From 597afcc48215292ac1c81e519578f3de503a5ae2 Mon Sep 17 00:00:00 2001 From: Przemyslaw Kaminski Date: Wed, 27 May 2015 18:04:31 +0200 Subject: [PATCH 01/12] Glance resource and deployment added --- resources/glance_config/actions/run.yml | 26 +++ resources/glance_config/meta.yaml | 30 +++ .../templates/glance-api-paste.ini | 77 +++++++ .../glance_config/templates/glance-api.conf | 35 +++ .../glance_config/templates/glance-cache.conf | 200 ++++++++++++++++++ .../templates/glance-registry-paste.ini | 30 +++ .../templates/glance-registry.conf | 22 ++ .../templates/glance-scrubber.conf | 108 ++++++++++ resources/glance_config/templates/policy.json | 52 +++++ .../glance_config/templates/schema-image.json | 28 +++ 10 files changed, 608 insertions(+) create mode 100644 resources/glance_config/actions/run.yml create mode 100644 resources/glance_config/meta.yaml create mode 100644 resources/glance_config/templates/glance-api-paste.ini create mode 100644 resources/glance_config/templates/glance-api.conf create mode 100644 resources/glance_config/templates/glance-cache.conf create mode 100644 resources/glance_config/templates/glance-registry-paste.ini create mode 100644 resources/glance_config/templates/glance-registry.conf create mode 100644 resources/glance_config/templates/glance-scrubber.conf create mode 100644 resources/glance_config/templates/policy.json create mode 100644 resources/glance_config/templates/schema-image.json diff --git a/resources/glance_config/actions/run.yml b/resources/glance_config/actions/run.yml new file mode 100644 index 0000000..ceda54e --- /dev/null +++ b/resources/glance_config/actions/run.yml @@ -0,0 +1,26 @@ +- hosts: [{{ ip }}] + sudo: yes + vars: + api_port: {{ api_port }} + registry_port: {{ registry_port }} + keystone_ip: {{ keystone_ip }} + keystone_port: {{ keystone_port }} + config_dir: {src: {{ config_dir.value['src'] }}, dst: {{ config_dir.value['dst'] }}} + tasks: + - file: path={{ config_dir.value['src'] }}/ state=directory + - file: path={{ config_dir.value['src'] }}/glance-api.conf state=touch + - file: path={{ config_dir.value['src'] }}/glance-api-paste.ini state=touch + - file: path={{ config_dir.value['src'] }}/glance-cache.conf state=touch + - file: path={{ config_dir.value['src'] }}/glance-registry.conf state=touch + - file: path={{ config_dir.value['src'] }}/glance-registry-paste.ini state=touch + - file: path={{ config_dir.value['src'] }}/glance-scrubber.conf state=touch + - file: path={{ config_dir.value['src'] }}/policy.json state=touch + - file: path={{ config_dir.value['src'] }}/schema-image.json state=touch + - template: src={{ resource_dir }}/templates/glance-api.conf dest={{ config_dir.value['src'] }}/glance-api.conf + - template: src={{ resource_dir }}/templates/glance-api-paste.ini dest={{ config_dir.value['src'] }}/glance-api-paste.ini + - template: src={{ resource_dir }}/templates/glance-cache.conf dest={{ config_dir.value['src'] }}/glance-cache.conf + - template: src={{ resource_dir }}/templates/glance-registry.conf dest={{ config_dir.value['src'] }}/glance-registry.conf + - template: src={{ resource_dir }}/templates/glance-registry-paste.ini dest={{ config_dir.value['src'] }}/glance-registry-paste.ini + - template: src={{ resource_dir }}/templates/glance-scrubber.conf dest={{ config_dir.value['src'] }}/glance-scrubber.conf + - template: src={{ resource_dir }}/templates/policy.json dest={{ config_dir.value['src'] }}/policy.json + - template: src={{ resource_dir }}/templates/schema-image.json dest={{ config_dir.value['src'] }}/schema-image.json diff --git a/resources/glance_config/meta.yaml b/resources/glance_config/meta.yaml new file mode 100644 index 0000000..439614f --- /dev/null +++ b/resources/glance_config/meta.yaml @@ -0,0 +1,30 @@ +id: glance_config +handler: ansible +version: 1.0.0 +input: + ip: + schema: str! + value: + ssh_user: + schema: str! + value: [] + ssh_key: + schema: str! + value: [] + + config_dir: + schema: {src: str!, dst: str!} + value: {src: /etc/solar/glance, dst: /etc/glance} + api_port: + schema: int! + value: 9292 + registry_port: + schema: int! + value: 9191 + keystone_ip: + schema: str! + value: + keystone_port: + schema: int! + value: 5000 + diff --git a/resources/glance_config/templates/glance-api-paste.ini b/resources/glance_config/templates/glance-api-paste.ini new file mode 100644 index 0000000..86a4cdb --- /dev/null +++ b/resources/glance_config/templates/glance-api-paste.ini @@ -0,0 +1,77 @@ +# Use this pipeline for no auth or image caching - DEFAULT +[pipeline:glance-api] +pipeline = versionnegotiation osprofiler unauthenticated-context rootapp + +# Use this pipeline for image caching and no auth +[pipeline:glance-api-caching] +pipeline = versionnegotiation osprofiler unauthenticated-context cache rootapp + +# Use this pipeline for caching w/ management interface but no auth +[pipeline:glance-api-cachemanagement] +pipeline = versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp + +# Use this pipeline for keystone auth +[pipeline:glance-api-keystone] +pipeline = versionnegotiation osprofiler authtoken context rootapp + +# Use this pipeline for keystone auth with image caching +[pipeline:glance-api-keystone+caching] +pipeline = versionnegotiation osprofiler authtoken context cache rootapp + +# Use this pipeline for keystone auth with caching and cache management +[pipeline:glance-api-keystone+cachemanagement] +pipeline = versionnegotiation osprofiler authtoken context cache cachemanage rootapp + +# Use this pipeline for authZ only. This means that the registry will treat a +# user as authenticated without making requests to keystone to reauthenticate +# the user. +[pipeline:glance-api-trusted-auth] +pipeline = versionnegotiation osprofiler context rootapp + +# Use this pipeline for authZ only. This means that the registry will treat a +# user as authenticated without making requests to keystone to reauthenticate +# the user and uses cache management +[pipeline:glance-api-trusted-auth+cachemanagement] +pipeline = versionnegotiation osprofiler context cache cachemanage rootapp + +[composite:rootapp] +paste.composite_factory = glance.api:root_app_factory +/: apiversions +/v1: apiv1app +/v2: apiv2app + +[app:apiversions] +paste.app_factory = glance.api.versions:create_resource + +[app:apiv1app] +paste.app_factory = glance.api.v1.router:API.factory + +[app:apiv2app] +paste.app_factory = glance.api.v2.router:API.factory + +[filter:versionnegotiation] +paste.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory + +[filter:cache] +paste.filter_factory = glance.api.middleware.cache:CacheFilter.factory + +[filter:cachemanage] +paste.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter.factory + +[filter:context] +paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory + +[filter:unauthenticated-context] +paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory + +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory +delay_auth_decision = true + +[filter:gzip] +paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory + +[filter:osprofiler] +paste.filter_factory = osprofiler.web:WsgiMiddleware.factory +hmac_keys = SECRET_KEY +enabled = yes diff --git a/resources/glance_config/templates/glance-api.conf b/resources/glance_config/templates/glance-api.conf new file mode 100644 index 0000000..928f872 --- /dev/null +++ b/resources/glance_config/templates/glance-api.conf @@ -0,0 +1,35 @@ +[DEFAULT] +default_store = file +bind_host = 0.0.0.0 +bind_port = {{ api_port }} +log_file = /var/log/glance/api.log +backlog = 4096 +registry_host = 0.0.0.0 +registry_port = {{ registry_port }} +registry_client_protocol = http + +delayed_delete = False +scrub_time = 43200 +scrubber_datadir = /var/lib/glance/scrubber +image_cache_dir = /var/lib/glance/image-cache/ + +[database] +connection = mysql://glance:GLANCE_DBPASS@mysql/glance +backend = sqlalchemy + +[keystone_authtoken] +auth_uri = http://{{ keystone_ip }}:{{ keystone_port }}/v2.0 +identity_uri = http://{{ keystone_ip }}:35357 +admin_tenant_name = service +admin_user = glance +admin_password = GLANCE_PASS +revocation_cache_time = 10 + +[paste_deploy] +flavor=keystone+cachemanagement + +[glance_store] +filesystem_store_datadir = /var/lib/glance/images/ +sheepdog_store_address = localhost +sheepdog_store_port = 7000 +sheepdog_store_chunk_size = 64 diff --git a/resources/glance_config/templates/glance-cache.conf b/resources/glance_config/templates/glance-cache.conf new file mode 100644 index 0000000..0246b67 --- /dev/null +++ b/resources/glance_config/templates/glance-cache.conf @@ -0,0 +1,200 @@ +[DEFAULT] +# Show more verbose log output (sets INFO log level output) +#verbose = False + +# Show debugging output in logs (sets DEBUG log level output) +#debug = False + +# Log to this file. Make sure you do not set the same log file for both the API +# and registry servers! +# +# If `log_file` is omitted and `use_syslog` is false, then log messages are +# sent to stdout as a fallback. +log_file = /var/log/glance/image-cache.log + +# Send logs to syslog (/dev/log) instead of to file specified by `log_file` +#use_syslog = False + +# Directory that the Image Cache writes data to +image_cache_dir = /var/lib/glance/image-cache/ + +# Number of seconds after which we should consider an incomplete image to be +# stalled and eligible for reaping +image_cache_stall_time = 86400 + +# Max cache size in bytes +image_cache_max_size = 10737418240 + +# Address to find the registry server +registry_host = 0.0.0.0 + +# Port the registry server is listening on +registry_port = 9191 + +# Auth settings if using Keystone +# auth_url = http://127.0.0.1:5000/v2.0/ +# admin_tenant_name = %SERVICE_TENANT_NAME% +# admin_user = %SERVICE_USER% +# admin_password = %SERVICE_PASSWORD% + +# List of which store classes and store class locations are +# currently known to glance at startup. +# known_stores = glance.store.filesystem.Store, +# glance.store.http.Store, +# glance.store.rbd.Store, +# glance.store.s3.Store, +# glance.store.swift.Store, +# glance.store.sheepdog.Store, +# glance.store.cinder.Store, +# glance.store.vmware_datastore.Store, + +# ============ Filesystem Store Options ======================== + +# Directory that the Filesystem backend store +# writes image data to +filesystem_store_datadir = /var/lib/glance/images/ + +# ============ Swift Store Options ============================= + +# Version of the authentication service to use +# Valid versions are '2' for keystone and '1' for swauth and rackspace +swift_store_auth_version = 2 + +# Address where the Swift authentication service lives +# Valid schemes are 'http://' and 'https://' +# If no scheme specified, default to 'https://' +# For swauth, use something like '127.0.0.1:8080/v1.0/' +swift_store_auth_address = 127.0.0.1:5000/v2.0/ + +# User to authenticate against the Swift authentication service +# If you use Swift authentication service, set it to 'account':'user' +# where 'account' is a Swift storage account and 'user' +# is a user in that account +swift_store_user = jdoe:jdoe + +# Auth key for the user authenticating against the +# Swift authentication service +swift_store_key = a86850deb2742ec3cb41518e26aa2d89 + +# Container within the account that the account should use +# for storing images in Swift +swift_store_container = glance + +# Do we create the container if it does not exist? +swift_store_create_container_on_put = False + +# What size, in MB, should Glance start chunking image files +# and do a large object manifest in Swift? By default, this is +# the maximum object size in Swift, which is 5GB +swift_store_large_object_size = 5120 + +# When doing a large object manifest, what size, in MB, should +# Glance write chunks to Swift? This amount of data is written +# to a temporary disk buffer during the process of chunking +# the image file, and the default is 200MB +swift_store_large_object_chunk_size = 200 + +# Whether to use ServiceNET to communicate with the Swift storage servers. +# (If you aren't RACKSPACE, leave this False!) +# +# To use ServiceNET for authentication, prefix hostname of +# `swift_store_auth_address` with 'snet-'. +# Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/ +swift_enable_snet = False + +# ============ S3 Store Options ============================= + +# Address where the S3 authentication service lives +# Valid schemes are 'http://' and 'https://' +# If no scheme specified, default to 'http://' +s3_store_host = 127.0.0.1:8080/v1.0/ + +# User to authenticate against the S3 authentication service +s3_store_access_key = <20-char AWS access key> + +# Auth key for the user authenticating against the +# S3 authentication service +s3_store_secret_key = <40-char AWS secret key> + +# Container within the account that the account should use +# for storing images in S3. Note that S3 has a flat namespace, +# so you need a unique bucket name for your glance images. An +# easy way to do this is append your AWS access key to "glance". +# S3 buckets in AWS *must* be lowercased, so remember to lowercase +# your AWS access key if you use it in your bucket name below! +s3_store_bucket = glance + +# Do we create the bucket if it does not exist? +s3_store_create_bucket_on_put = False + +# When sending images to S3, the data will first be written to a +# temporary buffer on disk. By default the platform's temporary directory +# will be used. If required, an alternative directory can be specified here. +# s3_store_object_buffer_dir = /path/to/dir + +# ============ Cinder Store Options =========================== + +# Info to match when looking for cinder in the service catalog +# Format is : separated values of the form: +# :: (string value) +#cinder_catalog_info = volume:cinder:publicURL + +# Override service catalog lookup with template for cinder endpoint +# e.g. http://localhost:8776/v1/%(project_id)s (string value) +#cinder_endpoint_template = + +# Region name of this node (string value) +#os_region_name = + +# Location of ca certicates file to use for cinder client requests +# (string value) +#cinder_ca_certificates_file = + +# Number of cinderclient retries on failed http calls (integer value) +#cinder_http_retries = 3 + +# Allow to perform insecure SSL requests to cinder (boolean value) +#cinder_api_insecure = False + +# ============ VMware Datastore Store Options ===================== + +# ESX/ESXi or vCenter Server target system. +# The server value can be an IP address or a DNS name +# e.g. 127.0.0.1, 127.0.0.1:443, www.vmware-infra.com +#vmware_server_host = + +# Server username (string value) +#vmware_server_username = + +# Server password (string value) +#vmware_server_password = + +# Inventory path to a datacenter (string value) +# Value optional when vmware_server_ip is an ESX/ESXi host: if specified +# should be `ha-datacenter`. +#vmware_datacenter_path = + +# Datastore associated with the datacenter (string value) +#vmware_datastore_name = + +# The number of times we retry on failures +# e.g., socket error, etc (integer value) +#vmware_api_retry_count = 10 + +# The interval used for polling remote tasks +# invoked on VMware ESX/VC server in seconds (integer value) +#vmware_task_poll_interval = 5 + +# Absolute path of the folder containing the images in the datastore +# (string value) +#vmware_store_image_dir = /openstack_glance + +# Allow to perform insecure SSL requests to the target system (boolean value) +#vmware_api_insecure = False + +# ================= Security Options ========================== + +# AES key for encrypting store 'location' metadata, including +# -- if used -- Swift or S3 credentials +# Should be set to a random string of length 16, 24 or 32 bytes +# metadata_encryption_key = <16, 24 or 32 char registry metadata key> diff --git a/resources/glance_config/templates/glance-registry-paste.ini