Moved all of group_vars into a variable file

Moved all of the group_vars/all.yml file into its own variable file
This change was done to allow a user to override basic options
without having to modify the default group variable files. While
the group_vars/all.yml file is still present it is only holding the
revision information that is used for release data and the minimal
required kernel that allows the system to function using VXLAN.

The upgrade script was modified to support the new "default"
user_group_vars.yml file.

tempest_swift_enabled was set to true in group_vars, so this has
now been set as a default in the role instead.

Commit 1bd2bc052a36c7f8c28e473d0a37fd29827198b0 implemented the
package URL update for rabbitmq, but not the corresponding sha256
update. This was not noticed due to group_vars overriding the URL
to a previous version, resulting in the above-mentioned commit
taking no effect. This patch therefore also corrects the sha256.

Closes-Bug: #1460516
Closes-Bug: #1460992
Change-Id: I8e42bb124827bb276134d662c9a171db8e4c017e
This commit is contained in:
kevin 2015-06-01 00:10:43 -05:00 committed by Jesse Pretorius
parent 403252bbe1
commit eb95036a7e
6 changed files with 180 additions and 174 deletions

View File

@ -0,0 +1,137 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
## Verbosity Options
debug: False
verbose: True
## Repo server
repo_service_user_name: nginx
repo_service_home_folder: /var/www
repo_server_port: 8181
repo_pip_default_index: "http://{{ openstack_upstream_domain }}/pools"
## Rsyslog server
rsyslog_server_storage_directory: /var/log/log-storage
## OpenStack source options
# URL for the frozen internal openstack repo.
openstack_repo_url: "http://{{ internal_lb_vip_address }}:{{ repo_server_port }}"
openstack_upstream_domain: "rpc-repo.rackspace.com"
openstack_upstream_url: "http://{{ openstack_upstream_domain }}"
## LXC options
lxc_container_caches:
- url: "{{ openstack_upstream_url }}/container_images/rpc-trusty-container.tgz"
name: "trusty.tgz"
## RabbitMQ
rabbitmq_userid: openstack
rabbitmq_cluster_name: openstack
rabbitmq_port: 5672
rabbitmq_servers: "{% for host in groups['rabbitmq_all'] %}{{ hostvars[host]['ansible_ssh_host'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}"
## Galera
galera_wsrep_cluster_address: "{% for host in groups['galera_all'] %}{{ hostvars[host]['ansible_ssh_host'] }}{% if not loop.last %},{% endif %}{% endfor %}"
galera_wsrep_address: "{{ ansible_ssh_host }}"
## Pip install
# Lock down pip to only a specific version of pip
pip_get_pip_options: "--no-index --find-links={{ openstack_upstream_url }}/os-releases/{{ openstack_release }} --trusted-host {{ openstack_upstream_domain }}"
## Memcached options
memcached_listen: "{{ ansible_ssh_host }}"
memcached_port: 11211
memcached_servers: "{% for host in groups['memcached'] %}{{ hostvars[host]['ansible_ssh_host'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}"
## Nova
nova_service_port: 8774
nova_service_proto: http
nova_service_user_name: nova
nova_service_project_name: service
nova_service_project_domain_id: default
nova_service_user_domain_id: default
nova_service_adminuri: "{{ nova_service_proto }}://{{ internal_lb_vip_address }}:{{ nova_service_port }}"
nova_service_adminurl: "{{ nova_service_adminuri }}/v2/%(tenant_id)s"
nova_service_region: RegionOne
nova_metadata_port: 8775
nova_keystone_auth_plugin: password
## Neutron
neutron_service_port: 9696
neutron_service_proto: http
neutron_service_user_name: neutron
neutron_service_project_name: service
neutron_service_project_domain_id: default
neutron_service_user_domain_id: default
neutron_service_adminuri: "{{ neutron_service_proto }}://{{ internal_lb_vip_address }}:{{ neutron_service_port }}"
neutron_service_adminurl: "{{ neutron_service_adminuri }}"
neutron_service_region: RegionOne
neutron_service_program_enabled: true
neutron_service_dhcp_program_enabled: true
neutron_service_l3_program_enabled: true
neutron_service_linuxbridge_program_enabled: true
neutron_service_metadata_program_enabled: true
neutron_service_metering_program_enabled: true
## Glance
glance_service_port: 9292
glance_service_proto: http
glance_service_user_name: glance
glance_service_project_name: service
glance_service_project_domain_id: default
glance_service_user_domain_id: default
glance_service_adminurl: "{{ glance_service_proto }}://{{ internal_lb_vip_address }}:{{ glance_service_port }}"
glance_service_region: RegionOne
glance_api_servers: "{% for host in groups['glance_all'] %}{{ hostvars[host]['container_address'] }}:{{ glance_service_port }}{% if not loop.last %},{% endif %}{% endfor %}"
## Keystone
keystone_admin_user_name: admin
keystone_admin_tenant_name: admin
keystone_admin_port: 35357
keystone_service_port: 5000
keystone_service_proto: http
keystone_service_user_name: keystone
keystone_service_tenant_name: service
keystone_service_uri: "{{ keystone_service_proto }}://{{ internal_lb_vip_address }}"
keystone_service_internaluri: "{{ keystone_service_proto }}://{{ internal_lb_vip_address }}:{{ keystone_service_port }}"
keystone_service_internalurl: "{{ keystone_service_internaluri }}/v2.0"
keystone_service_adminuri: "{{ keystone_service_uri }}:{{ keystone_admin_port }}"
keystone_service_adminurl: "{{ keystone_service_adminuri }}/v2.0"
keystone_service_internaluri_v3: "{{ keystone_service_proto }}://{{ internal_lb_vip_address }}:{{ keystone_service_port }}"
keystone_service_internalurl_v3: "{{ keystone_service_adminuri_v3 }}/v3"
keystone_service_adminuri_v3: "{{ keystone_service_proto }}://{{ internal_lb_vip_address }}:{{ keystone_admin_port }}"
keystone_service_adminurl_v3: "{{ keystone_service_adminuri_v3 }}/v3"
keystone_cache_backend_argument: "url:{% for host in groups['memcached'] %}{{ hostvars[host]['container_address'] }}{% if not loop.last %},{% endif %}{% endfor %}:{{ memcached_port }}"
keystone_memcached_servers: "{% for host in groups['keystone_all'] %}{{ hostvars[host]['container_address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}"
keystone_service_region: RegionOne
## OpenStack Openrc
openrc_os_auth_url: "{{ keystone_service_internalurl }}"
openrc_os_password: "{{ keystone_auth_admin_password }}"

View File

@ -1,5 +1,5 @@
---
# Copyright 2014, Rackspace US, Inc.
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -13,143 +13,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
## Verbosity Options
debug: False
verbose: True
## Rsyslog server
rsyslog_server_spool_directory: /var/spool/rsyslog
rsyslog_server_storage_directory: /var/log/log-storage
## OpenStack Source Code Release
openstack_release: master
# URL for the frozen internal openstack repo.
openstack_repo_url: "http://{{ internal_lb_vip_address }}:{{ repo_server_port }}"
openstack_upstream_proto: "https"
openstack_upstream_domain: "rpc-repo.rackspace.com"
openstack_upstream_url: "{{ openstack_upstream_proto }}://{{ openstack_upstream_domain }}"
# Global minimum kernel requirement
openstack_host_required_kernel: 3.13.0-34-generic
## Repo server
repo_service_user_name: nginx
repo_service_home_folder: /var/www
repo_server_port: 8181
repo_pip_default_index: "{{ openstack_upstream_url }}/pools"
## LXC options
lxc_container_caches:
- url: "{{ openstack_upstream_url }}/container_images/rpc-trusty-container.tgz"
name: "trusty.tgz"
# In container APT repository settings
lxc_container_template_main_apt_repo: "https://mirror.rackspace.com/ubuntu"
lxc_container_template_security_apt_repo: "https://mirror.rackspace.com/ubuntu"
## RabbitMQ
rabbitmq_userid: openstack
rabbitmq_cluster_name: openstack
rabbitmq_port: 5672
rabbitmq_servers: "{% for host in groups['rabbitmq_all'] %}{{ hostvars[host]['container_address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}"
rabbitmq_package_url: "https://mirror.rackspace.com/rackspaceprivatecloud/downloads/rabbitmq-server_3.4.3-1_all.deb"
## Galera
galera_wsrep_cluster_address: "{% for host in groups['galera_all'] %}{{ hostvars[host]['container_address'] }}{% if not loop.last %},{% endif %}{% endfor %}"
galera_wsrep_address: "{{ container_address }}"
galera_monitoring_user: haproxy
galera_root_user: root
# Set ``galera_max_connections`` to override the calculated max connections.
# galera_max_connections: 500
# Repositories
## Pip install
# Lock down pip to only a specific version of pip
pip_get_pip_options: "--no-index --find-links={{ openstack_upstream_url }}/os-releases/{{ openstack_release }} --trusted-host {{ openstack_upstream_domain }}"
## Memcached options
memcached_listen: "{{ container_address }}"
memcached_port: 11211
memcached_servers: "{% for host in groups['memcached'] %}{{ hostvars[host]['container_address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}"
## Nova
nova_service_port: 8774
nova_service_proto: http
nova_service_user_name: nova
nova_service_project_name: service
nova_service_project_domain_id: default
nova_service_user_domain_id: default
nova_service_adminuri: "{{ nova_service_proto }}://{{ internal_lb_vip_address }}:{{ nova_service_port }}"
nova_service_adminurl: "{{ nova_service_adminuri }}/v2/%(tenant_id)s"
nova_service_region: RegionOne
nova_metadata_port: 8775
nova_keystone_auth_plugin: password
## Neutron
neutron_service_port: 9696
neutron_service_proto: http
neutron_service_user_name: neutron
neutron_service_project_name: service
neutron_service_project_domain_id: default
neutron_service_user_domain_id: default
neutron_service_adminuri: "{{ neutron_service_proto }}://{{ internal_lb_vip_address }}:{{ neutron_service_port }}"
