From c5fbb4d2f589dcdc9f6277cbdcd8164e352425b0 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Tue, 6 Oct 2020 17:08:19 +0300 Subject: [PATCH] Make role fit to the OSA standards We've pulled that role from github, and we need to make an adjustments to standardize approach across all other roles, like service and db create, uwsgi usage, etc. We're also adding integrated CI. Needed-By: https://review.opendev.org/756310 Change-Id: Ie95b9c723f29eb20f9e1e95e284d7ed20346aaff --- README.rst | 4 +- defaults/main.yml | 77 ++--- doc/requirements.txt | 16 + doc/source/_static/ .placeholder | 0 doc/source/conf.py | 60 ++-- examples/playbook.yml | 6 + extras/user_secrets_adjutant.yml | 2 +- handlers/main.yml | 18 +- releasenotes/notes/.placeholder | 0 releasenotes/source/_static/ .placeholder | 0 releasenotes/source/conf.py | 276 ++++++++++++++++++ releasenotes/source/index.rst | 8 + releasenotes/source/unreleased.rst | 5 + tasks/adjutant_apache.yml | 90 ------ ...tant_db_setup.yml => adjutant_db_sync.yml} | 26 -- tasks/adjutant_domain_setup.yml | 96 ------ tasks/adjutant_init_systemd.yml | 60 ---- tasks/adjutant_post_install.yml | 7 +- tasks/adjutant_pre_install.yml | 34 --- tasks/db_setup.yml | 48 +++ tasks/main.yml | 125 +++++--- tasks/service_setup.yml | 162 ++++++++++ templates/adjutant-httpd.conf.j2 | 44 --- templates/adjutant-ports.conf.j2 | 3 - templates/adjutant-systemd-init.j2 | 34 --- templates/adjutant-systemd-tempfiles.j2 | 4 - templates/adjutant-wsgi.load.j2 | 4 - templates/adjutant.yaml.j2 | 25 +- tests/os_adjutant-overrides.yml | 2 +- tox.ini | 15 +- vars/debian.yml | 24 ++ vars/main.yml | 48 +++ vars/{redhat-7.yml => redhat.yml} | 22 +- vars/ubuntu.yml | 44 --- zuul.d/project.yaml | 22 ++ 35 files changed, 795 insertions(+), 616 deletions(-) create mode 100644 doc/requirements.txt create mode 100644 doc/source/_static/ .placeholder create mode 100644 examples/playbook.yml create mode 100644 releasenotes/notes/.placeholder create mode 100644 releasenotes/source/_static/ .placeholder create mode 100644 releasenotes/source/conf.py create mode 100644 releasenotes/source/index.rst create mode 100644 releasenotes/source/unreleased.rst delete mode 100644 tasks/adjutant_apache.yml rename tasks/{adjutant_db_setup.yml => adjutant_db_sync.yml} (50%) delete mode 100644 tasks/adjutant_domain_setup.yml delete mode 100644 tasks/adjutant_init_systemd.yml create mode 100644 tasks/db_setup.yml create mode 100644 tasks/service_setup.yml delete mode 100644 templates/adjutant-httpd.conf.j2 delete mode 100644 templates/adjutant-ports.conf.j2 delete mode 100644 templates/adjutant-systemd-init.j2 delete mode 100644 templates/adjutant-systemd-tempfiles.j2 delete mode 100644 templates/adjutant-wsgi.load.j2 create mode 100644 vars/debian.yml create mode 100644 vars/main.yml rename vars/{redhat-7.yml => redhat.yml} (50%) delete mode 100644 vars/ubuntu.yml create mode 100644 zuul.d/project.yaml diff --git a/README.rst b/README.rst index 2879441..ee1e765 100644 --- a/README.rst +++ b/README.rst @@ -25,7 +25,7 @@ Required Variables adjutant_service_password adjutant_rabbitmq_password - adjutant_container_mysql_password + adjutant_galera_password adjutant_galera_address Example Playbook @@ -42,6 +42,6 @@ Example Playbook external_lb_vip_address: 172.16.24.1 internal_lb_vip_address: 192.168.0.1 adjutant_galera_address: "{{ internal_lb_vip_address }}" - adjutant_container_mysql_password: "SuperSecretePassword1" + adjutant_galera_password: "SuperSecretePassword1" adjutant_service_password: "SuperSecretePassword2" adjutant_rabbitmq_password: "SuperSecretePassword3" diff --git a/defaults/main.yml b/defaults/main.yml index 42e774d..35eebd5 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -32,16 +32,12 @@ adjutant_system_home_folder: "/var/lib/{{ adjutant_system_user_name }}" adjutant_venv_tag: untagged adjutant_bin: "/openstack/venvs/adjutant-{{ adjutant_venv_tag }}/bin" -# venv_download, even when true, will use the fallback method of building the -# venv from scratch if the venv download fails. -adjutant_venv_download: "{{ not adjutant_developer_mode | bool }}" -adjutant_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/adjutant.tgz - adjutant_git_repo: https://opendev.org/openstack/adjutant -adjutant_git_install_branch: stable/queens - -adjutant_developer_constraints: +adjutant_git_install_branch: master +adjutant_upper_constraints_url: "{{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }}" +adjutant_git_constraints: - "git+{{ adjutant_git_repo }}@{{ adjutant_git_install_branch }}#egg=adjutant" + - "--constraint {{ adjutant_upper_constraints_url }}" adjutant_user_domain_name: Default adjutant_user_domain_id: default @@ -50,12 +46,24 @@ adjutant_keystone_auth_plugin: password adjutant_galera_address: "{{ galera_address | default('127.0.0.1') }}" adjutant_galera_database: adjutant adjutant_galera_user: adjutant +adjutant_galera_use_ssl: "{{ galera_use_ssl | default(False) }}" +adjutant_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}" +adjutant_galera_port: 3306 +adjutant_galera_setup_host: "{{ openstack_db_setup_host | default('localhost') }}" +adjutant_galera_setup_python_interpreter: "{{ openstack_db_setup_python_interpreter | default((adjutant_galera_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable'])) }}" ## Service Type and Data +adjutant_role_name: admin adjutant_service_region: RegionOne adjutant_service_name: adjutant adjutant_service_type: registration +adjutant_service_description: "Adjutant Registration Service" adjutant_service_port: 5050 +adjutant_service_project_name: service +adjutant_service_in_ldap: false +adjutant_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}" +adjutant_service_setup_host_python_interpreter: "{{ openstack_service_setup_host_python_interpreter | default((adjutant_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable'])) }}" +adjutant_bind_address: "{{ openstack_service_bind_address | default('0.0.0.0') }}" adjutant_service_proto: http adjutant_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(adjutant_service_proto) }}" adjutant_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(adjutant_service_proto) }}" @@ -68,33 +76,11 @@ adjutant_service_internaluri: "{{ adjutant_service_internaluri_proto }}://{{ int adjutant_service_internalurl: "{{ adjutant_service_internaluri }}/v1/" adjutant_horizon_publicurl: "{{ openstack_service_publicuri_proto | default(adjutant_service_proto) }}://{{ external_lb_vip_address }}/" -#: Set this to false to disable API service through Apache + mod_wsgi -adjutant_use_mod_wsgi: true - -# Apache setup -adjutant_apache_log_level: info -adjutant_apache_servertokens: "Prod" -adjutant_apache_serversignature: "Off" +# uWSGI settings adjutant_wsgi_threads: 1 adjutant_wsgi_processes_max: 16 adjutant_wsgi_processes: "{{ [[ansible_processor_vcpus|default(1), 1] | max * 2, adjutant_wsgi_processes_max] | min }}" - -# set adjutant_ssl to true to enable SSL configuration on the adjutant containers -adjutant_ssl: false -adjutant_ssl_cert: /etc/ssl/certs/adjutant.pem -adjutant_ssl_key: /etc/ssl/private/adjutant.key -adjutant_ssl_ca_cert: /etc/ssl/certs/adjutant-ca.pem -adjutant_ssl_protocol: "{{ ssl_protocol | default('ALL -SSLv2 -SSLv3') }}" -adjutant_ssl_cipher_suite: "{{ ssl_cipher_suite | default('ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS') }}" - -# if using a self-signed certificate, set this to true to regenerate it -adjutant_ssl_self_signed_regen: false -adjutant_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ internal_lb_vip_address }}/subjectAltName=IP.1={{ external_lb_vip_address }}" - -# Set these in user_variables to deploy custom certificates -#adjutant_user_ssl_cert: -#adjutant_user_ssl_key: -#adjutant_user_ssl_ca_cert: +adjutant_use_uwsgi: True adjutant_email_backend: django.core.mail.backends.smtp.EmailBackend adjutant_email_host: localhost @@ -239,6 +225,7 @@ adjutant_quota_sizes_asc: - small - medium - large + adjutant_quota_services: "*": - cinder @@ -248,6 +235,7 @@ adjutant_quota_services: # - octavia adjutant_adjutant_conf_overrides: {} +adjutant_api_uwsgi_ini_overrides: {} adjutant_api_init_overrides: {} ## Service Name-Group Mapping @@ -255,20 +243,19 @@ adjutant_services: adjutant-api: group: adjutant_api service_name: adjutant-api - service_enabled: "{{ adjutant_use_mod_wsgi | ternary(false, true) }}" + service_enabled: true init_config_overrides: "{{ adjutant_api_init_overrides }}" + execstarts: "{{ adjutant_bin }}/adjutant-api" + wsgi_app: "{{ adjutant_use_uwsgi }}" + wsgi_name: adjutant-api-wsgi + uwsgi_overrides: "{{ adjutant_api_uwsgi_ini_overrides }}" + uwsgi_bind_address: "{{ adjutant_bind_address }}" + uwsgi_port: "{{ adjutant_service_port }}" -adjutant_pip3_install_args: "{{ pip_install_options | default('') }}" -adjutant_venv_python_executable: python3 -adjutant_venv_rebuild: no +adjutant_pip_install_args: "{{ pip_install_options | default('') }}" +adjutant_venv_python_executable: "{{ openstack_venv_python_executable | default('python3') }}" -adjutant_pip3_packages: - - python-adjutant==0.5.0 +adjutant_pip_packages: + - python-adjutant - cryptography - - mod_wsgi - -# This variable is used by the repo_build process to determine -# which host group to check for members of before building the -# pip packages required by this role. The value is picked up -# by the py_pkgs lookup. -adjutant_role_project_group: adjutant_all + - systemd-python diff --git a/doc/requirements.txt b/doc/requirements.txt new file mode 100644 index 0000000..07801f8 --- /dev/null +++ b/doc/requirements.txt @@ -0,0 +1,16 @@ +# The order of packages is significant, because pip processes them in the order +# of appearance. Changing the order has an impact on the overall integration +# process, which may cause wedges in the gate later. + +# WARNING: +# This file is maintained in the openstack-ansible-tests repository. +# https://opendev.org/openstack/openstack-ansible-tests/src/branch/master/sync/doc/requirements.txt +# If you need to modify this file, update the one in the +# openstack-ansible-tests repository. Once it merges there, the changes will +# automatically be proposed to all the repositories which use it. + +sphinx>=2.0.0,!=2.1.0 # BSD +sphinxcontrib-svg2pdfconverter>=0.1.0 # BSD +openstackdocstheme>=2.2.1 # Apache-2.0 +reno>=3.1.0 # Apache-2.0 +doc8>=0.6.0 # Apache-2.0 diff --git a/doc/source/_static/ .placeholder b/doc/source/_static/ .placeholder new file mode 100644 index 0000000..e69de29 diff --git a/doc/source/conf.py b/doc/source/conf.py index 530dcd8..cecf1e9 100644 --- a/doc/source/conf.py +++ b/doc/source/conf.py @@ -22,9 +22,6 @@ # All configuration values have a default; values that are commented out # serve to show the default. -import pbr.version -import os - # If extensions (or modules to document with autodoc) are in another directory, # add these directories to sys.path here. If the directory is relative to the # documentation root, use os.path.abspath to make it absolute, like shown here. @@ -41,7 +38,7 @@ import os extensions = [ 'openstackdocstheme', 'sphinx.ext.autodoc', - 'sphinxmark' + 'sphinxcontrib.rsvgconverter', ] # Add any paths that contain templates here, relative to this directory. @@ -66,28 +63,13 @@ description = 'OpenStack-Ansible deploys OpenStack environments using Ansible.' project = 'OpenStack-Ansible' role_name = 'os_adjutant' target_name = 'openstack-ansible-' + role_name -title = 'OpenStack-Ansible Documentation: ' + role_name + 'role' - -# The link to the browsable source code (for the left hand menu) -oslosphinx_cgit_link = ( - "https://git.openstack.org/cgit/openstack/{}".format(target_name) -) - -# The version info for the project you're documenting, acts as replacement for -# |version| and |release|, also used in various other places throughout the -# built documents. -# -# The short X.Y version. -version_info = pbr.version.VersionInfo(target_name) -# The full version, including alpha/beta/rc tags. -release = version_info.version_string_with_vcs() -# The short X.Y version. -version = version_info.canonical_version_string() +title = 'OpenStack-Ansible Documentation: ' + role_name + ' role' # openstackdocstheme options -repository_name = 'openstack/' + target_name -bug_project = project.lower() -bug_tag = '' +openstackdocs_repo_name = 'openstack/' + target_name +openstackdocs_pdf_link = True +openstackdocs_bug_project = project.lower() +openstackdocs_bug_tag = '' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. @@ -122,7 +104,7 @@ exclude_patterns = [] # show_authors = False # The name of the Pygments (syntax highlighting) style to use. -pygments_style = 'sphinx' +pygments_style = 'native' # A list of ignored prefixes for module index sorting. # modindex_common_prefix = [] @@ -174,10 +156,6 @@ html_static_path = ['_static'] # directly to the root of the documentation. # html_extra_path = [] -# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, -# using the given strftime format. -html_last_updated_fmt = '%Y-%m-%d %H:%M' - # If true, SmartyPants will be used to convert quotes and dashes to # typographically correct entities. # html_use_smartypants = True @@ -252,10 +230,12 @@ latex_elements = { # (source start file, target name, title, # author, documentclass [howto, manual, or own class]). latex_documents = [ - (master_doc, target_name + '.tex', - title, author, 'manual'), + (master_doc, 'doc-' + target_name + '.tex', + title.replace("_", r"\_"), author, 'manual'), ] +latex_use_xindy = False + # The name of an image file (relative to this directory) to place at the top of # the title page. # latex_logo = None @@ -312,17 +292,11 @@ texinfo_documents = [ # If true, do not generate a @detailmenu in the "Top" node's menu. # texinfo_no_detailmenu = False +# -- Options for PDF output -------------------------------------------------- +pdf_documents = [ + (master_doc, target_name, + title, author) +] -watermark = os.popen("git branch --contains $(git rev-parse HEAD)\ -| awk -F/ '/stable/ {print $2}'").read().strip(' \n\t').capitalize() -if watermark == "": - watermark = "Pre-release" - -# -- Options for sphinxmark ----------------------------------------------- -sphinxmark_enable = True -sphinxmark_div = 'docs-body' -sphinxmark_image = 'text' -sphinxmark_text = watermark -sphinxmark_text_color = (128, 128, 128) -sphinxmark_text_size = 70 +locale_dirs = ['locale/'] diff --git a/examples/playbook.yml b/examples/playbook.yml new file mode 100644 index 0000000..2b1ea22 --- /dev/null +++ b/examples/playbook.yml @@ -0,0 +1,6 @@ +--- +- name: Install os_adjutant service + hosts: localhost + user: root + roles: + - role: "os_adjutant" diff --git a/extras/user_secrets_adjutant.yml b/extras/user_secrets_adjutant.yml index f1338d5..9279fe0 100644 --- a/extras/user_secrets_adjutant.yml +++ b/extras/user_secrets_adjutant.yml @@ -1,4 +1,4 @@ ## Adjutant passwords adjutant_service_password: -adjutant_container_mysql_password: +adjutant_galera_password: adjutant_secret_key: diff --git a/handlers/main.yml b/handlers/main.yml index d8c390a..09dedab 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -22,13 +22,13 @@ - name: Stop services service: name: "{{ item.value.service_name }}" - enabled: "{{ (item.value.service_enabled | bool) | ternary('yes', 'no') }}" + enabled: yes state: "stopped" daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}" with_dict: "{{ adjutant_services }}" when: inventory_hostname in groups[item.value.group] register: _stop - until: _stop | success + until: _stop is success retries: 5 delay: 2 @@ -43,18 +43,6 @@ - inventory_hostname in groups[item.value.group] - item.value.service_enabled | bool register: _start - until: _start | success - retries: 5 - delay: 2 - -- name: Restart Apache - service: - name: "{{ adjutant_system_service_name }}" - enabled: yes - state: "restarted" - daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}" - when: adjutant_use_mod_wsgi | bool - register: _restart - until: _restart | success + until: _start is success retries: 5 delay: 2 diff --git a/releasenotes/notes/.placeholder b/releasenotes/notes/.placeholder new file mode 100644 index 0000000..e69de29 diff --git a/releasenotes/source/_static/ .placeholder b/releasenotes/source/_static/ .placeholder new file mode 100644 index 0000000..e69de29 diff --git a/releasenotes/source/conf.py b/releasenotes/source/conf.py new file mode 100644 index 0000000..a5363a5 --- /dev/null +++ b/releasenotes/source/conf.py @@ -0,0 +1,276 @@ +#!/usr/bin/env python3 + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This file is execfile()d with the current directory set to its +# containing dir. +# +# Note that not all possible configuration values are present in this +# autogenerated file. +# +# All configuration values have a default; values that are commented out +# serve to show the default. + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +# sys.path.insert(0, os.path.abspath('.')) + +# -- General configuration ------------------------------------------------ + +# If your documentation needs a minimal Sphinx version, state it here. +# needs_sphinx = '1.0' + +# Add any Sphinx extension module names here, as strings. They can be +# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom +# ones. +extensions = [ + 'openstackdocstheme', + 'reno.sphinxext', +] + +# Add any paths that contain templates here, relative to this directory. +templates_path = ['_templates'] + +# The suffix of source filenames. +source_suffix = '.rst' + +# The encoding of source files. +# source_encoding = 'utf-8-sig' + +# The master toctree document. +master_doc = 'index' + +# General information about the project. +author = 'OpenStack-Ansible Contributors' +category = 'Miscellaneous' +copyright = '2014-2016, OpenStack-Ansible Contributors' +description = 'OpenStack-Ansible deploys OpenStack environments using Ansible.' +project = 'OpenStack-Ansible' +role_name = 'os_adjutant' +target_name = 'openstack-ansible-' + role_name +title = 'OpenStack-Ansible Release Notes: ' + role_name + 'role' + +# Release notes do not need a version number in the title, they +# cover multiple releases. +# The full version, including alpha/beta/rc tags. +release = '' +# The short X.Y version. +version = '' + +# openstackdocstheme options +openstackdocs_repo_name = 'openstack/' + target_name +openstackdocs_bug_project = project.lower() +openstackdocs_bug_tag = '' + +# The language for content autogenerated by Sphinx. Refer to documentation +# for a list of supported languages. +# language = None + +# There are two options for replacing |today|: either, you set today to some +# non-false value, then it is used: +# today = '' +# Else, today_fmt is used as the format for a strftime call. +# today_fmt = '%B %d, %Y' + +# List of patterns, relative to source directory, that match files and +# directories to ignore when looking for source files. +exclude_patterns = [] + +# The reST default role (used for this markup: `text`) to use for all +# documents. +# default_role = None + +# If true, '()' will be appended to :func: etc. cross-reference text. +# add_function_parentheses = True + +# If true, the current module name will be prepended to all description +# unit titles (such as .. function::). +# add_module_names = True + +# If true, sectionauthor and moduleauthor directives will be shown in the +# output. They are ignored by default. +# show_authors = False + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = 'native' + +# A list of ignored prefixes for module index sorting. +# modindex_common_prefix = [] + +# If true, keep warnings as "system message" paragraphs in the built documents. +# keep_warnings = False + + +# -- Options for HTML output ---------------------------------------------- + +# The theme to use for HTML and HTML Help pages. See the documentation for +# a list of builtin themes. +html_theme = 'openstackdocs' + +# Theme options are theme-specific and customize the look and feel of a theme +# further. For a list of options available for each theme, see the +# documentation. +# html_theme_options = {} + +# Add any paths that contain custom themes here, relative to this directory. +# html_theme_path = [] + +# The name for this set of Sphinx documents. If None, it defaults to +# " v documentation". +# html_title = None + +# A shorter title for the navigation bar. Default is the same as html_title. +# html_short_title = None + +# The name of an image file (relative to this directory) to place at the top +# of the sidebar. +# html_logo = None + +# The name of an image file (within the static path) to use as favicon of the +# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 +# pixels large. +# html_favicon = None + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +html_static_path = ['_static'] + +# Add any extra paths that contain custom files (such as robots.txt or +# .htaccess) here, relative to this directory. These files are copied +# directly to the root of the documentation. +# html_extra_path = [] + +# If true, SmartyPants will be used to convert quotes and dashes to +# typographically correct entities. +# html_use_smartypants = True + +# Custom sidebar templates, maps document names to template names. +# html_sidebars = {} + +# Additional templates that should be rendered to pages, maps page names to +# template names. +# html_additional_pages = {} + +# If false, no module index is generated. +# html_domain_indices = True + +# If false, no index is generated. +# html_use_index = True + +# If true, the index is split into individual pages for each letter. +# html_split_index = False + +# If true, links to the reST sources are added to the pages. +# html_show_sourcelink = True + +# If true, "Created using Sphinx" is shown in the HTML footer. Default is True. +# html_show_sphinx = True + +# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. +# html_show_copyright = True + +# If true, an OpenSearch description file will be output, and all pages will +# contain a tag referring to it. The value of this option must be the +# base URL from which the finished HTML is served. +# html_use_opensearch = '' + +# This is the file name suffix for HTML files (e.g. ".xhtml"). +# html_file_suffix = None + +# Output file base name for HTML help builder. +htmlhelp_basename = target_name + '-docs' + + +# -- Options for LaTeX output --------------------------------------------- + +latex_elements = { + # The paper size ('letterpaper' or 'a4paper'). + # 'papersize': 'letterpaper', + + # The font size ('10pt', '11pt' or '12pt'). + # 'pointsize': '10pt', + + # Additional stuff for the LaTeX preamble. + # 'preamble': '', +} + +# Grouping the document tree into LaTeX files. List of tuples +# (source start file, target name, title, +# author, documentclass [howto, manual, or own class]). +latex_documents = [ + (master_doc, target_name + '.tex', + title, author, 'manual'), +] + +# The name of an image file (relative to this directory) to place at the top of +# the title page. +# latex_logo = None + +# For "manual" documents, if this is true, then toplevel headings are parts, +# not chapters. +# latex_use_parts = False + +# If true, show page references after internal links. +# latex_show_pagerefs = False + +# If true, show URL addresses after external links. +# latex_show_urls = False + +# Documents to append as an appendix to all manuals. +# latex_appendices = [] + +# If false, no module index is generated. +# latex_domain_indices = True + + +# -- Options for manual page output --------------------------------------- + +# One entry per manual page. List of tuples +# (source start file, name, description, authors, manual section). +man_pages = [ + (master_doc, target_name, + title, [author], 1) +] + +# If true, show URL addresses after external links. +# man_show_urls = False + + +# -- Options for Texinfo output ------------------------------------------- + +# Grouping the document tree into Texinfo files. List of tuples +# (source start file, target name, title, author, +# dir menu entry, description, category) +texinfo_documents = [ + (master_doc, target_name, + title, author, project, + description, category), +] + +# Documents to append as an appendix to all manuals. +# texinfo_appendices = [] + +# If false, no module index is generated. +# texinfo_domain_indices = True + +# How to display URL addresses: 'footnote', 'no', or 'inline'. +# texinfo_show_urls = 'footnote' + +# If true, do not generate a @detailmenu in the "Top" node's menu. +# texinfo_no_detailmenu = False + +# -- Options for Internationalization output ------------------------------ +locale_dirs = ['locale/'] \ No newline at end of file diff --git a/releasenotes/source/index.rst b/releasenotes/source/index.rst new file mode 100644 index 0000000..71f7357 --- /dev/null +++ b/releasenotes/source/index.rst @@ -0,0 +1,8 @@ +================================ + OpenStack-Ansible Release Notes +================================ + +.. toctree:: + :maxdepth: 1 + + unreleased diff --git a/releasenotes/source/unreleased.rst b/releasenotes/source/unreleased.rst new file mode 100644 index 0000000..cd22aab --- /dev/null +++ b/releasenotes/source/unreleased.rst @@ -0,0 +1,5 @@ +============================== + Current Series Release Notes +============================== + +.. release-notes:: diff --git a/tasks/adjutant_apache.yml b/tasks/adjutant_apache.yml deleted file mode 100644 index 0317db4..0000000 --- a/tasks/adjutant_apache.yml +++ /dev/null @@ -1,90 +0,0 @@ ---- -# Copyright 2018, Elastx AB. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Drop apache2 virtual host and ports file - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: "root" - group: "root" - with_items: "{{ adjutant_apache_config }}" - notify: - - Restart Apache - -- name: Disable default apache site - file: - path: "{{ item }}" - state: "absent" - with_items: "{{ adjutant_apache_default_sites }}" - notify: - - Restart Apache - -- name: Enabled adjutant vhost - file: - src: "{{ adjutant_apache_site_available }}" - dest: "{{ adjutant_apache_site_enabled }}" - state: "link" - when: - - adjutant_apache_site_available is defined - - adjutant_apache_site_enabled is defined - notify: - - Restart Apache - -- name: Ensure Apache ServerName - lineinfile: - dest: "{{ adjutant_apache_conf }}" - line: "ServerName {{ inventory_hostname }}" - notify: - - Restart Apache - -- name: Ensure Apache ServerTokens - lineinfile: - dest: "{{ adjutant_apache_security_conf }}" - regexp: '^ServerTokens' - line: "ServerTokens {{ adjutant_apache_servertokens }}" - notify: - - Restart Apache - -- name: Ensure Apache ServerSignature - lineinfile: - dest: "{{ adjutant_apache_security_conf }}" - regexp: '^ServerSignature' - line: "ServerSignature {{ adjutant_apache_serversignature }}" - notify: - - Restart Apache - -- name: Remove Listen from Apache config - lineinfile: - dest: "{{ adjutant_apache_security_conf }}" - regexp: '^(Listen.*)' - backrefs: yes - line: '#\1' - notify: - - Restart Apache - -- name: Enable/disable mods for apache2 - apache2_module: - name: "{{ item.name }}" - state: "{{ item.state }}" - when: - - ansible_pkg_mgr == 'apt' - with_items: - - name: ssl - state: "{{ adjutant_ssl | bool | ternary('present', 'absent') }}" - - name: rewrite - state: present - notify: - - Restart Apache diff --git a/tasks/adjutant_db_setup.yml b/tasks/adjutant_db_sync.yml similarity index 50% rename from tasks/adjutant_db_setup.yml rename to tasks/adjutant_db_sync.yml index 3a660cd..662a21e 100644 --- a/tasks/adjutant_db_setup.yml +++ b/tasks/adjutant_db_sync.yml @@ -15,32 +15,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Create DB for service - mysql_db: - login_user: "{{ galera_root_user }}" - login_password: "{{ galera_root_password }}" - login_host: "{{ adjutant_galera_address }}" - name: "{{ adjutant_galera_database }}" - state: "present" - delegate_to: "{{ groups['galera_all'][0] }}" - no_log: true - -- name: Grant access to the DB for the service - mysql_user: - login_user: "{{ galera_root_user }}" - login_password: "{{ galera_root_password }}" - login_host: "{{ adjutant_galera_address }}" - name: "{{ adjutant_galera_user }}" - password: "{{ adjutant_container_mysql_password }}" - host: "{{ item }}" - state: "present" - priv: "{{ adjutant_galera_database }}.*:ALL" - delegate_to: "{{ groups['galera_all'][0] }}" - no_log: true - with_items: - - "localhost" - - "%" - - name: Perform adjutant migrate command: "{{ adjutant_bin }}/adjutant-api migrate" become: yes diff --git a/tasks/adjutant_domain_setup.yml b/tasks/adjutant_domain_setup.yml deleted file mode 100644 index 444ccfe..0000000 --- a/tasks/adjutant_domain_setup.yml +++ /dev/null @@ -1,96 +0,0 @@ ---- -# Copyright 2016, Rackspace US, Inc. -# -# (C) 2016 Michael Rice -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Ensure adjutant specific roles - keystone: - command: "ensure_role" - role_name: "{{ item }}" - login_user: "{{ keystone_admin_user_name }}" - login_password: "{{ keystone_auth_admin_password }}" - login_project_name: "{{ keystone_admin_tenant_name }}" - endpoint: "{{ keystone_service_adminurl }}" - insecure: "{{ keystone_service_adminuri_insecure }}" - with_items: - - "project_admin" - - "project_mod" - no_log: True - -- name: Ensure adjutant user - keystone: - command: "ensure_user" - endpoint: "{{ keystone_service_adminurl }}" - login_user: "{{ keystone_admin_user_name }}" - login_password: "{{ keystone_auth_admin_password }}" - login_project_name: "{{ keystone_admin_tenant_name }}" - user_name: "{{ adjutant_service_user_name }}" - domain_name: "{{ adjutant_user_domain_name }}" - password: "{{ adjutant_service_password }}" - insecure: "{{ keystone_service_adminuri_insecure }}" - no_log: True - -- name: Add adjutant user to service admin role - keystone: - command: "ensure_user_role" - user_name: "{{ adjutant_service_user_name }}" - project_name: "service" - role_name: "admin" - login_user: "{{ keystone_admin_user_name }}" - login_password: "{{ keystone_auth_admin_password }}" - login_project_name: "{{ keystone_admin_tenant_name }}" - endpoint: "{{ keystone_service_adminurl }}" - insecure: "{{ keystone_service_adminuri_insecure }}" - no_log: True - -- name: Ensure adjutant service - keystone: - command: "ensure_service" - service_name: "{{ adjutant_service_name }}" - service_type: "{{ adjutant_service_type }}" - login_user: "{{ keystone_admin_user_name }}" - login_password: "{{ keystone_auth_admin_password }}" - login_project_name: "{{ keystone_admin_tenant_name }}" - endpoint: "{{ keystone_service_adminurl }}" - insecure: "{{ keystone_service_adminuri_insecure }}" - register: add_service - until: add_service|success - retries: 5 - delay: 2 - no_log: True - -- name: Ensure adjutant endpoints - keystone: - command: "ensure_endpoint" - endpoint: "{{ keystone_service_adminurl }}" - login_user: "{{ keystone_admin_user_name }}" - login_password: "{{ keystone_auth_admin_password }}" - login_project_name: "{{ keystone_admin_tenant_name }}" - region_name: "{{ adjutant_service_region }}" - service_name: "{{ adjutant_service_name }}" - service_type: "{{ adjutant_service_type }}" - insecure: "{{ keystone_service_adminuri_insecure }}" - endpoint_list: - - url: "{{ adjutant_service_publicurl }}" - interface: "public" - - url: "{{ adjutant_service_internalurl }}" - interface: "internal" - - url: "{{ adjutant_service_adminurl }}" - interface: "admin" - register: add_endpoint - until: add_endpoint|success - retries: 5 - delay: 10 - no_log: True diff --git a/tasks/adjutant_init_systemd.yml b/tasks/adjutant_init_systemd.yml deleted file mode 100644 index b1bb3f2..0000000 --- a/tasks/adjutant_init_systemd.yml +++ /dev/null @@ -1,60 +0,0 @@ ---- -# Copyright 2016, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Create TEMP run dir - file: - path: "/var/run/{{ item.value.service_name }}" - state: directory - owner: "{{ adjutant_system_user_name }}" - group: "{{ adjutant_system_group_name }}" - mode: "02755" - with_dict: "{{ adjutant_services }}" - when: inventory_hostname in groups[item.value.group] - -- name: Create TEMP lock dir - file: - path: "/var/lock/{{ item.value.service_name }}" - state: directory - owner: "{{ adjutant_system_user_name }}" - group: "{{ adjutant_system_group_name }}" - mode: "02755" - with_dict: "{{ adjutant_services }}" - when: inventory_hostname in groups[item.value.group] - -- name: Create tempfile.d entry - template: - src: "adjutant-systemd-tempfiles.j2" - dest: "/etc/tmpfiles.d/adjutant.conf" - mode: "0644" - owner: "root" - group: "root" - with_dict: "{{ adjutant_services }}" - when: inventory_hostname in groups[item.value.group] - notify: - - Restart adjutant services - -- name: Place the systemd init script - config_template: - src: "adjutant-systemd-init.j2" - dest: "/etc/systemd/system/{{ item.value.service_name }}.service" - mode: "0644" - owner: "root" - group: "root" - config_overrides: "{{ item.value.init_config_overrides }}" - config_type: "ini" - with_dict: "{{ adjutant_services }}" - when: inventory_hostname in groups[item.value.group] - notify: - - Restart adjutant services diff --git a/tasks/adjutant_post_install.yml b/tasks/adjutant_post_install.yml index 99fc91f..0985d36 100644 --- a/tasks/adjutant_post_install.yml +++ b/tasks/adjutant_post_install.yml @@ -31,15 +31,14 @@ config_type: "yaml" notify: - Restart adjutant services - - Restart Apache - name: Drop Adjutant WSGI Configs template: src: wsgi.py.j2 - dest: /var/www/cgi-bin/adjutant/adjutant-api + dest: "{{ adjutant_bin }}/adjutant-api-wsgi" owner: "{{ adjutant_system_user_name }}" group: "{{ adjutant_system_group_name }}" mode: "0755" - when: adjutant_use_mod_wsgi | bool + when: adjutant_use_uwsgi | bool notify: - - Restart Apache + - Restart adjutant services diff --git a/tasks/adjutant_pre_install.yml b/tasks/adjutant_pre_install.yml index 1f29f0a..9c5ad7e 100644 --- a/tasks/adjutant_pre_install.yml +++ b/tasks/adjutant_pre_install.yml @@ -41,38 +41,4 @@ with_items: - { path: "/openstack", mode: "0755", owner: "root", group: "root" } - { path: "/etc/adjutant" } - -- name: Create Apache mod_wsgi dirs - file: - path: "{{ item.path }}" - state: directory - owner: "{{ item.owner|default(adjutant_system_user_name) }}" - group: "{{ item.owner|default(adjutant_system_group_name) }}" - mode: "{{ item.mode|default('0755') }}" - with_items: - - { path: "/var/www/cgi-bin", owner: root, group: root } - - { path: "/var/www/cgi-bin/adjutant" } - when: adjutant_use_mod_wsgi | bool - -- name: Test for log directory or link - shell: | - if [ -h "/var/log/adjutant" ]; then - chown -h {{ adjutant_system_user_name }}:{{ adjutant_system_group_name }} "/var/log/adjutant" - chown -R {{ adjutant_system_user_name }}:{{ adjutant_system_group_name }} "$(readlink /var/log/adjutant)" - else - exit 1 - fi - register: log_dir - failed_when: false - changed_when: log_dir.rc != 0 - -- name: Create adjutant log dir - file: - path: "{{ item.path }}" - state: directory - owner: "{{ item.owner|default(adjutant_system_user_name) }}" - group: "{{ item.group|default(adjutant_system_group_name) }}" - mode: "{{ item.mode|default('0755') }}" - with_items: - { path: "/var/log/adjutant" } - when: log_dir.rc != 0 diff --git a/tasks/db_setup.yml b/tasks/db_setup.yml new file mode 100644 index 0000000..09b01f8 --- /dev/null +++ b/tasks/db_setup.yml @@ -0,0 +1,48 @@ +--- +# Copyright 2019, VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# WARNING: +# This file is maintained in the openstack-ansible-tests repository. +# https://git.openstack.org/cgit/openstack/openstack-ansible-tests/tree/sync/tasks/db_setup.yml +# If you need to modify this file, update the one in the openstack-ansible-tests +# repository. Once it merges there, the changes will automatically be proposed to +# all the repositories which use it. + +- name: Setup Database Service (MariaDB) + delegate_to: "{{ _oslodb_setup_host }}" + vars: + ansible_python_interpreter: "{{ _oslodb_ansible_python_interpreter }}" + tags: + - common-mariadb + block: + - name: Create database for service + community.mysql.mysql_db: + name: "{{ item.name }}" + login_host: "{{ _oslodb_setup_endpoint | default(omit) }}" + login_port: "{{ _oslodb_setup_port | default(omit) }}" + loop: "{{ _oslodb_databases }}" + no_log: true + + - name: Grant access to the database for the service + community.mysql.mysql_user: + name: "{{ item.1.username }}" + password: "{{ item.1.password }}" + host: "{{ item.1.host | default('%') }}" + priv: "{{ item.0.name }}.*:{{ item.1.priv | default('ALL') }}" + append_privs: yes + login_host: "{{ _oslodb_setup_endpoint | default(omit) }}" + login_port: "{{ _oslodb_setup_port | default(omit) }}" + loop: "{{ _oslodb_databases | subelements('users') }}" + no_log: true diff --git a/tasks/main.yml b/tasks/main.yml index 4b4a245..aab5ac6 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -27,81 +27,122 @@ tags: - always -- name: Check init system - command: cat /proc/1/comm - changed_when: false - register: _pid1_name +- import_tasks: db_setup.yml + when: inventory_hostname == groups['adjutant_all'][0] + vars: + _oslodb_setup_host: "{{ adjutant_galera_setup_host }}" + _oslodb_ansible_python_interpreter: "{{ adjutant_galera_setup_python_interpreter }}" + _oslodb_setup_endpoint: "{{ adjutant_galera_address }}" + _oslodb_setup_port: "{{ adjutant_galera_port }}" + _oslodb_databases: + - name: "{{ adjutant_galera_database }}" + users: + - username: "{{ adjutant_galera_user }}" + password: "{{ adjutant_galera_password }}" tags: - - always + - common-db + - adjutant-config -- name: Set the name of pid1 - set_fact: - pid1_name: "{{ _pid1_name.stdout }}" - tags: - - always - -- include: adjutant_pre_install.yml - tags: - - adjutant-install - -- name: Install distro packages - package: - pkg: virtualenv - state: present - update_cache: "{{ (ansible_pkg_mgr == 'apt') | ternary('yes', omit) }}" - cache_valid_time: "{{ (ansible_pkg_mgr == 'apt') | ternary(cache_timeout, omit) }}" - register: install_packages - until: install_packages|success - retries: 5 - delay: 2 +- import_tasks: adjutant_pre_install.yml tags: - adjutant-install - name: Install the python venv import_role: - name: "ansible-role-python_venv_build" + name: "python_venv_build" vars: venv_python_executable: "{{ adjutant_venv_python_executable }}" + venv_build_constraints: "{{ adjutant_git_constraints }}" venv_build_distro_package_list: "{{ adjutant_devel_distro_packages }}" venv_install_destination_path: "{{ adjutant_bin | dirname }}" - venv_install_distro_package_list: "{{ adjutant_distro_packages }}" - venv_pip_install_args: "{{ adjutant_pip3_install_args }}" - venv_pip_packages: "{{ adjutant_pip3_packages }}" + venv_pip_install_args: "{{ adjutant_pip_install_args }}" + venv_pip_packages: "{{ adjutant_pip_packages }}" venv_facts_when_changed: - section: "adjutant" option: "venv_tag" value: "{{ adjutant_venv_tag }}" - venv_rebuild: "{{ adjutant_venv_rebuild | default('no') }}" - venv_wheel_build_enable: false tags: - adjutant-install -- include: adjutant_post_install.yml +- import_tasks: adjutant_post_install.yml static: no tags: - adjutant-config -- include: adjutant_domain_setup.yml +- import_tasks: adjutant_db_sync.yml when: inventory_hostname == groups['adjutant_all'][0] tags: - adjutant-config -- include: adjutant_db_setup.yml +- import_tasks: service_setup.yml + vars: + _service_adminuri_insecure: "{{ keystone_service_adminuri_insecure }}" + _service_in_ldap: "{{ adjutant_service_in_ldap }}" + _service_setup_host: "{{ adjutant_service_setup_host }}" + _service_setup_host_python_interpreter: "{{ adjutant_service_setup_host_python_interpreter }}" + _service_project_name: "{{ adjutant_service_project_name }}" + _service_region: "{{ adjutant_service_region }}" + _service_users: + - name: "{{ adjutant_service_user_name }}" + password: "{{ adjutant_service_password }}" + role: "{{ adjutant_role_name }}" + - role: "project_mod" + - role: "project_admin" + _service_catalog: + - name: "{{ adjutant_service_name }}" + type: "{{ adjutant_service_type }}" + description: "{{ adjutant_service_description }}" + _service_endpoints: + - interface: "public" + url: "{{ adjutant_service_publicurl }}" + service: "{{ adjutant_service_name }}" + - interface: "internal" + url: "{{ adjutant_service_internalurl }}" + service: "{{ adjutant_service_name }}" + - interface: "admin" + url: "{{ adjutant_service_adminurl }}" + service: "{{ adjutant_service_name }}" when: inventory_hostname == groups['adjutant_all'][0] tags: - adjutant-config -- include: "adjutant_init_{{ ansible_service_mgr }}.yml" - static: no +- name: Run the systemd service role + include_role: + name: systemd_service + vars: + systemd_user_name: "{{ adjutant_system_user_name }}" + systemd_group_name: "{{ adjutant_system_group_name }}" + systemd_tempd_prefix: openstack + systemd_slice_name: adjutant + systemd_lock_path: /var/lock/adjutant + systemd_CPUAccounting: true + systemd_BlockIOAccounting: true + systemd_MemoryAccounting: true + systemd_TasksAccounting: true + systemd_services: + - service_name: "{{ service_var.service_name }}" + enabled: yes + state: started + execstarts: "{{ service_var.execstarts }}" + execreloads: "{{ service_var.execreloads | default([]) }}" + config_overrides: "{{ service_var.init_config_overrides }}" + with_items: "{{ filtered_adjutant_services }}" + loop_control: + loop_var: service_var tags: - - adjutant-setup + - adjutant-config + - systemd-service -- include: adjutant_apache.yml - static: no - when: - - adjutant_use_mod_wsgi | bool +- name: Import uwsgi role + import_role: + name: uwsgi + vars: + uwsgi_services: "{{ uwsgi_adjutant_services }}" + uwsgi_install_method: "source" tags: - - adjutant-setup + - adjutant-install + - adjutant-config + - uwsgi - name: Flush handlers meta: flush_handlers diff --git a/tasks/service_setup.yml b/tasks/service_setup.yml new file mode 100644 index 0000000..9ab3cc9 --- /dev/null +++ b/tasks/service_setup.yml @@ -0,0 +1,162 @@ +--- +# Copyright 2019, VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# WARNING: +# This file is maintained in the openstack-ansible-tests repository. +# https://opendev.org/openstack/openstack-ansible-tests/src/sync/tasks/service_setup.yml +# If you need to modify this file, update the one in the openstack-ansible-tests +# repository. Once it merges there, the changes will automatically be proposed to +# all the repositories which use it. + +# We set the python interpreter to the ansible runtime venv if +# the delegation is to localhost so that we get access to the +# appropriate python libraries in that venv. If the delegation +# is to another host, we assume that it is accessible by the +# system python instead. + +- name: Setup the OS service + delegate_to: "{{ _service_setup_host }}" + vars: + ansible_python_interpreter: "{{ _service_setup_host_python_interpreter }}" + block: + - name: Add keystone domain + openstack.cloud.os_keystone_domain: + cloud: default + state: present + description: "{{ _domain_name_description | default(omit) }}" + name: "{{ _domain_name }}" + endpoint_type: admin + verify: "{{ not _service_adminuri_insecure }}" + register: add_domain + when: _domain_name is defined + until: add_domain is success + retries: 5 + delay: 10 + + - name: Add service project + openstack.cloud.os_project: + cloud: default + state: present + name: "{{ _project_name }}" + description: "{{ _project_description | default(omit) }}" + domain_id: "{{ _project_domain | default('default') }}" + endpoint_type: admin + validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}" + register: add_service + when: + - not (_service_in_ldap | default(False) | bool) + - _project_name is defined + until: add_service is success + retries: 5 + delay: 10 + + - name: Add services to the keystone service catalog + openstack.cloud.os_keystone_service: + cloud: default + state: "{{ item.state | default('present') }}" + name: "{{ item.name }}" + service_type: "{{ item.type }}" + description: "{{ item.description | default('') }}" + endpoint_type: admin + validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}" + register: add_service + with_items: "{{ _service_catalog }}" + when: _service_catalog is defined + until: add_service is success + retries: 5 + delay: 10 + + - name: Add keystone roles + openstack.cloud.os_keystone_role: + cloud: default + state: present + name: "{{ item.role }}" + endpoint_type: admin + validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}" + register: add_service + when: + - not (_service_in_ldap | default(False) | bool) + - _service_users is defined + - "'role' in item" + - (item.condition | default(True)) | bool + until: add_service is success + with_items: "{{ _service_users }}" + retries: 5 + delay: 10 + no_log: True + + - name: Add service users + openstack.cloud.os_user: + cloud: default + state: present + name: "{{ item.name }}" + password: "{{ item.password }}" + domain: "{{ item.domain | default('default') }}" + default_project: "{{ item.project | default(_service_project_name) }}" + endpoint_type: admin + validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}" + update_password: always + register: add_service + when: + - not (_service_in_ldap | default(False) | bool) + - _service_users is defined + - "'name' in item" + - "'password' in item" + - (item.condition | default(True)) | bool + until: add_service is success + with_items: "{{ _service_users }}" + retries: 5 + delay: 10 + no_log: True + + - name: Add service users to the role + openstack.cloud.os_user_role: + cloud: default + state: present + user: "{{ item.name }}" + role: "{{ item.role }}" + project: "{{ item.project | default(_service_project_name) }}" + domain: "{{ item.domain | default(omit) }}" + endpoint_type: admin + validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}" + register: add_service + when: + - not (_service_in_ldap | default(False) | bool) + - _service_users is defined + - "'name' in item" + - "'role' in item" + - (item.condition | default(True)) | bool + until: add_service is success + with_items: "{{ _service_users }}" + retries: 5 + delay: 10 + no_log: True + + - name: Add endpoints to keystone endpoint catalog + openstack.cloud.os_keystone_endpoint: + cloud: default + state: "{{ item.state | default('present') }}" + service: "{{ item.service }}" + endpoint_interface: "{{ item.interface }}" + url: "{{ item.url }}" + region: "{{ _service_region | default('RegionOne') }}" + endpoint_type: admin + validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}" + register: add_service + until: add_service is success + retries: 5 + delay: 10 + with_items: "{{ _service_endpoints }}" + when: _service_endpoints is defined diff --git a/templates/adjutant-httpd.conf.j2 b/templates/adjutant-httpd.conf.j2 deleted file mode 100644 index 11c9217..0000000 --- a/templates/adjutant-httpd.conf.j2 +++ /dev/null @@ -1,44 +0,0 @@ -# {{ ansible_managed }} - - - ServerName {{ ansible_hostname }} - - WSGIDaemonProcess adjutant lang='en_US.UTF-8' locale='en_US.UTF-8' user={{ adjutant_system_user_name }} group={{ adjutant_system_group_name }} processes={{ adjutant_wsgi_processes }} threads={{ adjutant_wsgi_threads }} display-name=%{GROUP} - WSGIProcessGroup adjutant - WSGIScriptAlias / /var/www/cgi-bin/adjutant/adjutant-api - WSGIApplicationGroup %{GLOBAL} - - = 2.4> - ErrorLogFormat "%{cu}t %M" - - - LogLevel {{ adjutant_apache_log_level }} - ErrorLog /var/log/adjutant/adjutant-apache-error.log - CustomLog /var/log/adjutant/adjutant-access.log combined - -{% if adjutant_ssl | bool and adjutant_service_internaluri_proto == "https" -%} - SSLEngine on - SSLCertificateFile {{ adjutant_ssl_cert }} - SSLCertificateKeyFile {{ adjutant_ssl_key }} - {% if adjutant_user_ssl_ca_cert is defined -%} - SSLCACertificateFile {{ adjutant_ssl_ca_cert }} - {% endif -%} - SSLCompression Off - SSLProtocol {{ adjutant_ssl_protocol }} - SSLHonorCipherOrder On - SSLCipherSuite {{ adjutant_ssl_cipher_suite }} - SSLOptions +StdEnvVars +ExportCertData -{% endif %} - - - - AllowOverride None - Options +ExecCGI -Includes - - Require all granted - - - Order allow,deny - Allow from all - - diff --git a/templates/adjutant-ports.conf.j2 b/templates/adjutant-ports.conf.j2 deleted file mode 100644 index b770a17..0000000 --- a/templates/adjutant-ports.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -# {{ ansible_managed }} - -Listen {{ adjutant_service_port }} diff --git a/templates/adjutant-systemd-init.j2 b/templates/adjutant-systemd-init.j2 deleted file mode 100644 index 1f5caac..0000000 --- a/templates/adjutant-systemd-init.j2 +++ /dev/null @@ -1,34 +0,0 @@ -# {{ ansible_managed }} - -[Unit] -Description=adjutant openstack service -After=syslog.target -After=network.target - -[Service] -Type=simple -User={{ adjutant_system_user_name }} -Group={{ adjutant_system_group_name }} - -{% if program_override is defined %} -ExecStart={{ program_override }} {{ program_config_options|default('') }} --log-file=/var/log/adjutant/{{ item.value.service_name }}.log -{% else %} -ExecStart={{ adjutant_bin }}/{{ item.value.service_name }} {{ program_config_options|default('') }} --log-file=/var/log/adjutant/{{ item.value.service_name }}.log -{% endif %} - -# Give a reasonable amount of time for the server to start up/shut down -TimeoutSec=120 -Restart=on-failure -RestartSec=2 - -# This creates a specific slice which all services will operate from -# The accounting options give us the ability to see resource usage through -# the `systemd-cgtop` command. -Slice=adjutant.slice -CPUAccounting=true -BlockIOAccounting=true -MemoryAccounting=false -TasksAccounting=true - -[Install] -WantedBy=multi-user.target diff --git a/templates/adjutant-systemd-tempfiles.j2 b/templates/adjutant-systemd-tempfiles.j2 deleted file mode 100644 index 921fdf4..0000000 --- a/templates/adjutant-systemd-tempfiles.j2 +++ /dev/null @@ -1,4 +0,0 @@ -# {{ ansible_managed }} - -D /var/lock/{{ item.value.service_name }} 2755 {{ adjutant_system_user_name }} {{ adjutant_system_group_name }} -D /var/run/{{ item.value.service_name }} 2755 {{ adjutant_system_user_name }} {{ adjutant_system_group_name }} diff --git a/templates/adjutant-wsgi.load.j2 b/templates/adjutant-wsgi.load.j2 deleted file mode 100644 index 40c66a2..0000000 --- a/templates/adjutant-wsgi.load.j2 +++ /dev/null @@ -1,4 +0,0 @@ -# {{ ansible_managed }} - -LoadModule wsgi_module "/openstack/venvs/adjutant-{{ adjutant_venv_tag }}/lib/python3.5/site-packages/mod_wsgi/server/mod_wsgi-py35.cpython-35m-x86_64-linux-gnu.so" -WSGIPythonHome "/openstack/venvs/adjutant-{{ adjutant_venv_tag }}" diff --git a/templates/adjutant.yaml.j2 b/templates/adjutant.yaml.j2 index 0635e89..0ea07b8 100644 --- a/templates/adjutant.yaml.j2 +++ b/templates/adjutant.yaml.j2 @@ -10,15 +10,34 @@ django: ENGINE: django.db.backends.mysql HOST: '{{ adjutant_galera_address }}' NAME: '{{ adjutant_galera_database }}' - PASSWORD: '{{ adjutant_container_mysql_password }}' + PASSWORD: '{{ adjutant_galera_password }}' USER: '{{ adjutant_galera_user }}' - log_file: adjutant.log + logging: + version: 1 + disable_existing_loggers: False + handlers: + syslog: + class: logging.handlers.SysLogHandler + address: /dev/log + loggers: + adjutant: + handlers: + - syslog + propagate: False + django: + handlers: + - syslog + propagate: False + keystonemiddleware: + handlers: + - syslog + propagate: False email: email_backend: {{ adjutant_email_backend }} host: {{ adjutant_email_host }} port: {{ adjutant_email_port }} host_user: {{ adjutant_email_host_user }} - host_password: {{ adjutant_email_host_password }} + host_password: {{ adjutant_email_host_password | default('') }} use_tls: {{ adjutant_email_use_tls }} use_ssl: {{ adjutant_email_use_ssl }} diff --git a/tests/os_adjutant-overrides.yml b/tests/os_adjutant-overrides.yml index 739aaa1..6f8581f 100644 --- a/tests/os_adjutant-overrides.yml +++ b/tests/os_adjutant-overrides.yml @@ -16,6 +16,6 @@ adjutant_venv_tag: "testing" adjutant_developer_mode: true adjutant_galera_address: "{{ hostvars[groups['galera_all'][0]]['ansible_host'] }}" -adjutant_container_mysql_password: "SuperSecrete" +adjutant_galera_password: "SuperSecrete" adjutant_service_password: "secrete" adjutant_secret_key: "secretkey" diff --git a/tox.ini b/tox.ini index 64ff39f..247fcdb 100644 --- a/tox.ini +++ b/tox.ini @@ -31,10 +31,20 @@ setenv = [testenv:docs] +deps = -r{toxinidir}/doc/requirements.txt commands= bash -c "rm -rf doc/build" doc8 doc - python setup.py build_sphinx + sphinx-build -W --keep-going -b html doc/source doc/build/html + + +[testenv:pdf-docs] +deps = {[testenv:docs]deps} +whitelist_externals = + make +commands = + sphinx-build -W --keep-going -b latex doc/source doc/build/pdf + make -C doc/build/pdf [doc8] @@ -43,8 +53,9 @@ extensions = .rst [testenv:releasenotes] +deps = -r{toxinidir}/doc/requirements.txt commands = - sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html + sphinx-build -a -E -W -d releasenotes/build/doctrees --keep-going -b html releasenotes/source releasenotes/build/html # environment used by the -infra templated docs job diff --git a/vars/debian.yml b/vars/debian.yml new file mode 100644 index 0000000..bc5edb2 --- /dev/null +++ b/vars/debian.yml @@ -0,0 +1,24 @@ +--- +# Copyright 2016, Walmart Stores, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +## APT Cache options +cache_timeout: 600 + +adjutant_devel_distro_packages: + - cmake + - gcc + - python3-dev + - git-core + - libsystemd-dev diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..0798161 --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,48 @@ +--- +# Copyright 2020, City Network International AB. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +filtered_adjutant_services: |- + {% set services = [] %} + {% for key, value in adjutant_services.items() %} + {% if (value['group'] in group_names) and + (('condition' not in value) or + ('condition' in value and value['condition'])) and + not ('wsgi_app' in value and value['wsgi_app']) %} + {% set _ = value.update({'service_key': key}) %} + {% set _ = services.append(value) %} + {% endif %} + {% endfor %} + {{ services | sort(attribute='start_order') }} + +uwsgi_adjutant_services: |- + {% set services = {} %} + {% for key, value in adjutant_services.items() %} + {% if (value['group'] in group_names) and + (('condition' not in value) or ('condition' in value and value['condition'])) + and ('wsgi_app' in value and value['wsgi_app']) %} + {% set _ = value.update( + { + 'wsgi_path': adjutant_bin ~ '/' ~ value.wsgi_name, + 'wsgi_venv': adjutant_bin | dirname, + 'uwsgi_uid': adjutant_system_user_name, + 'uwsgi_guid': adjutant_system_group_name, + 'uwsgi_processes': adjutant_wsgi_processes, + 'uwsgi_threads': adjutant_wsgi_threads, + } + ) %} + {% set _ = services.update({key: value}) %} + {% endif %} + {% endfor %} + {{ services }} diff --git a/vars/redhat-7.yml b/vars/redhat.yml similarity index 50% rename from vars/redhat-7.yml rename to vars/redhat.yml index 9707824..c4c12ca 100644 --- a/vars/redhat-7.yml +++ b/vars/redhat.yml @@ -13,23 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -adjutant_distro_packages: - - git - - httpd - - httpd-tools - - mod_wsig - - libmysqlclient-dev +adjutant_devel_distro_packages: + - git-core - openssl-devel - - virtualenv - - python-keystoneclient - -adjutant_system_service_name: httpd -adjutant_apache_config: - - { src: "adjutant-ports.conf.j2", dest: "/etc/httpd/conf.d/ports.conf" } - - { src: "adjutant-httpd.conf.j2", dest: "/etc/httpd/conf.d/adjutant-httpd.conf" } -adjutant_apache_default_sites: - - "/etc/httpd/conf.d/userdir.conf" - - "/etc/httpd/conf.d/welcome.conf" - - "/etc/httpd/conf.d/ssl.conf" -adjutant_apache_conf: "/etc/httpd/conf/httpd.conf" -adjutant_apache_security_conf: "{{ adjutant_apache_conf }}" + - systemd-devel diff --git a/vars/ubuntu.yml b/vars/ubuntu.yml deleted file mode 100644 index 5ebca6c..0000000 --- a/vars/ubuntu.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Copyright 2016, Walmart Stores, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -## APT Cache options -cache_timeout: 600 - -adjutant_devel_distro_packages: - - cmake - - gcc - - python3-dev - - apache2-dev - - libmysqlclient-dev - - libssl-dev - -adjutant_distro_packages: - - apache2 - - apache2-utils - - git - - python-keystoneclient - - libapache2-mod-wsgi - -adjutant_system_service_name: apache2 -adjutant_apache_config: - - { src: "adjutant-ports.conf.j2", dest: "/etc/apache2/ports.conf" } - - { src: "adjutant-httpd.conf.j2", dest: "/etc/apache2/sites-available/adjutant-httpd.conf" } - - { src: "adjutant-wsgi.load.j2", dest: "/etc/apache2/mods-available/wsgi.load" } -adjutant_apache_default_sites: - - "/etc/apache2/sites-enabled/000-default.conf" -adjutant_apache_site_available: "/etc/apache2/sites-available/adjutant-httpd.conf" -adjutant_apache_site_enabled: "/etc/apache2/sites-enabled/adjutant-httpd.conf" -adjutant_apache_conf: "/etc/apache2/apache2.conf" -adjutant_apache_security_conf: "/etc/apache2/conf-available/security.conf" diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml new file mode 100644 index 0000000..318bac5 --- /dev/null +++ b/zuul.d/project.yaml @@ -0,0 +1,22 @@ +--- +# Copyright 2020, City Network International AB. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- project: + templates: + - check-requirements + - openstack-ansible-linters-jobs + - openstack-ansible-deploy-aio_metal-jobs + - publish-openstack-docs-pti + - release-notes-jobs-python3