├── .gitignore ├── .gitreview ├── CONTRIBUTING.rst ├── LICENSE ├── README.rst ├── Vagrantfile ├── bindep.txt ├── defaults └── main.yml ├── doc ├── Makefile ├── requirements.txt └── source │ ├── _static │ └── .gitkeep │ ├── conf.py │ └── index.rst ├── examples └── playbook.yml ├── files └── .keep ├── handlers └── main.yml ├── manual-test.rc ├── meta ├── main.yml └── openstack-ansible.yml ├── releasenotes ├── notes │ ├── .placeholder │ ├── magnum-client-urls-64af5efc9ece6680.yaml │ ├── magnum-init-config-overrides-aec21cbbd9da8e4e.yaml │ ├── magnum-service-setup-host-ea285f161e625980.yaml │ ├── magnum_conductor_workers-3f7eafeb4429dd0b.yaml │ ├── magnum_images_format-5e621dbe6c20cc9f.yaml │ ├── magnum_init_time_settings-6ecc4ff27d7dca1.yaml │ ├── magnum_resources-84e50dbaebac7d1c.yaml │ ├── os_magnum-install-venv-30263e29e51a2610.yaml │ ├── os_magnum-xenial-systemd-support-2e1ee4253dff2b5c.yaml │ ├── oslo-messaging-separate-backends-a3af6957a984ac51.yaml │ ├── package-state-7d62ea1e50ad391b.yaml │ ├── remove-requirements-git-451af20d60205c17.yaml │ └── remove_rpc_backend-9813a3455f234521.yaml └── source │ ├── _static │ └── .placeholder │ ├── _templates │ └── .placeholder │ ├── conf.py │ ├── index.rst │ ├── newton.rst │ ├── ocata.rst │ ├── pike.rst │ ├── queens.rst │ ├── rocky.rst │ ├── stein.rst │ ├── train.rst │ ├── unreleased.rst │ ├── ussuri.rst │ └── zed.rst ├── run_tests.sh ├── tasks ├── magnum_db_sync.yml ├── magnum_post_install.yml ├── magnum_pre_install.yml ├── magnum_resources.yml ├── magnum_service_setup.yml └── main.yml ├── templates ├── api-paste.ini.j2 ├── keystone_auth_default_policy.json.j2 └── magnum.conf.j2 ├── tests ├── ansible-role-requirements.yml ├── group_vars │ └── all_containers.yml ├── host_vars │ ├── compute1 │ ├── infra1.yml │ ├── localhost.yml │ ├── openstack1.yml │ └── storage1 ├── inventory ├── os_magnum-overrides.yml ├── test-install-haproxy.yml ├── test-install-magnum.yml └── test.yml ├── tox.ini ├── vars ├── debian.yml ├── main.yml └── redhat.yml └── zuul.d ├── jobs.yaml ├── nodesets.yaml ├── playbooks ├── bootstrap-mcapi-k8s.yml └── bootstrap-mcapi-vexxhost.yml └── project.yaml /.gitignore: -------------------------------------------------------------------------------- 1 | # Add patterns in here to exclude files created by tools integrated with this 2 | # repository, such as test frameworks from the project's recommended workflow, 3 | # rendered documentation and package builds. 4 | # 5 | # Don't add patterns to exclude files created by preferred personal tools 6 | # (editors, IDEs, your operating system itself even). These should instead be 7 | # maintained outside the repository, for example in a ~/.gitignore file added 8 | # with: 9 | # 10 | # git config --global core.excludesfile '~/.gitignore' 11 | 12 | # Compiled source # 13 | ################### 14 | *.com 15 | *.class 16 | *.dll 17 | *.exe 18 | *.o 19 | *.so 20 | *.pyc 21 | build/ 22 | dist/ 23 | doc/build/ 24 | 25 | # Packages # 26 | ############ 27 | # it's better to unpack these files and commit the raw source 28 | # git has its own built in compression methods 29 | *.7z 30 | *.dmg 31 | *.gz 32 | *.iso 33 | *.jar 34 | *.rar 35 | *.tar 36 | *.zip 37 | 38 | # Logs and databases # 39 | ###################### 40 | *.log 41 | *.sql 42 | *.sqlite 43 | logs/* 44 | 45 | # OS generated files # 46 | ###################### 47 | ._* 48 | .ansible 49 | .tox 50 | *.egg-info 51 | .eggs 52 | 53 | # Generated by pbr while building docs 54 | ###################################### 55 | AUTHORS 56 | ChangeLog 57 | 58 | # Files created by releasenotes build 59 | releasenotes/build 60 | 61 | # Test temp files 62 | tests/common 63 | tests/*.retry 64 | 65 | # Vagrant artifacts 66 | .vagrant 67 | 68 | # Git clones 69 | openstack-ansible-ops 70 | previous 71 | -------------------------------------------------------------------------------- /.gitreview: -------------------------------------------------------------------------------- 1 | [gerrit] 2 | host=review.opendev.org 3 | port=29418 4 | project=openstack/openstack-ansible-os_magnum.git 5 | -------------------------------------------------------------------------------- /CONTRIBUTING.rst: -------------------------------------------------------------------------------- 1 | The source repository for this project can be found at: 2 | 3 | https://opendev.org/openstack/openstack-ansible-os_magnum 4 | 5 | Pull requests submitted through GitHub are not monitored. 6 | 7 | To start contributing to OpenStack, follow the steps in the contribution guide 8 | to set up and use Gerrit: 9 | 10 | https://docs.openstack.org/contributors/code-and-documentation/quick-start.html 11 | 12 | Bugs should be filed on Launchpad: 13 | 14 | https://bugs.launchpad.net/openstack-ansible 15 | 16 | For more specific information about contributing to this repository, see the 17 | openstack-ansible contributor guide: 18 | 19 | https://docs.openstack.org/openstack-ansible/latest/contributor/contributing.html 20 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.rst: -------------------------------------------------------------------------------- 1 | ======================== 2 | OpenStack-Ansible Magnum 3 | ======================== 4 | 5 | Ansible role that installs and configures OpenStack Magnum. 6 | 7 | Documentation for this project can be found at: 8 | https://docs.openstack.org/openstack-ansible-os_magnum/latest/ 9 | 10 | Release notes for the project can be found at: 11 | https://docs.openstack.org/releasenotes/openstack-ansible-os_magnum/ 12 | 13 | The project source code repository is located at: 14 | https://opendev.org/openstack/openstack-ansible-os_magnum 15 | 16 | The project home is at: 17 | https://launchpad.net/openstack-ansible 18 | 19 | The project bug tracker is located at: 20 | https://bugs.launchpad.net/openstack-ansible 21 | -------------------------------------------------------------------------------- /Vagrantfile: -------------------------------------------------------------------------------- 1 | # Note: 2 | # This file is maintained in the openstack-ansible-tests repository. 3 | # https://opendev.org/openstack/openstack-ansible-tests/src/Vagrantfile 4 | # 5 | # If you need to perform any change on it, you should modify the central file, 6 | # then, an OpenStack CI job will propagate your changes to every OSA repository 7 | # since every repo uses the same Vagrantfile 8 | 9 | # Verify whether required plugins are installed. 10 | required_plugins = [ "vagrant-disksize" ] 11 | required_plugins.each do |plugin| 12 | if not Vagrant.has_plugin?(plugin) 13 | raise "The vagrant plugin #{plugin} is required. Please run `vagrant plugin install #{plugin}`" 14 | end 15 | end 16 | 17 | Vagrant.configure(2) do |config| 18 | config.vm.provider "virtualbox" do |v| 19 | v.memory = 6144 20 | v.cpus = 2 21 | # https://github.com/hashicorp/vagrant/issues/9524 22 | v.customize ["modifyvm", :id, "--audio", "none"] 23 | end 24 | 25 | config.vm.synced_folder ".", "/vagrant", type: "rsync" 26 | 27 | config.vm.provision "shell", 28 | privileged: false, 29 | inline: <<-SHELL 30 | cd /vagrant 31 | ./run_tests.sh 32 | SHELL 33 | 34 | config.vm.define "centos8" do |centos8| 35 | centos8.vm.box = "centos/8" 36 | end 37 | 38 | config.vm.define "debian10" do |debian10| 39 | debian10.vm.box = "debian/buster64" 40 | end 41 | 42 | config.vm.define "ubuntu2004" do |focal| 43 | focal.disksize.size = "40GB" 44 | focal.vm.box = "ubuntu/focal64" 45 | end 46 | end 47 | -------------------------------------------------------------------------------- /bindep.txt: -------------------------------------------------------------------------------- 1 | # This file facilitates OpenStack-CI package installation 2 | # before the execution of any tests. 3 | # 4 | # See the following for details: 5 | # - https://docs.openstack.org/infra/bindep/ 6 | # - https://opendev.org/openstack-infra/bindep 7 | # 8 | # Even if the role does not make use of this facility, it 9 | # is better to have this file empty, otherwise OpenStack-CI 10 | # will fall back to installing its default packages which 11 | # will potentially be detrimental to the tests executed. 12 | # 13 | # Note: 14 | # This file is maintained in the openstack-ansible-tests repository. 15 | # https://opendev.org/openstack/openstack-ansible-tests/src/bindep.txt 16 | # If you need to remove or add extra dependencies, you should modify 17 | # the central file instead and once your change is accepted then update 18 | # this file as well. The purpose of this file is to ensure that Python and 19 | # Ansible have all their necessary binary requirements on the test host before 20 | # tox executes. Any binary requirements needed by services/roles should be 21 | # installed by those roles in their applicable package install tasks, not through 22 | # using this file. 23 | # 24 | 25 | # The gcc compiler 26 | gcc 27 | 28 | # Base requirements for Ubuntu 29 | git-core [platform:dpkg] 30 | libssl-dev [platform:dpkg] 31 | libffi-dev [platform:dpkg] 32 | python3 [platform:dpkg] 33 | python3-apt [platform:dpkg] 34 | python3-dev [platform:dpkg] 35 | 36 | # Base requirements for RPM distros 37 | gcc-c++ [platform:rpm] 38 | git [platform:rpm] 39 | libffi-devel [platform:rpm] 40 | openssl-devel [platform:rpm] 41 | python3-dnf [platform:fedora] 42 | python3-devel [platform:rpm] 43 | 44 | # For SELinux 45 | libselinux-python3 [platform:redhat] 46 | libsemanage-python3 [platform:redhat] 47 | iptables [platform:redhat] 48 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Ian Cordasco 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | ## Verbosity Options 17 | debug: false 18 | 19 | # python venv executable 20 | magnum_venv_python_executable: "{{ openstack_venv_python_executable | default('python3') }}" 21 | 22 | # Enable/Disable Ceilometer 23 | magnum_ceilometer_enabled: "{{ (groups['ceilometer_all'] is defined) and (groups['ceilometer_all'] | length > 0) }}" 24 | 25 | # Set the host which will execute the shade modules 26 | # for the service setup. The host must already have 27 | # clouds.yaml properly configured. 28 | magnum_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}" 29 | magnum_service_setup_host_python_interpreter: >- 30 | {{ 31 | openstack_service_setup_host_python_interpreter | default( 32 | (magnum_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable'])) 33 | }} 34 | 35 | # Set the package install state for distribution packages 36 | # Options are 'present' and 'latest' 37 | magnum_package_state: "{{ package_state | default('latest') }}" 38 | 39 | magnum_system_group_name: magnum 40 | magnum_system_user_name: magnum 41 | magnum_system_user_comment: Magnum System User 42 | magnum_system_user_shell: /bin/false 43 | magnum_system_user_home: "/var/lib/{{ magnum_system_user_name }}" 44 | magnum_etc_directory: /etc/magnum 45 | 46 | magnum_service_name: magnum 47 | magnum_service_user_name: magnum 48 | magnum_service_type: container-infra 49 | magnum_service_description: "OpenStack Containers (Magnum)" 50 | magnum_service_project_name: service 51 | magnum_service_role_names: 52 | - admin 53 | - service 54 | magnum_service_token_roles: 55 | - service 56 | magnum_service_token_roles_required: "{{ openstack_service_token_roles_required | default(True) }}" 57 | magnum_service_region: "{{ service_region | default('RegionOne') }}" 58 | magnum_barbican_service_region: "{{ magnum_service_region }}" 59 | magnum_cinder_service_region: "{{ magnum_service_region }}" 60 | magnum_glance_service_region: "{{ magnum_service_region }}" 61 | magnum_heat_service_region: "{{ magnum_service_region }}" 62 | magnum_neutron_service_region: "{{ magnum_service_region }}" 63 | magnum_nova_service_region: "{{ magnum_service_region }}" 64 | magnum_keystone_service_region: "{{ magnum_service_region }}" 65 | magnum_octavia_service_region: "{{ magnum_service_region }}" 66 | magnum_bind_port: 9511 67 | magnum_service_proto: http 68 | magnum_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(magnum_service_proto) }}" 69 | magnum_service_publicurl: "{{ magnum_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ magnum_bind_port }}" 70 | magnum_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(magnum_service_proto) }}" 71 | magnum_service_internalurl: "{{ magnum_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ magnum_bind_port }}" 72 | magnum_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(magnum_service_proto) }}" 73 | magnum_service_adminurl: "{{ magnum_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ magnum_bind_port }}" 74 | magnum_service_in_ldap: "{{ service_ldap_backend_enabled | default(False) }}" 75 | 76 | magnum_config_overrides: {} 77 | magnum_policy_overrides: {} 78 | magnum_api_paste_ini_overrides: {} 79 | magnum_keystone_auth_default_policy: [] 80 | 81 | magnum_pip_install_args: "{{ pip_install_options | default('') }}" 82 | 83 | # Name of the virtual env to deploy into 84 | magnum_venv_tag: "{{ venv_tag | default('untagged') }}" 85 | magnum_venv_path: "/openstack/venvs/magnum-{{ magnum_venv_tag }}" 86 | magnum_bin: "{{ magnum_venv_path }}/bin" 87 | 88 | magnum_git_repo: "https://opendev.org/openstack/magnum" 89 | magnum_git_install_branch: master 90 | magnum_upper_constraints_url: >- 91 | {{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }} 92 | magnum_git_constraints: 93 | - "--constraint {{ magnum_upper_constraints_url }}" 94 | 95 | # Database vars 96 | magnum_db_setup_host: "{{ openstack_db_setup_host | default('localhost') }}" 97 | magnum_db_setup_python_interpreter: >- 98 | {{ 99 | openstack_db_setup_python_interpreter | default( 100 | (magnum_db_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable'])) 101 | }} 102 | magnum_galera_address: "{{ galera_address | default('127.0.0.1') }}" 103 | magnum_galera_database_name: magnum_service 104 | magnum_galera_user: magnum 105 | magnum_galera_use_ssl: "{{ galera_use_ssl | default(False) }}" 106 | magnum_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('') }}" 107 | magnum_galera_port: "{{ galera_port | default('3306') }}" 108 | magnum_db_max_overflow: "{{ openstack_db_max_overflow | default('50') }}" 109 | magnum_db_max_pool_size: "{{ openstack_db_max_pool_size | default('5') }}" 110 | magnum_db_pool_timeout: "{{ openstack_db_pool_timeout | default('30') }}" 111 | magnum_db_connection_recycle_time: "{{ openstack_db_connection_recycle_time | default('600') }}" 112 | 113 | # Oslo Messaging vars 114 | # RPC 115 | magnum_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group | default('rabbitmq_all') }}" 116 | magnum_oslomsg_rpc_setup_host: "{{ (magnum_oslomsg_rpc_host_group in groups) | ternary(groups[magnum_oslomsg_rpc_host_group][0], 'localhost') }}" 117 | magnum_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport | default('rabbit') }}" 118 | magnum_oslomsg_rpc_servers: "{{ oslomsg_rpc_servers | default('127.0.0.1') }}" 119 | magnum_oslomsg_rpc_port: "{{ oslomsg_rpc_port | default('5672') }}" 120 | magnum_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl | default(False) }}" 121 | magnum_oslomsg_rpc_userid: magnum 122 | magnum_oslomsg_rpc_policies: [] 123 | # vhost name depends on value of oslomsg_rabbit_quorum_queues. In case quorum queues 124 | # are not used - vhost name will be prefixed with leading `/`. 