From 639c11f38b47b0c4fdc7c35c33631a8cf2b19163 Mon Sep 17 00:00:00 2001 From: Miguel Alex Cantu Date: Wed, 7 Oct 2015 21:16:55 +0000 Subject: [PATCH] Seperated out Telemetry Alarming (Aodh) The alarming function of Telemetry has been seperated out by design. This patchset creates new containers for these alarming services and deploys them accordingly. See: http://lists.openstack.org/pipermail/openstack-dev/2015-September/073897.html DocImpact UpgradeImpact Implements: blueprint liberty-release Change-Id: I25294a25afa76d4d8bddad0a51c48485f33a6d20 --- CONTRIBUTING.rst | 85 ++++++++++++ LICENSE | 202 +++++++++++++++++++++++++++++ README.rst | 24 ++++ defaults/main.yml | 94 ++++++++++++++ handlers/main.yml | 46 +++++++ meta/main.yml | 36 +++++ tasks/aodh_install.yml | 43 ++++++ tasks/aodh_messaging_setup.yml | 37 ++++++ tasks/aodh_post_install.yml | 42 ++++++ tasks/aodh_pre_install.yml | 82 ++++++++++++ tasks/aodh_service_add.yml | 89 +++++++++++++ tasks/aodh_service_setup.yml | 30 +++++ tasks/aodh_upstart_common_init.yml | 46 +++++++ tasks/aodh_upstart_init.yml | 58 +++++++++ tasks/main.yml | 23 ++++ templates/aodh-upstart-init.j2 | 42 ++++++ templates/aodh.conf.j2 | 53 ++++++++ templates/api_paste.ini.j2 | 18 +++ templates/policy.json | 21 +++ 19 files changed, 1071 insertions(+) create mode 100644 CONTRIBUTING.rst create mode 100644 LICENSE create mode 100644 README.rst create mode 100644 defaults/main.yml create mode 100644 handlers/main.yml create mode 100644 meta/main.yml create mode 100644 tasks/aodh_install.yml create mode 100644 tasks/aodh_messaging_setup.yml create mode 100644 tasks/aodh_post_install.yml create mode 100644 tasks/aodh_pre_install.yml create mode 100644 tasks/aodh_service_add.yml create mode 100644 tasks/aodh_service_setup.yml create mode 100644 tasks/aodh_upstart_common_init.yml create mode 100644 tasks/aodh_upstart_init.yml create mode 100644 tasks/main.yml create mode 100644 templates/aodh-upstart-init.j2 create mode 100644 templates/aodh.conf.j2 create mode 100644 templates/api_paste.ini.j2 create mode 100644 templates/policy.json diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst new file mode 100644 index 0000000..587887a --- /dev/null +++ b/CONTRIBUTING.rst @@ -0,0 +1,85 @@ +OpenStack aodh +############## +:tags: openstack, aodh, cloud, ansible +:category: \*nix + +contributor guidelines +^^^^^^^^^^^^^^^^^^^^^^ + +Filing Bugs +----------- + +Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible" + + +When submitting a bug, or working on a bug, please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * Steps to reproduce the problem if possible. + + +Submitting Code +--------------- + +Changes to the project should be submitted for review via the Gerrit tool, following +the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow" + +Pull requests submitted through GitHub will be ignored and closed without regard. + + +Extra +----- + +Tags: + If it's a bug that needs fixing in a branch in addition to Master, add a '\-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete. + +Status: + Please leave this alone, it should be New till someone triages the issue. + +Importance: + Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures. + + +Style guide +----------- + +When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format. + +Example YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: + thing1: "some-stuff" + thing2: "some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Example **NOT** in YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: thing1="some-stuff" thing2="some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module. + + +Issues +------ + +When submitting an issue, or working on an issue please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * If the issue is a bug that needs fixing in a branch other than Master, add the ‘backport potential’ tag TO THE ISSUE (not the PR). + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * If the issue is needed for a hotfix release, add the 'expedite' label. + * Steps to reproduce the problem if possible. diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..e06d208 --- /dev/null +++ b/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/README.rst b/README.rst new file mode 100644 index 0000000..daeef61 --- /dev/null +++ b/README.rst @@ -0,0 +1,24 @@ +OpenStack Aodh +############## +:tags: openstack, ceilometer, cloud, ansible, aodh +:category: \*nix + +Role to install aodh as the alarm functionality of Telemetry + +This role will install the following: + * aodh-api + * aodh-listener + * aodh-alarm-evaluator + * aodh-alarm-notifier + +.. code-block:: yaml + + - name: Install aodh services + hosts: aodh_all + user: root + roles: + - { role: "os_aodh", tags: [ "os-aodh" ] } + vars: + external_lb_vip_address: 172.16.24.1 + internal_lb_vip_address: 192.168.0.1 + galera_address: "{{ internal_lb_vip_address }}" diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..08ba6d6 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,94 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +## Verbosity Options +debug: False +verbose: False + +## System info +aodh_system_user_name: aodh +aodh_system_group_name: aodh +aodh_system_shell: /bin/false +aodh_system_comment: aodh system user +aodh_system_user_home: "/var/lib/{{ aodh_system_user_name }}" + +## DB info +aodh_database_name: aodh +aodh_database_user: aodh +aodh_db_type: mongodb +aodh_db_ip: localhost +aodh_db_port: 27017 +aodh_connection_string: "{{ aodh_db_type }}://{{ aodh_database_user }}:{{ aodh_container_db_password }}@{{ aodh_db_ip }}:{{ aodh_db_port }}/{{ aodh_database_name }}" + +## RabbitMQ info +aodh_rabbitmq_userid: aodh +aodh_rabbitmq_vhost: /aodh + + +#Aodh services info +aodh_role_name: admin + +aodh_alarm_notifier_program_name: aodh-alarm-notifier +aodh_alarm_evaluator_program_name: aodh-alarm-evaluator +aodh_listener_program_name: aodh-listener +aodh_api_program_name: aodh-api + +## Service Type and Data +aodh_service_region: RegionOne +aodh_service_endpoint_type: internalURL +aodh_service_name: aodh +aodh_service_port: 8042 +aodh_service_proto: http +aodh_service_type: alarming +aodh_service_description: "Telemetry" +aodh_service_project_domain_id: default +aodh_service_user_domain_id: default +aodh_service_user_name: aodh +aodh_keystone_auth_plugin: password +aodh_service_tenant_name: service +aodh_service_project_name: service +aodh_service_publicuri: "{{ aodh_service_proto }}://{{ external_lb_vip_address }}:{{ aodh_service_port }}" +aodh_service_publicurl: "{{ aodh_service_publicuri }}" +aodh_service_internaluri: "{{ aodh_service_proto }}://{{ internal_lb_vip_address }}:{{ aodh_service_port }}" +aodh_service_internalurl: "{{ aodh_service_internaluri }}" +aodh_service_adminuri: "{{ aodh_service_proto }}://{{ internal_lb_vip_address }}:{{ aodh_service_port }}" +aodh_service_adminurl: "{{ aodh_service_adminuri }}" + +# Common apt packages +aodh_apt_packages: + - rpcbind + +# Common pip packages +aodh_pip_packages: + - aodh + - python-ceilometerclient + - ceilometermiddleware + - MySQL-python + - python-memcached + - pycrypto + - warlock + - pymongo + +## Service Names +aodh_service_names: + - "aodh-api" + - "aodh-alarm-notifier" + - "aodh-alarm-evaluator" + - "aodh-listener" + +## Tunable overrides +aodh_policy_overrides: {} +aodh_aodh_conf_overrides: {} +aodh_api_paste_ini_overrides: {} diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..bc9c136 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,46 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Restart aodh api + service: + name: "{{ aodh_api_program_name }}" + state: "restarted" + pattern: "{{ aodh_api_program_name }}" + +- name: Restart aodh alarm_notifier + service: + name: "{{ aodh_alarm_notifier_program_name }}" + state: "restarted" + pattern: "{{ aodh_alarm_notifier_program_name }}" + +- name: Restart aodh alarm_evaluator + service: + name: "{{ aodh_alarm_evaluator_program_name }}" + state: "restarted" + pattern: "{{ aodh_alarm_evaluator_program_name }}" + +- name: Restart aodh listener + service: + name: "{{ aodh_listener_program_name }}" + state: "restarted" + pattern: "{{ aodh_listener_program_name }}" + +- name: Restart aodh services + service: + name: "{{ item }}" + state: "restarted" + pattern: "{{ item }}" + with_items: aodh_service_names + failed_when: false diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..0c45c56 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,36 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +galaxy_info: + author: rcbops + description: Installation and setup of aodh + company: Rackspace + license: Apache2 + min_ansible_version: 1.9.2 + platforms: + - name: Ubuntu + versions: + - trusty + categories: + - cloud + - python + - ceilometer + - aodh + - development + - openstack +dependencies: + - apt_package_pinning + - openstack_openrc + - pip_lock_down diff --git a/tasks/aodh_install.yml b/tasks/aodh_install.yml new file mode 100644 index 0000000..f4f5e9a --- /dev/null +++ b/tasks/aodh_install.yml @@ -0,0 +1,43 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install apt packages + apt: + pkg: "{{ item }}" + state: latest + update_cache: yes + cache_valid_time: 600 + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: aodh_apt_packages + tags: + - aodh-apt-packages + + +- name: Install pip packages + pip: + name: "{{ item }}" + state: present + extra_args: "{{ pip_install_options|default('') }}" + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: + - "{{ aodh_pip_packages }}" + tags: + - aodh-pip-packages diff --git a/tasks/aodh_messaging_setup.yml b/tasks/aodh_messaging_setup.yml new file mode 100644 index 0000000..ddb2cc2 --- /dev/null +++ b/tasks/aodh_messaging_setup.yml @@ -0,0 +1,37 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Ensure Rabbitmq vhost + rabbitmq_vhost: + name: "{{ aodh_rabbitmq_vhost }}" + state: "present" + delegate_to: "{{ groups['rabbitmq_all'][0] }}" + tags: + - aodh-rabbitmq + - aodh-rabbitmq-vhost + +- name: Ensure rabbitmq user + rabbitmq_user: + user: "{{ aodh_rabbitmq_userid }}" + password: "{{ aodh_rabbitmq_password }}" + vhost: "{{ aodh_rabbitmq_vhost }}" + configure_priv: ".*" + read_priv: ".*" + write_priv: ".*" + state: "present" + delegate_to: "{{ groups['rabbitmq_all'][0] }}" + tags: + - aodh-rabbitmq + - aodh-rabbitmq-user diff --git a/tasks/aodh_post_install.yml b/tasks/aodh_post_install.yml new file mode 100644 index 0000000..9345d57 --- /dev/null +++ b/tasks/aodh_post_install.yml @@ -0,0 +1,42 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Copy aodh config + config_template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ aodh_system_user_name }}" + group: "{{ aodh_system_group_name }}" + mode: "0644" + config_overrides: "{{ item.config_overrides }}" + config_type: "{{ item.config_type }}" + with_items: + - src: "aodh.conf.j2" + dest: "/etc/aodh/aodh.conf" + config_overrides: "{{ aodh_aodh_conf_overrides }}" + config_type: "ini" + - src: "api_paste.ini.j2" + dest: "/etc/aodh/api_paste.ini" + config_overrides: "{{ aodh_api_paste_ini_overrides }}" + config_type: "ini" + - src: "policy.json" + dest: "/etc/aodh/policy.json" + config_overrides: "{{ aodh_policy_overrides }}" + config_type: "json" + notify: Restart aodh services + tags: + - aodh-config + - aodh-post-install + diff --git a/tasks/aodh_pre_install.yml b/tasks/aodh_pre_install.yml new file mode 100644 index 0000000..d31aa14 --- /dev/null +++ b/tasks/aodh_pre_install.yml @@ -0,0 +1,82 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create the system group + group: + name: "{{ aodh_system_group_name }}" + state: "present" + system: "yes" + tags: + - aodh-group + +- name: Create the aodh system user + user: + name: "{{ aodh_system_user_name }}" + group: "{{ aodh_system_group_name }}" + comment: "{{ aodh_system_comment }}" + shell: "{{ aodh_system_shell }}" + system: "yes" + createhome: "yes" + home: "{{ aodh_system_user_home }}" + tags: + - aodh-user + +- name: Create aodh dir + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner|default(aodh_system_user_name) }}" + group: "{{ item.group|default(aodh_system_group_name) }}" + mode: "{{ item.mode|default('0755') }}" + with_items: + - { path: "/etc/aodh" } + - { path: "{{ aodh_system_user_home }}" } + - { path: "{{ aodh_system_user_home }}/.ssh", mode: "0700" } + - { path: "/var/cache/aodh", mode: "0700" } + tags: + - aodh-dirs + +- name: Test for log directory or link + shell: | + if [ -h "/var/log/aodh" ]; then + chown -h {{ aodh_system_user_name }}:{{ aodh_system_group_name }} "/var/log/aodh" + chown -R {{ aodh_system_user_name }}:{{ aodh_system_group_name }} "$(readlink /var/log/aodh)" + else + exit 1 + fi + register: log_dir + failed_when: false + changed_when: log_dir.rc != 0 + tags: + - aodh-dirs + - aodh-logs + +- name: Create aodh log dir + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner|default(aodh_system_user_name) }}" + group: "{{ item.group|default(aodh_system_group_name) }}" + mode: "{{ item.mode|default('0755') }}" + with_items: + - { path: "/var/log/aodh" } + when: log_dir.rc != 0 + tags: + - aodh-dirs + - aodh-logs + +- include: aodh_messaging_setup.yml + when: > + inventory_hostname == groups['aodh_api'][0] diff --git a/tasks/aodh_service_add.yml b/tasks/aodh_service_add.yml new file mode 100644 index 0000000..31761a4 --- /dev/null +++ b/tasks/aodh_service_add.yml @@ -0,0 +1,89 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Ensure aodh service + keystone: + command: "ensure_service" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + service_name: "{{ service_name }}" + service_type: "{{ service_type }}" + description: "{{ service_description }}" + register: add_service + until: add_service|success + retries: 5 + delay: 2 + tags: + - aodh-setup + - aodh-service-add + +- name: Ensure aodh user + keystone: + command: "ensure_user" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + user_name: "{{ service_user_name }}" + tenant_name: "{{ service_tenant_name }}" + role_name: "{{ role_name }}" + password: "{{ aodh_service_password }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - aodh-setup + - aodh-service-add + +- name: Ensure aodh user to admin role + keystone: + command: "ensure_user_role" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + user_name: "{{ aodh_service_user_name }}" + tenant_name: "{{ aodh_service_project_name }}" + role_name: "{{ aodh_role_name }}" + register: add_admin_role + until: add_admin_role|success + retries: 5 + delay: 10 + tags: + - aodh-api-setup + - aodh-service-add + - aodh-setup + + +# Create an endpoint +- name: Ensure aodh endpoint + keystone: + command: "ensure_endpoint" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + region_name: "{{ service_region }}" + service_name: "{{ service_name }}" + service_type: "{{ service_type }}" + endpoint_list: + - url: "{{ service_publicurl }}" + interface: "public" + - url: "{{ service_adminurl }}" + interface: "admin" + - url: "{{ service_internalurl }}" + interface: "internal" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - aodh-setup + - aodh-service-add diff --git a/tasks/aodh_service_setup.yml b/tasks/aodh_service_setup.yml new file mode 100644 index 0000000..b0f0d98 --- /dev/null +++ b/tasks/aodh_service_setup.yml @@ -0,0 +1,30 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: aodh_service_add.yml + vars: + service_user_name: "{{ aodh_service_user_name }}" + service_tenant_name: "{{ aodh_service_tenant_name }}" + service_name: "{{ aodh_service_name }}" + service_type: "{{ aodh_service_type }}" + service_region: "{{aodh_service_region }}" + service_description: "{{ aodh_service_description }}" + service_password: "{{ aodh_service_password }}" + service_internalurl: "{{ aodh_service_internalurl }}" + service_publicurl: "{{ aodh_service_publicurl }}" + service_adminurl: "{{ aodh_service_adminurl }}" + role_name: "{{ aodh_role_name }}" + tags: + - aodh-add-service diff --git a/tasks/aodh_upstart_common_init.yml b/tasks/aodh_upstart_common_init.yml new file mode 100644 index 0000000..c05ab02 --- /dev/null +++ b/tasks/aodh_upstart_common_init.yml @@ -0,0 +1,46 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Place the init script + template: + src: "aodh-upstart-init.j2" + dest: "/etc/init/{{ program_name }}.conf" + mode: "0644" + owner: "root" + group: "root" + notify: + - Restart aodh services + tags: + - upstart-init + - aodh-init + +- name: Reload init scripts + shell: | + initctl reload-configuration + notify: + - Restart aodh services + tags: + - upstart-init + - aodh-init + +- name: Load service + service: + name: "{{ program_name }}" + enabled: "yes" + notify: + - Restart aodh services + tags: + - upstart-init + - aodh-init diff --git a/tasks/aodh_upstart_init.yml b/tasks/aodh_upstart_init.yml new file mode 100644 index 0000000..f53eb79 --- /dev/null +++ b/tasks/aodh_upstart_init.yml @@ -0,0 +1,58 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: aodh_upstart_common_init.yml + vars: + program_name: "{{ aodh_alarm_notifier_program_name }}" + service_name: "{{ aodh_service_name }}" + system_user: "{{ aodh_system_user_name }}" + system_group: "{{ aodh_system_group_name }}" + service_home: "{{ aodh_system_user_home }}" + when: inventory_hostname in groups['aodh_alarm_notifier'] + tags: + - aodh-alarm-notifier-init + +- include: aodh_upstart_common_init.yml + vars: + program_name: "{{ aodh_alarm_evaluator_program_name }}" + service_name: "{{ aodh_service_name }}" + system_user: "{{ aodh_system_user_name }}" + system_group: "{{ aodh_system_group_name }}" + service_home: "{{ aodh_system_user_home }}" + when: inventory_hostname in groups['aodh_alarm_evaluator'] + tags: + - aodh-alarm-evaluator-init + +- include: aodh_upstart_common_init.yml + vars: + program_name: "{{ aodh_api_program_name }}" + service_name: "{{ aodh_service_name }}" + system_user: "{{ aodh_system_user_name }}" + system_group: "{{ aodh_system_group_name }}" + service_home: "{{ aodh_system_user_home }}" + when: inventory_hostname in groups['aodh_api'] + tags: + - aodh-api-init + +- include: aodh_upstart_common_init.yml + vars: + program_name: "{{ aodh_listener_program_name }}" + service_name: "{{ aodh_service_name }}" + system_user: "{{ aodh_system_user_name }}" + system_group: "{{ aodh_system_group_name }}" + service_home: "{{ aodh_system_user_home }}" + when: inventory_hostname in groups['aodh_listener'] + tags: + - aodh-listener-init diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..96a33e6 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,23 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: aodh_pre_install.yml +- include: aodh_install.yml +- include: aodh_post_install.yml +- include: aodh_upstart_init.yml + +- include: aodh_service_setup.yml + when: > + inventory_hostname == groups['aodh_api'][0] diff --git a/templates/aodh-upstart-init.j2 b/templates/aodh-upstart-init.j2 new file mode 100644 index 0000000..9455552 --- /dev/null +++ b/templates/aodh-upstart-init.j2 @@ -0,0 +1,42 @@ +# {{ ansible_managed }} + +# vim:set ft=upstart ts=2 et: + +description "{{ program_name }}" +author "Kevin Carter " + +start on runlevel [2345] +stop on runlelvel [016] + +respawn +respawn limit 10 5 + +# Set the RUNBIN environment variable +env RUNBIN="/usr/local/bin/{{ program_name }}" + +# Change directory to service users home +chdir "{{ service_home }}" + +# Pre start actions +pre-start script + mkdir -p "/var/run/{{ program_name }}" + chown {{ system_user }}:{{ system_group }} "/var/run/{{ program_name }}" + + mkdir -p "/var/lock/{{ program_name }}" + chown {{ system_user }}:{{ system_group }} "/var/lock/{{ program_name }}" +end script + +# Post stop actions +post-stop script + rm "/var/run/{{ program_name }}/{{ program_name }}.pid" +end script + +# Run the start up job +exec start-stop-daemon --start \ + --chuid {{ system_user }} \ + --make-pidfile \ + --pidfile /var/run/{{ program_name }}/{{ program_name }}.pid \ + --exec "{{ program_override|default('$RUNBIN') }}" \ + -- {{ program_config_options|default('') }} \ + --log-file=/var/log/{{ service_name }}/{{ program_name }}.log + diff --git a/templates/aodh.conf.j2 b/templates/aodh.conf.j2 new file mode 100644 index 0000000..4bca3ad --- /dev/null +++ b/templates/aodh.conf.j2 @@ -0,0 +1,53 @@ +#{{ ansible_managed}} + +[DEFAULT] +auth_strategy = keystone +rpc_backend = rabbit +verbose = {{ verbose }} +debug = {{ debug }} + +[oslo_messaging_rabbit] +rpc_backend = rabbit +rabbit_port = {{ rabbitmq_port }} +rabbit_userid = {{ aodh_rabbitmq_userid }} +rabbit_password = {{ aodh_rabbitmq_password }} +rabbit_virtual_host = {{ aodh_rabbitmq_vhost }} +rabbit_hosts = {{ rabbitmq_servers }} + +[api] +port = {{ aodh_service_port }} + +[database] +connection = {{ aodh_connection_string }} + +[keystone_authtoken] +insecure = {{ keystone_service_internaluri_insecure | bool }} +auth_plugin = {{ aodh_keystone_auth_plugin }} +signing_dir = {{ aodh_system_user_home }}/cache/api +auth_url = {{ keystone_service_adminuri }} +auth_uri = {{ keystone_service_internaluri }} +project_domain_id = {{ aodh_service_project_domain_id }} +user_domain_id = {{ aodh_service_user_domain_id }} +project_name = {{ aodh_service_project_name }} +username = {{ aodh_service_user_name }} +password = {{ aodh_service_password }} + +memcached_servers = {{ memcached_servers }} + +token_cache_time = 300 +revocation_cache_time = 60 + +# if your memcached server is shared, use these settings to avoid cache poisoning +memcache_security_strategy = ENCRYPT +memcache_secret_key = {{ memcached_encryption_key }} + +# if your keystone deployment uses PKI, and you value security over performance: +check_revocations_for_cached = False + +[service_credentials] +os_auth_url = {{ keystone_service_internalurl }} +os_username = {{ aodh_service_user_name }} +os_tenant_name = {{ aodh_service_tenant_name }} +os_password = {{ aodh_service_password }} +os_region_name = {{ aodh_service_region }} +os_endpoint_type = {{ aodh_service_endpoint_type }} diff --git a/templates/api_paste.ini.j2 b/templates/api_paste.ini.j2 new file mode 100644 index 0000000..4611f62 --- /dev/null +++ b/templates/api_paste.ini.j2 @@ -0,0 +1,18 @@ +# aodh API WSGI Pipeline +# Define the filters that make up the pipeline for processing WSGI requests +# Note: This pipeline is PasteDeploy's term rather than aodh's pipeline +# used for processing samples + +# Remove authtoken from the pipeline if you don't want to use keystone authentication +[pipeline:main] +pipeline = request_id authtoken api-server + +[app:api-server] +paste.app_factory = aodh.api.app:app_factory + +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory +oslo_config_project = aodh + +[filter:request_id] +paste.filter_factory = oslo_middleware:RequestId.factory diff --git a/templates/policy.json b/templates/policy.json new file mode 100644 index 0000000..4950c51 --- /dev/null +++ b/templates/policy.json @@ -0,0 +1,21 @@ +{ + "context_is_admin": "role:admin", + "context_is_project": "project_id:%(target.project_id)s", + "context_is_owner": "user_id:%(target.user_id)s", + "segregation": "rule:context_is_admin", + "service_role": "role:service", + "iaas_role": "role:iaas", + + "telemetry:get_alarm": "rule:context_is_admin", + "telemetry:query_alarm": "rule:context_is_admin", + "telemetry:get_alarm_state": "rule:context_is_admin", + "telemetry:get_alarms": "rule:context_is_admin", + "telemetry:create_alarm": "rule:context_is_admin", + "telemetry:set_alarm": "rule:context_is_admin", + "telemetry:delete_alarm": "rule:context_is_admin", + + "telemetry:alarm_history": "rule:context_is_admin", + "telemetry:change_alarm_state": "rule:context_is_admin", + "telemetry:query_alarm_history": "rule:context_is_admin" +} +