b/resources/glance_config/templates/glance-registry-paste.ini new file mode 100644 index 0000000..df403f6 --- /dev/null +++ b/resources/glance_config/templates/glance-registry-paste.ini @@ -0,0 +1,30 @@ +# Use this pipeline for no auth - DEFAULT +[pipeline:glance-registry] +pipeline = osprofiler unauthenticated-context registryapp + +# Use this pipeline for keystone auth +[pipeline:glance-registry-keystone] +pipeline = osprofiler authtoken context registryapp + +# Use this pipeline for authZ only. This means that the registry will treat a +# user as authenticated without making requests to keystone to reauthenticate +# the user. +[pipeline:glance-registry-trusted-auth] +pipeline = osprofiler context registryapp + +[app:registryapp] +paste.app_factory = glance.registry.api:API.factory + +[filter:context] +paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory + +[filter:unauthenticated-context] +paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory + +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory + +[filter:osprofiler] +paste.filter_factory = osprofiler.web:WsgiMiddleware.factory +hmac_keys = SECRET_KEY +enabled = yes diff --git a/resources/glance_config/templates/glance-registry.conf b/resources/glance_config/templates/glance-registry.conf new file mode 100644 index 0000000..d195004 --- /dev/null +++ b/resources/glance_config/templates/glance-registry.conf @@ -0,0 +1,22 @@ +[DEFAULT] +bind_host = 0.0.0.0 +bind_port = 9191 +log_file = /var/log/glance/registry.log +backlog = 4096 +api_limit_max = 1000 +limit_param_default = 25 + +[database] +backend = sqlalchemy +connection = mysql://glance:GLANCE_DBPASS@mysql/glance + +[keystone_authtoken] +auth_uri = http://keystone:5000/v2.0 +identity_uri = http://keystone:35357 +admin_tenant_name = service +admin_user = glance +admin_password = GLANCE_PASS + +[paste_deploy] +flavor=keystone +[profiler] diff --git a/resources/glance_config/templates/glance-scrubber.conf b/resources/glance_config/templates/glance-scrubber.conf new file mode 100644 index 0000000..ecfc7bf --- /dev/null +++ b/resources/glance_config/templates/glance-scrubber.conf @@ -0,0 +1,108 @@ +[DEFAULT] +# Show more verbose log output (sets INFO log level output) +#verbose = False + +# Show debugging output in logs (sets DEBUG log level output) +#debug = False + +# Log to this file. Make sure you do not set the same log file for both the API +# and registry servers! +# +# If `log_file` is omitted and `use_syslog` is false, then log messages are +# sent to stdout as a fallback. +log_file = /var/log/glance/scrubber.log + +# Send logs to syslog (/dev/log) instead of to file specified by `log_file` +#use_syslog = False + +# Should we run our own loop or rely on cron/scheduler to run us +daemon = False + +# Loop time between checking for new items to schedule for delete +wakeup_time = 300 + +# Directory that the scrubber will use to remind itself of what to delete +# Make sure this is also set in glance-api.conf +scrubber_datadir = /var/lib/glance/scrubber + +# Only one server in your deployment should be designated the cleanup host +cleanup_scrubber = False + +# pending_delete items older than this time are candidates for cleanup +cleanup_scrubber_time = 86400 + +# Address to find the registry server for cleanups +registry_host = 0.0.0.0 + +# Port the registry server is listening on +registry_port = 9191 + +# Auth settings if using Keystone +# auth_url = http://127.0.0.1:5000/v2.0/ +# admin_tenant_name = %SERVICE_TENANT_NAME% +# admin_user = %SERVICE_USER% +# admin_password = %SERVICE_PASSWORD% + +# Directory to use for lock files. Default to a temp directory +# (string value). This setting needs to be the same for both +# glance-scrubber and glance-api. +#lock_path= + +# API to use for accessing data. Default value points to sqlalchemy +# package, it is also possible to use: glance.db.registry.api +#data_api = glance.db.sqlalchemy.api + +# ================= Security Options ========================== + +# AES key for encrypting store 'location' metadata, including +# -- if used -- Swift or S3 credentials +# Should be set to a random string of length 16, 24 or 32 bytes +#metadata_encryption_key = <16, 24 or 32 char registry metadata key> + +# ================= Database Options ===============+========== + +[database] + +# The SQLAlchemy connection string used to connect to the +# database (string value) +#connection=sqlite:////glance/openstack/common/db/$sqlite_db + +# The SQLAlchemy connection string used to connect to the +# slave database (string value) +#slave_connection= + +# timeout before idle sql connections are reaped (integer +# value) +#idle_timeout=3600 + +# Minimum number of SQL connections to keep open in a pool +# (integer value) +#min_pool_size=1 + +# Maximum number of SQL connections to keep open in a pool +# (integer value) +#max_pool_size= + +# maximum db connection retries during startup. (setting -1 +# implies an infinite retry count) (integer value) +#max_retries=10 + +# interval between retries of opening a sql connection +# (integer value) +#retry_interval=10 + +# If set, use this value for max_overflow with sqlalchemy +# (integer value) +#max_overflow= + +# Verbosity of SQL debugging information. 0=None, +# 100=Everything (integer value) +#connection_debug=0 + +# Add python stack traces to SQL as comment strings (boolean +# value) +#connection_trace=false + +# If set, use this value for pool_timeout with sqlalchemy +# (integer value) +#pool_timeout= diff --git a/resources/glance_config/templates/policy.json b/resources/glance_config/templates/policy.json new file mode 100644 index 0000000..325f00b --- /dev/null +++ b/resources/glance_config/templates/policy.json @@ -0,0 +1,52 @@ +{ + "context_is_admin": "role:admin", + "default": "", + + "add_image": "", + "delete_image": "", + "get_image": "", + "get_images": "", + "modify_image": "", + "publicize_image": "role:admin", + "copy_from": "", + + "download_image": "", + "upload_image": "", + + "delete_image_location": "", + "get_image_location": "", + "set_image_location": "", + + "add_member": "", + "delete_member": "", + "get_member": "", + "get_members": "", + "modify_member": "", + + "manage_image_cache": "role:admin", + + "get_task": "", + "get_tasks": "", + "add_task": "", + "modify_task": "", + + "get_metadef_namespace": "", + "get_metadef_namespaces":"", + "modify_metadef_namespace":"", + "add_metadef_namespace":"", + + "get_metadef_object":"", + "get_metadef_objects":"", + "modify_metadef_object":"", + "add_metadef_object":"", + + "list_metadef_resource_types":"", + "get_metadef_resource_type":"", + "add_metadef_resource_type_association":"", + + "get_metadef_property":"", + "get_metadef_properties":"", + "modify_metadef_property":"", + "add_metadef_property":"" + +} diff --git a/resources/glance_config/templates/schema-image.json b/resources/glance_config/templates/schema-image.json new file mode 100644 index 0000000..5aafd6b --- /dev/null +++ b/resources/glance_config/templates/schema-image.json @@ -0,0 +1,28 @@ +{ + "kernel_id": { + "type": "string", + "pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$", + "description": "ID of image stored in Glance that should be used as the kernel when booting an AMI-style image." + }, + "ramdisk_id": { + "type": "string", + "pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$", + "description": "ID of image stored in Glance that should be used as the ramdisk when booting an AMI-style image." + }, + "instance_uuid": { + "type": "string", + "description": "ID of instance used to create this image." + }, + "architecture": { + "description": "Operating system architecture as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html", + "type": "string" + }, + "os_distro": { + "description": "Common name of operating system distribution as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html", + "type": "string" + }, + "os_version": { + "description": "Operating system version as specified by the distributor", + "type": "string" + } +} From 72955e1e1d8e100db6ad6caad09ed38de6264ccd Mon Sep 17 00:00:00 2001 From: Przemyslaw Kaminski Date: Thu, 28 May 2015 13:06:45 +0200 Subject: [PATCH 02/12] Glance: add mariadb config --- resources/glance_config/actions/run.yml | 4 ++++ resources/glance_config/meta.yaml | 13 ++++++++++++- .../glance_config/templates/glance-api-paste.ini | 9 +++++++-- resources/glance_config/templates/glance-api.conf | 8 ++++---- .../templates/glance-registry-paste.ini | 7 ++++++- 5 files changed, 33 insertions(+), 8 deletions(-) diff --git a/resources/glance_config/actions/run.yml b/resources/glance_config/actions/run.yml index ceda54e..067392b 100644 --- a/resources/glance_config/actions/run.yml +++ b/resources/glance_config/actions/run.yml @@ -5,6 +5,10 @@ registry_port: {{ registry_port }} keystone_ip: {{ keystone_ip }} keystone_port: {{ keystone_port }} + mysql_ip: {{ mysql_ip }} + mysql_db: {{ mysql_db }} + mysql_user: {{ mysql_user }} + mysql_password: {{ mysql_password }} config_dir: {src: {{ config_dir.value['src'] }}, dst: {{ config_dir.value['dst'] }}} tasks: - file: path={{ config_dir.value['src'] }}/ state=directory diff --git a/resources/glance_config/meta.yaml b/resources/glance_config/meta.yaml index 439614f..2d7f600 100644 --- a/resources/glance_config/meta.yaml +++ b/resources/glance_config/meta.yaml @@ -27,4 +27,15 @@ input: keystone_port: schema: int! value: 5000 - + mysql_ip: + schema: str! + value: + mysql_db: + schema: str! + value: + mysql_user: + schema: str! + value: + mysql_password: + schema: str! + value: diff --git a/resources/glance_config/templates/glance-api-paste.ini b/resources/glance_config/templates/glance-api-paste.ini index 86a4cdb..f701b5d 100644 --- a/resources/glance_config/templates/glance-api-paste.ini +++ b/resources/glance_config/templates/glance-api-paste.ini @@ -1,6 +1,7 @@ # Use this pipeline for no auth or image caching - DEFAULT [pipeline:glance-api] -pipeline = versionnegotiation osprofiler unauthenticated-context rootapp +#pipeline = versionnegotiation osprofiler unauthenticated-context rootapp +pipeline = versionnegotiation authtoken context appv1app # Use this pipeline for image caching and no auth [pipeline:glance-api-caching] @@ -66,7 +67,11 @@ paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddl [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory -delay_auth_decision = true +identity_uri = http://{{ keystone_ip }}:35357 +admin_user = glance_admin +admin_tenant_name = service_admins +admin_password = password1234 +#delay_auth_decision = true [filter:gzip] paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory diff --git a/resources/glance_config/templates/glance-api.conf b/resources/glance_config/templates/glance-api.conf index 928f872..5199d69 100644 --- a/resources/glance_config/templates/glance-api.conf +++ b/resources/glance_config/templates/glance-api.conf @@ -14,15 +14,15 @@ scrubber_datadir = /var/lib/glance/scrubber image_cache_dir = /var/lib/glance/image-cache/ [database] -connection = mysql://glance:GLANCE_DBPASS@mysql/glance +connection = mysql://{{ mysql_user }}:{{ mysql_password }}@{{ mysql_ip }}/{{ mysql_db }} backend = sqlalchemy [keystone_authtoken] auth_uri = http://{{ keystone_ip }}:{{ keystone_port }}/v2.0 identity_uri = http://{{ keystone_ip }}:35357 -admin_tenant_name = service -admin_user = glance -admin_password = GLANCE_PASS +admin_tenant_name = service_admins +admin_user = glance_admin +admin_password = password1234 revocation_cache_time = 10 [paste_deploy] diff --git a/resources/glance_config/templates/glance-registry-paste.ini b/resources/glance_config/templates/glance-registry-paste.ini index df403f6..9d93990 100644 --- a/resources/glance_config/templates/glance-registry-paste.ini +++ b/resources/glance_config/templates/glance-registry-paste.ini @@ -1,6 +1,7 @@ # Use this pipeline for no auth - DEFAULT [pipeline:glance-registry] -pipeline = osprofiler unauthenticated-context registryapp +#pipeline = osprofiler unauthenticated-context registryapp +pipeline = authtoke context registryapp # Use this pipeline for keystone auth [pipeline:glance-registry-keystone] @@ -23,6 +24,10 @@ paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddl [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory +identity_uri = http://{{ keystone_ip }}:35357 +admin_user = glance_admin +admin_tenant_name = service_admins +admin_password = password1234 [filter:osprofiler] paste.filter_factory = osprofiler.web:WsgiMiddleware.factory From 3735865f6b4d885668322ae2dea2cebc23191b96 Mon Sep 17 00:00:00 2001 From: Przemyslaw Kaminski Date: Thu, 28 May 2015 13:27:33 +0200 Subject: [PATCH 03/12] Glance /v2/images GET works now with glance_admin token --- resources/glance_config/actions/run.yml | 3 +++ resources/glance_config/meta.yaml | 9 +++++++++ .../glance_config/templates/glance-api-paste.ini | 6 +++--- resources/glance_config/templates/glance-api.conf | 6 +++--- .../templates/glance-registry-paste.ini | 6 +++--- .../glance_config/templates/glance-registry.conf | 12 ++++++------ 6 files changed, 27 insertions(+), 15 deletions(-) diff --git a/resources/glance_config/actions/run.yml b/resources/glance_config/actions/run.yml index 067392b..99debf0 100644 --- a/resources/glance_config/actions/run.yml +++ b/resources/glance_config/actions/run.yml @@ -5,6 +5,9 @@ registry_port: {{ registry_port }} keystone_ip: {{ keystone_ip }} keystone_port: {{ keystone_port }} + keystone_admin_user: {{ keystone_admin_user }} + keystone_admin_password: {{ keystone_admin_password }} + keystone_admin_tenant: {{ keystone_admin_tenant }} mysql_ip: {{ mysql_ip }} mysql_db: {{ mysql_db }} mysql_user: {{ mysql_user }} diff --git a/resources/glance_config/meta.yaml b/resources/glance_config/meta.yaml index 2d7f600..a52c6ae 100644 --- a/resources/glance_config/meta.yaml +++ b/resources/glance_config/meta.yaml @@ -27,6 +27,15 @@ input: keystone_port: schema: int! value: 5000 + keystone_admin_user: + schema: str! + value: glance_admin + keystone_admin_password: + schema: str! + value: password1234 + keystone_admin_tenant: + schema: str! + value: service_admins mysql_ip: schema: str! value: diff --git a/resources/glance_config/templates/glance-api-paste.ini b/resources/glance_config/templates/glance-api-paste.ini index f701b5d..ad2c8b5 100644 --- a/resources/glance_config/templates/glance-api-paste.ini +++ b/resources/glance_config/templates/glance-api-paste.ini @@ -68,9 +68,9 @@ paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddl [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory identity_uri = http://{{ keystone_ip }}:35357 -admin_user = glance_admin -admin_tenant_name = service_admins -admin_password = password1234 +admin_user = {{ keystone_admin_user }} +admin_tenant_name = {{ keystone_admin_tenant }} +admin_password = {{ keystone_admin_password }} #delay_auth_decision = true [filter:gzip] diff --git a/resources/glance_config/templates/glance-api.conf b/resources/glance_config/templates/glance-api.conf index 5199d69..70e508b 100644 --- a/resources/glance_config/templates/glance-api.conf +++ b/resources/glance_config/templates/glance-api.conf @@ -20,9 +20,9 @@ backend = sqlalchemy [keystone_authtoken] auth_uri = http://{{ keystone_ip }}:{{ keystone_port }}/v2.0 identity_uri = http://{{ keystone_ip }}:35357 -admin_tenant_name = service_admins -admin_user = glance_admin -admin_password = password1234 +admin_tenant_name = {{ keystone_admin_tenant }} +admin_user = {{ keystone_admin_user }} +admin_password = {{ keystone_admin_password }} revocation_cache_time = 10 [paste_deploy] diff --git a/resources/glance_config/templates/glance-registry-paste.ini b/resources/glance_config/templates/glance-registry-paste.ini index 9d93990..d46db77 100644 --- a/resources/glance_config/templates/glance-registry-paste.ini +++ b/resources/glance_config/templates/glance-registry-paste.ini @@ -25,9 +25,9 @@ paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddl [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory identity_uri = http://{{ keystone_ip }}:35357 -admin_user = glance_admin -admin_tenant_name = service_admins -admin_password = password1234 +admin_user = {{ keystone_admin_user }} +admin_tenant_name = {{ keystone_admin_tenant }} +admin_password = {{ keystone_admin_password }} [filter:osprofiler] paste.filter_factory = osprofiler.web:WsgiMiddleware.factory diff --git a/resources/glance_config/templates/glance-registry.conf b/resources/glance_config/templates/glance-registry.conf index d195004..c55bc7a 100644 --- a/resources/glance_config/templates/glance-registry.conf +++ b/resources/glance_config/templates/glance-registry.conf @@ -8,14 +8,14 @@ limit_param_default = 25 [database] backend = sqlalchemy -connection = mysql://glance:GLANCE_DBPASS@mysql/glance +connection = mysql://{{ mysql_user }}:{{ mysql_password }}@{{ mysql_ip }}/{{ mysql_db }} [keystone_authtoken] -auth_uri = http://keystone:5000/v2.0 -identity_uri = http://keystone:35357 -admin_tenant_name = service -admin_user = glance -admin_password = GLANCE_PASS +auth_uri = http://{{ keystone_ip }}:{{ keystone_port }}/v2.0 +identity_uri = http://{{ keystone_ip }}:35357 +admin_tenant_name = {{ keystone_admin_tenant }} +admin_user = {{ keystone_admin_user }} +admin_password = {{ keystone_admin_password }} [paste_deploy] flavor=keystone From d2e303579ee78d20b7cd105a3e1456a42159148e Mon Sep 17 00:00:00 2001 From: Przemyslaw Kaminski Date: Thu, 28 May 2015 14:00:48 +0200 Subject: [PATCH 04/12] Keystone Glance script, should be later moved to some other resource --- resources/glance_config/keystone-glance.sh | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 resources/glance_config/keystone-glance.sh diff --git a/resources/glance_config/keystone-glance.sh b/resources/glance_config/keystone-glance.sh new file mode 100644 index 0000000..a495b3e --- /dev/null +++ b/resources/glance_config/keystone-glance.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +export OS_SERVICE_TOKEN=admin +export OS_SERVICE_ENDPOINT=http://localhost:35357/v2.0 + +keystone tenant-create --name=service_admins +keystone user-create --name=glance_admin --password=passsword1234 +keystone role-create --name=service_role +keystone user-role-add --user=glance_admin --tenant=service_admins --role=service_role From 35d6d0d1d690ed682e302478538b0de81431edc4 Mon Sep 17 00:00:00 2001 From: Przemyslaw Kaminski Date: Thu, 28 May 2015 15:17:25 +0200 Subject: [PATCH 05/12] Added glance keystone user resource instance --- resources/glance_config/keystone-glance.sh | 9 --------- resources/keystone_user/actions/run.yml | 4 ++-- resources/keystone_user/meta.yaml | 2 +- 3 files changed, 3 insertions(+), 12 deletions(-) delete mode 100644 resources/glance_config/keystone-glance.sh diff --git a/resources/glance_config/keystone-glance.sh b/resources/glance_config/keystone-glance.sh deleted file mode 100644 index a495b3e..0000000 --- a/resources/glance_config/keystone-glance.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash - -export OS_SERVICE_TOKEN=admin -export OS_SERVICE_ENDPOINT=http://localhost:35357/v2.0 - -keystone tenant-create --name=service_admins -keystone user-create --name=glance_admin --password=passsword1234 -keystone role-create --name=service_role -keystone user-role-add --user=glance_admin --tenant=service_admins --role=service_role diff --git a/resources/keystone_user/actions/run.yml b/resources/keystone_user/actions/run.yml index 1a7a546..c706399 100644 --- a/resources/keystone_user/actions/run.yml +++ b/resources/keystone_user/actions/run.yml @@ -2,5 +2,5 @@ sudo: yes tasks: - name: keystone user - - keystone_user: endpoint=http://{keystone_host}}:{{keystone_port}}/v2.0/ tenant={{tenant_name}} state=present - - keystone_user: endpoint=http://{keystone_host}}:{{keystone_port}}/v2.0/ user={{user_name}} password={{user_password}} tenant={{tenant_name}} state=present + - keystone_user: endpoint=http://{{ keystone_host }}:{{ keystone_port }}/v2.0/ tenant={{ tenant_name }} token={{ login_token }} state=present + - keystone_user: endpoint=http://{{ keystone_host }}:{{ keystone_port }}/v2.0/ user={{ user_name }} password={{ user_password }} tenant={{ tenant_name }} token={{ login_token }} state=present diff --git a/resources/keystone_user/meta.yaml b/resources/keystone_user/meta.yaml index 971469f..8c9ffb1 100644 --- a/resources/keystone_user/meta.yaml +++ b/resources/keystone_user/meta.yaml @@ -9,7 +9,7 @@ input: schema: int! value: login_user: - schema: str! + schema: str value: login_token: schema: str! From e7b78c08a252522a0946423859842a923302b63d Mon Sep 17 00:00:00 2001 From: Przemyslaw Kaminski Date: Fri, 29 May 2015 16:13:54 +0200 Subject: [PATCH 06/12] Glance: more configs, keystone_user fix --- resources/glance_config/actions/run.yml | 2 ++ resources/glance_config/templates/exports | 4 ++++ resources/keystone_config/actions/run.yml | 3 +++ resources/keystone_config/templates/exports | 2 ++ resources/keystone_user/actions/run.yml | 9 +++++++-- resources/keystone_user/meta.yaml | 5 ++++- resources/mariadb_service/actions/run.yml | 5 +++++ 7 files changed, 27 insertions(+), 3 deletions(-) create mode 100644 resources/glance_config/templates/exports create mode 100644 resources/keystone_config/templates/exports diff --git a/resources/glance_config/actions/run.yml b/resources/glance_config/actions/run.yml index 99debf0..9fa7207 100644 --- a/resources/glance_config/actions/run.yml +++ b/resources/glance_config/actions/run.yml @@ -23,6 +23,7 @@ - file: path={{ config_dir.value['src'] }}/glance-scrubber.conf state=touch - file: path={{ config_dir.value['src'] }}/policy.json state=touch - file: path={{ config_dir.value['src'] }}/schema-image.json state=touch + - file: path={{ config_dir.value['src'] }}/exports state=touch - template: src={{ resource_dir }}/templates/glance-api.conf dest={{ config_dir.value['src'] }}/glance-api.conf - template: src={{ resource_dir }}/templates/glance-api-paste.ini dest={{ config_dir.value['src'] }}/glance-api-paste.ini - template: src={{ resource_dir }}/templates/glance-cache.conf dest={{ config_dir.value['src'] }}/glance-cache.conf @@ -31,3 +32,4 @@ - template: src={{ resource_dir }}/templates/glance-scrubber.conf dest={{ config_dir.value['src'] }}/glance-scrubber.conf - template: src={{ resource_dir }}/templates/policy.json dest={{ config_dir.value['src'] }}/policy.json - template: src={{ resource_dir }}/templates/schema-image.json dest={{ config_dir.value['src'] }}/schema-image.json + - template: src={{ resource_dir }}/templates/exports dest={{ config_dir.value['src'] }}/glance-export diff --git a/resources/glance_config/templates/exports b/resources/glance_config/templates/exports new file mode 100644 index 0000000..c617e27 --- /dev/null +++ b/resources/glance_config/templates/exports @@ -0,0 +1,4 @@ +export OS_TENANT_NAME={{ keystone_admin_tenant }} +export OS_USERNAME={{ keystone_admin_user }} +export OS_PASSWORD={{ keystone_admin_password }} +export OS_AUTH_URL=http://{{ keystone_ip }}:35357/v2.0 \ No newline at end of file diff --git a/resources/keystone_config/actions/run.yml b/resources/keystone_config/actions/run.yml index e24d0fa..ad457c5 100644 --- a/resources/keystone_config/actions/run.yml +++ b/resources/keystone_config/actions/run.yml @@ -2,6 +2,8 @@ sudo: yes vars: admin_token: {{admin_token}} + keystone_host: {{ ip }} + keystone_port: {{ port }} db_user: {{db_user}} db_password: {{db_password}} db_host: {{db_host}} @@ -12,3 +14,4 @@ - template: src={{resource_dir}}/templates/default_catalog.templates dest={{config_dir}}/default_catalog.templates - template: src={{resource_dir}}/templates/logging.conf dest={{config_dir}}/logging.conf - template: src={{resource_dir}}/templates/policy.json dest={{config_dir}}/policy.json + - template: src={{resource_dir}}/templates/exports dest={{ config_dir }}/keystone-exports diff --git a/resources/keystone_config/templates/exports b/resources/keystone_config/templates/exports new file mode 100644 index 0000000..cc3a1c1 --- /dev/null +++ b/resources/keystone_config/templates/exports @@ -0,0 +1,2 @@ +export OS_SERVICE_ENDPOINT=http://localhost:35357/v2.0/ +export OS_SERVICE_TOKEN={{ admin_token }} diff --git a/resources/keystone_user/actions/run.yml b/resources/keystone_user/actions/run.yml index c706399..7a861d7 100644 --- a/resources/keystone_user/actions/run.yml +++ b/resources/keystone_user/actions/run.yml @@ -1,6 +1,11 @@ - hosts: [{{ ip }}] sudo: yes tasks: + - name: install python-keystoneclient + shell: pip install python-keystoneclient + - name: keystone tenant + keystone_user: endpoint=http://localhost:35357/v2.0/ tenant={{ tenant_name }} token={{ login_token }} state=present - name: keystone user - - keystone_user: endpoint=http://{{ keystone_host }}:{{ keystone_port }}/v2.0/ tenant={{ tenant_name }} token={{ login_token }} state=present - - keystone_user: endpoint=http://{{ keystone_host }}:{{ keystone_port }}/v2.0/ user={{ user_name }} password={{ user_password }} tenant={{ tenant_name }} token={{ login_token }} state=present + keystone_user: endpoint=http://localhost:35357/v2.0/ user={{ user_name }} password={{ user_password }} tenant={{ tenant_name }} token={{ login_token }} state=present + - name: keystone role + keystone_user: endpoint=http://localhost:35357/v2.0/ role={{ role_name }} user={{ user_name }} tenant={{ tenant_name }} token={{ login_token }} state=present diff --git a/resources/keystone_user/meta.yaml b/resources/keystone_user/meta.yaml index 8c9ffb1..07d445a 100644 --- a/resources/keystone_user/meta.yaml +++ b/resources/keystone_user/meta.yaml @@ -5,7 +5,7 @@ input: keystone_host: schema: str! value: - keystone_port: + keystone_admin_port: schema: int! value: login_user: @@ -14,6 +14,9 @@ input: login_token: schema: str! value: + role_name: + schema: str! + value: user_name: schema: str! value: diff --git a/resources/mariadb_service/actions/run.yml b/resources/mariadb_service/actions/run.yml index b1e9d87..3be093d 100644 --- a/resources/mariadb_service/actions/run.yml +++ b/resources/mariadb_service/actions/run.yml @@ -10,3 +10,8 @@ - {{ port }}:3306 env: MYSQL_ROOT_PASSWORD: {{ root_password }} + - shell: docker exec -t {{ name }} mysql -p{{ root_password }} -uroot -e "select 1" + register: result + until: result.rc == 0 + retries: 10 + delay: 0.5 From 61fb4c7dddbde715354881fcbd9507757a8435fb Mon Sep 17 00:00:00 2001 From: Przemyslaw Kaminski Date: Mon, 1 Jun 2015 12:16:10 +0200 Subject: [PATCH 07/12] Fixes to example.py and Vagrantfile --- resources/mariadb_service/actions/run.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/mariadb_service/actions/run.yml b/resources/mariadb_service/actions/run.yml index 3be093d..089b66a 100644 --- a/resources/mariadb_service/actions/run.yml +++ b/resources/mariadb_service/actions/run.yml @@ -13,5 +13,5 @@ - shell: docker exec -t {{ name }} mysql -p{{ root_password }} -uroot -e "select 1" register: result until: result.rc == 0 - retries: 10 + retries: 20 delay: 0.5 From f92155c9ff6347db1ca203b8eb3d41cb8882876c Mon Sep 17 00:00:00 2001 From: Przemyslaw Kaminski Date: Mon, 1 Jun 2015 14:06:36 +0200 Subject: [PATCH 08/12] Glance docker container is up But for some reason docker ports aren't exposed --- resources/docker_container/meta.yaml | 4 +-- resources/glance_config/meta.yaml | 4 +-- resources/glance_service/actions/remove.yml | 6 ++++ resources/glance_service/actions/run.yml | 33 +++++++++++++++++ resources/glance_service/meta.yaml | 40 +++++++++++++++++++++ resources/mariadb_service/actions/run.yml | 2 +- 6 files changed, 84 insertions(+), 5 deletions(-) create mode 100644 resources/glance_service/actions/remove.yml create mode 100644 resources/glance_service/actions/run.yml create mode 100644 resources/glance_service/meta.yaml diff --git a/resources/docker_container/meta.yaml b/resources/docker_container/meta.yaml index 9808149..76a2560 100644 --- a/resources/docker_container/meta.yaml +++ b/resources/docker_container/meta.yaml @@ -12,10 +12,10 @@ input: schema: [{value: [{value: int}]}] value: [] host_binds: - schema: [{value: {src: str, dst: str}}] + schema: [{value: {src: str, dst: str, mode: str}}] value: [] volume_binds: - schema: [{src: str, dst: str}] + schema: [{src: str, dst: str, mode: str}] value: [] ssh_user: schema: str! diff --git a/resources/glance_config/meta.yaml b/resources/glance_config/meta.yaml index a52c6ae..01f6638 100644 --- a/resources/glance_config/meta.yaml +++ b/resources/glance_config/meta.yaml @@ -13,8 +13,8 @@ input: value: [] config_dir: - schema: {src: str!, dst: str!} - value: {src: /etc/solar/glance, dst: /etc/glance} + schema: {src: str!, dst: str!, mode: str} + value: {src: /etc/solar/glance, dst: /etc/glance, mode: rw} api_port: schema: int! value: 9292 diff --git a/resources/glance_service/actions/remove.yml b/resources/glance_service/actions/remove.yml new file mode 100644 index 0000000..d3c3149 --- /dev/null +++ b/resources/glance_service/actions/remove.yml @@ -0,0 +1,6 @@ + +- hosts: [{{ ip }}] + sudo: yes + tasks: + - shell: docker stop {{ name }} + - shell: docker rm {{ name }} diff --git a/resources/glance_service/actions/run.yml b/resources/glance_service/actions/run.yml new file mode 100644 index 0000000..fa36528 --- /dev/null +++ b/resources/glance_service/actions/run.yml @@ -0,0 +1,33 @@ + +- hosts: [{{ ip }}] + sudo: yes + tasks: + - docker: + name: {{ name }} + image: {{ image }} + state: running + net: host + {% if ports.value %} + ports: + {% for port in ports.value %} + {% for p in port['value'] %} + - {{ p['value'] }}:{{ p['value'] }} + {% endfor %} + {% endfor %} + {% endif %} + {% if host_binds.value %} + volumes: + # TODO: host_binds might need more work + # Currently it's not that trivial to pass custom src: dst here + # (when a config variable is passed here from other resource) + # so we mount it to the same directory as on host + {% for bind in host_binds.value %} + - {{ bind['value']['src'] }}:{{ bind['value']['dst'] }}:{{ bind['value'].get('mode', 'ro') }} + {% endfor %} + {% endif %} + env: + GLANCE_DB_PASSWORD: {{ db_password }} + GLANCE_KEYSTONE_PASSWORD: {{ keystone_password }} + KEYSTONE_ADMIN_SERVICE_HOST: {{ keystone_host }} + KEYSTONE_ADMIN_TOKEN: {{ keystone_admin_token }} + KEYSTONE_PUBLIC_SERVICE_HOST: {{ keystone_host }} diff --git a/resources/glance_service/meta.yaml b/resources/glance_service/meta.yaml new file mode 100644 index 0000000..f1f06b6 --- /dev/null +++ b/resources/glance_service/meta.yaml @@ -0,0 +1,40 @@ +id: container +handler: ansible +version: 1.0.0 +input: + ip: + schema: str! + value: + image: + schema: str! + value: + ports: + schema: [{value: [{value: int}]}] + value: [] + host_binds: + schema: [{value: {src: str, dst: str, mode: str}}] + value: [] + volume_binds: + schema: [{src: str, dst: str, mode: str}] + value: [] + ssh_user: + schema: str! + value: [] + ssh_key: + schema: str! + value: [] + + db_password: + schema: str! + value: + keystone_admin_token: + schema: str! + value: + keystone_password: + schema: str! + value: + keystone_host: + schema: str! + value: + +tags: [resource/container] diff --git a/resources/mariadb_service/actions/run.yml b/resources/mariadb_service/actions/run.yml index 089b66a..08fa7cd 100644 --- a/resources/mariadb_service/actions/run.yml +++ b/resources/mariadb_service/actions/run.yml @@ -9,7 +9,7 @@ ports: - {{ port }}:3306 env: - MYSQL_ROOT_PASSWORD: {{ root_password }} + MYSQL_ROOT_PASSWORD: {{ root_password }} - shell: docker exec -t {{ name }} mysql -p{{ root_password }} -uroot -e "select 1" register: result until: result.rc == 0 From 0e8235a9bd4cb287cfd1aba41437c7ee2935d265 Mon Sep 17 00:00:00 2001 From: Przemyslaw Kaminski Date: Mon, 1 Jun 2015 14:35:06 +0200 Subject: [PATCH 09/12] Move glance_service to glance_api_service resource --- .../{glance_service => glance_api_service}/actions/remove.yml | 0 resources/{glance_service => glance_api_service}/actions/run.yml | 0 resources/{glance_service => glance_api_service}/meta.yaml | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename resources/{glance_service => glance_api_service}/actions/remove.yml (100%) rename resources/{glance_service => glance_api_service}/actions/run.yml (100%) rename resources/{glance_service => glance_api_service}/meta.yaml (100%) diff --git a/resources/glance_service/actions/remove.yml b/resources/glance_api_service/actions/remove.yml similarity index 100% rename from resources/glance_service/actions/remove.yml rename to resources/glance_api_service/actions/remove.yml diff --git a/resources/glance_service/actions/run.yml b/resources/glance_api_service/actions/run.yml similarity index 100% rename from resources/glance_service/actions/run.yml rename to resources/glance_api_service/actions/run.yml diff --git a/resources/glance_service/meta.yaml b/resources/glance_api_service/meta.yaml similarity index 100% rename from resources/glance_service/meta.yaml rename to resources/glance_api_service/meta.yaml From 4dfeb8ed44cf37ad7847ab3be3095546b2106c9a Mon Sep 17 00:00:00 2001 From: Przemyslaw Kaminski Date: Mon, 1 Jun 2015 15:05:49 +0200 Subject: [PATCH 10/12] glance_registry_service works --- .../actions/remove.yml | 6 +++ .../glance_registry_service/actions/run.yml | 37 +++++++++++++ resources/glance_registry_service/meta.yaml | 52 +++++++++++++++++++ 3 files changed, 95 insertions(+) create mode 100644 resources/glance_registry_service/actions/remove.yml create mode 100644 resources/glance_registry_service/actions/run.yml create mode 100644 resources/glance_registry_service/meta.yaml diff --git a/resources/glance_registry_service/actions/remove.yml b/resources/glance_registry_service/actions/remove.yml new file mode 100644 index 0000000..d3c3149 --- /dev/null +++ b/resources/glance_registry_service/actions/remove.yml @@ -0,0 +1,6 @@ + +- hosts: [{{ ip }}] + sudo: yes + tasks: + - shell: docker stop {{ name }} + - shell: docker rm {{ name }} diff --git a/resources/glance_registry_service/actions/run.yml b/resources/glance_registry_service/actions/run.yml new file mode 100644 index 0000000..52c68ee --- /dev/null +++ b/resources/glance_registry_service/actions/run.yml @@ -0,0 +1,37 @@ + +- hosts: [{{ ip }}] + sudo: yes + tasks: + - docker: + name: {{ name }} + image: {{ image }} + state: running + net: host + {% if ports.value %} + ports: + {% for port in ports.value %} + {% for p in port['value'] %} + - {{ p['value'] }}:{{ p['value'] }} + {% endfor %} + {% endfor %} + {% endif %} + {% if host_binds.value %} + volumes: + # TODO: host_binds might need more work + # Currently it's not that trivial to pass custom src: dst here + # (when a config variable is passed here from other resource) + # so we mount it to the same directory as on host + {% for bind in host_binds.value %} + - {{ bind['value']['src'] }}:{{ bind['value']['dst'] }}:{{ bind['value'].get('mode', 'ro') }} + {% endfor %} + {% endif %} + env: + DB_ROOT_PASSWORD: {{ db_root_password }} + GLANCE_DB_PASSWORD: {{ db_password }} + GLANCE_DB_NAME: {{ db_name }} + GLANCE_DB_USER: {{ db_user }} + GLANCE_KEYSTONE_PASSWORD: {{ keystone_password }} + KEYSTONE_ADMIN_SERVICE_HOST: {{ keystone_host }} + KEYSTONE_ADMIN_TOKEN: {{ keystone_admin_token }} + KEYSTONE_PUBLIC_SERVICE_HOST: {{ keystone_host }} + MARIADB_SERVICE_HOST: {{ db_host }} diff --git a/resources/glance_registry_service/meta.yaml b/resources/glance_registry_service/meta.yaml new file mode 100644 index 0000000..4b51f07 --- /dev/null +++ b/resources/glance_registry_service/meta.yaml @@ -0,0 +1,52 @@ +id: container +handler: ansible +version: 1.0.0 +input: + ip: + schema: str! + value: + image: + schema: str! + value: + ports: + schema: [{value: [{value: int}]}] + value: [] + host_binds: + schema: [{value: {src: str, dst: str, mode: str}}] + value: [] + volume_binds: + schema: [{src: str, dst: str, mode: str}] + value: [] + ssh_user: + schema: str! + value: [] + ssh_key: + schema: str! + value: [] + + db_host: + schema: str! + value: + db_root_password: + schema: str! + value: + db_name: + schema: str! + value: + db_password: + schema: str! + value: + db_user: + schema: str! + value: + keystone_admin_token: + schema: str! + value: + keystone_password: + schema: str! + value: + keystone_host: + schema: str! + value: + +tags: [resource/container] From f44b7af126b88c01aaa429ed508b12003cb9cd4e Mon Sep 17 00:00:00 2001 From: Przemyslaw Kaminski Date: Mon, 1 Jun 2015 16:12:11 +0200 Subject: [PATCH 11/12] glance: registry & api fixes --- resources/glance_api_service/actions/run.yml | 7 +------ resources/glance_config/actions/remove.yml | 5 +++++ resources/glance_registry_service/actions/run.yml | 11 +---------- resources/glance_registry_service/meta.yaml | 6 ++++++ 4 files changed, 13 insertions(+), 16 deletions(-) create mode 100644 resources/glance_config/actions/remove.yml diff --git a/resources/glance_api_service/actions/run.yml b/resources/glance_api_service/actions/run.yml index fa36528..567748b 100644 --- a/resources/glance_api_service/actions/run.yml +++ b/resources/glance_api_service/actions/run.yml @@ -3,6 +3,7 @@ sudo: yes tasks: - docker: + command: /bin/bash -c "glance-manage db_sync && /usr/bin/glance-api" name: {{ name }} image: {{ image }} state: running @@ -25,9 +26,3 @@ - {{ bind['value']['src'] }}:{{ bind['value']['dst'] }}:{{ bind['value'].get('mode', 'ro') }} {% endfor %} {% endif %} - env: - GLANCE_DB_PASSWORD: {{ db_password }} - GLANCE_KEYSTONE_PASSWORD: {{ keystone_password }} - KEYSTONE_ADMIN_SERVICE_HOST: {{ keystone_host }} - KEYSTONE_ADMIN_TOKEN: {{ keystone_admin_token }} - KEYSTONE_PUBLIC_SERVICE_HOST: {{ keystone_host }} diff --git a/resources/glance_config/actions/remove.yml b/resources/glance_config/actions/remove.yml new file mode 100644 index 0000000..a0a79ad --- /dev/null +++ b/resources/glance_config/actions/remove.yml @@ -0,0 +1,5 @@ + +- hosts: [{{ ip }}] + sudo: yes + tasks: + - shell: echo 'removed' diff --git a/resources/glance_registry_service/actions/run.yml b/resources/glance_registry_service/actions/run.yml index 52c68ee..0235203 100644 --- a/resources/glance_registry_service/actions/run.yml +++ b/resources/glance_registry_service/actions/run.yml @@ -3,6 +3,7 @@ sudo: yes tasks: - docker: + command: /bin/bash -c "glance-manage db_sync && /usr/bin/keystone-registry" name: {{ name }} image: {{ image }} state: running @@ -25,13 +26,3 @@ - {{ bind['value']['src'] }}:{{ bind['value']['dst'] }}:{{ bind['value'].get('mode', 'ro') }} {% endfor %} {% endif %} - env: - DB_ROOT_PASSWORD: {{ db_root_password }} - GLANCE_DB_PASSWORD: {{ db_password }} - GLANCE_DB_NAME: {{ db_name }} - GLANCE_DB_USER: {{ db_user }} - GLANCE_KEYSTONE_PASSWORD: {{ keystone_password }} - KEYSTONE_ADMIN_SERVICE_HOST: {{ keystone_host }} - KEYSTONE_ADMIN_TOKEN: {{ keystone_admin_token }} - KEYSTONE_PUBLIC_SERVICE_HOST: {{ keystone_host }} - MARIADB_SERVICE_HOST: {{ db_host }} diff --git a/resources/glance_registry_service/meta.yaml b/resources/glance_registry_service/meta.yaml index 4b51f07..4173432 100644 --- a/resources/glance_registry_service/meta.yaml +++ b/resources/glance_registry_service/meta.yaml @@ -42,6 +42,12 @@ input: keystone_admin_token: schema: str! value: + keystone_admin_tenant: + schema: str! + value: + keystone_user: + schema: str! + value: keystone_password: schema: str! value: From abcd27d065a6d736b52f188b46b581022a7a32f2 Mon Sep 17 00:00:00 2001 From: Przemyslaw Kaminski Date: Mon, 1 Jun 2015 19:05:53 +0200 Subject: [PATCH 12/12] Glance registry finally working --- resources/glance_config/actions/run.yml | 1 + resources/glance_config/meta.yaml | 3 +++ resources/glance_config/templates/exports | 2 +- resources/glance_config/templates/glance-api-paste.ini | 2 +- resources/glance_config/templates/glance-api.conf | 4 ++-- resources/glance_config/templates/glance-registry-paste.ini | 2 +- resources/glance_config/templates/glance-registry.conf | 4 ++-- resources/glance_registry_service/actions/run.yml | 3 ++- resources/keystone_role/actions/run.yml | 2 ++ resources/keystone_service_endpoint/actions/remove.yaml | 4 ++++ resources/keystone_tenant/actions/run.yml | 2 ++ resources/keystone_user/actions/run.yml | 1 + resources/keystone_user/meta.yaml | 5 +---- 13 files changed, 23 insertions(+), 12 deletions(-) diff --git a/resources/glance_config/actions/run.yml b/resources/glance_config/actions/run.yml index 9fa7207..b119575 100644 --- a/resources/glance_config/actions/run.yml +++ b/resources/glance_config/actions/run.yml @@ -7,6 +7,7 @@ keystone_port: {{ keystone_port }} keystone_admin_user: {{ keystone_admin_user }} keystone_admin_password: {{ keystone_admin_password }} + keystone_admin_port: {{ keystone_admin_port }} keystone_admin_tenant: {{ keystone_admin_tenant }} mysql_ip: {{ mysql_ip }} mysql_db: {{ mysql_db }} diff --git a/resources/glance_config/meta.yaml b/resources/glance_config/meta.yaml index 01f6638..d2a4c94 100644 --- a/resources/glance_config/meta.yaml +++ b/resources/glance_config/meta.yaml @@ -33,6 +33,9 @@ input: keystone_admin_password: schema: str! value: password1234 + keystone_admin_port: + schema: int! + value: keystone_admin_tenant: schema: str! value: service_admins diff --git a/resources/glance_config/templates/exports b/resources/glance_config/templates/exports index c617e27..d9d35bc 100644 --- a/resources/glance_config/templates/exports +++ b/resources/glance_config/templates/exports @@ -1,4 +1,4 @@ export OS_TENANT_NAME={{ keystone_admin_tenant }} export OS_USERNAME={{ keystone_admin_user }} export OS_PASSWORD={{ keystone_admin_password }} -export OS_AUTH_URL=http://{{ keystone_ip }}:35357/v2.0 \ No newline at end of file +export OS_AUTH_URL=http://{{ keystone_ip }}:{{ keystone_admin_port }}/v2.0 \ No newline at end of file diff --git a/resources/glance_config/templates/glance-api-paste.ini b/resources/glance_config/templates/glance-api-paste.ini index ad2c8b5..0366796 100644 --- a/resources/glance_config/templates/glance-api-paste.ini +++ b/resources/glance_config/templates/glance-api-paste.ini @@ -67,7 +67,7 @@ paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddl [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory -identity_uri = http://{{ keystone_ip }}:35357 +identity_uri = http://{{ keystone_ip }}:{{ keystone_admin_port }} admin_user = {{ keystone_admin_user }} admin_tenant_name = {{ keystone_admin_tenant }} admin_password = {{ keystone_admin_password }} diff --git a/resources/glance_config/templates/glance-api.conf b/resources/glance_config/templates/glance-api.conf index 70e508b..9e379fb 100644 --- a/resources/glance_config/templates/glance-api.conf +++ b/resources/glance_config/templates/glance-api.conf @@ -15,11 +15,11 @@ image_cache_dir = /var/lib/glance/image-cache/ [database] connection = mysql://{{ mysql_user }}:{{ mysql_password }}@{{ mysql_ip }}/{{ mysql_db }} -backend = sqlalchemy +backend = mysql [keystone_authtoken] auth_uri = http://{{ keystone_ip }}:{{ keystone_port }}/v2.0 -identity_uri = http://{{ keystone_ip }}:35357 +identity_uri = http://{{ keystone_ip }}:{{ keystone_admin_port }} admin_tenant_name = {{ keystone_admin_tenant }} admin_user = {{ keystone_admin_user }} admin_password = {{ keystone_admin_password }} diff --git a/resources/glance_config/templates/glance-registry-paste.ini b/resources/glance_config/templates/glance-registry-paste.ini index d46db77..0199480 100644 --- a/resources/glance_config/templates/glance-registry-paste.ini +++ b/resources/glance_config/templates/glance-registry-paste.ini @@ -24,7 +24,7 @@ paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddl [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory -identity_uri = http://{{ keystone_ip }}:35357 +identity_uri = http://{{ keystone_ip }}:{{ keystone_admin_port }} admin_user = {{ keystone_admin_user }} admin_tenant_name = {{ keystone_admin_tenant }} admin_password = {{ keystone_admin_password }} diff --git a/resources/glance_config/templates/glance-registry.conf b/resources/glance_config/templates/glance-registry.conf index c55bc7a..7efe994 100644 --- a/resources/glance_config/templates/glance-registry.conf +++ b/resources/glance_config/templates/glance-registry.conf @@ -7,12 +7,12 @@ api_limit_max = 1000 limit_param_default = 25 [database] -backend = sqlalchemy +backend = mysql connection = mysql://{{ mysql_user }}:{{ mysql_password }}@{{ mysql_ip }}/{{ mysql_db }} [keystone_authtoken] auth_uri = http://{{ keystone_ip }}:{{ keystone_port }}/v2.0 -identity_uri = http://{{ keystone_ip }}:35357 +identity_uri = http://{{ keystone_ip }}:{{ keystone_admin_port }} admin_tenant_name = {{ keystone_admin_tenant }} admin_user = {{ keystone_admin_user }} admin_password = {{ keystone_admin_password }} diff --git a/resources/glance_registry_service/actions/run.yml b/resources/glance_registry_service/actions/run.yml index 0235203..51b208b 100644 --- a/resources/glance_registry_service/actions/run.yml +++ b/resources/glance_registry_service/actions/run.yml @@ -3,7 +3,8 @@ sudo: yes tasks: - docker: - command: /bin/bash -c "glance-manage db_sync && /usr/bin/keystone-registry" + #command: /bin/bash -c "glance-manage db_sync && /usr/bin/glance-registry" + command: /usr/bin/glance-registry name: {{ name }} image: {{ image }} state: running diff --git a/resources/keystone_role/actions/run.yml b/resources/keystone_role/actions/run.yml index 8896008..4d3df76 100644 --- a/resources/keystone_role/actions/run.yml +++ b/resources/keystone_role/actions/run.yml @@ -1,5 +1,7 @@ - hosts: [{{ ip }}] sudo: yes tasks: + - name: install python-keystoneclient + shell: pip install python-keystoneclient - name: keystone role keystone_user: endpoint=http://{{keystone_host}}:{{keystone_port}}/v2.0/ token={{admin_token}} user={{user_name}} tenant={{tenant_name}} role={{role_name}} state=present diff --git a/resources/keystone_service_endpoint/actions/remove.yaml b/resources/keystone_service_endpoint/actions/remove.yaml index b15fe77..0b30ff4 100644 --- a/resources/keystone_service_endpoint/actions/remove.yaml +++ b/resources/keystone_service_endpoint/actions/remove.yaml @@ -1 +1,5 @@ #todo +- hosts: [{{ ip }}] + sudo: yes + tasks: + - shell: echo 1 diff --git a/resources/keystone_tenant/actions/run.yml b/resources/keystone_tenant/actions/run.yml index 5122a7d..1cf2597 100644 --- a/resources/keystone_tenant/actions/run.yml +++ b/resources/keystone_tenant/actions/run.yml @@ -1,5 +1,7 @@ - hosts: [{{ ip }}] sudo: yes tasks: + - name: install python-keystoneclient + shell: pip install python-keystoneclient - name: keystone tenant keystone_user: endpoint=http://{{keystone_host}}:{{keystone_port}}/v2.0/ token={{admin_token}} tenant={{tenant_name}} state=present diff --git a/resources/keystone_user/actions/run.yml b/resources/keystone_user/actions/run.yml index 2deae25..eb3c374 100644 --- a/resources/keystone_user/actions/run.yml +++ b/resources/keystone_user/actions/run.yml @@ -3,4 +3,5 @@ tasks: - name: install python-keystoneclient shell: pip install python-keystoneclient + - name: keystone user keystone_user: endpoint=http://{{ keystone_host }}:{{ keystone_port }}/v2.0/ token={{ admin_token }} user={{ user_name }} password={{ user_password }} tenant={{ tenant_name }} state=present diff --git a/resources/keystone_user/meta.yaml b/resources/keystone_user/meta.yaml index 32b4ce2..edaa75d 100644 --- a/resources/keystone_user/meta.yaml +++ b/resources/keystone_user/meta.yaml @@ -5,15 +5,12 @@ input: keystone_host: schema: str! value: - keystone_admin_port: + keystone_port: schema: int! value: admin_token: schema: str! value: - role_name: - schema: str! - value: user_name: schema: str! value: