add adjutant

adjutant

@@ -0,0 +1,29 @@
+etc/kolla/passwords.yml
+etc/kolla/globals.yml
+ansible/group_vars/all.yml
+ansible/site.yml
+ansible/roles/common/tasks/config.yml
+ansible/roles/common/defaults/main.yml
+ansible/roles/common/templates/cron-logrotate-adjutant.conf.j2
+ansible/roles/common/templates/conf/filter/01-rewrite-0.14.conf.j2
+ansible/roles/common/templates/conf/filter/01-rewrite-0.12.conf.j2
+ansible/roles/adjutant/tasks/copy-certs.yml
+ansible/roles/adjutant/tasks/pull.yml
+ansible/roles/adjutant/tasks/check-containers.yml
+ansible/roles/adjutant/tasks/precheck.yml
+ansible/roles/adjutant/tasks/loadbalancer.yml
+ansible/roles/adjutant/tasks/deploy.yml
+ansible/roles/adjutant/tasks/register.yml
+ansible/roles/adjutant/tasks/bootstrap_service.yml
+ansible/roles/adjutant/tasks/config.yml
+ansible/roles/adjutant/tasks/stop.yml
+ansible/roles/adjutant/tasks/external_ceph.yml
+ansible/roles/adjutant/tasks/bootstrap.yml
+ansible/roles/adjutant/defaults/main.yml
+ansible/roles/adjutant/templates/adjutant-api.json.j2
+ansible/roles/adjutant/templates/wsgi-adjutant.conf.j2
+ansible/roles/adjutant/templates/adjutant.yaml copy.j2
+ansible/roles/adjutant/handlers/main.yml
+ansible/roles/adjutant/templates/adjutant.yaml.j2
+ansible/inventory/multinode
+ansible/inventory/all-in-one

ansible/roles/adjutant/defaults/main.yml

@@ -0,0 +1,82 @@
+---
+project_name: "adjutant"
+
+adjutant_services:
+  adjutant-api:
+    container_name: adjutant_api
+    group: adjutant-api
+    enabled: true
+    image: "{{ adjutant_api_image_full }}"
+    volumes: "{{ adjutant_api_default_volumes + adjutant_api_extra_volumes }}"
+    dimensions: "{{ adjutant_api_dimensions }}"
+    haproxy:
+      adjutant_api:
+        enabled: "{{ enable_adjutant }}"
+        mode: "http"
+        external: false
+        port: "{{ adjutant_api_listen_port }}"
+      adjutant_api_external:
+        enabled: "{{ enable_adjutant }}"
+        mode: "http"
+        external: true
+        port: "{{ adjutant_api_listen_port }}"
+
+####################
+# Database
+####################
+adjutant_database_name: "adjutant"
+adjutant_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}adjutant{% endif %}"
+adjutant_database_address: "{{ database_address | put_address_in_context('url') }}:{{ database_port }}"
+
+
+####################
+# Docker
+####################
+adjutant_install_type: "{{ kolla_install_type }}"
+adjutant_tag: "{{ openstack_tag }}"
+
+adjutant_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ adjutant_install_type }}-adjutant-api"
+adjutant_api_tag: "{{ adjutant_tag }}"
+adjutant_api_image_full: "{{ adjutant_api_image }}:{{ adjutant_api_tag }}"
+
+adjutant_api_dimensions: "{{ default_container_dimensions }}"
+
+adjutant_api_default_volumes:
+  - "{{ node_config_directory }}/adjutant-api/:{{ container_config_directory }}/:ro"
+  - "/etc/localtime:/etc/localtime:ro"
+  - "{{ '/etc/timezone:/etc/timezone:ro' if kolla_base_distro in ['debian', 'ubuntu'] else '' }}"
+  - "kolla_logs:/var/log/kolla/"
+
+adjutant_extra_volumes: "{{ default_extra_volumes }}"
+adjutant_api_extra_volumes: "{{ adjutant_extra_volumes }}"
+
+####################
+# OpenStack
+####################
+adjutant_admin_endpoint: "{{ admin_protocol }}://{{ adjutant_internal_fqdn | put_address_in_context('url') }}:{{ adjutant_api_port }}"
+adjutant_internal_endpoint: "{{ internal_protocol }}://{{ adjutant_internal_fqdn | put_address_in_context('url') }}:{{ adjutant_api_port }}"
+adjutant_public_endpoint: "{{ public_protocol }}://{{ adjutant_external_fqdn | put_address_in_context('url') }}:{{ adjutant_api_port }}"
+
+adjutant_logging_debug: "{{ openstack_logging_debug }}"
+
+adjutant_keystone_user: "adjutant"
+
+openstack_adjutant_auth: "{{ openstack_auth }}"
+
+####################
+# Keystone
+####################
+adjutant_ks_services:
+  - name: "adjutant"
+    type: "registration"
+    description: "OpenStack Registration Service"
+    endpoints:
+      - {'interface': 'admin', 'url': '{{ adjutant_admin_endpoint }}/v1'}
+      - {'interface': 'internal', 'url': '{{ adjutant_internal_endpoint }}/v1'}
+      - {'interface': 'public', 'url': '{{ adjutant_public_endpoint }}/v1'}
+
+adjutant_ks_users:
+  - project: "service"
+    user: "{{ adjutant_keystone_user }}"
+    password: "{{ adjutant_keystone_password }}"
+    role: "admin"

ansible/roles/adjutant/handlers/main.yml

@@ -0,0 +1,15 @@
+---
+- name: Restart adjutant-api container
+  vars:
+    service_name: "adjutant-api"
+    service: "{{ adjutant_services[service_name] }}"
+  become: true
+  kolla_docker:
+    action: "recreate_or_restart_container"
+    common_options: "{{ docker_common_options }}"
+    name: "{{ service.container_name }}"
+    image: "{{ service.image }}"
+    volumes: "{{ service.volumes }}"
+    dimensions: "{{ service.dimensions }}"
+  when:
+    - kolla_action != "config"

ansible/roles/adjutant/meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - { role: common }

ansible/roles/adjutant/tasks/bootstrap.yml

@@ -0,0 +1,36 @@
+---
+- name: Creating adjutant database
+  become: true
+  kolla_toolbox:
+    module_name: mysql_db
+    module_args:
+      login_host: "{{ database_address }}"
+      login_port: "{{ database_port }}"
+      login_user: "{{ database_user }}"
+      login_password: "{{ database_password }}"
+      name: "{{ adjutant_database_name }}"
+  run_once: True
+  delegate_to: "{{ groups['adjutant-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
+
+- name: Creating adjutant database user and setting permissions
+  become: true
+  kolla_toolbox:
+    module_name: mysql_user
+    module_args:
+      login_host: "{{ database_address }}"
+      login_port: "{{ database_port }}"
+      login_user: "{{ database_user }}"
+      login_password: "{{ database_password }}"
+      name: "{{ adjutant_database_user }}"
+      password: "{{ adjutant_database_password }}"
+      host: "%"
+      priv: "{{ adjutant_database_name }}.*:ALL"
+      append_privs: "yes"
+  run_once: True
+  delegate_to: "{{ groups['adjutant-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
+
+- include_tasks: bootstrap_service.yml

ansible/roles/adjutant/tasks/bootstrap_service.yml

@@ -0,0 +1,20 @@
+---
+- name: Running adjutant bootstrap container
+  vars:
+    adjutant_api: "{{ adjutant_services['adjutant-api'] }}"
+  become: true
+  kolla_docker:
+    action: "start_container"
+    common_options: "{{ docker_common_options }}"
+    detach: False
+    environment:
+      KOLLA_BOOTSTRAP:
+      KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
+    image: "{{ adjutant_api.image }}"
+    labels:
+      BOOTSTRAP:
+    name: "bootstrap_adjutant"
+    restart_policy: no
+    volumes: "{{ adjutant_api.volumes }}"
+  run_once: True
+  delegate_to: "{{ groups[adjutant_api.group][0] }}"

ansible/roles/adjutant/tasks/check-containers.yml

@@ -0,0 +1,16 @@
+---
+- name: Check adjutant containers
+  become: true
+  kolla_docker:
+    action: "compare_container"
+    common_options: "{{ docker_common_options }}"
+    name: "{{ item.value.container_name }}"
+    image: "{{ item.value.image }}"
+    volumes: "{{ item.value.volumes }}"
+    dimensions: "{{ item.value.dimensions }}"
+  when:
+    - inventory_hostname in groups[item.value.group]
+    - item.value.enabled | bool
+  with_dict: "{{ adjutant_services }}"
+  notify:
+    - "Restart {{ item.key }} container"

