diff --git a/ansible.cfg b/ansible.cfg index e484606c..7919bac6 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -2,22 +2,14 @@ # Ensure that ansible can find roles relative to its working directory # (instead of looking within playbooks directory or default paths) roles_path = ./roles:./roles/galaxy.ansible.com -# Turn on fact caching. 'smart' means that if there are no facts found -# for the host, they are fetched the first time. Subsequent reads come -# from the cache. -gathering = smart -fact_caching = jsonfile -fact_caching_connection = .facts -# NOTE(jason): this is only needed for certain sites that need to -# write in to a 'primary' Keystone service when registering endpoints. -# That requires overriding a few specific things in the openstack_auth -# dictionary, without overriding everything. -hash_behaviour = merge -# Use Mitogen for a higher-performance task execution strategy -strategy_plugins = ./venv/lib/mitogen-latest/ansible_mitogen/plugins/strategy -strategy = mitogen_linear + +# print better error messages +stdout_callback = yaml [inventory] # Ensure we fail if the inventory is malformed; this is important # for automation, so it does not proceed on failures. unparsed_is_failed = true + +[galaxy] +server = https://old-galaxy.ansible.com/ diff --git a/kolla/defaults.yml b/kolla/defaults.yml index 554a1d62..b3c283ec 100644 --- a/kolla/defaults.yml +++ b/kolla/defaults.yml @@ -70,7 +70,8 @@ enable_glance: yes enable_gnocchi: yes # Hammers -hammers_openstack_user: admin +hammers_openstack_user: "{{ keystone_admin_user }}" +hammers_openstack_password: "{{ keystone_admin_password }}" hammers_openstack_project_name: "{{ keystone_admin_project }}" # HAProxy @@ -216,13 +217,14 @@ chameleon_portal_mysql_database: chameleon_prod enable_precis: no # Prometheus -enable_prometheus: no +enable_prometheus: "{{ inventory_hostname in groups['prometheus'] }}" prometheus_port: "9090" prometheus_jupyterhub_exporter_token: prometheus_server_external_url: "{{ public_protocol }}://{{ prometheus_external_fqdn }}:{{ prometheus_port }}" prometheus_alertmanager_external_url: "{{ public_protocol }}://{{ prometheus_external_fqdn }}:{{ prometheus_alertmanager_port }}" # Legacy chameleon_prometheus role vars prometheus_bind_address: "{{ lookup('vars', 'ansible_' + network_interface).ipv4.address }}" +prometheus_user: prometheus # Redfish Monitor redfish_monitor_openstack_user: "{{ keystone_admin_username }}" diff --git a/kolla/node_custom_config/cinder.conf b/kolla/node_custom_config/cinder.conf index 7993ecce..8fda2b0c 100644 --- a/kolla/node_custom_config/cinder.conf +++ b/kolla/node_custom_config/cinder.conf @@ -1,2 +1,29 @@ +{% if cinder_backend_ceph | bool %} [DEFAULT] -default_volume_type = iscsi \ No newline at end of file +default_volume_type = ceph-hdd +enabled_backends = rbd-1,rbd-ssd + +[rbd-1] +volume_driver = cinder.volume.drivers.rbd.RBDDriver +volume_backend_name = rbd-1 +rbd_pool = {{ ceph_cinder_pool_name }} +rbd_ceph_conf = /etc/ceph/ceph.conf +rbd_flatten_volume_from_snapshot = false +rbd_max_clone_depth = 5 +rbd_store_chunk_size = 4 +rados_connect_timeout = 5 +rbd_user = cinder +rbd_secret_uuid = {{ cinder_rbd_secret_uuid }} +report_discard_supported = True +image_upload_use_cinder_backend = True +rbd_flatten_volume_from_snapshot = True +#glance_api_version = 2 + +[rbd-ssd] +volume_driver = cinder.volume.drivers.rbd.RBDDriver +volume_backend_name = rbd-ssd +rbd_pool = {{ ceph_cinder_ssd_pool_name }} +rbd_user = cinder +rbd_secret_uuid = {{ cinder_rbd_secret_uuid }} +rbd_secret_uuid = {{ cinder_rbd_secret_uuid }} +{% endif %} diff --git a/kolla/node_custom_config/cinder/ceph.client.cinder.keyring b/kolla/node_custom_config/cinder/ceph.client.cinder.keyring new file mode 100644 index 00000000..014eb4aa --- /dev/null +++ b/kolla/node_custom_config/cinder/ceph.client.cinder.keyring @@ -0,0 +1,9 @@ +$ANSIBLE_VAULT;1.1;AES256 +32376162313135653430333733376535633530353862636665373430336236363561623031386531 +6134613333303165663363383261623362616338616263640a636561656139663065373861326664 +36663965626265666339653166653935313738393730313962353038356464626631326239353738 +6365323564396436320a373437336339633233316239653330306564336462646230353730366666 +33623461366166323734653533383736613539653934646134356634656531623365623735353836 +39373433633961646238363739366536636336323033306236316263346362393933663436333336 +38656134363461626461373832663934333333343764323637343763373234656430646564373561 +62626631396432353062 diff --git a/kolla/node_custom_config/cinder/ceph.conf b/kolla/node_custom_config/cinder/ceph.conf new file mode 100644 index 00000000..c333b3bb --- /dev/null +++ b/kolla/node_custom_config/cinder/ceph.conf @@ -0,0 +1,17 @@ +[global] +log file = /var/log/kolla/ceph/$cluster-$name.log +log to syslog = false +err to syslog = false +log to stderr = false +err to stderr = false + +fsid = {{ ceph_fsid }} +mon_initial_members = {{ ceph_mon_hostname }} +mon_host = {{ ceph_mon_address }} +auth_cluster_required = cephx +auth_service_required = cephx +auth_client_required = cephx + +osd pool default size = 1 +osd pool default min size = 1 + diff --git a/kolla/node_custom_config/cinder/cinder-backup/ceph.client.cinder-backup.keyring b/kolla/node_custom_config/cinder/cinder-backup/ceph.client.cinder-backup.keyring new file mode 100644 index 00000000..69d78732 --- /dev/null +++ b/kolla/node_custom_config/cinder/cinder-backup/ceph.client.cinder-backup.keyring @@ -0,0 +1,9 @@ +$ANSIBLE_VAULT;1.1;AES256 +35626237353166396233653633613766303033663366363635653337306530663361636635333332 +3931303337366565393764393430393366663439643663330a333665323833393031366432353062 +64323036363838616261356662613135326264373039636331643634623561366133363935613336 +6266616332643033360a306262343766643633343266666261343764636263386332376232353532 +33626661333963623437383064303565376531656261666166306365366431623464363336626237 +31356434363332636435373033353266343735646435643537613937626662366661393764636261 +31383062626564663061396464343537303936366531646530393561353763386337626133393864 +36646465383765333637 diff --git a/kolla/node_custom_config/cinder/cinder-volume/ceph.client.cinder.keyring b/kolla/node_custom_config/cinder/cinder-volume/ceph.client.cinder.keyring new file mode 100644 index 00000000..fb810a8e --- /dev/null +++ b/kolla/node_custom_config/cinder/cinder-volume/ceph.client.cinder.keyring @@ -0,0 +1,9 @@ +$ANSIBLE_VAULT;1.1;AES256 +32393735303036616434633236623635326533373536663537393937333465363963383064306432 +3063383930333233643937356166386664383862623566370a643736663764306534666334633036 +32373738326430313566363630353666636133343333623037373334313531326662623036373965 +6136343562326637340a313030323761356263303933363136393230633434356665663035353039 +39633737663733666533363461313262656534663933336130393661343561373937363633616233 +34383861646632343334393064663362616135393738666536616266303264633330326334636137 +62353939666666383439646533346637363435363961316630356333616564656461346365343937 +62396235363638376230 diff --git a/kolla/node_custom_config/galera.cnf b/kolla/node_custom_config/galera.cnf new file mode 100644 index 00000000..dd58092d --- /dev/null +++ b/kolla/node_custom_config/galera.cnf @@ -0,0 +1,2 @@ +[mysqld] +table_open_cache = 20000 diff --git a/kolla/node_custom_config/glance/ceph.client.kvm-images.keyring b/kolla/node_custom_config/glance/ceph.client.kvm-images.keyring new file mode 100644 index 00000000..26053889 --- /dev/null +++ b/kolla/node_custom_config/glance/ceph.client.kvm-images.keyring @@ -0,0 +1,9 @@ +$ANSIBLE_VAULT;1.1;AES256 +65363435636632386261666565333262316337653864626465663935393361326231636135333131 +6463626363393231366161626261363362336262363031620a323331326431666535343335343839 +38636362613539356164663835656436376262653034316466363962316437653366646436383636 +3866643830376238610a636130363335343730343261346530326337316164613233356263333734 +66343536373330313631356332343736303233383636653466346462306666313564323565333935 +61653739636333353138373332643838623734623939633564336532636462313963313632656564 +32383038663536383430373137393033626636333830383830363133613438623032376162616637 +35386633306365323166 diff --git a/kolla/node_custom_config/glance/ceph.conf b/kolla/node_custom_config/glance/ceph.conf new file mode 100644 index 00000000..d9b73926 --- /dev/null +++ b/kolla/node_custom_config/glance/ceph.conf @@ -0,0 +1,7 @@ +[global] +fsid = {{ ceph_fsid }} +#mon_initial_members = {{ ceph_mon_hostname }} +mon_host = {{ ceph_mon_address }} +auth_cluster_required = cephx +auth_service_required = cephx +auth_client_required = cephx diff --git a/kolla/node_custom_config/glance/glance-api.conf b/kolla/node_custom_config/glance/glance-api.conf new file mode 100644 index 00000000..060a36ad --- /dev/null +++ b/kolla/node_custom_config/glance/glance-api.conf @@ -0,0 +1,23 @@ +[DEFAULT] +show_image_direct_url = True +client_socket_timeout = 0 + +[glance_store] +stores = rbd,file +default_store = rbd +rbd_store_pool = kvm-images +rbd_store_user = kvm-images +rbd_store_ceph_conf = /etc/ceph/ceph.conf +rbd_store_chunk_size = 8 + +[image_import_opts] +image_import_plugins = ['image_conversion'] + +[image_conversion] +output_format = raw + +[keystone_authtoken] +service_token_roles_required = True + +[taskflow_executor] +max_workers = 2 diff --git a/kolla/node_custom_config/glance/glance-image-import.conf b/kolla/node_custom_config/glance/glance-image-import.conf new file mode 100644 index 00000000..3f0efffe --- /dev/null +++ b/kolla/node_custom_config/glance/glance-image-import.conf @@ -0,0 +1,5 @@ +[image_import_opts] +image_import_plugins = ['image_conversion'] + +[image_conversion] +output_format = raw diff --git a/kolla/node_custom_config/horizon/custom_local_settings b/kolla/node_custom_config/horizon/custom_local_settings index 4e2aab66..7150df4a 100644 --- a/kolla/node_custom_config/horizon/custom_local_settings +++ b/kolla/node_custom_config/horizon/custom_local_settings @@ -24,7 +24,7 @@ CHAMELEON_SITE_ID = '{{ chameleon_site_name }}' # Hide the region dropdown OPENSTACK_KEYSTONE_MULTIREGION_SUPPORT = False # Show the site dropdown -CHAMELEON_MULTISITE_SUPPORT = True +CHAMELEON_MULTISITE_SUPPORT = False {% else %} CHAMELEON_SITES = { {% for conf in horizon_regions %} @@ -150,12 +150,6 @@ WEBSSO_DEFAULT_REDIRECT_LOGOUT_CONFIRM_URL = '{{ horizon_chameleon_websso_host } # A dictionary of settings which can be used to provide the default values for # properties found in the Launch Instance modal. LAUNCH_INSTANCE_DEFAULTS = { - 'config_drive': False, - 'enable_scheduler_hints': True, - 'disable_image': False, - 'disable_instance_snapshot': True, - 'disable_volume': True, - 'disable_volume_snapshot': True, 'create_volume': False, } diff --git a/kolla/node_custom_config/keystone/policy.yaml b/kolla/node_custom_config/keystone/policy.yaml new file mode 100644 index 00000000..e3947b7a --- /dev/null +++ b/kolla/node_custom_config/keystone/policy.yaml @@ -0,0 +1,8 @@ +#identity:change_password: '!' +#identity:update_user: '!' +#identity:list_endpoints: role:reader and system_scope:all + +#identity:list_roles: 'role:reader and system_scope:all' +#identity:list_roles: 'role:reader' + +#identity:list_services: role:reader and system_scope:all diff --git a/kolla/node_custom_config/neutron/ml2_conf.ini b/kolla/node_custom_config/neutron/ml2_conf.ini index fb4e0ce5..65653b4c 100644 --- a/kolla/node_custom_config/neutron/ml2_conf.ini +++ b/kolla/node_custom_config/neutron/ml2_conf.ini @@ -1,8 +1,8 @@ [agent] -tunnel_types = +tunnel_types = {% if not enable_ironic | bool %}vxlan{% endif %} [ml2] -mechanism_drivers = openvswitch,genericswitch{% if enable_ironic_neutron_agent | bool %},baremetal{% endif %} +mechanism_drivers = openvswitch{% if neutron_ml2_generic_switch_configs is defined %},genericswitch{%endif %}{% if enable_ironic_neutron_agent | bool %},baremetal{% endif %},l2population [ml2_type_vlan] {# DEPRECATED: neutron_network_vlan_ranges still takes priority if in use #} @@ -20,7 +20,7 @@ network_vlan_ranges = {# DEPRECATED: neutron_ovs_bridge_mappings still takes priority if in use #} {% if neutron_ovs_bridge_mappings is defined %} bridge_mappings = {{ neutron_ovs_bridge_mappings }} -{% elif neutron_networks is defined %} +{% elif neutron_networks is defined and (inventory_hostname in groups["network"] or (inventory_hostname in groups["compute"] and computes_need_external_bridge | bool )) %} bridge_mappings = {% for config in neutron_networks %}{{ config.name }}:{{ config.bridge_name }}{% if not loop.last %},{% endif %}{% endfor %} {% endif %} diff --git a/kolla/node_custom_config/nova.conf b/kolla/node_custom_config/nova.conf index 8fe98ef1..7859983c 100644 --- a/kolla/node_custom_config/nova.conf +++ b/kolla/node_custom_config/nova.conf @@ -1,9 +1,10 @@ [DEFAULT] # TODO: [jca 2019-02-08] # This might not be necessary; it is unclear why we have this setting disabled. -vif_plugging_is_fatal = false -vif_plugging_timeout = 0 -max_concurrent_builds = 0 +# comented -- codyhammock +#vif_plugging_is_fatal = false +#vif_plugging_timeout = 0 +#max_concurrent_builds = 0 [compute] # https://docs.openstack.org/ironic/train/install/configure-compute.html @@ -16,31 +17,37 @@ max_concurrent_builds = 0 # compute service, will be remapped to a different one. That may cause # the second compute service to also be disabled, and so on, until no # compute services are active. -consecutive_build_service_disable_threshold = 0 +# comented -- codyhammock +#consecutive_build_service_disable_threshold = 0 [conductor] workers = 10 [filter_scheduler] # Override default filters (just remove filters not relevant to baremetal-only) -# default: AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,BlazarFilter -enabled_filters = ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,BlazarFilter -# https://docs.openstack.org/ironic/train/install/configure-compute.html +# default: RetryFilter,AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,BlazarFilter +{% if nova_enabled_filters is defined %} +enabled_filters = {{ nova_enabled_filters }} +{% endif %} +# https://docs.openstack.org/ironic/rocky/install/configure-compute.html # > Enables querying of individual hosts for instance information. # Not possible for bare metal nodes, so set it to False. -track_instance_changes = false +# comented -- codyhammock +# track_instance_changes = false # https://docs.openstack.org/ironic/train/install/configure-compute.html # > Enabling this option is beneficial as it reduces re-scheduling events # for ironic nodes when scheduling is based on resource classes, # especially for mixed hypervisor case with host_subset_size = 1. # However enabling it will also make packing of VMs on hypervisors # less dense even when scheduling weights are completely disabled. -shuffle_best_same_weighed_hosts = true +# comented -- codyhammock +# shuffle_best_same_weighed_hosts = true [neutron] # Increase timeout for Neutron to reduce probability of error during launches # of a lot of nodes at once. -timeout = 300 +# comented -- codyhammock +#timeout = 300 [oslo_messaging_notifications] # Experiment Precis requires 2.0 message format, i.e. set driver to messagingv2 @@ -54,27 +61,34 @@ rpc_conn_pool_size = 300 max_age = 0 until_refresh = 0 reservation_expire = 86400 +{% if enable_blazar | bool %} # Remove quota limits for hosts; these are handled via Blazar -instances = -1 -cores = -1 -ram = -1 +# comented -- codyhammock +#instances = -1 +#cores = -1 +#ram = -1 +{% endif %} # https://docs.openstack.org/nova/train/configuration/config.html#quota.recheck_quota # > This defaults to True (recheck quota after resource creation) but can be set # to False to avoid additional load if allowing quota to be exceeded because # of racing requests is considered acceptable. # Disable re-checking because we manage quota in Blazar. -recheck_quota = false +# comented -- codyhammock +#recheck_quota = false [scheduler] # TODO: [jca 2019-02-08] # This seems quite high. We potentially don't need to keep it this high. # This is the value we have used in the past however. -max_attempts = 50 +# comented -- codyhammock +# max_attempts = 50 # https://docs.openstack.org/ironic/train/install/configure-compute.html # > The recommended value of 2 minutes matches how often the Compute # service polls the Bare Metal service for node information. -discover_hosts_in_cells_interval = 120 +# comented -- codyhammock +# discover_hosts_in_cells_interval = 120 +{% if enable_nova_serialconsole_proxy | bool %} [serial_console] base_url = wss://{{ kolla_external_fqdn }}:{{ nova_serialproxy_port }}/ @@ -82,6 +96,7 @@ base_url = wss://{{ kolla_external_fqdn }}:{{ nova_serialproxy_port }}/ [console] allowed_origins = "{{ nova_console_allowed_origins }}" {% endif %} +{% endif %} {% if service_name == "nova-api" %} # Custom vendordata service @@ -103,3 +118,25 @@ password = {{ nova_keystone_password }} os_region_name = "{{ openstack_region_name }}" {% endif %} {% endif %} + + +# TODO: [codyhammock 2019-09-18] +# Override