OpenStack-Ansible Magnum

OpenStack-Ansible Magnum

Ansible role that installs and configures OpenStack Magnum. Magnum is installed behind the Apache webserver listening on port 9511 by default.

To clone or view the source code for this repository, visit the role repository for os_magnum.

Default variables

## Verbosity Options
debug: False

# Set the host which will execute the shade modules
# for the service setup. The host must already have
# clouds.yaml properly configured.
magnum_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
magnum_service_setup_host_python_interpreter: "{{ openstack_service_setup_host_python_interpreter | default((magnum_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable'])) }}"

# Set the package install state for distribution and pip packages
# Options are 'present' and 'latest'
magnum_package_state: "latest"
magnum_pip_package_state: "latest"

magnum_system_group_name: magnum
magnum_system_user_name: magnum
magnum_system_user_comment: Magnum System User
magnum_system_user_shell: /bin/false
magnum_system_user_home: "/var/lib/{{ magnum_system_user_name }}"
magnum_log_directory: /var/log/magnum
magnum_etc_directory: /etc/magnum

magnum_service_name: magnum
magnum_service_user_name: magnum
magnum_service_type: container-infra
magnum_service_description: "OpenStack Containers (Magnum)"
magnum_service_project_name: service
magnum_service_role_names:
  - admin
magnum_service_region: RegionOne
magnum_barbican_service_region: "{{ magnum_service_region }}"
magnum_cinder_service_region: "{{ magnum_service_region }}"
magnum_glance_service_region: "{{ magnum_service_region }}"
magnum_heat_service_region: "{{ magnum_service_region }}"
magnum_neutron_service_region: "{{ magnum_service_region }}"
magnum_nova_service_region: "{{ magnum_service_region }}"
magnum_bind_port: 9511
magnum_service_publicuri_proto: http
magnum_service_publicurl: "{{ magnum_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ magnum_bind_port }}"
magnum_service_internaluri_proto: http
magnum_service_internalurl: "{{ magnum_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ magnum_bind_port }}"
magnum_service_adminuri_proto: http
magnum_service_adminurl: "{{ magnum_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ magnum_bind_port }}"

magnum_config_overrides: {}
magnum_policy_overrides: {}
magnum_api_paste_ini_overrides: {}

# Name of the virtual env to deploy into
magnum_venv_tag: untagged
magnum_venv_path: "/openstack/venvs/magnum-{{ magnum_venv_tag }}"
magnum_bin: "{{ magnum_venv_path }}/bin"

# venv_download, even when true, will use the fallback method of building the
# venv from scratch if the venv download fails.
magnum_venv_download: "{{ not magnum_developer_mode | bool }}"
magnum_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/magnum.tgz

magnum_git_repo: "https://git.openstack.org/openstack/magnum"
magnum_git_install_branch: 'stable/rocky'
magnum_developer_mode: false
magnum_developer_constraints:
  - "git+{{ magnum_git_repo }}@{{ magnum_git_install_branch }}#egg=magnum"

# Database vars
magnum_db_setup_host: "{{ ('galera_all' in groups) | ternary(groups['galera_all'][0], 'localhost') }}"
magnum_galera_address: "{{ galera_address | default('127.0.0.1') }}"
magnum_galera_database_name: magnum_service
magnum_galera_user: magnum
magnum_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
magnum_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}"

# Oslo Messaging vars
# RPC
magnum_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group | default('rabbitmq_all') }}"
magnum_oslomsg_rpc_setup_host: "{{ (magnum_oslomsg_rpc_host_group in groups) | ternary(groups[magnum_oslomsg_rpc_host_group][0], 'localhost') }}"
magnum_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport | default('rabbit') }}"
magnum_oslomsg_rpc_servers: "{{ oslomsg_rpc_servers | default('127.0.0.1') }}"
magnum_oslomsg_rpc_port: "{{ oslomsg_rpc_port | default('5672') }}"
magnum_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl | default(False) }}"
magnum_oslomsg_rpc_userid: magnum
magnum_oslomsg_rpc_vhost: /magnum

# Notify
magnum_oslomsg_notify_host_group: "{{ oslomsg_notify_host_group | default('rabbitmq_all') }}"
magnum_oslomsg_notify_setup_host: "{{ (magnum_oslomsg_notify_host_group in groups) | ternary(groups[magnum_oslomsg_notify_host_group][0], 'localhost') }}"
magnum_oslomsg_notify_transport: "{{ oslomsg_notify_transport | default('rabbit') }}"
magnum_oslomsg_notify_servers: "{{ oslomsg_notify_servers | default('127.0.0.1') }}"
magnum_oslomsg_notify_port: "{{ oslomsg_notify_port | default('5672') }}"
magnum_oslomsg_notify_use_ssl: "{{ oslomsg_notify_use_ssl | default(False) }}"
magnum_oslomsg_notify_userid: "{{ magnum_oslomsg_rpc_userid }}"
magnum_oslomsg_notify_password: "{{ magnum_oslomsg_rpc_password }}"
magnum_oslomsg_notify_vhost: "{{ magnum_oslomsg_rpc_vhost }}"

## (Qdrouterd) integration
# TODO(ansmith): Change structure when more backends will be supported
magnum_oslomsg_amqp1_enabled: "{{ magnum_oslomsg_rpc_transport == 'amqp' }}"

# Keystone AuthToken/Middleware
magnum_keystone_auth_plugin: password
magnum_service_project_domain_name: Default
magnum_service_user_domain_name: default

# Trustee User
magnum_trustee_domain_admin_name: trustee_domain_admin
magnum_trustee_domain_name: magnum
magnum_trustee_domain_admin_roles: ['admin']
magnum_cluster_user_trust: True

#Glance images
magnum_glance_images: []
## Example Glance Image - Fedora Atomic
#  - name: fedora-atomic-latest         #Name of the image in Glance
#    disk_format: qcow2                 #Disk format (e.g. qcow2)
#    image_format: bare                 #Image format
#    public: true                       #Boolean - is the image public
#    file: https://download.fedoraproject.org/pub/alt/atomic/stable/Fedora-Atomic-27-20180419.0/CloudImages/x86_64/images/Fedora-Atomic-27-20180419.0.x86_64.qcow2
#    distro: fedora-atomic              #Value for the os_distro metadata
#    checksum: "sha1:8559997cc932357c6ec353e82e583e2486fd7e05"

# Set the directory where the downloaded images will be stored
# on the magnum_service_setup_host host. If the host is localhost,
# then the user running the playbook must have access to it.
magnum_image_path: "{{ lookup('env', 'HOME') }}/openstack-ansible/magnum"
magnum_image_path_owner: "{{ lookup('env', 'USER') }}"

magnum_pip_packages:
  - magnum
  - osprofiler
  - PyMySQL
  - python-memcached
  - uwsgi

magnum_optional_oslomsg_amqp1_pip_packages:
  - oslo.messaging[amqp1]

# This variable is used by the repo_build process to determine
# which host group to check for members of before building the
# pip packages required by this role. The value is picked up
# by the py_pkgs lookup.
magnum_role_project_group: magnum_all

# Store certificates in DB by default (x509keypair)
# Other valid values are: barbican, local
magnum_cert_manager_type: x509keypair

magnum_api_init_config_overrides: {}
magnum_conductor_init_config_overrides: {}

magnum_services:
  magnum-conductor:
    group: magnum_all
    service_name: magnum-conductor
    execstarts: "{{ magnum_bin }}/magnum-conductor"
    init_config_overrides: "{{ magnum_conductor_init_config_overrides }}"
    start_order: 1
  magnum-api:
    group: magnum_all
    service_name: magnum-api
    init_config_overrides: "{{ magnum_api_init_config_overrides }}"
    start_order: 2
    wsgi_overrides: "{{ magnum_api_uwsgi_ini_overrides }}"
    wsgi_app: True
    wsgi_name: lib/python2.7/site-packages/magnum/api/app.wsgi
    uwsgi_port: "{{ magnum_bind_port }}"
    uwsgi_bind_address: "{{ magnum_api_uwsgi_bind_address }}"
    execstarts: "{{ magnum_bin }}/uwsgi --ini /etc/uwsgi/magnum-api.ini"
    execreloads: "{{ magnum_bin }}/uwsgi --reload /var/run/magnum-api/magnum-api.pid"

# uWSGI Settings
magnum_api_uwsgi_ini_overrides: {}
magnum_wsgi_processes_max: 16
magnum_wsgi_processes: "{{ [[ansible_processor_vcpus|default(1), 1] | max * 2, magnum_wsgi_processes_max] | min }}"
magnum_wsgi_threads: 1
magnum_wsgi_buffer_size: 65535
magnum_api_uwsgi_bind_address: 0.0.0.0

Dependencies

This role needs pip >= 7.1 installed on the target host.

To use this role, define the following variables:

# Magnum TCP listening port
magnum_service_port: 9511

# Magnum service protocol http or https
magnum_service_proto: http

# Magnum Galera address of internal load balancer
magnum_galera_address: "{{ internal_lb_vip_address }}"

# Magnum Galera database name
magnum_galera_database_name: magnum_service

# Magnum Galera username
magnum_galera_user: magnum

# Magnum rpc userid
magnum_oslomsg_rpc_userid: magnum

# Magnum rpc vhost
magnum_oslomsg_rpc_vhost: /magnum

# Magnum notify userid
magnum_oslomsg_notify_userid: magnum

# Magnum notify vhost
magnum_oslomsg_notify_vhost: /magnum

This list is not exhaustive. See role internals for further details.

Wiring docker with cinder

If you need to use volumes, default_docker_volume_type should be set. By default, Magnum doesn’t need one.

To deploy Magnum with cinder integration, please set the following in your /etc/openstack_deploy/user_variables.yml:

magnum_config_overrides:
  cinder:
    default_docker_volume_type: lvm

If you have defined cinder_default_volume_type for all your nodes, by defining it in your user_variables, you can re-use it directly:

magnum_config_overrides:
  cinder:
    default_docker_volume_type: "{{ cinder_default_volume_type }}"

Example playbook

- name: Install Magnum server
  hosts: magnum_all
  user: root
  roles:
    - { role: "os_magnum", tags: [ "os-magnum" ] }
  vars:
    magnum_galera_address: "{{ internal_lb_vip_address }}"
    magnum_galera_password: secrete
    magnum_service_password: secrete
    magnum_oslomsg_rpc_password: secrete
    magnum_trustee_password: secrete

Tags

This role supports two tags: magnum-install and magnum-config. The magnum-install tag can be used to install and upgrade. The magnum-config tag can be used to maintain configuration of the service.

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.