Add zun ansible role

Change-Id: I13cf03d6a97fb94dd7cb309e99a417ad101dc21a
Co-Authored-By: Mauricio Lima <mauriciolimab@gmail.com>
Partially-implements: bp add-zun-ansible-role

ansible/group_vars/all.yml

@@ -245,6 +245,8 @@ tacker_server_port: "9890"
 
 fluentd_syslog_port: "5140"
 
+zun_api_port: "9512"
+
 public_protocol: "{{ 'https' if kolla_enable_tls_external | bool else 'http' }}"
 internal_protocol: "http"
 admin_protocol: "http"
@@ -364,6 +366,7 @@ enable_tempest: "no"
 enable_trove: "no"
 enable_vmtp: "no"
 enable_watcher: "no"
+enable_zun: "no"
 
 ironic_keystone_user: "ironic"
 neutron_keystone_user: "neutron"

ansible/inventory/all-in-one

@@ -184,6 +184,9 @@ control
 [bifrost:children]
 deployment
 
+[zun:children]
+control
+
 # Additional control implemented here. These groups allow you to control which
 # services run on which hosts at a per-service level.
 #
@@ -527,3 +530,10 @@ designate
 # Placement
 [placement-api:children]
 placement
+
+# Zun
+[zun-api:children]
+zun
+
+[zun-compute:children]
+compute

ansible/inventory/multinode

@@ -202,6 +202,9 @@ control
 [bifrost:children]
 deployment
 
+[zun:children]
+control
+
 # Additional control implemented here. These groups allow you to control which
 # services run on which hosts at a per-service level.
 #
@@ -545,3 +548,10 @@ designate
 # Placement
 [placement-api:children]
 placement
+
+# Zun
+[zun-api:children]
+zun
+
+[zun-compute:children]
+compute

ansible/roles/common/tasks/config.yml

@@ -110,3 +110,4 @@
     - { name: "swift", enabled: "{{ enable_swift }}" }
     - { name: "tacker", enabled: "{{ enable_tacker }}" }
     - { name: "watcher", enabled: "{{ enable_watcher }}" }
+    - { name: "zun", enabled: "{{ enable_zun }}" }

ansible/roles/common/templates/cron-logrotate-zun.conf.j2

+"/var/log/kolla/zun/*.log"
+{
+}

ansible/roles/common/templates/cron.json.j2

@@ -34,7 +34,8 @@
     ( 'solum', enable_solum ),
     ( 'swift', enable_swift ),
     ( 'tacker', enable_tacker ),
-    ( 'watcher', enable_watcher )
+    ( 'watcher', enable_watcher ),
+    ( 'zun', enable_zun )
 ] %}
 {
     "command": "{{ cron_cmd }}",

ansible/roles/haproxy/tasks/precheck.yml

@@ -621,3 +621,14 @@
     - enable_watcher | bool
     - inventory_hostname in groups['haproxy']
     - "{{ 'watcher_api' not in haproxy_stat }}"
+
+- name: Checking free port for Zun API HAProxy
+  wait_for:
+    host: "{{ kolla_internal_vip_address }}"
+    port: "{{ zun_api_port }}"
+    connect_timeout: 1
+    state: stopped
+  when:
+    - enable_zun | bool
+    - inventory_hostname in groups['haproxy']
+    - "{{ 'zun_api' not in haproxy_stat }}"

ansible/roles/haproxy/templates/haproxy.cfg.j2

@@ -798,6 +798,25 @@ listen tacker_server_external
 {% endif %}
 {% endif %}
 
+{% if enable_zun | bool %}
+listen zun_api
+  bind {{ kolla_internal_vip_address }}:{{ zun_api_port }}
+  http-request del-header X-Forwarded-Proto if { ssl_fc }
+{% for host in groups['zun-api'] %}
+  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ zun_api_port }} check inter 2000 rise 2 fall 5
+{% endfor %}
+{% if haproxy_enable_external_vip | bool %}
+
+listen zun_api_external
+  bind {{ kolla_external_vip_address }}:{{ zun_api_port }} {{ tls_bind_info }}
+  http-request del-header X-Forwarded-Proto if { ssl_fc }
+  http-request set-header X-Forwarded-Proto https if { ssl_fc }
+{% for host in groups['zun-api'] %}
+  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ zun_api_port }} check inter 2000 rise 2 fall 5
+{% endfor %}
+{% endif %}
+{% endif %}
+
 # (NOTE): This defaults section deletes forwardfor as recommended by:
 #         https://marc.info/?l=haproxy&m=141684110710132&w=1
 

ansible/roles/zun/defaults/main.yml

+---
+project_name: "zun"
+
+zun_services:
+  zun-api:
+    container_name: zun_api
+    group: zun-api
+    enabled: true
+    image: "{{ zun_api_image_full }}"
+    volumes:
+      - "{{ node_config_directory }}/zun-api/:{{ container_config_directory }}/:ro"
+      - "/etc/localtime:/etc/localtime:ro"
+      - "kolla_logs:/var/log/kolla/"
+  zun-compute:
+    container_name: zun_compute
+    group: zun-compute
+    enabled: true
+    image: "{{ zun_compute_image_full }}"
+    volumes:
+      - "{{ node_config_directory }}/zun-compute/:{{ container_config_directory }}/:ro"
+      - "/etc/localtime:/etc/localtime:ro"
+      - "kolla_logs:/var/log/kolla/"
+
+####################
+## Database
+####################
+zun_database_name: "zun"
+zun_database_user: "zun"
+zun_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}"
+
+
+####################
+## Docker
+####################
+zun_compute_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-zun-compute"
+zun_compute_tag: "{{ openstack_release }}"
+zun_compute_image_full: "{{ zun_compute_image }}:{{ zun_compute_tag }}"
+
+zun_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-zun-api"
+zun_api_tag: "{{ openstack_release }}"
+zun_api_image_full: "{{ zun_api_image }}:{{ zun_api_tag }}"
+
+
+####################
+## OpenStack
+####################
+zun_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ zun_api_port }}/v1/%(tenant_id)s"
+zun_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ zun_api_port }}/v1/%(tenant_id)s"
+zun_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ zun_api_port }}/v1/%(tenant_id)s"
+
+zun_logging_debug: "{{ openstack_logging_debug }}"
+
+zun_keystone_user: "zun"
+
+openstack_zun_auth: "{{ openstack_auth }}"

ansible/roles/zun/handlers/main.yml

+---
+- name: Restart zun-api container
+  vars:
+    service_name: "zun-api"
+    service: "{{ zun_services[service_name] }}"
+    config_json: "{{ zun_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    zun_conf: "{{ zun_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    policy_json: "{{ zun_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    zun_api_container: "{{ check_zun_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
+  kolla_docker:
+    action: "recreate_or_restart_container"
+    common_options: "{{ docker_common_options }}"
+    name: "{{ service.container_name }}"
+    image: "{{ service.image }}"
+    volumes: "{{ service.volumes }}"
+  when:
+    - action != "config"
+    - inventory_hostname in groups[service.group]
+    - service.enabled | bool
+    - config_json.changed | bool
+      or zun_conf.changed | bool
+      or policy_json.changed | bool
+      or zun_api_container.changed | bool
+
+- name: Restart zun-compute container
+  vars:
+    service_name: "zun-compute"
+    service: "{{ zun_services[service_name] }}"
+    config_json: "{{ zun_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    zun_conf: "{{ zun_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    policy_json: "{{ zun_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    zun_compute_container: "{{ check_zun_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
+  kolla_docker:
+    action: "recreate_or_restart_container"
+    common_options: "{{ docker_common_options }}"
+    name: "{{ service.container_name }}"
+    image: "{{ service.image }}"
+    volumes: "{{ service.volumes }}"
+  when:
+    - action != "config"
+    - inventory_hostname in groups[service.group]
+    - service.enabled | bool
+    - config_json.changed | bool
+      or zun_conf.changed | bool
+      or policy_json.changed | bool
+      or zun_compute_container.changed | bool

ansible/roles/zun/meta/main.yml

+---
+dependencies:
+  - { role: common }

ansible/roles/zun/tasks/bootstrap.yml

+---
+- name: Creating Zun database
+  kolla_toolbox:
+    module_name: mysql_db
+    module_args:
+      login_host: "{{ database_address }}"
+      login_port: "{{ database_port }}"
+      login_user: "{{ database_user }}"
+      login_password: "{{ database_password }}"
+      name: "{{ zun_database_name }}"
+  register: database
+  run_once: True
+  delegate_to: "{{ groups['zun-api'][0] }}"
+
+- name: Creating Zun database user and setting permissions
+  kolla_toolbox:
+    module_name: mysql_user
+    module_args:
+      login_host: "{{ database_address }}"
+      login_port: "{{ database_port }}"
+      login_user: "{{ database_user }}"
+      login_password: "{{ database_password }}"
+      name: "{{ zun_database_name }}"
+      password: "{{ zun_database_password }}"
+      host: "%"
+      priv: "{{ zun_database_name }}.*:ALL"
+      append_privs: "yes"
+  run_once: True
+  delegate_to: "{{ groups['zun-api'][0] }}"
+
+- include: bootstrap_service.yml
+  when: database.changed

ansible/roles/zun/tasks/bootstrap_service.yml

+---
+- name: Running Zun bootstrap container
+  vars:
+    zun_api: "{{ zun_services['zun-api'] }}"
+  kolla_docker:
+    action: "start_container"
+    common_options: "{{ docker_common_options }}"
+    detach: False
+    environment:
+      KOLLA_BOOTSTRAP:
+      KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
+    image: "{{ zun_api.image }}"
+    labels:
+      BOOTSTRAP:
+    name: "bootstrap_zun"
+    restart_policy: "never"
+    volumes: "{{ zun_api.volumes }}"
+  run_once: True
+  delegate_to: "{{ groups[zun_api.group][0] }}"

ansible/roles/zun/tasks/config.yml

+---
+- name: Ensuring config directories exist
+  file:
+    path: "{{ node_config_directory }}/{{ item.key }}"
+    state: "directory"
+    recurse: yes
+  when: inventory_hostname in groups[item.value.group]
+  with_dict: "{{ zun_services }}"
+
+- name: Copying over config.json files for services
+  template:
+    src: "{{ item.key }}.json.j2"
+    dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
+  register: zun_config_jsons
+  when:
+    - item.value.enabled | bool
+    - inventory_hostname in groups[item.value.group]
+  with_dict: "{{ zun_services }}"
+  notify:
+    - Restart zun-api container
+    - Restart zun-compute container
+
+- name: Copying over zun.conf
+  merge_configs:
+    vars:
+      service_name: "{{ item.key }}"
+    sources:
+      - "{{ role_path }}/templates/zun.conf.j2"
+      - "{{ node_custom_config }}/global.conf"
+      - "{{ node_custom_config }}/database.conf"
+      - "{{ node_custom_config }}/messaging.conf"
+      - "{{ node_custom_config }}/zun.conf"
+      - "{{ node_custom_config }}/zun/{{ item.key }}.conf"
+      - "{{ node_custom_config }}/zun/{{ inventory_hostname }}/zun.conf"
+    dest: "{{ node_config_directory }}/{{ item.key }}/zun.conf"
+  register: zun_confs
+  when:
+    - item.value.enabled | bool
+    - inventory_hostname in groups[item.value.group]
+  with_dict: "{{ zun_services }}"
+  notify:
+    - Restart zun-api container
+    - Restart zun-compute container
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/zun/policy.json"
+  register: zun_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/zun/policy.json"
+    dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
+  register: zun_policy_jsons
+  when:
+    - zun_policy.stat.exists
+    - inventory_hostname in groups[item.value.group]
+  with_dict: "{{ zun_services }}"
+  notify:
+    - Restart zun-api container
+    - Restart zun-compute container
+
+- name: Check zun containers
+  kolla_docker:
+    action: "compare_container"
+    common_options: "{{ docker_common_options }}"
+    name: "{{ item.value.container_name }}"
+    image: "{{ item.value.image }}"
+    volumes: "{{ item.value.volumes }}"
+  register: check_zun_containers
+  when:
+    - action != "config"
+    - inventory_hostname in groups[item.value.group]
+    - item.value.enabled | bool
+  with_dict: "{{ zun_services }}"
+  notify:
+    - Restart zun-api container
+    - Restart zun-compute container

ansible/roles/zun/tasks/deploy.yml

+---
+- include: register.yml
+  when: inventory_hostname in groups['zun-api']
+
+- include: config.yml
+  when: inventory_hostname in groups['zun-api'] or
+        inventory_hostname in groups['zun-compute']
+
+- include: bootstrap.yml
+  when: inventory_hostname in groups['zun-api']
+
+- name: Flush handlers
+  meta: flush_handlers

ansible/roles/zun/tasks/main.yml

+---
+- include: "{{ action }}.yml"

ansible/roles/zun/tasks/precheck.yml

+---
+- name: Get container facts
+  kolla_container_facts:
+    name:
+      - zun_api
+  register: container_facts
+
+- name: Checking free port for Zun API
+  wait_for:
+    host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
+    port: "{{ zun_api_port }}"
+    connect_timeout: 1
+    state: stopped
+  when:
+    - container_facts['zun_api'] is not defined
+    - inventory_hostname in groups['zun-api']

ansible/roles/zun/tasks/pull.yml

+---
+- name: Pulling zun images
+  kolla_docker:
+    action: "pull_image"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ item.value.image }}"
+  when:
+    - inventory_hostname in groups[item.value.group]
+    - item.value.enabled | bool
+  with_dict: "{{ zun_services }}"

ansible/roles/zun/tasks/reconfigure.yml

+---
+- include: deploy.yml

ansible/roles/zun/tasks/register.yml

+---
+- name: Creating the Zun service and endpoint
+  kolla_toolbox:
+    module_name: "kolla_keystone_service"
+    module_args:
+      service_name: "{{ item.service_name }}"
+      service_type: "{{ item.service_type }}"
+      description: "Container Service"
+      endpoint_region: "{{ openstack_region_name }}"
+      url: "{{ item.url }}"
+      interface: "{{ item.interface }}"
+      region_name: "{{ openstack_region_name }}"
+      auth: "{{ '{{ openstack_zun_auth }}' }}"
+    module_extra_vars:
+      openstack_zun_auth: "{{ openstack_zun_auth }}"
+  register: zun_endpoint
+  until: zun_endpoint|success
+  retries: 10
+  delay: 5
+  run_once: True
+  with_items:
+    - {'interface': 'admin', 'url': '{{ zun_admin_endpoint }}'}
+    - {'interface': 'internal', 'url': '{{ zun_internal_endpoint }}'}
+    - {'interface': 'public', 'url': '{{ zun_public_endpoint }}'}
+
+- name: Creating the Zun project, user, and role
+  kolla_toolbox:
+    module_name: "kolla_keystone_user"
+    module_args:
+      project: "service"
+      user: "{{ zun_keystone_user }}"
+      password: "{{ zun_keystone_password }}"
+      role: "admin"
+      region_name: "{{ openstack_region_name }}"
+      auth: "{{ '{{ openstack_zun_auth }}' }}"
+    module_extra_vars:
+      openstack_zun_auth: "{{ openstack_zun_auth }}"
+  register: zun_user
+  until: zun_user|success
+  retries: 10
+  delay: 5
+  run_once: True