ansible/roles/adjutant/tasks/check.yml

@@ -0,0 +1 @@
+---

ansible/roles/adjutant/tasks/config.yml

@@ -0,0 +1,107 @@
+---
+- name: Ensuring config directories exist
+  file:
+    path: "{{ node_config_directory }}/{{ item.key }}"
+    state: "directory"
+    owner: "{{ config_owner_user }}"
+    group: "{{ config_owner_group }}"
+    mode: "0770"
+  become: true
+  when:
+    - inventory_hostname in groups[item.value.group]
+    - item.value.enabled | bool
+  with_dict: "{{ adjutant_services }}"
+
+- name: Check if policies shall be overwritten
+  stat:
+    path: "{{ item }}"
+  delegate_to: localhost
+  run_once: True
+  register: adjutant_policy
+  with_first_found:
+    - files: "{{ supported_policy_format_list }}"
+      paths:
+        - "{{ node_custom_config }}/adjutant/"
+      skip: true
+
+- name: Set adjutant policy file
+  set_fact:
+    adjutant_policy_file: "{{ adjutant_policy.results.0.stat.path | basename }}"
+    adjutant_policy_file_path: "{{ adjutant_policy.results.0.stat.path }}"
+  when:
+    - adjutant_policy.results
+
+- include_tasks: copy-certs.yml
+  when:
+    - kolla_copy_ca_into_containers | bool
+
+- name: Copying over config.json files for services
+  template:
+    src: "{{ item.key }}.json.j2"
+    dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
+    mode: "0660"
+  become: true
+  when:
+    - item.value.enabled | bool
+    - inventory_hostname in groups[item.value.group]
+  with_dict: "{{ adjutant_services }}"
+  notify:
+    - Restart {{ item.key }} container
+
+- name: Copying over adjutant.yaml
+  vars:
+    service: "{{ adjutant_services['adjutant-api'] }}"
+  # NOTE(dszumski): We can't use merge_yaml since it replaces empty values
+  # with `null`. This breaks the thresholder config file parsing (which should
+  # probably be more robust).
+  template:
+    src: "{{ item }}"
+    dest: "{{ node_config_directory }}/adjutant-api/adjutant.yaml"
+    owner: "{{ config_owner_user }}"
+    group: "{{ config_owner_group }}"
+    mode: "0644"
+  become: true
+  with_first_found:
+    - "{{ node_custom_config }}/adjutant.yaml"
+    - "{{ node_custom_config }}/adjutant/{{ item.key }}.conf"
+    - "{{ node_custom_config }}/adjutant/{{ inventory_hostname }}/adjutant.yaml"
+    - "{{ role_path }}/templates/adjutant.yml.j2"
+  when:
+    - inventory_hostname in groups['adjutant-api']
+    - service.enabled | bool
+  notify:
+    - Restart adjutant-api container
+
+
+- name: Copying over wsgi-adjutant.conf
+  vars:
+    service: "{{ adjutant_services['adjutant-api'] }}"
+  template:
+    src: "wsgi-adjutant.conf.j2"
+    dest: "{{ node_config_directory }}/{{ item }}/wsgi-adjutant.conf"
+    mode: "0660"
+  become: true
+  when:
+    - inventory_hostname in groups['adjutant-api']
+    - service.enabled | bool
+  with_items:
+    - "adjutant-api"
+  notify:
+    - Restart adjutant-api container
+
+- name: Copying over existing policy file
+  template:
+    src: "{{ adjutant_policy_file_path }}"
+    dest: "{{ node_config_directory }}/{{ item.key }}/{{ adjutant_policy_file }}"
+    mode: "0660"
+  become: true
+  when:
+    - adjutant_policy_file is defined
+    - inventory_hostname in groups[item.value.group]
+    - item.value.enabled | bool
+  with_dict: "{{ adjutant_services }}"
+  notify:
+    - Restart {{ item.key }} container
+
+- include_tasks: check-containers.yml
+  when: kolla_action != "config"

ansible/roles/adjutant/tasks/copy-certs.yml

@@ -0,0 +1,6 @@
+---
+- name: "Copy certificates and keys for {{ project_name }}"
+  import_role:
+    role: service-cert-copy
+  vars:
+    project_services: "{{ adjutant_services }}"

ansible/roles/adjutant/tasks/deploy-containers.yml

@@ -0,0 +1,2 @@
+---
+- import_tasks: check-containers.yml

ansible/roles/adjutant/tasks/deploy.yml

@@ -0,0 +1,12 @@
+---
+- include_tasks: register.yml
+  when: inventory_hostname in groups['adjutant-api']
+
+- include_tasks: config.yml
+  when: inventory_hostname in groups['adjutant-api']
+
+- include_tasks: bootstrap.yml
+  when: inventory_hostname in groups['adjutant-api']
+
+- name: Flush handlers
+  meta: flush_handlers

ansible/roles/adjutant/tasks/external_ceph.yml

@@ -0,0 +1,35 @@
+---
+- name: Copy over ceph.conf file
+  template:
+    src: "{{ node_custom_config }}/adjutant/ceph.conf"
+    dest: "{{ node_config_directory }}/{{ item }}/ceph.conf"
+    mode: "0660"
+  become: true
+  when: inventory_hostname in groups[item]
+  with_items:
+    - "adjutant-api"
+  notify:
+    - Restart {{ item }} container
+
+- name: Copy over ceph adjutant keyring
+  copy:
+    src: "{{ node_custom_config }}/adjutant/{{ ceph_adjutant_keyring }}"
+    dest: "{{ node_config_directory }}/{{ item }}/{{ ceph_adjutant_keyring }}"
+    mode: "0660"
+  become: true
+  when: inventory_hostname in groups[item]
+  with_items:
+    - "adjutant-api"
+  notify:
+    - Restart {{ item }} container
+
+- name: Ensuring config directory has correct owner and permission
+  become: true
+  file:
+    path: "{{ node_config_directory }}/{{ item }}"
+    recurse: yes
+    owner: "{{ config_owner_user }}"
+    group: "{{ config_owner_group }}"
+  when: inventory_hostname in groups[item]
+  with_items:
+    - "adjutant-api"

ansible/roles/adjutant/tasks/loadbalancer.yml

@@ -0,0 +1,7 @@
+---
+- name: "Configure haproxy for {{ project_name }}"
+  import_role:
+    name: haproxy-config
+  vars:
+    project_services: "{{ adjutant_services }}"
+  tags: always

ansible/roles/adjutant/tasks/main.yml

@@ -0,0 +1,2 @@
+---
+- include_tasks: "{{ kolla_action }}.yml"