adjutant.yaml.j2 +++ b/templates/adjutant.yaml.j2 @@ -10,15 +10,34 @@ django: ENGINE: django.db.backends.mysql HOST: '{{ adjutant_galera_address }}' NAME: '{{ adjutant_galera_database }}' - PASSWORD: '{{ adjutant_container_mysql_password }}' + PASSWORD: '{{ adjutant_galera_password }}' USER: '{{ adjutant_galera_user }}' - log_file: adjutant.log + logging: + version: 1 + disable_existing_loggers: False + handlers: + syslog: + class: logging.handlers.SysLogHandler + address: /dev/log + loggers: + adjutant: + handlers: + - syslog + propagate: False + django: + handlers: + - syslog + propagate: False + keystonemiddleware: + handlers: + - syslog + propagate: False email: email_backend: {{ adjutant_email_backend }} host: {{ adjutant_email_host }} port: {{ adjutant_email_port }} host_user: {{ adjutant_email_host_user }} - host_password: {{ adjutant_email_host_password }} + host_password: {{ adjutant_email_host_password | default('') }} use_tls: {{ adjutant_email_use_tls }} use_ssl: {{ adjutant_email_use_ssl }} diff --git a/tests/os_adjutant-overrides.yml b/tests/os_adjutant-overrides.yml index 739aaa1..6f8581f 100644 --- a/tests/os_adjutant-overrides.yml +++ b/tests/os_adjutant-overrides.yml @@ -16,6 +16,6 @@ adjutant_venv_tag: "testing" adjutant_developer_mode: true adjutant_galera_address: "{{ hostvars[groups['galera_all'][0]]['ansible_host'] }}" -adjutant_container_mysql_password: "SuperSecrete" +adjutant_galera_password: "SuperSecrete" adjutant_service_password: "secrete" adjutant_secret_key: "secretkey" diff --git a/tox.ini b/tox.ini index 64ff39f..247fcdb 100644 --- a/tox.ini +++ b/tox.ini @@ -31,10 +31,20 @@ setenv = [testenv:docs] +deps = -r{toxinidir}/doc/requirements.txt commands= bash -c "rm -rf doc/build" doc8 doc - python setup.py build_sphinx + sphinx-build -W --keep-going -b html doc/source doc/build/html + + +[testenv:pdf-docs] +deps = {[testenv:docs]deps} +whitelist_externals = + make +commands = + sphinx-build -W --keep-going -b latex doc/source doc/build/pdf + make -C doc/build/pdf [doc8] @@ -43,8 +53,9 @@ extensions = .rst [testenv:releasenotes] +deps = -r{toxinidir}/doc/requirements.txt commands = - sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html + sphinx-build -a -E -W -d releasenotes/build/doctrees --keep-going -b html releasenotes/source releasenotes/build/html # environment used by the -infra templated docs job diff --git a/vars/debian.yml b/vars/debian.yml new file mode 100644 index 0000000..bc5edb2 --- /dev/null +++ b/vars/debian.yml @@ -0,0 +1,24 @@ +--- +# Copyright 2016, Walmart Stores, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +## APT Cache options +cache_timeout: 600 + +adjutant_devel_distro_packages: + - cmake + - gcc + - python3-dev + - git-core + - libsystemd-dev diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..0798161 --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,48 @@ +--- +# Copyright 2020, City Network International AB. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +filtered_adjutant_services: |- + {% set services = [] %} + {% for key, value in adjutant_services.items() %} + {% if (value['group'] in group_names) and + (('condition' not in value) or + ('condition' in value and value['condition'])) and + not ('wsgi_app' in value and value['wsgi_app']) %} + {% set _ = value.update({'service_key': key}) %} + {% set _ = services.append(value) %} + {% endif %} + {% endfor %} + {{ services | sort(attribute='start_order') }} + +uwsgi_adjutant_services: |- + {% set services = {} %} + {% for key, value in adjutant_services.items() %} + {% if (value['group'] in group_names) and + (('condition' not in value) or ('condition' in value and value['condition'])) + and ('wsgi_app' in value and value['wsgi_app']) %} + {% set _ = value.update( + { + 'wsgi_path': adjutant_bin ~ '/' ~ value.wsgi_name, + 'wsgi_venv': adjutant_bin | dirname, + 'uwsgi_uid': adjutant_system_user_name, + 'uwsgi_guid': adjutant_system_group_name, + 'uwsgi_processes': adjutant_wsgi_processes, + 'uwsgi_threads': adjutant_wsgi_threads, + } + ) %} + {% set _ = services.update({key: value}) %} + {% endif %} + {% endfor %} + {{ services }} diff --git a/vars/redhat-7.yml b/vars/redhat.yml similarity index 50% rename from vars/redhat-7.yml rename to vars/redhat.yml index 9707824..c4c12ca 100644 --- a/vars/redhat-7.yml +++ b/vars/redhat.yml @@ -13,23 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -adjutant_distro_packages: - - git - - httpd - - httpd-tools - - mod_wsig - - libmysqlclient-dev +adjutant_devel_distro_packages: + - git-core - openssl-devel - - virtualenv - - python-keystoneclient - -adjutant_system_service_name: httpd -adjutant_apache_config: - - { src: "adjutant-ports.conf.j2", dest: "/etc/httpd/conf.d/ports.conf" } - - { src: "adjutant-httpd.conf.j2", dest: "/etc/httpd/conf.d/adjutant-httpd.conf" } -adjutant_apache_default_sites: - - "/etc/httpd/conf.d/userdir.conf" - - "/etc/httpd/conf.d/welcome.conf" - - "/etc/httpd/conf.d/ssl.conf" -adjutant_apache_conf: "/etc/httpd/conf/httpd.conf" -adjutant_apache_security_conf: "{{ adjutant_apache_conf }}" + - systemd-devel diff --git a/vars/ubuntu.yml b/vars/ubuntu.yml deleted file mode 100644 index 5ebca6c..0000000 --- a/vars/ubuntu.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Copyright 2016, Walmart Stores, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -## APT Cache options -cache_timeout: 600 - -adjutant_devel_distro_packages: - - cmake - - gcc - - python3-dev - - apache2-dev - - libmysqlclient-dev - - libssl-dev - -adjutant_distro_packages: - - apache2 - - apache2-utils - - git - - python-keystoneclient - - libapache2-mod-wsgi - -adjutant_system_service_name: apache2 -adjutant_apache_config: - - { src: "adjutant-ports.conf.j2", dest: "/etc/apache2/ports.conf" } - - { src: "adjutant-httpd.conf.j2", dest: "/etc/apache2/sites-available/adjutant-httpd.conf" } - - { src: "adjutant-wsgi.load.j2", dest: "/etc/apache2/mods-available/wsgi.load" } -adjutant_apache_default_sites: - - "/etc/apache2/sites-enabled/000-default.conf" -adjutant_apache_site_available: "/etc/apache2/sites-available/adjutant-httpd.conf" -adjutant_apache_site_enabled: "/etc/apache2/sites-enabled/adjutant-httpd.conf" -adjutant_apache_conf: "/etc/apache2/apache2.conf" -adjutant_apache_security_conf: "/etc/apache2/conf-available/security.conf" diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml new file mode 100644 index 0000000..318bac5 --- /dev/null +++ b/zuul.d/project.yaml @@ -0,0 +1,22 @@ +--- +# Copyright 2020, City Network International AB. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- project: + templates: + - check-requirements + - openstack-ansible-linters-jobs + - openstack-ansible-deploy-aio_metal-jobs + - publish-openstack-docs-pti + - release-notes-jobs-python3