openstack/openstack-ansible-os_trove
Code Issues Proposed changes
openstack-ansible-os_trove/defaults/main.yml
Jesse Pretorius a1b510f7ba Move database creation into role 
There is no record for why we implement the database creation outside
of the role in the playbook, when we could do it inside the role.

Implementing it inside the role allows us to reduce the quantity of
group_vars duplicated from the role, and allows us to better document
the required variables in the role. The delegation can still be done
as it is done in the playbook too.

In this patch we implement a new variable called 'trove_db_setup_host'
which is used in the role to allow delegation of the database setup
task to any host, but defaults to the first member of the galera_all
host group. We also document the variable 'trove_galera_address' which
has been used for a long time, but never documented. A bunch of unused
variables have also been removed.

The extras folder is removed given that trove's playbooks have been
merged into the integrated repository.

Change-Id: I0bf801416bd0349534588fc7272dffd4b86b7bb9
2018-06-29 13:24:58 +00:00

244 lines
10 KiB
YAML
Raw Blame History

---
# Copyright 2016 Internet Solutions (Pty) Ltd
# Copyright 2017 IBM Corp
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
trove_package_state: "latest"
trove_pip_package_state: "latest"
debug: false
trove_system_group_name: trove
trove_system_user_name: trove
trove_system_user_comment: Trove System User
trove_system_user_shell: /bin/false
trove_system_user_home: "/var/lib/{{ trove_system_user_name }}"
trove_log_directory: /var/log/trove
trove_etc_directory: /etc/trove
trove_admin_user_name: admin_trove_user
trove_service_name: trove
trove_service_user_name: "{{ trove_admin_user_name }}"
trove_service_tenant_name: trove_for_trove_usage
trove_service_type: database
trove_service_description: "OpenStack DBaaS (Trove)"
trove_service_project_name: "{{ trove_service_tenant_name }}"
trove_service_admin_role_names:
- admin
trove_service_region: RegionOne
trove_service_host: "0.0.0.0"
trove_service_port: 8779
trove_service_proto: http
trove_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(trove_service_proto) }}"
trove_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(trove_service_proto) }}"
trove_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(trove_service_proto) }}"
trove_service_publicurl: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ trove_service_port }}/v1.0/%(tenant_id)s"
trove_service_internalurl: "{{ trove_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ trove_service_port }}/v1.0/%(tenant_id)s"
trove_service_adminurl: "{{ trove_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ trove_service_port }}/v1.0/%(tenant_id)s"
trove_auth_url: "{{ keystone_service_internalurl }}"
# By default assume the trove service network is an internal one
# It would be good to use the catalog service to lookup these URLs based on the endpoint type
# but currently the Trove code doesn't work properly when endpoint types are specified
trove_nova_compute_url: "{{ trove_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ nova_service_port }}/v2.1"
trove_cinder_url: "{{ trove_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ cinder_service_port }}/v1"
trove_swift_url: "{{ trove_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ swift_proxy_port }}/v1/AUTH_"
trove_neutron_url: "{{ trove_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ neutron_service_port }}/"
trove_profiler_enabled: false
## Cap the maximum number of threads / workers when a user value is unspecified.
trove_api_workers_max: 16
trove_api_workers: "{{ [[ansible_processor_vcpus|default(2) // 2, 1] | max, trove_api_workers_max] | min }}"
## Cap the maximum number of threads / workers when a user value is unspecified.
trove_conductor_workers_max: 16
trove_conductor_workers: "{{ [[ansible_processor_vcpus|default(2) // 2, 1] | max, trove_conductor_workers_max] | min }}"
# Name of the virtual env to deploy into
trove_venv_tag: untagged
trove_bin: "/openstack/venvs/trove-{{ trove_venv_tag }}/bin"
# venv_download, even when true, will use the fallback method of building the
# venv from scratch if the venv download fails.
trove_venv_download: "{{ not trove_developer_mode | bool }}"
trove_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/trove.tgz
trove_git_repo: "https://git.openstack.org/openstack/trove"
trove_git_install_branch: master
trove_developer_mode: false
trove_developer_constraints:
- "git+{{ trove_git_repo }}@{{ trove_git_install_branch }}#egg=trove"
#: Set this to false to disable API service through Apache + mod_wsgi
trove_use_mod_wsgi: false
## Apache setup
trove_apache_log_level: info
trove_apache_servertokens: "Prod"
trove_apache_serversignature: "Off"
trove_wsgi_threads: 1
## Cap the maximum number of processes when a user value is unspecified.
trove_wsgi_processes_max: 32
trove_wsgi_processes: "{{ [[ansible_processor_vcpus|default(1), 1] | max * 2, trove_wsgi_processes_max] | min }}"
# set trove_ssl to true to enable SSL configuration on the trove containers
trove_ssl: false
trove_ssl_cert: /etc/ssl/certs/trove.pem
trove_ssl_key: /etc/ssl/private/trove.key
trove_ssl_ca_cert: /etc/ssl/certs/trove-ca.pem
trove_ssl_protocol: "{{ ssl_protocol | default('ALL -SSLv2 -SSLv3') }}"
trove_ssl_cipher_suite: "{{ ssl_cipher_suite | default('ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS') }}"
# if using a self-signed certificate, set this to true to regenerate it
trove_ssl_self_signed_regen: false
trove_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ internal_lb_vip_address }}/subjectAltName=IP.1={{ external_lb_vip_address }}"
# Database vars
trove_db_setup_host: "{{ ('galera_all' in groups) | ternary(groups['galera_all'][0], 'localhost') }}"
trove_galera_address: "{{ galera_address | default('127.0.0.1') }}"
trove_galera_database_name: trove
trove_galera_user: trove
trove_db_sync_options:
trove_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
trove_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}"
trove_galera_connection_string: "mysql+pymysql://{{ trove_galera_user}}:{{ trove_galera_password }}@{{ trove_galera_address }}/{{ trove_galera_database_name }}?charset=utf8{% if trove_galera_use_ssl | bool %}&ssl_ca={{ trove_galera_ssl_ca_cert }}{% endif %}"
# Rabbit vars
trove_control_exchange: trove
trove_rabbit_notification_topic: notification
trove_rabbitmq_userid: trove
trove_rabbitmq_vhost: /trove
trove_rabbitmq_use_ssl: False
trove_rabbitmq_port: 5672
trove_rabbitmq_servers: "{{ rabbitmq_servers }}"
# The trove guest agent in the deployed DB VMs need access to OpenStack services (keystone, swift, etc)
# and also to rabbitmq. The way it gets access (networking) these services may differ.
# By default assume:
# OpenStack services are accesses through public interfaces
# Infrastructure services (rabbitmq) are accessed through the defined provider network.
#
# The value of 'net_name' field of the provider network network to use for infrastructure services
trove_provider_net_name: dbaas-mgmt
trove_provider_network: "{{ provider_networks|map(attribute='network')|selectattr('net_name','defined')|selectattr('net_name', 'equalto', trove_provider_net_name)|list|first }}"
# The value of 'ip_from_q' field
trove_provider_ip_from_q: "{{ trove_provider_network['ip_from_q'] }}"
# The name of the network address pool
trove_container_net_name: "{{ trove_provider_ip_from_q }}_address"
trove_guest_rabbitmq_servers: "{% for host in groups[rabbitmq_host_group] %}{{ hostvars[host]['container_networks'][trove_container_net_name]['address'] }}{% if not loop.last %},{% endif %}{% endfor %}"
trove_guest_rabbitmq_use_ssl: "{{ trove_rabbitmq_use_ssl }}"
# For OpenStack services that have public, admin, and internal access, use the public ones for the guest VMs.
trove_guest_auth_url: "{{ keystone_service_publicurl }}"
trove_guest_swift_url: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ swift_proxy_port }}/v1/AUTH_"
# Trove service network settings.
# These values are used when creating an OpenStack network to be used by Trove. By default the network will
# not be created.
trove_service_net_setup: False
trove_service_net_validate_certs: "False"
trove_service_net_phys_net: dbaas-mgmt
trove_service_net_type: flat
trove_service_net_name: dbaas_service_net
trove_service_subnet_name: dbaas_service_subnet
trove_service_net_subnet_cidr: "192.168.20.0/24"
trove_service_net_dhcp: "True"
trove_service_net_allocation_pool_start: "192.168.20.100"
trove_service_net_allocation_pool_end: "192.168.20.120"
trove_service_net_endpoint_type: internal
# RPC encryption keys
# See the Trove documentation as to the significance of the rpc encryption keys
# Trove supplies default values but we enforce they not be left to their default values
trove_enable_secure_rpc_messaging: "True"
trove_required_secrets:
- trove_galera_password
- trove_rabbitmq_password
- trove_service_password
- trove_admin_user_password
- trove_taskmanager_rpc_encr_key
- trove_inst_rpc_key_encr_key
# Keystone AuthToken/Middleware
trove_keystone_auth_plugin: "{{ trove_keystone_auth_type }}"
trove_keystone_auth_type: password
trove_service_project_domain_name: Default
trove_service_user_domain_name: default
trove_service_project_domain_id: default
trove_service_user_domain_id: default
#Glance images
trove_glance_images: []
trove_requires_pip_packages:
- httplib2
- python-glanceclient
- python-keystoneclient
- virtualenv
- shade
- futures
trove_pip_packages:
- cryptography
- MySQL-python
- os-client-config
- pexpect
- PyMySQL
- python-troveclient
- python-memcached
- trove
# This variable is used by the repo_build process to determine
# which host group to check for members of before building the
# pip packages required by this role. The value is picked up
# by the py_pkgs lookup.
trove_role_project_group: trove_all
## Tunable overrides
trove_config_overrides: {}
trove_api_paste_ini_overrides: {}
trove_conductor_config_overrides: {}
trove_taskmanager_config_overrides: {}
trove_guestagent_config_overrides: {}
trove_policy_overrides: {}
trove_api_init_config_overrides: {}
trove_conductor_init_config_overrides: {}
trove_taskmanager_init_config_overrides: {}
## Service Name-Group Mapping
trove_services:
trove-api:
group: trove_api
service_name: trove-api
execstarts: "{{ trove_bin }}/trove-api"
init_config_overrides: "{{ trove_api_init_config_overrides }}"
start_order: 1
trove-conductor:
group: trove_conductor
service_name: trove-conductor
execstarts: "{{ trove_bin }}/trove-conductor"
init_config_overrides: "{{ trove_conductor_init_config_overrides }}"
start_order: 2
trove-taskmanager:
group: trove_taskmanager
service_name: trove-taskmanager
execstarts: "{{ trove_bin }}/trove-taskmanager"
init_config_overrides: "{{ trove_taskmanager_init_config_overrides }}"
start_order: 3
View Git Blame Copy Permalink