-
Roman Krček authored
Build upon changes in kolla which change strategy of installing projects in containers when in dev mode. This fixes problems where when package file manifest changes, the changes were not reflected in to devmode-enabled container. It changes the strategy of installing projects in dev mode in containers. Instead of bind mounting the project's git repository to the venv of the container, the repository is bind mounted to /dev-mode/<project_name> from which the it is installed using pip on every startup of the container using kolla_install_projects script. Also updates docs to reflect the changes. Depends-On: https://review.opendev.org/c/openstack/kolla/+/925712 Closes-Bug: #1814515 Singed-off-by:
Roman Krček <roman.krcek@tietoevry.com> Change-Id: If191cd0e3fcf362ee058549a1b6c244d109b6d9a
Roman Krček authoredBuild upon changes in kolla which change strategy of installing projects in containers when in dev mode. This fixes problems where when package file manifest changes, the changes were not reflected in to devmode-enabled container. It changes the strategy of installing projects in dev mode in containers. Instead of bind mounting the project's git repository to the venv of the container, the repository is bind mounted to /dev-mode/<project_name> from which the it is installed using pip on every startup of the container using kolla_install_projects script. Also updates docs to reflect the changes. Depends-On: https://review.opendev.org/c/openstack/kolla/+/925712 Closes-Bug: #1814515 Singed-off-by:
main.yml 11.18 KiB
---
keystone_services:
keystone:
container_name: "keystone"
group: "keystone"
enabled: true
image: "{{ keystone_image_full }}"
volumes: "{{ keystone_default_volumes + keystone_extra_volumes }}"
dimensions: "{{ keystone_dimensions }}"
healthcheck: "{{ keystone_healthcheck }}"
haproxy:
keystone_internal:
enabled: "{{ enable_keystone }}"
mode: "http"
external: false
tls_backend: "{{ keystone_enable_tls_backend }}"
port: "{{ keystone_internal_port }}"
listen_port: "{{ keystone_internal_listen_port }}"
backend_http_extra:
- balance "{{ 'source' if enable_keystone_federation | bool else 'roundrobin' }}"
keystone_external:
enabled: "{{ enable_keystone }}"
mode: "http"
external: true
external_fqdn: "{{ keystone_external_fqdn }}"
tls_backend: "{{ keystone_enable_tls_backend }}"
port: "{{ keystone_public_port }}"
listen_port: "{{ keystone_public_listen_port }}"
backend_http_extra:
- balance "{{ 'source' if enable_keystone_federation | bool else 'roundrobin' }}"
keystone-ssh:
container_name: "keystone_ssh"
group: "keystone"
enabled: true
image: "{{ keystone_ssh_image_full }}"
volumes:
- "{{ node_config_directory }}/keystone-ssh/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
- "kolla_logs:/var/log/kolla/"
- "keystone_fernet_tokens:/etc/keystone/fernet-keys"
dimensions: "{{ keystone_ssh_dimensions }}"
healthcheck: "{{ keystone_ssh_healthcheck }}"
keystone-fernet:
container_name: "keystone_fernet"
group: "keystone"
enabled: true
image: "{{ keystone_fernet_image_full }}"
volumes:
- "{{ node_config_directory }}/keystone-fernet/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
- "kolla_logs:/var/log/kolla/"
- "keystone_fernet_tokens:/etc/keystone/fernet-keys"
dimensions: "{{ keystone_fernet_dimensions }}"
healthcheck: "{{ keystone_fernet_healthcheck }}"
####################
# Config Validate
####################
keystone_config_validation:
- generator: "/keystone/config-generator/keystone.conf"
config: "/etc/keystone/keystone.conf"
####################
# Database
####################
keystone_database_name: "keystone"
keystone_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}keystone{% endif %}"
keystone_database_address: "{{ database_address | put_address_in_context('url') }}:{{ database_port }}"
####################
# Database sharding
####################
keystone_database_shard_root_user: "{% if enable_proxysql | bool %}root_shard_{{ keystone_database_shard_id }}{% else %}{{ database_user }}{% endif %}"
keystone_database_shard_id: "{{ mariadb_default_database_shard_id | int }}"
keystone_database_shard:
users:
- user: "{{ keystone_database_user }}"
password: "{{ keystone_database_password }}"
rules:
- schema: "{{ keystone_database_name }}"
shard_id: "{{ keystone_database_shard_id }}"
####################
# Fernet
####################
keystone_username: "keystone"
keystone_groupname: "keystone"
####################
# Docker
####################
keystone_tag: "{{ openstack_tag }}"
keystone_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ docker_image_name_prefix }}keystone"
keystone_service_tag: "{{ keystone_tag }}"
keystone_image_full: "{{ keystone_image }}:{{ keystone_service_tag }}"
keystone_fernet_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ docker_image_name_prefix }}keystone-fernet"
keystone_fernet_tag: "{{ keystone_tag }}"
keystone_fernet_image_full: "{{ keystone_fernet_image }}:{{ keystone_fernet_tag }}"
keystone_ssh_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ docker_image_name_prefix }}keystone-ssh"
keystone_ssh_tag: "{{ keystone_tag }}"
keystone_ssh_image_full: "{{ keystone_ssh_image }}:{{ keystone_ssh_tag }}"
keystone_dimensions: "{{ default_container_dimensions }}"
keystone_fernet_dimensions: "{{ default_container_dimensions }}"
keystone_ssh_dimensions: "{{ default_container_dimensions }}"
keystone_enable_healthchecks: "{{ enable_container_healthchecks }}"
keystone_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
keystone_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
keystone_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
keystone_healthcheck_test: ["CMD-SHELL", "healthcheck_curl {{ 'https' if keystone_enable_tls_backend | bool else 'http' }}://{{ api_interface_address | put_address_in_context('url') }}:{{ keystone_public_listen_port }}"]
keystone_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
keystone_healthcheck:
interval: "{{ keystone_healthcheck_interval }}"
retries: "{{ keystone_healthcheck_retries }}"
start_period: "{{ keystone_healthcheck_start_period }}"
test: "{% if keystone_enable_healthchecks | bool %}{{ keystone_healthcheck_test }}{% else %}NONE{% endif %}"
timeout: "{{ keystone_healthcheck_timeout }}"
keystone_ssh_enable_healthchecks: "{{ enable_container_healthchecks }}"
keystone_ssh_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
keystone_ssh_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
keystone_ssh_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
keystone_ssh_healthcheck_test: ["CMD-SHELL", "healthcheck_listen sshd {{ keystone_ssh_port }}"]
keystone_ssh_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
keystone_ssh_healthcheck:
interval: "{{ keystone_ssh_healthcheck_interval }}"
retries: "{{ keystone_ssh_healthcheck_retries }}"
start_period: "{{ keystone_ssh_healthcheck_start_period }}"
test: "{% if keystone_ssh_enable_healthchecks | bool %}{{ keystone_ssh_healthcheck_test }}{% else %}NONE{% endif %}"
timeout: "{{ keystone_ssh_healthcheck_timeout }}"
keystone_fernet_enable_healthchecks: "{{ enable_container_healthchecks }}"keystone_fernet_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
keystone_fernet_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
keystone_fernet_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
keystone_fernet_healthcheck_test: ["CMD-SHELL", "/usr/bin/fernet-healthcheck.sh"]
keystone_fernet_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
keystone_fernet_healthcheck:
interval: "{{ keystone_fernet_healthcheck_interval }}"
retries: "{{ keystone_fernet_healthcheck_retries }}"
start_period: "{{ keystone_fernet_healthcheck_start_period }}"
test: "{% if keystone_fernet_enable_healthchecks | bool %}{{ keystone_fernet_healthcheck_test }}{% else %}NONE{% endif %}"
timeout: "{{ keystone_fernet_healthcheck_timeout }}"
keystone_default_volumes:
- "{{ node_config_directory }}/keystone/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
- "{{ kolla_dev_repos_directory ~ '/keystone:/dev-mode/keystone' if keystone_dev_mode | bool else '' }}"
- "kolla_logs:/var/log/kolla/"
- "keystone_fernet_tokens:/etc/keystone/fernet-keys"
keystone_extra_volumes: "{{ default_extra_volumes }}"
####################
# OpenStack
####################
keystone_logging_debug: "{{ openstack_logging_debug }}"
openstack_keystone_auth: "{{ openstack_auth }}"
keystone_api_workers: "{{ openstack_service_workers }}"
####################
# Kolla
####################
keystone_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}"
keystone_dev_repos_pull: "{{ kolla_dev_repos_pull }}"
keystone_dev_mode: "{{ kolla_dev_mode }}"
keystone_source_version: "{{ kolla_source_version }}"
####################
# Notifications
####################
keystone_default_notifications_topic_enabled: "{{ enable_ceilometer | bool }}"
keystone_default_notifications_topic_name: "notifications"
keystone_notification_topics:
- name: "{{ keystone_default_notifications_topic_name }}"
enabled: "{{ keystone_default_notifications_topic_enabled | bool }}"
- name: barbican_notifications
enabled: "{{ enable_barbican | bool }}"
keystone_enabled_notification_topics: "{{ keystone_notification_topics | selectattr('enabled', 'equalto', true) | list }}"
####################
# Keystone
####################
keystone_service_endpoints:
- {'interface': 'internal', 'url': '{{ keystone_internal_url }}'}
- {'interface': 'public', 'url': '{{ keystone_public_url }}'}
keystone_ks_services:
- name: "keystone"
type: "identity"
description: "Openstack Identity Service"
endpoints: "{{ keystone_service_endpoints }}"
####################
# TLS####################
keystone_enable_tls_backend: "{{ kolla_enable_tls_backend }}"
###############################
# OpenStack identity federation
###############################
# Default OpenID Connect remote attribute key
keystone_remote_id_attribute_oidc: "HTTP_OIDC_ISS"
keystone_container_federation_oidc_metadata_folder: "{{ '/etc/apache2/metadata' if kolla_base_distro in ['debian', 'ubuntu'] else '/etc/httpd/metadata' }}"
keystone_container_federation_oidc_idp_certificate_folder: "{{ '/etc/apache2/cert' if kolla_base_distro in ['debian', 'ubuntu'] else '/etc/httpd/cert' }}"
keystone_container_federation_oidc_attribute_mappings_folder: "{{ container_config_directory }}/federation/oidc/attribute_maps"
keystone_host_federation_oidc_metadata_folder: "{{ node_config_directory }}/keystone/federation/oidc/metadata"
keystone_host_federation_oidc_idp_certificate_folder: "{{ node_config_directory }}/keystone/federation/oidc/cert"
keystone_host_federation_oidc_attribute_mappings_folder: "{{ node_config_directory }}/keystone/federation/oidc/attribute_maps"
keystone_federation_oidc_jwks_uri: ""
keystone_federation_oidc_additional_options: {}
# These variables are used to define multiple trusted Horizon dashboards.
# keystone_trusted_dashboards: ['<https://dashboardServerOne/auth/websso/>', '<https://dashboardServerTwo/auth/websso/>', '<https://dashboardServerN/auth/websso/>']
horizon_trusted_dashboards: "{{ ['%s://%s/auth/websso/' % (public_protocol, kolla_external_fqdn), '%s/auth/websso/' % (horizon_public_endpoint)] if enable_horizon | bool else [] }}"
skyline_trusted_dashboards: "{{ ['%s/api/openstack/skyline/api/v1/websso' % (skyline_console_public_endpoint)] if enable_skyline | bool else [] }}"
keystone_trusted_dashboards: "{{ horizon_trusted_dashboards + skyline_trusted_dashboards }}"
keystone_enable_federation_openid: "{{ enable_keystone_federation | bool and keystone_identity_providers | selectattr('protocol', 'equalto', 'openid') | list | count > 0 }}"
keystone_should_remove_attribute_mappings: False
keystone_should_remove_identity_providers: False
keystone_federation_oidc_response_type: "id_token"
keystone_federation_oidc_scopes: "openid email profile"
# OIDC caching
keystone_oidc_enable_memcached: "{{ enable_memcached }}"