diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 54b6268661..b51b98903e 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -216,6 +216,8 @@ trove_api_port: "8779"
etcd_client_port: "2379"
etcd_peer_port: "2380"
+karbor_api_port: "8799"
+
kuryr_port: "23750"
searchlight_api_port: "9393"
@@ -299,6 +301,7 @@ enable_horizon_watcher: "{{ enable_watcher | bool }}"
enable_influxdb: "no"
enable_ironic: "no"
enable_iscsid: "{{ enable_cinder_backend_iscsi | bool or enable_cinder_backend_lvm | bool or enable_ironic | bool }}"
+enable_karbor: "no"
enable_kuryr: "no"
enable_magnum: "no"
enable_manila: "no"
diff --git a/ansible/inventory/all-in-one b/ansible/inventory/all-in-one
index 2b182070ba..5daa04f1a0 100644
--- a/ansible/inventory/all-in-one
+++ b/ansible/inventory/all-in-one
@@ -29,6 +29,9 @@ monitoring
[etcd:children]
control
+[karbor:children]
+control
+
[kibana:children]
control
@@ -254,6 +257,16 @@ ironic-conductor
[tgtd:children]
storage
+# Karbor
+[karbor-api:children]
+karbor
+
+[karbor-protection:children]
+karbor
+
+[karbor-operationengine:children]
+karbor
+
# Manila
[manila-api:children]
manila
diff --git a/ansible/inventory/multinode b/ansible/inventory/multinode
index dc6a8b1169..129883e9de 100644
--- a/ansible/inventory/multinode
+++ b/ansible/inventory/multinode
@@ -48,6 +48,9 @@ control
[influxdb:children]
monitoring
+[karbor:children]
+control
+
[kibana:children]
control
@@ -270,6 +273,16 @@ ironic-conductor
[tgtd:children]
storage
+# Karbor
+[karbor-api:children]
+karbor
+
+[karbor-protection:children]
+karbor
+
+[karbor-operationengine:children]
+karbor
+
# Manila
[manila-api:children]
manila
diff --git a/ansible/roles/common/tasks/config.yml b/ansible/roles/common/tasks/config.yml
index 4fb093683d..a456bb81b0 100644
--- a/ansible/roles/common/tasks/config.yml
+++ b/ansible/roles/common/tasks/config.yml
@@ -87,6 +87,7 @@
- { name: "haproxy", enabled: "{{ enable_haproxy }}" }
- { name: "heat", enabled: "{{ enable_heat }}" }
- { name: "iscsid", enabled: "{{ enable_iscsid }}" }
+ - { name: "karbor", enabled: "{{ enable_karbor }}" }
- { name: "keepalived", enabled: "{{ enable_haproxy }}" }
- { name: "keystone", enabled: "{{ enable_keystone }}" }
- { name: "magnum", enabled: "{{ enable_magnum }}" }
diff --git a/ansible/roles/common/templates/cron-logrotate-karbor.conf.j2 b/ansible/roles/common/templates/cron-logrotate-karbor.conf.j2
new file mode 100644
index 0000000000..7c77eb239d
--- /dev/null
+++ b/ansible/roles/common/templates/cron-logrotate-karbor.conf.j2
@@ -0,0 +1,3 @@
+"/var/log/kolla/karbor/*.log"
+{
+}
diff --git a/ansible/roles/common/templates/cron.json.j2 b/ansible/roles/common/templates/cron.json.j2
index bb94d55d1c..bbf028a311 100644
--- a/ansible/roles/common/templates/cron.json.j2
+++ b/ansible/roles/common/templates/cron.json.j2
@@ -14,6 +14,7 @@
( 'haproxy', enable_haproxy ),
( 'heat', enable_heat ),
( 'iscsid', enable_iscsid ),
+ ( 'karbor', enable_karbor ),
( 'keepalived', enable_haproxy ),
( 'keystone', enable_keystone ),
( 'magnum', enable_magnum ),
diff --git a/ansible/roles/haproxy/tasks/precheck.yml b/ansible/roles/haproxy/tasks/precheck.yml
index 9d9fcb53f3..90d3d3b99e 100644
--- a/ansible/roles/haproxy/tasks/precheck.yml
+++ b/ansible/roles/haproxy/tasks/precheck.yml
@@ -221,6 +221,16 @@
when:
- enable_keystone | bool
- "{{ 'keystone_external' not in haproxy_stat }}"
+
