diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 872489d174..ffa125da16 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -245,7 +245,7 @@ tacker_server_port: "9890"
fluentd_syslog_port: "5140"
-zun_api_port: "9512"
+zun_api_port: "9517"
ovsdb_port: "6640"
diff --git a/ansible/roles/zun/defaults/main.yml b/ansible/roles/zun/defaults/main.yml
index c81c326a9a..022ac70b98 100644
--- a/ansible/roles/zun/defaults/main.yml
+++ b/ansible/roles/zun/defaults/main.yml
@@ -16,10 +16,13 @@ zun_services:
group: zun-compute
enabled: true
image: "{{ zun_compute_image_full }}"
+ privileged: True
volumes:
- "{{ node_config_directory }}/zun-compute/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
+ - "/run:/run:shared"
+ - "/usr/lib/docker:/usr/lib/docker"
####################
## Database
@@ -44,9 +47,9 @@ zun_api_image_full: "{{ zun_api_image }}:{{ zun_api_tag }}"
####################
## OpenStack
####################
-zun_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ zun_api_port }}/v1/%(tenant_id)s"
-zun_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ zun_api_port }}/v1/%(tenant_id)s"
-zun_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ zun_api_port }}/v1/%(tenant_id)s"
+zun_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ zun_api_port }}/v1/"
+zun_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ zun_api_port }}/v1/"
+zun_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ zun_api_port }}/v1/"
zun_logging_debug: "{{ openstack_logging_debug }}"
diff --git a/ansible/roles/zun/handlers/main.yml b/ansible/roles/zun/handlers/main.yml
index ba34d4b881..beab820d5e 100644
--- a/ansible/roles/zun/handlers/main.yml
+++ b/ansible/roles/zun/handlers/main.yml
@@ -12,6 +12,7 @@
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
+ privileged: "{{ service.privileged | default(False) }}"
volumes: "{{ service.volumes }}"
when:
- action != "config"
@@ -19,6 +20,7 @@
- service.enabled | bool
- config_json.changed | bool
or zun_conf.changed | bool
+ or zun_conf_wsgi.changed | bool
or policy_json.changed | bool
or zun_api_container.changed | bool
@@ -35,6 +37,7 @@
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
+ privileged: "{{ service.privileged | default(False) }}"
volumes: "{{ service.volumes }}"
when:
- action != "config"
diff --git a/ansible/roles/zun/tasks/config.yml b/ansible/roles/zun/tasks/config.yml
index bdf326db01..9712b48bab 100644
--- a/ansible/roles/zun/tasks/config.yml
+++ b/ansible/roles/zun/tasks/config.yml
@@ -42,6 +42,19 @@
- Restart zun-api container
- Restart zun-compute container
+- name: Copying over wsgi-zun files for services
+ vars:
+ service: "{{ zun_services['zun-api'] }}"
+ template:
+ src: "wsgi-zun.conf.j2"
+ dest: "{{ node_config_directory }}/zun-api/wsgi-zun.conf"
+ register: zun_conf_wsgi
+ when:
+ - inventory_hostname in groups[service.group]
+ - service.enabled | bool
+ notify:
+ - Restart zun-api container
+
- name: Check if policies shall be overwritten
local_action: stat path="{{ node_custom_config }}/zun/policy.json"
register: zun_policy
@@ -65,6 +78,7 @@
common_options: "{{ docker_common_options }}"
name: "{{ item.value.container_name }}"
image: "{{ item.value.image }}"
+ privileged: "{{ item.value.privileged | default(False) }}"
volumes: "{{ item.value.volumes }}"
register: check_zun_containers
when:
diff --git a/ansible/roles/zun/templates/wsgi-zun.conf.j2 b/ansible/roles/zun/templates/wsgi-zun.conf.j2
new file mode 100644
index 0000000000..e484ea7306
--- /dev/null
+++ b/ansible/roles/zun/templates/wsgi-zun.conf.j2
@@ -0,0 +1,25 @@
+{% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %}
+Listen {{ api_interface_address }}:{{ zun_api_port }}
+
+<VirtualHost *:{{ zun_api_port }}>
+
+ ## Vhost docroot
+ DocumentRoot "/var/www/cgi-bin/zun"
+
+ ## Directories, there should at least be a declaration for /var/www/cgi-bin/zun
+
+ <Directory "/var/www/cgi-bin/zun">
+ Options Indexes FollowSymLinks MultiViews
+ AllowOverride None
+ Require all granted
+ </Directory>
+
+ ## Logging
+ ErrorLog "/var/log/kolla/zun/zun_api_wsgi_error.log"
+ ServerSignature Off
+ CustomLog "/var/log/kolla/zun/zun_api_wsgi_access.log" combined
+ WSGIApplicationGroup %{GLOBAL}
+ WSGIDaemonProcess zun group=zun processes={{ openstack_service_workers }} threads=1 user=zun python-path={{ python_path }}
+ WSGIProcessGroup zun
+ WSGIScriptAlias / "/var/www/cgi-bin/zun/app.wsgi"
+</VirtualHost>
diff --git a/ansible/roles/zun/templates/zun-api.json.j2 b/ansible/roles/zun/templates/zun-api.json.j2
index ded9aea735..14feaf3bbf 100644
--- a/ansible/roles/zun/templates/zun-api.json.j2
+++ b/ansible/roles/zun/templates/zun-api.json.j2
@@ -1,5 +1,7 @@
+{% set zun_cmd = 'apache2' if kolla_base_distro in ['ubuntu', 'debian'] else 'httpd' %}
+{% set zun_dir = 'apache2/conf-enabled' if kolla_base_distro in ['ubuntu', 'debian'] else 'httpd/conf.d' %}
{
- "command": "zun-api --config-file /etc/zun/zun.conf",
+ "command": "{{ zun_cmd }} -DFOREGROUND",
"config_files": [
{
"source": "{{ container_config_directory }}/zun.conf",
@@ -8,16 +10,17 @@
"perm": "0600"
},
{
- "source": "{{ container_config_directory }}/api-paste.ini",
- "dest": "/etc/zun/api-paste.ini",
- "owner": "zun",
+ "source": "{{ container_config_directory }}/wsgi-zun.conf",
+ "dest": "/etc/{{ zun_dir }}/wsgi-zun.conf",
+ "owner": "root",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/zun/policy.json",
"owner": "zun",
- "perm": "0600"
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/zun/templates/zun.conf.j2 b/ansible/roles/zun/templates/zun.conf.j2
index b7c1a01a4e..2fb85acec7 100644
--- a/ansible/roles/zun/templates/zun.conf.j2
+++ b/ansible/roles/zun/templates/zun.conf.j2
@@ -3,10 +3,17 @@ debug = {{ zun_logging_debug }}
log_dir = /var/log/kolla/zun
transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{% if orchestration_engine == 'KUBERNETES' %}rabbitmq{% else %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}{% endif %}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
-{% if service_name == 'zun-api' %}
-osapi_zun_listen = {{ api_interface_address }}
-osapi_zun_listen_port = {{ zun_api_port }}
-{% endif %}
+container_driver = docker.driver.DockerDriver
+image_driver_list = glance
+db_type = sql
+
+[api]
+host_ip = {{ api_interface_address }}
+port = {{ zun_api_port }}
+workers = {{ openstack_service_workers }}
+
+[compute]
+topic = zun-compute
[database]
connection = mysql+pymysql://{{ zun_database_user }}:{{ zun_database_password }}@{{ zun_database_address }}/{{ zun_database_name }}
@@ -17,10 +24,9 @@ version = 1
service_type = container
service_name = zun
-[keystone_authtoken]
+[keystone_auth]
auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
-project_domain_name = Default
auth_type = password
project_domain_id = default
user_domain_id = default
@@ -31,3 +37,32 @@ password = {{ zun_keystone_password }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+[keystone_authtoken]
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
+auth_type = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = {{ zun_keystone_user }}
+password = {{ zun_keystone_password }}
+service_token_roles_required = True
+
+memcache_security_strategy = ENCRYPT
+memcache_secret_key = {{ memcache_secret_key }}
+memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+
+[glance_client]
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
+auth_type = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = {{ zun_keystone_user }}
+password = {{ zun_keystone_password }}
+region_name = {{ openstack_region_name }}
+endpoint_type = internalURL
+api_version = 2