[WIP]Add zaqar deploy ansible.

ansible/group_vars/all.yml

@@ -31,12 +31,20 @@ cinder_api_port: "8776"
 # Trove
 trove_api_port: "8779"
 
+# Zaqar
+zaqar_port: "8889"
+zaqar_mongodb_nodes: ""
+mongo_primary_node: ""
+
 # Neutron
 neutron_api_port: "9696"
 
 # RabbitMQ
 rabbit_port: "5673"
 
+# MongoDB
+mongo_port: "27017"
+
 # Docker registry
 eayunstack_registry_port: "5010"
 docker_registry: "{{ master_ip }}:{{eayunstack_registry_port}}"

ansible/passwords.yml

@@ -1,2 +1,4 @@
 trove_database_password:
 trove_keystone_password:
+zaqar_database_password:
+zaqar_keystone_password:

ansible/roles/fuel/defaults/main.yml

@@ -25,6 +25,10 @@ eayunstack_docker_images:
     image_name: "{{ eayunstack_docker_prefix }}/trove-db-sync"
     file_name: "eayunstack_trove_db_sync.latest"
     push: "True"
+  zaqar_server:
+    image_name: "{{ eayunstack_docker_prefix }}/zaqar-base"
+    file_name: "eayunstack_zaqar_server.latest"
+    push: "True"
 
 eayunstack_registry_diretory: "/var/lib/eayunstack-registry"
 eayunstack_registry_port: "5010"

ansible/roles/haproxy/defaults/main.yml

@@ -1,2 +1,3 @@
 ---
 trove_haproxy_order: "300"
+zaqar_haproxy_order: "301"

ansible/roles/haproxy/tasks/main.yml

@@ -4,3 +4,9 @@
     src: "trove-api-haproxy.conf.j2"
     dest: "{{ haproxy_config_base }}/{{ trove_haproxy_order }}-trove-api.cfg"
   notify: Reload HAProxy
+
+- name: Copying over zaqar haproxy conf files
+  template:
+    src: "zaqar-server-haproxy.conf.j2"
+    dest: "{{ haproxy_config_base }}/{{ zaqar_haproxy_order }}-zaqar-server.cfg"
+  notify: Reload HAProxy

ansible/roles/haproxy/templates/zaqar-server-haproxy.conf.j2

@@ -0,0 +1,10 @@
+listen zaqar-server
+  bind {{ management_vip }}:{{ zaqar_port }}
+  bind {{ public_vip }}:{{ zaqar_port }}
+  mode http
+  option  httpchk
+  option  httplog
+  option  httpclose
+{% for host in groups['controller'] %}
+  server {{hostvars[host]['ansible_hostname']}} {{ hostvars[host]['ansible_' + hostvars[host]['network_scheme']['roles']['management']|replace('-', '_')]['ipv4']['address'] }}:{{zaqar_port}}   check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+{% endfor %}

ansible/roles/zaqar/defaults/main.yml

@@ -0,0 +1,44 @@
+---
+project_name: zaqar
+
+zaqar_sys_uid: 971
+zaqar_sys_gid: 971
+zaqar_sys_homedir: "/var/lib/zaqar"
+
+zaqar_services:
+  zaqar-server:
+    container_name: zaqar_server
+    image: "{{ zaqar_base_image }}"
+    volumes:
+      - "{{ zaqar_sys_homedir }}:{{ zaqar_sys_homedir }}"
+      - "{{ eayunstack_config_base }}/{{ project_name }}:{{ zaqar_config_diretory }}:ro"
+      - "{{ timezone_path }}:/etc/localtime:ro"
+      - "{{ eayunstack_log_base }}/{{ project_name }}:{{ zaqar_log_directory }}"
+
+zaqar_config_diretory: /etc/zaqar
+zaqar_config_files:
+  zaqar.conf:
+    handlers:
+      - Restart zaqar-server container
+  uwsgi.conf:
+    handlers:
+      - Restart zaqar-server container
+
+zaqar_public_endpoint: "http://{{ public_vip }}:{{ zaqar_port }}"
+zaqar_internal_endpoint: "http://{{ management_vip }}:{{ zaqar_port }}"
+zaqar_admin_endpoint: "http://{{ management_vip }}:{{ zaqar_port }}"
+
+zaqar_endpoints:
+  publicurl: "{{ zaqar_public_endpoint }}"
+  internalurl: "{{ zaqar_internal_endpoint }}"
+  adminurl: "{{ zaqar_admin_endpoint }}"
+
+zaqar_log_directory: "/var/log/{{ project_name }}"
+zaqar_logging_debug: "True"
+zaqar_mongodb_uri: "mongodb+replicaSet://zaqar:{{ zaqar_database_password }}@{{ zaqar_mongodb_nodes }}"
+
+zaqar_base_image: "{{ docker_registry }}/{{ eayunstack_docker_prefix }}/zaqar-base"
+
+zaqar_logrotate_conf:
+  rotate: "4"
+  minsize: "30M"

ansible/roles/zaqar/files/logging.conf

@@ -0,0 +1,49 @@
+[loggers]
+keys=root,server,combined
+
+[formatters]
+keys=normal,normal_with_name,debug
+
+[handlers]
+keys=production,file,devel
+
+[logger_root]
+level=NOTSET
+handlers=devel
+
+[logger_server]
+level=DEBUG
+handlers=devel
+qualname=zaqar-server
+
+[logger_combined]
+level=DEBUG
+handlers=devel
+qualname=zaqar-combined
+
+[handler_production]
+class=handlers.SysLogHandler
+level=ERROR
+formatter=normal_with_name
+args=(('localhost', handlers.SYSLOG_UDP_PORT), handlers.SysLogHandler.LOG_USER)
+
+[handler_file]
+class=FileHandler
+level=DEBUG
+formatter=normal_with_name
+args=('zaqar.log', 'w')
+
+[handler_devel]
+class=StreamHandler
+level=NOTSET
+formatter=debug
+args=(sys.stdout,)
+
+[formatter_normal]
+format=%(asctime)s %(levelname)s %(message)s
+
+[formatter_normal_with_name]
+format=(%(name)s): %(asctime)s %(levelname)s %(message)s
+
+[formatter_debug]
+format=(%(name)s): %(asctime)s %(levelname)s %(module)s %(funcName)s %(message)s

ansible/roles/zaqar/files/policy.json

@@ -0,0 +1,61 @@
+{
+    "context_is_admin": "role:admin",
+    "admin_or_owner": "is_admin:True or project_id:%(project_id)s",
+    "default": "rule:admin_or_owner",
+
+    "queues:get_all": "",
+    "queues:create": "",
+    "queues:get": "",
+    "queues:delete": "",
+    "queues:update": "",
+    "queues:stats": "",
+    "queues:share": "",
+    "queues:purge": "",
+
+    "topics:get_all": "",
+    "topics:create": "",
+    "topics:get": "",
+    "topics:delete": "",
+    "topics:update": "",
+
+    "monitors:get_all": "",
+    "monitors:get": "",
+
+    "messages:publish": "",
+    "messages:consume": "",
+    "messages:get_all": "",
+    "messages:create": "",
+    "messages:get": "",
+    "messages:delete": "",
+    "messages:delete_all": "",
+    "messages:consume_delete": "",
+    "messages:consume_delete_all": "",
+
+    "claims:get_all": "",
+    "claims:create": "",
+    "claims:get": "",
+    "claims:delete": "",
+    "claims:update": "",
+
+    "subscription:get_all": "",
+    "subscription:create": "",
+    "subscription:get": "",
+    "subscription:delete": "",
+    "subscription:update": "",
+    "subscription:confirm": "",
+
+    "pools:get_all": "rule:context_is_admin",
+    "pools:create": "rule:context_is_admin",
+    "pools:get": "rule:context_is_admin",
+    "pools:delete": "rule:context_is_admin",
+    "pools:update": "rule:context_is_admin",
+
+    "flavors:get_all": "",
+    "flavors:create": "rule:context_is_admin",
+    "flavors:get": "",
+    "flavors:delete": "rule:context_is_admin",
+    "flavors:update": "rule:context_is_admin",
+
+    "ping:get": "",
+    "health:get": "rule:context_is_admin"
+}

ansible/roles/zaqar/handlers/main.yml

@@ -0,0 +1,19 @@
+---
+- name: Restart zaqar-server container
+  vars:
+    service_name: "zaqar-server"
+    service: "{{ zaqar_services[service_name] }}"
+    zaqar_conf: "{{ zaqar_confs.results|selectattr('item.key', 'match', 'zaqar.conf')|first }}"
+    uwsgi_conf: "{{ zaqar_confs.results|selectattr('item.key', 'match', 'uwsgi.conf')|first }}"
+    zaqar_server_container: "{{ check_zaqar_containers.results|selectattr('item.key', 'match', service_name)|first }}"
+  kolla_docker:
+    action: "recreate_or_restart_container"
+    name: "{{ service.container_name }}"
+    image: "{{ service.image }}"
+    volumes: "{{ service.volumes }}"
+    environment:
+      DAEMON: "zaqar-server"
+    restart_policy: "{{ docker_restart_policy }}"
+  when: zaqar_conf.changed | bool
+        or uwsgi_conf.changed | bool
+        or zaqar_server_container.changed | bool

ansible/roles/zaqar/tasks/config.yml

@@ -0,0 +1,72 @@
+---
+- name: Ensuring system group exist
+  group:
+    name: zaqar
+    gid: "{{ zaqar_sys_gid }}"
+
+- name: Ensuring system user exist
+  user:
+    name: zaqar
+    comment: "zaqar Daemons"
+    uid: "{{ zaqar_sys_uid }}"
+    group: zaqar
+    groups: zaqar
+    home: "{{ zaqar_sys_homedir }}"
+    shell: "/sbin/nologin"
+
+- name: Ensuring config directory exist
+  file:
+    path: "{{ eayunstack_config_base }}/{{ project_name }}"
+    state: "directory"
+    recurse: yes
+
+- name: Ensuring log directory exist
+  file:
+    path: "{{ eayunstack_log_base }}/{{ project_name }}"
+    state: "directory"
+    owner: zaqar
+
+- name: Copy policy.json
+  copy:
+    src: policy.json
+    dest: "{{ eayunstack_config_base }}/{{ project_name }}/"
+
+- name: Copy logging.conf
+  copy:
+    src: logging.conf
+    dest: "{{ eayunstack_config_base }}/{{ project_name }}/"
+
+- name: Copy zaqar-logrotate config
+  template:
+    src: zaqar-logrotate.conf.j2
+    dest: "/etc/logrotate.d/eayunstack-docker-{{ project_name }}"
+
+- name: Copying over zaqar conf files
+  template:
+    src: "{{ item.key }}.j2"
+    dest: "{{ eayunstack_config_base }}/{{ project_name }}/{{ item.key }}"
+  register: zaqar_confs
+  with_dict: "{{ zaqar_config_files }}"
+  notify: "{{ item.value.handlers | default([]) }}"
+
+- name: Check zaqar containers
+  kolla_docker:
+    action: "compare_container"
+    name: "{{ item.value.container_name }}"
+    image: "{{ item.value.image }}"
+    volumes: "{{ item.value.volumes }}"
+    restart_policy: "{{ docker_restart_policy }}"
+  with_dict: "{{ zaqar_services }}"
+  register: check_zaqar_containers
+  notify:
+    - "Restart {{ item.key }} container"
+
+- name: Ensuring iptables for zaqar
+  iptables:
+    action: insert
+    chain: INPUT
+    protocol: tcp
+    match: multiport
+    destination_port: "{{ zaqar_port }}"
+    jump: ACCEPT
+  notify: "Save iptables rules"

ansible/roles/zaqar/tasks/main.yml

@@ -0,0 +1,46 @@
+- name: ensure zaqar tenant, user
+  run_once: True
+  keystone:
+    region_name: "{{ keystone_region }}"
+    endpoint: "{{ keystone_admin_endpoint_v3 }}"
+    token: "{{ keystone.admin_token }}"
+    command: "{{ item.command }}"
+    user_name: "zaqar"
+    password: "{{ zaqar_keystone_password }}"
+    project_name: "{{ item.tenant | default(None) }}"
+    role_name: "{{ item.role | default(None) }}"
+    service_name: "{{ item.service_name | default(None) }}"
+    service_type: "{{ item.service_type | default(None) }}"
+    description: "{{ item.description | default(None) }}"
+  with_items:
+    - { command: 'ensure_user' }
+    - { command: 'ensure_user_role', tenant: 'services', role: 'admin' }
+    - { command: 'ensure_service', service_name: 'zaqar', service_type: 'messaging', description: 'Zaqar Messaging Service' }
+
+- name: ensure zaqar endpoint
+  run_once: True
+  keystone_v2_endpoint:
+    region_name: "{{ keystone_region }}"
+    endpoint: "{{ keystone_admin_endpoint_v2 }}"
+    token: "{{ keystone.admin_token }}"
+    service_name: "zaqar"
+    service_type: "messaging"
+    endpoint_dict: "{{ zaqar_endpoints }}"
+
+#- name: Creating zaqar mongodb user and setting permissions
+#  mongodb_user:
+#    login_password: "{{ ceilometer.db_password }}"
+#    login_user: admin
+#    login_host: "{{ mongo_primary_node }}"
+#    database: admin
+#    name: zaqar
+#    password: "{{ zaqar_database_password }}"
+#    roles: root
+#    state: present
+
+
+- include: pull.yml
+
+- include: config.yml
+
+

ansible/roles/zaqar/tasks/pull.yml

@@ -0,0 +1,6 @@
+---
+- name: Pulling zaqar images
+  kolla_docker:
+    action: "pull_image"
+    image: "{{ zaqar_base_image }}"
+

ansible/roles/zaqar/templates/uwsgi.conf.j2

@@ -0,0 +1,7 @@
+[uwsgi]
+strict = true
+http = :{{ zaqar_port }}
+processes = 32
+threads = 4
+wsgi-file = /usr/lib/python2.7/site-packages/zaqar/transport/wsgi/app.py
+callable = app

ansible/roles/zaqar/templates/zaqar-logrotate.conf.j2

@@ -0,0 +1,8 @@
+{{ eayunstack_log_base }}/{{ project_name}}/*.log {
+    weekly
+    rotate {{ zaqar_logrotate_conf.rotate }}
+    minsize {{ zaqar_logrotate_conf.minsize }}
+    compress
+    missingok
+    notifempty
+}

ansible/roles/zaqar/templates/zaqar-server-haproxy.conf.j2

@@ -0,0 +1,10 @@
+listen zaqar-server
+  bind {{ management_vip }}:{{ zaqar_port }}
+  bind {{ public_vip }}:{{ zaqar_port }}
+  mode http
+  option  httpchk
+  option  httplog
+  option  httpclose
+{% for host in groups['controller'] %}
+  server {{hostvars[host]['ansible_hostname']}} {{ hostvars[host]['ansible_' + hostvars[host]['network_scheme']['roles']['management']|replace('-', '_')]['ipv4']['address'] }}:{{zaqar_port}}   check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+{% endfor %}