+- name: Checking free port for Karbor Admin HAProxy
+ wait_for:
+ host: "{{ kolla_internal_vip_address }}"
+ port: "{{ karbor_api_port }}"
+ connect_timeout: 1
+ state: stopped
+ when:
+ - enable_karbor | bool
+ - "{{ 'karbor_api' not in haproxy_stat }}"
- inventory_hostname in groups['haproxy']
- name: Checking free port for Kibana HAProxy
diff --git a/ansible/roles/haproxy/templates/haproxy.cfg.j2 b/ansible/roles/haproxy/templates/haproxy.cfg.j2
index ee83f3f37b..b9eb13c4e3 100644
--- a/ansible/roles/haproxy/templates/haproxy.cfg.j2
+++ b/ansible/roles/haproxy/templates/haproxy.cfg.j2
@@ -363,6 +363,22 @@ listen ironic_api_external
{% endif %}
{% endif %}
+{% if enable_karbor | bool %}
+listen karbor_api
+ bind {{ kolla_internal_vip_address }}:{{ karbor_api_port }}
+{% for host in groups['karbor-api'] %}
+ server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ karbor_api_port }} check inter 2000 rise 2 fall 5
+{% endfor %}
+{% if haproxy_enable_external_vip | bool %}
+
+listen karbor_api_external
+ bind {{ kolla_external_vip_address }}:{{ karbor_api_port }} {{ tls_bind_info }}
+{% for host in groups['karbor-api'] %}
+ server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ karbor_api_port }} check inter 2000 rise 2 fall 5
+{% endfor %}
+{% endif %}
+{% endif %}
+
{% if enable_senlin | bool %}
listen senlin_api
bind {{ kolla_internal_vip_address }}:{{ senlin_api_port }}
diff --git a/ansible/roles/karbor/defaults/main.yml b/ansible/roles/karbor/defaults/main.yml
new file mode 100644
index 0000000000..1b2e659be1
--- /dev/null
+++ b/ansible/roles/karbor/defaults/main.yml
@@ -0,0 +1,39 @@
+---
+project_name: "karbor"
+
+####################
+# Database
+####################
+karbor_database_name: "karbor"
+karbor_database_user: "karbor"
+karbor_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}"
+
+
+####################
+# Docker
+####################
+karbor_protection_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-karbor-protection"
+karbor_protection_tag: "{{ openstack_release }}"
+karbor_protection_image_full: "{{ karbor_protection_image }}:{{ karbor_protection_tag }}"
+
+karbor_operationengine_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-karbor-operationengine"
+karbor_operationengine_tag: "{{ openstack_release }}"
+karbor_operationengine_image_full: "{{ karbor_operationengine_image }}:{{ karbor_operationengine_tag }}"
+
+karbor_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-karbor-api"
+karbor_api_tag: "{{ openstack_release }}"
+karbor_api_image_full: "{{ karbor_api_image }}:{{ karbor_api_tag }}"
+
+
+####################
+# OpenStack
+####################
+karbor_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ karbor_api_port }}/v1/%(tenant_id)s"
+karbor_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ karbor_api_port }}/v1/%(tenant_id)s"
+karbor_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ karbor_api_port }}/v1/%(tenant_id)s"
+
+karbor_logging_debug: "{{ openstack_logging_debug }}"
+
+karbor_keystone_user: "karbor"
+
+openstack_karbor_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}"
diff --git a/ansible/roles/karbor/meta/main.yml b/ansible/roles/karbor/meta/main.yml
new file mode 100644
index 0000000000..6b4fff8fef
--- /dev/null
+++ b/ansible/roles/karbor/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+ - { role: common }
diff --git a/ansible/roles/karbor/tasks/bootstrap.yml b/ansible/roles/karbor/tasks/bootstrap.yml
