OpenStack-Ansible Trove

OpenStack-Ansible Trove

This Ansible role installs Trove.

To clone or view the source code for this repository, visit the role repository for os_trove.

Default variables

#
# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
# (c) 2016 Paul Stevens <paul.stevens@is.co.za>

trove_package_state: "latest"
trove_pip_package_state: "latest"

debug: false
trove_system_group_name: trove
trove_system_user_name: trove
trove_system_user_comment: Trove System User
trove_system_user_shell: /bin/false
trove_system_user_home: "/var/lib/{{ trove_system_user_name }}"
trove_log_directory: /var/log/trove
trove_etc_directory: /etc/trove

trove_api_program_name: trove-api
trove_conductor_program_name: trove-conductor
trove_taskmanager_program_name: trove-taskmanager

trove_regular_user_name: regular_trove_user
trove_admin_user_name: admin_trove_user

trove_service_name: trove
trove_service_user_name: "{{ trove_admin_user_name }}"
trove_service_tenant_name: trove_for_trove_usage
trove_service_type: database
trove_service_description: "OpenStack DBaaS (Trove)"
trove_service_project_name: "{{ trove_service_tenant_name }}"
trove_service_admin_role_names:
  - admin
trove_service_region: RegionOne
trove_service_host: "0.0.0.0"
trove_service_port: 8779
trove_service_proto: http
trove_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(trove_service_proto) }}"
trove_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(trove_service_proto) }}"
trove_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(trove_service_proto) }}"
trove_service_publicurl: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ trove_service_port }}/v1.0/%(tenant_id)s"
trove_service_internalurl: "{{ trove_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ trove_service_port }}/v1.0/%(tenant_id)s"
trove_service_adminurl: "{{ trove_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ trove_service_port }}/v1.0/%(tenant_id)s"
trove_auth_url: "{{ keystone_service_internalurl }}"
trove_nova_compute_url: "{{ trove_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ nova_service_port }}/v2.1"
trove_cinder_url: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ cinder_service_port }}/v1"
trove_swift_url: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ swift_proxy_port }}/v1/AUTH_"
trove_neutron_url: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ neutron_service_port }}/"
trove_profiler_enabled: false

## Cap the maximum number of threads / workers when a user value is unspecified.
trove_api_workers_max: 16
trove_api_workers: "{{ [[ansible_processor_vcpus|default(2) // 2, 1] | max, trove_api_workers_max] | min }}"

## Cap the maximum number of threads / workers when a user value is unspecified.
trove_conductor_workers_max: 16
trove_conductor_workers: "{{ [[ansible_processor_vcpus|default(2) // 2, 1] | max, trove_conductor_workers_max] | min }}"

# Name of the virtual env to deploy into
trove_venv_tag: untagged
trove_bin: "/openstack/venvs/trove-{{ trove_venv_tag }}/bin"

# venv_download, even when true, will use the fallback method of building the
# venv from scratch if the venv download fails.
trove_venv_download: "{{ not trove_developer_mode | bool }}"
trove_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/trove.tgz

trove_git_repo: "https://git.openstack.org/openstack/trove"
trove_git_install_branch: stable/ocata

trove_developer_mode: false
trove_developer_constraints:
  - "git+{{ trove_git_repo }}@{{ trove_git_install_branch }}#egg=trove"

#: Set this to false to disable API service through Apache + mod_wsgi
trove_use_mod_wsgi: false

## Apache setup
trove_apache_log_level: info
trove_apache_servertokens: "Prod"
trove_apache_serversignature: "Off"
trove_wsgi_threads: 1
## Cap the maximum number of processes when a user value is unspecified.
trove_wsgi_processes_max: 32
trove_wsgi_processes: "{{ [[ansible_processor_vcpus|default(1), 1] | max * 2, trove_wsgi_processes_max] | min }}"

# set trove_ssl to true to enable SSL configuration on the trove containers
trove_ssl: false
trove_ssl_cert: /etc/ssl/certs/trove.pem
trove_ssl_key: /etc/ssl/private/trove.key
trove_ssl_ca_cert: /etc/ssl/certs/trove-ca.pem
trove_ssl_protocol: "{{ ssl_protocol | default('ALL -SSLv2 -SSLv3') }}"
trove_ssl_cipher_suite: "{{ ssl_cipher_suite | default('ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS') }}"

# if using a self-signed certificate, set this to true to regenerate it
trove_ssl_self_signed_regen: false
trove_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ internal_lb_vip_address }}/subjectAltName=IP.1={{ external_lb_vip_address }}"

# Database vars
trove_galera_database_name: trove
trove_galera_user: trove
trove_galera_address: "{{ internal_lb_vip_address }}"
trove_db_sync_options:
trove_galera_connection_string: "mysql+pymysql://{{ trove_galera_user}}:{{ trove_galera_password }}@{{ trove_galera_address }}/{{ trove_galera_database_name }}?charset=utf8"

# Rabbit vars
trove_rpc_backend: rabbit
trove_control_exchange: trove
trove_rabbit_notification_topic: notification
trove_rabbitmq_userid: trove
trove_rabbitmq_vhost: /trove
trove_rabbitmq_use_ssl: False
trove_rabbitmq_port: 5672
trove_rabbitmq_servers: "{{ rabbitmq_servers }}"

# RPC encryption keys
# See the Trove documentation as to the significance of the rpc encryption keys
# Trove supplies default values but we enforce they not be left to their default values
trove_enable_secure_rpc_messaging: "True"
trove_required_secrets:
  - trove_galera_password
  - trove_rabbitmq_password
  - trove_service_password
  - trove_admin_user_password
  - trove_regular_user_password
  - trove_taskmanager_rpc_encr_key
  - trove_inst_rpc_key_encr_key

# Keystone AuthToken/Middleware
trove_keystone_auth_plugin: password
trove_service_project_domain_name: Default
trove_service_user_domain_name: default
trove_service_project_domain_id: default
trove_service_user_domain_id: default

trove_conductor_service_name: "{{ trove_conductor_program_name }}"
trove_taskmanager_service_name: "{{ trove_taskmanager_program_name }}"

#Glance images
trove_glance_images: []

trove_requires_pip_packages:
  - httplib2
  - python-glanceclient
  - python-keystoneclient
  - virtualenv
  - virtualenv-tools

trove_pip_packages:
  - MySQL-python
  - PyMySQL
  - pexpect
  - pycrypto
  - trove
  - python-troveclient
  - python-memcached

# This variable is used by the repo_build process to determine
# which host group to check for members of before building the
# pip packages required by this role. The value is picked up
# by the py_pkgs lookup.
trove_role_project_group: trove_all

## Tunable overrides
trove_config_overrides: {}
trove_api_paste_ini_overrides: {}
trove_conductor_config_overrides: {}
trove_taskmanager_config_overrides: {}
trove_guestagent_config_overrides: {}
trove_policy_overrides: {}

trove_api_init_config_overrides: {}
trove_conductor_init_config_overrides: {}
trove_taskmanager_init_config_overrides: {}

Required variables

This list is not exhaustive at present. See role internals for further details.

# Service and user passwords
trove_galera_password:
trove_rabbitmq_password:
trove_service_password:
trove_admin_user_password:
trove_regular_user_password:

# Trove RPC encryption keys.
trove_taskmanager_rpc_encr_key:
trove_inst_rpc_key_encr_key:

Dependencies

None.

Example playbook

- name: Install trove
   hosts: all
   user: root
   roles:
     - role: "openstack-ansible-os_trove"
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.