From f9bfb7f0bcc5d1bf79b01a20743f4e68d7c5b202 Mon Sep 17 00:00:00 2001 From: Michael Vollman Date: Mon, 1 Oct 2018 19:53:16 -0400 Subject: [PATCH] Basic working os_manila role Starting this new role as a copy of the os_cinder role due to the similarities between the two openstack projects. This role will deploy manila api, scheduler and share services on ubuntu with the default local LVM backed NFS scenario. Change-Id: Ibda073e5aaa6df3b254961d4aed3a8d5961f3432 --- defaults/main.yml | 311 ++++++++++++++++++++++++++ doc/source/configure-manila.rst | 103 +++++++++ doc/source/index.rst | 43 +++- handlers/main.yml | 68 ++++++ run_tests.sh | 94 ++++++++ tasks/main.yml | 138 ++++++++++++ tasks/manila_backend_cephfs.yml | 45 ++++ tasks/manila_backends.yml | 58 +++++ tasks/manila_cleanup_old_facts.yml | 29 +++ tasks/manila_db_setup.yml | 66 ++++++ tasks/manila_install.yml | 83 +++++++ tasks/manila_install_source.yml | 71 ++++++ tasks/manila_lvm_config.yml | 36 +++ tasks/manila_post_install.yml | 52 +++++ tasks/manila_pre_install.yml | 47 ++++ tasks/manila_service_setup.yml | 120 ++++++++++ tasks/manila_uwsgi.yml | 33 +++ tasks/mq_setup.yml | 83 +++++++ templates/api-paste.ini.j2 | 59 +++++ templates/lvm.conf.j2 | 123 ++++++++++ templates/manila-uwsgi.ini.j2 | 25 +++ templates/manila.conf.j2 | 129 +++++++++++ templates/policy.json.j2 | 1 + templates/rootwrap.conf.j2 | 27 +++ templates/sudoers.j2 | 6 + tests/ansible-role-requirements.yml | 81 +++++++ tests/cinder-initiator.yml | 18 ++ tests/group_vars/all_containers.yml | 36 +++ tests/host_vars/infra1.yml | 20 ++ tests/host_vars/localhost.yml | 23 ++ tests/host_vars/manila1.yml | 20 ++ tests/host_vars/openstack1.yml | 25 +++ tests/host_vars/storage1.yml | 28 +++ tests/inventory | 151 +++++++++++++ tests/os_manila-overrides.yml | 133 +++++++++++ tests/test-install-manila.yml | 34 +++ tests/test-setup-manila-localhost.yml | 56 +++++ tests/test.yml | 50 +++++ tox.ini | 18 +- vars/distro_install.yml | 43 ++++ vars/main.yml | 31 +++ vars/source_install.yml | 38 ++++ vars/ubuntu.yml | 71 ++++++ zuul.d/project.yaml | 8 + 44 files changed, 2730 insertions(+), 4 deletions(-) create mode 100644 defaults/main.yml create mode 100644 doc/source/configure-manila.rst create mode 100644 handlers/main.yml create mode 100755 run_tests.sh create mode 100644 tasks/main.yml create mode 100644 tasks/manila_backend_cephfs.yml create mode 100644 tasks/manila_backends.yml create mode 100644 tasks/manila_cleanup_old_facts.yml create mode 100644 tasks/manila_db_setup.yml create mode 100644 tasks/manila_install.yml create mode 100644 tasks/manila_install_source.yml create mode 100644 tasks/manila_lvm_config.yml create mode 100644 tasks/manila_post_install.yml create mode 100644 tasks/manila_pre_install.yml create mode 100644 tasks/manila_service_setup.yml create mode 100644 tasks/manila_uwsgi.yml create mode 100644 tasks/mq_setup.yml create mode 100644 templates/api-paste.ini.j2 create mode 100644 templates/lvm.conf.j2 create mode 100644 templates/manila-uwsgi.ini.j2 create mode 100644 templates/manila.conf.j2 create mode 100644 templates/policy.json.j2 create mode 100644 templates/rootwrap.conf.j2 create mode 100644 templates/sudoers.j2 create mode 100644 tests/ansible-role-requirements.yml create mode 100644 tests/cinder-initiator.yml create mode 100644 tests/group_vars/all_containers.yml create mode 100644 tests/host_vars/infra1.yml create mode 100644 tests/host_vars/localhost.yml create mode 100644 tests/host_vars/manila1.yml create mode 100644 tests/host_vars/openstack1.yml create mode 100644 tests/host_vars/storage1.yml create mode 100644 tests/inventory create mode 100644 tests/os_manila-overrides.yml create mode 100644 tests/test-install-manila.yml create mode 100644 tests/test-setup-manila-localhost.yml create mode 100644 tests/test.yml create mode 100644 vars/distro_install.yml create mode 100644 vars/main.yml create mode 100644 vars/source_install.yml create mode 100644 vars/ubuntu.yml diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..9f88a70 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,311 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Set the package install state for distribution and pip packages +# Options are 'present' and 'latest' +manila_package_state: "latest" +manila_pip_package_state: "latest" + +# Set the host which will execute the shade modules +# for the service setup. The host must already have +# clouds.yaml properly configured. +manila_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}" + +# Set installation method. +manila_install_method: "source" + +manila_git_repo: https://git.openstack.org/openstack/manila +manila_git_install_branch: master +manila_developer_mode: false +manila_developer_constraints: + - "git+{{ manila_git_repo }}@{{ manila_git_install_branch }}#egg=manila" + +# TODO(odyssey4me): +# This can be simplified once all the roles are using +# python_venv_build. We can then switch to using a +# set of constraints in pip.conf inside the venv, +# perhaps prepared by giving a giving a list of +# constraints to the role. +manila_pip_install_args: >- + {{ manila_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }} + {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''), '') }} + {{ pip_install_options | default('') }} + +# Name of the virtual env to deploy into +manila_venv_tag: "{{ venv_tag | default('untagged') }}" +manila_bin: "{{ _manila_bin }}" + +# venv_download, even when true, will use the fallback method of building the +# venv from scratch if the venv download fails. +manila_venv_download: "{{ not manila_developer_mode | bool }}" +manila_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/manila.tgz + +# Enable/Disable Ceilometer +manila_ceilometer_enabled: False + +manila_storage_availability_zone: nova +manila_default_availability_zone: "{{ manila_storage_availability_zone }}" + +manila_management_address: 127.0.0.1 +manila_uwsgi_bind_address: 0.0.0.0 + +manila_fatal_deprecations: False + +## Database info +manila_db_setup_host: "{{ ('galera_all' in groups) | ternary(groups['galera_all'][0], 'localhost') }}" +manila_galera_address: "{{ galera_address | default('127.0.0.1') }}" +manila_galera_user: manila +manila_galera_database: manila +manila_galera_use_ssl: "{{ galera_use_ssl | default(False) }}" +manila_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}" + +## Oslo Messaging + +# RPC +manila_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group | default('rabbitmq_all') }}" +manila_oslomsg_rpc_setup_host: "{{ (manila_oslomsg_rpc_host_group in groups) | ternary(groups[manila_oslomsg_rpc_host_group][0], 'localhost') }}" +manila_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport | default('rabbit') }}" +manila_oslomsg_rpc_servers: "{{ oslomsg_rpc_servers | default('127.0.0.1') }}" +manila_oslomsg_rpc_port: "{{ oslomsg_rpc_port | default('5672') }}" +manila_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl | default(False) }}" +manila_oslomsg_rpc_userid: manila +manila_oslomsg_rpc_vhost: /manila + +# Notify +manila_oslomsg_notify_host_group: "{{ oslomsg_notify_host_group | default('rabbitmq_all') }}" +manila_oslomsg_notify_setup_host: "{{ (manila_oslomsg_notify_host_group in groups) | ternary(groups[manila_oslomsg_notify_host_group][0], 'localhost') }}" +manila_oslomsg_notify_transport: "{{ oslomsg_notify_transport | default('rabbit') }}" +manila_oslomsg_notify_servers: "{{ oslomsg_notify_servers | default('127.0.0.1') }}" +manila_oslomsg_notify_port: "{{ oslomsg_notify_port | default('5672') }}" +manila_oslomsg_notify_use_ssl: "{{ oslomsg_notify_use_ssl | default(False) }}" +manila_oslomsg_notify_userid: "{{ manila_oslomsg_rpc_userid }}" +manila_oslomsg_notify_password: "{{ manila_oslomsg_rpc_password }}" +manila_oslomsg_notify_vhost: "{{ manila_oslomsg_rpc_vhost }}" + +## (Qdrouterd) integration +# TODO(evrardjp): Change structure when more backends will be supported +manila_oslomsg_amqp1_enabled: "{{ manila_oslomsg_rpc_transport == 'amqp' }}" + +## Manila User / Group +manila_system_user_name: manila +manila_system_group_name: manila +manila_system_comment: manila system user +manila_system_shell: /bin/false +manila_system_home_folder: "/var/lib/{{ manila_system_user_name }}" + +## Manually specified manila UID/GID +# Deployers can specify a UID for the manila user as well as the GID for the +# manila group if needed. This is commonly used in environments where shared +# storage is used, such as NFS or GlusterFS, and manila UID/GID values must be +# in sync between multiple servers. +# +# WARNING: Changing these values on an existing deployment can lead to +# failures, errors, and instability. +# +# manila_system_user_uid = +# manila_system_group_gid = + +manila_lock_path: /var/lock/manila + +## Manila Auth +manila_service_admin_tenant_name: "service" +manila_service_admin_username: "manila" + +## Manila API's enabled +manila_enable_v2_api: true + +## Manila API check cert validation +manila_service_internaluri_insecure: false + +## Manila api service type and data +manila_service_name: manila +manila_service_project_domain_id: default +manila_service_user_domain_id: default +manila_service_user_name: manila +manila_service_project_name: service +manila_service_role_name: admin +manila_service_region: RegionOne +manila_service_description: "Openstack Shared File Systems" +manila_service_port: 8786 +manila_service_proto: http +manila_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(manila_service_proto) }}" +manila_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(manila_service_proto) }}" +manila_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(manila_service_proto) }}" +manila_service_type: share +manila_service_publicuri: "{{ manila_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ manila_service_port }}" +manila_service_publicurl: "{{ manila_service_publicuri }}/v1/%(tenant_id)s" +manila_service_adminuri: "{{ manila_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ manila_service_port }}" +manila_service_adminurl: "{{ manila_service_adminuri }}/v1/%(tenant_id)s" +manila_service_internaluri: "{{ manila_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ manila_service_port }}" +manila_service_internalurl: "{{ manila_service_internaluri }}/v1/%(tenant_id)s" + +manila_service_v2_name: manilav2 +manila_service_v2_port: 8786 +manila_service_v2_proto: http +manila_service_v2_type: sharev2 +manila_service_v2_description: "Openstack Shared File Systems V2" +manila_service_v2_publicuri: "{{ manila_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ manila_service_port }}" +manila_service_v2_publicurl: "{{ manila_service_publicuri }}/v2/%(tenant_id)s" +manila_service_v2_adminuri: "{{ manila_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ manila_service_port }}" +manila_service_v2_adminurl: "{{ manila_service_adminuri }}/v2/%(tenant_id)s" +manila_service_v2_internaluri: "{{ manila_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ manila_service_port }}" +manila_service_v2_internalurl: "{{ manila_service_internaluri }}/v2/%(tenant_id)s" + +manila_auth_strategy: keystone + +## Keystone authentication middleware +manila_keystone_auth_plugin: "{{ manila_keystone_auth_type }}" +manila_keystone_auth_type: password + +## In order to enable the manila data you MUST set ``manila_service_data_program_enabled`` to "true" +manila_service_data_program_enabled: false + +## Cap the maximun number of threads / workers when a user value is unspecified. +manila_osapi_share_workers_max: 16 +manila_osapi_share_workers: "{{ [[ansible_processor_vcpus|default(2) // 2, 1] | max, manila_osapi_share_workers_max] | min }}" + +## Manila RPC +manila_rpc_executor_thread_pool_size: 64 +manila_rpc_response_timeout: 60 + +manila_share_name_template: share-%s + +# osprofiler +manila_profiler_enabled: false +# manila_profiler_hmac_key is set in user_secrets.yml +manila_profiler_trace_sqlalchemy: false + +manila_client_socket_timeout: 900 + +## Manila quota +manila_quota_shares: 50 +manila_quota_snapshots: 50 +manila_quota_gigabytes: 1000 +manila_quota_snapshot_gigabytes: 1000 +manila_quota_share_networks: 10 + +## General configuration +# manila_backends: +# lvm: +# share_backend_name: LVM +# share_driver: manila.share.drivers.lvm.LVMShareDriver +# driver_handles_share_servers: False +# lvm_share_volume_group: manila-shares +# lvm_share_export_ip: + +# manila_backend_lvm_inuse: True if current host has an lvm backend +manila_backend_lvm_inuse: '{{ (manila_backends|default("")|to_json).find("lvm") != -1 }}' +# manila_backend_rbd_inuse: True if the current host has an rbd backend +manila_backend_rbd_inuse: '{{ (manila_backends|default("")|to_json).find("manila.share.drivers.cephfs") != -1 }}' + +## Policy vars +# Provide a list of access controls to update the default policy.json with. These changes will be merged +# with the access controls in the default policy.json. E.g. +#manila_policy_overrides: +# "share:create": "" +# "share:delete": "" + +manila_service_in_ldap: false + +# Common pip packages +manila_pip_packages: + - manila + - python-manilaclient + - cryptography + - ecdsa + - httplib2 + - keystonemiddleware + - osprofiler + - PyMySQL + - python-openstackclient + - python-memcached + - systemd-python + - uwsgi + +manila_optional_oslomsg_amqp1_pip_packages: + - oslo.messaging[amqp1] + +manila_api_init_overrides: {} +manila_scheduler_init_overrides: {} +manila_share_init_overrides: {} +manila_data_init_overrides: {} + +## Service Name-Group Mapping +manila_services: + manila-scheduler: + group: manila_scheduler + service_name: manila-scheduler + init_config_overrides: "{{ manila_scheduler_init_overrides }}" + start_order: 1 + execstarts: "{{ manila_bin }}/manila-scheduler" + execreloads: "/bin/kill -HUP $MAINPID" + manila-share: + group: manila_share + service_name: manila-share + init_config_overrides: "{{ manila_share_init_overrides }}" + start_order: 2 + execstarts: "{{ manila_bin }}/manila-share" + execreloads: "/bin/kill -HUP $MAINPID" + manila-data: + group: manila_data + service_name: manila-data + init_config_overrides: "{{ manila_data_init_overrides }}" + start_order: 3 + condition: False + execstarts: "{{ manila_bin }}/manila-data" + execreloads: "/bin/kill -HUP $MAINPID" + manila-api: + group: manila_api + service_name: manila-api + init_config_overrides: "{{ manila_api_init_overrides }}" + start_order: 4 + execstarts: "{{ manila_uwsgi_bin }}/uwsgi --autoload --ini /etc/uwsgi/manila-api.ini" + execreloads: "{{ manila_uwsgi_bin }}/uwsgi --reload /var/run/manila-api/manila-api.pid" + wsgi_overrides: "{{ manila_api_uwsgi_ini_overrides }}" + wsgi_app: True + wsgi_name: manila-wsgi + uwsgi_port: "{{ manila_service_port }}" + uwsgi_bind_address: "{{ manila_uwsgi_bind_address }}" + + #condition: "{{ manila_service_data_program_enabled | bool }}" +# Manila uWSGI settings +manila_wsgi_processes_max: 16 +manila_wsgi_processes: "{{ [[ansible_processor_vcpus|default(1), 1] | max * 2, manila_wsgi_processes_max] | min }}" +manila_wsgi_threads: 1 +manila_wsgi_buffer_size: 65535 + +# This variable is used by the repo_build process to determine +# which host group to check for members of before building the +# pip packages required by this role. The value is picked up +# by the py_pkgs lookup. +manila_role_project_group: manila_all + +manila_default_share_type: nfs +manila_share_name_template: share-%s + +## Tunable overrides +manila_policy_overrides: {} +manila_rootwrap_conf_overrides: {} +manila_api_paste_ini_overrides: {} +manila_manila_conf_overrides: {} +manila_api_uwsgi_ini_overrides: {} + +## Set default manila path in service units. The default override sets the +## execution path for the manila service. +manila_environment_overrides: + Service: + Environment: "PATH={{ manila_bin }}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + +_UUID_regex: "[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}" diff --git a/doc/source/configure-manila.rst b/doc/source/configure-manila.rst new file mode 100644 index 0000000..e5cbb91 --- /dev/null +++ b/doc/source/configure-manila.rst @@ -0,0 +1,103 @@ +============================================================== +Configuring the Shared File System (manila) service (optional) +============================================================== + +By default the Shared File System (manila) service does not deploy any +backend. This role expects you to define the backend you intend on using. +The following sections describe example configurations for various +manila backends. + +Default share type +~~~~~~~~~~~~~~~~~~ + +It is required to define one of the ``manila_backends`` as the default +share type. + +.. code:: + + manila_default_share_type: SHARE_TYPE_NAME + +Replce ``SHARE_TYPE_NAME`` with the name of the default backend. + +LVM backend +~~~~~~~~~~~ + +The LVM backend allows provisioning of logical volumes and configuriung a +local NFS server to serve those volumes as shares. + +.. note:: + + Using the LVM backend results in a Single Point of Failure + +#. For each storage node, add one ``manila_backends`` block underneath + the ``container_vars`` section. ``container_vars`` are used to allow + container/host individualized configuration. Each manila back end is + defined with a unique key. For example, ``nfs-share1``. + This later represents a unique manila backend and share type. + + .. code-block:: yaml + + container_vars: + manila_enabled_share_protocols: NFS + manila_backends: + nfs-share1: + +#. Configure the appropriate share protocols. For the LVM backend you + will need a minimu of ``NFS``. + + .. code-block:: yaml + + container_vars: + manila_enabled_share_protocols: NFS + +#. Configure the appropriate manila share backend name: + + .. code-block:: yaml + + share_backend_name: NFS_SHARE1 + +#. Configure the appropriate manila LVM driver: + + .. code-block:: yaml + + share_driver: manila.share.drivers.lvm.LVMShareDriver + lvm_share_volume_group: LVM_VOLUME_GROUP + + Replace ``LVM_VOLUME_GROUP`` with the name of the LVM + volume group manila should use to provision shares. + +#. Configure whether this backend manages share servers. The only + current supported option for this role is ``False`` as + deploying a manila backend that manages share servers has not been + tested yet. + + .. code-block:: yaml + + driver_handles_share_servers: False + +#. Configure the IP address or hostname of the share server. + + .. code-block:: yaml + + lvm_share_export_ip: "IP_ADDRESS" + + Replace ``IP_ADDRESS`` with the IP address or hostname where the + nfs shares will be exported from. + +The following is a full configuration example of a manila LVM backend +named NFS_SHARE1. The manila playbooks will automatically add a custom +``share-type`` and ``nfs-share1`` as in this example: + + .. code-block:: yaml + + container_vars: + manila_default_share_type: nfs-share1 + manila_enabled_share_protocols: NFS + manila_backends: + limit_container_types: manila_share + nfs-share1: + share_backend_name: NFS_SHARE1 + share_driver: manila.share.drivers.lvm.LVMShareDriver + driver_handles_share_servers: False + lvm_share_volume_group: manila-shares + lvm_share_export_ip: "172.29.236.100" diff --git a/doc/source/index.rst b/doc/source/index.rst index 4b6c926..cf39dea 100644 --- a/doc/source/index.rst +++ b/doc/source/index.rst @@ -1,10 +1,23 @@ -============================= -OpenStack-Ansible manila role -============================= +================================= +Manila role for OpenStack-Ansible +================================= + +This Ansible role installs and configures OpenStack manila. + +The following manila services are managed by the role: + * manila-api + * manila-scheduler + * manila-share + * manila-data (untested) .. toctree:: :maxdepth: 2 + configure-manila.rst + +To clone of view the source code for this repository, visit the role repository +for `os_manila `_. + Default variables ~~~~~~~~~~~~~~~~~ @@ -15,9 +28,33 @@ Default variables Dependencies ~~~~~~~~~~~~ +This role needs pip >= 7.1 installed on the target host. + Example playbook ~~~~~~~~~~~~~~~~ .. literalinclude:: ../../examples/playbook.yml :language: yaml +External Restart Hooks +~~~~~~~~~~~~~~~~~~~~~~ + +When the role performs a restart of the service, it will notify an Ansible +handler named ``Manage LB``, which is a noop within this role. In the +playbook, other roles may be loaded before and after this role which will +implement Ansible handler listeners for ``Manage LB``, allowing external roles +to manage the load balancer endpoints responsible for sending traffic to the +servers being restarted by marking them in maintenance or active mode, +draining sessions, etc. For an example implementation, please reference the +`ansible-haproxy-endpoints role `_ +used by the openstack-ansible project. + +Tags +~~~~ + +This role supports two tags: ``manila-install`` and ``manila-config`` + +The ``manila-install`` tag can be used to install and upgrade. + +The ``manila-config`` tag can be used to maintain configuration of the +service. diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..549d7f2 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,68 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Stop services + service: + name: "{{ item.service_name }}" + enabled: yes + state: stopped + daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}" + with_items: "{{ filtered_manila_services }}" + register: _stop + until: _stop is success + retries: 5 + delay: 2 + listen: + - "Restart manila services" + - "venv changed" + +# Note (odyssey4me): +# The policy.json file is currently read continually by the services +# and is not only read on service start. We therefore cannot template +# directly to the file read by the service because the new policies +# may not be valid until the service restarts. This is particularly +# important during a major upgrade. We therefore only put the policy +# file in place after the service has been stopped. +# +- name: Copy new policy file into place + copy: + src: "/etc/manila/policy.json-{{ manila_venv_tag }}" + dest: "/etc/manila/policy.json" + owner: "root" + group: "{{ manila_system_group_name }}" + mode: "0640" + remote_src: yes + listen: + - "Restart manila services" + - "venv changed" + +- name: Start services + service: + name: "{{ item.service_name }}" + enabled: yes + state: "started" + daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}" + with_items: "{{ filtered_manila_services }}" + register: _start + until: _start is success + retries: 5 + delay: 2 + listen: + - "Restart manila services" + - "venv changed" + +- meta: noop + listen: Manage LB + when: false diff --git a/run_tests.sh b/run_tests.sh new file mode 100755 index 0000000..cbffb04 --- /dev/null +++ b/run_tests.sh @@ -0,0 +1,94 @@ +#!/usr/bin/env bash +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# PURPOSE: +# This script clones the openstack-ansible-tests repository to the +# tests/common folder in order to be able to re-use test components +# for role testing. This is intended to be the thinnest possible +# shim for test execution outside of OpenStack CI. + +# WARNING: +# This file is maintained in the openstack-ansible-tests repository. +# https://git.openstack.org/cgit/openstack/openstack-ansible-tests/tree/run_tests.sh +# If you need to modify this file, update the one in the openstack-ansible-tests +# repository and then update this file as well. The purpose of this file is to +# prepare the host and then execute all the tox tests. +# + +## Shell Opts ---------------------------------------------------------------- +set -xeu + +## Vars ---------------------------------------------------------------------- + +WORKING_DIR="$(readlink -f $(dirname $0))" +OSA_PROJECT_NAME="$(sed -n 's|^project=openstack/\(.*\).git$|\1|p' $(pwd)/.gitreview)" + +COMMON_TESTS_PATH="${WORKING_DIR}/tests/common" +TESTING_HOME=${TESTING_HOME:-$HOME} +ZUUL_TESTS_CLONE_LOCATION="/home/zuul/src/git.openstack.org/openstack/openstack-ansible-tests" + +# Use .gitreview as the key to determine the appropriate +# branch to clone for tests. +TESTING_BRANCH=$(awk -F'=' '/defaultbranch/ {print $2}' "${WORKING_DIR}/.gitreview") +if [[ "${TESTING_BRANCH}" == "" ]]; then + TESTING_BRANCH="master" +fi + +## Main ---------------------------------------------------------------------- + +# Source distribution information +source /etc/os-release || source /usr/lib/os-release + +# Prefer dnf over yum for CentOS. +which dnf &>/dev/null && RHT_PKG_MGR='dnf' || RHT_PKG_MGR='yum' + +# Figure out the appropriate package install command +case ${ID,,} in + *suse*) pkg_mgr_cmd="zypper -n in" ;; + centos|rhel|fedora) pkg_mgr_cmd="${RHT_PKG_MGR} install -y" ;; + ubuntu|debian) pkg_mgr_cmd="apt-get install -y" ;; + gentoo) pkg_mgr_cmd="emerge" ;; + *) echo "unsupported distribution: ${ID,,}"; exit 1 ;; +esac + +# Install git so that we can clone the tests repo if git is not available +which git &>/dev/null || eval sudo "${pkg_mgr_cmd}" git + +# Clone the tests repo for access to the common test script +if [[ ! -d "${COMMON_TESTS_PATH}" ]]; then + # The tests repo doesn't need a clone, we can just + # symlink it. + if [[ "${OSA_PROJECT_NAME}" == "openstack-ansible-tests" ]]; then + ln -s "${WORKING_DIR}" "${COMMON_TESTS_PATH}" + + # In zuul v3 any dependent repository is placed into + # /home/zuul/src/git.openstack.org, so we check to see + # if there is a tests checkout there already. If so, we + # symlink that and use it. + elif [[ -d "${ZUUL_TESTS_CLONE_LOCATION}" ]]; then + ln -s "${ZUUL_TESTS_CLONE_LOCATION}" "${COMMON_TESTS_PATH}" + + # Otherwise we're clearly not in zuul or using a previously setup + # repo in some way, so just clone it from upstream. + else + git clone -b "${TESTING_BRANCH}" \ + https://git.openstack.org/openstack/openstack-ansible-tests \ + "${COMMON_TESTS_PATH}" + fi +fi + +# Execute the common test script +source tests/common/run_tests_common.sh + diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..ec9fbcf --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,138 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Gather variables for each operating system + include_vars: "{{ item }}" + with_first_found: + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml" + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml" + - "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml" + - "{{ ansible_distribution | lower }}.yml" + - "{{ ansible_os_family | lower }}-{{ ansible_distribution_version.split('.')[0] }}.yml" + - "{{ ansible_os_family | lower }}.yml" + tags: + - always + +- name: Fail if service was deployed using a different installation method + fail: + msg: "Switching installation methods for OpenStack services is not supported" + when: + - ansible_local is defined + - ansible_local.openstack_ansible is defined + - ansible_local.openstack_ansible.manila is defined + - ansible_local.openstack_ansible.manila.install_method is defined + - ansible_local.openstack_ansible.manila.install_method != manila_install_method + +- name: Gather variables for installation method + include_vars: "{{ manila_install_method }}_install.yml" + tags: + - always + +- include: manila_lvm_config.yml + when: + - "manila_services['manila-share']['group'] in group_names" + - "manila_backend_lvm_inuse | bool" + tags: + - manila-config + +- include: manila_pre_install.yml + tags: + - manila-install + +- include: manila_install.yml + tags: + - manila-install + +- name: refresh local facts + setup: + filter: ansible_local + gather_subset: "!all" + tags: + - manila-config + +- include: manila_cleanup_old_facts.yml + when: + - "'need_db_sync' in ansible_local['openstack_ansible']['manila']" + tags: + - manila-config + +- include: manila_post_install.yml + tags: + - manila-config + +- import_tasks: mq_setup.yml + when: + - "manila_services['manila-api']['group'] in group_names" + - "inventory_hostname == ((groups[manila_services['manila-api']['group']]| intersect(ansible_play_hosts)) | list)[0]" + vars: + _oslomsg_rpc_setup_host: "{{ manila_oslomsg_rpc_setup_host }}" + _oslomsg_rpc_userid: "{{ manila_oslomsg_rpc_userid }}" + _oslomsg_rpc_password: "{{ manila_oslomsg_rpc_password }}" + _oslomsg_rpc_vhost: "{{ manila_oslomsg_rpc_vhost }}" + _oslomsg_rpc_transport: "{{ manila_oslomsg_rpc_transport }}" + _oslomsg_notify_setup_host: "{{ manila_oslomsg_notify_setup_host }}" + _oslomsg_notify_userid: "{{ manila_oslomsg_notify_userid }}" + _oslomsg_notify_password: "{{ manila_oslomsg_notify_password }}" + _oslomsg_notify_vhost: "{{ manila_oslomsg_notify_vhost }}" + _oslomsg_notify_transport: "{{ manila_oslomsg_notify_transport }}" + tags: + - common-mq + - manila-config + +- include: manila_db_setup.yml + static: no + when: + - "groups['manila_api'] | length > 0" + - "manila_services['manila-api']['group'] in group_names" + - "inventory_hostname == ((groups['manila_api'] | intersect(ansible_play_hosts)) | list)[0]" + tags: + - manila-config + +- include: manila_uwsgi.yml + tags: + - manila-config + +- include: manila_service_setup.yml + static: no + when: + - "groups['manila_api'] | length > 0" + - "manila_services['manila-api']['group'] in group_names" + - "inventory_hostname == ((groups['manila_api'] | intersect(ansible_play_hosts)) | list)[0]" + tags: + - manila-config + +- name: Include ceph_client role + include_role: + name: ceph_client + vars: + openstack_service_system_user: "{{ manila_system_user_name }}" + openstack_service_venv_bin: "{{ (manila_install_method == 'source') | ternary(manila_bin,'/usr/local/bin') }}" + when: + - "manila_services['manila-share']['group'] in group_names" + - "manila_backend_rbd_inuse | bool" + tags: + - ceph + +- name: Flush handlers + meta: flush_handlers + +- include: manila_backends.yml + static: no + when: + - "groups[manila_services['manila-share']['group']] | length > 0" + - "manila_services['manila-api']['group'] in group_names" + - "inventory_hostname == ((groups[manila_services['manila-api']['group']] | intersect(ansible_play_hosts)) | list)[-1]" + tags: + - manila-config diff --git a/tasks/manila_backend_cephfs.yml b/tasks/manila_backend_cephfs.yml new file mode 100644 index 0000000..af28784 --- /dev/null +++ b/tasks/manila_backend_cephfs.yml @@ -0,0 +1,45 @@ +--- +# Copyright 2018, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Set _cephfs_mount_dir fact + set_fact: + _cephfs_mount_dir: /mnt/cephfs-ansible-mount + _cephfs_auth_id: "{{ item.value.cephfs_auth_id|default('manila') }}" + +- name: Create temporary mount dir + file: + name: "{{ _cephfs_mount_dir }}" + state: directory + +- name: Mount CephFS + command: | + ceph-fuse --id "{{ _cephfs_auth_id }}" "{{ _cephfs_mount_dir }}" + changed_when: false + +- name: Ensure CephFS volumes dir permissions + file: + name: "{{ _cephfs_mount_dir }}/volumes" + state: directory + owner: "{{ manila_system_user_name }}" + +- name: Unmount CephFS + mount: + path: "{{ _cephfs_mount_dir }}" + state: unmounted + +- name: Remove temporary mount dir + file: + name: "{{ _cephfs_mount_dir }}" + state: absent diff --git a/tasks/manila_backends.yml b/tasks/manila_backends.yml new file mode 100644 index 0000000..2681642 --- /dev/null +++ b/tasks/manila_backends.yml @@ -0,0 +1,58 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Ensure manila api is available + uri: + url: "{{ manila_service_internaluri }}" + status_code: 200,300 + validate_certs: "{{ manila_service_internaluri_insecure | bool }}" + register: api_status + until: api_status is success + retries: 10 + delay: 10 + +# TODO(odyssey4me): +# Once these tasks can be replaced by using Ansible modules instead, +# we should do that and use the delegation to the service setup host +# so that we can remove the openrc file from the target host. +- name: Implement openrc/clouds.yaml + include_role: + name: "openstack_openrc" + +- name: Create singular manila_backends variable for all hosts + set_fact: + _manila_backends: "{{ (_manila_backends | default(manila_backends | default({}))) | combine(hostvars[item]['manila_backends'] | default({})) }}" + with_items: "{{ groups[manila_services['manila-share']['group']] }}" + +- name: Add in manila devices types + shell: | + . {{ ansible_env.HOME }}/openrc + CLI_OPTIONS="--endpoint-type internalURL {{ ((keystone_service_adminuri_insecure | bool) or (manila_service_internaluri_insecure | bool)) | ternary('--insecure','') }}" + if ! {{ manila_bin }}/manila ${CLI_OPTIONS} type-list | grep -q "{{ item.key }}"; then + {{ manila_bin }}/manila ${CLI_OPTIONS} type-create "{{ item.key }}" "{{ item.value.driver_handles_share_servers }}" + fi + args: + executable: /bin/bash + with_dict: "{{ _manila_backends|default({}) }}" + changed_when: false + +- include: manila_backend_cephfs.yml + static: no + when: + - (item|default("")|to_json).find("manila.share.drivers.cephfs") != -1 + - "manila_services['manila-share']['group'] in group_names" + with_dict: "{{ _manila_backends|default({}) }}" + tags: + - manila-config diff --git a/tasks/manila_cleanup_old_facts.yml b/tasks/manila_cleanup_old_facts.yml new file mode 100644 index 0000000..6cfc6ab --- /dev/null +++ b/tasks/manila_cleanup_old_facts.yml @@ -0,0 +1,29 @@ +--- +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# TODO(odyssey4me): +# This file and the task calling it may be removed in Queens. + +- name: Remove the old db_sync fact + ini_file: + dest: "/etc/ansible/facts.d/openstack_ansible.fact" + section: manila + option: "need_db_sync" + state: absent + +- name: refresh local facts + setup: + filter: ansible_local + gather_subset: "!all" diff --git a/tasks/manila_db_setup.yml b/tasks/manila_db_setup.yml new file mode 100644 index 0000000..bb27e6c --- /dev/null +++ b/tasks/manila_db_setup.yml @@ -0,0 +1,66 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create DB for service + mysql_db: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ manila_galera_address }}" + name: "{{ manila_galera_database }}" + state: "present" + delegate_to: "{{ manila_db_setup_host }}" + no_log: True + +- name: Grant access to the DB for the service + mysql_user: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ manila_galera_address }}" + name: "{{ manila_galera_user }}" + password: "{{ manila_container_mysql_password }}" + host: "{{ item }}" + state: "present" + priv: "{{ manila_galera_database }}.*:ALL" + delegate_to: "{{ manila_db_setup_host }}" + with_items: + - "localhost" + - "%" + no_log: True + +- name: Perform a manila DB sync + command: "{{ manila_bin }}/manila-manage db sync" + become: yes + become_user: "{{ manila_system_user_name }}" + changed_when: false + +- name: Perform online data migrations + command: "{{ manila_bin }}/manila-manage db online_data_migrations" + become: yes + become_user: "{{ manila_system_user_name }}" + when: + - "(manila_all_software_updated | default('no')) | bool" + - "ansible_local['openstack_ansible']['manila']['need_online_data_migrations'] | bool" + changed_when: false + register: data_migrations + +- name: Disable the online migrations requirement + ini_file: + dest: "/etc/ansible/facts.d/openstack_ansible.fact" + section: manila + option: need_online_data_migrations + value: False + when: + - not data_migrations | skipped + - data_migrations is succeeded diff --git a/tasks/manila_install.yml b/tasks/manila_install.yml new file mode 100644 index 0000000..ce1bac2 --- /dev/null +++ b/tasks/manila_install.yml @@ -0,0 +1,83 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Record the installation method + ini_file: + dest: "/etc/ansible/facts.d/openstack_ansible.fact" + section: "manila" + option: "install_method" + value: "{{ manila_install_method }}" + +- name: Refresh local facts to ensure the manila section is present + setup: + filter: ansible_local + gather_subset: "!all" + +- name: Install distro packages + package: + name: "{{ manila_package_list }}" + state: "{{ manila_package_state }}" + update_cache: "{{ (ansible_pkg_mgr in ['apt', 'zypper']) | ternary('yes', omit) }}" + cache_valid_time: "{{ (ansible_pkg_mgr == 'apt') | ternary(cache_timeout, omit) }}" + register: install_packages + until: install_packages is success + retries: 5 + delay: 2 + +- name: Install manila packages from PIP + include_tasks: manila_install_source.yml + when: manila_install_method == 'source' + +- name: Run the systemd service role + include_role: + name: systemd_service + private: true + vars: + systemd_user_name: "{{ manila_system_user_name }}" + systemd_group_name: "{{ manila_system_group_name }}" + systemd_tempd_prefix: openstack + systemd_slice_name: manila + systemd_lock_path: /var/lock/manila + systemd_CPUAccounting: true + systemd_BlockIOAccounting: true + systemd_MemoryAccounting: true + systemd_TasksAccounting: true + systemd_services: + - service_name: "{{ service_var.service_name }}" + enabled: yes + state: started + execstarts: "{{ service_var.execstarts }}" + execreloads: "{{ service_var.execreloads | default([]) }}" + config_overrides: "{{ manila_environment_overrides | combine(service_var.init_config_overrides) }}" + with_items: "{{ filtered_manila_services }}" + loop_control: + loop_var: service_var + tags: + - manila-config + - systemd-service + +- name: Set the upgrade facts + ini_file: + dest: "/etc/ansible/facts.d/openstack_ansible.fact" + section: manila + option: "{{ item }}" + value: true + with_items: + - "need_online_data_migrations" + - "need_service_restart" + when: + (install_packages | changed) or + ('need_online_data_migrations' not in ansible_local['openstack_ansible']['manila']) or + ('need_service_restart' not in ansible_local['openstack_ansible']['manila']) diff --git a/tasks/manila_install_source.yml b/tasks/manila_install_source.yml new file mode 100644 index 0000000..99d6738 --- /dev/null +++ b/tasks/manila_install_source.yml @@ -0,0 +1,71 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# TODO(odyssey4me): +# This can be simplified once all the roles are using +# python_venv_build. We can then switch to using a +# set of constraints in pip.conf inside the venv, +# perhaps prepared by giving a giving a list of +# constraints to the role. +- name: Create developer mode constraint file + copy: + dest: "/opt/developer-pip-constraints.txt" + content: | + {% for item in manila_developer_constraints %} + {{ item }} + {% endfor %} + when: manila_developer_mode | bool + +- name: Ensure remote wheel building is disabled in developer mode + set_fact: + venv_build_host: "{{ ansible_hostname }}" + when: + - manila_developer_mode | bool + +- name: Install the python venv + include_role: + name: "python_venv_build" + private: yes + vars: + venv_build_distro_package_list: "{{ manila_devel_distro_packages }}" + venv_install_destination_path: "{{ manila_bin | dirname }}" + venv_install_distro_package_list: "{{ manila_distro_packages }}" + venv_pip_install_args: "{{ manila_pip_install_args }}" + venv_pip_packages: >- + {{ manila_pip_packages + + (manila_oslomsg_amqp1_enabled | bool) | ternary(manila_optional_oslomsg_amqp1_pip_packages, []) }} + venv_facts_when_changed: + - section: "manila" + option: "need_service_restart" + value: True + - section: "manila" + option: "need_online_data_migrations" + value: True + - section: "manila" + option: "venv_tag" + value: "{{ manila_venv_tag }}" + +- name: Copy manila rootwrap filters + command: >- + rsync --archive --itemize-changes --delete + /openstack/venvs/manila-{{ manila_venv_tag }}/etc/manila/rootwrap.d/ + /etc/manila/rootwrap.d/ + args: + warn: no + register: _copy_rootwraps + changed_when: _copy_rootwraps.stdout != '' + notify: + - Manage LB + - Restart manila services diff --git a/tasks/manila_lvm_config.yml b/tasks/manila_lvm_config.yml new file mode 100644 index 0000000..60de1ad --- /dev/null +++ b/tasks/manila_lvm_config.yml @@ -0,0 +1,36 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Discover lvm devices + shell: | + /sbin/pvdisplay | awk '/PV\ Name/ {print $3}' | sed 's/\/dev\///g' + register: lvm_devices + changed_when: lvm_devices.rc != 0 + failed_when: false + +- name: Ensure "/etc/lvm" directory + file: + state: "directory" + path: "/etc/lvm" + when: lvm_devices.rc == 0 + +- name: Drop lvm Config + template: + src: "lvm.conf.j2" + dest: "/etc/lvm/lvm.conf" + owner: "root" + group: "root" + backup: "yes" + when: lvm_devices.rc == 0 diff --git a/tasks/manila_post_install.yml b/tasks/manila_post_install.yml new file mode 100644 index 0000000..4d78814 --- /dev/null +++ b/tasks/manila_post_install.yml @@ -0,0 +1,52 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Copy manila configs + config_template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "root" + group: "{{ item.group|default(manila_system_group_name) }}" + mode: "0640" + config_overrides: "{{ item.config_overrides }}" + config_type: "{{ item.config_type }}" + with_items: + - src: "manila.conf.j2" + dest: "/etc/manila/manila.conf" + config_overrides: "{{ manila_manila_conf_overrides }}" + config_type: "ini" + - src: "api-paste.ini.j2" + dest: "/etc/manila/api-paste.ini" + config_overrides: "{{ manila_api_paste_ini_overrides }}" + config_type: "ini" + - src: "rootwrap.conf.j2" + dest: "/etc/manila/rootwrap.conf" + config_overrides: "{{ manila_rootwrap_conf_overrides }}" + config_type: "ini" + - src: "policy.json.j2" + dest: "/etc/manila/policy.json-{{ manila_venv_tag }}" + config_overrides: "{{ manila_policy_overrides }}" + config_type: "json" + notify: + - Manage LB + - Restart manila services + +- name: Drop sudoers file + template: + src: "sudoers.j2" + dest: "/etc/sudoers.d/{{ manila_system_user_name }}_sudoers" + mode: "0440" + owner: "root" + group: "root" diff --git a/tasks/manila_pre_install.yml b/tasks/manila_pre_install.yml new file mode 100644 index 0000000..099fbf2 --- /dev/null +++ b/tasks/manila_pre_install.yml @@ -0,0 +1,47 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: create the system group + group: + name: "{{ manila_system_group_name }}" + gid: "{{ manila_system_group_gid|default(omit) }}" + state: "present" + system: "yes" + +- name: Create the manila system user + user: + name: "{{ manila_system_user_name }}" + uid: "{{ manila_system_user_uid|default(omit) }}" + group: "{{ manila_system_group_name }}" + comment: "{{ manila_system_comment }}" + shell: "{{ manila_system_shell }}" + system: "yes" + createhome: "yes" + home: "{{ manila_system_home_folder }}" + +- name: Create manila dir + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner|default(manila_system_user_name) }}" + group: "{{ item.group|default(manila_system_group_name) }}" + mode: "{{ item.mode|default('0755') }}" + with_items: + - { path: "/openstack", mode: "0755", owner: "root", group: "root" } + - { path: "/var/cache/manila", mode: "0700" } + - { path: "/etc/manila", mode: "0750" } + - { path: "/etc/manila/rootwrap.d", owner: "root", group: "root", mode: "0750" } + - { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" } + - { path: "{{ manila_system_home_folder }}" } diff --git a/tasks/manila_service_setup.yml b/tasks/manila_service_setup.yml new file mode 100644 index 0000000..e828f4f --- /dev/null +++ b/tasks/manila_service_setup.yml @@ -0,0 +1,120 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# We set the python interpreter to the ansible runtime venv if +# the delegation is to localhost so that we get access to the +# appropriate python libraries in that venv. If the delegation +# is to another host, we assume that it is accessible by the +# system python instead. +- name: Setup the service + delegate_to: "{{ manila_service_setup_host }}" + vars: + ansible_python_interpreter: >- + {{ (manila_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable']) }} + block: + - name: Add services to the keystone service catalog + os_keystone_service: + cloud: default + state: "{{ item.state }}" + name: "{{ item.name }}" + service_type: "{{ item.service_type }}" + description: "{{ item.description }}" + endpoint_type: admin + verify: "{{ not keystone_service_adminuri_insecure }}" + register: add_service + until: add_service is success + retries: 5 + delay: 10 + with_items: + - name: "{{ manila_service_name }}" + service_type: "{{ manila_service_type }}" + description: "{{ manila_service_description }}" + state: present + - name: "{{ manila_service_v2_name }}" + service_type: "{{ manila_service_v2_type }}" + description: "{{ manila_service_v2_description }}" + state: "{{ (manila_enable_v2_api | bool) | ternary('present', 'absent') }}" + + - name: Add service user + os_user: + cloud: default + state: present + name: "{{ manila_service_user_name }}" + password: "{{ manila_service_password }}" + domain: default + default_project: "{{ manila_service_project_name }}" + endpoint_type: admin + verify: "{{ not keystone_service_adminuri_insecure }}" + register: add_service + when: not manila_service_in_ldap | bool + until: add_service is success + retries: 5 + delay: 10 + no_log: True + + - name: Add service user to admin role + os_user_role: + cloud: default + state: present + user: "{{ manila_service_user_name }}" + role: "{{ manila_service_role_name }}" + project: "{{ manila_service_project_name }}" + endpoint_type: admin + verify: "{{ not keystone_service_adminuri_insecure }}" + register: add_service + when: not manila_service_in_ldap | bool + until: add_service is success + retries: 5 + delay: 10 + + - name: Add endpoints to keystone endpoint catalog + os_keystone_endpoint: + cloud: default + state: "{{ item.state }}" + service: "{{ item.service }}" + endpoint_interface: "{{ item.interface }}" + url: "{{ item.url }}" + region: "{{ manila_service_region }}" + endpoint_type: admin + verify: "{{ not keystone_service_adminuri_insecure }}" + register: add_service + until: add_service is success + retries: 5 + delay: 10 + with_items: + - service: "{{ manila_service_name }}" + interface: "public" + url: "{{ manila_service_publicurl }}" + state: present + - service: "{{ manila_service_name }}" + interface: "internal" + url: "{{ manila_service_internalurl }}" + state: present + - service: "{{ manila_service_name }}" + interface: "admin" + url: "{{ manila_service_adminurl }}" + state: present + - service: "{{ manila_service_v2_name }}" + interface: "public" + url: "{{ manila_service_v2_publicurl }}" + state: "{{ (manila_enable_v2_api | bool) | ternary('present', 'absent') }}" + - service: "{{ manila_service_v2_name }}" + interface: "internal" + url: "{{ manila_service_v2_internalurl }}" + state: "{{ (manila_enable_v2_api | bool) | ternary('present', 'absent') }}" + - service: "{{ manila_service_v2_name }}" + interface: "admin" + url: "{{ manila_service_v2_adminurl }}" + state: "{{ (manila_enable_v2_api | bool) | ternary('present', 'absent') }}" diff --git a/tasks/manila_uwsgi.yml b/tasks/manila_uwsgi.yml new file mode 100644 index 0000000..32cde77 --- /dev/null +++ b/tasks/manila_uwsgi.yml @@ -0,0 +1,33 @@ +--- +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Ensure uWSGI directory exists + file: + path: "/etc/uwsgi/" + state: directory + mode: "0711" + +- name: Apply uWSGI configuration + config_template: + src: "manila-uwsgi.ini.j2" + dest: "/etc/uwsgi/{{ item.service_name }}.ini" + mode: "0744" + config_overrides: "{{ item.wsgi_overrides }}" + config_type: ini + with_items: "{{ filtered_manila_services }}" + when: item.wsgi_app | default(False) + notify: + - Manage LB + - Restart manila services diff --git a/tasks/mq_setup.yml b/tasks/mq_setup.yml new file mode 100644 index 0000000..b5f4766 --- /dev/null +++ b/tasks/mq_setup.yml @@ -0,0 +1,83 @@ +--- +# Copyright 2018, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# WARNING: +# This file is maintained in the openstack-ansible-tests repository. +# https://git.openstack.org/cgit/openstack/openstack-ansible-tests/tree/sync/tasks/mq_setup.yml +# If you need to modify this file, update the one in the openstack-ansible-tests +# repository. Once it merges there, the changes will automatically be proposed to +# all the repositories which use it. + +- name: Setup RPC MQ Service (RabbitMQ) + delegate_to: "{{ _oslomsg_rpc_setup_host }}" + when: + - "(_oslomsg_configure_rpc | default(_oslomsg_rpc_transport is defined))" + - "(_oslomsg_rpc_transport is defined) and (_oslomsg_rpc_transport == 'rabbit')" + tags: + - common-rabbitmq + block: + - name: Add RPC RabbitMQ vhost + rabbitmq_vhost: + name: "{{ _oslomsg_rpc_vhost }}" + state: "present" + + - name: Add RPC RabbitMQ user + rabbitmq_user: + user: "{{ _oslomsg_rpc_userid }}" + password: "{{ _oslomsg_rpc_password }}" + vhost: "{{ _oslomsg_rpc_vhost }}" + configure_priv: ".*" + read_priv: ".*" + write_priv: ".*" + state: "present" + force: true + no_log: true + +- name: Setup Notify MQ Service (RabbitMQ) + delegate_to: "{{ _oslomsg_notify_setup_host }}" + when: + - "(_oslomsg_configure_notify | default(_oslomsg_notify_transport is defined))" + - "(_oslomsg_notify_transport is defined) and (_oslomsg_notify_transport == 'rabbit')" + tags: + - common-rabbitmq + block: + - name: Add Notify RabbitMQ vhost + rabbitmq_vhost: + name: "{{ _oslomsg_notify_vhost }}" + state: "present" + + - name: Add Notify RabbitMQ user + rabbitmq_user: + user: "{{ _oslomsg_notify_userid }}" + password: "{{ _oslomsg_notify_password }}" + vhost: "{{ _oslomsg_notify_vhost }}" + configure_priv: ".*" + read_priv: ".*" + write_priv: ".*" + state: "present" + force: true + no_log: true + +- name: Setup RPC MQ Service (Qdrouterd) + delegate_to: "{{ _oslomsg_rpc_setup_host }}" + when: + - "(_oslomsg_configure_rpc | default(_oslomsg_rpc_transport is defined))" + - "(_oslomsg_rpc_transport is defined) and (_oslomsg_rpc_transport == 'amqp')" + tags: + - common-qdrouterd + block: + - name: Add RPC Qdrouterd user + shell: "echo {{ _oslomsg_rpc_password }} | saslpasswd2 -c -p -f /var/lib/qdrouterd/qdrouterd.sasldb -u AMQP {{ _oslomsg_rpc_userid }}" + no_log: true diff --git a/templates/api-paste.ini.j2 b/templates/api-paste.ini.j2 new file mode 100644 index 0000000..42395c1 --- /dev/null +++ b/templates/api-paste.ini.j2 @@ -0,0 +1,59 @@ +############# +# OpenStack # +############# + +[composite:osapi_share] +use = call:manila.api:root_app_factory +/: apiversions +/v1: openstack_share_api +/v2: openstack_share_api_v2 + +[composite:openstack_share_api] +use = call:manila.api.middleware.auth:pipeline_factory +noauth = cors faultwrap http_proxy_to_wsgi sizelimit noauth api +keystone = cors faultwrap http_proxy_to_wsgi sizelimit authtoken keystonecontext api +keystone_nolimit = cors faultwrap http_proxy_to_wsgi sizelimit authtoken keystonecontext api + +[composite:openstack_share_api_v2] +use = call:manila.api.middleware.auth:pipeline_factory +noauth = cors faultwrap http_proxy_to_wsgi sizelimit noauth apiv2 +keystone = cors faultwrap http_proxy_to_wsgi sizelimit authtoken keystonecontext apiv2 +keystone_nolimit = cors faultwrap http_proxy_to_wsgi sizelimit authtoken keystonecontext apiv2 + +[filter:faultwrap] +paste.filter_factory = manila.api.middleware.fault:FaultWrapper.factory + +[filter:noauth] +paste.filter_factory = manila.api.middleware.auth:NoAuthMiddleware.factory + +[filter:sizelimit] +paste.filter_factory = oslo_middleware.sizelimit:RequestBodySizeLimiter.factory + +[filter:http_proxy_to_wsgi] +paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory + +[app:api] +paste.app_factory = manila.api.v1.router:APIRouter.factory + +[app:apiv2] +paste.app_factory = manila.api.v2.router:APIRouter.factory + +[pipeline:apiversions] +pipeline = cors faultwrap http_proxy_to_wsgi osshareversionapp + +[app:osshareversionapp] +paste.app_factory = manila.api.versions:VersionsRouter.factory + +########## +# Shared # +########## + +[filter:keystonecontext] +paste.filter_factory = manila.api.middleware.auth:ManilaKeystoneContext.factory + +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory + +[filter:cors] +paste.filter_factory = oslo_middleware.cors:filter_factory +oslo_config_project = manila diff --git a/templates/lvm.conf.j2 b/templates/lvm.conf.j2 new file mode 100644 index 0000000..14f7338 --- /dev/null +++ b/templates/lvm.conf.j2 @@ -0,0 +1,123 @@ +# {{ ansible_managed }} + +{% set used_lvm_devices = [] %} +{% set lv_devices = lvm_devices.stdout.split('\n') %} +{% if lv_devices|length > 0 %} + {% for net in lv_devices %} + {% if net != '' %} + {% set lv_device = '"a/' + net + '/"' %} + {% if used_lvm_devices.append(lv_device) %}{% endif %} + {% endif %} + {% endfor %} +{% endif %} + +# Ansible Discovered LVM Devices {{ lv_devices }} + +{% if used_lvm_devices|length <= 0 %} + {# If there are no LVM devices present, allow all devices to be scanned #} + {% if used_lvm_devices.append('"a/.*/"') %}{% endif %} +{% else %} + {# Append 'loop.*' to the list to help with AIO deployments. #} + {% if used_lvm_devices.append('"a/loop.*/"') %}{% endif %} + {# Disable scanning any other devices than the ones listed. #} + {% if used_lvm_devices.append('"r/.*/"') %}{% endif %} +{% endif %} + +devices { + dir = "/dev" + scan = [ "/dev" ] + obtain_device_list_from_udev = 1 + preferred_names = [ ] + filter = [ {{ used_lvm_devices|join(', ') }} ] + cache_dir = "/run/lvm" + cache_file_prefix = "" + write_cache_state = 1 + sysfs_scan = 1 + multipath_component_detection = 1 + md_component_detection = 1 + md_chunk_alignment = 1 + data_alignment_detection = 1 + data_alignment = 0 + data_alignment_offset_detection = 1 + ignore_suspended_devices = 0 + disable_after_error_count = 0 + require_restorefile_with_uuid = 1 + pv_min_size = 2048 + issue_discards = 1 +} +allocation { + maximise_cling = 1 + mirror_logs_require_separate_pvs = 0 + thin_pool_metadata_require_separate_pvs = 0 +} +log { + verbose = 0 + silent = 0 + syslog = 1 + overwrite = 0 + level = 0 + indent = 1 + command_names = 0 + prefix = " " +} +data { + data = 1 + data_dir = "/etc/lvm/data" + archive = 1 + archive_dir = "/etc/lvm/archive" + retain_min = 10 + retain_days = 30 +} +shell { + history_size = 100 +} +global { + umask = 077 + test = 0 + units = "h" + si_unit_consistency = 1 + activation = 1 + proc = "/proc" + locking_type = 1 + wait_for_locks = 1 + fallback_to_clustered_locking = 1 + fallback_to_local_locking = 1 + locking_dir = "/run/lock/lvm" + prioritise_write_locks = 1 + abort_on_internal_errors = 0 + detect_internal_vg_cache_corruption = 0 + metadata_read_only = 0 + mirror_segtype_default = "mirror" + use_lvmetad = 0 + thin_check_executable = "/usr/sbin/thin_check" + thin_check_options = [ "-q" ] +} +activation { + checks = 0 + udev_sync = 1 + udev_rules = 1 + verify_udev_operations = 0 + retry_deactivation = 1 + missing_stripe_filler = "error" + use_linear_target = 1 + reserved_stack = 64 + reserved_memory = 8192 + process_priority = -18 + mirror_region_size = 512 + readahead = "auto" + raid_fault_policy = "warn" + mirror_log_fault_policy = "allocate" + mirror_image_fault_policy = "remove" + snapshot_autoextend_threshold = 100 + snapshot_autoextend_percent = 20 + thin_pool_autoextend_threshold = 100 + thin_pool_autoextend_percent = 20 + use_mlockall = 0 + monitoring = 0 + polling_interval = 15 +} +dmeventd { + mirror_library = "libdevmapper-event-lvm2mirror.so" + snapshot_library = "libdevmapper-event-lvm2snapshot.so" + thin_library = "libdevmapper-event-lvm2thin.so" +} diff --git a/templates/manila-uwsgi.ini.j2 b/templates/manila-uwsgi.ini.j2 new file mode 100644 index 0000000..5923fab --- /dev/null +++ b/templates/manila-uwsgi.ini.j2 @@ -0,0 +1,25 @@ +[uwsgi] +uid = {{ manila_system_user_name }} +gid = {{ manila_system_group_name }} + +{% if manila_install_method == 'source' %} +virtualenv = /openstack/venvs/manila-{{ manila_venv_tag }} +{% endif %} +wsgi-file = {{ manila_bin }}/{{ item.wsgi_name }} +http = {{ item.uwsgi_bind_address }}:{{ item.uwsgi_port }} + +master = true +enable-threads = true +processes = {{ manila_wsgi_processes }} +threads = {{ manila_wsgi_threads }} +exit-on-reload = false +die-on-term = true +lazy-apps = true +add-header = Connection: close +buffer-size = {{ manila_wsgi_buffer_size }} +thunder-lock = true +logfile-chmod = 644 +pidfile = /var/run/{{ item.service_name }}/{{ item.service_name }}.pid + +# Avoid filling up the logs with health check requests from haproxy. +route-user-agent = ^osa-haproxy-healthcheck$ donotlog: diff --git a/templates/manila.conf.j2 b/templates/manila.conf.j2 new file mode 100644 index 0000000..0032490 --- /dev/null +++ b/templates/manila.conf.j2 @@ -0,0 +1,129 @@ +# {{ ansible_managed }} + +[DEFAULT] +use_journal = True +# Disable stderr logging +use_stderr = False +debug = {{ debug }} +fatal_deprecations = {{ manila_fatal_deprecations }} +my_ip = {{ manila_management_address }} + +default_share_type = {{ manila_default_share_type }} +share_name_template = {{ manila_share_name_template }} + +osapi_share_workers = {{ manila_osapi_share_workers }} + +rootwrap_config = /etc/manila/rootwrap.conf +api_paste_config = /etc/manila/api-paste.ini +auth_strategy = {{ manila_auth_strategy }} + +## RabbitMQ RPC +executor_thread_pool_size = {{ manila_rpc_executor_thread_pool_size }} +rpc_response_timeout = {{ manila_rpc_response_timeout }} + +transport_url = {{ manila_oslomsg_rpc_transport }}://{% for host in manila_oslomsg_rpc_servers.split(',') %}{{ manila_oslomsg_rpc_userid }}:{{ manila_oslomsg_rpc_password }}@{{ host }}:{{ manila_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ manila_oslomsg_rpc_vhost }}{% if manila_oslomsg_rpc_use_ssl | bool %}?ssl=1{% else %}?ssl=0{% endif %}{% endif %}{% endfor %} + +## Quota +quota_shares = {{ manila_quota_shares }} +quota_snapshots = {{ manila_quota_snapshots }} +quota_gigabytes = {{ manila_quota_gigabytes }} +quota_snapshot_gigabytes = {{ manila_quota_snapshot_gigabytes }} +quota_share_networks = {{ manila_quota_share_networks }} + +os_region_name = {{ manila_service_region }} + +storage_availability_zone = {{ manila_storage_availability_zone }} + +client_socket_timeout = {{ manila_client_socket_timeout }} + +{% if manila_enabled_share_protocols is defined %} +enabled_share_protocols={{ manila_enabled_share_protocols }} +{% endif %} + +{% if manila_backends is defined %} +enabled_share_backends={% for backend in manila_backends|dictsort %}{{ backend.0 }}{% if not loop.last %},{% endif %}{% endfor %} + +# All given backend(s) +{% for backend_section in manila_backends|dictsort %} +[{{ backend_section.0 }}] +{% for key, value in (backend_section.1 | dictsort) if key not in ['extra_share_types', 'shares'] %} +{{ key }}={{ value }} +{% endfor %} + +{% endfor %} +{% endif %} + +[database] +connection = mysql+pymysql://{{ manila_galera_user }}:{{ manila_container_mysql_password }}@{{ manila_galera_address }}/{{ manila_galera_database }}?charset=utf8{% if manila_galera_use_ssl | bool %}&ssl_ca={{ manila_galera_ssl_ca_cert }}{% endif %} + +[oslo_messaging_rabbit] +ssl = {{ manila_oslomsg_rpc_use_ssl }} + +[oslo_messaging_notifications] +driver = {% if manila_ceilometer_enabled %}messagingv2{% else %}noop{% endif %} +transport_url = {{ manila_oslomsg_notify_transport }}://{% for host in manila_oslomsg_notify_servers.split(',') %}{{ manila_oslomsg_notify_userid }}:{{ manila_oslomsg_notify_password }}@{{ host }}:{{ manila_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ manila_oslomsg_notify_vhost }}{% if manila_oslomsg_notify_use_ssl | bool %}?ssl=1{% else %}?ssl=0{% endif %}{% endif %}{% endfor %} + +[oslo_concurrency] +lock_path = {{ manila_lock_path }} + +[profiler] +enabled = {{ manila_profiler_enabled }} +trace_sqlalchemy = {{ manila_profiler_trace_sqlalchemy }} +hmac_keys = {{ manila_profiler_hmac_key }} + +[keystone_authtoken] +insecure = {{ keystone_service_internaluri_insecure | bool }} +auth_type = {{ manila_keystone_auth_plugin }} +auth_url = {{ keystone_service_adminurl }} +www_authenticate_uri = {{ keystone_service_internaluri }} +project_domain_id = {{ manila_service_project_domain_id }} +user_domain_id = {{ manila_service_user_domain_id }} +project_name = {{ manila_service_project_name }} +username = {{ manila_service_user_name }} +password = {{ manila_service_password }} +region_name = {{ keystone_service_region }} + +memcached_servers = {{ memcached_servers }} + +token_cache_time = 300 + +# if your memcached server is shared, use these settings to avoid cache poisoning +memcache_security_strategy = ENCRYPT +memcache_secret_key = {{ memcached_encryption_key }} + +[neutron] +url = http://{{ internal_lb_vip_address }}:9696 +www_authenticate_uri = {{ keystone_service_internaluri }} +auth_url = {{ keystone_service_adminurl }} +memcached_servers = {{ memcached_servers }} +auth_type = {{ manila_keystone_auth_plugin }} +project_domain_name = {{ neutron_service_domain_name | default("Default") }} +user_domain_name = {{ neutron_service_domain_name | default("Default") }} +region_name = {{ neutron_service_region }} +project_name = {{ neutron_service_project_name }} +username = {{ neutron_service_user_name }} +password = {{ neutron_service_password }} + +[nova] +www_authenticate_uri = {{ keystone_service_internaluri }} +auth_url = {{ keystone_service_adminurl }} +memcached_servers = {{ memcached_servers }} +auth_type = {{ manila_keystone_auth_plugin }} +project_domain_name = {{ nova_service_domain_name | default("Default") }} +user_domain_name = {{ nova_service_domain_name | default("Default") }} +region_name = {{ nova_service_region }} +project_name = {{ nova_service_project_name }} +username = {{ nova_service_user_name }} +password = {{ nova_service_password }} + +[cinder] +www_authenticate_uri = {{ keystone_service_internaluri }} +auth_url = {{ keystone_service_adminurl }} +memcached_servers = {{ memcached_servers }} +auth_type = {{ manila_keystone_auth_plugin }} +project_domain_name = {{ cinder_service_domain_name | default("Default") }} +user_domain_name = {{ cinder_service_domain_name | default("Default") }} +region_name = {{ cinder_service_region | default("RegionOne") }} +project_name = {{ cinder_service_project_name | default("service") }} +username = {{ cinder_service_user_name | default("cinder") }} +password = {{ cinder_service_password | default("secrete") }} diff --git a/templates/policy.json.j2 b/templates/policy.json.j2 new file mode 100644 index 0000000..0967ef4 --- /dev/null +++ b/templates/policy.json.j2 @@ -0,0 +1 @@ +{} diff --git a/templates/rootwrap.conf.j2 b/templates/rootwrap.conf.j2 new file mode 100644 index 0000000..fa67b19 --- /dev/null +++ b/templates/rootwrap.conf.j2 @@ -0,0 +1,27 @@ +# Configuration for manila-rootwrap +# This file should be owned by (and only-writeable by) the root user + +[DEFAULT] +# List of directories to load filter definitions from (separated by ','). +# These directories MUST all be only writeable by root ! +filters_path=/etc/manila/rootwrap.d,/usr/share/manila/rootwrap,/usr/share/manila-common/rootwrap.d + +# List of directories to search executables in, in case filters do not +# explicitly specify a full path (separated by ',') +# If not specified, defaults to system PATH environment variable. +# These directories MUST all be only writeable by root ! +exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/sbin,/usr/local/bin,/usr/lpp/mmfs/bin + +# Enable logging to syslog +# Default value is False +use_syslog=False + +# Which syslog facility to use. +# Valid values include auth, authpriv, syslog, user0, user1... +# Default value is 'syslog' +syslog_log_facility=syslog + +# Which messages to log. +# INFO means log all usage +# ERROR means only log unsuccessful attempts +syslog_log_level=ERROR diff --git a/templates/sudoers.j2 b/templates/sudoers.j2 new file mode 100644 index 0000000..fbca568 --- /dev/null +++ b/templates/sudoers.j2 @@ -0,0 +1,6 @@ +# {{ ansible_managed }} + +Defaults:{{ manila_system_user_name }} !requiretty +Defaults:{{ manila_system_user_name }} secure_path="{{ manila_bin }}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + +{{ manila_system_user_name }} ALL = (root) NOPASSWD: {{ manila_bin }}/{{ manila_service_name }}-rootwrap diff --git a/tests/ansible-role-requirements.yml b/tests/ansible-role-requirements.yml new file mode 100644 index 0000000..c2d28fa --- /dev/null +++ b/tests/ansible-role-requirements.yml @@ -0,0 +1,81 @@ +--- +- name: apt_package_pinning + src: https://git.openstack.org/openstack/openstack-ansible-apt_package_pinning + scm: git + version: master +- name: pip_install + src: https://git.openstack.org/openstack/openstack-ansible-pip_install + scm: git + version: master +- name: memcached_server + src: https://git.openstack.org/openstack/openstack-ansible-memcached_server + scm: git + version: master +- name: lxc_hosts + src: https://git.openstack.org/openstack/openstack-ansible-lxc_hosts + scm: git + version: master +- name: lxc_container_create + src: https://git.openstack.org/openstack/openstack-ansible-lxc_container_create + scm: git + version: master +- name: galera_client + src: https://git.openstack.org/openstack/openstack-ansible-galera_client + scm: git + version: master +- name: galera_server + src: https://git.openstack.org/openstack/openstack-ansible-galera_server + scm: git + version: master +- name: rabbitmq_server + src: https://git.openstack.org/openstack/openstack-ansible-rabbitmq_server + scm: git + version: master +- name: openstack_openrc + src: https://git.openstack.org/openstack/openstack-ansible-openstack_openrc + scm: git + version: master +- name: os_keystone + src: https://git.openstack.org/openstack/openstack-ansible-os_keystone + scm: git + version: master +- name: os_glance + src: https://git.openstack.org/openstack/openstack-ansible-os_glance + scm: git + version: master +- name: etcd # dependency of os_neutron role + scm: git + src: https://github.com/logan2211/ansible-etcd + version: master +- name: os_nova + src: https://git.openstack.org/openstack/openstack-ansible-os_nova + scm: git + version: master +- name: os_neutron + src: https://git.openstack.org/openstack/openstack-ansible-os_neutron + scm: git + version: master +- name: os_cinder + src: https://git.openstack.org/openstack/openstack-ansible-os_cinder + scm: git + version: master +- name: os_tempest + src: https://git.openstack.org/openstack/openstack-ansible-os_tempest + scm: git + version: master +- name: openstack_hosts + src: https://git.openstack.org/openstack/openstack-ansible-openstack_hosts + scm: git + version: master +- name: ceph_client + src: https://git.openstack.org/openstack/openstack-ansible-ceph_client + scm: git + version: master +- name: systemd_service + src: https://git.openstack.org/openstack/ansible-role-systemd_service + scm: git + version: master +- name: python_venv_build + src: https://git.openstack.org/openstack/ansible-role-python_venv_build + scm: git + version: master diff --git a/tests/cinder-initiator.yml b/tests/cinder-initiator.yml new file mode 100644 index 0000000..ee5d533 --- /dev/null +++ b/tests/cinder-initiator.yml @@ -0,0 +1,18 @@ +--- +- name: Set iSCSI InitiatorName + hosts: storage1 + remote_user: root + gather_facts: false + any_errors_fatal: true + tasks: + - name: Get iSCSI InitiatorName + command: /usr/sbin/iscsi-iname + register: initiator_name + tags: + - skip_ansible_lint + + - name: Write iSCSI InitiatorName + lineinfile: + path: /etc/iscsi/initiatorname.iscsi + regexp: '^InitiatorName=' + line: "InitiatorName={{ initiator_name.stdout }}" diff --git a/tests/group_vars/all_containers.yml b/tests/group_vars/all_containers.yml new file mode 100644 index 0000000..0a2006e --- /dev/null +++ b/tests/group_vars/all_containers.yml @@ -0,0 +1,36 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +container_networks: + management_address: + address: "{{ ansible_host }}" + bridge: "br-mgmt" + interface: "eth1" + netmask: "255.255.255.0" + type: "veth" + tunnel_address: + address: "{{ tunnel_address }}" + bridge: "br-vxlan" + interface: "eth2" + netmask: "255.255.255.0" + type: "veth" + vlan_address: + bridge: "br-vlan" + interface: "eth12" + netmask: null + type: "veth" +physical_host: localhost +properties: + service_name: "{{ inventory_hostname }}" diff --git a/tests/host_vars/infra1.yml b/tests/host_vars/infra1.yml new file mode 100644 index 0000000..5d13742 --- /dev/null +++ b/tests/host_vars/infra1.yml @@ -0,0 +1,20 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ansible_host: 10.1.1.101 +ansible_become: True +ansible_user: root +container_name: infra1 +tunnel_address: 10.1.2.101 diff --git a/tests/host_vars/localhost.yml b/tests/host_vars/localhost.yml new file mode 100644 index 0000000..f88d96b --- /dev/null +++ b/tests/host_vars/localhost.yml @@ -0,0 +1,23 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +bridges: + - name: "br-mgmt" + ip_addr: "10.1.1.1" + - name: "br-vxlan" + ip_addr: "10.1.2.1" + - name: "br-vlan" + ip_addr: "10.1.3.1" + veth_peer: "eth12" diff --git a/tests/host_vars/manila1.yml b/tests/host_vars/manila1.yml new file mode 100644 index 0000000..b0a493a --- /dev/null +++ b/tests/host_vars/manila1.yml @@ -0,0 +1,20 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ansible_host: 10.1.1.103 +ansible_become: True +ansible_user: root +container_name: manila1 +tunnel_address: 10.1.2.103 diff --git a/tests/host_vars/openstack1.yml b/tests/host_vars/openstack1.yml new file mode 100644 index 0000000..86dc31f --- /dev/null +++ b/tests/host_vars/openstack1.yml @@ -0,0 +1,25 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +neutron_provider_networks: + network_types: "vxlan,flat" + network_mappings: "flat:eth12" + network_vxlan_ranges: "1:1000" +ansible_host: 10.1.1.102 +ansible_become: True +ansible_user: root +container_name: openstack1 +tunnel_address: 10.1.2.102 +neutron_local_ip: 10.1.2.102 diff --git a/tests/host_vars/storage1.yml b/tests/host_vars/storage1.yml new file mode 100644 index 0000000..a831709 --- /dev/null +++ b/tests/host_vars/storage1.yml @@ -0,0 +1,28 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ansible_host: "10.1.1.1" +neutron_local_ip: 10.1.2.1 +neutron_provider_networks: + network_types: "vxlan,flat" + network_mappings: "flat:eth12" + network_vxlan_ranges: "1:1000" + +cinder_backends: + lvm: + volume_backend_name: LVM_iSCSI + volume_driver: cinder.volume.drivers.lvm.LVMVolumeDriver + volume_group: cinder-volumes + iscsi_ip_address: "{{ cinder_storage_address }}" diff --git a/tests/inventory b/tests/inventory new file mode 100644 index 0000000..ae4592d --- /dev/null +++ b/tests/inventory @@ -0,0 +1,151 @@ +[all] +localhost +infra1 +openstack1 +manila1 +storage1 + +[all_containers] +infra1 +openstack1 +manila1 + +[oslomsg_rpc_all] +infra1 + +[oslomsg_notify_all] +infra1 + +[rabbitmq_all] +infra1 + +[galera_all] +infra1 + +[memcached_all] +infra1 + +[service_all:children] +rabbitmq_all +galera_all +memcached_all + +[keystone_all] +openstack1 + +[glance_api] +openstack1 + +[glance_registry] +openstack1 + +[glance_all:children] +glance_api +glance_registry + +[neutron_agent] +openstack1 + +[neutron_dhcp_agent] +openstack1 + +[neutron_linuxbridge_agent] +storage1 +openstack1 + +[neutron_openvswitch_agent] + +[neutron_metering_agent] +openstack1 + +[neutron_l3_agent] +openstack1 + +[neutron_lbaas_agent] +openstack1 + +[neutron_metadata_agent] +openstack1 + +[neutron_server] +openstack1 + +[neutron_all:children] +neutron_agent +neutron_dhcp_agent +neutron_linuxbridge_agent +neutron_openvswitch_agent +neutron_metering_agent +neutron_l3_agent +neutron_lbaas_agent +neutron_metadata_agent +neutron_server + +[nova_api_metadata] +openstack1 + +[nova_api_os_compute] +openstack1 + +[nova_compute] +storage1 + +[nova_conductor] +openstack1 + +[nova_console] +openstack1 + +[nova_scheduler] +openstack1 + +[nova_api_placement] +openstack1 + +[nova_all:children] +nova_api_metadata +nova_api_os_compute +nova_compute +nova_conductor +nova_console +nova_scheduler +nova_api_placement + +[cinder_api] +infra1 + +[cinder_scheduler] +infra1 + +[cinder_backup] +infra1 + +[cinder_volume] +storage1 + +[cinder_all:children] +cinder_api +cinder_scheduler +cinder_backup +cinder_volume + +[utility_all] +infra1 + +[manila_api] +manila1 + +[manila_scheduler] +manila1 + +[manila_data] +manila1 + +[manila_share] +storage1 + +[manila_all:children] +manila_api +manila_scheduler +manila_data +manila_share diff --git a/tests/os_manila-overrides.yml b/tests/os_manila-overrides.yml new file mode 100644 index 0000000..e5af97d --- /dev/null +++ b/tests/os_manila-overrides.yml @@ -0,0 +1,133 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +tempest_run: yes +tempest_test_whitelist: + - smoke + - manila_tempest_tests.tests.scenario.test_share_basic_ops +tempest_test_blacklist: + - test: tempest.api.identity + reason: Reducing run time and required resources + - test: tempest.api.image + reason: Reducing run time and required resources + - test: tempest.api.compute + reason: Reducing run time and required resources + - test: tempest.api.network + reason: Reducing run time and required resources + - test: tempest.api.volume + reason: Reducing run time and required resources + - test: tempest.scenario.test_server_basic_ops + reason: Reducing run time and required resources + - test: tempest.scenario.test_network_basic_ops + reason: Reducing run time and required resources +tempest_service_available_manila: True +tempest_plugins: "{{ _tempest_plugins['keystone'] + _tempest_plugins['manila'] }}" + +tempest_tempest_conf_overrides: + share: + image_with_share_tools: manila-service-image + image_password: manila + enable_protocols: nfs + enable_ip_rules_for_protocols: nfs + enable_ro_access_level_for_protocols: nfs + suppress_errors_in_cleanup: true + share_creation_retry_number: 3 + run_ipv6_tests: False + +tempest_images: + - url: "http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img" + checksum: "sha256:e137062a4dfbb4c225971b67781bc52183d14517170e16a3841d16f962ae7470" + format: "qcow2" + name: "cirros" + - url: "http://tarballs.openstack.org/manila-image-elements/images/manila-service-image-master.qcow2" + format: "qcow2" + name: "manila-service-image" + +tempest_flavors: + - name: tempest1 + id: 201 + ram: 256 + disk: 1 + vcpus: 1 + - name: tempest2 + id: 202 + ram: 512 + disk: 1 + vcpus: 1 + - name: manila-service-flavor + id: 100 + ram: 256 + disk: 2 + vcpus: 1 + +neutron_provider_networks: + network_types: "vxlan,flat" + network_mappings: "flat:eth12" + network_vxlan_ranges: "1:1000" + +manila_default_share_type: nfs-share1 +manila_protocols: + - NFS + - CIFS + - CEPHFS + +manila_backends: + nfs-share1: + share_backend_name: NFS_SHARE1 + share_driver: manila.share.drivers.lvm.LVMShareDriver + driver_handles_share_servers: False + lvm_share_volume_group: manila-shares + lvm_share_export_ip: "10.1.1.1" + generic: + share_backend_name: GENERIC + share_driver: manila.share.drivers.generic.GenericShareDriver + driver_handles_share_servers: True + service_instance_flavor_id: 100 + service_image_name: manila-service-image + service_instance_user: manila + service_instance_password: manila + interface_driver: manila.network.linux.interface.BridgeInterfaceDriver + +test_manila_api_group: "{{ ((groups['manila_api'] is defined) and (groups['manila_api'] | length > 0)) | ternary('manila_api', 'all_containers') }}" +test_manila_share_group: "{{ ((groups['manila_share'] is defined) and (groups['manila_share'] | length > 0)) | ternary('manila_share', 'all_containers') }}" +test_manila_api_host: "{{ hostvars[groups[test_manila_api_group][0]]['ansible_host'] }}" +test_manila_share_host: "{{ hostvars[groups[test_manila_share_group][0]]['ansible_host'] }}" +manila_container_mysql_password: "SuperSecrete" +manila_developer_mode: true +manila_git_install_branch: "{{ test_branch }}" +manila_profiler_hmac_key: "secrete" +manila_oslomsg_rpc_password: "{{ oslomsg_rpc_password }}" +manila_oslomsg_notify_password: "{{ oslomsg_notify_password }}" +manila_service_password: "secrete" +manila_venv_tag: "testing" +manila_service_port: 8786 +manila_service_proto: http +manila_service_publicuri: "{{ manila_service_proto }}://{{ test_manila_api_host }}:{{ manila_service_port }}" +manila_service_publicurl: "{{ manila_service_publicuri }}/v1/%(tenant_id)s" +manila_service_adminuri: "{{ manila_service_proto }}://{{ test_manila_api_host }}:{{ manila_service_port }}" +manila_service_adminurl: "{{ manila_service_adminuri }}/v1/%(tenant_id)s" +manila_service_internaluri: "{{ manila_service_proto }}://{{ test_manila_api_host }}:{{ manila_service_port }}" +manila_service_internalurl: "{{ manila_service_internaluri }}/v1/%(tenant_id)s" +manila_service_v2_port: 8786 +manila_service_v2_proto: http +manila_service_v2_publicuri: "{{ manila_service_v2_proto }}://{{ tst_manila_api_host }}:{{ manila_service_v2_port }}" +manila_service_v2_publicurl: "{{ manila_service_publicuri }}/v2/%(tenant_id)s" +manila_service_v2_adminuri: "{{ manila_service_v2_proto }}://{{ test_manila_api_host }}:{{ manila_service_v2_port }}" +manila_service_v2_adminurl: "{{ manila_service_adminuri }}/v2/%(tenant_id)s" +manila_service_v2_internaluri: "{{ manila_service_v2_proto }}://{{ test_manila_api_host }}:{{ manila_service_v2_port }}" +manila_service_v2_internalurl: "{{ manila_service_internaluri }}/v2/%(tenant_id)s" +tempest_service_available_manila: "{{ ((groups['manila_all'] is defined) and (groups['manila_all'] | length > 0)) }}" +manila_osapi_share_workers: 2 +manila_wsgi_processes: 2 diff --git a/tests/test-install-manila.yml b/tests/test-install-manila.yml new file mode 100644 index 0000000..ad87338 --- /dev/null +++ b/tests/test-install-manila.yml @@ -0,0 +1,34 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Deploy manila API services + hosts: manila_api + remote_user: root + gather_facts: true + any_errors_fatal: true + vars_files: + - common/test-vars.yml + roles: + - role: "os_manila" + +- name: Deploy the rest of manila + hosts: "manila_all:!manila_api" + remote_user: root + gather_facts: true + any_errors_fatal: true + vars_files: + - common/test-vars.yml + roles: + - role: "os_manila" diff --git a/tests/test-setup-manila-localhost.yml b/tests/test-setup-manila-localhost.yml new file mode 100644 index 0000000..fda9539 --- /dev/null +++ b/tests/test-setup-manila-localhost.yml @@ -0,0 +1,56 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Prepare manila-shares share group + hosts: localhost + # This set of tasks runs against localhost + # and requires root access, but tests run as + # the user running the playbook (zuul). As + # such, we use a local connection and become. + connection: local + become: yes + tasks: + - name: Install lvm2 package + package: + name: lvm2 + + - name: Create sparse Manila file + command: "truncate -s {{ manila_sparse_file_size | default('10G') }} /openstack/{{ manila_sparse_file_name | default('manila') }}.img" + args: + creates: /openstack/manila.img + register: manila_create + + - name: Get a loopback device for manila file + command: losetup -f + when: manila_create is changed + register: manila_losetup + + - name: Create the loopback device + command: "losetup {{ manila_losetup.stdout }} /openstack/manila.img" + when: manila_create is changed + + - name: Make LVM physical share on the manila device + command: "{{ item }}" + when: manila_create is changed + with_items: + - "pvcreate {{ manila_losetup.stdout }}" + - "pvscan" + + - name: Add manila-shares share group + lvg: + vg: "{{ manila_lvm_vg_name | default('manila-shares') }}" + pvs: "{{ manila_losetup.stdout }}" + when: manila_create is changed + diff --git a/tests/test.yml b/tests/test.yml new file mode 100644 index 0000000..3226dd0 --- /dev/null +++ b/tests/test.yml @@ -0,0 +1,50 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Setup the host +- import_playbook: common/test-setup-host.yml + +# Prepare the manila-share VG +- import_playbook: test-setup-manila-localhost.yml + +# Prepare the manila-share VG +- import_playbook: common/test-setup-cinder-localhost.yml + +# Install RabbitMQ/MariaDB +- import_playbook: common/test-install-infra.yml + +# Install Keystone +- import_playbook: common/test-install-keystone.yml + +# Install Glance +- import_playbook: common/test-install-glance.yml + +# Install Neutron +- import_playbook: common/test-install-neutron.yml + +# Install Nova +- import_playbook: common/test-install-nova.yml + +# Install Cinder +- import_playbook: common/test-install-cinder.yml + +# Set iSCSI InitiatorName +- import_playbook: cinder-initiator.yml + +# Install Manila +- import_playbook: test-install-manila.yml + +# Install and execute Tempest +- import_playbook: common/test-install-tempest.yml diff --git a/tox.ini b/tox.ini index d676152..06680b4 100644 --- a/tox.ini +++ b/tox.ini @@ -11,14 +11,17 @@ install_command = commands = /usr/bin/find . -type f -name "*.pyc" -delete passenv = + COMMON_TESTS_PATH HOME - USER http_proxy HTTP_PROXY https_proxy HTTPS_PROXY no_proxy NO_PROXY + TESTING_BRANCH + TESTING_HOME + USER whitelist_externals = bash setenv = @@ -30,6 +33,7 @@ setenv = [testenv:docs] +basepython = python3 deps = -r{toxinidir}/doc/requirements.txt commands= bash -c "rm -rf doc/build" @@ -43,6 +47,7 @@ extensions = .rst [testenv:releasenotes] +basepython = python3 deps = -r{toxinidir}/doc/requirements.txt commands = sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html @@ -50,11 +55,13 @@ commands = # environment used by the -infra templated docs job [testenv:venv] +basepython = python3 commands = {posargs} [testenv:pep8] +basepython = python3 commands = bash -c "{toxinidir}/tests/common/test-pep8.sh" @@ -87,7 +94,16 @@ commands = bash -c "{toxinidir}/tests/common/test-ansible-functional.sh" +[testenv:distro_install] +setenv = + {[testenv]setenv} + ANSIBLE_PARAMETERS=-e @{toxinidir}/tests/common/test-distro_install-vars.yml +commands = + bash -c "{toxinidir}/tests/common/test-ansible-functional.sh" + + [testenv:linters] +basepython = python3 commands = bash -c "{toxinidir}/tests/common/test-ansible-env-prep.sh" {[testenv:pep8]commands} diff --git a/vars/distro_install.yml b/vars/distro_install.yml new file mode 100644 index 0000000..bfca0e2 --- /dev/null +++ b/vars/distro_install.yml @@ -0,0 +1,43 @@ +--- +# Copyright 2018, SUSE Linux GmbH. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# +# Compile a list of the distro packages to install based on +# whether the host is in the host group and the service is +# enabled. +# +manila_package_list: |- + {% set packages = manila_service_distro_packages %} + {% if manila_services['manila-share']['group'] in group_names %} + {% set _ = packages.extend(manila_share_distro_packages) %} + {% if manila_backend_lvm_inuse | bool %} + {% set _ = packages.extend(manila_lvm_share_distro_packages) %} + {% endif %} + {% endif %} + {% if manila_services['manila-api']['group'] in group_names %} + {% set _ = packages.extend(manila_api_distro_packages) %} + {% endif %} + {% if manila_services['manila-scheduler']['group'] in group_names %} + {% set _ = packages.extend(manila_scheduler_distro_packages) %} + {% endif %} + {% if manila_developer_mode | bool %} + {% set _ = packages.extend(manila_devel_distro_packages) %} + {% endif %} + {% if manila_oslomsg_amqp1_enabled | bool %} + {% set _ = packages.extend(manila_oslomsg_amqp1_distro_packages) %} + {% endif %} + {{ packages }} + +_manila_bin: "/usr/bin" diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..13760ca --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,31 @@ +--- +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# +# Compile a list of the services on a host based on whether +# the host is in the host group and the service is enabled. +# The service list is provided in the defined start order. +# +filtered_manila_services: |- + {% set services = [] %} + {% for key, value in manila_services.items() %} + {% if (value['group'] in group_names) and + (('condition' not in value) or + ('condition' in value and value['condition'])) %} + {% set _ = value.update({'service_key': key}) %} + {% set _ = services.append(value) %} + {% endif %} + {% endfor %} + {{ services | sort(attribute='start_order') }} diff --git a/vars/source_install.yml b/vars/source_install.yml new file mode 100644 index 0000000..87438cd --- /dev/null +++ b/vars/source_install.yml @@ -0,0 +1,38 @@ +--- +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# +# Compile a list of the distro packages to install based on +# whether the host is in the host group and the service is +# enabled. +# +manila_package_list: |- + {% set packages = manila_distro_packages %} + {% if manila_services['manila-share']['group'] in group_names %} + {% set _ = packages.extend(manila_share_deps_distro_packages) %} + {% if manila_backend_lvm_inuse | bool %} + {% set _ = packages.extend(manila_lvm_share_distro_packages) %} + {% endif %} + {% endif %} + {% if manila_developer_mode | bool %} + {% set _ = packages.extend(manila_devel_distro_packages) %} + {% endif %} + {% if manila_oslomsg_amqp1_enabled | bool %} + {% set _ = packages.extend(manila_oslomsg_amqp1_distro_packages) %} + {% endif %} + {{ packages }} + +_manila_bin: "/openstack/venvs/manila-{{ manila_venv_tag }}/bin" +manila_uwsgi_bin: "{{ _manila_bin }}" diff --git a/vars/ubuntu.yml b/vars/ubuntu.yml new file mode 100644 index 0000000..4f0ac62 --- /dev/null +++ b/vars/ubuntu.yml @@ -0,0 +1,71 @@ +--- +# Copyright 2016, Intel Corporation. +# Copyright 2016, IBM Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +## APT Cache options +cache_timeout: 600 + +# Common apt packages +manila_distro_packages: + - libffi-dev + - libkmod-dev + - libkmod2 + - libpq-dev + - libssl-dev + - libxslt1-dev + - nfs-common + - rpcbind + - rsync + - zlib1g + - zlibc + +manila_service_distro_packages: + - python-manilaclient + - python-shade + - python-systemd + - python3-systemd + - uwsgi + - uwsgi-plugin-python + +manila_devel_distro_packages: + - build-essential + - git-core + - libsystemd-dev + +manila_api_distro_packages: + - manila-api + +manila_scheduler_distro_packages: + - manila-scheduler + +manila_share_distro_packages: + - manila-share + - manila-data + +manila_share_deps_distro_packages: + - qemu-utils + +manila_lvm_share_distro_packages: + - dmeventd + - lvm2 + - parted + - thin-provisioning-tools + - nfs-kernel-server + +manila_oslomsg_amqp1_distro_packages: + - libsasl2-modules + - sasl2-bin + +manila_uwsgi_bin: '/usr/bin' diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index a9056fe..5c5f086 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -17,3 +17,11 @@ - check-requirements - publish-openstack-docs-pti - release-notes-jobs-python3 + check: + jobs: + - openstack-ansible-functional-ubuntu-bionic + - openstack-ansible-functional-distro_install-ubuntu-bionic: + voting: false + gate: + jobs: + - openstack-ansible-functional-ubuntu-bionic