Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
systemsmanagement:Ardana:9
ardana-octavia
ardana-octavia-9.0+git.1590079609.a2ae6ab.obscpio
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ardana-octavia-9.0+git.1590079609.a2ae6ab.obscpio of Package ardana-octavia
07070100000000000081A40000000000000000000000015EC6B07900000034000000000000000000000000000000000000003B00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/.copyrightignore.copyrightignore roles/octavia-common/files/sudoers 07070100000001000081A40000000000000000000000015EC6B0790000007E000000000000000000000000000000000000003500000000ardana-octavia-9.0+git.1590079609.a2ae6ab/.gitreview[gerrit] host=gerrit.suse.provo.cloud port=29418 project=ardana/octavia-ansible.git defaultremote=ardana defaultbranch=master 07070100000002000081A40000000000000000000000015EC6B0790000279F000000000000000000000000000000000000003200000000ardana-octavia-9.0+git.1590079609.a2ae6ab/LICENSE Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. 07070100000003000081A40000000000000000000000015EC6B0790000059D000000000000000000000000000000000000004100000000ardana-octavia-9.0+git.1590079609.a2ae6ab/_octavia-configure.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - hosts: OCT-API:OCT-HMX become: yes roles: - octavia-common tasks: - include: roles/octavia-common/tasks/configure.yml - hosts: OCT-API become: yes roles: - octavia-common - octavia-api tasks: - include: roles/octavia-api/tasks/configure.yml - hosts: OCT-API become: yes roles: - octavia-common - octavia-worker tasks: - include: roles/octavia-common/tasks/tls_deploy.yml - include: roles/octavia-worker/tasks/configure.yml - hosts: OCT-HMX become: yes roles: - octavia-common - octavia-health-manager tasks: - include: roles/octavia-health-manager/tasks/configure.yml - hosts: OCT-API become: yes roles: - octavia-common - octavia-housekeeping tasks: - include: roles/octavia-housekeeping/tasks/configure.yml 07070100000004000081A40000000000000000000000015EC6B07900000B9A000000000000000000000000000000000000004700000000ardana-octavia-9.0+git.1590079609.a2ae6ab/_octavia-guest-configure.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # Read the values set by execution of service-guest-image.yml - hosts: OCT-API tasks: - set_fact: SRC_GUEST_IMAGE_DIR: "{{ hostvars.localhost.src_guest_image_tempdir.stdout}}" - hosts: OCT-API tasks: - set_fact: SRC_GUEST_IMAGE_FILE_NAME: "{{ hostvars.localhost.src_octavia_image_file_name.stdout }}" - hosts: OCT-API tasks: - set_fact: SERVICE_NAME: "{{ SRC_GUEST_IMAGE_FILE_NAME.split('-')[1] }}" IMAGE_NAME: "{{ SRC_GUEST_IMAGE_FILE_NAME.split('.')[0] }}" IMAGE_VERSION: "{{ SRC_GUEST_IMAGE_FILE_NAME.split('-')[-1][:5] }}" # Copy the image file to OCT-API and upload it to glance - hosts: OCT-API roles: - service-guest-image - ses_common - octavia-common vars: GLANCE_CLIENT: glance openstack_project_name: "{{ octavia_project_name }}" openstack_username: "{{ octavia_admin_user }}" openstack_password: "{{ octavia_admin_password }}" openstack_auth_url: "{{ octavia_auth_endpoint }}" openstack_user_domain_name: "{{ octavia_user_domain_name }}" openstack_project_domain_name: "{{ octavia_project_domain_name }}" openstack_endpoint_type: "{{ octavia_endpoint_type }}" openstack_ca_file: "{{ octavia_ca_file }}" openstack_insecure: False tasks: - include: roles/service-guest-image/tasks/copy_image_file.yml when: SERVICE_NAME == 'octavia' - include: roles/ses_common/tasks/_include_setup.yml - include: roles/service-guest-image/tasks/upload_image.yml ansible_python_interpreter: "{{ GLA_CLI.vars.glance_client_python_interpreter }}" when: SERVICE_NAME == 'octavia' # Configure Octavia for the new image id - hosts: OCT-API become: yes roles: - octavia-common vars: octavia_amp_image_id: "{{service_guest_image_id.stdout}}" tasks: - include: roles/octavia-common/tasks/configure.yml when: SERVICE_NAME == 'octavia' # Configure Octavia for the new image tag - hosts: OCT-API become: yes roles: - octavia-common vars: octavia_amp_image_tag: "amphora" tasks: - include: roles/octavia-common/tasks/configure.yml when: SERVICE_NAME == 'octavia' # Restart the services to pick up the image ID - include: octavia-stop.yml when: SERVICE_NAME == 'octavia' - include: octavia-start.yml when: SERVICE_NAME == 'octavia' 07070100000005000081A40000000000000000000000015EC6B07900000308000000000000000000000000000000000000003F00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/_octavia-install.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - hosts: OCT-API:OCT-HMX become: yes roles: - octavia-common tasks: - include: roles/octavia-common/tasks/install.yml 07070100000006000081A40000000000000000000000015EC6B079000002E8000000000000000000000000000000000000004800000000ardana-octavia-9.0+git.1590079609.a2ae6ab/_octavia-schedule-restart.yml# # (c) Copyright 2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # Schedule a restart of all octavia services using ardana_notify_... variables - hosts: all tasks: - include: roles/octavia-common/tasks/_schedule_restart.yml07070100000007000041ED0000000000000000000000025EC6B07900000000000000000000000000000000000000000000003100000000ardana-octavia-9.0+git.1590079609.a2ae6ab/config07070100000008000081A40000000000000000000000015EC6B0790000064F000000000000000000000000000000000000004600000000ardana-octavia-9.0+git.1590079609.a2ae6ab/config/octavia-symlinks.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # The following relative symlinks are created under the # my_cloud/config directory. --- symlinks: "octavia/octavia-api.conf.j2": "roles/octavia-common/templates/octavia-api.conf.j2" "octavia/octavia-api-logging.conf.j2": "roles/octavia-common/templates/octavia-api-logging.conf.j2" "octavia/octavia-worker.conf.j2": "roles/octavia-common/templates/octavia-worker.conf.j2" "octavia/octavia-worker-logging.conf.j2": "roles/octavia-common/templates/octavia-worker-logging.conf.j2" "octavia/octavia-health-manager.conf.j2": "roles/octavia-common/templates/octavia-health-manager.conf.j2" "octavia/octavia-hm-logging.conf.j2": "roles/octavia-common/templates/octavia-hm-logging.conf.j2" "octavia/octavia-housekeeping.conf.j2": "roles/octavia-common/templates/octavia-housekeeping.conf.j2" "octavia/octavia-hk-logging.conf.j2": "roles/octavia-common/templates/octavia-hk-logging.conf.j2" "octavia/policy.json.j2": "roles/octavia-common/templates/policy.json.j2" 07070100000009000081A40000000000000000000000015EC6B07900000C1C000000000000000000000000000000000000003D00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/octavia-deploy.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - hosts: localhost connection: local roles: - tls-trust - octavia-common tasks: - include: roles/octavia-common/tasks/tls_bootstrap.yml - include: roles/tls-trust/tasks/cert_csr.yml - include: roles/tls-trust/tasks/cert_sign.yml - include: roles/octavia-common/tasks/tls_copy.yml - hosts: OCT-API become: yes roles: - octavia-post-configure tasks: - include: roles/octavia-post-configure/tasks/keystone_conf.yml ansible_python_interpreter: "{{ KEY_CLI.vars.keystone_client_python_interpreter }}" - hosts: OCT-API:OCT-HMX become: yes roles: - octavia-common tasks: - include: roles/octavia-common/tasks/install.yml - include: roles/octavia-common/tasks/configure.yml - include: roles/octavia-common/tasks/start.yml - hosts: OCT-API become: yes roles: - octavia-post-configure tasks: - include: roles/octavia-post-configure/tasks/db_configure.yml - hosts: OCT-API become: yes roles: - octavia-post-configure tasks: - include: roles/octavia-post-configure/tasks/set_quotas.yml ansible_python_interpreter: "{{ NEU_CLI.vars.neutron_client_python_interpreter }}" - hosts: OCT-API become: yes roles: - octavia-common - octavia-api tasks: - include: roles/octavia-api/tasks/configure.yml - include: roles/octavia-api/tasks/start.yml - hosts: OCT-API become: yes roles: - octavia-common - octavia-worker tasks: - include: roles/octavia-common/tasks/tls_deploy.yml - include: roles/octavia-worker/tasks/configure.yml - include: roles/octavia-worker/tasks/start.yml - hosts: OCT-HMX become: yes roles: - octavia-common - octavia-health-manager tasks: - include: roles/octavia-health-manager/tasks/configure.yml - include: roles/octavia-health-manager/tasks/start.yml - hosts: OCT-API become: yes roles: - octavia-common - octavia-housekeeping tasks: - include: roles/octavia-housekeeping/tasks/configure.yml - include: roles/octavia-housekeeping/tasks/start.yml # after everything is running, turn on monitoring - hosts: OCT-API:OCT-HMX:&MON-AGN roles: - octavia-common - { role: monasca-agent, run_mode: Use } tasks: - include: roles/octavia-common/tasks/setup_monasca_service_plugin.yml # set up active check of octavia api via vip - hosts: OCT-API:&MON-AGN roles: - octavia-common - { role: monasca-agent, run_mode: Use } tasks: - include: roles/octavia-common/tasks/remote_monitor.yml 0707010000000A000081A40000000000000000000000015EC6B079000003B0000000000000000000000000000000000000005500000000ardana-octavia-9.0+git.1590079609.a2ae6ab/octavia-reconfigure-credentials-change.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - hosts: OCT-API become: yes roles: - octavia-post-configure tasks: - include: roles/octavia-post-configure/tasks/keystone_change_pwd.yml ansible_python_interpreter: "{{ KEY_CLI.vars.keystone_client_python_interpreter }}" - include: _octavia-configure.yml - include: octavia-start.yml 0707010000000B000081A40000000000000000000000015EC6B07900000700000000000000000000000000000000000000004200000000ardana-octavia-9.0+git.1590079609.a2ae6ab/octavia-reconfigure.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - hosts: localhost connection: local roles: - tls-trust - octavia-common tasks: - include: roles/octavia-common/tasks/tls_bootstrap.yml - include: roles/tls-trust/tasks/cert_csr.yml - include: roles/tls-trust/tasks/cert_sign.yml - include: roles/octavia-common/tasks/tls_copy.yml - hosts: OCT-API become: yes roles: - octavia-post-configure tasks: - include: roles/octavia-post-configure/tasks/keystone_conf.yml ansible_python_interpreter: "{{ KEY_CLI.vars.keystone_client_python_interpreter }}" - include: _octavia-configure.yml - hosts: OCT-API become: yes roles: - octavia-post-configure tasks: - include: roles/octavia-post-configure/tasks/db_configure.yml - hosts: OCT-API:OCT-HMX:&MON-AGN roles: - octavia-common - { role: monasca-agent, run_mode: Use } tasks: - include: roles/octavia-common/tasks/setup_monasca_service_plugin.yml # set up active check of octavia api via vip - hosts: OCT-API:&MON-AGN roles: - octavia-common - { role: monasca-agent, run_mode: Use } tasks: - include: roles/octavia-common/tasks/remote_monitor.yml - include: octavia-start.yml 0707010000000C000081A40000000000000000000000015EC6B0790000028B000000000000000000000000000000000000003E00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/octavia-restart.yml# # (c) Copyright 2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - include: _octavia-schedule-restart.yml - include: octavia-start.yml 0707010000000D000081A40000000000000000000000015EC6B07900000552000000000000000000000000000000000000003C00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/octavia-start.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - hosts: OCT-API:OCT-HMX become: yes roles: - octavia-common tasks: - include: roles/octavia-common/tasks/start.yml - hosts: OCT-API become: yes roles: - octavia-common - octavia-api tasks: - include: roles/octavia-api/tasks/start.yml - hosts: OCT-API become: yes roles: - octavia-common - octavia-worker tasks: - include: roles/octavia-worker/tasks/start.yml - hosts: OCT-HMX become: yes roles: - octavia-common - octavia-health-manager tasks: - include: roles/octavia-health-manager/tasks/start.yml - hosts: OCT-API become: yes roles: - octavia-common - octavia-housekeeping tasks: - include: roles/octavia-housekeeping/tasks/start.yml 0707010000000E000081A40000000000000000000000015EC6B07900000483000000000000000000000000000000000000003D00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/octavia-status.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - hosts: OCT-API become: yes roles: - octavia-api tasks: - include: roles/octavia-api/tasks/status.yml - hosts: OCT-API become: yes roles: - octavia-worker tasks: - include: roles/octavia-worker/tasks/status.yml - hosts: OCT-HMX become: yes roles: - octavia-health-manager tasks: - include: roles/octavia-health-manager/tasks/status.yml - hosts: OCT-API become: yes roles: - octavia-housekeeping tasks: - include: roles/octavia-housekeeping/tasks/status.yml 0707010000000F000081A40000000000000000000000015EC6B079000004CB000000000000000000000000000000000000003B00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/octavia-stop.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - hosts: OCT-API become: yes roles: - octavia-common - octavia-api tasks: - include: roles/octavia-api/tasks/stop.yml - hosts: OCT-API become: yes roles: - octavia-common - octavia-worker tasks: - include: roles/octavia-worker/tasks/stop.yml - hosts: OCT-HMX become: yes roles: - octavia-common - octavia-health-manager tasks: - include: roles/octavia-health-manager/tasks/stop.yml - hosts: OCT-API become: yes roles: - octavia-common - octavia-housekeeping tasks: - include: roles/octavia-housekeeping/tasks/stop.yml 07070100000010000081A40000000000000000000000015EC6B0790000068B000000000000000000000000000000000000003E00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/octavia-upgrade.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - include: octavia-status.yml # Install new venv - include: _octavia-install.yml - hosts: localhost connection: local roles: - tls-trust - octavia-common tasks: - include: roles/octavia-common/tasks/tls_bootstrap.yml - include: roles/tls-trust/tasks/cert_csr.yml - include: roles/tls-trust/tasks/cert_sign.yml - include: roles/octavia-common/tasks/tls_copy.yml - hosts: OCT-API become: yes roles: - octavia-post-configure tasks: - include: roles/octavia-post-configure/tasks/keystone_conf.yml ansible_python_interpreter: "{{ KEY_CLI.vars.keystone_client_python_interpreter }}" # Configure services in a new venv - include: _octavia-configure.yml - hosts: OCT-API become: yes roles: - octavia-post-configure tasks: - include: roles/octavia-post-configure/tasks/db_configure.yml - include: roles/octavia-post-configure/tasks/neutron_to_octavia_migration.yml # Restart services based on notifications set earlier - include: octavia-start.yml - include: octavia-status.yml 07070100000011000041ED0000000000000000000000085EC6B07900000000000000000000000000000000000000000000003000000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles07070100000012000041ED0000000000000000000000055EC6B07900000000000000000000000000000000000000000000003C00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-api07070100000013000041ED0000000000000000000000025EC6B07900000000000000000000000000000000000000000000004500000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-api/defaults07070100000014000081A40000000000000000000000015EC6B079000002E6000000000000000000000000000000000000004E00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-api/defaults/main.