OpenStack-Ansible Freezer role¶
This role installs Freezer API as well as Freezer Scheduler/Agent to remote hosts.
To clone or view the source code for this repository, visit the role repository for os_freezer.
Default variables¶
## Verbosity Options
debug: false
# Set the package install state for distribution packages
# Options are 'present' and 'latest'
freezer_package_state: "{{ package_state | default('latest') }}"
freezer_etc_dir: /etc/freezer
freezer_scheduler_jobs_dir: /etc/freezer/scheduler/conf.d
freezer_service_user_name: freezer
freezer_system_group_name: freezer
freezer_system_user_name: freezer
freezer_system_comment: freezer system user
freezer_system_shell: /bin/false
freezer_system_home_folder: "/var/lib/{{ freezer_system_user_name }}"
freezer_venv_tag: "{{ venv_tag | default('untagged') }}"
freezer_bin: "/openstack/venvs/freezer-{{ freezer_venv_tag }}/bin"
freezer_api_git_repo: https://opendev.org/openstack/freezer-api
freezer_api_git_install_branch: master
freezer_scheduler_git_repo: https://opendev.org/openstack/freezer
freezer_scheduler_git_install_branch: master
freezer_upper_constraints_url: >-
{{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }}
freezer_git_constraints:
- "--constraint {{ freezer_upper_constraints_url }}"
freezer_pip_install_args: "{{ pip_install_options | default('') }}"
freezer_venv_python_executable: "{{ openstack_venv_python_executable | default('python3') }}"
freezer_api_pip_packages:
- "freezer-api@git+{{ freezer_api_git_repo }}@{{ freezer_api_git_install_branch }}"
- cryptography
- PyMySQL
- python-memcached
- systemd-python
- sqlalchemy
freezer_scheduler_pip_packages:
- "freezer@git+{{ freezer_scheduler_git_repo }}@{{ freezer_scheduler_git_install_branch }}"
- cryptography
- systemd-python
freezer_api_core_files: "{{ _freezer_api_core_files }}"
# DB settings
freezer_galera_address: "{{ galera_address | default('127.0.0.1') }}"
freezer_galera_database: freezer
freezer_galera_user: freezer
freezer_galera_use_ssl: "{{ galera_use_ssl | default(false) }}"
freezer_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}"
freezer_galera_port: "{{ galera_port | default('3306') }}"
freezer_galera_setup_host: "{{ openstack_db_setup_host | default('localhost') }}"
freezer_galera_setup_python_interpreter: >-
{{
openstack_db_setup_python_interpreter | default(
(freezer_galera_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable']))
}}
freezer_memcached_servers: "{{ memcached_servers }}"
## Service Type and Data
freezer_role_name: admin
freezer_service_region: "{{ service_region | default('RegionOne') }}"
freezer_service_name: freezer
freezer_service_type: backup
freezer_service_description: "Freezer Backup Service"
freezer_service_user_domain_name: Default
freezer_service_project_domain_name: Default
freezer_api_bind_address: "{{ openstack_service_bind_address | default('0.0.0.0') }}"
freezer_api_service_port: 9090
freezer_service_project_name: service
freezer_service_in_ldap: "{{ service_ldap_backend_enabled | default(false) }}"
freezer_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
freezer_service_setup_host_python_interpreter: >-
{{
openstack_service_setup_host_python_interpreter | default(
(freezer_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable']))
}}
freezer_service_proto: http
freezer_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(freezer_service_proto) }}"
freezer_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(freezer_service_proto) }}"
freezer_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(freezer_service_proto) }}"
freezer_service_publicuri: "{{ freezer_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ freezer_api_service_port }}"
freezer_service_adminuri: "{{ freezer_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ freezer_api_service_port }}"
freezer_service_internaluri: "{{ freezer_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ freezer_api_service_port }}"
freezer_service_endpoint_type: internal
freezer_keystone_auth_plugin: password
# List of roles for which service tokens will be accepted
freezer_service_token_roles:
- service
freezer_service_token_roles_required: "{{ openstack_service_token_roles_required | default(True) }}"
# uWSGI settings
freezer_wsgi_threads: 1
freezer_wsgi_processes_max: 16
freezer_wsgi_processes: >-
{{ [[(ansible_facts['processor_vcpus'] // ansible_facts['processor_threads_per_core']) | default(1), 1] | max * 2, freezer_wsgi_processes_max] | min }}
freezer_use_uwsgi: true
# Config overrides
freezer_api_conf_overrides: {}
freezer_api_policy_overrides: {}
freezer_api_uwsgi_ini_overrides: {}
freezer_api_init_overrides: {}
freezer_paste_ini_overrides: {}
freezer_scheduler_conf_overrides: {}
freezer_scheduler_init_overrides: {}
## Service Name-Group Mapping
freezer_services:
freezer-api:
group: freezer_api
service_name: freezer-api
service_enabled: true
init_config_overrides: "{{ freezer_api_init_overrides }}"
execstarts: "{{ freezer_bin }}/freezer-api"
wsgi_app: "{{ freezer_use_uwsgi }}"
wsgi: freezer_api.wsgi:application
uwsgi_overrides: "{{ freezer_api_uwsgi_ini_overrides }}"
uwsgi_bind_address: "{{ freezer_api_bind_address }}"
uwsgi_port: "{{ freezer_api_service_port }}"
freezer-scheduler:
group: freezer_scheduler
service_name: freezer-scheduler
service_enabled: true
init_config_overrides: "{{ freezer_scheduler_init_overrides }}"
execstarts: "{{ freezer_bin }}/freezer-scheduler --no-daemon --config-file {{ freezer_etc_dir }}/scheduler.conf start"
Example playbook¶
---
# Copyright 2026, Cleura AB.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Gather glance facts
hosts: "freezer_all"
gather_facts: "{{ osa_gather_facts | default(True) }}"
tasks:
- name: Gather additional facts
ansible.builtin.include_role:
name: openstack.osa.gather_extra_facts
when: osa_gather_facts | default(True)
tags:
- always
- name: Configure haproxy services
ansible.builtin.import_playbook: openstack.osa.haproxy_service_config
vars:
service_group: freezer_api
service_variable: "freezer_haproxy_services"
when:
- groups[service_group] | length > 0
- groups['haproxy'] | length > 0
tags:
- haproxy-service-config
- name: Install freezer services
hosts: freezer_all
gather_facts: false
serial: "{{ freezer_api_serial | default(['1','100%']) }}"
user: root
environment: "{{ deployment_environment_variables | default({}) }}"
tags:
- freezer
pre_tasks:
- name: Setup installation variables
ansible.builtin.include_role:
name: openstack.osa.install_defaults
defaults_from: "{{ install_method }}"
public: true
apply:
tags:
- always
tags:
- always
# In order to ensure that any container, software or
# config file changes which causes a container/service
# restart do not cause an unexpected outage, we drain
# the load balancer back end for this container.
- name: Disabling haproxy backends
ansible.builtin.include_role:
name: openstack.osa.haproxy_endpoint_manage
apply:
tags:
- always
vars:
haproxy_backend: freezer_api-back
haproxy_state: disabled
when:
- "'freezer_api' in group_names"
- "groups['freezer_api'] | length > 1"
tags:
- always
- name: Including unbound-clients tasks
ansible.builtin.include_role:
name: openstack.osa.unbound_clients
when:
- hostvars['localhost']['resolvconf_enabled'] | bool
roles:
- role: "os_freezer"
post_tasks:
# Now that container changes are done, we can set
# the load balancer back end for this container
# to available again.
- name: Enabling haproxy backends
ansible.builtin.include_role:
name: openstack.osa.haproxy_endpoint_manage
apply:
tags:
- always
vars:
haproxy_backend: freezer_api-back
haproxy_state: enabled
when:
- "'freezer_api' in group_names"
- "groups['freezer_api'] | length > 1"
tags:
- always
