Moved all of group_vars into a variable file
Moved all of the group_vars/all.yml file into its own variable file This change was done to allow a user to override basic options without having to modify the default group variable files. While the group_vars/all.yml file is still present it is only holding the revision information that is used for release data and the minimal required kernel that allows the system to function using VXLAN. The upgrade script was modified to support the new "default" user_group_vars.yml file. tempest_swift_enabled was set to true in group_vars, so this has now been set as a default in the role instead. Commit 1bd2bc052a36c7f8c28e473d0a37fd29827198b0 implemented the package URL update for rabbitmq, but not the corresponding sha256 update. This was not noticed due to group_vars overriding the URL to a previous version, resulting in the above-mentioned commit taking no effect. This patch therefore also corrects the sha256. Closes-Bug: #1460516 Closes-Bug: #1460992 Change-Id: I8e42bb124827bb276134d662c9a171db8e4c017e
This commit is contained in:
parent
403252bbe1
commit
eb95036a7e
137
etc/openstack_deploy/user_group_vars.yml
Normal file
137
etc/openstack_deploy/user_group_vars.yml
Normal file
@ -0,0 +1,137 @@
|
||||
---
|
||||
# Copyright 2014, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
## Verbosity Options
|
||||
debug: False
|
||||
verbose: True
|
||||
|
||||
|
||||
## Repo server
|
||||
repo_service_user_name: nginx
|
||||
repo_service_home_folder: /var/www
|
||||
repo_server_port: 8181
|
||||
repo_pip_default_index: "http://{{ openstack_upstream_domain }}/pools"
|
||||
|
||||
|
||||
## Rsyslog server
|
||||
rsyslog_server_storage_directory: /var/log/log-storage
|
||||
|
||||
|
||||
## OpenStack source options
|
||||
# URL for the frozen internal openstack repo.
|
||||
openstack_repo_url: "http://{{ internal_lb_vip_address }}:{{ repo_server_port }}"
|
||||
openstack_upstream_domain: "rpc-repo.rackspace.com"
|
||||
openstack_upstream_url: "http://{{ openstack_upstream_domain }}"
|
||||
|
||||
|
||||
## LXC options
|
||||
lxc_container_caches:
|
||||
- url: "{{ openstack_upstream_url }}/container_images/rpc-trusty-container.tgz"
|
||||
name: "trusty.tgz"
|
||||
|
||||
|
||||
## RabbitMQ
|
||||
rabbitmq_userid: openstack
|
||||
rabbitmq_cluster_name: openstack
|
||||
rabbitmq_port: 5672
|
||||
rabbitmq_servers: "{% for host in groups['rabbitmq_all'] %}{{ hostvars[host]['ansible_ssh_host'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}"
|
||||
|
||||
|
||||
## Galera
|
||||
galera_wsrep_cluster_address: "{% for host in groups['galera_all'] %}{{ hostvars[host]['ansible_ssh_host'] }}{% if not loop.last %},{% endif %}{% endfor %}"
|
||||
galera_wsrep_address: "{{ ansible_ssh_host }}"
|
||||
|
||||
|
||||
## Pip install
|
||||
# Lock down pip to only a specific version of pip
|
||||
pip_get_pip_options: "--no-index --find-links={{ openstack_upstream_url }}/os-releases/{{ openstack_release }} --trusted-host {{ openstack_upstream_domain }}"
|
||||
|
||||
|
||||
## Memcached options
|
||||
memcached_listen: "{{ ansible_ssh_host }}"
|
||||
memcached_port: 11211
|
||||
memcached_servers: "{% for host in groups['memcached'] %}{{ hostvars[host]['ansible_ssh_host'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}"
|
||||
|
||||
|
||||
## Nova
|
||||
nova_service_port: 8774
|
||||
nova_service_proto: http
|
||||
nova_service_user_name: nova
|
||||
nova_service_project_name: service
|
||||
nova_service_project_domain_id: default
|
||||
