Merge remote-tracking branch 'origin/master' into deployment-2
Conflicts: example.py resources/mariadb_service/actions/run.yml
This commit is contained in:
commit
05b9819f1f
5
Vagrantfile
vendored
5
Vagrantfile
vendored
@ -14,7 +14,8 @@ SCRIPT
|
||||
|
||||
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
|
||||
|
||||
config.vm.box = "deb/jessie-amd64"
|
||||
#config.vm.box = "deb/jessie-amd64"
|
||||
config.vm.box = "rustyrobot/deb-jessie-amd64"
|
||||
|
||||
config.vm.define "solar-dev", primary: true do |config|
|
||||
config.vm.provision "shell", inline: init_script, privileged: true
|
||||
@ -38,7 +39,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
|
||||
config.vm.host_name = "solar-dev#{index}"
|
||||
|
||||
config.vm.provider :virtualbox do |v|
|
||||
v.customize ["modifyvm", :id, "--memory", 512]
|
||||
v.customize ["modifyvm", :id, "--memory", 1024]
|
||||
v.name = "solar-dev#{index}"
|
||||
end
|
||||
end
|
||||
|
154
example.py
154
example.py
@ -1,4 +1,5 @@
|
||||
import click
|
||||
import json
|
||||
import requests
|
||||
import sys
|
||||
import time
|
||||
@ -11,6 +12,7 @@ from solar.core import validation
|
||||
from solar.interfaces.db import get_db
|
||||
|
||||
|
||||
|
||||
@click.group()
|
||||
def main():
|
||||
pass
|
||||
@ -26,9 +28,9 @@ def deploy():
|
||||
node1 = resource.create('node1', 'resources/ro_node/', {'ip': '10.0.0.3', 'ssh_key': '/vagrant/.vagrant/machines/solar-dev1/virtualbox/private_key', 'ssh_user': 'vagrant'})
|
||||
node2 = resource.create('node2', 'resources/ro_node/', {'ip': '10.0.0.4', 'ssh_key': '/vagrant/.vagrant/machines/solar-dev2/virtualbox/private_key', 'ssh_user': 'vagrant'})
|
||||
|
||||
rabbitmq_service1 = resource.create('rabbitmq_service1', 'resources/rabbitmq_service/', {'ssh_user':'', 'ip':'','management_port':'15672', 'port':'5672', 'ssh_key':'', 'container_name': 'rabbitmq_service1', 'image': 'rabbitmq:3-management'})
|
||||
openstack_vhost = resource.create('openstack_vhost', 'resources/rabbitmq_vhost/', {'ssh_user':'', 'ip':'', 'ssh_key':'', 'vhost_name' : 'openstack', 'container_name':''})
|
||||
openstack_rabbitmq_user = resource.create('openstack_rabbitmq_user', 'resources/rabbitmq_user/', {'ssh_user':'', 'ip':'', 'ssh_key':'', 'vhost_name' : '', 'user_name':'openstack', 'password':'openstack_password', 'container_name':''})
|
||||
rabbitmq_service1 = resource.create('rabbitmq_service1', 'resources/rabbitmq_service/', {'ssh_user': '', 'ip': '','management_port': '15672', 'port': '5672', 'ssh_key': '', 'container_name': 'rabbitmq_service1', 'image': 'rabbitmq:3-management'})
|
||||
openstack_vhost = resource.create('openstack_vhost', 'resources/rabbitmq_vhost/', {'ssh_user': '', 'ip': '', 'ssh_key': '', 'vhost_name': 'openstack', 'container_name': ''})
|
||||
openstack_rabbitmq_user = resource.create('openstack_rabbitmq_user', 'resources/rabbitmq_user/', {'ssh_user': '', 'ip': '', 'ssh_key': '', 'vhost_name': '', 'user_name': 'openstack', 'password': 'openstack_password', 'container_name': ''})
|
||||
|
||||
mariadb_service1 = resource.create('mariadb_service1', 'resources/mariadb_service', {'image': 'mariadb', 'root_password': 'mariadb', 'port': 3306, 'ip': '', 'ssh_user': '', 'ssh_key': ''})
|
||||
keystone_db = resource.create('keystone_db', 'resources/mariadb_keystone_db/', {'db_name': 'keystone_db', 'login_password': '', 'login_user': 'root', 'login_port': '', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
|
||||
@ -44,10 +46,26 @@ def deploy():
|
||||
haproxy_config = resource.create('haproxy_config', 'resources/haproxy_config', {'ip': '', 'ssh_key': '', 'ssh_user': '', 'configs_names':[], 'configs_ports':[], 'listen_ports':[], 'configs':[], 'config_dir': ''})
|
||||
haproxy_service = resource.create('haproxy_service', 'resources/docker_container/', {'image': 'tutum/haproxy', 'ports': [], 'host_binds': [], 'volume_binds':[], 'ip': '', 'ssh_key': '', 'ssh_user': ''})
|
||||
|
||||
admin_tenant = resource.create('admin_tenant', 'resources/keystone_tenant', {'keystone_host': '', 'keystone_port':'', 'login_user': 'admin', 'admin_token':'', 'tenant_name' : 'admin', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
|
||||
admin_user = resource.create('admin_user', 'resources/keystone_user', {'keystone_host': '', 'keystone_port':'', 'login_user': 'admin', 'admin_token':'', 'tenant_name' : '', 'user_name': 'admin', 'user_password':'admin', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
|
||||
admin_role = resource.create('admin_role', 'resources/keystone_role', {'keystone_host': '', 'keystone_port':'', 'login_user': 'admin', 'admin_token':'', 'tenant_name' : '', 'user_name': '', 'role_name': 'admin', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
|
||||
keystone_service_endpoint = resource.create('keystone_service_endpoint', 'resources/keystone_service_endpoint/', {'ip':'', 'ssh_key' : '', 'ssh_user':'', 'admin_port':'', 'admin_token':'', 'adminurl':'http://{{ip}}:{{admin_port}}/v2.0', 'internalurl':'http://{{ip}}:{{port}}/v2.0', 'publicurl':'http://{{ip}}:{{port}}/v2.0', 'description':'OpenStack Identity Service', 'keystone_host':'', 'keystone_port':'', 'name':'keystone', 'port':'', 'type':'identity'})
|
||||
glance_db = resource.create('glance_db', 'resources/mariadb_db/', {'db_name': 'glance_db', 'login_password': '', 'login_user': 'root', 'login_port': '', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
|
||||
glance_db_user = resource.create('glance_db_user', 'resources/mariadb_user/', {'new_user_name': 'glance', 'new_user_password': 'glance', 'db_name': '', 'login_password': '', 'login_user': 'root', 'login_port': '', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
|
||||
|
||||
services_tenant = resource.create('glance_keystone_tenant', 'resources/keystone_tenant', {'keystone_host': '', 'keystone_port': '', 'login_user': 'admin', 'admin_token': '', 'tenant_name': 'services', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
|
||||
|
||||
glance_keystone_user = resource.create('glance_keystone_user', 'resources/keystone_user', {'user_name': 'glance_admin', 'user_password': 'password1234', 'tenant_name': 'service_admins', 'role_name': 'glance_admin', 'keystone_host': '', 'keystone_port': '', 'admin_token': '', 'ip': '', 'ssh_key': '', 'ssh_user': ''})
|
||||
glance_keystone_role = resource.create('glance_keystone_role', 'resources/keystone_role', {'keystone_host': '', 'keystone_port': '', 'login_user': 'admin', 'admin_token': '', 'tenant_name': '', 'user_name': '', 'role_name': 'admin', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
|
||||
|
||||
glance_config = resource.create('glance_config', 'resources/glance_config/', {'ip': '', 'ssh_key': '', 'ssh_user': '', 'keystone_ip': '', 'keystone_port': '', 'config_dir': {}, 'api_port': '', 'registry_port': '', 'mysql_ip': '', 'mysql_db': '', 'mysql_user': '', 'mysql_password': '', 'keystone_admin_user': '', 'keystone_admin_password': '', 'keystone_admin_port': '', 'keystone_admin_tenant': ''})
|
||||
glance_api_container = resource.create('glance_api_container', 'resources/glance_api_service/', {'image': 'cgenie/centos-rdo-glance-api', 'ports': [{'value': [{'value': 9292}]}], 'host_binds': [], 'volume_binds': [], 'db_password': '', 'keystone_password': '', 'keystone_admin_token': '', 'keystone_host': '', 'ip': '', 'ssh_key': '', 'ssh_user': ''})
