Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
systemsmanagement:Ardana:8
ardana-nova
ardana-nova-8.0+git.1601298847.dd01585.obscpio
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ardana-nova-8.0+git.1601298847.dd01585.obscpio of Package ardana-nova
07070100000000000081A40000000000000000000000015F71E19F00000236000000000000000000000000000000000000003800000000ardana-nova-8.0+git.1601298847.dd01585/.copyrightignore.copyrightignore roles/NOV-CMP-KVM/files/etc/libvirt/libvirtd.conf roles/NOV-CMP-KVM/files/etc/default/libvirtd roles/NOV-CMP-KVM/files/etc/apparmor.d/usr.sbin.libvirtd roles/NOV-CMP-KVM/files/etc/apparmor.d/usr.lib.libvirt.virt-aa-helper roles/NOV-CMP-KVM/files/etc/apparmor.d/abstractions/nameservice roles/NOV-CMP-KVM/files/etc/apparmor.d/abstractions/libvirt-qemu roles/NOV-CMP-KVM/files/etc/apparmor.d/abstractions/consoles roles/NOV-CMP-KVM/files/etc/apparmor.d/abstractions/base roles/NOV-CMP-KVM/files/local.te tox.ini test-requirements.txt requirements.txt 07070100000001000081A40000000000000000000000015F71E19F000000EF000000000000000000000000000000000000003200000000ardana-nova-8.0+git.1601298847.dd01585/.gitignore*.DS_Store *.egg* *.log *.mo *.pyc *.swo *.swp *.sqlite *~ .autogenerated .coverage .project .pydevproject .ropeproject .testrepository/ .tox .idea .venv tags build/* coverage.xml cover/* covhtml doc/source/api/* doc/build/* nosetests.xml 07070100000002000081A40000000000000000000000015F71E19F00000080000000000000000000000000000000000000003200000000ardana-nova-8.0+git.1601298847.dd01585/.gitreview[gerrit] host=gerrit.suse.provo.cloud port=29418 project=ardana/nova-ansible.git defaultremote=ardana defaultbranch=stable/pike 07070100000003000081A40000000000000000000000015F71E19F00000063000000000000000000000000000000000000003500000000ardana-nova-8.0+git.1601298847.dd01585/.rsync-filter- ardana-ci - *requirements.txt - HACKING.rst - README.md - agent.yaml - setup.* - tests - tox.ini 07070100000004000081A40000000000000000000000015F71E19F00000158000000000000000000000000000000000000003300000000ardana-nova-8.0+git.1601298847.dd01585/.testr.conf[DEFAULT] test_command=OS_STDOUT_CAPTURE=${OS_STDOUT_CAPTURE:-1} \ OS_STDERR_CAPTURE=${OS_STDERR_CAPTURE:-1} \ OS_TEST_TIMEOUT=${OS_TEST_TIMEOUT:-160} \ ${PYTHON:-python} -m subunit.run discover -t ./ ${OS_TEST_PATH:-./tests} $LISTOPT $IDOPTION test_id_option=--load-list $IDFILE test_list_option=--list 07070100000005000081A40000000000000000000000015F71E19F000002DB000000000000000000000000000000000000003300000000ardana-nova-8.0+git.1601298847.dd01585/HACKING.rst.. (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP (c) Copyright 2017 SUSE LLC Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. This has been centralised to: ardana-dev-tools/doc/ardana-ansible-guide/ansible-style-guide.md 07070100000006000081A40000000000000000000000015F71E19F0000279F000000000000000000000000000000000000002F00000000ardana-nova-8.0+git.1601298847.dd01585/LICENSE Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. 07070100000007000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000002F00000000ardana-nova-8.0+git.1601298847.dd01585/NOV_MON07070100000008000081A40000000000000000000000015F71E19F00000000000000000000000000000000000000000000003B00000000ardana-nova-8.0+git.1601298847.dd01585/NOV_MON/__init__.py07070100000009000081A40000000000000000000000015F71E19F00000C91000000000000000000000000000000000000004700000000ardana-nova-8.0+git.1601298847.dd01585/NOV_MON/nova_heartbeat_check.py# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # import socket import keystoneclient import keystoneclient.auth.identity.v3 import keystoneclient.session import monasca_agent.collector.checks as checks from novaclient import client as novacli THIS_HOST = socket.gethostname() OK = 0 WARN = 1 FAIL = 2 UNKNOWN = 3 def metric(message=None, state=FAIL, **kwargs): dims = {'observer_hostname': THIS_HOST, 'service': 'compute'} dims.update(kwargs) metric = { 'metric': 'nova.heartbeat', 'dimensions': dims, 'value': state, } if message: metric['value_meta'] = {'msg': message} return metric class NovaHeartbeatCheck(checks.AgentCheck): def __init__(self, name, init_config, agent_config, instances=None): super(NovaHeartbeatCheck, self).__init__( name, init_config, agent_config, instances=instances) self.client = None def _get_client(self): key_args = self.init_config['keystone'] auth = keystoneclient.auth.identity.v3.Password(**key_args) sess = keystoneclient.session.Session(auth=auth) nova_args = self.init_config['nova'] return novacli.Client(2, session=sess, **nova_args) def _get_state(self, service): if service.state == 'up' or service.status == 'disabled': return OK return FAIL def _gather_metrics(self): if not self.client: self.client = self._get_client() services = self.client.services.list(host=THIS_HOST) # [{"status": "enabled", # "binary": "nova-compute", # "zone": "nova", # "state": "down", # "updated_at": "2015-10-03T02:33:38.000000", # "host": "standard-ccp-compute0001-mgmt", # "disabled_reason": null, # "id": 31}] return [metric(state=self._get_state(service), hostname=service.host, component=service.binary) for service in services] def check(self, instance): metrics = self._gather_metrics() self.log.debug("Collected %d heartbeat metrics", len(metrics)) for metric in metrics: # apply any instance dimensions that may be configured, # overriding any dimension with same key that check has set. metric['dimensions'] = self._set_dimensions( metric['dimensions'], instance) try: self.gauge(**metric) except Exception as e: # noqa self.log.error('Exception while reporting metric: %s' % e) 0707010000000A000081A40000000000000000000000015F71E19F00000F74000000000000000000000000000000000000003100000000ardana-nova-8.0+git.1601298847.dd01585/README.md<!-- (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP (c) Copyright 2017 SUSE LLC Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> NOVA-ANSIBLE ============ This repo contains the following roles and role specific tasks: - NOV-API - API service. - NOV-CLI - Contains tasks that use the nova client. - availability_zones - Configure availability zones - used by nova-cloud-configure. - nova-common - Common variables and tasks across services. - _configure_policy - Configure policy for service. - _configure_rootwrap - Configure rootwrap for service. - _service_status - Check and report status of service. - _set_directories - Set directories (etc, bin, conf) for service. - _singleton_service_status - Check and report status of a singleton service. - _write_conf - Create a file, maintaining backup copies. - NOV-CMP - Compute service which requires one of the hypervisors. - NOV-CMP-ESX - ESX hypervisor. - NOV-CMP-IRN - Ironic hypervisor. - NOV-CMP-KVM - KVM hypervisor. - NOV-CND - Conductor service. - NOV-CAU - Consoleauth service. - nova-monasca - Monitoring - heartbeat_alarm - Install and configure a heartbeat check. - _monitor_libvirt - Run Monasca agent libvirt detection plugin. - process_bounds_alarm - Run a check on the number of nova-api processes. - start - Run Monasca agent Nova detection plugin. - nova-post-configure - Configuration operations that are run after all services are configured. - db_configure - Configure the nova database. - db_contract - Remove rows/columns etc. from the nova database during upgrade. - db_create - Create the nova database. - db_expand - Add rows/columns etc. to the nova database during upgrade. - keystone_conf - Configure the Keystone service for nova. - rabbit_configure - Configure the RabbitMQ service for nova. - create_defalut_flavors - Add the default flavors if they don't exist. - NOV-SCH - Scheduler service - NOV-SCH-IRN - Ironic specific configuration for nova scheduler service. - NOV-VNC - VNC service Within each service role the following tasks may exist: - check_upgraded_packages - Notify the restart handler when a service needs to be restarted due to a package being updated. - configure - Configure the service. - install - Install the service. - start - Start the service. - status - Report status of the service. - stop - Stop the service. Top level playbooks: - _nova-check-upgraded-packages - Check upgraded packages for all nova services - used by upgrade. - nova-cloud-configure - Cloud configuration - optionally run manually by users. - nova-configure - Configure all nova components - used by deploy & reconfigure. - nova-deploy - Deploy the service (install, configure and start). - _nova-install - Install all nova components - used by deploy & upgrade. - _nova-post-configure - Post configuration operations - used by deploy & reconfigure. - _nova-post-deploy - Post deploy operations - used by deploy & reconfigure. - nova-reconfigure - Reconfigure all nova components. - nova-start - Start all nova services. - nova-status - Status of all nova services. - nova-stop - Stop all nova services. - nova-upgrade - Upgrade all nova components. 0707010000000B000081A40000000000000000000000015F71E19F0000069C000000000000000000000000000000000000004900000000ardana-nova-8.0+git.1601298847.dd01585/_nova-check-upgraded-packages.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - hosts: NOV-CND roles: - NOV-CND tasks: - include: roles/NOV-CND/tasks/check_upgraded_packages.yml - hosts: NOV-API roles: - NOV-API tasks: - include: roles/NOV-API/tasks/check_upgraded_packages.yml - hosts: NOV-CAU roles: - NOV-CAU tasks: - include: roles/NOV-CAU/tasks/check_upgraded_packages.yml - hosts: NOV-SCH roles: - NOV-SCH tasks: - include: roles/NOV-SCH/tasks/check_upgraded_packages.yml - hosts: NOV-VNC roles: - NOV-VNC tasks: - include: roles/NOV-VNC/tasks/check_upgraded_packages.yml - hosts: NOV-KVM roles: - NOV-CMP-KVM tasks: - include: roles/NOV-CMP-KVM/tasks/check_upgraded_packages.yml - hosts: NOV-ESX roles: - NOV-CMP-ESX tasks: - include: roles/NOV-CMP-ESX/tasks/check_upgraded_packages.yml - hosts: NOV-CMP-IRN roles: - NOV-CMP-IRN tasks: - include: roles/NOV-CMP-IRN/tasks/check_upgraded_packages.yml - hosts: NOV-CMP roles: - NOV-CMP tasks: - include: roles/NOV-CMP/tasks/check_upgraded_packages.yml 0707010000000C000081A40000000000000000000000015F71E19F0000075A000000000000000000000000000000000000003B00000000ardana-nova-8.0+git.1601298847.dd01585/_nova-configure.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017,2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - hosts: NOV-CND roles: - NOV-CND tasks: - include: roles/NOV-CND/tasks/configure.yml - hosts: NOV-API roles: - NOV-API tasks: - include: roles/NOV-API/tasks/configure.yml - hosts: NOV-CAU roles: - NOV-CAU tasks: - include: roles/NOV-CAU/tasks/configure.yml - hosts: NOV-SCH roles: - NOV-SCH tasks: - include: roles/NOV-SCH/tasks/configure.yml - hosts: NOV-SCH-IRN roles: - NOV-SCH-IRN tasks: - include: roles/NOV-SCH-IRN/tasks/configure.yml - hosts: NOV-VNC roles: - NOV-VNC tasks: - include: roles/NOV-VNC/tasks/configure.yml - hosts: NOV-KVM roles: - NOV-CMP-KVM tasks: - include: roles/NOV-CMP-KVM/tasks/configure.yml - hosts: NOV-ESX roles: - NOV-CMP-ESX tasks: - include: roles/NOV-CMP-ESX/tasks/configure.yml - hosts: NOV-CMP-IRN roles: - NOV-CMP-IRN tasks: - include: roles/NOV-CMP-IRN/tasks/configure.yml - hosts: NOV-CMP-HYP roles: - NOV-CMP-HYP tasks: - include: roles/NOV-CMP-HYP/tasks/configure.yml - hosts: NOV-CMP roles: - NOV-CMP tasks: - include: roles/NOV-CMP/tasks/configure.yml # after everything is running, turn on monitoring - include: nova-configure-monasca.yml 0707010000000D000081A40000000000000000000000015F71E19F000006FD000000000000000000000000000000000000003900000000ardana-nova-8.0+git.1601298847.dd01585/_nova-install.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - hosts: NOV-CND roles: - NOV-CND tasks: - include: roles/NOV-CND/tasks/install.yml - hosts: NOV-API roles: - NOV-API tasks: - include: roles/NOV-API/tasks/install.yml - hosts: NOV-CAU roles: - NOV-CAU tasks: - include: roles/NOV-CAU/tasks/install.yml - hosts: NOV-SCH roles: - NOV-SCH tasks: - include: roles/NOV-SCH/tasks/install.yml - hosts: NOV-SCH-IRN roles: - NOV-SCH-IRN tasks: - include: roles/NOV-SCH-IRN/tasks/install.yml # Hypervisors depend on the nova-compute/etc/nova directory existing # during install - so compute must come before hypervisors - hosts: NOV-CMP roles: - NOV-CMP tasks: - include: roles/NOV-CMP/tasks/install.yml - hosts: NOV-VNC roles: - NOV-VNC tasks: - include: roles/NOV-VNC/tasks/install.yml - hosts: NOV-KVM roles: - NOV-CMP-KVM tasks: - include: roles/NOV-CMP-KVM/tasks/install.yml - hosts: NOV-CMP-IRN roles: - NOV-CMP-IRN tasks: - include: roles/NOV-CMP-IRN/tasks/install.yml - hosts: NOV-CMP-HYP roles: - NOV-CMP-HYP tasks: - include: roles/NOV-CMP-HYP/tasks/install.yml 0707010000000E000081A40000000000000000000000015F71E19F00000786000000000000000000000000000000000000004000000000ardana-nova-8.0+git.1601298847.dd01585/_nova-post-configure.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # Configure Nova database - hosts: NOV-API # NOV-API is required here because database upgrades rely on nova-manage # and configuration found in the nova api configuration roles: - NOV-API - nova-post-configure # All these tasks should be set to run-once tasks: - include: roles/nova-post-configure/tasks/db_configure.yml # Configure keystone - hosts: NOV-API roles: - nova-post-configure # This task should be set to run-once tasks: - include: roles/nova-post-configure/tasks/keystone_conf.yml ansible_python_interpreter: "{{ KEY_CLI.vars.keystone_client_python_interpreter }}" - hosts: NOV-API roles: - NOV-API tasks: - include: roles/nova-common/tasks/post-configure.yml - hosts: NOV-CMP roles: - NOV-CMP tasks: - include: roles/nova-common/tasks/post-configure.yml - hosts: NOV-CND roles: - NOV-CND tasks: - include: roles/nova-common/tasks/post-configure.yml - hosts: NOV-CAU roles: - NOV-CAU tasks: - include: roles/nova-common/tasks/post-configure.yml - hosts: NOV-VNC roles: - NOV-VNC tasks: - include: roles/nova-common/tasks/post-configure.yml - hosts: NOV-SCH roles: - NOV-SCH tasks: - include: roles/nova-common/tasks/post-configure.yml 0707010000000F000081A40000000000000000000000015F71E19F00000434000000000000000000000000000000000000003D00000000ardana-nova-8.0+git.1601298847.dd01585/_nova-post-deploy.yml# # (c) Copyright 2016-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # Create the default flavors. The operations are idempotent. - hosts: NOV-API roles: - NOV-API - nova-post-configure # All these tasks should be set to run-once tasks: - include: roles/nova-post-configure/tasks/create_default_flavors.yml ansible_python_interpreter: "{{ NOV_CLI.vars.nova_client_python_interpreter }}" - include: roles/nova-post-configure/tasks/discover_hosts_post_deploy.yml07070100000010000081A40000000000000000000000015F71E19F0000046B000000000000000000000000000000000000005000000000ardana-nova-8.0+git.1601298847.dd01585/_nova-reconfigure-credentials-change.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # mysql and rabbit passwords are changed centrally, we need to update the # config files with the new values from the CP. - include: _nova-configure.yml # change keystone password - hosts: NOV-API roles: - nova-post-configure # This task should be set to run-once tasks: - include: roles/nova-post-configure/tasks/keystone_change_password.yml ansible_python_interpreter: "{{ KEY_CLI.vars.keystone_client_python_interpreter }}" - include: nova-start.yml 07070100000011000081A40000000000000000000000015F71E19F000002E2000000000000000000000000000000000000004200000000ardana-nova-8.0+git.1601298847.dd01585/_nova-schedule-restart.yml# # (c) Copyright 2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # Schedule a restart of all nova services using ardana_notify_... variables - hosts: all tasks: - include: roles/nova-common/tasks/_schedule_restart.yml07070100000012000081A40000000000000000000000015F71E19F00000044000000000000000000000000000000000000003200000000ardana-nova-8.0+git.1601298847.dd01585/agent.yaml# This has to exist but apparently the contents are optional --- {} 07070100000013000041ED0000000000000000000000045F71E19F00000000000000000000000000000000000000000000003100000000ardana-nova-8.0+git.1601298847.dd01585/ardana-ci07070100000014000041ED0000000000000000000000035F71E19F00000000000000000000000000000000000000000000003900000000ardana-nova-8.0+git.1601298847.dd01585/ardana-ci/project07070100000015000041ED0000000000000000000000035F71E19F00000000000000000000000000000000000000000000004500000000ardana-nova-8.0+git.1601298847.dd01585/ardana-ci/project/input-model07070100000016000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000004A00000000ardana-nova-8.0+git.1601298847.dd01585/ardana-ci/project/input-model/data07070100000017000081A40000000000000000000000015F71E19F0000097B000000000000000000000000000000000000005C00000000ardana-nova-8.0+git.1601298847.dd01585/ardana-ci/project/input-model/data/control_plane.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 control-planes: - name: ccp control-plane-prefix: ccp region-name: region1 failure-zones: - AZ1 - AZ2 - AZ3 common-service-components: - lifecycle-manager-target clusters: - name: cluster0 cluster-prefix: c0 server-role: - ARDANA-ROLE member-count: 1 allocation-policy: strict service-components: - lifecycle-manager - ntp-client - openstack-client - tempest - name: cluster1 cluster-prefix: c1 server-role: - CONTROLLER-ROLE member-count: 3 allocation-policy: strict service-components: - ntp-server - mysql - ip-cluster - keystone-api - keystone-client - rabbitmq - glance-api: ha_mode: false glance_stores: 'file' glance_default_store: 'file' - glance-registry - glance-client - nova-api - nova-scheduler - nova-conductor - nova-console-auth - nova-novncproxy - neutron-server - neutron-ml2-plugin - neutron-vpn-agent - neutron-dhcp-agent - neutron-metadata-agent - neutron-openvswitch-agent - neutron-client resources: - name: resource resource-prefix: res server-role: - COMPUTE-ROLE allocation-policy: any service-components: - ntp-client - nova-compute-kvm - nova-compute - neutron-l3-agent - neutron-metadata-agent - neutron-openvswitch-agent - neutron-lbaasv2-agent 07070100000018000081A40000000000000000000000015F71E19F000003AB000000000000000000000000000000000000005C00000000ardana-nova-8.0+git.1601298847.dd01585/ardana-ci/project/input-model/data/memory_models.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 memory-models: - name: COMPUTE-MEMORY-NUMA default-huge-page-size: 2M huge-pages: - size: 2M count: 10 numa-node: 0 - size: 1G count: 1 numa-node: 0 - size: 1G count: 1 - size: 2M count: 10 07070100000019000081A40000000000000000000000015F71E19F000004C0000000000000000000000000000000000000005D00000000ardana-nova-8.0+git.1601298847.dd01585/ardana-ci/project/input-model/data/net_interfaces.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 interface-models: - name: NET-INTERFACES network-interfaces: - name: hed1 device: name: hed1 network-groups: - MANAGEMENT - name: hed2 device: name: hed2 network-groups: - ARDANA - name: hed3 device: name: hed3 network-groups: - EXTERNAL-VM - name: hed4 device: name: hed4 pci-pt: true network-groups: - GUEST 0707010000001A000081A40000000000000000000000015F71E19F00000755000000000000000000000000000000000000005D00000000ardana-nova-8.0+git.1601298847.dd01585/ardana-ci/project/input-model/data/network_groups.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 network-groups: - name: ARDANA hostname-suffix: ardana component-endpoints: - lifecycle-manager - lifecycle-manager-target - name: MANAGEMENT hostname-suffix: mgmt hostname: true tags: - neutron.networks.vxlan - neutron.networks.vlan: provider-physical-network: physnet1 # tls-component-endpoints: # - barbican-api component-endpoints: - default # routes: # - default load-balancers: - provider: ip-cluster name: lb components: - default roles: - internal - admin cert-file: ardana-internal-cert - provider: ip-cluster name: extlb external-name: myardana.test components: - default roles: - public cert-file: my-public-project-cert - name: EXTERNAL-VM tags: - neutron.l3_agent.external_network_bridge - name: GUEST hostname-suffix: guest tags: - neutron.networks.vlan: provider-physical-network: physnet3 tenant-vlan-id-range: 3070:3071 0707010000001B000081A40000000000000000000000015F71E19F000004D2000000000000000000000000000000000000005700000000ardana-nova-8.0+git.1601298847.dd01585/ardana-ci/project/input-model/data/networks.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 networks: - name: ARDANA-NET vlanid: 101 tagged-vlan: false cidr: 192.168.110.0/24 gateway-ip: 192.168.110.1 network-group: ARDANA - name: MANAGEMENT-NET vlanid: 102 tagged-vlan: false cidr: 192.168.245.0/24 gateway-ip: 192.168.245.1 network-group: MANAGEMENT - name: EXTERNAL-VM-NET vlanid: 103 network-group: EXTERNAL-VM - name: GUEST-NET vlanid: 3070 tagged-vlan: false cidr: 192.168.16.0/24 gateway-ip: 192.168.16.1 network-group: GUEST 0707010000001C000081A40000000000000000000000015F71E19F000005DC000000000000000000000000000000000000005B00000000ardana-nova-8.0+git.1601298847.dd01585/ardana-ci/project/input-model/data/nic_mappings.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 nic-mappings: - name: VAGRANT physical-ports: - logical-name: hed1 type: simple-port bus-address: "0000:00:06.0" - logical-name: hed2 type: simple-port bus-address: "0000:00:07.0" - logical-name: hed3 type: simple-port bus-address: "0000:00:08.0" - logical-name: hed4 type: simple-port bus-address: "0000:00:09.0" #Used for PCI-PT nic-device-type: "8086:10fb" - logical-name: hed5 type: simple-port bus-address: "0000:00:0a.0" - logical-name: hed6 type: simple-port bus-address: "0000:00:0b.0" - logical-name: hed7 type: simple-port bus-address: "0000:00:0c.0" - logical-name: hed8 type: simple-port bus-address: "0000:00:0d.0" 0707010000001D000081A40000000000000000000000015F71E19F0000050A000000000000000000000000000000000000005C00000000ardana-nova-8.0+git.1601298847.dd01585/ardana-ci/project/input-model/data/server_groups.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 server-groups: # # At the top of the tree we have a # group for any global networks # - name: CLOUD server-groups: - AZ1 - AZ2 - AZ3 networks: - ARDANA-NET - MANAGEMENT-NET - EXTERNAL-VM-NET - GUEST-NET # # Create a group for each failure zone # - name: AZ1 server-groups: - RACK1 - name: AZ2 server-groups: - RACK2 - name: AZ3 server-groups: - RACK3 # # Create a group for each rack zone # - name: RACK1 - name: RACK2 - name: RACK3 0707010000001E000081A40000000000000000000000015F71E19F000003CB000000000000000000000000000000000000005B00000000ardana-nova-8.0+git.1601298847.dd01585/ardana-ci/project/input-model/data/server_roles.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 server-roles: - name: ARDANA-ROLE interface-model: NET-INTERFACES disk-model: DISKS - name: CONTROLLER-ROLE interface-model: NET-INTERFACES disk-model: DISKS - name: COMPUTE-ROLE interface-model: NET-INTERFACES disk-model: DISKS memory-model: COMPUTE-MEMORY-NUMA 0707010000001F000081A40000000000000000000000015F71E19F00000842000000000000000000000000000000000000005600000000ardana-nova-8.0+git.1601298847.dd01585/ardana-ci/project/input-model/data/servers.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- product: version: 2 baremetal: netmask: 255.255.255.0 subnet: 192.168.110.0 server-interface: eth2 servers: - id: server1 ip-addr: 192.168.110.3 role: ARDANA-ROLE server-group: RACK1 mac-addr: a4:93:0c:4f:7c:73 nic-mapping: VAGRANT ilo-ip: 192.168.109.3 ilo-password: password ilo-user: admin - id: controller1 ip-addr: 192.168.110.4 role: CONTROLLER-ROLE server-group: RACK1 mac-addr: b2:72:8d:ac:7c:6f nic-mapping: VAGRANT ilo-ip: 192.168.109.4 ilo-password: password ilo-user: admin - id: controller2 ip-addr: 192.168.110.5 role: CONTROLLER-ROLE server-group: RACK2 mac-addr: 8a:8e:64:55:43:76 nic-mapping: VAGRANT ilo-ip: 192.168.109.5 ilo-password: password ilo-user: admin - id: controller3 ip-addr: 192.168.110.6 role: CONTROLLER-ROLE server-group: RACK3 mac-addr: 26:67:3e:49:5a:a7 nic-mapping: VAGRANT ilo-ip: 192.168.109.6 ilo-password: password ilo-user: admin - id: compute1 ip-addr: 192.168.110.7 role: COMPUTE-ROLE server-group: RACK1 mac-addr: d6:70:c1:36:43:f7 nic-mapping: VAGRANT ilo-ip: 192.168.109.7 ilo-password: password ilo-user: admin - id: compute2 ip-addr: 192.168.110.8 role: COMPUTE-ROLE server-group: RACK2 mac-addr: 8e:8e:62:a6:ce:76 nic-mapping: VAGRANT ilo-ip: 192.168.109.8 ilo-password: password ilo-user: admin 07070100000020000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003700000000ardana-nova-8.0+git.1601298847.dd01585/ardana-ci/tests07070100000021000081A40000000000000000000000015F71E19F0000048E000000000000000000000000000000000000005100000000ardana-nova-8.0+git.1601298847.dd01585/ardana-ci/tests/check-pci-passthrough.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - hosts: NOV-CMP roles: - NOV-CMP tasks: - include: roles/nova-common/tasks/_set_directories.yml - name: NOV-CMP | status | Check PCI passthrough is configured become: yes command: awk /^pci_passthrough_whitelist\\s\=\\s\\[\\s*{/ "{{ nova_service_conf_dir }}/nova.conf" register: checkmyconf - name: NOV-CMP | status | Check PCI passthrough is configured fail: msg: "** FAILURE - PCI passthrough is not configured as expected **" when: checkmyconf.stdout == "" 07070100000022000081ED0000000000000000000000015F71E19F0000036A000000000000000000000000000000000000004100000000ardana-nova-8.0+git.1601298847.dd01585/ardana-ci/tests/copy.bash#!/bin/bash # # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # cp ~/ardana-ci-tests/$1 ~/scratch/ansible/next/ardana/ansible if [ -n "$2" ] then ansible-playbook -i hosts/verb_hosts $1 -e $2 else ansible-playbook -i hosts/verb_hosts $1 fi rm ~/scratch/ansible/next/ardana/ansible/$1 07070100000023000081A40000000000000000000000015F71E19F00000D83000000000000000000000000000000000000004600000000ardana-nova-8.0+git.1601298847.dd01585/ardana-ci/tests/test-plan.yaml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: ardana-ci | test-plan | Test huge pages - host reboot logfile: nova-testsuite-hugepages.log prefix: hugepages playbooks: - nova-compute-reboot.yml - nova-hugepages-status.yml - name: ardana-ci | test-plan | Test PCI whitelist configuration logfile: nova-testsuite-pci-whitelist.log prefix: pci-whitelist exec: - copy.bash check-pci-passthrough.yml - name: ardana-ci | test-plan | Tempest tests logfile: nova-tempest.log prefix: tempest exec: - ansible-playbook -i hosts/verb_hosts nova-status.yml tempest: - "+tempest.api.compute.flavors.test_flavors.FlavorsV2TestJSON.test_get_flavor" - "+tempest.api.compute.flavors.test_flavors.FlavorsV2TestJSON.test_list_flavors" - "+tempest.api.compute.security_groups.test_security_group_rules.SecurityGroupRulesTestJSON.test_security_group_rules_create" - "+tempest.api.compute.security_groups.test_security_group_rules.SecurityGroupRulesTestJSON.test_security_group_rules_list" - "+tempest.api.compute.security_groups.test_security_groups.SecurityGroupsTestJSON.test_security_groups_create_list_delete" - "+tempest.api.compute.servers.test_attach_interfaces.AttachInterfacesTestJSON.test_add_remove_fixed_ip" - "+tempest.api.compute.servers.test_create_server.ServersTestJSON.test_list_servers" - "+tempest.api.compute.servers.test_create_server.ServersTestJSON.test_verify_server_details" - "+tempest.api.compute.servers.test_create_server.ServersTestManualDisk.test_list_servers" - "+tempest.api.compute.servers.test_create_server.ServersTestManualDisk.test_verify_server_details" - "+tempest.api.compute.servers.test_server_actions.ServerActionsTestJSON.test_reboot_server_hard" - "+tempest.api.compute.servers.test_server_addresses.ServerAddressesTestJSON.test_list_server_addresses" - "+tempest.api.compute.servers.test_server_addresses.ServerAddressesTestJSON.test_list_server_addresses_by_network" - name: ardana-ci | test-plan | Test nova-reconfigure logfile: nova-testsuite-reconfigure.log prefix: reconfigure playbooks: - nova-reconfigure.yml - name: ardana-ci | test-plan | Test start after reboot logfile: nova-start-after-reboot.log prefix: reboot vms: - reboot: controller2 exec: - ansible-playbook -i hosts/verb_hosts nova-start.yml - ansible-playbook -i hosts/verb_hosts nova-status.yml - name: ardana-ci | test-plan | Test move consoleauth logfile: nova-move-consoleauth.log prefix: move-cau exec: - ansible-playbook -i hosts/verb_hosts nova-start.yml --extra-vars "consoleauth_host_index=1" - ansible-playbook -i hosts/verb_hosts nova-status.yml - name: ardana-ci | test-plan | Test nova-cloud-configure logfile: nova-cloud-configure.log prefix: cloud-configure playbooks: - nova-cloud-configure.yml 07070100000024000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000002E00000000ardana-nova-8.0+git.1601298847.dd01585/config07070100000025000081A40000000000000000000000015F71E19F00000952000000000000000000000000000000000000004000000000ardana-nova-8.0+git.1601298847.dd01585/config/nova-symlinks.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # The following relative symlinks are created under the # my_cloud/config directory. --- symlinks: "nova/api.conf.j2": "roles/NOV-API/templates/api.conf.j2" "nova/api-logging.conf.j2": "roles/NOV-API/templates/api-logging.conf.j2" "nova/compute.conf.j2": "roles/NOV-CMP/templates/compute.conf.j2" "nova/compute-logging.conf.j2": "roles/NOV-CMP/templates/compute-logging.conf.j2" "nova/conductor.conf.j2": "roles/NOV-CND/templates/conductor.conf.j2" "nova/conductor-logging.conf.j2": "roles/NOV-CND/templates/conductor-logging.conf.j2" "nova/consoleauth.conf.j2": "roles/NOV-CAU/templates/consoleauth.conf.j2" "nova/consoleauth-logging.conf.j2": "roles/NOV-CAU/templates/consoleauth-logging.conf.j2" "nova/esx-hypervisor.conf.j2": "roles/NOV-CMP-ESX/templates/hypervisor.conf.j2" "nova/ironic-hypervisor.conf.j2": "roles/NOV-CMP-IRN/templates/hypervisor.conf.j2" "nova/kvm-hypervisor.conf.j2": "roles/NOV-CMP-KVM/templates/hypervisor.conf.j2" "nova/hyperv-hypervisor.conf.j2": "roles/NOV-CMP-HYP/templates/hypervisor.conf.j2" "nova/nova.conf.j2": "roles/nova-common/templates/nova.conf.j2" "nova/novncproxy.conf.j2": "roles/NOV-VNC/templates/novncproxy.conf.j2" "nova/novncproxy-logging.conf.j2": "roles/NOV-VNC/templates/novncproxy-logging.conf.j2" "nova/policy.json.j2": "roles/nova-common/templates/policy.json.j2" "nova/scheduler.conf.j2": "roles/NOV-SCH/templates/scheduler.conf.j2" "nova/scheduler-logging.conf.j2": "roles/NOV-SCH/templates/scheduler-logging.conf.j2" "nova/api-paste.ini.j2": "roles/NOV-API/templates/api-paste.ini.j2" "nova/api_audit_map.conf.j2": "roles/NOV-API/templates/api_audit_map.conf.j2" "nova/libvirt-monitoring.yml": "roles/nova-monasca/vars/libvirt-monitoring.yml" 07070100000026000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003600000000ardana-nova-8.0+git.1601298847.dd01585/filter_plugins07070100000027000081A40000000000000000000000015F71E19F0000090E000000000000000000000000000000000000004300000000ardana-nova-8.0+git.1601298847.dd01585/filter_plugins/groupings.py# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # import itertools def group_by_key(ungrouped, key_name): """Groups dictionaries into lists if they have the same value for a given key. Steps though a list of dictionaries. If the values of the given key match the dictionaries are placed in a list together. These lists are then stored in a dictionary where the keys are the value matched. This dictionary is then returned by the function. """ def keyfn(item): return item[key_name] groupfn = itertools.groupby(sorted(ungrouped, key=keyfn), keyfn) grouped = {k: [i for i in g] for k, g in groupfn} return grouped def sum_groups_by_key(unsummed, key_name): """Computes the sum of the values for a given key across multiple dicts. Steps through a dictionary of lists. Each list is a list of dictionaries. For each dictionary in a list this function computes the sum of the value of a given key. A dictionary with the lists replaced by the result of each sum calculation is returned. """ def sumfn(count, item): return count + item.get(key_name, 0) summed = {k: reduce(sumfn, g, 0) for k, g in unsummed.iteritems()} return summed def group_sum_by_keys(ungrouped, group_key, sum_key): """Groups dictionaries by a common value and then returns the sum of this a second value for each group.""" grouped = group_by_key(ungrouped, group_key) summed = sum_groups_by_key(grouped, sum_key) return summed class FilterModule(object): def filters(self): return {"sum_groups_by_key": sum_groups_by_key, "group_by_key": group_by_key, "group_sum_by_keys": group_sum_by_keys} 07070100000028000081A40000000000000000000000015F71E19F000003B1000000000000000000000000000000000000004000000000ardana-nova-8.0+git.1601298847.dd01585/nova-cloud-configure.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # configure availability zones based on outputs from CP - hosts: NOV-API roles: - NOV-CLI # This task should be set to run-once tasks: - include: roles/NOV-CLI/tasks/availability_zones.yml ansible_python_interpreter: "{{ NOV_CLI.vars.nova_client_python_interpreter }}" 07070100000029000081A40000000000000000000000015F71E19F000002FF000000000000000000000000000000000000003F00000000ardana-nova-8.0+git.1601298847.dd01585/nova-compute-reboot.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - hosts: NOV-CMP roles: - guard-cluster - NOV-CMP tasks: - include: roles/NOV-CMP/tasks/reboot.yml 0707010000002A000081A40000000000000000000000015F71E19F00000563000000000000000000000000000000000000004200000000ardana-nova-8.0+git.1601298847.dd01585/nova-configure-monasca.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - hosts: NOV-API:&MON-AGN roles: - nova-configure # This task should be set to run-once tasks: - include: roles/nova-configure/tasks/keystone_conf_monasca.yml ansible_python_interpreter: "{{ KEY_CLI.vars.keystone_client_python_interpreter }}" # we create a new alarm definition for monitoring processes bounds for nova-api. # The definition of a new alarm needs to be done just once per region. - hosts: NOV-API:NOV-CAU:NOV-CMP:NOV-CND:NOV-SCH:NOV-VNC:&MON-AGN roles: - role: nova-monasca tasks: - include: roles/nova-monasca/tasks/heartbeat_check_config.yml - include: roles/nova-monasca/tasks/process_bounds_alarm.yml - include: roles/nova-monasca/tasks/heartbeat_alarm.yml 0707010000002B000081A40000000000000000000000015F71E19F000003F1000000000000000000000000000000000000003700000000ardana-nova-8.0+git.1601298847.dd01585/nova-deploy.yml# # (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - include: pbstart.yml vars: playbook_name: "nova-deploy.yml" - include: ses-deploy.yml - include: _nova-install.yml - include: _nova-configure.yml - include: _nova-post-configure.yml - include: nova-configure-monasca.yml - include: nova-start.yml - include: _nova-post-deploy.yml - include: pbfinish.yml vars: playbook_name: "nova-deploy.yml" 0707010000002C000081A40000000000000000000000015F71E19F000002EB000000000000000000000000000000000000004100000000ardana-nova-8.0+git.1601298847.dd01585/nova-hugepages-status.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - hosts: NOV-CMP roles: - NOV-CMP tasks: - include: roles/NOV-CMP/tasks/hugepage-status.yml 0707010000002D000081A40000000000000000000000015F71E19F00000309000000000000000000000000000000000000003C00000000ardana-nova-8.0+git.1601298847.dd01585/nova-reconfigure.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - include: ses-reconfigure.yml - include: _nova-configure.yml - include: _nova-post-configure.yml - include: nova-start.yml 0707010000002E000081A40000000000000000000000015F71E19F00000285000000000000000000000000000000000000003800000000ardana-nova-8.0+git.1601298847.dd01585/nova-restart.yml# # (c) Copyright 2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - include: _nova-schedule-restart.yml - include: nova-start.yml 0707010000002F000081A40000000000000000000000015F71E19F000008D0000000000000000000000000000000000000003600000000ardana-nova-8.0+git.1601298847.dd01585/nova-start.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - hosts: NOV-CND roles: - NOV-CND tasks: - include: roles/NOV-CND/tasks/start.yml - hosts: NOV-SCH roles: - NOV-SCH tasks: - include: roles/NOV-SCH/tasks/start.yml - hosts: NOV-CAU roles: - nova-monasca - NOV-CAU tasks: - include: roles/NOV-CAU/tasks/start.yml - hosts: NOV-VNC roles: - NOV-VNC tasks: - include: roles/NOV-VNC/tasks/start.yml - hosts: NOV-API roles: - NOV-API tasks: - include: roles/NOV-API/tasks/start.yml - hosts: NOV-CMP roles: - NOV-CMP tasks: - include: roles/NOV-CMP/tasks/start.yml - hosts: NOV-API:NOV-CAU:NOV-CMP:NOV-CND:NOV-SCH:NOV-VNC tasks: - include: roles/nova-common/tasks/_clear_persistent_facts.yml when: ardana_notify_nova_restart_required is defined and ardana_notify_nova_restart_required.changed - hosts: NOV-CMP-HYP roles: - NOV-CMP-HYP tasks: - include: roles/NOV-CMP-HYP/tasks/start.yml # When everything is started we start to monitor. # The list of hosts is created by the intersection of hosts with the monasca # agent and the hosts running Nova services. - hosts: NOV-API:NOV-CAU:NOV-CMP:NOV-CND:NOV-SCH:NOV-VNC:&MON-AGN roles: - nova-monasca tasks: - include: roles/nova-monasca/tasks/start.yml - hosts: MON-AGN:&NOV-KVM roles: - nova-monasca tasks: - include: roles/nova-monasca/tasks/_monitor_libvirt.yml # Run the vcenter detection plugin only on Nova ESX Compute Proxy - hosts: NOV-ESX:&MON-AGN no_log: True roles: - role: nova-monasca tasks: - include: roles/nova-monasca/tasks/vcenter_check.yml 07070100000030000081A40000000000000000000000015F71E19F00000661000000000000000000000000000000000000003700000000ardana-nova-8.0+git.1601298847.dd01585/nova-status.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - hosts: NOV-CND max_fail_percentage: 0 roles: - NOV-CND tasks: - include: roles/NOV-CND/tasks/status.yml - hosts: NOV-API max_fail_percentage: 0 roles: - NOV-API tasks: - include: roles/NOV-API/tasks/status.yml - hosts: NOV-CAU max_fail_percentage: 0 roles: - NOV-CAU tasks: - include: roles/NOV-CAU/tasks/status.yml - hosts: NOV-SCH max_fail_percentage: 0 roles: - NOV-SCH tasks: - include: roles/NOV-SCH/tasks/status.yml - hosts: NOV-VNC max_fail_percentage: 0 roles: - NOV-VNC tasks: - include: roles/NOV-VNC/tasks/status.yml - hosts: NOV-CMP max_fail_percentage: 0 roles: - NOV-CMP tasks: - include: roles/NOV-CMP/tasks/status.yml - hosts: NOV-KVM max_fail_percentage: 0 roles: - NOV-CMP-KVM tasks: - include: roles/NOV-CMP-KVM/tasks/status.yml - hosts: NOV-CMP-HYP max_fail_percentage: 0 roles: - NOV-CMP-HYP tasks: - include: roles/NOV-CMP-HYP/tasks/status.yml 07070100000031000081A40000000000000000000000015F71E19F00000525000000000000000000000000000000000000003500000000ardana-nova-8.0+git.1601298847.dd01585/nova-stop.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - hosts: NOV-CMP roles: - NOV-CMP tasks: - include: roles/NOV-CMP/tasks/stop.yml - hosts: NOV-API roles: - NOV-API tasks: - include: roles/NOV-API/tasks/stop.yml - hosts: NOV-VNC roles: - NOV-VNC tasks: - include: roles/NOV-VNC/tasks/stop.yml - hosts: NOV-CAU roles: - NOV-CAU tasks: - include: roles/NOV-CAU/tasks/stop.yml - hosts: NOV-SCH roles: - NOV-SCH tasks: - include: roles/NOV-SCH/tasks/stop.yml - hosts: NOV-CND roles: - NOV-CND tasks: - include: roles/NOV-CND/tasks/stop.yml - hosts: NOV-CMP-HYP roles: - NOV-CMP-HYP tasks: - include: roles/NOV-CMP-HYP/tasks/stop.yml 07070100000032000081A40000000000000000000000015F71E19F00000772000000000000000000000000000000000000003800000000ardana-nova-8.0+git.1601298847.dd01585/nova-upgrade.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # During an upgrade a service restart notification may be set by: # install - e.g. new code, new package # configure - e.g. change to a configuration file --- - include: nova-status.yml # Make sure we run ses, to get it's facts - include: ses-deploy.yml # Install and configure services in a new venv - include: _nova-install.yml - include: _nova-check-upgraded-packages.yml - include: _nova-configure.yml # Perform any database expand operations - hosts: NOV-API roles: - nova-post-configure tasks: - include: roles/nova-post-configure/tasks/db_expand.yml # Configure Keystone - hosts: NOV-API roles: - nova-post-configure tasks: - include: roles/nova-post-configure/tasks/keystone_conf.yml ansible_python_interpreter: "{{ KEY_CLI.vars.keystone_client_python_interpreter }}" # Restart services based on notifications set earlier - include: nova-start.yml # Perform any database contract operations - hosts: NOV-API roles: - nova-post-configure tasks: - include: roles/nova-post-configure/tasks/db_contract.yml # Discover hosts - hosts: NOV-API roles: - nova-post-configure tasks: - include: roles/nova-post-configure/tasks/discover_hosts_post_deploy.yml - include: nova-status.yml 07070100000033000041ED0000000000000000000000125F71E19F00000000000000000000000000000000000000000000002D00000000ardana-nova-8.0+git.1601298847.dd01585/roles07070100000034000041ED0000000000000000000000075F71E19F00000000000000000000000000000000000000000000003500000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-API07070100000035000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003E00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-API/defaults07070100000036000081A40000000000000000000000015F71E19F000006C1000000000000000000000000000000000000004700000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-API/defaults/main.yml# # (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # This file will contain the default values for the nova-api service --- nova_component: nova-api # flag to enable audit middleware in nova api pipeline nova_api_audit_enable: "{{ NOV.audit.enabled }}" # the filters nova-common will copy for this service nova_rootwrap_filters: - rootwrap.d/api-metadata.filters # the policy file nova-common will copy for this service nova_policy_file: ../../nova-common/templates/policy.json.j2 nova_api_etc_dir: "{{ nova_component | config_dir() }}" nova_api_conf_dir: "{{ nova_component | config_dir() }}/nova" nova_api_bin_dir: "{{ nova_component | bin_dir() }}" # the log files nova-common will create for this service nova_log_files: - "{{ log_dir }}/nova-api.log" - "{{ log_dir }}/nova-api-json.log" # Default max number of open files the Nova API processes can use nova_api_limit_open_files: 65536 # nova placement api host nova_placement_api_bind_host: "{{ host.bind.NOV_PLC.internal.ip_address }}" nova_placement_api_bind_port: "{{ host.bind.NOV_PLC.internal.port }}" # nova global conf nova_global_conf_dir: "/etc/nova/" 07070100000037000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003A00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-API/meta07070100000038000081A40000000000000000000000015F71E19F00000377000000000000000000000000000000000000004300000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-API/meta/main.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- dependencies: - role: nova-common ## - role: FND-AP2 ## causes "AnsibleUndefinedVariable: One or more undefined variables: ## 'neutron_common_rundir' is undefined", as a workaround added ## FND-AP2 to nova-common meta dependency07070100000039000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003B00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-API/tasks0707010000003A000081A40000000000000000000000015F71E19F00000371000000000000000000000000000000000000005700000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-API/tasks/check_upgraded_packages.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: NOV-API | check_upgraded_packages | Check upgraded packages command: /bin/true register: ardana_notify_nova_api_restart_required when: item in ardana_upgraded_pkgs | default({}) with_items: nova_api_restart_packages 0707010000003B000081A40000000000000000000000015F71E19F000010A5000000000000000000000000000000000000004900000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-API/tasks/configure.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Configure the nova-api service --- - include: ../../nova-common/tasks/_set_directories.yml vars: install_package_result: "{{ ardana_notify_nova_api_install_result }}" - name: NOV-API | configure | nova-common configure include: ../../nova-common/tasks/configure.yml - name: NOV-API | configure | notify on rootwrap or policy change command: /bin/true register: ardana_notify_nova_api_restart_required when: rootwrap_changed or nova_policy_template_result.changed - include: ../../nova-common/tasks/_write_conf.yml src: "../../NOV-API/templates/api.conf.j2" dest: "{{ nova_service_conf_dir }}/api.conf" - name: NOV-API | configure | notify on api.conf change command: /bin/true register: ardana_notify_nova_api_restart_required when: write_conf_result.changed - name: NOV-API | configure | Apply template become: yes template: src: "{{ item }}.j2" dest: "{{ nova_service_conf_dir }}/{{ item }}" owner: root group: "{{ nova_system_group }}" mode: 0640 with_items: - "api-logging.conf" - "api_audit_map.conf" - "api-paste.ini" register: ardana_notify_nova_api_restart_required - name: NOV-API | configure | Create nova audit logging directory become: yes file: path: "{{ nova_audit_log_location }}" owner: "{{ nova_system_user }}" group: "{{ nova_system_group | default('root') }}" mode: "0755" state: directory when: nova_api_audit_enable # # create modwsgi file for nova-placement-api # - name: NOV-API | configure | configure nova-placement-api vhost become: yes template: src: nova-placement-api-apache2.conf.j2 dest: "{{ apache2_vhost_dir }}/nova-placement-api-apache2.vhost" mode: 0644 register: ardana_notify_nova_placement_api_apache_restart - name: NOV-API | configure | configure nova-placement-api apache file owner become: yes file: path: "{{ log_dir }}/{{ item }}" owner: "{{ nova_system_user }}" group: "{{ nova_system_group }}" mode: 0640 state: touch with_items: - nova_placement_api_wsgi.log - nova_placement_api_wsgi-access.log - name: NOV-API | configure | set nova-placement-api log file ownership become: yes file: path: "{{ item }}" state: touch owner: "{{ nova_system_user }}" group: "adm" mode: 0640 with_items: - "{{ log_dir }}/nova_placement_api_wsgi.log" - "{{ log_dir }}/nova_placement_api_wsgi-access.log" - "{{ log_dir }}/nova-placement-api.log" - name: NOV-API | configure | Create symbolic link for placement-api startup become: yes file: src: "{{ nova_service_bin_dir }}/nova-placement-api" dest: "{{ www_root }}/nova/nova-placement-api" owner: root group: "{{ nova_system_group }}" state: link - name: NOV-API | configure | Create Symlinks for api nova.conf from install file: src: "{{ nova_service_conf_dir }}/{{ item }}" dest: "{{ nova_global_conf_dir }}/{{ item }}" owner: "{{ nova_system_user }}" group: "{{ nova_system_group }}" state: link mode: 0750 with_items: - nova.conf become: yes - name: NOV-API | configure | Create symbolic link for nova-manage script become: yes file: src: "{{ nova_service_bin_dir }}/nova-manage" dest: /usr/local/bin/nova-manage owner: root group: "{{ nova_system_group }}" state: link force: yes - name: NOV-API | configure | Create symbolic link for nova-status script become: yes file: src: "{{ nova_service_bin_dir }}/nova-status" dest: /usr/local/bin/nova-status owner: root group: "{{ nova_system_group }}" state: link force: yes 0707010000003C000081A40000000000000000000000015F71E19F00000C05000000000000000000000000000000000000004700000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-API/tasks/install.yml# # (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Install nova-api service --- - name: NOV-API | install | Update installed packager cache become: yes install_package: cache: update - name: NOV-API | install | Install the nova-api service from the nova venv become: yes install_package: name: nova service: nova-api state: present activate: act_off register: ardana_notify_nova_api_install_result - name: NOV-API | install | register persistent fact of install command: /bin/true register: ardana_notify_nova_api_restart_required when: ardana_notify_nova_api_install_result.changed - include: ../../nova-common/tasks/_set_directories.yml vars: install_package_result: "{{ ardana_notify_nova_api_install_result }}" - name: NOV-API | install | set nova_api service directories for db_configure set_fact: nova_api_etc_dir: | "{{ nova_component | config_dir(ardana_notify_nova_api_install_result.version) }}" nova_api_conf_dir: | "{{ nova_component | config_dir(ardana_notify_nova_api_install_result.version) }}/nova" nova_api_bin_dir: | "{{ nova_component | bin_dir(ardana_notify_nova_api_install_result.version) }}" - name: NOV-API | install | Setup nova-api service become: yes setup_systemd: service: nova-api user: "{{ nova_system_user }}" group: "{{ nova_system_group }}" cmd: nova-api args: > --config-file {{ nova_service_conf_dir }}/nova.conf --config-file {{ nova_service_conf_dir }}/api.conf limit_open_files: "{{ nova_api_limit_open_files }}" - name: NOV-API | install | Set nova-api service to not start on boot become: yes service: name: nova-api enabled: no # This must happen after the install_package, or a path which is meant to be a # symlink will be mkdir'd - include: ../../nova-common/tasks/install.yml # # placement api # - name: NOV-API | install | Create Nova WSGI directory become: yes file: path: "{{ www_root }}/nova" owner: "{{ nova_system_user }}" group: "{{ nova_system_group }}" mode: 0755 state: directory recurse: yes - name: NOV-API | install | Creating nova global conf directory become: yes file: path: "{{ item.dir }}" state: directory owner: "{{ nova_system_user }}" group: "{{ nova_system_group }}" mode: "{{ item.permission }}" recurse: yes with_items: - { dir: '{{ nova_global_conf_dir }}', permission: '0750'} 0707010000003D000081A40000000000000000000000015F71E19F000002EB000000000000000000000000000000000000004400000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-API/tasks/main.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: NOV-API | main | Set os-specific variables include_vars: "{{ ansible_os_family | lower }}.yml"0707010000003E000081A40000000000000000000000015F71E19F00000BA0000000000000000000000000000000000000004500000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-API/tasks/start.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Restart or start the nova-api service --- - name: NOV-API | start | Activate the latest installed version become: yes install_package: name: nova service: nova-api activate: act_on version: "{{ ardana_notify_nova_api_install_result.version }}" when: not (ardana_notify_nova_api_install_result is not defined) - name: NOV-API | start | register persistent fact of activate command: /bin/true register: ardana_notify_nova_api_restart_required when: ardana_notify_nova_api_install_result is defined and ardana_notify_nova_api_install_result.changed - name: NOV-API | start | Restart nova-api service become: yes service: name: nova-api state: restarted when: ardana_notify_nova_restart_required.changed or (ardana_notify_nova_api_restart_required is defined and ardana_notify_nova_api_restart_required.changed) - name: NOV-API | start | Ensure nova-api service is started become: yes service: name: nova-api state: started - name: NOV-API | start | Make sure nova-api service is up and responding uri: url: "{{ nova_internal_endpoint }}" status_code: 200 timeout: 20 register: nova_version_status_result until: nova_version_status_result.status is defined and nova_version_status_result.status == 200 delay: 10 retries: 3 run_once: true ignore_errors: true # # placement api # # - name: NOV-API | start | Enable nova-placement-api vhost enabled become: yes file: src: "{{ apache2_vhost_dir }}/nova-placement-api-apache2.vhost" dest: "{{ apache2_vhost_dir }}/nova-placement-api-apache2.conf" state: link register: ardana_notify_nova_placement_api_apache_restart # Set the fact for restart based on ardana_notify - name: NOV-API | start | Set fact placement api to start on ardana_notify_fact set_fact: nova_placement_api_restart_required : True when: >- ardana_notify_nova_restart_required.changed or (ardana_notify_nova_placement_api_apache_restart is defined and ardana_notify_nova_placement_api_apache_restart.changed) - include: "{{ playbook_dir }}/roles/FND-AP2/tasks/start_reload.yml" vars: apache_reload_requested: "{{ nova_placement_api_restart_required }}" apache_restart_requested: "{{ nova_placement_api_restart_required }}" 0707010000003F000081A40000000000000000000000015F71E19F000002BF000000000000000000000000000000000000004600000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-API/tasks/status.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - include: ../../nova-common/tasks/_service_status.yml07070100000040000081A40000000000000000000000015F71E19F00000673000000000000000000000000000000000000004400000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-API/tasks/stop.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Stop the nova-api service --- - name: NOV-API | stop | stop nova-api service become: yes service: name=nova-api state=stopped register: stop_result failed_when: "stop_result|failed and 'service not found' not in stop_result.msg" - name: NOV-API | stop | Disable nova-placement-api vhost enabled become: yes file: dest: "{{ apache2_vhost_dir }}/nova-placement-api-apache2.conf" state: absent register: ardana_notify_nova_placement_api_apache_restart # Set the fact for restart based on ardana_notify - name: NOV-API | stop | Set fact placement api to stop on ardana_notify_fact set_fact: nova_placement_api_restart_required : True when: >- ardana_notify_nova_placement_api_apache_restart is defined and ardana_notify_nova_placement_api_apache_restart.changed - include: "{{ playbook_dir }}/roles/FND-AP2/tasks/start_reload.yml" vars: apache_reload_requested: True apache_restart_requested: "{{ nova_placement_api_restart_required }}" 07070100000041000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003F00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-API/templates07070100000042000081A40000000000000000000000015F71E19F00000965000000000000000000000000000000000000005300000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-API/templates/api-logging.conf.j2{# # # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} [loggers] keys: root{%- if nova_api_audit_enable|bool %}, audit, oldaudit{% endif %} [handlers] keys: watchedfile, logstash{%- if nova_api_audit_enable|bool %}, auditfile{% endif %} [formatters] keys: context, logstash, minimal [logger_root] qualname: root handlers: watchedfile, logstash level: NOTSET {%- if nova_api_audit_enable|bool %} [logger_audit] qualname: oslo_messaging.notification.audit handlers: auditfile propagate: 0 level: INFO # This is here to support the deprecated qualname oslo.messaging # when this moves to oslo_messaging this logger can be removed [logger_oldaudit] qualname: oslo.messaging.notification.audit handlers: auditfile propagate: 0 level: INFO {% endif %} # Writes to disk [handler_watchedfile] class: handlers.WatchedFileHandler args: ('{{ log_dir }}/nova-api.log',) formatter: context level: INFO # Writes JSON to disk, beaver will ship to logstash [handler_logstash] class: handlers.WatchedFileHandler args: ('{{ log_dir }}/nova-api-json.log',) formatter: logstash level: INFO {%- if nova_api_audit_enable|bool %} # Writes to disk [handler_auditfile] class: handlers.WatchedFileHandler args: ('{{ nova_audit_log_location }}/nova-audit.log',) formatter: minimal level: INFO {% endif %} [formatter_minimal] format: %(message)s # datefmt must be set otherwise you end up with too many (msecs) fields [formatter_context] class: oslo_log.formatters.ContextFormatter args: (datefmt=datefmt) format: %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user)s %(tenant)s] %(instance)s%(message)s datefmt: %Y-%m-%d %H:%M:%S # the "format" and "datefmt" actually set the "type" and "tags" [formatter_logstash] class: logstash.LogstashFormatterVersion1 format: nova datefmt: nova-api 07070100000043000081A40000000000000000000000015F71E19F00000E2A000000000000000000000000000000000000005000000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-API/templates/api-paste.ini.j2{# # # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} ############ # Metadata # ############ [composite:metadata] use = egg:Paste#urlmap /: meta [pipeline:meta] pipeline = cors metaapp [app:metaapp] paste.app_factory = nova.api.metadata.handler:MetadataRequestHandler.factory ############# # OpenStack # ############# [composite:osapi_compute] use = call:nova.api.openstack.urlmap:urlmap_factory /: oscomputeversions # v21 is an exactly feature match for v2, except it has more stringent # input validation on the wsgi surface (prevents fuzzing early on the # API). It also provides new features via API microversions which are # opt into for clients. Unaware clients will receive the same frozen # v2 API feature set, but with some relaxed validation /v2: openstack_compute_api_v21_legacy_v2_compatible /v2.1: openstack_compute_api_v21 [composite:openstack_compute_api_v21] use = call:nova.api.auth:pipeline_factory_v21 noauth2 = cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit noauth2 osapi_compute_app_v21 keystone = cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit authtoken keystonecontext {%- if nova_api_audit_enable %} audit{% endif %} osapi_compute_app_v21 [composite:openstack_compute_api_v21_legacy_v2_compatible] use = call:nova.api.auth:pipeline_factory_v21 noauth2 = cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit noauth2 legacy_v2_compatible osapi_compute_app_v21 keystone = cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit authtoken keystonecontext {%- if nova_api_audit_enable %} audit{% endif %} legacy_v2_compatible osapi_compute_app_v21 [filter:request_id] paste.filter_factory = oslo_middleware:RequestId.factory [filter:compute_req_id] paste.filter_factory = nova.api.compute_req_id:ComputeReqIdMiddleware.factory [filter:faultwrap] paste.filter_factory = nova.api.openstack:FaultWrapper.factory [filter:noauth2] paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory [filter:sizelimit] paste.filter_factory = oslo_middleware:RequestBodySizeLimiter.factory [filter:http_proxy_to_wsgi] paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory [filter:legacy_v2_compatible] paste.filter_factory = nova.api.openstack:LegacyV2CompatibleWrapper.factory [app:osapi_compute_app_v21] paste.app_factory = nova.api.openstack.compute:APIRouterV21.factory [pipeline:oscomputeversions] pipeline = faultwrap http_proxy_to_wsgi oscomputeversionapp [app:oscomputeversionapp] paste.app_factory = nova.api.openstack.compute.versions:Versions.factory ########## # Shared # ########## [filter:cors] paste.filter_factory = oslo_middleware.cors:filter_factory oslo_config_project = nova [filter:keystonecontext] paste.filter_factory = nova.api.auth:NovaKeystoneContext.factory [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory {% if nova_api_audit_enable %} [filter:audit] paste.filter_factory = keystonemiddleware.audit:filter_factory audit_map_file = {{ api_audit_config }} {% endif %} 07070100000044000081A40000000000000000000000015F71E19F0000046D000000000000000000000000000000000000004B00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-API/templates/api.conf.j2{# # # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} # This file has the Ardana values that apply only to the Nova API service. # You may make changes to this file by adding sections/options below. [DEFAULT] # Logging log_config_append = "{{ nova_service_conf_dir }}/api-logging.conf" # transport_url transport_url = {{ rabbit_hosts_transport_url }} [database] backend = sqlalchemy connection = {{ database_connection }} [api_database] connection = {{ nova_api_database_connection }} ## Do NOT put anything after this line ## 07070100000045000081A40000000000000000000000015F71E19F000008AB000000000000000000000000000000000000005500000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-API/templates/api_audit_map.conf.j2{# # # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} [DEFAULT] # default target endpoint type # should match the endpoint type defined in service catalog target_endpoint_type = None [custom_actions] enable = enable disable = disable delete = delete startup = start/startup shutdown = stop/shutdown reboot = start/reboot os-migrations/get = read os-server-password/post = update # possible end path of api requests [path_keywords] add = None action = None enable = None disable = None configure-project = None defaults = None delete = None detail = None diagnostics = None entries = entry extensions = alias flavors = flavor images = image ips = label limits = None metadata = key os-agents = os-agent os-aggregates = os-aggregate os-availability-zone = None os-certificates = None os-cloudpipe = None os-fixed-ips = ip os-extra_specs = key os-flavor-access = None os-floating-ip-dns = domain os-floating-ips-bulk = host os-floating-ip-pools = None os-floating-ips = floating-ip os-hosts = host os-hypervisors = hypervisor os-instance-actions = instance-action os-keypairs = keypair os-migrations = None os-networks = network os-quota-sets = tenant os-security-groups = security_group os-security-group-rules = rule os-server-password = None os-services = None os-simple-tenant-usage = tenant os-virtual-interfaces = None os-volume_attachments = attachment os-volumes = volume os-volume-types = volume-type os-snapshots = snapshot reboot = None servers = server shutdown = None startup = None statistics = None # map endpoint type defined in service catalog to CADF typeURI [service_endpoints] compute = service/compute 07070100000046000081A40000000000000000000000015F71E19F0000066D000000000000000000000000000000000000006200000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-API/templates/nova-placement-api-apache2.conf.j2{# # # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} Listen {{ nova_placement_api_bind_host }}:{{ nova_placement_api_bind_port }} <VirtualHost {{ nova_placement_api_bind_host }}:{{ nova_placement_api_bind_port }}> WSGIScriptAlias / {{ www_root}}/nova/nova-placement-api WSGIDaemonProcess nova-placement-api processes=4 threads=5 socket-timeout=300 user={{ nova_system_user }} group={{ nova_system_group }} python-path={{ nova_service_bin_dir }}/../:{{ nova_service_bin_dir }}/../lib/python2.7/site-packages display-name=nova-placement-api WSGIApplicationGroup nova-placement-api WSGIProcessGroup nova-placement-api ErrorLog {{ log_dir }}/nova_placement_api_wsgi.log LogLevel INFO CustomLog {{ log_dir }}/nova_placement_api_wsgi-access.log combined <Directory {{ nova_service_bin_dir }}/../lib/python2.7/site-packages/nova/api/openstack/placement> Options Indexes FollowSymLinks MultiViews Require all granted AllowOverride None Order allow,deny allow from all LimitRequestBody 102400 </Directory> SetEnv no-gzip 1 </VirtualHost> 07070100000047000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003A00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-API/vars07070100000048000081A40000000000000000000000015F71E19F000003B7000000000000000000000000000000000000004500000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-API/vars/debian.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # Contains packages required for nova-api service in Debian System --- # packages listed here will be installed by nova-common | install nova_required_packages: - libmysqlclient18 - libxslt1.1 # packages listed here will trigger a restart of the service when updated nova_api_restart_packages: - libxslt1.107070100000049000081A40000000000000000000000015F71E19F000003B1000000000000000000000000000000000000004500000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-API/vars/redhat.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # Contains packages required for nova-api service in RedHat System --- # packages listed here will be installed by nova-common | install nova_required_packages: - libmysqlclient18 - libxslt # packages listed here will trigger a restart of the service when updated nova_api_restart_packages: - libxslt0707010000004A000081A40000000000000000000000015F71E19F000003F1000000000000000000000000000000000000004300000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-API/vars/suse.yml# # (c) Copyright 2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # Contains packages required for nova-api service in SUSE System --- # packages listed here will be installed by nova-common | install nova_required_packages: - libmysqlclient18 - libxslt - python-PrettyTable - python-netifaces - libsodium23 # packages listed here will trigger a restart of the service when updated nova_api_restart_packages: - libxslt 0707010000004B000041ED0000000000000000000000075F71E19F00000000000000000000000000000000000000000000003500000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CAU0707010000004C000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003E00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CAU/defaults0707010000004D000081A40000000000000000000000015F71E19F0000074E000000000000000000000000000000000000004700000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CAU/defaults/main.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # This file will contain the default values for the nova-consoleauth service --- nova_component: nova-consoleauth # the filters nova-common will copy for this service nova_rootwrap_filters: - rootwrap.d/consoleauth.filters # packages listed here will trigger a restart of the service when updated nova_consoleauth_restart_packages: [] # host_index of where consoleauth service is running consoleauth_host_index: 0 # host group consoleauth_host_group: "{{ groups[verb_hosts.NOV_CAU] }}" # facts file that stores nova_consoleauth run location run_loc_file: "{{ nova_facts_dir }}/nova_consoleauth_run_location_{{ host.my_dimensions.control_plane }}.fact" # CP variables - required for enabling disabling service keystone: nova_admin_user: "{{ NOV_API.consumes_KEY_API.vars.keystone_nova_user }}" nova_admin_password: "{{ NOV_API.consumes_KEY_API.vars.keystone_nova_password | quote }}" service_tenant: "{{ KEY_API.vars.keystone_service_tenant }}" url: "{{ NOV_API.consumes_KEY_API.vips.private[0].url }}" ca_certs_file: "{{ trusted_ca_bundle }}" # the log files nova-common will create for this service nova_log_files: - "{{ log_dir }}/nova-consoleauth.log" - "{{ log_dir }}/nova-consoleauth-json.log" 0707010000004E000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003A00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CAU/meta0707010000004F000081A40000000000000000000000015F71E19F000002AC000000000000000000000000000000000000004300000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CAU/meta/main.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- dependencies: - role: nova-common 07070100000050000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003B00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CAU/tasks07070100000051000081A40000000000000000000000015F71E19F00000469000000000000000000000000000000000000005200000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CAU/tasks/_read_run_location.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Read the nova-consoleauth service run location from deployer fact file --- - name: NOV-CAU | _read_run_location | check run location fact file exists become: yes delegate_to: localhost stat: path: "{{ run_loc_file }}" register: stat_run_loc_file_result - name: NOV-CAU | _read_run_location | read file - set fact become: yes delegate_to: localhost set_fact: consoleauth_host_index: "{{ lookup('file', run_loc_file) }}" when: stat_run_loc_file_result.stat.exists 07070100000052000081A40000000000000000000000015F71E19F00000381000000000000000000000000000000000000005700000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CAU/tasks/check_upgraded_packages.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: NOV-CAU | check_upgraded_packages | Check upgraded packages command: /bin/true register: ardana_notify_nova_consoleauth_restart_required when: item in ardana_upgraded_pkgs | default({}) with_items: nova_consoleauth_restart_packages 07070100000053000081A40000000000000000000000015F71E19F000006D1000000000000000000000000000000000000004900000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CAU/tasks/configure.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Configure the nova-consoleauth service --- - include: ../../nova-common/tasks/_set_directories.yml vars: install_package_result: "{{ ardana_notify_nova_consoleauth_install_result }}" - include: ../../nova-common/tasks/configure.yml - name: NOV-CAU | configure | notify on rootwrap change command: /bin/true register: ardana_notify_nova_consoleauth_restart_required when: rootwrap_changed - include: ../../nova-common/tasks/_write_conf.yml src: "../../NOV-CAU/templates/consoleauth.conf.j2" dest: "{{ nova_service_conf_dir }}/consoleauth.conf" - name: NOV-CAU | configure | notify on consoleauth.conf change command: /bin/true register: ardana_notify_nova_consoleauth_restart_required when: write_conf_result.changed - name: NOV-CAU | configure | Apply template become: yes template: src: "{{ item }}.j2" dest: "{{ nova_service_conf_dir }}/{{ item }}" owner: root group: "{{ nova_system_group }}" mode: 0640 with_items: - "consoleauth-logging.conf" register: ardana_notify_nova_consoleauth_restart_required 07070100000054000081A40000000000000000000000015F71E19F00000809000000000000000000000000000000000000004700000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CAU/tasks/install.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Install nova-consoleauth service --- - name: NOV-CAU | install | Update installed packager cache become: yes install_package: cache: update - name: NOV-CAU | install | Install the nova-consoleauth service from the nova venv become: yes install_package: name: nova service: nova-consoleauth state: present activate: act_off register: ardana_notify_nova_consoleauth_install_result - name: NOV-CAU | install | register persistent fact of install command: /bin/true register: ardana_notify_nova_consoleauth_restart_required when: ardana_notify_nova_consoleauth_install_result.changed - include: ../../nova-common/tasks/_set_directories.yml vars: install_package_result: "{{ ardana_notify_nova_consoleauth_install_result }}" - name: NOV-CAU | install | Setup nova-consoleauth service become: yes setup_systemd: service: nova-consoleauth user: "{{ nova_system_user }}" group: "{{ nova_system_group }}" cmd: nova-consoleauth args: > --config-file {{ nova_service_conf_dir }}/nova.conf --config-file {{ nova_service_conf_dir }}/rootwrap.conf --config-file {{ nova_service_conf_dir }}/consoleauth.conf - name: NOV-CAU | install | Set nova-consoleauth service to not start on boot become: yes service: name: nova-consoleauth enabled: no - include: ../../nova-common/tasks/install.yml 07070100000055000081A40000000000000000000000015F71E19F000002EB000000000000000000000000000000000000004400000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CAU/tasks/main.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: NOV-CAU | main | Set os-specific variables include_vars: "{{ ansible_os_family | lower }}.yml"07070100000056000081A40000000000000000000000015F71E19F000011B0000000000000000000000000000000000000004500000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CAU/tasks/start.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Restart or start the nova-consoleauth service --- - name: NOV-CAU | start | Activate the latest installed version become: yes install_package: name: nova service: nova-consoleauth activate: act_on version: "{{ ardana_notify_nova_consoleauth_install_result.version }}" when: not (ardana_notify_nova_consoleauth_install_result is not defined) - name: NOV-CAU | start | register persistent fact of activate command: /bin/true register: ardana_notify_nova_consoleauth_restart_required when: ardana_notify_nova_consoleauth_install_result is defined and ardana_notify_nova_consoleauth_install_result.changed - include: _read_run_location.yml # consoleauth_host_index specifies the index of the host where consoleauth # should be running. # we match the consoleauth_host_index with the index of the inventory_host - name: NOV-CAU | start | Restart nova-consoleauth service become: yes service: name: nova-consoleauth state: restarted when: ({{ consoleauth_host_index }} == {{ consoleauth_host_group.index(inventory_hostname) }} ) and (ardana_notify_nova_restart_required.changed or (ardana_notify_nova_consoleauth_restart_required is defined and ardana_notify_nova_consoleauth_restart_required.changed)) # ignore errors as nova-api will not be able to service this # request during deploy - name: NOV-CAU | start | Enable consoleauth service shell: > nova service-enable {{ host.my_dimensions.hostname }} nova-consoleauth when: ({{ consoleauth_host_index }} == {{ consoleauth_host_group.index(inventory_hostname) }}) ignore_errors: True environment: OS_USERNAME: "{{ keystone.nova_admin_user }}" OS_PROJECT_NAME: "{{ keystone.service_tenant }}" OS_PASSWORD: "{{ keystone.nova_admin_password }}" OS_USER_DOMAIN_NAME: Default OS_PROJECT_DOMAIN_NAME: Default OS_AUTH_URL: "{{ keystone.url }}/v3" OS_ENDPOINT_TYPE: internalURL OS_CACERT: "{{ ca_certs_file }}" - name: NOV-CAU | start | Ensure nova-consoleauth service started become: yes service: name: nova-consoleauth state: started when: ({{ consoleauth_host_index }} == {{ consoleauth_host_group.index(inventory_hostname) }}) - name: NOV-CAU | start | Remove nova-consoleauth monasca process check from inactive nodes become: yes monasca_agent_plugin: name: "nova" state: "absent" args: service_api_url: "{{ nova_api_url }}" component_name: "nova-consoleauth" when: ({{ consoleauth_host_index }} != {{ consoleauth_host_group.index(inventory_hostname) }}) ignore_errors: True - name: NOV-CAU | start | Stop consoleauth where not needed become: yes service: name: nova-consoleauth state: stopped when: ({{ consoleauth_host_index }} != {{ consoleauth_host_group.index(inventory_hostname) }}) # ignore errors as nova-api will not be able to service this # request during deploy - name: NOV-CAU | start | Disable consoleauth where not needed shell: > nova service-disable {{ host.my_dimensions.hostname }} nova-consoleauth --reason "singleton running elsewhere" when: ({{ consoleauth_host_index }} != {{ consoleauth_host_group.index(inventory_hostname) }}) ignore_errors: True environment: OS_USERNAME: "{{ keystone.nova_admin_user }}" OS_PROJECT_NAME: "{{ keystone.service_tenant }}" OS_PASSWORD: "{{ keystone.nova_admin_password }}" OS_USER_DOMAIN_NAME: Default OS_PROJECT_DOMAIN_NAME: Default OS_AUTH_URL: "{{ keystone.url }}/v3" OS_ENDPOINT_TYPE: internalURL OS_CACERT: "{{ ca_certs_file }}" # write to deployer fact file where we started service - name: NOV-CAU | start | copy consoleauth_host_index to nova.fact on localhost become: yes delegate_to: localhost copy: dest: "{{ run_loc_file }}" content: "{{ consoleauth_host_index }}" mode: 0644 07070100000057000081A40000000000000000000000015F71E19F0000032E000000000000000000000000000000000000004600000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CAU/tasks/status.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - include: _read_run_location.yml - include: ../../nova-common/tasks/_singleton_service_status.yml vars: singleton_host_index: "{{ consoleauth_host_index }}" 07070100000058000081A40000000000000000000000015F71E19F00000390000000000000000000000000000000000000004400000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CAU/tasks/stop.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Stop the nova-consoleauth service --- - name: NOV-CAU | stop | stop nova-consoleauth service become: yes service: name=nova-consoleauth state=stopped register: stop_result failed_when: "stop_result|failed and 'service not found' not in stop_result.msg" 07070100000059000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003F00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CAU/templates0707010000005A000081A40000000000000000000000015F71E19F000006CC000000000000000000000000000000000000005B00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CAU/templates/consoleauth-logging.conf.j2{# # # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} [loggers] keys: root, iso8601 [handlers] keys: watchedfile, logstash [formatters] keys: context, logstash [logger_root] qualname: root handlers: watchedfile, logstash level: NOTSET [logger_iso8601] qualname: iso8601 handlers: watchedfile, logstash level: WARNING # Writes to disk [handler_watchedfile] class: handlers.WatchedFileHandler args: ('{{ log_dir }}/nova-consoleauth.log',) formatter: context # Writes JSON to disk, beaver will ship to logstash [handler_logstash] class: handlers.WatchedFileHandler args: ('{{ log_dir }}/nova-consoleauth-json.log',) formatter: logstash level: INFO # datefmt must be set otherwise you end up with too many (msecs) fields [formatter_context] class: oslo_log.formatters.ContextFormatter args: (datefmt=datefmt) format: %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user)s %(tenant)s] %(instance)s%(message)s datefmt: %Y-%m-%d %H:%M:%S # the "format" and "datefmt" actually set the "type" and "tags" [formatter_logstash] class: logstash.LogstashFormatterVersion1 format: nova datefmt: nova-consoleauth 0707010000005B000081A40000000000000000000000015F71E19F00000431000000000000000000000000000000000000005300000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CAU/templates/consoleauth.conf.j2{# # # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} # This file has the Ardana values that apply only to the Consoleauth service. # You may make changes to this file by adding sections/options below. [DEFAULT] # Logging log_config_append = "{{ nova_service_conf_dir }}/consoleauth-logging.conf" [database] backend = sqlalchemy connection = {{ database_connection }} [api_database] connection = {{ nova_api_database_connection }} ## Do NOT put anything after this line ## 0707010000005C000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003A00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CAU/vars0707010000005D000081A40000000000000000000000015F71E19F0000039A000000000000000000000000000000000000004500000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CAU/vars/debian.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # Contains packages required for nova-consoleauth service in Debian System --- # packages listed here will be installed by nova-common | install nova_required_packages: [] # packages listed here will trigger a restart of the service when updated nova_consoleauth_restart_packages: []0707010000005E000081A40000000000000000000000015F71E19F0000039A000000000000000000000000000000000000004500000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CAU/vars/redhat.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # Contains packages required for nova-consoleauth service in RedHat System --- # packages listed here will be installed by nova-common | install nova_required_packages: [] # packages listed here will trigger a restart of the service when updated nova_consoleauth_restart_packages: []0707010000005F000081A40000000000000000000000015F71E19F00000399000000000000000000000000000000000000004300000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CAU/vars/suse.yml# # (c) Copyright 2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # Contains packages required for nova-consoleauth service in SUSE System --- # packages listed here will be installed by nova-common | install nova_required_packages: [] # packages listed here will trigger a restart of the service when updated nova_consoleauth_restart_packages: [] 07070100000060000041ED0000000000000000000000045F71E19F00000000000000000000000000000000000000000000003500000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CLI07070100000061000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003E00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CLI/defaults07070100000062000081A40000000000000000000000015F71E19F0000047E000000000000000000000000000000000000004700000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CLI/defaults/main.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # CP variables --- keystone: nova_admin_user: "{{ NOV_API.consumes_KEY_API.vars.keystone_nova_user }}" nova_admin_password: "{{ NOV_API.consumes_KEY_API.vars.keystone_nova_password | quote }}" role: "{{ KEY_API.vars.keystone_admin_role }}" service_tenant: "{{ KEY_API.vars.keystone_service_tenant }}" url: "{{ NOV_API.consumes_KEY_API.vips.private[0].url }}" nova_api: internal_url: "{{ NOV_API.advertises.vips.private[0].url }}/v2/%(tenant_id)s" internal_region: "{{ NOV.regions | first }}" 07070100000063000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003B00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CLI/tasks07070100000064000081A40000000000000000000000015F71E19F000007F7000000000000000000000000000000000000005200000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CLI/tasks/availability_zones.