nova_service_user_domain_id: default
|
||||
nova_service_adminuri: "{{ nova_service_proto }}://{{ internal_lb_vip_address }}:{{ nova_service_port }}"
|
||||
nova_service_adminurl: "{{ nova_service_adminuri }}/v2/%(tenant_id)s"
|
||||
nova_service_region: RegionOne
|
||||
nova_metadata_port: 8775
|
||||
nova_keystone_auth_plugin: password
|
||||
|
||||
|
||||
## Neutron
|
||||
neutron_service_port: 9696
|
||||
neutron_service_proto: http
|
||||
neutron_service_user_name: neutron
|
||||
neutron_service_project_name: service
|
||||
neutron_service_project_domain_id: default
|
||||
neutron_service_user_domain_id: default
|
||||
neutron_service_adminuri: "{{ neutron_service_proto }}://{{ internal_lb_vip_address }}:{{ neutron_service_port }}"
|
||||
neutron_service_adminurl: "{{ neutron_service_adminuri }}"
|
||||
neutron_service_region: RegionOne
|
||||
neutron_service_program_enabled: true
|
||||
neutron_service_dhcp_program_enabled: true
|
||||
neutron_service_l3_program_enabled: true
|
||||
neutron_service_linuxbridge_program_enabled: true
|
||||
neutron_service_metadata_program_enabled: true
|
||||
neutron_service_metering_program_enabled: true
|
||||
|
||||
|
||||
## Glance
|
||||
glance_service_port: 9292
|
||||
glance_service_proto: http
|
||||
glance_service_user_name: glance
|
||||
glance_service_project_name: service
|
||||
glance_service_project_domain_id: default
|
||||
glance_service_user_domain_id: default
|
||||
glance_service_adminurl: "{{ glance_service_proto }}://{{ internal_lb_vip_address }}:{{ glance_service_port }}"
|
||||
glance_service_region: RegionOne
|
||||
glance_api_servers: "{% for host in groups['glance_all'] %}{{ hostvars[host]['container_address'] }}:{{ glance_service_port }}{% if not loop.last %},{% endif %}{% endfor %}"
|
||||
|
||||
|
||||
## Keystone
|
||||
keystone_admin_user_name: admin
|
||||
keystone_admin_tenant_name: admin
|
||||
keystone_admin_port: 35357
|
||||
keystone_service_port: 5000
|
||||
keystone_service_proto: http
|
||||
keystone_service_user_name: keystone
|
||||
keystone_service_tenant_name: service
|
||||
keystone_service_uri: "{{ keystone_service_proto }}://{{ internal_lb_vip_address }}"
|
||||
keystone_service_internaluri: "{{ keystone_service_proto }}://{{ internal_lb_vip_address }}:{{ keystone_service_port }}"
|
||||
keystone_service_internalurl: "{{ keystone_service_internaluri }}/v2.0"
|
||||
keystone_service_adminuri: "{{ keystone_service_uri }}:{{ keystone_admin_port }}"
|
||||
keystone_service_adminurl: "{{ keystone_service_adminuri }}/v2.0"
|
||||
keystone_service_internaluri_v3: "{{ keystone_service_proto }}://{{ internal_lb_vip_address }}:{{ keystone_service_port }}"
|
||||
keystone_service_internalurl_v3: "{{ keystone_service_adminuri_v3 }}/v3"
|
||||
keystone_service_adminuri_v3: "{{ keystone_service_proto }}://{{ internal_lb_vip_address }}:{{ keystone_admin_port }}"
|
||||
keystone_service_adminurl_v3: "{{ keystone_service_adminuri_v3 }}/v3"
|
||||
keystone_cache_backend_argument: "url:{% for host in groups['memcached'] %}{{ hostvars[host]['container_address'] }}{% if not loop.last %},{% endif %}{% endfor %}:{{ memcached_port }}"
|
||||
keystone_memcached_servers: "{% for host in groups['keystone_all'] %}{{ hostvars[host]['container_address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}"
|
||||
keystone_service_region: RegionOne
|
||||
|
||||
|
||||
## OpenStack Openrc
|
||||
openrc_os_auth_url: "{{ keystone_service_internalurl }}"
|
||||
openrc_os_password: "{{ keystone_auth_admin_password }}"
|
||||
|
@ -1,5 +1,5 @@
|
||||
---
|
||||
# Copyright 2014, Rackspace US, Inc.
|
||||
# Copyright 2015, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
@ -13,143 +13,8 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
## Verbosity Options
|
||||
debug: False
|
||||
verbose: True
|
||||
|
||||
|
||||
## Rsyslog server
|
||||
rsyslog_server_spool_directory: /var/spool/rsyslog
|
||||
rsyslog_server_storage_directory: /var/log/log-storage
|
||||
|
||||
|
||||
## OpenStack Source Code Release
|
||||
openstack_release: master
|
||||
# URL for the frozen internal openstack repo.
|
||||
openstack_repo_url: "http://{{ internal_lb_vip_address }}:{{ repo_server_port }}"
|
||||
openstack_upstream_proto: "https"
|
||||
openstack_upstream_domain: "rpc-repo.rackspace.com"
|
||||
openstack_upstream_url: "{{ openstack_upstream_proto }}://{{ openstack_upstream_domain }}"
|
||||
|
||||
# Global minimum kernel requirement
|
||||
openstack_host_required_kernel: 3.13.0-34-generic
|
||||
|
||||
|
||||
## Repo server
|
||||
repo_service_user_name: nginx
|
||||
repo_service_home_folder: /var/www
|
||||
repo_server_port: 8181
|
||||
repo_pip_default_index: "{{ openstack_upstream_url }}/pools"
|
||||
|
||||
|
||||
## LXC options
|
||||
lxc_container_caches:
|
||||
- url: "{{ openstack_upstream_url }}/container_images/rpc-trusty-container.tgz"
|
||||
name: "trusty.tgz"
|
||||
|
||||
# In container APT repository settings
|
||||
lxc_container_template_main_apt_repo: "https://mirror.rackspace.com/ubuntu"
|
||||
lxc_container_template_security_apt_repo: "https://mirror.rackspace.com/ubuntu"
|
||||
|
||||
|
||||
## RabbitMQ
|
||||
rabbitmq_userid: openstack
|
||||
rabbitmq_cluster_name: openstack
|
||||
rabbitmq_port: 5672
|
||||
rabbitmq_servers: "{% for host in groups['rabbitmq_all'] %}{{ hostvars[host]['container_address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}"
|
||||
rabbitmq_package_url: "https://mirror.rackspace.com/rackspaceprivatecloud/downloads/rabbitmq-server_3.4.3-1_all.deb"
|
||||
|
||||
|
||||
## Galera
|
||||
galera_wsrep_cluster_address: "{% for host in groups['galera_all'] %}{{ hostvars[host]['container_address'] }}{% if not loop.last %},{% endif %}{% endfor %}"
|
||||
galera_wsrep_address: "{{ container_address }}"
|
||||
galera_monitoring_user: haproxy
|
||||
galera_root_user: root
|
||||
# Set ``galera_max_connections`` to override the calculated max connections.
|
||||
# galera_max_connections: 500
|
||||
# Repositories
|
||||
|
||||
|
||||
## Pip install
|
||||
# Lock down pip to only a specific version of pip
|
||||
pip_get_pip_options: "--no-index --find-links={{ openstack_upstream_url }}/os-releases/{{ openstack_release }} --trusted-host {{ openstack_upstream_domain }}"
|
||||
|
||||
|
||||
## Memcached options
|
||||
memcached_listen: "{{ container_address }}"
|
||||
memcached_port: 11211
|
||||
memcached_servers: "{% for host in groups['memcached'] %}{{ hostvars[host]['container_address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}"
|
||||
|
||||
|
||||
## Nova
|
||||
nova_service_port: 8774
|
||||
nova_service_proto: http
|
||||
nova_service_user_name: nova
|
||||
nova_service_project_name: service
|
||||
nova_service_project_domain_id: default
|
||||
nova_service_user_domain_id: default
|
||||
nova_service_adminuri: "{{ nova_service_proto }}://{{ internal_lb_vip_address }}:{{ nova_service_port }}"
|
||||
nova_service_adminurl: "{{ nova_service_adminuri }}/v2/%(tenant_id)s"
|
||||
nova_service_region: RegionOne
|
||||
nova_metadata_port: 8775
|
||||
nova_keystone_auth_plugin: password
|
||||
|
||||
|
||||
## Neutron
|
||||
neutron_service_port: 9696
|
||||
neutron_service_proto: http
|
||||
neutron_service_user_name: neutron
|
||||
neutron_service_project_name: service
|
||||
neutron_service_project_domain_id: default
|
||||
neutron_service_user_domain_id: default
|
||||
neutron_service_adminuri: "{{ neutron_service_proto }}://{{ internal_lb_vip_address }}:{{ neutron_service_port }}"
|
||||
neutron_service_adminurl: "{{ neutron_service_adminuri }}"
|
||||
neutron_service_region: RegionOne
|
||||
neutron_service_program_enabled: true
|
||||
neutron_service_dhcp_program_enabled: true
|
||||
neutron_service_l3_program_enabled: true
|
||||
neutron_service_linuxbridge_program_enabled: true
|
||||
neutron_service_metadata_program_enabled: true
|
||||
neutron_service_metering_program_enabled: true
|
||||
|
||||
|
||||
## Glance
|
||||
glance_service_port: 9292
|
||||
glance_service_proto: http
|
||||
glance_service_user_name: glance
|
||||
glance_service_project_name: service
|
||||
glance_service_project_domain_id: default
|
||||
glance_service_user_domain_id: default
|
||||
glance_service_adminurl: "{{ glance_service_proto }}://{{ internal_lb_vip_address }}:{{ glance_service_port }}"
|
||||
glance_service_region: RegionOne
|
||||
glance_api_servers: "{% for host in groups['glance_all'] %}{{ hostvars[host]['container_address'] }}:{{ glance_service_port }}{% if not loop.last %},{% endif %}{% endfor %}"
|
||||
|
||||
|
||||
## Keystone
|
||||
keystone_admin_user_name: admin
|
||||
keystone_admin_tenant_name: admin
|
||||
keystone_admin_port: 35357
|
||||
keystone_service_port: 5000
|
||||
keystone_service_proto: http
|
||||
keystone_service_user_name: keystone
|
||||
keystone_service_tenant_name: service
|
||||
keystone_service_uri: "{{ keystone_service_proto }}://{{ internal_lb_vip_address }}"
|
||||
keystone_service_internaluri: "{{ keystone_service_proto }}://{{ internal_lb_vip_address }}:{{ keystone_service_port }}"
|
||||
keystone_service_internalurl: "{{ keystone_service_internaluri }}/v2.0"
|
||||
keystone_service_adminuri: "{{ keystone_service_uri }}:{{ keystone_admin_port }}"
|
||||
keystone_service_adminurl: "{{ keystone_service_adminuri }}/v2.0"
|
||||
keystone_service_internaluri_v3: "{{ keystone_service_proto }}://{{ internal_lb_vip_address }}:{{ keystone_service_port }}"
|
||||
keystone_service_internalurl_v3: "{{ keystone_service_adminuri_v3 }}/v3"
|
||||
keystone_service_adminuri_v3: "{{ keystone_service_proto }}://{{ internal_lb_vip_address }}:{{ keystone_admin_port }}"
|
||||
keystone_service_adminurl_v3: "{{ keystone_service_adminuri_v3 }}/v3"
|
||||
keystone_cache_backend_argument: "url:{% for host in groups['memcached'] %}{{ hostvars[host]['container_address'] }}{% if not loop.last %},{% endif %}{% endfor %}:{{ memcached_port }}"
|
||||
keystone_memcached_servers: "{% for host in groups['keystone_all'] %}{{ hostvars[host]['container_address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}"
|
||||
keystone_service_region: RegionOne
|
||||
|
||||
|
||||
## Tempest
|
||||
tempest_swift_enabled: true
|
||||
|
||||
|
||||
## OpenStack Openrc
|
||||
openrc_os_auth_url: "{{ keystone_service_internalurl }}"
|
||||
openrc_os_password: "{{ keystone_auth_admin_password }}"
|
||||
|
@ -55,7 +55,7 @@ tempest_image_api_v2_enabled: True
|
||||
tempest_boto_s3_url: "http://{{ external_lb_vip_address }}:3333"
|
||||
tempest_boto_ec2_url: "http://{{ external_lb_vip_address }}:8773/services/Cloud"
|
||||
|
||||
tempest_swift_enabled: false
|
||||
tempest_swift_enabled: true
|
||||
tempest_swift_object_versioning: True
|
||||
|
||||
tempest_volume_backup_enabled: False
|
||||
|
@ -19,7 +19,7 @@ is_metal: true
|
||||
rabbitmq_primary_cluster_node: "{{ groups['rabbitmq_all'][0] }}"
|
||||
|
||||
rabbitmq_package_url: https://www.rabbitmq.com/releases/rabbitmq-server/v3.5.1/rabbitmq-server_3.5.1-1_all.deb
|
||||
rabbitmq_package_sha256: "e514012a210b4ed5b77d726329ce027c50e8629c396bcde451ac16aaff07d047"
|
||||
rabbitmq_package_sha256: "9b58fda5221cc64f41d5170a4bfe9a0c33f542155e8781f397b80af3e95358ec"
|
||||
rabbitmq_package_path: "/opt/rabbitmq-server.deb"
|
||||
|
||||
rabbitmq_apt_packages:
|
||||
|
@ -78,8 +78,7 @@ log_instance_info
|
||||
|
||||
# Ensure that the current kernel can support vxlan
|
||||
if ! modprobe vxlan; then
|
||||
MINIMUM_KERNEL_VERSION=$(awk '/openstack_host_required_kernel/ {print $2}' playbooks/inventory/group_vars/all.yml)
|
||||
echo "A minimum kernel version of ${MINIMUM_KERNEL_VERSION} is required for vxlan support."
|
||||
echo "VXLAN support is required for this to work. And the Kernel module was not found."
|
||||
echo "This build will not work without it."
|
||||
exit_fail
|
||||
fi
|
||||
|
@ -18,7 +18,7 @@
|
||||
clear
|
||||
|
||||
# NOTICE: To run this in an automated fashion run the script via
|
||||
# root@HOSTNAME:/opt/os-ansible-deployment# echo "YES" | bash scripts/upgrade-v10-2-v11.sh
|
||||
# root@HOSTNAME:/opt/os-ansible-deployment# echo "YES" | bash scripts/run-upgrade.sh
|
||||
|
||||
# Notify the user.
|
||||
echo -e "
|
||||
@ -113,6 +113,43 @@ echo 'ssl_protocol: "ALL -SSLv2 -SSLv3"' | tee -a /etc/openstack_deploy/user_var
|
||||
# Cipher suite string from "https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/".
|
||||
echo 'ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"' | tee -a /etc/openstack_deploy/user_variables.yml
|
||||
|
||||
# Ensure that the user_group_vars.yml file is present on upgrade, if not found copy it over
|
||||
if [ ! -f "/etc/openstack_deploy/user_group_vars.yml" ];then
|
||||
cp etc/openstack_deploy/user_group_vars.yml /etc/openstack_deploy/user_group_vars.yml
|
||||
fi
|
||||
|
||||
# If OLD ldap bits found in the user_variables file that pertain to ldap upgrade them to the new syntax.
|
||||
if grep '^keystone_ldap.*' /etc/openstack_deploy/user_variables.yml;then
|
||||
python <<EOL
|
||||
import yaml
|
||||
with open('/etc/openstack_deploy/user_variables.yml', 'r') as f:
|
||||
user_vars = yaml.safe_load(f.read())
|
||||
|
||||
# Grab a map of the old keystone ldap entries
|
||||
new_ldap = dict()
|
||||
for k, v in user_vars.items():
|
||||
if k.startswith('keystone_ldap'):
|
||||
new_ldap['%s' % k.split('keystone_ldap_')[-1]] = v
|
||||
|
||||
# Open user secrets file.
|
||||
with open('/etc/openstack_deploy/user_secrets.yml', 'r') as fsr:
|
||||
user_secrets = yaml.safe_load(fsr.read())
|
||||
|
||||
# LDAP variable to instruct keystone to use ldap
|
||||
ldap = user_secrets['keystone_ldap'] = dict()
|
||||
|
||||
# "ldap" section within the keystone_ldap variable.
|
||||
ldap['ldap'] = new_ldap
|
||||
with open('/etc/openstack_deploy/user_secrets.yml', 'w') as fsw:
|
||||
fsw.write(
|
||||
yaml.safe_dump(
|
||||
user_secrets,
|
||||
default_flow_style=False,
|
||||
width=1000
|
||||
)
|
||||
)
|
||||
EOL
|
||||
|
||||
# If monitoring as a service or Rackspace cloud variables are present, rewrite them as rpc-extras.yml
|
||||
if grep -e '^maas_.*' -e '^rackspace_.*' -e '^elasticsearch_.*' -e '^kibana_.*' -e 'logstash_.*' /etc/openstack_deploy/user_variables.yml;then
|
||||
python <<EOL
|
||||
@ -223,38 +260,6 @@ with open('/etc/openstack_deploy/openstack_environment.yml', 'w') as fsw:
|
||||
)
|
||||
EOL
|
||||
|
||||
# If OLD ldap bits found in the user_variables file that pertain to ldap upgrade them to the new syntax.
|
||||
if grep '^keystone_ldap.*' /etc/openstack_deploy/user_variables.yml;then
|
||||
python <<EOL
|
||||
import yaml
|
||||
with open('/etc/openstack_deploy/user_variables.yml', 'r') as f:
|
||||
user_vars = yaml.safe_load(f.read())
|
||||
|
||||
# Grab a map of the old keystone ldap entries
|
||||
new_ldap = dict()
|
||||
for k, v in user_vars.items():
|
||||
if k.startswith('keystone_ldap'):
|
||||
new_ldap['%s' % k.split('keystone_ldap_')[-1]] = v
|
||||
|
||||
# Open user secrets file.
|
||||
with open('/etc/openstack_deploy/user_secrets.yml', 'r') as fsr:
|
||||
user_secrets = yaml.safe_load(fsr.read())
|
||||
|
||||
# LDAP variable to instruct keystone to use ldap
|
||||
ldap = user_secrets['keystone_ldap'] = dict()
|
||||
|
||||
# "ldap" section within the keystone_ldap variable.
|
||||
ldap['ldap'] = new_ldap
|
||||
with open('/etc/openstack_deploy/user_secrets.yml', 'w') as fsw:
|
||||
fsw.write(
|
||||
yaml.safe_dump(
|
||||
user_secrets,
|
||||
default_flow_style=False,
|
||||
width=1000
|
||||
)
|
||||
)
|
||||
EOL
|
||||
|
||||
# Remove old ldap variables from "user_variables.yml".
|
||||
sed -i '/keystone_ldap.*/d' /etc/openstack_deploy/user_variables.yml
|
||||
fi
|
||||
|
Loading…
x
Reference in New Issue
Block a user