sudo: True
roles:
- monitor
+
+- hosts: all
+ remote_user: root
+ sudo: True
+ roles:
+ - secgroup
--- /dev/null
+---
+- name: restart controller relation service
+ service: name={{ item }} state=restarted enabled=yes
+ ignore_errors: True
+ with_items: controller_services
+
+- name: restart compute relation service
+ service: name={{ item }} state=restarted enabled=yes
+ ignore_errors: True
+ with_items: compute_services
--- /dev/null
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+ tags: secgroup
+
+- debug: msg={{ enable_secgroup }}
+ tags: secgroup
+
+- include: secgroup.yml
+ when: '{{ enable_secgroup }} == False'
+ tags: secgroup
--- /dev/null
+---
+- name: make sure template dir exits
+ file: path=/opt/os_templates state=directory mode=0755
+ tags: secgroup
+
+- name: copy configs
+ template: src={{ item.src}} dest=/opt/os_templates
+ with_items: "{{ configs_templates }}"
+ tags: secgroup
+
+- name: update controller configs
+ shell: '[ -f {{ item.1 }} ] && crudini --merge {{ item.1 }} < /opt/os_templates/{{ item.0.src }} || /bin/true'
+ tags: secgroup
+ with_subelements:
+ - configs_templates
+ - dest
+ notify: restart controller relation service
+ when: inventory_hostname in "{{ groups['controller'] }}"
+
+- name: update compute configs
+ shell: '[ -f {{ item.1 }} ] && crudini --merge {{ item.1 }} < /opt/os_templates/{{ item.0.src }} || /bin/true'
+ tags: secgroup
+ with_subelements:
+ - configs_templates
+ - dest
+ notify: restart compute relation service
+ when: inventory_hostname in "{{ groups['compute'] }}"
--- /dev/null
+[securitygroup]
+firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
+enable_security_group = False
+
--- /dev/null
+[DEFAULT]
+firewall_driver = nova.virt.firewall.NoopFirewallDriver
+security_group_api = nova
--- /dev/null
+---
+configs_templates:
+ - src: nova.j2
+ dest:
+ - /etc/nova/nova.conf
+ - src: neutron.j2
+ dest:
+ - /etc/neutron/plugins/ml2/ml2_conf.ini
+ - /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
+ - /etc/neutron/plugins/ml2/restproxy.ini
+
+controller_services:
+ - nova-api
+ - nova-cert
+ - nova-conductor
+ - nova-consoleauth
+ - nova-novncproxy
+ - nova-scheduler
+ - neutron-server
+ - neutron-plugin-openvswitch-agent
+ - neutron-l3-agent
+ - neutron-dhcp-agent
+ - neutron-metadata-agent
+
+compute_services:
+ - nova-compute
+ - neutron-plugin-openvswitch-agent
--- /dev/null
+---
+configs_templates:
+ - src: nova.j2
+ dest:
+ - /etc/nova/nova.conf
+ - src: neutron.j2
+ dest:
+ - /etc/neutron/plugins/ml2/ml2_conf.ini
+ - /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
+ - /etc/neutron/plugins/ml2/restproxy.ini
+
+controller_services:
+ - openstack-nova-api
+ - openstack-nova-cert
+ - openstack-nova-conductor
+ - openstack-nova-consoleauth
+ - openstack-nova-novncproxy
+ - openstack-nova-scheduler
+ - neutron-openvswitch-agent
+ - neutron-l3-agent
+ - neutron-dhcp-agent
+ - neutron-metadata-agent
+ - neutron-server
+
+compute_services:
+ - openstack-nova-compute
+ - neutron-openvswitch-agent
--- /dev/null
+---
+packages_noarch: []
+metering_secret: 1c5df72079b31fb47747
cfg.StrOpt('cluster_vip',
help='cluster ip address',
default=''),
+ cfg.StrOpt('enable_secgroup',
+ help='enable security group',
+ default='true'),
cfg.StrOpt('network_cfg',
help='netowrk config file',
default=''),
)
"""
package_config['ha_proxy'] = {}
-
- #TODO, we need two vip
- if CONF.cluster_pub_vip:
- package_config["ha_proxy"]["pub_vip"] = CONF.cluster_pub_vip
-
- if CONF.cluster_prv_vip:
- package_config["ha_proxy"]["prv_vip"] = CONF.cluster_prv_vip
-
if CONF.cluster_vip:
package_config["ha_proxy"]["vip"] = CONF.cluster_vip
+ package_config['enable_secgroup'] = (CONF.enable_secgroup == "true")
+
status, resp = self.client.update_cluster_config(
cluster_id, package_config=package_config)
LOG.info(
export MANAGEMENT_IP_START=${MANAGEMENT_IP_START:-'10.1.0.50'}
export MANAGEMENT_INTERFACE=${MANAGEMENT_INTERFACE:-eth0}
export DASHBOARD_URL=""
+export ENABLE_SECGROUP="false"
function next_ip {
ip_addr=$1
--host_roles="${HOST_ROLES}" --default_roles="${DEFAULT_ROLES}" --switch_ips="${SWITCH_IPS}" \
--machines=${machines//\'} --switch_credential="${SWITCH_CREDENTIAL}" --deploy_type="${TYPE}" \
--deployment_timeout="${DEPLOYMENT_TIMEOUT}" --${POLL_SWITCHES_FLAG} --dashboard_url="${DASHBOARD_URL}" \
- --cluster_vip="${VIP}" --network_cfg="$NETWORK" --neutron_cfg="$NEUTRON"
+ --cluster_vip="${VIP}" --network_cfg="$NETWORK" --neutron_cfg="$NEUTRON" \
+ --enable_secgroup="${ENABLE_SECGROUP}"
}
Code Review / compass4nfv.git / commitdiff