openstack/openstack-ansible-os_designate
Code Issues Proposed changes

Various configuration changes and task updates

Browse Source 
This patch implements a bunch of changes for easier debugging and to
make the deployment more functional.

 - All passwords are removed from defaults. The role must fail to
   complete all tasks if no password is provided.
 - The Designate Pool Configuration uuid's are provided with
   defaults and the vars are added to the user_secrets.yml file
   for easy implementation in OpenStack-Ansible.
 - The designate.conf template has been re-organised to closely
   match the sample file provided in the master branch of the
   OpenStack Designate repository. This makes it easier to compare
   for changes.
 - The PyMySQL driver is used for all MySQL connectivity, as is now
   the general standard for OpenStack Services.
 - The designate_pool_manager database is now setup.
 - The test playbook has the RabbitMQ & DB setup pre_tasks removed
   for now. These can move out again once functional testing is
   working.
 - The test playbook's LXC dhcp range is reduced to 50 hosts in
   order to ensure no conflicts with the test containers and also
   provide room for growth.
 - Add human readable logging callback plugin to functional test.
 - Restructure testing to make it easier to work with.
This commit is contained in:
Jesse Pretorius 2016-03-11 13:04:56 +00:00
parent 6856ee841d
commit f59db83194
20 changed files with 891 additions and 602 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
defaults/main.yml
View File

@ -61,14 +61,22 @@ designate_system_comment: designate system user
designate_system_user_home: "/var/lib/{{ designate_system_user_name }}"
## DB info
designate_galera_address: 127.0.0.1
designate_galera_user: designate
designate_galera_password: "{{ designate_container_mysql_password }}"
designate_galera_database: designate
designate_pool_manager_galera_address: 127.0.0.1
designate_pool_manager_galera_user: designate_pool_manager
designate_pool_manager_galera_database: designate_pool_manager
## RabbitMQ info
designate_rabbitmq_userid: designate
designate_rabbitmq_vhost: /designate
## Pool Configuration Defaults
# These are typically set in the user_secrets.yml file.
designate_pool_uuid: 794ccc2c-d751-44fe-b57f-8894c9f5c842
designate_pool_nameserver_uuid: f02a0c72-c701-4ec2-85d7-197b30992ce8
designate_pool_target_uuid: f02a0c72-c701-4ec2-85d7-197b30992ce9
# Enable/Disable Ceilometer
designate_ceilometer_enabled: False
@ -98,27 +106,10 @@ designate_service_project_domain_id: default
designate_service_user_domain_id: default
designate_service_user_name: designate
designate_keystone_auth_type: password
designate_service_tenant_name: service
designate_service_project_name: service
designate_service_publicuri: "{{ designate_service_proto }}://{{ external_lb_vip_address }}:{{ designate_service_port }}"
designate_service_publicurl: "{{ designate_service_publicuri }}/v1"
designate_service_internaluri: "{{ designate_service_proto }}://{{ internal_lb_vip_address }}:{{ designate_service_port }}"
designate_service_internalurl: "{{ designate_service_internaluri }}/v1"
designate_service_adminuri: "{{ designate_service_proto }}://{{ internal_lb_vip_address }}:{{ designate_service_port }}"
designate_service_adminurl: "{{ designate_service_adminuri }}/v1"
designate_service_v2_name: designatev2
designate_service_v2_port: 9001
designate_service_v2_proto: http
designate_service_v2_type: dnsv2
designate_service_v2_description: "DNS Service V2"
designate_service_v2_publicuri: "{{ cinder_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ cinder_service_port }}"
designate_service_v2_publicuri: "{{ designate_service_proto }}://{{ external_lb_vip_address }}:{{ designate_service_port }}"
designate_service_v2_publicurl: "{{ designate_service_publicuri }}/v2"
designate_service_v2_internaluri: "{{ designate_service_proto }}://{{ internal_lb_vip_address }}:{{ designate_service_port }}"
designate_service_v2_internalurl: "{{ designate_service_internaluri }}/v2"
designate_service_v2_adminuri: "{{ designate_service_proto }}://{{ internal_lb_vip_address }}:{{ designate_service_port }}"
designate_service_v2_adminurl: "{{ designate_service_adminuri }}/v2"
designate_service_in_ldap: false
@ -137,7 +128,7 @@ designate_requires_pip_packages:
designate_pip_packages:
- designate
- python-designateclient
- MySQL-python
- PyMySQL
- python-memcached
- pycrypto
- warlock

5
extras/user_secrets_designate.yml
View File

@ -1,2 +1,7 @@
designate_container_mysql_password:
designate_pool_manager_container_mysql_password:
designate_pool_nameserver_uuid:
designate_pool_target_uuid:
designate_pool_uuid:
designate_rabbitmq_password:
designate_service_password:

39
tasks/designate_db_setup.yml
View File

@ -39,11 +39,44 @@
tags:
- designate-db-setup
- name: Create pool_manager DB for service
mysql_db:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ designate_galera_address }}"
name: "{{ designate_pool_manager_galera_database }}"
state: "present"
tags:
- designate-db-setup
- name: Grant access to the pool_manager DB for the service
mysql_user:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ designate_galera_address }}"
name: "{{ designate_pool_manager_galera_user }}"
password: "{{ designate_pool_manager_container_mysql_password }}"
host: "{{ item }}"
state: "present"
priv: "{{ designate_pool_manager_galera_database }}.*:ALL"
with_items:
- "localhost"
- "%"
tags:
- designate-db-setup
- name: Perform a Designate DB sync
command: designate-manage database sync
sudo: yes
sudo_user: "{{ designate_system_user_name }}"
command: "{{ designate_bin }}/designate-manage database sync"
become: yes
become_user: "{{ designate_system_user_name }}"
tags:
- designate-db-sync
- designate-setup
- name: Perform a Designate Pool Manager Cache sync
command: "{{ designate_bin }}/designate-manage pool-manager-cache sync"
become: yes
become_user: "{{ designate_system_user_name }}"
tags:
- designate-db-sync
- designate-setup

2
tasks/designate_install.yml
View File

@ -47,7 +47,7 @@
copy:
dest: "/opt/developer-pip-constraints.txt"
content: |
{% for item in glance_developer_constraints %}
{% for item in designate_developer_constraints %}
{{ item }}
{% endfor %}
when:

2
tasks/designate_post_install.yml
View File

@ -28,7 +28,7 @@
config_overrides: "{{ designate_designate_conf_overrides }}"
config_type: "ini"
- src: "api-paste.ini.j2"
dest: "/etc/designate/api_paste.ini"
dest: "/etc/designate/api-paste.ini"
config_overrides: "{{ designate_api_paste_ini_overrides }}"
config_type: "ini"
- src: "policy.json.j2"