|
||||
glance_registry_container = resource.create('glance_registry_container', 'resources/glance_registry_service/', {'image': 'cgenie/centos-rdo-glance-registry', 'ports': [{'value': [{'value': 9191}]}], 'host_binds': [], 'volume_binds': [], 'db_host': '', 'db_root_password': '', 'db_password': '', 'db_name': '', 'db_user': '', 'keystone_admin_tenant': '', 'keystone_password': '', 'keystone_user': '', 'keystone_admin_token': '', 'keystone_host': '', 'ip': '', 'ssh_key': '', 'ssh_user': ''})
|
||||
# TODO: admin_port should be refactored, we need to rethink docker
|
||||
# container resource and make it common for all
|
||||
# resources used in this demo
|
||||
glance_api_endpoint = resource.create('glance_api_endpoint', 'resources/keystone_service_endpoint/', {'ip': '', 'ssh_key': '', 'ssh_user': '', 'admin_port': 9292, 'admin_token': '', 'adminurl': 'http://{{ip}}:{{admin_port}}', 'internalurl': 'http://{{ip}}:{{port}}', 'publicurl': 'http://{{ip}}:{{port}}', 'description': 'OpenStack Image Service', 'keystone_host': '', 'keystone_port': '', 'name': 'glance', 'port': 9292, 'type': 'image'})
|
||||
|
||||
admin_tenant = resource.create('admin_tenant', 'resources/keystone_tenant', {'keystone_host': '', 'keystone_port': '', 'login_user': 'admin', 'admin_token': '', 'tenant_name': 'admin', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
|
||||
admin_user = resource.create('admin_user', 'resources/keystone_user', {'keystone_host': '', 'keystone_port': '', 'login_user': 'admin', 'admin_token': '', 'tenant_name': '', 'user_name': 'admin', 'user_password': 'admin', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
|
||||
admin_role = resource.create('admin_role', 'resources/keystone_role', {'keystone_host': '', 'keystone_port': '', 'login_user': 'admin', 'admin_token': '', 'tenant_name': '', 'user_name': '', 'role_name': 'admin', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
|
||||
keystone_service_endpoint = resource.create('keystone_service_endpoint', 'resources/keystone_service_endpoint/', {'ip': '', 'ssh_key': '', 'ssh_user': '', 'admin_port': '', 'admin_token': '', 'adminurl': 'http://{{ip}}:{{admin_port}}/v2.0', 'internalurl': 'http://{{ip}}:{{port}}/v2.0', 'publicurl': 'http://{{ip}}:{{port}}/v2.0', 'description': 'OpenStack Identity Service', 'keystone_host': '', 'keystone_port': '', 'name': 'keystone', 'port': '', 'type': 'identity'})
|
||||
|
||||
|
||||
####
|
||||
@ -95,36 +113,69 @@ def deploy():
|
||||
signals.connect(node2, haproxy_service)
|
||||
signals.connect(haproxy_config, haproxy_service, {'listen_ports': 'ports', 'config_dir': 'host_binds'})
|
||||
|
||||
#keystone configuration
|
||||
# keystone configuration
|
||||
signals.connect(keystone_config1, admin_tenant)
|
||||
signals.connect(keystone_service1, admin_tenant, {'admin_port': 'keystone_port', 'ip': 'keystone_host'})
|
||||
signals.connect(admin_tenant, admin_user)
|
||||
signals.connect(admin_user, admin_role)
|
||||
signals.connect(keystone_config1, keystone_service_endpoint)
|
||||
signals.connect(keystone_service1, keystone_service_endpoint, {'ip': 'keystone_host','admin_port':'admin_port', 'port':'port'})
|
||||
signals.connect(keystone_service1, keystone_service_endpoint, {'ip': 'keystone_host','admin_port': 'admin_port', 'port': 'port'})
|
||||
signals.connect(keystone_service1, keystone_service_endpoint, {'admin_port': 'keystone_port'})
|
||||
|
||||
# glance db
|
||||
signals.connect(node1, glance_db)
|
||||
signals.connect(mariadb_service1, glance_db, {'root_password': 'login_password', 'port': 'login_port'})
|
||||
signals.connect(node1, glance_db_user)
|
||||
signals.connect(mariadb_service1, glance_db_user, {'root_password': 'login_password', 'port': 'login_port'})
|
||||
signals.connect(glance_db, glance_db_user, {'db_name': 'db_name'})
|
||||
|
||||
# glance keystone user
|
||||
signals.connect(keystone_config1, services_tenant)
|
||||
signals.connect(keystone_service1, services_tenant, {'admin_port': 'keystone_port', 'ip': 'keystone_host'})
|
||||
signals.connect(services_tenant, glance_keystone_user) # standard ip, ssh_key, ssh_user
|
||||
signals.connect(glance_keystone_user, glance_keystone_role)
|
||||
signals.connect(keystone_service1, glance_keystone_user, {'admin_port': 'keystone_port', 'ip': 'keystone_host'})
|
||||
signals.connect(keystone_config1, glance_keystone_user, {'admin_token': 'admin_token'})
|
||||
signals.connect(glance_keystone_user, glance_config, {'user_name': 'keystone_admin_user', 'user_password': 'keystone_admin_password', 'tenant_name': 'keystone_admin_tenant'})
|
||||
signals.connect(keystone_service2, glance_config, {'admin_port': 'keystone_admin_port'})
|
||||
|
||||
# glance
|
||||
signals.connect(node2, glance_config)
|
||||
signals.connect(haproxy_keystone_config, glance_config, {'listen_port': 'keystone_port'})
|
||||
signals.connect(haproxy_service, glance_config, {'ip': 'keystone_ip'})
|
||||
signals.connect(mariadb_service1, glance_config, {'ip': 'mysql_ip'})
|
||||
signals.connect(glance_db, glance_config, {'db_name': 'mysql_db'})
|
||||
signals.connect(glance_db_user, glance_config, {'new_user_name': 'mysql_user', 'new_user_password': 'mysql_password'})
|
||||
signals.connect(node2, glance_api_container)
|
||||
signals.connect(glance_config, glance_api_container, {'config_dir': 'host_binds'})
|
||||
|
||||
signals.connect(glance_db_user, glance_api_container, {'new_user_password': 'db_password'})
|
||||
signals.connect(glance_keystone_user, glance_api_container, {'user_password': 'keystone_password'})
|
||||
signals.connect(glance_keystone_user, glance_api_container, {'admin_token': 'keystone_admin_token'})
|
||||
signals.connect(haproxy_config, glance_api_container, {'ip': 'keystone_host'})
|
||||
|
||||
signals.connect(node2, glance_registry_container)
|
||||
signals.connect(glance_config, glance_registry_container, {'config_dir': 'host_binds'})
|
||||
|
||||
signals.connect(mariadb_service1, glance_registry_container, {'ip': 'db_host'})
|
||||
signals.connect(glance_db, glance_registry_container, {'db_name': 'db_name', 'login_password': 'db_root_password'})
|
||||
signals.connect(glance_db_user, glance_registry_container, {'new_user_name': 'db_user', 'new_user_password': 'db_password'})
|
||||
signals.connect(glance_keystone_user, glance_registry_container, {'tenant_name': 'keystone_admin_tenant', 'user_name': 'keystone_user', 'user_password': 'keystone_password'})
|
||||
signals.connect(glance_keystone_user, glance_registry_container, {'admin_token': 'keystone_admin_token'})
|
||||
signals.connect(haproxy_config, glance_registry_container, {'ip': 'keystone_host'})
|
||||
|
||||
# glance keystone endpoint
|
||||
signals.connect(glance_api_container, glance_api_endpoint, {'ip': 'ip', 'ssh_user': 'ssh_user', 'ssh_key': 'ssh_key'})
|
||||
signals.connect(keystone_config1, glance_api_endpoint, {'admin_token': 'admin_token'})
|
||||
signals.connect(keystone_service1, glance_api_endpoint, {'ip': 'keystone_host', 'admin_port': 'keystone_port'})
|
||||
|
||||
|
||||
has_errors = False
|
||||
for r in [node1,
|
||||
node2,
|
||||
mariadb_service1,
|
||||
keystone_db,
|
||||
rabbitmq_service1,
|
||||
openstack_vhost,
|
||||
openstack_rabbitmq_user,
|
||||
keystone_db_user,
|
||||
