Aodh role for OpenStack-Ansible

Aodh role for OpenStack-Ansible

To clone or view the source code for this repository, visit the role repository for os_aodh.

Default variables

## Verbosity Options
debug: False

# Set the host which will execute the shade modules
# for the service setup. The host must already have
# clouds.yaml properly configured.
aodh_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
aodh_service_setup_host_python_interpreter: "{{ openstack_service_setup_host_python_interpreter | default((aodh_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable'])) }}"

# Set the package install state for distribution and pip packages
# Options are 'present' and 'latest'
aodh_package_state: "latest"
aodh_pip_package_state: "latest"

# Set installation method.
aodh_install_method: "source"

## Toggle developer mode
aodh_developer_mode: false

## The git source/branch
aodh_git_repo: https://git.openstack.org/openstack/aodh
aodh_git_install_branch: 'stable/rocky'

## The packages to build from source (used in developer mode)
aodh_developer_constraints:
  - "git+{{ aodh_git_repo }}@{{ aodh_git_install_branch }}#egg=aodh"

# Name of the virtual env to deploy into
aodh_venv_tag: untagged
aodh_bin: "{{ _aodh_bin }}"

# venv_download, even when true, will use the fallback method of building the
# venv from scratch if the venv download fails.
aodh_venv_download: "{{ not aodh_developer_mode | bool }}"
# URL of the pre-built virtualenv
aodh_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/aodh.tgz

## System info
aodh_system_user_name: aodh
aodh_system_group_name: aodh
aodh_system_shell: /bin/false
aodh_system_comment: aodh system user
aodh_system_user_home: "/var/lib/{{ aodh_system_user_name }}"

## Database info
aodh_db_setup_host: "{{ ('galera_all' in groups) | ternary(groups['galera_all'][0], 'localhost') }}"
aodh_db_address: "{{ galera_address | default('127.0.0.1') }}"
aodh_database_name: aodh
aodh_database_user: aodh
aodh_db_type: "mysql+pymysql"
aodh_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
aodh_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}"
aodh_connection_string: "{{ aodh_db_type }}://{{ aodh_database_user }}:{{ aodh_container_db_password }}@{{ aodh_db_address }}/{{ aodh_database_name }}?charset=utf8{% if aodh_galera_use_ssl | bool %}&ssl_ca={{ aodh_galera_ssl_ca_cert }}{% endif %}"

# Oslo Messaging
# RPC
aodh_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group | default('rabbitmq_all') }}"
aodh_oslomsg_rpc_setup_host: "{{ (aodh_oslomsg_rpc_host_group in groups) | ternary(groups[aodh_oslomsg_rpc_host_group][0], 'localhost') }}"
aodh_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport | default('rabbit') }}"
aodh_oslomsg_rpc_servers: "{{ oslomsg_rpc_servers | default('127.0.0.1') }}"
aodh_oslomsg_rpc_port: "{{ oslomsg_rpc_port | default('5672') }}"
aodh_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl | default(False) }}"
aodh_oslomsg_rpc_userid: aodh
aodh_oslomsg_rpc_vhost: /aodh

# Notify
aodh_oslomsg_notify_host_group: "{{ oslomsg_notify_host_group | default('rabbitmq_all') }}"
aodh_oslomsg_notify_setup_host: "{{ (aodh_oslomsg_notify_host_group in groups) | ternary(groups[aodh_oslomsg_notify_host_group][0], 'localhost') }}"
aodh_oslomsg_notify_transport: "{{ oslomsg_notify_transport | default('rabbit') }}"
aodh_oslomsg_notify_servers: "{{ oslomsg_notify_servers | default('127.0.0.1') }}"
aodh_oslomsg_notify_port: "{{ oslomsg_notify_port | default('5672') }}"
aodh_oslomsg_notify_use_ssl: "{{ oslomsg_notify_use_ssl | default(False) }}"
aodh_oslomsg_notify_userid: "{{ aodh_oslomsg_rpc_userid }}"
aodh_oslomsg_notify_password: "{{ aodh_oslomsg_rpc_password }}"
aodh_oslomsg_notify_vhost: "{{ aodh_oslomsg_rpc_vhost }}"

## (Qdrouterd) info
# TODO(ansmith): Change structure when more backends will be supported
aodh_oslomsg_amqp1_enabled: "{{ aodh_oslomsg_rpc_transport == 'amqp' }}"

## Apache setup
aodh_apache_log_level: info
aodh_apache_servertokens: "Prod"
aodh_apache_serversignature: "Off"
aodh_wsgi_threads: 10
aodh_wsgi_processes_max: 16
aodh_wsgi_processes: "{{ [[ansible_processor_vcpus|default(1), 1] | max * 2, aodh_wsgi_processes_max] | min }}"