new file mode 100644
index 0000000000..8c36eedd3d
--- /dev/null
+++ b/ansible/roles/karbor/tasks/bootstrap.yml
@@ -0,0 +1,41 @@
+---
+- name: Creating Karbor database
+ command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+ -m mysql_db
+ -a "login_host='{{ database_address }}'
+ login_port='{{ database_port }}'
+ login_user='{{ database_user }}'
+ login_password='{{ database_password }}'
+ name='{{ karbor_database_name }}'"
+ register: database
+ changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and
+ (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+ failed_when: database.stdout.split()[2] != 'SUCCESS'
+ run_once: True
+ delegate_to: "{{ groups['karbor-api'][0] }}"
+
+- name: Reading json from variable
+ set_fact:
+ database_created: "{{ (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+
+- name: Creating Karbor database user and setting permissions
+ command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+ -m mysql_user
+ -a "login_host='{{ database_address }}'
+ login_port='{{ database_port }}'
+ login_user='{{ database_user }}'
+ login_password='{{ database_password }}'
+ name='{{ karbor_database_name }}'
+ password='{{ karbor_database_password }}'
+ host='%'
+ priv='{{ karbor_database_name }}.*:ALL'
+ append_privs='yes'"
+ register: database_user_create
+ changed_when: "{{ database_user_create.stdout.find('localhost | SUCCESS => ') != -1 and
+ (database_user_create.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+ failed_when: database_user_create.stdout.split()[2] != 'SUCCESS'
+ run_once: True
+ delegate_to: "{{ groups['karbor-api'][0] }}"
+
+- include: bootstrap_service.yml
+ when: database_created
diff --git a/ansible/roles/karbor/tasks/bootstrap_service.yml b/ansible/roles/karbor/tasks/bootstrap_service.yml
new file mode 100644
index 0000000000..f2cb6f9362
--- /dev/null
+++ b/ansible/roles/karbor/tasks/bootstrap_service.yml
@@ -0,0 +1,20 @@
+---
+- name: Running Karbor bootstrap container
+ kolla_docker:
+ action: "start_container"
+ common_options: "{{ docker_common_options }}"
+ detach: False
+ environment:
+ KOLLA_BOOTSTRAP:
+ KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
+ image: "{{ karbor_api_image_full }}"
+ labels:
+ BOOTSTRAP:
+ name: "bootstrap_karbor"
+ restart_policy: "never"
+ volumes:
+ - "{{ node_config_directory }}/karbor-api/:{{ container_config_directory }}/:ro"
+ - "/etc/localtime:/etc/localtime:ro"
+ - "kolla_logs:/var/log/kolla/"
+ run_once: True
+ delegate_to: "{{ groups['karbor-api'][0] }}"
diff --git a/ansible/roles/karbor/tasks/config.yml b/ansible/roles/karbor/tasks/config.yml
new file mode 100644
index 0000000000..204b966629
--- /dev/null
+++ b/ansible/roles/karbor/tasks/config.yml
@@ -0,0 +1,47 @@
+---
+- name: Ensuring config directories exist
+ file:
+ path: "{{ node_config_directory }}/{{ item }}"
+ path: "{{ node_config_directory }}/{{ item }}/providers.d"
+ state: "directory"
+ recurse: yes
+ with_items:
+ - "karbor-api"
+ - "karbor-protection"
+ - "karbor-operationengine"
+
+- name: Copying over config.json files for services
+ template:
+ src: "{{ item }}.json.j2"
+ dest: "{{ node_config_directory }}/{{ item }}/config.json"
+ with_items:
+ - "karbor-api"
+ - "karbor-protection"
+ - "karbor-operationengine"
+
+- name: Copying over karbor.conf
+ merge_configs:
+ vars:
+ service_name: "{{ item }}"
+ sources:
+ - "{{ role_path }}/templates/karbor.conf.j2"
+ - "{{ node_config_directory }}/config/global.conf"
+ - "{{ node_config_directory }}/config/database.conf"
+ - "{{ node_config_directory }}/config/messaging.conf"
+ - "{{ node_config_directory }}/config/karbor.conf"
+ - "{{ node_config_directory }}/config/karbor/{{ item }}.conf"
+ - "{{ node_config_directory }}/config/karbor/{{ inventory_hostname }}/karbor.conf"
+ dest: "{{ node_config_directory }}/{{ item }}/karbor.conf"
+ with_items:
+ - "karbor-api"
+ - "karbor-protection"
+ - "karbor-operationengine"
+
+- name: Copying over openstack-infra.conf
+ template:
+ src: "providers.d/openstack-infra.conf.j2"
+ dest: "{{ node_config_directory }}/{{ item }}/providers.d/openstack-infra.conf"
+ with_items:
+ - "karbor-api"
+ - "karbor-protection"
+ - "karbor-operationengine"
diff --git a/ansible/roles/karbor/tasks/deploy.yml b/ansible/roles/karbor/tasks/deploy.yml
new file mode 100644
index 0000000000..4cb15ce2f6
--- /dev/null
+++ b/ansible/roles/karbor/tasks/deploy.yml
@@ -0,0 +1,16 @@
+---
+- include: register.yml
+ when: inventory_hostname in groups['karbor-api']
+
+- include: config.yml
+ when: inventory_hostname in groups['karbor-api'] or
+ inventory_hostname in groups['karbor-protection'] or
+ inventory_hostname in groups['karbor-operationengine']
+
+- include: bootstrap.yml
+ when: inventory_hostname in groups['karbor-api']
+
+- include: start.yml
+ when: inventory_hostname in groups['karbor-api'] or
+ inventory_hostname in groups['karbor-protection'] or
+ inventory_hostname in groups['karbor-operationengine']
diff --git a/ansible/roles/karbor/tasks/main.yml b/ansible/roles/karbor/tasks/main.yml
new file mode 100644
index 0000000000..b017e8b4ad
--- /dev/null
+++ b/ansible/roles/karbor/tasks/main.yml
@@ -0,0 +1,2 @@
+---
+- include: "{{ action }}.yml"
diff --git a/ansible/roles/karbor/tasks/precheck.yml b/ansible/roles/karbor/tasks/precheck.yml
new file mode 100644
index 0000000000..1d5c0f3b77
--- /dev/null
+++ b/ansible/roles/karbor/tasks/precheck.yml
@@ -0,0 +1,16 @@
+---
+- name: Get container facts
+ kolla_container_facts:
+ name:
+ - karbor_api
+ register: container_facts
+
+- name: Checking free port for Karbor Admin
+ wait_for:
+ host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
+ port: "{{ karbor_api_port }}"
+ connect_timeout: 1
+ state: stopped
+ when:
+ - inventory_hostname in groups['karbor-api']
+ - container_facts['karbor-api'] is not defined
diff --git a/ansible/roles/karbor/tasks/pull.yml b/ansible/roles/karbor/tasks/pull.yml
new file mode 100644
index 0000000000..f000a878d4
--- /dev/null
+++ b/ansible/roles/karbor/tasks/pull.yml
@@ -0,0 +1,21 @@
+---
+- name: Pulling karbor-api image
+ kolla_docker:
+ action: "pull_image"
+ common_options: "{{ docker_common_options }}"
+ image: "{{ karbor_api_image_full }}"
+ when: inventory_hostname in groups['karbor-api']
+
+- name: Pulling karbor-protection image
+ kolla_docker:
+ action: "pull_image"
+ common_options: "{{ docker_common_options }}"
+ image: "{{ karbor_protection_image_full }}"
+ when: inventory_hostname in groups['karbor-protection']
+
+- name: Pulling karbor-operationengine image
+ kolla_docker:
+ action: "pull_image"
+ common_options: "{{ docker_common_options }}"
+ image: "{{ karbor_operationengine_image_full }}"
+ when: inventory_hostname in groups['karbor-operationengine']
diff --git a/ansible/roles/karbor/tasks/reconfigure.yml b/ansible/roles/karbor/tasks/reconfigure.yml
new file mode 100644
index 0000000000..33776caa8a
--- /dev/null
+++ b/ansible/roles/karbor/tasks/reconfigure.yml
@@ -0,0 +1,71 @@
+---
+- name: Ensuring the containers up
+ kolla_docker:
+ name: "{{ item.name }}"
+ action: "get_container_state"
+ register: container_state
+ failed_when: container_state.Running == false
+ when: inventory_hostname in groups[item.group]
+ with_items:
+ - { name: karbor_api, group: karbor-api }
+ - { name: karbor_protection, group: karbor-protection }
+ - { name: karbor_operationengine, group: karbor-operationengine }
+
+- include: config.yml
+
+- name: Check the configs
+ command: docker exec {{ item.name }} /usr/local/bin/kolla_set_configs --check
+ changed_when: false
+ failed_when: false
+ register: check_results
+ when: inventory_hostname in groups[item.group]
+ with_items:
+ - { name: karbor_api, group: karbor-api }
+ - { name: karbor_protection, group: karbor-protection }
+ - { name: karbor_operationengine, group: karbor-operationengine }
+
+- name: Containers config strategy
+ kolla_docker:
+ name: "{{ item.name }}"
+ action: "get_container_env"
+ register: container_envs
+ when: inventory_hostname in groups[item.group]
+ with_items:
+ - { name: karbor_api, group: karbor-api }
+ - { name: karbor_protection, group: karbor-protection }
+ - { name: karbor_operationengine, group: karbor-operationengine }
+
+- name: Remove the containers
+ kolla_docker:
+ name: "{{ item[0]['name'] }}"
+ action: "remove_container"
+ register: remove_containers
+ when:
+ - inventory_hostname in groups[item[0]['group']]
+ - config_strategy == "COPY_ONCE" or item[1]['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE'
+ - item[2]['rc'] == 1
+ with_together:
+ - [{ name: karbor_api, group: karbor-api },
+ { name: karbor_protection, group: karbor-protection },
+ { name: karbor_operationengine, group: karbor-operationengine }]
+ - "{{ container_envs.results }}"
+ - "{{ check_results.results }}"
+
+- include: start.yml
+ when: remove_containers.changed
+
+- name: Restart containers
+ kolla_docker:
+ name: "{{ item[0]['name'] }}"
+ action: "restart_container"
+ when:
+ - inventory_hostname in groups[item[0]['group']]
+ - config_strategy == 'COPY_ALWAYS'
+ - item[1]['KOLLA_CONFIG_STRATEGY'] != 'COPY_ONCE'
+ - item[2]['rc'] == 1
+ with_together:
+ - [{ name: karbor_api, group: karbor-api },
+ { name: karbor_protection, group: karbor-protection },
+ { name: karbor_operationengine, group: karbor-operationengine }]
+ - "{{ container_envs.results }}"
+ - "{{ check_results.results }}"
diff --git a/ansible/roles/karbor/tasks/register.yml b/ansible/roles/karbor/tasks/register.yml
new file mode 100644
index 0000000000..6ee562a605
--- /dev/null
+++ b/ansible/roles/karbor/tasks/register.yml
@@ -0,0 +1,40 @@
+---
+- name: Creating the Karbor service and endpoint
+ command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+ -m kolla_keystone_service
+ -a "service_name=karbor
+ service_type=data-protect
+ description='Application Data Protection Service'
+ endpoint_region={{ openstack_region_name }}
+ url='{{ item.url }}'
+ interface='{{ item.interface }}'
+ region_name={{ openstack_region_name }}
+ auth={{ '{{ openstack_karbor_auth }}' }}"
+ -e "{'openstack_karbor_auth':{{ openstack_karbor_auth }}}"
+ register: karbor_endpoint
+ changed_when: "{{ karbor_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (karbor_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+ until: karbor_endpoint.stdout.split()[2] == 'SUCCESS'
+ retries: 10
+ delay: 5
+ run_once: True
+ with_items:
+ - {'interface': 'admin', 'url': '{{ karbor_admin_endpoint }}'}
+ - {'interface': 'internal', 'url': '{{ karbor_internal_endpoint }}'}
+ - {'interface': 'public', 'url': '{{ karbor_public_endpoint }}'}
+
+- name: Creating the Karbor project, user, and role
+ command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+ -m kolla_keystone_user
+ -a "project=service
+ user=karbor
+ password={{ karbor_keystone_password }}
+ role=admin
+ region_name={{ openstack_region_name }}
+ auth={{ '{{ openstack_karbor_auth }}' }}"
+ -e "{'openstack_karbor_auth':{{ openstack_karbor_auth }}}"
+ register: karbor_user
+ changed_when: "{{ karbor_user.stdout.find('localhost | SUCCESS => ') != -1 and (karbor_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+ until: karbor_user.stdout.split()[2] == 'SUCCESS'
+ retries: 10
+ delay: 5
+ run_once: True
diff --git a/ansible/roles/karbor/tasks/start.yml b/ansible/roles/karbor/tasks/start.yml
new file mode 100644
index 0000000000..f66173e083
--- /dev/null
+++ b/ansible/roles/karbor/tasks/start.yml
@@ -0,0 +1,36 @@
+---
+- name: Starting karbor-api container
+ kolla_docker:
+ action: "start_container"
+ common_options: "{{ docker_common_options }}"
+ image: "{{ karbor_api_image_full }}"
+ name: "karbor_api"
+ volumes:
+ - "{{ node_config_directory }}/karbor-api/:{{ container_config_directory }}/:ro"
+ - "/etc/localtime:/etc/localtime:ro"
+ - "kolla_logs:/var/log/kolla/"
+ when: inventory_hostname in groups['karbor-api']
+
+- name: Starting karbor-protection container
+ kolla_docker:
+ action: "start_container"
+ common_options: "{{ docker_common_options }}"
+ image: "{{ karbor_protection_image_full }}"
+ name: "karbor_protection"
+ volumes:
+ - "{{ node_config_directory }}/karbor-protection/:{{ container_config_directory }}/:ro"
+ - "/etc/localtime:/etc/localtime:ro"
+ - "kolla_logs:/var/log/kolla/"
+ when: inventory_hostname in groups['karbor-protection']
+
+- name: Starting karbor-operationengine container
+ kolla_docker:
+ action: "start_container"
+ common_options: "{{ docker_common_options }}"
+ image: "{{ karbor_operationengine_image_full }}"
+ name: "karbor_operationengine"
+ volumes:
+ - "{{ node_config_directory }}/karbor-operationengine/:{{ container_config_directory }}/:ro"
+ - "/etc/localtime:/etc/localtime:ro"
+ - "kolla_logs:/var/log/kolla/"
+ when: inventory_hostname in groups['karbor-operationengine']
diff --git a/ansible/roles/karbor/tasks/upgrade.yml b/ansible/roles/karbor/tasks/upgrade.yml
new file mode 100644
index 0000000000..308053080c
--- /dev/null
+++ b/ansible/roles/karbor/tasks/upgrade.yml
@@ -0,0 +1,6 @@
+---
+- include: config.yml
+
+- include: bootstrap_service.yml
+
+- include: start.yml
diff --git a/ansible/roles/karbor/templates/karbor-api.json.j2 b/ansible/roles/karbor/templates/karbor-api.json.j2
new file mode 100644
index 0000000000..cc67e710e9
--- /dev/null
+++ b/ansible/roles/karbor/templates/karbor-api.json.j2
@@ -0,0 +1,18 @@
+{
+ "command": "karbor-api --config-file /etc/karbor/karbor.conf",
+ "config_files": [
+ {
+ "source": "{{ container_config_directory }}/karbor.conf",
+ "dest": "/etc/karbor/karbor.conf",
+ "owner": "karbor",
+ "perm": "0644"
+ }
+ ],
+ "permissions": [
+ {
+ "path": "/var/log/kolla/karbor",
+ "owner": "karbor:karbor",
+ "recurse": true
+ }
+ ]
+}
diff --git a/ansible/roles/karbor/templates/karbor-operationengine.json.j2 b/ansible/roles/karbor/templates/karbor-operationengine.json.j2
new file mode 100644
index 0000000000..d07e481fcd
--- /dev/null
+++ b/ansible/roles/karbor/templates/karbor-operationengine.json.j2
@@ -0,0 +1,18 @@
+{
+ "command": "karbor-operationengine --config-file /etc/karbor/karbor.conf",
+ "config_files": [
+ {
+ "source": "{{ container_config_directory }}/karbor.conf",
+ "dest": "/etc/karbor/karbor.conf",
+ "owner": "karbor",
+ "perm": "0644"
+ }
+ ],
+ "permissions": [
+ {
+ "path": "/var/log/kolla/karbor",
+ "owner": "karbor:karbor",
+ "recurse": true
+ }
+ ]
+}
diff --git a/ansible/roles/karbor/templates/karbor-protection.json.j2 b/ansible/roles/karbor/templates/karbor-protection.json.j2
new file mode 100644
index 0000000000..4094d4f447
--- /dev/null
+++ b/ansible/roles/karbor/templates/karbor-protection.json.j2
@@ -0,0 +1,24 @@
+{
+ "command": "karbor-protection --config-file /etc/karbor/karbor.conf",
+ "config_files": [
+ {
+ "source": "{{ container_config_directory }}/karbor.conf",
+ "dest": "/etc/karbor/karbor.conf",
+ "owner": "karbor",
+ "perm": "0644"
+ },
+ {
+ "source": "{{ container_config_directory }}/providers.d/openstack-infra.conf",
+ "dest": "/etc/karbor/providers.d/openstack-infra.conf",
+ "owner": "karbor",
+ "perm": "0644"
+ }
+ ],
+ "permissions": [
+ {
+ "path": "/var/log/kolla/karbor",
+ "owner": "karbor:karbor",
+ "recurse": true
+ }
+ ]
+}
diff --git a/ansible/roles/karbor/templates/karbor.conf.j2 b/ansible/roles/karbor/templates/karbor.conf.j2
new file mode 100644
index 0000000000..62b1640cf2
--- /dev/null
+++ b/ansible/roles/karbor/templates/karbor.conf.j2
@@ -0,0 +1,46 @@
+[DEFAULT]
+debug = {{ karbor_logging_debug }}
+log_dir = /var/log/kolla/karbor
+transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{% if orchestration_engine == 'KUBERNETES' %}rabbitmq{% else %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}{% endif %}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+{% if service_name == 'karbor-api' %}
+osapi_karbor_listen = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
+osapi_karbor_listen_port = {{ karbor_api_port }}
+{% endif %}
+
+[database]
+connection = mysql+pymysql://{{ karbor_database_user }}:{{ karbor_database_password }}@{{ karbor_database_address }}/{{ karbor_database_name }}
+max_retries = -1
+
+[trustee]
+user_domain_id = default
+username = {{ karbor_keystone_user }}
+password = {{ karbor_keystone_password }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:35357
+auth_type = password
+
+[clients_keystone]
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:5000
+
+[karbor_client]
+version = 1
+service_type = data-protect
+service_name = karbor
+
+[keystone_authtoken]
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:5000
+auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:35357
+project_domain_name = Default
+auth_type = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = {{ karbor_keystone_user }}
+password = {{ karbor_keystone_password }}
+
+memcache_security_strategy = ENCRYPT
+memcache_secret_key = {{ memcache_secret_key }}
+memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+[oslo_messaging_rabbit]
+transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{% if orchestration_engine == 'KUBERNETES' %}rabbitmq{% else %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}{% endif %}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
diff --git a/ansible/roles/karbor/templates/providers.d/openstack-infra.conf.j2 b/ansible/roles/karbor/templates/providers.d/openstack-infra.conf.j2
new file mode 100644
index 0000000000..577f797ce2
--- /dev/null
+++ b/ansible/roles/karbor/templates/providers.d/openstack-infra.conf.j2
@@ -0,0 +1,21 @@
+[provider]
+name = OS Infra Provider
+description = This provider uses OpenStack's own services (swift, cinder) as storage
+id = {{ karbor_openstack_infra_id }}
+
+plugin=karbor-volume-protection-plugin
+plugin=karbor-image-protection-plugin
+plugin=karbor-server-protection-plugin
+bank=karbor-swift-bank-plugin
+
+[swift_client]
+swift_auth_url={{ internal_protocol }}://{{ kolla_internal_fqdn }}:5000/v2.0/
+swift_auth_version=2
+swift_user=admin
+swift_key={{ keystone_admin_password }}
+swift_tenant_name=admin
+
+[swift_bank_plugin]
+lease_expire_window=120
+lease_renew_window=100
+lease_validity_window=100
diff --git a/ansible/site.yml b/ansible/site.yml
index 9fe92f13ad..4596dc93b2 100644
--- a/ansible/site.yml
+++ b/ansible/site.yml
@@ -138,8 +138,7 @@
when: enable_etcd | bool }
- name: Apply role keystone
- hosts:
- - keystone
+ hosts: keystone
serial: '{{ serial|default("0") }}'
roles:
- { role: keystone,
@@ -157,6 +156,14 @@
tags: ceph,
when: enable_ceph | bool }
+- name: Apply role karbor
+ hosts: karbor
+ serial: '{{ serial|default("0") }}'
+ roles:
+ - { role: karbor,
+ tags: karbor,
+ when: enable_karbor | bool }
+
- name: Apply role swift
hosts:
- swift-account-server
diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml
index fb6c1d7f95..e8e288fbf3 100644
--- a/etc/kolla/globals.yml
+++ b/etc/kolla/globals.yml
@@ -150,6 +150,7 @@ kolla_internal_vip_address: "10.10.10.254"
#enable_horizon_watcher: "{{ enable_watcher | bool }}"
#enable_influxdb: "no"
#enable_ironic: "no"
+#enable_karbor: "no"
#enable_kuryr: "no"
#enable_magnum: "no"
#enable_manila: "no"
diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml
index 5ddb283973..bafe4906b9 100644
--- a/etc/kolla/passwords.yml
+++ b/etc/kolla/passwords.yml
@@ -39,6 +39,10 @@ glance_keystone_password:
gnocchi_database_password:
gnocchi_keystone_password:
+karbor_database_password:
+karbor_keystone_password:
+karbor_openstack_infra_id:
+
kuryr_keystone_password:
nova_database_password:
diff --git a/kolla/cmd/genpwd.py b/kolla/cmd/genpwd.py
index ed716b58e0..11d15fbd80 100755
--- a/kolla/cmd/genpwd.py
+++ b/kolla/cmd/genpwd.py
@@ -53,7 +53,8 @@ def main():
# These keys should be random uuids
uuid_keys = ['ceph_cluster_fsid', 'rbd_secret_uuid',
'gnocchi_project_id', 'gnocchi_resource_id',
- 'gnocchi_user_id', 'designate_pool_id']
+ 'gnocchi_user_id', 'designate_pool_id',
+ 'karbor_openstack_infra_id']
# SSH key pair
ssh_keys = ['kolla_ssh_key', 'nova_ssh_key',
diff --git a/releasenotes/notes/add-karbor-role-96e8956cce8a7175.yaml b/releasenotes/notes/add-karbor-role-96e8956cce8a7175.yaml
new file mode 100644
index 0000000000..0f3f407cce
--- /dev/null
+++ b/releasenotes/notes/add-karbor-role-96e8956cce8a7175.yaml
@@ -0,0 +1,5 @@
+---
+features:
+ - Add Karbor ansible role, Karbor is an OpenStack project
+ that provides a pluggable framework for protecting and
+ restoring Data and Metadata.