keystone_config1,
|
||||
keystone_service1,
|
||||
keystone_config2,
|
||||
keystone_service2,
|
||||
haproxy_keystone_config,
|
||||
haproxy_config,
|
||||
haproxy_service,
|
||||
admin_tenant,
|
||||
admin_user,
|
||||
admin_role,
|
||||
keystone_service_endpoint]:
|
||||
for r in locals().values():
|
||||
if not isinstance(r, resource.Resource):
|
||||
continue
|
||||
|
||||
print 'Validating {}'.format(r.name)
|
||||
errors = validation.validate_resource(r)
|
||||
if errors:
|
||||
has_errors = True
|
||||
@ -155,12 +206,48 @@ def deploy():
|
||||
actions.resource_action(admin_role, 'run')
|
||||
actions.resource_action(keystone_service_endpoint, 'run')
|
||||
|
||||
actions.resource_action(services_tenant, 'run')
|
||||
actions.resource_action(glance_keystone_user, 'run')
|
||||
actions.resource_action(glance_keystone_role, 'run')
|
||||
actions.resource_action(glance_db, 'run')
|
||||
actions.resource_action(glance_db_user, 'run')
|
||||
actions.resource_action(glance_config, 'run')
|
||||
actions.resource_action(glance_api_container, 'run')
|
||||
time.sleep(10) #TODO fix
|
||||
actions.resource_action(glance_registry_container, 'run')
|
||||
time.sleep(10)
|
||||
actions.resource_action(glance_api_endpoint, 'run')
|
||||
|
||||
# test working configuration
|
||||
requests.get('http://%s:%s' % (keystone_service1.args['ip'].value, keystone_service1.args['port'].value))
|
||||
requests.get('http://%s:%s' % (keystone_service2.args['ip'].value, keystone_service2.args['port'].value))
|
||||
requests.get('http://%s:%s' % (haproxy_service.args['ip'].value, haproxy_service.args['ports'].value[0]['value'][0]['value']))
|
||||
|
||||
token_data = requests.post(
|
||||
'http://%s:%s/v2.0/tokens' % (haproxy_service.args['ip'].value, haproxy_keystone_config.args['listen_port'].value),
|
||||
json.dumps({
|
||||
'auth': {
|
||||
'tenantName': glance_keystone_user.args['tenant_name'].value,
|
||||
'passwordCredentials': {
|
||||
'username': glance_keystone_user.args['user_name'].value,
|
||||
'password': glance_keystone_user.args['user_password'].value,
|
||||
}
|
||||
}
|
||||
}),
|
||||
headers={'Content-Type': 'application/json'}
|
||||
)
|
||||
|
||||
token = token_data.json()['access']['token']['id']
|
||||
print 'TOKEN: {}'.format(token)
|
||||
|
||||
requests.get('http://%s:%s' % (rabbitmq_service1.args['ip'].value, rabbitmq_service1.args['management_port'].value))
|
||||
|
||||
requests.get('http://%s:%s' % (glance_api_container.args['ip'].value, glance_api_container.args['ports'].value[0]['value'][0]['value']))
|
||||
requests.get(
|
||||
'http://%s:%s' % (glance_registry_container.args['ip'].value, glance_registry_container.args['ports'].value[0]['value'][0]['value']),
|
||||
headers={'X-Auth-Token': token}
|
||||
)
|
||||
|
||||
|
||||
@click.command()
|
||||
def undeploy():
|
||||
@ -169,10 +256,21 @@ def undeploy():
|
||||
resources = map(resource.wrap_resource, db.get_list('resource'))
|
||||
resources = {r.name: r for r in resources}
|
||||
|
||||
actions.resource_action(resources['glance_api_endpoint'], 'remove')
|
||||
actions.resource_action(resources['glance_api_container'], 'remove')
|
||||
actions.resource_action(resources['glance_registry_container'], 'remove')
|
||||
actions.resource_action(resources['glance_config'], 'remove')
|
||||
actions.resource_action(resources['glance_db_user'], 'remove')
|
||||
actions.resource_action(resources['glance_db'], 'remove')
|
||||
actions.resource_action(resources['glance_keystone_role'], 'remove')
|
||||
actions.resource_action(resources['glance_keystone_user'], 'remove')
|
||||
actions.resource_action(resources['glance_keystone_tenant'], 'remove')
|
||||
|
||||
actions.resource_action(resources['keystone_service_endpoint'], 'remove')
|
||||
actions.resource_action(resources['admin_role'], 'remove')
|
||||
actions.resource_action(resources['admin_user'], 'remove')
|
||||
actions.resource_action(resources['admin_tenant'], 'remove')
|
||||
|
||||
actions.resource_action(resources['haproxy_service'], 'remove')
|
||||
actions.resource_action(resources['haproxy_config'], 'remove')
|
||||
actions.resource_action(resources['keystone_service2'], 'remove')
|
||||
|
4
main.yml
4
main.yml
@ -13,8 +13,12 @@
|
||||
- apt: name=python-pudb state=present
|
||||
- apt: name=python-pip state=present
|
||||
- apt: name=python-mysqldb state=present
|
||||
- apt: name=jq state=present
|
||||
- shell: pip install -U pip
|
||||
- shell: pip install docker-py==1.1.0
|
||||
- shell: pip install python-keystoneclient==1.5.0
|
||||
|
||||
- shell: pip install httpie
|
||||
|
||||
# requirements
|
||||
- shell: pip install -r /vagrant/requirements.txt
|
||||
|
@ -12,10 +12,10 @@ input:
|
||||
schema: [{value: [{value: int}]}]
|
||||
value: []
|
||||
host_binds:
|
||||
schema: [{value: {src: str, dst: str}}]
|
||||
schema: [{value: {src: str, dst: str, mode: str}}]
|
||||
value: []
|
||||
volume_binds:
|
||||
schema: [{src: str, dst: str}]
|
||||
schema: [{src: str, dst: str, mode: str}]
|
||||
value: []
|
||||
ssh_user:
|
||||
schema: str!
|
||||
|
6
resources/glance_api_service/actions/remove.yml
Normal file
6
resources/glance_api_service/actions/remove.yml
Normal file
@ -0,0 +1,6 @@
|
||||
|
||||
- hosts: [{{ ip }}]
|
||||
sudo: yes
|
||||
tasks:
|
||||
- shell: docker stop {{ name }}
|
||||
- shell: docker rm {{ name }}
|
28
resources/glance_api_service/actions/run.yml
Normal file
28
resources/glance_api_service/actions/run.yml
Normal file
@ -0,0 +1,28 @@
|
||||
|
||||
- hosts: [{{ ip }}]
|
||||
sudo: yes
|
||||
tasks:
|
||||
- docker:
|
||||
command: /bin/bash -c "glance-manage db_sync && /usr/bin/glance-api"
|
||||
name: {{ name }}
|
||||
image: {{ image }}
|
||||
state: running
|
||||
net: host
|
||||
{% if ports.value %}
|
||||
ports:
|
||||
{% for port in ports.value %}
|
||||
{% for p in port['value'] %}
|
||||
- {{ p['value'] }}:{{ p['value'] }}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if host_binds.value %}
|
||||
volumes:
|
||||
# TODO: host_binds might need more work
|
||||
# Currently it's not that trivial to pass custom src: dst here
|
||||
# (when a config variable is passed here from other resource)
|
||||
# so we mount it to the same directory as on host
|
||||
{% for bind in host_binds.value %}
|
||||
- {{ bind['value']['src'] }}:{{ bind['value']['dst'] }}:{{ bind['value'].get('mode', 'ro') }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
40
resources/glance_api_service/meta.yaml
Normal file
40
resources/glance_api_service/meta.yaml
Normal file
@ -0,0 +1,40 @@
|
||||
id: container
|
||||
handler: ansible
|
||||
version: 1.0.0
|
||||
input:
|
||||
ip:
|
||||
schema: str!
|
||||
value:
|
||||
image:
|
||||
schema: str!
|
||||
value:
|
||||
ports:
|
||||
schema: [{value: [{value: int}]}]
|
||||
value: []
|
||||
host_binds:
|
||||
schema: [{value: {src: str, dst: str, mode: str}}]
|
||||
value: []
|
||||
volume_binds:
|
||||
schema: [{src: str, dst: str, mode: str}]
|
||||
value: []
|
||||
ssh_user:
|
||||
schema: str!
|
||||
value: []
|
||||
ssh_key:
|
||||
schema: str!
|
||||
value: []
|
||||
|
||||
db_password:
|
||||
schema: str!
|
||||
value:
|
||||
keystone_admin_token:
|
||||
schema: str!
|
||||
value:
|
||||
keystone_password:
|
||||
schema: str!
|
||||
value:
|
||||
keystone_host:
|
||||
schema: str!
