OpenStack-Ansible 仓库服务器

摘要

一个 Ansible 角色,用于部署用于构建的 Python 包(wheel)、需求和约束的仓库服务器。

要克隆或查看此仓库的源代码,请访问 repo_server 角色仓库。

角色目的

venv_wheel_build_enable : true 时,仓库容器被其他 OpenStack-Ansible 角色和集合用作目标。

在这种情况下,预计每个操作系统族和主要版本,以及部署中的每个 CPU 架构,都将有一个仓库实例。

Web 服务器

为了向客户端(如 pipuv)提供预构建的内容,正在使用 Apache Web 服务器。

我们利用 httpd 角色来设置 Web 服务器,并管理相应的虚拟主机。

使用共享文件系统

当存在多个仓库服务器实例时,它被设计为利用共享文件系统,该文件系统挂载到 /var/www/repo 目录。

该文件系统用于存储构建结果,并确保每个仓库服务器能够为部署中的所有可用变体提供 wheel 文件。

对文件系统性能或可靠性没有要求,因为存储的缓存数据可以在文件系统发生故障时从头开始重建。

默认情况下,openstack.osa.repo playbook 将在所有仓库服务器上直接安装 GlusterFS 作为共享文件系统。 您可以通过设置 openstack_repo_server_enable_glusterfs: false 来禁用此行为。

您还可以通过定义 repo_server_systemd_mounts 变量来使用任何现有的共享文件系统 - 在这种情况下,它将通过 systemd_mount 角色挂载。

默认变量

## Verbosity Options
debug: false

## APT Cache Options
cache_timeout: 600

# Set the package install state for distribution and pip packages
# Options are 'present' and 'latest'
repo_server_package_state: "latest"

repo_server_name: openstack-slushee

repo_service_home_folder: "{{ _repo_service_home_folder }}"
repo_service_user_name: "{{ _repo_service_user_name }}"
repo_service_group_name: "{{ _repo_service_group_name }}"

# Main web server port
repo_server_bind_address: "{{ openstack_service_bind_address | default('0.0.0.0') }}"
repo_server_port: 8181
repo_server_directory_root: /var/www/repo
repo_apache_log_level: info

## Cap the maximum number of threads / workers when a user value is unspecified.

# This directory is used on the deploy host to create u-c files which are then
# copied to the repo server and served by http. Any other files in this
# directory placed by the deployer will also be transferred
repo_upper_constraints_path: "/etc/openstack_deploy/upper-constraints"

# Multiple repo servers must have a shared /var/www/repo
repo_server_systemd_mounts: []

# Example using remote shared filesystem to synchronise the repo contents between
# several repo servers
# repo_server_systemd_mounts:
#   - what: "gluster-server:gluster-volume-name"
#     where: "/var/www/repo"
#     type: glusterfs
#     state: 'started'
#     enabled: true

###
### Backend TLS
###

# Define if communication between haproxy and service backends should be
# encrypted with TLS.
repo_backend_ssl: "{{ openstack_service_backend_ssl | default(False) }}"

# Storage location for SSL certificate authority
repo_pki_dir: "{{ openstack_pki_dir | default('/etc/openstack_deploy/pki') }}"

# Delegated host for operating the certificate authority
repo_pki_setup_host: "{{ openstack_pki_setup_host | default('localhost') }}"

# repo server certificate SAN if user did not provide own certs
repo_pki_san: "{{ openstack_pki_san | default('DNS:' ~ ansible_facts['hostname'] ~ ',IP:' ~ management_address) }}"
repo_pki_regen_cert: ""

repo_ssl_protocol: "{{ ssl_protocol | default('ALL -SSLv2 -SSLv3 -TLSv1 -TLSv1.1') }}"
# TLS v1.2 and below
repo_ssl_cipher_suite_tls12: "{{ ssl_cipher_suite | default('ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES256:ECDH+AES128:!aNULL:!SHA1:!AESCCM') }}"
# TLS v1.3
repo_ssl_cipher_suite_tls13: "{{ ssl_cipher_suite_tls13 | default('TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256') }}"

## Define user-provided SSL certificates. Otherwise self-signed certificates
## will be generated for domains defined in ``repo_pki_san`` variables.
# repo_user_ssl_cert: <path to cert on ansible deployment host>
# repo_user_ssl_key: <path to cert on ansible deployment host>
# repo_user_ssl_ca_cert: <path to cert on ansible deployment host>

必需变量

None。

示例 playbook

---
- name: Setup repo servers
  hosts: repo_all
  user: root
  roles:
    - role: "repo_server"
      tags: "repo-server"