#Aodh services info
aodh_role_name: admin

## Service Type and Data
aodh_service_region: RegionOne
aodh_service_endpoint_type: internalURL
aodh_service_name: aodh
aodh_service_port: 8042
aodh_service_proto: http
aodh_service_type: alarming
aodh_service_description: "Telemetry"
aodh_service_project_domain_id: default
aodh_service_user_domain_id: default
aodh_service_user_name: aodh
aodh_keystone_auth_plugin: "{{ aodh_keystone_auth_type }}"
aodh_keystone_auth_type: password
aodh_service_tenant_name: service
aodh_service_project_name: service
aodh_service_publicuri: "{{ aodh_service_proto }}://{{ external_lb_vip_address }}:{{ aodh_service_port }}"
aodh_service_publicurl: "{{ aodh_service_publicuri }}"
aodh_service_internaluri: "{{ aodh_service_proto }}://{{ internal_lb_vip_address }}:{{ aodh_service_port }}"
aodh_service_internalurl: "{{ aodh_service_internaluri }}"
aodh_service_adminuri: "{{ aodh_service_proto }}://{{ internal_lb_vip_address }}:{{ aodh_service_port }}"
aodh_service_adminurl: "{{ aodh_service_adminuri }}"

aodh_service_in_ldap: false

# Common pip packages
aodh_pip_packages:
  # The following constraints are taken from the setup.cfg
  # file in the aodh project. This is due to the fact that the repo-build
  # role does not respect constraints specified in setup.cfg files.
  # https://github.com/openstack/aodh/blob/master/setup.cfg#L35-L38
  - alembic>=0.7.2
  - aodh
  - ceilometermiddleware
  - cryptography
  - gnocchiclient
  - osprofiler
  - PyMySQL>=0.6.2
  - python-ceilometerclient
  - python-memcached
  - sqlalchemy>=0.9.7
  - sqlalchemy-utils
  - systemd-python
  - warlock

aodh_optional_oslomsg_amqp1_pip_packages:
  - oslo.messaging[amqp1]

aodh_alarm_notifier_init_overrides: {}
aodh_alarm_evaluator_init_overrides: {}
aodh_listener_init_overrides: {}

## Service Name-Group Mapping
aodh_services:
  aodh-notifier:
    group: aodh_alarm_notifier
    service_name: aodh-notifier
    execstarts: "{{ aodh_bin }}/aodh-notifier"
    init_config_overrides: "{{ aodh_alarm_notifier_init_overrides }}"
  aodh-evaluator:
    group: aodh_alarm_evaluator
    service_name: aodh-evaluator
    execstarts: "{{ aodh_bin }}/aodh-evaluator"
    init_config_overrides: "{{ aodh_alarm_evaluator_init_overrides }}"
  aodh-listener:
    group: aodh_listener
    service_name: aodh-listener
    execstarts: "{{ aodh_bin }}/aodh-listener"
    init_config_overrides: "{{ aodh_listener_init_overrides }}"

aodh_required_secrets:
  - memcached_encryption_key
  - aodh_container_db_password
  - aodh_oslomsg_rpc_password
  - aodh_oslomsg_notify_password
  - aodh_service_password

install_test_packages: False

# This variable is used by the repo_build process to determine
# which host group to check for members of before building the
# pip packages required by this role. The value is picked up
# by the py_pkgs lookup.
aodh_role_project_group: aodh_all

## Tunable overrides
aodh_policy_overrides: {}
aodh_aodh_conf_overrides: {}
aodh_api_paste_ini_overrides: {}

Example playbook

- name: Install aodh services
  hosts: aodh_all
  user: root
  roles:
    - role: "os_aodh"
  vars:
    # Needed for aodh to talk to MongoDB
    aodh_container_db_password: "secrete"
    # Password used for Keystone aodh service user
    aodh_service_password: "secrete"
    # Needed for aodh to talk to memcached
    memcached_servers: 127.0.0.1
    memcached_encryption_key: "some_key"
    # Needed for aodh to locate and connect to Oslo.Messaging
    aodh_oslomsg_rpc_password: "secrete"
    # Needed to setup the aodh service in Keystone
    keystone_admin_user_name: admin
    keystone_admin_tenant_name: admin
    keystone_auth_admin_password: "SuperSecretePassword"
    keystone_service_adminuri_insecure: false
    keystone_service_internaluri_insecure: false
    keystone_service_internaluri: "http://1.2.3.4:5000"
    keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3"
    keystone_service_adminuri: "http://5.6.7.8:5000"
    keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3"
    galera_root_user: root
  vars_prompt:
    - name: "galera_root_password"
      prompt: "What is galera_root_password?"

Dependencies

This role needs pip >= 7.1 installed on the target host.

To use this role, define the following variables:

# Needed for aodh to talk to MongoDB
aodh_container_db_password: "secrete"
# Password used for Keystone aodh service user
aodh_service_password: "secrete"
# Needed for aodh to talk to memcached
memcached_servers: 127.0.0.1
memcached_encryption_key: "some_key"
# Needed for aodh to locate and connect to Oslo.Messaging
aodh_oslomsg_rpc_transport: rabbit
aodh_oslomsg_rpc_password: "secrete"
aodh_oslomsg_rpc_servers: "10.100.100.2"
aodh_oslomsg_rpc_use_ssl: true
aodh_oslomsg_rpc_port: 5671
aodh_oslomsg_notify_transport: rabbit
aodh_oslomsg_notify_password: "secrete"
aodh_oslomsg_notify_servers: "10.100.100.2"
aodh_oslomsg_notify_use_ssl: true
aodh_oslomsg_notify_port: 5671
# Needed to setup the aodh service in Keystone
keystone_admin_user_name: admin
keystone_admin_tenant_name: admin
keystone_auth_admin_password: "SuperSecretePassword"
keystone_service_adminuri_insecure: false
keystone_service_internaluri_insecure: false
keystone_service_internaluri: "http://1.2.3.4:5000"
keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3"
keystone_service_adminuri: "http://5.6.7.8:5000"
keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3"

Tags

This role supports two tags: aodh-install and aodh-config. The aodh-install tag can be used to install and upgrade. The aodh-config tag can be used to maintain the configuration of the service.

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.