|
||||
value:
|
||||
|
||||
tags: [resource/container]
|
5
resources/glance_config/actions/remove.yml
Normal file
5
resources/glance_config/actions/remove.yml
Normal file
@ -0,0 +1,5 @@
|
||||
|
||||
- hosts: [{{ ip }}]
|
||||
sudo: yes
|
||||
tasks:
|
||||
- shell: echo 'removed'
|
36
resources/glance_config/actions/run.yml
Normal file
36
resources/glance_config/actions/run.yml
Normal file
@ -0,0 +1,36 @@
|
||||
- hosts: [{{ ip }}]
|
||||
sudo: yes
|
||||
vars:
|
||||
api_port: {{ api_port }}
|
||||
registry_port: {{ registry_port }}
|
||||
keystone_ip: {{ keystone_ip }}
|
||||
keystone_port: {{ keystone_port }}
|
||||
keystone_admin_user: {{ keystone_admin_user }}
|
||||
keystone_admin_password: {{ keystone_admin_password }}
|
||||
keystone_admin_port: {{ keystone_admin_port }}
|
||||
keystone_admin_tenant: {{ keystone_admin_tenant }}
|
||||
mysql_ip: {{ mysql_ip }}
|
||||
mysql_db: {{ mysql_db }}
|
||||
mysql_user: {{ mysql_user }}
|
||||
mysql_password: {{ mysql_password }}
|
||||
config_dir: {src: {{ config_dir.value['src'] }}, dst: {{ config_dir.value['dst'] }}}
|
||||
tasks:
|
||||
- file: path={{ config_dir.value['src'] }}/ state=directory
|
||||
- file: path={{ config_dir.value['src'] }}/glance-api.conf state=touch
|
||||
- file: path={{ config_dir.value['src'] }}/glance-api-paste.ini state=touch
|
||||
- file: path={{ config_dir.value['src'] }}/glance-cache.conf state=touch
|
||||
- file: path={{ config_dir.value['src'] }}/glance-registry.conf state=touch
|
||||
- file: path={{ config_dir.value['src'] }}/glance-registry-paste.ini state=touch
|
||||
- file: path={{ config_dir.value['src'] }}/glance-scrubber.conf state=touch
|
||||
- file: path={{ config_dir.value['src'] }}/policy.json state=touch
|
||||
- file: path={{ config_dir.value['src'] }}/schema-image.json state=touch
|
||||
- file: path={{ config_dir.value['src'] }}/exports state=touch
|
||||
- template: src={{ resource_dir }}/templates/glance-api.conf dest={{ config_dir.value['src'] }}/glance-api.conf
|
||||
- template: src={{ resource_dir }}/templates/glance-api-paste.ini dest={{ config_dir.value['src'] }}/glance-api-paste.ini
|
||||
- template: src={{ resource_dir }}/templates/glance-cache.conf dest={{ config_dir.value['src'] }}/glance-cache.conf
|
||||
- template: src={{ resource_dir }}/templates/glance-registry.conf dest={{ config_dir.value['src'] }}/glance-registry.conf
|
||||
- template: src={{ resource_dir }}/templates/glance-registry-paste.ini dest={{ config_dir.value['src'] }}/glance-registry-paste.ini
|
||||
- template: src={{ resource_dir }}/templates/glance-scrubber.conf dest={{ config_dir.value['src'] }}/glance-scrubber.conf
|
||||
- template: src={{ resource_dir }}/templates/policy.json dest={{ config_dir.value['src'] }}/policy.json
|
||||
- template: src={{ resource_dir }}/templates/schema-image.json dest={{ config_dir.value['src'] }}/schema-image.json
|
||||
- template: src={{ resource_dir }}/templates/exports dest={{ config_dir.value['src'] }}/glance-export
|
53
resources/glance_config/meta.yaml
Normal file
53
resources/glance_config/meta.yaml
Normal file
@ -0,0 +1,53 @@
|
||||
id: glance_config
|
||||
handler: ansible
|
||||
version: 1.0.0
|
||||
input:
|
||||
ip:
|
||||
schema: str!
|
||||
value:
|
||||
ssh_user:
|
||||
schema: str!
|
||||
value: []
|
||||
ssh_key:
|
||||
schema: str!
|
||||
value: []
|
||||
|
||||
config_dir:
|
||||
schema: {src: str!, dst: str!, mode: str}
|
||||
value: {src: /etc/solar/glance, dst: /etc/glance, mode: rw}
|
||||
api_port:
|
||||
schema: int!
|
||||
value: 9292
|
||||
registry_port:
|
||||
schema: int!
|
||||
value: 9191
|
||||
keystone_ip:
|
||||
schema: str!
|
||||
value:
|
||||
keystone_port:
|
||||
schema: int!
|
||||
value: 5000
|
||||
keystone_admin_user:
|
||||
schema: str!
|
||||
value: glance_admin
|
||||
keystone_admin_password:
|
||||
schema: str!
|
||||
value: password1234
|
||||
keystone_admin_port:
|
||||
schema: int!
|
||||
value:
|
||||
keystone_admin_tenant:
|
||||
schema: str!
|
||||
value: service_admins
|
||||
mysql_ip:
|
||||
schema: str!
|
||||
value:
|
||||
mysql_db:
|
||||
schema: str!
|
||||
value:
|
||||
mysql_user:
|
||||
schema: str!
|
||||
value:
|
||||
mysql_password:
|
||||
schema: str!
|
||||
value:
|
4
resources/glance_config/templates/exports
Normal file
4
resources/glance_config/templates/exports
Normal file
@ -0,0 +1,4 @@
|
||||
export OS_TENANT_NAME={{ keystone_admin_tenant }}
|
||||
export OS_USERNAME={{ keystone_admin_user }}
|
||||
export OS_PASSWORD={{ keystone_admin_password }}
|
||||
export OS_AUTH_URL=http://{{ keystone_ip }}:{{ keystone_admin_port }}/v2.0
|
82
resources/glance_config/templates/glance-api-paste.ini
Normal file
82
resources/glance_config/templates/glance-api-paste.ini
Normal file
@ -0,0 +1,82 @@
|
||||
# Use this pipeline for no auth or image caching - DEFAULT
|
||||
[pipeline:glance-api]
|
||||
#pipeline = versionnegotiation osprofiler unauthenticated-context rootapp
|
||||
pipeline = versionnegotiation authtoken context appv1app
|
||||
|
||||
# Use this pipeline for image caching and no auth
|
||||
[pipeline:glance-api-caching]
|
||||
pipeline = versionnegotiation osprofiler unauthenticated-context cache rootapp
|
||||
|
||||
# Use this pipeline for caching w/ management interface but no auth
|
||||
[pipeline:glance-api-cachemanagement]
|
||||
pipeline = versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp
|
||||
|
||||
# Use this pipeline for keystone auth
|
||||
[pipeline:glance-api-keystone]
|
||||
pipeline = versionnegotiation osprofiler authtoken context rootapp
|
||||
|
||||
# Use this pipeline for keystone auth with image caching
|
||||
[pipeline:glance-api-keystone+caching]
|
||||
pipeline = versionnegotiation osprofiler authtoken context cache rootapp
|
||||
|
||||
# Use this pipeline for keystone auth with caching and cache management
|
||||
[pipeline:glance-api-keystone+cachemanagement]
|
||||
pipeline = versionnegotiation osprofiler authtoken context cache cachemanage rootapp