neutron_service_adminurl: "{{ neutron_service_adminuri }}"
neutron_service_region: RegionOne
neutron_service_program_enabled: true
neutron_service_dhcp_program_enabled: true
neutron_service_l3_program_enabled: true
neutron_service_linuxbridge_program_enabled: true
neutron_service_metadata_program_enabled: true
neutron_service_metering_program_enabled: true
## Glance
glance_service_port: 9292
glance_service_proto: http
glance_service_user_name: glance
glance_service_project_name: service
glance_service_project_domain_id: default
glance_service_user_domain_id: default
glance_service_adminurl: "{{ glance_service_proto }}://{{ internal_lb_vip_address }}:{{ glance_service_port }}"
glance_service_region: RegionOne
glance_api_servers: "{% for host in groups['glance_all'] %}{{ hostvars[host]['container_address'] }}:{{ glance_service_port }}{% if not loop.last %},{% endif %}{% endfor %}"
## Keystone
keystone_admin_user_name: admin
keystone_admin_tenant_name: admin
keystone_admin_port: 35357
keystone_service_port: 5000
keystone_service_proto: http
keystone_service_user_name: keystone
keystone_service_tenant_name: service
keystone_service_uri: "{{ keystone_service_proto }}://{{ internal_lb_vip_address }}"
keystone_service_internaluri: "{{ keystone_service_proto }}://{{ internal_lb_vip_address }}:{{ keystone_service_port }}"
keystone_service_internalurl: "{{ keystone_service_internaluri }}/v2.0"
keystone_service_adminuri: "{{ keystone_service_uri }}:{{ keystone_admin_port }}"
keystone_service_adminurl: "{{ keystone_service_adminuri }}/v2.0"
keystone_service_internaluri_v3: "{{ keystone_service_proto }}://{{ internal_lb_vip_address }}:{{ keystone_service_port }}"
keystone_service_internalurl_v3: "{{ keystone_service_adminuri_v3 }}/v3"
keystone_service_adminuri_v3: "{{ keystone_service_proto }}://{{ internal_lb_vip_address }}:{{ keystone_admin_port }}"
keystone_service_adminurl_v3: "{{ keystone_service_adminuri_v3 }}/v3"
keystone_cache_backend_argument: "url:{% for host in groups['memcached'] %}{{ hostvars[host]['container_address'] }}{% if not loop.last %},{% endif %}{% endfor %}:{{ memcached_port }}"
keystone_memcached_servers: "{% for host in groups['keystone_all'] %}{{ hostvars[host]['container_address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}"
keystone_service_region: RegionOne
## Tempest
tempest_swift_enabled: true
## OpenStack Openrc
openrc_os_auth_url: "{{ keystone_service_internalurl }}"
openrc_os_password: "{{ keystone_auth_admin_password }}"

View File

@ -55,7 +55,7 @@ tempest_image_api_v2_enabled: True
tempest_boto_s3_url: "http://{{ external_lb_vip_address }}:3333"
tempest_boto_ec2_url: "http://{{ external_lb_vip_address }}:8773/services/Cloud"
tempest_swift_enabled: false
tempest_swift_enabled: true
tempest_swift_object_versioning: True
tempest_volume_backup_enabled: False

View File

@ -19,7 +19,7 @@ is_metal: true
rabbitmq_primary_cluster_node: "{{ groups['rabbitmq_all'][0] }}"
rabbitmq_package_url: https://www.rabbitmq.com/releases/rabbitmq-server/v3.5.1/rabbitmq-server_3.5.1-1_all.deb
rabbitmq_package_sha256: "e514012a210b4ed5b77d726329ce027c50e8629c396bcde451ac16aaff07d047"
rabbitmq_package_sha256: "9b58fda5221cc64f41d5170a4bfe9a0c33f542155e8781f397b80af3e95358ec"
rabbitmq_package_path: "/opt/rabbitmq-server.deb"
rabbitmq_apt_packages:

View File

@ -78,8 +78,7 @@ log_instance_info
# Ensure that the current kernel can support vxlan
if ! modprobe vxlan; then
MINIMUM_KERNEL_VERSION=$(awk '/openstack_host_required_kernel/ {print $2}' playbooks/inventory/group_vars/all.yml)
echo "A minimum kernel version of ${MINIMUM_KERNEL_VERSION} is required for vxlan support."
echo "VXLAN support is required for this to work. And the Kernel module was not found."
echo "This build will not work without it."
exit_fail
fi

View File

@ -18,7 +18,7 @@
clear
# NOTICE: To run this in an automated fashion run the script via
# root@HOSTNAME:/opt/os-ansible-deployment# echo "YES" | bash scripts/upgrade-v10-2-v11.sh
# root@HOSTNAME:/opt/os-ansible-deployment# echo "YES" | bash scripts/run-upgrade.sh
# Notify the user.
echo -e "
@ -113,6 +113,43 @@ echo 'ssl_protocol: "ALL -SSLv2 -SSLv3"' | tee -a /etc/openstack_deploy/user_var
# Cipher suite string from "https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/".
echo 'ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"' | tee -a /etc/openstack_deploy/user_variables.yml
# Ensure that the user_group_vars.yml file is present on upgrade, if not found copy it over
if [ ! -f "/etc/openstack_deploy/user_group_vars.yml" ];then
cp etc/openstack_deploy/user_group_vars.yml /etc/openstack_deploy/user_group_vars.yml
fi
# If OLD ldap bits found in the user_variables file that pertain to ldap upgrade them to the new syntax.
if grep '^keystone_ldap.*' /etc/openstack_deploy/user_variables.yml;then
python <<EOL
import yaml
with open('/etc/openstack_deploy/user_variables.yml', 'r') as f:
user_vars = yaml.safe_load(f.read())
# Grab a map of the old keystone ldap entries
new_ldap = dict()
for k, v in user_vars.items():
if k.startswith('keystone_ldap'):
new_ldap['%s' % k.split('keystone_ldap_')[-1]] = v
# Open user secrets file.
with open('/etc/openstack_deploy/user_secrets.yml', 'r') as fsr:
user_secrets = yaml.safe_load(fsr.read())
# LDAP variable to instruct keystone to use ldap
ldap = user_secrets['keystone_ldap'] = dict()
# "ldap" section within the keystone_ldap variable.
ldap['ldap'] = new_ldap
with open('/etc/openstack_deploy/user_secrets.yml', 'w') as fsw:
fsw.write(
yaml.safe_dump(
user_secrets,
default_flow_style=False,
width=1000
)
)
EOL
# If monitoring as a service or Rackspace cloud variables are present, rewrite them as rpc-extras.yml
if grep -e '^maas_.*' -e '^rackspace_.*' -e '^elasticsearch_.*' -e '^kibana_.*' -e 'logstash_.*' /etc/openstack_deploy/user_variables.yml;then
python <<EOL
@ -223,38 +260,6 @@ with open('/etc/openstack_deploy/openstack_environment.yml', 'w') as fsw:
)
EOL
# If OLD ldap bits found in the user_variables file that pertain to ldap upgrade them to the new syntax.
if grep '^keystone_ldap.*' /etc/openstack_deploy/user_variables.yml;then
python <<EOL
import yaml
with open('/etc/openstack_deploy/user_variables.yml', 'r') as f:
user_vars = yaml.safe_load(f.read())
# Grab a map of the old keystone ldap entries
new_ldap = dict()
for k, v in user_vars.items():
if k.startswith('keystone_ldap'):
new_ldap['%s' % k.split('keystone_ldap_')[-1]] = v
# Open user secrets file.
with open('/etc/openstack_deploy/user_secrets.yml', 'r') as fsr:
user_secrets = yaml.safe_load(fsr.read())
# LDAP variable to instruct keystone to use ldap
ldap = user_secrets['keystone_ldap'] = dict()
# "ldap" section within the keystone_ldap variable.
ldap['ldap'] = new_ldap
with open('/etc/openstack_deploy/user_secrets.yml', 'w') as fsw:
fsw.write(
yaml.safe_dump(
user_secrets,
default_flow_style=False,
width=1000
)
)
EOL
# Remove old ldap variables from "user_variables.yml".
sed -i '/keystone_ldap.*/d' /etc/openstack_deploy/user_variables.yml
fi