Merge pull request #2 from andymcc/master

Fix the policy.json things

defaults/main.yml

@@ -38,7 +38,7 @@ ironic_system_home_folder: "/var/lib/{{ ironic_system_user_name }}"
 ironic_system_log_folder: "/var/log/{{ ironic_system_user_name }}"
 
 # Ironic Program and Service names
-ironic_api_program_name: ironic-api
+ironic_api_program_name: apache2
 ironic_conductor_program_name: ironic-conductor
 python_ironic_client_program_name: ironic
 ironic_service_names:
@@ -120,6 +120,14 @@ ironic_pip_packages:
   - mysql-python
   - ironic
 
+ironic_api_apt_packages:
+  - apache2
+  - apache2-utils
+  - libapache2-mod-wsgi
+
+ironic_api_pip_packages:
+  - mysql-python
+
 python_ironicclient_pip_packages:
   - python_ironicclient
 
@@ -149,4 +157,6 @@ ironic_rabbitmq_password: ch4rl0tt3     # TODO(mrda): Manage secrets
 ironic_service_user_name: "ironic"
 ironic_service_password: "4nn3"         # TODO(mrda): Manage secrets
 
-
+# Apache settings
+ironic_wsgi_threads: 1
+ironic_wsgi_processes: "{{ ansible_processor_vcpus | default (1) * 2 }}"

tasks/ironic_api_install.yml

@@ -0,0 +1,43 @@
+---
+# Copyright 2015, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Install ironic-api specific apt packages
+  apt:
+    pkg: "{{ item }}"
+    state: latest
+  register: install_packages
+  until: install_packages|success
+  retries: 5
+  delay: 2
+  with_items: ironic_api_apt_packages
+  tags:
+    - ironic-install
+    - ironic-api
+    - ironic-apt-packages
+
+- name: Install ironic-api specific pip dependencies
+  pip:
+    name: "{{ item }}"
+    state: present
+    extra_args: "{{ pip_install_options|default('') }}"
+  register: install_packages
+  until: install_packages|success
+  retries: 5
+  delay: 2
+  with_items: ironic_api_pip_packages
+  tags:
+    - ironic-install
+    - ironic-api
+    - ironic-pip-packages

tasks/ironic_api_post_install.yml

@@ -0,0 +1,61 @@
+---
+# Copyright 2014, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Setup Ironic Apache site conf
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: "root"
+    group: "root"
+  with_items:
+    - { src: "ironic-ports.conf.j2", dest: "/etc/apache2/ports.conf" }
+    - { src: "ironic-httpd.conf.j2", dest: "/etc/apache2/sites-available/ironic-httpd.conf" }
+  notify:
+    - Restart ironic services
+  tags:
+    - ironic-httpd
+
+- name: Disable default apache site
+  file:
+    path: "/etc/apache2/sites-enabled/000-default.conf"
+    state: "absent"
+  notify:
+    - Restart ironic services
+  tags:
+    - ironic-httpd
+
+- name: Enable ironic vhost
+  file:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    state: "{{ item.state }}"
+  with_items:
+    - { src: "/etc/apache2/sites-available/ironic-httpd.conf", dest: "/etc/apache2/sites-enabled/ironic-httpd.conf", state: "link" }
+  notify:
+    - Restart ironic services
+  tags:
+    - ironic-httpd
+
+- name: Setup Ironic WSGI Configs
+  template:
+    src: "ironic-wsgi.py.j2"
+    dest: "/var/www/cgi-bin/ironic/ironic.wsgi"
+    owner: "{{ ironic_system_user_name }}"
+    group: "{{ ironic_system_group_name }}"
+    mode: "0755"
+  notify:
+    - Restart ironic services
+  tags:
+    - ironic-config

tasks/ironic_post_install.yml

@@ -45,3 +45,14 @@
   tags:
     - ironic-init
 
+- name: Build the policy.json file
+  template:
+    src: "policy.json.j2"
+    dest: "/etc/ironic/policy.json"
+    mode: "0644"
+    owner: "root"
+    group: "root"
+  notify:
+    - Restart ironic services
+  tags:
+    - ironic-init

tasks/ironic_pre_install.yml

@@ -68,6 +68,8 @@
     - { path: "{{ ironic_system_home_folder }}/master_images" }
     - { path: "/var/lock/ironic" }
     - { path: "/var/run/ironic" }
+    - { path: "/var/www/cgi-bin", owner: root, group: root }
+    - { path: "/var/www/cgi-bin/ironic" }
   tags:
     - ironic-api
     - ironic-conductor

