Skip to content
Snippets Groups Projects
Normal view Permalink
main.yml 9.2 KiB
Newer Older
zhubingbing's avatar
Add Barbican ansible role
zhubingbing committed
1 
---
caoyuan's avatar
Optimize reconfiguration for barbican  
caoyuan committed
2 3 4 5 6 7 
barbican_services:
  barbican-api:
    container_name: barbican_api
    group: barbican-api
    enabled: true
    image: "{{ barbican_api_image_full }}"
binhong.hua's avatar
Make kolla-ansible support extra volumes  
binhong.hua committed
8 
    volumes: "{{ barbican_api_default_volumes + barbican_api_extra_volumes }}"
Lakshmi Prasanna Goutham Pratapa's avatar
Apply Resource Constraints to Openstack Services  
Lakshmi Prasanna Goutham Pratapa committed
9 
    dimensions: "{{ barbican_api_dimensions }}"
wu.chunyang's avatar
Use Docker healthchecks for barbican services  
wu.chunyang committed
10 
    healthcheck: "{{ barbican_api_healthcheck }}"
Adam Harwell's avatar
Refactor haproxy config (split by service) V2.0  
Adam Harwell committed
11 12 13 14 15 16 
    haproxy:
      barbican_api:
        enabled: "{{ enable_barbican }}"
        mode: "http"
        external: false
        port: "{{ barbican_api_port }}"
Jim Rollenhagen's avatar
Allow barbican services to use independent hostnames  
Jim Rollenhagen committed
17 
        listen_port: "{{ barbican_api_listen_port }}"
James Kirsch's avatar
Add support for encrypting Barbican API  
James Kirsch committed
18 
        tls_backend: "{{ barbican_enable_tls_backend }}"
Adam Harwell's avatar
Refactor haproxy config (split by service) V2.0  
Adam Harwell committed
19 20 21 22 23 
      barbican_api_external:
        enabled: "{{ enable_barbican }}"
        mode: "http"
        external: true
        port: "{{ barbican_api_port }}"
Jim Rollenhagen's avatar
Allow barbican services to use independent hostnames  
Jim Rollenhagen committed
24 
        listen_port: "{{ barbican_api_listen_port }}"
James Kirsch's avatar
Add support for encrypting Barbican API  
James Kirsch committed
25 
        tls_backend: "{{ barbican_enable_tls_backend }}"
caoyuan's avatar
Optimize reconfiguration for barbican  
caoyuan committed
26 27 28 29 30 
  barbican-keystone-listener:
    container_name: barbican_keystone_listener
    group: barbican-keystone-listener
    enabled: true
    image: "{{ barbican_keystone_listener_image_full }}"
binhong.hua's avatar
Make kolla-ansible support extra volumes  
binhong.hua committed
31 
    volumes: "{{ barbican_keystone_listener_default_volumes + barbican_keystone_listener_extra_volumes }}"
Lakshmi Prasanna Goutham Pratapa's avatar
Apply Resource Constraints to Openstack Services  
Lakshmi Prasanna Goutham Pratapa committed
32 
    dimensions: "{{ barbican_keystone_listener_dimensions }}"
wu.chunyang's avatar
Use Docker healthchecks for barbican services  
wu.chunyang committed
33 
    healthcheck: "{{ barbican_keystone_listener_healthcheck }}"
caoyuan's avatar
Optimize reconfiguration for barbican  
caoyuan committed
34 35 36 37 38 
  barbican-worker:
    container_name: barbican_worker
    group: barbican-worker
    enabled: true
    image: "{{ barbican_worker_image_full }}"
binhong.hua's avatar
Make kolla-ansible support extra volumes  
binhong.hua committed
39 
    volumes: "{{ barbican_worker_default_volumes + barbican_worker_extra_volumes }}"
Lakshmi Prasanna Goutham Pratapa's avatar
Apply Resource Constraints to Openstack Services  
Lakshmi Prasanna Goutham Pratapa committed
40 
    dimensions: "{{ barbican_worker_dimensions }}"
wu.chunyang's avatar
Use Docker healthchecks for barbican services  
wu.chunyang committed
41 
    healthcheck: "{{ barbican_worker_healthcheck }}"
caoyuan's avatar
dev mode: Add support for barbican  
caoyuan committed
42
zhubingbing's avatar
Add Barbican ansible role
zhubingbing committed
43 44 45 46 47 

####################
# Database
####################
barbican_database_name: "barbican"
Alexandru Bogdan Pica's avatar
Implement external MariaDB and pre-configured Databases support  
Alexandru Bogdan Pica committed
48 
barbican_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}barbican{% endif %}"
Radosław Piliszek's avatar
Implement IPv6 support in the control plane  
Radosław Piliszek committed
49 
barbican_database_address: "{{ database_address | put_address_in_context('url') }}:{{ database_port }}"
zhubingbing's avatar
Add Barbican ansible role
zhubingbing committed
50 51 52 53 54 


####################
# Docker
####################
Mark Goddard's avatar
CentOS 8: Support variable image tag suffix  
Mark Goddard committed
55 
barbican_tag: "{{ openstack_tag }}"
Dai Dang Van's avatar
Mixing binary and source images for A* and B* projects  
Dai Dang Van committed
56
Radosław Piliszek's avatar
Use the new image naming scheme  
Radosław Piliszek committed
57 
barbican_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/barbican-api"
Dai Dang Van's avatar
Mixing binary and source images for A* and B* projects  
Dai Dang Van committed
58 
barbican_api_tag: "{{ barbican_tag }}"
zhubingbing's avatar
Add Barbican ansible role
zhubingbing committed
59 60 
barbican_api_image_full: "{{ barbican_api_image }}:{{ barbican_api_tag }}"
Radosław Piliszek's avatar
Use the new image naming scheme  
Radosław Piliszek committed
61 
barbican_keystone_listener_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/barbican-keystone-listener"
Dai Dang Van's avatar
Mixing binary and source images for A* and B* projects  
Dai Dang Van committed
62 
barbican_keystone_listener_tag: "{{ barbican_tag }}"
zhubingbing's avatar
Add Barbican ansible role
zhubingbing committed
63 64 
barbican_keystone_listener_image_full: "{{ barbican_keystone_listener_image }}:{{ barbican_keystone_listener_tag }}"
Radosław Piliszek's avatar
Use the new image naming scheme  
Radosław Piliszek committed
65 
barbican_worker_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/barbican-worker"
Dai Dang Van's avatar
Mixing binary and source images for A* and B* projects  
Dai Dang Van committed
66 
barbican_worker_tag: "{{ barbican_tag }}"
zhubingbing's avatar
Add Barbican ansible role
zhubingbing committed
67 68 
barbican_worker_image_full: "{{ barbican_worker_image }}:{{ barbican_worker_tag }}"
Lakshmi Prasanna Goutham Pratapa's avatar
Apply Resource Constraints to Openstack Services  
Lakshmi Prasanna Goutham Pratapa committed
69 70 71 
barbican_api_dimensions: "{{ default_container_dimensions }}"
barbican_keystone_listener_dimensions: "{{ default_container_dimensions }}"
barbican_worker_dimensions: "{{ default_container_dimensions }}"
zhubingbing's avatar
Add Barbican ansible role
zhubingbing committed
72
wu.chunyang's avatar
Use Docker healthchecks for barbican services  
wu.chunyang committed
73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 
barbican_api_enable_healthchecks: "{{ enable_container_healthchecks }}"
barbican_api_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
barbican_api_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
barbican_api_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
barbican_api_healthcheck_test: ["CMD-SHELL", "healthcheck_curl {{ 'https' if barbican_enable_tls_backend | bool else 'http' }}://{{ api_interface_address |  put_address_in_context('url') }}:{{ barbican_api_listen_port}}"]
barbican_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
barbican_api_healthcheck:
  interval: "{{ barbican_api_healthcheck_interval }}"
  retries: "{{ barbican_api_healthcheck_retries }}"
  start_period: "{{ barbican_api_healthcheck_start_period }}"
  test: "{% if barbican_api_enable_healthchecks | bool %}{{ barbican_api_healthcheck_test }}{% else %}NONE{% endif %}"
  timeout: "{{ barbican_api_healthcheck_timeout }}"

barbican_keystone_listener_enable_healthchecks: "{{ enable_container_healthchecks }}"
barbican_keystone_listener_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
barbican_keystone_listener_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
barbican_keystone_listener_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
barbican_keystone_listener_healthcheck_test: ["CMD-SHELL", "healthcheck_port barbican-keystone-listener {{ om_rpc_port }}"]
barbican_keystone_listener_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
barbican_keystone_listener_healthcheck:
  interval: "{{ barbican_keystone_listener_healthcheck_interval }}"
  retries: "{{ barbican_keystone_listener_healthcheck_retries }}"
  start_period: "{{ barbican_keystone_listener_healthcheck_start_period }}"
  test: "{% if barbican_keystone_listener_enable_healthchecks | bool %}{{ barbican_keystone_listener_healthcheck_test }}{% else %}NONE{% endif %}"
  timeout: "{{ barbican_keystone_listener_healthcheck_timeout }}"

barbican_worker_enable_healthchecks: "{{ enable_container_healthchecks }}"
barbican_worker_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
barbican_worker_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
barbican_worker_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
barbican_worker_healthcheck_test: ["CMD-SHELL", "healthcheck_port barbican-worker {{ om_rpc_port }}"]
barbican_worker_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
barbican_worker_healthcheck:
  interval: "{{ barbican_worker_healthcheck_interval }}"
  retries: "{{ barbican_worker_healthcheck_retries }}"
  start_period: "{{ barbican_worker_healthcheck_start_period }}"
  test: "{% if barbican_worker_enable_healthchecks | bool %}{{ barbican_worker_healthcheck_test }}{% else %}NONE{% endif %}"
  timeout: "{{ barbican_worker_healthcheck_timeout }}"
binhong.hua's avatar
Make kolla-ansible support extra volumes  
binhong.hua committed
112 113 114 
barbican_api_default_volumes:
  - "{{ node_config_directory }}/barbican-api/:{{ container_config_directory }}/:ro"
  - "/etc/localtime:/etc/localtime:ro"
Mark Goddard's avatar
Use ansible_facts to reference facts  
Mark Goddard committed
115 
  - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
binhong.hua's avatar
Make kolla-ansible support extra volumes  
binhong.hua committed
116 117 
  - "barbican:/var/lib/barbican/"
  - "kolla_logs:/var/log/kolla/"
Mark Goddard's avatar
Python 3: Use distro_python_version for dev mode  
Mark Goddard committed
118 
  - "{{ kolla_dev_repos_directory ~ '/barbican/barbican:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/barbican' if barbican_dev_mode | bool else '' }}"
binhong.hua's avatar
Make kolla-ansible support extra volumes  
binhong.hua committed
119 120 121 
barbican_keystone_listener_default_volumes:
  - "{{ node_config_directory }}/barbican-keystone-listener/:{{ container_config_directory }}/:ro"
  - "/etc/localtime:/etc/localtime:ro"
Mark Goddard's avatar
Use ansible_facts to reference facts  
Mark Goddard committed
122 
  - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
binhong.hua's avatar
Make kolla-ansible support extra volumes  
binhong.hua committed
123 
  - "kolla_logs:/var/log/kolla/"
Mark Goddard's avatar
Python 3: Use distro_python_version for dev mode  
Mark Goddard committed
124 
  - "{{ kolla_dev_repos_directory ~ '/barbican/barbican:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/barbican' if barbican_dev_mode | bool else '' }}"
binhong.hua's avatar
Make kolla-ansible support extra volumes  
binhong.hua committed
125 126 127 
barbican_worker_default_volumes:
  - "{{ node_config_directory }}/barbican-worker/:{{ container_config_directory }}/:ro"
  - "/etc/localtime:/etc/localtime:ro"
Mark Goddard's avatar
Use ansible_facts to reference facts  
Mark Goddard committed
128 
  - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
binhong.hua's avatar
Make kolla-ansible support extra volumes  
binhong.hua committed
129 
  - "kolla_logs:/var/log/kolla/"
Mark Goddard's avatar
Python 3: Use distro_python_version for dev mode  
Mark Goddard committed
130 
  - "{{ kolla_dev_repos_directory ~ '/barbican/barbican:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/barbican' if barbican_dev_mode | bool else '' }}"
binhong.hua's avatar
Make kolla-ansible support extra volumes  
binhong.hua committed
131 132 133 134 135 136 

barbican_extra_volumes: "{{ default_extra_volumes }}"
barbican_api_extra_volumes: "{{ barbican_extra_volumes }}"
barbican_keystone_listener_extra_volumes: "{{ barbican_extra_volumes }}"
barbican_worker_extra_volumes: "{{ barbican_extra_volumes }}"
zhubingbing's avatar
Add Barbican ansible role
zhubingbing committed
137 138 139 140 141 142 
####################
# OpenStack
####################
barbican_logging_debug: "{{ openstack_logging_debug }}"

barbican_keystone_user: "barbican"
Nenad Radojevic's avatar
Add default roles used by Barbican  
Nenad Radojevic committed
143 144 145 146 
barbican_keymanager_role: "key-manager:service-admin"
barbican_creator_role: "creator"
barbican_observer_role: "observer"
barbican_audit_role: "audit"
zhubingbing's avatar
Add Barbican ansible role
zhubingbing committed
147
Jeffrey Zhang's avatar
Refactor register.yml files  
Jeffrey Zhang committed
148 
openstack_barbican_auth: "{{ openstack_auth }}"
caoyuan's avatar
dev mode: Add support for barbican  
caoyuan committed
149
Michal Arbet's avatar
Add api_workers for each service to defaults  
Michal Arbet committed
150 
barbican_api_workers: "{{ openstack_service_workers }}"
caoyuan's avatar
dev mode: Add support for barbican  
caoyuan committed
151 152 153 154 155 156 157 

####################
# Kolla
####################
barbican_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}"
barbican_dev_repos_pull: "{{ kolla_dev_repos_pull }}"
barbican_dev_mode: "{{ kolla_dev_mode }}"
MinSun's avatar
Support checkout dedicated version from git with dev mode  
MinSun committed
158 
barbican_source_version: "{{ kolla_source_version }}"
Mark Goddard's avatar
Refactor service, endpoint and user registration  
Mark Goddard committed
159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 

####################
# Keystone
####################
barbican_ks_services:
  - name: "barbican"
    type: "key-manager"
    description: "Barbican Key Management Service"
    endpoints:
      - {'interface': 'internal', 'url': '{{ barbican_internal_endpoint }}'}
      - {'interface': 'public', 'url': '{{ barbican_public_endpoint }}'}

barbican_ks_users:
  - project: "service"
    user: "{{ barbican_keystone_user }}"
    password: "{{ barbican_keystone_password }}"
    role: "admin"
Mark Goddard's avatar
Create and grant all keystone roles in service-ks-register  
Mark Goddard committed
176 177 178 179 180 181 

barbican_ks_roles:
  - "{{ barbican_keymanager_role }}"
  - "{{ barbican_creator_role }}"
  - "{{ barbican_observer_role }}"
  - "{{ barbican_audit_role }}"
James Kirsch's avatar
Add support for encrypting Barbican API  
James Kirsch committed
182
wu.chunyang's avatar
make barbican notification driver configurable  
wu.chunyang committed
183 184 185 186 187 
####################
# Notification
####################
barbican_notification_topics:
  - name: notifications
Ghanshyam Mann's avatar
Remove retired Searchlight support  
Ghanshyam Mann committed
188 
    enabled: "{{ enable_ceilometer | bool }}"
wu.chunyang's avatar
make barbican notification driver configurable  
wu.chunyang committed
189 190 191 

barbican_enabled_notification_topics: "{{ barbican_notification_topics | selectattr('enabled', 'equalto', true) | list }}"
James Kirsch's avatar
Add support for encrypting Barbican API  
James Kirsch committed
192 193 194 195 
####################
# TLS
####################
barbican_enable_tls_backend: "{{ kolla_enable_tls_backend }}"