|
||||
|
||||
# Use this pipeline for authZ only. This means that the registry will treat a
|
||||
# user as authenticated without making requests to keystone to reauthenticate
|
||||
# the user.
|
||||
[pipeline:glance-api-trusted-auth]
|
||||
pipeline = versionnegotiation osprofiler context rootapp
|
||||
|
||||
# Use this pipeline for authZ only. This means that the registry will treat a
|
||||
# user as authenticated without making requests to keystone to reauthenticate
|
||||
# the user and uses cache management
|
||||
[pipeline:glance-api-trusted-auth+cachemanagement]
|
||||
pipeline = versionnegotiation osprofiler context cache cachemanage rootapp
|
||||
|
||||
[composite:rootapp]
|
||||
paste.composite_factory = glance.api:root_app_factory
|
||||
/: apiversions
|
||||
/v1: apiv1app
|
||||
/v2: apiv2app
|
||||
|
||||
[app:apiversions]
|
||||
paste.app_factory = glance.api.versions:create_resource
|
||||
|
||||
[app:apiv1app]
|
||||
paste.app_factory = glance.api.v1.router:API.factory
|
||||
|
||||
[app:apiv2app]
|
||||
paste.app_factory = glance.api.v2.router:API.factory
|
||||
|
||||
[filter:versionnegotiation]
|
||||
paste.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory
|
||||
|
||||
[filter:cache]
|
||||
paste.filter_factory = glance.api.middleware.cache:CacheFilter.factory
|
||||
|
||||
[filter:cachemanage]
|
||||
paste.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter.factory
|
||||
|
||||
[filter:context]
|
||||
paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
|
||||
|
||||
[filter:unauthenticated-context]
|
||||
paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
|
||||
|
||||
[filter:authtoken]
|
||||
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
||||
identity_uri = http://{{ keystone_ip }}:{{ keystone_admin_port }}
|
||||
admin_user = {{ keystone_admin_user }}
|
||||
admin_tenant_name = {{ keystone_admin_tenant }}
|
||||
admin_password = {{ keystone_admin_password }}
|
||||
#delay_auth_decision = true
|
||||
|
||||
[filter:gzip]
|
||||
paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory
|
||||
|
||||
[filter:osprofiler]
|
||||
paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
|
||||
hmac_keys = SECRET_KEY
|
||||
enabled = yes
|
35
resources/glance_config/templates/glance-api.conf
Normal file
35
resources/glance_config/templates/glance-api.conf
Normal file
@ -0,0 +1,35 @@
|
||||
[DEFAULT]
|
||||
default_store = file
|
||||
bind_host = 0.0.0.0
|
||||
bind_port = {{ api_port }}
|
||||
log_file = /var/log/glance/api.log
|
||||
backlog = 4096
|
||||
registry_host = 0.0.0.0
|
||||
registry_port = {{ registry_port }}
|
||||
registry_client_protocol = http
|
||||
|
||||
delayed_delete = False
|
||||
scrub_time = 43200
|
||||
scrubber_datadir = /var/lib/glance/scrubber
|
||||
image_cache_dir = /var/lib/glance/image-cache/
|
||||
|
||||
[database]
|
||||
connection = mysql://{{ mysql_user }}:{{ mysql_password }}@{{ mysql_ip }}/{{ mysql_db }}
|
||||
backend = mysql
|
||||
|
||||
[keystone_authtoken]
|
||||
auth_uri = http://{{ keystone_ip }}:{{ keystone_port }}/v2.0
|
||||
identity_uri = http://{{ keystone_ip }}:{{ keystone_admin_port }}
|
||||
admin_tenant_name = {{ keystone_admin_tenant }}
|
||||
admin_user = {{ keystone_admin_user }}
|
||||
admin_password = {{ keystone_admin_password }}
|
||||
revocation_cache_time = 10
|
||||
|
||||
[paste_deploy]
|
||||
flavor=keystone+cachemanagement
|
||||
|
||||
[glance_store]
|
||||
filesystem_store_datadir = /var/lib/glance/images/
|
||||
sheepdog_store_address = localhost
|
||||
sheepdog_store_port = 7000
|
||||
sheepdog_store_chunk_size = 64
|
200
resources/glance_config/templates/glance-cache.conf
Normal file
200
resources/glance_config/templates/glance-cache.conf
Normal file
@ -0,0 +1,200 @@
|
||||
[DEFAULT]
|
||||
# Show more verbose log output (sets INFO log level output)
|
||||
#verbose = False
|
||||
|
||||
# Show debugging output in logs (sets DEBUG log level output)
|
||||
#debug = False
|
||||
|
||||
# Log to this file. Make sure you do not set the same log file for both the API
|
||||
# and registry servers!
|
||||
#
|
||||
# If `log_file` is omitted and `use_syslog` is false, then log messages are
|
||||
# sent to stdout as a fallback.
|
||||
log_file = /var/log/glance/image-cache.log
|
||||
|
||||
# Send logs to syslog (/dev/log) instead of to file specified by `log_file`
|
||||
#use_syslog = False
|
||||
|
||||
# Directory that the Image Cache writes data to
|
||||
image_cache_dir = /var/lib/glance/image-cache/
|
||||
|
||||
# Number of seconds after which we should consider an incomplete image to be
|
||||
# stalled and eligible for reaping
|
||||
image_cache_stall_time = 86400
|
||||
|
||||
# Max cache size in bytes
|
||||
image_cache_max_size = 10737418240
|
||||
|
||||
# Address to find the registry server
|
||||
registry_host = 0.0.0.0
|
||||
|
||||
# Port the registry server is listening on
|
||||
registry_port = 9191
|
||||
|
||||
# Auth settings if using Keystone
|
||||
# auth_url = http://127.0.0.1:5000/v2.0/
|
||||
# admin_tenant_name = %SERVICE_TENANT_NAME%
|
||||
# admin_user = %SERVICE_USER%
|
||||
# admin_password = %SERVICE_PASSWORD%
|
||||
|
||||
# List of which store classes and store class locations are
|
||||
# currently known to glance at startup.
|
||||
# known_stores = glance.store.filesystem.Store,
|
||||
# glance.store.http.Store,
|
||||
# glance.store.rbd.Store,
|
||||
# glance.store.s3.Store,
|
||||
# glance.store.swift.Store,
|
||||
# glance.store.sheepdog.Store,
|
||||
# glance.store.cinder.Store,
|
||||
# glance.store.vmware_datastore.Store,
|
||||
|
||||
# ============ Filesystem Store Options ========================
|
||||
|
||||
# Directory that the Filesystem backend store
|
||||
# writes image data to
|
||||
filesystem_store_datadir = /var/lib/glance/images/
|
||||
|
||||
# ============ Swift Store Options =============================
|
||||
|
||||
# Version of the authentication service to use
|
||||
# Valid versions are '2' for keystone and '1' for swauth and rackspace
|
||||
swift_store_auth_version = 2
|
||||
|
||||
# Address where the Swift authentication service lives
|
||||
# Valid schemes are 'http://' and 'https://'
|
||||
# If no scheme specified, default to 'https://'
|
||||
# For swauth, use something like '127.0.0.1:8080/v1.0/'
|
||||
swift_store_auth_address = 127.0.0.1:5000/v2.0/
|
||||
|
||||
# User to authenticate against the Swift authentication service
|
||||
# If you use Swift authentication service, set it to 'account':'user'
|
||||
# where 'account' is a Swift storage account and 'user'
|
||||
# is a user in that account
|
||||
swift_store_user = jdoe:jdoe
|
||||
|
||||
# Auth key for the user authenticating against the
|
||||
# Swift authentication service
|
||||
swift_store_key = a86850deb2742ec3cb41518e26aa2d89
|
||||
|
||||
# Container within the account that the account should use
|
||||
# for storing images in Swift
|
||||
swift_store_container = glance
|
||||
|
||||
# Do we create the container if it does not exist?
|
||||
swift_store_create_container_on_put = False
|
||||
|
||||
# What size, in MB, should Glance start chunking image files
|
||||
# and do a large object manifest in Swift? By default, this is
|
||||
# the maximum object size in Swift, which is 5GB
|
||||
swift_store_large_object_size = 5120
|
||||
|
||||
# When doing a large object manifest, what size, in MB, should
|
||||
# Glance write chunks to Swift? This amount of data is written
|
||||
# to a temporary disk buffer during the process of chunking
|
||||
# the image file, and the default is 200MB
|
||||
swift_store_large_object_chunk_size = 200
|
||||
|
||||
# Whether to use ServiceNET to communicate with the Swift storage servers.
|
||||
# (If you aren't RACKSPACE, leave this False!)
|
||||
#
|
||||
# To use ServiceNET for authentication, prefix hostname of
|
||||
# `swift_store_auth_address` with 'snet-'.
|
||||
# Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/
|
||||
swift_enable_snet = False
|
||||
|
||||
# ============ S3 Store Options =============================
|
||||
|
||||
# Address where the S3 authentication service lives
|
||||
# Valid schemes are 'http://' and 'https://'
|
||||
# If no scheme specified, default to 'http://'
|
||||
s3_store_host = 127.0.0.1:8080/v1.0/
|
||||
|
||||
# User to authenticate against the S3 authentication service
|
||||
s3_store_access_key = <20-char AWS access key>
|
||||
|
||||
# Auth key for the user authenticating against the
|
||||
# S3 authentication service
|
||||
s3_store_secret_key = <40-char AWS secret key>
|
||||
|
||||
# Container within the account that the account should use
|
||||
# for storing images in S3. Note that S3 has a flat namespace,
|
||||
# so you need a unique bucket name for your glance images. An
|
||||
# easy way to do this is append your AWS access key to "glance".
|
||||
# S3 buckets in AWS *must* be lowercased, so remember to lowercase
|
||||
# your AWS access key if you use it in your bucket name below!
|
||||
s3_store_bucket = <lowercased 20-char aws access key>glance
|
||||
|
||||
# Do we create the bucket if it does not exist?
|
||||
s3_store_create_bucket_on_put = False
|
||||
|
||||
# When sending images to S3, the data will first be written to a
|
||||
# temporary buffer on disk. By default the platform's temporary directory
|
||||
# will be used. If required, an alternative directory can be specified here.
|
||||
# s3_store_object_buffer_dir = /path/to/dir
|
||||
|
||||
# ============ Cinder Store Options ===========================
|
||||
|
||||
# Info to match when looking for cinder in the service catalog
|
||||
# Format is : separated values of the form:
|
||||
# <service_type>:<service_name>:<endpoint_type> (string value)
|
||||
#cinder_catalog_info = volume:cinder:publicURL
|
||||
|
||||
# Override service catalog lookup with template for cinder endpoint
|
||||
# e.g. http://localhost:8776/v1/%(project_id)s (string value)
|
||||
#cinder_endpoint_template = <None>
|
||||
|
||||
# Region name of this node (string value)
|
||||
#os_region_name = <None>
|
||||
|
||||
# Location of ca certicates file to use for cinder client requests
|
||||
# (string value)
|
||||
#cinder_ca_certificates_file = <None>
|
||||
|
||||
# Number of cinderclient retries on failed http calls (integer value)
|
||||
#cinder_http_retries = 3
|
||||
|
||||
# Allow to perform insecure SSL requests to cinder (boolean value)
|
||||
#cinder_api_insecure = False
|
||||
|
||||
# ============ VMware Datastore Store Options =====================
|
||||
|
||||
# ESX/ESXi or vCenter Server target system.
|
||||
# The server value can be an IP address or a DNS name
|
||||
# e.g. 127.0.0.1, 127.0.0.1:443, www.vmware-infra.com
|
||||
#vmware_server_host = <None>
|
||||
|
||||
# Server username (string value)
|
||||
#vmware_server_username = <None>
|
||||
|
||||
# Server password (string value)
|
||||
#vmware_server_password = <None>
|
||||
|
||||
# Inventory path to a datacenter (string value)
|
||||
# Value optional when vmware_server_ip is an ESX/ESXi host: if specified
|
||||
# should be `ha-datacenter`.
|
||||
#vmware_datacenter_path = <None>
|
||||
|
||||
# Datastore associated with the datacenter (string value)
|
||||
#vmware_datastore_name = <None>
|
||||
|
||||
# The number of times we retry on failures
|
||||
# e.g., socket error, etc (integer value)
|
||||
#vmware_api_retry_count = 10
|
||||
|
||||
# The interval used for polling remote tasks
|
||||
# invoked on VMware ESX/VC server in seconds (integer value)
|
||||
#vmware_task_poll_interval = 5
|
||||
|
||||
# Absolute path of the folder containing the images in the datastore
|
||||
# (string value)
|
||||
#vmware_store_image_dir = /openstack_glance
|
||||
|
||||
# Allow to perform insecure SSL requests to the target system (boolean value)
|
||||
#vmware_api_insecure = False
|
||||
|
||||
# ================= Security Options ==========================
|
||||
|
||||
# AES key for encrypting store 'location' metadata, including
|
||||
# -- if used -- Swift or S3 credentials
|
||||
# Should be set to a random string of length 16, 24 or 32 bytes
|
||||
# metadata_encryption_key = <16, 24 or 32 char registry metadata key>
|
35
resources/glance_config/templates/glance-registry-paste.ini
Normal file
35
resources/glance_config/templates/glance-registry-paste.ini
Normal file
@ -0,0 +1,35 @@
|
||||
# Use this pipeline for no auth - DEFAULT
|
||||
[pipeline:glance-registry]
|
||||
#pipeline = osprofiler unauthenticated-context registryapp
|
||||
pipeline = authtoke context registryapp
|
||||
|
||||
# Use this pipeline for keystone auth
|
||||
[pipeline:glance-registry-keystone]
|
||||
pipeline = osprofiler authtoken context registryapp
|
||||
|
||||
# Use this pipeline for authZ only. This means that the registry will treat a
|
||||
# user as authenticated without making requests to keystone to reauthenticate
|
||||
# the user.
|
||||
[pipeline:glance-registry-trusted-auth]
|
||||
pipeline = osprofiler context registryapp
|
||||
|
||||
[app:registryapp]
|
||||
paste.app_factory = glance.registry.api:API.factory
|
||||
|
||||
[filter:context]
|
||||
paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
|
||||
|
||||
[filter:unauthenticated-context]
|
||||
paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
|
||||
|
||||
[filter:authtoken]
|
||||
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
||||
identity_uri = http://{{ keystone_ip }}:{{ keystone_admin_port }}
|
||||
admin_user = {{ keystone_admin_user }}
|
||||
admin_tenant_name = {{ keystone_admin_tenant }}
|
||||
admin_password = {{ keystone_admin_password }}
|
||||
|
||||
[filter:osprofiler]
|
||||
paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
|
||||
hmac_keys = SECRET_KEY
|
||||
enabled = yes
|
22
resources/glance_config/templates/glance-registry.conf
Normal file
22
resources/glance_config/templates/glance-registry.conf
Normal file
@ -0,0 +1,22 @@
|
||||
[DEFAULT]
|
||||
bind_host = 0.0.0.0
|
||||
bind_port = 9191
|
||||
log_file = /var/log/glance/registry.log
|
||||
backlog = 4096
|
||||
api_limit_max = 1000
|
||||
limit_param_default = 25
|
||||
|
||||
[database]
|
||||
backend = mysql
|
||||
connection = mysql://{{ mysql_user }}:{{ mysql_password }}@{{ mysql_ip }}/{{ mysql_db }}
|
||||
|
||||
[keystone_authtoken]
|
||||
auth_uri = http://{{ keystone_ip }}:{{ keystone_port }}/v2.0
|
||||
identity_uri = http://{{ keystone_ip }}:{{ keystone_admin_port }}
|
||||
admin_tenant_name = {{ keystone_admin_tenant }}
|
||||
admin_user = {{ keystone_admin_user }}
|
||||
admin_password = {{ keystone_admin_password }}
|
||||
|
||||
[paste_deploy]
|
||||
flavor=keystone
|
||||
[profiler]
|
108
resources/glance_config/templates/glance-scrubber.conf
Normal file
108
resources/glance_config/templates/glance-scrubber.conf
Normal file
@ -0,0 +1,108 @@
|
||||
[DEFAULT]
|
||||
# Show more verbose log output (sets INFO log level output)
|
||||
#verbose = False
|
||||
|
||||
# Show debugging output in logs (sets DEBUG log level output)
|
||||
#debug = False
|
||||
|
||||
# Log to this file. Make sure you do not set the same log file for both the API
|
||||
# and registry servers!
|
||||
#
|
||||
# If `log_file` is omitted and `use_syslog` is false, then log messages are
|
||||
# sent to stdout as a fallback.
|
||||
log_file = /var/log/glance/scrubber.log
|
||||
|
||||
# Send logs to syslog (/dev/log) instead of to file specified by `log_file`
|
||||
#use_syslog = False
|
||||
|
||||
# Should we run our own loop or rely on cron/scheduler to run us
|
||||
daemon = False
|
||||
|
||||
# Loop time between checking for new items to schedule for delete
|
||||
wakeup_time = 300
|
||||
|
||||
# Directory that the scrubber will use to remind itself of what to delete
|
||||
# Make sure this is also set in glance-api.conf
|
||||
scrubber_datadir = /var/lib/glance/scrubber
|
||||
|
||||
# Only one server in your deployment should be designated the cleanup host
|
||||
cleanup_scrubber = False
|
||||
|
||||
# pending_delete items older than this time are candidates for cleanup
|
||||
cleanup_scrubber_time = 86400
|
||||
|
||||
# Address to find the registry server for cleanups
|
||||
registry_host = 0.0.0.0
|
||||
|
||||
# Port the registry server is listening on
|
||||
registry_port = 9191
|
||||
|
||||
# Auth settings if using Keystone
|
||||
# auth_url = http://127.0.0.1:5000/v2.0/
|
||||
# admin_tenant_name = %SERVICE_TENANT_NAME%
|
||||
# admin_user = %SERVICE_USER%
|
||||
# admin_password = %SERVICE_PASSWORD%
|
||||
|
||||
# Directory to use for lock files. Default to a temp directory
|
||||
# (string value). This setting needs to be the same for both
|
||||
# glance-scrubber and glance-api.
|
||||
#lock_path=<None>
|
||||
|
||||
# API to use for accessing data. Default value points to sqlalchemy
|
||||
# package, it is also possible to use: glance.db.registry.api
|
||||
#data_api = glance.db.sqlalchemy.api
|
||||
|
||||
# ================= Security Options ==========================
|
||||
|
||||
# AES key for encrypting store 'location' metadata, including
|
||||
# -- if used -- Swift or S3 credentials
|
||||
# Should be set to a random string of length 16, 24 or 32 bytes
|
||||
#metadata_encryption_key = <16, 24 or 32 char registry metadata key>
|
||||
|
||||
# ================= Database Options ===============+==========
|
||||
|
||||
[database]
|
||||
|
||||
# The SQLAlchemy connection string used to connect to the
|
||||
# database (string value)
|
||||
#connection=sqlite:////glance/openstack/common/db/$sqlite_db
|
||||
|
||||
# The SQLAlchemy connection string used to connect to the
|
||||
# slave database (string value)
|
||||
#slave_connection=
|
||||
|
||||
# timeout before idle sql connections are reaped (integer
|
||||
# value)
|
||||
#idle_timeout=3600
|
||||
|
||||
# Minimum number of SQL connections to keep open in a pool
|
||||
# (integer value)
|
||||
#min_pool_size=1
|
||||
|
||||
# Maximum number of SQL connections to keep open in a pool
|
||||
# (integer value)
|
||||
#max_pool_size=<None>
|
||||
|
||||
# maximum db connection retries during startup. (setting -1
|
||||
# implies an infinite retry count) (integer value)
|
||||
#max_retries=10
|
||||
|
||||
# interval between retries of opening a sql connection
|
||||
# (integer value)
|
||||
#retry_interval=10
|
||||
|
||||
# If set, use this value for max_overflow with sqlalchemy
|
||||
# (integer value)
|
||||
#max_overflow=<None>
|
||||
|
||||
# Verbosity of SQL debugging information. 0=None,
|
||||
# 100=Everything (integer value)
|
||||
#connection_debug=0
|
||||
|
||||
# Add python stack traces to SQL as comment strings (boolean
|
||||
# value)
|
||||
#connection_trace=false
|
||||
|
||||
# If set, use this value for pool_timeout with sqlalchemy
|
||||
# (integer value)
|
||||
#pool_timeout=<None>
|
52
resources/glance_config/templates/policy.json
Normal file
52
resources/glance_config/templates/policy.json
Normal file
@ -0,0 +1,52 @@
|
||||
{
|
||||
"context_is_admin": "role:admin",
|
||||
"default": "",
|
||||
|
||||
"add_image": "",
|
||||
"delete_image": "",
|
||||
"get_image": "",
|
||||
"get_images": "",
|
||||
"modify_image": "",
|
||||
"publicize_image": "role:admin",
|
||||
"copy_from": "",
|
||||
|
||||
"download_image": "",
|
||||
"upload_image": "",
|
||||
|
||||
"delete_image_location": "",
|
||||
"get_image_location": "",
|
||||
"set_image_location": "",
|
||||
|
||||
"add_member": "",
|
||||
"delete_member": "",
|
||||
"get_member": "",
|
||||
"get_members": "",
|
||||
"modify_member": "",
|
||||
|
||||
"manage_image_cache": "role:admin",
|
||||
|
||||
"get_task": "",
|
||||
"get_tasks": "",
|
||||
"add_task": "",
|
||||
"modify_task": "",
|
||||
|
||||
"get_metadef_namespace": "",
|
||||
"get_metadef_namespaces":"",
|
||||
"modify_metadef_namespace":"",
|
||||
"add_metadef_namespace":"",
|
||||
|
||||
"get_metadef_object":"",
|
||||
"get_metadef_objects":"",
|
||||
"modify_metadef_object":"",
|
||||
"add_metadef_object":"",
|
||||
|
||||
"list_metadef_resource_types":"",
|
||||
"get_metadef_resource_type":"",
|
||||
"add_metadef_resource_type_association":"",
|
||||
|
||||
"get_metadef_property":"",
|
||||
"get_metadef_properties":"",
|
||||
"modify_metadef_property":"",
|
||||
"add_metadef_property":""
|
||||
|
||||
}
|
28
resources/glance_config/templates/schema-image.json
Normal file
28
resources/glance_config/templates/schema-image.json
Normal file
@ -0,0 +1,28 @@
|
||||
{
|
||||
"kernel_id": {
|
||||
"type": "string",
|
||||
"pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$",
|
||||
"description": "ID of image stored in Glance that should be used as the kernel when booting an AMI-style image."
|
||||
},
|
||||
"ramdisk_id": {
|
||||
"type": "string",
|
||||
"pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$",
|
||||
"description": "ID of image stored in Glance that should be used as the ramdisk when booting an AMI-style image."
|
||||
},
|
||||
"instance_uuid": {
|
||||
"type": "string",
|
||||
"description": "ID of instance used to create this image."
|
||||
},
|
||||
"architecture": {
|
||||
"description": "Operating system architecture as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html",
|
||||
"type": "string"
|
||||
},
|
||||
"os_distro": {
|
||||
"description": "Common name of operating system distribution as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html",
|
||||
"type": "string"
|
||||
},
|
||||
"os_version": {
|
||||
"description": "Operating system version as specified by the distributor",
|
||||
"type": "string"
|
||||
}
|
||||
}
|
6
resources/glance_registry_service/actions/remove.yml
Normal file
6
resources/glance_registry_service/actions/remove.yml
Normal file
@ -0,0 +1,6 @@
|
||||
|
||||
- hosts: [{{ ip }}]
|
||||
sudo: yes
|
||||
tasks:
|
||||
- shell: docker stop {{ name }}
|
||||
- shell: docker rm {{ name }}
|
29
resources/glance_registry_service/actions/run.yml
Normal file
29
resources/glance_registry_service/actions/run.yml
Normal file
@ -0,0 +1,29 @@
|
||||
|
||||
- hosts: [{{ ip }}]
|
||||
sudo: yes
|
||||
tasks:
|
||||
- docker:
|
||||
#command: /bin/bash -c "glance-manage db_sync && /usr/bin/glance-registry"
|
||||
command: /usr/bin/glance-registry
|
||||
name: {{ name }}
|
||||
image: {{ image }}
|
||||
state: running
|
||||
net: host
|
||||
{% if ports.value %}
|
||||
ports:
|
||||
{% for port in ports.value %}
|
||||
{% for p in port['value'] %}
|
||||
- {{ p['value'] }}:{{ p['value'] }}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if host_binds.value %}
|
||||
volumes:
|
||||
# TODO: host_binds might need more work
|
||||
# Currently it's not that trivial to pass custom src: dst here
|
||||
# (when a config variable is passed here from other resource)
|
||||
# so we mount it to the same directory as on host
|
||||
{% for bind in host_binds.value %}
|
||||
- {{ bind['value']['src'] }}:{{ bind['value']['dst'] }}:{{ bind['value'].get('mode', 'ro') }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
58
resources/glance_registry_service/meta.yaml
Normal file
58
resources/glance_registry_service/meta.yaml
Normal file
@ -0,0 +1,58 @@
|
||||
id: container
|
||||
handler: ansible
|
||||
version: 1.0.0
|
||||
input:
|
||||
ip:
|
||||
schema: str!
|
||||
value:
|
||||
image:
|
||||
schema: str!
|
||||
value:
|
||||
ports:
|
||||
schema: [{value: [{value: int}]}]
|
||||
value: []
|
||||
host_binds:
|
||||
schema: [{value: {src: str, dst: str, mode: str}}]
|
||||
value: []
|
||||
volume_binds:
|
||||
schema: [{src: str, dst: str, mode: str}]
|
||||
value: []
|
||||
ssh_user:
|
||||
schema: str!
|
||||
value: []
|
||||
ssh_key:
|
||||
schema: str!
|
||||
value: []
|
||||
|
||||
db_host:
|
||||
schema: str!
|
||||
value:
|
||||
db_root_password:
|
||||
schema: str!
|
||||
value:
|
||||
db_name:
|
||||
schema: str!
|
||||
value:
|
||||
db_password:
|
||||
schema: str!
|
||||
value:
|
||||
db_user:
|
||||
schema: str!
|
||||
value:
|
||||
keystone_admin_token:
|
||||
schema: str!
|
||||
value:
|
||||
keystone_admin_tenant:
|
||||
schema: str!
