Basic working os_manila role

Starting this new role as a copy of the os_cinder role due to the
similarities between the two openstack projects.  This role will
deploy manila api, scheduler and share services on ubuntu with the
default local LVM backed NFS scenario.

Change-Id: Ibda073e5aaa6df3b254961d4aed3a8d5961f3432
This commit is contained in:
Michael Vollman 2018-10-01 19:53:16 -04:00 committed by Kevin Carter (cloudnull)
parent b5674488f5
commit f9bfb7f0bc
44 changed files with 2730 additions and 4 deletions

311
defaults/main.yml Normal file
View File

@ -0,0 +1,311 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Set the package install state for distribution and pip packages
# Options are 'present' and 'latest'
manila_package_state: "latest"
manila_pip_package_state: "latest"
# Set the host which will execute the shade modules
# for the service setup. The host must already have
# clouds.yaml properly configured.
manila_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
# Set installation method.
manila_install_method: "source"
manila_git_repo: https://git.openstack.org/openstack/manila
manila_git_install_branch: master
manila_developer_mode: false
manila_developer_constraints:
- "git+{{ manila_git_repo }}@{{ manila_git_install_branch }}#egg=manila"
# TODO(odyssey4me):
# This can be simplified once all the roles are using
# python_venv_build. We can then switch to using a
# set of constraints in pip.conf inside the venv,
# perhaps prepared by giving a giving a list of
# constraints to the role.
manila_pip_install_args: >-
{{ manila_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }}
{{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''), '') }}
{{ pip_install_options | default('') }}
# Name of the virtual env to deploy into
manila_venv_tag: "{{ venv_tag | default('untagged') }}"
manila_bin: "{{ _manila_bin }}"
# venv_download, even when true, will use the fallback method of building the
# venv from scratch if the venv download fails.
manila_venv_download: "{{ not manila_developer_mode | bool }}"
manila_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/manila.tgz
# Enable/Disable Ceilometer
manila_ceilometer_enabled: False
manila_storage_availability_zone: nova
manila_default_availability_zone: "{{ manila_storage_availability_zone }}"
manila_management_address: 127.0.0.1
manila_uwsgi_bind_address: 0.0.0.0
manila_fatal_deprecations: False
## Database info
manila_db_setup_host: "{{ ('galera_all' in groups) | ternary(groups['galera_all'][0], 'localhost') }}"
manila_galera_address: "{{ galera_address | default('127.0.0.1') }}"
manila_galera_user: manila
manila_galera_database: manila
manila_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
manila_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}"
## Oslo Messaging
# RPC
manila_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group | default('rabbitmq_all') }}"
manila_oslomsg_rpc_setup_host: "{{ (manila_oslomsg_rpc_host_group in groups) | ternary(groups[manila_oslomsg_rpc_host_group][0], 'localhost') }}"
manila_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport | default('rabbit') }}"
manila_oslomsg_rpc_servers: "{{ oslomsg_rpc_servers | default('127.0.0.1') }}"
manila_oslomsg_rpc_port: "{{ oslomsg_rpc_port | default('5672') }}"
manila_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl | default(False) }}"
manila_oslomsg_rpc_userid: manila
manila_oslomsg_rpc_vhost: /manila
# Notify
manila_oslomsg_notify_host_group: "{{ oslomsg_notify_host_group | default('rabbitmq_all') }}"
manila_oslomsg_notify_setup_host: "{{ (manila_oslomsg_notify_host_group in groups) | ternary(groups[manila_oslomsg_notify_host_group][0], 'localhost') }}"
manila_oslomsg_notify_transport: "{{ oslomsg_notify_transport | default('rabbit') }}"
manila_oslomsg_notify_servers: "{{ oslomsg_notify_servers | default('127.0.0.1') }}"
manila_oslomsg_notify_port: "{{ oslomsg_notify_port | default('5672') }}"
manila_oslomsg_notify_use_ssl: "{{ oslomsg_notify_use_ssl | default(False) }}"
manila_oslomsg_notify_userid: "{{ manila_oslomsg_rpc_userid }}"
manila_oslomsg_notify_password: "{{ manila_oslomsg_rpc_password }}"
manila_oslomsg_notify_vhost: "{{ manila_oslomsg_rpc_vhost }}"
## (Qdrouterd) integration
# TODO(evrardjp): Change structure when more backends will be supported
manila_oslomsg_amqp1_enabled: "{{ manila_oslomsg_rpc_transport == 'amqp' }}"
## Manila User / Group
manila_system_user_name: manila
manila_system_group_name: manila
manila_system_comment: manila system user
manila_system_shell: /bin/false
manila_system_home_folder: "/var/lib/{{ manila_system_user_name }}"
## Manually specified manila UID/GID
# Deployers can specify a UID for the manila user as well as the GID for the
# manila group if needed. This is commonly used in environments where shared
# storage is used, such as NFS or GlusterFS, and manila UID/GID values must be
# in sync between multiple servers.
#
# WARNING: Changing these values on an existing deployment can lead to
# failures, errors, and instability.
#
# manila_system_user_uid = <UID>
# manila_system_group_gid = <GID>
manila_lock_path: /var/lock/manila
## Manila Auth
manila_service_admin_tenant_name: "service"
manila_service_admin_username: "manila"
## Manila API's enabled
manila_enable_v2_api: true
## Manila API check cert validation
manila_service_internaluri_insecure: false
## Manila api service type and data
manila_service_name: manila
manila_service_project_domain_id: default
manila_service_user_domain_id: default
manila_service_user_name: manila
manila_service_project_name: service
manila_service_role_name: admin
manila_service_region: RegionOne
manila_service_description: "Openstack Shared File Systems"
manila_service_port: 8786
manila_service_proto: http
manila_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(manila_service_proto) }}"
manila_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(manila_service_proto) }}"
manila_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(manila_service_proto) }}"
manila_service_type: share
manila_service_publicuri: "{{ manila_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ manila_service_port }}"
manila_service_publicurl: "{{ manila_service_publicuri }}/v1/%(tenant_id)s"
manila_service_adminuri: "{{ manila_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ manila_service_port }}"
manila_service_adminurl: "{{ manila_service_adminuri }}/v1/%(tenant_id)s"
manila_service_internaluri: "{{ manila_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ manila_service_port }}"
manila_service_internalurl: "{{ manila_service_internaluri }}/v1/%(tenant_id)s"
manila_service_v2_name: manilav2
manila_service_v2_port: 8786
manila_service_v2_proto: http
manila_service_v2_type: sharev2
manila_service_v2_description: "Openstack Shared File Systems V2"
manila_service_v2_publicuri: "{{ manila_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ manila_service_port }}"
manila_service_v2_publicurl: "{{ manila_service_publicuri }}/v2/%(tenant_id)s"
manila_service_v2_adminuri: "{{ manila_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ manila_service_port }}"
manila_service_v2_adminurl: "{{ manila_service_adminuri }}/v2/%(tenant_id)s"
manila_service_v2_internaluri: "{{ manila_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ manila_service_port }}"
manila_service_v2_internalurl: "{{ manila_service_internaluri }}/v2/%(tenant_id)s"
manila_auth_strategy: keystone
## Keystone authentication middleware
manila_keystone_auth_plugin: "{{ manila_keystone_auth_type }}"
manila_keystone_auth_type: password
## In order to enable the manila data you MUST set ``manila_service_data_program_enabled`` to "true"
manila_service_data_program_enabled: false
## Cap the maximun number of threads / workers when a user value is unspecified.
manila_osapi_share_workers_max: 16
manila_osapi_share_workers: "{{ [[ansible_processor_vcpus|default(2) // 2, 1] | max, manila_osapi_share_workers_max] | min }}"
## Manila RPC
manila_rpc_executor_thread_pool_size: 64
manila_rpc_response_timeout: 60
manila_share_name_template: share-%s
# osprofiler
manila_profiler_enabled: false
# manila_profiler_hmac_key is set in user_secrets.yml
manila_profiler_trace_sqlalchemy: false
manila_client_socket_timeout: 900
## Manila quota
manila_quota_shares: 50
manila_quota_snapshots: 50
manila_quota_gigabytes: 1000
manila_quota_snapshot_gigabytes: 1000
manila_quota_share_networks: 10
## General configuration
# manila_backends:
# lvm:
# share_backend_name: LVM
# share_driver: manila.share.drivers.lvm.LVMShareDriver
# driver_handles_share_servers: False
# lvm_share_volume_group: manila-shares
# lvm_share_export_ip: <server-ip>
# manila_backend_lvm_inuse: True if current host has an lvm backend
manila_backend_lvm_inuse: '{{ (manila_backends|default("")|to_json).find("lvm") != -1 }}'
# manila_backend_rbd_inuse: True if the current host has an rbd backend
manila_backend_rbd_inuse: '{{ (manila_backends|default("")|to_json).find("manila.share.drivers.cephfs") != -1 }}'
## Policy vars
# Provide a list of access controls to update the default policy.json with. These changes will be merged
# with the access controls in the default policy.json. E.g.
#manila_policy_overrides:
# "share:create": ""
# "share:delete": ""
manila_service_in_ldap: false
# Common pip packages
manila_pip_packages:
- manila
- python-manilaclient
- cryptography
- ecdsa
- httplib2
- keystonemiddleware
- osprofiler
- PyMySQL
- python-openstackclient
- python-memcached
- systemd-python
- uwsgi
manila_optional_oslomsg_amqp1_pip_packages:
- oslo.messaging[amqp1]
manila_api_init_overrides: {}
manila_scheduler_init_overrides: {}
manila_share_init_overrides: {}
manila_data_init_overrides: {}
## Service Name-Group Mapping
manila_services:
manila-scheduler:
group: manila_scheduler
service_name: manila-scheduler
init_config_overrides: "{{ manila_scheduler_init_overrides }}"
start_order: 1
execstarts: "{{ manila_bin }}/manila-scheduler"
execreloads: "/bin/kill -HUP $MAINPID"
manila-share:
group: manila_share
service_name: manila-share
init_config_overrides: "{{ manila_share_init_overrides }}"
start_order: 2
execstarts: "{{ manila_bin }}/manila-share"
execreloads: "/bin/kill -HUP $MAINPID"
manila-data:
group: manila_data
service_name: manila-data
init_config_overrides: "{{ manila_data_init_overrides }}"
start_order: 3
condition: False
execstarts: "{{ manila_bin }}/manila-data"
execreloads: "/bin/kill -HUP $MAINPID"
manila-api:
group: manila_api
service_name: manila-api
init_config_overrides: "{{ manila_api_init_overrides }}"
start_order: 4
execstarts: "{{ manila_uwsgi_bin }}/uwsgi --autoload --ini /etc/uwsgi/manila-api.ini"
execreloads: "{{ manila_uwsgi_bin }}/uwsgi --reload /var/run/manila-api/manila-api.pid"
wsgi_overrides: "{{ manila_api_uwsgi_ini_overrides }}"
wsgi_app: True
wsgi_name: manila-wsgi
uwsgi_port: "{{ manila_service_port }}"
uwsgi_bind_address: "{{ manila_uwsgi_bind_address }}"
#condition: "{{ manila_service_data_program_enabled | bool }}"
# Manila uWSGI settings
manila_wsgi_processes_max: 16
manila_wsgi_processes: "{{ [[ansible_processor_vcpus|default(1), 1] | max * 2, manila_wsgi_processes_max] | min }}"
manila_wsgi_threads: 1
manila_wsgi_buffer_size: 65535
# This variable is used by the repo_build process to determine
# which host group to check for members of before building the
# pip packages required by this role. The value is picked up
# by the py_pkgs lookup.
manila_role_project_group: manila_all
manila_default_share_type: nfs
manila_share_name_template: share-%s
## Tunable overrides
manila_policy_overrides: {}
manila_rootwrap_conf_overrides: {}
manila_api_paste_ini_overrides: {}
manila_manila_conf_overrides: {}
manila_api_uwsgi_ini_overrides: {}
## Set default manila path in service units. The default override sets the
## execution path for the manila service.
manila_environment_overrides:
Service:
Environment: "PATH={{ manila_bin }}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
_UUID_regex: "[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}"

View File

@ -0,0 +1,103 @@
==============================================================
Configuring the Shared File System (manila) service (optional)
==============================================================
By default the Shared File System (manila) service does not deploy any
backend. This role expects you to define the backend you intend on using.
The following sections describe example configurations for various
manila backends.
Default share type
~~~~~~~~~~~~~~~~~~
It is required to define one of the ``manila_backends`` as the default
share type.
.. code::
manila_default_share_type: SHARE_TYPE_NAME
Replce ``SHARE_TYPE_NAME`` with the name of the default backend.
LVM backend
~~~~~~~~~~~
The LVM backend allows provisioning of logical volumes and configuriung a
local NFS server to serve those volumes as shares.
.. note::
Using the LVM backend results in a Single Point of Failure
#. For each storage node, add one ``manila_backends`` block underneath
the ``container_vars`` section. ``container_vars`` are used to allow
container/host individualized configuration. Each manila back end is
defined with a unique key. For example, ``nfs-share1``.
This later represents a unique manila backend and share type.
.. code-block:: yaml
container_vars:
manila_enabled_share_protocols: NFS
manila_backends:
nfs-share1:
#. Configure the appropriate share protocols. For the LVM backend you
will need a minimu of ``NFS``.
.. code-block:: yaml
container_vars:
manila_enabled_share_protocols: NFS
#. Configure the appropriate manila share backend name:
.. code-block:: yaml
share_backend_name: NFS_SHARE1
#. Configure the appropriate manila LVM driver:
.. code-block:: yaml
share_driver: manila.share.drivers.lvm.LVMShareDriver
lvm_share_volume_group: LVM_VOLUME_GROUP
Replace ``LVM_VOLUME_GROUP`` with the name of the LVM
volume group manila should use to provision shares.
#. Configure whether this backend manages share servers. The only
current supported option for this role is ``False`` as
deploying a manila backend that manages share servers has not been
tested yet.
.. code-block:: yaml
driver_handles_share_servers: False
#. Configure the IP address or hostname of the share server.
.. code-block:: yaml
lvm_share_export_ip: "IP_ADDRESS"
Replace ``IP_ADDRESS`` with the IP address or hostname where the
nfs shares will be exported from.
The following is a full configuration example of a manila LVM backend
named NFS_SHARE1. The manila playbooks will automatically add a custom
``share-type`` and ``nfs-share1`` as in this example:
.. code-block:: yaml
container_vars:
manila_default_share_type: nfs-share1
manila_enabled_share_protocols: NFS
manila_backends:
limit_container_types: manila_share
nfs-share1:
share_backend_name: NFS_SHARE1
share_driver: manila.share.drivers.lvm.LVMShareDriver
driver_handles_share_servers: False
lvm_share_volume_group: manila-shares
lvm_share_export_ip: "172.29.236.100"

View File

@ -1,10 +1,23 @@
============================= =================================
OpenStack-Ansible manila role Manila role for OpenStack-Ansible
============================= =================================
This Ansible role installs and configures OpenStack manila.
The following manila services are managed by the role:
* manila-api
* manila-scheduler
* manila-share
* manila-data (untested)
.. toctree:: .. toctree::
:maxdepth: 2 :maxdepth: 2
configure-manila.rst
To clone of view the source code for this repository, visit the role repository
for `os_manila <https://github.com/openstack/openstack-ansible-os_manila>`_.
Default variables Default variables
~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~
@ -15,9 +28,33 @@ Default variables
Dependencies Dependencies
~~~~~~~~~~~~ ~~~~~~~~~~~~
This role needs pip >= 7.1 installed on the target host.
Example playbook Example playbook
~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~
.. literalinclude:: ../../examples/playbook.yml .. literalinclude:: ../../examples/playbook.yml
:language: yaml :language: yaml
External Restart Hooks
~~~~~~~~~~~~~~~~~~~~~~
When the role performs a restart of the service, it will notify an Ansible
handler named ``Manage LB``, which is a noop within this role. In the
playbook, other roles may be loaded before and after this role which will
implement Ansible handler listeners for ``Manage LB``, allowing external roles
to manage the load balancer endpoints responsible for sending traffic to the
servers being restarted by marking them in maintenance or active mode,
draining sessions, etc. For an example implementation, please reference the
`ansible-haproxy-endpoints role <https://github.com/Logan2211/ansible-haproxy-endpoints>`_
used by the openstack-ansible project.
Tags
~~~~
This role supports two tags: ``manila-install`` and ``manila-config``
The ``manila-install`` tag can be used to install and upgrade.
The ``manila-config`` tag can be used to maintain configuration of the
service.

68
handlers/main.yml Normal file
View File

@ -0,0 +1,68 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Stop services
service:
name: "{{ item.service_name }}"
enabled: yes
state: stopped
daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}"
with_items: "{{ filtered_manila_services }}"
register: _stop
until: _stop is success
retries: 5
delay: 2
listen:
- "Restart manila services"
- "venv changed"
# Note (odyssey4me):
# The policy.json file is currently read continually by the services
# and is not only read on service start. We therefore cannot template
# directly to the file read by the service because the new policies
# may not be valid until the service restarts. This is particularly
# important during a major upgrade. We therefore only put the policy
# file in place after the service has been stopped.
#
- name: Copy new policy file into place
copy:
src: "/etc/manila/policy.json-{{ manila_venv_tag }}"
dest: "/etc/manila/policy.json"
owner: "root"
group: "{{ manila_system_group_name }}"
mode: "0640"
remote_src: yes
listen:
- "Restart manila services"
- "venv changed"
- name: Start services
service:
name: "{{ item.service_name }}"
enabled: yes
state: "started"
daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}"
with_items: "{{ filtered_manila_services }}"
register: _start
until: _start is success
retries: 5
delay: 2
listen:
- "Restart manila services"
- "venv changed"
- meta: noop
listen: Manage LB
when: false

94
run_tests.sh Executable file
View File

@ -0,0 +1,94 @@
#!/usr/bin/env bash
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# PURPOSE:
# This script clones the openstack-ansible-tests repository to the
# tests/common folder in order to be able to re-use test components
# for role testing. This is intended to be the thinnest possible
# shim for test execution outside of OpenStack CI.
# WARNING:
# This file is maintained in the openstack-ansible-tests repository.
# https://git.openstack.org/cgit/openstack/openstack-ansible-tests/tree/run_tests.sh
# If you need to modify this file, update the one in the openstack-ansible-tests
# repository and then update this file as well. The purpose of this file is to
# prepare the host and then execute all the tox tests.
#
## Shell Opts ----------------------------------------------------------------
set -xeu
## Vars ----------------------------------------------------------------------
WORKING_DIR="$(readlink -f $(dirname $0))"
OSA_PROJECT_NAME="$(sed -n 's|^project=openstack/\(.*\).git$|\1|p' $(pwd)/.gitreview)"
COMMON_TESTS_PATH="${WORKING_DIR}/tests/common"
TESTING_HOME=${TESTING_HOME:-$HOME}
ZUUL_TESTS_CLONE_LOCATION="/home/zuul/src/git.openstack.org/openstack/openstack-ansible-tests"
# Use .gitreview as the key to determine the appropriate
# branch to clone for tests.
TESTING_BRANCH=$(awk -F'=' '/defaultbranch/ {print $2}' "${WORKING_DIR}/.gitreview")
if [[ "${TESTING_BRANCH}" == "" ]]; then
TESTING_BRANCH="master"
fi
## Main ----------------------------------------------------------------------
# Source distribution information
source /etc/os-release || source /usr/lib/os-release
# Prefer dnf over yum for CentOS.
which dnf &>/dev/null && RHT_PKG_MGR='dnf' || RHT_PKG_MGR='yum'
# Figure out the appropriate package install command
case ${ID,,} in
*suse*) pkg_mgr_cmd="zypper -n in" ;;
centos|rhel|fedora) pkg_mgr_cmd="${RHT_PKG_MGR} install -y" ;;
ubuntu|debian) pkg_mgr_cmd="apt-get install -y" ;;
gentoo) pkg_mgr_cmd="emerge" ;;
*) echo "unsupported distribution: ${ID,,}"; exit 1 ;;
esac
# Install git so that we can clone the tests repo if git is not available
which git &>/dev/null || eval sudo "${pkg_mgr_cmd}" git
# Clone the tests repo for access to the common test script
if [[ ! -d "${COMMON_TESTS_PATH}" ]]; then
# The tests repo doesn't need a clone, we can just
# symlink it.
if [[ "${OSA_PROJECT_NAME}" == "openstack-ansible-tests" ]]; then
ln -s "${WORKING_DIR}" "${COMMON_TESTS_PATH}"
# In zuul v3 any dependent repository is placed into
# /home/zuul/src/git.openstack.org, so we check to see
# if there is a tests checkout there already. If so, we
# symlink that and use it.
elif [[ -d "${ZUUL_TESTS_CLONE_LOCATION}" ]]; then
ln -s "${ZUUL_TESTS_CLONE_LOCATION}" "${COMMON_TESTS_PATH}"
# Otherwise we're clearly not in zuul or using a previously setup
# repo in some way, so just clone it from upstream.
else
git clone -b "${TESTING_BRANCH}" \
https://git.openstack.org/openstack/openstack-ansible-tests \
"${COMMON_TESTS_PATH}"
fi
fi
# Execute the common test script
source tests/common/run_tests_common.sh

138
tasks/main.yml Normal file
View File

@ -0,0 +1,138 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Gather variables for each operating system
include_vars: "{{ item }}"
with_first_found:
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml"
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
- "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
- "{{ ansible_distribution | lower }}.yml"
- "{{ ansible_os_family | lower }}-{{ ansible_distribution_version.split('.')[0] }}.yml"
- "{{ ansible_os_family | lower }}.yml"
tags:
- always
- name: Fail if service was deployed using a different installation method
fail:
msg: "Switching installation methods for OpenStack services is not supported"
when:
- ansible_local is defined
- ansible_local.openstack_ansible is defined
- ansible_local.openstack_ansible.manila is defined
- ansible_local.openstack_ansible.manila.install_method is defined
- ansible_local.openstack_ansible.manila.install_method != manila_install_method
- name: Gather variables for installation method
include_vars: "{{ manila_install_method }}_install.yml"
tags:
- always
- include: manila_lvm_config.yml
when:
- "manila_services['manila-share']['group'] in group_names"
- "manila_backend_lvm_inuse | bool"
tags:
- manila-config
- include: manila_pre_install.yml
tags:
- manila-install
- include: manila_install.yml
tags:
- manila-install
- name: refresh local facts
setup:
filter: ansible_local
gather_subset: "!all"
tags:
- manila-config
- include: manila_cleanup_old_facts.yml
when:
- "'need_db_sync' in ansible_local['openstack_ansible']['manila']"
tags:
- manila-config
- include: manila_post_install.yml
tags:
- manila-config
- import_tasks: mq_setup.yml
when:
- "manila_services['manila-api']['group'] in group_names"
- "inventory_hostname == ((groups[manila_services['manila-api']['group']]| intersect(ansible_play_hosts)) | list)[0]"
vars:
_oslomsg_rpc_setup_host: "{{ manila_oslomsg_rpc_setup_host }}"
_oslomsg_rpc_userid: "{{ manila_oslomsg_rpc_userid }}"
_oslomsg_rpc_password: "{{ manila_oslomsg_rpc_password }}"
_oslomsg_rpc_vhost: "{{ manila_oslomsg_rpc_vhost }}"
_oslomsg_rpc_transport: "{{ manila_oslomsg_rpc_transport }}"
_oslomsg_notify_setup_host: "{{ manila_oslomsg_notify_setup_host }}"
_oslomsg_notify_userid: "{{ manila_oslomsg_notify_userid }}"
_oslomsg_notify_password: "{{ manila_oslomsg_notify_password }}"
_oslomsg_notify_vhost: "{{ manila_oslomsg_notify_vhost }}"
_oslomsg_notify_transport: "{{ manila_oslomsg_notify_transport }}"
tags:
- common-mq
- manila-config
- include: manila_db_setup.yml
static: no
when:
- "groups['manila_api'] | length > 0"
- "manila_services['manila-api']['group'] in group_names"
- "inventory_hostname == ((groups['manila_api'] | intersect(ansible_play_hosts)) | list)[0]"
tags:
- manila-config
- include: manila_uwsgi.yml
tags:
- manila-config
- include: manila_service_setup.yml
static: no
when:
- "groups['manila_api'] | length > 0"
- "manila_services['manila-api']['group'] in group_names"
- "inventory_hostname == ((groups['manila_api'] | intersect(ansible_play_hosts)) | list)[0]"
tags:
- manila-config
- name: Include ceph_client role
include_role:
name: ceph_client
vars:
openstack_service_system_user: "{{ manila_system_user_name }}"
openstack_service_venv_bin: "{{ (manila_install_method == 'source') | ternary(manila_bin,'/usr/local/bin') }}"
when:
- "manila_services['manila-share']['group'] in group_names"
- "manila_backend_rbd_inuse | bool"
tags:
- ceph
- name: Flush handlers
meta: flush_handlers
- include: manila_backends.yml
static: no
when:
- "groups[manila_services['manila-share']['group']] | length > 0"
- "manila_services['manila-api']['group'] in group_names"
- "inventory_hostname == ((groups[manila_services['manila-api']['group']] | intersect(ansible_play_hosts)) | list)[-1]"
tags:
- manila-config

View File

@ -0,0 +1,45 @@
---
# Copyright 2018, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Set _cephfs_mount_dir fact
set_fact:
_cephfs_mount_dir: /mnt/cephfs-ansible-mount
_cephfs_auth_id: "{{ item.value.cephfs_auth_id|default('manila') }}"
- name: Create temporary mount dir
file:
name: "{{ _cephfs_mount_dir }}"
state: directory
- name: Mount CephFS
command: |
ceph-fuse --id "{{ _cephfs_auth_id }}" "{{ _cephfs_mount_dir }}"
changed_when: false
- name: Ensure CephFS volumes dir permissions
file:
name: "{{ _cephfs_mount_dir }}/volumes"
state: directory
owner: "{{ manila_system_user_name }}"
- name: Unmount CephFS
mount:
path: "{{ _cephfs_mount_dir }}"
state: unmounted
- name: Remove temporary mount dir
file:
name: "{{ _cephfs_mount_dir }}"
state: absent

58
tasks/manila_backends.yml Normal file
View File

@ -0,0 +1,58 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Ensure manila api is available
uri:
url: "{{ manila_service_internaluri }}"
status_code: 200,300
validate_certs: "{{ manila_service_internaluri_insecure | bool }}"
register: api_status
until: api_status is success
retries: 10
delay: 10
# TODO(odyssey4me):
# Once these tasks can be replaced by using Ansible modules instead,
# we should do that and use the delegation to the service setup host
# so that we can remove the openrc file from the target host.
- name: Implement openrc/clouds.yaml
include_role:
name: "openstack_openrc"
- name: Create singular manila_backends variable for all hosts
set_fact:
_manila_backends: "{{ (_manila_backends | default(manila_backends | default({}))) | combine(hostvars[item]['manila_backends'] | default({})) }}"
with_items: "{{ groups[manila_services['manila-share']['group']] }}"
- name: Add in manila devices types
shell: |
. {{ ansible_env.HOME }}/openrc
CLI_OPTIONS="--endpoint-type internalURL {{ ((keystone_service_adminuri_insecure | bool) or (manila_service_internaluri_insecure | bool)) | ternary('--insecure','') }}"
if ! {{ manila_bin }}/manila ${CLI_OPTIONS} type-list | grep -q "{{ item.key }}"; then
{{ manila_bin }}/manila ${CLI_OPTIONS} type-create "{{ item.key }}" "{{ item.value.driver_handles_share_servers }}"
fi
args:
executable: /bin/bash
with_dict: "{{ _manila_backends|default({}) }}"
changed_when: false
- include: manila_backend_cephfs.yml
static: no
when:
- (item|default("")|to_json).find("manila.share.drivers.cephfs") != -1
- "manila_services['manila-share']['group'] in group_names"
with_dict: "{{ _manila_backends|default({}) }}"
tags:
- manila-config

View File

@ -0,0 +1,29 @@
---
# Copyright 2017, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# TODO(odyssey4me):
# This file and the task calling it may be removed in Queens.
- name: Remove the old db_sync fact
ini_file:
dest: "/etc/ansible/facts.d/openstack_ansible.fact"
section: manila
option: "need_db_sync"
state: absent
- name: refresh local facts
setup:
filter: ansible_local
gather_subset: "!all"

66
tasks/manila_db_setup.yml Normal file
View File

@ -0,0 +1,66 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create DB for service
mysql_db:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ manila_galera_address }}"
name: "{{ manila_galera_database }}"
state: "present"
delegate_to: "{{ manila_db_setup_host }}"
no_log: True
- name: Grant access to the DB for the service
mysql_user:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ manila_galera_address }}"
name: "{{ manila_galera_user }}"
password: "{{ manila_container_mysql_password }}"
host: "{{ item }}"
state: "present"
priv: "{{ manila_galera_database }}.*:ALL"
delegate_to: "{{ manila_db_setup_host }}"
with_items:
- "localhost"
- "%"
no_log: True
- name: Perform a manila DB sync
command: "{{ manila_bin }}/manila-manage db sync"
become: yes
become_user: "{{ manila_system_user_name }}"
changed_when: false
- name: Perform online data migrations
command: "{{ manila_bin }}/manila-manage db online_data_migrations"
become: yes
become_user: "{{ manila_system_user_name }}"
when:
- "(manila_all_software_updated | default('no')) | bool"
- "ansible_local['openstack_ansible']['manila']['need_online_data_migrations'] | bool"
changed_when: false
register: data_migrations
- name: Disable the online migrations requirement
ini_file:
dest: "/etc/ansible/facts.d/openstack_ansible.fact"
section: manila
option: need_online_data_migrations
value: False
when:
- not data_migrations | skipped
- data_migrations is succeeded

83
tasks/manila_install.yml Normal file
View File

@ -0,0 +1,83 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Record the installation method
ini_file:
dest: "/etc/ansible/facts.d/openstack_ansible.fact"
section: "manila"
option: "install_method"
value: "{{ manila_install_method }}"
- name: Refresh local facts to ensure the manila section is present
setup:
filter: ansible_local
gather_subset: "!all"
- name: Install distro packages
package:
name: "{{ manila_package_list }}"
state: "{{ manila_package_state }}"
update_cache: "{{ (ansible_pkg_mgr in ['apt', 'zypper']) | ternary('yes', omit) }}"
cache_valid_time: "{{ (ansible_pkg_mgr == 'apt') | ternary(cache_timeout, omit) }}"
register: install_packages
until: install_packages is success
retries: 5
delay: 2
- name: Install manila packages from PIP
include_tasks: manila_install_source.yml
when: manila_install_method == 'source'
- name: Run the systemd service role
include_role:
name: systemd_service
private: true
vars:
systemd_user_name: "{{ manila_system_user_name }}"
systemd_group_name: "{{ manila_system_group_name }}"
systemd_tempd_prefix: openstack
systemd_slice_name: manila
systemd_lock_path: /var/lock/manila
systemd_CPUAccounting: true
systemd_BlockIOAccounting: true
systemd_MemoryAccounting: true
systemd_TasksAccounting: true
systemd_services:
- service_name: "{{ service_var.service_name }}"
enabled: yes
state: started
execstarts: "{{ service_var.execstarts }}"
execreloads: "{{ service_var.execreloads | default([]) }}"
config_overrides: "{{ manila_environment_overrides | combine(service_var.init_config_overrides) }}"
with_items: "{{ filtered_manila_services }}"
loop_control:
loop_var: service_var
tags:
- manila-config
- systemd-service
- name: Set the upgrade facts
ini_file:
dest: "/etc/ansible/facts.d/openstack_ansible.fact"
section: manila
option: "{{ item }}"
value: true
with_items:
- "need_online_data_migrations"
- "need_service_restart"
when:
(install_packages | changed) or
('need_online_data_migrations' not in ansible_local['openstack_ansible']['manila']) or
('need_service_restart' not in ansible_local['openstack_ansible']['manila'])

View File

@ -0,0 +1,71 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# TODO(odyssey4me):
# This can be simplified once all the roles are using
# python_venv_build. We can then switch to using a
# set of constraints in pip.conf inside the venv,
# perhaps prepared by giving a giving a list of
# constraints to the role.
- name: Create developer mode constraint file
copy:
dest: "/opt/developer-pip-constraints.txt"
content: |
{% for item in manila_developer_constraints %}
{{ item }}
{% endfor %}
when: manila_developer_mode | bool
- name: Ensure remote wheel building is disabled in developer mode
set_fact:
venv_build_host: "{{ ansible_hostname }}"
when:
- manila_developer_mode | bool
- name: Install the python venv
include_role:
name: "python_venv_build"
private: yes
vars:
venv_build_distro_package_list: "{{ manila_devel_distro_packages }}"
venv_install_destination_path: "{{ manila_bin | dirname }}"
venv_install_distro_package_list: "{{ manila_distro_packages }}"
venv_pip_install_args: "{{ manila_pip_install_args }}"
venv_pip_packages: >-
{{ manila_pip_packages +
(manila_oslomsg_amqp1_enabled | bool) | ternary(manila_optional_oslomsg_amqp1_pip_packages, []) }}
venv_facts_when_changed:
- section: "manila"
option: "need_service_restart"
value: True
- section: "manila"
option: "need_online_data_migrations"
value: True
- section: "manila"
option: "venv_tag"
value: "{{ manila_venv_tag }}"
- name: Copy manila rootwrap filters
command: >-
rsync --archive --itemize-changes --delete
/openstack/venvs/manila-{{ manila_venv_tag }}/etc/manila/rootwrap.d/
/etc/manila/rootwrap.d/
args:
warn: no
register: _copy_rootwraps
changed_when: _copy_rootwraps.stdout != ''
notify:
- Manage LB
- Restart manila services

View File

@ -0,0 +1,36 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Discover lvm devices
shell: |
/sbin/pvdisplay | awk '/PV\ Name/ {print $3}' | sed 's/\/dev\///g'
register: lvm_devices
changed_when: lvm_devices.rc != 0
failed_when: false
- name: Ensure "/etc/lvm" directory
file:
state: "directory"
path: "/etc/lvm"
when: lvm_devices.rc == 0
- name: Drop lvm Config
template:
src: "lvm.conf.j2"
dest: "/etc/lvm/lvm.conf"
owner: "root"
group: "root"
backup: "yes"
when: lvm_devices.rc == 0

View File

@ -0,0 +1,52 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Copy manila configs
config_template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "root"
group: "{{ item.group|default(manila_system_group_name) }}"
mode: "0640"
config_overrides: "{{ item.config_overrides }}"
config_type: "{{ item.config_type }}"
with_items:
- src: "manila.conf.j2"
dest: "/etc/manila/manila.conf"
config_overrides: "{{ manila_manila_conf_overrides }}"
config_type: "ini"
- src: "api-paste.ini.j2"
dest: "/etc/manila/api-paste.ini"
config_overrides: "{{ manila_api_paste_ini_overrides }}"
config_type: "ini"
- src: "rootwrap.conf.j2"
dest: "/etc/manila/rootwrap.conf"
config_overrides: "{{ manila_rootwrap_conf_overrides }}"
config_type: "ini"
- src: "policy.json.j2"
dest: "/etc/manila/policy.json-{{ manila_venv_tag }}"
config_overrides: "{{ manila_policy_overrides }}"
config_type: "json"
notify:
- Manage LB
- Restart manila services
- name: Drop sudoers file
template:
src: "sudoers.j2"
dest: "/etc/sudoers.d/{{ manila_system_user_name }}_sudoers"
mode: "0440"
owner: "root"
group: "root"

View File

@ -0,0 +1,47 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: create the system group
group:
name: "{{ manila_system_group_name }}"
gid: "{{ manila_system_group_gid|default(omit) }}"
state: "present"
system: "yes"
- name: Create the manila system user
user:
name: "{{ manila_system_user_name }}"
uid: "{{ manila_system_user_uid|default(omit) }}"
group: "{{ manila_system_group_name }}"
comment: "{{ manila_system_comment }}"
shell: "{{ manila_system_shell }}"
system: "yes"
createhome: "yes"
home: "{{ manila_system_home_folder }}"
- name: Create manila dir
file:
path: "{{ item.path }}"
state: directory
owner: "{{ item.owner|default(manila_system_user_name) }}"
group: "{{ item.group|default(manila_system_group_name) }}"
mode: "{{ item.mode|default('0755') }}"
with_items:
- { path: "/openstack", mode: "0755", owner: "root", group: "root" }
- { path: "/var/cache/manila", mode: "0700" }
- { path: "/etc/manila", mode: "0750" }
- { path: "/etc/manila/rootwrap.d", owner: "root", group: "root", mode: "0750" }
- { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" }
- { path: "{{ manila_system_home_folder }}" }

View File

@ -0,0 +1,120 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# We set the python interpreter to the ansible runtime venv if
# the delegation is to localhost so that we get access to the
# appropriate python libraries in that venv. If the delegation
# is to another host, we assume that it is accessible by the
# system python instead.
- name: Setup the service
delegate_to: "{{ manila_service_setup_host }}"
vars:
ansible_python_interpreter: >-
{{ (manila_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable']) }}
block:
- name: Add services to the keystone service catalog
os_keystone_service:
cloud: default
state: "{{ item.state }}"
name: "{{ item.name }}"
service_type: "{{ item.service_type }}"
description: "{{ item.description }}"
endpoint_type: admin
verify: "{{ not keystone_service_adminuri_insecure }}"
register: add_service
until: add_service is success
retries: 5
delay: 10
with_items:
- name: "{{ manila_service_name }}"
service_type: "{{ manila_service_type }}"
description: "{{ manila_service_description }}"
state: present
- name: "{{ manila_service_v2_name }}"
service_type: "{{ manila_service_v2_type }}"
description: "{{ manila_service_v2_description }}"
state: "{{ (manila_enable_v2_api | bool) | ternary('present', 'absent') }}"
- name: Add service user
os_user:
cloud: default
state: present
name: "{{ manila_service_user_name }}"
password: "{{ manila_service_password }}"
domain: default
default_project: "{{ manila_service_project_name }}"
endpoint_type: admin
verify: "{{ not keystone_service_adminuri_insecure }}"
register: add_service
when: not manila_service_in_ldap | bool
until: add_service is success
retries: 5
delay: 10
no_log: True
- name: Add service user to admin role
os_user_role:
cloud: default
state: present
user: "{{ manila_service_user_name }}"
role: "{{ manila_service_role_name }}"
project: "{{ manila_service_project_name }}"
endpoint_type: admin
verify: "{{ not keystone_service_adminuri_insecure }}"
register: add_service
when: not manila_service_in_ldap | bool
until: add_service is success
retries: 5
delay: 10
- name: Add endpoints to keystone endpoint catalog
os_keystone_endpoint:
cloud: default
state: "{{ item.state }}"
service: "{{ item.service }}"
endpoint_interface: "{{ item.interface }}"
url: "{{ item.url }}"
region: "{{ manila_service_region }}"
endpoint_type: admin
verify: "{{ not keystone_service_adminuri_insecure }}"
register: add_service
until: add_service is success
retries: 5
delay: 10
with_items:
- service: "{{ manila_service_name }}"
interface: "public"
url: "{{ manila_service_publicurl }}"
state: present
- service: "{{ manila_service_name }}"
interface: "internal"
url: "{{ manila_service_internalurl }}"
state: present
- service: "{{ manila_service_name }}"
interface: "admin"
url: "{{ manila_service_adminurl }}"
state: present
- service: "{{ manila_service_v2_name }}"
interface: "public"
url: "{{ manila_service_v2_publicurl }}"
state: "{{ (manila_enable_v2_api | bool) | ternary('present', 'absent') }}"
- service: "{{ manila_service_v2_name }}"
interface: "internal"
url: "{{ manila_service_v2_internalurl }}"
state: "{{ (manila_enable_v2_api | bool) | ternary('present', 'absent') }}"
- service: "{{ manila_service_v2_name }}"
interface: "admin"
url: "{{ manila_service_v2_adminurl }}"
state: "{{ (manila_enable_v2_api | bool) | ternary('present', 'absent') }}"

33
tasks/manila_uwsgi.yml Normal file
View File

@ -0,0 +1,33 @@
---
# Copyright 2017, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Ensure uWSGI directory exists
file:
path: "/etc/uwsgi/"
state: directory
mode: "0711"
- name: Apply uWSGI configuration
config_template:
src: "manila-uwsgi.ini.j2"
dest: "/etc/uwsgi/{{ item.service_name }}.ini"
mode: "0744"
config_overrides: "{{ item.wsgi_overrides }}"
config_type: ini
with_items: "{{ filtered_manila_services }}"
when: item.wsgi_app | default(False)
notify:
- Manage LB
- Restart manila services

83
tasks/mq_setup.yml Normal file
View File

@ -0,0 +1,83 @@
---
# Copyright 2018, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# WARNING:
# This file is maintained in the openstack-ansible-tests repository.
# https://git.openstack.org/cgit/openstack/openstack-ansible-tests/tree/sync/tasks/mq_setup.yml
# If you need to modify this file, update the one in the openstack-ansible-tests
# repository. Once it merges there, the changes will automatically be proposed to
# all the repositories which use it.
- name: Setup RPC MQ Service (RabbitMQ)
delegate_to: "{{ _oslomsg_rpc_setup_host }}"
when:
- "(_oslomsg_configure_rpc | default(_oslomsg_rpc_transport is defined))"
- "(_oslomsg_rpc_transport is defined) and (_oslomsg_rpc_transport == 'rabbit')"
tags:
- common-rabbitmq
block:
- name: Add RPC RabbitMQ vhost
rabbitmq_vhost:
name: "{{ _oslomsg_rpc_vhost }}"
state: "present"
- name: Add RPC RabbitMQ user
rabbitmq_user:
user: "{{ _oslomsg_rpc_userid }}"
password: "{{ _oslomsg_rpc_password }}"
vhost: "{{ _oslomsg_rpc_vhost }}"
configure_priv: ".*"
read_priv: ".*"
write_priv: ".*"
state: "present"
force: true
no_log: true
- name: Setup Notify MQ Service (RabbitMQ)
delegate_to: "{{ _oslomsg_notify_setup_host }}"
when:
- "(_oslomsg_configure_notify | default(_oslomsg_notify_transport is defined))"
- "(_oslomsg_notify_transport is defined) and (_oslomsg_notify_transport == 'rabbit')"
tags:
- common-rabbitmq
block:
- name: Add Notify RabbitMQ vhost
rabbitmq_vhost:
name: "{{ _oslomsg_notify_vhost }}"
state: "present"
- name: Add Notify RabbitMQ user
rabbitmq_user:
user: "{{ _oslomsg_notify_userid }}"
password: "{{ _oslomsg_notify_password }}"
vhost: "{{ _oslomsg_notify_vhost }}"
configure_priv: ".*"
read_priv: ".*"
write_priv: ".*"
state: "present"
force: true
no_log: true
- name: Setup RPC MQ Service (Qdrouterd)
delegate_to: "{{ _oslomsg_rpc_setup_host }}"
when:
- "(_oslomsg_configure_rpc | default(_oslomsg_rpc_transport is defined))"
- "(_oslomsg_rpc_transport is defined) and (_oslomsg_rpc_transport == 'amqp')"
tags:
- common-qdrouterd
block:
- name: Add RPC Qdrouterd user
shell: "echo {{ _oslomsg_rpc_password }} | saslpasswd2 -c -p -f /var/lib/qdrouterd/qdrouterd.sasldb -u AMQP {{ _oslomsg_rpc_userid }}"
no_log: true

View File

@ -0,0 +1,59 @@
#############
# OpenStack #
#############
[composite:osapi_share]
use = call:manila.api:root_app_factory
/: apiversions
/v1: openstack_share_api
/v2: openstack_share_api_v2
[composite:openstack_share_api]
use = call:manila.api.middleware.auth:pipeline_factory
noauth = cors faultwrap http_proxy_to_wsgi sizelimit noauth api
keystone = cors faultwrap http_proxy_to_wsgi sizelimit authtoken keystonecontext api
keystone_nolimit = cors faultwrap http_proxy_to_wsgi sizelimit authtoken keystonecontext api
[composite:openstack_share_api_v2]
use = call:manila.api.middleware.auth:pipeline_factory
noauth = cors faultwrap http_proxy_to_wsgi sizelimit noauth apiv2
keystone = cors faultwrap http_proxy_to_wsgi sizelimit authtoken keystonecontext apiv2
keystone_nolimit = cors faultwrap http_proxy_to_wsgi sizelimit authtoken keystonecontext apiv2
[filter:faultwrap]
paste.filter_factory = manila.api.middleware.fault:FaultWrapper.factory
[filter:noauth]
paste.filter_factory = manila.api.middleware.auth:NoAuthMiddleware.factory
[filter:sizelimit]
paste.filter_factory = oslo_middleware.sizelimit:RequestBodySizeLimiter.factory
[filter:http_proxy_to_wsgi]
paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
[app:api]
paste.app_factory = manila.api.v1.router:APIRouter.factory
[app:apiv2]
paste.app_factory = manila.api.v2.router:APIRouter.factory
[pipeline:apiversions]
pipeline = cors faultwrap http_proxy_to_wsgi osshareversionapp
[app:osshareversionapp]
paste.app_factory = manila.api.versions:VersionsRouter.factory
##########
# Shared #
##########
[filter:keystonecontext]
paste.filter_factory = manila.api.middleware.auth:ManilaKeystoneContext.factory
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
[filter:cors]
paste.filter_factory = oslo_middleware.cors:filter_factory
oslo_config_project = manila

123
templates/lvm.conf.j2 Normal file
View File

@ -0,0 +1,123 @@
# {{ ansible_managed }}
{% set used_lvm_devices = [] %}
{% set lv_devices = lvm_devices.stdout.split('\n') %}
{% if lv_devices|length > 0 %}
{% for net in lv_devices %}
{% if net != '' %}
{% set lv_device = '"a/' + net + '/"' %}
{% if used_lvm_devices.append(lv_device) %}{% endif %}
{% endif %}
{% endfor %}
{% endif %}
# Ansible Discovered LVM Devices {{ lv_devices }}
{% if used_lvm_devices|length <= 0 %}
{# If there are no LVM devices present, allow all devices to be scanned #}
{% if used_lvm_devices.append('"a/.*/"') %}{% endif %}
{% else %}
{# Append 'loop.*' to the list to help with AIO deployments. #}
{% if used_lvm_devices.append('"a/loop.*/"') %}{% endif %}
{# Disable scanning any other devices than the ones listed. #}
{% if used_lvm_devices.append('"r/.*/"') %}{% endif %}
{% endif %}
devices {
dir = "/dev"
scan = [ "/dev" ]
obtain_device_list_from_udev = 1
preferred_names = [ ]
filter = [ {{ used_lvm_devices|join(', ') }} ]
cache_dir = "/run/lvm"
cache_file_prefix = ""
write_cache_state = 1
sysfs_scan = 1
multipath_component_detection = 1
md_component_detection = 1
md_chunk_alignment = 1
data_alignment_detection = 1
data_alignment = 0
data_alignment_offset_detection = 1
ignore_suspended_devices = 0
disable_after_error_count = 0
require_restorefile_with_uuid = 1
pv_min_size = 2048
issue_discards = 1
}
allocation {
maximise_cling = 1
mirror_logs_require_separate_pvs = 0
thin_pool_metadata_require_separate_pvs = 0
}
log {
verbose = 0
silent = 0
syslog = 1
overwrite = 0
level = 0
indent = 1
command_names = 0
prefix = " "
}
data {
data = 1
data_dir = "/etc/lvm/data"
archive = 1
archive_dir = "/etc/lvm/archive"
retain_min = 10
retain_days = 30
}
shell {
history_size = 100
}
global {
umask = 077
test = 0
units = "h"
si_unit_consistency = 1
activation = 1
proc = "/proc"
locking_type = 1
wait_for_locks = 1
fallback_to_clustered_locking = 1
fallback_to_local_locking = 1
locking_dir = "/run/lock/lvm"
prioritise_write_locks = 1
abort_on_internal_errors = 0
detect_internal_vg_cache_corruption = 0
metadata_read_only = 0
mirror_segtype_default = "mirror"
use_lvmetad = 0
thin_check_executable = "/usr/sbin/thin_check"
thin_check_options = [ "-q" ]
}
activation {
checks = 0
udev_sync = 1
udev_rules = 1
verify_udev_operations = 0
retry_deactivation = 1
missing_stripe_filler = "error"
use_linear_target = 1
reserved_stack = 64
reserved_memory = 8192
process_priority = -18
mirror_region_size = 512
readahead = "auto"
raid_fault_policy = "warn"
mirror_log_fault_policy = "allocate"
mirror_image_fault_policy = "remove"
snapshot_autoextend_threshold = 100
snapshot_autoextend_percent = 20
thin_pool_autoextend_threshold = 100
thin_pool_autoextend_percent = 20
use_mlockall = 0
monitoring = 0
polling_interval = 15
}
dmeventd {
mirror_library = "libdevmapper-event-lvm2mirror.so"
snapshot_library = "libdevmapper-event-lvm2snapshot.so"
thin_library = "libdevmapper-event-lvm2thin.so"
}

View File

@ -0,0 +1,25 @@
[uwsgi]
uid = {{ manila_system_user_name }}
gid = {{ manila_system_group_name }}
{% if manila_install_method == 'source' %}
virtualenv = /openstack/venvs/manila-{{ manila_venv_tag }}
{% endif %}
wsgi-file = {{ manila_bin }}/{{ item.wsgi_name }}
http = {{ item.uwsgi_bind_address }}:{{ item.uwsgi_port }}
master = true
enable-threads = true
processes = {{ manila_wsgi_processes }}
threads = {{ manila_wsgi_threads }}
exit-on-reload = false
die-on-term = true
lazy-apps = true
add-header = Connection: close
buffer-size = {{ manila_wsgi_buffer_size }}
thunder-lock = true
logfile-chmod = 644
pidfile = /var/run/{{ item.service_name }}/{{ item.service_name }}.pid
# Avoid filling up the logs with health check requests from haproxy.
route-user-agent = ^osa-haproxy-healthcheck$ donotlog:

129
templates/manila.conf.j2 Normal file
View File

@ -0,0 +1,129 @@
# {{ ansible_managed }}
[DEFAULT]
use_journal = True
# Disable stderr logging
use_stderr = False
debug = {{ debug }}
fatal_deprecations = {{ manila_fatal_deprecations }}
my_ip = {{ manila_management_address }}
default_share_type = {{ manila_default_share_type }}
share_name_template = {{ manila_share_name_template }}
osapi_share_workers = {{ manila_osapi_share_workers }}
rootwrap_config = /etc/manila/rootwrap.conf
api_paste_config = /etc/manila/api-paste.ini
auth_strategy = {{ manila_auth_strategy }}
## RabbitMQ RPC
executor_thread_pool_size = {{ manila_rpc_executor_thread_pool_size }}
rpc_response_timeout = {{ manila_rpc_response_timeout }}
transport_url = {{ manila_oslomsg_rpc_transport }}://{% for host in manila_oslomsg_rpc_servers.split(',') %}{{ manila_oslomsg_rpc_userid }}:{{ manila_oslomsg_rpc_password }}@{{ host }}:{{ manila_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ manila_oslomsg_rpc_vhost }}{% if manila_oslomsg_rpc_use_ssl | bool %}?ssl=1{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
## Quota
quota_shares = {{ manila_quota_shares }}
quota_snapshots = {{ manila_quota_snapshots }}
quota_gigabytes = {{ manila_quota_gigabytes }}
quota_snapshot_gigabytes = {{ manila_quota_snapshot_gigabytes }}
quota_share_networks = {{ manila_quota_share_networks }}
os_region_name = {{ manila_service_region }}
storage_availability_zone = {{ manila_storage_availability_zone }}
client_socket_timeout = {{ manila_client_socket_timeout }}
{% if manila_enabled_share_protocols is defined %}
enabled_share_protocols={{ manila_enabled_share_protocols }}
{% endif %}
{% if manila_backends is defined %}
enabled_share_backends={% for backend in manila_backends|dictsort %}{{ backend.0 }}{% if not loop.last %},{% endif %}{% endfor %}
# All given backend(s)
{% for backend_section in manila_backends|dictsort %}
[{{ backend_section.0 }}]
{% for key, value in (backend_section.1 | dictsort) if key not in ['extra_share_types', 'shares'] %}
{{ key }}={{ value }}
{% endfor %}
{% endfor %}
{% endif %}
[database]
connection = mysql+pymysql://{{ manila_galera_user }}:{{ manila_container_mysql_password }}@{{ manila_galera_address }}/{{ manila_galera_database }}?charset=utf8{% if manila_galera_use_ssl | bool %}&ssl_ca={{ manila_galera_ssl_ca_cert }}{% endif %}
[oslo_messaging_rabbit]
ssl = {{ manila_oslomsg_rpc_use_ssl }}
[oslo_messaging_notifications]
driver = {% if manila_ceilometer_enabled %}messagingv2{% else %}noop{% endif %}
transport_url = {{ manila_oslomsg_notify_transport }}://{% for host in manila_oslomsg_notify_servers.split(',') %}{{ manila_oslomsg_notify_userid }}:{{ manila_oslomsg_notify_password }}@{{ host }}:{{ manila_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ manila_oslomsg_notify_vhost }}{% if manila_oslomsg_notify_use_ssl | bool %}?ssl=1{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
[oslo_concurrency]
lock_path = {{ manila_lock_path }}
[profiler]
enabled = {{ manila_profiler_enabled }}
trace_sqlalchemy = {{ manila_profiler_trace_sqlalchemy }}
hmac_keys = {{ manila_profiler_hmac_key }}
[keystone_authtoken]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_type = {{ manila_keystone_auth_plugin }}
auth_url = {{ keystone_service_adminurl }}
www_authenticate_uri = {{ keystone_service_internaluri }}
project_domain_id = {{ manila_service_project_domain_id }}
user_domain_id = {{ manila_service_user_domain_id }}
project_name = {{ manila_service_project_name }}
username = {{ manila_service_user_name }}
password = {{ manila_service_password }}
region_name = {{ keystone_service_region }}
memcached_servers = {{ memcached_servers }}
token_cache_time = 300
# if your memcached server is shared, use these settings to avoid cache poisoning
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcached_encryption_key }}
[neutron]
url = http://{{ internal_lb_vip_address }}:9696
www_authenticate_uri = {{ keystone_service_internaluri }}
auth_url = {{ keystone_service_adminurl }}
memcached_servers = {{ memcached_servers }}
auth_type = {{ manila_keystone_auth_plugin }}
project_domain_name = {{ neutron_service_domain_name | default("Default") }}
user_domain_name = {{ neutron_service_domain_name | default("Default") }}
region_name = {{ neutron_service_region }}
project_name = {{ neutron_service_project_name }}
username = {{ neutron_service_user_name }}
password = {{ neutron_service_password }}
[nova]
www_authenticate_uri = {{ keystone_service_internaluri }}
auth_url = {{ keystone_service_adminurl }}
memcached_servers = {{ memcached_servers }}
auth_type = {{ manila_keystone_auth_plugin }}
project_domain_name = {{ nova_service_domain_name | default("Default") }}
user_domain_name = {{ nova_service_domain_name | default("Default") }}
region_name = {{ nova_service_region }}
project_name = {{ nova_service_project_name }}
username = {{ nova_service_user_name }}
password = {{ nova_service_password }}
[cinder]
www_authenticate_uri = {{ keystone_service_internaluri }}
auth_url = {{ keystone_service_adminurl }}
memcached_servers = {{ memcached_servers }}
auth_type = {{ manila_keystone_auth_plugin }}
project_domain_name = {{ cinder_service_domain_name | default("Default") }}
user_domain_name = {{ cinder_service_domain_name | default("Default") }}
region_name = {{ cinder_service_region | default("RegionOne") }}
project_name = {{ cinder_service_project_name | default("service") }}
username = {{ cinder_service_user_name | default("cinder") }}
password = {{ cinder_service_password | default("secrete") }}

1
templates/policy.json.j2 Normal file
View File

@ -0,0 +1 @@
{}

View File

@ -0,0 +1,27 @@
# Configuration for manila-rootwrap
# This file should be owned by (and only-writeable by) the root user
[DEFAULT]
# List of directories to load filter definitions from (separated by ',').
# These directories MUST all be only writeable by root !
filters_path=/etc/manila/rootwrap.d,/usr/share/manila/rootwrap,/usr/share/manila-common/rootwrap.d
# List of directories to search executables in, in case filters do not
# explicitly specify a full path (separated by ',')
# If not specified, defaults to system PATH environment variable.
# These directories MUST all be only writeable by root !
exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/sbin,/usr/local/bin,/usr/lpp/mmfs/bin