125 | magnum_oslomsg_rpc_vhost: 126 | - name: /magnum 127 | state: "{{ magnum_oslomsg_rabbit_quorum_queues | ternary('absent', 'present') }}" 128 | - name: magnum 129 | state: "{{ magnum_oslomsg_rabbit_quorum_queues | ternary('present', 'absent') }}" 130 | magnum_oslomsg_rpc_ssl_version: "{{ oslomsg_rpc_ssl_version | default('TLSv1_2') }}" 131 | magnum_oslomsg_rpc_ssl_ca_file: "{{ oslomsg_rpc_ssl_ca_file | default('') }}" 132 | 133 | # Notify 134 | magnum_oslomsg_notify_configure: "{{ oslomsg_notify_configure | default(magnum_ceilometer_enabled) }}" 135 | magnum_oslomsg_notify_host_group: "{{ oslomsg_notify_host_group | default('rabbitmq_all') }}" 136 | magnum_oslomsg_notify_setup_host: "{{ (magnum_oslomsg_notify_host_group in groups) | ternary(groups[magnum_oslomsg_notify_host_group][0], 'localhost') }}" 137 | magnum_oslomsg_notify_transport: "{{ oslomsg_notify_transport | default('rabbit') }}" 138 | magnum_oslomsg_notify_servers: "{{ oslomsg_notify_servers | default('127.0.0.1') }}" 139 | magnum_oslomsg_notify_port: "{{ oslomsg_notify_port | default('5672') }}" 140 | magnum_oslomsg_notify_use_ssl: "{{ oslomsg_notify_use_ssl | default(False) }}" 141 | magnum_oslomsg_notify_userid: "{{ magnum_oslomsg_rpc_userid }}" 142 | magnum_oslomsg_notify_password: "{{ magnum_oslomsg_rpc_password }}" 143 | magnum_oslomsg_notify_vhost: "{{ magnum_oslomsg_rpc_vhost }}" 144 | magnum_oslomsg_notify_ssl_version: "{{ oslomsg_notify_ssl_version | default('TLSv1_2') }}" 145 | magnum_oslomsg_notify_ssl_ca_file: "{{ oslomsg_notify_ssl_ca_file | default('') }}" 146 | magnum_oslomsg_notify_policies: [] 147 | 148 | ## RabbitMQ integration 149 | magnum_oslomsg_rabbit_quorum_queues: "{{ oslomsg_rabbit_quorum_queues | default(True) }}" 150 | magnum_oslomsg_rabbit_stream_fanout: "{{ oslomsg_rabbit_stream_fanout | default(magnum_oslomsg_rabbit_quorum_queues) }}" 151 | magnum_oslomsg_rabbit_transient_quorum_queues: "{{ oslomsg_rabbit_transient_quorum_queues | default(magnum_oslomsg_rabbit_stream_fanout) }}" 152 | magnum_oslomsg_rabbit_qos_prefetch_count: "{{ oslomsg_rabbit_qos_prefetch_count | default(magnum_oslomsg_rabbit_stream_fanout | ternary(10, 0)) }}" 153 | magnum_oslomsg_rabbit_queue_manager: "{{ oslomsg_rabbit_queue_manager | default(magnum_oslomsg_rabbit_quorum_queues) }}" 154 | magnum_oslomsg_rabbit_quorum_delivery_limit: "{{ oslomsg_rabbit_quorum_delivery_limit | default(0) }}" 155 | magnum_oslomsg_rabbit_quorum_max_memory_bytes: "{{ oslomsg_rabbit_quorum_max_memory_bytes | default(0) }}" 156 | 157 | # Keystone AuthToken/Middleware 158 | magnum_keystone_auth_plugin: password 159 | magnum_service_project_domain_name: Default 160 | magnum_service_user_domain_name: Default 161 | 162 | # Trustee User 163 | magnum_trustee_domain_admin_name: trustee_domain_admin 164 | magnum_trustee_domain_name: magnum 165 | magnum_trustee_domain_admin_roles: 166 | - admin 167 | magnum_cluster_user_trust: true 168 | 169 | # Glance images 170 | ## Example Glance Image - Fedora CoreOS 171 | # - name: fedora-coreos-latest 172 | # disk_format: qcow2 173 | # image_format: bare 174 | # visibility: public 175 | # url: https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/38.20230806.3.0/x86_64/fedora-coreos-38.20230806.3.0-openstack.x86_64.qcow2.xz 176 | # properties: 177 | # os_distro: "fedora-coreos" 178 | # checksum: "da359b10f9aa165c4f81e6cd9ca5f81b" 179 | magnum_glance_images: [] 180 | 181 | # Define cluster templates to create. It should be list of 182 | # dictionaries with keys that are supported by os_coe_cluster_template 183 | # module (https://docs.ansible.com/ansible/latest/modules/os_coe_cluster_template_module.html) 184 | # magnum_cluster_templates: 185 | # - name: k8s 186 | # cloud: default 187 | # coe: kubernetes 188 | # docker_volume_size: 50 189 | # external_network_id: public 190 | # network_driver: flannel 191 | magnum_cluster_templates: [] 192 | 193 | # Create extra flavors to be used by magnum cluster template. It should be list 194 | # of dictionaries with keys that are supported by os_nova_flavor module 195 | # (https://docs.ansible.com/ansible/latest/modules/os_nova_flavor_module.html) 196 | # magnum_flavors: 197 | # - name: k8s-pod 198 | # cloud: default 199 | # ram: 256 200 | # vcpus: 1 201 | # disk: 5 202 | magnum_flavors: [] 203 | 204 | # Set the directory where the downloaded images will be stored 205 | # on the magnum_service_setup_host host. If the host is localhost, 206 | # then the user running the playbook must have access to it. 207 | magnum_image_path: "{{ lookup('env', 'HOME') }}/openstack-ansible/magnum" 208 | magnum_image_path_owner: "{{ lookup('env', 'USER') }}" 209 | 210 | magnum_pip_packages: 211 | - "git+{{ magnum_git_repo }}@{{ magnum_git_install_branch }}#egg=magnum" 212 | - osprofiler 213 | - PyMySQL 214 | - pymemcache 215 | - python-memcached 216 | - systemd-python 217 | 218 | # Memcached override 219 | magnum_memcached_servers: "{{ memcached_servers }}" 220 | 221 | # Specific pip packages provided by the user 222 | magnum_user_pip_packages: [] 223 | 224 | # Store certificates in DB by default (x509keypair) 225 | # Other valid values are: barbican, local 226 | magnum_cert_manager_type: x509keypair 227 | 228 | magnum_api_init_config_overrides: {} 229 | magnum_conductor_init_config_overrides: {} 230 | 231 | magnum_services: 232 | magnum-conductor: 233 | group: magnum_all 234 | service_name: magnum-conductor 235 | execstarts: "{{ magnum_bin }}/magnum-conductor" 236 | init_config_overrides: "{{ magnum_conductor_init_config_overrides }}" 237 | start_order: 1 238 | magnum-api: 239 | group: magnum_all 240 | service_name: magnum-api 241 | init_config_overrides: "{{ magnum_api_init_config_overrides }}" 242 | start_order: 2 243 | wsgi_app: true 244 | wsgi_path: "{{ magnum_bin }}/magnum-api-wsgi" 245 | uwsgi_overrides: "{{ magnum_api_uwsgi_ini_overrides }}" 246 | uwsgi_port: "{{ magnum_bind_port }}" 247 | uwsgi_bind_address: "{{ magnum_api_uwsgi_bind_address }}" 248 | uwsgi_tls: "{{ magnum_backend_ssl | ternary(magnum_uwsgi_tls, {}) }}" 249 | 250 | # uWSGI Settings 251 | magnum_api_uwsgi_ini_overrides: {} 252 | magnum_wsgi_processes_max: 16 253 | magnum_wsgi_processes: >- 254 | {{ [[(ansible_facts['processor_vcpus'] // ansible_facts['processor_threads_per_core']) | default(1), 1] | max * 2, magnum_wsgi_processes_max] | min }} 255 | magnum_wsgi_threads: 1 256 | magnum_api_uwsgi_bind_address: "{{ openstack_service_bind_address | default('0.0.0.0') }}" 257 | magnum_uwsgi_tls: 258 | crt: "{{ magnum_ssl_cert }}" 259 | key: "{{ magnum_ssl_key }}" 260 | 261 | # conductor settings 262 | magnum_conductor_workers_max: 16 263 | magnum_conductor_workers: >- 264 | {{ [[(ansible_facts['processor_vcpus'] // ansible_facts['processor_threads_per_core']) | default(1), 1] | max * 2, magnum_conductor_workers_max] | min }} 265 | 266 | ### 267 | ### Backend TLS 268 | ### 269 | 270 | # Define if communication between haproxy and service backends should be 271 | # encrypted with TLS(works only with uWSGI). 272 | magnum_backend_ssl: "{{ openstack_service_backend_ssl | default(False) }}" 273 | 274 | # Storage location for SSL certificate authority 275 | magnum_pki_dir: "{{ openstack_pki_dir | default('/etc/openstack_deploy/pki') }}" 276 | 277 | # Delegated host for operating the certificate authority 278 | magnum_pki_setup_host: "{{ openstack_pki_setup_host | default('localhost') }}" 279 | 280 | # magnum server certificate 281 | magnum_pki_keys_path: "{{ magnum_pki_dir ~ '/certs/private/' }}" 282 | magnum_pki_certs_path: "{{ magnum_pki_dir ~ '/certs/certs/' }}" 283 | magnum_pki_intermediate_cert_name: "{{ openstack_pki_service_intermediate_cert_name | default('ExampleCorpIntermediate') }}" 284 | magnum_pki_regen_cert: "" 285 | magnum_pki_san: "{{ openstack_pki_san | default('DNS:' ~ ansible_facts['hostname'] ~ ',IP:' ~ management_address) }}" 286 | magnum_pki_certificates: 287 | - name: "magnum_{{ ansible_facts['hostname'] }}" 288 | provider: ownca 289 | cn: "{{ ansible_facts['hostname'] }}" 290 | san: "{{ magnum_pki_san }}" 291 | signed_by: "{{ magnum_pki_intermediate_cert_name }}" 292 | 293 | # magnum destination files for SSL certificates 294 | magnum_ssl_cert: /etc/magnum/magnum.pem 295 | magnum_ssl_key: /etc/magnum/magnum.key 296 | 297 | # Installation details for SSL certificates 298 | magnum_pki_install_certificates: 299 | - src: "{{ magnum_user_ssl_cert | default(magnum_pki_certs_path ~ 'magnum_' ~ ansible_facts['hostname'] ~ '-chain.crt') }}" 300 | dest: "{{ magnum_ssl_cert }}" 301 | owner: "{{ magnum_system_user_name }}" 302 | group: "{{ magnum_system_user_name }}" 303 | mode: "0644" 304 | - src: "{{ magnum_user_ssl_key | default(magnum_pki_keys_path ~ 'magnum_' ~ ansible_facts['hostname'] ~ '.key.pem') }}" 305 | dest: "{{ magnum_ssl_key }}" 306 | owner: "{{ magnum_system_user_name }}" 307 | group: "{{ magnum_system_user_name }}" 308 | mode: "0600" 309 | 310 | # Define user-provided SSL certificates 311 | # magnum_user_ssl_cert: 312 | # magnum_user_ssl_key: 313 | -------------------------------------------------------------------------------- /doc/Makefile: -------------------------------------------------------------------------------- 1 | # Makefile for Sphinx documentation 2 | # 3 | 4 | # You can set these variables from the command line. 5 | SPHINXOPTS = 6 | SPHINXBUILD = sphinx-build 7 | PAPER = 8 | BUILDDIR = build 9 | 10 | # User-friendly check for sphinx-build 11 | ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1) 12 | $(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don't have Sphinx installed, grab it from http://sphinx-doc.org/) 13 | endif 14 | 15 | # Internal variables. 16 | PAPEROPT_a4 = -D latex_paper_size=a4 17 | PAPEROPT_letter = -D latex_paper_size=letter 18 | ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source 19 | # the i18n builder cannot share the environment and doctrees with the others 20 | I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source 21 | 22 | .PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest coverage gettext 23 | 24 | help: 25 | @echo "Please use \`make ' where is one of" 26 | @echo " html to make standalone HTML files" 27 | @echo " dirhtml to make HTML files named index.html in directories" 28 | @echo " singlehtml to make a single large HTML file" 29 | @echo " pickle to make pickle files" 30 | @echo " json to make JSON files" 31 | @echo " htmlhelp to make HTML files and a HTML help project" 32 | @echo " qthelp to make HTML files and a qthelp project" 33 | @echo " applehelp to make an Apple Help Book" 34 | @echo " devhelp to make HTML files and a Devhelp project" 35 | @echo " epub to make an epub" 36 | @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" 37 | @echo " latexpdf to make LaTeX files and run them through pdflatex" 38 | @echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx" 39 | @echo " text to make text files" 40 | @echo " man to make manual pages" 41 | @echo " texinfo to make Texinfo files" 42 | @echo " info to make Texinfo files and run them through makeinfo" 43 | @echo " gettext to make PO message catalogs" 44 | @echo " changes to make an overview of all changed/added/deprecated items" 45 | @echo " xml to make Docutils-native XML files" 46 | @echo " pseudoxml to make pseudoxml-XML files for display purposes" 47 | @echo " linkcheck to check all external links for integrity" 48 | @echo " doctest to run all doctests embedded in the documentation (if enabled)" 49 | @echo " coverage to run coverage check of the documentation (if enabled)" 50 | 51 | clean: 52 | rm -rf $(BUILDDIR)/* 53 | 54 | html: 55 | $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html 56 | @echo 57 | @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." 58 | 59 | dirhtml: 60 | $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml 61 | @echo 62 | @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." 63 | 64 | singlehtml: 65 | $(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml 66 | @echo 67 | @echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml." 68 | 69 | pickle: 70 | $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle 71 | @echo 72 | @echo "Build finished; now you can process the pickle files." 73 | 74 | json: 75 | $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json 76 | @echo 77 | @echo "Build finished; now you can process the JSON files." 78 | 79 | htmlhelp: 80 | $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp 81 | @echo 82 | @echo "Build finished; now you can run HTML Help Workshop with the" \ 83 | ".hhp project file in $(BUILDDIR)/htmlhelp." 84 | 85 | qthelp: 86 | $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp 87 | @echo 88 | @echo "Build finished; now you can run "qcollectiongenerator" with the" \ 89 | ".qhcp project file in $(BUILDDIR)/qthelp, like this:" 90 | @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/openstack-ansible-os_magnum.qhcp" 91 | @echo "To view the help file:" 92 | @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/openstack-ansible-os_magnum.qhc" 93 | 94 | applehelp: 95 | $(SPHINXBUILD) -b applehelp $(ALLSPHINXOPTS) $(BUILDDIR)/applehelp 96 | @echo 97 | @echo "Build finished. The help book is in $(BUILDDIR)/applehelp." 98 | @echo "N.B. You won't be able to view it unless you put it in" \ 99 | "~/Library/Documentation/Help or install it in your application" \ 100 | "bundle." 101 | 102 | devhelp: 103 | $(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp 104 | @echo 105 | @echo "Build finished." 106 | @echo "To view the help file:" 107 | @echo "# mkdir -p $$HOME/.local/share/devhelp/openstack-ansible-os_magnum" 108 | @echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/openstack-ansible-os_magnum" 109 | @echo "# devhelp" 110 | 111 | epub: 112 | $(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub 113 | @echo 114 | @echo "Build finished. The epub file is in $(BUILDDIR)/epub." 115 | 116 | latex: 117 | $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex 118 | @echo 119 | @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." 120 | @echo "Run \`make' in that directory to run these through (pdf)latex" \ 121 | "(use \`make latexpdf' here to do that automatically)." 122 | 123 | latexpdf: 124 | $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex 125 | @echo "Running LaTeX files through pdflatex..." 126 | $(MAKE) -C $(BUILDDIR)/latex all-pdf 127 | @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." 128 | 129 | latexpdfja: 130 | $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex 131 | @echo "Running LaTeX files through platex and dvipdfmx..." 132 | $(MAKE) -C $(BUILDDIR)/latex all-pdf-ja 133 | @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." 134 | 135 | text: 136 | $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text 137 | @echo 138 | @echo "Build finished. The text files are in $(BUILDDIR)/text." 139 | 140 | man: 141 | $(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man 142 | @echo 143 | @echo "Build finished. The manual pages are in $(BUILDDIR)/man." 144 | 145 | texinfo: 146 | $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo 147 | @echo 148 | @echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo." 149 | @echo "Run \`make' in that directory to run these through makeinfo" \ 150 | "(use \`make info' here to do that automatically)." 151 | 152 | info: 153 | $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo 154 | @echo "Running Texinfo files through makeinfo..." 155 | make -C $(BUILDDIR)/texinfo info 156 | @echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo." 157 | 158 | gettext: 159 | $(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale 160 | @echo 161 | @echo "Build finished. The message catalogs are in $(BUILDDIR)/locale." 162 | 163 | changes: 164 | $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes 165 | @echo 166 | @echo "The overview file is in $(BUILDDIR)/changes." 167 | 168 | linkcheck: 169 | $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck 170 | @echo 171 | @echo "Link check complete; look for any errors in the above output " \ 172 | "or in $(BUILDDIR)/linkcheck/output.txt." 173 | 174 | doctest: 175 | $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest 176 | @echo "Testing of doctests in the sources finished, look at the " \ 177 | "results in $(BUILDDIR)/doctest/output.txt." 178 | 179 | coverage: 180 | $(SPHINXBUILD) -b coverage $(ALLSPHINXOPTS) $(BUILDDIR)/coverage 181 | @echo "Testing of coverage in the sources finished, look at the " \ 182 | "results in $(BUILDDIR)/coverage/python.txt." 183 | 184 | xml: 185 | $(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml 186 | @echo 187 | @echo "Build finished. The XML files are in $(BUILDDIR)/xml." 188 | 189 | pseudoxml: 190 | $(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml 191 | @echo 192 | @echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml." 193 | 194 | livehtml: html 195 | sphinx-autobuild -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html 196 | -------------------------------------------------------------------------------- /doc/requirements.txt: -------------------------------------------------------------------------------- 1 | # The order of packages is significant, because pip processes them in the order 2 | # of appearance. Changing the order has an impact on the overall integration 3 | # process, which may cause wedges in the gate later. 4 | 5 | # WARNING: 6 | # This file is maintained in the openstack-ansible-tests repository. 7 | # https://opendev.org/openstack/openstack-ansible-tests/src/branch/master/sync/doc/requirements.txt 8 | # If you need to modify this file, update the one in the 9 | # openstack-ansible-tests repository. Once it merges there, the changes will 10 | # automatically be proposed to all the repositories which use it. 11 | 12 | sphinx>=2.0.0,!=2.1.0 # BSD 13 | sphinxcontrib-svg2pdfconverter>=0.1.0 # BSD 14 | openstackdocstheme>=2.2.1 # Apache-2.0 15 | reno>=3.1.0 # Apache-2.0 16 | doc8>=0.6.0 # Apache-2.0 17 | -------------------------------------------------------------------------------- /doc/source/_static/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/openstack-ansible-os_magnum/8af71233eaf1de0fff856de06c1b4e325bc44c1d/doc/source/_static/.gitkeep -------------------------------------------------------------------------------- /doc/source/conf.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | # implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | # This file is execfile()d with the current directory set to its 17 | # containing dir. 18 | # 19 | # Note that not all possible configuration values are present in this 20 | # autogenerated file. 21 | # 22 | # All configuration values have a default; values that are commented out 23 | # serve to show the default. 24 | 25 | # If extensions (or modules to document with autodoc) are in another directory, 26 | # add these directories to sys.path here. If the directory is relative to the 27 | # documentation root, use os.path.abspath to make it absolute, like shown here. 28 | # sys.path.insert(0, os.path.abspath('.')) 29 | 30 | # -- General configuration ------------------------------------------------ 31 | 32 | # If your documentation needs a minimal Sphinx version, state it here. 33 | # needs_sphinx = '1.0' 34 | 35 | # Add any Sphinx extension module names here, as strings. They can be 36 | # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom 37 | # ones. 38 | extensions = [ 39 | 'openstackdocstheme', 40 | 'sphinx.ext.autodoc', 41 | 'sphinxcontrib.rsvgconverter', 42 | ] 43 | 44 | # Add any paths that contain templates here, relative to this directory. 45 | templates_path = ['_templates'] 46 | 47 | # The suffix(es) of source filenames. 48 | # You can specify multiple suffix as a list of string: 49 | # source_suffix = ['.rst', '.md'] 50 | source_suffix = '.rst' 51 | 52 | # The encoding of source files. 53 | # source_encoding = 'utf-8-sig' 54 | 55 | # The master toctree document. 56 | master_doc = 'index' 57 | 58 | # General information about the project. 59 | author = 'OpenStack-Ansible Contributors' 60 | category = 'Miscellaneous' 61 | copyright = '2014-2016, OpenStack-Ansible Contributors' 62 | description = 'OpenStack-Ansible deploys OpenStack environments using Ansible.' 63 | project = 'OpenStack-Ansible' 64 | role_name = 'os_magnum' 65 | target_name = 'openstack-ansible-' + role_name 66 | title = 'OpenStack-Ansible Documentation: ' + role_name + ' role' 67 | 68 | # openstackdocstheme options 69 | openstackdocs_repo_name = 'openstack/' + target_name 70 | openstackdocs_pdf_link = True 71 | openstackdocs_bug_project = project.lower() 72 | openstackdocs_bug_tag = '' 73 | 74 | # The language for content autogenerated by Sphinx. Refer to documentation 75 | # for a list of supported languages. 76 | # 77 | # This is also used if you do content translation via gettext catalogs. 78 | # Usually you set "language" from the command line for these cases. 79 | language = 'en' 80 | 81 | # There are two options for replacing |today|: either, you set today to some 82 | # non-false value, then it is used: 83 | # today = '' 84 | # Else, today_fmt is used as the format for a strftime call. 85 | # today_fmt = '%B %d, %Y' 86 | 87 | # List of patterns, relative to source directory, that match files and 88 | # directories to ignore when looking for source files. 89 | exclude_patterns = [] 90 | 91 | # The reST default role (used for this markup: `text`) to use for all 92 | # documents. 93 | # default_role = None 94 | 95 | # If true, '()' will be appended to :func: etc. cross-reference text. 96 | # add_function_parentheses = True 97 | 98 | # If true, the current module name will be prepended to all description 99 | # unit titles (such as .. function::). 100 | # add_module_names = True 101 | 102 | # If true, sectionauthor and moduleauthor directives will be shown in the 103 | # output. They are ignored by default. 104 | # show_authors = False 105 | 106 | # The name of the Pygments (syntax highlighting) style to use. 107 | pygments_style = 'native' 108 | 109 | # A list of ignored prefixes for module index sorting. 110 | # modindex_common_prefix = [] 111 | 112 | # If true, keep warnings as "system message" paragraphs in the built documents. 113 | # keep_warnings = False 114 | 115 | # If true, `todo` and `todoList` produce output, else they produce nothing. 116 | todo_include_todos = False 117 | 118 | 119 | # -- Options for HTML output ---------------------------------------------- 120 | 121 | # The theme to use for HTML and HTML Help pages. See the documentation for 122 | # a list of builtin themes. 123 | html_theme = 'openstackdocs' 124 | 125 | # Theme options are theme-specific and customize the look and feel of a theme 126 | # further. For a list of options available for each theme, see the 127 | # documentation. 128 | # html_theme_options = {} 129 | 130 | # Add any paths that contain custom themes here, relative to this directory. 131 | # html_theme_path = [] 132 | 133 | # The name for this set of Sphinx documents. If None, it defaults to 134 | # " v documentation". 135 | # html_title = None 136 | 137 | # A shorter title for the navigation bar. Default is the same as html_title. 138 | # html_short_title = None 139 | 140 | # The name of an image file (relative to this directory) to place at the top 141 | # of the sidebar. 142 | # html_logo = None 143 | 144 | # The name of an image file (within the static path) to use as favicon of the 145 | # docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 146 | # pixels large. 147 | # html_favicon = None 148 | 149 | # Add any paths that contain custom static files (such as style sheets) here, 150 | # relative to this directory. They are copied after the builtin static files, 151 | # so a file named "default.css" will overwrite the builtin "default.css". 152 | html_static_path = ['_static'] 153 | 154 | # Add any extra paths that contain custom files (such as robots.txt or 155 | # .htaccess) here, relative to this directory. These files are copied 156 | # directly to the root of the documentation. 157 | # html_extra_path = [] 158 | 159 | # If true, SmartyPants will be used to convert quotes and dashes to 160 | # typographically correct entities. 161 | # html_use_smartypants = True 162 | 163 | # Custom sidebar templates, maps document names to template names. 164 | # html_sidebars = {} 165 | 166 | # Additional templates that should be rendered to pages, maps page names to 167 | # template names. 168 | # html_additional_pages = {} 169 | 170 | # If false, no module index is generated. 171 | # html_domain_indices = True 172 | 173 | # If false, no index is generated. 174 | # html_use_index = True 175 | 176 | # If true, the index is split into individual pages for each letter. 177 | # html_split_index = False 178 | 179 | # If true, links to the reST sources are added to the pages. 180 | # html_show_sourcelink = True 181 | 182 | # If true, "Created using Sphinx" is shown in the HTML footer. Default is True. 183 | # html_show_sphinx = True 184 | 185 | # If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. 186 | # html_show_copyright = True 187 | 188 | # If true, an OpenSearch description file will be output, and all pages will 189 | # contain a tag referring to it. The value of this option must be the 190 | # base URL from which the finished HTML is served. 191 | # html_use_opensearch = '' 192 | 193 | # This is the file name suffix for HTML files (e.g. ".xhtml"). 194 | # html_file_suffix = None 195 | 196 | # Language to be used for generating the HTML full-text search index. 197 | # Sphinx supports the following languages: 198 | # 'da', 'de', 'en', 'es', 'fi', 'fr', 'h', 'it', 'ja' 199 | # 'nl', 'no', 'pt', 'ro', 'r', 'sv', 'tr' 200 | # html_search_language = 'en' 201 | 202 | # A dictionary with options for the search language support, empty by default. 203 | # Now only 'ja' uses this config value 204 | # html_search_options = {'type': 'default'} 205 | 206 | # The name of a javascript file (relative to the configuration directory) that 207 | # implements a search results scorer. If empty, the default will be used. 208 | # html_search_scorer = 'scorer.js' 209 | 210 | # Output file base name for HTML help builder. 211 | htmlhelp_basename = target_name + '-docs' 212 | 213 | # -- Options for LaTeX output --------------------------------------------- 214 | 215 | latex_elements = { 216 | # The paper size ('letterpaper' or 'a4paper'). 217 | # 'papersize': 'letterpaper', 218 | 219 | # The font size ('10pt', '11pt' or '12pt'). 220 | # 'pointsize': '10pt', 221 | 222 | # Additional stuff for the LaTeX preamble. 223 | # 'preamble': '', 224 | 225 | # Latex figure (float) alignment 226 | # 'figure_align': 'htbp', 227 | } 228 | 229 | # Grouping the document tree into LaTeX files. List of tuples 230 | # (source start file, target name, title, 231 | # author, documentclass [howto, manual, or own class]). 232 | latex_documents = [ 233 | (master_doc, 'doc-' + target_name + '.tex', 234 | title.replace("_", r"\_"), author, 'manual'), 235 | ] 236 | 237 | latex_use_xindy = False 238 | 239 | # The name of an image file (relative to this directory) to place at the top of 240 | # the title page. 241 | # latex_logo = None 242 | 243 | # For "manual" documents, if this is true, then toplevel headings are parts, 244 | # not chapters. 245 | # latex_use_parts = False 246 | 247 | # If true, show page references after internal links. 248 | # latex_show_pagerefs = False 249 | 250 | # If true, show URL addresses after external links. 251 | # latex_show_urls = False 252 | 253 | # Documents to append as an appendix to all manuals. 254 | # latex_appendices = [] 255 | 256 | # If false, no module index is generated. 257 | # latex_domain_indices = True 258 | 259 | 260 | # -- Options for manual page output --------------------------------------- 261 | 262 | # One entry per manual page. List of tuples 263 | # (source start file, name, description, authors, manual section). 264 | man_pages = [ 265 | (master_doc, target_name, 266 | title, [author], 1) 267 | ] 268 | 269 | # If true, show URL addresses after external links. 270 | # man_show_urls = False 271 | 272 | 273 | # -- Options for Texinfo output ------------------------------------------- 274 | 275 | # Grouping the document tree into Texinfo files. List of tuples 276 | # (source start file, target name, title, author, 277 | # dir menu entry, description, category) 278 | texinfo_documents = [ 279 | (master_doc, target_name, 280 | title, author, project, 281 | description, category), 282 | ] 283 | 284 | # Documents to append as an appendix to all manuals. 285 | # texinfo_appendices = [] 286 | 287 | # If false, no module index is generated. 288 | # texinfo_domain_indices = True 289 | 290 | # How to display URL addresses: 'footnote', 'no', or 'inline'. 291 | # texinfo_show_urls = 'footnote' 292 | 293 | # If true, do not generate a @detailmenu in the "Top" node's menu. 294 | # texinfo_no_detailmenu = False 295 | # -- Options for PDF output -------------------------------------------------- 296 | 297 | pdf_documents = [ 298 | (master_doc, target_name, 299 | title, author) 300 | ] 301 | 302 | locale_dirs = ['locale/'] 303 | -------------------------------------------------------------------------------- /doc/source/index.rst: -------------------------------------------------------------------------------- 1 | ======================== 2 | OpenStack-Ansible Magnum 3 | ======================== 4 | 5 | Ansible role that installs and configures OpenStack Magnum. Magnum is 6 | installed behind the Apache webserver listening on port 9511 by default. 7 | 8 | 9 | To clone or view the source code for this repository, visit the role repository 10 | for `os_magnum `_. 11 | 12 | Default variables 13 | ~~~~~~~~~~~~~~~~~ 14 | 15 | .. literalinclude:: ../../defaults/main.yml 16 | :language: yaml 17 | :start-after: under the License. 18 | 19 | Dependencies 20 | ~~~~~~~~~~~~ 21 | 22 | This role needs pip >= 7.1 installed on the target host. 23 | 24 | To use this role, define the following variables: 25 | 26 | .. code-block:: yaml 27 | 28 | # Magnum TCP listening port 29 | magnum_service_port: 9511 30 | 31 | # Magnum service protocol http or https 32 | magnum_service_proto: http 33 | 34 | # Magnum Galera address of internal load balancer 35 | magnum_galera_address: "{{ internal_lb_vip_address }}" 36 | 37 | # Magnum Galera database name 38 | magnum_galera_database_name: magnum_service 39 | 40 | # Magnum Galera username 41 | magnum_galera_user: magnum 42 | 43 | # Magnum rpc userid 44 | magnum_oslomsg_rpc_userid: magnum 45 | 46 | # Magnum rpc vhost 47 | magnum_oslomsg_rpc_vhost: /magnum 48 | 49 | # Magnum notify userid 50 | magnum_oslomsg_notify_userid: magnum 51 | 52 | # Magnum notify vhost 53 | magnum_oslomsg_notify_vhost: /magnum 54 | 55 | This list is not exhaustive. See role internals for further details. 56 | 57 | Wiring docker with cinder 58 | ~~~~~~~~~~~~~~~~~~~~~~~~~ 59 | 60 | If you need to use volumes, default_docker_volume_type should be set. 61 | By default, Magnum doesn't need one. 62 | 63 | To deploy Magnum with cinder integration, please set the following 64 | in your ``/etc/openstack_deploy/user_variables.yml``: 65 | 66 | .. code-block:: yaml 67 | 68 | magnum_config_overrides: 69 | cinder: 70 | default_docker_volume_type: lvm 71 | 72 | If you have defined cinder_default_volume_type for all your nodes, 73 | by defining it in your user_variables, you can re-use it directly: 74 | 75 | .. code-block:: yaml 76 | 77 | magnum_config_overrides: 78 | cinder: 79 | default_docker_volume_type: "{{ cinder_default_volume_type }}" 80 | 81 | Example playbook 82 | ~~~~~~~~~~~~~~~~ 83 | 84 | .. literalinclude:: ../../examples/playbook.yml 85 | :language: yaml 86 | 87 | Tags 88 | ~~~~ 89 | 90 | This role supports two tags: ``magnum-install`` and ``magnum-config``. 91 | The ``magnum-install`` tag can be used to install and upgrade. The 92 | ``magnum-config`` tag can be used to maintain configuration of the 93 | service. 94 | 95 | Post-deployment configuration 96 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 97 | 98 | Deploying the magnum service makes the API components available to use. 99 | Additional configuration is required to make a working Kubernetes cluster, 100 | including loading the correct Image and setting up a suitable Cluster Template 101 | 102 | This example is intended to show the steps required and should be updated 103 | as needed for the version of k8s and associated components. The example has 104 | been tested by a deployer with magnum SHA 105 | fe35af8ef5d9e65a4074aa3ba3ed3116b7322415. 106 | 107 | First, upload the coreos image. this can be done either manually or using 108 | the os_magnum playbooks. 109 | 110 | Manual configuration: 111 | 112 | .. code-block:: bash 113 | 114 | wget https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/32.20201004.3.0/x86_64/fedora-coreos-32.20201004.3.0-openstack.x86_64.qcow2.xz 115 | 116 | (convert to raw if necessary here for ceph backed storage) 117 | 118 | openstack image create "fedora-coreos-latest" --disk-format raw --container-format bare \ 119 | --file fedora-coreos-32.20201004.3.0-openstack.x86_64.raw --property os_distro='fedora-coreos' 120 | 121 | Via os_magnum playbooks and data in user_variables.yml 122 | 123 | .. code-block:: yaml 124 | 125 | magnum_glance_images: 126 | - name: fedora-coreos-latest 127 | disk_format: qcow2 128 | image_format: bare 129 | public: true 130 | file: https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/31.20200210.3.0/x86_64/fedora-coreos-31.20200210.3.0-openstack.x86_64.qcow2.xz 131 | properties: 132 | os_distro: "fedora-coreos" 133 | checksum: "sha256:9a5252e24b82a5edb1ce75b05653f59895685b0f1028112462e908a12deae518" 134 | 135 | 136 | Second, create the cluster template. 