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # This file will contain the default values for the octavia server --- octavia_component: octavia-api 07070100000015000041ED0000000000000000000000025EC6B07900000000000000000000000000000000000000000000004200000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-api/tasks07070100000016000081A40000000000000000000000015EC6B07900000471000000000000000000000000000000000000005000000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-api/tasks/configure.yml# # (c) Copyright 2016-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - include: ../../octavia-common/tasks/create_systemd_service.yml octavia_service_cmd: "octavia-api" octavia_service_cmd_args: "--config-file={{ octavia_conf_dir }}/octavia-api.conf" - name: octavia-api | configure | set octavia log file ownership become: yes file: path: "{{ octavia_log_dir }}/{{ item }}" owner: "{{ octavia_user }}" group: "{{ octavia_log_file_group }}" mode: 0640 state: touch with_items: - octavia-api.log - octavia-api-json.log 07070100000017000081A40000000000000000000000015EC6B0790000043F000000000000000000000000000000000000004C00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-api/tasks/start.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: octavia-api | start | Restart the octavia-api service: name=octavia-api state=restarted when: (ardana_notify_octavia_restart_required is defined and ardana_notify_octavia_restart_required.changed) or (ardana_notify_octavia_api_restart_required is defined and ardana_notify_octavia_api_restart_required.changed) - name: octavia-api | start | Start the octavia-api service: name=octavia-api state=started 07070100000018000081A40000000000000000000000015EC6B079000002BE000000000000000000000000000000000000004D00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-api/tasks/status.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - include: ../../octavia-common/tasks/_service_status.yml 07070100000019000081A40000000000000000000000015EC6B079000002E0000000000000000000000000000000000000004B00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-api/tasks/stop.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: octavia-api | stop | Stop the octavia-api service: name=octavia-api state=stopped 0707010000001A000041ED0000000000000000000000025EC6B07900000000000000000000000000000000000000000000004100000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-api/vars0707010000001B000081A40000000000000000000000015EC6B07900000283000000000000000000000000000000000000004A00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-api/vars/main.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- 0707010000001C000041ED0000000000000000000000085EC6B07900000000000000000000000000000000000000000000003F00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common0707010000001D000041ED0000000000000000000000025EC6B07900000000000000000000000000000000000000000000004800000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/defaults0707010000001E000081A40000000000000000000000015EC6B07900001DC5000000000000000000000000000000000000005100000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/defaults/main.yml# # (c) Copyright 2016-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- mysql: host: "{{ OCT_API.consumes_FND_MDB.vips.private[0].host }}" octavia_user: "{{ OCT_API.consumes_FND_MDB.vars.accounts.octavia.username }}" octavia_password: "{{ OCT_API.consumes_FND_MDB.vars.accounts.octavia.password | quote }}" use_tls: "{{ OCT_API.consumes_FND_MDB.vips.private[0].use_tls }}" ca: "?ssl_ca={{ trusted_ca_bundle }}" keystone: admin_tenant: "{{ KEY_API.vars.keystone_admin_tenant }}" service_tenant: "{{ KEY_API.vars.keystone_service_tenant }}" auth_uri: "{{ OCT_API.consumes_KEY_API.vips.private[0].url }}" identity_uri: "{{ OCT_API.consumes_KEY_API.vips.private[0].url }}" endpoint: "{{ OCT_API.consumes_KEY_API.vips.private[0].url }}/v3" octavia_admin_user: "{{ OCT_API.consumes_KEY_API.vars.keystone_octavia_user }}" octavia_admin_password: "{{ OCT_API.consumes_KEY_API.vars.keystone_octavia_password | quote }}" octavia_project_name: "{{ OCT_API.consumes_KEY_API.vars.octavia_admin_project }}" admin_user: "{{ KEY_API.vars.keystone_admin_user }}" admin_password: "{{ KEY_API.vars.keystone_admin_pwd | quote }}" default_domain_name: "{{ KEY_API.vars.keystone_default_domain }}" admin_role: "{{ KEY_API.vars.keystone_admin_role }}" neutron: admin_user: "{{ OCT_API.consumes_KEY_API.vars.keystone_neutron_user }}" admin_password: "{{ OCT_API.consumes_KEY_API.vars.keystone_neutron_password | quote }}" endpoint: "{{ OCT_API.consumes_NEU_SVR.vips.private[0].url }}" nova: endpoint: "{{ OCT_API.consumes_NOV_API.vips.private[0].url }}/v2.1" rabbit: members: "{{ OCT_API.consumes_FND_RMQ.members.private }}" userid: "{{ OCT.consumes_FND_RMQ.vars.accounts.octavia.username }}" password: "{{ OCT.consumes_FND_RMQ.vars.accounts.octavia.password }}" use_ssl: "{{ OCT.consumes_FND_RMQ.members.private[0].use_tls }}" health_manager: members: "{{ OCT_API.consumes_OCT_HMX.members.private }}" heartbeat_key: "{{ OCT_API.consumes_OCT_HMX.vars.heartbeat_key }}" octavia_db_connection: "mysql+pymysql://{{ mysql.octavia_user }}:{{ mysql.octavia_password | urlencode }}@{{ mysql.host }}/octavia{% if mysql.use_tls %}{{ mysql.ca }}{% endif %}" # Other variables octavia_endpoint_type: "internalURL" installation_directory: "/usr/share" octavia_user: "octavia" octavia_group: "octavia" octavia_log_file_group: "adm" keystone_service_tenant: "{{ keystone.service_tenant }}" keystone_admin_tenant: "{{ keystone.admin_tenant }}" keystone_admin_user: "{{ keystone.admin_user }}" keystone_admin_password: "{{ keystone.admin_password }}" keystone_endpoint: "{{ keystone.endpoint }}" neutron_endpoint: "{{ neutron.endpoint }}" nova_endpoint: "{{ nova.endpoint }}" keystone_default_domain: "{{ keystone.default_domain_name }}" octavia_log_dir: "/var/log/octavia" octavia_common_rundir: "/var/run/octavia" octavia_project_domain_name: "{{ keystone.default_domain_name }}" octavia_user_domain_name: "{{ keystone.default_domain_name }}" octavia_project_name: "{{ keystone.octavia_project_name }}" octavia_neutron_admin_role: "neutron_admin" octavia_region_name: "{{ OCT.regions | first }}" # Packages required by all roles # Note: individual roles override this list during their respective installs #required_packages: # - ipset # - iptables ## [DEFAULT] octavia_bind_host: "{% if host.bind.OCT_API is defined %}{{ host.bind.OCT_API.internal.ip_address }}{% endif %}" octavia_bind_port: "9876" ## [health_manager] octavia_healthmanager_bind_host: "{{ octavia_bind_host }}" octavia_healthmanager_port: "5555" octavia_healthmanager_hosts: "{% for x in health_manager.members %}{{ x.ip_address }}:{{ x.port }}{%if not loop.last %},{% endif %}{% endfor %}" octavia_heartbeat_key: "{{ health_manager.heartbeat_key }}" octavia_heartbeat_interval: 10 octavia_health_check_interval: 3 ### RabbitMQ octavia_rabbit_hosts: "{% for x in rabbit.members %}{{ x.host }}:{{ x.port }}{%if not loop.last %},{% endif %}{% endfor %}" octavia_rabbit_userid: "{{ rabbit.userid }}" octavia_rabbit_password: "{{ rabbit.password }}" octavia_rabbit_use_ssl: "{{ rabbit.use_ssl }}" octavia_rabbit_hosts_url: >- {%- for x in rabbit.members -%} {{ octavia_rabbit_userid }}:{{ octavia_rabbit_password }}@{{ x.host }}:{{ x.port }}{%- if not loop.last -%},{%- endif -%} {%- endfor -%} octavia_transport_url: "rabbit://{{ octavia_rabbit_hosts_url }}//" ## [keystone_authtoken] octavia_auth_endpoint: "{{ keystone.endpoint }}" octavia_identity_uri: "{{ keystone.identity_uri }}" octavia_admin_user: "{{ keystone.octavia_admin_user }}" octavia_admin_password: "{{ keystone.octavia_admin_password }}" octavia_ca_file: "{{ trusted_ca_bundle }}" ## [certificates] octavia_ca_private_key_passphrase: "foobar" octavia_ca_private_key: "{{ octavia_conf_dir }}/certs/private/cakey.pem" octavia_ca_certificate: "{{ octavia_conf_dir }}/certs/cacert.pem" ## [haproxy_amphora] octavia_server_ca: "{{ octavia_conf_dir}}/certs/cacert.pem" octavia_client_ca: "{{ octavia_conf_dir}}/certs/client_ca.pem" octavia_client_cert: "{{ octavia_conf_dir}}/certs/client.pem" octavia_client_cert_monitoring: "{{ octavia_conf_dir}}/client_monitoring.pem" octavia_key_path: "{{ octavia_conf_dir}}/.ssh/octavia_ssh_key" # haproxy_template = /var/lib/octavia/custom_template # The following may need to be an absolute location: # base_log_dir = /logs ## [barbican] neutron_admin_user: "{{ neutron.admin_user }}" neutron_admin_password: "{{ neutron.admin_password }}" octavia_mgmt_net: "{{ config_data.OCT.amp_network_name }}" octavia_mgmt_sec_group: "lb-mgmt-sec-group" octavia_nova_flavor_name: "m1.lbaas.amphora" # This is set later once the image is unpacked octavia_amp_image_id: "" octavia_amp_image_tag: "amphora" octavia_user_domain_name: "{{ keystone.default_domain_name }}" octavia_project_domain_name: "{{ keystone.default_domain_name }}" ## variables needed by _write_conf.yml write_conf_file_owner: "{{ octavia_user }}" write_conf_file_group: "{{ octavia_group }}" # tls stuff tls_temp_dir: "/tmp/ardana_octavia_tls/" tls_req_dir: "/tmp/ardana_octavia_tls/" tls_req_file: "ardana-octavia-req" tls_certs_dir: "/tmp/ardana_octavia_certs/" tls_ca_cert_file: "cacert.pem" tls_ca_key_file: "cakey.pem" tls_index_file: "{{ tls_temp_dir }}/indext.txt" tls_serial_file: "{{ tls_temp_dir }}/serial" tls_cert_file: "{{ tls_certs_dir }}/client.pem" tls_server_ca_file: "serverca_01.pem" tls_server_ca_key_file: "servercakey.pem" # need Neutron database connection string to migrate load balancer data neutron_mysql: db_ssl: "{% if NEU_SVR.consumes_FND_MDB.vips.private[0].use_tls %}?ssl_ca={{ trusted_ca_bundle }}{% endif %}" host: "{{ NEU_SVR.consumes_FND_MDB.vips.private[0].host }}" admin_user: "{{ NEU_SVR.consumes_FND_MDB.vars.accounts.neutron.username }}" admin_password: "{{ NEU_SVR.consumes_FND_MDB.vars.accounts.neutron.password | quote }}" neutron_db_connection: "mysql+pymysql://{{ neutron_mysql.admin_user }}:{{ neutron_mysql.admin_password | urlencode }}@{{ neutron_mysql.host }}/ovs_neutron{{ neutron_mysql.db_ssl }}" 0707010000001F000041ED0000000000000000000000025EC6B07900000000000000000000000000000000000000000000004500000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/files07070100000020000081A40000000000000000000000015EC6B07900000687000000000000000000000000000000000000005000000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/files/cacert.pem-----BEGIN CERTIFICATE----- MIIEpDCCA4ygAwIBAgIJAN1H61H2/+beMA0GCSqGSIb3DQEBBQUAMIGSMQswCQYD VQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVNhbiBEaWVnbzEMMAoGA1UE ChMDSFBFMQ4wDAYDVQQLEwVDbG91ZDEmMCQGA1UEAxMdSGVsaW9uIE9jdGF2aWEg Q2xpZW50IERlbW8gQ0ExHDAaBgkqhkiG9w0BCQEWDWxiYWFzQGhwZS5jb20wHhcN MTYwMjE4MTY0NzM3WhcNMzYwMjEzMTY0NzM3WjCBkjELMAkGA1UEBhMCVVMxCzAJ BgNVBAgTAkNBMRIwEAYDVQQHEwlTYW4gRGllZ28xDDAKBgNVBAoTA0hQRTEOMAwG A1UECxMFQ2xvdWQxJjAkBgNVBAMTHUhlbGlvbiBPY3RhdmlhIENsaWVudCBEZW1v IENBMRwwGgYJKoZIhvcNAQkBFg1sYmFhc0BocGUuY29tMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEA9LMukgQrFSyIwROGuvjHswfv0571kcXHm43/1fnU /9MJNtrkt+p5xiNw+f1S6Oarkv7R5ALf1I8/G4J4RQCWYUBjiozz9d2MtrFAIM+G JWIK7erzLQ85SWxN5/6or/E9WRrxocRRbbrB0+fNHm6RWtbIK0V5yjC3QxemQ975 H73F/Y1aIgfSjgjbuIwuUiy6/rl9WowDXsJY977ZsTrv4vJvklDo2bdy9zgZ1UNi uKRGYwhFtuVwjOkl3G8OVIyciuOZrqiQ6RTI25VM6DV2M4+tGha6Ra8wSNbjT2Vp Qxo4ywTJ5qSMm440QZCkvKUNUseewaI/I1dcSoJxeoX9pQIDAQABo4H6MIH3MB0G A1UdDgQWBBR329ZEypvomN5ynDmoeVrsAXFXZTCBxwYDVR0jBIG/MIG8gBR329ZE ypvomN5ynDmoeVrsAXFXZaGBmKSBlTCBkjELMAkGA1UEBhMCVVMxCzAJBgNVBAgT AkNBMRIwEAYDVQQHEwlTYW4gRGllZ28xDDAKBgNVBAoTA0hQRTEOMAwGA1UECxMF Q2xvdWQxJjAkBgNVBAMTHUhlbGlvbiBPY3RhdmlhIENsaWVudCBEZW1vIENBMRww GgYJKoZIhvcNAQkBFg1sYmFhc0BocGUuY29tggkA3UfrUfb/5t4wDAYDVR0TBAUw AwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAOb4yRfE5sekBxMoiXE/NAtH9rciHCKno RZ3ysVJ3kXwV29S27ziPM+JEe8A8HO8jXVw8DQA2VcBlU2cBOgzeV1CLMg/83IpW vAcEXdfodWc0E79UPleaEGd0tVLxMjzxBVpasvcojpJO3FH9lpg9wLXZA6TfxZ4C dCGdr5BDLI1sZG4QQ+h+9hh0Tqhx6YFgHUnt3HhvGK/tZ2iNPnw3ZCY8BPzGSKGK 3k/6X23cgtSAaRz91mmsy/DMlpGkPyGLA2G8dT9Mz+iPTz8Qbn8EvCom31y6P5pn htvSgd7wb/FVU+8JWRhs6QuzTdRT802K4xjs9v7Ukl1cMGzVGycwug== -----END CERTIFICATE----- 07070100000021000081A40000000000000000000000015EC6B0790000068F000000000000000000000000000000000000004F00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/files/cakey.pem-----BEGIN RSA PRIVATE KEY----- MIIEpQIBAAKCAQEA9LMukgQrFSyIwROGuvjHswfv0571kcXHm43/1fnU/9MJNtrk t+p5xiNw+f1S6Oarkv7R5ALf1I8/G4J4RQCWYUBjiozz9d2MtrFAIM+GJWIK7erz LQ85SWxN5/6or/E9WRrxocRRbbrB0+fNHm6RWtbIK0V5yjC3QxemQ975H73F/Y1a IgfSjgjbuIwuUiy6/rl9WowDXsJY977ZsTrv4vJvklDo2bdy9zgZ1UNiuKRGYwhF tuVwjOkl3G8OVIyciuOZrqiQ6RTI25VM6DV2M4+tGha6Ra8wSNbjT2VpQxo4ywTJ 5qSMm440QZCkvKUNUseewaI/I1dcSoJxeoX9pQIDAQABAoIBAQCz6Gl9AYOLdcq1 6d1M6kwo3NT/CggSvQ8c1zIZ6C0qScakhhtS/Rm7C6OsqQukILRUxvUaZuKaLReA 6lPyp5PovKZy318ejV0/lOJJPUqrgYH3mp5fqqm7yd0djKYJdZxdPuoYvXYA7yZC 3lJ45WIJH5Db/6Cjf129/k1H6U/QfQ5TuUro6j7B6JC0wl8BFF1FmrFoXdOWAKb4 qsl504857Ff5zDuZsanT36x1LN0XWwCeoRuqL0N5i61e+TLGJ771xq2GTn8yUYue IuCBB/QAbkLSf7yAQE5wC8245rIvsoHgVNOIvVnLqQI34AH0AUvLdbZsPFmn20ry NM0GRPkBAoGBAP7iuI99k29Ked+81IBP/tilcx0pUb9rOHOMFVJeJTggRT0/1gF/ wLDXQkmHHPK9SLfxK3rFQuS1LxgmaKDKwhj5i6l6f8zk9fSZhbR6PynxNSwkn1X8 MDYZVoR3K7a/StHkVNKT/FoHMOK7qJjeXD38rHKLJDuGLw9QefWT67qJAoGBAPXF D4n7hHS1+3Cgs13pw6IzO/ezrPZG0s5gY67/n41FJOCDKsFoFvUZk6DYaGQktpl8 sRYzVIWXICc93+kD2TFr00Q/6VIk7esVkUgTo6TVvpUvxJV2x4nC5HqINbpi+Ot0 h3tlGVQ8tPjwyp/CjgHONrSDEbnOGG6RY+niV3M9AoGAE/uOYKGFt4ntOB9DwbOD 1VRTTAv7PriXOmfXHBgJbvcItp6UlpV/c93McptHJ7izRMiBkiR49BlIUepg9Yov 4WlfC7Bw6I1iwwRuORIEdbNVadqNK16UIQmngMcfBDrHEOGHzOKRPDWoHX58308/ iBSRKIHEG26PrfGvPhOUvZECgYEAklYJkJEQJyYMVt14r1x3Pebft/dl7yXwcy11 bUeLSuR2tq+jD5HYyYu3GTiBv88UYoOaNavOkdSQMo1m+yltcz3Oh36+gEi42Rb4 cEAxWf5jAhV1KcGVwfMnc8YSp64ypI+388MYt82FvAwzubhwMacFb6nzLf0HEx7C rQo2I8kCgYEAiAufrajQCiRCU0sS2J+53rPmyRQrEP0upxhJmj6MMRMExVvED8VN hkY3544VW4tKVCMZBtDUxxcYm90xDiQtuCFKCW1taaVFwPWg+VdlYpZFv01bJhz/ AKHmXMuZtDK7wl3YJdrom6w2o+M5EugmViUV8TF2+1gli0o/mCpMJxY= -----END RSA PRIVATE KEY----- 07070100000022000081A40000000000000000000000015EC6B07900000687000000000000000000000000000000000000005500000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/files/serverca_01.pem-----BEGIN CERTIFICATE----- MIIEpDCCA4ygAwIBAgIJAI5jCsK04Z18MA0GCSqGSIb3DQEBBQUAMIGSMQswCQYD VQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVNhbiBEaWVnbzEMMAoGA1UE ChMDSFBFMQ4wDAYDVQQLEwVDbG91ZDEmMCQGA1UEAxMdSGVsaW9uIE9jdGF2aWEg U2VydmVyIERlbW8gQ0ExHDAaBgkqhkiG9w0BCQEWDWxiYWFzQGhwZS5jb20wHhcN MTYwMjE4MTY1NjQzWhcNMzYwMjEzMTY1NjQzWjCBkjELMAkGA1UEBhMCVVMxCzAJ BgNVBAgTAkNBMRIwEAYDVQQHEwlTYW4gRGllZ28xDDAKBgNVBAoTA0hQRTEOMAwG A1UECxMFQ2xvdWQxJjAkBgNVBAMTHUhlbGlvbiBPY3RhdmlhIFNlcnZlciBEZW1v IENBMRwwGgYJKoZIhvcNAQkBFg1sYmFhc0BocGUuY29tMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAyhE+0IGAEpFnobw5DyOxw8jndPyR0MZRkIBCdYe4 7Dauf2dS5zNm0CmzplEBtudbxxgCF3YKavZqkPZQzsDfUxYr056vAnph3secQ1Gd AzjC9SCuiIkzaG2E1ibjKg2KT8QXx+aUhGWbKUf2TRuN3OBAtoDiJskSmHAyvkpm PLnMgJT+aGBibyBhSYF07WSKf3arI+WGJu5X3nH9VH5o17HwAOoLDNvVHQcXDg7q VfWMFXH9MaG46Rox1LMN5kq9Ep3Elu0ec0Sap2wAts6BCWkM766N9jPz+iUDSBvf AOezkZawmeNq/WaKZzdp3nd/cBQMABJu35NG0fRrFbWC8wIDAQABo4H6MIH3MB0G A1UdDgQWBBTRQQSW794lYXblc87iSmOM72uvbzCBxwYDVR0jBIG/MIG8gBTRQQSW 794lYXblc87iSmOM72uvb6GBmKSBlTCBkjELMAkGA1UEBhMCVVMxCzAJBgNVBAgT AkNBMRIwEAYDVQQHEwlTYW4gRGllZ28xDDAKBgNVBAoTA0hQRTEOMAwGA1UECxMF Q2xvdWQxJjAkBgNVBAMTHUhlbGlvbiBPY3RhdmlhIFNlcnZlciBEZW1vIENBMRww GgYJKoZIhvcNAQkBFg1sYmFhc0BocGUuY29tggkAjmMKwrThnXwwDAYDVR0TBAUw AwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAGusB9CMZiPEwg2UbsNMxxNKqD7UF56g4 ojl1UCbd0LdWAfwraZIk4A2m50o5kPQw3To1N6qTOGr3rzT2GkktrbB+Tfaluorq LYjfwzNj72T1QCJOfgvJZEgBgTBIfWkJXa8FDyBMiPnlHZhnbxU4uNf2kJcqAmF+ otbwMJg96+qEXC6nICN0N6vNARZvLKT1mQZZ3SIhXnzX53aBya0ma4zOWc29kkn6 uachCLGpU7uRvFaP7dgpu0WoRiwmbg2IVhtkavg8tT1gv4KNyHP2uUyHrH12FINS 0bWZodG5Ty3eCYyc2QaJWZFUbXwPZGaspFxHhiMfPKAQ3AxjvD2CwQ== -----END CERTIFICATE----- 07070100000023000081A40000000000000000000000015EC6B079000006D7000000000000000000000000000000000000005500000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/files/servercakey.pem-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,056D586D079DEFCA KnC/Yh4Od59N4S2HKuLFmcQfZWfPzexqENLmtrmxs6qi63jedoVcve3/ez9rSBbA G9zBIyAtDvkjFPviDamA7x+MvsLrictOsuArbJYE+Hs2KVdqU47BsD8Y6HamA/HT Ws5st0W7PKD0iH0X+05BKsRzpdbmbd3NpB9N4FQydfOjo9sPLVVrvsmo3FmEkERV 9UttXI4daA6GjfrOPz3n7HHJNOcQ+ObvBf7Bk0N69pBXvt3Q5jjZsc3XsfYRD29j CjIalKg9ERUTNaEVVw2qQl0RIw8HrueN8WZBGB36YxWvatFVZ65X0hMgl808dgl6 cYRJ2HOvlodew/lDTcAgF7XQTHqlIAkD1od8HyTUq86A2+DARGYoeacTk5lhM1d+ uzfiS/mtB/0fl9gkPW4mBYdwd0l8kU06Jt5R475QItPRrpFx3Vty225lqV9+pVv4 M9MMXosXESsyOumzJjvJtmvG4Obh+75SH2B6kPRXojz3DiKgMRvf7HtgVEblyiOx 9a0J28ZS6OmUBA2bp3FQ5KEyZYXxWmNkCt6Jl699X+Qk0mq/AKLJB7BSgeX/Uc+O SILejomGCyieW31seIJkUZCUso8N+1f19ZKdLZ7gj6sG/mayk6q9I66ak+FvBGNI ICJDgqXEj4+sqo4oH55mK81TIQriZTGf7y2CnAfjTfZ6D/yW81Qw5aKtDtut2gj7 df8w1JEewbkEYZ7Jq5uYANTyAwNN4WNobf44XE2qx9RmcpcWwfSAXqwEv9Jk24S/ e8H1dPWpsm/fcRSG/8UiSBoswKPe9tU5UGeVok7Rl5D0lGPTMhYv6MYO41DcZMEW yOb6QkRqbiYg0URIjTC2Wx7HN7X5XILzSqvKvhMuHiOAGCjzMtfJxlle5Zn1gl8L x1egvp4/QDlwevPgzynGIRj9du4uG3Q+HacjSHw1HtggmG6VYhucBa+M12f0cFvm +J0DX4086w5p8mnJJ1SYOwCU7j8u2+LGERAWG38KUCOmGG1KIkO2H+jO2ijS4Gij domNSoJVHZGRFLQsBTCrjzgxijcTPz7CSF2MMHY1D1SvDRU+TWJqWpj8bENpGlc7 SYVaxW3oybJ/9jV/mSSgpMF2So1YR2bOwLxg2EB5B/7+3aqzcLs5nTgGaCCbyBxD bvpIHr5bGWm6Mio/wkaQlbIA2slxF1dQHPVE+GUEMMb95SXSKhmgMJNLYcv0A/kC PZ83OJhYH/quUgzVdbF1X5J0NGv/UXjHy4xRhFuMzs65X8Yrn5aCm9dM7mH9iEhu 0dfVM5jOBvqhTRblsyAYCoh+L5daU3AdCEY+1uAuC3fa33LltcNXMgsZdHsYliHG LLXPX+zzOadacpNXlKO4u69gHPW7BlQPnfWG67zGxVhWoJzdWzVgPdMy9Bn8vWuj zyErhApupUYSvcRTD3XrZjDLUnh0uFbtx1cFHcP8xCFU1wkCcc7tNvtmRSH6GNxJ /OEsIoweWntdMKghaROLNxErN8/aCkyWMaerYXtMQeYy1kUqyDhS3C6cdyRIZsek ejPcNJIwnp/ng3sZ11CVWK91BZJhReYUkiXArKjV+QDYY7SlhtgzfPha8KKsannY -----END RSA PRIVATE KEY----- 07070100000024000041ED0000000000000000000000025EC6B07900000000000000000000000000000000000000000000004400000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/meta07070100000025000081A40000000000000000000000015EC6B07900000263000000000000000000000000000000000000004D00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/meta/main.yml# (c) Copyright 2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- dependencies: - role: tls-vars 07070100000026000041ED0000000000000000000000025EC6B07900000000000000000000000000000000000000000000004500000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/tasks07070100000027000081A40000000000000000000000015EC6B07900000F5D000000000000000000000000000000000000006000000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/tasks/_create_mgmt_sec_group.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: octavia-common | _create_mgmt_sec_group | Retrieve management subnet for single-cp shell: > openstack network show {{ octavia_mgmt_net_id.stdout }} | tr -d ' ' | grep "subnets" | cut -f 3 -d '|' environment: &OS_ENV OS_AUTH_URL: "{{ octavia_auth_endpoint }}" OS_USERNAME: "{{ octavia_admin_user }}" OS_PASSWORD: "{{ octavia_admin_password }}" OS_PROJECT_NAME: "{{ octavia_project_name }}" OS_USER_DOMAIN_NAME: "{{ octavia_user_domain_name }}" OS_PROJECT_DOMAIN_NAME: "{{ octavia_project_domain_name }}" OS_ENDPOINT_TYPE: "{{ octavia_endpoint_type }}" OS_REGION_NAME: "{{ octavia_region_name }}" OS_CACERT: "{{ octavia_ca_file }}" OS_IDENTITY_API_VERSION: "3" OS_AUTH_VERSION: "3" OS_INTERFACE: "internal" register: octavia_mgmt_subnet run_once: true - name: octavia-common | _create_mgmt_sec_group | Retrieve management subnet for multi-cp shell: > openstack network show {{ octavia_mgmt_net_id.stdout }} | tr -d ' ' | grep "subnets" | cut -f 3 -d '|' environment: OS_AUTH_URL: "{{ octavia_auth_endpoint }}" OS_USERNAME: "{{ octavia_admin_user }}" OS_PASSWORD: "{{ octavia_admin_password }}" OS_PROJECT_NAME: "{{ octavia_project_name }}" OS_USER_DOMAIN_NAME: "{{ octavia_user_domain_name }}" OS_PROJECT_DOMAIN_NAME: "{{ octavia_project_domain_name }}" OS_ENDPOINT_TYPE: "{{ octavia_endpoint_type }}" OS_REGION_NAME: "{{ octavia_region_name }}" OS_CACERT: "{{ octavia_ca_file }}" OS_IDENTITY_API_VERSION: "3" OS_AUTH_VERSION: "3" OS_INTERFACE: "internal" register: octavia_mgmt_subnet run_once_per: verb_hosts.OCT_API - name: octavia-common | _create_mgmt_sec_group | Verify if management subnet was found fail: msg: "Management subnet was not found" when: octavia_mgmt_subnet.stdout == "" run_once_per: verb_hosts.OCT_API - name: octavia-common | _create_mgmt_sec_group | Check if management security group exists shell: > openstack security group show {{ octavia_mgmt_sec_group }} environment: *OS_ENV register: octavia_mgmt_sec_group_check ignore_errors: True run_once_per: verb_hosts.OCT_API - name: octavia-common | _create_mgmt_sec_group | Create management security group shell: > openstack security group create {{ octavia_mgmt_sec_group }} --description "Octavia Management Security Group" environment: *OS_ENV when: octavia_mgmt_sec_group_check|failed run_once_per: verb_hosts.OCT_API - name: octavia-common | _create_mgmt_sec_group | Get management security group id shell: > openstack security group list| grep {{ octavia_mgmt_sec_group }} | tr -d ' ' | cut -f 2 -d '|' environment: *OS_ENV register: octavia_mgmt_sec_group_id run_once: true - name: octavia-common | _create_mgmt_sec_group | Get management security group id shell: > openstack security group list| grep {{ octavia_mgmt_sec_group }} | tr -d ' ' | cut -f 2 -d '|' environment: *OS_ENV register: octavia_mgmt_sec_group_id run_once_per: verb_hosts.OCT_API - name: octavia-common | _create_mgmt_sec_group | rule, TCP 9443 shell: > openstack security group rule create --protocol tcp --dst-port 9443:9443 {{ octavia_mgmt_sec_group }} environment: *OS_ENV ignore_errors: True run_once_per: verb_hosts.OCT_API 07070100000028000081A40000000000000000000000015EC6B0790000117F000000000000000000000000000000000000005D00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/tasks/_create_nova_flavor.yml# # (c) Copyright 2016-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: octavia-common | _create_nova_flavor | Check if flavor exists shell: > nova flavor-show {{ octavia_nova_flavor_name }} environment: &OS_ENV OS_AUTH_URL: "{{ keystone_endpoint }}" OS_USERNAME: "{{ keystone_admin_user }}" OS_PASSWORD: "{{ keystone_admin_password }}" OS_PROJECT_NAME: "{{ keystone_service_tenant }}" OS_USER_DOMAIN_NAME: "{{ keystone_default_domain }}" OS_PROJECT_DOMAIN_NAME: "{{ keystone_default_domain }}" OS_ENDPOINT_TYPE: "{{ octavia_endpoint_type }}" OS_REGION_NAME: "{{ octavia_region_name }}" OS_CACERT: "{{ octavia_ca_file }}" OS_IDENTITY_API_VERSION: "3" OS_AUTH_VERSION: "3" register: octavia_nova_flavor_check_result ignore_errors: True run_once_per: verb_hosts.OCT_API - name: octavia-common | _create_nova_flavor | Create nova flavor shell: > nova flavor-create --is-public False {{ octavia_nova_flavor_name }} auto 1024 2 1 environment: *OS_ENV when: octavia_nova_flavor_check_result|failed run_once_per: verb_hosts.OCT_API - name: octavia-common | _create_nova_flavor | Get octavia project id shell: > openstack project show -f value -c id {{ octavia_project_name }} environment: OS_AUTH_URL: "{{ keystone_endpoint }}" OS_USERNAME: "{{ keystone_admin_user }}" OS_PASSWORD: "{{ keystone_admin_password }}" OS_USER_DOMAIN_NAME: "{{ keystone_default_domain }}" OS_DOMAIN_NAME: "{{ keystone_default_domain }}" OS_ENDPOINT_TYPE: "{{ octavia_endpoint_type }}" OS_REGION_NAME: "{{ octavia_region_name }}" OS_CACERT: "{{ octavia_ca_file }}" OS_IDENTITY_API_VERSION: "3" OS_AUTH_VERSION: "3" when: octavia_nova_flavor_check_result|failed register: project_id_results changed_when: False run_once_per: verb_hosts.OCT_API - name: octavia-common | _create_nova_flavor | Assign tenant access to flavor shell: > nova flavor-access-add {{ octavia_nova_flavor_name }} {{ project_id_results.stdout }} environment: *OS_ENV when: octavia_nova_flavor_check_result|failed run_once_per: verb_hosts.OCT_API - name: octavia-common | _create_nova_flavor | Retrieve nova flavor_id for single-cp shell: > nova flavor-list | grep {{ octavia_nova_flavor_name }} | tr -d ' ' | cut -f 2 -d '|' environment: OS_AUTH_URL: "{{ octavia_auth_endpoint }}" OS_USERNAME: "{{ octavia_admin_user }}" OS_PASSWORD: "{{ octavia_admin_password }}" OS_PROJECT_NAME: "{{ octavia_project_name }}" OS_USER_DOMAIN_NAME: "{{ octavia_user_domain_name }}" OS_PROJECT_DOMAIN_NAME: "{{ octavia_project_domain_name }}" OS_ENDPOINT_TYPE: "{{ octavia_endpoint_type }}" OS_REGION_NAME: "{{ octavia_region_name }}" OS_CACERT: "{{ octavia_ca_file }}" OS_IDENTITY_API_VERSION: "3" OS_AUTH_VERSION: "3" register: octavia_nova_flavor_id run_once: true # Duplicating it for the case of multi-cp environment so that this variable is registered # for all the regions. Only this task will not work as this variable is required by all # the controllers in single-cp environment also. - name: octavia-common | _create_nova_flavor | Retrieve nova flavor_id for multi-cp shell: > nova flavor-list | grep {{ octavia_nova_flavor_name }} | tr -d ' ' | cut -f 2 -d '|' environment: OS_AUTH_URL: "{{ octavia_auth_endpoint }}" OS_USERNAME: "{{ octavia_admin_user }}" OS_PASSWORD: "{{ octavia_admin_password }}" OS_PROJECT_NAME: "{{ octavia_project_name }}" OS_USER_DOMAIN_NAME: "{{ octavia_user_domain_name }}" OS_PROJECT_DOMAIN_NAME: "{{ octavia_project_domain_name }}" OS_ENDPOINT_TYPE: "{{ octavia_endpoint_type }}" OS_REGION_NAME: "{{ octavia_region_name }}" OS_CACERT: "{{ octavia_ca_file }}" OS_IDENTITY_API_VERSION: "3" OS_AUTH_VERSION: "3" register: octavia_nova_flavor_id run_once_per: verb_hosts.OCT_API 07070100000029000081A40000000000000000000000015EC6B07900000CE0000000000000000000000000000000000000005B00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/tasks/_get_glance_image.yml# # (c) Copyright 2016-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: octavia-common | _get_glance_image | Get octavia project id command: openstack \ project show -f value -c id {{ octavia_project_name }} environment: &OS_ENV OS_AUTH_URL: "{{ keystone_endpoint }}" OS_USERNAME: "{{ keystone_admin_user }}" OS_PASSWORD: "{{ keystone_admin_password }}" OS_USER_DOMAIN_NAME: "{{ keystone_default_domain }}" OS_DOMAIN_NAME: "{{ keystone_default_domain }}" OS_ENDPOINT_TYPE: "{{ octavia_endpoint_type }}" OS_REGION_NAME: "{{ octavia_region_name }}" OS_CACERT: "{{ octavia_ca_file }}" OS_IDENTITY_API_VERSION: "3" OS_AUTH_VERSION: "3" register: project_id_results changed_when: False - name: octavia-common | _get_glance_image | Set octavia_project_id set_fact: octavia_project_id: "{{ project_id_results.stdout }}" when: project_id_results | success - name: octavia-common | _get_glance_image | Get glance image ID shell: > glance image-list \ --sort-key created_at \ --sort-dir desc \ --owner {{ octavia_project_id }} | grep 'amphora' | awk 'NR==1{print $2; exit}' environment: OS_AUTH_URL: "{{ keystone_endpoint }}" OS_USERNAME: "{{ keystone_admin_user }}" OS_PASSWORD: "{{ keystone_admin_password }}" OS_PROJECT_NAME: "{{ keystone_service_tenant }}" OS_USER_DOMAIN_NAME: "{{ keystone_default_domain }}" OS_PROJECT_DOMAIN_NAME: "{{ keystone_default_domain }}" OS_ENDPOINT_TYPE: "{{ octavia_endpoint_type }}" OS_REGION_NAME: "{{ octavia_region_name }}" OS_CACERT: "{{ octavia_ca_file }}" OS_IDENTITY_API_VERSION: "3" OS_AUTH_VERSION: "3" register: octavia_image_id_results when: project_id_results | success - name: octavia-common | _get_glance_image | Set octavia_amp_image_id set_fact: octavia_amp_image_id: "{{ octavia_image_id_results.stdout }}" when: project_id_results | success and octavia_image_id_results | success - name: octavia-common | _get_glance_image | Set octavia image tag command: openstack \ image set --tag {{ octavia_amp_image_tag }} {{ octavia_amp_image_id }} environment: OS_AUTH_URL: "{{ keystone_endpoint }}" OS_USERNAME: "{{ keystone_admin_user }}" OS_PASSWORD: "{{ keystone_admin_password }}" OS_USER_DOMAIN_NAME: "{{ keystone_default_domain }}" OS_DOMAIN_NAME: "{{ keystone_default_domain }}" OS_ENDPOINT_TYPE: "{{ octavia_endpoint_type }}" OS_INTERFACE: "{{ octavia_endpoint_type }}" OS_REGION_NAME: "{{ octavia_region_name }}" OS_CACERT: "{{ octavia_ca_file }}" OS_IDENTITY_API_VERSION: "3" OS_AUTH_VERSION: "3" when: octavia_image_id_results.stdout | length > 0 run_once: True 0707010000002A000081A40000000000000000000000015EC6B07900000989000000000000000000000000000000000000005B00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/tasks/_get_mgmt_network.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: octavia-common | _get_mgmt_network | Get management network for single-cp shell: > openstack network list | grep {{ octavia_mgmt_net }} | tr -d ' ' | cut -f 2 -d '|' environment: &OS_ENV OS_AUTH_URL: "{{ octavia_auth_endpoint }}" OS_USERNAME: "{{ octavia_admin_user }}" OS_PASSWORD: "{{ octavia_admin_password }}" OS_PROJECT_NAME: "{{ octavia_project_name }}" OS_USER_DOMAIN_NAME: "{{ octavia_user_domain_name }}" OS_PROJECT_DOMAIN_NAME: "{{ octavia_project_domain_name }}" OS_ENDPOINT_TYPE: "{{ octavia_endpoint_type }}" OS_REGION_NAME: "{{ octavia_region_name }}" OS_CACERT: "{{ octavia_ca_file }}" OS_IDENTITY_API_VERSION: "3" OS_AUTH_VERSION: "3" OS_INTERFACE: "internal" register: octavia_mgmt_net_id run_once: true - name: octavia-common | _get_mgmt_network | Get management network for multi-cp shell: > openstack network list | grep {{ octavia_mgmt_net }} | tr -d ' ' | cut -f 2 -d '|' environment: OS_AUTH_URL: "{{ octavia_auth_endpoint }}" OS_USERNAME: "{{ octavia_admin_user }}" OS_PASSWORD: "{{ octavia_admin_password }}" OS_PROJECT_NAME: "{{ octavia_project_name }}" OS_USER_DOMAIN_NAME: "{{ octavia_user_domain_name }}" OS_PROJECT_DOMAIN_NAME: "{{ octavia_project_domain_name }}" OS_ENDPOINT_TYPE: "{{ octavia_endpoint_type }}" OS_REGION_NAME: "{{ octavia_region_name }}" OS_CACERT: "{{ octavia_ca_file }}" OS_IDENTITY_API_VERSION: "3" OS_AUTH_VERSION: "3" OS_INTERFACE: "internal" register: octavia_mgmt_net_id run_once_per: verb_hosts.OCT_API - name: octavia-common | _get_mgmt_network | Verify if management network was found fail: msg="Management network was not found" when: octavia_mgmt_net_id.stdout == "" run_once_per: verb_hosts.OCT_API 0707010000002B000081A40000000000000000000000015EC6B079000007C0000000000000000000000000000000000000006B00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/tasks/_install_configure_nlbaas2octavia.yml# # (c) Copyright 2020 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: octavia-common | _install_configure_nlbaas2octavia | Get octavia project id command: openstack \ project show -f value -c id {{ octavia_project_name }} environment: &OS_ENV OS_AUTH_URL: "{{ keystone_endpoint }}" OS_USERNAME: "{{ keystone_admin_user }}" OS_PASSWORD: "{{ keystone_admin_password }}" OS_USER_DOMAIN_NAME: "{{ keystone_default_domain }}" OS_DOMAIN_NAME: "{{ keystone_default_domain }}" OS_ENDPOINT_TYPE: "{{ octavia_endpoint_type }}" OS_REGION_NAME: "{{ octavia_region_name }}" OS_CACERT: "{{ octavia_ca_file }}" OS_IDENTITY_API_VERSION: "3" OS_AUTH_VERSION: "3" register: project_id_results changed_when: False - name: octavia-common | _install_configure_nlbaas2octavia | Set octavia_project_id set_fact: octavia_project_id: "{{ project_id_results.stdout }}" when: project_id_results | success - name: octavia-common | _install_configure_nlbaas2octavia | Install nlbaas2octavia template: src: "nlbaas2octavia.j2" dest: "{{ octavia_bin_dir }}/nlbaas2octavia" owner: "root" group: "root" mode: 0755 - name: octavia-common | _install_configure_nlbaas2octavia | Configure nlbaas2octavia template: src: "nlbaas2octavia.conf.j2" dest: "{{ octavia_conf_dir }}/nlbaas2octavia.conf" owner: "{{ octavia_user }}" group: "{{ octavia_group }}" mode: 0640 0707010000002C000081A40000000000000000000000015EC6B07900000319000000000000000000000000000000000000005B00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/tasks/_schedule_restart.yml# # (c) Copyright 2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: octavia-common | _schedule_restart | Schedule a restart for all services debug: msg: "Trigger a change notification in octavia" changed_when: true register: ardana_notify_octavia_restart_required0707010000002D000081A40000000000000000000000015EC6B07900000519000000000000000000000000000000000000005900000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/tasks/_service_status.