Merge remote-tracking branch 'origin/master' into deployment-2

Conflicts:
	example.py
	resources/mariadb_service/actions/run.yml

Vagrantfile

@@ -14,7 +14,8 @@ SCRIPT
 
 Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 
-  config.vm.box = "deb/jessie-amd64"
+  #config.vm.box = "deb/jessie-amd64"
+  config.vm.box = "rustyrobot/deb-jessie-amd64"
 
   config.vm.define "solar-dev", primary: true do |config|
     config.vm.provision "shell", inline: init_script, privileged: true
@@ -38,7 +39,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
       config.vm.host_name = "solar-dev#{index}"
 
       config.vm.provider :virtualbox do |v|
-        v.customize ["modifyvm", :id, "--memory", 512]
+        v.customize ["modifyvm", :id, "--memory", 1024]
         v.name = "solar-dev#{index}"
       end
     end

example.py

@@ -1,4 +1,5 @@
 import click
+import json
 import requests
 import sys
 import time
@@ -11,6 +12,7 @@ from solar.core import validation
 from solar.interfaces.db import get_db
 
 
+
 @click.group()
 def main():
     pass
@@ -26,9 +28,9 @@ def deploy():
     node1 = resource.create('node1', 'resources/ro_node/', {'ip': '10.0.0.3', 'ssh_key': '/vagrant/.vagrant/machines/solar-dev1/virtualbox/private_key', 'ssh_user': 'vagrant'})
     node2 = resource.create('node2', 'resources/ro_node/', {'ip': '10.0.0.4', 'ssh_key': '/vagrant/.vagrant/machines/solar-dev2/virtualbox/private_key', 'ssh_user': 'vagrant'})
 
-    rabbitmq_service1 = resource.create('rabbitmq_service1', 'resources/rabbitmq_service/', {'ssh_user':'', 'ip':'','management_port':'15672', 'port':'5672', 'ssh_key':'', 'container_name': 'rabbitmq_service1', 'image': 'rabbitmq:3-management'})
+    rabbitmq_service1 = resource.create('rabbitmq_service1', 'resources/rabbitmq_service/', {'ssh_user': '', 'ip': '','management_port': '15672', 'port': '5672', 'ssh_key': '', 'container_name': 'rabbitmq_service1', 'image': 'rabbitmq:3-management'})
-    openstack_vhost = resource.create('openstack_vhost', 'resources/rabbitmq_vhost/', {'ssh_user':'', 'ip':'', 'ssh_key':'', 'vhost_name' : 'openstack', 'container_name':''})
+    openstack_vhost = resource.create('openstack_vhost', 'resources/rabbitmq_vhost/', {'ssh_user': '', 'ip': '', 'ssh_key': '', 'vhost_name': 'openstack', 'container_name': ''})
-    openstack_rabbitmq_user = resource.create('openstack_rabbitmq_user', 'resources/rabbitmq_user/', {'ssh_user':'', 'ip':'', 'ssh_key':'', 'vhost_name' : '', 'user_name':'openstack', 'password':'openstack_password', 'container_name':''})
+    openstack_rabbitmq_user = resource.create('openstack_rabbitmq_user', 'resources/rabbitmq_user/', {'ssh_user': '', 'ip': '', 'ssh_key': '', 'vhost_name': '', 'user_name': 'openstack', 'password': 'openstack_password', 'container_name': ''})
 
     mariadb_service1 = resource.create('mariadb_service1', 'resources/mariadb_service', {'image': 'mariadb', 'root_password': 'mariadb', 'port': 3306, 'ip': '', 'ssh_user': '', 'ssh_key': ''})
     keystone_db = resource.create('keystone_db', 'resources/mariadb_keystone_db/', {'db_name': 'keystone_db', 'login_password': '', 'login_user': 'root', 'login_port': '', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
@@ -44,10 +46,26 @@ def deploy():
     haproxy_config = resource.create('haproxy_config', 'resources/haproxy_config', {'ip': '', 'ssh_key': '', 'ssh_user': '', 'configs_names':[], 'configs_ports':[], 'listen_ports':[], 'configs':[], 'config_dir': ''})
     haproxy_service = resource.create('haproxy_service', 'resources/docker_container/', {'image': 'tutum/haproxy', 'ports': [], 'host_binds': [], 'volume_binds':[], 'ip': '', 'ssh_key': '', 'ssh_user': ''})
 
-    admin_tenant = resource.create('admin_tenant', 'resources/keystone_tenant', {'keystone_host': '', 'keystone_port':'', 'login_user': 'admin', 'admin_token':'', 'tenant_name' : 'admin', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
+    glance_db = resource.create('glance_db', 'resources/mariadb_db/', {'db_name': 'glance_db', 'login_password': '', 'login_user': 'root', 'login_port': '', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
-    admin_user = resource.create('admin_user', 'resources/keystone_user', {'keystone_host': '', 'keystone_port':'', 'login_user': 'admin', 'admin_token':'', 'tenant_name' : '', 'user_name': 'admin', 'user_password':'admin', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
+    glance_db_user = resource.create('glance_db_user', 'resources/mariadb_user/', {'new_user_name': 'glance', 'new_user_password': 'glance', 'db_name': '', 'login_password': '', 'login_user': 'root', 'login_port': '', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
-    admin_role = resource.create('admin_role', 'resources/keystone_role', {'keystone_host': '', 'keystone_port':'', 'login_user': 'admin', 'admin_token':'', 'tenant_name' : '', 'user_name': '', 'role_name': 'admin', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
+
-    keystone_service_endpoint = resource.create('keystone_service_endpoint', 'resources/keystone_service_endpoint/', {'ip':'', 'ssh_key' : '', 'ssh_user':'', 'admin_port':'', 'admin_token':'', 'adminurl':'http://{{ip}}:{{admin_port}}/v2.0', 'internalurl':'http://{{ip}}:{{port}}/v2.0', 'publicurl':'http://{{ip}}:{{port}}/v2.0', 'description':'OpenStack Identity Service', 'keystone_host':'', 'keystone_port':'', 'name':'keystone', 'port':'', 'type':'identity'})
+    services_tenant = resource.create('glance_keystone_tenant', 'resources/keystone_tenant', {'keystone_host': '', 'keystone_port': '', 'login_user': 'admin', 'admin_token': '', 'tenant_name': 'services', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
+
+    glance_keystone_user = resource.create('glance_keystone_user', 'resources/keystone_user', {'user_name': 'glance_admin', 'user_password': 'password1234', 'tenant_name': 'service_admins', 'role_name': 'glance_admin', 'keystone_host': '', 'keystone_port': '', 'admin_token': '', 'ip': '', 'ssh_key': '', 'ssh_user': ''})
+    glance_keystone_role = resource.create('glance_keystone_role', 'resources/keystone_role', {'keystone_host': '', 'keystone_port': '', 'login_user': 'admin', 'admin_token': '', 'tenant_name': '', 'user_name': '', 'role_name': 'admin', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
+
+    glance_config = resource.create('glance_config', 'resources/glance_config/', {'ip': '', 'ssh_key': '', 'ssh_user': '', 'keystone_ip': '', 'keystone_port': '', 'config_dir': {}, 'api_port': '', 'registry_port': '', 'mysql_ip': '', 'mysql_db': '', 'mysql_user': '', 'mysql_password': '', 'keystone_admin_user': '', 'keystone_admin_password': '', 'keystone_admin_port': '', 'keystone_admin_tenant': ''})
+    glance_api_container = resource.create('glance_api_container', 'resources/glance_api_service/', {'image': 'cgenie/centos-rdo-glance-api', 'ports': [{'value': [{'value': 9292}]}], 'host_binds': [], 'volume_binds': [], 'db_password': '', 'keystone_password': '', 'keystone_admin_token': '', 'keystone_host': '', 'ip': '', 'ssh_key': '', 'ssh_user': ''})
+    glance_registry_container = resource.create('glance_registry_container', 'resources/glance_registry_service/', {'image': 'cgenie/centos-rdo-glance-registry', 'ports': [{'value': [{'value': 9191}]}], 'host_binds': [], 'volume_binds': [], 'db_host': '', 'db_root_password': '', 'db_password': '', 'db_name': '', 'db_user': '', 'keystone_admin_tenant': '', 'keystone_password': '', 'keystone_user': '', 'keystone_admin_token': '', 'keystone_host': '', 'ip': '', 'ssh_key': '', 'ssh_user': ''})
+    # TODO: admin_port should be refactored, we need to rethink docker
+    # container resource and make it common for all
+    # resources used in this demo
+    glance_api_endpoint = resource.create('glance_api_endpoint', 'resources/keystone_service_endpoint/', {'ip': '', 'ssh_key': '', 'ssh_user': '', 'admin_port': 9292, 'admin_token': '', 'adminurl': 'http://{{ip}}:{{admin_port}}', 'internalurl': 'http://{{ip}}:{{port}}', 'publicurl': 'http://{{ip}}:{{port}}', 'description': 'OpenStack Image Service', 'keystone_host': '', 'keystone_port': '', 'name': 'glance', 'port': 9292, 'type': 'image'})
+
+    admin_tenant = resource.create('admin_tenant', 'resources/keystone_tenant', {'keystone_host': '', 'keystone_port': '', 'login_user': 'admin', 'admin_token': '', 'tenant_name': 'admin', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
+    admin_user = resource.create('admin_user', 'resources/keystone_user', {'keystone_host': '', 'keystone_port': '', 'login_user': 'admin', 'admin_token': '', 'tenant_name': '', 'user_name': 'admin', 'user_password': 'admin', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
+    admin_role = resource.create('admin_role', 'resources/keystone_role', {'keystone_host': '', 'keystone_port': '', 'login_user': 'admin', 'admin_token': '', 'tenant_name': '', 'user_name': '', 'role_name': 'admin', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
+    keystone_service_endpoint = resource.create('keystone_service_endpoint', 'resources/keystone_service_endpoint/', {'ip': '', 'ssh_key': '', 'ssh_user': '', 'admin_port': '', 'admin_token': '', 'adminurl': 'http://{{ip}}:{{admin_port}}/v2.0', 'internalurl': 'http://{{ip}}:{{port}}/v2.0', 'publicurl': 'http://{{ip}}:{{port}}/v2.0', 'description': 'OpenStack Identity Service', 'keystone_host': '', 'keystone_port': '', 'name': 'keystone', 'port': '', 'type': 'identity'})
 
 
     ####
@@ -95,36 +113,69 @@ def deploy():
     signals.connect(node2, haproxy_service)
     signals.connect(haproxy_config, haproxy_service, {'listen_ports': 'ports', 'config_dir': 'host_binds'})
 
-    #keystone configuration
+    # keystone configuration
     signals.connect(keystone_config1, admin_tenant)
     signals.connect(keystone_service1, admin_tenant, {'admin_port': 'keystone_port', 'ip': 'keystone_host'})
     signals.connect(admin_tenant, admin_user)
     signals.connect(admin_user, admin_role)
     signals.connect(keystone_config1, keystone_service_endpoint)
-    signals.connect(keystone_service1, keystone_service_endpoint, {'ip': 'keystone_host','admin_port':'admin_port', 'port':'port'})
+    signals.connect(keystone_service1, keystone_service_endpoint, {'ip': 'keystone_host','admin_port': 'admin_port', 'port': 'port'})
     signals.connect(keystone_service1, keystone_service_endpoint, {'admin_port': 'keystone_port'})
 
+    # glance db
+    signals.connect(node1, glance_db)
+    signals.connect(mariadb_service1, glance_db, {'root_password': 'login_password', 'port': 'login_port'})
+    signals.connect(node1, glance_db_user)
+    signals.connect(mariadb_service1, glance_db_user, {'root_password': 'login_password', 'port': 'login_port'})
+    signals.connect(glance_db, glance_db_user, {'db_name': 'db_name'})
+
+    # glance keystone user
+    signals.connect(keystone_config1, services_tenant)
+    signals.connect(keystone_service1, services_tenant, {'admin_port': 'keystone_port', 'ip': 'keystone_host'})
+    signals.connect(services_tenant, glance_keystone_user)  # standard ip, ssh_key, ssh_user
+    signals.connect(glance_keystone_user, glance_keystone_role)
+    signals.connect(keystone_service1, glance_keystone_user, {'admin_port': 'keystone_port', 'ip': 'keystone_host'})
+    signals.connect(keystone_config1, glance_keystone_user, {'admin_token': 'admin_token'})
+    signals.connect(glance_keystone_user, glance_config, {'user_name': 'keystone_admin_user', 'user_password': 'keystone_admin_password', 'tenant_name': 'keystone_admin_tenant'})
+    signals.connect(keystone_service2, glance_config, {'admin_port': 'keystone_admin_port'})
+
+    # glance
+    signals.connect(node2, glance_config)
+    signals.connect(haproxy_keystone_config, glance_config, {'listen_port': 'keystone_port'})
+    signals.connect(haproxy_service, glance_config, {'ip': 'keystone_ip'})
+    signals.connect(mariadb_service1, glance_config, {'ip': 'mysql_ip'})
+    signals.connect(glance_db, glance_config, {'db_name': 'mysql_db'})
+    signals.connect(glance_db_user, glance_config, {'new_user_name': 'mysql_user', 'new_user_password': 'mysql_password'})
+    signals.connect(node2, glance_api_container)
+    signals.connect(glance_config, glance_api_container, {'config_dir': 'host_binds'})
+
+    signals.connect(glance_db_user, glance_api_container, {'new_user_password': 'db_password'})
+    signals.connect(glance_keystone_user, glance_api_container, {'user_password': 'keystone_password'})
+    signals.connect(glance_keystone_user, glance_api_container, {'admin_token': 'keystone_admin_token'})
+    signals.connect(haproxy_config, glance_api_container, {'ip': 'keystone_host'})
+
+    signals.connect(node2, glance_registry_container)
+    signals.connect(glance_config, glance_registry_container, {'config_dir': 'host_binds'})
+
+    signals.connect(mariadb_service1, glance_registry_container, {'ip': 'db_host'})
+    signals.connect(glance_db, glance_registry_container, {'db_name': 'db_name', 'login_password': 'db_root_password'})
+    signals.connect(glance_db_user, glance_registry_container, {'new_user_name': 'db_user', 'new_user_password': 'db_password'})
+    signals.connect(glance_keystone_user, glance_registry_container, {'tenant_name': 'keystone_admin_tenant', 'user_name': 'keystone_user', 'user_password': 'keystone_password'})
+    signals.connect(glance_keystone_user, glance_registry_container, {'admin_token': 'keystone_admin_token'})
+    signals.connect(haproxy_config, glance_registry_container, {'ip': 'keystone_host'})
+
+    # glance keystone endpoint
+    signals.connect(glance_api_container, glance_api_endpoint, {'ip': 'ip', 'ssh_user': 'ssh_user', 'ssh_key': 'ssh_key'})
+    signals.connect(keystone_config1, glance_api_endpoint, {'admin_token': 'admin_token'})
+    signals.connect(keystone_service1, glance_api_endpoint, {'ip': 'keystone_host', 'admin_port': 'keystone_port'})
+
 