1
tasks/designate_pre_install.yml
View File

@ -42,6 +42,7 @@
mode: "{{ item.mode|default('0755') }}"
with_items:
- { path: "/etc/designate" }
- { path: "/etc/designate/rootwrap.d" }
- { path: "{{ designate_system_user_home }}" }
- { path: "{{ designate_system_user_home }}/.ssh", mode: "0700" }
- { path: "/var/cache/designate", mode: "0700" }

96
tasks/designate_service_add.yml
View File

@ -1,96 +0,0 @@
---
# Copyright 2016, Tata Consultancy Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Ensure designate service
keystone:
command: "ensure_service"
token: "{{ keystone_auth_admin_token }}"
endpoint: "{{ keystone_service_adminurl }}"
service_name: "{{ designate_service_name }}"
service_type: "{{ designate_service_type }}"
description: "{{ designate_service_description }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
until: add_service|success
retries: 5
delay: 2
tags:
- designate-setup
- designate-service-add
- name: Ensure designate user
keystone:
command: "ensure_user"
token: "{{ keystone_auth_admin_token }}"
endpoint: "{{ keystone_service_adminurl }}"
user_name: "{{ designate_service_user_name }}"
tenant_name: "{{ designate_service_project_name }}"
password: "{{ designate_service_password }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
when: not designate_service_in_ldap | bool
until: add_service|success
retries: 5
delay: 10
tags:
- designate-setup
- designate-service-add
- name: Ensure designate user to admin role
keystone:
command: "ensure_user_role"
token: "{{ keystone_auth_admin_token }}"
endpoint: "{{ keystone_service_adminurl }}"
user_name: "{{ designate_service_user_name }}"
tenant_name: "{{ designate_service_project_name }}"
role_name: "{{ designate_role_name }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
when: not designate_service_in_ldap | bool
until: add_service|success
retries: 5
delay: 10
tags:
- designate-api-setup
- designate-service-add
- designate-setup
# Create an endpoint
- name: Ensure designate endpoint
keystone:
command: "ensure_endpoint"
token: "{{ keystone_auth_admin_token }}"
endpoint: "{{ keystone_service_adminurl }}"
region_name: "{{ designate_service_region }}"
service_name: "{{ designate_service_name }}"
service_type: "{{ designate_service_type }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
endpoint_list:
- url: "{{ designate_service_publicurl }}"
interface: "public"
- url: "{{ designate_service_adminurl }}"
interface: "admin"
- url: "{{ designate_service_internalurl }}"
interface: "internal"
register: add_service
until: add_service|success
retries: 5
delay: 10
tags:
- designate-setup
- designate-service-add

99
tasks/designate_service_setup.yml
View File

@ -13,35 +13,82 @@
# See the License for the specific language governing permissions and
# limitations under the License.
- include: designate_service_add.yml
vars:
service_user_name: "{{ designate_service_user_name }}"
service_tenant_name: "{{ designate_service_tenant_name }}"
- name: Ensure designate service
keystone:
command: "ensure_service"
token: "{{ keystone_auth_admin_token }}"
endpoint: "{{ keystone_service_adminurl }}"
service_name: "{{ designate_service_name }}"
service_type: "{{ designate_service_type }}"
service_region: "{{designate_service_region }}"
service_description: "{{ designate_service_description }}"
service_password: "{{ designate_service_password }}"
service_internalurl: "{{ designate_service_internalurl }}"
service_publicurl: "{{ designate_service_publicurl }}"
service_adminurl: "{{ designate_service_adminurl }}"
role_name: "{{ designate_role_name }}"
description: "{{ designate_service_description }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
until: add_service|success
retries: 5
delay: 2
tags:
- designate-add-service
- designate-setup
- designate-service-add
- include: designate_service_add.yml
vars:
service_user_name: "{{ designate_service_user_name }}"
service_tenant_name: "{{ designate_service_project_name }}"
service_name: "{{ designate_service_v2_name }}"
service_type: "{{ designate_service_v2_type }}"
service_region: "{{ designate_service_region }}"
service_description: "{{ designate_service_v2_description }}"
service_password: "{{ designate_service_password }}"
service_publicurl: "{{ designate_service_v2_publicurl }}"
service_internalurl: "{{ designate_service_v2_internalurl }}"
service_adminurl: "{{ designate_service_v2_adminurl }}"
role_name: "{{ designate_role_name }}"
- name: Ensure designate user
keystone:
command: "ensure_user"
token: "{{ keystone_auth_admin_token }}"
endpoint: "{{ keystone_service_adminurl }}"
user_name: "{{ designate_service_user_name }}"
tenant_name: "{{ designate_service_project_name }}"
password: "{{ designate_service_password }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
when: not designate_service_in_ldap | bool
until: add_service|success
retries: 5
delay: 10
tags:
- designate-add-service
- designate-setup
- designate-service-add
- name: Ensure designate user to admin role
keystone:
command: "ensure_user_role"
token: "{{ keystone_auth_admin_token }}"
endpoint: "{{ keystone_service_adminurl }}"
user_name: "{{ designate_service_user_name }}"
tenant_name: "{{ designate_service_project_name }}"
role_name: "{{ designate_role_name }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
when: not designate_service_in_ldap | bool
until: add_service|success
retries: 5
delay: 10
tags:
- designate-api-setup
- designate-service-add
- designate-setup
# Create an endpoint
- name: Ensure designate endpoint
keystone:
command: "ensure_endpoint"
token: "{{ keystone_auth_admin_token }}"
endpoint: "{{ keystone_service_adminurl }}"
region_name: "{{ designate_service_region }}"
service_name: "{{ designate_service_name }}"
service_type: "{{ designate_service_type }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
endpoint_list:
- url: "{{ designate_service_publicuri }}"
interface: "public"
- url: "{{ designate_service_adminuri }}"
interface: "admin"
- url: "{{ designate_service_internaluri }}"
interface: "internal"
register: add_service
until: add_service|success
retries: 5
delay: 10
tags:
- designate-setup
- designate-service-add

76
templates/api-paste.ini.j2
View File

@ -1,19 +1,73 @@
# designate API WSGI Pipeline
# Define the filters that make up the pipeline for processing WSGI requests
# Note: This pipeline is PasteDeploy's term rather than designate's pipeline
# used for processing samples
[composite:osapi_dns]
use = egg:Paste#urlmap
/: osapi_dns_versions
/v1: osapi_dns_v1
/v2: osapi_dns_v2
/admin: osapi_dns_admin
# Remove authtoken from the pipeline if you don't want to use keystone authentication
[pipeline:main]
pipeline = request_id authtoken api-server
[composite:osapi_dns_versions]
use = call:designate.api.middleware:auth_pipeline_factory
noauth = http_proxy_to_wsgi cors maintenance faultwrapper osapi_dns_app_versions
keystone = http_proxy_to_wsgi cors maintenance faultwrapper osapi_dns_app_versions
[app:api-server]
paste.app_factory = designate.api.app:app_factory
[app:osapi_dns_app_versions]
paste.app_factory = designate.api.versions:factory
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
[composite:osapi_dns_v1]
use = call:designate.api.middleware:auth_pipeline_factory
noauth = http_proxy_to_wsgi cors request_id noauthcontext maintenance validation_API_v1 faultwrapper normalizeuri osapi_dns_app_v1
keystone = http_proxy_to_wsgi cors request_id authtoken keystonecontext maintenance validation_API_v1 faultwrapper normalizeuri osapi_dns_app_v1
[app:osapi_dns_app_v1]
paste.app_factory = designate.api.v1:factory
[composite:osapi_dns_v2]
use = call:designate.api.middleware:auth_pipeline_factory
noauth = http_proxy_to_wsgi cors request_id faultwrapper validation_API_v2 noauthcontext maintenance normalizeuri osapi_dns_app_v2
keystone = http_proxy_to_wsgi cors request_id faultwrapper validation_API_v2 authtoken keystonecontext maintenance normalizeuri osapi_dns_app_v2
[app:osapi_dns_app_v2]
paste.app_factory = designate.api.v2:factory
[composite:osapi_dns_admin]
use = call:designate.api.middleware:auth_pipeline_factory
noauth = http_proxy_to_wsgi cors request_id faultwrapper noauthcontext maintenance normalizeuri osapi_dns_app_admin
keystone = http_proxy_to_wsgi cors request_id faultwrapper authtoken keystonecontext maintenance normalizeuri osapi_dns_app_admin
[app:osapi_dns_app_admin]
paste.app_factory = designate.api.admin:factory
[filter:cors]
paste.filter_factory = oslo_middleware.cors:filter_factory
oslo_config_project = designate
[filter:request_id]
paste.filter_factory = oslo_middleware:RequestId.factory
[filter:http_proxy_to_wsgi]
paste.filter_factory = oslo_middleware:HTTPProxyToWSGI.factory
[filter:noauthcontext]
paste.filter_factory = designate.api.middleware:NoAuthContextMiddleware.factory
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
[filter:keystonecontext]
paste.filter_factory = designate.api.middleware:KeystoneContextMiddleware.factory
[filter:maintenance]
paste.filter_factory = designate.api.middleware:MaintenanceMiddleware.factory
[filter:normalizeuri]
paste.filter_factory = designate.api.middleware:NormalizeURIMiddleware.factory
[filter:faultwrapper]
paste.filter_factory = designate.api.middleware:FaultWrapperMiddleware.factory
[filter:validation_API_v1]
paste.filter_factory = designate.api.middleware:APIv1ValidationErrorMiddleware.factory
[filter:validation_API_v2]
paste.filter_factory = designate.api.middleware:APIv2ValidationErrorMiddleware.factory

2
templates/designate-upstart-init.j2
View File

@ -12,7 +12,7 @@ respawn
respawn limit 10 5
# Set the RUNBIN environment variable
env RUNBIN="/usr/local/bin/{{ program_name }}"
env RUNBIN="{{ designate_bin }}/{{ program_name }}"
# Change directory to service users home
chdir "{{ service_home }}"

519
templates/designate.conf.j2
View File

@ -1,11 +1,35 @@
[DEFAULT]
auth_strategy = keystone
########################
## General Configuration
########################
# Show more verbose log output (sets INFO log level output)
verbose = {{ verbose }}
# Show debugging output in logs (sets DEBUG log level output)
debug = {{ debug }}
# Top-level directory for maintaining designate's state
#state_path = /var/lib/designate
# Log Configuration
#log_config = None
# Log directory
#logdir = /var/log/designate
{% if designate_ceilometer_enabled | bool %}
# Driver used for issuing notifications
notification_driver = messagingv2
{% endif %}
# Root helper
root_helper = sudo designate-rootwrap /etc/designate/rootwrap.conf
# Which networking API to use, Defaults to neutron
#network_api = neutron
# RabbitMQ Config
[oslo_messaging_rabbit]
rpc_backend = rabbit
rabbit_port = {{ rabbitmq_port }}
@ -17,10 +41,109 @@ rabbit_use_ssl = {{ rabbitmq_use_ssl }}
rabbit_notification_exchange = designate
rabbit_notification_topic = notifications
{% if designate_ceilometer_enabled | bool %}
[oslo_messaging_notifications]
driver = messagingv2
{% endif %}
########################
## Service Configuration
########################
#-----------------------
# Central Service
#-----------------------
[service:central]
# Number of central worker processes to spawn
#workers = None
# Number of central greenthreads to spawn
#threads = 1000
# Maximum domain name length
#max_domain_name_len = 255
# Maximum recordset name length
#max_recordset_name_len = 255
# Minimum TTL
#min_ttl = None
# The name of the default pool
#default_pool_id = '794ccc2c-d751-44fe-b57f-8894c9f5c842'
## Managed resources settings
# Email to use for managed resources like domains created by the FloatingIP API
#managed_resource_email = hostmaster@example.com.
# Tenant ID to own all managed resources - like auto-created records etc.
# TODO(odyssey4me) - Check on whether this should be set to something
#managed_resource_tenant_id = 123456
#-----------------------
# API Service
#-----------------------
[service:api]
# Number of api worker processes to spawn
#workers = None
# Number of api greenthreads to spawn
#threads = 1000
# Enable host request headers
#enable_host_header = False
# The base uri used in responses
#api_base_uri = 'http://127.0.0.1:9001/'
# Address to bind the API server
#api_host = 0.0.0.0
# Port to bind the API server
#api_port = 9001
# Maximum line size of message headers to be accepted. max_header_line may
# need to be increased when using large tokens (typically those generated by
# the Keystone v3 API with big service catalogs).
#max_header_line = 16384
# Authentication strategy to use - can be either "noauth" or "keystone"
auth_strategy = keystone
# Enable API Version 1 (deprecated)
enable_api_v1 = True
# Enabled API Version 1 extensions
# Can be one or more of : diagnostics, quotas, reports, sync, touch
enabled_extensions_v1 = diagnostics, quotas, reports, sync, touch
# Enable API Version 2
enable_api_v2 = True
# Enabled API Version 2 extensions
enabled_extensions_v2 = quotas, reports
# Default per-page limit for the V2 API, a value of None means show all results
# by default
#default_limit_v2 = 20
# Max page size in the V2 API
#max_limit_v2 = 1000
# Enable Admin API (experimental)
enable_api_admin = False
# Enabled Admin API extensions
# Can be one or more of : reports, quotas, counts, tenants, zones
# zone export is in zones extension
#enabled_extensions_admin =
# Default per-page limit for the Admin API, a value of None means show all results
# by default
#default_limit_admin = 20
# Max page size in the Admin API
#max_limit_admin = 1000
# Show the pecan HTML based debug interface (v2 only)
# This is only useful for development, and WILL break python-designateclient
# if an error occurs
#pecan_debug = False
#-----------------------
# Keystone Middleware
@ -40,187 +163,164 @@ password = {{ designate_service_password }}
memcached_servers = {{ memcached_servers }}
########################
#-----------------------
# Central Service
# Sink Service
#-----------------------
[service:central]
# Number of central worker processes to spawn
#workers = 10
# Number of central greenthreads to spawn
threads = 1000
# Maximum domain name length
max_domain_name_len = 255
# Maximum recordset name length
max_recordset_name_len = 255
# Minimum TTL
#min_ttl = None
# The name of the default pool
default_pool_id = '794ccc2c-d751-44fe-b57f-8894c9f5c842'
## Managed resources settings
# Email to use for managed resources like domains created by the FloatingIP API
#managed_resource_email = hostmaster@example.com.
# Tenant ID to own all managed resources - like auto-created records etc.
managed_resource_tenant_id = None
#-----------------------
# API Service
#-----------------------
[service:api]
threads=1000
# The base uri used in responses
api_base_uri = 'http://10.16.34.6:9001/v1'
# Address to bind the API server
api_host = 0.0.0.0
# Port to bind the API server
api_port = 9001
# Authentication strategy to use - can be either "noauth" or "keystone"
auth_strategy = keystone
# Enable API Version 1
enable_api_v1 = True
# Enable API Version 2
enable_api_v2 = True
# Enabled API Version 1 extensions
enabled_extensions_v1 = diagnostics, quotas, reports, sync, touch
# Enabled API Version 2 extensions
enabled_extensions_v2 = quotas, reports
# Enable Admin API (experimental)
enable_api_admin = False
# Enabled Admin API extensions
# Can be one or more of : reports, quotas, counts, tenants, zones
# zone export is in zones extension
enabled_extensions_admin = reports, quotas, counts, tenants, zones
# Default per-page limit for the Admin API, a value of None means show all results
# by default
default_limit_admin = 20
# Max page size in the Admin API
max_limit_admin = 1000
[service:sink]
# List of notification handlers to enable, configuration of these needs to
# correspond to a [handler:my_driver] section below or else in the config
# Can be one or more of : nova_fixed, neutron_floatingip
#enabled_notification_handlers =
#-----------------------
# mDNS Service
#-----------------------
[service:mdns]
# Number of mdns worker processes to spawn
#workers = 10
#workers = None
# Number of mdns greenthreads to spawn
threads = 1000
#threads = 1000
# mDNS Bind Host
host = 0.0.0.0
#host = 0.0.0.0
# mDNS Port Number
port = 5354
#port = 5354
# mDNS TCP Backlog
tcp_backlog = 100
#tcp_backlog = 100
# mDNS TCP Receive Timeout
tcp_recv_timeout = 0.5
#tcp_recv_timeout = 0.5
# Enforce all incoming queries (including AXFR) are TSIG signed
query_enforce_tsig = False
#query_enforce_tsig = False
# Send all traffic over TCP
all_tcp = False
#all_tcp = False
# Maximum message size to emit
max_message_size = 65535
#max_message_size = 65535
#-----------------------
# Agent Service
#-----------------------
[service:agent]
#workers = None
#host = 0.0.0.0
#port = 5358
#tcp_backlog = 100
#allow_notify = 127.0.0.1
#masters = 127.0.0.1:5354
#backend_driver = fake
#transfer_source = None
#notify_delay = 0
#-----------------------
# Zone Manager Service
#-----------------------
[service:zone_manager]
# Number of Zone Manager worker processes to spawn
#workers = None
# Number of Zone Manager greenthreads to spawn
#threads = 1000
# List of Zone Manager tasks to enable, a value of None will enable all tasks.
# Can be one or more of: periodic_exists
#enabled_tasks = None
# Whether to allow synchronous zone exports
#export_synchronous = True
#------------------------
# Deleted domains purging
#------------------------
[zone_manager_task:domain_purge]
# How frequently to purge deleted domains, in seconds
#interval = 3600 # 1h
# How many records to be deleted on each run
#batch_size = 100
# How old deleted records should be (deleted_at) to be purged, in seconds
#time_threshold = 604800 # 7 days
#-----------------------
# Pool Manager Service
#-----------------------
[service:pool_manager]
backends = bind9
threads = 1000
pool_id = 794ccc2c-d751-44fe-b57f-8894c9f5c842
threshold_percentage = 100
poll_timeout = 30
poll_retry_interval = 15
poll_max_retries = 3
poll_delay = 5
periodic_recovery_interval = 120
enable_sync_timer = True
periodic_sync_interval = 300
cache_driver = memcache
# Number of Pool Manager worker processes to spawn
#workers = None
########################
## Storage Configuration
########################
# Number of Pool Manager greenthreads to spawn
#threads = 1000
# The ID of the pool managed by this instance of the Pool Manager
pool_id = {{ designate_pool_uuid }}
# The percentage of servers requiring a successful update for a domain change
# to be considered active
#threshold_percentage = 100
# The time to wait for a response from a server
#poll_timeout = 30
# The time between retrying to send a request and waiting for a response from a
# server
#poll_retry_interval = 15
# The maximum number of times to retry sending a request and wait for a
# response from a server
#poll_max_retries = 10
# The time to wait before sending the first request to a server
#poll_delay = 5
# Enable the recovery thread
#enable_recovery_timer = True
# The time between recovering from failures
#periodic_recovery_interval = 120
# Enable the sync thread
#enable_sync_timer = True
# The time between synchronizing the servers with storage
#periodic_sync_interval = 1800
# Zones Updated within last N seconds will be syncd. Use None to sync all zones
#periodic_sync_seconds = None
# Perform multiple update attempts during periodic_sync
#periodic_sync_max_attempts = 3
#periodic_sync_retry_interval = 30
# The cache driver to use
#cache_driver = memcache
###################################
## Pool Manager Cache Configuration
###################################
#-----------------------
# SQLAlchemy Storage
# SQLAlchemy Pool Manager Cache
#-----------------------
[storage:sqlalchemy]
# Database connection string - to configure options for a given implementation
# like sqlalchemy or other see below
connection = mysql://{{ designate_galera_user }}:{{ designate_container_mysql_password }}@{{ designate_galera_address }}/designate?charset=utf8
connection_debug = 100
connection_trace = True
sqlite_synchronous = True
idle_timeout = 3600
max_retries = 10
retry_interval = 10
[pool_manager_cache:sqlalchemy]
connection = mysql://{{ designate_galera_user }}:{{ designate_container_mysql_password }}@{{ designate_galera_address }}/designate_pool_manager?charset=utf8
connection_debug = 100
connection_trace = False
sqlite_synchronous = True
idle_timeout = 3600
max_retries = 10
retry_interval = 10
connection = mysql+pymysql://{{ designate_pool_manager_galera_user }}:{{ designate_pool_manager_container_mysql_password }}@{{ designate_pool_manager_galera_address }}/designate_pool_manager?charset=utf8
#connection_debug = 100
#connection_trace = False
#sqlite_synchronous = True
#idle_timeout = 3600
#max_retries = 10
#retry_interval = 10
#-----------------------
# Memcache Pool Manager Cache
#-----------------------
[pool_manager_cache:memcache]
memcached_servers = None
expiration = 3600
#############################
## Pool Backend Configuration
#############################
#-----------------------
# Global Bind9 Pool Backend
#-----------------------
#[backend:bind9]
#server_ids = 6a5032b6-2d96-43ee-b25b-7d784e2bf3b2
#masters = 10.16.34.6:5354
#rndc_host = 10.16.34.6
#rndc_port = 953
#rndc_config_file = /etc/rndc.conf
#rndc_key_file = /etc/rndc.key
#-----------------------
# Server Specific Bind9 Pool Backend
#-----------------------
#[backend:bind9:6a5032b6-2d96-43ee-b25b-7d784e2bf3b2]
#host = 10.16.34.6
#port = 53
#memcached_servers = None
#expiration = 3600
#####################
## Pool Configuration
@ -229,28 +329,123 @@ expiration = 3600
# This section does not have the defaults filled in but demonstrates an
# example pool / server set up. Different backends will have different options.
[pool:794ccc2c-d751-44fe-b57f-8894c9f5c842]
nameservers = 0f66b842-96c2-4189-93fc-1dc95a08b012
targets = f26e0b32-736f-4f0a-831b-039a415c481e
[pool:{{ designate_pool_uuid }}]
nameservers = {{ designate_pool_nameserver_uuid }}
targets = {{ designate_pool_target_uuid }}
#also_notifies = 192.0.2.1:53, 192.0.2.2:53
[pool_nameserver:0f66b842-96c2-4189-93fc-1dc95a08b012]
[pool_nameserver:{{ designate_pool_nameserver_uuid }}]
port = 53
host = 10.16.34.6
host = 127.0.0.1
[pool_target:f26e0b32-736f-4f0a-831b-039a415c481e]
options = rndc_host: 10.16.34.6, rndc_port: 953, rndc_config_file: /etc/bind/rndc.conf, rndc_key_file: /etc/bind/rndc.key, port: 53, host: 10.16.34.6, clean_zonefile: false
masters = 10.16.34.6:5354
[pool_target:{{ designate_pool_target_uuid }}]
options = port: 53, host: 127.0.0.1
masters = 127.0.0.1:5354
type = bind9
[service:sink]
##############
## Network API
##############
[network_api:neutron]
# Comma separated list of values, formatted "<name>|<neutron_uri>"
#endpoints = RegionOne|http://localhost:9696
#endpoint_type = publicURL
#timeout = 30
#admin_username = designate
#admin_password = designate
#admin_tenant_name = designate
#auth_url = http://localhost:35357/v2.0
#insecure = False
#auth_strategy = keystone
#ca_certificates_file =
enabled_notification_handlers = nova_fixed
########################
## Storage Configuration
########################
#-----------------------
# SQLAlchemy Storage
#-----------------------
[storage:sqlalchemy]
connection = mysql+pymysql://{{ designate_galera_user }}:{{ designate_container_mysql_password }}@{{ designate_galera_address }}/designate?charset=utf8
#connection_debug = 0
#connection_trace = False
#sqlite_synchronous = True
#idle_timeout = 3600
#max_retries = 10
#retry_interval = 10
########################
## Handler Configuration
########################
#-----------------------
# Nova Fixed Handler
#-----------------------
[handler:nova_fixed]
# Domain ID of domain to create records in. Should be pre-created
notification_topics = notifications
control_exchange = 'nova'
zone_id = e7192aa3-294b-491c-a2e7-3624e87f0af1
format = '%(instance_id)s.%(zone)s'
#domain_id =
#notification_topics = notifications
#control_exchange = 'nova'
#format = '%(octet0)s-%(octet1)s-%(octet2)s-%(octet3)s.%(domain)s'
#format = '%(hostname)s.%(domain)s'
#------------------------
# Neutron Floating Handler
#------------------------
[handler:neutron_floatingip]
# Domain ID of domain to create records in. Should be pre-created
#domain_id =
#notification_topics = notifications
#control_exchange = 'neutron'
#format = '%(octet0)s-%(octet1)s-%(octet2)s-%(octet3)s.%(domain)s'
#format = '%(hostname)s.%(domain)s'
#############################
## Agent Backend Configuration
#############################
[backend:agent:bind9]
#rndc_host = 127.0.0.1
#rndc_port = 953
#rndc_config_file = /etc/rndc.conf
#rndc_key_file = /etc/rndc.key
#zone_file_path = $state_path/zones
#query_destination = 127.0.0.1
#
[backend:agent:denominator]
#name = dynect
#config_file = /etc/denominator.conf
########################
## Library Configuration
########################
[oslo_concurrency]
# Path for Oslo Concurrency to store lock files, defaults to the value
# of the state_path setting.
#lock_path = $state_path
########################
## Coordination
########################
[coordination]
# URL for the coordination backend to use.
#backend_url = kazoo://127.0.0.1/
########################
## Hook Points
########################
# Hook Points are enabled when added to the config and there has been
# a package that provides the corresponding named designate.hook_point
# entry point.
# [hook_point:name_of_hook_point]
# some_param_for_hook = 42
# Hooks can be disabled in the config
# enabled = False
# Hook can also be applied to the import path when the hook has not
# been given an explicit name. The name is created from the hook
# target function / method:
#
# name = '%s.%s' % (func.__module__, func.__name__)
# [hook_point:designate.api.v2.controllers.zones.get_one]

33
tests/inventory
View File

@ -1,2 +1,35 @@
[all]
localhost ansible_connection=local ansible_become=True
[rabbitmq_all:children]
infra1
[galera_all:children]
infra1
[designate_all:children]
designate_api
[designate_api:children]
openstack1
[designate_central:children]
openstack1
[designate_mdns:children]
openstack1
[designate_pool_manager:children]
openstack1
[designate_sink:children]
openstack1
[keystone_all:children]
openstack1
[infra1]
10.100.100.101
[openstack1]
10.100.100.102

56
tests/test-install-designate.yml Normal file
View File

@ -0,0 +1,56 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Playbook for deploying designate
hosts: designate_all
user: root
gather_facts: true
roles:
- role: "{{ rolename | basename }}"
vars:
debug: True
external_lb_vip_address: 10.100.100.102
internal_lb_vip_address: 10.100.100.102
designate_galera_address: 10.100.100.101
designate_container_mysql_password: "SuperSecrete"
designate_pool_manager_galera_address: 10.100.100.101
designate_pool_manager_container_mysql_password: "SuperSecrete"
galera_client_drop_config_file: false
galera_root_password: "secrete"
designate_rabbitmq_password: "secrete"
designate_rabbitmq_userid: designate
designate_rabbitmq_vhost: /designate
rabbitmq_servers: 10.100.100.101
rabbitmq_use_ssl: False
rabbitmq_port: 5672
keystone_auth_admin_token: "SuperSecreteTestToken"
keystone_auth_admin_password: "SuperSecretePassword"
keystone_service_adminuri_insecure: false
keystone_service_internaluri_insecure: false
keystone_service_internaluri: "http://{{ internal_lb_vip_address }}:5000"
keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3"
keystone_service_adminuri: "http://{{ internal_lb_vip_address }}:35357"
keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3"
designate_venv_tag: "testing"
designate_developer_mode: true
designate_git_install_branch: 4df88d7b28a05cb3556573ce4f1c7c66abf944bb # HEAD of "master" as of 17.01.2016
designate_requirements_git_install_branch: 332278d456e06870150835564342570ec9d5f5a0 # HEAD of "master" as of 17.01.2016
designate_service_password: "secrete"
designate_profiler_hmac_key: "secrete"
openrc_os_auth_url: "{{ keystone_service_internalurl }}"
openrc_os_password: "{{ keystone_auth_admin_password }}"
openrc_os_domain_name: "Default"
memcached_servers: 127.0.0.1
memcached_encryption_key: "secrete"

32
tests/test-install-infra.yml Normal file
View File

@ -0,0 +1,32 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Playbook for deploying infra services
hosts: service_all
user: root
gather_facts: true
roles:
- role: "rabbitmq_server"
rabbitmq_cookie_token: secrete
- role: "galera_server"
galera_root_password: secrete
galera_root_user: root
galera_innodb_buffer_pool_size: 512M
galera_innodb_log_buffer_size: 32M
galera_server_id: "{{ inventory_hostname | string_2_int }}"
galera_wsrep_node_name: "{{ inventory_hostname }}"
galera_wsrep_provider_options:
- { option: "gcache.size", value: "32M" }
galera_server_id: "{{ inventory_hostname | string_2_int }}"

83
tests/test-install-keystone.yml Normal file
View File

@ -0,0 +1,83 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Playbook for deploying keystone
hosts: keystone_all
user: root
gather_facts: true
pre_tasks:
- name: Ensure rabbitmq vhost
rabbitmq_vhost:
name: "{{ keystone_rabbitmq_vhost }}"
state: "present"
delegate_to: "10.100.100.101"
when: inventory_hostname == groups['keystone_all'][0]
- name: Ensure rabbitmq user
rabbitmq_user:
user: "{{ keystone_rabbitmq_userid }}"
password: "{{ keystone_rabbitmq_password }}"
vhost: "{{ keystone_rabbitmq_vhost }}"
configure_priv: ".*"
read_priv: ".*"
write_priv: ".*"
state: "present"
delegate_to: "10.100.100.101"
when: inventory_hostname == groups['keystone_all'][0]
- name: Create DB for service
mysql_db:
login_user: "root"
login_password: "secrete"
login_host: "localhost"
name: "{{ keystone_galera_database }}"
state: "present"
delegate_to: "10.100.100.101"
when: inventory_hostname == groups['keystone_all'][0]
- name: Grant access to the DB for the service
mysql_user:
login_user: "root"
login_password: "secrete"
login_host: "localhost"
name: "{{ keystone_galera_database }}"
password: "{{ keystone_container_mysql_password }}"
host: "{{ item }}"
state: "present"
priv: "{{ keystone_galera_database }}.*:ALL"
with_items:
- "localhost"
- "%"
delegate_to: "10.100.100.101"
when: inventory_hostname == groups['keystone_all'][0]
roles:
- role: os_keystone
vars:
external_lb_vip_address: 10.100.100.102
internal_lb_vip_address: 10.100.100.102
keystone_galera_address: 10.100.100.101
keystone_galera_database: keystone
keystone_venv_tag: "testing"
keystone_developer_mode: true
keystone_git_install_branch: a55128044f763f5cfe2fdc57c738eaca97636448 # HEAD of "master" as of 17.01.2016
keystone_requirements_git_install_branch: 332278d456e06870150835564342570ec9d5f5a0 # HEAD of "master" as of 17.01.2016
keystone_auth_admin_token: "SuperSecreteTestToken"
keystone_auth_admin_password: "SuperSecretePassword"
keystone_service_password: "secrete"
keystone_rabbitmq_password: "secrete"
keystone_container_mysql_password: "SuperSecrete"
keystone_rabbitmq_port: 5671
keystone_rabbitmq_userid: keystone
keystone_rabbitmq_vhost: /keystone
keystone_rabbitmq_servers: 10.100.100.101
keystone_rabbitmq_use_ssl: true
galera_client_drop_config_file: false

33
tests/test-prepare-containers.yml Normal file
View File

@ -0,0 +1,33 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Playbook for creating containers
hosts: all_containers
connection: local
gather_facts: false
roles:
- role: "lxc_container_create"
lxc_container_release: trusty
lxc_container_backing_store: dir
global_environment_variables:
PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
post_tasks:
- name: Wait for ssh to be available
local_action:
module: wait_for
port: "{{ ansible_ssh_port | default('22') }}"
host: "{{ ansible_ssh_host | default(inventory_hostname) }}"
search_regex: OpenSSH
delay: 1

56
tests/test-prepare-host.yml Normal file
View File

@ -0,0 +1,56 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Playbook for configuring the LXC host
hosts: localhost
connection: local
become: yes
pre_tasks:
# Make sure OS does not have a stale package cache.
- name: Update apt cache
apt:
update_cache: yes
when: ansible_os_family == 'Debian'
- name: Ensure root's new public ssh key is in authorized_keys
authorized_key:
user: root
key: "{{ hostvars['127.0.0.1']['lxc_container_ssh_key'] }}"
manage_dir: no
- set_fact:
lxc_container_ssh_key: "{{ hostvars['127.0.0.1']['lxc_container_ssh_key'] }}"
roles:
- role: "lxc_hosts"
lxc_net_address: 10.100.100.1
lxc_net_dhcp_range: 10.100.100.200,10.100.100.250
lxc_net_bridge: lxcbr0
lxc_kernel_options:
- { key: 'fs.inotify.max_user_instances', value: 1024 }
lxc_container_caches:
- url: "https://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz"
name: "trusty.tgz"
sha256sum: "56c6a6e132ea7d10be2f3e8104f47136ccf408b30e362133f0dc4a0a9adb4d0c"
chroot_path: trusty/rootfs-amd64
post_tasks:
- name: Install pip packages
pip:
name: "{{ item }}"
state: present
extra_args: "{{ pip_install_options|default('') }}"
register: install_packages
until: install_packages|success
retries: 5
delay: 2
with_items:
- python-openstackclient

31
tests/test-prepare-keys.yml Normal file
View File

@ -0,0 +1,31 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Playbook for establishing ssh keys
hosts: 127.0.0.1
connection: local
become: false
pre_tasks:
- name: Create ssh key pair for root
user:
name: "{{ ansible_ssh_user }}"
generate_ssh_key: "yes"
ssh_key_bits: 2048
ssh_key_file: ".ssh/id_rsa"
- name: Get the calling user's key
command: cat ~/.ssh/id_rsa.pub
register: key_get
- set_fact:
lxc_container_ssh_key: "{{ key_get.stdout }}"

294
tests/test.yml
View File

@ -13,289 +13,21 @@
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Playbook for establishing ssh keys
hosts: 127.0.0.1
connection: local
become: false
pre_tasks:
- name: Create ssh key pair for root
user:
name: "{{ ansible_ssh_user }}"
generate_ssh_key: "yes"
ssh_key_bits: 2048
ssh_key_file: ".ssh/id_rsa"
- name: Get the calling user's key
command: cat ~/.ssh/id_rsa.pub
register: key_get
- set_fact:
lxc_container_ssh_key: "{{ key_get.stdout }}"
# Prepare the user ssh keys
- include: test-prepare-keys.yml
- name: Playbook for configuring the LXC host
hosts: localhost
connection: local
become: yes
pre_tasks:
# Make sure OS does not have a stale package cache.
- name: Update apt cache
apt:
update_cache: yes
when: ansible_os_family == 'Debian'
- name: Ensure root's new public ssh key is in authorized_keys
authorized_key:
user: root
key: "{{ hostvars['127.0.0.1']['lxc_container_ssh_key'] }}"
manage_dir: no
- set_fact:
lxc_container_ssh_key: "{{ hostvars['127.0.0.1']['lxc_container_ssh_key'] }}"
roles:
- role: "lxc_hosts"
lxc_net_address: 10.100.100.1
lxc_net_dhcp_range: 10.100.100.2,10.100.100.253
lxc_net_bridge: lxcbr0
lxc_kernel_options:
- { key: 'fs.inotify.max_user_instances', value: 1024 }
lxc_container_caches:
- url: "https://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz"
name: "trusty.tgz"
sha256sum: "56c6a6e132ea7d10be2f3e8104f47136ccf408b30e362133f0dc4a0a9adb4d0c"
chroot_path: trusty/rootfs-amd64
- role: "py_from_git"
git_repo: "https://github.com/lxc/python2-lxc"
git_dest: "/opt/lxc_python2"
git_install_branch: "master"
post_tasks:
# THIS TASK IS ONLY BEING DONE BECAUSE THE TOX SHARED LXC LIB IS NOT USABLE ON A
# HOST MACHINE THAT MAY NOT HAVE ACCESS TO THE VENV.
- name: Ensure the lxc lib is on the host
command: /usr/local/bin/pip install /opt/lxc_python2
# Inventory is being pre-loaded using a post tasks instead of through a dynamic
# inventory system. While this is not a usual method for deployment it's being
# done for functional testing.
- name: Create container hosts
add_host:
groups: "{{ item.groups }}"
hostname: "{{ item.name }}"
inventory_hostname: "{{ item.name }}"
ansible_ssh_host: "{{ item.address }}"
ansible_become: true
properties:
service_name: "{{ item.service }}"
container_networks:
management_address:
address: "{{ item.address }}"
bridge: "lxcbr0"
interface: "eth1"
netmask: "255.255.252.0"
type: "veth"
physical_host: localhost
container_name: "{{ item.name }}"
with_items:
- { name: "infra1", service: "infra1", address: "10.100.100.101", groups: "all,all_containers,rabbitmq_all,galera_all,service_all" }
- { name: "openstack1", service: "openstack1", address: "10.100.100.102", groups: "all,all_containers,keystone_all,designate_all" }
# Prepare the host
- include: test-prepare-host.yml
- name: Playbook for creating containers
hosts: all_containers
connection: local
gather_facts: false
roles:
- role: "lxc_container_create"
lxc_container_release: trusty
lxc_container_backing_store: dir
global_environment_variables:
PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
post_tasks:
- name: Wait for ssh to be available
local_action:
module: wait_for
port: "{{ ansible_ssh_port | default('22') }}"
host: "{{ ansible_ssh_host | default(inventory_hostname) }}"
search_regex: OpenSSH
delay: 1
# Prepare the containers
- include: test-prepare-containers.yml
- name: Playbook for deploying infra services
hosts: service_all
user: root
gather_facts: true
roles:
- role: "rabbitmq_server"
rabbitmq_cookie_token: secrete
- role: "galera_server"
galera_root_password: secrete
galera_root_user: root
galera_innodb_buffer_pool_size: 512M
galera_innodb_log_buffer_size: 32M
galera_server_id: "{{ inventory_hostname | string_2_int }}"
galera_wsrep_node_name: "{{ inventory_hostname }}"
galera_wsrep_provider_options:
- { option: "gcache.size", value: "32M" }
galera_server_id: "{{ inventory_hostname | string_2_int }}"
# Install RabbitMQ/MariaDB
- include: test-install-infra.yml
- name: Playbook for deploying keystone
hosts: keystone_all
user: root
gather_facts: true
pre_tasks:
- name: Ensure rabbitmq vhost
rabbitmq_vhost:
name: "{{ keystone_rabbitmq_vhost }}"
state: "present"
delegate_to: "10.100.100.101"
when: inventory_hostname == groups['keystone_all'][0]
tags:
- designate-rabbitmq
- designate-rabbitmq-vhost
- name: Ensure rabbitmq user
rabbitmq_user:
user: "{{ keystone_rabbitmq_userid }}"
password: "{{ keystone_rabbitmq_password }}"
vhost: "{{ keystone_rabbitmq_vhost }}"
configure_priv: ".*"
read_priv: ".*"
write_priv: ".*"
state: "present"
delegate_to: "10.100.100.101"
when: inventory_hostname == groups['keystone_all'][0]
tags:
- designate-rabbitmq
- designate-rabbitmq-user
- name: Create DB for service
mysql_db:
login_user: "root"
login_password: "secrete"
login_host: "localhost"
name: "{{ keystone_galera_database }}"
state: "present"
delegate_to: "10.100.100.101"
when: inventory_hostname == groups['keystone_all'][0]
tags:
- mysql-db-setup
- name: Grant access to the DB for the service
mysql_user:
login_user: "root"
login_password: "secrete"
login_host: "localhost"
name: "{{ keystone_galera_database }}"
password: "{{ keystone_container_mysql_password }}"
host: "{{ item }}"
state: "present"
priv: "{{ keystone_galera_database }}.*:ALL"
with_items:
- "localhost"
- "%"
delegate_to: "10.100.100.101"
when: inventory_hostname == groups['keystone_all'][0]
tags:
- mysql-db-setup
roles:
- role: os_keystone
vars:
external_lb_vip_address: 10.100.100.102
internal_lb_vip_address: 10.100.100.102
keystone_galera_address: 10.100.100.101
keystone_galera_database: keystone
keystone_venv_tag: "testing"
keystone_developer_mode: true
keystone_git_install_branch: a55128044f763f5cfe2fdc57c738eaca97636448 # HEAD of "master" as of 17.01.2016
keystone_requirements_git_install_branch: 332278d456e06870150835564342570ec9d5f5a0 # HEAD of "master" as of 17.01.2016
keystone_auth_admin_token: "SuperSecreteTestToken"
keystone_auth_admin_password: "SuperSecretePassword"
keystone_service_password: "secrete"
keystone_rabbitmq_password: "secrete"
keystone_container_mysql_password: "SuperSecrete"
keystone_rabbitmq_port: 5671
keystone_rabbitmq_userid: keystone
keystone_rabbitmq_vhost: /keystone
keystone_rabbitmq_servers: 10.100.100.101
keystone_rabbitmq_use_ssl: true
galera_client_drop_config_file: false
# Install Keystone
- include: test-install-keystone.yml
# Install Designate
- include: test-install-designate.yml
- name: Playbook for deploying designate
hosts: designate_all
user: root
gather_facts: true
pre_tasks:
- name: Ensure rabbitmq vhost
rabbitmq_vhost:
name: "{{ designate_rabbitmq_vhost }}"
state: "present"
delegate_to: "10.100.100.101"
when: inventory_hostname == groups['designate_all'][0]
tags:
- designate-rabbitmq
- designate-rabbitmq-vhost
- name: Ensure rabbitmq user
rabbitmq_user:
user: "{{ designate_rabbitmq_userid }}"
password: "{{ designate_rabbitmq_password }}"
vhost: "{{ designate_rabbitmq_vhost }}"
configure_priv: ".*"
read_priv: ".*"
write_priv: ".*"
state: "present"
delegate_to: "10.100.100.101"
when: inventory_hostname == groups['designate_all'][0]
tags:
- designate-rabbitmq
- designate-rabbitmq-user
- name: Create DB for service
mysql_db:
login_user: "root"
login_password: "secrete"
login_host: "localhost"
name: "{{ designate_galera_database }}"
state: "present"
delegate_to: "10.100.100.101"
when: inventory_hostname == groups['designate_all'][0]
tags:
- mysql-db-setup
- name: Grant access to the DB for the service
mysql_user:
login_user: "root"
login_password: "secrete"
login_host: "localhost"
name: "{{ designate_galera_database }}"
password: "{{ designate_container_mysql_password }}"
host: "{{ item }}"
state: "present"
priv: "{{ designate_galera_database }}.*:ALL"
with_items:
- "localhost"
- "%"
delegate_to: "10.100.100.101"
when: inventory_hostname == groups['designate_all'][0]
tags:
- mysql-db-setup
roles:
- role: "{{ rolename | basename }}"
vars:
external_lb_vip_address: 10.100.100.102
internal_lb_vip_address: 10.100.100.102
designate_galera_address: 10.100.100.101
designate_galera_database: designate
designate_container_mysql_password: "SuperSecrete"
galera_client_drop_config_file: false
galera_root_password: "secrete"
designate_rabbitmq_password: "secrete"
designate_rabbitmq_userid: designate
designate_rabbitmq_vhost: /designate
rabbitmq_servers: 10.100.100.101
rabbitmq_use_ssl: true
rabbitmq_port: 5671
keystone_auth_admin_token: "SuperSecreteTestToken"
keystone_auth_admin_password: "SuperSecretePassword"
keystone_service_adminuri_insecure: false
keystone_service_internaluri_insecure: false
keystone_service_internaluri: "http://{{ internal_lb_vip_address }}:5000"
keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3"
keystone_service_adminuri: "http://{{ internal_lb_vip_address }}:35357"
keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3"
designate_venv_tag: "testing"
designate_developer_mode: true
designate_git_install_branch: 4df88d7b28a05cb3556573ce4f1c7c66abf944bb # HEAD of "master" as of 17.01.2016
designate_requirements_git_install_branch: 332278d456e06870150835564342570ec9d5f5a0 # HEAD of "master" as of 17.01.2016
designate_service_password: "secrete"
designate_profiler_hmac_key: "secrete"
openrc_os_password: "{{ keystone_auth_admin_password }}"
openrc_os_domain_name: "Default"
memcached_servers: 127.0.0.1
memcached_encryption_key: "secrete"

5
tox.ini
View File

@ -15,6 +15,7 @@ whitelist_externals =
bash
git
rm
wget
setenv =
VIRTUAL_ENV={envdir}
ANSIBLE_HOST_KEY_CHECKING = False
@ -108,13 +109,15 @@ commands =
rm -rf {homedir}/.ansible
git clone https://git.openstack.org/openstack/openstack-ansible-plugins \
{homedir}/.ansible/plugins
# This plugin makes the ansible-playbook output easier to read
wget -O {homedir}/.ansible/plugins/callback/human_log.py \
https://gist.githubusercontent.com/cliffano/9868180/raw/f360f306b3c6d689734a6aa8773a00edf16a0054/human_log.py
ansible-galaxy install \
--role-file={toxinidir}/tests/ansible-role-requirements.yml \
--ignore-errors \
--force
ansible-playbook -i {toxinidir}/tests/inventory \
-e "rolename={toxinidir}" \
-vv \
{toxinidir}/tests/test.yml