diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..9f88a70 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,311 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Set the package install state for distribution and pip packages +# Options are 'present' and 'latest' +manila_package_state: "latest" +manila_pip_package_state: "latest" + +# Set the host which will execute the shade modules +# for the service setup. The host must already have +# clouds.yaml properly configured. +manila_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}" + +# Set installation method. +manila_install_method: "source" + +manila_git_repo: https://git.openstack.org/openstack/manila +manila_git_install_branch: master +manila_developer_mode: false +manila_developer_constraints: + - "git+{{ manila_git_repo }}@{{ manila_git_install_branch }}#egg=manila" + +# TODO(odyssey4me): +# This can be simplified once all the roles are using +# python_venv_build. We can then switch to using a +# set of constraints in pip.conf inside the venv, +# perhaps prepared by giving a giving a list of +# constraints to the role. +manila_pip_install_args: >- + {{ manila_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }} + {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''), '') }} + {{ pip_install_options | default('') }} + +# Name of the virtual env to deploy into +manila_venv_tag: "{{ venv_tag | default('untagged') }}" +manila_bin: "{{ _manila_bin }}" + +# venv_download, even when true, will use the fallback method of building the +# venv from scratch if the venv download fails. +manila_venv_download: "{{ not manila_developer_mode | bool }}" +manila_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/manila.tgz + +# Enable/Disable Ceilometer +manila_ceilometer_enabled: False + +manila_storage_availability_zone: nova +manila_default_availability_zone: "{{ manila_storage_availability_zone }}" + +manila_management_address: 127.0.0.1 +manila_uwsgi_bind_address: 0.0.0.0 + +manila_fatal_deprecations: False + +## Database info +manila_db_setup_host: "{{ ('galera_all' in groups) | ternary(groups['galera_all'][0], 'localhost') }}" +manila_galera_address: "{{ galera_address | default('127.0.0.1') }}" +manila_galera_user: manila +manila_galera_database: manila +manila_galera_use_ssl: "{{ galera_use_ssl | default(False) }}" +manila_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}" + +## Oslo Messaging + +# RPC +manila_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group | default('rabbitmq_all') }}" +manila_oslomsg_rpc_setup_host: "{{ (manila_oslomsg_rpc_host_group in groups) | ternary(groups[manila_oslomsg_rpc_host_group][0], 'localhost') }}" +manila_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport | default('rabbit') }}" +manila_oslomsg_rpc_servers: "{{ oslomsg_rpc_servers | default('127.0.0.1') }}" +manila_oslomsg_rpc_port: "{{ oslomsg_rpc_port | default('5672') }}" +manila_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl | default(False) }}" +manila_oslomsg_rpc_userid: manila +manila_oslomsg_rpc_vhost: /manila + +# Notify +manila_oslomsg_notify_host_group: "{{ oslomsg_notify_host_group | default('rabbitmq_all') }}" +manila_oslomsg_notify_setup_host: "{{ (manila_oslomsg_notify_host_group in groups) | ternary(groups[manila_oslomsg_notify_host_group][0], 'localhost') }}" +manila_oslomsg_notify_transport: "{{ oslomsg_notify_transport | default('rabbit') }}" +manila_oslomsg_notify_servers: "{{ oslomsg_notify_servers | default('127.0.0.1') }}" +manila_oslomsg_notify_port: "{{ oslomsg_notify_port | default('5672') }}" +manila_oslomsg_notify_use_ssl: "{{ oslomsg_notify_use_ssl | default(False) }}" +manila_oslomsg_notify_userid: "{{ manila_oslomsg_rpc_userid }}" +manila_oslomsg_notify_password: "{{ manila_oslomsg_rpc_password }}" +manila_oslomsg_notify_vhost: "{{ manila_oslomsg_rpc_vhost }}" + +## (Qdrouterd) integration +# TODO(evrardjp): Change structure when more backends will be supported +manila_oslomsg_amqp1_enabled: "{{ manila_oslomsg_rpc_transport == 'amqp' }}" + +## Manila User / Group +manila_system_user_name: manila +manila_system_group_name: manila +manila_system_comment: manila system user +manila_system_shell: /bin/false +manila_system_home_folder: "/var/lib/{{ manila_system_user_name }}" + +## Manually specified manila UID/GID +# Deployers can specify a UID for the manila user as well as the GID for the +# manila group if needed. This is commonly used in environments where shared +# storage is used, such as NFS or GlusterFS, and manila UID/GID values must be +# in sync between multiple servers. +# +# WARNING: Changing these values on an existing deployment can lead to +# failures, errors, and instability. +# +# manila_system_user_uid = +# manila_system_group_gid = + +manila_lock_path: /var/lock/manila + +## Manila Auth +manila_service_admin_tenant_name: "service" +manila_service_admin_username: "manila" + +## Manila API's enabled +manila_enable_v2_api: true + +## Manila API check cert validation +manila_service_internaluri_insecure: false + +## Manila api service type and data +manila_service_name: manila +manila_service_project_domain_id: default +manila_service_user_domain_id: default +manila_service_user_name: manila +manila_service_project_name: service +manila_service_role_name: admin +manila_service_region: RegionOne +manila_service_description: "Openstack Shared File Systems" +manila_service_port: 8786 +manila_service_proto: http +manila_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(manila_service_proto) }}" +manila_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(manila_service_proto) }}" +manila_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(manila_service_proto) }}" +manila_service_type: share +manila_service_publicuri: "{{ manila_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ manila_service_port }}" +manila_service_publicurl: "{{ manila_service_publicuri }}/v1/%(tenant_id)s" +manila_service_adminuri: "{{ manila_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ manila_service_port }}" +manila_service_adminurl: "{{ manila_service_adminuri }}/v1/%(tenant_id)s" +manila_service_internaluri: "{{ manila_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ manila_service_port }}" +manila_service_internalurl: "{{ manila_service_internaluri }}/v1/%(tenant_id)s" + +manila_service_v2_name: manilav2 +manila_service_v2_port: 8786 +manila_service_v2_proto: http +manila_service_v2_type: sharev2 +manila_service_v2_description: "Openstack Shared File Systems V2" +manila_service_v2_publicuri: "{{ manila_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ manila_service_port }}" +manila_service_v2_publicurl: "{{ manila_service_publicuri }}/v2/%(tenant_id)s" +manila_service_v2_adminuri: "{{ manila_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ manila_service_port }}" +manila_service_v2_adminurl: "{{ manila_service_adminuri }}/v2/%(tenant_id)s" +manila_service_v2_internaluri: "{{ manila_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ manila_service_port }}" +manila_service_v2_internalurl: "{{ manila_service_internaluri }}/v2/%(tenant_id)s" + +manila_auth_strategy: keystone + +## Keystone authentication middleware +manila_keystone_auth_plugin: "{{ manila_keystone_auth_type }}" +manila_keystone_auth_type: password + +## In order to enable the manila data you MUST set ``manila_service_data_program_enabled`` to "true" +manila_service_data_program_enabled: false + +## Cap the maximun number of threads / workers when a user value is unspecified. +manila_osapi_share_workers_max: 16 +manila_osapi_share_workers: "{{ [[ansible_processor_vcpus|default(2) // 2, 1] | max, manila_osapi_share_workers_max] | min }}" + +## Manila RPC +manila_rpc_executor_thread_pool_size: 64 +manila_rpc_response_timeout: 60 + +manila_share_name_template: share-%s + +# osprofiler +manila_profiler_enabled: false +# manila_profiler_hmac_key is set in user_secrets.yml +manila_profiler_trace_sqlalchemy: false + +manila_client_socket_timeout: 900 + +## Manila quota +manila_quota_shares: 50 +manila_quota_snapshots: 50 +manila_quota_gigabytes: 1000 +manila_quota_snapshot_gigabytes: 1000 +manila_quota_share_networks: 10 + +## General configuration +# manila_backends: +# lvm: +# share_backend_name: LVM +# share_driver: manila.share.drivers.lvm.LVMShareDriver +# driver_handles_share_servers: False +# lvm_share_volume_group: manila-shares +# lvm_share_export_ip: + +# manila_backend_lvm_inuse: True if current host has an lvm backend +manila_backend_lvm_inuse: '{{ (manila_backends|default("")|to_json).find("lvm") != -1 }}' +# manila_backend_rbd_inuse: True if the current host has an rbd backend +manila_backend_rbd_inuse: '{{ (manila_backends|default("")|to_json).find("manila.share.drivers.cephfs") != -1 }}' + +## Policy vars +# Provide a list of access controls to update the default policy.json with. These changes will be merged +# with the access controls in the default policy.json. E.g. +#manila_policy_overrides: +# "share:create": "" +# "share:delete": "" + +manila_service_in_ldap: false + +# Common pip packages +manila_pip_packages: + - manila + - python-manilaclient + - cryptography + - ecdsa + - httplib2 + - keystonemiddleware + - osprofiler + - PyMySQL + - python-openstackclient + - python-memcached + - systemd-python + - uwsgi + +manila_optional_oslomsg_amqp1_pip_packages: + - oslo.messaging[amqp1] + +manila_api_init_overrides: {} +manila_scheduler_init_overrides: {} +manila_share_init_overrides: {} +manila_data_init_overrides: {} + +## Service Name-Group Mapping +manila_services: + manila-scheduler: + group: manila_scheduler + service_name: manila-scheduler + init_config_overrides: "{{ manila_scheduler_init_overrides }}" + start_order: 1 + execstarts: "{{ manila_bin }}/manila-scheduler" + execreloads: "/bin/kill -HUP $MAINPID" + manila-share: + group: manila_share + service_name: manila-share + init_config_overrides: "{{ manila_share_init_overrides }}" + start_order: 2 + execstarts: "{{ manila_bin }}/manila-share" + execreloads: "/bin/kill -HUP $MAINPID" + manila-data: + group: manila_data + service_name: manila-data + init_config_overrides: "{{ manila_data_init_overrides }}" + start_order: 3 + condition: False + execstarts: "{{ manila_bin }}/manila-data" + execreloads: "/bin/kill -HUP $MAINPID" + manila-api: + group: manila_api + service_name: manila-api + init_config_overrides: "{{ manila_api_init_overrides }}" + start_order: 4 + execstarts: "{{ manila_uwsgi_bin }}/uwsgi --autoload --ini /etc/uwsgi/manila-api.ini" + execreloads: "{{ manila_uwsgi_bin }}/uwsgi --reload /var/run/manila-api/manila-api.pid" + wsgi_overrides: "{{ manila_api_uwsgi_ini_overrides }}" + wsgi_app: True + wsgi_name: manila-wsgi + uwsgi_port: "{{ manila_service_port }}" + uwsgi_bind_address: "{{ manila_uwsgi_bind_address }}" + + #condition: "{{ manila_service_data_program_enabled | bool }}" +# Manila uWSGI settings +manila_wsgi_processes_max: 16 +manila_wsgi_processes: "{{ [[ansible_processor_vcpus|default(1), 1] | max * 2, manila_wsgi_processes_max] | min }}" +manila_wsgi_threads: 1 +manila_wsgi_buffer_size: 65535 + +# This variable is used by the repo_build process to determine +# which host group to check for members of before building the +# pip packages required by this role. The value is picked up +# by the py_pkgs lookup. +manila_role_project_group: manila_all + +manila_default_share_type: nfs +manila_share_name_template: share-%s + +## Tunable overrides +manila_policy_overrides: {} +manila_rootwrap_conf_overrides: {} +manila_api_paste_ini_overrides: {} +manila_manila_conf_overrides: {} +manila_api_uwsgi_ini_overrides: {} + +## Set default manila path in service units. The default override sets the +## execution path for the manila service. +manila_environment_overrides: + Service: + Environment: "PATH={{ manila_bin }}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + +_UUID_regex: "[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}" diff --git a/doc/source/configure-manila.rst b/doc/source/configure-manila.rst new file mode 100644 index 0000000..e5cbb91 --- /dev/null +++ b/doc/source/configure-manila.rst @@ -0,0 +1,103 @@ +============================================================== +Configuring the Shared File System (manila) service (optional) +============================================================== + +By default the Shared File System (manila) service does not deploy any +backend. This role expects you to define the backend you intend on using. +The following sections describe example configurations for various +manila backends. + +Default share type +~~~~~~~~~~~~~~~~~~ + +It is required to define one of the ``manila_backends`` as the default +share type. + +.. code:: + + manila_default_share_type: SHARE_TYPE_NAME + +Replce ``SHARE_TYPE_NAME`` with the name of the default backend. + +LVM backend +~~~~~~~~~~~ + +The LVM backend allows provisioning of logical volumes and configuriung a +local NFS server to serve those volumes as shares. + +.. note:: + + Using the LVM backend results in a Single Point of Failure + +#. For each storage node, add one ``manila_backends`` block underneath + the ``container_vars`` section. ``container_vars`` are used to allow + container/host individualized configuration. Each manila back end is + defined with a unique key. For example, ``nfs-share1``. + This later represents a unique manila backend and share type. + + .. code-block:: yaml + + container_vars: + manila_enabled_share_protocols: NFS + manila_backends: + nfs-share1: + +#. Configure the appropriate share protocols. For the LVM backend you + will need a minimu of ``NFS``. + + .. code-block:: yaml + + container_vars: + manila_enabled_share_protocols: NFS + +#. Configure the appropriate manila share backend name: + + .. code-block:: yaml + + share_backend_name: NFS_SHARE1 + +#. Configure the appropriate manila LVM driver: + + .. code-block:: yaml + + share_driver: manila.share.drivers.lvm.LVMShareDriver + lvm_share_volume_group: LVM_VOLUME_GROUP + + Replace ``LVM_VOLUME_GROUP`` with the name of the LVM + volume group manila should use to provision shares. + +#. Configure whether this backend manages share servers. The only + current supported option for this role is ``False`` as + deploying a manila backend that manages share servers has not been + tested yet. + + .. code-block:: yaml + + driver_handles_share_servers: False + +#. Configure the IP address or hostname of the share server. + + .. code-block:: yaml + + lvm_share_export_ip: "IP_ADDRESS" + + Replace ``IP_ADDRESS`` with the IP address or hostname where the + nfs shares will be exported from. + +The following is a full configuration example of a manila LVM backend +named NFS_SHARE1. The manila playbooks will automatically add a custom +``share-type`` and ``nfs-share1`` as in this example: + + .. code-block:: yaml + + container_vars: + manila_default_share_type: nfs-share1 + manila_enabled_share_protocols: NFS + manila_backends: + limit_container_types: manila_share + nfs-share1: + share_backend_name: NFS_SHARE1 + share_driver: manila.share.drivers.lvm.LVMShareDriver + driver_handles_share_servers: False + lvm_share_volume_group: manila-shares + lvm_share_export_ip: "172.29.236.100" diff --git a/doc/source/index.rst b/doc/source/index.rst index 4b6c926..cf39dea 100644 --- a/doc/source/index.rst +++ b/doc/source/index.rst @@ -1,10 +1,23 @@ -============================= -OpenStack-Ansible manila role -============================= +================================= +Manila role for OpenStack-Ansible +================================= + +This Ansible role installs and configures OpenStack manila. + +The following manila services are managed by the role: + * manila-api + * manila-scheduler + * manila-share + * manila-data (untested) .. toctree:: :maxdepth: 2 + configure-manila.rst + +To clone of view the source code for this repository, visit the role repository +for `os_manila `_. + Default variables ~~~~~~~~~~~~~~~~~ @@ -15,9 +28,33 @@ Default variables Dependencies ~~~~~~~~~~~~ +This role needs pip >= 7.1 installed on the target host. + Example playbook ~~~~~~~~~~~~~~~~ .. literalinclude:: ../../examples/playbook.yml :language: yaml +External Restart Hooks +~~~~~~~~~~~~~~~~~~~~~~ + +When the role performs a restart of the service, it will notify an Ansible +handler named ``Manage LB``, which is a noop within this role. In the +playbook, other roles may be loaded before and after this role which will +implement Ansible handler listeners for ``Manage LB``, allowing external roles +to manage the load balancer endpoints responsible for sending traffic to the +servers being restarted by marking them in maintenance or active mode, +draining sessions, etc. For an example implementation, please reference the +`ansible-haproxy-endpoints role `_ +used by the openstack-ansible project. + +Tags +~~~~ + +This role supports two tags: ``manila-install`` and ``manila-config`` + +The ``manila-install`` tag can be used to install and upgrade. + +The ``manila-config`` tag can be used to maintain configuration of the +service. diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..549d7f2 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,68 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Stop services + service: + name: "{{ item.service_name }}" + enabled: yes + state: stopped + daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}" + with_items: "{{ filtered_manila_services }}" + register: _stop + until: _stop is success + retries: 5 + delay: 2 + listen: + - "Restart manila services" + - "venv changed" + +# Note (odyssey4me): +# The policy.json file is currently read continually by the services +# and is not only read on service start. We therefore cannot template +# directly to the file read by the service because the new policies +# may not be valid until the service restarts. This is particularly +# important during a major upgrade. We therefore only put the policy +# file in place after the service has been stopped. +# +- name: Copy new policy file into place + copy: + src: "/etc/manila/policy.json-{{ manila_venv_tag }}" + dest: "/etc/manila/policy.json" + owner: "root" + group: "{{ manila_system_group_name }}" + mode: "0640" + remote_src: yes + listen: + - "Restart manila services" + - "venv changed" + +- name: Start services + service: + name: "{{ item.service_name }}" + enabled: yes + state: "started" + daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}" + with_items: "{{ filtered_manila_services }}" + register: _start + until: _start is success + retries: 5 + delay: 2 + listen: + - "Restart manila services" + - "venv changed" + +- meta: noop + listen: Manage LB + when: false diff --git a/run_tests.sh b/run_tests.sh new file mode 100755 index 0000000..cbffb04 --- /dev/null +++ b/run_tests.sh @@ -0,0 +1,94 @@ +#!/usr/bin/env bash +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# PURPOSE: +# This script clones the openstack-ansible-tests repository to the +# tests/common folder in order to be able to re-use test components +# for role testing. This is intended to be the thinnest possible +# shim for test execution outside of OpenStack CI. + +# WARNING: +# This file is maintained in the openstack-ansible-tests repository. +# https://git.openstack.org/cgit/openstack/openstack-ansible-tests/tree/run_tests.sh +# If you need to modify this file, update the one in the openstack-ansible-tests +# repository and then update this file as well. The purpose of this file is to +# prepare the host and then execute all the tox tests. +# + +## Shell Opts ---------------------------------------------------------------- +set -xeu + +## Vars ---------------------------------------------------------------------- + +WORKING_DIR="$(readlink -f $(dirname $0))" +OSA_PROJECT_NAME="$(sed -n 's|^project=openstack/\(.*\).git$|\1|p' $(pwd)/.gitreview)" + +COMMON_TESTS_PATH="${WORKING_DIR}/tests/common" +TESTING_HOME=${TESTING_HOME:-$HOME} +ZUUL_TESTS_CLONE_LOCATION="/home/zuul/src/git.openstack.org/openstack/openstack-ansible-tests" + +# Use .gitreview as the key to determine the appropriate +# branch to clone for tests. +TESTING_BRANCH=$(awk -F'=' '/defaultbranch/ {print $2}' "${WORKING_DIR}/.gitreview") +if [[ "${TESTING_BRANCH}" == "" ]]; then + TESTING_BRANCH="master" +fi + +## Main ---------------------------------------------------------------------- + +# Source distribution information +source /etc/os-release || source /usr/lib/os-release + +# Prefer dnf over yum for CentOS. +which dnf &>/dev/null && RHT_PKG_MGR='dnf' || RHT_PKG_MGR='yum' + +# Figure out the appropriate package install command +case ${ID,,} in + *suse*) pkg_mgr_cmd="zypper -n in" ;; + centos|rhel|fedora) pkg_mgr_cmd="${RHT_PKG_MGR} install -y" ;; + ubuntu|debian) pkg_mgr_cmd="apt-get install -y" ;; + gentoo) pkg_mgr_cmd="emerge" ;; + *) echo "unsupported distribution: ${ID,,}"; exit 1 ;; +esac + +# Install git so that we can clone the tests repo if git is not available +which git &>/dev/null || eval sudo "${pkg_mgr_cmd}" git + +# Clone the tests repo for access to the common test script +if [[ ! -d "${COMMON_TESTS_PATH}" ]]; then + # The tests repo doesn't need a clone, we can just + # symlink it. + if [[ "${OSA_PROJECT_NAME}" == "openstack-ansible-tests" ]]; then + ln -s "${WORKING_DIR}" "${COMMON_TESTS_PATH}" + + # In zuul v3 any dependent repository is placed into + # /home/zuul/src/git.openstack.org, so we check to see + # if there is a tests checkout there already. If so, we + # symlink that and use it. + elif [[ -d "${ZUUL_TESTS_CLONE_LOCATION}" ]]; then + ln -s "${ZUUL_TESTS_CLONE_LOCATION}" "${COMMON_TESTS_PATH}" + + # Otherwise we're clearly not in zuul or using a previously setup + # repo in some way, so just clone it from upstream. + else + git clone -b "${TESTING_BRANCH}" \ + https://git.openstack.org/openstack/openstack-ansible-tests \ + "${COMMON_TESTS_PATH}" + fi +fi + +# Execute the common test script +source tests/common/run_tests_common.sh + diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..ec9fbcf --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,138 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Gather variables for each operating system + include_vars: "{{ item }}" + with_first_found: + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml" + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml" + - "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml" + - "{{ ansible_distribution | lower }}.yml" + - "{{ ansible_os_family | lower }}-{{ ansible_distribution_version.split('.')[0] }}.yml" + - "{{ ansible_os_family | lower }}.yml" + tags: + - always + +- name: Fail if service was deployed using a different installation method + fail: + msg: "Switching installation methods for OpenStack services is not supported" + when: + - ansible_local is defined + - ansible_local.openstack_ansible is defined + - ansible_local.openstack_ansible.manila is defined + - ansible_local.openstack_ansible.manila.install_method is defined + - ansible_local.openstack_ansible.manila.install_method != manila_install_method + +- name: Gather variables for installation method + include_vars: "{{ manila_install_method }}_install.yml" + tags: + - always + +- include: manila_lvm_config.yml + when: + - "manila_services['manila-share']['group'] in group_names" + - "manila_backend_lvm_inuse | bool" + tags: + - manila-config + +- include: manila_pre_install.yml + tags: + - manila-install + +- include: manila_install.yml + tags: + - manila-install + +- name: refresh local facts + setup: + filter: ansible_local + gather_subset: "!all" + tags: + - manila-config + +- include: manila_cleanup_old_facts.yml + when: + - "'need_db_sync' in ansible_local['openstack_ansible']['manila']" + tags: + - manila-config + +- include: manila_post_install.yml + tags: + - manila-config + +- import_tasks: mq_setup.yml + when: + - "manila_services['manila-api']['group'] in group_names" + - "inventory_hostname == ((groups[manila_services['manila-api']['group']]| intersect(ansible_play_hosts)) | list)[0]" + vars: + _oslomsg_rpc_setup_host: "{{ manila_oslomsg_rpc_setup_host }}" + _oslomsg_rpc_userid: "{{ manila_oslomsg_rpc_userid }}" + _oslomsg_rpc_password: "{{ manila_oslomsg_rpc_password }}" + _oslomsg_rpc_vhost: "{{ manila_oslomsg_rpc_vhost }}" + _oslomsg_rpc_transport: "{{ manila_oslomsg_rpc_transport }}" + _oslomsg_notify_setup_host: "{{ manila_oslomsg_notify_setup_host }}" + _oslomsg_notify_userid: "{{ manila_oslomsg_notify_userid }}" + _oslomsg_notify_password: "{{ manila_oslomsg_notify_password }}" + _oslomsg_notify_vhost: "{{ manila_oslomsg_notify_vhost }}" + _oslomsg_notify_transport: "{{ manila_oslomsg_notify_transport }}" + tags: + - common-mq + - manila-config + +- include: manila_db_setup.yml + static: no + when: + - "groups['manila_api'] | length > 0" + - "manila_services['manila-api']['group'] in group_names" + - "inventory_hostname == ((groups['manila_api'] | intersect(ansible_play_hosts)) | list)[0]" + tags: + - manila-config + +- include: manila_uwsgi.yml + tags: + - manila-config + +- include: manila_service_setup.yml + static: no + when: + - "groups['manila_api'] | length > 0" + - "manila_services['manila-api']['group'] in group_names" + - "inventory_hostname == ((groups['manila_api'] | intersect(ansible_play_hosts)) | list)[0]" + tags: + - manila-config + +- name: Include ceph_client role + include_role: + name: ceph_client + vars: + openstack_service_system_user: "{{ manila_system_user_name }}" + openstack_service_venv_bin: "{{ (manila_install_method == 'source') | ternary(manila_bin,'/usr/local/bin') }}" + when: + - "manila_services['manila-share']['group'] in group_names" + - "manila_backend_rbd_inuse | bool" + tags: + - ceph + +- name: Flush handlers + meta: flush_handlers + +- include: manila_backends.yml + static: no + when: + - "groups[manila_services['manila-share']['group']] | length > 0" + - "manila_services['manila-api']['group'] in group_names" + - "inventory_hostname == ((groups[manila_services['manila-api']['group']] | intersect(ansible_play_hosts)) | list)[-1]" + tags: + - manila-config diff --git a/tasks/manila_backend_cephfs.yml b/tasks/manila_backend_cephfs.yml new file mode 100644 index 0000000..af28784 --- /dev/null +++ b/tasks/manila_backend_cephfs.yml @@ -0,0 +1,45 @@ +--- +# Copyright 2018, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Set _cephfs_mount_dir fact + set_fact: + _cephfs_mount_dir: /mnt/cephfs-ansible-mount + _cephfs_auth_id: "{{ item.value.cephfs_auth_id|default('manila') }}" + +- name: Create temporary mount dir + file: + name: "{{ _cephfs_mount_dir }}" + state: directory + +- name: Mount CephFS + command: | + ceph-fuse --id "{{ _cephfs_auth_id }}" "{{ _cephfs_mount_dir }}" + changed_when: false + +- name: Ensure CephFS volumes dir permissions + file: + name: "{{ _cephfs_mount_dir }}/volumes" + state: directory + owner: "{{ manila_system_user_name }}" + +- name: Unmount CephFS + mount: + path: "{{ _cephfs_mount_dir }}" + state: unmounted + +- name: Remove temporary mount dir + file: + name: "{{ _cephfs_mount_dir }}" + state: absent diff --git a/tasks/manila_backends.yml b/tasks/manila_backends.yml new file mode 100644 index 0000000..2681642 --- /dev/null +++ b/tasks/manila_backends.yml @@ -0,0 +1,58 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Ensure manila api is available + uri: + url: "{{ manila_service_internaluri }}" + status_code: 200,300 + validate_certs: "{{ manila_service_internaluri_insecure | bool }}" + register: api_status + until: api_status is success + retries: 10 + delay: 10 + +# TODO(odyssey4me): +# Once these tasks can be replaced by using Ansible modules instead, +# we should do that and use the delegation to the service setup host +# so that we can remove the openrc file from the target host. +- name: Implement openrc/clouds.yaml + include_role: + name: "openstack_openrc" + +- name: Create singular manila_backends variable for all hosts + set_fact: + _manila_backends: "{{ (_manila_backends | default(manila_backends | default({}))) | combine(hostvars[item]['manila_backends'] | default({})) }}" + with_items: "{{ groups[manila_services['manila-share']['group']] }}" + +- name: Add in manila devices types + shell: | + . {{ ansible_env.HOME }}/openrc + CLI_OPTIONS="--endpoint-type internalURL {{ ((keystone_service_adminuri_insecure | bool) or (manila_service_internaluri_insecure | bool)) | ternary('--insecure','') }}" + if ! {{ manila_bin }}/manila ${CLI_OPTIONS} type-list | grep -q "{{ item.key }}"; then + {{ manila_bin }}/manila ${CLI_OPTIONS} type-create "{{ item.key }}" "{{ item.value.driver_handles_share_servers }}" + fi + args: + executable: /bin/bash + with_dict: "{{ _manila_backends|default({}) }}" + changed_when: false + +- include: manila_backend_cephfs.yml + static: no + when: + - (item|default("")|to_json).find("manila.share.drivers.cephfs") != -1 + - "manila_services['manila-share']['group'] in group_names" + with_dict: "{{ _manila_backends|default({}) }}" + tags: + - manila-config diff --git a/tasks/manila_cleanup_old_facts.yml b/tasks/manila_cleanup_old_facts.yml new file mode 100644 index 0000000..6cfc6ab --- /dev/null +++ b/tasks/manila_cleanup_old_facts.yml @@ -0,0 +1,29 @@ +--- +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# TODO(odyssey4me): +# This file and the task calling it may be removed in Queens. + +- name: Remove the old db_sync fact + ini_file: + dest: "/etc/ansible/facts.d/openstack_ansible.fact" + section: manila + option: "need_db_sync" + state: absent + +- name: refresh local facts + setup: + filter: ansible_local + gather_subset: "!all" diff --git a/tasks/manila_db_setup.yml b/tasks/manila_db_setup.yml new file mode 100644 index 0000000..bb27e6c --- /dev/null +++ b/tasks/manila_db_setup.yml @@ -0,0 +1,66 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create DB for service + mysql_db: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ manila_galera_address }}" + name: "{{ manila_galera_database }}" + state: "present" + delegate_to: "{{ manila_db_setup_host }}" + no_log: True + +- name: Grant access to the DB for the service + mysql_user: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ manila_galera_address }}" + name: "{{ manila_galera_user }}" + password: "{{ manila_container_mysql_password }}" + host: "{{ item }}" + state: "present" + priv: "{{ manila_galera_database }}.*:ALL" + delegate_to: "{{ manila_db_setup_host }}" + with_items: + - "localhost" + - "%" + no_log: True + +- name: Perform a manila DB sync + command: "{{ manila_bin }}/manila-manage db sync" + become: yes + become_user: "{{ manila_system_user_name }}" + changed_when: false + +- name: Perform online data migrations + command: "{{ manila_bin }}/manila-manage db online_data_migrations" + become: yes + become_user: "{{ manila_system_user_name }}" + when: + - "(manila_all_software_updated | default('no')) | bool" + - "ansible_local['openstack_ansible']['manila']['need_online_data_migrations'] | bool" + changed_when: false + register: data_migrations + +- name: Disable the online migrations requirement + ini_file: + dest: "/etc/ansible/facts.d/openstack_ansible.fact" + section: manila + option: need_online_data_migrations + value: False + when: + - not data_migrations | skipped + - data_migrations is succeeded diff --git a/tasks/manila_install.yml b/tasks/manila_install.yml new file mode 100644 index 0000000..ce1bac2 --- /dev/null +++ b/tasks/manila_install.yml @@ -0,0 +1,83 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Record the installation method + ini_file: + dest: "/etc/ansible/facts.d/openstack_ansible.fact" + section: "manila" + option: "install_method" + value: "{{ manila_install_method }}" + +- name: Refresh local facts to ensure the manila section is present + setup: + filter: ansible_local + gather_subset: "!all" + +- name: Install distro packages + package: + name: "{{ manila_package_list }}" + state: "{{ manila_package_state }}" + update_cache: "{{ (ansible_pkg_mgr in ['apt', 'zypper']) | ternary('yes', omit) }}" + cache_valid_time: "{{ (ansible_pkg_mgr == 'apt') | ternary(cache_timeout, omit) }}" + register: install_packages + until: install_packages is success + retries: 5 + delay: 2 + +- name: Install manila packages from PIP + include_tasks: manila_install_source.yml + when: manila_install_method == 'source' + +- name: Run the systemd service role + include_role: + name: systemd_service + private: true + vars: + systemd_user_name: "{{ manila_system_user_name }}" + systemd_group_name: "{{ manila_system_group_name }}" + systemd_tempd_prefix: openstack + systemd_slice_name: manila + systemd_lock_path: /var/lock/manila + systemd_CPUAccounting: true + systemd_BlockIOAccounting: true + systemd_MemoryAccounting: true + systemd_TasksAccounting: true + systemd_services: + - service_name: "{{ service_var.service_name }}" + enabled: yes + state: started + execstarts: "{{ service_var.execstarts }}" + execreloads: "{{ service_var.execreloads | default([]) }}" + config_overrides: "{{ manila_environment_overrides | combine(service_var.init_config_overrides) }}" + with_items: "{{ filtered_manila_services }}" + loop_control: + loop_var: service_var + tags: + - manila-config + - systemd-service + +- name: Set the upgrade facts + ini_file: + dest: "/etc/ansible/facts.d/openstack_ansible.fact" + section: manila + option: "{{ item }}" + value: true + with_items: + - "need_online_data_migrations" + - "need_service_restart" + when: + (install_packages | changed) or + ('need_online_data_migrations' not in ansible_local['openstack_ansible']['manila']) or + ('need_service_restart' not in ansible_local['openstack_ansible']['manila']) diff --git a/tasks/manila_install_source.yml b/tasks/manila_install_source.yml new file mode 100644 index 0000000..99d6738 --- /dev/null +++ b/tasks/manila_install_source.yml @@ -0,0 +1,71 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# TODO(odyssey4me): +# This can be simplified once all the roles are using +# python_venv_build. We can then switch to using a +# set of constraints in pip.conf inside the venv, +# perhaps prepared by giving a giving a list of +# constraints to the role. +- name: Create developer mode constraint file + copy: + dest: "/opt/developer-pip-constraints.txt" + content: | + {% for item in manila_developer_constraints %} + {{ item }} + {% endfor %} + when: manila_developer_mode | bool + +- name: Ensure remote wheel building is disabled in developer mode + set_fact: + venv_build_host: "{{ ansible_hostname }}" + when: + - manila_developer_mode | bool + +- name: Install the python venv + include_role: + name: "python_venv_build" + private: yes + vars: + venv_build_distro_package_list: "{{ manila_devel_distro_packages }}" + venv_install_destination_path: "{{ manila_bin | dirname }}" + venv_install_distro_package_list: "{{ manila_distro_packages }}" + venv_pip_install_args: "{{ manila_pip_install_args }}" + venv_pip_packages: >- + {{ manila_pip_packages + + (manila_oslomsg_amqp1_enabled | bool) | ternary(manila_optional_oslomsg_amqp1_pip_packages, []) }} + venv_facts_when_changed: + - section: "manila" + option: "need_service_restart" + value: True + - section: "manila" + option: "need_online_data_migrations" + value: True + - section: "manila" + option: "venv_tag" + value: "{{ manila_venv_tag }}" + +- name: Copy manila rootwrap filters + command: >- + rsync --archive --itemize-changes --delete + /openstack/venvs/manila-{{ manila_venv_tag }}/etc/manila/rootwrap.d/ + /etc/manila/rootwrap.d/ + args: + warn: no + register: _copy_rootwraps + changed_when: _copy_rootwraps.stdout != '' + notify: + - Manage LB + - Restart manila services diff --git a/tasks/manila_lvm_config.yml b/tasks/manila_lvm_config.yml new file mode 100644 index 0000000..60de1ad --- /dev/null +++ b/tasks/manila_lvm_config.yml @@ -0,0 +1,36 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Discover lvm devices + shell: | + /sbin/pvdisplay | awk '/PV\ Name/ {print $3}' | sed 's/\/dev\///g' + register: lvm_devices + changed_when: lvm_devices.rc != 0 + failed_when: false + +- name: Ensure "/etc/lvm" directory + file: + state: "directory" + path: "/etc/lvm" + when: lvm_devices.rc == 0 + +- name: Drop lvm Config + template: + src: "lvm.conf.j2" + dest: "/etc/lvm/lvm.conf" + owner: "root" + group: "root" + backup: "yes" + when: lvm_devices.rc == 0 diff --git a/tasks/manila_post_install.yml b/tasks/manila_post_install.yml new file mode 100644 index 0000000..4d78814 --- /dev/null +++ b/tasks/manila_post_install.yml @@ -0,0 +1,52 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Copy manila configs + config_template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "root" + group: "{{ item.group|default(manila_system_group_name) }}" + mode: "0640" + config_overrides: "{{ item.config_overrides }}" + config_type: "{{ item.config_type }}" + with_items: + - src: "manila.conf.j2" + dest: "/etc/manila/manila.conf" + config_overrides: "{{ manila_manila_conf_overrides }}" + config_type: "ini" + - src: "api-paste.ini.j2" + dest: "/etc/manila/api-paste.ini" + config_overrides: "{{ manila_api_paste_ini_overrides }}" + config_type: "ini" + - src: "rootwrap.conf.j2" + dest: "/etc/manila/rootwrap.conf" + config_overrides: "{{ manila_rootwrap_conf_overrides }}" + config_type: "ini" + - src: "policy.json.j2" + dest: "/etc/manila/policy.json-{{ manila_venv_tag }}" + config_overrides: "{{ manila_policy_overrides }}" + config_type: "json" + notify: + - Manage LB + - Restart manila services + +- name: Drop sudoers file + template: + src: "sudoers.j2" + dest: "/etc/sudoers.d/{{ manila_system_user_name }}_sudoers" + mode: "0440" + owner: "root" + group: "root" diff --git a/tasks/manila_pre_install.yml b/tasks/manila_pre_install.yml new file mode 100644 index 0000000..099fbf2 --- /dev/null +++ b/tasks/manila_pre_install.yml @@ -0,0 +1,47 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: create the system group + group: + name: "{{ manila_system_group_name }}" + gid: "{{ manila_system_group_gid|default(omit) }}" + state: "present" + system: "yes" + +- name: Create the manila system user + user: + name: "{{ manila_system_user_name }}" + uid: "{{ manila_system_user_uid|default(omit) }}" + group: "{{ manila_system_group_name }}" + comment: "{{ manila_system_comment }}" + shell: "{{ manila_system_shell }}" + system: "yes" + createhome: "yes" + home: "{{ manila_system_home_folder }}" + +- name: Create manila dir + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner|default(manila_system_user_name) }}" + group: "{{ item.group|default(manila_system_group_name) }}" + mode: "{{ item.mode|default('0755') }}" + with_items: + - { path: "/openstack", mode: "0755", owner: "root", group: "root" } + - { path: "/var/cache/manila", mode: "0700" } + - { path: "/etc/manila", mode: "0750" } + - { path: "/etc/manila/rootwrap.d", owner: "root", group: "root", mode: "0750" } + - { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" } + - { path: "{{ manila_system_home_folder }}" } diff --git a/tasks/manila_service_setup.yml b/tasks/manila_service_setup.yml new file mode 100644 index 0000000..e828f4f --- /dev/null +++ b/tasks/manila_service_setup.yml @@ -0,0 +1,120 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# We set the python interpreter to the ansible runtime venv if +# the delegation is to localhost so that we get access to the +# appropriate python libraries in that venv. If the delegation +# is to another host, we assume that it is accessible by the +# system python instead. +- name: Setup the service + delegate_to: "{{ manila_service_setup_host }}" + vars: + ansible_python_interpreter: >- + {{ (manila_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable']) }} + block: + - name: Add services to the keystone service catalog + os_keystone_service: + cloud: default + state: "{{ item.state }}" + name: "{{ item.name }}" + service_type: "{{ item.service_type }}" + description: "{{ item.description }}" + endpoint_type: admin + verify: "{{ not keystone_service_adminuri_insecure }}" + register: add_service + until: add_service is success + retries: 5 + delay: 10 + with_items: + - name: "{{ manila_service_name }}" + service_type: "{{ manila_service_type }}" + description: "{{ manila_service_description }}" + state: present + - name: "{{ manila_service_v2_name }}" + service_type: "{{ manila_service_v2_type }}" + description: "{{ manila_service_v2_description }}" + state: "{{ (manila_enable_v2_api | bool) | ternary('present', 'absent') }}" + + - name: Add service user + os_user: + cloud: default + state: present + name: "{{ manila_service_user_name }}" + password: "{{ manila_service_password }}" + domain: default + default_project: "{{ manila_service_project_name }}" + endpoint_type: admin + verify: "{{ not keystone_service_adminuri_insecure }}" + register: add_service + when: not manila_service_in_ldap | bool + until: add_service is success + retries: 5 + delay: 10 + no_log: True + + - name: Add service user to admin role + os_user_role: + cloud: default + state: present + user: "{{ manila_service_user_name }}" + role: "{{ manila_service_role_name }}" + project: "{{ manila_service_project_name }}" + endpoint_type: admin + verify: "{{ not keystone_service_adminuri_insecure }}" + register: add_service + when: not manila_service_in_ldap | bool + until: add_service is success + retries: 5 + delay: 10 + + - name: Add endpoints to keystone endpoint catalog + os_keystone_endpoint: + cloud: default + state: "{{ item.state }}" + service: "{{ item.service }}" + endpoint_interface: "{{ item.interface }}" + url: "{{ item.url }}" + region: "{{ manila_service_region }}" + endpoint_type: admin + verify: "{{ not keystone_service_adminuri_insecure }}" + register: add_service + until: add_service is success + retries: 5 + delay: 10 + with_items: + - service: "{{ manila_service_name }}" + interface: "public" + url: "{{ manila_service_publicurl }}" + state: present + - service: "{{ manila_service_name }}" + interface: "internal" + url: "{{ manila_service_internalurl }}" + state: present + - service: "{{ manila_service_name }}" + interface: "admin" + url: "{{ manila_service_adminurl }}" + state: present + - service: "{{ manila_service_v2_name }}" + interface: "public" + url: "{{ manila_service_v2_publicurl }}" + state: "{{ (manila_enable_v2_api | bool) | ternary('present', 'absent') }}" + - service: "{{ manila_service_v2_name }}" + interface: "internal" + url: "{{ manila_service_v2_internalurl }}" + state: "{{ (manila_enable_v2_api | bool) | ternary('present', 'absent') }}" + - service: "{{ manila_service_v2_name }}" + interface: "admin" + url: "{{ manila_service_v2_adminurl }}" + state: "{{ (manila_enable_v2_api | bool) | ternary('present', 'absent') }}" diff --git a/tasks/manila_uwsgi.yml b/tasks/manila_uwsgi.yml new file mode 100644 index 0000000..32cde77 --- /dev/null +++ b/tasks/manila_uwsgi.yml @@ -0,0 +1,33 @@ +--- +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Ensure uWSGI directory exists + file: + path: "/etc/uwsgi/" + state: directory + mode: "0711" + +- name: Apply uWSGI configuration + config_template: + src: "manila-uwsgi.ini.j2" + dest: "/etc/uwsgi/{{ item.service_name }}.ini" + mode: "0744" + config_overrides: "{{ item.wsgi_overrides }}" + config_type: ini + with_items: "{{ filtered_manila_services }}" + when: item.wsgi_app | default(False) + notify: + - Manage LB + - Restart manila services diff --git a/tasks/mq_setup.yml b/tasks/mq_setup.yml new file mode 100644 index 0000000..b5f4766 --- /dev/null +++ b/tasks/mq_setup.yml @@ -0,0 +1,83 @@ +--- +# Copyright 2018, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# WARNING: +# This file is maintained in the openstack-ansible-tests repository. +# https://git.openstack.org/cgit/openstack/openstack-ansible-tests/tree/sync/tasks/mq_setup.yml +# If you need to modify this file, update the one in the openstack-ansible-tests +# repository. Once it merges there, the changes will automatically be proposed to +# all the repositories which use it. + +- name: Setup RPC MQ Service (RabbitMQ) + delegate_to: "{{ _oslomsg_rpc_setup_host }}" + when: + - "(_oslomsg_configure_rpc | default(_oslomsg_rpc_transport is defined))" + - "(_oslomsg_rpc_transport is defined) and (_oslomsg_rpc_transport == 'rabbit')" + tags: + - common-rabbitmq + block: + - name: Add RPC RabbitMQ vhost + rabbitmq_vhost: + name: "{{ _oslomsg_rpc_vhost }}" + state: "present" + + - name: Add RPC RabbitMQ user + rabbitmq_user: + user: "{{ _oslomsg_rpc_userid }}" + password: "{{ _oslomsg_rpc_password }}" + vhost: "{{ _oslomsg_rpc_vhost }}" + configure_priv: ".*" + read_priv: ".*" + write_priv: ".*" + state: "present" + force: true + no_log: true + +- name: Setup Notify MQ Service (RabbitMQ) + delegate_to: "{{ _oslomsg_notify_setup_host }}" + when: + - "(_oslomsg_configure_notify | default(_oslomsg_notify_transport is defined))" + - "(_oslomsg_notify_transport is defined) and (_oslomsg_notify_transport == 'rabbit')" + tags: + - common-rabbitmq + block: + - name: Add Notify RabbitMQ vhost + rabbitmq_vhost: + name: "{{ _oslomsg_notify_vhost }}" + state: "present" + + - name: Add Notify RabbitMQ user + rabbitmq_user: + user: "{{ _oslomsg_notify_userid }}" + password: "{{ _oslomsg_notify_password }}" + vhost: "{{ _oslomsg_notify_vhost }}" + configure_priv: ".*" + read_priv: ".*" + write_priv: ".*" + state: "present" + force: true + no_log: true + +- name: Setup RPC MQ Service (Qdrouterd) + delegate_to: "{{ _oslomsg_rpc_setup_host }}" + when: + - "(_oslomsg_configure_rpc | default(_oslomsg_rpc_transport is defined))" + - "(_oslomsg_rpc_transport is defined) and (_oslomsg_rpc_transport == 'amqp')" + tags: + - common-qdrouterd + block: + - name: Add RPC Qdrouterd user + shell: "echo {{ _oslomsg_rpc_password }} | saslpasswd2 -c -p -f /var/lib/qdrouterd/qdrouterd.sasldb -u AMQP {{ _oslomsg_rpc_userid }}" + no_log: true diff --git a/templates/api-paste.ini.j2 b/templates/api-paste.ini.j2 new file mode 100644 index 0000000..42395c1 --- /dev/null +++ b/templates/api-paste.ini.j2 @@ -0,0 +1,59 @@ +############# +# OpenStack # +############# + +[composite:osapi_share] +use = call:manila.api:root_app_factory +/: apiversions +/v1: openstack_share_api +/v2: openstack_share_api_v2 + +[composite:openstack_share_api] +use = call:manila.api.middleware.auth:pipeline_factory +noauth = cors faultwrap http_proxy_to_wsgi sizelimit noauth api +keystone = cors faultwrap http_proxy_to_wsgi sizelimit authtoken keystonecontext api +keystone_nolimit = cors faultwrap http_proxy_to_wsgi sizelimit authtoken keystonecontext api + +[composite:openstack_share_api_v2] +use = call:manila.api.middleware.auth:pipeline_factory +noauth = cors faultwrap http_proxy_to_wsgi sizelimit noauth apiv2 +keystone = cors faultwrap http_proxy_to_wsgi sizelimit authtoken keystonecontext apiv2 +keystone_nolimit = cors faultwrap http_proxy_to_wsgi sizelimit authtoken keystonecontext apiv2 + +[filter:faultwrap] +paste.filter_factory = manila.api.middleware.fault:FaultWrapper.factory + +[filter:noauth] +paste.filter_factory = manila.api.middleware.auth:NoAuthMiddleware.factory + +[filter:sizelimit] +paste.filter_factory = oslo_middleware.sizelimit:RequestBodySizeLimiter.factory + +[filter:http_proxy_to_wsgi] +paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory + +[app:api] +paste.app_factory = manila.api.v1.router:APIRouter.factory + +[app:apiv2] +paste.app_factory = manila.api.v2.router:APIRouter.factory + +[pipeline:apiversions] +pipeline = cors faultwrap http_proxy_to_wsgi osshareversionapp + +[app:osshareversionapp] +paste.app_factory = manila.api.versions:VersionsRouter.factory + +########## +# Shared # +########## + +[filter:keystonecontext] +paste.filter_factory = manila.api.middleware.auth:ManilaKeystoneContext.factory + +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory + +[filter:cors] +paste.filter_factory = oslo_middleware.cors:filter_factory +oslo_config_project = manila diff --git a/templates/lvm.conf.j2 b/templates/lvm.conf.j2 new file mode 100644 index 0000000..14f7338 --- /dev/null +++ b/templates/lvm.conf.j2 @@ -0,0 +1,123 @@ +# {{ ansible_managed }} + +{% set used_lvm_devices = [] %} +{% set lv_devices = lvm_devices.stdout.split('\n') %} +{% if lv_devices|length > 0 %} + {% for net in lv_devices %} + {% if net != '' %} + {% set lv_device = '"a/' + net + '/"' %} + {% if used_lvm_devices.append(lv_device) %}{% endif %} + {% endif %} + {% endfor %} +{% endif %} + +# Ansible Discovered LVM Devices {{ lv_devices }} + +{% if used_lvm_devices|length <= 0 %} + {# If there are no LVM devices present, allow all devices to be scanned #} + {% if used_lvm_devices.append('"a/.*/"') %}{% endif %} +{% else %} + {# Append 'loop.*' to the list to help with AIO deployments. #} + {% if used_lvm_devices.append('"a/loop.*/"') %}{% endif %} + {# Disable scanning any other devices than the ones listed. #} + {% if used_lvm_devices.append('"r/.*/"') %}{% endif %} +{% endif %} + +devices { + dir = "/dev" + scan = [ "/dev" ] + obtain_device_list_from_udev = 1 + preferred_names = [ ] + filter = [ {{ used_lvm_devices|join(', ') }} ] + cache_dir = "/run/lvm" + cache_file_prefix = "" + write_cache_state = 1 + sysfs_scan = 1 + multipath_component_detection = 1 + md_component_detection = 1 + md_chunk_alignment = 1 + data_alignment_detection = 1 + data_alignment = 0 + data_alignment_offset_detection = 1 + ignore_suspended_devices = 0 + disable_after_error_count = 0 + require_restorefile_with_uuid = 1 + pv_min_size = 2048 + issue_discards = 1 +} +allocation { + maximise_cling = 1 + mirror_logs_require_separate_pvs = 0 + thin_pool_metadata_require_separate_pvs = 0 +} +log { + verbose = 0 + silent = 0 + syslog = 1 + overwrite = 0 + level = 0 + indent = 1 + command_names = 0 + prefix = " " +} +data { + data = 1 + data_dir = "/etc/lvm/data" + archive = 1 + archive_dir = "/etc/lvm/archive" + retain_min = 10 + retain_days = 30 +} +shell { + history_size = 100 +} +global { + umask = 077 + test = 0 + units = "h" + si_unit_consistency = 1 + activation = 1 + proc = "/proc" + locking_type = 1 + wait_for_locks = 1 + fallback_to_clustered_locking = 1 + fallback_to_local_locking = 1 + locking_dir = "/run/lock/lvm" + prioritise_write_locks = 1 + abort_on_internal_errors = 0 + detect_internal_vg_cache_corruption = 0 + metadata_read_only = 0 + mirror_segtype_default = "mirror" + use_lvmetad = 0 + thin_check_executable = "/usr/sbin/thin_check" + thin_check_options = [ "-q" ] +} +activation { + checks = 0 + udev_sync = 1 + udev_rules = 1 + verify_udev_operations = 0 + retry_deactivation = 1 + missing_stripe_filler = "error" + use_linear_target = 1 + reserved_stack = 64 + reserved_memory = 8192 + process_priority = -18 + mirror_region_size = 512 + readahead = "auto" + raid_fault_policy = "warn" + mirror_log_fault_policy = "allocate" + mirror_image_fault_policy = "remove" + snapshot_autoextend_threshold = 100 + snapshot_autoextend_percent = 20 + thin_pool_autoextend_threshold = 100 + thin_pool_autoextend_percent = 20 + use_mlockall = 0 + monitoring = 0 + polling_interval = 15 +} +dmeventd { + mirror_library = "libdevmapper-event-lvm2mirror.so" + snapshot_library = "libdevmapper-event-lvm2snapshot.so" + thin_library = "libdevmapper-event-lvm2thin.so" +} diff --git a/templates/manila-uwsgi.ini.j2 b/templates/manila-uwsgi.ini.j2 new file mode 100644 index 0000000..5923fab --- /dev/null +++ b/templates/manila-uwsgi.ini.j2 @@ -0,0 +1,25 @@ +[uwsgi] +uid = {{ manila_system_user_name }} +gid = {{ manila_system_group_name }} + +{% if manila_install_method == 'source' %} +virtualenv = /openstack/venvs/manila-{{ manila_venv_tag }} +{% endif %} +wsgi-file = {{ manila_bin }}/{{ item.wsgi_name }} +http = {{ item.uwsgi_bind_address }}:{{ item.uwsgi_port }} + +master = true +enable-threads = true +processes = {{ manila_wsgi_processes }} +threads = {{ manila_wsgi_threads }} +exit-on-reload = false +die-on-term = true +lazy-apps = true +add-header = Connection: close +buffer-size = {{ manila_wsgi_buffer_size }} +thunder-lock = true +logfile-chmod = 644 +pidfile = /var/run/{{ item.service_name }}/{{ item.service_name }}.pid + +# Avoid filling up the logs with health check requests from haproxy. +route-user-agent = ^osa-haproxy-healthcheck$ donotlog: diff --git a/templates/manila.conf.j2 b/templates/manila.conf.j2 new file mode 100644 index 0000000..0032490 --- /dev/null +++ b/templates/manila.conf.j2 @@ -0,0 +1,129 @@ +# {{ ansible_managed }} + +[DEFAULT] +use_journal = True +# Disable stderr logging +use_stderr = False +debug = {{ debug }} +fatal_deprecations = {{ manila_fatal_deprecations }} +my_ip = {{ manila_management_address }} + +default_share_type = {{ manila_default_share_type }} +share_name_template = {{ manila_share_name_template }} + +osapi_share_workers = {{ manila_osapi_share_workers }} + +rootwrap_config = /etc/manila/rootwrap.conf +api_paste_config = /etc/manila/api-paste.ini +auth_strategy = {{ manila_auth_strategy }} + +## RabbitMQ RPC +executor_thread_pool_size = {{ manila_rpc_executor_thread_pool_size }} +rpc_response_timeout = {{ manila_rpc_response_timeout }} + +transport_url = {{ manila_oslomsg_rpc_transport }}://{% for host in manila_oslomsg_rpc_servers.split(',') %}{{ manila_oslomsg_rpc_userid }}:{{ manila_oslomsg_rpc_password }}@{{ host }}:{{ manila_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ manila_oslomsg_rpc_vhost }}{% if manila_oslomsg_rpc_use_ssl | bool %}?ssl=1{% else %}?ssl=0{% endif %}{% endif %}{% endfor %} + +## Quota +quota_shares = {{ manila_quota_shares }} +quota_snapshots = {{ manila_quota_snapshots }} +quota_gigabytes = {{ manila_quota_gigabytes }} +quota_snapshot_gigabytes = {{ manila_quota_snapshot_gigabytes }} +quota_share_networks = {{ manila_quota_share_networks }} + +os_region_name = {{ manila_service_region }} + +storage_availability_zone = {{ manila_storage_availability_zone }} + +client_socket_timeout = {{ manila_client_socket_timeout }} + +{% if manila_enabled_share_protocols is defined %} +enabled_share_protocols={{ manila_enabled_share_protocols }} +{% endif %} + +{% if manila_backends is defined %} +enabled_share_backends={% for backend in manila_backends|dictsort %}{{ backend.0 }}{% if not loop.last %},{% endif %}{% endfor %} + +# All given backend(s) +{% for backend_section in manila_backends|dictsort %} +[{{ backend_section.0 }}] +{% for key, value in (backend_section.1 | dictsort) if key not in ['extra_share_types', 'shares'] %} +{{ key }}={{ value }} +{% endfor %} + +{% endfor %} +{% endif %} + +[database] +connection = mysql+pymysql://{{ manila_galera_user }}:{{ manila_container_mysql_password }}@{{ manila_galera_address }}/{{ manila_galera_database }}?charset=utf8{% if manila_galera_use_ssl | bool %}&ssl_ca={{ manila_galera_ssl_ca_cert }}{% endif %} + +[oslo_messaging_rabbit] +ssl = {{ manila_oslomsg_rpc_use_ssl }} + +[oslo_messaging_notifications] +driver = {% if manila_ceilometer_enabled %}messagingv2{% else %}noop{% endif %} +transport_url = {{ manila_oslomsg_notify_transport }}://{% for host in manila_oslomsg_notify_servers.split(',') %}{{ manila_oslomsg_notify_userid }}:{{ manila_oslomsg_notify_password }}@{{ host }}:{{ manila_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ manila_oslomsg_notify_vhost }}{% if manila_oslomsg_notify_use_ssl | bool %}?ssl=1{% else %}?ssl=0{% endif %}{% endif %}{% endfor %} + +[oslo_concurrency] +lock_path = {{ manila_lock_path }} + +[profiler] +enabled = {{ manila_profiler_enabled }} +trace_sqlalchemy = {{ manila_profiler_trace_sqlalchemy }} +hmac_keys = {{ manila_profiler_hmac_key }} + +[keystone_authtoken] +insecure = {{ keystone_service_internaluri_insecure | bool }} +auth_type = {{ manila_keystone_auth_plugin }} +auth_url = {{ keystone_service_adminurl }} +www_authenticate_uri = {{ keystone_service_internaluri }} +project_domain_id = {{ manila_service_project_domain_id }} +user_domain_id = {{ manila_service_user_domain_id }} +project_name = {{ manila_service_project_name }} +username = {{ manila_service_user_name }} +password = {{ manila_service_password }} +region_name = {{ keystone_service_region }} + +memcached_servers = {{ memcached_servers }} + +token_cache_time = 300 + +# if your memcached server is shared, use these settings to avoid cache poisoning +memcache_security_strategy = ENCRYPT +memcache_secret_key = {{ memcached_encryption_key }} + +[neutron] +url = http://{{ internal_lb_vip_address }}:9696 +www_authenticate_uri = {{ keystone_service_internaluri }} +auth_url = {{ keystone_service_adminurl }} +memcached_servers = {{ memcached_servers }} +auth_type = {{ manila_keystone_auth_plugin }} +project_domain_name = {{ neutron_service_domain_name | default("Default") }} +user_domain_name = {{ neutron_service_domain_name | default("Default") }} +region_name = {{ neutron_service_region }} +project_name = {{ neutron_service_project_name }} +username = {{ neutron_service_user_name }} +password = {{ neutron_service_password }} + +[nova] +www_authenticate_uri = {{ keystone_service_internaluri }} +auth_url = {{ keystone_service_adminurl }} +memcached_servers = {{ memcached_servers }} +auth_type = {{ manila_keystone_auth_plugin }} +project_domain_name = {{ nova_service_domain_name | default("Default") }} +user_domain_name = {{ nova_service_domain_name | default("Default") }} +region_name = {{ nova_service_region }} +project_name = {{ nova_service_project_name }} +username = {{ nova_service_user_name }} +password = {{ nova_service_password }} + +[cinder] +www_authenticate_uri = {{ keystone_service_internaluri }} +auth_url = {{ keystone_service_adminurl }} +memcached_servers = {{ memcached_servers }} +auth_type = {{ manila_keystone_auth_plugin }} +project_domain_name = {{ cinder_service_domain_name | default("Default") }} +user_domain_name = {{ cinder_service_domain_name | default("Default") }} +region_name = {{ cinder_service_region | default("RegionOne") }} +project_name = {{ cinder_service_project_name | default("service") }} +username = {{ cinder_service_user_name | default("cinder") }} +password = {{ cinder_service_password | default("secrete") }} diff --git a/templates/policy.json.j2 b/templates/policy.json.j2 new file mode 100644 index 0000000..0967ef4 --- /dev/null +++ b/templates/policy.json.j2 @@ -0,0 +1 @@ +{} diff --git a/templates/rootwrap.conf.j2 b/templates/rootwrap.conf.j2 new file mode 100644 index 0000000..fa67b19 --- /dev/null +++ b/templates/rootwrap.conf.j2 @@ -0,0 +1,27 @@ +# Configuration for manila-rootwrap +# This file should be owned by (and only-writeable by) the root user + +[DEFAULT] +# List of directories to load filter definitions from (separated by ','). +# These directories MUST all be only writeable by root ! +filters_path=/etc/manila/rootwrap.d,/usr/share/manila/rootwrap,/usr/share/manila-common/rootwrap.d + +# List of directories to search executables in, in case filters do not +# explicitly specify a full path (separated by ',') +# If not specified, defaults to system PATH environment variable. +# These directories MUST all be only writeable by root ! +exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/sbin,/usr/local/bin,/usr/lpp/mmfs/bin + +# Enable logging to syslog +# Default value is False +use_syslog=False + +# Which syslog facility to use. +# Valid values include auth, authpriv, syslog, user0, user1... +# Default value is 'syslog' +syslog_log_facility=syslog + +# Which messages to log. +# INFO means log all usage +# ERROR means only log unsuccessful attempts +syslog_log_level=ERROR diff --git a/templates/sudoers.j2 b/templates/sudoers.j2 new file mode 100644 index 0000000..fbca568 --- /dev/null +++ b/templates/sudoers.j2 @@ -0,0 +1,6 @@ +# {{ ansible_managed }} + +Defaults:{{ manila_system_user_name }} !requiretty +Defaults:{{ manila_system_user_name }} secure_path="{{ manila_bin }}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + +{{ manila_system_user_name }} ALL = (root) NOPASSWD: {{ manila_bin }}/{{ manila_service_name }}-rootwrap diff --git a/tests/ansible-role-requirements.yml b/tests/ansible-role-requirements.yml new file mode 100644 index 0000000..c2d28fa --- /dev/null +++ b/tests/ansible-role-requirements.yml @@ -0,0 +1,81 @@ +--- +- name: apt_package_pinning + src: https://git.openstack.org/openstack/openstack-ansible-apt_package_pinning + scm: git + version: master +- name: pip_install + src: https://git.openstack.org/openstack/openstack-ansible-pip_install + scm: git + version: master +- name: memcached_server + src: https://git.openstack.org/openstack/openstack-ansible-memcached_server + scm: git + version: master +- name: lxc_hosts + src: https://git.openstack.org/openstack/openstack-ansible-lxc_hosts + scm: git + version: master +- name: lxc_container_create + src: https://git.openstack.org/openstack/openstack-ansible-lxc_container_create + scm: git + version: master +- name: galera_client + src: https://git.openstack.org/openstack/openstack-ansible-galera_client + scm: git + version: master +- name: galera_server + src: https://git.openstack.org/openstack/openstack-ansible-galera_server + scm: git + version: master +- name: rabbitmq_server + src: https://git.openstack.org/openstack/openstack-ansible-rabbitmq_server + scm: git + version: master +- name: openstack_openrc + src: https://git.openstack.org/openstack/openstack-ansible-openstack_openrc + scm: git + version: master +- name: os_keystone + src: https://git.openstack.org/openstack/openstack-ansible-os_keystone + scm: git + version: master +- name: os_glance + src: https://git.openstack.org/openstack/openstack-ansible-os_glance + scm: git + version: master +- name: etcd # dependency of os_neutron role + scm: git + src: https://github.com/logan2211/ansible-etcd + version: master +- name: os_nova + src: https://git.openstack.org/openstack/openstack-ansible-os_nova + scm: git + version: master +- name: os_neutron + src: https://git.openstack.org/openstack/openstack-ansible-os_neutron + scm: git + version: master +- name: os_cinder + src: https://git.openstack.org/openstack/openstack-ansible-os_cinder + scm: git + version: master +- name: os_tempest + src: https://git.openstack.org/openstack/openstack-ansible-os_tempest + scm: git + version: master +- name: openstack_hosts + src: https://git.openstack.org/openstack/openstack-ansible-openstack_hosts + scm: git + version: master +- name: ceph_client + src: https://git.openstack.org/openstack/openstack-ansible-ceph_client + scm: git + version: master +- name: systemd_service + src: https://git.openstack.org/openstack/ansible-role-systemd_service + scm: git + version: master +- name: python_venv_build + src: https://git.openstack.org/openstack/ansible-role-python_venv_build + scm: git + version: master diff --git a/tests/cinder-initiator.yml b/tests/cinder-initiator.yml new file mode 100644 index 0000000..ee5d533 --- /dev/null +++ b/tests/cinder-initiator.yml @@ -0,0 +1,18 @@ +--- +- name: Set iSCSI InitiatorName + hosts: storage1 + remote_user: root + gather_facts: false + any_errors_fatal: true + tasks: + - name: Get iSCSI InitiatorName + command: /usr/sbin/iscsi-iname + register: initiator_name + tags: + - skip_ansible_lint + + - name: Write iSCSI InitiatorName + lineinfile: + path: /etc/iscsi/initiatorname.iscsi + regexp: '^InitiatorName=' + line: "InitiatorName={{ initiator_name.stdout }}" diff --git a/tests/group_vars/all_containers.yml b/tests/group_vars/all_containers.yml new file mode 100644 index 0000000..0a2006e --- /dev/null +++ b/tests/group_vars/all_containers.yml @@ -0,0 +1,36 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +container_networks: + management_address: + address: "{{ ansible_host }}" + bridge: "br-mgmt" + interface: "eth1" + netmask: "255.255.255.0" + type: "veth" + tunnel_address: + address: "{{ tunnel_address }}" + bridge: "br-vxlan" + interface: "eth2" + netmask: "255.255.255.0" + type: "veth" + vlan_address: + bridge: "br-vlan" + interface: "eth12" + netmask: null + type: "veth" +physical_host: localhost +properties: + service_name: "{{ inventory_hostname }}" diff --git a/tests/host_vars/infra1.yml b/tests/host_vars/infra1.yml new file mode 100644 index 0000000..5d13742 --- /dev/null +++ b/tests/host_vars/infra1.yml @@ -0,0 +1,20 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ansible_host: 10.1.1.101 +ansible_become: True +ansible_user: root +container_name: infra1 +tunnel_address: 10.1.2.101 diff --git a/tests/host_vars/localhost.yml b/tests/host_vars/localhost.yml new file mode 100644 index 0000000..f88d96b --- /dev/null +++ b/tests/host_vars/localhost.yml @@ -0,0 +1,23 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +bridges: + - name: "br-mgmt" + ip_addr: "10.1.1.1" + - name: "br-vxlan" + ip_addr: "10.1.2.1" + - name: "br-vlan" + ip_addr: "10.1.3.1" + veth_peer: "eth12" diff --git a/tests/host_vars/manila1.yml b/tests/host_vars/manila1.yml new file mode 100644 index 0000000..b0a493a --- /dev/null +++ b/tests/host_vars/manila1.yml @@ -0,0 +1,20 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ansible_host: 10.1.1.103 +ansible_become: True +ansible_user: root +container_name: manila1 +tunnel_address: 10.1.2.103 diff --git a/tests/host_vars/openstack1.yml b/tests/host_vars/openstack1.yml new file mode 100644 index 0000000..86dc31f --- /dev/null +++ b/tests/host_vars/openstack1.yml @@ -0,0 +1,25 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +neutron_provider_networks: + network_types: "vxlan,flat" + network_mappings: "flat:eth12" + network_vxlan_ranges: "1:1000" +ansible_host: 10.1.1.102 +ansible_become: True +ansible_user: root +container_name: openstack1 +tunnel_address: 10.1.2.102 +neutron_local_ip: 10.1.2.102 diff --git a/tests/host_vars/storage1.yml b/tests/host_vars/storage1.yml new file mode 100644 index 0000000..a831709 --- /dev/null +++ b/tests/host_vars/storage1.yml @@ -0,0 +1,28 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ansible_host: "10.1.1.1" +neutron_local_ip: 10.1.2.1 +neutron_provider_networks: + network_types: "vxlan,flat" + network_mappings: "flat:eth12" + network_vxlan_ranges: "1:1000" + +cinder_backends: + lvm: + volume_backend_name: LVM_iSCSI + volume_driver: cinder.volume.drivers.lvm.LVMVolumeDriver + volume_group: cinder-volumes + iscsi_ip_address: "{{ cinder_storage_address }}" diff --git a/tests/inventory b/tests/inventory new file mode 100644 index 0000000..ae4592d --- /dev/null +++ b/tests/inventory @@ -0,0 +1,151 @@ +[all] +localhost +infra1 +openstack1 +manila1 +storage1 + +[all_containers] +infra1 +openstack1 +manila1 + +[oslomsg_rpc_all] +infra1 + +[oslomsg_notify_all] +infra1 + +[rabbitmq_all] +infra1 + +[galera_all] +infra1 + +[memcached_all] +infra1 + +[service_all:children] +rabbitmq_all +galera_all +memcached_all + +[keystone_all] +openstack1 + +[glance_api] +openstack1 + +[glance_registry] +openstack1 + +[glance_all:children] +glance_api +glance_registry + +[neutron_agent] +openstack1 + +[neutron_dhcp_agent] +openstack1 + +[neutron_linuxbridge_agent] +storage1 +openstack1 + +[neutron_openvswitch_agent] + +[neutron_metering_agent] +openstack1 + +[neutron_l3_agent] +openstack1 + +[neutron_lbaas_agent] +openstack1 + +[neutron_metadata_agent] +openstack1 + +[neutron_server] +openstack1 + +[neutron_all:children] +neutron_agent +neutron_dhcp_agent +neutron_linuxbridge_agent +neutron_openvswitch_agent +neutron_metering_agent +neutron_l3_agent +neutron_lbaas_agent +neutron_metadata_agent +neutron_server + +[nova_api_metadata] +openstack1 + +[nova_api_os_compute] +openstack1 + +[nova_compute] +storage1 + +[nova_conductor] +openstack1 + +[nova_console] +openstack1 + +[nova_scheduler] +openstack1 + +[nova_api_placement] +openstack1 + +[nova_all:children] +nova_api_metadata +nova_api_os_compute +nova_compute +nova_conductor +nova_console +nova_scheduler +nova_api_placement + +[cinder_api] +infra1 + +[cinder_scheduler] +infra1 + +[cinder_backup] +infra1 + +[cinder_volume] +storage1 + +[cinder_all:children] +cinder_api +cinder_scheduler +cinder_backup +cinder_volume + +[utility_all] +infra1 + +[manila_api] +manila1 + +[manila_scheduler] +manila1 + +[manila_data] +manila1 + +[manila_share] +storage1 + +[manila_all:children] +manila_api +manila_scheduler +manila_data +manila_share diff --git a/tests/os_manila-overrides.yml b/tests/os_manila-overrides.yml new file mode 100644 index 0000000..e5af97d --- /dev/null +++ b/tests/os_manila-overrides.yml @@ -0,0 +1,133 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +tempest_run: yes +tempest_test_whitelist: + - smoke + - manila_tempest_tests.tests.scenario.test_share_basic_ops +tempest_test_blacklist: + - test: tempest.api.identity + reason: Reducing run time and required resources + - test: tempest.api.image + reason: Reducing run time and required resources + - test: tempest.api.compute + reason: Reducing run time and required resources + - test: tempest.api.network + reason: Reducing run time and required resources + - test: tempest.api.volume + reason: Reducing run time and required resources + - test: tempest.scenario.test_server_basic_ops + reason: Reducing run time and required resources + - test: tempest.scenario.test_network_basic_ops + reason: Reducing run time and required resources +tempest_service_available_manila: True +tempest_plugins: "{{ _tempest_plugins['keystone'] + _tempest_plugins['manila'] }}" + +tempest_tempest_conf_overrides: + share: + image_with_share_tools: manila-service-image + image_password: manila + enable_protocols: nfs + enable_ip_rules_for_protocols: nfs + enable_ro_access_level_for_protocols: nfs + suppress_errors_in_cleanup: true + share_creation_retry_number: 3 + run_ipv6_tests: False + +tempest_images: + - url: "http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img" + checksum: "sha256:e137062a4dfbb4c225971b67781bc52183d14517170e16a3841d16f962ae7470" + format: "qcow2" + name: "cirros" + - url: "http://tarballs.openstack.org/manila-image-elements/images/manila-service-image-master.qcow2" + format: "qcow2" + name: "manila-service-image" + +tempest_flavors: + - name: tempest1 + id: 201 + ram: 256 + disk: 1 + vcpus: 1 + - name: tempest2 + id: 202 + ram: 512 + disk: 1 + vcpus: 1 + - name: manila-service-flavor + id: 100 + ram: 256 + disk: 2 + vcpus: 1 + +neutron_provider_networks: + network_types: "vxlan,flat" + network_mappings: "flat:eth12" + network_vxlan_ranges: "1:1000" + +manila_default_share_type: nfs-share1 +manila_protocols: + - NFS + - CIFS + - CEPHFS + +manila_backends: + nfs-share1: + share_backend_name: NFS_SHARE1 + share_driver: manila.share.drivers.lvm.LVMShareDriver + driver_handles_share_servers: False + lvm_share_volume_group: manila-shares + lvm_share_export_ip: "10.1.1.1" + generic: + share_backend_name: GENERIC + share_driver: manila.share.drivers.generic.GenericShareDriver + driver_handles_share_servers: True + service_instance_flavor_id: 100 + service_image_name: manila-service-image + service_instance_user: manila + service_instance_password: manila + interface_driver: manila.network.linux.interface.BridgeInterfaceDriver + +test_manila_api_group: "{{ ((groups['manila_api'] is defined) and (groups['manila_api'] | length > 0)) | ternary('manila_api', 'all_containers') }}" +test_manila_share_group: "{{ ((groups['manila_share'] is defined) and (groups['manila_share'] | length > 0)) | ternary('manila_share', 'all_containers') }}" +test_manila_api_host: "{{ hostvars[groups[test_manila_api_group][0]]['ansible_host'] }}" +test_manila_share_host: "{{ hostvars[groups[test_manila_share_group][0]]['ansible_host'] }}" +manila_container_mysql_password: "SuperSecrete" +manila_developer_mode: true +manila_git_install_branch: "{{ test_branch }}" +manila_profiler_hmac_key: "secrete" +manila_oslomsg_rpc_password: "{{ oslomsg_rpc_password }}" +manila_oslomsg_notify_password: "{{ oslomsg_notify_password }}" +manila_service_password: "secrete" +manila_venv_tag: "testing" +manila_service_port: 8786 +manila_service_proto: http +manila_service_publicuri: "{{ manila_service_proto }}://{{ test_manila_api_host }}:{{ manila_service_port }}" +manila_service_publicurl: "{{ manila_service_publicuri }}/v1/%(tenant_id)s" +manila_service_adminuri: "{{ manila_service_proto }}://{{ test_manila_api_host }}:{{ manila_service_port }}" +manila_service_adminurl: "{{ manila_service_adminuri }}/v1/%(tenant_id)s" +manila_service_internaluri: "{{ manila_service_proto }}://{{ test_manila_api_host }}:{{ manila_service_port }}" +manila_service_internalurl: "{{ manila_service_internaluri }}/v1/%(tenant_id)s" +manila_service_v2_port: 8786 +manila_service_v2_proto: http +manila_service_v2_publicuri: "{{ manila_service_v2_proto }}://{{ tst_manila_api_host }}:{{ manila_service_v2_port }}" +manila_service_v2_publicurl: "{{ manila_service_publicuri }}/v2/%(tenant_id)s" +manila_service_v2_adminuri: "{{ manila_service_v2_proto }}://{{ test_manila_api_host }}:{{ manila_service_v2_port }}" +manila_service_v2_adminurl: "{{ manila_service_adminuri }}/v2/%(tenant_id)s" +manila_service_v2_internaluri: "{{ manila_service_v2_proto }}://{{ test_manila_api_host }}:{{ manila_service_v2_port }}" +manila_service_v2_internalurl: "{{ manila_service_internaluri }}/v2/%(tenant_id)s" +tempest_service_available_manila: "{{ ((groups['manila_all'] is defined) and (groups['manila_all'] | length > 0)) }}" +manila_osapi_share_workers: 2 +manila_wsgi_processes: 2 diff --git a/tests/test-install-manila.yml b/tests/test-install-manila.yml new file mode 100644 index 0000000..ad87338 --- /dev/null +++ b/tests/test-install-manila.yml @@ -0,0 +1,34 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Deploy manila API services + hosts: manila_api + remote_user: root + gather_facts: true + any_errors_fatal: true + vars_files: + - common/test-vars.yml + roles: + - role: "os_manila" + +- name: Deploy the rest of manila + hosts: "manila_all:!manila_api" + remote_user: root + gather_facts: true + any_errors_fatal: true + vars_files: + - common/test-vars.yml + roles: + - role: "os_manila" diff --git a/tests/test-setup-manila-localhost.yml b/tests/test-setup-manila-localhost.yml new file mode 100644 index 0000000..fda9539 --- /dev/null +++ b/tests/test-setup-manila-localhost.yml @@ -0,0 +1,56 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Prepare manila-shares share group + hosts: localhost + # This set of tasks runs against localhost + # and requires root access, but tests run as + # the user running the playbook (zuul). As + # such, we use a local connection and become. + connection: local + become: yes + tasks: + - name: Install lvm2 package + package: + name: lvm2 + + - name: Create sparse Manila file + command: "truncate -s {{ manila_sparse_file_size | default('10G') }} /openstack/{{ manila_sparse_file_name | default('manila') }}.img" + args: + creates: /openstack/manila.img + register: manila_create + + - name: Get a loopback device for manila file + command: losetup -f + when: manila_create is changed + register: manila_losetup + + - name: Create the loopback device + command: "losetup {{ manila_losetup.stdout }} /openstack/manila.img" + when: manila_create is changed + + - name: Make LVM physical share on the manila device + command: "{{ item }}" + when: manila_create is changed + with_items: + - "pvcreate {{ manila_losetup.stdout }}" + - "pvscan" + + - name: Add manila-shares share group + lvg: + vg: "{{ manila_lvm_vg_name | default('manila-shares') }}" + pvs: "{{ manila_losetup.stdout }}" + when: manila_create is changed + diff --git a/tests/test.yml b/tests/test.yml new file mode 100644 index 0000000..3226dd0 --- /dev/null +++ b/tests/test.yml @@ -0,0 +1,50 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Setup the host +- import_playbook: common/test-setup-host.yml + +# Prepare the manila-share VG +- import_playbook: test-setup-manila-localhost.yml + +# Prepare the manila-share VG +- import_playbook: common/test-setup-cinder-localhost.yml + +# Install RabbitMQ/MariaDB +- import_playbook: common/test-install-infra.yml + +# Install Keystone +- import_playbook: common/test-install-keystone.yml + +# Install Glance +- import_playbook: common/test-install-glance.yml + +# Install Neutron +- import_playbook: common/test-install-neutron.yml + +# Install Nova +- import_playbook: common/test-install-nova.yml + +# Install Cinder +- import_playbook: common/test-install-cinder.yml + +# Set iSCSI InitiatorName +- import_playbook: cinder-initiator.yml + +# Install Manila +- import_playbook: test-install-manila.yml + +# Install and execute Tempest +- import_playbook: common/test-install-tempest.yml diff --git a/tox.ini b/tox.ini index d676152..06680b4 100644 --- a/tox.ini +++ b/tox.ini @@ -11,14 +11,17 @@ install_command = commands = /usr/bin/find . -type f -name "*.pyc" -delete passenv = + COMMON_TESTS_PATH HOME - USER http_proxy HTTP_PROXY https_proxy HTTPS_PROXY no_proxy NO_PROXY + TESTING_BRANCH + TESTING_HOME + USER whitelist_externals = bash setenv = @@ -30,6 +33,7 @@ setenv = [testenv:docs] +basepython = python3 deps = -r{toxinidir}/doc/requirements.txt commands= bash -c "rm -rf doc/build" @@ -43,6 +47,7 @@ extensions = .rst [testenv:releasenotes] +basepython = python3 deps = -r{toxinidir}/doc/requirements.txt commands = sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html @@ -50,11 +55,13 @@ commands = # environment used by the -infra templated docs job [testenv:venv] +basepython = python3 commands = {posargs} [testenv:pep8] +basepython = python3 commands = bash -c "{toxinidir}/tests/common/test-pep8.sh" @@ -87,7 +94,16 @@ commands = bash -c "{toxinidir}/tests/common/test-ansible-functional.sh" +[testenv:distro_install] +setenv = + {[testenv]setenv} + ANSIBLE_PARAMETERS=-e @{toxinidir}/tests/common/test-distro_install-vars.yml +commands = + bash -c "{toxinidir}/tests/common/test-ansible-functional.sh" + + [testenv:linters] +basepython = python3 commands = bash -c "{toxinidir}/tests/common/test-ansible-env-prep.sh" {[testenv:pep8]commands} diff --git a/vars/distro_install.yml b/vars/distro_install.yml new file mode 100644 index 0000000..bfca0e2 --- /dev/null +++ b/vars/distro_install.yml @@ -0,0 +1,43 @@ +--- +# Copyright 2018, SUSE Linux GmbH. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# +# Compile a list of the distro packages to install based on +# whether the host is in the host group and the service is +# enabled. +# +manila_package_list: |- + {% set packages = manila_service_distro_packages %} + {% if manila_services['manila-share']['group'] in group_names %} + {% set _ = packages.extend(manila_share_distro_packages) %} + {% if manila_backend_lvm_inuse | bool %} + {% set _ = packages.extend(manila_lvm_share_distro_packages) %} + {% endif %} + {% endif %} + {% if manila_services['manila-api']['group'] in group_names %} + {% set _ = packages.extend(manila_api_distro_packages) %} + {% endif %} + {% if manila_services['manila-scheduler']['group'] in group_names %} + {% set _ = packages.extend(manila_scheduler_distro_packages) %} + {% endif %} + {% if manila_developer_mode | bool %} + {% set _ = packages.extend(manila_devel_distro_packages) %} + {% endif %} + {% if manila_oslomsg_amqp1_enabled | bool %} + {% set _ = packages.extend(manila_oslomsg_amqp1_distro_packages) %} + {% endif %} + {{ packages }} + +_manila_bin: "/usr/bin" diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..13760ca --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,31 @@ +--- +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# +# Compile a list of the services on a host based on whether +# the host is in the host group and the service is enabled. +# The service list is provided in the defined start order. +# +filtered_manila_services: |- + {% set services = [] %} + {% for key, value in manila_services.items() %} + {% if (value['group'] in group_names) and + (('condition' not in value) or + ('condition' in value and value['condition'])) %} + {% set _ = value.update({'service_key': key}) %} + {% set _ = services.append(value) %} + {% endif %} + {% endfor %} + {{ services | sort(attribute='start_order') }} diff --git a/vars/source_install.yml b/vars/source_install.yml new file mode 100644 index 0000000..87438cd --- /dev/null +++ b/vars/source_install.yml @@ -0,0 +1,38 @@ +--- +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# +# Compile a list of the distro packages to install based on +# whether the host is in the host group and the service is +# enabled. +# +manila_package_list: |- + {% set packages = manila_distro_packages %} + {% if manila_services['manila-share']['group'] in group_names %} + {% set _ = packages.extend(manila_share_deps_distro_packages) %} + {% if manila_backend_lvm_inuse | bool %} + {% set _ = packages.extend(manila_lvm_share_distro_packages) %} + {% endif %} + {% endif %} + {% if manila_developer_mode | bool %} + {% set _ = packages.extend(manila_devel_distro_packages) %} + {% endif %} + {% if manila_oslomsg_amqp1_enabled | bool %} + {% set _ = packages.extend(manila_oslomsg_amqp1_distro_packages) %} + {% endif %} + {{ packages }} + +_manila_bin: "/openstack/venvs/manila-{{ manila_venv_tag }}/bin" +manila_uwsgi_bin: "{{ _manila_bin }}" diff --git a/vars/ubuntu.yml b/vars/ubuntu.yml new file mode 100644 index 0000000..4f0ac62 --- /dev/null +++ b/vars/ubuntu.yml @@ -0,0 +1,71 @@ +--- +# Copyright 2016, Intel Corporation. +# Copyright 2016, IBM Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +## APT Cache options +cache_timeout: 600 + +# Common apt packages +manila_distro_packages: + - libffi-dev + - libkmod-dev + - libkmod2 + - libpq-dev + - libssl-dev + - libxslt1-dev + - nfs-common + - rpcbind + - rsync + - zlib1g + - zlibc + +manila_service_distro_packages: + - python-manilaclient + - python-shade + - python-systemd + - python3-systemd + - uwsgi + - uwsgi-plugin-python + +manila_devel_distro_packages: + - build-essential + - git-core + - libsystemd-dev + +manila_api_distro_packages: + - manila-api + +manila_scheduler_distro_packages: + - manila-scheduler + +manila_share_distro_packages: + - manila-share + - manila-data + +manila_share_deps_distro_packages: + - qemu-utils + +manila_lvm_share_distro_packages: + - dmeventd + - lvm2 + - parted + - thin-provisioning-tools + - nfs-kernel-server + +manila_oslomsg_amqp1_distro_packages: + - libsasl2-modules + - sasl2-bin + +manila_uwsgi_bin: '/usr/bin' diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index a9056fe..5c5f086 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -17,3 +17,11 @@ - check-requirements - publish-openstack-docs-pti - release-notes-jobs-python3 + check: + jobs: + - openstack-ansible-functional-ubuntu-bionic + - openstack-ansible-functional-distro_install-ubuntu-bionic: + voting: false + gate: + jobs: + - openstack-ansible-functional-ubuntu-bionic