diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 88d6de0..b2d98d6 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -31,12 +31,20 @@ cinder_api_port: "8776" # Trove trove_api_port: "8779" +# Zaqar +zaqar_port: "8889" +zaqar_mongodb_nodes: "" +mongo_primary_node: "" + # Neutron neutron_api_port: "9696" # RabbitMQ rabbit_port: "5673" +# MongoDB +mongo_port: "27017" + # Docker registry eayunstack_registry_port: "5010" docker_registry: "{{ master_ip }}:{{eayunstack_registry_port}}" diff --git a/ansible/passwords.yml b/ansible/passwords.yml index 6ae778f..ba7d9b9 100644 --- a/ansible/passwords.yml +++ b/ansible/passwords.yml @@ -1,2 +1,4 @@ trove_database_password: trove_keystone_password: +zaqar_database_password: +zaqar_keystone_password: diff --git a/ansible/roles/fuel/defaults/main.yml b/ansible/roles/fuel/defaults/main.yml index 50f4865..b9d2063 100644 --- a/ansible/roles/fuel/defaults/main.yml +++ b/ansible/roles/fuel/defaults/main.yml @@ -25,6 +25,10 @@ eayunstack_docker_images: image_name: "{{ eayunstack_docker_prefix }}/trove-db-sync" file_name: "eayunstack_trove_db_sync.latest" push: "True" + zaqar_server: + image_name: "{{ eayunstack_docker_prefix }}/zaqar-base" + file_name: "eayunstack_zaqar_server.latest" + push: "True" eayunstack_registry_diretory: "/var/lib/eayunstack-registry" eayunstack_registry_port: "5010" diff --git a/ansible/roles/haproxy/defaults/main.yml b/ansible/roles/haproxy/defaults/main.yml index d9ab424..6ba8c58 100644 --- a/ansible/roles/haproxy/defaults/main.yml +++ b/ansible/roles/haproxy/defaults/main.yml @@ -1,2 +1,3 @@ --- trove_haproxy_order: "300" +zaqar_haproxy_order: "301" diff --git a/ansible/roles/haproxy/tasks/main.yml b/ansible/roles/haproxy/tasks/main.yml index f7804c0..1cc2877 100644 --- a/ansible/roles/haproxy/tasks/main.yml +++ b/ansible/roles/haproxy/tasks/main.yml @@ -4,3 +4,9 @@ src: "trove-api-haproxy.conf.j2" dest: "{{ haproxy_config_base }}/{{ trove_haproxy_order }}-trove-api.cfg" notify: Reload HAProxy + +- name: Copying over zaqar haproxy conf files + template: + src: "zaqar-server-haproxy.conf.j2" + dest: "{{ haproxy_config_base }}/{{ zaqar_haproxy_order }}-zaqar-server.cfg" + notify: Reload HAProxy diff --git a/ansible/roles/haproxy/templates/zaqar-server-haproxy.conf.j2 b/ansible/roles/haproxy/templates/zaqar-server-haproxy.conf.j2 new file mode 100644 index 0000000..20c4ecf --- /dev/null +++ b/ansible/roles/haproxy/templates/zaqar-server-haproxy.conf.j2 @@ -0,0 +1,10 @@ +listen zaqar-server + bind {{ management_vip }}:{{ zaqar_port }} + bind {{ public_vip }}:{{ zaqar_port }} + mode http + option httpchk + option httplog + option httpclose +{% for host in groups['controller'] %} + server {{hostvars[host]['ansible_hostname']}} {{ hostvars[host]['ansible_' + hostvars[host]['network_scheme']['roles']['management']|replace('-', '_')]['ipv4']['address'] }}:{{zaqar_port}} check inter 10s fastinter 2s downinter 3s rise 3 fall 3 +{% endfor %} diff --git a/ansible/roles/zaqar/defaults/main.yml b/ansible/roles/zaqar/defaults/main.yml new file mode 100644 index 0000000..15c4ed5 --- /dev/null +++ b/ansible/roles/zaqar/defaults/main.yml @@ -0,0 +1,44 @@ +--- +project_name: zaqar + +zaqar_sys_uid: 971 +zaqar_sys_gid: 971 +zaqar_sys_homedir: "/var/lib/zaqar" + +zaqar_services: + zaqar-server: + container_name: zaqar_server + image: "{{ zaqar_base_image }}" + volumes: + - "{{ zaqar_sys_homedir }}:{{ zaqar_sys_homedir }}" + - "{{ eayunstack_config_base }}/{{ project_name }}:{{ zaqar_config_diretory }}:ro" + - "{{ timezone_path }}:/etc/localtime:ro" + - "{{ eayunstack_log_base }}/{{ project_name }}:{{ zaqar_log_directory }}" + +zaqar_config_diretory: /etc/zaqar +zaqar_config_files: + zaqar.conf: + handlers: + - Restart zaqar-server container + uwsgi.conf: + handlers: + - Restart zaqar-server container + +zaqar_public_endpoint: "http://{{ public_vip }}:{{ zaqar_port }}" +zaqar_internal_endpoint: "http://{{ management_vip }}:{{ zaqar_port }}" +zaqar_admin_endpoint: "http://{{ management_vip }}:{{ zaqar_port }}" + +zaqar_endpoints: + publicurl: "{{ zaqar_public_endpoint }}" + internalurl: "{{ zaqar_internal_endpoint }}" + adminurl: "{{ zaqar_admin_endpoint }}" + +zaqar_log_directory: "/var/log/{{ project_name }}" +zaqar_logging_debug: "True" +zaqar_mongodb_uri: "mongodb+replicaSet://zaqar:{{ zaqar_database_password }}@{{ zaqar_mongodb_nodes }}" + +zaqar_base_image: "{{ docker_registry }}/{{ eayunstack_docker_prefix }}/zaqar-base" + +zaqar_logrotate_conf: + rotate: "4" + minsize: "30M" diff --git a/ansible/roles/zaqar/files/logging.conf b/ansible/roles/zaqar/files/logging.conf new file mode 100644 index 0000000..83a7040 --- /dev/null +++ b/ansible/roles/zaqar/files/logging.conf @@ -0,0 +1,49 @@ +[loggers] +keys=root,server,combined + +[formatters] +keys=normal,normal_with_name,debug + +[handlers] +keys=production,file,devel + +[logger_root] +level=NOTSET +handlers=devel + +[logger_server] +level=DEBUG +handlers=devel +qualname=zaqar-server + +[logger_combined] +level=DEBUG +handlers=devel +qualname=zaqar-combined + +[handler_production] +class=handlers.SysLogHandler +level=ERROR +formatter=normal_with_name +args=(('localhost', handlers.SYSLOG_UDP_PORT), handlers.SysLogHandler.LOG_USER) + +[handler_file] +class=FileHandler +level=DEBUG +formatter=normal_with_name +args=('zaqar.log', 'w') + +[handler_devel] +class=StreamHandler +level=NOTSET +formatter=debug +args=(sys.stdout,) + +[formatter_normal] +format=%(asctime)s %(levelname)s %(message)s + +[formatter_normal_with_name] +format=(%(name)s): %(asctime)s %(levelname)s %(message)s + +[formatter_debug] +format=(%(name)s): %(asctime)s %(levelname)s %(module)s %(funcName)s %(message)s diff --git a/ansible/roles/zaqar/files/policy.json b/ansible/roles/zaqar/files/policy.json new file mode 100644 index 0000000..c2961f8 --- /dev/null +++ b/ansible/roles/zaqar/files/policy.json @@ -0,0 +1,61 @@ +{ + "context_is_admin": "role:admin", + "admin_or_owner": "is_admin:True or project_id:%(project_id)s", + "default": "rule:admin_or_owner", + + "queues:get_all": "", + "queues:create": "", + "queues:get": "", + "queues:delete": "", + "queues:update": "", + "queues:stats": "", + "queues:share": "", + "queues:purge": "", + + "topics:get_all": "", + "topics:create": "", + "topics:get": "", + "topics:delete": "", + "topics:update": "", + + "monitors:get_all": "", + "monitors:get": "", + + "messages:publish": "", + "messages:consume": "", + "messages:get_all": "", + "messages:create": "", + "messages:get": "", + "messages:delete": "", + "messages:delete_all": "", + "messages:consume_delete": "", + "messages:consume_delete_all": "", + + "claims:get_all": "", + "claims:create": "", + "claims:get": "", + "claims:delete": "", + "claims:update": "", + + "subscription:get_all": "", + "subscription:create": "", + "subscription:get": "", + "subscription:delete": "", + "subscription:update": "", + "subscription:confirm": "", + + "pools:get_all": "rule:context_is_admin", + "pools:create": "rule:context_is_admin", + "pools:get": "rule:context_is_admin", + "pools:delete": "rule:context_is_admin", + "pools:update": "rule:context_is_admin", + + "flavors:get_all": "", + "flavors:create": "rule:context_is_admin", + "flavors:get": "", + "flavors:delete": "rule:context_is_admin", + "flavors:update": "rule:context_is_admin", + + "ping:get": "", + "health:get": "rule:context_is_admin" +} diff --git a/ansible/roles/zaqar/handlers/main.yml b/ansible/roles/zaqar/handlers/main.yml new file mode 100644 index 0000000..f830f85 --- /dev/null +++ b/ansible/roles/zaqar/handlers/main.yml @@ -0,0 +1,19 @@ +--- +- name: Restart zaqar-server container + vars: + service_name: "zaqar-server" + service: "{{ zaqar_services[service_name] }}" + zaqar_conf: "{{ zaqar_confs.results|selectattr('item.key', 'match', 'zaqar.conf')|first }}" + uwsgi_conf: "{{ zaqar_confs.results|selectattr('item.key', 'match', 'uwsgi.conf')|first }}" + zaqar_server_container: "{{ check_zaqar_containers.results|selectattr('item.key', 'match', service_name)|first }}" + kolla_docker: + action: "recreate_or_restart_container" + name: "{{ service.container_name }}" + image: "{{ service.image }}" + volumes: "{{ service.volumes }}" + environment: + DAEMON: "zaqar-server" + restart_policy: "{{ docker_restart_policy }}" + when: zaqar_conf.changed | bool + or uwsgi_conf.changed | bool + or zaqar_server_container.changed | bool diff --git a/ansible/roles/zaqar/tasks/config.yml b/ansible/roles/zaqar/tasks/config.yml new file mode 100644 index 0000000..290caf2 --- /dev/null +++ b/ansible/roles/zaqar/tasks/config.yml @@ -0,0 +1,72 @@ +--- +- name: Ensuring system group exist + group: + name: zaqar + gid: "{{ zaqar_sys_gid }}" + +- name: Ensuring system user exist + user: + name: zaqar + comment: "zaqar Daemons" + uid: "{{ zaqar_sys_uid }}" + group: zaqar + groups: zaqar + home: "{{ zaqar_sys_homedir }}" + shell: "/sbin/nologin" + +- name: Ensuring config directory exist + file: + path: "{{ eayunstack_config_base }}/{{ project_name }}" + state: "directory" + recurse: yes + +- name: Ensuring log directory exist + file: + path: "{{ eayunstack_log_base }}/{{ project_name }}" + state: "directory" + owner: zaqar + +- name: Copy policy.json + copy: + src: policy.json + dest: "{{ eayunstack_config_base }}/{{ project_name }}/" + +- name: Copy logging.conf + copy: + src: logging.conf + dest: "{{ eayunstack_config_base }}/{{ project_name }}/" + +- name: Copy zaqar-logrotate config + template: + src: zaqar-logrotate.conf.j2 + dest: "/etc/logrotate.d/eayunstack-docker-{{ project_name }}" + +- name: Copying over zaqar conf files + template: + src: "{{ item.key }}.j2" + dest: "{{ eayunstack_config_base }}/{{ project_name }}/{{ item.key }}" + register: zaqar_confs + with_dict: "{{ zaqar_config_files }}" + notify: "{{ item.value.handlers | default([]) }}" + +- name: Check zaqar containers + kolla_docker: + action: "compare_container" + name: "{{ item.value.container_name }}" + image: "{{ item.value.image }}" + volumes: "{{ item.value.volumes }}" + restart_policy: "{{ docker_restart_policy }}" + with_dict: "{{ zaqar_services }}" + register: check_zaqar_containers + notify: + - "Restart {{ item.key }} container" + +- name: Ensuring iptables for zaqar + iptables: + action: insert + chain: INPUT + protocol: tcp + match: multiport + destination_port: "{{ zaqar_port }}" + jump: ACCEPT + notify: "Save iptables rules" diff --git a/ansible/roles/zaqar/tasks/main.yml b/ansible/roles/zaqar/tasks/main.yml new file mode 100644 index 0000000..6eec148 --- /dev/null +++ b/ansible/roles/zaqar/tasks/main.yml @@ -0,0 +1,46 @@ +- name: ensure zaqar tenant, user + run_once: True + keystone: + region_name: "{{ keystone_region }}" + endpoint: "{{ keystone_admin_endpoint_v3 }}" + token: "{{ keystone.admin_token }}" + command: "{{ item.command }}" + user_name: "zaqar" + password: "{{ zaqar_keystone_password }}" + project_name: "{{ item.tenant | default(None) }}" + role_name: "{{ item.role | default(None) }}" + service_name: "{{ item.service_name | default(None) }}" + service_type: "{{ item.service_type | default(None) }}" + description: "{{ item.description | default(None) }}" + with_items: + - { command: 'ensure_user' } + - { command: 'ensure_user_role', tenant: 'services', role: 'admin' } + - { command: 'ensure_service', service_name: 'zaqar', service_type: 'messaging', description: 'Zaqar Messaging Service' } + +- name: ensure zaqar endpoint + run_once: True + keystone_v2_endpoint: + region_name: "{{ keystone_region }}" + endpoint: "{{ keystone_admin_endpoint_v2 }}" + token: "{{ keystone.admin_token }}" + service_name: "zaqar" + service_type: "messaging" + endpoint_dict: "{{ zaqar_endpoints }}" + +#- name: Creating zaqar mongodb user and setting permissions +# mongodb_user: +# login_password: "{{ ceilometer.db_password }}" +# login_user: admin +# login_host: "{{ mongo_primary_node }}" +# database: admin +# name: zaqar +# password: "{{ zaqar_database_password }}" +# roles: root +# state: present + + +- include: pull.yml + +- include: config.yml + + diff --git a/ansible/roles/zaqar/tasks/pull.yml b/ansible/roles/zaqar/tasks/pull.yml new file mode 100644 index 0000000..a0d8fb1 --- /dev/null +++ b/ansible/roles/zaqar/tasks/pull.yml @@ -0,0 +1,6 @@ +--- +- name: Pulling zaqar images + kolla_docker: + action: "pull_image" + image: "{{ zaqar_base_image }}" + diff --git a/ansible/roles/zaqar/templates/uwsgi.conf.j2 b/ansible/roles/zaqar/templates/uwsgi.conf.j2 new file mode 100644 index 0000000..e67a214 --- /dev/null +++ b/ansible/roles/zaqar/templates/uwsgi.conf.j2 @@ -0,0 +1,7 @@ +[uwsgi] +strict = true +http = :{{ zaqar_port }} +processes = 32 +threads = 4 +wsgi-file = /usr/lib/python2.7/site-packages/zaqar/transport/wsgi/app.py +callable = app diff --git a/ansible/roles/zaqar/templates/zaqar-logrotate.conf.j2 b/ansible/roles/zaqar/templates/zaqar-logrotate.conf.j2 new file mode 100644 index 0000000..8184d25 --- /dev/null +++ b/ansible/roles/zaqar/templates/zaqar-logrotate.conf.j2 @@ -0,0 +1,8 @@ +{{ eayunstack_log_base }}/{{ project_name}}/*.log { + weekly + rotate {{ zaqar_logrotate_conf.rotate }} + minsize {{ zaqar_logrotate_conf.minsize }} + compress + missingok + notifempty +} diff --git a/ansible/roles/zaqar/templates/zaqar-server-haproxy.conf.j2 b/ansible/roles/zaqar/templates/zaqar-server-haproxy.conf.j2 new file mode 100644 index 0000000..20c4ecf --- /dev/null +++ b/ansible/roles/zaqar/templates/zaqar-server-haproxy.conf.j2 @@ -0,0 +1,10 @@ +listen zaqar-server + bind {{ management_vip }}:{{ zaqar_port }} + bind {{ public_vip }}:{{ zaqar_port }} + mode http + option httpchk + option httplog + option httpclose +{% for host in groups['controller'] %} + server {{hostvars[host]['ansible_hostname']}} {{ hostvars[host]['ansible_' + hostvars[host]['network_scheme']['roles']['management']|replace('-', '_')]['ipv4']['address'] }}:{{zaqar_port}} check inter 10s fastinter 2s downinter 3s rise 3 fall 3 +{% endfor %} diff --git a/ansible/roles/zaqar/templates/zaqar.conf.j2 b/ansible/roles/zaqar/templates/zaqar.conf.j2 new file mode 100644 index 0000000..e8dd270 --- /dev/null +++ b/ansible/roles/zaqar/templates/zaqar.conf.j2 @@ -0,0 +1,40 @@ +[DEFAULT] +auth_strategy = keystone +debug = {{ zaqar_logging_debug }} +unreliable = True +admin_mode = True +log_file = {{ zaqar_log_directory }}/zaqar-server.log +[keystone_authtoken] +auth_host = {{ management_vip }} +auth_port = {{ keystone_api_port }} +auth_protocol = http +admin_user = zaqar +admin_password = {{ zaqar_keystone_password }} +admin_tenant_name = services +token_cache_time = 3600 +[drivers] +transport = wsgi +message_store = mongodb +management_store = mongodb +[drivers:transport:wsgi] +bind = 0.0.0.0 +[drivers:management_store:mongodb] +uri = {{ zaqar_mongodb_uri }} +database = message_manage +[drivers:message_store:mongodb] +uri = {{ zaqar_mongodb_uri }} +database = message +[transport] +max_queues_per_page = 1000 +max_queue_metadata = 65536 +max_mesages_per_page = 10 +max_messages_post_size = 65536 +max_message_ttl = 1296000 +max_message_delay_ttl = 604800 +max_claim_ttl = 43200 +default_topic_message_ttl = 345600 +[storage] +message_pipeline = zaqar.notification.notifier +[notification] +max_notifier_workers = 100 +max_notifier_retries = 15 diff --git a/ansible/site.yml b/ansible/site.yml index 04ba229..01bb20d 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -19,6 +19,7 @@ roles: - trove - haproxy + - zaqar handlers: - name: Save iptables rules shell: |