some options that otherwise assume "enable_ceph" is true +{% if nova_compute_virt_type in ['kvm', 'qemu'] %} +[libvirt] +connection_uri = "qemu+tcp://{{ api_interface_address }}/system" +{% if nova_backend == "rbd" %} +images_type = rbd +images_rbd_pool = {{ ceph_nova_pool_name }} +images_rbd_ceph_conf = /etc/ceph/ceph.conf +rbd_user = nova +disk_cachemodes="network=writeback" +{% if nova_hw_disk_discard != '' %} +hw_disk_discard = {{ nova_hw_disk_discard }} +{% endif %} +{% endif %} +{% if nova_backend == "rbd" and external_ceph_cephx_enabled | bool %} +rbd_secret_uuid = {{ rbd_secret_uuid }} +{% endif %} +virt_type = {{ nova_compute_virt_type }} +{% endif %} diff --git a/kolla/node_custom_config/nova/ceph.client.cinder.keyring b/kolla/node_custom_config/nova/ceph.client.cinder.keyring new file mode 100644 index 00000000..51212964 --- /dev/null +++ b/kolla/node_custom_config/nova/ceph.client.cinder.keyring @@ -0,0 +1,16 @@ +$ANSIBLE_VAULT;1.1;AES256 +38393064616566346637373034336537323933383265653037346662303135326539303331663162 +3538613638396465613534323737363337643831653462630a303166363461633235666563646432 +38366237316630643335323136656136656362343033623965633234646233626135333366646637 +3864623466326164360a613436623236666234663037666633363265333466343663616165613937 +65323233653534646337626565393433323139316431613265383930303735373461313839336635 +38303566666563366632633733373262323832383732643432633535656462383431356563643264 +63666536643732326237643438343830653262626339363637636162656537343039613764636232 +63363934643038616633616138353664363939623165623639663936396262663938393430333337 +35626662623165646439636536393762373861643666613665333163616538613938653962393538 +63393236363034663839366364613637396461663630373836613262336638346330643630666439 +61383464363136356135656339343931373835396435636664303839356133396534373563386532 +62643361616330363839633234396338613131393137613538313065653430393132333533383561 +65306166633063616664393533323132636630386365616362383332393664376335353961323564 +31336139313533613835303963633330316664643033373837333538653537383839623233386161 +646661346164376131323763303964353664 diff --git a/kolla/node_custom_config/nova/ceph.client.nova.keyring b/kolla/node_custom_config/nova/ceph.client.nova.keyring new file mode 100644 index 00000000..1472ab5f --- /dev/null +++ b/kolla/node_custom_config/nova/ceph.client.nova.keyring @@ -0,0 +1,9 @@ +$ANSIBLE_VAULT;1.1;AES256 +36386335353136303231363762633034353162333864636532323337323038306433643239663562 +3338373335353664303733306564366463373736643064660a636634366534303263653232323832 +32363466306364303935313561366531656666383633353436333164633730666636353763323932 +3434393161316531330a613838336333633835356265313834633936343863386139623039653737 +63626262386131663038653466353137386433666136356237643939613762623737343834663464 +34326437376433333262323964636136313132626132363739316239653266306232323032616263 +30323838353737656665383962333765666666663164663336636466653062626431326236333265 +35316232366262353038 diff --git a/kolla/node_custom_config/nova/ceph.conf b/kolla/node_custom_config/nova/ceph.conf new file mode 100644 index 00000000..c333b3bb --- /dev/null +++ b/kolla/node_custom_config/nova/ceph.conf @@ -0,0 +1,17 @@ +[global] +log file = /var/log/kolla/ceph/$cluster-$name.log +log to syslog = false +err to syslog = false +log to stderr = false +err to stderr = false + +fsid = {{ ceph_fsid }} +mon_initial_members = {{ ceph_mon_hostname }} +mon_host = {{ ceph_mon_address }} +auth_cluster_required = cephx +auth_service_required = cephx +auth_client_required = cephx + +osd pool default size = 1 +osd pool default min size = 1 + diff --git a/playbooks/chameleon_usage.yml b/playbooks/chameleon_usage.yml index 3a6c193e..c6db1680 100644 --- a/playbooks/chameleon_usage.yml +++ b/playbooks/chameleon_usage.yml @@ -2,28 +2,3 @@ - hosts: chameleon_usage roles: - role: chameleon_usage - vars: - action: 'mysql_init' - - role: chameleon_usage - vars: - action: 'config' - - role: chameleon_usage - vars: - action: 'node' - - role: chameleon_usage - when: enable_usage_appliance_report - vars: - action: 'heat_template' - - role: chameleon_usage - when: enable_user_project_report - vars: - action: 'user_project' - -- hosts: chameleon_usage_jupyter - roles: - - role: chameleon_usage - vars: - action: 'config' - - role: chameleon_usage - vars: - action: 'jupyter' diff --git a/playbooks/prometheus.yml b/playbooks/prometheus.yml index f6a8b397..57a18dc7 100644 --- a/playbooks/prometheus.yml +++ b/playbooks/prometheus.yml @@ -19,7 +19,7 @@ prometheus_monitoring_user: "{{ prometheus_monitoring_user }}" when: inventory_hostname in groups[prometheus_services['alertmanager'].group] - set_fact: - prometheus_server_port: "{{ prometheus_services['server'].port }}" + prometheus_server_port: "{{ prometheus_services['prometheus-server'].port }}" prometheus_server_users: "{{ prometheus_server_users }}" prometheus_monitoring_user: "{{ prometheus_monitoring_user }}" when: inventory_hostname in groups[prometheus_services['server'].group] diff --git a/requirements.txt b/requirements.txt index 919e35e6..d121f650 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,6 @@ ansible~=2.8.0 +jinja2==3.0.3 +pyopenssl docker openstacksdk # See https://github.com/weldr/lorax/commit/c56d57ef7ee1c329161158ea8867064f74c0cffa diff --git a/roles/chameleon_prometheus/defaults/main.yml b/roles/chameleon_prometheus/defaults/main.yml index aa6734e5..ec915093 100644 --- a/roles/chameleon_prometheus/defaults/main.yml +++ b/roles/chameleon_prometheus/defaults/main.yml @@ -24,7 +24,7 @@ prometheus_services: service_name: prometheus_server image: prom/prometheus:v2.10.0 group: prometheus - enabled: yes + enabled: "{{ enable_prometheus }}" restart_handler: restart prometheus port: 9090 config_dir: /etc/prometheus diff --git a/roles/chameleon_prometheus/tasks/main.yml b/roles/chameleon_prometheus/tasks/main.yml index d7acd0e4..f983e3d4 100644 --- a/roles/chameleon_prometheus/tasks/main.yml +++ b/roles/chameleon_prometheus/tasks/main.yml @@ -8,6 +8,7 @@ | selectattr('image', 'defined') | map(attribute='group') | list }} + - name: Create Docker network. docker_network: name: "{{ prometheus_docker_network_name }}" diff --git a/roles/chameleon_prometheus/templates/prometheus.yml.j2 b/roles/chameleon_prometheus/templates/prometheus.yml.j2 index e1d35175..77a1b1df 100644 --- a/roles/chameleon_prometheus/templates/prometheus.yml.j2 +++ b/roles/chameleon_prometheus/templates/prometheus.yml.j2 @@ -1,4 +1,4 @@ -{% set alertmanager_service = prometheus_services['alertmanager'] %} +{% set alertmanager_service = prometheus_services['prometheus-alertmanager'] %} {% set alertmanager_vars = hostvars[groups[alertmanager_service.group][0]] %} {% set snmp_exporter_service = prometheus_services['snmp-exporter'] %} {% set snmp_exporter_vars = hostvars[groups[snmp_exporter_service.group][0]] %} diff --git a/roles/chameleon_usage/defaults/main.yml b/roles/chameleon_usage/defaults/main.yml index 761d47fa..eadc529a 100644 --- a/roles/chameleon_usage/defaults/main.yml +++ b/roles/chameleon_usage/defaults/main.yml @@ -9,4 +9,4 @@ user_project_report_credentials: /usr/local/sbin/user_project_report_credentials chameleon_usage_keycloak_client_id: user-group-import -usage_extract_command: extract_chi_data +usage_extract_command: extract_kvm_data diff --git a/roles/chameleon_usage/tasks/main.yml b/roles/chameleon_usage/tasks/main.yml index bd8db0e4..65fde773 100644 --- a/roles/chameleon_usage/tasks/main.yml +++ b/roles/chameleon_usage/tasks/main.yml @@ -1,2 +1,57 @@ ---- -- include_tasks: "{{ action }}.yml" \ No newline at end of file +--- +- name: Pull Docker image. + docker_image: + source: pull + name: "{{ chameleon_usage_docker_image }}" + force_source: yes + +- name: Create config directory. + file: + path: "{{ chameleon_usage_config_dir }}" + state: directory + +- name: Configure my.cnf + template: + src: my.cnf.j2 + dest: "{{ chameleon_usage_config_dir }}/my.cnf" + vars: + mysql_host: "{{ chameleon_usage_mysql_host }}" + root_password: "{{ database_password }}" + +- name: Create MySQL user + local_action: + module: mysql_user + login_host: "{{ groups.mariadb[0] }}" + login_password: "{{ database_password }}" + name: "{{ chameleon_usage_mysql_user }}" + host: "%" + password: "{{ chameleon_usage_mysql_password }}" + priv: "{{ item }}" + append_privs: 'yes' + with_items: + - 'chameleon_usage.*:CREATE,SELECT,INSERT,UPDATE,DELETE' + - 'nova.*:SELECT' + - 'keystone.*:SELECT' + +- name: Initialize chameleon_usage database + shell: | + docker run --rm --net=host \ + -v "{{ chameleon_usage_config_dir }}/my.cnf:/etc/mysql/my.cnf" \ + {{ chameleon_usage_docker_image }} setup_database --mysql-conf /etc/mysql/my.cnf 2>&1 + +- name: Configure chameleon usage data extract docker bash wrapper + template: + src: chameleon-usage-extract-data.j2 + mode: a+x + dest: /usr/local/sbin/chameleon-usage-extract-kvm-data + +- name: Fill in up-to-date data to chameleon_usage + command: "/usr/local/sbin/chameleon-usage-extract-kvm-data" + +- name: Set up node data extract periodic task + include_role: + name: chameleon.periodic_task + vars: + task_name: "kvm_usage" + task_command: "/usr/local/sbin/chameleon-usage-extract-kvm-data" + task_calendar: "09:00" diff --git a/roles/chameleon_usage/templates/chameleon-usage-heat-template-downloads.j2 b/roles/chameleon_usage/templates/chameleon-usage-heat-template-downloads.j2 deleted file mode 100644 index 594718d4..00000000 --- a/roles/chameleon_usage/templates/chameleon-usage-heat-template-downloads.j2 +++ /dev/null @@ -1,8 +0,0 @@ -#! /bin/sh - -docker run --rm --net=host \ - -v "{{ ga_reporting_private_key_json_location }}:/etc/google-service-account-private-key.json" \ - -v "{{ chameleon_usage_config_dir }}/my.cnf:/etc/mysql/my.cnf" \ - {{ chameleon_usage_docker_image }} \ - heat_template_downloads --google-key-file-location /etc/google-service-account-private-key.json \ - --google-profile-id {{google_analytics_view_id}} --mysql-conf /etc/mysql/my.cnf 2>&1 diff --git a/roles/chameleon_usage/templates/chameleon-usage-jupyter-usage-report-cache.j2 b/roles/chameleon_usage/templates/chameleon-usage-jupyter-usage-report-cache.j2 deleted file mode 100644 index e7fb38ad..00000000 --- a/roles/chameleon_usage/templates/chameleon-usage-jupyter-usage-report-cache.j2 +++ /dev/null @@ -1,6 +0,0 @@ -#! /bin/sh - -docker run --rm --net=host \ - -v "{{ chameleon_usage_config_dir }}/my.cnf:/etc/mysql/my.cnf" \ - {{ chameleon_usage_docker_image }} \ - jupyter_usage_report_cache --mysql-conf /etc/mysql/my.cnf 2>&1 diff --git a/roles/chameleon_usage/templates/chameleon-usage-jupyter.j2 b/roles/chameleon_usage/templates/chameleon-usage-jupyter.j2 deleted file mode 100644 index 6fd51f91..00000000 --- a/roles/chameleon_usage/templates/chameleon-usage-jupyter.j2 +++ /dev/null @@ -1,7 +0,0 @@ -#! /bin/sh - -docker run --rm --net=host \ - -v "/var/run/docker.sock:/var/run/docker.sock" \ - -v "{{ chameleon_usage_config_dir }}/my.cnf:/etc/mysql/my.cnf" \ - {{ chameleon_usage_docker_image }} \ - jupyter_usage --mysql-conf /etc/mysql/my.cnf 2>&1 diff --git a/roles/chameleon_usage/templates/chameleon-usage-sanity-checks.j2 b/roles/chameleon_usage/templates/chameleon-usage-sanity-checks.j2 deleted file mode 100644 index f3835dee..00000000 --- a/roles/chameleon_usage/templates/chameleon-usage-sanity-checks.j2 +++ /dev/null @@ -1,7 +0,0 @@ -#! /bin/sh - -docker run --rm --net=host \ - -v "{{ chameleon_usage_config_dir }}/slack.json:/etc/chameleon_usage/slack.json" \ - -v "{{ chameleon_usage_config_dir }}/my.cnf:/etc/mysql/my.cnf" \ - {{ chameleon_usage_docker_image }} \ - node_usage_sanity_checks --mysql-conf /etc/mysql/my.cnf --slack /etc/chameleon_usage/slack.json 2>&1 diff --git a/roles/chameleon_usage/templates/chameleon-usage-user-project-report.j2 b/roles/chameleon_usage/templates/chameleon-usage-user-project-report.j2 deleted file mode 100644 index 06447e41..00000000 --- a/roles/chameleon_usage/templates/chameleon-usage-user-project-report.j2 +++ /dev/null @@ -1,6 +0,0 @@ -#! /bin/sh - -docker run --rm --net=host \ - --env-file "{{ chameleon_usage_config_dir }}/user_project_report_credentials" \ - {{ chameleon_usage_docker_image }} \ - user_project_report 2>&1 diff --git a/roles/chameleon_usage/templates/user_project_report_credentials.j2 b/roles/chameleon_usage/templates/user_project_report_credentials.j2 deleted file mode 100644 index 493e5384..00000000 --- a/roles/chameleon_usage/templates/user_project_report_credentials.j2 +++ /dev/null @@ -1,6 +0,0 @@ -CHAMELEON_USAGE_DB_HOST={{ mysql_host }} -CHAMELEON_USAGE_DB_USER={{ chameleon_usage_mysql_user }} -CHAMELEON_USAGE_DB_PASSWORD={{ chameleon_usage_mysql_password }} -KEYCLOAK_SERVER_URL={{ keycloak_url }} -KEYCLOAK_CLIENT_ID={{ chameleon_usage_keycloak_client_id }} -KEYCLOAK_CLIENT_SECRET={{ chameleon_usage_keycloak_client_secret }} diff --git a/roles/hammers/defaults/main.yml b/roles/hammers/defaults/main.yml index 7a7ae6fc..f41ba3aa 100644 --- a/roles/hammers/defaults/main.yml +++ b/roles/hammers/defaults/main.yml @@ -6,41 +6,60 @@ hammers_mysql_user: cc_hammers hammers_mysql_host: "{{ database_address }}" hammers: + # Networking/Neutron floating_ip_reaper: cmd: floatingip-reaper --grace-days 7 calendar: daily + enabled: "{{ enable_neutron | bool }}" conflict_macs: cmd: conflict-macs delete calendar: daily + enabled: "{{ enable_neutron | bool }}" + + # Compute/Nova undead_instances: cmd: undead-instances delete calendar: daily + enabled: "{{ enable_nova | bool }}" + + # Bare metal/Ironic dirty_ports: cmd: dirty-ports clean --multiport calendar: daily + enabled: "{{ enable_ironic | bool }}" ironic_error_resetter: cmd: ironic-error-resetter reset calendar: hourly + enabled: "{{ enable_ironic | bool }}" + enforce_node_retirement: + cmd: "retirement-enforcer" + calendar: daily + enabled: "{{ enable_ironic | bool }}" + + # Reservation/Blazar orphan_resource_providers: cmd: orphan-resource-providers update calendar: daily + enabled: "{{ enable_blazar | bool }}" reservation_usage_notification: cmd: "reservation-usage-notification" calendar: daily + enabled: "{{ enable_blazar | bool }}" orphans_detector: cmd: "orphans-detector" calendar: daily + enabled: "{{ enable_blazar | bool }}" lease_stacking: cmd: "lease-stack-reaper delete" calendar: daily + enabled: "{{ enable_blazar | bool }}" clean_old_aggregates: cmd: "clean-old-aggregates" calendar: daily + enabled: "{{ enable_blazar | bool }}" unutilized_leases: cmd: "unutilized-lease-reaper delete" calendar: hourly - enforce_node_retirement: - cmd: "retirement-enforcer" - calendar: daily + enabled: "{{ enable_blazar | bool }}" hammers_slack_webhook: "{{ slack_api_url }}" diff --git a/roles/hammers/tasks/main.yml b/roles/hammers/tasks/main.yml index 200140e7..a838b8db 100644 --- a/roles/hammers/tasks/main.yml +++ b/roles/hammers/tasks/main.yml @@ -62,6 +62,7 @@ task_name: "hammer_{{ item.key }}" task_command: "/usr/local/sbin/cc-hammer {{ item.value.cmd }}" task_calendar: "{{ item.value.calendar }}" + task_enabled: "{{ item.value.enabled | bool }}" loop: "{{ hammers | dict2items }}" loop_control: label: "{{ item.key }}" diff --git a/roles/hammers/templates/slack.json.j2 b/roles/hammers/templates/slack.json.j2 index 1e5a8c09..26b6ba92 100644 --- a/roles/hammers/templates/slack.json.j2 +++ b/roles/hammers/templates/slack.json.j2 @@ -3,7 +3,7 @@ "hostname_names": { "m01-07.chameleon.tacc.utexas.edu": "CHI@TACC", "chi01.tacc.chameleoncloud.org": "CHI@TACC", - "m01-03.chameleon.tacc.utexas.edu": "KVM@TACC", + "kvm01.chameleon.tacc.utexas.edu": "KVM@TACC", "admin01.uc.chameleoncloud.org": "CHI@UC" } } diff --git a/site-config.example/inventory/hosts b/site-config.example/inventory/hosts index 54191720..0c753535 100644 --- a/site-config.example/inventory/hosts +++ b/site-config.example/inventory/hosts @@ -818,7 +818,7 @@ ceph-mgr [prometheus-openstack-exporter:children] monitoring -[prometheus-push-gateway:children] +[prometheus-pushgateway:children] monitoring [prometheus-redis-exporter:children] diff --git a/site-config.example/passwords.yml b/site-config.example/passwords.yml index e49820d0..bee454b0 100644 --- a/site-config.example/passwords.yml +++ b/site-config.example/passwords.yml @@ -21,7 +21,6 @@ neutron_database_password: neutron_keystone_password: metadata_secret: hammers_mysql_password: -hammers_openstack_password: heat_database_password: heat_keystone_password: heat_domain_admin_password: @@ -35,6 +34,7 @@ ironic_inspector_database_password: ironic_inspector_keystone_password: ironic_pxe_root_password: keystone_admin_token: +keystone_federation_openid_crypto_password: keystone_fernet_token_list: [] keystone_idp_client_secret: telemetry_secret_key: @@ -59,6 +59,7 @@ prometheus_mysql_exporter_password: prometheus_alertmanager_password: prometheus_monitoring_password: prometheus_openstack_exporter_password: +prometheus_password: prometheus_jupyterhub_password: changeme rabbitmq_cluster_cookie: rabbitmq_monitoring_password: