openstack/openstack-ansible-os_octavia
Code Issues Proposed changes

Octavia role hacking

Browse Source 
- installs Octavia service in OSA
- adds a test which installs Octavia (but uses noop
  to work around gate limitations)

Co-Authored-By: German Eichberger <German.eichberger@rackspace.com>

Change-Id: Idb419a4ca5daa311d39c90eda5f83412ccf576ad
This commit is contained in:
Major Hayden 2017-01-06 14:47:58 -06:00 committed by German Eichberger
parent 47943395de
commit f510d6561c
58 changed files with 4189 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
.gitignore vendored Normal file
View File

@ -0,0 +1,71 @@
# Compiled source #
###################
*.com
*.class
*.dll
*.exe
*.o
*.so
*.pyc
build/
dist/
doc/build/
# Packages #
############
# it's better to unpack these files and commit the raw source
# git has its own built in compression methods
*.7z
*.dmg
*.gz
*.iso
*.jar
*.rar
*.tar
*.zip
# Logs and databases #
######################
*.log
*.sql
*.sqlite
logs/*
# OS generated files #
######################
.DS_Store
.DS_Store?
._*
.Spotlight-V100
.Trashes
.idea
.tox
*.sublime*
*.egg-info
Icon?
ehthumbs.db
Thumbs.db
.eggs
# User driven backup files #
############################
*.bak
*.swp
# Generated by pbr while building docs
######################################
AUTHORS
ChangeLog
# Files created by releasenotes build
releasenotes/build
# Test temp files
tests/plugins
tests/common
tests/*.retry
# Vagrant artifacts
.vagrant

100
CONTRIBUTING.rst Normal file
View File

@ -0,0 +1,100 @@
OpenStack-Ansible Heat
######################
:tags: openstack, heat, cloud, ansible
:category: \*nix
Contributor Guidelines
^^^^^^^^^^^^^^^^^^^^^^
Filing Bugs
-----------
Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net
/openstack-ansible"
When submitting a bug, or working on a bug, please ensure the following
criteria are met:
* The description clearly states or describes the original problem or root
cause of the problem.
* Include historical information on how the problem was identified.
* Any relevant logs are included.
* The provided information should be totally self-contained. External
access to web services/sites should not be needed.
* Steps to reproduce the problem if possible.
Submitting Code
---------------
Changes to the project should be submitted for review via the Gerrit tool,
following the workflow documented at:
"http://docs.openstack.org/infra/manual/developers.html#development-workflow"
Pull requests submitted through GitHub will be ignored and closed without
regard.
Extra
-----
Tags: If it's a bug that needs fixing in a branch in addition to Master, add a
'\<release\>-backport-potential' tag (eg ``juno-backport-potential``).
There are predefined tags that will autocomplete.
Status:
Please leave this alone, it should be New till someone triages the issue.
Importance:
Should only be touched if it is a Blocker/Gating issue. If it is, please
set to High, and only use Critical if you have found a bug that can take
down whole infrastructures.
Style guide
-----------
When creating tasks and other roles for use in Ansible please create then
using the YAML dictionary format.
Example YAML dictionary format:
.. code-block:: yaml
- name: The name of the tasks
module_name:
thing1: "some-stuff"
thing2: "some-other-stuff"
tags:
- some-tag
- some-other-tag
Example **NOT** in YAML dictionary format:
.. code-block:: yaml
- name: The name of the tasks
module_name: thing1="some-stuff" thing2="some-other-stuff"
tags:
- some-tag
- some-other-tag
Usage of the ">" and "|" operators should be limited to Ansible conditionals
and command modules such as the ansible ``shell`` module.
Issues
------
When submitting an issue, or working on an issue please ensure the following
criteria are met:
* The description clearly states or describes the original problem or root
cause of the problem.
* Include historical information on how the problem was identified.
* Any relevant logs are included.
* If the issue is a bug that needs fixing in a branch other than Master,
add the backport potential tag TO THE ISSUE (not the PR).
* The provided information should be totally self-contained. External
access to web services/sites should not be needed.
* If the issue is needed for a hotfix release, add the 'expedite' label.
* Steps to reproduce the problem if possible.

202
LICENSE Normal file
View File

@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

19
README.rst Normal file
View File

@ -0,0 +1,19 @@
========================
Team and repository tags
========================
.. image:: http://governance.openstack.org/badges/openstack-ansible-os_octavia.svg
:target: http://governance.openstack.org/reference/tags/index.html
.. Change things from this point on
=========================
OpenStack-Ansible Octavia
=========================
Ansible role that installs and configures OpenStack Octavia.
Documentation for the project can be found at:
`<http://docs.openstack.org/developer/openstack-ansible-os_octavia/>`_
The project home is at: `<http://launchpad.net/openstack-ansible>`_

12
Vagrantfile vendored Normal file
View File

@ -0,0 +1,12 @@
Vagrant.configure(2) do |config|
config.vm.box = "ubuntu/xenial64"
config.vm.provider "virtualbox" do |v|
v.memory = 2048
v.cpus = 2
end
config.vm.provision "shell", inline: <<-SHELL
sudo su -
cd /vagrant
./run_tests.sh
SHELL
end

42
bindep.txt Normal file
View File

@ -0,0 +1,42 @@
# This file facilitates OpenStack-CI package installation
# before the execution of any tests.
#
# See the following for details:
# - http://docs.openstack.org/infra/bindep/
# - https://github.com/openstack-infra/bindep
#
# Even if the role does not make use of this facility, it
# is better to have this file empty, otherwise OpenStack-CI
# will fall back to installing its default packages which
# will potentially be detrimental to the tests executed.
# Base requirements for Ubuntu
build-essential [platform:dpkg]
git-core [platform:dpkg]
libssl-dev [platform:dpkg]
libffi-dev [platform:dpkg]
python2.7 [platform:dpkg]
python-apt [platform:dpkg]
python-dev [platform:dpkg]
# Base requirements for CentOS
gcc [platform:rpm]
gcc-c++ [platform:rpm]
git [platform:rpm]
python-devel [platform:rpm]
libffi-devel [platform:rpm]
openssl-devel [platform:rpm]
# For SELinux
libselinux-python [platform:rpm]
# For SSL SNI support
python-pyasn1 [platform:dpkg]
python-openssl [platform:dpkg]
python-ndg-httpsclient [platform:ubuntu]
python2-pyasn1 [platform:rpm]
pyOpenSSL [platform:rpm]
python-ndg_httpsclient [platform:rpm]
# Required for compressing collected log files in CI
gzip

268
defaults/main.yml Normal file
View File

@ -0,0 +1,268 @@
---
# Copyright 2017, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
## Verbosity Options
debug: False
# Set the package install state for distribution and pip packages
# Options are 'present' and 'latest'
octavia_package_state: "latest"
octavia_pip_package_state: "latest"
octavia_git_repo: https://git.openstack.org/openstack/octavia
octavia_git_install_branch: master
octavia_developer_mode: false
octavia_developer_constraints:
- "git+{{ octavia_git_repo }}@{{ octavia_git_install_branch }}#egg=octavia"
# Name of the virtual env to deploy into
octavia_venv_tag: untagged
octavia_bin: "/openstack/venvs/octavia-{{ octavia_venv_tag }}/bin"
octavia_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/octavia.tgz
octavia_fatal_deprecations: False
octavia_clients_endpoint: internalURL
## DB
octavia_galera_user: octavia
octavia_galera_database: octavia
octavia_db_max_overflow: 20
octavia_db_pool_size: 120
octavia_db_pool_timeout: 30
## RabbitMQ info
## Configuration for RPC communications
octavia_rpc_backend: octavia.openstack.common.rpc.impl_kombu
octavia_rabbitmq_userid: octavia
octavia_rabbitmq_vhost: /octavia
octavia_rabbitmq_servers: 127.0.0.1
octavia_rabbitmq_use_ssl: False
octavia_rabbitmq_port: 5672
## Configuration for notifications communication, i.e. [oslo_messaging_notifications]
octavia_rabbitmq_telemetry_userid: "{{ octavia_rabbitmq_userid }}"
octavia_rabbitmq_telemetry_password: "{{ octavia_rabbitmq_password }}"
octavia_rabbitmq_telemetry_vhost: "{{ octavia_rabbitmq_vhost }}"
octavia_rabbitmq_telemetry_port: "{{ octavia_rabbitmq_port }}"
octavia_rabbitmq_telemetry_servers: "{{ octavia_rabbitmq_servers }}"
octavia_rabbitmq_telemetry_use_ssl: "{{ octavia_rabbitmq_use_ssl }}"
## octavia User / Group
octavia_system_user_name: octavia
octavia_system_group_name: octavia
octavia_system_shell: /bin/false
octavia_system_comment: octavia system user
octavia_system_home_folder: "/var/lib/{{ octavia_system_user_name }}"
## Default domain
octavia_project_domain_name: Default
octavia_project_name: admin
octavia_user_domain_name: Default
## Stack
octavia_stack_domain_admin: stack_domain_admin
octavia_stack_owner_name: octavia_stack_owner
octavia_stack_domain_description: Owns users and projects created by octavia
octavia_stack_user_domain_name: octavia
octavia_max_nested_stack_depth: 5
octavia_deferred_auth_method: trusts
octavia_trusts_delegated_roles: []
## Cinder backups
octavia_cinder_backups_enabled: false
# osprofiler
octavia_profiler_enabled: false
octavia_profiler_trace_sqlalchemy: false
## Auth
octavia_service_region: RegionOne
octavia_service_project_name: "service"
octavia_service_user_name: "octavia"
octavia_service_role_name: admin
octavia_service_project_domain_id: default
octavia_service_user_domain_id: default
octavia_keystone_auth_plugin: password
octavia_ansible_endpoint_type: "internal" # endpoint for ansible
## Trustee Auth
octavia_service_trustee_project_name: "service"
octavia_service_trustee_user_name: "octavia"
octavia_service_trustee_password: "{{ octavia_service_password }}"
octavia_service_trustee_project_domain_id: "default"
octavia_service_trustee_user_domain_id: "default"
octavia_keystone_trustee_auth_plugin: "{{ octavia_keystone_trustee_auth_type }}"
octavia_keystone_trustee_auth_type: password
## octavia api service type and data
octavia_service_name: octavia
octavia_service_description: "Octavia Load Balancing Service"
octavia_service_port: 9876
octavia_service_proto: http
octavia_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(octavia_service_proto) }}"
octavia_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(octavia_service_proto) }}"
octavia_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(octavia_service_proto) }}"
octavia_service_type: load-balancing
octavia_service_publicuri: "{{ octavia_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ octavia_service_port }}"
octavia_service_publicurl: "{{ octavia_service_publicuri }}/v1/%(tenant_id)s"
octavia_service_adminuri: "{{ octavia_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ octavia_service_port }}"
octavia_service_adminurl: "{{ octavia_service_adminuri }}/v1/%(tenant_id)s"
octavia_service_internaluri: "{{ octavia_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ octavia_service_port }}"
octavia_service_internalurl: "{{ octavia_service_internaluri }}/v1/%(tenant_id)s"
octavia_service_in_ldap: false
## RPC
octavia_rpc_backend: rabbit
octavia_rpc_thread_pool_size: 64
octavia_rpc_conn_pool_size: 30
octavia_rpc_response_timeout: 60
octavia_rpc_workers: 2
## Plugin dirs
octavia_plugin_dirs:
- /usr/lib/octavia
- /usr/local/lib/octavia
# octavia packages that must be installed before anything else
octavia_requires_pip_packages:
- virtualenv
- virtualenv-tools
- python-keystoneclient # Keystoneclient needed to OSA keystone lib
- httplib2
# Common pip packages
octavia_pip_packages:
- keystonemiddleware
- PyMySQL
- python-memcached
- pycrypto
- python-ceilometerclient
- python-cinderclient
- python-glanceclient
- python-heatclient
- python-keystoneclient
- python-neutronclient
- python-novaclient
- python-openstackclient
- python-swiftclient
- python-troveclient
- octavia
## Service Name-Group Mapping
octavia_services:
octavia-api:
group: octavia_api
service_name: octavia-api
octavia-worker:
group: octavia_worker
service_name: octavia-worker
octavia-housekeeping:
group: octavia_housekeeping
service_name: octavia-housekeeping
octavia-health-manager:
group: octavia_health_manager
service_name: octavia-health-manager
# Required secrets for the role
octavia_required_secrets:
- keystone_auth_admin_password
- octavia_stack_domain_admin_password
- octavia_auth_encryption_key
- octavia_container_mysql_password
- octavia_rabbitmq_password
- octavia_service_password
- memcached_encryption_key
# This variable is used by the repo_build process to determine
# which host group to check for members of before building the
# pip packages required by this role. The value is picked up
# by the py_pkgs lookup.
octavia_role_project_group: octavia_all
## Octavia configs
# Load balancer topology options are SINGLE, ACTIVE_STANDBY
# ACTIVE_STANDBY is recommended for production settings
octavia_loadbalancer_topology: SINGLE
# Image tag for the amphora image in glance
octavia_glance_image_tag: octavia-amphora-image
# add here the id of the image owner to avoid faked images being used
octavia_amp_image_owner_id:
# Name of the Octavia management network
octavia_neutron_management_network_name: mgmt
# Name of the Octavia security group
octavia_security_group_name: octavia_sec_grp
# Restrict access to only authorized hosts
octavia_security_group_rule_cidr:
# ssh enabled - switch to True if you need ssh access to the amphora
# and make sure to uplaod a key with the name below
octavia_ssh_enabled: False
octavia_ssh_key_name: octavia_key
# port the agent listens on
octavia_agent_port: "9443"
octavia_health_manager_port: 5555
#Octavia Nova flavor
octavia_amp_flavor_name: "m1.amphora"
octavia_amp_ram: 1024
octavia_amp_vcpu: 1
octavia_amp_disk: 2
# client certs
octavia_client_ca: "{{ octavia_system_home_folder }}/certs/ca_01.pem"
octavia_client_cert: "{{ octavia_system_home_folder }}/certs/client.pem"
# server
octavia_server_ca: "{{ octavia_system_home_folder }}/certs/ca_01.pem"
# ca certs
octavia_ca_private_key: "{{ octavia_system_home_folder }}/certs/private/cakey.pem"
octavia_ca_certificate: "{{ octavia_system_home_folder }}/certs/ca_01.pem"
octavia_ca_private_key_passphrase: foobar
octavia_signing_digest: sha256
# spare pool - increase to speed up load balancer creation and fail over
octavia_spare_amphora_pool_size: 1
# only increase when it's a really busy system since this is by deployed host,
# e.g. 3 hosts, 5 workers (this param) per host, results in 15 worker total
octavia_task_flow_max_workers: 5
# event_streamer - set to False if you don't need up to date lb information and/or
# your queue is crashing (Octavia will stream events to the neutron DB)
octavia_event_streamer: True
octavia_hm_group: "octavia-health-manager"
octavia_hm_hosts: "{% for host in groups[octavia_hm_group] %}{{ hostvars[host]['ansible_host'] }}{% if not loop.last %},{% endif %}{% endfor %}"
# Set up the drivers
octavia_amphora_driver: amphora_haproxy_rest_driver
octavia_compute_driver: compute_nova_driver
octavia_network_driver: allowed_address_pairs_driver
## Tunable overrides
octavia_octavia_conf_overrides: {}
octavia_api_paste_ini_overrides: {}
octavia_policy_overrides: {}

195
doc/Makefile Normal file
View File

@ -0,0 +1,195 @@
# Makefile for Sphinx documentation
#
# You can set these variables from the command line.
SPHINXOPTS =
SPHINXBUILD = sphinx-build
PAPER =
BUILDDIR = build
# User-friendly check for sphinx-build
ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1)
$(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don't have Sphinx installed, grab it from http://sphinx-doc.org/)
endif
# Internal variables.
PAPEROPT_a4 = -D latex_paper_size=a4
PAPEROPT_letter = -D latex_paper_size=letter
ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source
# the i18n builder cannot share the environment and doctrees with the others
I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source
.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest coverage gettext
help:
@echo "Please use \`make <target>' where <target> is one of"
@echo " html to make standalone HTML files"
@echo " dirhtml to make HTML files named index.html in directories"
@echo " singlehtml to make a single large HTML file"
@echo " pickle to make pickle files"
@echo " json to make JSON files"
@echo " htmlhelp to make HTML files and a HTML help project"
@echo " qthelp to make HTML files and a qthelp project"
@echo " applehelp to make an Apple Help Book"
@echo " devhelp to make HTML files and a Devhelp project"
@echo " epub to make an epub"
@echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter"
@echo " latexpdf to make LaTeX files and run them through pdflatex"
@echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx"
@echo " text to make text files"
@echo " man to make manual pages"
@echo " texinfo to make Texinfo files"
@echo " info to make Texinfo files and run them through makeinfo"
@echo " gettext to make PO message catalogs"
@echo " changes to make an overview of all changed/added/deprecated items"
@echo " xml to make Docutils-native XML files"
@echo " pseudoxml to make pseudoxml-XML files for display purposes"
@echo " linkcheck to check all external links for integrity"
@echo " doctest to run all doctests embedded in the documentation (if enabled)"
@echo " coverage to run coverage check of the documentation (if enabled)"
clean:
rm -rf $(BUILDDIR)/*
html:
$(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
@echo
@echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
dirhtml:
$(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml
@echo
@echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml."
singlehtml:
$(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml
@echo
@echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml."
pickle:
$(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle
@echo
@echo "Build finished; now you can process the pickle files."
json:
$(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json
@echo
@echo "Build finished; now you can process the JSON files."
htmlhelp:
$(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp
@echo
@echo "Build finished; now you can run HTML Help Workshop with the" \
".hhp project file in $(BUILDDIR)/htmlhelp."
qthelp:
$(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp
@echo
@echo "Build finished; now you can run "qcollectiongenerator" with the" \
".qhcp project file in $(BUILDDIR)/qthelp, like this:"
@echo "# qcollectiongenerator $(BUILDDIR)/qthelp/openstack-ansible-os_heat.qhcp"
@echo "To view the help file:"
@echo "# assistant -collectionFile $(BUILDDIR)/qthelp/openstack-ansible-os_heat.qhc"
applehelp:
$(SPHINXBUILD) -b applehelp $(ALLSPHINXOPTS) $(BUILDDIR)/applehelp
@echo
@echo "Build finished. The help book is in $(BUILDDIR)/applehelp."
@echo "N.B. You won't be able to view it unless you put it in" \
"~/Library/Documentation/Help or install it in your application" \
"bundle."
devhelp:
$(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp
@echo
@echo "Build finished."
@echo "To view the help file:"
@echo "# mkdir -p $$HOME/.local/share/devhelp/openstack-ansible-os_heat"
@echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/openstack-ansible-os_heat"
@echo "# devhelp"
epub:
$(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub
@echo
@echo "Build finished. The epub file is in $(BUILDDIR)/epub."
latex:
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo
@echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex."
@echo "Run \`make' in that directory to run these through (pdf)latex" \
"(use \`make latexpdf' here to do that automatically)."
latexpdf:
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo "Running LaTeX files through pdflatex..."
$(MAKE) -C $(BUILDDIR)/latex all-pdf
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
latexpdfja:
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo "Running LaTeX files through platex and dvipdfmx..."
$(MAKE) -C $(BUILDDIR)/latex all-pdf-ja
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
text:
$(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text
@echo
@echo "Build finished. The text files are in $(BUILDDIR)/text."
man:
$(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man
@echo
@echo "Build finished. The manual pages are in $(BUILDDIR)/man."
texinfo:
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
@echo
@echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo."
@echo "Run \`make' in that directory to run these through makeinfo" \
"(use \`make info' here to do that automatically)."
info:
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
@echo "Running Texinfo files through makeinfo..."
make -C $(BUILDDIR)/texinfo info
@echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo."
gettext:
$(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale
@echo
@echo "Build finished. The message catalogs are in $(BUILDDIR)/locale."
changes:
$(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes
@echo
@echo "The overview file is in $(BUILDDIR)/changes."
linkcheck:
$(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck
@echo
@echo "Link check complete; look for any errors in the above output " \
"or in $(BUILDDIR)/linkcheck/output.txt."
doctest:
$(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest
@echo "Testing of doctests in the sources finished, look at the " \
"results in $(BUILDDIR)/doctest/output.txt."
coverage:
$(SPHINXBUILD) -b coverage $(ALLSPHINXOPTS) $(BUILDDIR)/coverage
@echo "Testing of coverage in the sources finished, look at the " \
"results in $(BUILDDIR)/coverage/python.txt."
xml:
$(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml
@echo
@echo "Build finished. The XML files are in $(BUILDDIR)/xml."
pseudoxml:
$(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml
@echo
@echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml."
livehtml: html
sphinx-autobuild -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html

338
doc/source/conf.py Normal file
View File

@ -0,0 +1,338 @@
#!/usr/bin/env python3
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This file is execfile()d with the current directory set to its
# containing dir.
#
# Note that not all possible configuration values are present in this
# autogenerated file.
#
# All configuration values have a default; values that are commented out
# serve to show the default.
import openstackdocstheme
import pbr.version
import os
# If extensions (or modules to document with autodoc) are in another directory,
# add these directories to sys.path here. If the directory is relative to the
# documentation root, use os.path.abspath to make it absolute, like shown here.
# sys.path.insert(0, os.path.abspath('.'))
# -- General configuration ------------------------------------------------
# If your documentation needs a minimal Sphinx version, state it here.
# needs_sphinx = '1.0'
# Add any Sphinx extension module names here, as strings. They can be
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
# ones.
extensions = [
'sphinx.ext.autodoc',
'oslosphinx',
'sphinxmark'
]
# Add any paths that contain templates here, relative to this directory.
templates_path = ['_templates']
# The suffix(es) of source filenames.
# You can specify multiple suffix as a list of string:
# source_suffix = ['.rst', '.md']
source_suffix = '.rst'
# The encoding of source files.
# source_encoding = 'utf-8-sig'
# The master toctree document.
master_doc = 'index'
# General information about the project.
author = 'OpenStack-Ansible Contributors'
category = 'Miscellaneous'
copyright = '2014-2016, OpenStack-Ansible Contributors'
description = 'OpenStack-Ansible deploys OpenStack environments using Ansible.'
project = 'OpenStack-Ansible'
role_name = 'os_octavia'
target_name = 'openstack-ansible-' + role_name
title = 'OpenStack-Ansible Documentation: ' + role_name + 'role'
# The link to the browsable source code (for the left hand menu)
oslosphinx_cgit_link = 'http://git.openstack.org/cgit/openstack/' + target_name
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
#
# The short X.Y version.
version_info = pbr.version.VersionInfo(target_name)
# The full version, including alpha/beta/rc tags.
release = version_info.version_string_with_vcs()
# The short X.Y version.
version = version_info.canonical_version_string()
# A few variables have to be set for the log-a-bug feature.
# giturl: The location of conf.py on Git. Must be set manually.
# gitsha: The SHA checksum of the bug description.
# Automatically extracted from git log.
# bug_tag: Tag for categorizing the bug. Must be set manually.
# These variables are passed to the logabug code via html_context.
giturl = ("http://git.openstack.org/cgit/openstack/{0}"
"/tree/doc/source").format(target_name)
git_cmd = "/usr/bin/git log | head -n1 | cut -f2 -d' '"
gitsha = os.popen(git_cmd).read().strip('\n')
bug_project = project.lower()
bug_title = "Documentation bug"
html_context = {"gitsha": gitsha, "giturl": giturl,
"bug_tag": "docs", "bug_title": bug_title,
"bug_project": bug_project}
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
#
# This is also used if you do content translation via gettext catalogs.
# Usually you set "language" from the command line for these cases.
language = None
# There are two options for replacing |today|: either, you set today to some
# non-false value, then it is used:
# today = ''
# Else, today_fmt is used as the format for a strftime call.
# today_fmt = '%B %d, %Y'
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
exclude_patterns = []
# The reST default role (used for this markup: `text`) to use for all
# documents.
# default_role = None
# If true, '()' will be appended to :func: etc. cross-reference text.
# add_function_parentheses = True
# If true, the current module name will be prepended to all description
# unit titles (such as .. function::).
# add_module_names = True
# If true, sectionauthor and moduleauthor directives will be shown in the
# output. They are ignored by default.
# show_authors = False
# The name of the Pygments (syntax highlighting) style to use.
pygments_style = 'sphinx'
# A list of ignored prefixes for module index sorting.
# modindex_common_prefix = []
# If true, keep warnings as "system message" paragraphs in the built documents.
# keep_warnings = False
# If true, `todo` and `todoList` produce output, else they produce nothing.
todo_include_todos = False
# -- Options for HTML output ----------------------------------------------
# The theme to use for HTML and HTML Help pages. See the documentation for
# a list of builtin themes.
html_theme = 'openstackdocs'
# Theme options are theme-specific and customize the look and feel of a theme
# further. For a list of options available for each theme, see the
# documentation.
# html_theme_options = {}
# Add any paths that contain custom themes here, relative to this directory.
html_theme_path = [openstackdocstheme.get_html_theme_path()]
# The name for this set of Sphinx documents. If None, it defaults to
# "<project> v<release> documentation".
# html_title = None
# A shorter title for the navigation bar. Default is the same as html_title.
# html_short_title = None
# The name of an image file (relative to this directory) to place at the top
# of the sidebar.
# html_logo = None
# The name of an image file (within the static path) to use as favicon of the
# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32
# pixels large.
# html_favicon = None
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
html_static_path = ['_static']
# Add any extra paths that contain custom files (such as robots.txt or
# .htaccess) here, relative to this directory. These files are copied
# directly to the root of the documentation.
# html_extra_path = []
# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
# using the given strftime format.
html_last_updated_fmt = '%Y-%m-%d %H:%M'
# If true, SmartyPants will be used to convert quotes and dashes to
# typographically correct entities.
# html_use_smartypants = True
# Custom sidebar templates, maps document names to template names.
# html_sidebars = {}
# Additional templates that should be rendered to pages, maps page names to
# template names.
# html_additional_pages = {}
# If false, no module index is generated.
# html_domain_indices = True
# If false, no index is generated.
# html_use_index = True
# If true, the index is split into individual pages for each letter.
# html_split_index = False
# If true, links to the reST sources are added to the pages.
# html_show_sourcelink = True
# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
# html_show_sphinx = True
# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
# html_show_copyright = True
# If true, an OpenSearch description file will be output, and all pages will
# contain a <link> tag referring to it. The value of this option must be the
# base URL from which the finished HTML is served.
# html_use_opensearch = ''
# This is the file name suffix for HTML files (e.g. ".xhtml").
# html_file_suffix = None
# Language to be used for generating the HTML full-text search index.
# Sphinx supports the following languages:
# 'da', 'de', 'en', 'es', 'fi', 'fr', 'h', 'it', 'ja'
# 'nl', 'no', 'pt', 'ro', 'r', 'sv', 'tr'
# html_search_language = 'en'
# A dictionary with options for the search language support, empty by default.
# Now only 'ja' uses this config value
# html_search_options = {'type': 'default'}
# The name of a javascript file (relative to the configuration directory) that
# implements a search results scorer. If empty, the default will be used.
# html_search_scorer = 'scorer.js'
# Output file base name for HTML help builder.
htmlhelp_basename = target_name + '-docs'
# -- Options for LaTeX output ---------------------------------------------
latex_elements = {
# The paper size ('letterpaper' or 'a4paper').
# 'papersize': 'letterpaper',
# The font size ('10pt', '11pt' or '12pt').
# 'pointsize': '10pt',
# Additional stuff for the LaTeX preamble.
# 'preamble': '',
# Latex figure (float) alignment
# 'figure_align': 'htbp',
}
# Grouping the document tree into LaTeX files. List of tuples
# (source start file, target name, title,
# author, documentclass [howto, manual, or own class]).
latex_documents = [
(master_doc, target_name + '.tex',
title, author, 'manual'),
]
# The name of an image file (relative to this directory) to place at the top of
# the title page.
# latex_logo = None
# For "manual" documents, if this is true, then toplevel headings are parts,
# not chapters.
# latex_use_parts = False
# If true, show page references after internal links.
# latex_show_pagerefs = False
# If true, show URL addresses after external links.
# latex_show_urls = False
# Documents to append as an appendix to all manuals.
# latex_appendices = []
# If false, no module index is generated.
# latex_domain_indices = True
# -- Options for manual page output ---------------------------------------
# One entry per manual page. List of tuples
# (source start file, name, description, authors, manual section).
man_pages = [
(master_doc, target_name,
title, [author], 1)
]
# If true, show URL addresses after external links.
# man_show_urls = False
# -- Options for Texinfo output -------------------------------------------
# Grouping the document tree into Texinfo files. List of tuples
# (source start file, target name, title, author,
# dir menu entry, description, category)
texinfo_documents = [
(master_doc, target_name,
title, author, project,
description, category),
]
# Documents to append as an appendix to all manuals.
# texinfo_appendices = []
# If false, no module index is generated.
# texinfo_domain_indices = True
# How to display URL addresses: 'footnote', 'no', or 'inline'.
# texinfo_show_urls = 'footnote'
# If true, do not generate a @detailmenu in the "Top" node's menu.
# texinfo_no_detailmenu = False
watermark = os.popen("git branch --contains $(git rev-parse HEAD)\
| awk -F/ '/stable/ {print $2}'").read().strip(' \n\t').capitalize()
if watermark == "":
watermark = "Pre-release"
# -- Options for sphinxmark -----------------------------------------------
sphinxmark_enable = True
sphinxmark_div = 'docs-body'
sphinxmark_image = 'text'
sphinxmark_text = watermark
sphinxmark_text_color = (128, 128, 128)
sphinxmark_text_size = 70

173
doc/source/configure-octavia.rst Normal file
View File

@ -0,0 +1,173 @@
=========================================================
Configuring the Octavia Load Balancing service (optional)
=========================================================
.. note::
This feature is experimental at this time and it has not been fully
production tested yet.
Octavia is an OpenStack project which provides operator-grade Load Balancing
(as opposed to the namespace driver) by deploying each individual load
balancer to its own virtual machine and leveraging haproxy to perform the
load balancing.
Octavia is scalable and has built-in high availability through active-passive.
OpenStack-Ansible deployment
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#. Create the openstack-ansible container(s) for Octavia
#. Run the os-octavia playbook
#. Eventually the os-neutron playbook needs to be rerun.
Setup a neutron network for use by octavia
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In a general case, neutron networking can be a simple flat network. However,
in a complex case, this can be whatever you need and want. Ensure
you adjust the deployment accordingly. The following is an example:
.. code-block:: bash
neutron net-create cleaning-net --shared \
--provider:network_type flat \
--provider:physical_network mgmt
neutron subnet-create ironic-net 172.19.0.0/22 --name mgmt-subnet
--ip-version=4 \
--allocation-pool start=172.19.1.100,end=172.19.1.200 \
--enable-dhcp \
--dns-nameservers list=true 8.8.4.4 8.8.8.8
Building Octavia images
~~~~~~~~~~~~~~~~~~~~~~~
Images using the ``diskimage-builder`` must be built outside of a container.
For this process, use one of the physical hosts within the environment.
#. Install the necessary packages:
.. code-block:: bash
apt-get install -y qemu uuid-runtime curl kpartx git jq python-pip
#. Install the necessary pip packages:
.. code-block:: bash
pip install argparse Babel>=1.3 dib-utils PyYAML
#. Clone the necessary repositories
.. code-block:: bash
git clone https://github.com/openstack/octavia.git
git clone https://git.openstack.org/openstack/diskimage-builder.git
#. Run Octavia's diskimage script
In the ``octavia/diskimage-create`` directory run:
.. code-block:: bash
./diskimage-create.sh
#. Upload the created user images into the Image (glance) Service:
.. code-block:: bash
glance image-create --name amphora-x64-haproxy --visibility private --disk-format qcow2 \
--container-format bare --tags octavia-amphora-image </var/lib/octavia/amphora-x64-haproxy.qcow2
You can find more information abpout the diskimage script and the process at
https://github.com/openstack/octavia/tree/master/diskimage-create
Here is a script to perform all those tasks at once:
.. code-block:: bash
#/bin/sh
apt-get install -y qemu uuid-runtime curl kpartx git jq
pip -v >/dev/null || {apt-get install -y python-pip}
pip install argparse Babel>=1.3 dib-utils PyYAML
pushd /tmp
git clone https://github.com/openstack/octavia.git
git clone https://git.openstack.org/openstack/diskimage-builder.git
pushd octavia/diskimage-create
./diskimage-create.sh
mv amphora-x64-haproxy.qcow2 /tmp
popd
popd
#upload image
glance image-create --name amphora-x64-haproxy --visibility private --disk-format qcow2 \
--container-format bare --tags octavia-amphora-image </var/lib/octavia/amphora-x64-haproxy.qcow2
.. note::
If you have trouble installing dib-utils from pipy consider installing it directly from souce
` pip install git+https://github.com/openstack/dib-utils.git`
Creating the cryptographic certificates
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. note::
For production installation make sure that you review this very carefully with your
own security requirements and potantially use your own CA to sign the certificates.
#. Run the certificate script.
In the bin directory of the Octavia project you cloned above run:
.. code-block:: bash
mkdir /var/lib/octavia/certs
source create_certificates.sh /var/lib/octavia/certs `pwd`/../etc/certificates/openssl.cnf
.. note::
The certificates will be created in ``/var/lib/octavia/certs`` where the
ansible script are expecting them.
Optional: Configuring Octavia with ssh access to the amphora
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In rare cases it might be beneficial to gain ssh access to the
amphora for additional trouble shooting. Follow these steps to
enable access.
#. Create an ssh key
.. code-block:: bash
ssh-keygen
#. Upoad the key into nova as the *octavia* user:
.. code-block:: bash
openstack keypair create --public-key <public key file> octavia_key
.. note::
To find the octavia user's username and credentials review
the octavia-config file
on any octavia container in /etc/octavia.
#. Configure Octavia accordingly
Add a ``octavia_ssh_enabled: True`` to the user file in
/etc/openstack-deploy
Optional: Tuning Octavia for production use
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please have a close look at the ``main.yml`` for tunable parameters.
The most important change is to set Octavia into ACTIVE_STANDBY mode
by adding ``octavia_loadbalancer_topology: ACTIVE_STANDBY`` to the
user file in /etc/openstack-deploy
To speed up the creation of load balancers or in a SINGLE topolgy
to speed up the failover a spare pool can be used.
The variable ``octavia_spare_amphora_pool_size`` controls
the size of the pool. The system will try
to prebuild this number so using too big a number will
consumes a lot of unnecessary resources.

46
doc/source/index.rst Normal file
View File

@ -0,0 +1,46 @@
=============================================================
OpenStack-Ansible role for the Octavia Load Balancing Service
=============================================================
.. toctree::
:maxdepth: 2
configure-octavia.rst
This is an OpenStack-Ansible role to deploy the Octavia Load Balancing
service. See the `role-octavia spec`_ for more information.
.. _role-octavia spec: TBD
To clone or view the source code for this repository, visit the role repository
for `os_octavia <https://github.com/openstack/openstack-ansible-os_octavia>`_.
Default variables
~~~~~~~~~~~~~~~~~
.. literalinclude:: ../../defaults/main.yml
:language: yaml
:start-after: under the License.
Required variables
~~~~~~~~~~~~~~~~~~
None.
Example playbook
~~~~~~~~~~~~~~~~
.. literalinclude:: ../../examples/playbook.yml
:language: yaml
Tags
====
This role supports the ``octavia-install`` and ``octavia-config`` tags.
Use the ``octavia-install`` tag to install and upgrade. Use the
``octavia-config`` tag to maintain configuration of the service.

11
examples/playbook.yml Normal file
View File

@ -0,0 +1,11 @@
- name: Install octavia server
hosts: octavia_all
user: root
roles:
- { role: "os_octavia", tags: [ "os-octavia" ] }
vars:
external_lb_vip_address: 172.16.24.1
internal_lb_vip_address: 192.168.0.1
octavia_galera_address: "{{ internal_lb_vip_address }}"
keystone_admin_user_name: admin
keystone_admin_tenant_name: admin

37
handlers/main.yml Normal file
View File

@ -0,0 +1,37 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Reload systemd daemon
command: "systemctl daemon-reload"
notify:
- Restart octavia services
- name: Restart octavia services
service:
name: "{{ item.value.service_name }}"
state: "restarted"
with_dict: "{{ octavia_services }}"
- name: Start octavia services
service:
name: "{{ item.value.service_name }}"
state: "started"
with_dict: "{{ octavia_services }}"
- name: Stop octavia services
service:
name: "{{ item.value.service_name }}"
state: "stopped"
with_dict: "{{ octavia_services }}"

33
manual-test.rc Normal file
View File

@ -0,0 +1,33 @@
export VIRTUAL_ENV=$(pwd)
export ANSIBLE_HOST_KEY_CHECKING=False
export ANSIBLE_SSH_CONTROL_PATH=/tmp/%%h-%%r
# TODO (odyssey4me) These are only here as they are non-standard folder
# names for Ansible 1.9.x. We are using the standard folder names for
# Ansible v2.x. We can remove this when we move to Ansible 2.x.
export ANSIBLE_ACTION_PLUGINS=${HOME}/.ansible/plugins/action
export ANSIBLE_CALLBACK_PLUGINS=${HOME}/.ansible/plugins/callback
export ANSIBLE_FILTER_PLUGINS=${HOME}/.ansible/plugins/filter
export ANSIBLE_LOOKUP_PLUGINS=${HOME}/.ansible/plugins/lookup
# This is required as the default is the current path or a path specified
# in ansible.cfg
export ANSIBLE_LIBRARY=${HOME}/.ansible/plugins/library
# This is required as the default is '/etc/ansible/roles' or a path
# specified in ansible.cfg
export ANSIBLE_ROLES_PATH=${HOME}/.ansible/roles:$(pwd)/..
export ANSIBLE_SSH_ARGS="-o ControlMaster=no \
-o UserKnownHostsFile=/dev/null \
-o StrictHostKeyChecking=no \
-o ServerAliveInterval=64 \
-o ServerAliveCountMax=1024 \
-o Compression=no \
-o TCPKeepAlive=yes \
-o VerifyHostKeyDNS=no \
-o ForwardX11=no \
-o ForwardAgent=yes"
echo "Run manual functional tests by executing the following:"
echo "# ./.tox/functional/bin/ansible-playbook -i tests/inventory tests/test.yml"

38
meta/main.yml Normal file
View File

@ -0,0 +1,38 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
galaxy_info:
author: rcbops
description: Installation and setup of octavia
company: Rackspace
license: Apache2
min_ansible_version: 2.0
platforms:
- name: Ubuntu
versions:
- xenial
categories:
- cloud
- development
- octavia
- openstack
- python
dependencies:
- pip_install
- role: apt_package_pinning
when:
- ansible_pkg_mgr == 'apt'
- galera_client
- openstack_openrc

0
releasenotes/notes/.placeholder Normal file
View File

0
releasenotes/source/_static/.placeholder Normal file
View File

0
releasenotes/source/_templates/.placeholder Normal file
View File

284
releasenotes/source/conf.py Normal file
View File

@ -0,0 +1,284 @@
#!/usr/bin/env python3
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This file is execfile()d with the current directory set to its
# containing dir.
#
# Note that not all possible configuration values are present in this
# autogenerated file.
#
# All configuration values have a default; values that are commented out
# serve to show the default.
import pbr.version
# If extensions (or modules to document with autodoc) are in another directory,
# add these directories to sys.path here. If the directory is relative to the
# documentation root, use os.path.abspath to make it absolute, like shown here.
# sys.path.insert(0, os.path.abspath('.'))
# -- General configuration ------------------------------------------------
# If your documentation needs a minimal Sphinx version, state it here.
# needs_sphinx = '1.0'
# Add any Sphinx extension module names here, as strings. They can be
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
# ones.
extensions = [
'oslosphinx',
'reno.sphinxext',
]
# Add any paths that contain templates here, relative to this directory.
templates_path = ['_templates']
# The suffix of source filenames.
source_suffix = '.rst'
# The encoding of source files.
# source_encoding = 'utf-8-sig'
# The master toctree document.
master_doc = 'index'
# General information about the project.
author = 'OpenStack-Ansible Contributors'
category = 'Miscellaneous'
copyright = '2014-2016, OpenStack-Ansible Contributors'
description = 'OpenStack-Ansible deploys OpenStack environments using Ansible.'
project = 'OpenStack-Ansible'
role_name = 'os_heat'
target_name = 'openstack-ansible-' + role_name
title = 'OpenStack-Ansible Release Notes: ' + role_name + 'role'
# The link to the browsable source code (for the left hand menu)
oslosphinx_cgit_link = 'http://git.openstack.org/cgit/openstack/' + target_name
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
#
# The short X.Y version.
version_info = pbr.version.VersionInfo(target_name)
# The full version, including alpha/beta/rc tags.
release = version_info.version_string_with_vcs()
# The short X.Y version.
version = version_info.canonical_version_string()
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
# language = None
# There are two options for replacing |today|: either, you set today to some
# non-false value, then it is used:
# today = ''
# Else, today_fmt is used as the format for a strftime call.
# today_fmt = '%B %d, %Y'
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
exclude_patterns = []
# The reST default role (used for this markup: `text`) to use for all
# documents.
# default_role = None
# If true, '()' will be appended to :func: etc. cross-reference text.
# add_function_parentheses = True
# If true, the current module name will be prepended to all description
# unit titles (such as .. function::).
# add_module_names = True
# If true, sectionauthor and moduleauthor directives will be shown in the
# output. They are ignored by default.
# show_authors = False
# The name of the Pygments (syntax highlighting) style to use.
pygments_style = 'sphinx'
# A list of ignored prefixes for module index sorting.
# modindex_common_prefix = []
# If true, keep warnings as "system message" paragraphs in the built documents.
# keep_warnings = False
# -- Options for HTML output ----------------------------------------------
# The theme to use for HTML and HTML Help pages. See the documentation for
# a list of builtin themes.
html_theme = 'default'
# Theme options are theme-specific and customize the look and feel of a theme
# further. For a list of options available for each theme, see the
# documentation.
# html_theme_options = {}
# Add any paths that contain custom themes here, relative to this directory.
# html_theme_path = []
# The name for this set of Sphinx documents. If None, it defaults to
# "<project> v<release> documentation".
# html_title = None
# A shorter title for the navigation bar. Default is the same as html_title.
# html_short_title = None
# The name of an image file (relative to this directory) to place at the top
# of the sidebar.
# html_logo = None
# The name of an image file (within the static path) to use as favicon of the
# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32
# pixels large.
# html_favicon = None
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
html_static_path = ['_static']
# Add any extra paths that contain custom files (such as robots.txt or
# .htaccess) here, relative to this directory. These files are copied
# directly to the root of the documentation.
# html_extra_path = []
# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
# using the given strftime format.
html_last_updated_fmt = '%Y-%m-%d %H:%M'
# If true, SmartyPants will be used to convert quotes and dashes to
# typographically correct entities.
# html_use_smartypants = True
# Custom sidebar templates, maps document names to template names.
# html_sidebars = {}
# Additional templates that should be rendered to pages, maps page names to
# template names.
# html_additional_pages = {}
# If false, no module index is generated.
# html_domain_indices = True
# If false, no index is generated.
# html_use_index = True
# If true, the index is split into individual pages for each letter.
# html_split_index = False
# If true, links to the reST sources are added to the pages.
# html_show_sourcelink = True
# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
# html_show_sphinx = True
# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
# html_show_copyright = True
# If true, an OpenSearch description file will be output, and all pages will
# contain a <link> tag referring to it. The value of this option must be the
# base URL from which the finished HTML is served.
# html_use_opensearch = ''
# This is the file name suffix for HTML files (e.g. ".xhtml").
# html_file_suffix = None
# Output file base name for HTML help builder.
htmlhelp_basename = target_name + '-docs'
# -- Options for LaTeX output ---------------------------------------------
latex_elements = {
# The paper size ('letterpaper' or 'a4paper').
# 'papersize': 'letterpaper',
# The font size ('10pt', '11pt' or '12pt').
# 'pointsize': '10pt',
# Additional stuff for the LaTeX preamble.
# 'preamble': '',
}
# Grouping the document tree into LaTeX files. List of tuples
# (source start file, target name, title,
# author, documentclass [howto, manual, or own class]).
latex_documents = [
(master_doc, target_name + '.tex',
title, author, 'manual'),
]
# The name of an image file (relative to this directory) to place at the top of
# the title page.
# latex_logo = None
# For "manual" documents, if this is true, then toplevel headings are parts,
# not chapters.
# latex_use_parts = False
# If true, show page references after internal links.
# latex_show_pagerefs = False
# If true, show URL addresses after external links.
# latex_show_urls = False
# Documents to append as an appendix to all manuals.
# latex_appendices = []
# If false, no module index is generated.
# latex_domain_indices = True
# -- Options for manual page output ---------------------------------------
# One entry per manual page. List of tuples
# (source start file, name, description, authors, manual section).
man_pages = [
(master_doc, target_name,
title, [author], 1)
]
# If true, show URL addresses after external links.
# man_show_urls = False
# -- Options for Texinfo output -------------------------------------------
# Grouping the document tree into Texinfo files. List of tuples
# (source start file, target name, title, author,
# dir menu entry, description, category)
texinfo_documents = [
(master_doc, target_name,
title, author, project,
description, category),
]
# Documents to append as an appendix to all manuals.
# texinfo_appendices = []
# If false, no module index is generated.
# texinfo_domain_indices = True
# How to display URL addresses: 'footnote', 'no', or 'inline'.
# texinfo_show_urls = 'footnote'
# If true, do not generate a @detailmenu in the "Top" node's menu.
# texinfo_no_detailmenu = False
# -- Options for Internationalization output ------------------------------
locale_dirs = ['locale/']

8
releasenotes/source/index.rst Normal file
View File

@ -0,0 +1,8 @@
================================
OpenStack-Ansible Release Notes
================================
.. toctree::
:maxdepth: 1
unreleased

5
releasenotes/source/unreleased.rst Normal file
View File

@ -0,0 +1,5 @@
==============================
Current Series Release Notes
==============================
.. release-notes::

71
run_tests.sh Executable file
View File

@ -0,0 +1,71 @@
#!/usr/bin/env bash
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -xeuo pipefail
FUNCTIONAL_TEST=${FUNCTIONAL_TEST:-true}
if which sudo; then
sudo = "sudo"
else
sudo=""
fi
# Install pip.
if which pip; then
curl --silent --show-error --retry 5 \
https://bootstrap.pypa.io/get-pip.py | $sudo python2.7
fi
# Install bindep and tox with pip.
$sudo pip install bindep tox
# CentOS 7 requires two additional packages:
# redhat-lsb-core - for bindep profile support
# epel-release - required to install python-ndg_httpsclient/python2-pyasn1
if which yum; then
$sudo yum -y install redhat-lsb-core epel-release
fi
# Get a list of packages to install with bindep. If packages need to be
# installed, bindep exits with an exit code of 1.
BINDEP_PKGS=$(bindep -b -f bindep.txt test || true)
echo "Packages to install: ${BINDEP_PKGS}"
# Install a list of OS packages provided by bindep.
if which apt-get; then
$sudo apt-get update
DEBIAN_FRONTEND=noninteractive \
$sudo apt-get -q --option "Dpkg::Options::=--force-confold" \
--assume-yes install $BINDEP_PKGS
elif which yum; then
# Don't run yum with an empty list of packages.
# It will fail and cause the script to exit with an error.
if [[ ${#BINDEP_PKGS} > 0 ]]; then
$sudo yum install -y $BINDEP_PKGS
fi
fi
# Loop through each tox environment and run tests.
for tox_env in $(awk -F= '/envlist/ { gsub(",", " "); print $2 }' tox.ini); do
echo "Executing tox environment: ${tox_env}"
if [[ ${tox_env} == ansible-functional ]]; then
if ${FUNCTIONAL_TEST}; then
tox -e ${tox_env}
fi
else
tox -e ${tox_env}
fi
done

24
setup.cfg Normal file
View File

@ -0,0 +1,24 @@
[metadata]
name = openstack-ansible-os_octavia
summary = os_octavia for OpenStack Ansible
description-file =
README.rst
author = OpenStack
author-email = openstack-dev@lists.openstack.org
home-page = http://docs.openstack.org/developer/openstack-ansible-os_octavia/
classifier =
Intended Audience :: Developers
Intended Audience :: System Administrators
License :: OSI Approved :: Apache Software License
Operating System :: POSIX :: Linux
[build_sphinx]
all_files = 1
build-dir = doc/build
source-dir = doc/source
[pbr]
warnerrors = True
[wheel]
universal = 1

29
setup.py Normal file
View File

@ -0,0 +1,29 @@
# Copyright (c) 2013 Hewlett-Packard Development Company, L.P.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# THIS FILE IS MANAGED BY THE GLOBAL REQUIREMENTS REPO - DO NOT EDIT
import setuptools
# In python < 2.7.4, a lazy loading of package `pbr` will break
# setuptools if some other modules registered functions in `atexit`.
# solution from: http://bugs.python.org/issue15881#msg170215
try:
import multiprocessing # noqa
except ImportError:
pass
setuptools.setup(
setup_requires=['pbr>=1.8'],
pbr=True)

81
tasks/main.yml Normal file
View File

@ -0,0 +1,81 @@
---
# Copyright 2017, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Gather variables for each operating system
include_vars: "{{ item }}"
with_first_found:
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml"
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
- "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
- "{{ ansible_distribution | lower }}.yml"
- "{{ ansible_os_family | lower }}.yml"
tags:
- always
- name: Fail if our required secrets are not present
fail:
msg: "Please set the {{ item }} variable prior to applying this role."
when: (item is undefined) or (item is none)
with_items: "{{ octavia_required_secrets }}"
tags:
- always
- include: octavia_pre_install.yml
tags:
- octavia-install
- include: octavia_install.yml
tags:
- octavia-install
- include: octavia_init_common.yml
tags:
- octavia-install
- include: octavia_service_add.yml
when: inventory_hostname == groups['octavia_all'][0]
tags:
- octavia-install
- include: octavia_mgmt_network.yml
when:
- octavia_neutron_management_network_uuid is not defined
- octavia_neutron_management_network_name is defined
tags:
- octavia-install
- include: octavia_security_group.yml
tags:
- octavia-install
- include: octavia_flavor_create.yml
when:
- octavia_nova_flavor_uuid is not defined
tags:
- octavia-install
- include: octavia_post_install.yml
tags:
- octavia-install
- octavia-config
- include: octavia_db_setup.yml
when: inventory_hostname == groups['octavia_all'][0]
tags:
- octavia-install
- name: Flush handlers
meta: flush_handlers

29
tasks/octavia_db_setup.yml Normal file
View File

@ -0,0 +1,29 @@
---
# Copyright 2017, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Update is offline
- name: Stop octavia services
service:
name: "{{ item.value.service_name }}"
state: "stopped"
with_dict: "{{ octavia_services }}"
- name: Perform a octavia DB sync
command: "{{ octavia_bin }}/octavia-db-manage upgrade head"
become: yes
become_user: "{{ octavia_system_user_name }}"
changed_when: false
notify: Start octavia services

66
tasks/octavia_flavor_create.yml Normal file
View File

@ -0,0 +1,66 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Install shade
pip:
name: shade
state: "{{ octavia_pip_package_state }}"
extra_args: "{{ pip_install_options | default('') }}"
register: install_packages
until: install_packages|success
retries: 5
delay: 2
- name: Create Octavia Flavor
os_nova_flavor:
auth:
auth_url: "{{ keystone_service_adminurl }}"
username: "{{ octavia_service_user_name }}"
password: "{{ octavia_service_password }}"
project_name: "{{ octavia_service_project_name }}"
user_domain_name: "{{ octavia_service_user_domain_id }}"
project_domain_name: "{{ octavia_service_project_domain_id }}"
endpoint_type: "{{ octavia_ansible_endpoint_type }}"
state: present
name: "{{ octavia_amp_flavor_name}}"
ram: "{{ octavia_amp_ram }}"
vcpus: "{{ octavia_amp_vcpu }}"
disk: "{{ octavia_amp_disk }}"
is_public: False
ignore_errors: yes # that module is buggy?
when:
- octavia_nova_flavor_uuid is not defined
- name: Gather Octavia Flavor Id
os_flavor_facts:
auth:
auth_url: "{{ keystone_service_adminurl }}"
username: "{{ octavia_service_user_name }}"
password: "{{ octavia_service_password }}"
project_name: "{{ octavia_service_project_name }}"
user_domain_name: "{{ octavia_service_user_domain_id }}"
project_domain_name: "{{ octavia_service_project_domain_id }}"
endpoint_type: "{{ octavia_ansible_endpoint_type }}"
name: "{{ octavia_amp_flavor_name}}"
ignore_errors: yes
when:
- octavia_nova_flavor_uuid is not defined
- name: Set Octavia Flavor UUID fact 1
set_fact:
octavia_nova_flavor_uuid: "{{ openstack_flavors[0].id }}"
when:
- openstack_flavors | length > 0

26
tasks/octavia_init_common.yml Normal file
View File

@ -0,0 +1,26 @@
---
# Copyright 2017, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- include: octavia_init_systemd.yml
when:
- ansible_service_mgr == 'systemd'
- name: Load service
service:
name: "{{ item.value.service_name }}"
enabled: "yes"
with_dict: "{{ octavia_services }}"
notify:
- Restart octavia services

61
tasks/octavia_init_systemd.yml Normal file
View File

@ -0,0 +1,61 @@
---
# Copyright 2017, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create TEMP run dir
file:
path: "/var/run/{{ item.value.service_name }}"
state: directory
owner: "{{ octavia_system_user_name }}"
group: "{{ octavia_system_group_name }}"
mode: "02755"
with_dict: "{{ octavia_services }}"
- name: Create TEMP lock dir
file:
path: "/var/lock/{{ item.value.service_name }}"
state: directory
owner: "{{ octavia_system_user_name }}"
group: "{{ octavia_system_group_name }}"
mode: "02755"
with_dict: "{{ octavia_services }}"
# TODO(mgariepy):
# Remove this in Pike as it only needed to handle upgrades
# from Newton->Newton and Newton->Ocata
- name: Cleanup old tmpfiles.d entry
file:
path: "/etc/tmpfiles.d/{{ item.value.service_name }}.conf"
state: absent
with_dict: "{{ octavia_services }}"
- name: Create tmpfiles.d entry
template:
src: "octavia-systemd-tmpfiles.j2"
dest: "/etc/tmpfiles.d/openstack-{{ item.value.service_name }}.conf"
mode: "0644"
owner: "root"
group: "root"
with_dict: "{{ octavia_services }}"
- name: Place the systemd init script
template:
src: "octavia-systemd-init.j2"
dest: "/etc/systemd/system/{{ item.value.service_name }}.service"
mode: "0644"
owner: "root"
group: "root"
with_dict: "{{ octavia_services }}"
notify:
- Reload systemd daemon

109
tasks/octavia_install.yml Normal file
View File

@ -0,0 +1,109 @@
---
# Copyright 2017, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- include: octavia_install_apt.yml
static: no
when:
- ansible_pkg_mgr == 'apt'
- include: octavia_install_yum.yml
static: no
when:
- ansible_pkg_mgr == 'yum'
- name: Create developer mode constraint file
copy:
dest: "/opt/developer-pip-constraints.txt"
content: |
{% for item in octavia_developer_constraints %}
{{ item }}
{% endfor %}
when: octavia_developer_mode | bool
- name: Install required pip packages
pip:
name: "{{ octavia_requires_pip_packages }}"
state: "{{ octavia_pip_package_state }}"
extra_args: >-
{{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
{{ pip_install_options | default('') }}
register: install_packages
until: install_packages|success
retries: 5
delay: 2
- name: Attempt venv download
get_url:
url: "{{ octavia_venv_download_url }}"
dest: "/var/cache/{{ octavia_venv_download_url | basename }}"
checksum: "sha1:{{ lookup('url', octavia_venv_download_url | replace('tgz', 'checksum')) }}"
register: octavia_get_venv
when: not octavia_developer_mode | bool
- name: Remove existing venv
file:
path: "{{ octavia_bin | dirname }}"
state: absent
when: octavia_get_venv | changed
- name: Create octavia venv dir
file:
path: "{{ octavia_bin | dirname }}"
state: directory
mode: "0755"
register: octavia_venv_dir
- name: Unarchive pre-built venv
unarchive:
src: "/var/cache/{{ octavia_venv_download_url | basename }}"
dest: "{{ octavia_bin | dirname }}"
copy: "no"
when:
- not octavia_developer_mode | bool
- octavia_get_venv | changed or octavia_venv_dir | changed
notify: Restart octavia services
- name: Install pip packages
pip:
name: "{{ octavia_pip_packages }}"
state: "{{ octavia_pip_package_state }}"
virtualenv: "{{ octavia_bin | dirname }}"
virtualenv_site_packages: "no"
extra_args: >-
{{ octavia_developer_mode | ternary('--constraint /opt/developer-pip-constraints.txt', '') }}
{{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
{{ pip_install_options | default('') }}
register: install_packages
until: install_packages|success
retries: 5
delay: 2
when: octavia_developer_mode | bool
notify: Restart octavia services
- name: CentOS remove python from path first
file:
path: "{{ octavia_bin | dirname }}/bin/python2.7"
state: "absent"
when:
- ansible_pkg_mgr == 'yum'
- not octavia_developer_mode | bool
- octavia_get_venv | changed or octavia_venv_dir | changed
- name: Update virtualenv path
command: >
virtualenv-tools --update-path=auto --reinitialize {{ octavia_bin | dirname }}
when:
- not octavia_developer_mode | bool
- octavia_get_venv | changed or octavia_venv_dir | changed

26
tasks/octavia_install_apt.yml Normal file
View File

@ -0,0 +1,26 @@
---
# Copyright 2017, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Install apt packages
apt:
pkg: "{{ item }}"
state: "{{ octavia_package_state }}"
update_cache: yes
cache_valid_time: "{{ cache_timeout }}"
register: install_packages
until: install_packages|success
retries: 5
delay: 2
with_items: "{{ octavia_distro_packages }}"

25
tasks/octavia_install_yum.yml Normal file
View File

@ -0,0 +1,25 @@
---
# Copyright 2017, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Install yum packages
yum:
pkg: "{{ item }}"
state: "{{ octavia_package_state }}"
register: install_packages
until: install_packages|success
retries: 5
delay: 2
with_items: "{{ octavia_distro_packages }}"

46
tasks/octavia_mgmt_network.yml Normal file
View File

@ -0,0 +1,46 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Install shade
pip:
name: shade
state: "{{ octavia_pip_package_state }}"
extra_args: "{{ pip_install_options | default('') }}"
register: install_packages
until: install_packages|success
retries: 5
delay: 2
- name: Get neutron network
os_networks_facts:
auth:
auth_url: "{{ keystone_service_adminurl }}"
username: "{{ octavia_service_user_name }}"
password: "{{ octavia_service_password }}"
project_name: "{{ octavia_service_project_name }}"
user_domain_name: "{{ octavia_service_user_domain_id }}"
project_domain_name: "{{ octavia_service_project_domain_id }}"
endpoint_type: "{{ octavia_ansible_endpoint_type }}"
region_name: "{{ octavia_service_region }}"
validate_certs: "{{ keystone_service_adminuri_insecure }}"
auth_type: "{{ octavia_keystone_auth_plugin }}"
name: "{{ octavia_neutron_management_network_name }}"
- name: Set provisioning UUID fact
set_fact:
octavia_neutron_management_network_uuid: "{{ openstack_networks[0].id }}"
when:
- octavia_neutron_management_network_uuid is not defined
- octavia_neutron_management_network_name is defined

64
tasks/octavia_post_install.yml Normal file
View File

@ -0,0 +1,64 @@
---
# Copyright 2017, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create certs directory
file: path=/etc/octavia/certs/ state=directory
- name: Copy certificates
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ octavia_system_user_name }}"
group: "{{ octavia_system_group_name }}"
mode: "0640"
with_items:
- src: "{{ octavia_client_ca }}"
dest: "/etc/octavia/certs/client_ca.pem"
- src: "{{ octavia_client_cert }}"
dest: "/etc/octavia/certs/client.pem"
- src: "{{ octavia_server_ca }}"
dest: "/etc/octavia/certs/server_ca.pem"
- src: "{{ octavia_ca_certificate }}"
dest: "/etc/octavia/certs/ca.pem"
- src: "{{ octavia_ca_private_key }}"
dest: "/etc/octavia/certs/ca_key.pem"
- name: Drop octavia Config(s)
config_template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ octavia_system_user_name }}"
group: "{{ octavia_system_group_name }}"
mode: "0640"
config_overrides: "{{ item.config_overrides }}"
config_type: "{{ item.config_type }}"
with_items:
- src: "octavia.conf.j2"
dest: "/etc/octavia/octavia.conf"
config_overrides: "{{ octavia_octavia_conf_overrides }}"
config_type: "ini"
# - src: "api-paste.ini.j2"
# dest: "/etc/octavia/api-paste.ini"
# config_overrides: "{{ octavia_api_paste_ini_overrides }}"
# config_type: "ini"
# - src: "policy.json.j2"
# dest: "/etc/octavia/policy.json"
# config_overrides: "{{ octavia_policy_overrides }}"
# config_type: "json"
notify:
- Restart octavia services

71
tasks/octavia_pre_install.yml Normal file
View File

@ -0,0 +1,71 @@
---
# Copyright 2017, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create the system group
group:
name: "{{ octavia_system_group_name }}"
state: "present"
system: "yes"
- name: Create the octavia system user
user:
name: "{{ octavia_system_user_name }}"
group: "{{ octavia_system_group_name }}"
comment: "{{ octavia_system_comment }}"
shell: "{{ octavia_system_shell }}"
system: "yes"
createhome: "yes"
home: "{{ octavia_system_home_folder }}"
- name: Create octavia dir
file:
path: "{{ item.path }}"
state: directory
owner: "{{ item.owner|default(octavia_system_user_name) }}"
group: "{{ item.group|default(octavia_system_group_name) }}"
mode: "{{ item.mode|default('0755') }}"
with_items:
- { path: "/openstack", owner: "root", group: "root" }
- { path: "/openstack/venvs", owner: "root", group: "root" }
- { path: "/etc/octavia" }
- { path: "/etc/octavia/environment.d" }
- { path: "/etc/octavia/templates" }
- { path: "/var/cache/octavia", mode: "0700" }
- { path: "{{ octavia_system_home_folder }}" }
- name: Test for log directory or link
shell: |
if [ -h "/var/log/octavia" ]; then
chown -h {{ octavia_system_user_name }}:{{ octavia_system_group_name }} "/var/log/octavia"
chown -R {{ octavia_system_user_name }}:{{ octavia_system_group_name }} "$(readlink /var/log/octavia)"
else
exit 1
fi
register: log_dir
failed_when: false
changed_when: log_dir.rc != 0
- name: Create octavia log dir
file:
path: "{{ item.path }}"
state: directory
owner: "{{ item.owner|default(octavia_system_user_name) }}"
group: "{{ item.group|default(octavia_system_group_name) }}"
mode: "{{ item.mode|default('0755') }}"
with_items:
- { path: "/var/log/octavia" }
when: log_dir.rc != 0

92
tasks/octavia_security_group.yml Normal file
View File

@ -0,0 +1,92 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Install shade
pip:
name: shade
state: "{{ octavia_pip_package_state }}"
extra_args: "{{ pip_install_options | default('') }}"
register: install_packages
until: install_packages|success
retries: 5
delay: 2
- name: Create Octavia security group
os_security_group:
auth:
auth_url: "{{ keystone_service_adminurl }}"
username: "{{ octavia_service_user_name }}"
password: "{{ octavia_service_password }}"
project_name: "{{ octavia_service_project_name }}"
user_domain_name: "{{ octavia_service_user_domain_id }}"
project_domain_name: "{{ octavia_service_project_domain_id }}"
endpoint_type: "{{ octavia_ansible_endpoint_type }}"
state: present
name: "{{ octavia_security_group_name }}"
description: "security group for octavia amphora"
run_once: true
- name: Create security group rule for agent
os_security_group_rule:
auth:
auth_url: "{{ keystone_service_adminurl }}"
username: "{{ octavia_service_user_name }}"
password: "{{ octavia_service_password }}"
project_name: "{{ octavia_service_project_name }}"
user_domain_name: "{{ octavia_service_user_domain_id }}"
project_domain_name: "{{ octavia_service_project_domain_id }}"
endpoint_type: "{{ octavia_ansible_endpoint_type }}"
protocol: "tcp"
port_range_min: "{{ octavia_agent_port }}"
port_range_max: "{{ octavia_agent_port }}"
remote_ip_prefix: "{{ octavia_security_group_rule_cidr }}"
security_group: "{{ octavia_security_group_name }}"
run_once: true
- name: Create security group rule for ssh
os_security_group_rule:
auth:
auth_url: "{{ keystone_service_adminurl }}"
username: "{{ octavia_service_user_name }}"
password: "{{ octavia_service_password }}"
project_name: "{{ octavia_service_project_name }}"
user_domain_name: "{{ octavia_service_user_domain_id }}"
project_domain_name: "{{ octavia_service_project_domain_id }}"
endpoint_type: "{{ octavia_ansible_endpoint_type }}"
security_group: "{{ octavia_security_group_name }}"
protocol: tcp
port_range_min: 22
port_range_max: 22
remote_ip_prefix: "{{ octavia_security_group_rule_cidr }}"
run_once: true
when:
- octavia_ssh_enabled|bool == true
- name: Create security group rule for icmp
os_security_group_rule:
auth:
auth_url: "{{ keystone_service_adminurl }}"
username: "{{ octavia_service_user_name }}"
password: "{{ octavia_service_password }}"
project_name: "{{ octavia_service_project_name }}"
user_domain_name: "{{ octavia_service_user_domain_id }}"
project_domain_name: "{{ octavia_service_project_domain_id }}"
endpoint_type: "{{ octavia_ansible_endpoint_type }}"
security_group: "{{ octavia_security_group_name }}"
protocol: icmp
remote_ip_prefix: "{{ octavia_security_group_rule_cidr }}"
run_once: true
when:
- debug|bool == true

92
tasks/octavia_service_add.yml Normal file
View File

@ -0,0 +1,92 @@
---
# Copyright 2017, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Create a service
- name: Ensure octavia service
keystone:
command: "ensure_service"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
service_name: "{{ octavia_service_name }}"
service_type: "{{ octavia_service_type }}"
description: "{{ octavia_service_description }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
until: add_service|success
retries: 5
delay: 10
# Create an admin user
- name: Ensure octavia user
keystone:
command: "ensure_user"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
user_name: "{{ octavia_service_user_name }}"
tenant_name: "{{ octavia_service_project_name }}"
password: "{{ octavia_service_password }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
when: not octavia_service_in_ldap | bool
until: add_service|success
retries: 5
delay: 10
# Add a role to the user
- name: Ensure octavia user to admin role
keystone:
command: "ensure_user_role"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
user_name: "{{ octavia_service_user_name }}"
tenant_name: "{{ octavia_service_project_name }}"
role_name: "{{ octavia_service_role_name }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
when: not octavia_service_in_ldap | bool
until: add_service|success
retries: 5
delay: 10
# Create an endpoint
- name: Ensure octavia endpoint
keystone:
command: "ensure_endpoint"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
region_name: "{{ octavia_service_region }}"
service_name: "{{ octavia_service_name }}"
service_type: "{{ octavia_service_type }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
endpoint_list:
# Versions pre Pike only have an internal endpoint
# - url: "{{ service_publicurl }}"
# interface: "public"
- url: "{{ octavia_service_internalurl }}"
interface: "internal"
# - url: "{{ service_adminurl }}"
# interface: "admin"
register: add_service
until: add_service|success
retries: 5
delay: 10

25
templates/octavia-systemd-init.j2 Normal file
View File

@ -0,0 +1,25 @@
# {{ ansible_managed }}
[Unit]
Description=octavia openstack service
After=syslog.target
After=network.target
[Service]
Type=simple
User={{ octavia_system_user_name }}
Group={{ octavia_system_group_name }}
{% if program_override is defined %}
ExecStart={{ program_override }} {{ program_config_options|default('') }} --log-file=/var/log/octavia/{{ item.value.service_name }}.log
{% else %}
ExecStart={{ octavia_bin }}/{{ item.value.service_name }} {{ program_config_options|default('') }} --log-file=/var/log/octavia/{{ item.value.service_name }}.log
{% endif %}
# Give a reasonable amount of time for the server to start up/shut down
TimeoutSec=300
Restart=on-failure
RestartSec=150
[Install]
WantedBy=multi-user.target

4
templates/octavia-systemd-tmpfiles.j2 Normal file
View File

@ -0,0 +1,4 @@
# {{ ansible_managed }}
D /var/lock/{{ item.value.service_name }} 2755 {{ octavia_system_user_name }} {{ octavia_system_group_name }}
D /var/run/{{ item.value.service_name }} 2755 {{ octavia_system_user_name }} {{ octavia_system_group_name }}

358
templates/octavia.conf.j2 Normal file
View File

@ -0,0 +1,358 @@
[DEFAULT]
# Print more verbose output (set logging level to INFO instead of default WARNING level).
# verbose = False
# Print debugging output (set logging level to DEBUG instead of default WARNING level).
debug = {{ debug }}
bind_host = 0.0.0.0
bind_port = {{ octavia_service_port }}
# api_handler = queue_producer
#
# How should authentication be handled (keystone, noauth)
# auth_strategy = noauth
#
# Plugin options are hot_plug_plugin (Hot-pluggable controller plugin)
#
# octavia_plugins = hot_plug_plugin
# Hostname to be used by the host machine for services running on it.
# The default value is the hostname of the host machine.
# host =
# AMQP Transport URL
# For Single Host, specify one full transport URL:
# transport_url = rabbit://<user>:<pass>@127.0.0.1:5672/<vhost>
# For HA, specify queue nodes in cluster, comma delimited:
# transport_url = rabbit://<user>:<pass>@server01,<user>:<pass>@server02/<vhost>
transport_url = rabbit://{% for host in octavia_rabbitmq_servers.split(',') %}{{ octavia_rabbitmq_userid }}:{{ octavia_rabbitmq_password }}@{{ host }}:{{ octavia_rabbitmq_port }}{% if not loop.last %},{% else %}/{{ octavia_rabbitmq_vhost }}{% endif %}{% endfor %}
# pre Ocata
[oslo_messaging_rabbit]
rabbit_use_ssl = {{ octavia_rabbitmq_use_ssl }}
rpc_conn_pool_size = {{ octavia_rpc_conn_pool_size }}
[database]
connection = mysql+pymysql://{{ octavia_galera_user }}:{{ octavia_container_mysql_password }}@{{ octavia_galera_address }}/{{ octavia_galera_database }}?charset=utf8
max_overflow = {{ octavia_db_max_overflow }}
max_pool_size = {{ octavia_db_pool_size }}
pool_timeout = {{ octavia_db_pool_timeout }}
[health_manager]
bind_ip = 0.0.0.0
bind_port = {{ octavia_health_manager_port }}
# controller_ip_port_list example: 127.0.0.1:5555, 127.0.0.1:5555
controller_ip_port_list = {% for host in octavia_hm_hosts.split(',') %}{{ host }}:{{ octavia_health_manager_port }}{% if not loop.last %},{% endif %}{% endfor %}
# failover_threads = 10
# status_update_threads = 50
# heartbeat_interval = 10
heartbeat_key = {{ octavia_health_hmac_key }}
# heartbeat_timeout = 60
# health_check_interval = 3
# sock_rlimit = 0
# EventStreamer options are
# queue_event_streamer,
# noop_event_streamer
event_streamer_driver = {% if octavia_event_streamer|bool %}queue_event_streamer{% else %}noop_event_streamer{% endif %}
[keystone_authtoken]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_plugin = {{ octavia_keystone_auth_plugin }}
auth_url = {{ keystone_service_internaluri }}/v3
auth_uri = {{ keystone_service_internaluri }}/v3
auth_version = 3
project_domain_id = {{ octavia_service_project_domain_id }}
user_domain_id = {{ octavia_service_user_domain_id }}
project_name = {{ octavia_service_project_name }}
username = {{ octavia_service_user_name }}
password = {{ octavia_service_password }}
region_name = {{ keystone_service_region }}
auth_type = password
endpoint_type = {{ octavia_clients_endpoint }}
memcached_servers = {{ memcached_servers }}
token_cache_time = 300
# if your memcached server is shared, use these settings to avoid cache poisoning
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcached_encryption_key }}
[certificates]
# cert_generator = local_cert_generator
# For local certificate signing (development only):
ca_certificate = /etc/octavia/certs/ca.pem
ca_private_key = /etc/octavia/certs/ca_key.pem
ca_private_key_passphrase = {{ octavia_ca_private_key_passphrase }}
signing_digest = {{ octavia_signing_digest }}
# storage_path = /var/lib/octavia/certificates/
# For the TLS management
# Certificate Manager options are local_cert_manager
# barbican_cert_manager
# cert_manager = barbican_cert_manager
# For Barbican authentication (if using any Barbican based cert class)
# barbican_auth = barbican_acl_auth
#
# Region in Identity service catalog to use for communication with the Barbican service.
# region_name =
#
# Endpoint type to use for communication with the Barbican service.
# endpoint_type = publicURL
[anchor]
# Use OpenStack anchor to sign the amphora REST API certificates
# url = http://localhost:9999/v1/sign/default
# username =
# password =
[networking]
# Network to communicate with amphora
lb_network_name = {{ octavia_neutron_management_network_uuid }}
# The maximum attempts to retry an action with the networking service.
# max_retries = 15
# Seconds to wait before retrying an action with the networking service.
# retry_interval = 1
# The maximum time to wait, in seconds, for a port to detach from an amphora
# port_detach_timeout = 300
[haproxy_amphora]
# base_path = /var/lib/octavia
# base_cert_dir = /var/lib/octavia/certs
# Absolute path to a custom HAProxy template file
# haproxy_template =
# connection_max_retries = 300
# connection_retry_interval = 5
# Maximum number of entries that can fit in the stick table.
# The size supports "k", "m", "g" suffixes.
# haproxy_stick_size = 10k
# REST Driver specific
# bind_host = 0.0.0.0
bind_port = {{ octavia_agent_port }}
#
# This setting is only needed with IPv6 link-local addresses (fe80::/64) are
# used for communication between Octavia and its Amphora, if IPv4 or other IPv6
# addresses are used it can be ignored.
# lb_network_interface = o-hm0
#
# haproxy_cmd = /usr/sbin/haproxy
# respawn_count = 2
# respawn_interval = 2
client_cert = /etc/octavia/certs/client.pem
server_ca = /etc/octavia/certs/server_ca.pem
#
# This setting is deprecated. It is now automatically discovered.
# use_upstart = True
#
# rest_request_conn_timeout = 10
# rest_request_read_timeout = 60
[controller_worker]
# amp_active_retries = 10
# amp_active_wait_sec = 10
# Glance parameters to extract image ID to use for amphora. Only one of
# parameters is needed. Using tags is the recommended way to refer to images.
# amp_image_id =
amp_image_tag = {{ octavia_glance_image_tag }}
# Optional owner ID used to restrict glance images to one owner ID.
# This is a recommended security setting.
amp_image_owner_id = {{ octavia_amp_image_owner_id }}
# octavia parameters to use when booting amphora
amp_flavor_id = {{ octavia_nova_flavor_uuid }}
amp_ssh_key_name = {{ octavia_ssh_key_name }}
amp_ssh_access_allowed = {{ octavia_ssh_enabled }}
# Networks to attach to the Amphorae examples:
# - One primary network
# - - amp_boot_network_list = 22222222-3333-4444-5555-666666666666
# - Multiple networks
# - - amp_boot_network_list = 11111111-2222-33333-4444-555555555555, 22222222-3333-4444-5555-666666666666
# - All networks defined in the list will be attached to each amphora
amp_boot_network_list = {{ octavia_neutron_management_network_uuid }}
# Takes a single network id that is attached to amphorae on boot
# Deprecated...
# amp_network =
amp_secgroup_list = {{ octavia_security_group_name }}
client_ca = /etc/octavia/certs/client_ca.pem
# Amphora driver options are amphora_noop_driver,
# amphora_haproxy_rest_driver
#
amphora_driver = {{ octavia_amphora_driver }}
#
# Compute driver options are compute_noop_driver
# compute_octavia_driver
#
compute_driver = {{ octavia_compute_driver }}
#
# Network driver options are network_noop_driver
# allowed_address_pairs_driver
#
network_driver = {{ octavia_network_driver }}
#
# Certificate Generator options are local_cert_generator
# barbican_cert_generator
# anchor_cert_generator
# cert_generator = local_cert_generator
#
# Load balancer topology options are SINGLE, ACTIVE_STANDBY
loadbalancer_topology = {{ octavia_loadbalancer_topology }}
# user_data_config_drive = False
[task_flow]
# engine = serial
max_workers = {{ octavia_task_flow_max_workers }}
[oslo_messaging]
# Queue Consumer Thread Pool Size
rpc_thread_pool_size = {{ octavia_rpc_thread_pool_size }}
# Topic (i.e. Queue) Name
topic = octavia_prov
# Topic for octavia's events sent to a queue
event_stream_topic = neutron_lbaas_event
[house_keeping]
# Interval in seconds to initiate spare amphora checks
# spare_check_interval = 30
spare_amphora_pool_size = {{ octavia_spare_amphora_pool_size }}
# Cleanup interval for Deleted amphora
# cleanup_interval = 30
# Amphora expiry age in seconds. Default is 1 week
# amphora_expiry_age = 604800
# Load balancer expiry age in seconds. Default is 1 week
# load_balancer_expiry_age = 604800
[amphora_agent]
# agent_server_ca = /etc/octavia/certs/client_ca.pem
# agent_server_cert = /etc/octavia/certs/server.pem
# agent_server_network_dir = /etc/netns/amphora-haproxy/network/interfaces.d/
# agent_server_network_file =
# agent_request_read_timeout = 120
[keepalived_vrrp]
# Amphora Role/Priority advertisement interval in seconds
# vrrp_advert_int = 1
# Service health check interval and success/fail count
# vrrp_check_interval = 5
# vrpp_fail_count = 2
# vrrp_success_count = 2
# Amphora MASTER gratuitous ARP refresh settings
# vrrp_garp_refresh_interval = 5
# vrrp_garp_refresh_count = 2
[service_auth]
# memcached_servers =
# signing_dir =
# cafile = /opt/stack/data/ca-bundle.pem
# project_domain_name = Default
# project_name = admin
# user_domain_name = Default
# password = password
# username = admin
# auth_type = password
# auth_url = http://localhost:5555/
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_plugin = {{ octavia_keystone_auth_plugin }}
auth_url = {{ keystone_service_internaluri }}/v3
auth_uri = {{ keystone_service_internaluri }}/v3
auth_version = 3
project_domain_name = {{ octavia_service_project_domain_id }}
user_domain_name = {{ octavia_service_user_domain_id }}
project_name = {{ octavia_service_project_name }}
username = {{ octavia_service_user_name }}
password = {{ octavia_service_password }}
region_name = {{ keystone_service_region }}
auth_type = password
memcached_servers = {{ memcached_servers }}
endpoint_type = {{ octavia_clients_endpoint }}
token_cache_time = 300
# if your memcached server is shared, use these settings to avoid cache poisoning
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcached_encryption_key }}
[octavia]
# The name of the octavia service in the keystone catalog
# service_name =
# Custom octavia endpoint if override is necessary
# endpoint =
# Region in Identity service catalog to use for communication with the
# OpenStack services.
region_name = {{ keystone_service_region }}
# Endpoint type in Identity service catalog to use for communication with
# the OpenStack services.
endpoint_type = {{ octavia_clients_endpoint }}
# CA certificates file to verify neutron connections when TLS is enabled
# insecure = False
# ca_certificates_file =
[nova]
# The name of the nova service in the keystone catalog
# service_name =
# Custom nova endpoint if override is necessary
# endpoint =
# Region in Identity service catalog to use for communication with the
# OpenStack services.
region_name = {{ keystone_service_region }}
# Endpoint type in Identity service catalog to use for communication with
# the OpenStack services.
endpoint_type = {{ octavia_clients_endpoint }}
# CA certificates file to verify neutron connections when TLS is enabled
# insecure = False
# ca_certificates_file =
[glance]
# The name of the glance service in the keystone catalog
# service_name =
# Custom glance endpoint if override is necessary
# endpoint =
# Region in Identity service catalog to use for communication with the
# OpenStack services.
region_name = {{ keystone_service_region }}
# Endpoint type in Identity service catalog to use for communication with
# the OpenStack services.
endpoint_type = {{ octavia_clients_endpoint }}
# CA certificates file to verify neutron connections when TLS is enabled
# insecure = False
# ca_certificates_file =
[neutron]
# The name of the neutron service in the keystone catalog
# service_name =
# Custom neutron endpoint if override is necessary
# endpoint =
# Region in Identity service catalog to use for communication with the
# OpenStack services.
region_name = {{ keystone_service_region }}
# Endpoint type in Identity service catalog to use for communication with
# the OpenStack services.
endpoint_type = {{ octavia_clients_endpoint }}
# CA certificates file to verify neutron connections when TLS is enabled
# insecure = False
# ca_certificates_file =

17
test-requirements.txt Normal file
View File

@ -0,0 +1,17 @@
# The order of packages is significant, because pip processes them in the order
# of appearance. Changing the order has an impact on the overall integration
# process, which may cause wedges in the gate later.
bashate>=0.2 # Apache-2.0
flake8<2.6.0,>=2.5.4 # MIT
pyasn1 # BSD
pyOpenSSL>=0.14 # Apache-2.0
requests!=2.12.2,!=2.13.0,>=2.10.0 # Apache-2.0
ndg-httpsclient>=0.4.2;python_version<'3.0' # BSD
# this is required for the docs build jobs
sphinx>=1.5.1 # BSD
oslosphinx>=4.7.0 # Apache-2.0
openstackdocstheme>=1.5.0 # Apache-2.0
doc8 # Apache-2.0
reno>=1.8.0 # Apache-2.0
sphinxmark>=0.1.14 # Apache-2.0

68
tests/ansible-role-requirements.yml Normal file
View File

@ -0,0 +1,68 @@
- name: apt_package_pinning
src: https://git.openstack.org/openstack/openstack-ansible-apt_package_pinning
scm: git
version: master
- name: pip_install
src: https://git.openstack.org/openstack/openstack-ansible-pip_install
scm: git
version: master
- name: memcached_server
src: https://git.openstack.org/openstack/openstack-ansible-memcached_server
scm: git
version: master
- name: lxc_hosts
src: https://git.openstack.org/openstack/openstack-ansible-lxc_hosts
scm: git
version: master
- name: lxc_container_create
src: https://git.openstack.org/openstack/openstack-ansible-lxc_container_create
scm: git
version: master
- name: galera_client
src: https://git.openstack.org/openstack/openstack-ansible-galera_client
scm: git
version: master
- name: galera_server
src: https://git.openstack.org/openstack/openstack-ansible-galera_server
scm: git
version: master
- name: rabbitmq_server
src: https://git.openstack.org/openstack/openstack-ansible-rabbitmq_server
scm: git
version: master
- name: os_keystone
src: https://git.openstack.org/openstack/openstack-ansible-os_keystone
scm: git
version: master
- name: openstack_openrc
src: https://git.openstack.org/openstack/openstack-ansible-openstack_openrc
scm: git
version: master
- name: openstack_hosts
src: https://git.openstack.org/openstack/openstack-ansible-openstack_hosts
scm: git
version: master
- name: os_swift
src: https://git.openstack.org/openstack/openstack-ansible-os_swift
scm: git
version: master
- name: os_neutron
src: https://git.openstack.org/openstack/openstack-ansible-os_neutron
scm: git
version: master
- name: os_glance
src: https://git.openstack.org/openstack/openstack-ansible-os_glance
scm: git
version: master
- name: os_nova
src: https://git.openstack.org/openstack/openstack-ansible-os_nova
scm: git
version: master
- name: etcd # dependency of os_neutron role
scm: git
src: https://github.com/logan2211/ansible-etcd
version: master
- name: rsyslog_client
src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_client
scm: git
version: master

19
tests/group_vars/all_containers.yml Normal file
View File

@ -0,0 +1,19 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
container_name: "{{ inventory_hostname }}"
physical_host: localhost
properties:
service_name: "{{ inventory_hostname }}"

25
tests/host_vars/infra1.yml Normal file
View File

@ -0,0 +1,25 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
ansible_host: 10.1.1.101
ansible_become: True
ansible_user: root
container_networks:
management_address:
address: "{{ ansible_host }}"
bridge: "br-mgmt"
interface: "eth1"
netmask: "255.255.255.0"
type: "veth"

29
tests/host_vars/localhost.yml Normal file
View File

@ -0,0 +1,29 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
ansible_become: True
neutron_local_ip: 10.1.2.1
ansible_python_interpreter: "/usr/bin/python2"
bridges:
- name: "br-mgmt"
ip_addr: "10.1.1.1"
veth_peer: "eth14"
- name: "br-vxlan"
ip_addr: "10.1.2.1"
- name: "br-vlan"
ip_addr: "10.1.3.1"
veth_peer: "eth12"
- name: "br-storage"
ip_addr: "10.1.5.1"

27
tests/host_vars/octavia1.yml Normal file
View File

@ -0,0 +1,27 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
ansible_host: 10.1.1.104
ansible_become: True
ansible_user: root
ipmi_address: 10.1.4.104
container_name: "{{ inventory_hostname }}"
container_networks:
management_address:
address: "{{ ansible_host }}"
bridge: "br-mgmt"
interface: "eth1"
netmask: "255.255.255.0"
type: "veth"

46
tests/host_vars/openstack1.yml Normal file
View File

@ -0,0 +1,46 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
ansible_host: 10.1.1.102
ansible_become: True
ansible_user: root
tunnel_address: 10.1.2.102
neutron_local_ip: 10.1.2.102
storage_address: 10.1.5.102
container_name: "{{ inventory_hostname }}"
container_networks:
management_address:
address: "{{ ansible_host }}"
bridge: "br-mgmt"
interface: "eth1"
netmask: "255.255.255.0"
type: "veth"
tunnel_address:
address: "{{ tunnel_address }}"
bridge: "br-vxlan"
interface: "eth2"
netmask: "255.255.255.0"
type: "veth"
storage_address:
address: "{{ storage_address }}"
bridge: "br-storage"
interface: "eth3"
netmask: "255.255.255.0"
type: "veth"
flat_address:
bridge: "br-vlan"
interface: "eth12"
netmask: null
type: veth

32
tests/host_vars/swift-storage1.yml Normal file
View File

@ -0,0 +1,32 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
ansible_host: 10.1.1.103
storage_address: 10.1.5.103
ansible_user: root
ansible_become: True
container_networks:
management_address:
address: "{{ ansible_host }}"
bridge: "br-mgmt"
interface: "eth1"
netmask: "255.255.255.0"
type: "veth"
storage_address:
address: "{{ storage_address }}"
bridge: "br-storage"
interface: "eth3"
netmask: "255.255.255.0"
type: "veth"

151
tests/inventory Normal file
View File

@ -0,0 +1,151 @@
[all]
localhost
infra1
openstack1
swift-storage1
octavia1
[all_containers]
infra1
openstack1
swift-storage1
octavia1
[rabbitmq_all]
infra1
[galera_all]
infra1
[memcached_all]
infra1
[service_all:children]
rabbitmq_all
galera_all
memcached_all
[octavia_all:children]
octavia-api
octavia-worker
octavia-housekeeping
octavia-health-manager
[octavia-api]
octavia1
[octavia-worker]
octavia1
[octavia-housekeeping]
octavia1
[octavia-health-manager]
octavia1
[keystone_all]
openstack1
[glance_api]
openstack1
[glance_registry]
openstack1
[glance_all:children]
glance_api
glance_registry
[neutron_agent]
openstack1
[neutron_dhcp_agent]
openstack1
[neutron_linuxbridge_agent]
openstack1
localhost
[neutron_openvswitch_agent]
[neutron_metering_agent]
openstack1
[neutron_l3_agent]
openstack1
[neutron_metadata_agent]
openstack1
[neutron_server]
openstack1
[neutron_all:children]
neutron_agent
neutron_dhcp_agent
neutron_linuxbridge_agent
neutron_openvswitch_agent
neutron_metering_agent
neutron_l3_agent
neutron_metadata_agent
neutron_server
[nova_api_metadata]
openstack1
[nova_api_os_compute]
openstack1
[nova_api_placement]
openstack1
[nova_cert]
openstack1
[nova_compute]
localhost
[nova_conductor]
openstack1
[nova_console]
openstack1
[nova_scheduler]
openstack1
[nova_all:children]
nova_api_metadata
nova_api_os_compute
nova_api_placement
nova_cert
nova_compute
nova_conductor
nova_console
nova_scheduler
[swift_hosts]
swift-storage1
[swift_proxy]
openstack1
[swift_acc]
swift-storage1
[swift_cont]
swift-storage1
[swift_obj]
swift-storage1
[swift_all:children]
swift_acc
swift_proxy
swift_cont
swift_obj
[swift_remote_all]
[utility_all]
infra1

129
tests/os_octavia-overrides.yml Normal file
View File

@ -0,0 +1,129 @@
---
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
## Octavia rewuires currently nested virtualization (VT-X) which only one jenkins
## gate cloud provides reliabley. To cut down on gate errors this will
## disbale the tests which spin up an amphora
test_octavia_amphora: False
test_octavia_api_group: "{{ ((groups['octavia_api'] is defined) and (groups['octavia_api'] | length > 0)) | ternary('octavia_api', 'all_containers') }}"
test_octavia_api_host: "{{ hostvars[groups[test_octavia_api_group][0]]['ansible_host'] }}"
## octavia User / Group
octavia_system_user_name: octavia
octavia_system_group_name: octavia
octavia_system_shell: /bin/false
octavia_system_comment: octavia system user
octavia_system_home_folder: "/var/lib/{{ octavia_system_user_name }}"
# Octavia specific settings
octavia_venv_tag: "testing"
octavia_developer_mode: True
octavia_git_install_branch: master
octavia_service_internaluri: "http://{{ test_octavia_api_host }}:9876"
octavia_service_internalurl: "{{ octavia_service_internaluri }}"
octavia_service_password: "secrete"
octavia_service_name: octavia
octavia_service_project_name: "service"
octavia_galera_address: "{{ test_galera_host }}"
octavia_galera_database: octavia
octavia_galera_user: octavia
octavia_container_mysql_password: "secrete"
octavia_rabbitmq_password: "{{ rabbitmq_password }}"
octavia_rabbitmq_userid: octavia
octavia_rabbitmq_vhost: /octavia
octavia_rabbitmq_servers: "{{ rabbitmq_servers }}"
octavia_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}"
octavia_rabbitmq_port: "{{ rabbitmq_port }}"
octavia_standalone: False
octavia_swift_temp_url_secret_key: secrete
octavia_keystone_auth_plugin: password
octavia_service_project_domain_id: default
octavia_service_user_domain_id: default
octavia_service_user_name: "octavia"
octavia_ansible_endpoint_type: "internal"
octavia_health_hmac_key: secrete
test_swift_storage_network: "eth3"
test_swift_repl_network: "eth3"
glance_file_store: swift
test_swift_repl_number: 2
nova_console_type: novnc
neutron_provider_networks:
network_types: "vxlan,flat"
network_vxlan_ranges: "1:1000"
network_flat_networks: "flat,mgmt"
network_mappings: "flat:eth12,mgmt:eth14"
# Must be set to a normal MTU
neutron_network_device_mtu: 1500
neutron_l2_population: True
neutron_dhcp_config:
dhcp-option-force: "26,1500"
log-facility: "/var/log/neutron/neutron-dnsmasq.log"
neutron_l3: True
neutron_metadata: True
octavia_pip_package_state: latest
octavia_package_state: latest
octavia_neutron_management_network_name: mgmt
octavia_git_install_branch: stable/ocata
octavia_ssh_enabled: True
octavia_amphora_driver: "{% if test_octavia_amphora | bool %}amphora_haproxy_rest_driver{% else %}amphora_noop_driver{% endif %}"
octavia_compute_driver: "{% if test_octavia_amphora | bool %}compute_nova_driver{% else %}compute_noop_driver{% endif %}"
octavia_network_driver: "{% if test_octavia_amphora | bool %}allowed_address_pairs_driver{% else %}network_noop_driver{% endif %}"
#Neutron mappings
neutron_plugin_base:
- router
- metering
- neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2
neutron_lbaasv2_service_provider: LOADBALANCERV2:Octavia:neutron_lbaas.drivers.octavia.driver.OctaviaDriver:default
neutron_rpc_conn_pool_size: |
30
[octavia]
base_url= http://{{ hostvars['octavia1']['ansible_host'] }}:9876
request_poll_timeout = 500
# if we have Barbican
[certificates]
# Certificate Manager plugin. Defaults to barbican. (string value)
cert_manager_type = barbican
# Name of the Barbican authentication method to use (string value)
#barbican_auth = barbican_acl_auth
[service_auth]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_plugin = password
# this needs to have a v3 added manually :-(
auth_url = "http://{{ test_keystone_host }}:5000/v3"
admin_project_domain = default
admin_user_domain = default
admin_tenant_name = service
admin_user = neutron
admin_password = secrete
region = RegionOne
endpoint_type = internalURL
service_name = neutron
auth_version = 3

102
tests/test-configure-octavia.yml Normal file
View File

@ -0,0 +1,102 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Setup localhost requirements
hosts: localhost
become: True
gather_facts: True
tasks:
- name: Install apt packages
apt:
pkg: "{{ item }}"
state: "{{ octavia_package_state }}"
update_cache: yes
register: install_packages
until: install_packages|success
retries: 5
delay: 2
with_items:
- qemu
- uuid-runtime
- curl
- kpartx
- git
- name: Install pip requirements
pip:
name: "{{ item }}"
state: "{{ octavia_pip_package_state }}"
register: install_packages
until: install_packages|success
retries: 5
delay: 2
with_items:
- argparse
- "Babel>=1.3"
- dib-utils
- PyYAML
- name: Clone Octavia
git:
repo: "https://git.openstack.org/openstack/octavia"
dest: "{{ octavia_system_home_folder }}/octavia"
version: "{{ octavia_git_install_branch }}"
- name: Clone Diskimage-Builder
git:
repo: "https://git.openstack.org/openstack/diskimage-builder"
dest: "{{ octavia_system_home_folder }}/diskimage-builder"
- name: Create amphora image
shell: "./diskimage-create.sh -o {{ octavia_system_home_folder }}/amphora-x64-haproxy.qcow2"
args:
chdir: "{{ octavia_system_home_folder }}/octavia/diskimage-create"
creates: "{{ octavia_system_home_folder }}/amphora-x64-haproxy.qcow2"
when: test_octavia_amphora | bool
- name: Change permission
file:
path: "{{ octavia_system_home_folder }}/octavia/bin/create_certificates.sh"
mode: 0755
- name: Generate certs
shell: "{{ octavia_system_home_folder }}/octavia/bin/create_certificates.sh {{ octavia_system_home_folder }}/certs {{ octavia_system_home_folder }}/octavia/etc/certificates/openssl.cnf"
args:
creates: "{{ octavia_system_home_folder }}/certs/ca_01.pem"
- name: Fix certs/private directory access
file:
path: "{{ octavia_system_home_folder }}/certs/private"
mode: 0755
- name: Install pip requirements
pip:
name: "python-neutronclient"
state: "{{ octavia_pip_package_state }}"
register: install_packages
until: install_packages|success
retries: 5
delay: 2
- name: Create mgmt network
neutron:
command: create_network
openrc_path: /root/openrc
net_name: "{{ octavia_neutron_management_network_name }}"
provider_network_type: flat
provider_physical_network: mgmt
insecure: "{{ keystone_service_internaluri_insecure }}"
- name: Ensure mgmt subnet exists
neutron:
command: create_subnet
openrc_path: /root/openrc
net_name: "{{ octavia_neutron_management_network_name }}"
subnet_name: "mgmt-subnet"
cidr: "10.1.1.0/24"
insecure: "{{ keystone_service_internaluri_insecure }}"
vars_files:
- common/test-vars.yml

29
tests/test-install-octavia.yml Normal file
View File

@ -0,0 +1,29 @@
---
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Playbook for installing Octavia
hosts: octavia_all
remote_user: root
gather_facts: true
pre_tasks:
- include: common/ensure-rabbitmq.yml
vhost_name: "{{ octavia_rabbitmq_vhost }}"
user_name: "{{ octavia_rabbitmq_userid }}"
user_password: "{{ octavia_rabbitmq_password }}"
- include: common/create-grant-db.yml
db_name: "{{ octavia_galera_database }}"
db_password: "{{ octavia_container_mysql_password }}"
roles:
- role: "{{ octavia_rolename | default('os_octavia') }}"
vars_files:
- common/test-vars.yml

121
tests/test-octavia.yml Normal file
View File

@ -0,0 +1,121 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Test Octavia
hosts: localhost
user: root
gather_facts: false
vars:
env:
OS_ENDPOINT_TYPE: internalURL
OS_INTERFACE: internalURL
OS_USERNAME: admin
OS_PASSWORD: "{{ keystone_auth_admin_password }}"
OS_PROJECT_NAME: admin
OS_TENANT_NAME: admin
OS_AUTH_URL: "http://{{ test_keystone_host }}:5000/v3"
OS_NO_CACHE: 1
OS_USER_DOMAIN_NAME: Default
OS_PROJECT_DOMAIN_NAME: Default
OS_REGION_NAME: RegionOne
tasks:
- name: Install pip requirements
pip:
name: "{{ item }}"
state: "{{ octavia_pip_package_state }}"
register: install_packages
until: install_packages|success
retries: 5
delay: 2
with_items:
- "python-neutronclient"
- "python-glanceclient"
- "shade"
- name: Ensure public network exists
neutron:
command: create_network
openrc_path: /root/openrc
net_name: "public"
provider_network_type: "flat"
provider_physical_network: "flat"
router_external: True
insecure: "{{ keystone_service_internaluri_insecure }}"
- name: Ensure public subnet exists
neutron:
command: create_subnet
openrc_path: /root/openrc
net_name: "public"
subnet_name: "public-subnet"
cidr: "10.1.3.0/24"
insecure: "{{ keystone_service_internaluri_insecure }}"
- name: Upload image to glance
shell: >-
glance image-create --name amphora-x64-haproxy --visibility private --disk-format qcow2 \
--container-format bare --tags octavia-amphora-image <{{ octavia_system_home_folder }}/amphora-x64-haproxy.qcow2 \
&& touch {{ octavia_system_home_folder }}/image
args:
creates: "{{ octavia_system_home_folder }}/image"
environment: env
when: test_octavia_amphora | bool
- name: Create ssh-key
shell: >
cat /dev/zero | ssh-keygen -q -N ""
args:
creates: /root/.ssh/id_rsa.pub
- name: Upload key to nova
os_keypair:
auth:
auth_url: "{{ keystone_service_adminurl }}"
username: "{{ octavia_service_user_name }}"
password: "{{ octavia_service_password }}"
project_name: "{{ octavia_service_project_name }}"
user_domain_name: "{{ octavia_service_user_domain_id }}"
project_domain_name: "{{ octavia_service_project_domain_id }}"
endpoint_type: "{{ octavia_ansible_endpoint_type }}"
state: present
name: "octavia_key"
public_key_file: "/root/.ssh/id_rsa.pub"
run_once: true
- name: Create a loadbalancer
shell: >
neutron lbaas-loadbalancer-create --name test-lb public-subnet
environment: env
- name: Wait until LB is up
shell: >
neutron lbaas-loadbalancer-show test-lb | grep ONLINE
environment: env
register: lb_up
until: lb_up|success
retries: 100
delay: 5
- name: Create a listener
shell: >
neutron lbaas-listener-create --loadbalancer test-lb --protocol HTTP --protocol-port 80 --name listener
environment: env
- name: Curl the Listener
shell: >
curl -s -o /dev/null -w "%{http_code}" http://`neutron lbaas-loadbalancer-show test-lb | awk '/ vip_address / {print $4}'`
environment: env
register: http_status_code
when: test_octavia_amphora | bool
- name: Check that we got 503
assert:
that:
- "'503' in http_status_code.stdout"
when: test_octavia_amphora | bool
vars_files:
- common/test-vars.yml

43
tests/test.yml Normal file
View File

@ -0,0 +1,43 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Setup the host
- include: common/test-setup-host.yml
# Install RabbitMQ/MariaDB
- include: common/test-install-infra.yml
# Install Keystone
- include: common/test-install-keystone.yml
# Install Swift
- include: common/test-install-swift.yml
# Install Glance
- include: common/test-install-glance.yml
# Install Neutron
- include: common/test-install-neutron.yml
# Install Nova
- include: common/test-install-nova.yml
# Install Octavia
- include: test-configure-octavia.yml
- include: test-install-octavia.yml
# Test
- include: test-octavia.yml

120
tox.ini Normal file
View File

@ -0,0 +1,120 @@
[tox]
minversion = 2.0
skipsdist = True
envlist = docs,linters,functional
[testenv]
usedevelop = True
install_command =
pip install -c{env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt} {opts} {packages}
deps =
-r{toxinidir}/test-requirements.txt
commands =
/usr/bin/find . -type f -name "*.pyc" -delete
passenv =
HOME
http_proxy
HTTP_PROXY
https_proxy
HTTPS_PROXY
no_proxy
NO_PROXY
whitelist_externals =
bash
setenv =
PYTHONUNBUFFERED=1
ROLE_NAME=os_octavia
TEST_IDEMPOTENCE=false
VIRTUAL_ENV={envdir}
WORKING_DIR={toxinidir}
[testenv:docs]
commands=
bash -c "rm -rf doc/build"
doc8 doc
python setup.py build_sphinx
[doc8]
# Settings for doc8:
extensions = .rst
[testenv:releasenotes]
commands =
sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html
# environment used by the -infra templated docs job
[testenv:venv]
commands =
{posargs}
[testenv:tests_clone]
commands =
bash -c "if [ ! -d "{toxinidir}/tests/common" ]; then \
git clone https://git.openstack.org/openstack/openstack-ansible-tests {toxinidir}/tests/common; \
fi"
[testenv:pep8]
commands =
{[testenv:tests_clone]commands}
bash -c "{toxinidir}/tests/common/test-pep8.sh"
[flake8]
# Ignores the following rules due to how ansible modules work in general
# F403 'from ansible.module_utils.basic import *' used;
# unable to detect undefined names
ignore=F403
[testenv:bashate]
commands =
{[testenv:tests_clone]commands}
bash -c "{toxinidir}/tests/common/test-bashate.sh"
[testenv:ansible]
deps =
{[testenv]deps}
-rhttp://git.openstack.org/cgit/openstack/openstack-ansible-tests/plain/test-ansible-deps.txt
[testenv:ansible-syntax]
deps =
{[testenv:ansible]deps}
commands =
{[testenv:tests_clone]commands}
bash -c "{toxinidir}/tests/common/test-ansible-syntax.sh"
[testenv:ansible-lint]
deps =
{[testenv:ansible]deps}
commands =
{[testenv:tests_clone]commands}
bash -c "{toxinidir}/tests/common/test-ansible-lint.sh"
[testenv:functional]
deps =
{[testenv:ansible]deps}
commands =
{[testenv:tests_clone]commands}
bash -c "{toxinidir}/tests/common/test-ansible-functional.sh"
[testenv:linters]
deps =
{[testenv:ansible]deps}
commands =
{[testenv:pep8]commands}
{[testenv:bashate]commands}
{[testenv:ansible-lint]commands}
{[testenv:ansible-syntax]commands}
{[testenv:docs]commands}

12
vars/main.yml Normal file
View File

@ -0,0 +1,12 @@
---
# vars file for openstack-ansible-os_octavia
octavia_services:
octavia_api:
service_name: octavia-api
octavia_worker:
service_name: octavia-worker
octavia_health_manager:
service_name: octavia-health-manager
octavia_housekeeping:
service_name: octavia-housekeeping

18
vars/redhat-7.yml Normal file
View File

@ -0,0 +1,18 @@
---
# Copyright 2017, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
octavia_distro_packages:
- haproxy

20
vars/ubuntu-16.04.yml Normal file
View File

@ -0,0 +1,20 @@
---
# Copyright 2017, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
## APT Cache options
cache_timeout: 600
octavia_distro_packages:
- haproxy