|
||||
value:
|
||||
keystone_user:
|
||||
schema: str!
|
||||
value:
|
||||
keystone_password:
|
||||
schema: str!
|
||||
value:
|
||||
keystone_host:
|
||||
schema: str!
|
||||
value:
|
||||
|
||||
tags: [resource/container]
|
@ -2,6 +2,8 @@
|
||||
sudo: yes
|
||||
vars:
|
||||
admin_token: {{admin_token}}
|
||||
keystone_host: {{ ip }}
|
||||
keystone_port: {{ port }}
|
||||
db_user: {{db_user}}
|
||||
db_password: {{db_password}}
|
||||
db_host: {{db_host}}
|
||||
@ -12,3 +14,4 @@
|
||||
- template: src={{resource_dir}}/templates/default_catalog.templates dest={{config_dir}}/default_catalog.templates
|
||||
- template: src={{resource_dir}}/templates/logging.conf dest={{config_dir}}/logging.conf
|
||||
- template: src={{resource_dir}}/templates/policy.json dest={{config_dir}}/policy.json
|
||||
- template: src={{resource_dir}}/templates/exports dest={{ config_dir }}/keystone-exports
|
||||
|
2
resources/keystone_config/templates/exports
Normal file
2
resources/keystone_config/templates/exports
Normal file
@ -0,0 +1,2 @@
|
||||
export OS_SERVICE_ENDPOINT=http://localhost:35357/v2.0/
|
||||
export OS_SERVICE_TOKEN={{ admin_token }}
|
@ -1,5 +1,7 @@
|
||||
- hosts: [{{ ip }}]
|
||||
sudo: yes
|
||||
tasks:
|
||||
- name: install python-keystoneclient
|
||||
shell: pip install python-keystoneclient
|
||||
- name: keystone role
|
||||
keystone_user: endpoint=http://{{keystone_host}}:{{keystone_port}}/v2.0/ token={{admin_token}} user={{user_name}} tenant={{tenant_name}} role={{role_name}} state=present
|
||||
|
@ -1,5 +1,7 @@
|
||||
- hosts: [{{ ip }}]
|
||||
sudo: yes
|
||||
tasks:
|
||||
- name: install python-keystoneclient
|
||||
shell: pip install python-keystoneclient
|
||||
- name: keystone tenant
|
||||
keystone_user: endpoint=http://{{keystone_host}}:{{keystone_port}}/v2.0/ token={{admin_token}} tenant={{tenant_name}} state=present
|
||||
|
@ -1,5 +1,7 @@
|
||||
- hosts: [{{ ip }}]
|
||||
sudo: yes
|
||||
tasks:
|
||||
- name: install python-keystoneclient
|
||||
shell: pip install python-keystoneclient
|
||||
- name: keystone user
|
||||
keystone_user: endpoint=http://{{keystone_host}}:{{keystone_port}}/v2.0/ token={{admin_token}} user={{user_name}} password={{user_password}} tenant={{tenant_name}} state=present
|
||||
keystone_user: endpoint=http://{{ keystone_host }}:{{ keystone_port }}/v2.0/ token={{ admin_token }} user={{ user_name }} password={{ user_password }} tenant={{ tenant_name }} state=present
|
||||
|
@ -1,7 +1,6 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
import os
|
||||
import subprocess
|
||||
import yaml
|
||||
|
||||
from solar.core.handlers.base import BaseHandler
|
||||
|
||||
@ -14,7 +13,11 @@ class Ansible(BaseHandler):
|
||||
print 'playbook_file', playbook_file
|
||||
call_args = ['ansible-playbook', '--module-path', '/vagrant/library', '-i', inventory_file, playbook_file]
|
||||
print 'EXECUTING: ', ' '.join(call_args)
|
||||
subprocess.call(call_args)
|
||||
try:
|
||||
subprocess.check_output(call_args)
|
||||
except subprocess.CalledProcessError as e:
|
||||
print e.output
|
||||
raise
|
||||
|
||||
def _create_inventory(self, r):
|
||||
directory = self.dirs[r.name]
|
||||
|
@ -99,7 +99,6 @@ class Resource(object):
|
||||
# Update will be blocked if this resource is listening
|
||||
# on some input that is to be updated -- we should only listen
|
||||
# to the emitter and not be able to change the input's value
|
||||
|
||||
for key, value in args.iteritems():
|
||||
self.args[key].update(value)
|
||||
|
||||
@ -157,7 +156,7 @@ def load_all():
|
||||
ret = {}
|
||||
|
||||
for raw_resource in db.get_list('resource'):
|
||||
resource = wrap_resource(raw_resource)
|
||||
resource = db.get_obj_resource(raw_resource['id'])
|
||||
ret[resource.name] = resource
|
||||
|
||||
signals.Connections.reconnect_all()
|
||||
|
@ -4,6 +4,11 @@ mapping = {
|
||||
'file_system': FileSystemDB
|
||||
}
|
||||
|
||||
DB = None
|
||||
|
||||
def get_db():
|
||||
# Should be retrieved from config
|
||||
return mapping['file_system']()
|
||||
global DB
|
||||
if DB is None:
|
||||
DB = mapping['file_system']()
|
||||
return DB
|
||||
|
@ -24,10 +24,11 @@ class FileSystemDB(DirDBM):
|
||||
return self[self._make_key(self.RESOURCE_COLLECTION_NAME, uid)]
|
||||
|
||||
def get_obj_resource(self, uid):
|
||||
if not uid in self.entities:
|
||||
from solar.core.resource import wrap_resource
|
||||
raw_resource = self[self._make_key(self.RESOURCE_COLLECTION_NAME, uid)]
|
||||
|
||||
return wrap_resource(raw_resource)
|
||||
self.entities[uid] = wrap_resource(raw_resource)
|
||||
return self.entities[uid]
|
||||
|
||||
def add_resource(self, uid, resource):
|
||||
self[self._make_key(self.RESOURCE_COLLECTION_NAME, uid)] = resource
|
||||
|
@ -21,16 +21,21 @@ from solar import utils
|
||||
|
||||
from enum import Enum
|
||||
|
||||
from solar.interfaces.db import get_db
|
||||
|
||||
import yaml
|
||||
|
||||
db = get_db()
|
||||
|
||||
|
||||
STATES = Enum('States', 'pending inprogress error success')
|
||||
|
||||
|
||||
def state_file(filename):
|
||||
filepath = os.path.join(utils.read_config()['state'], filename)
|
||||
if 'log' in filename:
|
||||
return Log(filepath)
|
||||
elif 'data' in filename:
|
||||
return Data(filepath)
|
||||
def state_file(name):
|
||||
if 'log' in name:
|
||||
return Log(name)
|
||||
elif 'data' in name:
|
||||
return Data(name)
|
||||
|
||||
|
||||
CD = partial(state_file, 'commited_data')
|
||||
@ -70,14 +75,18 @@ class Log(object):
|
||||
|
||||
def __init__(self, path):
|
||||
self.path = path
|
||||
items = utils.yaml_load(path) or []
|
||||
if path in db:
|
||||
items = db[path]
|
||||
else:
|
||||
items = []
|
||||
self.items = deque([LogItem(
|
||||
l['uid'], l['res'],
|
||||
l['diff'], l['action'],
|
||||
getattr(STATES, l['state'])) for l in items])
|
||||
|
||||
def sync(self):
|
||||
utils.yaml_dump_to([i.to_dict() for i in self.items], self.path)
|
||||
db[self.path] = [i.to_dict() for i in self.items]
|
||||
|
||||
|
||||
def add(self, logitem):
|
||||
self.items.append(logitem)
|
||||
@ -111,18 +120,21 @@ class Data(collections.MutableMapping):
|
||||
|
||||
def __init__(self, path):
|
||||
self.path = path
|
||||
self.store = utils.yaml_load(path) or {}
|
||||
if path in db:
|
||||
self.store = db[path]
|
||||
else:
|
||||
self.store = {}
|
||||
|
||||
def __getitem__(self, key):
|
||||
return self.store[key]
|
||||
|
||||
def __setitem__(self, key, value):
|
||||
self.store[key] = value
|
||||
utils.yaml_dump_to(self.store, self.path)
|
||||
db[self.path] = self.store
|
||||
|
||||
def __delitem__(self, key):
|
||||
self.store.pop(key)
|
||||
utils.yaml_dump_to(self.store, self.path)
|
||||
db[self.path] = self.store
|
||||
|
||||
def __iter__(self):
|
||||
return iter(self.store)
|
||||
|
Loading…
Reference in New Issue
Block a user