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # Create host aggregate and availability zone - name: NOV-CLI | availability_zones | create host aggregate and az become: yes nova_host_aggregate: state: present auth_url: "{{ keystone.url }}/v3" login_username: "{{ keystone.nova_admin_user }}" login_password: "{{ keystone.nova_admin_password }}" login_tenant_name: "{{ keystone.service_tenant }}" region_name: "{{ nova_api.internal_region }}" name: "{{ item }}" availability_zone: "{{ item }}" run_once: true environment: NOVACLIENT_BYPASS_URL: "{{ nova_api.internal_url }}" with_items: zone_types.nova_availability_zones when: ( ( zone_types.nova_availability_zones | length ) > 0 ) # Add host to availability zone - name: NOV-CLI | availability_zones | add host to az become: yes nova_host_aggregate: state: present auth_url: "{{ keystone.url }}/v3" login_username: "{{ keystone.nova_admin_user }}" login_password: "{{ keystone.nova_admin_password }}" login_tenant_name: "{{ keystone.service_tenant }}" region_name: "{{ nova_api.internal_region }}" name: "{{ hostvars[item].host.failure_zone }}" host: "{{ hostvars[item].host.my_dimensions.hostname }}" run_once: true environment: NOVACLIENT_BYPASS_URL: "{{ nova_api.internal_url }}" with_items: groups[verb_hosts.NOV_CMP] when: ( ( zone_types.nova_availability_zones | length ) > 0 ) 07070100000065000041ED0000000000000000000000075F71E19F00000000000000000000000000000000000000000000003500000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP07070100000066000041ED0000000000000000000000075F71E19F00000000000000000000000000000000000000000000003900000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-ESX07070100000067000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000004200000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-ESX/defaults07070100000068000081A40000000000000000000000015F71E19F0000076C000000000000000000000000000000000000004B00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-ESX/defaults/main.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # variables to go into hypervisor.conf in vcenter compute proxy vcenter_encrypted_password: "{%- if global.pass_through is defined -%} {%- if global.pass_through.vmware is defined -%} {%- for vc in global.pass_through.vmware -%} {%- if vc.id == host.pass_through.vmware.vcenter_id -%} {{ vc.password }} {%- endif -%} {%- endfor -%} {%- endif -%} {%- endif -%}" vmware_vcenter_id: "{{ host.pass_through.vmware.vcenter_id }}" esx_default_driver: "vmwareapi.VMwareVCDriver" esx_compute_driver_list: "{{ NOV_ESX | get_provided_data_values('compute_driver') }}" esx_compute_driver: "{%- if esx_compute_driver_list|length > 0 -%} {{ esx_compute_driver_list | last }} {%- else -%} {{ esx_default_driver }} {%- endif -%}" neutron_ovs_bridge: "{%- set ovs_br_list = NOV_ESX | provided_data('ovs_bridge') -%} {%- if ovs_br_list | length > 0 -%} {{ ovs_br_list | last }} {%- endif -%}" 07070100000069000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003E00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-ESX/meta0707010000006A000081A40000000000000000000000015F71E19F000002BE000000000000000000000000000000000000004700000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-ESX/meta/main.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- dependencies: - role: nova-common - role: NOV-CMP 0707010000006B000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003F00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-ESX/tasks0707010000006C000081A40000000000000000000000015F71E19F00000379000000000000000000000000000000000000005B00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-ESX/tasks/check_upgraded_packages.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: NOV-CMP-ESX | check_upgraded_packages | Check upgraded packages command: /bin/true register: ardana_notify_nova_compute_restart_required when: item in ardana_upgraded_pkgs | default({}) with_items: nova_esx_restart_packages 0707010000006D000081A40000000000000000000000015F71E19F000005C5000000000000000000000000000000000000004D00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-ESX/tasks/configure.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Configure the hypervisor.conf specific to vmware --- - include: ../../nova-common/tasks/_set_directories.yml vars: install_package_result: "{{ ardana_notify_nova_compute_install_result }}" # hypervisor.conf will be loaded last by nova-compute # filename should remain the same across hypervisors # we can use nova_service_conf_dir as this will be set to compute # by including the nova-compute role as a dependency - include: ../../nova-common/tasks/_write_conf.yml src: "../../NOV-CMP-ESX/templates/hypervisor.conf.j2" dest: "{{ nova_service_conf_dir }}/hypervisor.conf" owner: "{{ nova_system_user }}" group: "{{ nova_system_group }}" - name: NOV-CMP-ESX | configure | notify on hypervisor.conf change command: /bin/true register: ardana_notify_nova_compute_restart_required when: write_conf_result.changed 0707010000006E000081A40000000000000000000000015F71E19F000002EF000000000000000000000000000000000000004800000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-ESX/tasks/main.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: NOV-CMP-ESX | main | Set os-specific variables include_vars: "{{ ansible_os_family | lower }}.yml"0707010000006F000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000004300000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-ESX/templates07070100000070000081A40000000000000000000000015F71E19F0000071B000000000000000000000000000000000000005600000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-ESX/templates/hypervisor.conf.j2{# # # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} # You may make changes to this file by adding sections/options below. [DEFAULT] # Compute compute_driver = {{ esx_compute_driver }} allow_resize_to_same_host = True [vmware] {% if host.pass_through.vmware.vcenter_ip is defined and host.pass_through.vmware.vcenter_ip != "" %} host_ip = {{ host.pass_through.vmware.vcenter_ip }} host_port = {{ host.pass_through.vmware.vcenter_port }} host_username = {{ host.pass_through.vmware.vcenter_username }} {% else %} {% for vc in global.pass_through.vmware %}{% if vc.id == vmware_vcenter_id %} host_ip = {{ vc.ip }} host_port = {{ vc.port }} host_username = {{ vc.username }} {% endif %} {% endfor %} {% endif %} host_password = {{ vcenter_encrypted_password | openstack_user_password_decrypt }} cluster_name = {{ host.pass_through.vmware.vcenter_cluster }} insecure = True vmwareapi_nic_attach_retry_count = 60 # VNC [vnc] novncproxy_base_url = {{ novncproxy_base_url }} vncserver_listen = 0.0.0.0 vncserver_proxyclient_address = {{ vncserver_proxyclient_address }} enabled = True {% if neutron_ovs_bridge != "" %} [neutron] ovs_bridge = {{ neutron_ovs_bridge }} {% endif %} ## Do NOT put anything after this line ## 07070100000071000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003E00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-ESX/vars07070100000072000081A40000000000000000000000015F71E19F000003C4000000000000000000000000000000000000004900000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-ESX/vars/debian.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # Contains packages names and default values required for nova-compute-esx # to work in Debian System --- # packages listed here will be installed by nova-common | install nova_required_packages: [] # packages listed here will trigger a restart of libvirt and the compute service # when updated nova_esx_restart_packages: []07070100000073000081A40000000000000000000000015F71E19F000003C4000000000000000000000000000000000000004900000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-ESX/vars/redhat.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # Contains packages names and default values required for nova-compute-esx # to work in RedHat System --- # packages listed here will be installed by nova-common | install nova_required_packages: [] # packages listed here will trigger a restart of libvirt and the compute service # when updated nova_esx_restart_packages: []07070100000074000081A40000000000000000000000015F71E19F000003C3000000000000000000000000000000000000004700000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-ESX/vars/suse.yml# # (c) Copyright 2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # Contains packages names and default values required for nova-compute-esx # to work in SUSE System --- # packages listed here will be installed by nova-common | install nova_required_packages: [] # packages listed here will trigger a restart of libvirt and the compute service # when updated nova_esx_restart_packages: [] 07070100000075000041ED0000000000000000000000065F71E19F00000000000000000000000000000000000000000000003900000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-HYP07070100000076000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000004200000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-HYP/defaults07070100000077000081A40000000000000000000000015F71E19F0000078F000000000000000000000000000000000000004B00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-HYP/defaults/main.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- win_service: nova win_service_name: OpenStack Nova Compute Service win_nova_conf_dir: etc\nova win_conf_dir: "{{ [win_ardana_dir, win_service, build_url.svc_dir, win_nova_conf_dir] | join(path_separator) }}" win_bin_dir: "{{ [win_ardana_dir, win_service, build_url.svc_dir, 'bin'] | join(path_separator) }}" win_nova_conf_name: nova.conf win_nova_conf_path: "{{ [win_conf_dir, win_nova_conf_name] | join(path_separator) }}" win_hypervisor_conf_name: hypervisor.conf win_hypervisor_conf_path: "{{ [win_conf_dir, win_hypervisor_conf_name] | join(path_separator) }}" win_compute_conf_name: compute.conf win_compute_conf_path: "{{ [win_conf_dir, win_compute_conf_name] | join(path_separator) }}" win_compute_logging_conf_name: compute-logging.conf win_compute_logging_conf_path: "{{ [win_conf_dir, win_compute_logging_conf_name ] | join(path_separator) }}" win_service_conf_name: novaservice.conf win_service_conf_path: "{{ [win_ardana_dir, 'setup', win_service_conf_name] | join(path_separator) }}" win_policy_file_name: policy.json win_policy_file_path: "{{ [win_conf_dir, win_policy_file_name] | join(path_separator) }}" win_jinja_vars: '#jinja2: newline_sequence:"\\r\\n"' nova_service_conf_dir: "{{ win_conf_dir }}" nova_service_bin_dir: "{{ win_bin_dir }}" 07070100000078000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003E00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-HYP/meta07070100000079000081A40000000000000000000000015F71E19F000002C6000000000000000000000000000000000000004700000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-HYP/meta/main.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- dependencies: - role: win-install-package - role: nova-common 0707010000007A000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003F00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-HYP/tasks0707010000007B000081A40000000000000000000000015F71E19F000006BC000000000000000000000000000000000000004F00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-HYP/tasks/_write_conf.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: NOV-CMP-HYP | _write_conf | Check if the conf already exists win_stat: path: "{{ dest }}" register: win_conf_stat_result - name: NOV-CMP-HYP | _write_conf | Get timestamp raw: powershell Get-Date -Format yyyyMMddHHmmss register: time_result changed_when: False - name: NOV-CMP-HYP | _write_conf | Create a backup of the existing conf raw: COPY "{{ dest }}" "{{ dest }}-{{ time_result.stdout_lines[0] }}.conf" when: win_conf_stat_result.stat.exists - name: NOV-CMP-HYP | _write_conf | Copy the conf file win_template: src: "{{ src }}" dest: "{{ dest }}" register: ardana_notify_win_nova_restart_required - name: NOV-CMP-HYP | _write_conf | Delete backup of the unchanged file win_file: path: "{{ dest }}-{{ time_result.stdout_lines[0] }}.conf" state: absent when: ardana_notify_win_nova_restart_required.changed != True - name: NOV-CMP-HYP | _write_conf | remove all but last 10 backups of the conf raw: powershell -file "{{ [win_ardana_dir, 'setup', 'delete_backups.ps1'] | join(path_separator) }}" "{{ dest }}" 0707010000007C000081A40000000000000000000000015F71E19F00000508000000000000000000000000000000000000005400000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-HYP/tasks/_write_templates.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # # This is to generate windows specific templates on the deployer node from # the common templates. # The windows specific templates need the following line at the beginning of # the file to template new line characters. # '#jinja2: newline_sequence:"\\r\\n"' # The second task inserts the above line in the template. --- - name: NOV-CMP-HYP | _write_templates | copy common template to NOV-CMP-HYP raw: cp {{ src }} {{ dest }} run_once: true delegate_to: localhost - name: NOV-CMP-HYP | _write_templates | make the template windows specific raw: sed -i '1 i \{{ win_jinja_vars }}' {{ dest }} run_once: true delegate_to: localhost 0707010000007D000081A40000000000000000000000015F71E19F00000C06000000000000000000000000000000000000004D00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-HYP/tasks/configure.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - include: ../../win-install-package/tasks/_setvars.yml when: win_service_config_result is not defined - include: ../../win-install-package/tasks/check_version.yml - name: NOV-CMP-HYP | configure | set os-specific variables include_vars: ../../nova-common/vars/{{ ansible_os_family | lower }}.yml - name: NOV-CMP-HYP | configure | set os-specific variables for logging include_vars: ../../NOV-CMP/vars/{{ ansible_os_family | lower }}.yml - name: NOV-CMP-HYP | configure | Get instance VHD path raw: powershell (Get-VMHost -ComputerName localhost).VirtualHardDiskPath register: win_instance_path_result - name: NOV-CMP-HYP | configure | set instance path fact set_fact: win_instance_path: "{{ win_instance_path_result.stdout_lines[0].rstrip(' \\\\') }}" - name: NOV-CMP-HYP | configure | check if the host is a part of a cluster raw : powershell (Get-WindowsFeature "Failover-Clustering").Installed register: win_cluster_result - name: NOV-CMP-HYP | configure | set fact whether the host is in a cluster set_fact: win_cluster: "{{ win_cluster_result.stdout_lines[0] }}" - name: NOV-CMP-HYP | configure | Create the conf directory win_file: path: "{{ win_conf_dir }}" state: directory - include: _write_templates.yml src: roles/nova-common/templates/nova.conf.j2 dest: roles/NOV-CMP-HYP/templates/nova.conf.j2 - include: _write_templates.yml src: roles/nova-common/templates/policy.json.j2 dest: roles/NOV-CMP-HYP/templates/policy.json.j2 - include: _write_templates.yml src: roles/NOV-CMP/templates/compute.conf.j2 dest: roles/NOV-CMP-HYP/templates/compute.conf.j2 - include: _write_templates.yml src: roles/NOV-CMP/templates/compute-logging.conf.j2 dest: roles/NOV-CMP-HYP/templates/compute-logging.conf.j2 - include: _write_conf.yml src: hypervisor.conf.j2 dest: "{{ win_hypervisor_conf_path }}" - include: _write_conf.yml src: nova.conf.j2 dest: "{{ win_nova_conf_path }}" - include: _write_conf.yml src: compute.conf.j2 dest: "{{ win_compute_conf_path }}" - include: _write_conf.yml src: compute-logging.conf.j2 dest: "{{ win_compute_logging_conf_path }}" - include: _write_conf.yml src: policy.json.j2 dest: '{{ win_policy_file_path }}' - name: NOV-CMP-HYP | configure | Copy service conf win_template: src: novaservice.conf.j2 dest: '{{ win_service_conf_path }}' - include: ../../win-install-package/tasks/configure.yml 0707010000007E000081A40000000000000000000000015F71E19F000002BB000000000000000000000000000000000000004B00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-HYP/tasks/install.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - include: ../../win-install-package/tasks/install.yml 0707010000007F000081A40000000000000000000000015F71E19F0000056F000000000000000000000000000000000000004900000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-HYP/tasks/start.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: NOV-CMP-HYP | start | Restart nova-compute service win_service: name: "{{ win_service_name }}" state: restarted when: ardana_notify_win_nova_restart_required.changed and ardana_notify_win_nova_restart_required is defined register: win_nova_restarted_result # Start the service in the case when ardana_notify_win_nova_restart_required # is false. # Eg., when nova-start.yml is run independently. # # Execute this only when the above task is skipped and the service start # is not yet triggered - name: NOV-CMP-HYP | start | Ensure nova-compute service is started win_service: name: "{{ win_service_name }}" state: started register: _service_status_started_result when: win_nova_restarted_result|skipped 07070100000080000081A40000000000000000000000015F71E19F00000444000000000000000000000000000000000000004A00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-HYP/tasks/status.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: NOV-CMP-HYP | status | Print service being checked debug: msg: "Running service check for {{ win_service_name }}" run_once: true - name: NOV-CMP-HYP | status | Get Service Status win_service: name: "{{ win_service_name }}" register: _service_status_result - name: NOV-CMP-HYP | status | Check Service status fail: msg: "{{ win_service_name }} is not running." when: _service_status_result.state == 'stopped' 07070100000081000081A40000000000000000000000015F71E19F0000031E000000000000000000000000000000000000004800000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-HYP/tasks/stop.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: NOV-CMP-HYP | stop | Stop service win_service: name: "{{ win_service_name }}" state: stopped register: _service_status_stopped_result 07070100000082000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000004300000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-HYP/templates07070100000083000081A40000000000000000000000015F71E19F000005F4000000000000000000000000000000000000005600000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-HYP/templates/hypervisor.conf.j2#jinja2: newline_sequence:'\r\n' {# # # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} # This configuration file includes the default values for Ardana # Changes may be made to this file by the customer. # Layout / order of settings in this file can be found: # http://docs.openstack.org/liberty/config-reference/content/list-of-compute-config-options.html [DEFAULT] logfile=nova-compute.log {% if win_cluster | bool %} compute_driver=hyperv.cluster.hadriver.HyperVHADriver {% else %} compute_driver=hyperv.driver.HyperVDriver {% endif %} instances_path="{{ win_instance_path }}" policy_file="{{ win_policy_file_path }}" mkisofs_cmd="{{ win_bin_dir }}\mkisofs.exe" vif_plugging_timeout = 300 reserved_host_memory_mb = 12288 [hyperv] qemu_img_cmd="{{ win_bin_dir }}\\qemu-img.exe" limit_cpu_features=False config_drive_inject_password=False config_drive_cdrom = True dynamic_memory_ratio=1 enable_instance_metrics_collection=False 07070100000084000081A40000000000000000000000015F71E19F00000485000000000000000000000000000000000000005700000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-HYP/templates/novaservice.conf.j2#jinja2: newline_sequence:'\r\n' {# # # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} [DEFAULT] python_path = {{ [win_ardana_dir, win_service, build_url.svc_dir, win_service, 'scripts', 'python.exe'] | join(path_separator) }} script_path = {{ [win_ardana_dir, win_service, build_url.svc_dir, win_service, 'scripts', 'nova-compute-script.py'] | join(path_separator) }} service_name = {{ win_service_name }} confs = --config-file,{{ win_nova_conf_path }},--config-file,{{ win_hypervisor_conf_path }},--config-file,{{ win_compute_conf_path }} 07070100000085000041ED0000000000000000000000075F71E19F00000000000000000000000000000000000000000000003900000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-IRN07070100000086000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000004200000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-IRN/defaults07070100000087000081A40000000000000000000000015F71E19F0000047D000000000000000000000000000000000000004B00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-IRN/defaults/main.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # This file will contain the default values for the nova ironic component --- ## [ironic] ironic_api_endpoint_url: "{{ NOV_CMP_IRN.consumes_IRN_API.vips.private[0].url }}/v1" admin_tenant_name : "{{ KEY_API.vars.keystone_service_tenant }}" keystone_ironic_password : "{{ IRN_API.consumes_KEY_API.vars.keystone_ironic_password | quote }}" keystone_ironic_user : "{{ IRN_API.consumes_KEY_API.vars.keystone_ironic_user }}" ironic_admin_auth_uri : "{{ IRN_API.consumes_KEY_API.vips.private[0].url }}/v3" 07070100000088000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003E00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-IRN/meta07070100000089000081A40000000000000000000000015F71E19F000002BE000000000000000000000000000000000000004700000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-IRN/meta/main.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- dependencies: - role: nova-common - role: NOV-CMP 0707010000008A000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003F00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-IRN/tasks0707010000008B000081A40000000000000000000000015F71E19F00000379000000000000000000000000000000000000005B00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-IRN/tasks/check_upgraded_packages.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: NOV-CMP-IRN | check_upgraded_packages | Check upgraded packages command: /bin/true register: ardana_notify_nova_compute_restart_required when: item in ardana_upgraded_pkgs | default({}) with_items: nova_irn_restart_packages 0707010000008C000081A40000000000000000000000015F71E19F00000585000000000000000000000000000000000000004D00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-IRN/tasks/configure.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Configure the hypervisor.conf specific to ironic --- - include: ../../nova-common/tasks/_set_directories.yml vars: install_package_result: "{{ ardana_notify_nova_compute_install_result }}" # hypervisor.conf will be loaded last by nova-compute # filename should remain the same across hypervisors # we can use nova_service_conf_dir as this will be set to compute # by including the nova-compute role as a dependency - include: ../../nova-common/tasks/_write_conf.yml src: "../../NOV-CMP-IRN/templates/hypervisor.conf.j2" dest: "{{ nova_service_conf_dir }}/hypervisor.conf" - name: NOV-CMP-IRN | configure | notify on hypervisor.conf change command: /bin/true register: ardana_notify_nova_compute_restart_required when: write_conf_result.changed 0707010000008D000081A40000000000000000000000015F71E19F000002B8000000000000000000000000000000000000004B00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-IRN/tasks/install.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - include: ../../nova-common/tasks/install.yml 0707010000008E000081A40000000000000000000000015F71E19F000002EF000000000000000000000000000000000000004800000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-IRN/tasks/main.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: NOV-CMP-IRN | main | Set os-specific variables include_vars: "{{ ansible_os_family | lower }}.yml"0707010000008F000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000004300000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-IRN/templates07070100000090000081A40000000000000000000000015F71E19F000005F7000000000000000000000000000000000000005600000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-IRN/templates/hypervisor.conf.j2{# # # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} # This file has the Ardana values that apply only to the ironic hypervisor. # You may make changes to this file by adding sections/options below. [DEFAULT] # Compute compute_driver = ironic.IronicDriver reserved_host_disk_mb = 0 reserved_host_memory_mb = 0 ram_allocation_ratio = 1.0 firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_manager = ironic.nova.compute.manager.ClusteredComputeManager [ironic] auth_type = v3password auth_url = {{ ironic_admin_auth_uri }} project_name = {{ admin_tenant_name }} username = {{ keystone_ironic_user }} password = {{ keystone_ironic_password }} # We are hardcoding the domain to 'Default' for backward compatibility. # In the future, these need to be coming from vars. project_domain_name = Default user_domain_name = Default api_endpoint = {{ ironic_api_endpoint_url }} ## Do NOT put anything after this line ## 07070100000091000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003E00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-IRN/vars07070100000092000081A40000000000000000000000015F71E19F000003C4000000000000000000000000000000000000004900000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-IRN/vars/debian.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # Contains packages names and default values required for nova-compute-irn # to work in Debian System --- # packages listed here will be installed by nova-common | install nova_required_packages: [] # packages listed here will trigger a restart of libvirt and the compute service # when updated nova_irn_restart_packages: []07070100000093000081A40000000000000000000000015F71E19F000003C4000000000000000000000000000000000000004900000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-IRN/vars/redhat.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # Contains packages names and default values required for nova-compute-irn # to work in RedHat System --- # packages listed here will be installed by nova-common | install nova_required_packages: [] # packages listed here will trigger a restart of libvirt and the compute service # when updated nova_irn_restart_packages: []07070100000094000081A40000000000000000000000015F71E19F000003C3000000000000000000000000000000000000004700000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-IRN/vars/suse.yml# # (c) Copyright 2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # Contains packages names and default values required for nova-compute-irn # to work in SUSE System --- # packages listed here will be installed by nova-common | install nova_required_packages: [] # packages listed here will trigger a restart of libvirt and the compute service # when updated nova_irn_restart_packages: [] 07070100000095000041ED0000000000000000000000095F71E19F00000000000000000000000000000000000000000000003900000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM07070100000096000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000004200000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/defaults07070100000097000081A40000000000000000000000015F71E19F0000081F000000000000000000000000000000000000004B00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/defaults/main.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # This file will contain the default values for the nova kvm component # that are the same on every distro. If they need to be different on # different distros then put them in vars/<distro>.yml --- nova_private_ssh_key: "{{ NOV_KVM.vars.nova_ssh_key.private }}" nova_vcpu_pin_set: "{{ host | item('cpu_assignments.NOV_KVM.vm.processor_list', default='') }}" nova_cgroup_device_acl: - /dev/null - /dev/full - /dev/dayzero - /dev/random - /dev/urandom - /dev/ptmx - /dev/kvm - /dev/kqemu - /dev/rtc - /dev/hpet - /dev/vfio/vfio huge_page_sizes: "{{ non_numa_huge_pages | union(numa_huge_pages) | map(attribute='size') | unique | list }}" neutron_ovs_bridge: "{%- set ovs_br_list = NOV_KVM | provided_data('ovs_bridge') -%} {%- if ovs_br_list | length > 0 -%} {{ ovs_br_list | last }} {%- endif -%}" # Flag to indicate whether on RHEL computes, selinux policy updates need to be # applied or not? nova_rhel_compute_apply_selinux_policy_updates: false # SES Integration nova_ses_enabled: "{{ 'True' if ses_nova_user_name is defined else 'False' }}" nova_ses_user_name: "{{ ses_nova_user_name | default('') }}" nova_ses_pool_name: "{{ ses_nova_pool_name | default('') }}" nova_ses_secret_uuid: "{{ ses_nova_secret_uuid | default('') }}" nova_ses_ceph_conf_file_path: "{{ ses_conf_file_path | default('') }}" nova_ses_cinder_keyring_file_path: "{{ ses_cinder_keyring_file_path | default('') }}" 07070100000098000041ED0000000000000000000000035F71E19F00000000000000000000000000000000000000000000003F00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/files07070100000099000041ED0000000000000000000000065F71E19F00000000000000000000000000000000000000000000004300000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/files/etc0707010000009A000041ED0000000000000000000000035F71E19F00000000000000000000000000000000000000000000004E00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/files/etc/apparmor.d0707010000009B000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000005B00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/files/etc/apparmor.d/abstractions0707010000009C000081A40000000000000000000000015F71E19F00001499000000000000000000000000000000000000006000000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/files/etc/apparmor.d/abstractions/base# vim:syntax=apparmor # ------------------------------------------------------------------ # # Copyright (C) 2002-2009 Novell/SUSE # Copyright (C) 2009-2011 Canonical Ltd. # Copyright (C) 2014 Hewlett-Packard Development Company, L.P. # Copyright (C) 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # ------------------------------------------------------------------ # (Note that the ldd profile has inlined this file; if you make # modifications here, please consider including them in the ldd # profile as well.) # The __canary_death_handler function writes a time-stamped log # message to /dev/log for logging by syslogd. So, /dev/log, timezones, # and localisations of date should be available EVERYWHERE, so # StackGuard, FormatGuard, etc., alerts can be properly logged. /dev/log w, /dev/random r, /dev/urandom r, /etc/locale/** r, /etc/locale.alias r, /etc/localtime r, /usr/share/locale-langpack/** r, /usr/share/locale/** r, /usr/share/**/locale/** r, /usr/share/zoneinfo/ r, /usr/share/zoneinfo/** r, # Uncomment to allow use of X11 #/usr/share/X11/locale/** r, /usr/lib{,32,64}/locale/** mr, /usr/lib{,32,64}/gconv/*.so mr, /usr/lib{,32,64}/gconv/gconv-modules* mr, /usr/lib/@{multiarch}/gconv/*.so mr, /usr/lib/@{multiarch}/gconv/gconv-modules* mr, # used by glibc when binding to ephemeral ports /etc/bindresvport.blacklist r, # ld.so.cache and ld are used to load shared libraries; they are best # available everywhere /etc/ld.so.cache mr, /lib{,32,64}/ld{,32,64}-*.so mrix, /lib{,32,64}/**/ld{,32,64}-*.so mrix, /lib/@{multiarch}/ld{,32,64}-*.so mrix, /lib/tls/i686/{cmov,nosegneg}/ld-*.so mrix, /lib/i386-linux-gnu/tls/i686/{cmov,nosegneg}/ld-*.so mrix, /opt/*-linux-uclibc/lib/ld-uClibc*so* mrix, # we might as well allow everything to use common libraries /lib{,32,64}/** r, /lib{,32,64}/lib*.so* mr, /lib{,32,64}/**/lib*.so* mr, /lib/@{multiarch}/** r, /lib/@{multiarch}/lib*.so* mr, /lib/@{multiarch}/**/lib*.so* mr, /usr/lib{,32,64}/** r, /usr/lib{,32,64}/*.so* mr, /usr/lib{,32,64}/**/lib*.so* mr, /usr/lib/@{multiarch}/** r, /usr/lib/@{multiarch}/lib*.so* mr, /usr/lib/@{multiarch}/**/lib*.so* mr, /lib/tls/i686/{cmov,nosegneg}/lib*.so* mr, /lib/i386-linux-gnu/tls/i686/{cmov,nosegneg}/lib*.so* mr, # /dev/null is pretty harmless and frequently used /dev/null rw, # Write access to /dev/zero is not needed /dev/zero r, # recent glibc uses /dev/full in preference to /dev/null for programs # that don't have open fds at exec() /dev/full rw, # Sometimes used to determine kernel/user interfaces to use @{PROC}/sys/kernel/version r, # Depending on which glibc routine uses this file, base may not be the # best place -- but many profiles require it, and it is quite harmless. @{PROC}/sys/kernel/ngroups_max r, # glibc's sysconf(3) routine to determine free memory, etc @{PROC}/meminfo r, @{PROC}/stat r, @{PROC}/cpuinfo r, /sys/devices/system/cpu/online r, # glibc's *printf protections read the maps file @{PROC}/*/maps r, # libgcrypt reads some flags from /proc @{PROC}/sys/crypto/* r, # some applications will display license information /usr/share/common-licenses/** r, # glibc statvfs @{PROC}/filesystems r, # glibc malloc (man 5 proc) @{PROC}/sys/vm/overcommit_memory r, # Uncomment to allow KVM to look at encrypted /home # Workaround https://launchpad.net/bugs/359338 until upstream handles stacked # filesystems generally. This does not appreciably decrease security when # enabled because the user is expected to have access to files owned by him/her. # Exceptions to this are explicit in the profiles. While this rule grants access # to those exceptions, the intended privacy is maintained due to the encrypted # contents of the files in this directory. Files in this directory will also use # filename encryption by default, so the files are further protected. Also, with # the use of 'owner', this rule properly # prevents access to the files from # processes running under a different uid. # encrypted ~/.Private and old-style encrypted $HOME #owner @{HOME}/.Private/** mrixwlk, # new-style encrypted $HOME #owner @{HOMEDIRS}/.ecryptfs/*/.Private/** mrixwlk, 0707010000009D000081A40000000000000000000000015F71E19F00000511000000000000000000000000000000000000006400000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/files/etc/apparmor.d/abstractions/consoles# vim:syntax=apparmor # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # Copyright (C) 2014 Hewlett-Packard Development Company, L.P. # Copyright (C) 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # ------------------------------------------------------------------ # only allow read access to tty # there are three common ways to refer to consoles #/dev/console rw, #/dev/tty rw, /dev/tty r, # this next entry is a tad unfortunate; /dev/tty will always be # associated with the controlling terminal by the kernel, but if a # program uses the /dev/pts/ interface, it actually has access to # -all- xterm, sshd, etc, terminals on the system. /dev/pts/[0-9]* rw, /dev/pts/ r, 0707010000009E000081A40000000000000000000000015F71E19F00001142000000000000000000000000000000000000006800000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/files/etc/apparmor.d/abstractions/libvirt-qemu# Last Modified: Fri Mar 9 14:43:22 2012 #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/nameservice> # required for reading disk images capability dac_override, capability dac_read_search, capability chown, # needed to drop privileges capability setgid, capability setuid, network inet stream, network inet6 stream, /dev/net/tun rw, /dev/kvm rw, /dev/ptmx rw, # Uncomment to support older kqemu. # /dev/kqemu rw, @{PROC}/*/status r, # Debian BZ#760510 @{PROC}/sys/kernel/cap_last_cap r, # Uncomment to allow guests USB access # For hostdev access. The actual devices will be added dynamically #/sys/bus/usb/devices/ r, #/sys/devices/**/usb[0-9]*/** r, # Uncomment to allow guest audio support # WARNING: this gives the guest direct access to host hardware and specific # portions of shared memory. This is required for sound using ALSA with kvm, # but may constitute a security risk. If your environment does not require # the use of sound in your VMs, feel free to comment out or prepend 'deny' to # the rules for files in /dev. #/{dev,run}/shm r, #/{dev,run}/shmpulse-shm* r, #/{dev,run}/shmpulse-shm* rwk, #/dev/snd/* rw, # Uncomment for Xen guests #capability ipc_lock, # NOTE: kvm needs read access to /sys/devices/system/cpu/online # for Openstack Nova Folsom release on Ubuntu 12.04. /sys/devices/system/cpu/online r, # Uncomment to allow guest spice usage # spice #owner /{dev,run}/shm/spice.* rw, # 'kill' is not required for sound and is a security risk. Do not enable # unless you absolutely need it. deny capability kill, # Uncomment the following if you need access to /dev/fb* #/dev/fb* rw, # Uncomment to allow audio support: #/etc/pulse/client.conf r, #@{HOME}/.pulse-cookie rwk, #owner /root/.pulse-cookie rwk, #owner /root/.pulse/ rw, #owner /root/.pulse/* rw, #/usr/share/alsa/** r, #owner /tmp/pulse-*/ rw, #owner /tmp/pulse-*/* rw, #/var/lib/dbus/machine-id r, # Allow access to hugepages /tmp/hugepages_*/** rw, # access to firmware's etc /usr/share/kvm/** r, /usr/share/qemu/** r, /usr/share/bochs/** r, /usr/share/openbios/** r, /usr/share/openhackware/** r, /usr/share/proll/** r, /usr/share/vgabios/** r, /usr/share/seabios/** r, /usr/share/ovmf/** r, # access PKI infrastructure /etc/pki/libvirt-vnc/** r, # the various binaries /usr/bin/kvm rmix, /usr/bin/qemu rmix, /usr/bin/qemu-system-arm rmix, /usr/bin/qemu-system-cris rmix, /usr/bin/qemu-system-i386 rmix, /usr/bin/qemu-system-m68k rmix, /usr/bin/qemu-system-microblaze rmix, /usr/bin/qemu-system-microblazeel rmix, /usr/bin/qemu-system-mips rmix, /usr/bin/qemu-system-mips64 rmix, /usr/bin/qemu-system-mips64el rmix, /usr/bin/qemu-system-mipsel rmix, /usr/bin/qemu-system-ppc rmix, /usr/bin/qemu-system-ppc64 rmix, /usr/bin/qemu-system-ppcemb rmix, /usr/bin/qemu-system-sh4 rmix, /usr/bin/qemu-system-sh4eb rmix, /usr/bin/qemu-system-sparc rmix, /usr/bin/qemu-system-sparc64 rmix, /usr/bin/qemu-system-x86_64 rmix, /usr/bin/qemu-alpha rmix, /usr/bin/qemu-arm rmix, /usr/bin/qemu-armeb rmix, /usr/bin/qemu-cris rmix, /usr/bin/qemu-i386 rmix, /usr/bin/qemu-m68k rmix, /usr/bin/qemu-microblaze rmix, /usr/bin/qemu-microblazeel rmix, /usr/bin/qemu-mips rmix, /usr/bin/qemu-mipsel rmix, /usr/bin/qemu-ppc rmix, /usr/bin/qemu-ppc64 rmix, /usr/bin/qemu-ppc64abi32 rmix, /usr/bin/qemu-sh4 rmix, /usr/bin/qemu-sh4eb rmix, /usr/bin/qemu-sparc rmix, /usr/bin/qemu-sparc64 rmix, /usr/bin/qemu-sparc32plus rmix, /usr/bin/qemu-sparc64 rmix, /usr/bin/qemu-x86_64 rmix, /usr/lib/qemu/block-curl.so mr, # for rbd /etc/ceph/ceph.conf r, /usr/lib/x86_64-linux-gnu/qemu/* mr, # for save and resume /bin/dash rmix, /bin/dd rmix, /bin/cat rmix, # for usb access /dev/bus/usb/ r, /etc/udev/udev.conf r, /sys/bus/ r, /sys/class/ r, /usr/{lib,libexec}/qemu-bridge-helper Cx -> qemu_bridge_helper, # child profile for bridge helper process profile qemu_bridge_helper { #include <abstractions/base> capability setuid, capability setgid, capability setpcap, capability net_admin, network inet stream, /dev/net/tun rw, /etc/qemu/** r, owner @{PROC}/*/status r, /usr/{lib,libexec}/qemu-bridge-helper rmix, } 0707010000009F000081A40000000000000000000000015F71E19F00000D03000000000000000000000000000000000000006700000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/files/etc/apparmor.d/abstractions/nameservice# ------------------------------------------------------------------ # # Copyright (C) 2002-2009 Novell/SUSE # Copyright (C) 2009-2011 Canonical Ltd. # Copyright (C) 2014 Hewlett-Packard Development Company, L.P. # Copyright (C) 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # ------------------------------------------------------------------ # Many programs wish to perform nameservice-like operations, such as # looking up users by name or id, groups by name or id, hosts by name # or IP, etc. These operations may be performed through files, dns, # NIS, NIS+, LDAP, hesiod, wins, etc. Allow them all here. /etc/group r, /etc/host.conf r, /etc/hosts r, /etc/nsswitch.conf r, /etc/gai.conf r, /etc/passwd r, /etc/protocols r, # Uncomment when sssd (system security services deamon) is used. # When using sssd, the passwd and group files are stored in an alternate path #/var/lib/sss/mc/group r, #/var/lib/sss/mc/passwd r, /etc/resolv.conf r, # on systems using resolvconf, /etc/resolv.conf is a symlink to # /{,var/}run/resolvconf/resolv.conf and a file sometimes referenced in # /etc/resolvconf/run/resolv.conf /{,var/}run/resolvconf/resolv.conf r, /etc/resolvconf/run/resolv.conf r, /etc/samba/lmhosts r, /etc/services r, # db backend /var/lib/misc/*.db r, # The Name Service Cache Daemon can cache lookups, sometimes leading # to vast speed increases when working with network-based lookups. /{,var/}run/.nscd_socket rw, /{,var/}run/nscd/socket rw, /var/{db,cache,run}/nscd/{passwd,group,services,hosts} r, # nscd renames and unlinks files in it's operation that clients will # have open /{,var/}run/nscd/db* rmix, # The nss libraries are sometimes used in addition to PAM; make sure # they are available /lib{,32,64}/libnss_*.so* mr, /usr/lib{,32,64}/libnss_*.so* mr, /lib/@{multiarch}/libnss_*.so* mr, /usr/lib/@{multiarch}/libnss_*.so* mr, /etc/default/nss r, # Uncomment when mdns4 support required # avahi-daemon is used for mdns4 resolution #/{,var/}run/avahi-daemon/socket w, # Uncomment to support nis ##include <abstractions/nis> # ldap #include <abstractions/ldapclient> # all openldap config /etc/ldap/** r, # Uncomment to support winbind ##include <abstractions/winbind> # Uncomment to support likewise ##include <abstractions/likewise> # Uncomment to support mdnsd ##include <abstractions/mdns> # kerberos #include <abstractions/kerberosclient> # TCP/UDP network access network inet stream, network inet6 stream, network inet dgram, network inet6 dgram, # interface details @{PROC}/*/net/route r, 070701000000A0000081A40000000000000000000000015F71E19F00000605000000000000000000000000000000000000006D00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/files/etc/apparmor.d/usr.lib.libvirt.virt-aa-helper# Last Modified: Thu May 29 16:32:34 2014 #include <tunables/global> /usr/lib/libvirt/virt-aa-helper { #include <abstractions/base> # needed for searching directories capability dac_override, capability dac_read_search, # needed for when disk is on a network filesystem network inet, deny @{PROC}/[0-9]*/mounts r, @{PROC}/[0-9]*/net/psched r, owner @{PROC}/[0-9]*/status r, @{PROC}/filesystems r, # for hostdev /sys/devices/ r, /sys/devices/** r, /usr/lib/libvirt/virt-aa-helper mr, /sbin/apparmor_parser Ux, /etc/apparmor.d/libvirt/* r, /etc/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw, # See Debian BZ#725144 /etc/libnl-3/classid r, # partial fix # for cinder/iscsi volumes audit /dev/sd[a-z]* r, # Uncomment to grant access to files in users' home directories # E.g., for non-privileged libvirt user sessions. # For backingstore -- allow access to non-hidden files in @{HOME} as well # as storage pools audit deny @{HOME}/.* mrwkl, audit deny @{HOME}/.*/ rw, audit deny @{HOME}/.*/** mrwkl, audit deny @{HOME}/bin/ rw, audit deny @{HOME}/bin/** mrwkl, # Cloud VMs shouldn't access home dirs. #@{HOME}/ r, #@{HOME}/** r, /var/lib/libvirt/images/ r, /var/lib/libvirt/images/** r, /{media,mnt,opt,srv}/** r, /var/lib/nova/instances/**/disk{,.*} r, /var/lib/nova/images/** r, /var/lib/nova/instances/_base/** r, /**.img r, /**.qcow{,2} r, /**.qed r, /**.vmdk r, /**.[iI][sS][oO] r, /**/disk{,.*} r, } 070701000000A1000081A40000000000000000000000015F71E19F0000095F000000000000000000000000000000000000006000000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/files/etc/apparmor.d/usr.sbin.libvirtd# Last Modified: Thu May 29 16:33:45 2014 #include <tunables/global> @{LIBVIRT}="libvirt" /usr/sbin/libvirtd { #include <abstractions/base> #include <abstractions/dbus> capability kill, capability net_admin, capability net_raw, capability setgid, capability sys_admin, capability sys_module, capability sys_ptrace, capability sys_nice, capability sys_chroot, capability setuid, capability dac_override, capability dac_read_search, capability fowner, capability chown, capability setpcap, capability mknod, capability fsetid, capability audit_write, # Needed for vfio capability sys_resource, network inet stream, network inet dgram, network inet6 stream, network inet6 dgram, network packet dgram, # Very lenient profile for libvirtd since we want to first focus on confining # the guests. Guests will have a very restricted profile. / r, /** rwmkl, # Deny access to files that libvirtd should not need access to and # that might pose a security risk in an OpenStack compute node. audit deny /etc/chef w, audit deny /etc/group w, audit deny /etc/shadow w, audit deny /etc/gshadow w, audit deny /etc/hosts w, audit deny /etc/hosts.allow w, audit deny /etc/hosts.deny w, audit deny /etc/network w, audit deny /etc/passwd w, audit deny /etc/protocols w, audit deny /etc/resolv.conf w, audit deny /etc/securetty w, audit deny /etc/security.d w, audit deny /etc/sudoers w, audit deny /etc/sysctl.conf w, # don't let libvirtd force a crash audit deny /proc/sysrq-trigger w, audit deny /proc/sys/kernel/sysrq w, # end of risk mitigation /bin/* PUx, /sbin/* PUx, /usr/bin/* PUx, /usr/sbin/* PUx, /lib/udev/scsi_id PUx, # Uncomment to use xen toolstack #/usr/lib/xen-common/bin/xen-toolstack PUx, # force the use of virt-aa-helper audit deny /sbin/apparmor_parser rwxl, audit deny /etc/apparmor.d/libvirt/** wxl, audit deny /sys/kernel/security/apparmor/features rwxl, audit deny /sys/kernel/security/apparmor/matching rwxl, audit deny /sys/kernel/security/apparmor/.* rwxl, /sys/kernel/security/apparmor/profiles r, /usr/lib/libvirt/* PUxr, /etc/libvirt/hooks/** rmix, # Uncomment to use xen #/etc/xen/scripts/** rmix, # allow changing to our UUID-based named profiles change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*, } 070701000000A2000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000004B00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/files/etc/default070701000000A3000081A40000000000000000000000015F71E19F00000105000000000000000000000000000000000000005400000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/files/etc/default/libvirtd# Defaults for libvirt-bin initscript (/etc/init.d/libvirt-bin) # This is a POSIX shell fragment # options passed to libvirtd, add "-l" to listen on tcp libvirtd_opts="-l" # pass in location of kerberos keytab # export KRB5_KTNAME=/etc/libvirt/libvirt.keytab 070701000000A4000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000004B00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/files/etc/libvirt070701000000A5000081A40000000000000000000000015F71E19F00000270000000000000000000000000000000000000005900000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/files/etc/libvirt/libvirtd.conf# Minimal libvirtd config for kvm compute nodes. unix_sock_group = "libvirtd" unix_sock_rw_perms = "0770" auth_unix_ro = "none" auth_unix_rw = "none" auth_tcp = "none" listen_tls = 0 listen_tcp = 1 log_filters="3:libvirt.c 3:qemu 3:cpu 3:cgroup 3:command 3:nwfilter" log_outputs="3:file:/var/log/libvirt/libvirt.log" # The minimum limit sets the number of workers to start up # initially. If the number of active clients exceeds this, # then more threads are spawned, up to max_workers limit. min_workers = 50 max_workers = 200 # Limit on concurrent requests from a single client # connection. max_client_requests = 180 070701000000A6000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000004D00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/files/etc/sysconfig070701000000A7000081A40000000000000000000000015F71E19F0000046F000000000000000000000000000000000000005600000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/files/etc/sysconfig/libvirtd# Override the default config file # NOTE: This setting is no longer honoured if using # systemd. Set '--config /etc/libvirt/libvirtd.conf' # in LIBVIRTD_ARGS instead. #LIBVIRTD_CONFIG=/etc/libvirt/libvirtd.conf # Listen for TCP/IP connections # NB. must setup TLS/SSL keys prior to using this LIBVIRTD_ARGS="--listen" # Override Kerberos service keytab for SASL/GSSAPI #KRB5_KTNAME=/etc/libvirt/krb5.tab # Override the QEMU/SDL default audio driver probing when # starting virtual machines using SDL graphics # # NB these have no effect for VMs using VNC, unless vnc_allow_host_audio # is enabled in /etc/libvirt/qemu.conf #QEMU_AUDIO_DRV=sdl # #SDL_AUDIODRIVER=pulse # Override the maximum number of opened files. # This only works with traditional init scripts. # In the systemd world, the limit can only be changed by overriding # LimitNOFILE for libvirtd.service. To do that, just create a *.conf # file in /etc/systemd/system/libvirtd.service.d/ (for example # /etc/systemd/system/libvirtd.service.d/openfiles.conf) and write # the following two lines in it: # [Service] # LimitNOFILE=2048 # #LIBVIRTD_NOFILES_LIMIT=2048 070701000000A8000081A40000000000000000000000015F71E19F00000420000000000000000000000000000000000000004800000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/files/local.te module local 1.0; require { type nova_var_lib_t; type svirt_t; type var_log_t; type logrotate_t; type var_lib_t; type virtlogd_t; class capability { dac_override dac_read_search }; class file { open append create getattr write unlink }; class dir { search write remove_name add_name}; } #============= logrotate_t ============== #!!!! This avc is allowed in the current policy allow logrotate_t var_lib_t:file { create write }; #============= virtlogd_t ============== #!!!! This avc is allowed in the current policy allow virtlogd_t nova_var_lib_t:dir search; allow virtlogd_t nova_var_lib_t:dir write; allow virtlogd_t nova_var_lib_t:dir remove_name; allow virtlogd_t nova_var_lib_t:dir add_name; allow virtlogd_t nova_var_lib_t:file create; allow virtlogd_t nova_var_lib_t:file open; allow virtlogd_t nova_var_lib_t:file append; allow virtlogd_t nova_var_lib_t:file getattr; allow virtlogd_t nova_var_lib_t:file unlink; #!!!! This avc is allowed in the current policy allow virtlogd_t self:capability { dac_override dac_read_search }; 070701000000A9000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000004200000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/handlers070701000000AA000081A40000000000000000000000015F71E19F00000394000000000000000000000000000000000000004B00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/handlers/main.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: reload apparmor become: yes service: name: apparmor state: reloaded - name: reload libvirtd become: yes service: name: libvirtd state: reloaded - name: restart libvirtd become: yes service: name: libvirtd state: restarted 070701000000AB000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003E00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/meta070701000000AC000081A40000000000000000000000015F71E19F000002BE000000000000000000000000000000000000004700000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/meta/main.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- dependencies: - role: nova-common - role: NOV-CMP 070701000000AD000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003F00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/tasks070701000000AE000081A40000000000000000000000015F71E19F00000494000000000000000000000000000000000000005B00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/tasks/check_upgraded_packages.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: NOV-CMP-KVM | check_upgraded_packages | Check upgraded apparmor packages command: /bin/true notify: - reload apparmor when: item in ardana_upgraded_pkgs | default({}) with_items: nova_apparmor_restart_packages - name: NOV-CMP-KVM | check_upgraded_packages | Check upgraded libvirt packages command: /bin/true notify: - reload libvirtd register: ardana_notify_nova_compute_restart_required when: item in ardana_upgraded_pkgs | default({}) with_items: nova_libvirt_restart_packages 070701000000AF000081A40000000000000000000000015F71E19F00002386000000000000000000000000000000000000004D00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/tasks/configure.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Configure libvirt --- - include: ../../nova-common/tasks/_set_directories.yml vars: install_package_result: "{{ ardana_notify_nova_compute_install_result }}" - include: ../../nova-common/tasks/_read_migrate_enabled.yml # hypervisor.conf will be loaded last by nova-compute # filename should remain the same across hypervisors # we can use nova_service_conf_dir as this will be set to compute # by including the nova-compute role as a dependency - include: ../../nova-common/tasks/_write_conf.yml src: "../../NOV-CMP-KVM/templates/hypervisor.conf.j2" dest: "{{ nova_service_conf_dir }}/hypervisor.conf" - name: NOV-CMP-KVM | configure | notify on hypervisor.conf change command: /bin/true notify: - restart libvirtd register: ardana_notify_nova_compute_restart_required when: write_conf_result.changed # TODO (rajjoh) Update Selinux config for RedHat distro - name: NOV-CMP-KVM | configure | Copy apparmor config files become: yes copy: src: "{{ item.file }}" dest: "/{{ item.file }}" owner: root group: root mode: "{{ item.mode | default('a-rwx,u=rw,g=r,a=r') }}" with_items: - file: 'etc/apparmor.d/abstractions/base' - file: 'etc/apparmor.d/abstractions/consoles' - file: 'etc/apparmor.d/abstractions/libvirt-qemu' - file: 'etc/apparmor.d/abstractions/nameservice' - file: 'etc/apparmor.d/usr.lib.libvirt.virt-aa-helper' - file: 'etc/apparmor.d/usr.sbin.libvirtd' notify: - reload apparmor - restart libvirtd when: ansible_os_family == 'Debian' register: ardana_notify_nova_compute_restart_required # TODO (rajjoh) Update Selinux config for RedHat distro - name: NOV-CMP-KVM | configure | Create symlink for apparmor kvm profile become: yes file: src: /etc/apparmor.d/libvirt/TEMPLATE.qemu dest: /etc/apparmor.d/libvirt/TEMPLATE.kvm owner: root group: root mode: 0644 force: yes state: link notify: - reload apparmor - restart libvirtd when: ansible_os_family == 'Debian' register: ardana_notify_nova_compute_restart_required - name: NOV-CMP-KVM | configure | Copy libvirtd config files become: yes copy: src: "{{ item.file }}" dest: "/{{ item.file }}" owner: root group: root mode: "{{ item.mode | default('a-rwx,u=rw,g=r,a=r') }}" with_items: - file: 'etc/libvirt/libvirtd.conf' - file: "{{ libvirt_defaults_file }}" mode: '0755' notify: - restart libvirtd register: ardana_notify_nova_compute_restart_required - name: NOV-CMP-KVM | configure | Enable login for Nova user become: yes user: name: "{{ nova_system_user }}" shell: /bin/bash when: nova_migrate_enabled|bool - name: NOV-CMP-KVM | configure | Disable login for Nova user become: yes user: name: "{{ nova_system_user }}" shell: /bin/false when: not nova_migrate_enabled|bool - name: NOV-CMP-KVM | configure | Ensure .ssh directory exists become: yes file: path: "{{ nova_system_home_folder }}/.ssh" state: directory setype: ssh_home_t owner: "{{ nova_system_user }}" mode: 0700 when: nova_migrate_enabled|bool - name: NOV-CMP-KVM | configure | Remove .ssh directory become: yes file: path: "{{ nova_system_home_folder }}/.ssh" state: absent when: not nova_migrate_enabled|bool - name: NOV-CMP-KVM | configure | Write private key become: yes copy: content: "{{ nova_private_ssh_key }}" dest: "{{ nova_system_home_folder }}/.ssh/id_rsa" owner: "{{ nova_system_user }}" group: "{{ nova_system_group }}" mode: 0600 when: nova_migrate_enabled|bool and nova_private_ssh_key is defined - name: NOV-CMP-KVM | configure | Generate and copy public key become: yes shell: > ssh-keygen -y -f "{{ nova_system_home_folder }}"/.ssh/id_rsa >> "{{ nova_system_home_folder }}"/.ssh/authorized_keys when: nova_migrate_enabled|bool and nova_private_ssh_key is defined - name: NOV-CMP-KVM | configure | Turn off strict host key checking become: yes lineinfile: dest: "{{ nova_system_home_folder }}/.ssh/config" regexp: ^StrictHostKeyChecking line: StrictHostKeyChecking no create: True owner: "{{ nova_system_user }}" group: "{{ nova_system_group }}" when: nova_migrate_enabled|bool - name: NOV-CMP-KVM | configure | Stat qemu/save folder to check if it is a link become: yes stat: path: /var/lib/libvirt/qemu/save register: sym_result - name: NOV-CMP-KVM | configure | Create save folder in nova home folder become: yes file: path: "{{ nova_system_home_folder }}/save" owner: "{{ libvirt_qemu_user }}" group: "{{ libvirt_qemu_user }}" mode: 0755 state: directory when: sym_result.stat.islnk is defined and sym_result.stat.islnk == False - name: NOV-CMP-KVM | configure | Set ownership of hugepage directories to qemu user become: yes file: path: /tmp/hugepages_{{ item.size }} state: directory owner: "{{ libvirt_qemu_user }}" group: "root" with_items: total_huge_pages when: total_huge_pages | length > 0 tags: - skip_ansible_lint #(TODO)From 4.0 version we can remove the copy of saved instances images - name: NOV-CMP-KVM | configure | Copy saved instances images to new location become: yes command: cp -r /var/lib/libvirt/qemu/save/ "{{ nova_system_home_folder }}/" when: sym_result.stat.islnk is defined and sym_result.stat.islnk == False - name: NOV-CMP-KVM | configure | Delete save folder in qemu folder become: yes file: path: /var/lib/libvirt/qemu/save/ state: absent when: sym_result.stat.islnk is defined and sym_result.stat.islnk == False - name: NOV-CMP-KVM | configure | Create link from nova save folder to qemu folder become: yes file: src: "{{ nova_system_home_folder }}/save" dest: /var/lib/libvirt/qemu/save owner: "{{ libvirt_qemu_user }}" group: "{{ libvirt_qemu_user }}" state: link when: sym_result.stat.islnk is defined and sym_result.stat.islnk == False - include: ../../nova-common/tasks/_write_conf.yml become: yes src: "../../NOV-CMP-KVM/templates/qemu.conf.j2" dest: "/etc/libvirt/qemu.conf" conf_group: "{{ libvirt_qemu_user }}" - name: NOV-CMP-KVM | configure | notify on qemu.conf change command: /bin/true notify: - restart libvirtd when: write_conf_result.changed - name: NOV-CMP-KVM | configure | Copy temp directory for selinux updates become: yes shell: "mktemp -d" register: _rhel_selinux_policy_temp_loc_result when: (ansible_os_family | lower == 'redhat') and (nova_rhel_compute_apply_selinux_policy_updates | bool) - name: NOV-CMP-KVM | configure | Copy selinux policy te updates become: yes copy: src: "{{ item.file }}" dest: "{{ _rhel_selinux_policy_temp_loc_result.stdout }}/{{ item.file }}" owner: root group: root mode: "{{ item.mode | default('a-rwx,u=rw,g=r,a=r') }}" with_items: - file: 'local.te' when: (ansible_os_family | lower == 'redhat') and (nova_rhel_compute_apply_selinux_policy_updates | bool) - name: NOV-CMP-KVM | configure | Restore SELinux context for qemu-kvm, libvirt lib and nova lib paths become: yes shell: | set -eu restorecon -R -v /usr/libexec/qemu-kvm restorecon -R -v /var/lib/libvirt/ restorecon -R -v /var/lib/nova register: _rhel_selinux_restore_context_result until: _rhel_selinux_restore_context_result|success when: (ansible_os_family | lower == 'redhat') and (nova_rhel_compute_apply_selinux_policy_updates | bool) - name: NOV-CMP-KVM | configure | Apply updated selinux policy lib and nova lib paths become: yes shell: | set -eu make -f /usr/share/selinux/devel/Makefile local.pp semodule -i local.pp args: chdir: "{{ _rhel_selinux_policy_temp_loc_result.stdout }}" register: _rhel_sepolicy_update_result until: _rhel_sepolicy_update_result|success when: (ansible_os_family | lower == 'redhat') and (nova_rhel_compute_apply_selinux_policy_updates | bool) - name: NOV-CMP-KVM | configure | Remove temp directory with selinux updates become: yes file: path: "{{ _rhel_selinux_policy_temp_loc_result.stdout }}" state: absent when: (ansible_os_family | lower == 'redhat') and (nova_rhel_compute_apply_selinux_policy_updates | bool) # For SES/Ceph integration - include: ./create-compute-secret-key.yml when: nova_ses_enabled|bool 070701000000B0000081A40000000000000000000000015F71E19F00000740000000000000000000000000000000000000005D00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/tasks/create-compute-secret-key.yml# # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: NOV-CMP-KVM | create-compute-secret-key | get keyring value become: yes shell: > grep 'key = ' {{ nova_ses_cinder_keyring_file_path }} | awk '{print $3}' register: ses_keyring_value_result - name: NOV-CMP-KVM | create-compute-secret-key | Generate "/etc/ceph/cinder.xml" become: yes template: src: secret.xml.j2 dest: "/etc/ceph/cinder.xml" owner: "root" group: "root" mode: 0640 with_items: - { uuid: "{{ nova_ses_secret_uuid }}", user_name: "{{ nova_ses_user_name }}" } # libvirtd must be running for the next steps - name: NOV-CMP-KVM | create-compute-secret-key | start libvirtd become: yes service: name: libvirtd state: started - name: NOV-CMP-KVM | create-compute-secret-key | Define the secret become: yes command: "virsh secret-define --file /etc/ceph/cinder.xml" - name: NOV-CMP-KVM | create-compute-secret-key | Set secret value for Nova become: yes shell: "virsh secret-set-value --secret {{ nova_ses_secret_uuid }} --base64 {{ ses_keyring_value_result.stdout }}" - name: NOV-CMP-KVM | create-compute-secret-key | Delete the keys from /etc/ceph directory become: yes file: dest: "/etc/ceph/cinder.xml" state: absent run_once_per: verb_hosts.NOV_CMP 070701000000B1000081A40000000000000000000000015F71E19F00000765000000000000000000000000000000000000004B00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/tasks/install.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Install libvirt --- - include: ../../nova-common/tasks/install.yml # add the libvirtd group as apt package only adds libvirt group - name: NOV-CMP-KVM | install | Add libvirtd group become: yes group: name: libvirtd - name: NOV-CMP-KVM | install | Add nova user to libvirtd group become: yes user: name: "{{ nova_system_user }}" groups: libvirtd append: yes - name: NOV-CMP-KVM | install | Add nova user to kvm group become: yes user: name: "{{ nova_system_user }}" groups: kvm append: yes # directories - name: NOV-CMP-KVM | install | Create sub-directories in /var/lib/nova become: yes file: path: "{{ nova_system_home_folder }}/{{ item }}" owner: "{{ nova_system_user }}" group: kvm mode: 0750 state: directory with_items: - "instances" - "instances/_base" - name: NOV-CMP-KVM | install | Set ownership of /dev/kvm become: yes file: path: /dev/kvm owner: root group: kvm mode: 0660 when: ansible_os_family | lower == 'redhat' - name: NOV-CMP-KVM | install | For RHEL, set group ACL for /dev/kvm become: yes acl: path: /dev/kvm etype: group permissions: rw state: present when: ansible_os_family | lower == 'redhat' 070701000000B2000081A40000000000000000000000015F71E19F000002EF000000000000000000000000000000000000004800000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/tasks/main.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: NOV-CMP-KVM | main | Set os-specific variables include_vars: "{{ ansible_os_family | lower }}.yml"070701000000B3000081A40000000000000000000000015F71E19F000005A3000000000000000000000000000000000000004A00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/tasks/status.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: NOV-CMP-KVM | status | Check systemd for libvirtd become: yes command: systemctl status libvirtd ignore_errors: yes changed_when: false register: systemctl_status_result - name: NOV-CMP-KVM | status | Get end of libvirt log become: yes command: tail /var/log/libvirt/libvirt.log ignore_errors: yes changed_when: false register: libvirt_tail_result when: systemctl_status_result | failed - name: NOV-CMP-KVM | status | Report status of libvirtd fail: msg: | libvirtd is not running. 'systemctl status libvirtd' stdout: {{ systemctl_status_result.stdout }} stderr: {{ systemctl_status_result.stderr }} tail /var/log/libvirt/libvirt.log {{ libvirt_tail_result.stdout }} when: systemctl_status_result | failed 070701000000B4000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000004300000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/templates070701000000B5000081A40000000000000000000000015F71E19F000008BA000000000000000000000000000000000000005600000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/templates/hypervisor.conf.j2{# # # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} # This file has the Ardana values that apply only to the KVM hypervisor. # You may make changes to this file by adding sections/options below. [DEFAULT] # Compute compute_driver = libvirt.LibvirtDriver {% if nova_vcpu_pin_set != "" %} # Hypervisor vcpu_pin_set = {{ nova_vcpu_pin_set }} {% endif %} [libvirt] block_migration_flag = VIR_MIGRATE_LIVE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_NON_SHARED_INC,VIR_MIGRATE_UNDEFINE_SOURCE inject_partition = 1 live_migration_bandwidth = 1000 live_migration_flag = VIR_MIGRATE_LIVE,VIR_MIGRATE_PEER2PEER live_migration_progress_timeout = 300 {% if nova_cpu_mode is defined %} cpu_mode = {{ nova_cpu_mode }} {% if nova_cpu_mode == 'custom' %} cpu_model = {{ nova_cpu_model }} {% endif %} {% endif %} snapshots_directory = {{ libvirt_snapshots_directory }} snapshot_image_format = qcow2 volume_use_multipath = False # SES Integration {% if nova_ses_enabled|bool %} {% if ses_nova_set_images_type is defined and ses_nova_set_images_type|bool %} images_type = rbd images_rbd_pool = {{ nova_ses_pool_name }} images_rbd_ceph_conf = {{ nova_ses_ceph_conf_file_path }} disk_cachemodes = network=writeback hw_disk_discard = unmap {% endif %} rbd_user = {{ nova_ses_user_name }} rbd_secret_uuid = {{ nova_ses_secret_uuid }} {% endif %} # VNC [vnc] novncproxy_base_url = {{ novncproxy_base_url }} vncserver_listen = 0.0.0.0 vncserver_proxyclient_address = {{ vncserver_proxyclient_address }} enabled = True {% if neutron_ovs_bridge != "" %} [neutron] ovs_bridge = {{ neutron_ovs_bridge }} {% endif %} ## Do NOT put anything after this line ## 070701000000B6000081A40000000000000000000000015F71E19F00004E32000000000000000000000000000000000000005000000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/templates/qemu.conf.j2# # # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} # Master configuration file for the QEMU driver. # All settings described here are optional - if omitted, sensible # defaults are used. # VNC is configured to listen on 127.0.0.1 by default. # To make it listen on all public interfaces, uncomment # this next option. # # NB, strong recommendation to enable TLS + x509 certificate # verification when allowing public access # #vnc_listen = "0.0.0.0" # Enable this option to have VNC served over an automatically created # unix socket. This prevents unprivileged access from users on the # host machine, though most VNC clients do not support it. # # This will only be enabled for VNC configurations that do not have # a hardcoded 'listen' or 'socket' value. This setting takes preference # over vnc_listen. # #vnc_auto_unix_socket = 1 # Enable use of TLS encryption on the VNC server. This requires # a VNC client which supports the VeNCrypt protocol extension. # Examples include vinagre, virt-viewer, virt-manager and vencrypt # itself. UltraVNC, RealVNC, TightVNC do not support this # # It is necessary to setup CA and issue a server certificate # before enabling this. # #vnc_tls = 1 # Use of TLS requires that x509 certificates be issued. The # default it to keep them in /etc/pki/libvirt-vnc. This directory # must contain # # ca-cert.pem - the CA master certificate # server-cert.pem - the server certificate signed with ca-cert.pem # server-key.pem - the server private key # # This option allows the certificate directory to be changed # #vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc" # The default TLS configuration only uses certificates for the server # allowing the client to verify the server's identity and establish # an encrypted channel. # # It is possible to use x509 certificates for authentication too, by # issuing a x509 certificate to every client who needs to connect. # # Enabling this option will reject any client who does not have a # certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem # #vnc_tls_x509_verify = 1 # The default VNC password. Only 8 bytes are significant for # VNC passwords. This parameter is only used if the per-domain # XML config does not already provide a password. To allow # access without passwords, leave this commented out. An empty # string will still enable passwords, but be rejected by QEMU, # effectively preventing any use of VNC. Obviously change this # example here before you set this. # #vnc_password = "XYZ12345" # Enable use of SASL encryption on the VNC server. This requires # a VNC client which supports the SASL protocol extension. # Examples include vinagre, virt-viewer and virt-manager # itself. UltraVNC, RealVNC, TightVNC do not support this # # It is necessary to configure /etc/sasl2/qemu.conf to choose # the desired SASL plugin (eg, GSSPI for Kerberos) # #vnc_sasl = 1 # The default SASL configuration file is located in /etc/sasl2/ # When running libvirtd unprivileged, it may be desirable to # override the configs in this location. Set this parameter to # point to the directory, and create a qemu.conf in that location # #vnc_sasl_dir = "/some/directory/sasl2" # QEMU implements an extension for providing audio over a VNC connection, # though if your VNC client does not support it, your only chance for getting # sound output is through regular audio backends. By default, libvirt will # disable all QEMU sound backends if using VNC, since they can cause # permissions issues. Enabling this option will make libvirtd honor the # QEMU_AUDIO_DRV environment variable when using VNC. # #vnc_allow_host_audio = 0 # SPICE is configured to listen on 127.0.0.1 by default. # To make it listen on all public interfaces, uncomment # this next option. # # NB, strong recommendation to enable TLS + x509 certificate # verification when allowing public access # #spice_listen = "0.0.0.0" # Enable use of TLS encryption on the SPICE server. # # It is necessary to setup CA and issue a server certificate # before enabling this. # #spice_tls = 1 # Use of TLS requires that x509 certificates be issued. The # default it to keep them in /etc/pki/libvirt-spice. This directory # must contain # # ca-cert.pem - the CA master certificate # server-cert.pem - the server certificate signed with ca-cert.pem # server-key.pem - the server private key # # This option allows the certificate directory to be changed. # #spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice" # The default SPICE password. This parameter is only used if the # per-domain XML config does not already provide a password. To # allow access without passwords, leave this commented out. An # empty string will still enable passwords, but be rejected by # QEMU, effectively preventing any use of SPICE. Obviously change # this example here before you set this. # #spice_password = "XYZ12345" # Enable use of SASL encryption on the SPICE server. This requires # a SPICE client which supports the SASL protocol extension. # # It is necessary to configure /etc/sasl2/qemu.conf to choose # the desired SASL plugin (eg, GSSPI for Kerberos) # #spice_sasl = 1 # The default SASL configuration file is located in /etc/sasl2/ # When running libvirtd unprivileged, it may be desirable to # override the configs in this location. Set this parameter to # point to the directory, and create a qemu.conf in that location # #spice_sasl_dir = "/some/directory/sasl2" # By default, if no graphical front end is configured, libvirt will disable # QEMU audio output since directly talking to alsa/pulseaudio may not work # with various security settings. If you know what you're doing, enable # the setting below and libvirt will passthrough the QEMU_AUDIO_DRV # environment variable when using nographics. # #nographics_allow_host_audio = 1 # Override the port for creating both VNC and SPICE sessions (min). # This defaults to 5900 and increases for consecutive sessions # or when ports are occupied, until it hits the maximum. # # Minimum must be greater than or equal to 5900 as lower number would # result into negative vnc display number. # # Maximum must be less than 65536, because higher numbers do not make # sense as a port number. # #remote_display_port_min = 5900 #remote_display_port_max = 65535 # VNC WebSocket port policies, same rules apply as with remote display # ports. VNC WebSockets use similar display <-> port mappings, with # the exception being that ports start from 5700 instead of 5900. # #remote_websocket_port_min = 5700 #remote_websocket_port_max = 65535 # The default security driver is SELinux. If SELinux is disabled # on the host, then the security driver will automatically disable # itself. If you wish to disable QEMU SELinux security driver while # leaving SELinux enabled for the host in general, then set this # to 'none' instead. It's also possible to use more than one security # driver at the same time, for this use a list of names separated by # comma and delimited by square brackets. For example: # # security_driver = [ "selinux", "apparmor" ] # # Notes: The DAC security driver is always enabled; as a result, the # value of security_driver cannot contain "dac". The value "none" is # a special value; security_driver can be set to that value in # isolation, but it cannot appear in a list of drivers. # #security_driver = "selinux" # If set to non-zero, then the default security labeling # will make guests confined. If set to zero, then guests # will be unconfined by default. Defaults to 1. #security_default_confined = 1 # If set to non-zero, then attempts to create unconfined # guests will be blocked. Defaults to 0. #security_require_confined = 1 # The user for QEMU processes run by the system instance. It can be # specified as a user name or as a user id. The qemu driver will try to # parse this value first as a name and then, if the name doesn't exist, # as a user id. # # Since a sequence of digits is a valid user name, a leading plus sign # can be used to ensure that a user id will not be interpreted as a user # name. # # Some examples of valid values are: # # user = "qemu" # A user named "qemu" # user = "+0" # Super user (uid=0) # user = "100" # A user named "100" or a user with uid=100 # #user = "root" # The group for QEMU processes run by the system instance. It can be # specified in a similar way to user. #group = "root" # Whether libvirt should dynamically change file ownership # to match the configured user/group above. Defaults to 1. # Set to 0 to disable file ownership changes. #dynamic_ownership = 1 # What cgroup controllers to make use of with QEMU guests # # - 'cpu' - use for schedular tunables # - 'devices' - use for device whitelisting # - 'memory' - use for memory tunables # - 'blkio' - use for block devices I/O tunables # - 'cpuset' - use for CPUs and memory nodes # - 'cpuacct' - use for CPUs statistics. # # NB, even if configured here, they won't be used unless # the administrator has mounted cgroups, e.g.: # # mkdir /dev/cgroup # mount -t cgroup -o devices,cpu,memory,blkio,cpuset none /dev/cgroup # # They can be mounted anywhere, and different controllers # can be mounted in different locations. libvirt will detect # where they are located. # #cgroup_controllers = [ "cpu", "devices", "memory", "blkio", "cpuset", "cpuacct" ] # This is the basic set of devices allowed / required by # all virtual machines. # # As well as this, any configured block backed disks, # all sound device, and all PTY devices are allowed. # # This will only need setting if newer QEMU suddenly # wants some device we don't already know about. # {% if nova_cgroup_device_acl is defined %} cgroup_device_acl = [ {% for device in nova_cgroup_device_acl %} "{{ device }}" {% if not loop.last %} , {% endif %} {% endfor %} ] {% endif %} # # RDMA migration requires the following extra files to be added to the list: # "/dev/infiniband/rdma_cm", # "/dev/infiniband/issm0", # "/dev/infiniband/issm1", # "/dev/infiniband/umad0", # "/dev/infiniband/umad1", # "/dev/infiniband/uverbs0" # The default format for Qemu/KVM guest save images is raw; that is, the # memory from the domain is dumped out directly to a file. If you have # guests with a large amount of memory, however, this can take up quite # a bit of space. If you would like to compress the images while they # are being saved to disk, you can also set "lzop", "gzip", "bzip2", or "xz" # for save_image_format. Note that this means you slow down the process of # saving a domain in order to save disk space; the list above is in descending # order by performance and ascending order by compression ratio. # # save_image_format is used when you use 'virsh save' or 'virsh managedsave' # at scheduled saving, and it is an error if the specified save_image_format # is not valid, or the requested compression program can't be found. # # dump_image_format is used when you use 'virsh dump' at emergency # crashdump, and if the specified dump_image_format is not valid, or # the requested compression program can't be found, this falls # back to "raw" compression. # # snapshot_image_format specifies the compression algorithm of the memory save # image when an external snapshot of a domain is taken. This does not apply # on disk image format. It is an error if the specified format isn't valid, # or the requested compression program can't be found. # #save_image_format = "raw" #dump_image_format = "raw" #snapshot_image_format = "raw" # When a domain is configured to be auto-dumped when libvirtd receives a # watchdog event from qemu guest, libvirtd will save dump files in directory # specified by auto_dump_path. Default value is /var/lib/libvirt/qemu/dump # #auto_dump_path = "/var/lib/libvirt/qemu/dump" # When a domain is configured to be auto-dumped, enabling this flag # has the same effect as using the VIR_DUMP_BYPASS_CACHE flag with the # virDomainCoreDump API. That is, the system will avoid using the # file system cache while writing the dump file, but may cause # slower operation. # #auto_dump_bypass_cache = 0 # When a domain is configured to be auto-started, enabling this flag # has the same effect as using the VIR_DOMAIN_START_BYPASS_CACHE flag # with the virDomainCreateWithFlags API. That is, the system will # avoid using the file system cache when restoring any managed state # file, but may cause slower operation. # #auto_start_bypass_cache = 0 # If provided by the host and a hugetlbfs mount point is configured, # a guest may request huge page backing. When this mount point is # unspecified here, determination of a host mount point in /proc/mounts # will be attempted. Specifying an explicit mount overrides detection # of the same in /proc/mounts. Setting the mount point to "" will # disable guest hugepage backing. If desired, multiple mount points can # be specified at once, separated by comma and enclosed in square # brackets, for example: # # hugetlbfs_mount = ["/tmp/hugepages2M", "/tmp/hugepages1G"] # # The size of huge page served by specific mount point is determined by # libvirt at the daemon startup. # # NB, within these mount points, guests will create memory backing # files in a location of $MOUNTPOINT/libvirt/qemu # {% if huge_page_sizes is defined and huge_page_sizes|length > 0 %} hugetlbfs_mount = [ {% for size in huge_page_sizes %} "/tmp/hugepages_{{ size }}"{% if not loop.last %},{% endif %} {% endfor %} ] {% endif %} # Path to the setuid helper for creating tap devices. This executable # is used to create <source type='bridge'> interfaces when libvirtd is # running unprivileged. libvirt invokes the helper directly, instead # of using "-netdev bridge", for security reasons. #bridge_helper = "/usr/libexec/qemu-bridge-helper" # If clear_emulator_capabilities is enabled, libvirt will drop all # privileged capabilities of the QEmu/KVM emulator. This is enabled by # default. # # Warning: Disabling this option means that a compromised guest can # exploit the privileges and possibly do damage to the host. # #clear_emulator_capabilities = 1 # If enabled, libvirt will have QEMU set its process name to # "qemu:VM_NAME", where VM_NAME is the name of the VM. The QEMU # process will appear as "qemu:VM_NAME" in process listings and # other system monitoring tools. By default, QEMU does not set # its process title, so the complete QEMU command (emulator and # its arguments) appear in process listings. # #set_process_name = 1 # If max_processes is set to a positive integer, libvirt will use # it to set the maximum number of processes that can be run by qemu # user. This can be used to override default value set by host OS. # The same applies to max_files which sets the limit on the maximum # number of opened files. # #max_processes = 0 #max_files = 0 # mac_filter enables MAC addressed based filtering on bridge ports. # This currently requires ebtables to be installed. # #mac_filter = 1 # By default, PCI devices below non-ACS switch are not allowed to be assigned # to guests. By setting relaxed_acs_check to 1 such devices will be allowed to # be assigned to guests. # #relaxed_acs_check = 1 # If allow_disk_format_probing is enabled, libvirt will probe disk # images to attempt to identify their format, when not otherwise # specified in the XML. This is disabled by default. # # WARNING: Enabling probing is a security hole in almost all # deployments. It is strongly recommended that users update their # guest XML <disk> elements to include <driver type='XXXX'/> # elements instead of enabling this option. # #allow_disk_format_probing = 1 # In order to prevent accidentally starting two domains that # share one writable disk, libvirt offers two approaches for # locking files. The first one is sanlock, the other one, # virtlockd, is then our own implementation. Accepted values # are "sanlock" and "lockd". # #lock_manager = "lockd" # Set limit of maximum APIs queued on one domain. All other APIs # over this threshold will fail on acquiring job lock. Specially, # setting to zero turns this feature off. # Note, that job lock is per domain. # #max_queued = 0 ################################################################### # Keepalive protocol: # This allows qemu driver to detect broken connections to remote # libvirtd during peer-to-peer migration. A keepalive message is # sent to the daemon after keepalive_interval seconds of inactivity # to check if the daemon is still responding; keepalive_count is a # maximum number of keepalive messages that are allowed to be sent # to the daemon without getting any response before the connection # is considered broken. In other words, the connection is # automatically closed approximately after # keepalive_interval * (keepalive_count + 1) seconds since the last # message received from the daemon. If keepalive_interval is set to # -1, qemu driver will not send keepalive requests during # peer-to-peer migration; however, the remote libvirtd can still # send them and source libvirtd will send responses. When # keepalive_count is set to 0, connections will be automatically # closed after keepalive_interval seconds of inactivity without # sending any keepalive messages. # #keepalive_interval = 5 #keepalive_count = 5 # Use seccomp syscall whitelisting in QEMU. # 1 = on, 0 = off, -1 = use QEMU default # Defaults to -1. # #seccomp_sandbox = 1 # Override the listen address for all incoming migrations. Defaults to # 0.0.0.0, or :: if both host and qemu are capable of IPv6. #migration_address = "0.0.0.0" # The default hostname or IP address which will be used by a migration # source for transferring migration data to this host. The migration # source has to be able to resolve this hostname and connect to it so # setting "localhost" will not work. By default, the host's configured # hostname is used. #migration_host = "host.example.com" # Override the port range used for incoming migrations. # # Minimum must be greater than 0, however when QEMU is not running as root, # setting the minimum to be lower than 1024 will not work. # # Maximum must not be greater than 65535. # #migration_port_min = 49152 #migration_port_max = 49215 # Timestamp QEMU's log messages (if QEMU supports it) # # Defaults to 1. # #log_timestamp = 0 # Location of master nvram file # # When a domain is configured to use UEFI instead of standard # BIOS it may use a separate storage for UEFI variables. If # that's the case libvirt creates the variable store per domain # using this master file as image. Each UEFI firmware can, # however, have different variables store. Therefore the nvram is # a list of strings when a single item is in form of: # ${PATH_TO_UEFI_FW}:${PATH_TO_UEFI_VARS}. # Later, when libvirt creates per domain variable store, this list is # searched for the master image. The UEFI firmware can be called # differently for different guest architectures. For instance, it's OVMF # for x86_64 and i686, but it's AAVMF for aarch64. The libvirt default # follows this scheme. #nvram = [ # "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd", # "/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd" #] # nvram = [ "/usr/share/qemu/ovmf-x86_64-code.bin:/usr/share/qemu/ovmf-x86_64-vars.bin", "/usr/share/qemu/ovmf-x86_64-ms-code.bin:/usr/share/qemu/ovmf-x86_64-ms-vars.bin" ] 070701000000B7000081A40000000000000000000000015F71E19F000002EE000000000000000000000000000000000000005100000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/templates/secret.xml.j2{# # # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} <secret ephemeral='no' private='no'> <uuid>{{ item.uuid }}</uuid> <usage type='ceph'> <name>client.{{ item.user_name }} secret</name> </usage> </secret> 070701000000B8000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003E00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/vars070701000000B9000081A40000000000000000000000015F71E19F00000619000000000000000000000000000000000000004900000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/vars/debian.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # Contains packages names and default values required for nova-compute-kvm # to work in Debian System --- # packages listed here will be installed by nova-common | install nova_required_packages: - kvm - libvirt-bin - kpartx - ebtables - dnsmasq - qemu-utils - apparmor - apparmor-profiles - apparmor-utils # packages listed here will trigger a restart of the apparmor service when updated nova_apparmor_restart_packages: - apparmor - apparmor-profiles - apparmor-utils # packages listed here will trigger a restart of libvirt and the compute service # when updated nova_libvirt_restart_packages: - kvm - libvirt-bin - kpartx - ebtables - dnsmasq - qemu-utils # kernel modules listed here will be loaded by nova-common | install nova_kernel_modules: - nbd - vhost_net nova_kernel_module_file: nova-kvm libvirt_qemu_user: libvirt-qemu libvirt_defaults_file: etc/default/libvirtd070701000000BA000081A40000000000000000000000015F71E19F000005AB000000000000000000000000000000000000004900000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/vars/redhat.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # Contains packages names and default values required for nova-compute-kvm # to work in RedHat System --- # packages listed here will be installed by nova-common | install nova_required_packages: - qemu-kvm - libvirt - libvirt-python - iscsi-initiator-utils - ebtables - python-libguestfs - lvm2 - rsync - curl - policycoreutils-devel # packages listed here will trigger a restart of libvirt and the compute service # when updated nova_libvirt_restart_packages: - qemu-kvm - libvirt - libvirt-python - iscsi-initiator-utils - ebtables - python-libguestfs - lvm2 # kernel modules listed here will be loaded by nova-common | install nova_kernel_modules: - vhost_net nova_kernel_module_file: nova-kvm libvirt_qemu_user: qemu libvirt_defaults_file: etc/sysconfig/libvirtd070701000000BB000081A40000000000000000000000015F71E19F000005BA000000000000000000000000000000000000004700000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP-KVM/vars/suse.yml# # (c) Copyright 2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # Contains packages names and default values required for nova-compute-kvm # to work in SUSE System --- # packages listed here will be installed by nova-common | install nova_required_packages: - cryptsetup - dnsmasq - ebtables - genisoimage - kpartx - kvm - typelib-1_0-Libosinfo-1_0 - libvirt - python-PrettyTable - python-netifaces - qemu-block-rbd - qemu-ovmf-x86_64 - rsync - libsodium23 # packages listed here will trigger a restart of libvirt and the compute service # when updated nova_libvirt_restart_packages: - kvm - libvirt - kpartx - ebtables - dnsmasq # kernel modules listed here will be loaded by nova-common | install nova_kernel_modules: - nbd - vhost_net nova_kernel_module_file: nova-kvm libvirt_qemu_user: qemu libvirt_defaults_file: etc/default/libvirtd 070701000000BC000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003E00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP/defaults070701000000BD000081A40000000000000000000000015F71E19F0000076A000000000000000000000000000000000000004700000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP/defaults/main.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # This file will contain the default values for the nova-compute service # that are the same on every distro. If they need to be different on # different distros then put them in vars/<distro>.yml --- nova_component: nova-compute # the filters nova-common will copy for this service nova_rootwrap_filters: - rootwrap.d/compute.filters - rootwrap.d/network.filters # the policy file nova-common will copy for this service nova_policy_file: ../../nova-common/templates/policy.json.j2 # nova-compute.conf ## [DEFAULT] nova_reboot_wait_timeout: 300 nova_reboot_check_ip: "{{ host.bind.OPS_LMTGT.ssh.ip_address }}" nova_reboot_check_port: "{{ host.bind.OPS_LMTGT.ssh.port }}" numa_huge_pages: "{{ host | item('my_memory_model.numa_huge_pages', default=[]) }}" non_numa_huge_pages: "{{ host | item('my_memory_model.non_numa_huge_pages', default=[]) }}" total_huge_pages: "{{ numa_huge_pages | union(non_numa_huge_pages) }}" ## [vnc] novncproxy_base_url: "{{ NOV_VNC.advertises.vips.public[0].url }}/vnc_auto.html" vncserver_proxyclient_address: "{{ host.bind.NOV_CMP.vncdisplay.ip_address }}" # the log files nova-common will create for this service nova_log_files: - "{{ log_dir }}/nova-compute.log" - "{{ log_dir }}/nova-compute-json.log" 070701000000BE000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003A00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP/meta070701000000BF000081A40000000000000000000000015F71E19F000002AC000000000000000000000000000000000000004300000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP/meta/main.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- dependencies: - role: nova-common 070701000000C0000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003B00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP/tasks070701000000C1000081A40000000000000000000000015F71E19F00000379000000000000000000000000000000000000005700000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP/tasks/check_upgraded_packages.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: NOV-CMP | check_upgraded_packages | Check upgraded packages command: /bin/true register: ardana_notify_nova_compute_restart_required when: item in ardana_upgraded_pkgs | default({}) with_items: nova_compute_restart_packages 070701000000C2000081A40000000000000000000000015F71E19F000006F5000000000000000000000000000000000000004900000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP/tasks/configure.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Configure the nova-compute service --- - include: ../../nova-common/tasks/_set_directories.yml vars: install_package_result: "{{ ardana_notify_nova_compute_install_result }}" - name: NOV-CMP | configure | nova-common configure include: ../../nova-common/tasks/configure.yml - name: NOV-CMP | configure | notify on rootwrap or policy change command: /bin/true register: ardana_notify_nova_compute_restart_required when: rootwrap_changed or nova_policy_template_result.changed - include: ../../nova-common/tasks/_write_conf.yml src: "../../NOV-CMP/templates/compute.conf.j2" dest: "{{ nova_service_conf_dir }}/compute.conf" - name: NOV-CMP | configure | notify on compute.conf change command: /bin/true register: ardana_notify_nova_compute_restart_required when: write_conf_result.changed - name: NOV-CMP | configure | Apply template become: yes template: src: "{{ item }}.j2" dest: "{{ nova_service_conf_dir }}/{{ item }}" owner: root group: "{{ nova_system_group }}" mode: 0640 with_items: - "compute-logging.conf" register: ardana_notify_nova_compute_restart_required 070701000000C3000081A40000000000000000000000015F71E19F000003F0000000000000000000000000000000000000004F00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP/tasks/hugepage-status.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Check hugepages on a host --- - name: NOV-CMP | hugepage-status | Verify hugepage count on compute host become: yes shell: cat /sys/kernel/mm/hugepages/hugepages-{{ item.key }}kB/nr_hugepages register: hugepage_result failed_when: hugepage_result.stdout | int != item.value with_dict: "{{ total_huge_pages | group_sum_by_keys('size_in_k', 'count') }}" 070701000000C4000081A40000000000000000000000015F71E19F000007FF000000000000000000000000000000000000004700000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP/tasks/install.yml# # (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Install nova-compute --- - name: NOV-CMP | install | Update installed packager cache become: yes install_package: cache: update - name: NOV-CMP | install | Install the nova-compute service from the nova venv become: yes install_package: name: nova service: nova-compute state: present activate: act_off register: ardana_notify_nova_compute_install_result - name: NOV-CMP | install | register persistent fact of install command: /bin/true register: ardana_notify_nova_compute_restart_required when: ardana_notify_nova_compute_install_result.changed - include: ../../nova-common/tasks/_set_directories.yml vars: install_package_result: "{{ ardana_notify_nova_compute_install_result }}" - name: NOV-CMP | install | Setup nova-compute service become: yes setup_systemd: service: nova-compute user: "{{ nova_system_user }}" group: "{{ nova_system_group }}" cmd: nova-compute after: "{{ libvirtd_service }}" restart: on-failure restart_sec: 60s args: > --config-file {{ nova_service_conf_dir }}/nova.conf --config-file {{ nova_service_conf_dir }}/compute.conf --config-file {{ nova_service_conf_dir }}/hypervisor.conf - name: NOV-CMP | install | Set nova-compute service to start on boot become: yes service: name: nova-compute enabled: yes - include: ../../nova-common/tasks/install.yml 070701000000C5000081A40000000000000000000000015F71E19F000002EC000000000000000000000000000000000000004400000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP/tasks/main.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: NOV-CMP | main | Set os-specific variables include_vars: "{{ ansible_os_family | lower }}.yml" 070701000000C6000081A40000000000000000000000015F71E19F0000041F000000000000000000000000000000000000004600000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP/tasks/reboot.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Reboot compute nodes --- - name: NOV-CMP | reboot | Reboot compute nodes become: yes shell: sleep 2 && shutdown -r now async: 1 poll: 0 - name: NOV-CMP | reboot | Wait for compute nodes to come back up delegate_to: localhost wait_for: host: "{{ nova_reboot_check_ip }}" port: "{{ nova_reboot_check_port }}" state: started delay: 30 timeout: "{{ nova_reboot_wait_timeout }}" 070701000000C7000081A40000000000000000000000015F71E19F000006A0000000000000000000000000000000000000004500000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP/tasks/start.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Restart or start the nova-compute service --- - name: NOV-CMP | start | Activate the latest installed version become: yes install_package: name: nova service: nova-compute activate: act_on version: "{{ ardana_notify_nova_compute_install_result.version }}" when: not (ardana_notify_nova_compute_install_result is not defined) - name: NOV-CMP | start | register persistent fact of activate command: /bin/true register: ardana_notify_nova_compute_restart_required when: ardana_notify_nova_compute_install_result is defined and ardana_notify_nova_compute_install_result.changed - name: NOV-CMP | start | Restart nova-compute service become: yes service: name: nova-compute state: restarted when: ardana_notify_nova_restart_required.changed or (ardana_notify_nova_compute_restart_required is defined and ardana_notify_nova_compute_restart_required.changed) - name: NOV-CMP | start | Ensure nova-compute service started become: yes service: name: nova-compute state: started 070701000000C8000081A40000000000000000000000015F71E19F000002C0000000000000000000000000000000000000004600000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP/tasks/status.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - include: ../../nova-common/tasks/_service_status.yml 070701000000C9000081A40000000000000000000000015F71E19F00000383000000000000000000000000000000000000004400000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP/tasks/stop.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Stop the nova-compute service --- - name: NOV-CMP | stop | stop nova-compute service become: yes service: name=nova-compute state=stopped register: stop_result failed_when: "stop_result|failed and 'service not found' not in stop_result.msg" 070701000000CA000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003F00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP/templates070701000000CB000081A40000000000000000000000015F71E19F0000072D000000000000000000000000000000000000005700000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP/templates/compute-logging.conf.j2{# # # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} [loggers] keys: root, iso8601, suds [handlers] keys: {{ nova_compute_log_handlers }} [formatters] keys: {{ nova_compute_log_formatters }} [logger_root] qualname: root handlers: {{ nova_compute_log_handlers }} level: NOTSET [logger_iso8601] qualname: iso8601 handlers: level: WARNING [logger_suds] qualname: suds handlers: level: INFO # Writes to disk [handler_file] class: {{ nova_compute_log_handler_file_class }} args: ({{ nova_compute_log_handler_file_args }}) formatter: context level: INFO # Writes JSON to disk, beaver will ship to logstash [handler_logstash] class: {{ nova_compute_log_handler_file_class }} args: ({{ nova_compute_log_handler_logstash_args }}) formatter: logstash level: INFO # datefmt must be set otherwise you end up with too many (msecs) fields [formatter_context] class: oslo_log.formatters.ContextFormatter args: (datefmt=datefmt) format: %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user)s %(tenant)s] %(instance)s%(message)s datefmt: %Y-%m-%d %H:%M:%S # the "format" and "datefmt" actually set the "type" and "tags" [formatter_logstash] class: logstash.LogstashFormatterVersion1 format: nova datefmt: nova-compute 070701000000CC000081A40000000000000000000000015F71E19F000003B4000000000000000000000000000000000000004F00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP/templates/compute.conf.j2{# # # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} # This file has the Ardana values that apply only to the Nova Compute service. # You may make changes to this file by adding sections/options below. [DEFAULT] # Logging log_config_append = "{{ log_config_append }}" live_migration_progress_timeout = 300 ## Do NOT put anything after this line ## 070701000000CD000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003A00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP/vars070701000000CE000081A40000000000000000000000015F71E19F00000595000000000000000000000000000000000000004500000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP/vars/debian.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # Contains packages required for nova-compute service in Debian System --- # packages listed here will be installed by nova-common | install nova_required_packages: - bridge-utils - libxslt1.1 - genisoimage - python-guestfs # packages listed here will trigger a restart of the service when updated nova_compute_restart_packages: [] # Logging variables log_config_append: "{{ nova_service_conf_dir }}/compute-logging.conf" nova_compute_log_handlers: file, logstash nova_compute_log_formatters: context, logstash nova_compute_log_handler_file_class: handlers.WatchedFileHandler nova_compute_log_handler_file_args: "'{{ log_dir }}/nova-compute.log'," nova_compute_log_handler_logstash_args: "'{{ log_dir }}/nova-compute-json.log'," libvirtd_service: "libvirtd.target" 070701000000CF000081A40000000000000000000000015F71E19F00000596000000000000000000000000000000000000004500000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP/vars/redhat.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # Contains packages required for nova-compute service in RedHat System --- # packages listed here will be installed by nova-common | install nova_required_packages: - bridge-utils - libxslt - genisoimage - python-libguestfs # packages listed here will trigger a restart of the service when updated nova_compute_restart_packages: [] # Logging variables log_config_append: "{{ nova_service_conf_dir }}/compute-logging.conf" nova_compute_log_handlers: file, logstash nova_compute_log_formatters: context, logstash nova_compute_log_handler_file_class: handlers.WatchedFileHandler nova_compute_log_handler_file_args: "'{{ log_dir }}/nova-compute.log'," nova_compute_log_handler_logstash_args: "'{{ log_dir }}/nova-compute-json.log'," libvirtd_service: "libvirtd.service" 070701000000D0000081A40000000000000000000000015F71E19F000005DA000000000000000000000000000000000000004300000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP/vars/suse.yml# # (c) Copyright 2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # Contains packages required for nova-compute service in SUSE System --- # packages listed here will be installed by nova-common | install nova_required_packages: - bridge-utils - dosfstools - libxslt - genisoimage - python-libguestfs - kvm - libvirt - libvirt-python - libsodium23 # packages listed here will trigger a restart of the service when updated nova_compute_restart_packages: [] # Logging variables log_config_append: "{{ nova_service_conf_dir }}/compute-logging.conf" nova_compute_log_handlers: file, logstash nova_compute_log_formatters: context, logstash nova_compute_log_handler_file_class: handlers.WatchedFileHandler nova_compute_log_handler_file_args: "'{{ log_dir }}/nova-compute.log'," nova_compute_log_handler_logstash_args: "'{{ log_dir }}/nova-compute-json.log'," libvirtd_service: "libvirtd.service" 070701000000D1000081A40000000000000000000000015F71E19F00000495000000000000000000000000000000000000004600000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CMP/vars/windows.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # Contains packages required for nova-compute service in Windows System --- # Logging variables log_config_append: "{{ nova_service_conf_dir }}\\compute-logging.conf" nova_compute_log_handlers: file nova_compute_log_formatters: context nova_compute_log_handler_file_class: handlers.RotatingFileHandler nova_compute_log_handler_file_args: "'{{ win_log_file_location }}\\\\nova-compute.log', 'a', 15728640, 10" nova_compute_log_handler_logstash_args: "'{{ win_log_file_location }}\\\\nova-compute-json.log', 'a', 15728640, 10" 070701000000D2000041ED0000000000000000000000075F71E19F00000000000000000000000000000000000000000000003500000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CND070701000000D3000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003E00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CND/defaults070701000000D4000081A40000000000000000000000015F71E19F0000056A000000000000000000000000000000000000004700000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CND/defaults/main.yml# # (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # This file will contain the default values for the nova-conductor service --- nova_component: nova-conductor # Number of maximum worker allowed regardless of CPUs available nova_conductor_max_workers: 8 # Number of workers for OpenStack Conductor service. The default will be the # maximum allowed by variable nova_conductor_max_workers nova_conductor_workers: "{{ ansible_processor_count * ansible_processor_cores * 2 | default('{{ nova_conductor_max_workers }} ') }}" # the log files nova-common will create for this service nova_log_files: - "{{ log_dir }}/nova-conductor.log" - "{{ log_dir }}/nova-conductor-json.log" # Default max number of open files the Nova Conductor processes can use nova_cnd_limit_open_files: 65536 070701000000D5000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003A00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CND/meta070701000000D6000081A40000000000000000000000015F71E19F000002AC000000000000000000000000000000000000004300000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CND/meta/main.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- dependencies: - role: nova-common 070701000000D7000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003B00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CND/tasks070701000000D8000081A40000000000000000000000015F71E19F0000037D000000000000000000000000000000000000005700000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CND/tasks/check_upgraded_packages.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: NOV-CND | check_upgraded_packages | Check upgraded packages command: /bin/true register: ardana_notify_nova_conductor_restart_required when: item in ardana_upgraded_pkgs | default({}) with_items: nova_conductor_restart_packages 070701000000D9000081A40000000000000000000000015F71E19F000006D6000000000000000000000000000000000000004900000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CND/tasks/configure.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Configure the nova-conductor service --- - include: ../../nova-common/tasks/_set_directories.yml vars: install_package_result: "{{ ardana_notify_nova_conductor_install_result }}" - name: NOV-CND | configure | nova-common configure include: ../../nova-common/tasks/configure.yml - name: NOV-CND | configure | notify on rootwrap change command: /bin/true register: ardana_notify_nova_conductor_restart_required when: rootwrap_changed - include: ../../nova-common/tasks/_write_conf.yml src: "../../NOV-CND/templates/conductor.conf.j2" dest: "{{ nova_service_conf_dir }}/conductor.conf" - name: NOV-CND | configure | notify on conductor.conf change command: /bin/true register: ardana_notify_nova_conductor_restart_required when: write_conf_result.changed - name: NOV-CND | configure | Apply template become: yes template: src: "{{ item }}.j2" dest: "{{ nova_service_conf_dir }}/{{ item }}" owner: root group: "{{ nova_system_group }}" mode: 0640 with_items: - "conductor-logging.conf" register: ardana_notify_nova_conductor_restart_required 070701000000DA000081A40000000000000000000000015F71E19F00000848000000000000000000000000000000000000004700000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CND/tasks/install.yml# # (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Install nova-conductor --- - name: NOV-CND | install | Update installed packager cache become: yes install_package: cache: update - name: NOV-CND | install | Install the nova-conductor service from the nova venv become: yes install_package: name: nova service: nova-conductor state: present activate: act_off register: ardana_notify_nova_conductor_install_result - name: NOV-CND | install | register persistent fact of install command: /bin/true register: ardana_notify_nova_conductor_restart_required when: ardana_notify_nova_conductor_install_result.changed - include: ../../nova-common/tasks/_set_directories.yml vars: install_package_result: "{{ ardana_notify_nova_conductor_install_result }}" - name: NOV-CND | install | Setup nova-conductor service become: yes setup_systemd: service: nova-conductor user: "{{ nova_system_user }}" group: "{{ nova_system_group }}" cmd: nova-conductor # FIXME remove nova.conf args: > --config-file {{ nova_service_conf_dir }}/nova.conf --config-file {{ nova_service_conf_dir }}/conductor.conf limit_open_files: "{{ nova_cnd_limit_open_files }}" - name: NOV-CND | install | Set nova-conductor service to not start on boot become: yes service: name: nova-conductor enabled: no # This must happen after the install_package, or a path which is meant to be a # symlink will be mkdir'd - include: ../../nova-common/tasks/install.yml 070701000000DB000081A40000000000000000000000015F71E19F00000409000000000000000000000000000000000000004400000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CND/tasks/main.yml# # (c) Copyright 2016-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: NOV-CND | main | Set max worker count to 8 if dynamic CPU based count is greater than {{ nova_conductor_max_workers }} set_fact: nova_conductor_workers: "{{ nova_conductor_max_workers }}" when: nova_conductor_workers|int > nova_conductor_max_workers|int - name: NOV-CND | main | Set os-specific variables include_vars: "{{ ansible_os_family | lower }}.yml" 070701000000DC000081A40000000000000000000000015F71E19F000006BD000000000000000000000000000000000000004500000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CND/tasks/start.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Restart or start the nova-conductor service --- - name: NOV-CND | start | Activate the latest installed version become: yes install_package: name: nova service: nova-conductor activate: act_on version: "{{ ardana_notify_nova_conductor_install_result.version }}" when: not (ardana_notify_nova_conductor_install_result is not defined) - name: NOV-CND | start | register persistent fact of activate command: /bin/true register: ardana_notify_nova_conductor_restart_required when: ardana_notify_nova_conductor_install_result is defined and ardana_notify_nova_conductor_install_result.changed - name: NOV-CND | start | Restart nova-conductor service become: yes service: name: nova-conductor state: restarted when: ardana_notify_nova_restart_required.changed or (ardana_notify_nova_conductor_restart_required is defined and ardana_notify_nova_conductor_restart_required.changed) - name: NOV-CND | start | Ensure nova-conductor service is started become: yes service: name: nova-conductor state: started 070701000000DD000081A40000000000000000000000015F71E19F000002C0000000000000000000000000000000000000004600000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CND/tasks/status.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - include: ../../nova-common/tasks/_service_status.yml 070701000000DE000081A40000000000000000000000015F71E19F00000389000000000000000000000000000000000000004400000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CND/tasks/stop.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Stop the nova-conductor service --- - name: NOV-CND | stop | stop nova-conductor service become: yes service: name=nova-conductor state=stopped register: stop_result failed_when: "stop_result|failed and 'service not found' not in stop_result.msg" 070701000000DF000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003F00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CND/templates070701000000E0000081A40000000000000000000000015F71E19F00000673000000000000000000000000000000000000005900000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CND/templates/conductor-logging.conf.j2{# # # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} [loggers] keys: root [handlers] keys: watchedfile, logstash [formatters] keys: context, logstash [logger_root] qualname: root handlers: watchedfile, logstash level: NOTSET # Writes to disk [handler_watchedfile] class: handlers.WatchedFileHandler args: ('{{ log_dir }}/nova-conductor.log',) formatter: context level: INFO # Writes JSON to disk, beaver will ship to logstash [handler_logstash] class: handlers.WatchedFileHandler args: ('{{ log_dir }}/nova-conductor-json.log',) formatter: logstash level: INFO # datefmt must be set otherwise you end up with too many (msecs) fields [formatter_context] class: oslo_log.formatters.ContextFormatter args: (datefmt=datefmt) format: %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user)s %(tenant)s] %(instance)s%(message)s datefmt: %Y-%m-%d %H:%M:%S # the "format" and "datefmt" actually set the "type" and "tags" [formatter_logstash] class: logstash.LogstashFormatterVersion1 format: nova datefmt: nova-conductor 070701000000E1000081A40000000000000000000000015F71E19F000004D7000000000000000000000000000000000000005100000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CND/templates/conductor.conf.j2{# # # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} # This file has the Ardana values that apply only to the Nova Conductor service. # You may make changes to this file by adding sections/options below. [DEFAULT] # Logging log_config_append = "{{ nova_service_conf_dir }}/conductor-logging.conf" [database] backend = sqlalchemy connection = {{ database_connection }} [api_database] connection = {{ nova_api_database_connection }} [conductor] # Please change this value in openstack/ardana/ansible/roles/NOV-CND/defaults/main.yml , # do not remove it here workers = {{ nova_conductor_workers }} ## Do NOT put anything after this line ## 070701000000E2000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003A00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CND/vars070701000000E3000081A40000000000000000000000015F71E19F000003A8000000000000000000000000000000000000004500000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CND/vars/debian.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # Contains packages required for nova-conductor service in Debian System --- # packages listed here will be installed by nova-common | install nova_required_packages: - libmysqlclient18 # packages listed here will trigger a restart of the service when updated nova_conductor_restart_packages: []070701000000E4000081A40000000000000000000000015F71E19F000003A8000000000000000000000000000000000000004500000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CND/vars/redhat.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # Contains packages required for nova-conductor service in RedHat System --- # packages listed here will be installed by nova-common | install nova_required_packages: - libmysqlclient18 # packages listed here will trigger a restart of the service when updated nova_conductor_restart_packages: []070701000000E5000081A40000000000000000000000015F71E19F000003BC000000000000000000000000000000000000004300000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-CND/vars/suse.yml# # (c) Copyright 2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # Contains packages required for nova-conductor service in SUSE System --- # packages listed here will be installed by nova-common | install nova_required_packages: - libmysqlclient18 - libsodium23 # packages listed here will trigger a restart of the service when updated nova_conductor_restart_packages: [] 070701000000E6000041ED0000000000000000000000075F71E19F00000000000000000000000000000000000000000000003500000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-SCH070701000000E7000041ED0000000000000000000000065F71E19F00000000000000000000000000000000000000000000003900000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-SCH-IRN070701000000E8000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000004200000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-SCH-IRN/defaults070701000000E9000081A40000000000000000000000015F71E19F0000047D000000000000000000000000000000000000004B00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-SCH-IRN/defaults/main.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # This file will contain the default values for the nova ironic component --- ## [ironic] ironic_api_endpoint_url: "{{ NOV_SCH_IRN.consumes_IRN_API.vips.private[0].url }}/v1" admin_tenant_name : "{{ KEY_API.vars.keystone_service_tenant }}" keystone_ironic_password : "{{ IRN_API.consumes_KEY_API.vars.keystone_ironic_password | quote }}" keystone_ironic_user : "{{ IRN_API.consumes_KEY_API.vars.keystone_ironic_user }}" ironic_admin_auth_uri : "{{ IRN_API.consumes_KEY_API.vips.private[0].url }}/v3" 070701000000EA000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003E00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-SCH-IRN/meta070701000000EB000081A40000000000000000000000015F71E19F000002BE000000000000000000000000000000000000004700000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-SCH-IRN/meta/main.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- dependencies: - role: nova-common - role: NOV-SCH 070701000000EC000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003F00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-SCH-IRN/tasks070701000000ED000081A40000000000000000000000015F71E19F0000053F000000000000000000000000000000000000004D00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-SCH-IRN/tasks/configure.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Configure the hypervisor.conf specific to ironic --- # hypervisor.conf will be loaded last by nova-scheduler # filename should remain the same across hypervisors # we can use nova_service_conf_dir as this will be set to scheduler # by including the nova-scheduler role as a dependency - include: ../../nova-common/tasks/_write_conf.yml src: "../../NOV-SCH-IRN/templates/hypervisor.conf.j2" dest: "{{ nova_service_conf_dir }}/hypervisor.conf" owner: "{{ nova_system_user }}" group: "{{ nova_system_group }}" - name: NOV-SCH-IRN | configure | notify on hypervisor.conf change command: /bin/true register: ardana_notify_nova_scheduler_restart_required when: write_conf_result.changed 070701000000EE000081A40000000000000000000000015F71E19F000002B8000000000000000000000000000000000000004B00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-SCH-IRN/tasks/install.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - include: ../../nova-common/tasks/install.yml 070701000000EF000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000004300000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-SCH-IRN/templates070701000000F0000081A40000000000000000000000015F71E19F00000559000000000000000000000000000000000000005600000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-SCH-IRN/templates/hypervisor.conf.j2{# # # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} # This file has the Ardana values that apply only to the ironic hypervisor. # You may make changes to this file by adding sections/options below. [DEFAULT] # Scheduler scheduler_host_manager = ironic_host_manager scheduler_use_baremetal_filters = True [ironic] auth_type = v3password api_endpoint = {{ ironic_api_endpoint_url }} project_name = {{ admin_tenant_name }} auth_url = {{ ironic_admin_auth_uri }} password = {{ keystone_ironic_password }} username = {{ keystone_ironic_user }} # We are hardcoding the domain to 'Default' for backward compatibility. # In the future, these need to be coming from vars. project_domain_name = Default user_domain_name = Default ## Do NOT put anything after this line ## 070701000000F1000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003E00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-SCH/defaults070701000000F2000081A40000000000000000000000015F71E19F0000046A000000000000000000000000000000000000004700000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-SCH/defaults/main.yml# # (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # This file will contain the default values for the nova-scheduler service --- nova_component: nova-scheduler # the log files nova-common will create for this service nova_log_files: - "{{ log_dir }}/nova-scheduler.log" - "{{ log_dir }}/nova-scheduler-json.log" # policy files needed for ironic_host_manager nova_policy_file: ../../nova-common/templates/policy.json.j2 # Default max number of open files the Nova Scheduler processes can use nova_sch_limit_open_files: 65536 070701000000F3000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003A00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-SCH/meta070701000000F4000081A40000000000000000000000015F71E19F000002AC000000000000000000000000000000000000004300000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-SCH/meta/main.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- dependencies: - role: nova-common 070701000000F5000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003B00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-SCH/tasks070701000000F6000081A40000000000000000000000015F71E19F0000037D000000000000000000000000000000000000005700000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-SCH/tasks/check_upgraded_packages.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: NOV-SCH | check_upgraded_packages | Check upgraded packages command: /bin/true register: ardana_notify_nova_scheduler_restart_required when: item in ardana_upgraded_pkgs | default({}) with_items: nova_scheduler_restart_packages 070701000000F7000081A40000000000000000000000015F71E19F0000087F000000000000000000000000000000000000004900000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-SCH/tasks/configure.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Configure the nova-scheduler service --- - include: ../../nova-common/tasks/_set_directories.yml vars: install_package_result: "{{ ardana_notify_nova_scheduler_install_result }}" - name: NOV-SCH | configure | nova-common configure include: ../../nova-common/tasks/configure.yml - name: NOV-SCH | configure | notify on rootwrap change command: /bin/true register: ardana_notify_nova_scheduler_restart_required when: rootwrap_changed - include: ../../nova-common/tasks/_write_conf.yml src: "../../NOV-SCH/templates/scheduler.conf.j2" dest: "{{ nova_service_conf_dir }}/scheduler.conf" conf_owner: "{{ nova_system_user }}" conf_group: "{{ nova_system_group }}" # We need to be sure that the hypervisor.conf file is present - name: NOV-SCH | configure | touch hypervisor.conf become: yes copy: dest: "{{ nova_service_conf_dir }}/hypervisor.conf" owner: "{{ nova_system_user }}" group: "{{ nova_system_group }}" mode: 0644 content: "" force: no # do not overwrite if it exists - name: NOV-SCH | configure | notify on scheduler.conf change command: /bin/true register: ardana_notify_nova_scheduler_restart_required when: write_conf_result.changed - name: NOV-SCH | configure | Apply template become: yes template: src: "{{ item }}.j2" dest: "{{ nova_service_conf_dir }}/{{ item }}" owner: root group: "{{ nova_system_group }}" mode: 0640 with_items: - "scheduler-logging.conf" register: ardana_notify_nova_scheduler_restart_required 070701000000F8000081A40000000000000000000000015F71E19F0000086B000000000000000000000000000000000000004700000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-SCH/tasks/install.yml# # (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Install nova-scheduler --- - name: NOV-SCH | install | Update installed packager cache become: yes install_package: cache: update - name: NOV-SCH | install | Install the nova-scheduler service from the nova venv become: yes install_package: name: nova service: nova-scheduler state: present activate: act_off register: ardana_notify_nova_scheduler_install_result - name: NOV-SCH | install | register persistent fact of install command: /bin/true register: ardana_notify_nova_scheduler_restart_required when: ardana_notify_nova_scheduler_install_result.changed - include: ../../nova-common/tasks/_set_directories.yml vars: install_package_result: "{{ ardana_notify_nova_scheduler_install_result }}" - name: NOV-SCH | install | Setup nova-scheduler service become: yes setup_systemd: service: nova-scheduler user: "{{ nova_system_user }}" group: "{{ nova_system_group }}" cmd: nova-scheduler args: > --config-file {{ nova_service_conf_dir }}/nova.conf --config-file {{ nova_service_conf_dir }}/scheduler.conf --config-file {{ nova_service_conf_dir }}/hypervisor.conf limit_open_files: "{{ nova_sch_limit_open_files }}" - name: NOV-SCH | install | Set nova-scheduler service to not start on boot become: yes service: name: nova-scheduler enabled: no # This must happen after the install_package, or a path which is meant to be a # symlink will be mkdir'd - include: ../../nova-common/tasks/install.yml 070701000000F9000081A40000000000000000000000015F71E19F000002EB000000000000000000000000000000000000004400000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-SCH/tasks/main.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: NOV-SCH | main | Set os-specific variables include_vars: "{{ ansible_os_family | lower }}.yml"070701000000FA000081A40000000000000000000000015F71E19F000006BA000000000000000000000000000000000000004500000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-SCH/tasks/start.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Restart or start the nova-scheduler service --- - name: NOV-SCH | start | Activate the latest installed version become: yes install_package: name: nova service: nova-scheduler activate: act_on version: "{{ ardana_notify_nova_scheduler_install_result.version }}" when: not (ardana_notify_nova_scheduler_install_result is not defined) - name: NOV-SCH | start | register persistent fact of activate command: /bin/true register: ardana_notify_nova_scheduler_restart_required when: ardana_notify_nova_scheduler_install_result is defined and ardana_notify_nova_scheduler_install_result.changed - name: NOV-SCH | start | Restart nova-scheduler service become: yes service: name: nova-scheduler state: restarted when: ardana_notify_nova_restart_required.changed or (ardana_notify_nova_scheduler_restart_required is defined and ardana_notify_nova_scheduler_restart_required.changed) - name: NOV-SCH | start | Ensure nova-scheduler service started become: yes service: name: nova-scheduler state: started 070701000000FB000081A40000000000000000000000015F71E19F000002C0000000000000000000000000000000000000004600000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-SCH/tasks/status.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - include: ../../nova-common/tasks/_service_status.yml 070701000000FC000081A40000000000000000000000015F71E19F00000389000000000000000000000000000000000000004400000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-SCH/tasks/stop.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Stop the nova-scheduler service --- - name: NOV-SCH | stop | stop nova-scheduler service become: yes service: name=nova-scheduler state=stopped register: stop_result failed_when: "stop_result|failed and 'service not found' not in stop_result.msg" 070701000000FD000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003F00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-SCH/templates070701000000FE000081A40000000000000000000000015F71E19F00000675000000000000000000000000000000000000005900000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-SCH/templates/scheduler-logging.conf.j2{# # # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} [loggers] keys: root [handlers] keys: watchedfile, logstash [formatters] keys: context, logstash [logger_root] qualname: root handlers: watchedfile, logstash level: NOTSET # Writes to disk [handler_watchedfile] class: handlers.WatchedFileHandler args: ('{{ log_dir }}/nova-scheduler.log',) formatter: context level: INFO # Writes JSON to disk, beaver will ship to logstash [handler_logstash] class: handlers.WatchedFileHandler args: ('{{ log_dir }}/nova-scheduler-json.log',) formatter: logstash level: INFO # datefmt must be set otherwise you end up with too many (msecs) fields [formatter_context] class: oslo_log.formatters.ContextFormatter args: (datefmt=datefmt) format: %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user)s %(tenant)s] %(instance)s%(message)s datefmt: %Y-%m-%d %H:%M:%S # the "format" and "datefmt" actually set the "type" and "tags" [formatter_logstash] class: logstash.LogstashFormatterVersion1 format: nova datefmt: nova-scheduler 070701000000FF000081A40000000000000000000000015F71E19F0000046B000000000000000000000000000000000000005100000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-SCH/templates/scheduler.conf.j2{# # # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} # This file has the Ardana values that apply only to the Nova Scheduler service. # You may make changes to this file by adding sections/options below. [DEFAULT] # Logging log_config_append = "{{ nova_service_conf_dir }}/scheduler-logging.conf" [database] backend = sqlalchemy connection = {{ database_connection }} [api_database] connection = {{ nova_api_database_connection }} [scheduler] discover_hosts_in_cells_interval = 300 ## Do NOT put anything after this line ## 07070100000100000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003A00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-SCH/vars07070100000101000081A40000000000000000000000015F71E19F00000396000000000000000000000000000000000000004500000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-SCH/vars/debian.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # Contains packages required for nova-scheduler service in Debian System --- # packages listed here will be installed by nova-common | install nova_required_packages: [] # packages listed here will trigger a restart of the service when updated nova_scheduler_restart_packages: []07070100000102000081A40000000000000000000000015F71E19F00000398000000000000000000000000000000000000004500000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-SCH/vars/redhat.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # Contains packages required for nova-consoleauth service in RedHat System --- # packages listed here will be installed by nova-common | install nova_required_packages: [] # packages listed here will trigger a restart of the service when updated nova_scheduler_restart_packages: []07070100000103000081A40000000000000000000000015F71E19F00000397000000000000000000000000000000000000004300000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-SCH/vars/suse.yml# # (c) Copyright 2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # Contains packages required for nova-consoleauth service in SUSE System --- # packages listed here will be installed by nova-common | install nova_required_packages: [] # packages listed here will trigger a restart of the service when updated nova_scheduler_restart_packages: [] 07070100000104000041ED0000000000000000000000075F71E19F00000000000000000000000000000000000000000000003500000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-VNC07070100000105000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003E00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-VNC/defaults07070100000106000081A40000000000000000000000015F71E19F00000402000000000000000000000000000000000000004700000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-VNC/defaults/main.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # This file will contain the default values for the nova-novncproxy service --- nova_component: nova-novncproxy # the filters nova-common will copy for this service nova_rootwrap_filters: - rootwrap.d/novnc.filters # the log files nova-common will create for this service nova_log_files: - "{{ log_dir }}/nova-novncproxy.log" - "{{ log_dir }}/nova-novncproxy-json.log" 07070100000107000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003A00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-VNC/meta07070100000108000081A40000000000000000000000015F71E19F000002AC000000000000000000000000000000000000004300000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-VNC/meta/main.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- dependencies: - role: nova-common 07070100000109000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003B00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-VNC/tasks0707010000010A000081A40000000000000000000000015F71E19F0000037F000000000000000000000000000000000000005700000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-VNC/tasks/check_upgraded_packages.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: NOV-VNC | check_upgraded_packages | Check upgraded packages command: /bin/true register: ardana_notify_nova_novncproxy_restart_required when: item in ardana_upgraded_pkgs | default({}) with_items: nova_novncproxy_restart_packages 0707010000010B000081A40000000000000000000000015F71E19F000006DA000000000000000000000000000000000000004900000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-VNC/tasks/configure.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Configure the nova-novnc service --- - include: ../../nova-common/tasks/_set_directories.yml vars: install_package_result: "{{ ardana_notify_nova_novncproxy_install_result }}" - name: NOV-VNC | configure | nova-common configure include: ../../nova-common/tasks/configure.yml - name: NOV-VNC | configure | notify on rootwrap change command: /bin/true register: ardana_notify_nova_novncproxy_restart_required when: rootwrap_changed - include: ../../nova-common/tasks/_write_conf.yml src: "../../NOV-VNC/templates/novncproxy.conf.j2" dest: "{{ nova_service_conf_dir }}/novncproxy.conf" - name: NOV-VNC | configure | notify on novncproxy.conf change command: /bin/true register: ardana_notify_nova_novncproxy_restart_required when: write_conf_result.changed - name: NOV-VNC | configure | Apply template become: yes template: src: "{{ item }}.j2" dest: "{{ nova_service_conf_dir }}/{{ item }}" owner: root group: "{{ nova_system_group }}" mode: 0640 with_items: - "novncproxy-logging.conf" register: ardana_notify_nova_novncproxy_restart_required 0707010000010C000081A40000000000000000000000015F71E19F00000846000000000000000000000000000000000000004700000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-VNC/tasks/install.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Install nova-novncproxy service --- - name: NOV-VNC | install | Update installed packager cache become: yes install_package: cache: update - name: NOV-VNC | install | Install the nova-novncproxy service from the nova venv become: yes install_package: name: nova service: nova-novncproxy state: present activate: act_off register: ardana_notify_nova_novncproxy_install_result - name: NOV-VNC | install | register persistent fact of install command: /bin/true register: ardana_notify_nova_novncproxy_restart_required when: ardana_notify_nova_novncproxy_install_result.changed - include: ../../nova-common/tasks/_set_directories.yml vars: install_package_result: "{{ ardana_notify_nova_novncproxy_install_result }}" - name: NOV-VNC | install | Setup nova-novncproxy service become: yes setup_systemd: service: nova-novncproxy user: "{{ nova_system_user }}" group: "{{ nova_system_group }}" cmd: nova-novncproxy args: > --config-file {{ nova_service_conf_dir }}/nova.conf --config-file {{ nova_service_conf_dir }}/rootwrap.conf --config-file {{ nova_service_conf_dir }}/novncproxy.conf - name: NOV-VNC | install | Set nova-novncproxy service to not start on boot become: yes service: name: nova-novncproxy enabled: no # This must happen after the install_package, or a path which is meant to be a # symlink will be mkdir'd - include: ../../nova-common/tasks/install.yml 0707010000010D000081A40000000000000000000000015F71E19F000002EB000000000000000000000000000000000000004400000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-VNC/tasks/main.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: NOV-VNC | main | Set os-specific variables include_vars: "{{ ansible_os_family | lower }}.yml"0707010000010E000081A40000000000000000000000015F71E19F000006C7000000000000000000000000000000000000004500000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-VNC/tasks/start.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Restart or start the nova-novncproxy service --- - name: NOV-VNC | start | Activate the latest installed version become: yes install_package: name: nova service: nova-novncproxy activate: act_on version: "{{ ardana_notify_nova_novncproxy_install_result.version }}" when: not (ardana_notify_nova_novncproxy_install_result is not defined) - name: NOV-VNC | start | register persistent fact of activate command: /bin/true register: ardana_notify_nova_novncproxy_restart_required when: ardana_notify_nova_novncproxy_install_result is defined and ardana_notify_nova_novncproxy_install_result.changed - name: NOV-VNC | start | Restart nova-novncproxy service become: yes service: name: nova-novncproxy state: restarted when: ardana_notify_nova_restart_required.changed or (ardana_notify_nova_novncproxy_restart_required is defined and ardana_notify_nova_novncproxy_restart_required.changed) - name: NOV-VNC | start | Ensure nova-novncproxy service started become: yes service: name: nova-novncproxy state: started 0707010000010F000081A40000000000000000000000015F71E19F000002C0000000000000000000000000000000000000004600000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-VNC/tasks/status.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - include: ../../nova-common/tasks/_service_status.yml 07070100000110000081A40000000000000000000000015F71E19F0000038C000000000000000000000000000000000000004400000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-VNC/tasks/stop.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Stop the nova-novncproxy service --- - name: NOV-VNC | stop | stop nova-novncproxy service become: yes service: name=nova-novncproxy state=stopped register: stop_result failed_when: "stop_result|failed and 'service not found' not in stop_result.msg" 07070100000111000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003F00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-VNC/templates07070100000112000081A40000000000000000000000015F71E19F000006B3000000000000000000000000000000000000005A00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-VNC/templates/novncproxy-logging.conf.j2{# # # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} [loggers] keys: root [handlers] keys: watchedfile, logstash [formatters] keys: context, logstash [logger_root] qualname: root handlers: watchedfile, logstash level: NOTSET # Writes to disk [handler_watchedfile] class: handlers.WatchedFileHandler # TODO Use templated log path args: ('{{ log_dir }}/nova-novncproxy.log',) formatter: context level: INFO # Writes JSON to disk, beaver will ship to logstash [handler_logstash] class: handlers.WatchedFileHandler # TODO Use templated log path args: ('{{ log_dir }}/nova-novncproxy-json.log',) formatter: logstash level: INFO # datefmt must be set otherwise you end up with too many (msecs) fields [formatter_context] class: oslo_log.formatters.ContextFormatter args: (datefmt=datefmt) format: %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user)s %(tenant)s] %(instance)s%(message)s datefmt: %Y-%m-%d %H:%M:%S # the "format" and "datefmt" attrs actually set the "type" and "tags" [formatter_logstash] class: logstash.LogstashFormatterVersion1 format: nova datefmt: novncproxy 07070100000113000081A40000000000000000000000015F71E19F000004B5000000000000000000000000000000000000005200000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-VNC/templates/novncproxy.conf.j2{# # # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} # This file has the Ardana values that apply only to the Nova novncproxy service. # You may make changes to this file by adding sections/options below. [DEFAULT] # Logging log_config_append = "{{ nova_service_conf_dir }}/novncproxy-logging.conf" # VNC novncproxy_host = {{ novncproxy_host }} novncproxy_port = {{ novncproxy_port }} vncserver_listen = {{ vncserver_listen }} [database] backend = sqlalchemy connection = {{ database_connection }} [api_database] connection = {{ nova_api_database_connection }} ## Do NOT put anything after this line ## 07070100000114000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003A00000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-VNC/vars07070100000115000081A40000000000000000000000015F71E19F000003A5000000000000000000000000000000000000004500000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-VNC/vars/debian.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # Contains packages required for nova-scheduler service in Debian System --- # packages listed here will be installed by nova-common | install nova_required_packages: - novnc # packages listed here will trigger a restart of the service when updated nova_novncproxy_restart_packages: - novnc07070100000116000081A40000000000000000000000015F71E19F000003A7000000000000000000000000000000000000004500000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-VNC/vars/redhat.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # Contains packages required for nova-consoleauth service in RedHat System --- # packages listed here will be installed by nova-common | install nova_required_packages: - novnc # packages listed here will trigger a restart of the service when updated nova_novncproxy_restart_packages: - novnc07070100000117000081A40000000000000000000000015F71E19F000003A6000000000000000000000000000000000000004300000000ardana-nova-8.0+git.1601298847.dd01585/roles/NOV-VNC/vars/suse.yml# # (c) Copyright 2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # Contains packages required for nova-consoleauth service in SUSE System --- # packages listed here will be installed by nova-common | install nova_required_packages: - novnc # packages listed here will trigger a restart of the service when updated nova_novncproxy_restart_packages: - novnc 07070100000118000041ED0000000000000000000000095F71E19F00000000000000000000000000000000000000000000003900000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common07070100000119000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000004200000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/defaults0707010000011A000081A40000000000000000000000015F71E19F00001F60000000000000000000000000000000000000004B00000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/defaults/main.yml# # (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # Layout of this file: # At the top of this file (following on from this text) are the root level # variables. Variables defined here have global scope. # # Files are defined by identifiers followed by a colon(:), with sections in # a file indented to the next level. # system level vars # ----------------- # Values in this section relate to the build/install of nova # at a system level nova_system_group: nova nova_log_group: adm nova_system_user: nova nova_system_createhome: false nova_system_shell: /bin/false nova_migrate_enabled: false enable_migrate_file: "{{ nova_facts_dir }}/nova_migrate_enabled.fact" # Some directories are set by _set_directories.yml as they need to be set after # install (the version is required in the path). nova_state_root_dir: / nova_system_home_folder: "{{ nova_state_root_dir }}/var/lib/nova" nova_kernel_module_file: "{{ nova_component }}" nova_facts_dir: "/etc/ansible/facts.d" # Number of maximum workers allowed regardless of CPUs available nova_api_max_workers: 20 # Number of maximum workers allowed regardless of CPUs available nova_metadata_max_workers: 10 # Number of workers for OpenStack API service. The default will be the # maximum allowed by variable nova_api_max_workers nova_api_workers: "{{ ansible_processor_count * ansible_processor_cores * 2 | default('{{ nova_api_max_workers }} ') }}" # Number of workers for metadata service. nova_metadata_workers: "{{ ansible_processor_count * ansible_processor_cores * 2 | default('{{ nova_metadata_max_workers }} ') }}" # nova.conf ## [DEFAULT] ### API api_paste_config: "{{ nova_service_conf_dir }}/api-paste.ini" api_audit_config: "{{ nova_service_conf_dir }}/api_audit_map.conf" compute_link_prefix: "{{ NOV_API.advertises.vips.public[0].url }}" osapi_compute_listen_port: > {{ host | item('bind.NOV_API.internal.port', default=8774) }} osapi_compute_listen: > {{ host | item('bind.NOV_API.internal.ip_address', default=host.vars.my_hostname_address) }} ### CA & SSL keys_path: "{{ nova_state_root_dir }}/var/lib/nova/keys" ### common lock_path: "{{ nova_state_root_dir }}/var/lib/nova" my_ip: "{{ host.vars.my_hostname_address }}" rootwrap_config: "{{ nova_service_conf_dir }}/rootwrap.conf" state_path: "{{ nova_state_root_dir }}/var/lib/nova" ### Logging log_dir: "{{ nova_state_root_dir }}/var/log/nova" ### Audit nova_api_audit_enable: "{{ NOV.audit.enabled }}" nova_audit_log_location: "{{ NOV.audit.dir }}/nova" nova_internal_endpoint: NOV_API.advertises.vips.private[0].url ### Metadata metadata_host: "{% if host.bind.NOV_MTD is defined %}{{ host.bind.NOV_MTD.internal.ip_address }}{% else %}{{ NOV_API.advertises.vips.private[0].host }}{% endif %}" metadata_listen: "{% if host.bind.NOV_MTD is defined %}{{ host.bind.NOV_MTD.internal.ip_address }}{% else %}{{ NOV_API.advertises.vips.private[0].host }}{% endif %}" metadata_use_forwarded_for: > {% if true in (NOV_API | provided_data('use_forwarded_for')) %} True{% else %}False{% endif %} ### Network default_floating_pool: "{{ config_data | item('NEU.neutron_external_networks', default=[{'name': 'ext-net'}]) | map(attribute='name') | first }}" ### RabbitMQ rabbit_hosts: "{% for x in NOV_API.consumes_FND_RMQ.members.private %}{{ x.host }}:{{ x.port }}{%if not loop.last %},{% endif %}{% endfor %}" rabbit_password: "{{ NOV.consumes_FND_RMQ.vars.accounts.nova.password }}" rabbit_userid: "{{ NOV.consumes_FND_RMQ.vars.accounts.nova.username }}" rabbit_use_ssl: "{{ NOV.consumes_FND_RMQ.members.private[0].use_tls }}" rabbit_hosts_transport_url: > rabbit:// {%- for x in NOV_API.consumes_FND_RMQ.members.private -%} {{ rabbit_userid }}:{{ rabbit_password }}@{{ x.host }}:{{ x.port }}{%- if not loop.last -%},{%- endif -%} {%- endfor -%} / cell0_rabbit_hosts_transport_url: "none:///" nova_rpc_response_timeout: 60 ### SRIOV and PCI-PT pci_passthrough_whitelist: '' ### VNC novncproxy_host: "{{ host.bind.NOV_VNC.public.ip_address }}" novncproxy_port: "{{ host.bind.NOV_VNC.public.port }}" vncserver_listen: "{{ host.bind.NOV_VNC.public.ip_address }}" ## [vnc] vncserver_proxyclient_address: "{{ NOV_VNC.advertises.vips.public[0].host }}" ## [database ssl] nova_db_ca_file: "{{ trusted_ca_bundle }}" nova_db_ssl: "{% if NOV.consumes_FND_MDB.vips.private[0].use_tls %}?ssl_ca={{ nova_db_ca_file }}{% endif %}" nova_api_db_ssl: "{% if NOV_API.consumes_FND_MDB.vips.private[0].use_tls %}?ssl_ca={{ nova_db_ca_file }}{% endif %}" ## [database] database_connection: "mysql+pymysql://{{ NOV.consumes_FND_MDB.vars.accounts.nova.username }}:{{ NOV.consumes_FND_MDB.vars.accounts.nova.password | urlencode }}@{{ NOV.consumes_FND_MDB.vips.private[0].host }}/nova{{ nova_db_ssl }}" cell0_database_connection: "mysql+pymysql://{{ NOV.consumes_FND_MDB.vars.accounts.nova.username }}:{{ NOV.consumes_FND_MDB.vars.accounts.nova.password | urlencode }}@{{ NOV.consumes_FND_MDB.vips.private[0].host }}/nova_cell0{{ nova_db_ssl }}" ## [api_database] nova_api_database_connection: "mysql+pymysql://{{ NOV_API.consumes_FND_MDB.vars.accounts.nova_api.username }}:{{ NOV_API.consumes_FND_MDB.vars.accounts.nova_api.password | urlencode }}@{{ NOV_API.consumes_FND_MDB.vips.private[0].host }}/nova_api{{ nova_api_db_ssl }}" ## [glance] glance_api_servers: "{{ NOV_API.consumes_GLA_API.vips.private[0].url }}" ## [keystone_authtoken] keystone_auth_uri: "{{ NOV_API.consumes_KEY_API.vips.private[0].url }}" keystone_identity_uri: "{{ NOV_API.consumes_KEY_API.vips.private[0].url }}" nova_admin_password: "{{ NOV_API.consumes_KEY_API.vars.keystone_nova_password | quote }}" nova_admin_tenant_name: "{{ KEY_API.vars.keystone_service_tenant }}" nova_admin_user: "{{ NOV_API.consumes_KEY_API.vars.keystone_nova_user }}" keystone_region_name: "{{ NOV.regions | first }}" memcached_servers: "{% for x in NOV.consumes_FND_MEM.members.private %}{{ x.host }}:{{ x.port }}{%if not loop.last %},{% endif %}{% endfor %}" memcache_secret_key: "{{ NOV.consumes_FND_MEM.vars.memcached.nova.secret_key | quote }}" ## [placement] nova_placement_api_user: "{{ NOV_PLC.consumes_KEY_API.vars.nova_placement_api_user }}" nova_placement_api_password: "{{ NOV_PLC.consumes_KEY_API.vars.nova_placement_api_password | quote }}" # Barbican barbican_endpoint_template: "{% if ( 'consumes_KEYMGR_API' in NOV_API ) %}{{ NOV_API.consumes_KEYMGR_API.vips.private[0].url }}{% endif %}" barbican_os_region_name: "{{ NOV.regions | first }}" barbican_keystone_auth_url: "{{ NOV_API.consumes_KEY_API.vips.private[0].url }}/v3" ## [libvirt] libvirt_snapshots_directory: "{{ nova_state_root_dir }}/var/lib/nova/tmp" ## [neutron] neutron_admin_auth_url: "{{ NOV_API.consumes_KEY_API.vips.private[0].url }}/v3" neutron_admin_project_name: "{{ KEY_API.vars.keystone_service_tenant }}" neutron_admin_password: "{{ NEU_SVR.consumes_KEY_API.vars.keystone_neutron_password | quote }}" neutron_admin_username: "{{ NEU_SVR.consumes_KEY_API.vars.keystone_neutron_user }}" neutron_domain_name: "{{ KEY_API.vars.keystone_default_domain }}" neutron_url: "{{ NOV_API.consumes_NEU_SVR.vips.private[0].url }}" neutron_metadata_proxy_shared_secret: > {%- if NOV_MTD.vars.metadata_proxy_shared_secret is defined -%} {{ NOV_MTD.vars.metadata_proxy_shared_secret }} {%- endif -%} neutron_region_name: "{{ NOV.regions | first }}" ## [cinder] cinder_os_region_name: "{{ NOV.regions | first }}" 0707010000011B000041ED0000000000000000000000035F71E19F00000000000000000000000000000000000000000000003F00000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/files0707010000011C000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000004A00000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/files/rootwrap.d0707010000011D000081A40000000000000000000000015F71E19F0000024D000000000000000000000000000000000000005F00000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/files/rootwrap.d/api-metadata.filters# nova-rootwrap command filters for api-metadata nodes # This is needed on nova-api hosts running with "metadata" in enabled_apis # or when running nova-api-metadata # This file should be owned by (and only-writeable by) the root user [Filters] # nova/network/linux_net.py: 'ip[6]tables-save' % (cmd, '-t', ... iptables-save: CommandFilter, iptables-save, root ip6tables-save: CommandFilter, ip6tables-save, root # nova/network/linux_net.py: 'ip[6]tables-restore' % (cmd,) iptables-restore: CommandFilter, iptables-restore, root ip6tables-restore: CommandFilter, ip6tables-restore, root 0707010000011E000081A40000000000000000000000015F71E19F00000167000000000000000000000000000000000000006900000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/files/rootwrap.d/baremetal-compute-ipmi.filters# nova-rootwrap command filters for compute nodes # This file should be owned by (and only-writeable by) the root user [Filters] # nova/virt/baremetal/ipmi.py: 'ipmitool', .. ipmitool: CommandFilter, ipmitool, root # nova/virt/baremetal/ipmi.py: 'kill', '-TERM', str(console_pid) kill_shellinaboxd: KillFilter, root, /usr/local/bin/shellinaboxd, -15, -TERM 0707010000011F000081A40000000000000000000000015F71E19F0000017E000000000000000000000000000000000000006A00000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/files/rootwrap.d/baremetal-deploy-helper.filters# nova-rootwrap command filters for nova-baremetal-deploy-helper # This file should be owned by (and only-writeable by) the root user [Filters] # nova-baremetal-deploy-helper iscsiadm: CommandFilter, iscsiadm, root sfdisk: CommandFilter, sfdisk, root dd: CommandFilter, dd, root mkswap: CommandFilter, mkswap, root blkid: CommandFilter, blkid, root mkfs: CommandFilter, mkfs, root 07070100000120000081A40000000000000000000000015F71E19F000025B1000000000000000000000000000000000000005A00000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/files/rootwrap.d/compute.filters# nova-rootwrap command filters for compute nodes # This file should be owned by (and only-writeable by) the root user [Filters] # nova/virt/disk/mount/api.py: 'kpartx', '-a', device # nova/virt/disk/mount/api.py: 'kpartx', '-d', device kpartx: CommandFilter, kpartx, root # nova/virt/xenapi/vm_utils.py: tune2fs, -O ^has_journal, part_path # nova/virt/xenapi/vm_utils.py: tune2fs, -j, partition_path tune2fs: CommandFilter, tune2fs, root # nova/virt/disk/mount/api.py: 'mount', mapped_device # nova/virt/disk/api.py: 'mount', '-o', 'bind', src, target # nova/virt/xenapi/vm_utils.py: 'mount', '-t', 'ext2,ext3,ext4,reiserfs'.. # nova/virt/configdrive.py: 'mount', device, mountdir # nova/virt/libvirt/volume.py: 'mount', '-t', 'sofs' ... mount: CommandFilter, mount, root # nova/virt/disk/mount/api.py: 'umount', mapped_device # nova/virt/disk/api.py: 'umount' target # nova/virt/xenapi/vm_utils.py: 'umount', dev_path # nova/virt/configdrive.py: 'umount', mountdir umount: CommandFilter, umount, root # nova/virt/disk/mount/nbd.py: 'qemu-nbd', '-c', device, image # nova/virt/disk/mount/nbd.py: 'qemu-nbd', '-d', device qemu-nbd: CommandFilter, qemu-nbd, root # nova/virt/disk/mount/loop.py: 'losetup', '--find', '--show', image # nova/virt/disk/mount/loop.py: 'losetup', '--detach', device losetup: CommandFilter, losetup, root # nova/virt/disk/vfs/localfs.py: 'blkid', '-o', 'value', '-s', 'TYPE', device blkid: CommandFilter, blkid, root # nova/virt/libvirt/utils.py: 'blockdev', '--getsize64', path # nova/virt/disk/mount/nbd.py: 'blockdev', '--flushbufs', device blockdev: RegExpFilter, blockdev, root, blockdev, (--getsize64|--flushbufs), /dev/.* # nova/virt/disk/vfs/localfs.py: 'tee', canonpath tee: CommandFilter, tee, root # nova/virt/disk/vfs/localfs.py: 'mkdir', canonpath mkdir: CommandFilter, mkdir, root # nova/virt/disk/vfs/localfs.py: 'chown' # nova/virt/libvirt/connection.py: 'chown', os.getuid( console_log # nova/virt/libvirt/connection.py: 'chown', os.getuid( console_log # nova/virt/libvirt/connection.py: 'chown', 'root', basepath('disk') chown: CommandFilter, chown, root # nova/virt/disk/vfs/localfs.py: 'chmod' chmod: CommandFilter, chmod, root # nova/virt/libvirt/vif.py: 'ip', 'tuntap', 'add', dev, 'mode', 'tap' # nova/virt/libvirt/vif.py: 'ip', 'link', 'set', dev, 'up' # nova/virt/libvirt/vif.py: 'ip', 'link', 'delete', dev # nova/network/linux_net.py: 'ip', 'addr', 'add', str(floating_ip)+'/32'i.. # nova/network/linux_net.py: 'ip', 'addr', 'del', str(floating_ip)+'/32'.. # nova/network/linux_net.py: 'ip', 'addr', 'add', '169.254.169.254/32',.. # nova/network/linux_net.py: 'ip', 'addr', 'show', 'dev', dev, 'scope',.. # nova/network/linux_net.py: 'ip', 'addr', 'del/add', ip_params, dev) # nova/network/linux_net.py: 'ip', 'addr', 'del', params, fields[-1] # nova/network/linux_net.py: 'ip', 'addr', 'add', params, bridge # nova/network/linux_net.py: 'ip', '-f', 'inet6', 'addr', 'change', .. # nova/network/linux_net.py: 'ip', 'link', 'set', 'dev', dev, 'promisc',.. # nova/network/linux_net.py: 'ip', 'link', 'add', 'link', bridge_if ... # nova/network/linux_net.py: 'ip', 'link', 'set', interface, address,.. # nova/network/linux_net.py: 'ip', 'link', 'set', interface, 'up' # nova/network/linux_net.py: 'ip', 'link', 'set', bridge, 'up' # nova/network/linux_net.py: 'ip', 'addr', 'show', 'dev', interface, .. # nova/network/linux_net.py: 'ip', 'link', 'set', dev, address, .. # nova/network/linux_net.py: 'ip', 'link', 'set', dev, 'up' # nova/network/linux_net.py: 'ip', 'route', 'add', .. # nova/network/linux_net.py: 'ip', 'route', 'del', . # nova/network/linux_net.py: 'ip', 'route', 'show', 'dev', dev ip: CommandFilter, ip, root # nova/virt/libvirt/vif.py: 'tunctl', '-b', '-t', dev # nova/network/linux_net.py: 'tunctl', '-b', '-t', dev tunctl: CommandFilter, tunctl, root # nova/virt/libvirt/vif.py: 'ovs-vsctl', ... # nova/virt/libvirt/vif.py: 'ovs-vsctl', 'del-port', ... # nova/network/linux_net.py: 'ovs-vsctl', .... ovs-vsctl: CommandFilter, ovs-vsctl, root # nova/virt/libvirt/vif.py: 'vrouter-port-control', ... vrouter-port-control: CommandFilter, vrouter-port-control, root # nova/virt/libvirt/vif.py: 'ebrctl', ... ebrctl: CommandFilter, ebrctl, root # nova/virt/libvirt/vif.py: 'mm-ctl', ... mm-ctl: CommandFilter, mm-ctl, root # nova/network/linux_net.py: 'ovs-ofctl', .... ovs-ofctl: CommandFilter, ovs-ofctl, root # nova/virt/libvirt/connection.py: 'dd', if=%s % virsh_output, ... dd: CommandFilter, dd, root # nova/virt/xenapi/volume_utils.py: 'iscsiadm', '-m', ... iscsiadm: CommandFilter, iscsiadm, root # nova/virt/libvirt/volume/aoe.py: 'aoe-revalidate', aoedev # nova/virt/libvirt/volume/aoe.py: 'aoe-discover' aoe-revalidate: CommandFilter, aoe-revalidate, root aoe-discover: CommandFilter, aoe-discover, root # nova/virt/xenapi/vm_utils.py: parted, --script, ... # nova/virt/xenapi/vm_utils.py: 'parted', '--script', dev_path, ..*. parted: CommandFilter, parted, root # nova/virt/xenapi/vm_utils.py: 'pygrub', '-qn', dev_path pygrub: CommandFilter, pygrub, root # nova/virt/xenapi/vm_utils.py: fdisk %(dev_path)s fdisk: CommandFilter, fdisk, root # nova/virt/xenapi/vm_utils.py: e2fsck, -f, -p, partition_path # nova/virt/disk/api.py: e2fsck, -f, -p, image e2fsck: CommandFilter, e2fsck, root # nova/virt/xenapi/vm_utils.py: resize2fs, partition_path # nova/virt/disk/api.py: resize2fs, image resize2fs: CommandFilter, resize2fs, root # nova/network/linux_net.py: 'ip[6]tables-save' % (cmd, '-t', ... iptables-save: CommandFilter, iptables-save, root ip6tables-save: CommandFilter, ip6tables-save, root # nova/network/linux_net.py: 'ip[6]tables-restore' % (cmd,) iptables-restore: CommandFilter, iptables-restore, root ip6tables-restore: CommandFilter, ip6tables-restore, root # nova/network/linux_net.py: 'arping', '-U', floating_ip, '-A', '-I', ... # nova/network/linux_net.py: 'arping', '-U', network_ref['dhcp_server'],.. arping: CommandFilter, arping, root # nova/network/linux_net.py: 'dhcp_release', dev, address, mac_address dhcp_release: CommandFilter, dhcp_release, root # nova/network/linux_net.py: 'kill', '-9', pid # nova/network/linux_net.py: 'kill', '-HUP', pid kill_dnsmasq: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP # nova/network/linux_net.py: 'kill', pid kill_radvd: KillFilter, root, /usr/sbin/radvd # nova/network/linux_net.py: dnsmasq call dnsmasq: EnvFilter, env, root, CONFIG_FILE=, NETWORK_ID=, dnsmasq # nova/network/linux_net.py: 'radvd', '-C', '%s' % _ra_file(dev, 'conf'.. radvd: CommandFilter, radvd, root # nova/network/linux_net.py: 'brctl', 'addbr', bridge # nova/network/linux_net.py: 'brctl', 'setfd', bridge, 0 # nova/network/linux_net.py: 'brctl', 'stp', bridge, 'off' # nova/network/linux_net.py: 'brctl', 'addif', bridge, interface brctl: CommandFilter, brctl, root # nova/virt/libvirt/utils.py: 'mkswap' # nova/virt/xenapi/vm_utils.py: 'mkswap' mkswap: CommandFilter, mkswap, root # nova/virt/libvirt/utils.py: 'nova-idmapshift' nova-idmapshift: CommandFilter, nova-idmapshift, root # nova/virt/xenapi/vm_utils.py: 'mkfs' # nova/utils.py: 'mkfs', fs, path, label mkfs: CommandFilter, mkfs, root # nova/virt/libvirt/utils.py: 'qemu-img' qemu-img: CommandFilter, qemu-img, root # nova/virt/disk/vfs/localfs.py: 'readlink', '-e' readlink: CommandFilter, readlink, root # nova/virt/disk/api.py: mkfs.ext3: CommandFilter, mkfs.ext3, root mkfs.ext4: CommandFilter, mkfs.ext4, root mkfs.ntfs: CommandFilter, mkfs.ntfs, root # nova/virt/libvirt/connection.py: lvremove: CommandFilter, lvremove, root # nova/virt/libvirt/utils.py: lvcreate: CommandFilter, lvcreate, root # nova/virt/libvirt/utils.py: lvs: CommandFilter, lvs, root # nova/virt/libvirt/utils.py: vgs: CommandFilter, vgs, root # nova/utils.py:read_file_as_root: 'cat', file_path # (called from nova/virt/disk/vfs/localfs.py:VFSLocalFS.read_file) read_passwd: RegExpFilter, cat, root, cat, (/var|/usr)?/tmp/openstack-vfs-localfs[^/]+/etc/passwd read_shadow: RegExpFilter, cat, root, cat, (/var|/usr)?/tmp/openstack-vfs-localfs[^/]+/etc/shadow # os-brick needed commands read_initiator: ReadFileFilter, /etc/iscsi/initiatorname.iscsi multipath: CommandFilter, multipath, root # multipathd show status multipathd: CommandFilter, multipathd, root systool: CommandFilter, systool, root vgc-cluster: CommandFilter, vgc-cluster, root # os_brick/initiator/connector.py drv_cfg: CommandFilter, /opt/emc/scaleio/sdc/bin/drv_cfg, root, /opt/emc/scaleio/sdc/bin/drv_cfg, --query_guid # TODO(smcginnis) Temporary fix. # Need to pull in os-brick os-brick.filters file instead and clean # out stale brick values from this file. scsi_id: CommandFilter, /lib/udev/scsi_id, root # nova/storage/linuxscsi.py: sg_scan device sg_scan: CommandFilter, sg_scan, root # nova/volume/encryptors/cryptsetup.py: # nova/volume/encryptors/luks.py: ln: RegExpFilter, ln, root, ln, --symbolic, --force, /dev/mapper/.*, .* # nova/volume/encryptors.py: # nova/virt/libvirt/dmcrypt.py: cryptsetup: CommandFilter, cryptsetup, root # nova/virt/xenapi/vm_utils.py: xenstore-read: CommandFilter, xenstore-read, root # nova/virt/libvirt/utils.py: rbd: CommandFilter, rbd, root # nova/virt/libvirt/utils.py: 'shred', '-n3', '-s%d' % volume_size, path shred: CommandFilter, shred, root # nova/virt/libvirt/volume.py: 'cp', '/dev/stdin', delete_control.. cp: CommandFilter, cp, root # nova/virt/xenapi/vm_utils.py: sync: CommandFilter, sync, root # nova/virt/libvirt/imagebackend.py: ploop: CommandFilter, ploop, root # nova/virt/libvirt/utils.py: 'xend', 'status' xend: CommandFilter, xend, root # nova/virt/libvirt/utils.py: touch: CommandFilter, touch, root 07070100000121000081A40000000000000000000000015F71E19F00000043000000000000000000000000000000000000005E00000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/files/rootwrap.d/consoleauth.filters# Empty file to allow ansible script to run and configure rootwrap 07070100000122000081A40000000000000000000000015F71E19F00000FA3000000000000000000000000000000000000005A00000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/files/rootwrap.d/network.filters# nova-rootwrap command filters for network nodes # This file should be owned by (and only-writeable by) the root user [Filters] # nova/virt/libvirt/vif.py: 'ip', 'tuntap', 'add', dev, 'mode', 'tap' # nova/virt/libvirt/vif.py: 'ip', 'link', 'set', dev, 'up' # nova/virt/libvirt/vif.py: 'ip', 'link', 'delete', dev # nova/network/linux_net.py: 'ip', 'addr', 'add', str(floating_ip)+'/32'i.. # nova/network/linux_net.py: 'ip', 'addr', 'del', str(floating_ip)+'/32'.. # nova/network/linux_net.py: 'ip', 'addr', 'add', '169.254.169.254/32',.. # nova/network/linux_net.py: 'ip', 'addr', 'show', 'dev', dev, 'scope',.. # nova/network/linux_net.py: 'ip', 'addr', 'del/add', ip_params, dev) # nova/network/linux_net.py: 'ip', 'addr', 'del', params, fields[-1] # nova/network/linux_net.py: 'ip', 'addr', 'add', params, bridge # nova/network/linux_net.py: 'ip', '-f', 'inet6', 'addr', 'change', .. # nova/network/linux_net.py: 'ip', 'link', 'set', 'dev', dev, 'promisc',.. # nova/network/linux_net.py: 'ip', 'link', 'add', 'link', bridge_if ... # nova/network/linux_net.py: 'ip', 'link', 'set', interface, address,.. # nova/network/linux_net.py: 'ip', 'link', 'set', interface, 'up' # nova/network/linux_net.py: 'ip', 'link', 'set', bridge, 'up' # nova/network/linux_net.py: 'ip', 'addr', 'show', 'dev', interface, .. # nova/network/linux_net.py: 'ip', 'link', 'set', dev, address, .. # nova/network/linux_net.py: 'ip', 'link', 'set', dev, 'up' # nova/network/linux_net.py: 'ip', 'route', 'add', .. # nova/network/linux_net.py: 'ip', 'route', 'del', . # nova/network/linux_net.py: 'ip', 'route', 'show', 'dev', dev ip: CommandFilter, ip, root # nova/virt/libvirt/vif.py: 'ovs-vsctl', ... # nova/virt/libvirt/vif.py: 'ovs-vsctl', 'del-port', ... # nova/network/linux_net.py: 'ovs-vsctl', .... ovs-vsctl: CommandFilter, ovs-vsctl, root # nova/network/linux_net.py: 'ovs-ofctl', .... ovs-ofctl: CommandFilter, ovs-ofctl, root # nova/virt/libvirt/vif.py: 'ivs-ctl', ... # nova/virt/libvirt/vif.py: 'ivs-ctl', 'del-port', ... # nova/network/linux_net.py: 'ivs-ctl', .... ivs-ctl: CommandFilter, ivs-ctl, root # nova/virt/libvirt/vif.py: 'ifc_ctl', ... ifc_ctl: CommandFilter, /opt/pg/bin/ifc_ctl, root # nova/network/linux_net.py: 'ebtables', '-D' ... # nova/network/linux_net.py: 'ebtables', '-I' ... ebtables: CommandFilter, ebtables, root ebtables_usr: CommandFilter, ebtables, root # nova/network/linux_net.py: 'ip[6]tables-save' % (cmd, '-t', ... iptables-save: CommandFilter, iptables-save, root ip6tables-save: CommandFilter, ip6tables-save, root # nova/network/linux_net.py: 'ip[6]tables-restore' % (cmd,) iptables-restore: CommandFilter, iptables-restore, root ip6tables-restore: CommandFilter, ip6tables-restore, root # nova/network/linux_net.py: 'arping', '-U', floating_ip, '-A', '-I', ... # nova/network/linux_net.py: 'arping', '-U', network_ref['dhcp_server'],.. arping: CommandFilter, arping, root # nova/network/linux_net.py: 'dhcp_release', dev, address, mac_address dhcp_release: CommandFilter, dhcp_release, root # nova/network/linux_net.py: 'kill', '-9', pid # nova/network/linux_net.py: 'kill', '-HUP', pid kill_dnsmasq: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP # nova/network/linux_net.py: 'kill', pid kill_radvd: KillFilter, root, /usr/sbin/radvd # nova/network/linux_net.py: dnsmasq call dnsmasq: EnvFilter, env, root, CONFIG_FILE=, NETWORK_ID=, dnsmasq # nova/network/linux_net.py: 'radvd', '-C', '%s' % _ra_file(dev, 'conf'.. radvd: CommandFilter, radvd, root # nova/network/linux_net.py: 'brctl', 'addbr', bridge # nova/network/linux_net.py: 'brctl', 'setfd', bridge, 0 # nova/network/linux_net.py: 'brctl', 'stp', bridge, 'off' # nova/network/linux_net.py: 'brctl', 'addif', bridge, interface brctl: CommandFilter, brctl, root # nova/network/linux_net.py: 'sysctl', .... sysctl: CommandFilter, sysctl, root # nova/network/linux_net.py: 'conntrack' conntrack: CommandFilter, conntrack, root # nova/network/linux_net.py: 'fp-vdev' fp-vdev: CommandFilter, fp-vdev, root 07070100000123000081A40000000000000000000000015F71E19F00000043000000000000000000000000000000000000005800000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/files/rootwrap.d/novnc.filters# Empty file to allow ansible script to run and configure rootwrap 07070100000124000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000004100000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/library07070100000125000081A40000000000000000000000015F71E19F00000E26000000000000000000000000000000000000005900000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/library/create_pci_whitelist.py#!/usr/bin/python # # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # from ansible.module_utils.basic import * # noqa import json import yaml DOCUMENTATION = ''' --- module: create-pci-whitelist short_description: Create SRIOV and PCI whitelist description: Create SRIOV and PCI whitelist author: Praveen Kumar SM requirements: [ ] options: args: required: true description: - A string containing arguments passed to the create sriov and pci whitelist ''' EXAMPLES = ''' tasks: - name: Create PCI Whitelist create_pci_whitelist: args="{{ network_pci_pt_sriov_interfaces }}" The structure of network_pci_pt_sriov_interfaces is below: [ { "bus_address": "0000:15:00", "device": "hed15", "nic_device_type": { "device_id": "1008", "family": "MT-27500", "name": "544M", "vendor_id": "15b3" }, "pf_mode": "pci-passthrough", "tags": [ { "component": "neutron-openvswitch-agent", "data_values": { "provider-physical-network": "physnet5", "tenant-vlan-id-range": "50:59" }, "service": "neutron", "tag": "neutron.networks.vlan" } ], "vf_count": "4" }, ... ] This will produce output (sans single-quotes) like: ' {"devname": "hed15", "physical_network": "physnet5"},' '{"physical_network": "physnet5", "address": "*:15:00"}' The leading space is to work around: https://github.com/ansible/ansible/issues/10864 ''' def main(): module = AnsibleModule( # noqa argument_spec={'args': {'required': True, 'type': 'str'}}, supports_check_mode=True) lines = [] for pci_dict in yaml.load(module.params['args']): phys_net = '' for tag_dict in pci_dict.get('tags', []): if (tag_dict.get('tag') in ['neutron.networks.flat', 'neutron.networks.vlan']): phys_net = (tag_dict.get('data_values', {}) .get('provider-physical-network', phys_net)) pf_mode = pci_dict.get('pf_mode') if (pf_mode in ['normal', 'sriov-only', 'pci-passthrough'] and pci_dict.get('vf_count', 0) > 0): lines.append(json.dumps({ "devname": pci_dict.get('device'), "physical_network": phys_net})) if pf_mode in ['pci-passthrough']: bus_addr = pci_dict.get('bus_address') lines.append(json.dumps({ "address": "*:" + bus_addr[bus_addr.index(':') + 1:], "physical_network": phys_net})) combined = ' ' + ",".join(lines) module.exit_json(cmd='args', stdout=combined) if __name__ == "__main__": main() 07070100000126000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003E00000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/meta07070100000127000081A40000000000000000000000015F71E19F000002C2000000000000000000000000000000000000004700000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/meta/main.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # --- dependencies: - role: FND-AP2 - role: tls-vars 07070100000128000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003F00000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/tasks07070100000129000081A40000000000000000000000015F71E19F000003D4000000000000000000000000000000000000005B00000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/tasks/_clear_persistent_facts.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Clear persistent fact that is read by all services so must exist until # all services have been restarted --- - name: nova-common | _clear_persistent_facts | Clear persistent facts command: /bin/true changed_when: true when: ardana_notify_nova_restart_required is defined and ardana_notify_nova_restart_required.changed 0707010000012A000081A40000000000000000000000015F71E19F00000484000000000000000000000000000000000000005500000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/tasks/_configure_policy.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # nova-common | _configure_policy --- - name: nova-common | _configure_policy | debug message for nova-component debug: msg: "Running nova-common _configure_policy for {{ nova_component }}" when: nova_component is defined run_once: true - name: nova-common | _configure_policy | Apply policy template become: yes template: src: "{{ nova_policy_file }}" dest: "{{ nova_service_conf_dir }}/policy.json" owner: root group: root mode: 0644 register: nova_policy_template_result 0707010000012B000081A40000000000000000000000015F71E19F00000AE0000000000000000000000000000000000000005700000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/tasks/_configure_rootwrap.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # nova-common | _configure_rootwrap --- - name: nova-common | _configure_rootwrap | debug message for nova-component debug: msg: "Running nova-common _configure_rootwrap for {{ nova_component }}" when: nova_component is defined run_once: true # this has to be in the /etc/sudoers.d of the host - not the venv! - name: nova-common | _configure_rootwrap | Setup nova user to allow sudo to run nova-rootwrap without password become: yes template: src: nova-rootwrap.j2 dest: /etc/sudoers.d/nova-rootwrap owner: root group: root mode: 0440 validate: 'visudo -cf %s' register: allow_sudo_result # DO NOT register the symbolic link creation - it reports changed everytime - name: nova-common | _configure_rootwrap | Create a symbolic link between filesystem and venv for nova-rootwrap become: yes file: src: "{{ nova_service_bin_dir }}/nova-rootwrap" dest: /usr/local/bin/nova-rootwrap owner: "{{ nova_system_user }}" group: "{{ nova_system_group }}" state: link changed_when: False - name: nova-common | _configure_rootwrap | Create directory for rootwrap filters. become: yes file: path: "{{ nova_service_conf_dir }}/rootwrap.d" owner: root group: root mode: 0755 state: directory register: create_dir_result - name: nova-common | _configure_rootwrap | Apply rootwrap template become: yes template: src: "{{ item }}.j2" dest: "{{ nova_service_conf_dir }}/{{ item }}" owner: root group: root mode: 0644 with_items: - "rootwrap.conf" register: apply_template_result - name: nova-common | _configure_rootwrap | Copy the rootwrap filters become: yes copy: src: "{{ item }}" dest: "{{ nova_service_conf_dir }}/rootwrap.d" owner: root group: root mode: 0644 with_items: nova_rootwrap_filters register: copy_filters_result - name: nova-common | _configure_rootwrap | summarise rootwrap results set_fact: rootwrap_changed: True when: allow_sudo_result.changed or create_dir_result.changed or apply_template_result.changed or copy_filters_result.changed 0707010000012C000081A40000000000000000000000015F71E19F0000044C000000000000000000000000000000000000005900000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/tasks/_create_pci_whitelist.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: nova-common | _create_pci_whitelist | Create pci_passthrough_whitelist local_action: create_pci_whitelist args="{{ network_pci_pt_sriov_interfaces }}" when: network_pci_pt_sriov_interfaces is defined register: pci_whitelist_result - name: nova-common | _create_pci_whitelist | Set pci_passthrough_whitelist set_fact: pci_passthrough_whitelist: "{{ pci_whitelist_result.stdout }}" when: network_pci_pt_sriov_interfaces is defined 0707010000012D000081A40000000000000000000000015F71E19F00000491000000000000000000000000000000000000005900000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/tasks/_read_migrate_enabled.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Read the if nova migrate is enabled from deployer fact file --- - name: nova-common | _read_migrate_enabled | check migrate enabled file location exists become: yes delegate_to: localhost stat: path: "{{ enable_migrate_file }}" register: stat_enable_migrate_file_result - name: nova-common | _read_migrate_enabled | read file - set fact become: yes delegate_to: localhost set_fact: nova_migrate_enabled: "{{ lookup('file', enable_migrate_file) }}" when: stat_enable_migrate_file_result.stat.exists 0707010000012E000081A40000000000000000000000015F71E19F00000354000000000000000000000000000000000000005500000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/tasks/_schedule_restart.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: nova-common | _schedule_restart | Schedule a restart for all services debug: msg: "Trigger a change notification in nova" changed_when: true register: ardana_notify_nova_restart_required0707010000012F000081A40000000000000000000000015F71E19F0000053F000000000000000000000000000000000000005300000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/tasks/_service_status.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: nova-common | _service_status | Print service being checked debug: msg: "Running service check for {{ nova_component }}" run_once: true - name: nova-common | _service_status | Check systemd service running become: yes command: systemctl -n 0 status "{{ nova_component }}" ignore_errors: yes changed_when: false register: systemctl_status_result - name: nova-common | _service_status | Report status of "{{ nova_component }}" fail: msg: | {{ nova_component }} is not running. systemctl status {{ nova_component }} output: {{ systemctl_status_result.stdout }} {{ systemctl_status_result.stderr }} when: systemctl_status_result | failed 07070100000130000081A40000000000000000000000015F71E19F0000059B000000000000000000000000000000000000005400000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/tasks/_set_directories.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # --- - name: nova-common | _set_directories | set service etc directory - configure set_fact: nova_service_etc_dir: "{{ nova_component | config_dir(install_package_result.version) }}" nova_service_conf_dir: "{{ nova_component | config_dir(install_package_result.version) }}/nova" nova_service_bin_dir: "{{ nova_component | bin_dir(install_package_result.version) }}" when: install_package_result.version is defined - name: nova-common | _set_directories | set service etc directory - reconfigure set_fact: nova_service_etc_dir: "{{ nova_component | config_dir() }}" nova_service_conf_dir: "{{ nova_component | config_dir() }}/nova" nova_service_bin_dir: "{{ nova_component | bin_dir() }}" when: install_package_result.version is undefined 07070100000131000081A40000000000000000000000015F71E19F00000846000000000000000000000000000000000000005D00000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/tasks/_singleton_service_status.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: nova-common | _singleton_service_status | Print service being checked debug: msg: "Running service check for {{ nova_component }} \ which should only be running on {{ inventory_hostname }}" when: ({{ singleton_host_index }} == {{ consoleauth_host_group.index(inventory_hostname) }}) - name: nova-common | _singleton_service_status | Check systemd service running command: systemctl status "{{ nova_component }}" ignore_errors: yes changed_when: false register: systemctl_status_result - name: nova-common | _singleton_service_status | Report status of "{{ nova_component }}" fail: msg: | ** FAILURE {{ nova_component }} is running where not expected ** systemctl status {{ nova_component }} output: {{ systemctl_status_result.stdout }} {{ systemctl_status_result.stderr }} when: ({{ singleton_host_index }} != {{ consoleauth_host_group.index(inventory_hostname) }} ) and (systemctl_status_result | success) - name: nova-common | _singleton_service_status | Report status of "{{ nova_component }}" fail: msg: | ** FAILURE {{ nova_component }} is not running where expected ** systemctl status {{ nova_component }} output: {{ systemctl_status_result.stdout }} {{ systemctl_status_result.stderr }} when: ({{ singleton_host_index }} == {{ consoleauth_host_group.index(inventory_hostname) }} ) and (systemctl_status_result | failed) 07070100000132000081A40000000000000000000000015F71E19F0000075A000000000000000000000000000000000000004F00000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/tasks/_write_conf.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: nova-common | _write_conf | Check for pre-existing version of {{ dest }} stat: path: "{{ dest }}" register: conf_stat_result - name: nova-common | _write_conf | get timestamp command: date +%Y%m%d%H%M%S register: time_result changed_when: False - name: nova-common | _write_conf | Create a backup version of the existing {{ dest }} file become: yes command: cp {{ dest }} {{ dest }}.{{ time_result.stdout }} when: conf_stat_result.stat.exists changed_when: False - name: nova-common | _write_conf | Template {{ dest }} become: yes template: src: "{{ src }}" dest: "{{ dest }}" owner: root group: "{{ conf_group | default(nova_system_group) }}" mode: "{{ mode | default('a-rwx,u+rw,g+r') }}" register: write_conf_result - name: nova-common | _write_conf | Delete backup file that has not changed. become: yes file: path: "{{ dest }}.{{ time_result.stdout }}" state: absent when: write_conf_result.changed==false changed_when: False - name: nova-common | _write_conf | remove all but last 10 backups of {{ dest }} become: yes shell: ls -td {{ dest }}.* |awk 'NR>10' |xargs rm -f when: conf_stat_result.stat.exists changed_when: False 07070100000133000081A40000000000000000000000015F71E19F00000994000000000000000000000000000000000000004D00000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/tasks/configure.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # nova-common | configure --- - name: nova-common | configure | Set max api worker count if dynamic CPU based count is greater than {{ nova_api_max_workers }} set_fact: nova_api_workers: "{{ nova_api_max_workers }}" when: nova_api_workers|int > nova_api_max_workers|int - name: nova-common | configure | Set max metadata worker count if dynamic CPU based count is greater than {{ nova_metadata_max_workers }} set_fact: nova_metadata_workers: "{{ nova_api_max_workers }}" when: nova_metadata_workers|int > nova_api_max_workers|int - name: nova-common | configure | debug message for nova_component debug: msg: "Running nova-common configure for {{ nova_component }}" when: nova_component is defined run_once: true - name: nova-common | configure | set os-specific variables include_vars: "{{ ansible_os_family | lower }}.yml" - include: _read_migrate_enabled.yml - include: _create_pci_whitelist.yml when: network_device_types is defined - include: _write_conf.yml src: "nova.conf.j2" dest: "{{ nova_service_conf_dir }}/nova.conf" - name: nova-common | configure | notify on nova.conf change shell: echo "notify change" register: ardana_notify_nova_restart_required when: write_conf_result.changed - name: nova-common | configure | default rootwrap_changed to false set_fact: rootwrap_changed: false - include: _configure_rootwrap.yml when: nova_rootwrap_filters is defined - include: _configure_policy.yml when: nova_policy_file is defined # write to deployer fact file whether migrate/resize is enabled or not - name: nova-common | configure | Write localhost enable_migrate file delegate_to: localhost become: yes copy: dest: "{{ enable_migrate_file }}" content: "{{ nova_migrate_enabled }}" mode: 0664 07070100000134000081A40000000000000000000000015F71E19F00000DAA000000000000000000000000000000000000004B00000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/tasks/install.yml# # (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # common install tasks associated with the install of nova services --- - name: nova-common | install | debug msg for nova_component debug: msg: "Running nova-common install for {{ nova_component }}" when: nova_component is defined run_once: true # accounts & group - name: nova-common | install | Add group '{{ nova_system_group }}' become: yes group: name: "{{ nova_system_group }}" - name: nova-common | install | Add nova system user account '{{ nova_system_user }}' become: yes user: name: "{{ nova_system_user }}" group: "{{ nova_system_group }}" createhome: "{{ nova_system_createhome }}" home: "{{ nova_system_home_folder }}" shell: "{{ nova_system_shell }}" system: True # directories - name: nova-common | install | Create directories become: yes file: path: "{{ item.file }}" owner: "{{ nova_system_user }}" group: "{{ item.group | default('root') }}" mode: "{{ item.mode | default('a-rwx,u+rwx,g+rx,o+rx') }}" state: directory with_items: - file: "{{ nova_system_home_folder }}" - file: "{{ keys_path }}" - file: "{{ log_dir }}" group: "{{ nova_system_group }}" mode: "0755" # consoleauth uses a fact on deployer to store where service is running - name: nova-common | install | create /etc/ansible/facts.d/ on localhost become: yes delegate_to: localhost run_once: true file: path: "{{ nova_facts_dir }}" state: directory mode: 0755 # Make sure we do not create a path to a symlink that does not exist yet - name: nova-common | install | Check '{{ nova_service_etc_dir }}' dir exists become: yes stat: path: "{{ nova_service_etc_dir }}" register: nova_service_etc_dir_result - name: nova-common | install | Fail when '{{ nova_service_etc_dir }}' does not exist fail: msg: "{{ nova_service_etc_dir }} does not exist." when: not nova_service_etc_dir_result.stat.exists or not nova_service_etc_dir_result.stat.isdir - name: nova-common | install | Create directory '{{ nova_service_conf_dir }}' become: yes file: path: "{{ nova_service_conf_dir }}" owner: root group: root mode: 0755 state: directory - name: nova-common | install | Install required packages for Nova become: yes package: name: "{{ item }}" state: present with_items: nova_required_packages | default([]) - name: nova-common | install | Add kernel modules become: yes modprobe: name: "{{ item }}" state: present with_items: nova_kernel_modules | default([]) - name: nova-common | install | Set kernel modules to load on reboot become: yes template: src: modules_load.conf.j2 dest: "/etc/modules-load.d/{{ nova_kernel_module_file }}.conf" owner: root group: root mode: '0640' with_items: nova_kernel_modules | default([]) 07070100000135000081A40000000000000000000000015F71E19F0000039E000000000000000000000000000000000000005200000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/tasks/post-configure.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: nova-common | post-configure | touch log file become: yes copy: dest: "{{ item }}" owner: "{{ nova_system_user }}" group: "{{ nova_log_group }}" mode: 0640 content: "" force: no # do not overwrite if it exists with_items: nova_log_files 07070100000136000081A40000000000000000000000015F71E19F00000301000000000000000000000000000000000000004D00000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/tasks/show-vars.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: Display all variables/facts known for '{{ inventory_hostname }}' debug: var: hostvars[inventory_hostname] 07070100000137000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000004300000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/templates07070100000138000081A40000000000000000000000015F71E19F00000327000000000000000000000000000000000000005800000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/templates/modules_load.conf.j2{# # # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} # kernel modules required to be loaded on startup by {{ nova_kernel_module_file }} service {% for module in nova_kernel_modules %} {{ module }} {% endfor %} 07070100000139000081A40000000000000000000000015F71E19F00000087000000000000000000000000000000000000005400000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/templates/nova-rootwrap.j2Defaults:nova !requiretty nova ALL = (root) NOPASSWD: /usr/local/bin/nova-rootwrap /opt/stack/service/nova-*/etc/nova/rootwrap.conf * 0707010000013A000081A40000000000000000000000015F71E19F00001B1B000000000000000000000000000000000000005000000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/templates/nova.conf.j2{# # # (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} # This configuration file includes the default values for Ardana # Changes may be made to this file by the customer. # Layout / order of settings in this file can be found: # http://docs.openstack.org/liberty/config-reference/content/list-of-compute-config-options.html [DEFAULT] # API api_rate_limit = False enable_new_services = True multi_instance_display_name_template = %(name)s-%(count)s osapi_compute_listen = {{ osapi_compute_listen }} # Please change this value (if you need to) in openstack/ardana/ansible/roles/nova-common/defaults/main.yml , do not remove it here osapi_compute_workers = {{ nova_api_workers }} # common my_ip = {{ my_ip }} rootwrap_config = {{ rootwrap_config }} state_path = {{ state_path }} # Compute image_cache_manager_interval = 360 instance_usage_audit = True instance_usage_audit_period = hour resume_guests_state_on_host_boot = True running_deleted_instance_action = reap vif_plugging_is_fatal = False # NOTE: Increasing the timout value helps the VMs to # come up properly and obtain its metadata in a large # scale testing (VNETCORE-2789). # This change should be revisited in 5.0 to validate # if there is any upstream fix in newton that fixes it. vif_plugging_timeout = 1800 # Hypervisor virt_mkfs = linux-ext4=mkfs -t ext4 -F -L %(fs_label)s %(target)s # Logging debug = True default_log_levels = nova.openstack.common.rpc.amqp=INFO,nova.scheduler.filters.retry_filter=INFO,nova.scheduler.filters.image_props_filter=INFO,nova.scheduler.filters.disk_filter=INFO,nova.servicegroup.drivers.db=INFO,nova.servicegroup.api=INFO,nova.scheduler.host_manager=INFO logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user)s %(tenant)s] %(instance)s%(message)s log_dir = {{ log_dir }} # Metadata metadata_host = {{ metadata_host }} metadata_listen = {{ metadata_listen }} # Please change this value (if you need to) in openstack/ardana/ansible/roles/nova-common/defaults/main.yml , do not remove it here metadata_workers = {{ nova_metadata_workers }} # Policy resize_fs_using_block_device = True # Scheduler ram_allocation_ratio = 1.0 reserved_host_disk_mb = 10240 reserved_host_memory_mb = 2816 # Volumes (Cinder) volume_usage_poll_interval = 3600 # transport_url transport_url = {{ rabbit_hosts_transport_url }} # Seconds to wait for a response from a call (rabbit message) rpc_response_timeout = {{ nova_rpc_response_timeout }} # End of [DEFAULT] section [oslo_messaging_notifications] # Oslo messaging # Note: # If the infoblox-ipam-agent is to be deployed in the cloud, change the # notification_driver settting from "messaging" to "messagingv2". driver = messaging topics = notifications [vnc] vncserver_proxyclient_address = {{ vncserver_proxyclient_address }} [cinder] catalog_info = volumev3:cinderv3:internalURL cafile = {{ ca_certs_file }} os_region_name = {{ cinder_os_region_name }} [glance] api_servers = {{ glance_api_servers }} cafile = {{ ca_certs_file }} [placement] auth_type = password auth_url = {{ keystone_auth_uri }}/v3 auth_uri = {{ keystone_auth_uri }}/v3 username = {{ nova_placement_api_user }} password = {{ nova_placement_api_password }} user_domain_name = Default project_name = {{ nova_admin_tenant_name }} project_domain_name = Default os_region_name = {{ keystone_region_name }} cafile = {{ ca_certs_file }} os_interface = internal [placement_database] connection = {{ nova_api_database_connection }} [api] auth_strategy = keystone use_forwarded_for = {{ metadata_use_forwarded_for }} compute_link_prefix = {{ compute_link_prefix }} [api_database] connection = {{ nova_api_database_connection }} [crypto] # CA & SSL keys_path = {{ keys_path }} [keystone_authtoken] auth_type = v3password auth_url = {{ keystone_auth_uri }}/v3 auth_uri = {{ keystone_auth_uri }}/v3 project_domain_name = Default project_name = {{ nova_admin_tenant_name }} user_domain_name = Default username = {{ nova_admin_user }} password = {{ nova_admin_password }} region_name = {{ keystone_region_name }} cafile = {{ ca_certs_file }} service_token_roles_required = true service_token_roles = admin memcached_servers = {{ memcached_servers }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} memcache_pool_socket_timeout = 1 [neutron] auth_type = v3password auth_url = {{ neutron_admin_auth_url }} password = {{ neutron_admin_password }} project_name = {{ neutron_admin_project_name }} username = {{ neutron_admin_username }} project_domain_name = {{ neutron_domain_name }} user_domain_name = {{ neutron_domain_name }} metadata_proxy_shared_secret = {{ neutron_metadata_proxy_shared_secret }} neutron_auth_strategy = keystone cafile = {{ ca_certs_file }} service_metadata_proxy = True url = {{ neutron_url }} timeout = 300 region_name = {{ neutron_region_name }} default_floating_pool = {{ default_floating_pool }} [notifications] notify_api_faults = True notify_on_state_change = vm_and_task_state [osapi_v3] enabled = True [oslo_concurrency] lock_path = {{ lock_path }} [oslo_messaging_rabbit] ssl = {{ rabbit_use_ssl }} rpc_conn_pool_size = 10 kombu_reconnect_delay = 5.0 [pci] # SRIOV and PCI-PT passthrough_whitelist = [{{ pci_passthrough_whitelist }}] [quota] quota_cores = -1 quota_injected_files = 5 quota_injectd_file_content_bytes = 10240 quota_instances = 40 quota_metadata_items = 50 quota_ram = 15360 until_refresh = 1 [filter_scheduler] host_subset_size = 5 available_filters = nova.scheduler.filters.all_filters enabled_filters = AvailabilityZoneFilter,RetryFilter,ComputeFilter,DiskFilter,RamFilter,ImagePropertiesFilter,ServerGroupAffinityFilter,ServerGroupAntiAffinityFilter,ComputeCapabilitiesFilter,NUMATopologyFilter,PciPassthroughFilter,SameHostFilter,DifferentHostFilter {% if nova_api_audit_enable|bool %} [audit_middleware_notifications] driver = log {% endif %} {% if barbican_endpoint_template != "" %} #Barbican [key_manager] api_class = castellan.key_manager.barbican_key_manager.BarbicanKeyManager [barbican] barbican_endpoint = {{ barbican_endpoint_template }} barbican_api_version = v1 auth_endpoint = {{ barbican_keystone_auth_url }} {% endif %} [wsgi] api_paste_config = {{ api_paste_config }} default_pool_size = 100 ### End of File ### ## Do NOT put anything after this line ## 0707010000013B000081A40000000000000000000000015F71E19F000003C7000000000000000000000000000000000000005200000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/templates/policy.json.j2{# # # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} { {%- if not nova_migrate_enabled|bool %} "os_compute_api:servers:resize": "!", "os_compute_api:servers:confirm_resize": "!", "os_compute_api:servers:revert_resize": "!", "os_compute_api:os-migrate-server:migrate": "!", {% endif %} "context_is_admin": "role:admin or role:nova_admin" } 0707010000013C000081A40000000000000000000000015F71E19F00000683000000000000000000000000000000000000005400000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/templates/rootwrap.conf.j2{# # # (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} # Configuration for nova-rootwrap # This file should be owned by (and only-writeable by) the root user [DEFAULT] # List of directories to load filter definitions from (separated by ','). # These directories MUST all be only writeable by root ! filters_path={{ nova_service_conf_dir }}/rootwrap.d,/usr/share/nova/rootwrap # List of directories to search executables in, in case filters do not # explicitely specify a full path (separated by ',') # If not specified, defaults to system PATH environment variable. # These directories MUST all be only writeable by root ! exec_dirs={{ nova_service_bin_dir }},/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/sbin,/usr/local/bin # Enable logging to syslog # Default value is False use_syslog=False # Which syslog facility to use. # Valid values include auth, authpriv, syslog, local0, local1... # Default value is 'syslog' syslog_log_facility=syslog # Which messages to log. # INFO means log all usage # ERROR means only log unsuccessful attempts syslog_log_level=ERROR 0707010000013D000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003E00000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/vars0707010000013E000081A40000000000000000000000015F71E19F00000351000000000000000000000000000000000000004900000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/vars/debian.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # Contains packages names and default values required for nova-compute-kvm # to work in Debian System --- # entries required for nova.conf.j2 for debian os family ca_certs_file: "{{ trusted_ca_bundle }}" 0707010000013F000081A40000000000000000000000015F71E19F00000351000000000000000000000000000000000000004900000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/vars/redhat.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # Contains packages names and default values required for nova-compute-kvm # to work in Debian System --- # entries required for nova.conf.j2 for redhat os family ca_certs_file: "{{ trusted_ca_bundle }}" 07070100000140000081A40000000000000000000000015F71E19F0000034F000000000000000000000000000000000000004700000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/vars/suse.yml# # (c) Copyright 2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # Contains packages names and default values required for nova-compute-kvm # to work on SUSE systems. --- # entries required for nova.conf.j2 for SUSE os family ca_certs_file: "{{ trusted_ca_bundle }}" 07070100000141000081A40000000000000000000000015F71E19F00000371000000000000000000000000000000000000004A00000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-common/vars/windows.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # Contains packages names and default values required for nova-compute-kvm # to work in Debian System --- # entries required for nova.conf.j2 for windows os family log_dir: "{{ win_log_file_location }}" ca_certs_file: "{{ win_certs_path }}" 07070100000142000041ED0000000000000000000000055F71E19F00000000000000000000000000000000000000000000003C00000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-configure07070100000143000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000004500000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-configure/defaults07070100000144000081A40000000000000000000000015F71E19F00000569000000000000000000000000000000000000004E00000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-configure/defaults/main.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # CP Variables --- keystone: endpoint: "{{ NOV_API.consumes_KEY_API.vips.private[0].url }}/v3" admin_user: "{{ KEY_API.vars.keystone_admin_user }}" admin_password: "{{ KEY_API.vars.keystone_admin_pwd | quote }}" default_domain_name: "{{ KEY_API.vars.keystone_default_domain }}" monasca: nova_user: "{{ NOV_API.consumes_KEY_API.vars.nova_monasca_user }}" nova_password: "{{ NOV_API.consumes_KEY_API.vars.nova_monasca_password }}" # KEYSTONE-824 You'd think this'd be KEY_API.vars.keystone_monitoring_tenant but nope tenant: "{{ KEY_API.vars.keystone_admin_tenant }}" # Likewise, KEY_API.vars.keystone_monitoring_role role: "monasca-user" default_domain_name: "Default" system_cacert_file: "{{ trusted_ca_bundle }}" 07070100000145000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000004100000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-configure/meta07070100000146000081A40000000000000000000000015F71E19F000002AC000000000000000000000000000000000000004A00000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-configure/meta/main.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- dependencies: - role: nova-common 07070100000147000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000004200000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-configure/tasks07070100000148000081A40000000000000000000000015F71E19F0000077D000000000000000000000000000000000000005C00000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-configure/tasks/keystone_conf_monasca.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Nova keystone configuration --- - name: nova-configure | keystone_conf_monasca | Get a domain scoped token keystone_v3: endpoint: "{{ keystone.endpoint }}" login_username: "{{ keystone.admin_user }}" login_password: "{{ keystone.admin_password }}" login_user_domain_name: "{{ keystone.default_domain_name }}" login_domain_name: "{{ keystone.default_domain_name }}" action: "token_get" run_once: true register: domain_scoped_token_result - name: nova-configure | keystone_conf_monasca | Create Monitoring User become: yes keystone_v3: action: "create_user" endpoint: "{{ keystone.endpoint }}" login_token: "{{ domain_scoped_token_result.result }}" user_name: "{{ monasca.nova_user }}" user_password: "{{ monasca.nova_password }}" user_domain_name: "Default" run_once: true - name: nova-configure | keystone_conf_monasca | Add Monitoring User Role become: yes keystone_v3: action: "grant_project_role" endpoint: "{{ keystone.endpoint }}" login_token: "{{ domain_scoped_token_result.result }}" project_name: "{{ monasca.tenant }}" user_name: "{{ monasca.nova_user }}" role_name: "{{ monasca.role }}" user_domain_name: "Default" project_domain_name: "Default" run_once: true 07070100000149000041ED0000000000000000000000075F71E19F00000000000000000000000000000000000000000000003A00000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-monasca0707010000014A000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000004300000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-monasca/defaults0707010000014B000081A40000000000000000000000015F71E19F00000A67000000000000000000000000000000000000004C00000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-monasca/defaults/main.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # This file will contain the default values for the nova-monasca component --- nova_component: nova-monasca # At the moment we specify the same upper and lower bounds, but we want to keep # two separate values just in case we need to define a broader range in the future process_count_lower_bound: "{{ nova_api_workers|int + nova_metadata_workers|int + 1 }}" process_count_upper_bound: "{{ nova_api_workers|int + nova_metadata_workers|int + 1 }}" # Keystone keystone_auth_url: > {{ KEY_API.advertises.vips.private[0].url ~ '/v3' }} keystone_auth_url_unversioned: "{{ KEY_API.advertises.vips.private[0].url }}" nova_admin_user: "{{ NOV_API.consumes_KEY_API.vars.keystone_nova_user }}" nova_admin_password: "{{ NOV_API.consumes_KEY_API.vars.keystone_nova_password | quote }}" nova_api_region: "{{ NOV.regions | first }}" nova_monasca_user: "{{ NOV_API.consumes_KEY_API.vars.nova_monasca_user }}" nova_monasca_password: "{{ NOV_API.consumes_KEY_API.vars.nova_monasca_password | quote }}" nova_monasca_default_domain: "Default" system_cacert_file: "{{ trusted_ca_bundle }}" keystone_service_tenant: "{{ KEY_API.vars.keystone_service_tenant }}" # KEYSTONE-824 You'd think this'd be KEY_API.vars.keystone_monitoring_tenant but nope keystone_monitoring_tenant: "{{ KEY_API.vars.keystone_admin_tenant }}" monasca_alarm_definition_api_url: > {{ MON_AGN.consumes_MON_API.vips.private[0].url ~ '/v2.0' }} nova_api_url: >- {% if (host | item('bind.NOV_API.internal.ip_address') is defined) and (host | item('bind.NOV_API.internal.port') is defined) %}http://{{ host.bind.NOV_API.internal.ip_address }}:{{ host.bind.NOV_API.internal.port }}/v2.0{% endif %} nova_vnc_url: >- {% if (host | item('bind.NOV_VNC.public.ip_address') is defined) and (host | item('bind.NOV_VNC.public.port') is defined) %}http://{{ host.bind.NOV_VNC.public.ip_address }}:{{ host.bind.NOV_VNC.public.port }}/vnc_auto.html{% endif %} nova_vip_url: "{{ NOV_API.advertises.vips.private[0].url }}" 0707010000014C000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003F00000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-monasca/meta0707010000014D000081A40000000000000000000000015F71E19F000002F9000000000000000000000000000000000000004800000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-monasca/meta/main.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- dependencies: - role: nova-common - role: monasca-agent run_mode: Use - role: monasca-alarm-definition 0707010000014E000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000004000000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-monasca/tasks0707010000014F000081A40000000000000000000000015F71E19F00000718000000000000000000000000000000000000005500000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-monasca/tasks/_monitor_libvirt.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: nova-monasca | _monitor_libvirt | include required variables include_vars: libvirt-monitoring.yml - name: nova-monasca | _monitor_libvirt | Install Nova Client rpm become: yes package: name: python-novaclient state: present when: deployer_media_legacy_layout|bool == False - name: nova-monasca | _monitor_libvirt | Run Monasca agent libvirt detection plugin become: yes monasca_agent_plugin: name: "libvirt" args: username: "{{ nova_admin_user }}" password: "{{ nova_admin_password }}" project_name: "{{ keystone_service_tenant }}" auth_url: "{{ keystone_auth_url_unversioned }}" endpoint_type: "admin" disk_collection_period: "{{ monasca_libvirt_disk_collection_period }}" region_name: "{{ nova_api_region }}" vm_cpu_check_enable: "{{ vm_cpu_check_enable }}" vm_disks_check_enable: "{{ vm_disks_check_enable }}" vm_extended_disks_check_enable: "{{ vm_extended_disks_check_enable }}" vm_network_check_enable: "{{ vm_network_check_enable }}" vm_ping_check_enable: "{{ vm_ping_check_enable }}" vm_probation: "{{ monasca_libvirt_vm_probation }}" 07070100000150000081A40000000000000000000000015F71E19F0000057A000000000000000000000000000000000000005D00000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-monasca/tasks/_set_email_notifications.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: nova-monasca | _set_email_notifications | Setup default email notification method monasca_notification_method: name: "Default Email" type: 'EMAIL' address: "root@localhost" keystone_url: "{{ keystone_auth_url }}" keystone_user: "{{ nova_monasca_user }}" keystone_password: "{{ nova_monasca_password | quote }}" keystone_project: "{{ keystone_monitoring_tenant }}" keystone_project_domain: "{{ nova_monasca_default_domain }}" keystone_user_domain: "{{ nova_monasca_default_domain }}" keystone_verify: "{{ system_cacert_file }}" monasca_api_url: "{{ monasca_alarm_definition_api_url }}" overwrite: false register: nova_monasca_notification_method_result run_once: true no_log: True 07070100000151000081A40000000000000000000000015F71E19F00000860000000000000000000000000000000000000005400000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-monasca/tasks/heartbeat_alarm.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: nova-monasca | _set_email_notifications | Include the setting of the email notification include: _set_email_notifications.yml - name: nova-monasca | heartbeat_alarm | Install heartbeat check plugin become: yes copy: src: "NOV_MON/{{ item }}" dest: "/usr/lib/monasca/agent/custom_checks.d/{{ item }}" owner: "root" group: "{{ monasca_agent_group_name }}" mode: 0750 with_items: - "nova_heartbeat_check.py" - name: nova-monasca | heartbeat_alarm | Heartbeat alarm definition monasca_alarm_definition: name: "nova.heartbeat" description: "Check that all services are sending heartbeats" severity: "HIGH" expression: "nova.heartbeat > 0" match_by: ["hostname"] keystone_url: "{{ keystone_auth_url }}" keystone_user: "{{ nova_monasca_user }}" keystone_password: "{{ nova_monasca_password }}" keystone_project: "{{ keystone_monitoring_tenant }}" keystone_project_domain: "{{ nova_monasca_default_domain }}" keystone_user_domain: "{{ nova_monasca_default_domain }}" keystone_verify: "{{ system_cacert_file }}" monasca_api_url: "{{ monasca_alarm_definition_api_url }}" ok_actions: - "{{ nova_monasca_notification_method_result.notification_method_id }}" undetermined_actions: - "{{ nova_monasca_notification_method_result.notification_method_id }}" alarm_actions: - "{{ nova_monasca_notification_method_result.notification_method_id }}" run_once: true no_log: True 07070100000152000081A40000000000000000000000015F71E19F000003B7000000000000000000000000000000000000005B00000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-monasca/tasks/heartbeat_check_config.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: nova-monasca | heartbeat_check_config | Configure the heartbeat check become: yes template: src: "{{ item }}.j2" dest: "/etc/monasca/agent/conf.d/{{ item }}" owner: "root" group: "{{ monasca_agent_group_name }}" mode: 0640 with_items: - "nova_heartbeat_check.yaml" 07070100000153000081A40000000000000000000000015F71E19F000007E7000000000000000000000000000000000000005900000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-monasca/tasks/process_bounds_alarm.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: nova-monasca | _set_email_notifications | Include the setting of the email notification include: _set_email_notifications.yml - name: nova-monasca | process_bounds_alarm | Process bounds alarm definition monasca_alarm_definition: name: "Process bound check" description: "Check if the number of processes is within a specified range" severity: HIGH expression: > process.pid_count{process_name=nova-api} < {{ process_count_lower_bound }} or process.pid_count{process_name=nova-api} > {{ process_count_upper_bound }} match_by: - hostname keystone_url: "{{ keystone_auth_url }}" keystone_user: "{{ nova_monasca_user }}" keystone_password: "{{ nova_monasca_password }}" keystone_project: "{{ keystone_monitoring_tenant }}" keystone_project_domain: "{{ nova_monasca_default_domain }}" keystone_user_domain: "{{ nova_monasca_default_domain }}" keystone_verify: "{{ system_cacert_file }}" monasca_api_url: "{{ monasca_alarm_definition_api_url }}" ok_actions: - "{{ nova_monasca_notification_method_result.notification_method_id }}" undetermined_actions: - "{{ nova_monasca_notification_method_result.notification_method_id }}" alarm_actions: - "{{ nova_monasca_notification_method_result.notification_method_id }}" run_once: true no_log: True 07070100000154000081A40000000000000000000000015F71E19F00000672000000000000000000000000000000000000004A00000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-monasca/tasks/start.yml# # (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: nova-monasca | start | Run Monasca agent Nova detection plugin become: yes monasca_agent_plugin: name: "nova" args: service_api_url: "{{ nova_api_url }}" when: (nova_api_url | length) > 0 - name: nova-monasca | start | Run Monasca agent Nova detection plugin become: yes monasca_agent_plugin: name: "nova" when: (nova_api_url | length) == 0 - name: nova-monasca | start | Setup active check against VNC endpoint become: yes monasca_agent_plugin: name: "httpcheck" args: url: "{{ nova_vnc_url }}" dimensions: service:compute,component:nova-vnc when: (nova_vnc_url | length) > 0 - name: nova-monasca | start | Setup active check against Nova admin VIP become: yes run_once_per: verb_hosts.NOV_API monasca_agent_plugin: name: "httpcheck" args: use_keystone: True match_pattern: .*v2.0.* url: "{{ nova_vip_url }}" dimensions: service:compute,component:nova-api when: (nova_vip_url | length) > 0 07070100000155000081A40000000000000000000000015F71E19F00000AF0000000000000000000000000000000000000005200000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-monasca/tasks/vcenter_check.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: nova-monasca | vcenter_check | Setup default email notification method include: _set_email_notifications.yml - name: nova-monasca | vcenter_check | Run vCenter detection plugin become: yes monasca_agent_plugin: name: "vcenter" - name: nova-monasca | vcenter_check | Alarms for ESX cluster monasca_alarm_definition: name: "{{ item.name }}" description: "{{ item.description | default('vCenter ESX cluster alarm') }}" expression: "{{ item.expression }}" match_by: "{{ item.match_by | default(['esx_cluster_id']) }}" severity: "{{ item.severity | default('HIGH') }}" keystone_url: "{{ keystone_auth_url }}" keystone_user: "{{ nova_monasca_user }}" keystone_password: "{{ nova_monasca_password | quote }}" keystone_project: "{{ keystone_monitoring_tenant }}" keystone_project_domain: "{{ nova_monasca_default_domain }}" keystone_user_domain: "{{ nova_monasca_default_domain }}" keystone_verify: "{{ system_cacert_file }}" monasca_api_url: "{{ monasca_alarm_definition_api_url }}" alarm_actions: - "{{ nova_monasca_notification_method_result.notification_method_id }}" ok_actions: - "{{ nova_monasca_notification_method_result.notification_method_id }}" undetermined_actions: - "{{ nova_monasca_notification_method_result.notification_method_id }}" run_once: True no_log: True register: monasca_vcenter_alarms_result until: not monasca_vcenter_alarms_result | failed with_items: - name: "ESX cluster CPU Usage" description: "Alarms when ESX cluster CPU usage is high" expression: "avg(vcenter.cpu.used_perc) > 90 times 3" severity: "HIGH" match_by: "esx_cluster_id" - name: "ESX cluster Disk Usage" description: "Alarms when ESX cluster datastore usage is high" expression: "vcenter.disk.total_used_space_perc > 90" severity: "HIGH" match_by: "esx_cluster_id" - name: "ESX cluster Memory Usage" description: "Alarms when ESX cluster memory usage is high" expression: "avg(vcenter.mem.used_perc) > 90 times 3" severity: "HIGH" match_by: "esx_cluster_id" 07070100000156000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000004400000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-monasca/templates07070100000157000081A40000000000000000000000015F71E19F0000045A000000000000000000000000000000000000006100000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-monasca/templates/nova_heartbeat_check.yaml.j2{# # # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} --- init_config: keystone: # Uses the Nova admin to list services. Metrics are submitted # using a non-admin user. project_domain_name: "Default" project_name: "{{ keystone_service_tenant }}" user_domain_name: "Default" username: "{{ nova_admin_user }}" password: "{{ nova_admin_password }}" auth_url: "{{ keystone_auth_url }}" nova: endpoint_type: "internalURL" instances: - {} 07070100000158000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003F00000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-monasca/vars07070100000159000081A40000000000000000000000015F71E19F00000930000000000000000000000000000000000000005600000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-monasca/vars/libvirt-monitoring.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # These are the tunable values for monasca monitoring of VMs using libvirt --- # How often disk metrics are collected for VMs by the Monasca agent. Decreasing # this value will increase the disk, memory, cpu and network usage of Monasca monasca_libvirt_disk_collection_period: 600 # Ten minutes # These flags control the metrics collected by the Monasca libvirt # plugin. Changing them to false will reduce the number of metrics while true # increases the number of metrics. Turning off vm_extended_disks_check_enable # will decrease the number of metrics collected for each mounted disk in the # VM so can have a large effect on the total number of metrics collected # and decrease the amount of CPU, disk space and network bandwidth required # for Monasca vm_cpu_check_enable: true vm_disks_check_enable: true vm_extended_disks_check_enable: true vm_network_check_enable: true vm_ping_check_enable: true # The period of time (in seconds) in which to suspend metrics from a # newly-created VM. This is used to prevent creating and storing # quickly-obsolete metrics in an environment with a high amount of instance # churn (VMs created and destroyed in rapid succession). Setting to 0 # disables VM probation and metrics will be recorded as soon as possible # after a VM is created. Decreasing this value in an environment with a high # amount of instance churn can have a large effect on the total number of # metrics collected and increase the amount of CPU, disk space and network # bandwidth required for Monasca. This value may need to be decreased if # Heat Autoscaling is in use so that Heat knows that a new VM has been # created and is handling some of the load. monasca_libvirt_vm_probation: 300 0707010000015A000041ED0000000000000000000000075F71E19F00000000000000000000000000000000000000000000004100000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-post-configure0707010000015B000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000004A00000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-post-configure/defaults0707010000015C000081A40000000000000000000000015F71E19F000008CB000000000000000000000000000000000000005300000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-post-configure/defaults/main.yml# # (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # CP Variables --- keystone: endpoint: "{{ NOV_API.consumes_KEY_API.vips.private[0].url }}/v3" nova_admin_user: "{{ NOV_API.consumes_KEY_API.vars.keystone_nova_user }}" nova_admin_password: "{{ NOV_API.consumes_KEY_API.vars.keystone_nova_password | quote }}" nova_admin_user_domain_name: "{{ KEY_API.vars.keystone_default_domain }}" role: "{{ KEY_API.vars.keystone_admin_role }}" service_tenant: "{{ KEY_API.vars.keystone_service_tenant }}" service_tenant_domain_name: "{{ KEY_API.vars.keystone_default_domain }}" admin_user: "{{ KEY_API.vars.keystone_admin_user }}" admin_password: "{{ KEY_API.vars.keystone_admin_pwd | quote }}" default_domain_name: "{{ KEY_API.vars.keystone_default_domain }}" monasca: nova_user: "{{ NOV_API.consumes_KEY_API.vars.nova_monasca_user }}" nova_password: "{{ NOV_API.consumes_KEY_API.vars.nova_monasca_password }}" mysql: host: "{{ NOV_API.consumes_FND_MDB.vips.private[0].host }}" login_password: "{{ FND_MDB.vars.mysql_service_pwd | quote }}" login_user: "{{ FND_MDB.vars.mysql_service_user }}" nova_admin_password: "{{ NOV_API.consumes_FND_MDB.vars.accounts.nova.password | quote }}" nova_admin_user: "{{ NOV_API.consumes_FND_MDB.vars.accounts.nova.username }}" nova_api: internal_url: "{{ NOV_API.advertises.vips.private[0].url }}/v2.1/%(tenant_id)s" internal_region: "{{ NOV.regions | first }}" mysql_cli_host: "{{ groups[verb_hosts.FND_MDB][0] }}" nova_placement_api: username: "{{ NOV_PLC.consumes_KEY_API.vars.nova_placement_api_user }}" password: "{{ NOV_PLC.consumes_KEY_API.vars.nova_placement_api_password | quote }}" 0707010000015D000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000004700000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-post-configure/files0707010000015E000081A40000000000000000000000015F71E19F0000030B000000000000000000000000000000000000005D00000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-post-configure/files/fix_instance_types.sh#!/bin/bash # # (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # PATH=/usr/bin:/bin set -e mysql nova -e "update instance_types set created_at=NULL, updated_at=NULL, deleted_at=NULL;" 0707010000015F000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000004900000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-post-configure/library07070100000160000081A40000000000000000000000015F71E19F00001824000000000000000000000000000000000000005A00000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-post-configure/library/create_flavor.py#!/usr/bin/python # # (c) Copyright 2016-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # This module is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This software is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this software. If not, see <http://www.gnu.org/licenses/>. from ansible.module_utils.basic import * # noqa try: from keystoneauth1.identity import v3 from keystoneauth1 import session except ImportError: msg = "'keysthoneauth is required for this module to work'" print("failed=True msg=%s" % (msg)) try: from novaclient import client as nova_client except ImportError: print("failed=True msg='novaclient is required for this module to work'") DOCUMENTATION = ''' --- module: create_flavor version_added: "1.0" short_description: Create a given Nova flavor description: - Create a given Nova flavor for a given region. options: login_username: description: - login username to authenticate to keystone required: true default: admin login_password: description: - Password of login user required: true default: 'yes' login_tenant_name: description: - The tenant name of the login user required: true default: 'yes' auth_url: description: - The keystone url for authentication required: false default: 'http://127.0.0.1:35357/v2.0/' ca_cert: description: - CA certificate bundle file path required: false default: None region_name: description: - Name of the region required: false default: None flavorid: description: - Unique flavor ID required: false default: 'auto' name: description: - New flavor name required: true default: None ram: description: - Memory size in MB required: true default: None disk: description: - Disk size in GB required: true default: None ephemeral: description: - Ephemeral disk size in GB required: false default: None swap: description: - Swap space size in GB required: false default: None vcpus: description: - Number of vcpus required: true default: None rxtx-factor: description: - RX/TX factor required: false default: None is_public: description: - Indicate if flavor is available to other projects required: false default: True requirements: ["novaclient"] author: Guang Yee ''' EXAMPLES = ''' # Creates a new flavor - create_flavor: login_username=admin login_password=admin login_tenant_name=admin name=m1.tiny id=1 ram=512 vcpus=1 ''' def _find_flavor(client, name): """ Return the first flavor which matches the given name """ for flavor in client.flavors.list(): if flavor.name == name: return flavor def create_flavor(client, name, ram, vcpus, disk, **args): """ Create a new flavor if one does not exist. """ flavor = _find_flavor(client, name) if flavor: return dict(changed=False, id=flavor.id) flavor = client.flavors.create(name, ram, vcpus, disk, **args) return dict(changed=True, id=flavor.id) def main(): module = AnsibleModule( # noqa argument_spec=dict( auth_url=dict(required=False, default='http://127.0.0.1:35357/v3'), login_project_name=dict(required=False, default='service'), login_project_domain_name=dict(required=False, default='Default'), login_username=dict(required=False, default='nova'), login_user_domain_name=dict(required=False, default='Default'), login_password=dict(required=False, default='password'), region_name=dict(required=False, default='RegionOne'), ca_cert=dict(required=False, default=None), name=dict(required=True), ram=dict(required=True), vcpus=dict(required=True), disk=dict(required=True), flavorid=dict(required=False), ephemeral=dict(required=False), swap=dict(required=False), rxtx_factor=dict(required=False), is_public=dict(required=False) ), supports_check_mode=False ) optional_args = {} for arg in ['flavorid', 'ephemeral', 'swap', 'rxtx_factor', 'is_public']: if arg in module.params and module.params[arg] is not None: optional_args[arg] = module.params[arg] ks_auth = v3.Password( auth_url=module.params['auth_url'], username=module.params['login_username'], user_domain_name=module.params['login_user_domain_name'], project_name=module.params['login_project_name'], project_domain_name=module.params['login_project_domain_name'], password=module.params['login_password']) ks_session = session.Session(auth=ks_auth, verify=module.params['ca_cert'] or True) client = nova_client.Client('2', session=ks_session, region_name=module.params['region_name'], service_type='compute', endpoint_type='internalURL') try: d = create_flavor(client, module.params['name'], module.params['ram'], module.params['vcpus'], module.params['disk'], **optional_args) except Exception, e: module.fail_json(msg='Exception: %s' % e) else: module.exit_json(**d) if __name__ == "__main__": main() 07070100000161000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000004600000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-post-configure/meta07070100000162000081A40000000000000000000000015F71E19F000002AC000000000000000000000000000000000000004F00000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-post-configure/meta/main.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- dependencies: - role: nova-common 07070100000163000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000004700000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-post-configure/tasks07070100000164000081A40000000000000000000000015F71E19F00000AB5000000000000000000000000000000000000006400000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-post-configure/tasks/_delete_cell1_duplicates.yml# # (c) Copyright 2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # this file can be removed at a later date when we are absolutely # sure all customers have patched bsc#1091490 on their systems # kindly delete any duplicates - name: nova-post-configure | _delete_cell1_duplicates | Query for cell1 mapping UUIDs become: yes shell: > {{ nova_api_bin_dir }}/nova-manage cell_v2 list_cells 2>/dev/null | grep "^| *cell1 " | awk '{ print $4 }' register: _cell_mapping_uuid_result run_once_per: verb_hosts.NOV_API - name: nova-post-configure | _delete_cell1_duplicates | Delete all unused cell1 mappings become: yes command: > {{ nova_api_bin_dir }}/nova-manage cell_v2 delete_cell --cell_uuid {{ item }} with_items: "{{ _cell_mapping_uuid_result.stdout_lines }}" run_once_per: verb_hosts.NOV_API ignore_errors: yes when: _cell_mapping_uuid_result.stdout_lines | length > 1 # forcefully delete remaining duplicates - name: nova-post-configure | _delete_cell1_duplicates | Query for remaining cell1 mapping UUIDs become: yes shell: > {{ nova_api_bin_dir }}/nova-manage cell_v2 list_cells 2>/dev/null | grep "^| *cell1 " | awk '{ print $4 }' register: _cell_mapping_uuid_result - name: nova-post-configure | _delete_cell1_duplicates | Ensure all remaining cell1 mappings are valid become: yes command: > {{ nova_api_bin_dir }}/nova-manage cell_v2 update_cell --cell_uuid {{ item }} --database_connection "{{ database_connection }}" --transport-url "{{ rabbit_hosts_transport_url }}" with_items: "{{ _cell_mapping_uuid_result.stdout_lines }}" no_log: True - name: nova-post-configure | _delete_cell1_duplicates | Force delete duplicates become: yes command: > {{ nova_api_bin_dir }}/nova-manage cell_v2 delete_cell --force --cell_uuid {{ item }} with_items: "{{ _cell_mapping_uuid_result.stdout_lines[1:] }}" run_once_per: verb_hosts.NOV_API when: _cell_mapping_uuid_result.stdout_lines | length > 1 # recreate all forcefully deleted host to cell mappings - name: nova-post-configure | _delete_cell1_duplicates | Recreate all forcefully deleted host to cell mappings include: discover_hosts_post_deploy.yml 07070100000165000081A40000000000000000000000015F71E19F000007CC000000000000000000000000000000000000006000000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-post-configure/tasks/_update_cell_mapping.yml# # (c) Copyright 2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: nova-post-configure | _update_cell_mapping | Query for cell mapping UUID become: yes shell: > {{ nova_api_bin_dir }}/nova-manage cell_v2 list_cells 2>/dev/null | grep "^| *{{ cell_mapping_name }} " | awk '{ print $4 }' register: _cell_mapping_uuid_result run_once_per: verb_hosts.NOV_API - name: nova-post-configure | _update_cell_mapping | Create/update cell mapping become: yes command: > {{ nova_api_bin_dir }}/nova-manage {%- if _cell_mapping_uuid_result.stdout == '' %} {%- if cell_mapping_name == 'cell0' %} cell_v2 map_cell0 {%- else %} cell_v2 create_cell --name={{ cell_mapping_name }} --verbose {%- endif %} {%- else %} cell_v2 update_cell --cell_uuid {{ _cell_mapping_uuid_result.stdout }} {%- endif %} {%- if cell_mapping_name == 'cell0' %} --database_connection "{{ cell0_database_connection }}" {%- if _cell_mapping_uuid_result.stdout != '' %} --transport-url "{{ cell0_rabbit_hosts_transport_url }}" {%- endif %} {%- else %} --database_connection "{{ database_connection }}" --transport-url "{{ rabbit_hosts_transport_url }}" {%- endif %} no_log: True run_once_per: verb_hosts.NOV_API - name: nova-post-configure | _update_cell_mapping | Restart nova-api service command: /bin/true register: ardana_notify_nova_api_restart_required 07070100000166000081A40000000000000000000000015F71E19F000006E3000000000000000000000000000000000000006200000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-post-configure/tasks/create_default_flavors.yml# # (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # Create the default flavors - name: nova-post-configure | create_default_flavors | Create default flavors become: yes create_flavor: auth_url: "{{ keystone.endpoint }}" login_username: "{{ keystone.nova_admin_user }}" login_user_domain_name: "{{ keystone.nova_admin_user_domain_name }}" login_password: "{{ keystone.nova_admin_password }}" login_project_name: "{{ keystone.service_tenant }}" login_project_domain_name: "{{ keystone.service_tenant_domain_name }}" region_name: "{{ nova_api.internal_region }}" ca_cert: "{{ ca_certs_file }}" name: "{{ item.name }}" flavorid: "{{ item.flavorid }}" ram: "{{ item.ram }}" disk: "{{ item.disk }}" vcpus: "{{ item.vcpus }}" run_once_per: verb_hosts.NOV_API with_items: - { flavorid: 1, name: m1.tiny, ram: 512, disk: 1, vcpus: 1} - { flavorid: 2, name: m1.small, ram: 2048, disk: 20, vcpus: 1} - { flavorid: 3, name: m1.medium, ram: 4096, disk: 40, vcpus: 2} - { flavorid: 4, name: m1.large, ram: 8192, disk: 80, vcpus: 4} - { flavorid: 5, name: m1.xlarge, ram: 16384, disk: 160, vcpus: 8} 07070100000167000081A40000000000000000000000015F71E19F00000478000000000000000000000000000000000000005400000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-post-configure/tasks/db_cells.yml# # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Nova Database --- # this step can be removed at a later date when we are absolutely # sure all customers have patched bsc#1091490 on their systems - name: nova-post-configure | db_cells | Remove duplicate cell1 mappings include: _delete_cell1_duplicates.yml - name: nova-post-configure | db_cells | Create/update cell mapping cell0 include: _update_cell_mapping.yml vars: cell_mapping_name: 'cell0' - name: nova-post-configure | db_cells | Create/update cell mapping cell1 include: _update_cell_mapping.yml vars: cell_mapping_name: 'cell1' 07070100000168000081A40000000000000000000000015F71E19F00000C96000000000000000000000000000000000000005800000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-post-configure/tasks/db_configure.yml# # (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Nova Database --- # This task always reports changed - name: nova-post-configure | db_configure | Run nova-manage api db sync become: yes command: > {{ nova_api_bin_dir }}/nova-manage --config-file {{ nova_api_conf_dir }}/nova.conf --config-file {{ nova_api_conf_dir }}/api.conf api_db sync run_once_per: verb_hosts.NOV_API - name: nova-post-configure | db_configure | Prepare cell0 and cell1 during normal deployment include: db_cells.yml when: list_cells_result is undefined # This task always reports changed - name: nova-post-configure | db_configure | Run nova-manage db sync become: yes command: > {{ nova_api_bin_dir }}/nova-manage --config-file {{ nova_api_conf_dir }}/nova.conf --config-file {{ nova_api_conf_dir }}/api.conf db sync run_once_per: verb_hosts.NOV_API # We need to fix the dates per # # https://bugzilla.suse.com/show_bug.cgi?id=1056240 # # prior to the migration - name: nova-post-configure | db_configure | Copy fix_instance_types.sh script become: yes copy: src: "fix_instance_types.sh" dest: "/tmp/fix_instance_types.sh" mode: 0700 delegate_to: "{{ mysql_cli_host }}" run_once: true - name: nova-post-configure | db_configure | Fix dates for instance_type become: yes command: > /tmp/fix_instance_types.sh delegate_to: "{{ mysql_cli_host }}" run_once: true - name: nova-post-configure | db_configure | Remove fix_instance_types.sh script become: yes file: path: "/tmp/fix_instance_types.sh" state: absent run_once_per: verb_hosts.NOV_API # This task always reports changes - name: nova-post-configure | db_configure | Run nova-manage db online migrate become: yes command: > {{ nova_api_bin_dir }}/nova-manage --config-file {{ nova_api_conf_dir }}/nova.conf --config-file {{ nova_api_conf_dir }}/api.conf db online_data_migrations run_once_per: verb_hosts.NOV_API # operation above sets the owner of file to root - needs to be nova - name: nova-post-configure | db_configure | set log file owner become: yes file: path: "{{ item }}" owner: "{{ nova_system_user }}" group: "{{ nova_log_group }}" mode: 0640 state: touch with_items: nova_log_files # operation above sets the owner of file to root - needs to be nova - name: nova-post-configure | db_configure | set audit log file owner become: yes file: path: "{{ nova_audit_log_location }}/nova-audit.log" owner: "{{ nova_system_user }}" group: "{{ nova_log_group }}" mode: 0640 state: touch when: nova_api_audit_enable 07070100000169000081A40000000000000000000000015F71E19F000002E5000000000000000000000000000000000000005700000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-post-configure/tasks/db_contract.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # tasks against the database that will drop unused columns etc.. --- # TODO: define actions here 0707010000016A000081A40000000000000000000000015F71E19F000003B6000000000000000000000000000000000000005500000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-post-configure/tasks/db_expand.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # tasks against the nova database that will add new columns, tables # and/or remove redundant data prior to upgrade --- - name: nova-post-configure | db_expand | Prepare cell0 and cell1 during upgrade include: db_cells.yml - name: nova-post-configure | db_expand | DB Expand include: db_configure.yml 0707010000016B000081A40000000000000000000000015F71E19F0000062D000000000000000000000000000000000000006600000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-post-configure/tasks/discover_hosts_post_deploy.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # cells: discover hosts - name: nova-post-configure | discover_hosts_post_deploy | Map hosts to cell become: yes command: > {{ nova_api_bin_dir }}/nova-manage cell_v2 discover_hosts --verbose run_once_per: verb_hosts.NOV_API # When upgrading we need to map existing instances to the new cell1 # To do this we need the cell UUID. - name: nova-post-configure | discover_hosts_post_deploy | Get UUID of new Nova Cell shell: > {{ nova_api_bin_dir }}/nova-manage --config-dir {{ nova_api_conf_dir }} cell_v2 list_cells | grep cell1 become: yes ignore_errors: yes register: cell1_result - name: nova-post-configure | discover_hosts_post_deploy | Map instances to new Cell1 command: > {{ nova_api_bin_dir }}/nova-manage --config-dir {{ nova_api_conf_dir }} cell_v2 map_instances --cell_uuid {{ cell1_result['stdout'].split()[3] }} become: yes when: cell1_result | success 0707010000016C000081A40000000000000000000000015F71E19F00000791000000000000000000000000000000000000006400000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-post-configure/tasks/keystone_change_password.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Nova keystone password change --- - name: nova-post-configure | keystone_change_password | Get a domain scoped token keystone_v3: endpoint: "{{ keystone.endpoint }}" login_username: "{{ keystone.admin_user }}" login_password: "{{ keystone.admin_password }}" login_user_domain_name: "{{ keystone.default_domain_name }}" login_domain_name: "{{ keystone.default_domain_name }}" action: "token_get" run_once: true register: domain_scoped_token_result - name: nova-post-configure | keystone_change_password | Change Nova Keystone password become: yes keystone_v3: action: "reset_password_by_admin" endpoint: "{{ keystone.endpoint }}" login_token: "{{ domain_scoped_token_result.result }}" user_name: "{{ keystone.nova_admin_user }}" user_password: "{{ keystone.nova_admin_password }}" user_domain_name: "Default" run_once: true - name: nova-post-configure | keystone_change_password | Change Nova Monitoring password become: yes keystone_v3: action: "reset_password_by_admin" endpoint: "{{ keystone.endpoint }}" login_token: "{{ domain_scoped_token_result.result }}" user_name: "{{ monasca.nova_user }}" user_password: "{{ monasca.nova_password }}" user_domain_name: "Default" run_once: true0707010000016D000081A40000000000000000000000015F71E19F00000C0D000000000000000000000000000000000000005900000000ardana-nova-8.0+git.1601298847.dd01585/roles/nova-post-configure/tasks/keystone_conf.yml# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Nova keystone configuration --- - name: nova-post-configure | keystone_conf | Get a domain scoped token keystone_v3: endpoint: "{{ keystone.endpoint }}" login_username: "{{ keystone.admin_user }}" login_password: "{{ keystone.admin_password }}" login_user_domain_name: "{{ keystone.default_domain_name }}" login_domain_name: "{{ keystone.default_domain_name }}" action: "token_get" run_once: true changed_when: false register: domain_scoped_token_result - name: nova-post-configure | keystone_conf | Create Nova Keystone User keystone_v3: action: "create_user" endpoint: "{{ keystone.endpoint }}" login_token: "{{ domain_scoped_token_result.result }}" user_name: "{{ keystone.nova_admin_user }}" user_password: "{{ keystone.nova_admin_password }}" user_domain_name: "Default" run_once: true - name: nova-post-configure | keystone_conf | Add role to Nova User keystone_v3: action: "grant_project_role" endpoint: "{{ keystone.endpoint }}" login_token: "{{ domain_scoped_token_result.result }}" project_name: "{{ keystone.service_tenant }}" user_name: "{{ keystone.nova_admin_user }}" role_name: "{{ keystone.role }}" user_domain_name: "Default" project_domain_name: "Default" run_once: true - name: nova-post-configure | keystone_conf | Create Nova Admin role in Keystone keystone_v3: action: "create_role" endpoint: "{{ keystone.endpoint }}" login_token: "{{ domain_scoped_token_result.result }}" role_name: "nova_admin" description: "Nova admin role" run_once: true # # placement api user # - name: nova-post-configure | keystone_conf | Create nova-placement-api user keystone_v3: action: "create_user" endpoint: "{{ keystone.endpoint }}" login_token: "{{ domain_scoped_token_result.result }}" user_name: "{{ nova_placement_api.username }}" user_password: "{{ nova_placement_api.password }}" user_domain_name: "Default" run_once: true - name: nova-post-configure | keystone_conf | Add role nova-placement-api user keystone_v3: action: "grant_project_role" endpoint: "{{ keystone.endpoint }}" login_token: "{{ domain_scoped_token_result.result }}" project_name: "{{ keystone.service_tenant }}" user_name: "{{ nova_placement_api.username }}" role_name: "{{ keystone.role }}" user_domain_name: "Default" project_domain_name: "Default" run_once: true 0707010000016E000081A40000000000000000000000015F71E19F000001D4000000000000000000000000000000000000003100000000ardana-nova-8.0+git.1601298847.dd01585/setup.cfg[metadata] name = nova-ansible author = "SUSE LLC" author-email = ardana@googlegroups.com summary = Nova Ansible tests classifier = Development Status :: 4 - Beta Environment :: Console Environment :: OpenStack Intended Audience :: Developers Intended Audience :: Information Technology License :: OSI Approved :: Apache Software License Operating System :: OS Independent Programming Language :: Python [files] packages = NOV-MON 0707010000016F000081A40000000000000000000000015F71E19F00000424000000000000000000000000000000000000003000000000ardana-nova-8.0+git.1601298847.dd01585/setup.py# Copyright (c) 2013 Hewlett-Packard Development Company, L.P. # Copyright (c) 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or # implied. # See the License for the specific language governing permissions and # limitations under the License. # THIS FILE IS MANAGED BY THE GLOBAL REQUIREMENTS REPO - DO NOT EDIT import setuptools # In python < 2.7.4, a lazy loading of package `pbr` will break # setuptools if some other modules registered functions in `atexit`. # solution from: http://bugs.python.org/issue15881#msg170215 try: import multiprocessing # noqa except ImportError: pass setuptools.setup( setup_requires=['pbr>=2.0.0'], pbr=True) 07070100000170000081A40000000000000000000000015F71E19F000001F3000000000000000000000000000000000000003D00000000ardana-nova-8.0+git.1601298847.dd01585/test-requirements.txt# The order of packages is significant, because pip processes them in the order # of appearance. Changing the order has an impact on the overall integration # process, which may cause wedges in the gate later. mock>=2.0 # BSD testrepository>=0.0.18 # Apache-2.0/BSD testtools>=1.4.0 # MIT python-novaclient>=9.0.0 # Apache-2.0 python-monascaclient>=1.7.0 # Apache-2.0 oslo.serialization!=2.19.1,>=1.10.0 # Apache-2.0 oslo.utils>=3.20.0 # Apache-2.0 python-keystoneclient>=3.8.0 # Apache-2.0 flake8 07070100000171000041ED0000000000000000000000035F71E19F00000000000000000000000000000000000000000000002D00000000ardana-nova-8.0+git.1601298847.dd01585/tests07070100000172000041ED0000000000000000000000025F71E19F00000000000000000000000000000000000000000000003500000000ardana-nova-8.0+git.1601298847.dd01585/tests/NOV_MON07070100000173000081A40000000000000000000000015F71E19F00000000000000000000000000000000000000000000004100000000ardana-nova-8.0+git.1601298847.dd01585/tests/NOV_MON/__init__.py07070100000174000081A40000000000000000000000015F71E19F00001283000000000000000000000000000000000000005200000000ardana-nova-8.0+git.1601298847.dd01585/tests/NOV_MON/test_nova_heartbeat_check.py# # (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # import mock import unittest import keystoneclient import NOV_MON.nova_heartbeat_check as nhc from novaclient import client as novacli class TestNovaHeartbeatCheck(unittest.TestCase): def setUp(self): nhc.THIS_HOST = 'this_host' # Create without calling __init__, as that takes several parameters self.nhc = nhc.NovaHeartbeatCheck.__new__(nhc.NovaHeartbeatCheck) self.nhc.client = None self.nhc.log = mock.MagicMock() def test_metric1(self): metric = nhc.metric() self.assertNotIn('value_meta', metric) self.assertEqual('nova.heartbeat', metric['metric']) self.assertEqual(nhc.FAIL, metric['value']) dims = metric['dimensions'] self.assertEqual('compute', dims['service']) self.assertIsNotNone(dims['observer_hostname']) def test_metric2(self): metric = nhc.metric(message='omg', cat='meow') self.assertEqual('omg', metric['value_meta']['msg']) dims = metric['dimensions'] self.assertEqual('meow', dims['cat']) @mock.patch.object(novacli.Client, '__init__', return_value=None) @mock.patch.object(keystoneclient.session.Session, '__init__', return_value=None) @mock.patch.object(keystoneclient.auth.identity.v3.Password, '__init__', return_value=None) def test_get_client(self, mock_pass, mock_session, mock_client): self.nhc.init_config = {'keystone': {'project_name': 'aa'}, 'nova': {'endpoint_type': 'bb'}} client = self.nhc._get_client() self.assertIsNotNone(client) def mk_service(self, **kwargs): data = {'status': 'enabled', 'binary': 'nova-compute', 'zone': 'nova', 'state': 'up', 'updated_at': '2015-10-03T02:33:38.000000', 'host': 'this_host', 'disabled_reason': None, 'id': 31} data.update(kwargs) svc = mock.MagicMock() for k, v in data.items(): setattr(svc, k, v) return svc def test_get_state(self): svc = self.mk_service() self.assertEqual('enabled', svc.status) self.assertEqual('nova-compute', svc.binary) self.assertEqual(nhc.OK, self.nhc._get_state(svc)) svc.state = 'down' self.assertEqual(nhc.FAIL, self.nhc._get_state(svc)) svc.status = 'disabled' self.assertEqual(nhc.OK, self.nhc._get_state(svc)) svc.state = 'up' self.assertEqual(nhc.OK, self.nhc._get_state(svc)) def test_gather_metrics(self): @mock.patch.object(self.nhc, '_get_client') def fn(mock_client): mock_client.return_value.services.list.return_value = [ self.mk_service(), self.mk_service(host='other_host'), ] return self.nhc._gather_metrics() metrics = fn() self.assertEqual(2, len(metrics)) self.assertEqual('this_host', metrics[0]['dimensions']['hostname']) self.assertEqual('other_host', metrics[1]['dimensions']['hostname']) def test_check(self): metrics = [nhc.metric(state=nhc.OK, hostname='this_host'), nhc.metric(state=nhc.FAIL, hostname='this_host')] instance = mock.sentinel.instance @mock.patch.object(self.nhc, 'gauge') @mock.patch.object(self.nhc, '_set_dimensions', side_effect=lambda *a: a[0]) @mock.patch.object(self.nhc, '_gather_metrics', return_value=metrics) def fn(mock_gather, mock_dims, mock_gauge): self.nhc.check(instance) mock_gather.assert_called_once_with() self.assertEqual([mock.call(m['dimensions'], instance) for m in metrics], mock_dims.call_args_list) self.assertEqual([mock.call(**m) for m in metrics], mock_gauge.call_args_list) fn() 07070100000175000081A40000000000000000000000015F71E19F00000000000000000000000000000000000000000000003900000000ardana-nova-8.0+git.1601298847.dd01585/tests/__init__.py07070100000176000081A40000000000000000000000015F71E19F000001EC000000000000000000000000000000000000002F00000000ardana-nova-8.0+git.1601298847.dd01585/tox.ini[tox] envlist = py27,pep8 skipsdist = True [testenv:pep8] commands = flake8 {posargs} [testenv] whitelist_externals = bash find rm setenv = VIRTUAL_ENV={envdir} LANGUAGE=en_US LC_ALL=en_US.utf-8 deps = -r{toxinidir}/test-requirements.txt commands = find . -type f -name "*.pyc" -delete python setup.py testr --slowest passenv = http_proxy HTTP_PROXY https_proxy HTTPS_PROXY no_proxy NO_PROXY [flake8] exclude = .tox,.git 07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000B00000000TRAILER!!!970 blocks
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor