openstack/openstack-ansible-os_swift
Code Issues Proposed changes
openstack-ansible-os_swift/tasks/swift_service_setup.yml
Steve Lewis 1d55c377b8 Filter Gnocchi traffic optionally 
When using Swift storage for Gnocchi we want to add a filter to the
Ceilometer middleware for Swift to exclude reporting traffic caused
by Gnocchi storing data into Swift to avoid feedback-loops. This
is typically done by isolating the Gnocchi in a dedicated Project in
Keystone.

The best place to filter this traffic is in the middleware
as opposed to filtering in the Ceilometer Collector.

Related-To: I67b5bff394ad35cf95d10ba32d602954799d7348
Change-Id: If20248494d4e6c127db4ffdf77ae43482f64fe58
2016-09-07 11:40:43 -07:00

199 lines
7.1 KiB
YAML
Raw Blame History

---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Create a service
- name: Ensure swift service
keystone:
command: "ensure_service"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
service_name: "{{ swift_service_name }}"
service_type: "{{ swift_service_type }}"
description: "{{ swift_service_description }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
until: add_service|success
retries: 5
delay: 2
# Create an admin user
- name: Ensure swift user
keystone:
command: "ensure_user"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
user_name: "{{ swift_service_user_name }}"
tenant_name: "{{ swift_service_project_name }}"
password: "{{ swift_service_password }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
when: not swift_service_in_ldap | bool
until: add_service|success
retries: 5
delay: 10
# Add a role to the user
- name: Ensure swift user to admin role
keystone:
command: "ensure_user_role"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
user_name: "{{ swift_service_user_name }}"
tenant_name: "{{ swift_service_project_name }}"
role_name: "{{ swift_service_role_name }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
when: not swift_service_in_ldap | bool
until: add_service|success
retries: 5
delay: 10
- name: Ensure swiftoperator role
keystone:
command: "ensure_role"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
role_name: "{{ swift_operator_role }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
until: add_service|success
retries: 5
delay: 10
- name: "Create keystone user for swift-dispersion"
keystone:
command: "ensure_user"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
user_name: "{{ swift_dispersion_user }}"
tenant_name: "{{ swift_service_project_name }}"
password: "{{ swift_dispersion_password }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
when: not swift_service_in_ldap | bool
until: add_service|success
retries: 5
delay: 10
- name: "Create keystone role for ResellerAdmin"
keystone:
command: "ensure_role"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
role_name: "ResellerAdmin"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_role
until: add_role|success
retries: 5
delay: 10
when: swift_ceilometer_enabled | bool
- name: "Add ResellerAdmin role to the service tenant and ceilometer user"
keystone:
command: "ensure_user_role"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
user_name: "{{ ceilometer_service_user_name }}"
tenant_name: "{{ ceilometer_service_tenant_name }}"
role_name: "{{ swift_reselleradmin_role }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: ensure_role
until: ensure_role|success
retries: 5
delay: 10
when: swift_ceilometer_enabled | bool
- name: "Add swiftoperator role to swift-dispersion user"
keystone:
command: "ensure_user_role"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
user_name: "{{ swift_dispersion_user }}"
tenant_name: "{{ swift_service_project_name }}"
role_name: "{{ swift_operator_role }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
until: add_service|success
retries: 5
delay: 10
# Create an endpoint
- name: Ensure swift endpoint
keystone:
command: "ensure_endpoint"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
region_name: "{{ swift_service_region }}"
service_name: "{{ swift_service_name }}"
service_type: "{{ swift_service_type }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
endpoint_list:
- url: "{{ swift_service_publicurl }}"
interface: "public"
- url: "{{ swift_service_internalurl }}"
interface: "internal"
- url: "{{ swift_service_adminurl }}"
interface: "admin"
register: add_service
until: add_service|success
retries: 5
delay: 10
# KNOWN ISSUE(stevelle) Never fail. Swift playbook runs before Gnocchi in a
# standard deploy. The project for Gnocchi will not have been created yet.
# There is a known issue in project / user / role lifecycles that causes a
# circular service dependency here. The Swift playbook must be run a second
# time, after the Gnocchi playbook runs, when it uses Swift storage as a
# workaround.
- name: Get Gnocchi project id
keystone:
command: get_project
tenant_name: "{{ gnocchi_service_project_name }}"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: get_gnocchi_project
failed_when: False
when:
- swift_gnocchi_enabled | bool
- swift_gnocchi_service_project_id is not defined
- name: Store Gnocchi project id
set_fact:
swift_gnocchi_service_project_id: "{{ keystone_facts.id }}"
when:
- swift_gnocchi_enabled | bool
- get_gnocchi_project | success
View Git Blame Copy Permalink