OpenStack-Ansible sahara role

OpenStack-Ansible sahara role

This role installs the following Systemd services:

  • sahara-api
  • sahara-engine

To clone or view the source code for this repository, visit the role repository for os_sahara.

Default variables

## Verbosity Options
debug: False

# Set the host which will execute the shade modules
# for the service setup. The host must already have
# clouds.yaml properly configured.
sahara_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
sahara_service_setup_host_python_interpreter: "{{ openstack_service_setup_host_python_interpreter | default((sahara_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable'])) }}"

# Set the package install state for distribution and pip packages
# Options are 'present' and 'latest'
sahara_package_state: "latest"
sahara_pip_package_state: "latest"

sahara_git_repo: https://git.openstack.org/openstack/sahara
sahara_git_install_branch: 'stable/rocky'
sahara_developer_mode: false
sahara_developer_constraints:
  - "git+{{ sahara_git_repo }}@{{ sahara_git_install_branch }}#egg=sahara"

# Name of the virtual env to deploy into
sahara_venv_tag: untagged
sahara_bin: "/openstack/venvs/sahara-{{ sahara_venv_tag }}/bin"

sahara_etc_dir: "{{ sahara_bin | dirname }}/etc/sahara"

# venv_download, even when true, will use the fallback method of building the
# venv from scratch if the venv download fails.
sahara_venv_download: "{{ not sahara_developer_mode | bool }}"
sahara_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/sahara.tgz

sahara_db_config: /etc/sahara/sahara.conf

# Enable/Disable Ceilometer
sahara_ceilometer_enabled: False

sahara_profiler_enabled: False
sahara_fatal_deprecations: False

## System info
sahara_system_user_name: sahara
sahara_system_group_name: sahara
sahara_system_shell: /bin/false
sahara_system_comment: sahara system user
sahara_system_user_home: "/var/lib/{{ sahara_system_user_name }}"

sahara_engine_host: "{{ internal_lb_vip_address }}"

## Oslo Messaging Info
# RPC
sahara_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group | default('rabbitmq_all') }}"
sahara_oslomsg_rpc_setup_host: "{{ (sahara_oslomsg_rpc_host_group in groups) | ternary(groups[sahara_oslomsg_rpc_host_group][0], 'localhost') }}"
sahara_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport | default('rabbit') }}"
sahara_oslomsg_rpc_servers: "{{ oslomsg_rpc_servers | default('127.0.0.1') }}"
sahara_oslomsg_rpc_port: "{{ oslomsg_rpc_port | default('5672') }}"
sahara_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl | default(False) }}"
sahara_oslomsg_rpc_userid: sahara
sahara_oslomsg_rpc_vhost: /sahara

# Notify
sahara_oslomsg_notify_host_group: "{{ oslomsg_notify_host_group | default('rabbitmq_all') }}"
sahara_oslomsg_notify_setup_host: "{{ (sahara_oslomsg_notify_host_group in groups) | ternary(groups[sahara_oslomsg_notify_host_group][0], 'localhost') }}"
sahara_oslomsg_notify_transport: "{{ oslomsg_notify_transport | default('rabbit') }}"
sahara_oslomsg_notify_servers: "{{ oslomsg_notify_servers | default('127.0.0.1') }}"
sahara_oslomsg_notify_port: "{{ oslomsg_notify_port | default('5672') }}"
sahara_oslomsg_notify_use_ssl: "{{ oslomsg_notify_use_ssl | default(False) }}"
sahara_oslomsg_notify_userid: "{{ sahara_oslomsg_rpc_userid }}"
sahara_oslomsg_notify_password: "{{ sahara_oslomsg_rpc_password }}"
sahara_oslomsg_notify_vhost: "{{ sahara_oslomsg_rpc_vhost }}"

## (Qdrouterd) info
# TODO(ansmith): Change structure when more backends will be supported
sahara_oslomsg_amqp1_enabled: "{{ sahara_oslomsg_rpc_transport == 'amqp' }}"

## Database info
sahara_db_setup_host: "{{ ('galera_all' in groups) | ternary(groups['galera_all'][0], 'localhost') }}"
sahara_galera_address: "{{ galera_address | default('127.0.0.1') }}"
sahara_galera_database: sahara
sahara_galera_user: sahara
sahara_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
sahara_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}"

sahara_role_name: admin
sahara_api_bind_address: 0.0.0.0
sahara_api_service_port: 8386

## Service Type and Data
sahara_service_region: RegionOne
sahara_service_name: sahara
sahara_service_port: 8386
sahara_service_proto: http
sahara_service_engine_proto: "{{ sahara_service_proto }}"
sahara_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(sahara_service_proto) }}"
sahara_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(sahara_service_proto) }}"
sahara_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(sahara_service_proto) }}"
sahara_service_type: data-processing
sahara_service_description: "Sahara Data Processing Service"
sahara_service_user_name: sahara
sahara_service_project_name: service
sahara_service_project_domain_id: default
sahara_service_user_domain_id: default
sahara_service_project_domain_name: Default
sahara_service_user_domain_name: Default
sahara_service_publicuri: "{{ sahara_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ sahara_service_port }}"
sahara_service_internaluri: "{{ sahara_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ sahara_service_port }}"
sahara_service_adminuri: "{{ sahara_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ sahara_service_port }}"

## Keystone authentication middleware
sahara_keystone_auth_plugin: password

## Sahara config
sahara_use_floating_ips: False
sahara_use_namespaces: False
sahara_global_remote_threshold: 100
sahara_cluster_remote_threshold: 70
sahara_os_region_name: "{{ sahara_service_region }}"
sahara_default_ntp_server: "pool.ntp.org"

sahara_use_domain_for_proxy_users: True
sahara_proxy_user_domain_name: sahara_proxy
sahara_proxy_user_role_names: _member_

# Other plugins can be added to the system by simply extending the list `sahara_plugin_base`.
sahara_plugin_base:
  - vanilla
  - spark
  - cdh
  - ambari

sahara_plugin_loaded_base: "{% for plugin in sahara_plugin_base %}{{ plugin }}{% if not loop.last %},{% endif %}{% endfor %}"

## Cap the maximum number of threads / workers when a user value is unspecified.
sahara_api_workers_max: 16
sahara_api_workers: "{{ [[ansible_processor_vcpus|default(2) // 2, 1] | max, sahara_api_workers_max] | min }}"

sahara_task_executor: taskflow
sahara_digest_algorithm: sha256
sahara_http_keepalive: True

## Sahara policy
sahara_policy_file: policy.json
sahara_policy_default_rule: default
sahara_policy_dirs: policy.d

## Policy vars
# Provide a list of access controls to update the default policy.json with. These changes will be merged
# with the access controls in the default policy.json. E.g.
#sahara_policy_overrides:
#  "clusters:get_all": ""
#  "clusters:create": ""

sahara_service_in_ldap: False

# Common pip packages
sahara_pip_packages:
  - cryptography
  - keystonemiddleware
  - osprofiler
  - PyMySQL
  - python-memcached
  - python-saharaclient
  - python-keystoneclient
  - sahara
  - warlock
  - uwsgi

sahara_optional_oslomsg_amqp1_pip_packages:
  - oslo.messaging[amqp1]

sahara_engine_init_overrides: {}
sahara_api_init_overrides: {}

## Service Names
sahara_services:
  sahara-api:
    group: sahara_api
    service_name: sahara-api
    init_config_overrides: "{{ sahara_api_init_overrides }}"
    wsgi_overrides: "{{ sahara_api_uwsgi_ini_overrides }}"
    wsgi_app: True
    log_string: "--logto "
    wsgi_name: sahara-wsgi-api
    uwsgi_port: "{{ sahara_api_service_port }}"
    uwsgi_bind_address: "{{ sahara_api_bind_address }}"
    program_override: "{{ sahara_bin }}/uwsgi --ini /etc/uwsgi/sahara-api.ini"
  sahara-engine:
    group: sahara_engine
    service_name: sahara-engine
    init_config_overrides: "{{ sahara_engine_init_overrides }}"

## Sahara uWSGI settings
sahara_wsgi_processes_max: 16
sahara_wsgi_processes: "{{ [[ansible_processor_vcpus|default(1), 1] | max * 2, sahara_wsgi_processes_max] | min }}"
sahara_wsgi_threads: 1
sahara_wsgi_buffer_size: 65535

# This variable is used by the repo_build process to determine
# which host group to check for members of before building the
# pip packages required by this role. The value is picked up
# by the py_pkgs lookup.
sahara_role_project_group: sahara_all

## Tunable overrides
sahara_api_paste_ini_overrides: {}
sahara_conf_overrides: {}
sahara_rootwrap_conf_overrides: {}
sahara_policy_overrides: {}
sahara_api_uwsgi_ini_overrides: {}

Dependencies

This role needs pip >= 7.1 installed on the target host.

To use this role, define the following variables:

sahara_galera_address
sahara_container_mysql_password
sahara_service_password
sahara_rabbitmq_password

Example playbook

- name: Install sahara server
  hosts: sahara_all
  user: root
  roles:
    - { role: "os_sahara", tags: [ "os-sahara" ] }
  vars:
    external_lb_vip_address: 172.16.24.1
    internal_lb_vip_address: 192.168.0.1
    sahara_galera_address: "{{ internal_lb_vip_address }}"
    sahara_container_mysql_password: "SuperSecretePassword1"
    sahara_service_password: "SuperSecretePassword2"
    sahara_rabbitmq_password: "SuperSecretePassword3"
    galera_root_user: root
  vars_prompt:
    - name: "galera_root_password"
      prompt: "What is galera_root_password?"

Tags

This role supports two tags: sahara-install and sahara-config. The sahara-install tag can be used to install and upgrade. The sahara-config tag can be used to manage configuration.

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.