     has_errors = False
-    for r in [node1,
+    for r in locals().values():
-              node2,
+        if not isinstance(r, resource.Resource):
-              mariadb_service1,
+            continue
-              keystone_db,
+
-              rabbitmq_service1,
+        print 'Validating {}'.format(r.name)
-              openstack_vhost,
-              openstack_rabbitmq_user,
-              keystone_db_user,
-              keystone_config1,
-              keystone_service1,
-              keystone_config2,
-              keystone_service2,
-              haproxy_keystone_config,
-              haproxy_config,
-              haproxy_service,
-              admin_tenant,
-              admin_user,
-              admin_role,
-              keystone_service_endpoint]:
         errors = validation.validate_resource(r)
         if errors:
             has_errors = True
@@ -155,12 +206,48 @@ def deploy():
     actions.resource_action(admin_role, 'run')
     actions.resource_action(keystone_service_endpoint, 'run')
 
+    actions.resource_action(services_tenant, 'run')
+    actions.resource_action(glance_keystone_user, 'run')
+    actions.resource_action(glance_keystone_role, 'run')
+    actions.resource_action(glance_db, 'run')
+    actions.resource_action(glance_db_user, 'run')
+    actions.resource_action(glance_config, 'run')
+    actions.resource_action(glance_api_container, 'run')
+    time.sleep(10) #TODO fix
+    actions.resource_action(glance_registry_container, 'run')
+    time.sleep(10)
+    actions.resource_action(glance_api_endpoint, 'run')
+
     # test working configuration
     requests.get('http://%s:%s' % (keystone_service1.args['ip'].value, keystone_service1.args['port'].value))
     requests.get('http://%s:%s' % (keystone_service2.args['ip'].value, keystone_service2.args['port'].value))
     requests.get('http://%s:%s' % (haproxy_service.args['ip'].value, haproxy_service.args['ports'].value[0]['value'][0]['value']))
+
+    token_data = requests.post(
+        'http://%s:%s/v2.0/tokens' % (haproxy_service.args['ip'].value, haproxy_keystone_config.args['listen_port'].value),
+        json.dumps({
+            'auth': {
+                'tenantName': glance_keystone_user.args['tenant_name'].value,
+                'passwordCredentials': {
+                    'username': glance_keystone_user.args['user_name'].value,
+                    'password': glance_keystone_user.args['user_password'].value,
+                }
+            }
+        }),
+        headers={'Content-Type': 'application/json'}
+    )
+
+    token = token_data.json()['access']['token']['id']
+    print 'TOKEN: {}'.format(token)
+
     requests.get('http://%s:%s' % (rabbitmq_service1.args['ip'].value, rabbitmq_service1.args['management_port'].value))
 
+    requests.get('http://%s:%s' % (glance_api_container.args['ip'].value, glance_api_container.args['ports'].value[0]['value'][0]['value']))
+    requests.get(
+        'http://%s:%s' % (glance_registry_container.args['ip'].value, glance_registry_container.args['ports'].value[0]['value'][0]['value']),
+        headers={'X-Auth-Token': token}
+    )
+
 
 @click.command()
 def undeploy():
@@ -169,10 +256,21 @@ def undeploy():
     resources = map(resource.wrap_resource, db.get_list('resource'))
     resources = {r.name: r for r in resources}
 
+    actions.resource_action(resources['glance_api_endpoint'], 'remove')
+    actions.resource_action(resources['glance_api_container'], 'remove')
+    actions.resource_action(resources['glance_registry_container'], 'remove')
+    actions.resource_action(resources['glance_config'], 'remove')
+    actions.resource_action(resources['glance_db_user'], 'remove')
+    actions.resource_action(resources['glance_db'], 'remove')
+    actions.resource_action(resources['glance_keystone_role'], 'remove')
+    actions.resource_action(resources['glance_keystone_user'], 'remove')
+    actions.resource_action(resources['glance_keystone_tenant'], 'remove')
+
     actions.resource_action(resources['keystone_service_endpoint'], 'remove')
     actions.resource_action(resources['admin_role'], 'remove')
     actions.resource_action(resources['admin_user'], 'remove')
     actions.resource_action(resources['admin_tenant'], 'remove')
+
     actions.resource_action(resources['haproxy_service'], 'remove')
     actions.resource_action(resources['haproxy_config'], 'remove')
     actions.resource_action(resources['keystone_service2'], 'remove')

main.yml

@@ -13,8 +13,12 @@
     - apt: name=python-pudb state=present
     - apt: name=python-pip state=present
     - apt: name=python-mysqldb state=present
+    - apt: name=jq state=present
     - shell: pip install -U pip
     - shell: pip install docker-py==1.1.0
+    - shell: pip install python-keystoneclient==1.5.0
+
+    - shell: pip install httpie
 
     # requirements
     - shell: pip install -r /vagrant/requirements.txt

resources/docker_container/meta.yaml

@@ -12,10 +12,10 @@ input:
       schema: [{value: [{value: int}]}]
       value: []
     host_binds:
-      schema: [{value: {src: str, dst: str}}]
+      schema: [{value: {src: str, dst: str, mode: str}}]
       value: []
     volume_binds:
-      schema: [{src: str, dst: str}]
+      schema: [{src: str, dst: str, mode: str}]
       value: []
     ssh_user:
       schema: str!

resources/glance_api_service/actions/remove.yml

@@ -0,0 +1,6 @@
+
+- hosts: [{{ ip }}]
+  sudo: yes
+  tasks:
+    - shell: docker stop {{ name }}
+    - shell: docker rm {{ name }}

resources/glance_api_service/actions/run.yml

@@ -0,0 +1,28 @@
+
+- hosts: [{{ ip }}]
+  sudo: yes
+  tasks:
+    - docker:
+       command: /bin/bash -c "glance-manage db_sync && /usr/bin/glance-api"
+       name: {{ name }}
+       image: {{ image }}
+       state: running
+       net: host
+       {% if ports.value %}
+       ports:
+         {% for port in ports.value %}
+         {% for p in port['value'] %}
+         - {{ p['value'] }}:{{ p['value'] }}
+         {% endfor %}
+         {% endfor %}
+       {% endif %}
+       {% if host_binds.value %}
+       volumes:
+         # TODO: host_binds might need more work
+         # Currently it's not that trivial to pass custom src: dst here
+         # (when a config variable is passed here from other resource)
+         # so we mount it to the same directory as on host
+         {% for bind in host_binds.value %}
+         - {{ bind['value']['src'] }}:{{ bind['value']['dst'] }}:{{ bind['value'].get('mode', 'ro') }}
+         {% endfor %}
+       {% endif %}

resources/glance_api_service/meta.yaml

@@ -0,0 +1,40 @@
+id: container
+handler: ansible
+version: 1.0.0
+input:
+    ip:
+      schema: str!
+      value:
+    image:
+      schema: str!
+      value:
+    ports:
+      schema: [{value: [{value: int}]}]
+      value: []
+    host_binds:
+      schema: [{value: {src: str, dst: str, mode: str}}]
+      value: []
+    volume_binds:
+      schema: [{src: str, dst: str, mode: str}]
+      value: []
+    ssh_user:
+      schema: str!
+      value: []
+    ssh_key:
+      schema: str!
+      value: []
+
+    db_password:
+      schema: str!
+      value:
+    keystone_admin_token:
+      schema: str!
+      value:
+    keystone_password:
+      schema: str!
+      value:
+    keystone_host:
+      schema: str!
+      value:
+
+tags: [resource/container]

resources/glance_config/actions/remove.yml

@@ -0,0 +1,5 @@
+
+- hosts: [{{ ip }}]
+  sudo: yes
+  tasks:
+    - shell: echo 'removed'

resources/glance_config/actions/run.yml

@@ -0,0 +1,36 @@
+- hosts: [{{ ip }}]
+  sudo: yes
+  vars:
+    api_port: {{ api_port }}
+    registry_port: {{ registry_port }}
+    keystone_ip: {{ keystone_ip }}
+    keystone_port: {{ keystone_port }}
+    keystone_admin_user: {{ keystone_admin_user }}
+    keystone_admin_password: {{ keystone_admin_password }}
+    keystone_admin_port: {{ keystone_admin_port }}
+    keystone_admin_tenant: {{ keystone_admin_tenant }}
+    mysql_ip: {{ mysql_ip }}
+    mysql_db: {{ mysql_db }}
+    mysql_user: {{ mysql_user }}
+    mysql_password: {{ mysql_password }}
+    config_dir: {src: {{ config_dir.value['src'] }}, dst: {{ config_dir.value['dst'] }}}
+  tasks:
+    - file: path={{ config_dir.value['src'] }}/ state=directory
+    - file: path={{ config_dir.value['src'] }}/glance-api.conf state=touch
+    - file: path={{ config_dir.value['src'] }}/glance-api-paste.ini state=touch
+    - file: path={{ config_dir.value['src'] }}/glance-cache.conf state=touch
+    - file: path={{ config_dir.value['src'] }}/glance-registry.conf state=touch
+    - file: path={{ config_dir.value['src'] }}/glance-registry-paste.ini state=touch
+    - file: path={{ config_dir.value['src'] }}/glance-scrubber.conf state=touch
+    - file: path={{ config_dir.value['src'] }}/policy.json state=touch
+    - file: path={{ config_dir.value['src'] }}/schema-image.json state=touch
+    - file: path={{ config_dir.value['src'] }}/exports state=touch
+    - template: src={{ resource_dir }}/templates/glance-api.conf dest={{ config_dir.value['src'] }}/glance-api.conf
+    - template: src={{ resource_dir }}/templates/glance-api-paste.ini dest={{ config_dir.value['src'] }}/glance-api-paste.ini
+    - template: src={{ resource_dir }}/templates/glance-cache.conf dest={{ config_dir.value['src'] }}/glance-cache.conf
+    - template: src={{ resource_dir }}/templates/glance-registry.conf dest={{ config_dir.value['src'] }}/glance-registry.conf
+    - template: src={{ resource_dir }}/templates/glance-registry-paste.ini dest={{ config_dir.value['src'] }}/glance-registry-paste.ini
+    - template: src={{ resource_dir }}/templates/glance-scrubber.conf dest={{ config_dir.value['src'] }}/glance-scrubber.conf
+    - template: src={{ resource_dir }}/templates/policy.json dest={{ config_dir.value['src'] }}/policy.json
+    - template: src={{ resource_dir }}/templates/schema-image.json dest={{ config_dir.value['src'] }}/schema-image.json
+    - template: src={{ resource_dir }}/templates/exports dest={{ config_dir.value['src'] }}/glance-export

resources/glance_config/meta.yaml

@@ -0,0 +1,53 @@
+id: glance_config
+handler: ansible
+version: 1.0.0
+input:
+    ip:
+      schema: str!
+      value:
+    ssh_user:
+      schema: str!
+      value: []
+    ssh_key:
+      schema: str!
+      value: []
+
+    config_dir:
+      schema: {src: str!, dst: str!, mode: str}
+      value: {src: /etc/solar/glance, dst: /etc/glance, mode: rw}
+    api_port:
+      schema: int!
+      value: 9292
+    registry_port:
+      schema: int!
+      value: 9191
+    keystone_ip:
+      schema: str!
+      value:
+    keystone_port:
+      schema: int!
+      value: 5000
+    keystone_admin_user:
+      schema: str!
+      value: glance_admin
+    keystone_admin_password:
+      schema: str!
+      value: password1234
+    keystone_admin_port:
+      schema: int!
+      value:
+    keystone_admin_tenant:
+      schema: str!
+      value: service_admins
+    mysql_ip:
+      schema: str!
+      value:
+    mysql_db:
+      schema: str!
+      value:
+    mysql_user:
+      schema: str!
+      value:
+    mysql_password:
+      schema: str!
+      value:

resources/glance_config/templates/exports

@@ -0,0 +1,4 @@
+export OS_TENANT_NAME={{ keystone_admin_tenant }}
+export OS_USERNAME={{ keystone_admin_user }}
+export OS_PASSWORD={{ keystone_admin_password }}
+export OS_AUTH_URL=http://{{ keystone_ip }}:{{ keystone_admin_port }}/v2.0

resources/glance_config/templates/glance-api-paste.ini

@@ -0,0 +1,82 @@
+# Use this pipeline for no auth or image caching - DEFAULT
+[pipeline:glance-api]
+#pipeline = versionnegotiation osprofiler unauthenticated-context rootapp
+pipeline = versionnegotiation authtoken context appv1app
+
+# Use this pipeline for image caching and no auth
+[pipeline:glance-api-caching]
+pipeline = versionnegotiation osprofiler unauthenticated-context cache rootapp
+
+# Use this pipeline for caching w/ management interface but no auth
+[pipeline:glance-api-cachemanagement]
+pipeline = versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp
+
+# Use this pipeline for keystone auth
+[pipeline:glance-api-keystone]
+pipeline = versionnegotiation osprofiler authtoken context  rootapp
+
+# Use this pipeline for keystone auth with image caching
+[pipeline:glance-api-keystone+caching]
+pipeline = versionnegotiation osprofiler authtoken context cache rootapp
+
+# Use this pipeline for keystone auth with caching and cache management
+[pipeline:glance-api-keystone+cachemanagement]
+pipeline = versionnegotiation osprofiler authtoken context cache cachemanage rootapp
+
+# Use this pipeline for authZ only. This means that the registry will treat a
+# user as authenticated without making requests to keystone to reauthenticate
+# the user.
+[pipeline:glance-api-trusted-auth]
+pipeline = versionnegotiation osprofiler context rootapp
+
+# Use this pipeline for authZ only. This means that the registry will treat a
+# user as authenticated without making requests to keystone to reauthenticate
+# the user and uses cache management
+[pipeline:glance-api-trusted-auth+cachemanagement]
+pipeline = versionnegotiation osprofiler context cache cachemanage rootapp
+
+[composite:rootapp]
+paste.composite_factory = glance.api:root_app_factory
+/: apiversions
+/v1: apiv1app
+/v2: apiv2app
+
+[app:apiversions]
+paste.app_factory = glance.api.versions:create_resource
+
+[app:apiv1app]
+paste.app_factory = glance.api.v1.router:API.factory
+
+[app:apiv2app]
+paste.app_factory = glance.api.v2.router:API.factory
+
+[filter:versionnegotiation]
+paste.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory
+
+[filter:cache]
+paste.filter_factory = glance.api.middleware.cache:CacheFilter.factory
+
+[filter:cachemanage]
+paste.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter.factory
+
+[filter:context]
+paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
+
+[filter:unauthenticated-context]
+paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
+
+[filter:authtoken]
+paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+identity_uri = http://{{ keystone_ip }}:{{ keystone_admin_port }}
+admin_user = {{ keystone_admin_user }}
+admin_tenant_name = {{ keystone_admin_tenant }}
+admin_password = {{ keystone_admin_password }}
+#delay_auth_decision = true
+
+[filter:gzip]
+paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory
+
+[filter:osprofiler]
+paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
+hmac_keys = SECRET_KEY
+enabled = yes

resources/glance_config/templates/glance-api.conf

@@ -0,0 +1,35 @@
+[DEFAULT]
+default_store = file
+bind_host = 0.0.0.0
+bind_port = {{ api_port }}
+log_file = /var/log/glance/api.log
+backlog = 4096
+registry_host = 0.0.0.0
+registry_port = {{ registry_port }}
+registry_client_protocol = http
+
+delayed_delete = False
+scrub_time = 43200
+scrubber_datadir = /var/lib/glance/scrubber
+image_cache_dir = /var/lib/glance/image-cache/
+
+[database]
+connection = mysql://{{ mysql_user }}:{{ mysql_password }}@{{ mysql_ip }}/{{ mysql_db }}
+backend = mysql
+
+[keystone_authtoken]
+auth_uri = http://{{ keystone_ip }}:{{ keystone_port }}/v2.0
+identity_uri = http://{{ keystone_ip }}:{{ keystone_admin_port }}
+admin_tenant_name = {{ keystone_admin_tenant }}
+admin_user = {{ keystone_admin_user }}
+admin_password = {{ keystone_admin_password }}
+revocation_cache_time = 10
+
+[paste_deploy]
+flavor=keystone+cachemanagement
+
+[glance_store]
+filesystem_store_datadir = /var/lib/glance/images/
+sheepdog_store_address = localhost
+sheepdog_store_port = 7000
+sheepdog_store_chunk_size = 64

resources/glance_config/templates/glance-cache.conf

@@ -0,0 +1,200 @@
+[DEFAULT]
+# Show more verbose log output (sets INFO log level output)
+#verbose = False
+
+# Show debugging output in logs (sets DEBUG log level output)
+#debug = False
+
+# Log to this file. Make sure you do not set the same log file for both the API
+# and registry servers!
+#
+# If `log_file` is omitted and `use_syslog` is false, then log messages are
+# sent to stdout as a fallback.
+log_file = /var/log/glance/image-cache.log
+
+# Send logs to syslog (/dev/log) instead of to file specified by `log_file`
+#use_syslog = False
+
+# Directory that the Image Cache writes data to
+image_cache_dir = /var/lib/glance/image-cache/
+
+# Number of seconds after which we should consider an incomplete image to be
+# stalled and eligible for reaping
+image_cache_stall_time = 86400
+
+# Max cache size in bytes
+image_cache_max_size = 10737418240
+
+# Address to find the registry server
+registry_host = 0.0.0.0
+
+# Port the registry server is listening on
+registry_port = 9191
+
+# Auth settings if using Keystone
+# auth_url = http://127.0.0.1:5000/v2.0/
+# admin_tenant_name = %SERVICE_TENANT_NAME%
+# admin_user = %SERVICE_USER%
+# admin_password = %SERVICE_PASSWORD%
+
+# List of which store classes and store class locations are
+# currently known to glance at startup.
+# known_stores = glance.store.filesystem.Store,
+#                glance.store.http.Store,
+#                glance.store.rbd.Store,
+#                glance.store.s3.Store,
+#                glance.store.swift.Store,
+#                glance.store.sheepdog.Store,
+#                glance.store.cinder.Store,
+#                glance.store.vmware_datastore.Store,
+
+# ============ Filesystem Store Options ========================
+
+# Directory that the Filesystem backend store
+# writes image data to
+filesystem_store_datadir = /var/lib/glance/images/
+
+# ============ Swift Store Options =============================
+
+# Version of the authentication service to use
+# Valid versions are '2' for keystone and '1' for swauth and rackspace
+swift_store_auth_version = 2
+
+# Address where the Swift authentication service lives
+# Valid schemes are 'http://' and 'https://'
+# If no scheme specified,  default to 'https://'
+# For swauth, use something like '127.0.0.1:8080/v1.0/'
+swift_store_auth_address = 127.0.0.1:5000/v2.0/
+
+# User to authenticate against the Swift authentication service
+# If you use Swift authentication service, set it to 'account':'user'
+# where 'account' is a Swift storage account and 'user'
+# is a user in that account
+swift_store_user = jdoe:jdoe
+
+# Auth key for the user authenticating against the
+# Swift authentication service
+swift_store_key = a86850deb2742ec3cb41518e26aa2d89
+
+# Container within the account that the account should use
+# for storing images in Swift
+swift_store_container = glance
+
+# Do we create the container if it does not exist?
+swift_store_create_container_on_put = False
+
+# What size, in MB, should Glance start chunking image files
+# and do a large object manifest in Swift? By default, this is
+# the maximum object size in Swift, which is 5GB
+swift_store_large_object_size = 5120
+
+# When doing a large object manifest, what size, in MB, should
+# Glance write chunks to Swift? This amount of data is written
+# to a temporary disk buffer during the process of chunking
+# the image file, and the default is 200MB
+swift_store_large_object_chunk_size = 200
+
+# Whether to use ServiceNET to communicate with the Swift storage servers.
+# (If you aren't RACKSPACE, leave this False!)
+#
+# To use ServiceNET for authentication, prefix hostname of
+# `swift_store_auth_address` with 'snet-'.
+# Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/
+swift_enable_snet = False
+
+# ============ S3 Store Options =============================
+
+# Address where the S3 authentication service lives
+# Valid schemes are 'http://' and 'https://'
+# If no scheme specified,  default to 'http://'
+s3_store_host = 127.0.0.1:8080/v1.0/
+
+# User to authenticate against the S3 authentication service
+s3_store_access_key = <20-char AWS access key>
+
+# Auth key for the user authenticating against the
+# S3 authentication service
+s3_store_secret_key = <40-char AWS secret key>
+
+# Container within the account that the account should use
+# for storing images in S3. Note that S3 has a flat namespace,
+# so you need a unique bucket name for your glance images. An
+# easy way to do this is append your AWS access key to "glance".
+# S3 buckets in AWS *must* be lowercased, so remember to lowercase
+# your AWS access key if you use it in your bucket name below!
+s3_store_bucket = <lowercased 20-char aws access key>glance
+
+# Do we create the bucket if it does not exist?
+s3_store_create_bucket_on_put = False
+
+# When sending images to S3, the data will first be written to a
+# temporary buffer on disk. By default the platform's temporary directory
+# will be used. If required, an alternative directory can be specified here.
+# s3_store_object_buffer_dir = /path/to/dir
+
+# ============ Cinder Store Options ===========================
+
+# Info to match when looking for cinder in the service catalog
+# Format is : separated values of the form:
+# <service_type>:<service_name>:<endpoint_type> (string value)
+#cinder_catalog_info = volume:cinder:publicURL
+
+# Override service catalog lookup with template for cinder endpoint
+# e.g. http://localhost:8776/v1/%(project_id)s (string value)
+#cinder_endpoint_template = <None>
+
+# Region name of this node (string value)
+#os_region_name = <None>
+
+# Location of ca certicates file to use for cinder client requests
+# (string value)
+#cinder_ca_certificates_file = <None>
+
+# Number of cinderclient retries on failed http calls (integer value)
+#cinder_http_retries = 3
+
+# Allow to perform insecure SSL requests to cinder (boolean value)
+#cinder_api_insecure = False
+
+# ============ VMware Datastore Store Options =====================
+
+# ESX/ESXi or vCenter Server target system.
+# The server value can be an IP address or a DNS name
+# e.g. 127.0.0.1, 127.0.0.1:443, www.vmware-infra.com
+#vmware_server_host = <None>
+
+# Server username (string value)
+#vmware_server_username = <None>
+
+# Server password (string value)
+#vmware_server_password = <None>
+
+# Inventory path to a datacenter (string value)
+# Value optional when vmware_server_ip is an ESX/ESXi host: if specified
+# should be `ha-datacenter`.
+#vmware_datacenter_path = <None>
+
+# Datastore associated with the datacenter (string value)
+#vmware_datastore_name = <None>
+
+# The number of times we retry on failures
+# e.g., socket error, etc (integer value)
+#vmware_api_retry_count = 10
+
+# The interval used for polling remote tasks
+# invoked on VMware ESX/VC server in seconds (integer value)
+#vmware_task_poll_interval = 5
+
+# Absolute path of the folder containing the images in the datastore
+# (string value)
+#vmware_store_image_dir = /openstack_glance
+
+# Allow to perform insecure SSL requests to the target system (boolean value)
+#vmware_api_insecure = False
+
+# ================= Security Options ==========================
+
+# AES key for encrypting store 'location' metadata, including
+# -- if used -- Swift or S3 credentials
+# Should be set to a random string of length 16, 24 or 32 bytes
+# metadata_encryption_key = <16, 24 or 32 char registry metadata key>

resources/glance_config/templates/glance-registry-paste.ini

@@ -0,0 +1,35 @@
+# Use this pipeline for no auth - DEFAULT
+[pipeline:glance-registry]
+#pipeline = osprofiler unauthenticated-context registryapp
+pipeline = authtoke context registryapp
+
+# Use this pipeline for keystone auth
+[pipeline:glance-registry-keystone]
+pipeline = osprofiler authtoken context registryapp
+
+# Use this pipeline for authZ only. This means that the registry will treat a
+# user as authenticated without making requests to keystone to reauthenticate
+# the user.
+[pipeline:glance-registry-trusted-auth]
+pipeline = osprofiler context registryapp
+
+[app:registryapp]
+paste.app_factory = glance.registry.api:API.factory
+
+[filter:context]
+paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
+
+[filter:unauthenticated-context]
+paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
+
+[filter:authtoken]
+paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+identity_uri = http://{{ keystone_ip }}:{{ keystone_admin_port }}
+admin_user = {{ keystone_admin_user }}
+admin_tenant_name = {{ keystone_admin_tenant }}
+admin_password = {{ keystone_admin_password }}
+
+[filter:osprofiler]
+paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
+hmac_keys = SECRET_KEY
+enabled = yes

resources/glance_config/templates/glance-registry.conf

@@ -0,0 +1,22 @@
+[DEFAULT]
+bind_host = 0.0.0.0
+bind_port = 9191
+log_file = /var/log/glance/registry.log
+backlog = 4096
+api_limit_max = 1000
+limit_param_default = 25
+
+[database]
+backend = mysql
+connection = mysql://{{ mysql_user }}:{{ mysql_password }}@{{ mysql_ip }}/{{ mysql_db }}
+
+[keystone_authtoken]
+auth_uri = http://{{ keystone_ip }}:{{ keystone_port }}/v2.0
+identity_uri = http://{{ keystone_ip }}:{{ keystone_admin_port }}
+admin_tenant_name = {{ keystone_admin_tenant }}
+admin_user = {{ keystone_admin_user }}
+admin_password = {{ keystone_admin_password }}
+
+[paste_deploy]
+flavor=keystone
+[profiler]

resources/glance_config/templates/glance-scrubber.conf

@@ -0,0 +1,108 @@
+[DEFAULT]
+# Show more verbose log output (sets INFO log level output)
+#verbose = False
+
+# Show debugging output in logs (sets DEBUG log level output)
+#debug = False
+
+# Log to this file. Make sure you do not set the same log file for both the API
+# and registry servers!
+#
+# If `log_file` is omitted and `use_syslog` is false, then log messages are
+# sent to stdout as a fallback.
+log_file = /var/log/glance/scrubber.log
+
+# Send logs to syslog (/dev/log) instead of to file specified by `log_file`
+#use_syslog = False
+
+# Should we run our own loop or rely on cron/scheduler to run us
+daemon = False
+
+# Loop time between checking for new items to schedule for delete
+wakeup_time = 300
+
+# Directory that the scrubber will use to remind itself of what to delete
+# Make sure this is also set in glance-api.conf
+scrubber_datadir = /var/lib/glance/scrubber
+
+# Only one server in your deployment should be designated the cleanup host
+cleanup_scrubber = False
+
+# pending_delete items older than this time are candidates for cleanup
+cleanup_scrubber_time = 86400
+
+# Address to find the registry server for cleanups
+registry_host = 0.0.0.0
+
+# Port the registry server is listening on
+registry_port = 9191
+
+# Auth settings if using Keystone
+# auth_url = http://127.0.0.1:5000/v2.0/
+# admin_tenant_name = %SERVICE_TENANT_NAME%
+# admin_user = %SERVICE_USER%
+# admin_password = %SERVICE_PASSWORD%
+
+# Directory to use for lock files. Default to a temp directory
+# (string value). This setting needs to be the same for both
+# glance-scrubber and glance-api.
+#lock_path=<None>
+
+# API to use for accessing data. Default value points to sqlalchemy
+# package, it is also possible to use: glance.db.registry.api
+#data_api = glance.db.sqlalchemy.api
+
+# ================= Security Options ==========================
+
+# AES key for encrypting store 'location' metadata, including
+# -- if used -- Swift or S3 credentials
+# Should be set to a random string of length 16, 24 or 32 bytes
+#metadata_encryption_key = <16, 24 or 32 char registry metadata key>
+
+# ================= Database Options ===============+==========
+
+[database]
+
+# The SQLAlchemy connection string used to connect to the
+# database (string value)
+#connection=sqlite:////glance/openstack/common/db/$sqlite_db
+
+# The SQLAlchemy connection string used to connect to the
+# slave database (string value)
+#slave_connection=
+
+# timeout before idle sql connections are reaped (integer
+# value)
+#idle_timeout=3600
+
+# Minimum number of SQL connections to keep open in a pool
+# (integer value)
+#min_pool_size=1
+
+# Maximum number of SQL connections to keep open in a pool
+# (integer value)
+#max_pool_size=<None>
+
+# maximum db connection retries during startup. (setting -1
+# implies an infinite retry count) (integer value)
+#max_retries=10
+
+# interval between retries of opening a sql connection
+# (integer value)
+#retry_interval=10
+
+# If set, use this value for max_overflow with sqlalchemy
+# (integer value)
+#max_overflow=<None>
+
+# Verbosity of SQL debugging information. 0=None,
+# 100=Everything (integer value)
+#connection_debug=0
+
+# Add python stack traces to SQL as comment strings (boolean
+# value)
+#connection_trace=false
+
+# If set, use this value for pool_timeout with sqlalchemy
+# (integer value)
+#pool_timeout=<None>

resources/glance_config/templates/policy.json

@@ -0,0 +1,52 @@
+{
+    "context_is_admin":  "role:admin",
+    "default": "",
+
+    "add_image": "",
+    "delete_image": "",
+    "get_image": "",
+    "get_images": "",
+    "modify_image": "",
+    "publicize_image": "role:admin",
+    "copy_from": "",
+
+    "download_image": "",
+    "upload_image": "",
+
+    "delete_image_location": "",
+    "get_image_location": "",
+    "set_image_location": "",
+
+    "add_member": "",
+    "delete_member": "",
+    "get_member": "",
+    "get_members": "",
+    "modify_member": "",
+
+    "manage_image_cache": "role:admin",
+
+    "get_task": "",
+    "get_tasks": "",
+    "add_task": "",
+    "modify_task": "",
+
+    "get_metadef_namespace": "",
+    "get_metadef_namespaces":"",
+    "modify_metadef_namespace":"",
+    "add_metadef_namespace":"",
+
+    "get_metadef_object":"",
+    "get_metadef_objects":"",
+    "modify_metadef_object":"",
+    "add_metadef_object":"",
+
+    "list_metadef_resource_types":"",
+    "get_metadef_resource_type":"",
+    "add_metadef_resource_type_association":"",
+
+    "get_metadef_property":"",
+    "get_metadef_properties":"",
+    "modify_metadef_property":"",
+    "add_metadef_property":""
+
+}

resources/glance_config/templates/schema-image.json

@@ -0,0 +1,28 @@
+{
+    "kernel_id": {
+        "type": "string",
+        "pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$",
+        "description": "ID of image stored in Glance that should be used as the kernel when booting an AMI-style image."
+    },
+    "ramdisk_id": {
+        "type": "string",
+        "pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$",
+        "description": "ID of image stored in Glance that should be used as the ramdisk when booting an AMI-style image."
+    },
+    "instance_uuid": {
+        "type": "string",
+        "description": "ID of instance used to create this image."
+    },
+    "architecture": {
+        "description": "Operating system architecture as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html",
+        "type": "string"
+    },
+    "os_distro": {
+        "description": "Common name of operating system distribution as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html",
+        "type": "string"
+    },
+    "os_version": {
+        "description": "Operating system version as specified by the distributor",
+        "type": "string"
+    }
+}

resources/glance_registry_service/actions/remove.yml

@@ -0,0 +1,6 @@
+
+- hosts: [{{ ip }}]
+  sudo: yes
+  tasks:
+    - shell: docker stop {{ name }}
+    - shell: docker rm {{ name }}

resources/glance_registry_service/actions/run.yml

@@ -0,0 +1,29 @@
+
+- hosts: [{{ ip }}]
+  sudo: yes
+  tasks:
+    - docker:
+       #command: /bin/bash -c "glance-manage db_sync && /usr/bin/glance-registry"
+       command: /usr/bin/glance-registry
+       name: {{ name }}
+       image: {{ image }}
+       state: running
+       net: host
+       {% if ports.value %}
+       ports:
+         {% for port in ports.value %}
+         {% for p in port['value'] %}
+         - {{ p['value'] }}:{{ p['value'] }}
+         {% endfor %}
+         {% endfor %}
+       {% endif %}
+       {% if host_binds.value %}
+       volumes:
+         # TODO: host_binds might need more work
+         # Currently it's not that trivial to pass custom src: dst here
+         # (when a config variable is passed here from other resource)
+         # so we mount it to the same directory as on host
+         {% for bind in host_binds.value %}
+         - {{ bind['value']['src'] }}:{{ bind['value']['dst'] }}:{{ bind['value'].get('mode', 'ro') }}
+         {% endfor %}
+       {% endif %}

resources/glance_registry_service/meta.yaml

@@ -0,0 +1,58 @@
+id: container
+handler: ansible
+version: 1.0.0
+input:
+    ip:
+      schema: str!
+      value:
+    image:
+      schema: str!
+      value:
+    ports:
+      schema: [{value: [{value: int}]}]
+      value: []
+    host_binds:
+      schema: [{value: {src: str, dst: str, mode: str}}]
+      value: []
+    volume_binds:
+      schema: [{src: str, dst: str, mode: str}]
+      value: []
+    ssh_user:
+      schema: str!
+      value: []
+    ssh_key:
+      schema: str!
+      value: []
+
+    db_host:
+      schema: str!
+      value:
+    db_root_password:
+      schema: str!
+      value:
+    db_name:
+      schema: str!
+      value:
+    db_password:
+      schema: str!
+      value:
+    db_user:
+      schema: str!
+      value:
+    keystone_admin_token:
+      schema: str!
+      value:
+    keystone_admin_tenant:
+      schema: str!
+      value:
+    keystone_user:
+      schema: str!
+      value:
+    keystone_password:
+      schema: str!
+      value:
+    keystone_host:
+      schema: str!
+      value:
+
+tags: [resource/container]

resources/keystone_config/actions/run.yml

@@ -2,6 +2,8 @@
   sudo: yes
   vars:
     admin_token: {{admin_token}}
+    keystone_host: {{ ip }}
+    keystone_port: {{ port }}
     db_user: {{db_user}}
     db_password: {{db_password}}
     db_host: {{db_host}}
@@ -12,3 +14,4 @@
     - template: src={{resource_dir}}/templates/default_catalog.templates dest={{config_dir}}/default_catalog.templates
     - template: src={{resource_dir}}/templates/logging.conf dest={{config_dir}}/logging.conf
     - template: src={{resource_dir}}/templates/policy.json dest={{config_dir}}/policy.json
+    - template: src={{resource_dir}}/templates/exports dest={{ config_dir }}/keystone-exports

resources/keystone_config/templates/exports

@@ -0,0 +1,2 @@
+export OS_SERVICE_ENDPOINT=http://localhost:35357/v2.0/
+export OS_SERVICE_TOKEN={{ admin_token }}

resources/keystone_role/actions/run.yml

@@ -1,5 +1,7 @@
 - hosts: [{{ ip }}]
   sudo: yes
   tasks:
+    - name: install python-keystoneclient
+      shell: pip install python-keystoneclient
     - name: keystone role
       keystone_user: endpoint=http://{{keystone_host}}:{{keystone_port}}/v2.0/ token={{admin_token}} user={{user_name}} tenant={{tenant_name}} role={{role_name}} state=present

resources/keystone_tenant/actions/run.yml

@@ -1,5 +1,7 @@
 - hosts: [{{ ip }}]
   sudo: yes
   tasks:
+    - name: install python-keystoneclient
+      shell: pip install python-keystoneclient
     - name: keystone tenant
       keystone_user: endpoint=http://{{keystone_host}}:{{keystone_port}}/v2.0/ token={{admin_token}} tenant={{tenant_name}} state=present

resources/keystone_user/actions/run.yml

@@ -1,5 +1,7 @@
 - hosts: [{{ ip }}]
   sudo: yes
   tasks:
+    - name: install python-keystoneclient
+      shell: pip install python-keystoneclient
     - name: keystone user
-      keystone_user: endpoint=http://{{keystone_host}}:{{keystone_port}}/v2.0/ token={{admin_token}} user={{user_name}} password={{user_password}} tenant={{tenant_name}} state=present
+      keystone_user: endpoint=http://{{ keystone_host }}:{{ keystone_port }}/v2.0/ token={{ admin_token }} user={{ user_name }} password={{ user_password }} tenant={{ tenant_name }} state=present

resources/mariadb_service/actions/run.yml

@@ -9,7 +9,7 @@
         ports:
         - {{ port }}:3306
         env:
-            MYSQL_ROOT_PASSWORD: {{ root_password }}
+          MYSQL_ROOT_PASSWORD: {{ root_password }}
 
     - shell: docker exec -t {{ name }} mysql -p{{ root_password }} -uroot -e "SELECT 1"
       register: result

solar/solar/core/handlers/ansible.py

@@ -1,7 +1,6 @@
 # -*- coding: utf-8 -*-
 import os
 import subprocess
-import yaml
 
 from solar.core.handlers.base import BaseHandler
 
@@ -14,7 +13,11 @@ class Ansible(BaseHandler):
         print 'playbook_file', playbook_file
         call_args = ['ansible-playbook', '--module-path', '/vagrant/library', '-i', inventory_file, playbook_file]
         print 'EXECUTING: ', ' '.join(call_args)
-        subprocess.call(call_args)
+        try:
+            subprocess.check_output(call_args)
+        except subprocess.CalledProcessError as e:
+            print e.output
+            raise
 
     def _create_inventory(self, r):
         directory = self.dirs[r.name]

solar/solar/core/resource.py

@@ -99,7 +99,6 @@ class Resource(object):
         # Update will be blocked if this resource is listening
         # on some input that is to be updated -- we should only listen
         # to the emitter and not be able to change the input's value
-
         for key, value in args.iteritems():
             self.args[key].update(value)
 
@@ -157,7 +156,7 @@ def load_all():
     ret = {}
 
     for raw_resource in db.get_list('resource'):
-        resource = wrap_resource(raw_resource)
+        resource = db.get_obj_resource(raw_resource['id'])
         ret[resource.name] = resource
 
     signals.Connections.reconnect_all()

solar/solar/interfaces/db/__init__.py

@@ -4,6 +4,11 @@ mapping = {
     'file_system': FileSystemDB
 }
 
+DB = None
+
 def get_db():
     # Should be retrieved from config
-    return mapping['file_system']()
+    global DB
+    if DB is None:
+        DB = mapping['file_system']()
+    return DB

solar/solar/interfaces/db/file_system_db.py

@@ -24,10 +24,11 @@ class FileSystemDB(DirDBM):
         return self[self._make_key(self.RESOURCE_COLLECTION_NAME, uid)]
 
     def get_obj_resource(self, uid):
-        from solar.core.resource import wrap_resource
+        if not uid in self.entities:
-        raw_resource = self[self._make_key(self.RESOURCE_COLLECTION_NAME, uid)]
+            from solar.core.resource import wrap_resource
-
+            raw_resource = self[self._make_key(self.RESOURCE_COLLECTION_NAME, uid)]
-        return wrap_resource(raw_resource)
+            self.entities[uid] = wrap_resource(raw_resource)
+        return self.entities[uid]
 
     def add_resource(self, uid, resource):
         self[self._make_key(self.RESOURCE_COLLECTION_NAME, uid)] = resource

solar/solar/state.py

@@ -21,16 +21,21 @@ from solar import utils
 
 from enum import Enum
 
+from solar.interfaces.db import get_db
+
+import yaml
+
+db = get_db()
+
 
 STATES = Enum('States', 'pending inprogress error success')
 
 
-def state_file(filename):
+def state_file(name):
-    filepath = os.path.join(utils.read_config()['state'], filename)
+    if 'log' in name:
-    if 'log' in filename:
+        return Log(name)
-        return Log(filepath)
+    elif 'data' in name:
-    elif 'data' in filename:
+        return Data(name)
-        return Data(filepath)
 
 
 CD = partial(state_file, 'commited_data')
@@ -70,14 +75,18 @@ class Log(object):
 
     def __init__(self, path):
         self.path = path
-        items = utils.yaml_load(path) or []
+        if path in db:
+            items = db[path]
+        else:
+            items = []
         self.items = deque([LogItem(
             l['uid'], l['res'],
             l['diff'], l['action'],
             getattr(STATES, l['state'])) for l in items])
 
     def sync(self):
-        utils.yaml_dump_to([i.to_dict() for i in self.items], self.path)
+        db[self.path] = [i.to_dict() for i in self.items]
+
 
     def add(self, logitem):
         self.items.append(logitem)
@@ -111,18 +120,21 @@ class Data(collections.MutableMapping):
 
     def __init__(self, path):
         self.path = path
-        self.store = utils.yaml_load(path) or {}
+        if path in db:
+            self.store = db[path]
+        else:
+            self.store = {}
 
     def __getitem__(self, key):
         return self.store[key]
 
     def __setitem__(self, key, value):
         self.store[key] = value
-        utils.yaml_dump_to(self.store, self.path)
+        db[self.path] = self.store
 
     def __delitem__(self, key):
         self.store.pop(key)
-        utils.yaml_dump_to(self.store, self.path)
+        db[self.path] = self.store
 
     def __iter__(self):
         return iter(self.store)