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: octavia-common | status | Print service being checked debug: msg: "Running service check for {{ octavia_component }}" run_once_per: verb_hosts.OCT_API - name: octavia-common | status | Check systemd service running command: systemctl status "{{ octavia_component }}" ignore_errors: yes changed_when: false register: systemctl_status_result - name: octavia-common | status | Report status fail: msg: | {{ octavia_component }} is not running. systemctl status {{ octavia_component }} output: {{ systemctl_status_result.stdout }} {{ systemctl_status_result.stderr }} when: systemctl_status_result | failed 0707010000002E000081A40000000000000000000000015EC6B0790000056F000000000000000000000000000000000000006200000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/tasks/_set_service_directories.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: Octavia Common | _set_service_directories | Set main configuration and bin directories - configure set_fact: octavia_conf_dir: "{{ 'octavia' | config_dir(octavia_install_result.version) }}" octavia_bin_dir: "{{ 'octavia' | bin_dir(octavia_install_result.version) }}" octavia_lib_dir: "{{ 'octavia' | jar_dir(octavia_install_result.version) }}" when: octavia_install_result.version is defined - name: Octavia Common | _set_service_directories | Set main configuration and bin directories - reconfigure set_fact: octavia_conf_dir: "{{ 'octavia' | config_dir() }}" octavia_bin_dir: "{{ 'octavia' | bin_dir() }}" octavia_lib_dir: "{{ 'octavia' | jar_dir() }}" when: octavia_install_result.version is undefined 0707010000002F000081A40000000000000000000000015EC6B07900000748000000000000000000000000000000000000005500000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/tasks/_write_conf.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: octavia-common | _write_conf | Check for pre-existing version of {{ dest }} stat: path="{{ octavia_conf_dir }}/{{ dest }}" register: conf_stat_result - name: octavia-common | _write_conf | get timestamp command: date +%Y%m%d%H%M%S register: time_result - name: octavia-common | _write_conf | Create a backup version of the existing {{ dest }} file command: cp {{ octavia_conf_dir }}/{{ dest }} {{ octavia_conf_dir }}/{{ dest }}.{{ time_result.stdout }} when: conf_stat_result.stat.exists - name: octavia-common | _write_conf | Template {{ dest }} template: src: "{{ src }}" dest: "{{ octavia_conf_dir }}/{{ dest }}" owner: "{{ write_conf_file_owner }}" group: "{{ write_conf_file_group }}" mode: "{{ mode | default('0640') }}" register: write_conf_result - name: octavia-common | _write_conf | Delete backup file that has not changed. file: path: "{{ octavia_conf_dir }}/{{ dest }}.{{ time_result.stdout }}" state: absent when: write_conf_result.changed==false - name: octavia-common | _write_conf | remove all but last 10 backups of {{dest }} shell: ls -td {{ octavia_conf_dir }}/{{ dest }}.* |awk 'NR>10' |xargs rm -f when: conf_stat_result.stat.exists 07070100000030000081A40000000000000000000000015EC6B07900001760000000000000000000000000000000000000005300000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/tasks/configure.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # This .yml sets all facts related to Octavia_conf_dir and Octavia_bin_dir - include: _set_service_directories.yml - name: octavia-common | configure | Check for presence of group '{{ octavia_group }}' command: "grep -q {{ octavia_group }} /etc/group" register: group_chk_result ignore_errors: True - name: octavia-common | configure | Add group '{{ octavia_group }}' group: name={{ octavia_group }} system=yes when: group_chk_result|failed - name: octavia-common | configure | Check for presence of user '{{ octavia_user }}' command: "id {{ octavia_user }}" register: user_chk_result ignore_errors: True - name: octavia-common | configure | Delete sudoers file: path=/etc/sudoers.d/octavia state=absent - name: octavia-common | configure | Add user '{{ octavia_user }}' user: name={{ octavia_user }} group={{ octavia_group }} system=yes createhome=no home=/var/lib/octavia shell=/bin/false when: user_chk_result|failed - name: octavia-common | configure | Set permissions of {{ installation_directory }}/octavia hierarchy file: path={{ installation_directory }}/octavia owner={{ octavia_user }} group={{ octavia_group }} state=directory recurse=yes - name: octavia-common | configure | Set permissions of {{ installation_directory }}/octavia templates file: path={{ installation_directory }}/octavia owner={{ octavia_user }} group={{ octavia_group }} mode=0755 state=directory - name: octavia-common | configure | Create logging directory file: path=/var/log/octavia owner={{ octavia_user }} group={{ octavia_group }} mode=0775 state=directory - name: octavia-common | configure | Create /var/lib/octavia directory file: path=/var/lib/octavia owner={{ octavia_user }} group={{ octavia_group }} mode=0770 state=directory # Note this also sets the ownership and mode if the directory already exists. - name: octavia-common | configure | Create systemd service directory if not exists file: path: "{{ systemd_service_dir }}" state: directory mode: 0755 owner: "root" group: "root" - name: octavia-common | configure | Create common run directory service file template: dest: "{{ systemd_service_dir }}{{ octavia_common_rundir_service }}" owner: "root" group: "root" mode: 0644 src: "{{ octavia_common_rundir_service }}.j2" ## Get management service network,sec group, flavor and image IDs for *.conf files - include: _get_mgmt_network.yml - include: _create_mgmt_sec_group.yml - include: _create_nova_flavor.yml - include: _get_glance_image.yml - include: _write_conf.yml src: "../templates/octavia-api.conf.j2" dest: "octavia-api.conf" - name: octavia-common | configure | octavia-api.conf change command: /bin/true register: ardana_notify_octavia_api_restart_required when: write_conf_result.changed==true - include: _write_conf.yml src: "../templates/octavia-api-logging.conf.j2" dest: "octavia-api-logging.conf" - name: octavia-common | configure | octavia-api-logging.conf change command: /bin/true register: ardana_notify_octavia_api_restart_required when: write_conf_result.changed==true - include: _write_conf.yml src: "../templates/octavia-worker.conf.j2" dest: "octavia-worker.conf" - name: octavia-common | configure | octavia-worker.conf change command: /bin/true register: ardana_notify_octavia_worker_restart_required when: write_conf_result.changed==true - include: _write_conf.yml src: "../templates/octavia-worker-logging.conf.j2" dest: "octavia-worker-logging.conf" - name: octavia-common | configure | octavia-worker-logging.conf change command: /bin/true register: ardana_notify_octavia_worker_restart_required when: write_conf_result.changed==true - include: _write_conf.yml src: "../templates/octavia-health-manager.conf.j2" dest: "octavia-health-manager.conf" - name: octavia-common | configure | octavia-health-manager.conf change command: /bin/true register: ardana_notify_octavia_health_manager_restart_required when: write_conf_result.changed==true - include: _write_conf.yml src: "../templates/octavia-hm-logging.conf.j2" dest: "octavia-hm-logging.conf" - name: octavia-common | configure | octavia-hm-logging.conf change command: /bin/true register: ardana_notify_octavia_health_manager_restart_required when: write_conf_result.changed==true - include: _write_conf.yml src: "../templates/octavia-housekeeping.conf.j2" dest: "octavia-housekeeping.conf" - name: octavia-common | configure | octavia-housekeeping.conf change command: /bin/true register: ardana_notify_octavia_housekeeping_restart_required when: write_conf_result.changed==true - include: _write_conf.yml src: "../templates/octavia-hk-logging.conf.j2" dest: "octavia-hk-logging.conf" - name: octavia-common | configure | octavia-hk-logging.conf change command: /bin/true register: ardana_notify_octavia_housekeeping_restart_required when: write_conf_result.changed==true - name: octavia-common | configure | Copy alembic.ini template: src: "../templates/alembic.ini.j2" dest: "{{ octavia_lib_dir }}/python2.7/site-packages/octavia/db/migration/alembic.ini" owner: "root" group: "root" mode: 0664 - include: _write_conf.yml src: "../templates/policy.json.j2" dest: "policy.json" - include: _install_configure_nlbaas2octavia.yml 07070100000031000081A40000000000000000000000015EC6B07900000643000000000000000000000000000000000000006000000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/tasks/create_systemd_service.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: octavia-common | create_systemd_service | Start debug: msg: "Setting up the systemd service for {{ octavia_service_cmd }}" - name: octavia-common | create_systemd_service | setup restart hold time set_fact: restart_hold: "{{ service_restart_hold | default('100ms') }}" - name: octavia-common | create_systemd_service | Construct command string set_fact: octavia_component_exec_start: "{{ octavia_bin_dir }}/{{ octavia_service_cmd }} {{ octavia_service_cmd_args | default('') }}" - name: octavia-common | create_systemd_service | Writing systemd service file template: src: "octavia-component.service.j2" dest: "{{ systemd_service_dir }}{{ octavia_component }}.service" owner: "root" group: "root" mode: "0644" register: service_file_result - name: octavia-common | create_systemd_service | add service to systemd command: /bin/systemctl daemon-reload when: service_file_result.changed==true 07070100000032000081A40000000000000000000000015EC6B07900000538000000000000000000000000000000000000005100000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/tasks/install.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- #- include: common_install.yml # Install Octavia - name: octavia-common | install | Update venv cache become: yes install_package: cache: update - name: octavia-common | install | Install Octavia package install_package: name: octavia service: octavia state: present activate: act_off register: octavia_install_result - name: octavia-common | install | Notify restart on install command: /bin/true register: ardana_notify_octavia_restart_required when: octavia_install_result.changed #- name: Octavia Common | install | Notify restart on package update # set_fact: # octavia_restart_required: true # when: check_updated_packages_result.changed 07070100000033000081A40000000000000000000000015EC6B079000003C0000000000000000000000000000000000000005800000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/tasks/remote_monitor.yml# (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: octavia-common | remote_monitor | Setup active check against Octavia API become: yes monasca_agent_plugin: name: "httpcheck" args: url: "{{ OCT_API.consumes_OCT_API.vips.private[0].url }}" dimensions: "service:octavia,component:octavia-api,monitored_host_type:vip,api_endpoint:private" 07070100000034000081A40000000000000000000000015EC6B07900000464000000000000000000000000000000000000006600000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/tasks/setup_monasca_service_plugin.yml# (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: octavia-common | setup_monasca_service_plugin | Run Monasca agent Octavia detection plugin become: yes monasca_agent_plugin: name: "octavia" args: "disable_http_check=yes" - name: octavia-common | setup_monasca_service_plugin | Run Monasca detection plugin for Octavia client cert become: yes monasca_agent_plugin: name: CertificateFileCheck args: cert_files: "{{ octavia_client_cert_monitoring }}" dimensions: "service:octavia" 07070100000035000081A40000000000000000000000015EC6B079000004C9000000000000000000000000000000000000004F00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/tasks/start.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: Octavia Common | start | Set run directory to be created at boot service: name: "{{ octavia_common_rundir_service }}" enabled: yes - name: Octavia Common | start | Create run directory now file: path={{ octavia_common_rundir }} owner={{ octavia_user }} group={{ octavia_group }} mode=0775 state=directory - name: Octavia Common | start | Activate the latest install install_package: name: octavia service: octavia activate: act_on version: "{{ octavia_install_result.version }}" when: octavia_install_result is defined 07070100000036000081A40000000000000000000000015EC6B079000006AA000000000000000000000000000000000000005700000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/tasks/tls_bootstrap.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- # Inspired by tls-trust package # TODO Consider using secure delete - name: octavia-common | cert_bootstrap | remove working directory to get rid of old creds file: path: "{{ tls_temp_dir }}" state: absent - name: octavia-common | cert_bootstrap | copy support files copy: src: "{{ item }}" dest: "{{ tls_temp_dir }}" with_items: - "{{ tls_ca_cert_file }}" - "{{ tls_ca_key_file }}" - name: "octavia-common | cert_bootstrap | Apply template: {{ item }}" template: src: "{{ item }}.j2" dest: "{{ tls_temp_dir }}/{{ item }}" with_items: - "openssl.cnf" - name: octavia-common | cert_bootstrap | Create an index.txt file command: "touch {{ tls_index_file }}" - name: octavia-common | cert_bootstrap | Create and assign a random serial number command: "/usr/bin/openssl rand -hex -out {{ tls_serial_file }} 6" args: chdir: "{{ tls_temp_dir }}" - name: octavia-common | cert_req | Create an internal Cert Req template: src: ardana-octavia-req.j2 dest: "{{ tls_temp_dir }}/{{ tls_req_file }}" 07070100000037000081A40000000000000000000000015EC6B07900000399000000000000000000000000000000000000005200000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/tasks/tls_copy.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: tls-trust | cert_copy | Make sure directory exists file: path: "{{ tls_certs_dir }}" state: directory - name: tls-trust | cert_copy | create an internal vip cert shell: "cat key.pem cert.pem > {{ tls_cert_file }}" args: chdir: "{{ tls_temp_dir }}" 07070100000038000081A40000000000000000000000015EC6B07900000E70000000000000000000000000000000000000005400000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/tasks/tls_deploy.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: octavia-common | tls_deploy | create cert dir file: path: "{{ octavia_conf_dir}}/certs" state: directory owner: "{{ octavia_user }}" group: "{{ octavia_group }}" mode: 0750 - name: octavia-common | tls_deploy | create cert private dir file: path: "{{ octavia_conf_dir}}/certs/private" state: directory owner: "{{ octavia_user }}" group: "{{ octavia_group }}" mode: 0700 - name: octavia-common | tls_deploy | deploy client cert to server copy: src: "{{ tls_cert_file }}" dest: "{{ octavia_client_cert }}" owner: "{{ octavia_user }}" group: "{{ octavia_group }}" mode: 0440 register: tls_deploy_result # NOTE(gyee): Since the provisioned client certificate is consisted of # both certificate and private key, we need to separate out the certificate # portion for monitoring without having to compromise the private key. # This is done by copying the certificate to a different file and make it # readable by the world. Making certificate readable by the world is NOT a # problem as it is TLS certificate is public information. - name: octavia-common | tls_deploy | separate out client cert for monitoring become: yes shell: > openssl x509 -in {{ octavia_client_cert }} -out {{ octavia_client_cert_monitoring }} -outform PEM - name: octavia-common | tls_deploy | Make sure monitoring cert is readable become: yes file: path: "{{ octavia_client_cert_monitoring }}" mode: '0644' - name: octavia-common | tls_deploy | deploy client cert to server result command: /bin/true register: ardana_notify_octavia_restart_required when: tls_deploy_result.changed==true - name: octavia-common | tls_deploy | deploy client ca to server copy: src: "{{ tls_ca_cert_file }}" dest: "{{ octavia_client_ca }}" owner: "{{ octavia_user }}" group: "{{ octavia_group }}" mode: 0440 register: tls_deploy_result - name: octavia-common | tls_deploy | deploy client ca to server result command: /bin/true register: ardana_notify_octavia_restart_required when: tls_deploy_result.changed==true - name: octavia-common | tls_deploy | deploy server ca to server copy: src: "{{ tls_server_ca_file }}" dest: "{{ octavia_ca_certificate }}" owner: "{{ octavia_user }}" group: "{{ octavia_group }}" mode: 0440 register: tls_deploy_result - name: octavia-common | tls_deploy | deploy server ca to server result command: /bin/true register: ardana_notify_octavia_restart_required when: tls_deploy_result.changed==true - name: octavia-common | tls_deploy | deploy server ca key to server copy: src: "{{ tls_server_ca_key_file }}" dest: "{{ octavia_ca_private_key }}" owner: "{{ octavia_user }}" group: "{{ octavia_group }}" mode: 0440 register: tls_deploy_result - name: octavia-common | tls_deploy | deploy server ca key to server result command: /bin/true register: ardana_notify_octavia_restart_required when: tls_deploy_result.changed==true 07070100000039000041ED0000000000000000000000025EC6B07900000000000000000000000000000000000000000000004900000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/templates0707010000003A000081A40000000000000000000000015EC6B07900000731000000000000000000000000000000000000005800000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/templates/alembic.ini.j2{# # # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} # A generic, single database configuration. [alembic] # path to migration scripts script_location = %(here)s/alembic_migrations # template used to generate migration files # file_template = %%(rev)s_%%(slug)s # max length of characters to apply to the # "slug" field #truncate_slug_length = 40 # set to 'true' to run the environment during # the 'revision' command, regardless of autogenerate # revision_environment = false # set to 'true' to allow .pyc and .pyo files without # a source .py file to be detected as revisions in the # versions/ directory # sourceless = false #sqlalchemy.url = mysql+pymysql://root:password@localhost/octavia sqlalchemy.url = {{ octavia_db_connection }} # Logging configuration [loggers] keys = root,sqlalchemy,alembic [handlers] keys = console [formatters] keys = generic [logger_root] level = WARN handlers = console qualname = [logger_sqlalchemy] level = WARN handlers = qualname = sqlalchemy.engine [logger_alembic] level = INFO handlers = qualname = alembic [handler_console] class = StreamHandler args = (sys.stderr,) level = NOTSET formatter = generic [formatter_generic] format = %(levelname)-5.5s [%(name)s] %(message)s datefmt = %H:%M:%S 0707010000003B000081A40000000000000000000000015EC6B07900000383000000000000000000000000000000000000005F00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/templates/ardana-octavia-req.j2# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # [ req ] distinguished_name = req_distinguished_name req_extensions = v3_req prompt = no [ req_distinguished_name ] CN = "ardana-octavia-client" [ v3_req ] basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment [ alt_names ]0707010000003C000081A40000000000000000000000015EC6B079000002BA000000000000000000000000000000000000006000000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/templates/nlbaas2octavia.conf.j2[DEFAULT] # debug = False [migration] # Run without making changes # trial_run=False # Delete the load balancer records from neutron-lbaas after migration delete_after_migration=True # Example db_connection: # connection = mysql+pymysql://root:pass@127.0.0.1:3306/octavia # Replace 127.0.0.1 above with the IP address of the database used by the # main octavia server. (Leave it as is if the database runs on this host.) # Octavia service account ID octavia_account_id = {{ octavia_project_id }} # Connection string for the neutron database neutron_db_connection = {{ neutron_db_connection }} # Connection string for the octavia database octavia_db_connection = {{ octavia_db_connection }} 0707010000003D000081A40000000000000000000000015EC6B079000041F6000000000000000000000000000000000000005B00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/templates/nlbaas2octavia.j2#!{{ octavia_bin_dir }}/python2 # Copyright 2018 Rackspace, US Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import datetime import sys from oslo_config import cfg from oslo_db.sqlalchemy import enginefacade import oslo_i18n as i18n from oslo_log import log as logging _translators = i18n.TranslatorFactory(domain='nlbaas2octavia') # The primary translation function using the well-known name "_" _ = _translators.primary CONF = cfg.CONF migration_opts = [ cfg.BoolOpt('delete_after_migration', default=True, help='Delete the load balancer records from neutron-lbaas' ' after migration'), cfg.BoolOpt('trial_run', default=False, help='Run without making changes.'), cfg.StrOpt('octavia_account_id', required=True, help='The keystone account ID Octavia is running under.'), cfg.StrOpt('neutron_db_connection', required=True, help='The neutron database connection string'), cfg.StrOpt('octavia_db_connection', required=True, help='The octavia database connection string'), ] cfg.CONF.register_opts(migration_opts, group='migration') def cascade_delete_neutron_lb(n_session, lb_id): listeners = n_session.execute( "SELECT id FROM lbaas_listeners WHERE loadbalancer_id = :lb_id;", {'lb_id': lb_id}) for listener in listeners: l7policies = n_session.execute( "SELECT id FROM lbaas_l7policies WHERE listener_id = :list_id;", {'list_id': listener[0]}) for l7policy in l7policies: # Delete l7rules n_session.execute( "DELETE FROM lbaas_l7rules WHERE l7policy_id = :l7p_id;", {'l7p_id': l7policy[0]}) # Delete l7policies n_session.execute( "DELETE FROM lbaas_l7policies WHERE listener_id = :list_id;", {'list_id': listener[0]}) # Delete SNI records n_session.execute( "DELETE FROM lbaas_sni WHERE listener_id = :list_id;", {'list_id': listener[0]}) # Delete the listeners n_session.execute( "DELETE FROM lbaas_listeners WHERE loadbalancer_id = :lb_id;", {'lb_id': lb_id}) pools = n_session.execute( "SELECT id, healthmonitor_id FROM lbaas_pools " "WHERE loadbalancer_id = :lb_id;", {'lb_id': lb_id}).fetchall() for pool in pools: # Delete the members n_session.execute( "DELETE FROM lbaas_members WHERE pool_id = :pool_id;", {'pool_id': pool[0]}) # Delete the session persistence records n_session.execute( "DELETE FROM lbaas_sessionpersistences WHERE pool_id = :pool_id;", {'pool_id': pool[0]}) # Delete the pools n_session.execute( "DELETE FROM lbaas_pools WHERE id = :pool_id;", {'pool_id': pool[0]}) # Delete the health monitor if pool[1]: result = n_session.execute("DELETE FROM lbaas_healthmonitors " "WHERE id = :id", {'id': pool[1]}) if result.rowcount != 1: raise Exception(_('Failed to delete health monitor: ' '%s') % pool[1]) # Delete the lb stats n_session.execute( "DELETE FROM lbaas_loadbalancer_statistics WHERE " "loadbalancer_id = :lb_id;", {'lb_id': lb_id}) # Delete provider record n_session.execute( "DELETE FROM providerresourceassociations WHERE " "resource_id = :lb_id;", {'lb_id': lb_id}) # Delete the load balanacer n_session.execute( "DELETE FROM lbaas_loadbalancers WHERE id = :lb_id;", {'lb_id': lb_id}) def process_health_monitor(LOG, n_session, o_session, project_id, pool_id, hm_id): hm = n_session.execute( "SELECT type, delay, timeout, max_retries, http_method, url_path, " "expected_codes, admin_state_up, provisioning_status, name, " "max_retries_down FROM lbaas_healthmonitors WHERE id = :hm_id AND " "provisioning_status = 'ACTIVE';", {'hm_id': hm_id}).fetchone() LOG.debug('Migrating health manager: %s', hm_id) if hm is None: raise Exception(_('Health monitor %s has invalid ' 'provisioning_status.'), hm_id) hm_op_status = 'ONLINE' if hm[7] else 'OFFLINE' result = o_session.execute( "UPDATE health_monitor SET project_id = :proj_id WHERE " "id = :id;", {'proj_id': project_id, 'id': pool_id}) if result.rowcount != 1: raise Exception(_('Unable to update health monitor in the Octavia ' 'database.')) def process_members(LOG, n_session, o_session, project_id, pool_id): # Handle members members = n_session.execute( "SELECT id, subnet_id, address, protocol_port, weight, " "admin_state_up, provisioning_status, operating_status, name FROM " "lbaas_members WHERE pool_id = :pool_id;", {'pool_id': pool_id}).fetchall() for member in members: LOG.debug('Migrating member: %s', member[0]) if member[6] == 'DELETED': continue elif member[6] != 'ACTIVE': raise Exception(_('Member %s for pool %s is invalid state of %s.'), member[0], pool_id, member[6]) result = o_session.execute( "UPDATE member SET project_id = :proj_id WHERE " "id = :id;", {'proj_id': project_id, 'id': member[0]}) if result.rowcount != 1: raise Exception( _('Unable to update member in the Octavia database.')) def process_L7policies(LOG, n_session, o_session, listener_id, project_id): l7policies = n_session.execute( "SELECT id, name, description, listener_id, action, " "redirect_pool_id, redirect_url, position, " "provisioning_status, admin_state_up FROM " "lbaas_l7policies WHERE listener_id = :listener_id AND " "provisioning_status = 'ACTIVE';", {'listener_id': listener_id}).fetchall() for l7policy in l7policies: LOG.debug('Migrating L7 policy: %s', l7policy[0]) if l7policy[8] == 'DELETED': continue elif l7policy[8] != 'ACTIVE': raise Exception(_('L7 policy is invalid state of %s.'), l7policy[8]) result = o_session.execute( "UPDATE l7policy SET project_id = :proj_id WHERE " "id = :id;", {'proj_id': project_id, 'id': l7policy[0]}) if result.rowcount != 1: raise Exception(_('Unable to update L7 policy in the Octavia ' 'database.')) # Handle L7 rules l7rules = n_session.execute( "SELECT id, type, compare_type, invert, `key`, value, " "provisioning_status, admin_state_up FROM lbaas_l7rules WHERE " "l7policy_id = :l7policy_id AND provisioning_status = 'ACTIVE';", {'l7policy_id': l7policy[0]}).fetchall() for l7rule in l7rules: LOG.debug('Migrating L7 rule: %s', l7policy[0]) if l7rule[6] == 'DELETED': continue elif l7rule[6] != 'ACTIVE': raise Exception(_('L7 rule is invalid state of %s.'), l7rule[6]) result = o_session.execute( "UPDATE l7rule set project_id = :proj_id WHERE " "id = :id;", {'proj_id': project_id, 'id': l7rule[0]}) if result.rowcount != 1: raise Exception(_('Unable to update L7 policy in the Octavia ' 'database.')) def migrate_lb(LOG, n_session_maker, o_session_maker, lb_id): n_session = n_session_maker(autocommit=False) o_session = o_session_maker(autocommit=False) LOG.info('Migrating load balancer: %s', lb_id) try: # Lock the load balancer in neutron DB result = n_session.execute( "UPDATE lbaas_loadbalancers SET " "provisioning_status = 'PENDING_UPDATE' WHERE id = :id AND " "provisioning_status = 'ACTIVE';", {'id': lb_id}) if result.rowcount != 1: raise Exception(_('Load balancer is not provisioning_status ' 'ACTIVE')) # Get the load balancer record from neutron n_lb = n_session.execute( "SELECT b.provider_name, a.project_id, a.name, a.description, " "a.admin_state_up, a.operating_status, a.flavor_id, " "a.vip_port_id, a.vip_subnet_id, a.vip_address " "FROM lbaas_loadbalancers a JOIN providerresourceassociations b " "ON a.id = b.resource_id WHERE ID = :id;", {'id': lb_id}).fetchone() # Migrate the port and security groups to Octavia vip_port = n_session.execute( "SELECT a.device_owner, a.project_id, b.security_group_id " "FROM ports a JOIN securitygroupportbindings b ON " "a.id = b.port_id where id = :id;", {'id': n_lb[7]}).fetchone() # neutron-lbaas does not support user VIP ports, so take # ownership of the port and security group if vip_port[0] == 'neutron:LOADBALANCERV2': result = n_session.execute( "UPDATE ports SET device_owner = 'Octavia', " "project_id = :proj_id WHERE " "id = :id;", {'id': n_lb[7], 'proj_id': CONF.migration.octavia_account_id}) if result.rowcount != 1: raise Exception(_('Unable to update VIP port in the neutron ' 'database.')) security_group = n_session.execute( "SELECT project_id FROM securitygroups WHERE id = :id", {'id': vip_port[2]}).fetchone() # Update security group project, only when its owner is not the # user project, which means that Octavia should own it if security_group[0] != n_lb[1]: result = n_session.execute( "UPDATE securitygroups SET project_id = :proj_id WHERE " "id = :id;", {'proj_id': CONF.migration.octavia_account_id, 'id': vip_port[2]}) if result.rowcount != 1: raise Exception(_('Unable to update VIP security group in ' 'the neutron database.')) # Now migrate the octavia loadbalancers from Neutron. Notice that # for the # neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2 # Neutron LBaaS plugin, the provider name is still set to 'octavia'. if n_lb[0] == 'octavia': # Create the load balancer result = o_session.execute( "UPDATE load_balancer SET project_id = :proj_id WHERE " "id = :id;", {'proj_id': n_lb[1], 'id': lb_id}) if result.rowcount != 1: raise Exception(_('Unable to update load balancer in the ' 'Octavia database.')) # Create pools pools = n_session.execute( "SELECT id, name, description, protocol, lb_algorithm, " "healthmonitor_id, admin_state_up, provisioning_status, " "operating_status FROM lbaas_pools WHERE loadbalancer_id " " = :lb_id;", {'lb_id': lb_id}).fetchall() for pool in pools: LOG.debug('Migrating pool: %s', pool[0]) if pool[7] == 'DELETED': continue elif pool[7] != 'ACTIVE': raise Exception(_('Pool is invalid state of %s.'), pool[7]) result = o_session.execute( "UPDATE pool SET project_id = :proj_id WHERE " "id = :id;", {'proj_id': n_lb[1], 'id': pool[0]}) if result.rowcount != 1: raise Exception(_('Unable to update pool in the ' 'Octavia database.')) # Create health monitor if there is one if pool[5] is not None: process_health_monitor(LOG, n_session, o_session, n_lb[1], pool[0], pool[5]) # Handle the pool memebers process_members(LOG, n_session, o_session, n_lb[1], pool[0]) lb_stats = n_session.execute( "SELECT bytes_in, bytes_out, active_connections, " "total_connections FROM lbaas_loadbalancer_statistics WHERE " "loadbalancer_id = :lb_id;", {'lb_id': lb_id}).fetchone() listeners = n_session.execute( "SELECT id, name, description, protocol, protocol_port, " "connection_limit, default_pool_id, admin_state_up, " "provisioning_status, operating_status, " "default_tls_container_id FROM lbaas_listeners WHERE " "loadbalancer_id = :lb_id;", {'lb_id': lb_id}).fetchall() for listener in listeners: LOG.debug('Migrating listener: %s', listener[0]) if listener[8] == 'DELETED': continue elif listener[8] != 'ACTIVE': raise Exception(_('Listener is invalid state of %s.'), listener[8]) result = o_session.execute( "UPDATE listener SET project_id = :proj_id WHERE " "id = :id;", {'proj_id': n_lb[1], 'id': listener[0]}) if result.rowcount != 1: raise Exception(_('Unable to update listener in the ' 'Octavia database.')) # Handle L7 policy records process_L7policies(LOG, n_session, o_session, listener[0], n_lb[1]) # Delete the old neutron-lbaas records if (CONF.migration.delete_after_migration and not CONF.migration.trial_run): cascade_delete_neutron_lb(n_session, lb_id) if CONF.migration.trial_run: o_session.rollback() n_session.rollback() LOG.info('Simulated migration of load balancer %s successful.', lb_id) else: o_session.commit() n_session.commit() LOG.info('Migration of load balancer %s successful.', lb_id) return 0 except Exception as e: n_session.rollback() o_session.rollback() LOG.exception("Skipping load balancer %s due to: %s.", lb_id, str(e)) return 1 def main(): if len(sys.argv) == 1: print('Error: Config file must be specified.') print('nlbaas2octavia --config-file <filename>') return 1 logging.register_options(cfg.CONF) cfg.CONF(args=sys.argv[1:], project='nlbaas2octavia', version='nlbaas2octavia 1.0') logging.set_defaults() logging.setup(cfg.CONF, 'nlbaas2octavia') LOG = logging.getLogger('nlbaas2octavia') CONF.log_opt_values(LOG, logging.DEBUG) neutron_context_manager = enginefacade.transaction_context() neutron_context_manager.configure( connection=CONF.migration.neutron_db_connection) n_session_maker = neutron_context_manager.writer.get_sessionmaker() octavia_context_manager = enginefacade.transaction_context() octavia_context_manager.configure( connection=CONF.migration.octavia_db_connection) o_session_maker = octavia_context_manager.writer.get_sessionmaker() LOG.info('Starting migration.') n_session = n_session_maker(autocommit=True) lb_id_list = [] lb_id_list = n_session.execute( "SELECT id FROM lbaas_loadbalancers WHERE " "provisioning_status = 'ACTIVE';").fetchall() failure_count = 0 for lb in lb_id_list: failure_count += migrate_lb(LOG, n_session_maker, o_session_maker, lb[0]) if failure_count: sys.exit(1) if __name__ == "__main__": main() 0707010000003E000081A40000000000000000000000015EC6B07900000673000000000000000000000000000000000000006500000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/templates/octavia-api-logging.conf.j2{# # # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} [loggers] keys: root [handlers] keys: watchedfile, logstash [formatters] keys: context, logstash [logger_root] qualname: root handlers: watchedfile, logstash level: NOTSET # Writes to disk [handler_watchedfile] class: handlers.WatchedFileHandler args: ('{{ octavia_log_dir }}/octavia-api.log',) formatter: context level: INFO # Writes JSON to disk, beaver will ship to logstash [handler_logstash] class: handlers.WatchedFileHandler args: ('{{ octavia_log_dir }}/octavia-api-json.log',) formatter: logstash level: INFO # datefmt must be set otherwise you end up with too many (msecs) fields [formatter_context] class: oslo_log.formatters.ContextFormatter args: (datefmt=datefmt) format: %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user)s %(tenant)s] %(instance)s%(message)s datefmt: %Y-%m-%d %H:%M:%S # the "format" and "datefmt" actually set the "type" and "tags" [formatter_logstash] class: logstash.LogstashFormatterVersion1 format: octavia datefmt: octavia-api 0707010000003F000081A40000000000000000000000015EC6B07900001072000000000000000000000000000000000000005D00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/templates/octavia-api.conf.j2{# # # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} # This configuration file includes the default values for Ardana Openstack # Changes may be made to this file by customers. [DEFAULT] debug = True #os_region_name = region1 os_endpoint_type = {{ octavia_endpoint_type }} log_config_append = "{{ octavia_conf_dir }}/octavia-api-logging.conf" transport_url = {{ octavia_transport_url }} [api_settings] api_handler = queue_producer bind_host = {{ octavia_bind_host }} bind_port = {{ octavia_bind_port }} [database] connection = {{ octavia_db_connection }} [health_manager] bind_ip = {{ octavia_healthmanager_bind_host }} bind_port = {{ octavia_healthmanager_port }} controller_ip_port_list = {{ octavia_healthmanager_hosts }} heartbeat_key = {{ octavia_heartbeat_key }} event_streamer_driver = noop_event_streamer heartbeat_interval = {{ octavia_heartbeat_interval }} heartbeat_timeout = 180 health_check_interval = {{ octavia_health_check_interval }} [keystone_authtoken] auth_version = 3 www_authenticate_uri = {{ octavia_auth_endpoint }} auth_url = {{ octavia_auth_endpoint }} auth_type = password project_name = {{ octavia_project_name }} project_domain_name = Default user_domain_name = Default username = {{ octavia_admin_user }} password = {{ octavia_admin_password }} region_name = {{ octavia_region_name }} cafile = {{ octavia_ca_file }} [certificates] cert_generator = local_cert_generator cert_manager = barbican_cert_manager ca_certificate = {{ octavia_ca_certificate }} ca_private_key = {{ octavia_ca_private_key }} ca_private_key_passphrase = {{ octavia_ca_private_key_passphrase }} [haproxy_amphora] server_ca = {{ octavia_server_ca }} client_cert = {{ octavia_client_cert }} key_path = {{ octavia_key_path }} base_path = /var/lib/octavia base_cert_dir = /var/lib/octavia/certs connection_max_retries = 120 connection_retry_interval = 5 [controller_worker] amp_active_retries = 40 amp_active_wait_sec = 10 amp_flavor_id = {{ octavia_nova_flavor_id.stdout }} amp_image_tag = {{ octavia_amp_image_tag }} amp_boot_network_list = {{ octavia_mgmt_net_id.stdout }} amp_secgroup_list = {{ octavia_mgmt_sec_group_id.stdout }} client_ca = {{ octavia_client_ca }} compute_driver = compute_nova_driver amphora_driver = amphora_haproxy_rest_driver network_driver = allowed_address_pairs_driver loadbalancer_topology = SINGLE #amp_ssh_key_name = [oslo_messaging_rabbit] ssl = {{ octavia_rabbit_use_ssl }} [house_keeping] # Pool size for the spare pool # spare_amphora_pool_size = 0 [oslo_messaging] topic = octavia_prov rpc_thread_pool_size = 2 [service_auth] auth_version = 3 auth_uri = {{ octavia_auth_endpoint }} auth_url = {{ octavia_auth_endpoint }} auth_type = password project_name = {{ octavia_project_name }} project_domain_name = Default user_domain_name = Default username = {{ octavia_admin_user }} password = {{ octavia_admin_password }} region_name = {{ octavia_region_name }} cafile = {{ octavia_ca_file }} [networking] port_detach_timeout = 900 [neutron] endpoint = {{ neutron_endpoint }} endpoint_type = {{ octavia_endpoint_type }} [nova] endpoint = {{ nova_endpoint }} endpoint_type = {{ octavia_endpoint_type }} [barbican] auth_url = {{ octavia_auth_endpoint }} admin_user = {{ neutron_admin_user }} admin_password = {{ neutron_admin_password }} auth_version = 3 admin_tenant_name = {{ keystone_admin_tenant }} admin_user_domain = {{ keystone_default_domain }} admin_project_domain = {{ keystone_default_domain }} region_name = {{ octavia_region_name }} #service_name = endpoint_type = {{ octavia_endpoint_type }} ### End of File ### ## Do NOT put anything after this line ## 07070100000040000081A40000000000000000000000015EC6B0790000042E000000000000000000000000000000000000006A00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/templates/octavia-common-rundir.service.j2{# # # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} [Unit] Description=Create {{ octavia_common_rundir }} [Service] ExecStartPre=/bin/mkdir -p {{ octavia_common_rundir }} ExecStartPre=/bin/chmod 775 {{ octavia_common_rundir }} ExecStart=/bin/chown -R {{ octavia_user }}:{{ octavia_group }} {{ octavia_common_rundir }} [Install] RequiredBy=octavia-api.service RequiredBy=octavia-worker.service RequiredBy=octavia-health-manager.service RequiredBy=octavia-housekeeping.service 07070100000041000081A40000000000000000000000015EC6B079000003CA000000000000000000000000000000000000006600000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/templates/octavia-component.service.j2{# # # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} [Unit] Description={{ octavia_service_cmd }} Service [Service] ExecStart={{ octavia_component_exec_start }} Environment= User={{ octavia_user }} Group={{ octavia_group }} PermissionsStartOnly=true Restart=on-failure RestartSec={{ restart_hold }} [Install] WantedBy=multi-user.target Alias={{ octavia_service_cmd }}.service 07070100000042000081A40000000000000000000000015EC6B07900001077000000000000000000000000000000000000006800000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/templates/octavia-health-manager.conf.j2{# # # (c) Copyright 2016-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} # This configuration file includes the default values for Ardana Openstack # Changes may be made to this file by customers. [DEFAULT] debug = True #os_region_name = region1 os_endpoint_type = {{ octavia_endpoint_type }} log_config_append = "{{ octavia_conf_dir }}/octavia-hm-logging.conf" transport_url = {{ octavia_transport_url }} [api_settings] api_handler = queue_producer bind_host = {{ octavia_bind_host }} bind_port = {{ octavia_bind_port }} [database] connection = {{ octavia_db_connection }} [health_manager] bind_ip = {{ octavia_healthmanager_bind_host }} bind_port = {{ octavia_healthmanager_port }} controller_ip_port_list = {{ octavia_healthmanager_hosts }} heartbeat_key = {{ octavia_heartbeat_key }} event_streamer_driver = noop_event_streamer heartbeat_interval = {{ octavia_heartbeat_interval }} heartbeat_timeout = 180 health_check_interval = {{ octavia_health_check_interval }} [keystone_authtoken] auth_version = 3 www_authenticate_uri = {{ octavia_auth_endpoint }} auth_url = {{ octavia_auth_endpoint }} auth_type = password project_name = {{ octavia_project_name }} project_domain_name = Default user_domain_name = Default username = {{ octavia_admin_user }} password = {{ octavia_admin_password }} region_name = {{ octavia_region_name }} cafile = {{ octavia_ca_file }} [certificates] cert_generator = local_cert_generator cert_manager = barbican_cert_manager ca_certificate = {{ octavia_ca_certificate }} ca_private_key = {{ octavia_ca_private_key }} ca_private_key_passphrase = {{ octavia_ca_private_key_passphrase }} [haproxy_amphora] server_ca = {{ octavia_server_ca }} client_cert = {{ octavia_client_cert }} key_path = {{ octavia_key_path }} base_path = /var/lib/octavia base_cert_dir = /var/lib/octavia/certs connection_max_retries = 120 connection_retry_interval = 5 [controller_worker] amp_active_retries = 40 amp_active_wait_sec = 10 amp_flavor_id = {{ octavia_nova_flavor_id.stdout }} amp_image_tag = {{ octavia_amp_image_tag }} amp_boot_network_list = {{ octavia_mgmt_net_id.stdout }} amp_secgroup_list = {{ octavia_mgmt_sec_group_id.stdout }} client_ca = {{ octavia_client_ca }} compute_driver = compute_nova_driver amphora_driver = amphora_haproxy_rest_driver network_driver = allowed_address_pairs_driver loadbalancer_topology = SINGLE #amp_ssh_key_name = [oslo_messaging_rabbit] ssl = {{ octavia_rabbit_use_ssl }} [oslo_messaging] topic = octavia_prov rpc_thread_pool_size = 2 [house_keeping] # Pool size for the spare pool # spare_amphora_pool_size = 0 [service_auth] auth_version = 3 auth_uri = {{ octavia_auth_endpoint }} auth_url = {{ octavia_auth_endpoint }} auth_type = password project_name = {{ octavia_project_name }} project_domain_name = Default user_domain_name = Default username = {{ octavia_admin_user }} password = {{ octavia_admin_password }} region_name = {{ octavia_region_name }} cafile = {{ octavia_ca_file }} [networking] port_detach_timeout = 900 [neutron] endpoint = {{ neutron_endpoint }} endpoint_type = {{ octavia_endpoint_type }} [nova] endpoint = {{ nova_endpoint }} endpoint_type = {{ octavia_endpoint_type }} [barbican] auth_url = {{ octavia_auth_endpoint }} admin_user = {{ neutron_admin_user }} admin_password = {{ neutron_admin_password }} auth_version = 3 admin_tenant_name = {{ keystone_admin_tenant }} admin_user_domain = {{ keystone_default_domain }} admin_project_domain = {{ keystone_default_domain }} region_name = {{ octavia_region_name }} #service_name = endpoint_type = {{ octavia_endpoint_type }} ### End of File ### ## Do NOT put anything after this line ## 07070100000043000081A40000000000000000000000015EC6B0790000068E000000000000000000000000000000000000006400000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/templates/octavia-hk-logging.conf.j2{# # # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} [loggers] keys: root [handlers] keys: watchedfile, logstash [formatters] keys: context, logstash [logger_root] qualname: root handlers: watchedfile, logstash level: NOTSET # Writes to disk [handler_watchedfile] class: handlers.WatchedFileHandler args: ('{{ octavia_log_dir }}/octavia-housekeeping.log',) formatter: context level: INFO # Writes JSON to disk, beaver will ship to logstash [handler_logstash] class: handlers.WatchedFileHandler args: ('{{ octavia_log_dir }}/octavia-housekeeping-json.log',) formatter: logstash level: INFO # datefmt must be set otherwise you end up with too many (msecs) fields [formatter_context] class: oslo_log.formatters.ContextFormatter args: (datefmt=datefmt) format: %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user)s %(tenant)s] %(instance)s%(message)s datefmt: %Y-%m-%d %H:%M:%S # the "format" and "datefmt" actually set the "type" and "tags" [formatter_logstash] class: logstash.LogstashFormatterVersion1 format: octavia datefmt: octavia-housekeeping 07070100000044000081A40000000000000000000000015EC6B07900000695000000000000000000000000000000000000006400000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/templates/octavia-hm-logging.conf.j2{# # # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} [loggers] keys: root [handlers] keys: watchedfile, logstash [formatters] keys: context, logstash [logger_root] qualname: root handlers: watchedfile, logstash level: NOTSET # Writes to disk [handler_watchedfile] class: handlers.WatchedFileHandler args: ('{{ octavia_log_dir }}/octavia-health-manager.log',) formatter: context level: INFO # Writes JSON to disk, beaver will ship to logstash [handler_logstash] class: handlers.WatchedFileHandler args: ('{{ octavia_log_dir }}/octavia-health-manager-json.log',) formatter: logstash level: INFO # datefmt must be set otherwise you end up with too many (msecs) fields [formatter_context] class: oslo_log.formatters.ContextFormatter args: (datefmt=datefmt) format: %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user)s %(tenant)s] %(instance)s%(message)s datefmt: %Y-%m-%d %H:%M:%S # the "format" and "datefmt" actually set the "type" and "tags" [formatter_logstash] class: logstash.LogstashFormatterVersion1 format: octavia datefmt: octavia-health-manager 07070100000045000081A40000000000000000000000015EC6B07900001071000000000000000000000000000000000000006600000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/templates/octavia-housekeeping.conf.j2{# # # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} # This configuration file includes the default values for Ardana Openstack # Changes may be made to this file by customers. [DEFAULT] debug = True #os_region_name = region1 os_endpoint_type = {{ octavia_endpoint_type }} log_config_append = "{{ octavia_conf_dir }}/octavia-hk-logging.conf" transport_url = {{ octavia_transport_url }} [api_settings] api_handler = queue_producer bind_host = {{ octavia_bind_host }} bind_port = {{ octavia_bind_port }} [database] connection = {{ octavia_db_connection }} [health_manager] bind_ip = {{ octavia_healthmanager_bind_host }} bind_port = {{ octavia_healthmanager_port }} controller_ip_port_list = {{ octavia_healthmanager_hosts }} heartbeat_key = {{ octavia_heartbeat_key }} event_streamer_driver = noop_event_streamer heartbeat_interval = {{ octavia_heartbeat_interval }} heartbeat_timeout = 180 health_check_interval = {{ octavia_health_check_interval }} [keystone_authtoken] auth_version = 3 www_authenticate_uri = {{ octavia_auth_endpoint }} auth_url = {{ octavia_auth_endpoint }} auth_type = password project_name = {{ octavia_project_name }} project_domain_name = Default user_domain_name = Default username = {{ octavia_admin_user }} password = {{ octavia_admin_password }} region_name = {{ octavia_region_name }} cafile = {{ octavia_ca_file }} [certificates] cert_generator = local_cert_generator cert_manager = barbican_cert_manager ca_certificate = {{ octavia_ca_certificate }} ca_private_key = {{ octavia_ca_private_key }} ca_private_key_passphrase = {{ octavia_ca_private_key_passphrase }} [haproxy_amphora] server_ca = {{ octavia_server_ca }} client_cert = {{ octavia_client_cert }} key_path = {{ octavia_key_path }} base_path = /var/lib/octavia base_cert_dir = /var/lib/octavia/certs connection_max_retries = 120 connection_retry_interval = 5 [controller_worker] amp_active_retries = 40 amp_active_wait_sec = 10 amp_flavor_id = {{ octavia_nova_flavor_id.stdout }} amp_image_tag = {{ octavia_amp_image_tag }} amp_boot_network_list = {{ octavia_mgmt_net_id.stdout }} amp_secgroup_list = {{ octavia_mgmt_sec_group_id.stdout }} client_ca = {{ octavia_client_ca }} compute_driver = compute_nova_driver amphora_driver = amphora_haproxy_rest_driver network_driver = allowed_address_pairs_driver loadbalancer_topology = SINGLE #amp_ssh_key_name = [oslo_messaging_rabbit] ssl = {{ octavia_rabbit_use_ssl }} [oslo_messaging] topic = octavia_prov rpc_thread_pool_size = 2 [house_keeping] # Pool size for the spare pool # spare_amphora_pool_size = 0 [service_auth] auth_version = 3 auth_uri = {{ octavia_auth_endpoint }} auth_url = {{ octavia_auth_endpoint }} auth_type = password project_name = {{ octavia_project_name }} project_domain_name = Default user_domain_name = Default username = {{ octavia_admin_user }} password = {{ octavia_admin_password }} region_name = {{ octavia_region_name }} cafile = {{ octavia_ca_file }} [networking] port_detach_timeout = 900 [neutron] endpoint = {{ neutron_endpoint }} endpoint_type = {{ octavia_endpoint_type }} [nova] endpoint = {{ nova_endpoint }} endpoint_type = {{ octavia_endpoint_type }} [barbican] auth_url = {{ octavia_auth_endpoint }} admin_user = {{ neutron_admin_user }} admin_password = {{ neutron_admin_password }} auth_version = 3 admin_tenant_name = {{ keystone_admin_tenant }} admin_user_domain = {{ keystone_default_domain }} admin_project_domain = {{ keystone_default_domain }} region_name = {{ octavia_region_name }} #service_name = endpoint_type = {{ octavia_endpoint_type }} ### End of File ### ## Do NOT put anything after this line ## 07070100000046000081A40000000000000000000000015EC6B0790000067C000000000000000000000000000000000000006800000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/templates/octavia-worker-logging.conf.j2{# # # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} [loggers] keys: root [handlers] keys: watchedfile, logstash [formatters] keys: context, logstash [logger_root] qualname: root handlers: watchedfile, logstash level: NOTSET # Writes to disk [handler_watchedfile] class: handlers.WatchedFileHandler args: ('{{ octavia_log_dir }}/octavia-worker.log',) formatter: context level: INFO # Writes JSON to disk, beaver will ship to logstash [handler_logstash] class: handlers.WatchedFileHandler args: ('{{ octavia_log_dir }}/octavia-worker-json.log',) formatter: logstash level: INFO # datefmt must be set otherwise you end up with too many (msecs) fields [formatter_context] class: oslo_log.formatters.ContextFormatter args: (datefmt=datefmt) format: %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user)s %(tenant)s] %(instance)s%(message)s datefmt: %Y-%m-%d %H:%M:%S # the "format" and "datefmt" actually set the "type" and "tags" [formatter_logstash] class: logstash.LogstashFormatterVersion1 format: octavia datefmt: octavia-worker 07070100000047000081A40000000000000000000000015EC6B07900001079000000000000000000000000000000000000006000000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/templates/octavia-worker.conf.j2{# # # (c) Copyright 2016-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} # This configuration file includes the default values for Ardana Openstack # Changes may be made to this file by customers. [DEFAULT] debug = True #os_region_name = region1 os_endpoint_type = {{ octavia_endpoint_type }} log_config_append = "{{ octavia_conf_dir }}/octavia-worker-logging.conf" transport_url = {{ octavia_transport_url }} [api_settings] api_handler = queue_producer bind_host = {{ octavia_bind_host }} bind_port = {{ octavia_bind_port }} [database] connection = {{ octavia_db_connection }} [health_manager] bind_ip = {{ octavia_healthmanager_bind_host }} bind_port = {{ octavia_healthmanager_port }} controller_ip_port_list = {{ octavia_healthmanager_hosts }} heartbeat_key = {{ octavia_heartbeat_key }} event_streamer_driver = noop_event_streamer heartbeat_interval = {{ octavia_heartbeat_interval }} heartbeat_timeout = 180 health_check_interval = {{ octavia_health_check_interval }} [keystone_authtoken] auth_version = 3 www_authenticate_uri = {{ octavia_auth_endpoint }} auth_url = {{ octavia_auth_endpoint }} auth_type = password project_name = {{ octavia_project_name }} project_domain_name = Default user_domain_name = Default username = {{ octavia_admin_user }} password = {{ octavia_admin_password }} region_name = {{ octavia_region_name }} cafile = {{ octavia_ca_file }} [certificates] cert_generator = local_cert_generator cert_manager = barbican_cert_manager ca_certificate = {{ octavia_ca_certificate }} ca_private_key = {{ octavia_ca_private_key }} ca_private_key_passphrase = {{ octavia_ca_private_key_passphrase }} [haproxy_amphora] server_ca = {{ octavia_server_ca }} client_cert = {{ octavia_client_cert }} key_path = {{ octavia_key_path }} base_path = /var/lib/octavia base_cert_dir = /var/lib/octavia/certs connection_max_retries = 120 connection_retry_interval = 5 [controller_worker] amp_active_retries = 40 amp_active_wait_sec = 10 amp_flavor_id = {{ octavia_nova_flavor_id.stdout}} amp_image_tag = {{ octavia_amp_image_tag }} amp_boot_network_list = {{ octavia_mgmt_net_id.stdout }} amp_secgroup_list = {{ octavia_mgmt_sec_group_id.stdout }} client_ca = {{ octavia_client_ca }} compute_driver = compute_nova_driver amphora_driver = amphora_haproxy_rest_driver network_driver = allowed_address_pairs_driver loadbalancer_topology = SINGLE #amp_ssh_key_name = [oslo_messaging_rabbit] ssl = {{ octavia_rabbit_use_ssl }} [oslo_messaging] topic = octavia_prov rpc_thread_pool_size = 2 [house_keeping] # Pool size for the spare pool # spare_amphora_pool_size = 0 [service_auth] auth_version = 3 auth_uri = {{ octavia_auth_endpoint }} auth_url = {{ octavia_auth_endpoint }} auth_type = password project_name = {{ octavia_project_name }} project_domain_name = Default user_domain_name = Default username = {{ octavia_admin_user }} password = {{ octavia_admin_password }} region_name = {{ octavia_region_name }} cafile = {{ octavia_ca_file }} [networking] port_detach_timeout = 900 [neutron] endpoint = {{ neutron_endpoint }} endpoint_type = {{ octavia_endpoint_type }} [nova] endpoint = {{ nova_endpoint }} endpoint_type = {{ octavia_endpoint_type }} [barbican] auth_url = {{ octavia_auth_endpoint }} admin_user = {{ neutron_admin_user }} admin_password = {{ neutron_admin_password }} auth_version = 3 admin_tenant_name = {{ keystone_admin_tenant }} admin_user_domain = {{ keystone_default_domain }} admin_project_domain = {{ keystone_default_domain }} region_name = {{ octavia_region_name }} #service_name = endpoint_type = {{ octavia_endpoint_type }} ### End of File ### ## Do NOT put anything after this line ## 07070100000048000081A40000000000000000000000015EC6B07900000C47000000000000000000000000000000000000005800000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/templates/openssl.cnf.j2{# Copyright 2010 United States Government as represented by the # Administrator of the National Aeronautics and Space Administration. # All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. #} # # OpenSSL configuration file. # # Establish working directory. dir = . [ ca ] default_ca = CA_default [ CA_default ] serial = {{ tls_serial_file }} database = {{ tls_index_file }} new_certs_dir = $dir/ certificate = {{ tls_ca_cert_file }} private_key = {{ tls_ca_key_file }} unique_subject = no default_crl_days = 365 default_days = 365 default_md = md5 preserve = no email_in_dn = no nameopt = default_ca certopt = default_ca policy = policy_match copy_extensions = copy # NOTE(dprince): stateOrProvinceName must be 'supplied' or 'optional' to # work around a stateOrProvince printable string UTF8 mismatch on # RHEL 6 and Fedora 14 (using openssl-1.0.0-4.el6.x86_64 or # openssl-1.0.0d-1.fc14.x86_64) [ policy_match ] countryName = optional stateOrProvinceName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional [ req ] default_bits = 2048 # Size of keys default_keyfile = key.pem # name of generated keys default_md = md5 # message digest algorithm string_mask = nombstr # permitted characters distinguished_name = req_distinguished_name req_extensions = v3_req x509_extensions = v3_ca [ req_distinguished_name ] # Variable name Prompt string #---------------------- ---------------------------------- 0.organizationName = Organization Name (company) organizationalUnitName = Organizational Unit Name (department, division) emailAddress = Email Address emailAddress_max = 40 localityName = Locality Name (city, district) stateOrProvinceName = State or Province Name (full name) countryName = Country Name (2 letter code) countryName_min = 2 countryName_max = 2 commonName = Common Name (hostname, IP, or your name) commonName_max = 64 # Default values for the above, for consistency and less typing. # Variable name Value #------------------------------ ------------------------------ 0.organizationName_default = Hewlett-Packard-Enterprise localityName_default = Bristol stateOrProvinceName_default = Bristol countryName_default = UK [ v3_ca ] basicConstraints = CA:TRUE subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always subjectAltName = @alt_names [ v3_req ] basicConstraints = CA:FALSE subjectKeyIdentifier = hash [ alt_names ]07070100000049000081A40000000000000000000000015EC6B07900000435000000000000000000000000000000000000005800000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/templates/policy.json.j2{# # # (c) Copyright 2019 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # #} { "context_is_admin": "role:admin or role:load-balancer_admin or role:neutron_admin", "admin_or_owner": "is_admin:True or rule:context_is_admin or project_id:%(project_id)s", "load-balancer:read": "rule:admin_or_owner", "load-balancer:read-global": "is_admin:True", "load-balancer:write": "rule:admin_or_owner", "load-balancer:read-quota": "rule:admin_or_owner", "load-balancer:read-quota-global": "is_admin:True", "load-balancer:write-quota": "is_admin:True" } 0707010000004A000041ED0000000000000000000000025EC6B07900000000000000000000000000000000000000000000004400000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/vars0707010000004B000081A40000000000000000000000015EC6B079000002F0000000000000000000000000000000000000004D00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-common/vars/main.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- systemd_service_dir: /etc/systemd/system/ octavia_common_rundir_service: octavia-common-rundir.service 0707010000004C000041ED0000000000000000000000055EC6B07900000000000000000000000000000000000000000000004700000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-health-manager0707010000004D000041ED0000000000000000000000025EC6B07900000000000000000000000000000000000000000000005000000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-health-manager/defaults0707010000004E000081A40000000000000000000000015EC6B079000002F1000000000000000000000000000000000000005900000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-health-manager/defaults/main.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # This file will contain the default values for the octavia server --- octavia_component: octavia-health-manager 0707010000004F000041ED0000000000000000000000025EC6B07900000000000000000000000000000000000000000000004D00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-health-manager/tasks07070100000050000081A40000000000000000000000015EC6B079000004A8000000000000000000000000000000000000005B00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-health-manager/tasks/configure.yml# # (c) Copyright 2016-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - include: ../../octavia-common/tasks/create_systemd_service.yml octavia_service_cmd: "octavia-health-manager" octavia_service_cmd_args: "--config-file={{ octavia_conf_dir }}/octavia-health-manager.conf" - name: octavia-health-manager | configure | set octavia log file ownership become: yes file: path: "{{ octavia_log_dir }}/{{ item }}" owner: "{{ octavia_user }}" group: "{{ octavia_log_file_group }}" mode: 0640 state: touch with_items: - octavia-health-manager.log - octavia-health-manager-json.log 07070100000051000081A40000000000000000000000015EC6B07900000497000000000000000000000000000000000000005700000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-health-manager/tasks/start.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: octavia-health-manager | start | Restart the octavia-health-manager service: name=octavia-health-manager state=restarted when: (ardana_notify_octavia_restart_required is defined and ardana_notify_octavia_restart_required.changed) or (ardana_notify_octavia_health_manager_restart_required is defined and ardana_notify_octavia_health_manager_restart_required.changed) - name: octavia-health-manager | start | Start the octavia-health-manager service: name=octavia-health-manager state=started 07070100000052000081A40000000000000000000000015EC6B079000002BE000000000000000000000000000000000000005800000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-health-manager/tasks/status.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - include: ../../octavia-common/tasks/_service_status.yml 07070100000053000081A40000000000000000000000015EC6B07900000301000000000000000000000000000000000000005600000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-health-manager/tasks/stop.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: octavia-health-manager | stop | Stop the octavia-health-manager service: name=octavia-health-manager state=stopped 07070100000054000041ED0000000000000000000000025EC6B07900000000000000000000000000000000000000000000004C00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-health-manager/vars07070100000055000081A40000000000000000000000015EC6B07900000283000000000000000000000000000000000000005500000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-health-manager/vars/main.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- 07070100000056000041ED0000000000000000000000055EC6B07900000000000000000000000000000000000000000000004500000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-housekeeping07070100000057000041ED0000000000000000000000025EC6B07900000000000000000000000000000000000000000000004E00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-housekeeping/defaults07070100000058000081A40000000000000000000000015EC6B079000002EF000000000000000000000000000000000000005700000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-housekeeping/defaults/main.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # This file will contain the default values for the octavia server --- octavia_component: octavia-housekeeping 07070100000059000041ED0000000000000000000000025EC6B07900000000000000000000000000000000000000000000004B00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-housekeeping/tasks0707010000005A000081A40000000000000000000000015EC6B0790000049E000000000000000000000000000000000000005900000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-housekeeping/tasks/configure.yml# # (c) Copyright 2016-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - include: ../../octavia-common/tasks/create_systemd_service.yml octavia_service_cmd: "octavia-housekeeping" octavia_service_cmd_args: "--config-file={{ octavia_conf_dir }}/octavia-housekeeping.conf" - name: octavia-housekeeping | configure | set octavia log file ownership become: yes file: path: "{{ octavia_log_dir }}/{{ item }}" owner: "{{ octavia_user }}" group: "{{ octavia_log_file_group }}" mode: 0640 state: touch with_items: - octavia-housekeeping.log - octavia-housekeeping-json.log 0707010000005B000081A40000000000000000000000015EC6B07900000487000000000000000000000000000000000000005500000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-housekeeping/tasks/start.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: octavia-housekeeping | start | Restart the octavia-housekeeping service: name=octavia-housekeeping state=restarted when: (ardana_notify_octavia_restart_required is defined and ardana_notify_octavia_restart_required.changed) or (ardana_notify_octavia_housekeeping_restart_required is defined and ardana_notify_octavia_housekeeping_restart_required.changed) - name: octavia-housekeeping | start | Start the octavia-housekeeping service: name=octavia-housekeeping state=started 0707010000005C000081A40000000000000000000000015EC6B079000002BE000000000000000000000000000000000000005600000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-housekeeping/tasks/status.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - include: ../../octavia-common/tasks/_service_status.yml 0707010000005D000081A40000000000000000000000015EC6B079000002FB000000000000000000000000000000000000005400000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-housekeeping/tasks/stop.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: octavia-housekeeping | stop | Stop the octavia-housekeeping service: name=octavia-housekeeping state=stopped 0707010000005E000041ED0000000000000000000000025EC6B07900000000000000000000000000000000000000000000004A00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-housekeeping/vars0707010000005F000081A40000000000000000000000015EC6B07900000283000000000000000000000000000000000000005300000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-housekeeping/vars/main.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- 07070100000060000041ED0000000000000000000000055EC6B07900000000000000000000000000000000000000000000004700000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-post-configure07070100000061000041ED0000000000000000000000025EC6B07900000000000000000000000000000000000000000000005000000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-post-configure/defaults07070100000062000081A40000000000000000000000015EC6B0790000039C000000000000000000000000000000000000005900000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-post-configure/defaults/main.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- load_balancer_observer_role: "load-balancer_observer" load_balancer_global_observer_role: "load-balancer_global_observer" load_balancer_member_role: "load-balancer_member" load_balancer_quota_admin_role: "load-balancer_quota_admin" load_balancer_admin_role: "load-balancer_admin" 07070100000063000041ED0000000000000000000000025EC6B07900000000000000000000000000000000000000000000004C00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-post-configure/meta07070100000064000081A40000000000000000000000015EC6B079000002AA000000000000000000000000000000000000005500000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-post-configure/meta/main.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- dependencies: - role: octavia-common 07070100000065000041ED0000000000000000000000025EC6B07900000000000000000000000000000000000000000000004D00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-post-configure/tasks07070100000066000081A40000000000000000000000015EC6B07900000363000000000000000000000000000000000000005E00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-post-configure/tasks/db_configure.yml # # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: Octavia Post Configure | db_configure | Run Octavia DB sync command: "{{ octavia_bin_dir }}/octavia-db-manage --config-file {{ octavia_conf_dir }}/octavia-api.conf upgrade head" run_once_per: verb_hosts.OCT_API 07070100000067000081A40000000000000000000000015EC6B079000005B6000000000000000000000000000000000000006500000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-post-configure/tasks/keystone_change_pwd.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: octavia-post-configure | keystone_change_pwd | Get a domain scoped token keystone_v3: endpoint: "{{ keystone_endpoint }}" login_username: "{{ keystone_admin_user }}" login_password: "{{ keystone_admin_password }}" login_user_domain_name: "{{ keystone_default_domain }}" login_domain_name: "{{ keystone_default_domain }}" action: "token_get" run_once: true register: domain_scoped_token - name: octavia-post-configure | keystone_change_pwd | Update octavia user password keystone_v3: login_token: "{{ domain_scoped_token.result }}" endpoint: "{{ keystone_endpoint }}" action: "reset_password_by_admin" user_name: "{{ octavia_admin_user }}" user_password: "{{ octavia_admin_password }}" user_domain_name: "{{ octavia_user_domain_name }}" run_once: true 07070100000068000081A40000000000000000000000015EC6B07900000E09000000000000000000000000000000000000005F00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-post-configure/tasks/keystone_conf.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017-2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Octavia keystone configuration --- - name: octavia-post-configure | keystone_conf | Get a domain scoped token keystone_v3: endpoint: "{{ keystone_endpoint }}" login_username: "{{ keystone_admin_user }}" login_password: "{{ keystone_admin_password }}" login_user_domain_name: "{{ keystone_default_domain }}" login_domain_name: "{{ keystone_default_domain }}" action: "token_get" run_once: true register: domain_scoped_token - name: octavia-post-configure | keystone_conf | Create Octavia Keystone Project keystone_v3: action: "create_project" endpoint: "{{ keystone_endpoint }}" project_name: "{{ octavia_project_name }}" project_domain_name: "{{ octavia_project_domain_name }}" login_token: "{{ domain_scoped_token.result }}" run_once: true register: project_id_result - name: octavia-post-configure | keystone_conf | Set octavia_project_id fact set_fact: octavia_project_id: "{{ project_id_result.result['id'] }}" when: project_id_result | success - name: octavia-post-configure | keystone_conf | Create Octavia Keystone User keystone_v3: action: "create_user" endpoint: "{{ keystone_endpoint }}" login_token: "{{ domain_scoped_token.result }}" user_name: "{{ octavia_admin_user }}" user_password: "{{ octavia_admin_password }}" user_domain_name: "{{ octavia_user_domain_name }}" run_once: true - name: octavia-post-configure | keystone_conf | Add role to Octavia Service User keystone_v3: action: "grant_project_role" endpoint: "{{ keystone_endpoint }}" login_token: "{{ domain_scoped_token.result }}" project_name: "{{ octavia_project_name }}" user_name: "{{ octavia_admin_user }}" role_name: "{{ keystone.admin_role }}" user_domain_name: "{{ octavia_user_domain_name }}" project_domain_name: "{{ octavia_project_domain_name }}" run_once: true - name: octavia-post-configure | keystone_conf | Add neutron_admin role to Octavia User keystone_v3: action: "grant_project_role" endpoint: "{{ keystone_endpoint }}" login_token: "{{ domain_scoped_token.result }}" project_name: "{{ octavia_project_name }}" user_name: "{{ octavia_admin_user }}" role_name: "{{ octavia_neutron_admin_role }}" user_domain_name: "{{ octavia_user_domain_name }}" project_domain_name: "{{ octavia_project_domain_name }}" run_once: true - name: octavia-post-configure | keystone_conf | Create Octavia specific roles keystone_v3: action: "create_role" endpoint: "{{ keystone_endpoint }}" login_token: "{{ domain_scoped_token.result }}" role_name: "{{ item }}" description: "Octavia Role: {{ item }} role (created via octavia deploy)" with_items: - "{{ load_balancer_observer_role }}" - "{{ load_balancer_global_observer_role }}" - "{{ load_balancer_member_role }}" - "{{ load_balancer_quota_admin_role }}" - "{{ load_balancer_admin_role }}" run_once: True 07070100000069000081A40000000000000000000000015EC6B0790000033F000000000000000000000000000000000000006E00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-post-configure/tasks/neutron_to_octavia_migration.yml # # (c) Copyright 2020 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: Octavia Post Configure | neutron_to_octavia_migration | Run Neutron to Octavia DB migration command: "{{ octavia_bin_dir }}/nlbaas2octavia --config-file {{ octavia_conf_dir }}/nlbaas2octavia.conf" run_once_per: verb_hosts.OCT_API 0707010000006A000081A40000000000000000000000015EC6B07900000670000000000000000000000000000000000000005C00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-post-configure/tasks/set_quotas.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2018 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Set Quotas for Octavia Project --- - name: octavia-post-configure | set_octavia_quotas | Set Octavia Quotas shell: > openstack quota set {{ octavia_project_name }} \ --floating-ips -1 \ --networks -1 \ --ports -1 \ --secgroups -1 \ --routers -1 \ --subnetpools -1 \ --secgroup-rules -1 \ --subnets -1 \ --fixed-ips -1 \ --cores -1 \ --instances -1 \ --ram -1 environment: OS_AUTH_URL: "{{ octavia_auth_endpoint }}" OS_USERNAME: "{{ keystone_admin_user }}" OS_PASSWORD: "{{ keystone_admin_password }}" OS_PROJECT_NAME: "{{ keystone_service_tenant }}" OS_USER_DOMAIN_NAME: "{{ octavia_user_domain_name }}" OS_PROJECT_DOMAIN_NAME: "{{ octavia_project_domain_name }}" OS_ENDPOINT_TYPE: "{{ octavia_endpoint_type }}" OS_REGION_NAME: "{{ octavia_region_name }}" OS_CACERT: "{{ octavia_ca_file }}" OS_IDENTITY_API_VERSION: "3" OS_AUTH_VERSION: "3" OS_INTERFACE: "internal" run_once_per: verb_hosts.OCT_API 0707010000006B000041ED0000000000000000000000055EC6B07900000000000000000000000000000000000000000000003F00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-worker0707010000006C000041ED0000000000000000000000025EC6B07900000000000000000000000000000000000000000000004800000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-worker/defaults0707010000006D000081A40000000000000000000000015EC6B079000002E9000000000000000000000000000000000000005100000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-worker/defaults/main.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # This file will contain the default values for the octavia server --- octavia_component: octavia-worker 0707010000006E000041ED0000000000000000000000025EC6B07900000000000000000000000000000000000000000000004500000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-worker/tasks0707010000006F000081A40000000000000000000000015EC6B07900000480000000000000000000000000000000000000005300000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-worker/tasks/configure.yml# # (c) Copyright 2016-2017 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - include: ../../octavia-common/tasks/create_systemd_service.yml octavia_service_cmd: "octavia-worker" octavia_service_cmd_args: "--config-file={{ octavia_conf_dir }}/octavia-worker.conf" - name: octavia-worker | configure | set octavia log file ownership become: yes file: path: "{{ octavia_log_dir }}/{{ item }}" owner: "{{ octavia_user }}" group: "{{ octavia_log_file_group }}" mode: 0640 state: touch with_items: - octavia-worker.log - octavia-worker-json.log 07070100000070000081A40000000000000000000000015EC6B07900000457000000000000000000000000000000000000004F00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-worker/tasks/start.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: octavia-worker | start | Restart the octavia-worker service: name=octavia-worker state=restarted when: (ardana_notify_octavia_restart_required is defined and ardana_notify_octavia_restart_required.changed) or (ardana_notify_octavia_worker_restart_required is defined and ardana_notify_octavia_worker_restart_required.changed) - name: octavia-worker | start | Start the octavia-worker service: name=octavia-worker state=started 07070100000071000081A40000000000000000000000015EC6B079000002BE000000000000000000000000000000000000005000000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-worker/tasks/status.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - include: ../../octavia-common/tasks/_service_status.yml 07070100000072000081A40000000000000000000000015EC6B079000002E9000000000000000000000000000000000000004E00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-worker/tasks/stop.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- - name: octavia-worker | stop | Stop the octavia-worker service: name=octavia-worker state=stopped 07070100000073000041ED0000000000000000000000025EC6B07900000000000000000000000000000000000000000000004400000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-worker/vars07070100000074000081A40000000000000000000000015EC6B07900000283000000000000000000000000000000000000004D00000000ardana-octavia-9.0+git.1590079609.a2ae6ab/roles/octavia-worker/vars/main.yml# # (c) Copyright 2016 Hewlett Packard Enterprise Development LP # (c) Copyright 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # --- 07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000B00000000TRAILER!!!370 blocks
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor