Merge "Add Ansible support for Magnum"

ansible/group_vars/all.yml

@@ -104,6 +104,8 @@ murano_api_port: "8082"
 
 ironic_api_port: "6385"
 
+magnum_api_port: "9511"
+
 
 ####################
 # Openstack options
@@ -155,6 +157,7 @@ enable_horizon: "yes"
 enable_swift: "no"
 enable_murano: "no"
 enable_ironic: "no"
+enable_magnum: "no"
 
 ironic_keystone_user: "ironic"
 

ansible/inventory/all-in-one

@@ -63,6 +63,9 @@ storage
 [ironic:children]
 control
 
+[magnum:children]
+control
+
 # Additional control implemented here. These groups allow you to control which
 # services run on which hosts at a per-service level.
 #
@@ -158,3 +161,10 @@ ironic
 
 [ironic-pxe:children]
 ironic
+
+# Magnum
+[magnum-api:children]
+magnum
+
+[magnum-conductor:children]
+magnum

ansible/inventory/multinode

@@ -71,6 +71,9 @@ control
 [ceph-osd:children]
 storage
 
+[magnum:children]
+control
+
 
 # Additional control implemented here. These groups allow you to control which
 # services run on which hosts at a per-service level.
@@ -167,3 +170,10 @@ ironic
 
 [ironic-pxe:children]
 ironic
+
+# Magnum
+[magnum-api:children]
+magnum
+
+[magnum-conductor:children]
+magnum

ansible/roles/common/templates/rsyslog.conf.j2

@@ -132,6 +132,12 @@ $template MuranoEngineFile,"/var/log/murano/murano-engine.log"
 $template MuranoApiFile,"/var/log/murano/murano-api.log"
 :syslogtag,contains,"murano-api" ?MuranoApiFile
 
+$template MagnumApiFile,"/var/log/magnum/magnum-api.log"
+:syslogtag,contains,"magnum-api" ?MagnumApiFile
+
+$template MagnumConductorFile,"/var/log/magnum/magnum-conductor.log"
+:syslogtag,contains,"magnum-conductor" ?MagnumConductorFile
+
 $template DynFile,"/var/log/syslog.log"
 *.* ?DynFile
 & ~

ansible/roles/haproxy/templates/haproxy.cfg.j2

@@ -165,3 +165,11 @@ listen murano_api
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + api_interface]['ipv4']['address'] }}:{{ murano_api_port }} check inter 2000 rise 2 fall 5
 {% endfor %}
 {% endif %}
+
+{% if enable_magnum | bool %}
+listen magnum_api
+  bind {{ kolla_internal_address }}:{{ magnum_api_port }}
+{% for host in groups['magnum-api'] %}
+  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + api_interface]['ipv4']['address'] }}:{{ magnum_api_port }} check inter 2000 rise 2 fall 5
+{% endfor %}
+{% endif %}

ansible/roles/magnum/defaults/main.yml

+---
+project_name: "magnum"
+
+####################
+# Database
+####################
+magnum_database_name: "magnum"
+magnum_database_user: "magnum"
+magnum_database_address: "{{ kolla_internal_address }}"
+
+
+####################
+# Docker
+####################
+magnum_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-magnum-api"
+magnum_api_tag: "{{ openstack_release }}"
+magnum_api_image_full: "{{ magnum_api_image }}:{{ magnum_api_tag }}"
+magnum_conductor_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-magnum-conductor"
+magnum_conductor_tag: "{{ openstack_release }}"
+magnum_conductor_image_full: "{{ magnum_conductor_image }}:{{ magnum_conductor_tag }}"
+
+
+####################
+# Openstack
+####################
+magnum_public_address: "{{ kolla_external_address }}"
+magnum_admin_address: "{{ kolla_internal_address }}"
+magnum_internal_address: "{{ kolla_internal_address }}"
+
+magnum_logging_verbose: "{{ openstack_logging_verbose }}"
+magnum_logging_debug: "{{ openstack_logging_debug }}"
+
+magnum_keystone_user: "magnum"
+
+openstack_magnum_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}"

ansible/roles/magnum/meta/main.yml

+---
+dependencies:
+  - { role: common }

ansible/roles/magnum/tasks/bootstrap.yml

+---
+- name: Creating Magnum database
+  command: docker exec -t kolla_ansible /usr/bin/ansible localhost
+    -m mysql_db
+    -a "login_host='{{ database_address }}'
+        login_user='{{ database_user }}'
+        login_password='{{ database_password }}'
+        name='{{ magnum_database_name }}'"
+  register: database
+  changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  failed_when: database.stdout.split()[2] != 'SUCCESS'
+  run_once: True
+
+- name: Creating Magnum database user and setting permissions
+  command: docker exec -t kolla_ansible /usr/bin/ansible localhost
+    -m mysql_user
+    -a "login_host='{{ database_address }}'
+        login_user='{{ database_user }}'
+        login_password='{{ database_password }}'
+        name='{{ magnum_database_name }}'
+        password='{{ magnum_database_password }}'
+        host='%'
+        priv='{{ magnum_database_name }}.*:ALL'
+        append_privs='yes'"
+  register: database_user_create
+  changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and (database_user_create.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  failed_when: database_user_create.stdout.split()[2] != 'SUCCESS'
+  run_once: True
+
+- name: Starting Magnum bootstrap container
+  docker:
+    tty: True
+    detach: False
+    net: host
+    pull: "{{ docker_pull_policy }}"
+    restart_policy: "no"
+    state: reloaded
+    registry: "{{ docker_registry }}"
+    username: "{{ docker_registry_username }}"
+    password: "{{ docker_registry_password }}"
+    insecure_registry: "{{ docker_insecure_registry }}"
+    name: bootstrap_magnum
+    image: "{{ magnum_api_image_full }}"
+    volumes: "{{ node_config_directory }}/magnum-api/:{{ container_config_directory }}/:ro"
+    env:
+      KOLLA_BOOTSTRAP:
+      KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
+  run_once: True
+  when: database.stdout.find('localhost | SUCCESS => ') != -1 and (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed
+
+# https://github.com/ansible/ansible-modules-core/pull/1031
+- name: Waiting for bootstrap container to exit
+  command: docker wait bootstrap_magnum
+  register: bootstrap_result
+  run_once: True
+  failed_when: bootstrap_result.stdout != "0"
+  when: database.stdout.find('localhost | SUCCESS => ') != -1 and (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed
+
+- name: Cleaning up Magnum boostrap container
+  docker:
+    tty: True
+    name: bootstrap_magnum
+    image: "{{ magnum_api_image_full }}"
+    state: absent
+  when: database.stdout.find('localhost | SUCCESS => ') != -1 and (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed

ansible/roles/magnum/tasks/config.yml

+---
+- include: ../../config.yml
+  vars:
+    service_name: "magnum-api"
+    config_source:
+      - "roles/{{ project_name }}/templates/magnum.conf.j2"
+      - "/etc/kolla/config/global.conf"
+      - "/etc/kolla/config/database.conf"
+      - "/etc/kolla/config/messaging.conf"
+      - "/etc/kolla/config/{{ project_name }}.conf"
+      - "/etc/kolla/config/{{ project_name }}/{{ service_name }}.conf"
+    config_template_dest:
+      - "{{ node_templates_directory }}/{{ service_name }}/{{ project_name }}.conf_minimal"
+      - "{{ node_templates_directory }}/{{ service_name }}/{{ project_name }}.conf_global"
+      - "{{ node_templates_directory }}/{{ service_name }}/{{ project_name }}.conf_database"
+      - "{{ node_templates_directory }}/{{ service_name }}/{{ project_name }}.conf_messaging"
+      - "{{ node_templates_directory }}/{{ service_name }}/{{ project_name }}.conf_augment"
+      - "{{ node_templates_directory }}/{{ service_name }}/{{ service_name }}.conf_augment"
+    config_dest: "{{ node_config_directory }}/{{ service_name }}/magnum.conf"
+  when: inventory_hostname in groups['magnum-api']
+
+- name: Copying over Magnum API JSON configuration file
+  template:
+    src: "roles/magnum/templates/magnum-api.json.j2"
+    dest: "{{ node_config_directory }}/magnum-api/config.json"
+
+- include: ../../config.yml
+  vars:
+    service_name: "magnum-conductor"
+    config_source:
+      - "roles/{{ project_name }}/templates/magnum.conf.j2"
+      - "/etc/kolla/config/global.conf"
+      - "/etc/kolla/config/database.conf"
+      - "/etc/kolla/config/messaging.conf"
+      - "/etc/kolla/config/{{ project_name }}.conf"
+      - "/etc/kolla/config/{{ project_name }}/{{ service_name }}.conf"
+    config_template_dest:
+      - "{{ node_templates_directory }}/{{ service_name }}/{{ project_name }}.conf_minimal"
+      - "{{ node_templates_directory }}/{{ service_name }}/{{ project_name }}.conf_global"
+      - "{{ node_templates_directory }}/{{ service_name }}/{{ project_name }}.conf_database"
+      - "{{ node_templates_directory }}/{{ service_name }}/{{ project_name }}.conf_messaging"
+      - "{{ node_templates_directory }}/{{ service_name }}/{{ project_name }}.conf_augment"
+      - "{{ node_templates_directory }}/{{ service_name }}/{{ service_name }}.conf_augment"
+    config_dest: "{{ node_config_directory }}/{{ service_name }}/magnum.conf"
+  when: inventory_hostname in groups['magnum-conductor']
+
+- name: Copying over Magnum conductor JSON configuration file
+  template:
+    src: "roles/magnum/templates/magnum-conductor.json.j2"
+    dest: "{{ node_config_directory }}/magnum-conductor/config.json"

ansible/roles/magnum/tasks/main.yml

+---
+- include: register.yml
+
+- include: config.yml
+
+- include: bootstrap.yml
+
+- include: start.yml

ansible/roles/magnum/tasks/register.yml

+---
+- name: Creating the Magnum service and endpoint
+  command: docker exec -t kolla_ansible /usr/bin/ansible localhost
+    -m kolla_keystone_service
+    -a "service_name=magnum
+        service_type=container
+        description='Openstack Container Service'
+        endpoint_region={{ openstack_region_name }}
+        admin_url='http://{{ kolla_internal_address }}:{{ magnum_api_port }}/v1'
+        internal_url='http://{{ kolla_internal_address }}:{{ magnum_api_port }}/v1'
+        public_url='http://{{ kolla_external_address }}:{{ magnum_api_port }}/v1'
+        region_name={{ openstack_region_name }}
+        auth={{ '{{ openstack_magnum_auth }}' }}"
+    -e "{'openstack_magnum_auth':{{ openstack_magnum_auth }}}"
+  register: magnum_endpoint
+  changed_when: "{{ magnum_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (magnum_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  until: magnum_endpoint.stdout.split()[2] == 'SUCCESS'
+  retries: 10
+  delay: 5
+  run_once: True
+
+- name: Creating the Magnum project, user, and role
+  command: docker exec -t kolla_ansible /usr/bin/ansible localhost
+    -m kolla_keystone_user
+    -a "project=service
+        user=magnum
+        password={{ magnum_keystone_password }}
+        role=admin
+        region_name={{ openstack_region_name }}
+        auth={{ '{{ openstack_magnum_auth }}' }}"
+    -e "{'openstack_magnum_auth':{{ openstack_magnum_auth }}}"
+  register: magnum_user
+  changed_when: "{{ magnum_user.stdout.find('localhost | SUCCESS => ') != -1 and (magnum_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  until: magnum_user.stdout.split()[2] == 'SUCCESS'
+  retries: 10
+  delay: 5
+  run_once: True

ansible/roles/magnum/tasks/start.yml

+---
+- name: Starting magnum-api container
+  docker:
+    tty: True
+    net: host
+    pull: "{{ docker_pull_policy }}"
+    restart_policy: "{{ docker_restart_policy }}"
+    restart_policy_retry: "{{ docker_restart_policy_retry }}"
+    state: reloaded
+    registry: "{{ docker_registry }}"
+    username: "{{ docker_registry_username }}"
+    password: "{{ docker_registry_password }}"
+    insecure_registry: "{{ docker_insecure_registry }}"
+    name: magnum_api
+    image: "{{ magnum_api_image_full }}"
+    volumes:
+      - "{{ node_config_directory }}/magnum-api/:{{ container_config_directory }}/:ro"
+      - "/var/lib/kolla/dev/log:/dev/log"
+    env:
+      KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
+  when: inventory_hostname in groups['magnum-api']
+
+- name: Starting magnum-conductor container
+  docker:
+    tty: True
+    net: host
+    pull: "{{ docker_pull_policy }}"
+    restart_policy: "{{ docker_restart_policy }}"
+    restart_policy_retry: "{{ docker_restart_policy_retry }}"
+    state: reloaded
+    registry: "{{ docker_registry }}"
+    username: "{{ docker_registry_username }}"
+    password: "{{ docker_registry_password }}"
+    insecure_registry: "{{ docker_insecure_registry }}"
+    name: magnum_conductor
+    image: "{{ magnum_conductor_image_full }}"
+    volumes:
+      - "{{ node_config_directory }}/magnum-conductor/:{{ container_config_directory }}/:ro"
+      - "/var/lib/kolla/dev/log:/dev/log"
+    env:
+      KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
+  when: inventory_hostname in groups['magnum-conductor']

ansible/roles/magnum/templates/magnum-api.json.j2

+{
+    "command": "/usr/bin/magnum-api --config-file /etc/magnum/magnum.conf",
+    "config_files": [
+        {
+            "source": "{{ container_config_directory }}/magnum.conf",
+            "dest": "/etc/magnum/magnum.conf",
+            "owner": "magnum",
+            "perm": "0600"
+        }
+    ]
+}

ansible/roles/magnum/templates/magnum-conductor.json.j2

+{
+    "command": "/usr/bin/magnum-conductor --config-file /etc/magnum/magnum.conf",
+    "config_files": [
+        {
+            "source": "{{ container_config_directory }}/magnum.conf",
+            "dest": "/etc/magnum/magnum.conf",
+            "owner": "magnum",
+            "perm": "0600"
+        }
+    ]
+}

ansible/roles/magnum/templates/magnum.conf.j2

+[DEFAULT]
+debug = {{ openstack_logging_debug }}
+verbose = {{ openstack_logging_verbose }}
+
+use_syslog = true
+syslog_log_facility = LOG_LOCAL0
+
+{% if service_name == 'magnum-api' %}
+[api]
+port = {{ magnum_api_port }}
+host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
+{% endif %}
+
+[database]
+connection = mysql://{{ magnum_database_user }}:{{ magnum_database_password }}@{{ magnum_database_address}}/{{ magnum_database_name }}
+
+[heat_client]
+region_name = {{ openstack_region_name }}
+
+[keystone_authtoken]
+auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_uri = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_plugin = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = {{ magnum_keystone_user }}
+password = {{ magnum_keystone_password }}
+
+[trustee]
+auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_uri = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_plugin = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = {{ magnum_keystone_user }}
+password = {{ magnum_keystone_password }}
+
+[oslo_concurrency]
+lock_path = /var/lib/magnum/tmp
+
+[oslo_messaging_rabbit]
+rabbit_userid = {{ rabbitmq_user }}
+rabbit_password = {{ rabbitmq_password }}
+rabbit_ha_queues = true
+rabbit_hosts = {% for host in groups['rabbitmq'] %}{{ hostvars[host]['ansible_' + api_interface]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}

ansible/site.yml

@@ -140,3 +140,12 @@
     - { role: ironic,
         tags: ironic,
         when: enable_ironic | bool }
+
+- hosts:
+    - magnum-api
+    - magnum-conductor
+    - rabbitmq
+  roles:
+    - { role: magnum,
+        tags: magnum,
+        when: enable_magnum | bool }

docker/magnum/magnum-api/extend_start.sh

@@ -3,6 +3,6 @@
 # Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
 # of the KOLLA_BOOTSTRAP variable being set, including empty.
 if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
-    sudo -H -u magnum magnum-manage db_sync
+    sudo -H -u magnum magnum-db-manage upgrade
     exit 0
 fi