# Enable logging to syslog
# Default value is False
use_syslog=False
# Which syslog facility to use.
# Valid values include auth, authpriv, syslog, user0, user1...
# Default value is 'syslog'
syslog_log_facility=syslog
# Which messages to log.
# INFO means log all usage
# ERROR means only log unsuccessful attempts
syslog_log_level=ERROR

6
templates/sudoers.j2 Normal file
View File

@ -0,0 +1,6 @@
# {{ ansible_managed }}
Defaults:{{ manila_system_user_name }} !requiretty
Defaults:{{ manila_system_user_name }} secure_path="{{ manila_bin }}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
{{ manila_system_user_name }} ALL = (root) NOPASSWD: {{ manila_bin }}/{{ manila_service_name }}-rootwrap

View File

@ -0,0 +1,81 @@
---
- name: apt_package_pinning
src: https://git.openstack.org/openstack/openstack-ansible-apt_package_pinning
scm: git
version: master
- name: pip_install
src: https://git.openstack.org/openstack/openstack-ansible-pip_install
scm: git
version: master
- name: memcached_server
src: https://git.openstack.org/openstack/openstack-ansible-memcached_server
scm: git
version: master
- name: lxc_hosts
src: https://git.openstack.org/openstack/openstack-ansible-lxc_hosts
scm: git
version: master
- name: lxc_container_create
src: https://git.openstack.org/openstack/openstack-ansible-lxc_container_create
scm: git
version: master
- name: galera_client
src: https://git.openstack.org/openstack/openstack-ansible-galera_client
scm: git
version: master
- name: galera_server
src: https://git.openstack.org/openstack/openstack-ansible-galera_server
scm: git
version: master
- name: rabbitmq_server
src: https://git.openstack.org/openstack/openstack-ansible-rabbitmq_server
scm: git
version: master
- name: openstack_openrc
src: https://git.openstack.org/openstack/openstack-ansible-openstack_openrc
scm: git
version: master
- name: os_keystone
src: https://git.openstack.org/openstack/openstack-ansible-os_keystone
scm: git
version: master
- name: os_glance
src: https://git.openstack.org/openstack/openstack-ansible-os_glance
scm: git
version: master
- name: etcd # dependency of os_neutron role
scm: git
src: https://github.com/logan2211/ansible-etcd
version: master
- name: os_nova
src: https://git.openstack.org/openstack/openstack-ansible-os_nova
scm: git
version: master
- name: os_neutron
src: https://git.openstack.org/openstack/openstack-ansible-os_neutron
scm: git
version: master
- name: os_cinder
src: https://git.openstack.org/openstack/openstack-ansible-os_cinder
scm: git
version: master
- name: os_tempest
src: https://git.openstack.org/openstack/openstack-ansible-os_tempest
scm: git
version: master
- name: openstack_hosts
src: https://git.openstack.org/openstack/openstack-ansible-openstack_hosts
scm: git
version: master
- name: ceph_client
src: https://git.openstack.org/openstack/openstack-ansible-ceph_client
scm: git
version: master
- name: systemd_service
src: https://git.openstack.org/openstack/ansible-role-systemd_service
scm: git
version: master
- name: python_venv_build
src: https://git.openstack.org/openstack/ansible-role-python_venv_build
scm: git
version: master

View File

@ -0,0 +1,18 @@
---
- name: Set iSCSI InitiatorName
hosts: storage1
remote_user: root
gather_facts: false
any_errors_fatal: true
tasks:
- name: Get iSCSI InitiatorName
command: /usr/sbin/iscsi-iname
register: initiator_name
tags:
- skip_ansible_lint
- name: Write iSCSI InitiatorName
lineinfile:
path: /etc/iscsi/initiatorname.iscsi
regexp: '^InitiatorName='
line: "InitiatorName={{ initiator_name.stdout }}"

View File

@ -0,0 +1,36 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
container_networks:
management_address:
address: "{{ ansible_host }}"
bridge: "br-mgmt"
interface: "eth1"
netmask: "255.255.255.0"
type: "veth"
tunnel_address:
address: "{{ tunnel_address }}"
bridge: "br-vxlan"
interface: "eth2"
netmask: "255.255.255.0"
type: "veth"
vlan_address:
bridge: "br-vlan"
interface: "eth12"
netmask: null
type: "veth"
physical_host: localhost
properties:
service_name: "{{ inventory_hostname }}"

View File

@ -0,0 +1,20 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
ansible_host: 10.1.1.101
ansible_become: True
ansible_user: root
container_name: infra1
tunnel_address: 10.1.2.101

View File

@ -0,0 +1,23 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
bridges:
- name: "br-mgmt"
ip_addr: "10.1.1.1"
- name: "br-vxlan"
ip_addr: "10.1.2.1"
- name: "br-vlan"
ip_addr: "10.1.3.1"
veth_peer: "eth12"

View File

@ -0,0 +1,20 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
ansible_host: 10.1.1.103
ansible_become: True
ansible_user: root
container_name: manila1
tunnel_address: 10.1.2.103

View File

@ -0,0 +1,25 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
neutron_provider_networks:
network_types: "vxlan,flat"
network_mappings: "flat:eth12"
network_vxlan_ranges: "1:1000"
ansible_host: 10.1.1.102
ansible_become: True
ansible_user: root
container_name: openstack1
tunnel_address: 10.1.2.102
neutron_local_ip: 10.1.2.102

View File

@ -0,0 +1,28 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
ansible_host: "10.1.1.1"
neutron_local_ip: 10.1.2.1
neutron_provider_networks:
network_types: "vxlan,flat"
network_mappings: "flat:eth12"
network_vxlan_ranges: "1:1000"
cinder_backends:
lvm:
volume_backend_name: LVM_iSCSI
volume_driver: cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group: cinder-volumes
iscsi_ip_address: "{{ cinder_storage_address }}"

151
tests/inventory Normal file
View File

@ -0,0 +1,151 @@
[all]
localhost
infra1
openstack1
manila1
storage1
[all_containers]
infra1
openstack1
manila1
[oslomsg_rpc_all]
infra1
[oslomsg_notify_all]
infra1
[rabbitmq_all]
infra1
[galera_all]
infra1
[memcached_all]
infra1
[service_all:children]
rabbitmq_all
galera_all
memcached_all
[keystone_all]
openstack1
[glance_api]
openstack1
[glance_registry]
openstack1
[glance_all:children]
glance_api
glance_registry
[neutron_agent]
openstack1
[neutron_dhcp_agent]
openstack1
[neutron_linuxbridge_agent]
storage1
openstack1
[neutron_openvswitch_agent]
[neutron_metering_agent]
openstack1
[neutron_l3_agent]
openstack1
[neutron_lbaas_agent]
openstack1
[neutron_metadata_agent]
openstack1
[neutron_server]
openstack1
[neutron_all:children]
neutron_agent
neutron_dhcp_agent
neutron_linuxbridge_agent
neutron_openvswitch_agent
neutron_metering_agent
neutron_l3_agent
neutron_lbaas_agent
neutron_metadata_agent
neutron_server
[nova_api_metadata]
openstack1
[nova_api_os_compute]
openstack1
[nova_compute]
storage1
[nova_conductor]
openstack1
[nova_console]
openstack1
[nova_scheduler]
openstack1
[nova_api_placement]
openstack1
[nova_all:children]
nova_api_metadata
nova_api_os_compute
nova_compute
nova_conductor
nova_console
nova_scheduler
nova_api_placement
[cinder_api]
infra1
[cinder_scheduler]
infra1
[cinder_backup]
infra1
[cinder_volume]
storage1
[cinder_all:children]
cinder_api
cinder_scheduler
cinder_backup
cinder_volume
[utility_all]
infra1
[manila_api]
manila1
[manila_scheduler]
manila1
[manila_data]
manila1
[manila_share]
storage1
[manila_all:children]
manila_api
manila_scheduler
manila_data
manila_share

View File

@ -0,0 +1,133 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
tempest_run: yes
tempest_test_whitelist:
- smoke
- manila_tempest_tests.tests.scenario.test_share_basic_ops
tempest_test_blacklist:
- test: tempest.api.identity
reason: Reducing run time and required resources
- test: tempest.api.image
reason: Reducing run time and required resources
- test: tempest.api.compute
reason: Reducing run time and required resources
- test: tempest.api.network
reason: Reducing run time and required resources
- test: tempest.api.volume
reason: Reducing run time and required resources
- test: tempest.scenario.test_server_basic_ops
reason: Reducing run time and required resources
- test: tempest.scenario.test_network_basic_ops
reason: Reducing run time and required resources
tempest_service_available_manila: True
tempest_plugins: "{{ _tempest_plugins['keystone'] + _tempest_plugins['manila'] }}"
tempest_tempest_conf_overrides:
share:
image_with_share_tools: manila-service-image
image_password: manila
enable_protocols: nfs
enable_ip_rules_for_protocols: nfs
enable_ro_access_level_for_protocols: nfs
suppress_errors_in_cleanup: true
share_creation_retry_number: 3
run_ipv6_tests: False
tempest_images:
- url: "http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img"
checksum: "sha256:e137062a4dfbb4c225971b67781bc52183d14517170e16a3841d16f962ae7470"
format: "qcow2"
name: "cirros"
- url: "http://tarballs.openstack.org/manila-image-elements/images/manila-service-image-master.qcow2"
format: "qcow2"
name: "manila-service-image"
tempest_flavors:
- name: tempest1
id: 201
ram: 256
disk: 1
vcpus: 1
- name: tempest2
id: 202
ram: 512
disk: 1
vcpus: 1
- name: manila-service-flavor
id: 100
ram: 256
disk: 2
vcpus: 1
neutron_provider_networks:
network_types: "vxlan,flat"
network_mappings: "flat:eth12"
network_vxlan_ranges: "1:1000"
manila_default_share_type: nfs-share1
manila_protocols:
- NFS
- CIFS
- CEPHFS
manila_backends:
nfs-share1:
share_backend_name: NFS_SHARE1
share_driver: manila.share.drivers.lvm.LVMShareDriver
driver_handles_share_servers: False
lvm_share_volume_group: manila-shares
lvm_share_export_ip: "10.1.1.1"
generic:
share_backend_name: GENERIC
share_driver: manila.share.drivers.generic.GenericShareDriver
driver_handles_share_servers: True
service_instance_flavor_id: 100
service_image_name: manila-service-image
service_instance_user: manila
service_instance_password: manila
interface_driver: manila.network.linux.interface.BridgeInterfaceDriver
test_manila_api_group: "{{ ((groups['manila_api'] is defined) and (groups['manila_api'] | length > 0)) | ternary('manila_api', 'all_containers') }}"
test_manila_share_group: "{{ ((groups['manila_share'] is defined) and (groups['manila_share'] | length > 0)) | ternary('manila_share', 'all_containers') }}"
test_manila_api_host: "{{ hostvars[groups[test_manila_api_group][0]]['ansible_host'] }}"
test_manila_share_host: "{{ hostvars[groups[test_manila_share_group][0]]['ansible_host'] }}"
manila_container_mysql_password: "SuperSecrete"
manila_developer_mode: true
manila_git_install_branch: "{{ test_branch }}"
manila_profiler_hmac_key: "secrete"
manila_oslomsg_rpc_password: "{{ oslomsg_rpc_password }}"
manila_oslomsg_notify_password: "{{ oslomsg_notify_password }}"
manila_service_password: "secrete"
manila_venv_tag: "testing"
manila_service_port: 8786
manila_service_proto: http
manila_service_publicuri: "{{ manila_service_proto }}://{{ test_manila_api_host }}:{{ manila_service_port }}"
manila_service_publicurl: "{{ manila_service_publicuri }}/v1/%(tenant_id)s"
manila_service_adminuri: "{{ manila_service_proto }}://{{ test_manila_api_host }}:{{ manila_service_port }}"
manila_service_adminurl: "{{ manila_service_adminuri }}/v1/%(tenant_id)s"
manila_service_internaluri: "{{ manila_service_proto }}://{{ test_manila_api_host }}:{{ manila_service_port }}"
manila_service_internalurl: "{{ manila_service_internaluri }}/v1/%(tenant_id)s"
manila_service_v2_port: 8786
manila_service_v2_proto: http
manila_service_v2_publicuri: "{{ manila_service_v2_proto }}://{{ tst_manila_api_host }}:{{ manila_service_v2_port }}"
manila_service_v2_publicurl: "{{ manila_service_publicuri }}/v2/%(tenant_id)s"
manila_service_v2_adminuri: "{{ manila_service_v2_proto }}://{{ test_manila_api_host }}:{{ manila_service_v2_port }}"
manila_service_v2_adminurl: "{{ manila_service_adminuri }}/v2/%(tenant_id)s"
manila_service_v2_internaluri: "{{ manila_service_v2_proto }}://{{ test_manila_api_host }}:{{ manila_service_v2_port }}"
manila_service_v2_internalurl: "{{ manila_service_internaluri }}/v2/%(tenant_id)s"
tempest_service_available_manila: "{{ ((groups['manila_all'] is defined) and (groups['manila_all'] | length > 0)) }}"
manila_osapi_share_workers: 2
manila_wsgi_processes: 2

View File

@ -0,0 +1,34 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Deploy manila API services
hosts: manila_api
remote_user: root
gather_facts: true
any_errors_fatal: true
vars_files:
- common/test-vars.yml
roles:
- role: "os_manila"
- name: Deploy the rest of manila
hosts: "manila_all:!manila_api"
remote_user: root
gather_facts: true
any_errors_fatal: true
vars_files:
- common/test-vars.yml
roles:
- role: "os_manila"

View File

@ -0,0 +1,56 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Prepare manila-shares share group
hosts: localhost
# This set of tasks runs against localhost
# and requires root access, but tests run as
# the user running the playbook (zuul). As
# such, we use a local connection and become.
connection: local
become: yes
tasks:
- name: Install lvm2 package
package:
name: lvm2
- name: Create sparse Manila file
command: "truncate -s {{ manila_sparse_file_size | default('10G') }} /openstack/{{ manila_sparse_file_name | default('manila') }}.img"
args:
creates: /openstack/manila.img
register: manila_create
- name: Get a loopback device for manila file
command: losetup -f
when: manila_create is changed
register: manila_losetup
- name: Create the loopback device
command: "losetup {{ manila_losetup.stdout }} /openstack/manila.img"
when: manila_create is changed
- name: Make LVM physical share on the manila device
command: "{{ item }}"
when: manila_create is changed
with_items:
- "pvcreate {{ manila_losetup.stdout }}"
- "pvscan"
- name: Add manila-shares share group
lvg:
vg: "{{ manila_lvm_vg_name | default('manila-shares') }}"
pvs: "{{ manila_losetup.stdout }}"
when: manila_create is changed

50
tests/test.yml Normal file
View File

@ -0,0 +1,50 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Setup the host
- import_playbook: common/test-setup-host.yml
# Prepare the manila-share VG
- import_playbook: test-setup-manila-localhost.yml
# Prepare the manila-share VG
- import_playbook: common/test-setup-cinder-localhost.yml
# Install RabbitMQ/MariaDB
- import_playbook: common/test-install-infra.yml
# Install Keystone
- import_playbook: common/test-install-keystone.yml
# Install Glance
- import_playbook: common/test-install-glance.yml
# Install Neutron
- import_playbook: common/test-install-neutron.yml
# Install Nova
- import_playbook: common/test-install-nova.yml
# Install Cinder
- import_playbook: common/test-install-cinder.yml
# Set iSCSI InitiatorName
- import_playbook: cinder-initiator.yml
# Install Manila
- import_playbook: test-install-manila.yml
# Install and execute Tempest
- import_playbook: common/test-install-tempest.yml

18
tox.ini
View File

@ -11,14 +11,17 @@ install_command =
commands = commands =
/usr/bin/find . -type f -name "*.pyc" -delete /usr/bin/find . -type f -name "*.pyc" -delete
passenv = passenv =
COMMON_TESTS_PATH
HOME HOME
USER
http_proxy http_proxy
HTTP_PROXY HTTP_PROXY
https_proxy https_proxy
HTTPS_PROXY HTTPS_PROXY
no_proxy no_proxy
NO_PROXY NO_PROXY
TESTING_BRANCH
TESTING_HOME
USER
whitelist_externals = whitelist_externals =
bash bash
setenv = setenv =
@ -30,6 +33,7 @@ setenv =
[testenv:docs] [testenv:docs]
basepython = python3
deps = -r{toxinidir}/doc/requirements.txt deps = -r{toxinidir}/doc/requirements.txt
commands= commands=
bash -c "rm -rf doc/build" bash -c "rm -rf doc/build"
@ -43,6 +47,7 @@ extensions = .rst
[testenv:releasenotes] [testenv:releasenotes]
basepython = python3
deps = -r{toxinidir}/doc/requirements.txt deps = -r{toxinidir}/doc/requirements.txt
commands = commands =
sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html
@ -50,11 +55,13 @@ commands =
# environment used by the -infra templated docs job # environment used by the -infra templated docs job
[testenv:venv] [testenv:venv]
basepython = python3
commands = commands =
{posargs} {posargs}
[testenv:pep8] [testenv:pep8]
basepython = python3
commands = commands =
bash -c "{toxinidir}/tests/common/test-pep8.sh" bash -c "{toxinidir}/tests/common/test-pep8.sh"
@ -87,7 +94,16 @@ commands =
bash -c "{toxinidir}/tests/common/test-ansible-functional.sh" bash -c "{toxinidir}/tests/common/test-ansible-functional.sh"
[testenv:distro_install]
setenv =
{[testenv]setenv}
ANSIBLE_PARAMETERS=-e @{toxinidir}/tests/common/test-distro_install-vars.yml
commands =
bash -c "{toxinidir}/tests/common/test-ansible-functional.sh"
[testenv:linters] [testenv:linters]
basepython = python3
commands = commands =
bash -c "{toxinidir}/tests/common/test-ansible-env-prep.sh" bash -c "{toxinidir}/tests/common/test-ansible-env-prep.sh"
{[testenv:pep8]commands} {[testenv:pep8]commands}

43
vars/distro_install.yml Normal file
View File

@ -0,0 +1,43 @@
---
# Copyright 2018, SUSE Linux GmbH.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Compile a list of the distro packages to install based on
# whether the host is in the host group and the service is
# enabled.
#
manila_package_list: |-
{% set packages = manila_service_distro_packages %}
{% if manila_services['manila-share']['group'] in group_names %}
{% set _ = packages.extend(manila_share_distro_packages) %}
{% if manila_backend_lvm_inuse | bool %}
{% set _ = packages.extend(manila_lvm_share_distro_packages) %}
{% endif %}
{% endif %}
{% if manila_services['manila-api']['group'] in group_names %}
{% set _ = packages.extend(manila_api_distro_packages) %}
{% endif %}
{% if manila_services['manila-scheduler']['group'] in group_names %}
{% set _ = packages.extend(manila_scheduler_distro_packages) %}
{% endif %}
{% if manila_developer_mode | bool %}
{% set _ = packages.extend(manila_devel_distro_packages) %}
{% endif %}
{% if manila_oslomsg_amqp1_enabled | bool %}
{% set _ = packages.extend(manila_oslomsg_amqp1_distro_packages) %}
{% endif %}
{{ packages }}
_manila_bin: "/usr/bin"

31
vars/main.yml Normal file
View File

@ -0,0 +1,31 @@
---
# Copyright 2017, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Compile a list of the services on a host based on whether
# the host is in the host group and the service is enabled.
# The service list is provided in the defined start order.
#
filtered_manila_services: |-
{% set services = [] %}
{% for key, value in manila_services.items() %}
{% if (value['group'] in group_names) and
(('condition' not in value) or
('condition' in value and value['condition'])) %}
{% set _ = value.update({'service_key': key}) %}
{% set _ = services.append(value) %}
{% endif %}
{% endfor %}
{{ services | sort(attribute='start_order') }}

38
vars/source_install.yml Normal file
View File

@ -0,0 +1,38 @@
---
# Copyright 2017, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Compile a list of the distro packages to install based on
# whether the host is in the host group and the service is
# enabled.
#
manila_package_list: |-
{% set packages = manila_distro_packages %}
{% if manila_services['manila-share']['group'] in group_names %}
{% set _ = packages.extend(manila_share_deps_distro_packages) %}
{% if manila_backend_lvm_inuse | bool %}
{% set _ = packages.extend(manila_lvm_share_distro_packages) %}
{% endif %}
{% endif %}
{% if manila_developer_mode | bool %}
{% set _ = packages.extend(manila_devel_distro_packages) %}
{% endif %}
{% if manila_oslomsg_amqp1_enabled | bool %}
{% set _ = packages.extend(manila_oslomsg_amqp1_distro_packages) %}
{% endif %}
{{ packages }}
_manila_bin: "/openstack/venvs/manila-{{ manila_venv_tag }}/bin"
manila_uwsgi_bin: "{{ _manila_bin }}"

71
vars/ubuntu.yml Normal file
View File

@ -0,0 +1,71 @@
---
# Copyright 2016, Intel Corporation.
# Copyright 2016, IBM Corporation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
## APT Cache options
cache_timeout: 600
# Common apt packages
manila_distro_packages:
- libffi-dev
- libkmod-dev
- libkmod2
- libpq-dev
- libssl-dev
- libxslt1-dev
- nfs-common
- rpcbind
- rsync
- zlib1g
- zlibc
manila_service_distro_packages:
- python-manilaclient
- python-shade
- python-systemd
- python3-systemd
- uwsgi
- uwsgi-plugin-python
manila_devel_distro_packages:
- build-essential
- git-core
- libsystemd-dev
manila_api_distro_packages:
- manila-api
manila_scheduler_distro_packages:
- manila-scheduler
manila_share_distro_packages:
- manila-share
- manila-data
manila_share_deps_distro_packages:
- qemu-utils
manila_lvm_share_distro_packages:
- dmeventd
- lvm2
- parted
- thin-provisioning-tools
- nfs-kernel-server
manila_oslomsg_amqp1_distro_packages:
- libsasl2-modules
- sasl2-bin
manila_uwsgi_bin: '/usr/bin'

View File

@ -17,3 +17,11 @@
- check-requirements - check-requirements
- publish-openstack-docs-pti - publish-openstack-docs-pti
- release-notes-jobs-python3 - release-notes-jobs-python3
check:
jobs:
- openstack-ansible-functional-ubuntu-bionic
- openstack-ansible-functional-distro_install-ubuntu-bionic:
voting: false
gate:
jobs:
- openstack-ansible-functional-ubuntu-bionic