137 | 138 | Manual configuration: 139 | 140 | .. code-block:: bash 141 | 142 | openstack coe cluster template create --coe kubernetes --external-network \ 143 | --image "fedora-coreos-latest" --master-flavor --flavor --master-lb-enabled \ 144 | --docker-volume-size 50 --network-driver calico --docker-storage-driver overlay2 \ 145 | --volume-driver cinder \ 146 | --labels boot_volume_type=,boot_volume_size=50,kube_tag=v1.18.6,availability_zone=nova,helm_client_url="https://get.helm.sh/helm-v3.4.0-linux-amd64.tar.gz",helm_client_sha256="270acb0f085b72ec28aee894c7443739271758010323d72ced0e92cd2c96ffdb",helm_client_tag="v3.4.0",etcd_volume_size=50,auto_scaling_enabled=true,auto_healing_enabled=true,auto_healing_controller=magnum-auto-healer,etcd_volume_type=,kube_dashboard_enabled=True,monitoring_enabled=True,ingress_controller=nginx,cloud_provider_tag=v1.19.0,magnum_auto_healer_tag=v1.19.0,container_infra_prefix= -f yaml -c uuid 147 | 148 | The equivalent Cluster Template configuration through os_magnum and data in 149 | user_variables.yml 150 | 151 | .. code-block:: yaml 152 | 153 | magnum_cluster_templates: 154 | - name: 155 | coe: kubernetes 156 | external_network_id: 157 | image_id: 158 | master_flavor_id: 159 | flavor_id: 160 | master_lb_enabled: true 161 | docker_volume_size: 50 162 | network_driver: calico 163 | docker_storage_driver: overlay2 164 | volume_driver: cinder 165 | labels: 166 | boot_volume_type: 167 | boot_volume_size: 50 168 | kube_tag: v1.18.6 169 | availability_zone: nova 170 | helm_client_url: "https://get.helm.sh/helm-v3.4.0-linux-amd64.tar.gz" 171 | helm_client_sha256: "270acb0f085b72ec28aee894c7443739271758010323d72ced0e92cd2c96ffdb" 172 | helm_client_tag: v3.4.0 173 | etcd_volume_size: 50 174 | auto_scaling_enabled: true 175 | auto_healing_enabled: true 176 | auto_healing_controller: magnum-auto-healer 177 | etcd_volume_type: 178 | kube_dashboard_enabled: True 179 | monitoring_enabled: True 180 | ingress_controller: nginx 181 | cloud_provider_tag: v1.19.0 182 | magnum_auto_healer_tag: v1.19.0 183 | container_infra_prefix: 184 | 185 | Note that openstack-ansible deploys the Magnum API service. It is not in scope 186 | for openstack-ansible to maintain a guaranteed working cluster template as this 187 | will vary depending on the precise version of Magnum deployed and the required 188 | version of k8s and it's dependancies. 189 | 190 | It will be necessary to specify a docker registry (potentially hosting your own 191 | mirror or cache) which does not enforce rate limits when deploying Magnum in a 192 | production environment. 193 | 194 | Post-deployment debugging 195 | ~~~~~~~~~~~~~~~~~~~~~~~~~ 196 | 197 | If the k8s cluster does not create properly, or times out during creation, then 198 | the cloud-init logs in the master/minion nodes should be examined, also check 199 | the heat-config log and heat-container-agent status. 200 | -------------------------------------------------------------------------------- /examples/playbook.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install Magnum server 3 | hosts: magnum_all 4 | user: root 5 | roles: 6 | - role: "os_magnum" 7 | tags: 8 | - os-magnum" 9 | vars: 10 | magnum_galera_address: "{{ internal_lb_vip_address }}" 11 | magnum_galera_password: secrete 12 | magnum_service_password: secrete 13 | magnum_oslomsg_rpc_password: secrete 14 | magnum_trustee_password: secrete 15 | -------------------------------------------------------------------------------- /files/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/openstack-ansible-os_magnum/8af71233eaf1de0fff856de06c1b4e325bc44c1d/files/.keep -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2015, Rackspace US, Inc. 3 | # Copyright 2018, VEXXHOST, Inc. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | - name: Restart magnum services 18 | ansible.builtin.systemd: 19 | name: "{{ item.service_name }}" 20 | enabled: true 21 | state: "restarted" 22 | daemon_reload: true 23 | with_items: "{{ filtered_magnum_services }}" 24 | listen: 25 | - "venv changed" 26 | - "systemd service changed" 27 | - "cert installed" 28 | -------------------------------------------------------------------------------- /manual-test.rc: -------------------------------------------------------------------------------- 1 | export VIRTUAL_ENV=$(pwd) 2 | export ANSIBLE_HOST_KEY_CHECKING=False 3 | export ANSIBLE_SSH_CONTROL_PATH=/tmp/%%h-%%r 4 | 5 | # TODO (odyssey4me) These are only here as they are non-standard folder 6 | # names for Ansible 1.9.x. We are using the standard folder names for 7 | # Ansible v2.x. We can remove this when we move to Ansible 2.x. 8 | export ANSIBLE_ACTION_PLUGINS=${HOME}/.ansible/plugins/action 9 | export ANSIBLE_CALLBACK_PLUGINS=${HOME}/.ansible/plugins/callback 10 | export ANSIBLE_FILTER_PLUGINS=${HOME}/.ansible/plugins/filter 11 | export ANSIBLE_LOOKUP_PLUGINS=${HOME}/.ansible/plugins/lookup 12 | 13 | # This is required as the default is the current path or a path specified 14 | # in ansible.cfg 15 | export ANSIBLE_LIBRARY=${HOME}/.ansible/plugins/library 16 | 17 | # This is required as the default is '/etc/ansible/roles' or a path 18 | # specified in ansible.cfg 19 | export ANSIBLE_ROLES_PATH=${HOME}/.ansible/roles:$(pwd)/.. 20 | 21 | export ANSIBLE_SSH_ARGS="-o ControlMaster=no \ 22 | -o UserKnownHostsFile=/dev/null \ 23 | -o StrictHostKeyChecking=no \ 24 | -o ServerAliveInterval=64 \ 25 | -o ServerAliveCountMax=1024 \ 26 | -o Compression=no \ 27 | -o TCPKeepAlive=yes \ 28 | -o VerifyHostKeyDNS=no \ 29 | -o ForwardX11=no \ 30 | -o ForwardAgent=yes" 31 | 32 | echo "Run manual functional tests by executing the following:" 33 | echo "# ./.tox/functional/bin/ansible-playbook -i tests/inventory tests/test.yml" 34 | -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2017, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | galaxy_info: 17 | author: OpenStack-Ansible 18 | description: Deploy Magnum with OpenStack Ansible 19 | company: OpenStack 20 | license: Apache-2.0 21 | role_name: os_magnum 22 | namespace: openstack 23 | min_ansible_version: "2.10" 24 | platforms: 25 | - name: Debian 26 | versions: 27 | - bullseye 28 | - name: Ubuntu 29 | versions: 30 | - focal 31 | - jammy 32 | - name: EL 33 | versions: 34 | - "9" 35 | # Below are all categories currently available. Just as with 36 | # the platforms above, uncomment those that apply to your role. 37 | galaxy_tags: 38 | - cloud 39 | - openstack 40 | - python 41 | - magnum 42 | 43 | dependencies: 44 | - role: apt_package_pinning 45 | when: 46 | - ansible_facts['pkg_mgr'] == 'apt' 47 | -------------------------------------------------------------------------------- /meta/openstack-ansible.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2017, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # (c) 2017, Jean-Philippe Evrard 17 | 18 | maturity_info: 19 | status: complete 20 | created_during: newton 21 | -------------------------------------------------------------------------------- /releasenotes/notes/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/openstack-ansible-os_magnum/8af71233eaf1de0fff856de06c1b4e325bc44c1d/releasenotes/notes/.placeholder -------------------------------------------------------------------------------- /releasenotes/notes/magnum-client-urls-64af5efc9ece6680.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - The magnum client interaction will now make use of the public endpoints by 4 | default. Previously this was set to use internal endpoints. 5 | - The keystone endpoints for instances spawned by magnum will now be provided 6 | with the public endpoints by default. Previously this was set to use 7 | internal endpoints. 8 | security: 9 | - The magnum client interaction will now make use of the public endpoints by 10 | default. Previously this was set to use internal endpoints. 11 | - The keystone endpoints for instances spawned by magnum will now be provided 12 | with the public endpoints by default. Previously this was set to use 13 | internal endpoints. 14 | -------------------------------------------------------------------------------- /releasenotes/notes/magnum-init-config-overrides-aec21cbbd9da8e4e.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - New variables have been added to allow a deployer to customize 4 | a magnum systemd unit file to their liking. 5 | - The task dropping the magnum systemd unit files now uses the 6 | ``config_template`` action plugin allowing deployers access to 7 | customize the unit files as they see fit without having to 8 | load extra options into the defaults and pollute the generic 9 | systemd unit file with jinja2 variables and conditionals. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/magnum-service-setup-host-ea285f161e625980.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | The service setup in keystone for magnum will now be executed 5 | through delegation to the ``magnum_service_setup_host`` which, 6 | by default, is ``localhost`` (the deploy host). Deployers can 7 | opt to rather change this to the utility container by implementing 8 | the following override in ``user_variables.yml``. 9 | 10 | .. code-block:: yaml 11 | 12 | magnum_service_setup_host: "{{ groups['utility_all'][0] }}" 13 | - | 14 | Instead of downloading images to the magnum API servers, the 15 | images will now download to the ``magnum_service_setup_host`` to 16 | the folder set in ``magnum_image_path`` owned by 17 | ``magnum_image_path_owner``. 18 | 19 | deprecations: 20 | - | 21 | The variable ``magnum_requires_pip_packages`` is no longer required 22 | and has therefore been removed. 23 | -------------------------------------------------------------------------------- /releasenotes/notes/magnum_conductor_workers-3f7eafeb4429dd0b.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Implemented variable ``magnum_conductor_workers`` that is designed to 5 | controll amount of magnum-conductor workers spawned. By default it is 6 | equal to number of CPU cores, but no more then 16 workers. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/magnum_images_format-5e621dbe6c20cc9f.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | Format of ``magnum_glance_images`` has changed to the one compatible 5 | with ``openstack_resources`` role. 6 | Please reffer to os_magnum role documentation for a relevant example. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/magnum_init_time_settings-6ecc4ff27d7dca1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - For the ``os_magnum`` role, the systemd unit ``TimeoutSec`` value which 4 | controls the time between sending a SIGTERM signal and a SIGKILL signal 5 | when stopping or restarting the service has been reduced from 300 seconds 6 | to 120 seconds. This provides 2 minutes for long-lived sessions to drain 7 | while preventing new ones from starting before a restart or a stop. The 8 | ``RestartSec`` value which controls the time between the service stop and 9 | start when restarting has been reduced from 150 seconds to 2 seconds to 10 | make the restart happen faster. These values can be adjusted by using the 11 | ``magnum_*_init_config_overrides`` variables which use the 12 | ``config_template`` task to change template defaults. 13 | upgrade: 14 | - For the ``os_magnum`` role, the systemd unit ``TimeoutSec`` value which 15 | controls the time between sending a SIGTERM signal and a SIGKILL signal 16 | when stopping or restarting the service has been reduced from 300 seconds 17 | to 120 seconds. This provides 2 minutes for long-lived sessions to drain 18 | while preventing new ones from starting before a restart or a stop. The 19 | ``RestartSec`` value which controls the time between the service stop and 20 | start when restarting has been reduced from 150 seconds to 2 seconds to 21 | make the restart happen faster. These values can be adjusted by using the 22 | ``magnum_*_init_config_overrides`` variables which use the 23 | ``config_template`` task to change template defaults. 24 | -------------------------------------------------------------------------------- /releasenotes/notes/magnum_resources-84e50dbaebac7d1c.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Added variables `magnum_cluster_templates` and `magnum_flavors` 5 | which allow deployers to define coe cluster template and nova flavors 6 | creation during role execution. These variables may contain list of 7 | resources to add. All keys supported by appropriate ansible modules 8 | may be passed as items in the list. -------------------------------------------------------------------------------- /releasenotes/notes/os_magnum-install-venv-30263e29e51a2610.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - Installation of magnum and its dependent pip packages will now only 4 | occur within a Python virtual environment. The ``magnum_venv_bin``, 5 | ``magnum_venv_enabled`` variables have been removed. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/os_magnum-xenial-systemd-support-2e1ee4253dff2b5c.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - The ``os_magnum`` role now supports deployment on Ubuntu 16.04 using 4 | systemd. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/oslo-messaging-separate-backends-a3af6957a984ac51.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Support separate oslo.messaging services for RPC and Notifications 4 | to enable operation of separate and different messaging backend 5 | servers in magnum. 6 | deprecations: 7 | - | 8 | The rabbitmq server parameters have been replaced by corresponding 9 | oslo.messaging RPC and Notify parameters in order to abstract the 10 | messaging service from the actual backend server deployment. 11 | - magnum_oslomsg_rpc_servers replaces rabbitmq_servers 12 | - magnum_oslomsg_rpc_port replaces rabbitmq_port 13 | - magnum_oslomsg_rpc_userid replaces magnum_rabbitmq_userid 14 | - magnum_oslomsg_rpc_vhost replaces magnum_rabbitmq_vhost 15 | - added magnum_oslomsg_rpc_use_ssl 16 | - added magnum_oslomsg_notify_servers 17 | - added magnum_oslomsg_notify_port 18 | - added magnum_oslomsg_notify_use_ssl 19 | - added magnum_oslomsg_notify_userid 20 | - added magnum_oslomsg_notify_vhost 21 | - added magnum_oslomsg_notify_password 22 | -------------------------------------------------------------------------------- /releasenotes/notes/package-state-7d62ea1e50ad391b.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - The os_magnum role now supports the ability to configure whether 4 | apt/yum tasks install the latest available package, or just ensure 5 | that the package is present. The default action is to ensure that 6 | the latest package is present. The action taken may be changed to 7 | only ensure that the package is present by setting 8 | ``magnum_package_state`` to ``present``. 9 | upgrade: 10 | - The os_magnum role always checks whether the latest package is 11 | installed when executed. If a deployer wishes to change the check to 12 | only validate the presence of the package, the option 13 | ``magnum_package_state`` should be set to ``present``. 14 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-requirements-git-451af20d60205c17.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - The variables ``magnum_requirements_git_repo`` and 4 | ``magnum_requirements_git_install_branch`` have been 5 | removed in favour of using the URL/path to the 6 | upper-constraints file using the 7 | variable ``pip_install_upper_constraints`` instead. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/remove_rpc_backend-9813a3455f234521.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - | 4 | Remove ``magnum_rpc_backend`` option due to deprecation of 5 | rpc_backend option in oslo.messaging. 6 | -------------------------------------------------------------------------------- /releasenotes/source/_static/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/openstack-ansible-os_magnum/8af71233eaf1de0fff856de06c1b4e325bc44c1d/releasenotes/source/_static/.placeholder -------------------------------------------------------------------------------- /releasenotes/source/_templates/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/openstack-ansible-os_magnum/8af71233eaf1de0fff856de06c1b4e325bc44c1d/releasenotes/source/_templates/.placeholder -------------------------------------------------------------------------------- /releasenotes/source/conf.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | # implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | # This file is execfile()d with the current directory set to its 17 | # containing dir. 18 | # 19 | # Note that not all possible configuration values are present in this 20 | # autogenerated file. 21 | # 22 | # All configuration values have a default; values that are commented out 23 | # serve to show the default. 24 | 25 | # If extensions (or modules to document with autodoc) are in another directory, 26 | # add these directories to sys.path here. If the directory is relative to the 27 | # documentation root, use os.path.abspath to make it absolute, like shown here. 28 | # sys.path.insert(0, os.path.abspath('.')) 29 | 30 | # -- General configuration ------------------------------------------------ 31 | 32 | # If your documentation needs a minimal Sphinx version, state it here. 33 | # needs_sphinx = '1.0' 34 | 35 | # Add any Sphinx extension module names here, as strings. They can be 36 | # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom 37 | # ones. 38 | extensions = [ 39 | 'openstackdocstheme', 40 | 'reno.sphinxext', 41 | ] 42 | 43 | # Add any paths that contain templates here, relative to this directory. 44 | templates_path = ['_templates'] 45 | 46 | # The suffix of source filenames. 47 | source_suffix = '.rst' 48 | 49 | # The encoding of source files. 50 | # source_encoding = 'utf-8-sig' 51 | 52 | # The master toctree document. 53 | master_doc = 'index' 54 | 55 | # General information about the project. 56 | author = 'OpenStack-Ansible Contributors' 57 | category = 'Miscellaneous' 58 | copyright = '2014-2016, OpenStack-Ansible Contributors' 59 | description = 'OpenStack-Ansible deploys OpenStack environments using Ansible.' 60 | project = 'OpenStack-Ansible' 61 | role_name = 'os_magnum' 62 | target_name = 'openstack-ansible-' + role_name 63 | title = 'OpenStack-Ansible Release Notes: ' + role_name + 'role' 64 | 65 | # Release notes do not need a version number in the title, they 66 | # cover multiple releases. 67 | # The full version, including alpha/beta/rc tags. 68 | release = '' 69 | # The short X.Y version. 70 | version = '' 71 | 72 | # openstackdocstheme options 73 | openstackdocs_repo_name = 'openstack/' + target_name 74 | openstackdocs_bug_project = project.lower() 75 | openstackdocs_bug_tag = '' 76 | 77 | # The language for content autogenerated by Sphinx. Refer to documentation 78 | # for a list of supported languages. 79 | # language = None 80 | 81 | # There are two options for replacing |today|: either, you set today to some 82 | # non-false value, then it is used: 83 | # today = '' 84 | # Else, today_fmt is used as the format for a strftime call. 85 | # today_fmt = '%B %d, %Y' 86 | 87 | # List of patterns, relative to source directory, that match files and 88 | # directories to ignore when looking for source files. 89 | exclude_patterns = [] 90 | 91 | # The reST default role (used for this markup: `text`) to use for all 92 | # documents. 93 | # default_role = None 94 | 95 | # If true, '()' will be appended to :func: etc. cross-reference text. 96 | # add_function_parentheses = True 97 | 98 | # If true, the current module name will be prepended to all description 99 | # unit titles (such as .. function::). 100 | # add_module_names = True 101 | 102 | # If true, sectionauthor and moduleauthor directives will be shown in the 103 | # output. They are ignored by default. 104 | # show_authors = False 105 | 106 | # The name of the Pygments (syntax highlighting) style to use. 107 | pygments_style = 'native' 108 | 109 | # A list of ignored prefixes for module index sorting. 110 | # modindex_common_prefix = [] 111 | 112 | # If true, keep warnings as "system message" paragraphs in the built documents. 113 | # keep_warnings = False 114 | 115 | 116 | # -- Options for HTML output ---------------------------------------------- 117 | 118 | # The theme to use for HTML and HTML Help pages. See the documentation for 119 | # a list of builtin themes. 120 | html_theme = 'openstackdocs' 121 | 122 | # Theme options are theme-specific and customize the look and feel of a theme 123 | # further. For a list of options available for each theme, see the 124 | # documentation. 125 | # html_theme_options = {} 126 | 127 | # Add any paths that contain custom themes here, relative to this directory. 128 | # html_theme_path = [] 129 | 130 | # The name for this set of Sphinx documents. If None, it defaults to 131 | # " v documentation". 132 | # html_title = None 133 | 134 | # A shorter title for the navigation bar. Default is the same as html_title. 135 | # html_short_title = None 136 | 137 | # The name of an image file (relative to this directory) to place at the top 138 | # of the sidebar. 139 | # html_logo = None 140 | 141 | # The name of an image file (within the static path) to use as favicon of the 142 | # docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 143 | # pixels large. 144 | # html_favicon = None 145 | 146 | # Add any paths that contain custom static files (such as style sheets) here, 147 | # relative to this directory. They are copied after the builtin static files, 148 | # so a file named "default.css" will overwrite the builtin "default.css". 149 | html_static_path = ['_static'] 150 | 151 | # Add any extra paths that contain custom files (such as robots.txt or 152 | # .htaccess) here, relative to this directory. These files are copied 153 | # directly to the root of the documentation. 154 | # html_extra_path = [] 155 | 156 | # If true, SmartyPants will be used to convert quotes and dashes to 157 | # typographically correct entities. 158 | # html_use_smartypants = True 159 | 160 | # Custom sidebar templates, maps document names to template names. 161 | # html_sidebars = {} 162 | 163 | # Additional templates that should be rendered to pages, maps page names to 164 | # template names. 165 | # html_additional_pages = {} 166 | 167 | # If false, no module index is generated. 168 | # html_domain_indices = True 169 | 170 | # If false, no index is generated. 171 | # html_use_index = True 172 | 173 | # If true, the index is split into individual pages for each letter. 174 | # html_split_index = False 175 | 176 | # If true, links to the reST sources are added to the pages. 177 | # html_show_sourcelink = True 178 | 179 | # If true, "Created using Sphinx" is shown in the HTML footer. Default is True. 180 | # html_show_sphinx = True 181 | 182 | # If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. 183 | # html_show_copyright = True 184 | 185 | # If true, an OpenSearch description file will be output, and all pages will 186 | # contain a tag referring to it. The value of this option must be the 187 | # base URL from which the finished HTML is served. 188 | # html_use_opensearch = '' 189 | 190 | # This is the file name suffix for HTML files (e.g. ".xhtml"). 191 | # html_file_suffix = None 192 | 193 | # Output file base name for HTML help builder. 194 | htmlhelp_basename = target_name + '-docs' 195 | 196 | 197 | # -- Options for LaTeX output --------------------------------------------- 198 | 199 | latex_elements = { 200 | # The paper size ('letterpaper' or 'a4paper'). 201 | # 'papersize': 'letterpaper', 202 | 203 | # The font size ('10pt', '11pt' or '12pt'). 204 | # 'pointsize': '10pt', 205 | 206 | # Additional stuff for the LaTeX preamble. 207 | # 'preamble': '', 208 | } 209 | 210 | # Grouping the document tree into LaTeX files. List of tuples 211 | # (source start file, target name, title, 212 | # author, documentclass [howto, manual, or own class]). 213 | latex_documents = [ 214 | (master_doc, target_name + '.tex', 215 | title, author, 'manual'), 216 | ] 217 | 218 | # The name of an image file (relative to this directory) to place at the top of 219 | # the title page. 220 | # latex_logo = None 221 | 222 | # For "manual" documents, if this is true, then toplevel headings are parts, 223 | # not chapters. 224 | # latex_use_parts = False 225 | 226 | # If true, show page references after internal links. 227 | # latex_show_pagerefs = False 228 | 229 | # If true, show URL addresses after external links. 230 | # latex_show_urls = False 231 | 232 | # Documents to append as an appendix to all manuals. 233 | # latex_appendices = [] 234 | 235 | # If false, no module index is generated. 236 | # latex_domain_indices = True 237 | 238 | 239 | # -- Options for manual page output --------------------------------------- 240 | 241 | # One entry per manual page. List of tuples 242 | # (source start file, name, description, authors, manual section). 243 | man_pages = [ 244 | (master_doc, target_name, 245 | title, [author], 1) 246 | ] 247 | 248 | # If true, show URL addresses after external links. 249 | # man_show_urls = False 250 | 251 | 252 | # -- Options for Texinfo output ------------------------------------------- 253 | 254 | # Grouping the document tree into Texinfo files. List of tuples 255 | # (source start file, target name, title, author, 256 | # dir menu entry, description, category) 257 | texinfo_documents = [ 258 | (master_doc, target_name, 259 | title, author, project, 260 | description, category), 261 | ] 262 | 263 | # Documents to append as an appendix to all manuals. 264 | # texinfo_appendices = [] 265 | 266 | # If false, no module index is generated. 267 | # texinfo_domain_indices = True 268 | 269 | # How to display URL addresses: 'footnote', 'no', or 'inline'. 270 | # texinfo_show_urls = 'footnote' 271 | 272 | # If true, do not generate a @detailmenu in the "Top" node's menu. 273 | # texinfo_no_detailmenu = False 274 | 275 | # -- Options for Internationalization output ------------------------------ 276 | locale_dirs = ['locale/'] 277 | -------------------------------------------------------------------------------- /releasenotes/source/index.rst: -------------------------------------------------------------------------------- 1 | ================================ 2 | OpenStack-Ansible Release Notes 3 | ================================ 4 | 5 | .. toctree:: 6 | :maxdepth: 1 7 | 8 | unreleased 9 | zed 10 | ussuri 11 | train 12 | stein 13 | rocky 14 | queens 15 | pike 16 | ocata 17 | newton 18 | -------------------------------------------------------------------------------- /releasenotes/source/newton.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Newton Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: origin/stable/newton 7 | -------------------------------------------------------------------------------- /releasenotes/source/ocata.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Ocata Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: origin/stable/ocata 7 | -------------------------------------------------------------------------------- /releasenotes/source/pike.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Pike Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: stable/pike 7 | -------------------------------------------------------------------------------- /releasenotes/source/queens.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Queens Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: stable/queens 7 | -------------------------------------------------------------------------------- /releasenotes/source/rocky.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Rocky Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: stable/rocky 7 | -------------------------------------------------------------------------------- /releasenotes/source/stein.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Stein Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: stable/stein 7 | -------------------------------------------------------------------------------- /releasenotes/source/train.rst: -------------------------------------------------------------------------------- 1 | ========================== 2 | Train Series Release Notes 3 | ========================== 4 | 5 | .. release-notes:: 6 | :branch: stable/train 7 | -------------------------------------------------------------------------------- /releasenotes/source/unreleased.rst: -------------------------------------------------------------------------------- 1 | ============================== 2 | Current Series Release Notes 3 | ============================== 4 | 5 | .. release-notes:: 6 | -------------------------------------------------------------------------------- /releasenotes/source/ussuri.rst: -------------------------------------------------------------------------------- 1 | =========================== 2 | Ussuri Series Release Notes 3 | =========================== 4 | 5 | .. release-notes:: 6 | :branch: stable/ussuri 7 | -------------------------------------------------------------------------------- /releasenotes/source/zed.rst: -------------------------------------------------------------------------------- 1 | ======================== 2 | Zed Series Release Notes 3 | ======================== 4 | 5 | .. release-notes:: 6 | :branch: unmaintained/zed 7 | -------------------------------------------------------------------------------- /run_tests.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Copyright 2015, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | # PURPOSE: 17 | # This script clones the openstack-ansible-tests repository to the 18 | # tests/common folder in order to be able to re-use test components 19 | # for role testing. This is intended to be the thinnest possible 20 | # shim for test execution outside of OpenStack CI. 21 | 22 | # WARNING: 23 | # This file is maintained in the openstack-ansible-tests repository. 24 | # https://opendev.org/openstack/openstack-ansible-tests/src/run_tests.sh 25 | # If you need to modify this file, update the one in the openstack-ansible-tests 26 | # repository and then update this file as well. The purpose of this file is to 27 | # prepare the host and then execute all the tox tests. 28 | # 29 | 30 | ## Shell Opts ---------------------------------------------------------------- 31 | set -xeu 32 | 33 | ## Vars ---------------------------------------------------------------------- 34 | 35 | WORKING_DIR="$(readlink -f $(dirname $0))" 36 | OSA_PROJECT_NAME="$(sed -n 's|^project=openstack/\(.*\).git$|\1|p' $(pwd)/.gitreview)" 37 | 38 | COMMON_TESTS_PATH="${WORKING_DIR}/tests/common" 39 | TESTING_HOME=${TESTING_HOME:-$HOME} 40 | ZUUL_TESTS_CLONE_LOCATION="/home/zuul/src/opendev.org/openstack/openstack-ansible-tests" 41 | 42 | # Use .gitreview as the key to determine the appropriate 43 | # branch to clone for tests. 44 | TESTING_BRANCH=$(awk -F'=' '/defaultbranch/ {print $2}' "${WORKING_DIR}/.gitreview") 45 | if [[ "${TESTING_BRANCH}" == "" ]]; then 46 | TESTING_BRANCH="master" 47 | fi 48 | 49 | ## Main ---------------------------------------------------------------------- 50 | 51 | # Source distribution information 52 | source /etc/os-release || source /usr/lib/os-release 53 | 54 | # Figure out the appropriate package install command 55 | case ${ID,,} in 56 | centos|rhel|fedora|rocky) pkg_mgr_cmd="dnf install -y" ;; 57 | ubuntu|debian) pkg_mgr_cmd="apt-get install -y" ;; 58 | *) echo "unsupported distribution: ${ID,,}"; exit 1 ;; 59 | esac 60 | 61 | # Install git so that we can clone the tests repo if git is not available 62 | which git &>/dev/null || eval sudo "${pkg_mgr_cmd}" git 63 | 64 | # Clone the tests repo for access to the common test script 65 | if [[ ! -d "${COMMON_TESTS_PATH}" ]]; then 66 | # The tests repo doesn't need a clone, we can just 67 | # symlink it. 68 | if [[ "${OSA_PROJECT_NAME}" == "openstack-ansible-tests" ]]; then 69 | ln -s "${WORKING_DIR}" "${COMMON_TESTS_PATH}" 70 | 71 | # In zuul v3 any dependent repository is placed into 72 | # /home/zuul/src/opendev.org, so we check to see 73 | # if there is a tests checkout there already. If so, we 74 | # symlink that and use it. 75 | elif [[ -d "${ZUUL_TESTS_CLONE_LOCATION}" ]]; then 76 | ln -s "${ZUUL_TESTS_CLONE_LOCATION}" "${COMMON_TESTS_PATH}" 77 | 78 | # Otherwise we're clearly not in zuul or using a previously setup 79 | # repo in some way, so just clone it from upstream. 80 | else 81 | git clone -b "${TESTING_BRANCH}" \ 82 | https://opendev.org/openstack/openstack-ansible-tests \ 83 | "${COMMON_TESTS_PATH}" 84 | fi 85 | fi 86 | 87 | # Execute the common test script 88 | source tests/common/run_tests_common.sh 89 | -------------------------------------------------------------------------------- /tasks/magnum_db_sync.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Ian Cordasco 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Perform a synchronization of the Magnum database 17 | ansible.builtin.command: "{{ magnum_bin }}/magnum-db-manage upgrade" 18 | become: true 19 | become_user: "{{ magnum_system_user_name }}" 20 | changed_when: false 21 | -------------------------------------------------------------------------------- /tasks/magnum_post_install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Ian Cordasco 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Distribute Magnum Config Files 17 | openstack.config_template.config_template: 18 | src: "{{ item.source }}" 19 | dest: "{{ item.destination }}" 20 | owner: "{{ magnum_system_user_name }}" 21 | group: "{{ magnum_system_group_name }}" 22 | mode: "0644" 23 | config_overrides: "{{ item.config_overrides }}" 24 | config_type: "{{ item.config_type }}" 25 | with_items: 26 | - source: "magnum.conf.j2" 27 | destination: "{{ magnum_etc_directory }}/magnum.conf" 28 | config_overrides: "{{ magnum_config_overrides }}" 29 | config_type: "ini" 30 | - source: "api-paste.ini.j2" 31 | destination: "{{ magnum_etc_directory }}/api-paste.ini" 32 | config_overrides: "{{ magnum_api_paste_ini_overrides }}" 33 | config_type: "ini" 34 | - source: "keystone_auth_default_policy.json.j2" 35 | destination: "{{ magnum_etc_directory }}/keystone_auth_default_policy.json" 36 | config_overrides: "{{ magnum_keystone_auth_default_policy }}" 37 | config_type: "json" 38 | notify: 39 | - Restart magnum services 40 | - Restart uwsgi services 41 | 42 | - name: Implement policy.yaml 43 | openstack.config_template.config_template: 44 | dest: "{{ magnum_etc_directory }}/policy.yaml" 45 | content: "{{ magnum_policy_overrides }}" 46 | owner: "{{ magnum_system_user_name }}" 47 | group: "{{ magnum_system_group_name }}" 48 | mode: "0644" 49 | config_type: "yaml" 50 | when: 51 | - magnum_policy_overrides | length > 0 52 | tags: 53 | - magnum-policy-override 54 | 55 | - name: Remove legacy policy.yaml file 56 | ansible.builtin.file: 57 | path: "{{ magnum_etc_directory }}/policy.yaml" 58 | state: absent 59 | when: 60 | - magnum_policy_overrides | length == 0 61 | tags: 62 | - magnum-policy-override 63 | -------------------------------------------------------------------------------- /tasks/magnum_pre_install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Ian Cordasco 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Create the Magnum system group 17 | ansible.builtin.group: 18 | name: "{{ magnum_system_group_name }}" 19 | state: "present" 20 | system: "yes" 21 | 22 | - name: Create the Magnum system user 23 | ansible.builtin.user: 24 | name: "{{ magnum_system_user_name }}" 25 | group: "{{ magnum_system_group_name }}" 26 | comment: "{{ magnum_system_user_comment }}" 27 | shell: "{{ magnum_system_user_shell }}" 28 | system: "yes" 29 | createhome: "yes" 30 | home: "{{ magnum_system_user_home }}" 31 | 32 | - name: Create Magnum's directories 33 | ansible.builtin.file: 34 | path: "{{ item.path }}" 35 | state: "directory" 36 | owner: "{{ item.owner | default(magnum_system_user_name) }}" 37 | group: "{{ item.group | default(magnum_system_group_name) }}" 38 | mode: "{{ item.mode | default('0750') }}" 39 | with_items: 40 | - { path: "/openstack/venvs", mode: "0755", owner: "root", group: "root" } 41 | - path: "/etc/magnum" 42 | - path: "{{ magnum_system_user_home }}" 43 | -------------------------------------------------------------------------------- /tasks/magnum_resources.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2020, VEXXHOST, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Wait for magnum endpoint to become reachable 17 | ansible.builtin.uri: 18 | url: "{{ magnum_service_internalurl }}" 19 | register: result 20 | until: "result.status == 200" 21 | retries: 10 22 | delay: 10 23 | 24 | - name: Set up the service network 25 | ansible.builtin.include_role: 26 | name: openstack.osa.openstack_resources 27 | vars: 28 | openstack_resources_setup_host: "{{ magnum_service_setup_host }}" 29 | openstack_resources_python_interpreter: "{{ magnum_service_setup_host_python_interpreter }}" 30 | openstack_resources_image: 31 | images: "{{ _magnum_glance_images_compat }}" 32 | openstack_resources_compute: 33 | flavors: 34 | - specs: "{{ magnum_flavors }}" 35 | openstack_resources_coe: 36 | templates: "{{ magnum_cluster_templates }}" 37 | -------------------------------------------------------------------------------- /tasks/magnum_service_setup.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Ian Cordasco 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | # We set the python interpreter to the ansible runtime venv if 17 | # the delegation is to localhost so that we get access to the 18 | # appropriate python libraries in that venv. If the delegation 19 | # is to another host, we assume that it is accessible by the 20 | # system python instead. 21 | 22 | - name: Including osa.service_setup role 23 | ansible.builtin.include_role: 24 | name: openstack.osa.service_setup 25 | apply: 26 | tags: 27 | - common-service 28 | - magnum-config 29 | vars: 30 | _domain_name: "{{ magnum_trustee_domain_name }}" 31 | _service_adminuri_insecure: "{{ keystone_service_adminuri_insecure }}" 32 | _service_setup_host: "{{ magnum_service_setup_host }}" 33 | _service_setup_host_python_interpreter: "{{ magnum_service_setup_host_python_interpreter }}" 34 | _service_in_ldap: "{{ magnum_service_in_ldap }}" 35 | _service_project_name: "{{ magnum_service_project_name }}" 36 | _service_region: "{{ magnum_service_region }}" 37 | _service_users: 38 | - name: "{{ magnum_service_user_name }}" 39 | password: "{{ magnum_service_password }}" 40 | role: "{{ magnum_service_role_names }}" 41 | - name: "{{ magnum_trustee_domain_admin_name }}" 42 | password: "{{ magnum_trustee_password }}" 43 | domain: "{{ magnum_trustee_domain_name }}" 44 | project: "" 45 | role: "{{ magnum_trustee_domain_admin_roles }}" 46 | _service_endpoints: 47 | - service: "{{ magnum_service_name }}" 48 | interface: "public" 49 | url: "{{ magnum_service_publicurl }}" 50 | - service: "{{ magnum_service_name }}" 51 | interface: "internal" 52 | url: "{{ magnum_service_internalurl }}" 53 | - service: "{{ magnum_service_name }}" 54 | interface: "admin" 55 | url: "{{ magnum_service_adminurl }}" 56 | _service_catalog: 57 | - name: "{{ magnum_service_name }}" 58 | type: "{{ magnum_service_type }}" 59 | description: "{{ magnum_service_description }}" 60 | when: 61 | - "_magnum_is_first_play_host" 62 | tags: 63 | - always 64 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Ian Cordasco 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Gather variables for each operating system 17 | ansible.builtin.include_vars: "{{ lookup('first_found', params) }}" 18 | vars: 19 | params: 20 | files: 21 | - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" 22 | - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" 23 | - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" 24 | - "{{ ansible_facts['distribution'] | lower }}.yml" 25 | - "{{ ansible_facts['os_family'] | lower }}.yml" 26 | paths: 27 | - "{{ role_path }}/vars" 28 | tags: 29 | - always 30 | 31 | - name: Including osa.db_setup role 32 | ansible.builtin.include_role: 33 | name: openstack.osa.db_setup 34 | apply: 35 | tags: 36 | - common-db 37 | - magnum-config 38 | when: 39 | - "_magnum_is_first_play_host" 40 | vars: 41 | _oslodb_setup_host: "{{ magnum_db_setup_host }}" 42 | _oslodb_ansible_python_interpreter: "{{ magnum_db_setup_python_interpreter }}" 43 | _oslodb_setup_endpoint: "{{ magnum_galera_address }}" 44 | _oslodb_setup_port: "{{ magnum_galera_port }}" 45 | _oslodb_databases: 46 | - name: "{{ magnum_galera_database_name }}" 47 | users: 48 | - username: "{{ magnum_galera_user }}" 49 | password: "{{ magnum_galera_password }}" 50 | tags: 51 | - always 52 | 53 | - name: Including osa.mq_setup role 54 | ansible.builtin.include_role: 55 | name: openstack.osa.mq_setup 56 | apply: 57 | tags: 58 | - common-mq 59 | - magnum-config 60 | when: 61 | - "_magnum_is_first_play_host" 62 | vars: 63 | _oslomsg_rpc_setup_host: "{{ magnum_oslomsg_rpc_setup_host }}" 64 | _oslomsg_rpc_userid: "{{ magnum_oslomsg_rpc_userid }}" 65 | _oslomsg_rpc_password: "{{ magnum_oslomsg_rpc_password }}" 66 | _oslomsg_rpc_vhost: "{{ magnum_oslomsg_rpc_vhost }}" 67 | _oslomsg_rpc_transport: "{{ magnum_oslomsg_rpc_transport }}" 68 | _oslomsg_rpc_policies: "{{ magnum_oslomsg_rpc_policies }}" 69 | _oslomsg_notify_setup_host: "{{ magnum_oslomsg_notify_setup_host }}" 70 | _oslomsg_notify_userid: "{{ magnum_oslomsg_notify_userid }}" 71 | _oslomsg_notify_password: "{{ magnum_oslomsg_notify_password }}" 72 | _oslomsg_notify_vhost: "{{ magnum_oslomsg_notify_vhost }}" 73 | _oslomsg_notify_transport: "{{ magnum_oslomsg_notify_transport }}" 74 | _oslomsg_notify_policies: "{{ magnum_oslomsg_notify_policies }}" 75 | _oslomsg_notify_configure: "{{ magnum_oslomsg_notify_configure }}" 76 | tags: 77 | - always 78 | 79 | - name: Importing magnum_pre_install tasks 80 | ansible.builtin.import_tasks: magnum_pre_install.yml 81 | tags: 82 | - magnum-install 83 | 84 | - name: Install the python venv 85 | ansible.builtin.import_role: 86 | name: "python_venv_build" 87 | vars: 88 | venv_python_executable: "{{ magnum_venv_python_executable }}" 89 | venv_build_constraints: "{{ magnum_git_constraints }}" 90 | venv_build_distro_package_list: "{{ magnum_devel_distro_packages }}" 91 | venv_install_destination_path: "{{ magnum_bin | dirname }}" 92 | venv_install_distro_package_list: "{{ magnum_distro_packages }}" 93 | venv_pip_install_args: "{{ magnum_pip_install_args }}" 94 | venv_pip_packages: "{{ magnum_pip_packages | union(magnum_user_pip_packages) }}" 95 | venv_facts_when_changed: 96 | - section: "magnum" 97 | option: "venv_tag" 98 | value: "{{ magnum_venv_tag }}" 99 | tags: 100 | - magnum-install 101 | 102 | - name: Create and install SSL certificates 103 | ansible.builtin.include_role: 104 | name: pki 105 | tasks_from: main_certs.yml 106 | apply: 107 | tags: 108 | - magnum-config 109 | - pki 110 | vars: 111 | pki_setup_host: "{{ magnum_pki_setup_host }}" 112 | pki_dir: "{{ magnum_pki_dir }}" 113 | pki_create_certificates: "{{ magnum_user_ssl_cert is not defined and magnum_user_ssl_key is not defined }}" 114 | pki_regen_cert: "{{ magnum_pki_regen_cert }}" 115 | pki_certificates: "{{ magnum_pki_certificates }}" 116 | pki_install_certificates: "{{ magnum_pki_install_certificates }}" 117 | when: 118 | - magnum_backend_ssl 119 | tags: 120 | - always 121 | 122 | - name: Importing magnum_post_install tasks 123 | ansible.builtin.import_tasks: magnum_post_install.yml 124 | tags: 125 | - magnum-config 126 | - post-install 127 | 128 | - name: Run the systemd service role 129 | ansible.builtin.import_role: 130 | name: systemd_service 131 | vars: 132 | systemd_user_name: "{{ magnum_system_user_name }}" 133 | systemd_group_name: "{{ magnum_system_group_name }}" 134 | systemd_tempd_prefix: openstack 135 | systemd_slice_name: magnum 136 | systemd_lock_dir: /run/lock 137 | systemd_service_cpu_accounting: true 138 | systemd_service_block_io_accounting: true 139 | systemd_service_memory_accounting: true 140 | systemd_service_tasks_accounting: true 141 | systemd_services: "{{ filtered_magnum_services }}" 142 | tags: 143 | - magnum-config 144 | - systemd-service 145 | 146 | - name: Importing magnum_db_sync tasks 147 | ansible.builtin.import_tasks: magnum_db_sync.yml 148 | when: _magnum_is_first_play_host 149 | tags: 150 | - magnum-config 151 | 152 | - name: Import uwsgi role 153 | ansible.builtin.import_role: 154 | name: uwsgi 155 | vars: 156 | uwsgi_services: "{{ uwsgi_magnum_services }}" 157 | uwsgi_install_method: "source" 158 | tags: 159 | - magnum-config 160 | - uwsgi 161 | 162 | - name: Importing magnum_service_setup tasks 163 | ansible.builtin.import_tasks: magnum_service_setup.yml 164 | when: _magnum_is_first_play_host 165 | tags: 166 | - magnum-config 167 | 168 | - name: Flush handlers 169 | ansible.builtin.meta: flush_handlers 170 | - name: Importing magnum_resources tasks 171 | ansible.builtin.import_tasks: magnum_resources.yml 172 | when: _magnum_is_last_play_host 173 | tags: 174 | - magnum-config 175 | - magnum-resources 176 | -------------------------------------------------------------------------------- /templates/api-paste.ini.j2: -------------------------------------------------------------------------------- 1 | [composite:main] 2 | paste.composite_factory = magnum.api:root_app_factory 3 | /: api 4 | /healthcheck: healthcheck 5 | 6 | [pipeline:api] 7 | pipeline = cors http_proxy_to_wsgi request_id osprofiler authtoken api_v1 8 | 9 | [app:api_v1] 10 | paste.app_factory = magnum.api.app:app_factory 11 | 12 | [filter:authtoken] 13 | acl_public_routes = /, /v1 14 | paste.filter_factory = magnum.api.middleware.auth_token:AuthTokenMiddleware.factory 15 | 16 | [filter:osprofiler] 17 | paste.filter_factory = magnum.common.profiler:WsgiMiddleware.factory 18 | 19 | [filter:request_id] 20 | paste.filter_factory = oslo_middleware:RequestId.factory 21 | 22 | [filter:cors] 23 | paste.filter_factory = oslo_middleware.cors:filter_factory 24 | oslo_config_project = magnum 25 | 26 | [app:healthcheck] 27 | paste.app_factory = oslo_middleware:Healthcheck.app_factory 28 | backends = disable_by_file 29 | disable_by_file_path = /etc/magnum/healthcheck_disable 30 | 31 | [filter:http_proxy_to_wsgi] 32 | paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory 33 | oslo_config_project = magnum 34 | -------------------------------------------------------------------------------- /templates/keystone_auth_default_policy.json.j2: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "users":{ 4 | "roles":[ 5 | "k8s_admin" 6 | ], 7 | "projects":[ 8 | "$PROJECT_ID" 9 | ] 10 | }, 11 | "resource_permissions":{ 12 | "*/*":[ 13 | "*" 14 | ] 15 | }, 16 | "nonresource_permissions":{ 17 | "/healthz":[ 18 | "get", 19 | "post" 20 | ] 21 | } 22 | }, 23 | { 24 | "users":{ 25 | "roles":[ 26 | "k8s_developer" 27 | ], 28 | "projects":[ 29 | "$PROJECT_ID" 30 | ] 31 | }, 32 | "resource_permissions":{ 33 | "!kube-system/['apiServices', 'bindings', 'componentstatuses', 'configmaps', 'cronjobs', 'customResourceDefinitions', 'deployments', 'endpoints', 'events', 'horizontalPodAutoscalers', 'ingresses', 'initializerConfigurations', 'jobs', 'limitRanges', 'localSubjectAccessReviews', 'namespaces', 'networkPolicies', 'persistentVolumeClaims', 'persistentVolumes', 'podDisruptionBudgets', 'podPresets', 'podTemplates', 'pods', 'replicaSets', 'replicationControllers', 'resourceQuotas', 'secrets', 'selfSubjectAccessReviews', 'serviceAccounts', 'services', 'statefulSets', 'storageClasses', 'subjectAccessReviews', 'tokenReviews']":[ 34 | "*" 35 | ], 36 | "*/['clusterrolebindings', 'clusterroles', 'rolebindings', 'roles', 'controllerrevisions', 'nodes', 'podSecurityPolicies']":[ 37 | "get", 38 | "list", 39 | "watch" 40 | ], 41 | "*/['certificateSigningRequests']":[ 42 | "create", 43 | "delete", 44 | "get", 45 | "list", 46 | "watch", 47 | "update" 48 | ] 49 | } 50 | }, 51 | { 52 | "users":{ 53 | "roles":[ 54 | "k8s_viewer" 55 | ], 56 | "projects":[ 57 | "$PROJECT_ID" 58 | ] 59 | }, 60 | "resource_permissions":{ 61 | "!kube-system/['tokenReviews']":[ 62 | "*" 63 | ], 64 | "!kube-system/['apiServices', 'bindings', 'componentstatuses', 'configmaps', 'cronjobs', 'customResourceDefinitions', 'deployments', 'endpoints', 'events', 'horizontalPodAutoscalers', 'ingresses', 'initializerConfigurations', 'jobs', 'limitRanges', 'localSubjectAccessReviews', 'namespaces', 'networkPolicies', 'persistentVolumeClaims', 'persistentVolumes', 'podDisruptionBudgets', 'podPresets', 'podTemplates', 'pods', 'replicaSets', 'replicationControllers', 'resourceQuotas', 'secrets', 'selfSubjectAccessReviews', 'serviceAccounts', 'services', 'statefulSets', 'storageClasses', 'subjectAccessReviews']":[ 65 | "get", 66 | "list", 67 | "watch" 68 | ], 69 | "*/['clusterrolebindings', 'clusterroles', 'rolebindings', 'roles', 'controllerrevisions', 'nodes', 'podSecurityPolicies']":[ 70 | "get", 71 | "list", 72 | "watch" 73 | ] 74 | } 75 | } 76 | ] 77 | -------------------------------------------------------------------------------- /templates/magnum.conf.j2: -------------------------------------------------------------------------------- 1 | [DEFAULT] 2 | # Disable stderr logging 3 | use_stderr = False 4 | debug = {{ debug }} 5 | use_journal = True 6 | host = {{ ansible_host }} 7 | transport_url = {{ magnum_oslomsg_rpc_transport }}://{% for host in magnum_oslomsg_rpc_servers.split(',') %}{{ magnum_oslomsg_rpc_userid }}:{{ magnum_oslomsg_rpc_password }}@{{ host }}:{{ magnum_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ _magnum_oslomsg_rpc_vhost_conf }}{% if magnum_oslomsg_rpc_use_ssl | bool %}?ssl=1&ssl_version={{ magnum_oslomsg_rpc_ssl_version }}&ssl_ca_file={{ magnum_oslomsg_rpc_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %} 8 | 9 | [api] 10 | host = {{ ansible_host }} 11 | 12 | [drivers] 13 | # NOTE(mnaser): Remove this once the following bug is fixed 14 | # https://bugs.launchpad.net/magnum/+bug/1746510 15 | send_cluster_metrics = False 16 | 17 | [barbican_client] 18 | region_name = {{ magnum_barbican_service_region }} 19 | endpoint_type = internalURL 20 | 21 | [cinder_client] 22 | region_name = {{ magnum_cinder_service_region }} 23 | endpoint_type = internalURL 24 | 25 | [conductor] 26 | workers = {{ magnum_conductor_workers }} 27 | 28 | [database] 29 | connection = mysql+pymysql://{{ magnum_galera_user }}:{{ magnum_galera_password }}@{{ magnum_galera_address }}:{{ magnum_galera_port }}/{{ magnum_galera_database_name }}?charset=utf8{% if magnum_galera_use_ssl | bool %}&ssl_verify_cert=true{% if magnum_galera_ssl_ca_cert | length > 0 %}&ssl_ca={{ magnum_galera_ssl_ca_cert }}{% endif %}{% endif +%} 30 | max_overflow = {{ magnum_db_max_overflow }} 31 | max_pool_size = {{ magnum_db_max_pool_size }} 32 | pool_timeout = {{ magnum_db_pool_timeout }} 33 | connection_recycle_time = {{ magnum_db_connection_recycle_time }} 34 | 35 | [glance_client] 36 | region_name = {{ magnum_glance_service_region }} 37 | endpoint_type = internalURL 38 | 39 | [heat_client] 40 | region_name = {{ magnum_heat_service_region }} 41 | endpoint_type = internalURL 42 | 43 | [keystone_auth] 44 | auth_section = keystone_authtoken 45 | insecure = {{ keystone_service_internaluri_insecure | bool }} 46 | 47 | [keystone_authtoken] 48 | region_name = {{ magnum_keystone_service_region }} 49 | www_authenticate_uri = {{ keystone_service_internaluri }} 50 | auth_version = v3 51 | memcached_servers = {{ magnum_memcached_servers }} 52 | token_cache_time = 300 53 | auth_type = {{ magnum_keystone_auth_plugin }} 54 | auth_url = {{ keystone_service_internalurl }} 55 | project_domain_name = {{ magnum_service_project_domain_name }} 56 | user_domain_name = {{ magnum_service_user_domain_name }} 57 | project_name = {{ magnum_service_project_name }} 58 | username = {{ magnum_service_user_name }} 59 | password = {{ magnum_service_password }} 60 | service_token_roles_required = {{ magnum_service_token_roles_required | bool }} 61 | service_token_roles = {{ magnum_service_token_roles | join(',') }} 62 | service_type = {{ magnum_service_type }} 63 | 64 | [magnum_client] 65 | region_name = {{ magnum_service_region }} 66 | endpoint_type = publicURL 67 | 68 | [neutron_client] 69 | region_name = {{ magnum_neutron_service_region }} 70 | endpoint_type = internalURL 71 | 72 | [nova_client] 73 | region_name = {{ magnum_nova_service_region }} 74 | endpoint_type = internalURL 75 | 76 | [octavia_client] 77 | region_name = {{ magnum_octavia_service_region }} 78 | endpoint_type = internalURL 79 | 80 | [oslo_messaging_notifications] 81 | driver = {{ (magnum_oslomsg_notify_configure | bool) | ternary('messagingv2', 'noop') }} 82 | transport_url = {{ magnum_oslomsg_notify_transport }}://{% for host in magnum_oslomsg_notify_servers.split(',') %}{{ magnum_oslomsg_notify_userid }}:{{ magnum_oslomsg_notify_password }}@{{ host }}:{{ magnum_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ _magnum_oslomsg_notify_vhost_conf }}{% if magnum_oslomsg_notify_use_ssl | bool %}?ssl=1&ssl_version={{ magnum_oslomsg_notify_ssl_version }}&ssl_ca_file={{ magnum_oslomsg_notify_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %} 83 | 84 | [oslo_messaging_rabbit] 85 | ssl = {{ magnum_oslomsg_rpc_use_ssl }} 86 | rabbit_notification_exchange = magnum 87 | rabbit_notification_topic = notification 88 | rabbit_quorum_queue = {{ magnum_oslomsg_rabbit_quorum_queues }} 89 | rabbit_transient_quorum_queue = {{ magnum_oslomsg_rabbit_transient_quorum_queues }} 90 | rabbit_qos_prefetch_count = {{ magnum_oslomsg_rabbit_qos_prefetch_count }} 91 | use_queue_manager = {{ magnum_oslomsg_rabbit_queue_manager }} 92 | {% if magnum_oslomsg_rabbit_queue_manager %} 93 | hostname = {{ [ansible_facts['hostname'], magnum_service_name] | join('-') }} 94 | {% endif %} 95 | rabbit_stream_fanout = {{ magnum_oslomsg_rabbit_stream_fanout }} 96 | rabbit_quorum_delivery_limit = {{ magnum_oslomsg_rabbit_quorum_delivery_limit }} 97 | rabbit_quorum_max_memory_bytes = {{ magnum_oslomsg_rabbit_quorum_max_memory_bytes }} 98 | 99 | [oslo_concurrency] 100 | lock_path = /run/lock/{{ magnum_services['magnum-api']['service_name'] }}/uwsgi 101 | 102 | [profiler] 103 | enabled = false 104 | 105 | [trust] 106 | trustee_domain_admin_password = {{ magnum_trustee_password }} 107 | trustee_domain_admin_name = {{ magnum_trustee_domain_admin_name }} 108 | trustee_domain_name = {{ magnum_trustee_domain_name }} 109 | cluster_user_trust = {{ magnum_cluster_user_trust }} 110 | trustee_keystone_interface= public 111 | trustee_keystone_region_name = {{ magnum_service_region }} 112 | 113 | [certificates] 114 | cert_manager_type = {{ magnum_cert_manager_type }} 115 | -------------------------------------------------------------------------------- /tests/ansible-role-requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: apt_package_pinning 3 | src: https://opendev.org/openstack/openstack-ansible-apt_package_pinning 4 | scm: git 5 | version: master 6 | - name: ceph_client 7 | src: https://opendev.org/openstack/openstack-ansible-ceph_client 8 | scm: git 9 | version: master 10 | - name: openstack_openrc 11 | src: https://opendev.org/openstack/openstack-ansible-openstack_openrc 12 | scm: git 13 | version: master 14 | - name: memcached_server 15 | src: https://opendev.org/openstack/openstack-ansible-memcached_server 16 | scm: git 17 | version: master 18 | - name: lxc_hosts 19 | src: https://opendev.org/openstack/openstack-ansible-lxc_hosts 20 | scm: git 21 | version: master 22 | - name: lxc_container_create 23 | src: https://opendev.org/openstack/openstack-ansible-lxc_container_create 24 | scm: git 25 | version: master 26 | - name: openstack_hosts 27 | src: https://opendev.org/openstack/openstack-ansible-openstack_hosts 28 | scm: git 29 | version: master 30 | - name: galera_client 31 | src: https://opendev.org/openstack/openstack-ansible-galera_client 32 | scm: git 33 | version: master 34 | - name: galera_server 35 | src: https://opendev.org/openstack/openstack-ansible-galera_server 36 | scm: git 37 | version: master 38 | - name: haproxy_server 39 | src: https://opendev.org/openstack/openstack-ansible-haproxy_server 40 | scm: git 41 | version: master 42 | - name: rabbitmq_server 43 | src: https://opendev.org/openstack/openstack-ansible-rabbitmq_server 44 | scm: git 45 | version: master 46 | - name: os_keystone 47 | src: https://opendev.org/openstack/openstack-ansible-os_keystone 48 | scm: git 49 | version: master 50 | - name: os_glance 51 | src: https://opendev.org/openstack/openstack-ansible-os_glance 52 | scm: git 53 | version: master 54 | - name: os_nova 55 | src: https://opendev.org/openstack/openstack-ansible-os_nova 56 | scm: git 57 | version: master 58 | - name: etcd # dependency of os_neutron role 59 | scm: git 60 | src: https://github.com/logan2211/ansible-etcd 61 | version: master 62 | - name: os_neutron 63 | src: https://opendev.org/openstack/openstack-ansible-os_neutron 64 | scm: git 65 | version: master 66 | - name: os_tempest 67 | src: https://opendev.org/openstack/openstack-ansible-os_tempest 68 | scm: git 69 | version: master 70 | - name: os_cinder 71 | src: https://opendev.org/openstack/openstack-ansible-os_cinder 72 | scm: git 73 | version: master 74 | - name: os_heat 75 | src: https://opendev.org/openstack/openstack-ansible-os_heat 76 | scm: git 77 | version: master 78 | - name: opendaylight 79 | scm: git 80 | src: https://github.com/opendaylight/integration-packaging-ansible-opendaylight 81 | version: master 82 | - name: systemd_service 83 | src: https://opendev.org/openstack/ansible-role-systemd_service 84 | scm: git 85 | version: master 86 | - name: python_venv_build 87 | src: https://opendev.org/openstack/ansible-role-python_venv_build 88 | scm: git 89 | version: master 90 | - name: uwsgi 91 | src: https://opendev.org/openstack/ansible-role-uwsgi 92 | scm: git 93 | version: master 94 | -------------------------------------------------------------------------------- /tests/group_vars/all_containers.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | container_networks: 17 | management_address: 18 | address: "{{ ansible_host }}" 19 | bridge: "br-mgmt" 20 | interface: "eth1" 21 | netmask: "255.255.255.0" 22 | type: "veth" 23 | tunnel_address: 24 | address: "{{ tunnel_address }}" 25 | bridge: "br-vxlan" 26 | interface: "eth2" 27 | netmask: "255.255.255.0" 28 | type: "veth" 29 | vlan_address: 30 | bridge: "br-vlan" 31 | interface: "eth12" 32 | netmask: null 33 | type: "veth" 34 | physical_host: localhost 35 | properties: 36 | service_name: "{{ inventory_hostname }}" 37 | -------------------------------------------------------------------------------- /tests/host_vars/compute1: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | ansible_host: 10.1.1.1 17 | neutron_local_ip: 10.1.2.1 18 | -------------------------------------------------------------------------------- /tests/host_vars/infra1.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | ansible_host: 10.1.1.101 17 | ansible_become: True 18 | ansible_user: root 19 | container_name: infra1 20 | tunnel_address: 10.1.2.101 21 | -------------------------------------------------------------------------------- /tests/host_vars/localhost.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | bridges: 17 | - name: "br-mgmt" 18 | ip_addr: "10.1.1.1" 19 | - name: "br-vxlan" 20 | ip_addr: "10.1.2.1" 21 | - name: "br-vlan" 22 | ip_addr: "10.1.3.1" 23 | veth_peer: "eth12" 24 | -------------------------------------------------------------------------------- /tests/host_vars/openstack1.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | ansible_host: 10.1.1.102 17 | ansible_become: True 18 | ansible_user: root 19 | container_name: openstack1 20 | tunnel_address: 10.1.2.102 21 | neutron_local_ip: 10.1.2.102 22 | -------------------------------------------------------------------------------- /tests/host_vars/storage1: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | ansible_host: 10.1.1.1 17 | -------------------------------------------------------------------------------- /tests/inventory: -------------------------------------------------------------------------------- 1 | [all] 2 | localhost 3 | infra1 4 | openstack1 5 | compute1 6 | storage1 7 | 8 | [all_containers] 9 | infra1 10 | openstack1 11 | 12 | [oslomsg_rpc_all] 13 | infra1 14 | 15 | [oslomsg_notify_all] 16 | infra1 17 | 18 | [rabbitmq_all] 19 | infra1 20 | 21 | [galera_all] 22 | infra1 23 | 24 | [memcached_all] 25 | infra1 26 | 27 | [service_all:children] 28 | rabbitmq_all 29 | galera_all 30 | 31 | [keystone_all] 32 | openstack1 33 | 34 | [glance_api] 35 | openstack1 36 | 37 | [glance_registry] 38 | openstack1 39 | 40 | [glance_all:children] 41 | glance_api 42 | glance_registry 43 | 44 | [magnum_all] 45 | openstack1 46 | 47 | [utility_all] 48 | openstack1 49 | 50 | [neutron_agent] 51 | openstack1 52 | 53 | [neutron_dhcp_agent] 54 | openstack1 55 | 56 | [neutron_linuxbridge_agent] 57 | openstack1 58 | 59 | [neutron_openvswitch_agent] 60 | 61 | [neutron_metering_agent] 62 | openstack1 63 | 64 | [neutron_l3_agent] 65 | openstack1 66 | 67 | [neutron_lbaas_agent] 68 | openstack1 69 | 70 | [neutron_metadata_agent] 71 | openstack1 72 | 73 | [neutron_server] 74 | openstack1 75 | 76 | [neutron_all:children] 77 | neutron_agent 78 | neutron_dhcp_agent 79 | neutron_linuxbridge_agent 80 | neutron_openvswitch_agent 81 | neutron_metering_agent 82 | neutron_l3_agent 83 | neutron_lbaas_agent 84 | neutron_metadata_agent 85 | neutron_server 86 | 87 | [nova_api_metadata] 88 | openstack1 89 | 90 | [nova_api_os_compute] 91 | openstack1 92 | 93 | [nova_cert] 94 | openstack1 95 | 96 | [nova_compute] 97 | compute1 98 | 99 | [nova_conductor] 100 | openstack1 101 | 102 | [nova_console] 103 | openstack1 104 | 105 | [nova_scheduler] 106 | openstack1 107 | 108 | [nova_api_placement] 109 | openstack1 110 | 111 | [nova_all:children] 112 | nova_api_metadata 113 | nova_api_os_compute 114 | nova_api_placement 115 | nova_cert 116 | nova_compute 117 | nova_conductor 118 | nova_console 119 | nova_scheduler 120 | 121 | [heat_all:children] 122 | heat_api 123 | heat_engine 124 | heat_api_cfn 125 | heat_api_cloudwatch 126 | heat_engine_container 127 | heat_apis_container 128 | 129 | [heat_api] 130 | openstack1 131 | 132 | [heat_engine] 133 | openstack1 134 | 135 | [heat_api_cfn] 136 | openstack1 137 | 138 | [heat_api_cloudwatch] 139 | openstack1 140 | 141 | [heat_engine_container] 142 | openstack1 143 | 144 | [heat_apis_container] 145 | openstack1 146 | 147 | [cinder_api] 148 | openstack1 149 | 150 | [cinder_scheduler] 151 | openstack1 152 | 153 | [cinder_backup] 154 | openstack1 155 | 156 | [cinder_volume] 157 | storage1 158 | 159 | [cinder_all:children] 160 | cinder_api 161 | cinder_scheduler 162 | cinder_backup 163 | cinder_volume 164 | -------------------------------------------------------------------------------- /tests/os_magnum-overrides.yml: -------------------------------------------------------------------------------- 1 | --- 2 | magnum_developer_mode: true 3 | magnum_galera_password: secrete 4 | magnum_galera_address: "{{ test_galera_host }}" 5 | magnum_service_password: secrete 6 | magnum_oslomsg_rpc_password: secrete 7 | magnum_trustee_password: secrete 8 | 9 | # TODO: Install and use barbican for certificate management 10 | # Make sure we use x509keypair for now 11 | magnum_cert_manager_type: x509keypair 12 | 13 | tempest_run: yes 14 | 15 | tempest_plugins: 16 | - name: magnum 17 | repo: https://opendev.org/openstack/magnum-tempest-plugin 18 | branch: master 19 | 20 | tempest_test_whitelist: 21 | - magnum_tempest_plugin.tests.api.v1.test_cluster.ClusterTest.test_create_cluster* 22 | 23 | tempest_flavors: 24 | - name: m1.magnum 25 | id: 100 26 | ram: 1024 27 | disk: 10 28 | vcpus: 1 29 | 30 | tempest_tempest_conf_overrides: 31 | magnum: 32 | flavor_id: m1.magnum 33 | master_flavor_id: m1.magnum 34 | 35 | neutron_provider_networks: 36 | network_types: "vxlan,flat" 37 | network_mappings: "flat:eth12" 38 | network_vxlan_ranges: "1:1000" 39 | 40 | external_lb_vip_address: 10.1.1.1 41 | internal_lb_vip_address: 10.1.1.1 42 | 43 | test_keystone_host: "{{ external_lb_vip_address }}" 44 | glance_service_publicuri: "http://{{ external_lb_vip_address }}:9292" 45 | test_cinder_api_host: "{{ external_lb_vip_address }}" 46 | nova_service_publicuri: "http://{{ external_lb_vip_address }}:8774" 47 | neutron_service_publicuri: "http://{{ external_lb_vip_address }}:9696" 48 | 49 | magnum_glance_images: 50 | - name: fedora-atomic-latest 51 | disk_format: qcow2 52 | image_format: bare 53 | public: true 54 | file: https://fedorapeople.org/groups/magnum/fedora-atomic-latest.qcow2 55 | distro: fedora-atomic 56 | checksum: "sha1:f2aacc68fcb32ff7f2099b80e5b25bdad7ce9e33" 57 | 58 | haproxy_default_services: 59 | - service: 60 | haproxy_service_name: galera 61 | haproxy_backend_nodes: "{{ [groups['galera_all'][0]] | default([]) }}" # list expected 62 | haproxy_backup_nodes: "{{ groups['galera_all'][1:] | default([]) }}" 63 | haproxy_port: 3306 64 | haproxy_balance_type: tcp 65 | haproxy_timeout_client: 5000s 66 | haproxy_timeout_server: 5000s 67 | haproxy_backend_options: 68 | - "mysql-check user {{ galera_monitoring_user }}" 69 | haproxy_whitelist_networks: 70 | - 192.168.0.0/16 71 | - 172.16.0.0/12 72 | - 10.0.0.0/8 73 | - service: 74 | haproxy_service_name: glance_api 75 | haproxy_backend_nodes: "{{ groups['glance_api'] | default([]) }}" 76 | haproxy_ssl: "{{ haproxy_ssl }}" 77 | haproxy_port: 9292 78 | haproxy_balance_type: http 79 | haproxy_backend_options: 80 | - "httpchk /healthcheck" 81 | - service: 82 | haproxy_service_name: glance_registry 83 | haproxy_backend_nodes: "{{ groups['glance_registry'] | default([]) }}" 84 | haproxy_ssl: "{{ haproxy_ssl }}" 85 | haproxy_port: 9191 86 | haproxy_balance_type: http 87 | haproxy_backend_options: 88 | - "httpchk /healthcheck" 89 | haproxy_whitelist_networks: 90 | - 192.168.0.0/16 91 | - 172.16.0.0/12 92 | - 10.0.0.0/8 93 | - service: 94 | haproxy_service_name: heat_api_cfn 95 | haproxy_backend_nodes: "{{ groups['heat_api_cfn'] | default([]) }}" 96 | haproxy_port: 8000 97 | haproxy_ssl: "{{ haproxy_ssl }}" 98 | haproxy_balance_type: http 99 | haproxy_backend_options: 100 | - "httpchk HEAD /" 101 | - service: 102 | haproxy_service_name: heat_api_cloudwatch 103 | haproxy_backend_nodes: "{{ groups['heat_api_cloudwatch'] | default([]) }}" 104 | haproxy_port: 8003 105 | haproxy_ssl: "{{ haproxy_ssl }}" 106 | haproxy_balance_type: http 107 | haproxy_backend_options: 108 | - "httpchk HEAD /" 109 | - service: 110 | haproxy_service_name: heat_api 111 | haproxy_backend_nodes: "{{ groups['heat_api'] | default([]) }}" 112 | haproxy_port: 8004 113 | haproxy_ssl: "{{ haproxy_ssl }}" 114 | haproxy_balance_type: http 115 | haproxy_backend_options: 116 | - "httpchk HEAD /" 117 | - service: 118 | haproxy_service_name: keystone_service 119 | haproxy_backend_nodes: "{{ groups['keystone_all'] | default([]) }}" 120 | haproxy_port: 5000 121 | haproxy_ssl: "{{ haproxy_ssl }}" 122 | haproxy_balance_type: "http" 123 | haproxy_backend_options: 124 | - "httpchk HEAD /" 125 | - service: 126 | haproxy_service_name: keystone_admin 127 | haproxy_backend_nodes: "{{ groups['keystone_all'] | default([]) }}" 128 | haproxy_port: 5000 129 | haproxy_balance_type: "http" 130 | haproxy_backend_options: 131 | - "httpchk HEAD /" 132 | haproxy_whitelist_networks: 133 | - 192.168.0.0/16 134 | - 172.16.0.0/12 135 | - 10.0.0.0/8 136 | - service: 137 | haproxy_service_name: neutron_server 138 | haproxy_backend_nodes: "{{ groups['neutron_server'] | default([]) }}" 139 | haproxy_port: 9696 140 | haproxy_ssl: "{{ haproxy_ssl }}" 141 | haproxy_balance_type: http 142 | haproxy_backend_options: 143 | - "httpchk HEAD /" 144 | - service: 145 | haproxy_service_name: nova_api_metadata 146 | haproxy_backend_nodes: "{{ groups['nova_api_metadata'] | default([]) }}" 147 | haproxy_port: 8775 148 | haproxy_ssl: "{{ haproxy_ssl }}" 149 | haproxy_balance_type: http 150 | haproxy_backend_options: 151 | - "httpchk HEAD /" 152 | haproxy_whitelist_networks: 153 | - 192.168.0.0/16 154 | - 172.16.0.0/12 155 | - 10.0.0.0/8 156 | - service: 157 | haproxy_service_name: nova_api_os_compute 158 | haproxy_backend_nodes: "{{ groups['nova_api_os_compute'] | default([]) }}" 159 | haproxy_ssl: "{{ haproxy_ssl }}" 160 | haproxy_port: 8774 161 | haproxy_balance_type: http 162 | haproxy_backend_options: 163 | - "httpchk HEAD /" 164 | - service: 165 | haproxy_service_name: nova_console 166 | haproxy_backend_nodes: "{{ groups['nova_console'] | default([]) }}" 167 | haproxy_ssl: "{{ haproxy_ssl }}" 168 | haproxy_port: 6082 169 | haproxy_balance_type: tcp 170 | haproxy_timeout_client: 60m 171 | haproxy_timeout_server: 60m 172 | haproxy_balance_alg: source 173 | haproxy_backend_options: 174 | - tcp-check 175 | - service: 176 | haproxy_service_name: cinder_api 177 | haproxy_backend_nodes: "{{ groups['cinder_api'] | default([]) }}" 178 | haproxy_ssl: "{{ haproxy_ssl }}" 179 | haproxy_port: 8776 180 | haproxy_balance_type: http 181 | haproxy_backend_options: 182 | - "httpchk HEAD /" 183 | - service: 184 | haproxy_service_name: rabbitmq_mgmt 185 | haproxy_backend_nodes: "{{ groups['rabbitmq'] | default([]) }}" 186 | haproxy_ssl: "{{ haproxy_ssl }}" 187 | haproxy_port: 15672 188 | haproxy_balance_type: http 189 | haproxy_backend_options: 190 | - "httpchk HEAD /" 191 | haproxy_whitelist_networks: 192 | - 192.168.0.0/16 193 | - 172.16.0.0/12 194 | - 10.0.0.0/8 195 | - service: 196 | haproxy_service_name: magnum 197 | haproxy_backend_nodes: "{{ groups['magnum_all'] | default([]) }}" 198 | haproxy_ssl: "{{ haproxy_ssl }}" 199 | haproxy_port: 9511 200 | haproxy_balance_type: http 201 | haproxy_backend_options: 202 | - "httpchk GET /" 203 | 204 | haproxy_ssl: false 205 | -------------------------------------------------------------------------------- /tests/test-install-haproxy.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Install haproxy 17 | hosts: localhost 18 | connection: local 19 | become: true 20 | roles: 21 | - role: "haproxy_server" 22 | haproxy_service_configs: "{{ haproxy_default_services }}" 23 | vars_files: 24 | - common/test-vars.yml 25 | -------------------------------------------------------------------------------- /tests/test-install-magnum.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Catalyst IT Limited 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Install magnum server 17 | hosts: magnum_all 18 | remote_user: root 19 | vars_files: 20 | - common/test-vars.yml 21 | roles: 22 | - role: "os_magnum" 23 | -------------------------------------------------------------------------------- /tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Catalyst IT Limited 3 | # Copyright 2016, Rackspace US, Inc 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # Prepare the hosts 18 | - import_playbook: common/test-setup-host.yml 19 | 20 | # Install haproxy 21 | - import_playbook: test-install-haproxy.yml 22 | 23 | # Prepare the cinder-volumes VG 24 | - import_playbook: common/test-setup-cinder-localhost.yml 25 | 26 | # Install memcached 27 | - import_playbook: common/test-install-memcached.yml 28 | 29 | # Install galera 30 | - import_playbook: common/test-install-galera.yml 31 | 32 | # Install rabbitmq 33 | - import_playbook: common/test-install-rabbitmq.yml 34 | 35 | # Install keystone 36 | - import_playbook: common/test-install-keystone.yml 37 | 38 | # Install glance 39 | - import_playbook: common/test-install-glance.yml 40 | 41 | # Install cinder 42 | - import_playbook: common/test-install-cinder.yml 43 | 44 | # Install nova 45 | - import_playbook: common/test-install-nova.yml 46 | 47 | # Install neutron 48 | - import_playbook: common/test-install-neutron.yml 49 | 50 | # Install heat 51 | - import_playbook: common/test-install-heat.yml 52 | 53 | # Install magnum 54 | - import_playbook: test-install-magnum.yml 55 | 56 | # Install and execute tempest 57 | - import_playbook: common/test-install-tempest.yml 58 | -------------------------------------------------------------------------------- /tox.ini: -------------------------------------------------------------------------------- 1 | [tox] 2 | minversion = 3.1 3 | skipsdist = True 4 | envlist = docs,linters,functional 5 | ignore_basepython_conflict = True 6 | 7 | [testenv] 8 | basepython = python3 9 | usedevelop = False 10 | commands = 11 | /usr/bin/find . -type f -name "*.pyc" -delete 12 | passenv = 13 | COMMON_TESTS_PATH 14 | HOME 15 | http_proxy 16 | HTTP_PROXY 17 | https_proxy 18 | HTTPS_PROXY 19 | no_proxy 20 | NO_PROXY 21 | TESTING_BRANCH 22 | TESTING_HOME 23 | USER 24 | allowlist_externals = 25 | bash 26 | setenv = 27 | PYTHONUNBUFFERED=1 28 | ROLE_NAME=os_magnum 29 | TEST_IDEMPOTENCE=false 30 | VIRTUAL_ENV={envdir} 31 | WORKING_DIR={toxinidir} 32 | 33 | [testenv:docs] 34 | deps = 35 | -r{toxinidir}/doc/requirements.txt 36 | -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master} 37 | commands = 38 | bash -c "rm -rf doc/build" 39 | doc8 doc 40 | sphinx-build -W --keep-going -b html doc/source doc/build/html 41 | 42 | [testenv:pdf-docs] 43 | deps = {[testenv:docs]deps} 44 | allowlist_externals = 45 | make 46 | commands = 47 | sphinx-build -W --keep-going -b latex doc/source doc/build/pdf 48 | make -C doc/build/pdf 49 | 50 | [doc8] 51 | extensions = .rst 52 | 53 | [testenv:releasenotes] 54 | deps = 55 | -r{toxinidir}/doc/requirements.txt 56 | -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master} 57 | commands = 58 | sphinx-build -a -E -W -d releasenotes/build/doctrees --keep-going -b html releasenotes/source releasenotes/build/html 59 | 60 | [testenv:venv] 61 | commands = 62 | {posargs} 63 | 64 | [testenv:pep8] 65 | commands = 66 | bash -c "{toxinidir}/tests/common/test-pep8.sh" 67 | 68 | [flake8] 69 | ignore = F403 70 | 71 | [testenv:bashate] 72 | commands = 73 | bash -c "{toxinidir}/tests/common/test-bashate.sh" 74 | 75 | [testenv:ansible-syntax] 76 | commands = 77 | bash -c "{toxinidir}/tests/common/test-ansible-syntax.sh" 78 | 79 | [testenv:ansible-lint] 80 | commands = 81 | bash -c "{toxinidir}/tests/common/test-ansible-lint.sh" 82 | 83 | [testenv:functional] 84 | commands = 85 | bash -c "{toxinidir}/tests/common/test-ansible-functional.sh" 86 | 87 | [testenv:linters] 88 | commands = 89 | bash -c "{toxinidir}/tests/common/test-ansible-env-prep.sh" 90 | {[testenv:pep8]commands} 91 | {[testenv:bashate]commands} 92 | {[testenv:ansible-lint]commands} 93 | {[testenv:ansible-syntax]commands} 94 | -------------------------------------------------------------------------------- /vars/debian.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Walmart Stores, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | ## APT Cache options 17 | cache_timeout: 600 18 | 19 | magnum_distro_packages: 20 | - libxml2 21 | 22 | # Packages for buildind the python wheels 23 | magnum_devel_distro_packages: 24 | - libssl-dev 25 | - libxml2-dev 26 | - libxslt1-dev 27 | - libpq-dev 28 | - libsystemd-dev 29 | - git 30 | - libffi-dev 31 | - gettext 32 | - build-essential 33 | -------------------------------------------------------------------------------- /vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2017, Rackspace US, Inc. 3 | # Copyright 2018, VEXXHOST, Inc. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | _magnum_is_first_play_host: >- 18 | {{ 19 | (magnum_services['magnum-api']['group'] in group_names and 20 | inventory_hostname == (groups[magnum_services['magnum-api']['group']] | select('in', ansible_play_hosts)) | first) | bool 21 | }} 22 | _magnum_is_last_play_host: >- 23 | {{ 24 | (magnum_services['magnum-api']['group'] in group_names and 25 | inventory_hostname == (groups[magnum_services['magnum-api']['group']] | select('in', ansible_play_hosts)) | last) | bool 26 | }} 27 | _magnum_oslomsg_rpc_vhost_conf: >- 28 | {{ 29 | (magnum_oslomsg_rpc_vhost is string) | ternary( 30 | magnum_oslomsg_rpc_vhost, magnum_oslomsg_rpc_vhost | selectattr('state', 'eq', 'present') | map(attribute='name') | first) 31 | }} 32 | _magnum_oslomsg_notify_vhost_conf: >- 33 | {{ 34 | (magnum_oslomsg_notify_vhost is string) | ternary( 35 | magnum_oslomsg_notify_vhost, magnum_oslomsg_notify_vhost | selectattr('state', 'eq', 'present') | map(attribute='name') | first) 36 | }} 37 | 38 | # 39 | # Compile a list of the services on a host based on whether 40 | # the host is in the host group and the service is enabled. 41 | # The service list is provided in the defined start order. 42 | # 43 | filtered_magnum_services: |- 44 | {% set services = [] %} 45 | {% for key, value in magnum_services.items() %} 46 | {% if (value['group'] in group_names) and 47 | (('condition' not in value) or 48 | ('condition' in value and value['condition'])) and 49 | not ('wsgi_app' in value and value['wsgi_app']) %} 50 | {% set _ = value.update( 51 | { 52 | 'service_key': key, 53 | 'enabled': value['enabled'] | default(True), 54 | 'state': value['state'] | default('started'), 55 | 'config_overrides': value.init_config_overrides 56 | } 57 | ) 58 | %} 59 | {% set _ = value.pop('init_config_overrides') -%} 60 | {% set _ = services.append(value) %} 61 | {% endif %} 62 | {% endfor %} 63 | {{ services | sort(attribute='start_order') }} 64 | 65 | uwsgi_magnum_services: |- 66 | {% set services = {} %} 67 | {% for key, value in magnum_services.items() %} 68 | {% if (value['group'] in group_names) and 69 | (('condition' not in value) or ('condition' in value and value['condition'])) 70 | and ('wsgi_app' in value and value['wsgi_app']) %} 71 | {% set _ = value.update( 72 | { 73 | 'wsgi_venv': magnum_bin | dirname, 74 | 'uwsgi_uid': magnum_system_user_name, 75 | 'uwsgi_guid': magnum_system_group_name, 76 | 'uwsgi_processes': magnum_wsgi_processes, 77 | 'uwsgi_threads': magnum_wsgi_threads 78 | } 79 | ) %} 80 | {% set _ = services.update({key: value}) %} 81 | {% endif %} 82 | {% endfor %} 83 | {{ services }} 84 | 85 | _magnum_glance_images_compat: |- 86 | {% set images = [] %} 87 | {% for image in magnum_glance_images %} 88 | {% if 'public' in image and image['public'] %} 89 | {% set _ = image.update({'visibility': 'public'}) %} 90 | {% set _ = image.pop('public') %} 91 | {% endif %} 92 | {% if 'distro' in image %} 93 | {% set image_properties = image.get('properties', {}) %} 94 | {% set _ = image_properties.update({'os_distro': image.pop('distro')}) %} 95 | {% set _ = image.update({'properties': image_properties}) %} 96 | {% endif %} 97 | {% if 'file' in image and image['file'] is url %} 98 | {% set _ = image.update({'url': image.pop('file')}) %} 99 | {% endif %} 100 | {# NOTE(noonedeadpunk): Glance requires image checksum to be in plain md5 only #} 101 | {% if 'checksum' in image and image['checksum'].split(':') | length > 1 %} 102 | {% set _ = image.pop('checksum') %} 103 | {% endif %} 104 | {% set _ = images.append(image) %} 105 | {% endfor %} 106 | {{ images }} 107 | -------------------------------------------------------------------------------- /vars/redhat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2017, Red Hat, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | # Common packages 17 | magnum_distro_packages: 18 | - libxml2 19 | 20 | # Packages for building the python wheels 21 | magnum_devel_distro_packages: 22 | - openssl-devel 23 | - libxml2-devel 24 | - libxslt-devel 25 | - postgresql-devel 26 | - git 27 | - libffi-devel 28 | - gettext 29 | - gcc 30 | - systemd-devel 31 | -------------------------------------------------------------------------------- /zuul.d/jobs.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | - job: 3 | # test a full deployment of openstack, k8s control plane, octavia, magnum+magnum_cluster_api 4 | name: openstack-ansible-deploy-aio_magnum_octavia_capi_kvm-base 5 | parent: openstack-ansible-deploy-aio 6 | nodeset: osa-ubuntu-jammy-32GB 7 | vars: 8 | osa_pre_run_bootstrap: false 9 | required-projects: 10 | - name: openstack/openstack-ansible-ops 11 | pre-run: 12 | - zuul.d/playbooks/bootstrap-mcapi-vexxhost.yml 13 | 14 | - job: 15 | # test a full deployment of mcapi on ubuntu jammy 16 | name: openstack-ansible-deploy-aio_magnum_octavia_capi_kvm-ubuntu-jammy 17 | parent: openstack-ansible-deploy-aio_magnum_octavia_capi_kvm-base 18 | nodeset: osa-ubuntu-jammy-32GB 19 | 20 | - job: 21 | # test a full deployment of mcapi on ubuntu jammy 22 | name: openstack-ansible-deploy-aio_magnum_octavia_capi_kvm-ubuntu-noble 23 | parent: openstack-ansible-deploy-aio_magnum_octavia_capi_kvm-base 24 | nodeset: osa-ubuntu-noble-32GB 25 | 26 | - job: 27 | # test a deployment of only the high-availability control plane k8s cluster 28 | name: openstack-ansible-deploy-hosts_lxc_k8s-base 29 | parent: openstack-ansible-deploy-aio-hosts 30 | vars: 31 | osa_pre_run_bootstrap: false 32 | required-projects: 33 | - name: openstack/openstack-ansible-ops 34 | pre-run: 35 | - zuul.d/playbooks/bootstrap-mcapi-k8s.yml 36 | 37 | - job: 38 | name: openstack-ansible-deploy-hosts_lxc_k8s-ubuntu-jammy 39 | parent: openstack-ansible-deploy-hosts_lxc_k8s-base 40 | nodeset: ubuntu-jammy 41 | 42 | - job: 43 | name: openstack-ansible-deploy-hosts_lxc_k8s-ubuntu-noble 44 | parent: openstack-ansible-deploy-hosts_lxc_k8s-base 45 | nodeset: ubuntu-noble 46 | 47 | - job: 48 | name: openstack-ansible-deploy-hosts_lxc_k8s-debian-bookworm 49 | parent: openstack-ansible-deploy-hosts_lxc_k8s-base 50 | nodeset: debian-bookworm 51 | 52 | - job: 53 | name: openstack-ansible-deploy-hosts_lxc_k8s-rockylinux-9 54 | parent: openstack-ansible-deploy-hosts_lxc_k8s-base 55 | nodeset: rockylinux-9 56 | -------------------------------------------------------------------------------- /zuul.d/nodesets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | - nodeset: 3 | name: osa-ubuntu-jammy-32GB 4 | nodes: 5 | - name: osa-ubuntu-jammy-32GB 6 | label: ubuntu-jammy-32GB 7 | 8 | - nodeset: 9 | name: osa-ubuntu-noble-32GB 10 | nodes: 11 | - name: osa-ubuntu-noble-32GB 12 | label: ubuntu-noble-32GB 13 | -------------------------------------------------------------------------------- /zuul.d/playbooks/bootstrap-mcapi-k8s.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2024, BBC R&D. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Bootstrap configuration for Vexxhost magnum-cluster-api driver 17 | hosts: all 18 | become: true 19 | become_user: root 20 | tasks: 21 | - name: Copy configuration files into place 22 | ansible.builtin.copy: 23 | src: "{{ ansible_user_dir }}/src/opendev.org/openstack/openstack-ansible-ops/mcapi_vexxhost/playbooks/files/openstack_deploy" 24 | dest: "/etc/" 25 | remote_src: true 26 | 27 | - name: Copy h/a k8s specific configuration files into place 28 | ansible.builtin.copy: 29 | src: "{{ ansible_user_dir }}/src/opendev.org/openstack/openstack-ansible-ops/mcapi_vexxhost/playbooks/files/k8s-ha/" 30 | dest: "/etc/openstack_deploy" 31 | remote_src: true 32 | 33 | - name: Add extra config to user variables 34 | ansible.builtin.blockinfile: 35 | path: "{{ item.path }}" 36 | block: "{{ item.block }}" 37 | with_items: "{{ mcapi_vexxhost_extra_user_variables | default([]) }}" 38 | -------------------------------------------------------------------------------- /zuul.d/playbooks/bootstrap-mcapi-vexxhost.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2024, BBC R&D. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Bootstrap configuration for Vexxhost magnum-cluster-api driver 17 | hosts: all 18 | become: true 19 | become_user: root 20 | tasks: 21 | - name: Copy configuration files into place 22 | ansible.builtin.copy: 23 | src: "{{ ansible_user_dir }}/src/opendev.org/openstack/openstack-ansible-ops/mcapi_vexxhost/playbooks/files/openstack_deploy" 24 | dest: "/etc/" 25 | remote_src: true 26 | 27 | - name: Add extra config to user variables 28 | ansible.builtin.blockinfile: 29 | path: "{{ item.path }}" 30 | block: "{{ item.block }}" 31 | with_items: "{{ mcapi_vexxhost_extra_user_variables | default([]) }}" 32 | -------------------------------------------------------------------------------- /zuul.d/project.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2017, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - project: 17 | templates: 18 | - check-requirements 19 | - openstack-ansible-linters-jobs 20 | - openstack-ansible-deploy-aio_metal-jobs 21 | - publish-openstack-docs-pti 22 | - build-release-notes-jobs-python3 23 | check: 24 | jobs: 25 | - openstack-ansible-deploy-aio_magnum_octavia_capi_kvm-ubuntu-jammy: 26 | voting: false 27 | - openstack-ansible-deploy-aio_magnum_octavia_capi_kvm-ubuntu-noble: 28 | voting: false 29 | - openstack-ansible-deploy-hosts_lxc_k8s-ubuntu-jammy: 30 | voting: false 31 | - openstack-ansible-deploy-hosts_lxc_k8s-ubuntu-noble: 32 | voting: false 33 | - openstack-ansible-deploy-hosts_lxc_k8s-debian-bookworm: 34 | voting: false 35 | - openstack-ansible-deploy-hosts_lxc_k8s-rockylinux-9: 36 | voting: false 37 | --------------------------------------------------------------------------------