tasks/ironic_upstart_init.yml

@@ -13,14 +13,14 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-- include: ironic_upstart_common_init.yml
-  vars:
-    program_name: "{{ ironic_api_program_name }}"
-    service_name: "{{ ironic_service_name }}"
-    system_user: "{{ ironic_system_user_name }}"
-    system_group: "{{ ironic_system_group_name }}"
-    service_home: "{{ ironic_system_home_folder }}"
-  when: inventory_hostname in groups['ironic_api']
+#- include: ironic_upstart_common_init.yml
+#  vars:
+#    program_name: "{{ ironic_api_program_name }}"
+#    service_name: "{{ ironic_service_name }}"
+#    system_user: "{{ ironic_system_user_name }}"
+#    system_group: "{{ ironic_system_group_name }}"
+#    service_home: "{{ ironic_system_home_folder }}"
+#  when: inventory_hostname in groups['ironic_api']
 
 - include: ironic_upstart_common_init.yml
   vars:

tasks/main.yml

@@ -16,18 +16,26 @@
   - include: ironic_pre_install.yml
   - include: ironic_install.yml
 
+  - include: ironic_api_install.yml
+    when: >
+      inventory_hostname in groups['ironic_api']
+
   - include: ironic_conductor_install.yml
     when: >
-      inventory_hostname == groups['ironic_conductor'][0]
+      inventory_hostname in groups['ironic_conductor']
 
   - include: python_ironicclient_install.yml
 
   - include: ironic_post_install.yml
 
+  - include: ironic_api_post_install.yml
+    when: >
+      inventory_hostname in groups['ironic_api']
+
   - include: ironic_conductor_post_install.yml
     when: >
-      inventory_hostname == groups['ironic_conductor'][0]
-
+      inventory_hostname in groups['ironic_conductor']
+ 
   - include: ironic_db_setup.yml
     when: >
       inventory_hostname == groups['ironic_conductor'][0]

templates/ironic-httpd.conf.j2

@@ -0,0 +1,20 @@
+# {{ ansible_managed }}
+
+<VirtualHost *:{{ ironic_service_port }}>
+    WSGIDaemonProcess ironic-api user={{ ironic_system_user_name }} group={{ ironic_system_group_name }} processes={{ ironic_wsgi_processes }} threads={{ ironic_wsgi_threads }} display-name=%{GROUP}
+    WSGIScriptAlias / /var/www/cgi-bin/ironic/ironic.wsgi
+    SetEnv APACHE_RUN_USER {{ ironic_system_user_name }}
+    SetEnv APACHE_RUN_GROUP {{ ironic_system_group_name }}
+    WSGIProcessGroup ironic-api
+
+    ErrorLog /var/log/ironic/ironic_error.log
+    LogLevel info
+    CustomLog /var/log/ironic/ironic_access.log combined
+
+    <Directory /var/www/cgi-bin/ironic/>
+        WSGIProcessGroup ironic-api
+        WSGIApplicationGroup %{GLOBAL}
+        AllowOverride All
+        Require all granted
+    </Directory>
+</VirtualHost>

templates/ironic-ports.conf.j2

@@ -0,0 +1,3 @@
+# {{ ansible_managed }}
+
+Listen {{ ironic_service_port }}

templates/ironic-wsgi.py.j2

@@ -0,0 +1,47 @@
+# -*- mode: python -*-
+# -*- encoding: utf-8 -*-
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#"""
+#Use this file for deploying the API service under Apache2 mod_wsgi.
+#"""
+
+import os
+
+{% if ironic_venv_enabled | bool %}
+activate_this = os.path.expanduser("{{ ironic_venv_bin }}/activate_this.py")
+execfile(activate_this, dict(__file__=activate_this))
+{% endif %}
+
+import logging
+import sys
+
+from oslo_config import cfg
+import oslo_i18n as i18n
+from oslo_log import log
+
+from ironic.api import app
+from ironic.common import service
+
+
+CONF = cfg.CONF
+
+i18n.install('ironic')
+
+service.prepare_service(sys.argv)
+
+LOG = log.getLogger(__name__)
+LOG.debug("Configuration:")
+CONF.log_opt_values(LOG, logging.DEBUG)
+
+application = app.VersionSelectorApplication()

templates/ironic.conf.j2

@@ -999,7 +999,7 @@ dhcp_provider={{ ironic_dhcp_provider }}
 #
 
 # Default glance hostname or IP address. (string value)
-glance_host={{ external_lb_vip_address }}
+glance_host={{ internal_lb_vip_address }}
 
 # Default glance port. (integer value)
 #glance_port=9292

templates/policy.json.j2

@@ -0,0 +1,5 @@
+{
+    "admin_api": "role:admin or role:administrator",
+    "show_password": "!",
+    "default": "rule:admin_api"
+}