diff options
| -rw-r--r-- | manifests/firewall/pre.pp | 2 | ||||
| -rw-r--r-- | manifests/firewall/rule.pp | 12 | ||||
| -rw-r--r-- | manifests/profile/base/database/schemas.pp | 132 | ||||
| -rw-r--r-- | manifests/profile/base/glance/registry.pp | 10 | ||||
| -rw-r--r-- | manifests/profile/base/keystone.pp | 10 | ||||
| -rw-r--r-- | manifests/profile/pacemaker/database/schemas.pp | 65 | ||||
| -rw-r--r-- | manifests/profile/pacemaker/glance.pp | 26 | ||||
| -rw-r--r-- | manifests/profile/pacemaker/keystone.pp | 24 | ||||
| -rw-r--r-- | metadata.json | 28 | ||||
| -rw-r--r-- | spec/classes/tripleo_firewall_spec.rb | 18 |
10 files changed, 103 insertions, 224 deletions
diff --git a/manifests/firewall/pre.pp b/manifests/firewall/pre.pp index 2d7203a..7af7fbc 100644 --- a/manifests/firewall/pre.pp +++ b/manifests/firewall/pre.pp @@ -50,7 +50,7 @@ class tripleo::firewall::pre( } tripleo::firewall::rule{ '003 accept ssh': - port => '22', + dport => '22', extras => $firewall_settings, } diff --git a/manifests/firewall/rule.pp b/manifests/firewall/rule.pp index ca9c6d0..c63162b 100644 --- a/manifests/firewall/rule.pp +++ b/manifests/firewall/rule.pp @@ -23,6 +23,14 @@ # (optional) The port associated to the rule. # Defaults to undef # +# [*dport*] +# (optional) The destination port associated to the rule. +# Defaults to undef +# +# [*sport*] +# (optional) The source port associated to the rule. +# Defaults to undef +# # [*proto*] # (optional) The protocol associated to the rule. # Defaults to 'tcp' @@ -57,6 +65,8 @@ # define tripleo::firewall::rule ( $port = undef, + $dport = undef, + $sport = undef, $proto = 'tcp', $action = 'accept', $state = ['NEW'], @@ -69,6 +79,8 @@ define tripleo::firewall::rule ( $basic = { 'port' => $port, + 'dport' => $dport, + 'sport' => $sport, 'proto' => $proto, 'action' => $action, 'state' => $state, diff --git a/manifests/profile/base/database/schemas.pp b/manifests/profile/base/database/schemas.pp deleted file mode 100644 index 472a0f4..0000000 --- a/manifests/profile/base/database/schemas.pp +++ /dev/null @@ -1,132 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::database::schemas -# -# OpenStack Database Schema profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current deployment step -# Defaults to hiera('step') -# -# [*ceilometer_backend*] -# (Optional) The backend used by ceilometer, usually either 'mysql' -# or 'mongodb' -# Defaults to hiera('ceilometer_backend') -# -# [*enable_aodh*] -# (Optional) Whether to create schemas for Aodh -# Defaults to true -# -# [*enable_ceilometer*] -# (Optional) Whether to create schemas for Ceilometer -# Defaults to true -# -# [*enable_cinder*] -# (Optional) Whether to create schemas for Cinder -# Defaults to true -# -# [*enable_heat*] -# (Optional) Whether to create schemas for Heat -# Defaults to true -# -# [*enable_keystone*] -# (Optional) Whether to create schemas for Keystone -# Defaults to true -# -# [*enable_glance*] -# (Optional) Whether to create schemas for Glance -# Defaults to true -# -# [*enable_gnocchi*] -# (Optional) Whether to create schemas for Gnocchi -# Defaults to true -# -# [*enable_nova*] -# (Optional) Whether to create schemas for Nova -# Defaults to true -# -# [*enable_neutron*] -# (Optional) Whether to create schemas for Neutron -# Defaults to true -# -# [*enable_sahara*] -# (Optional) Whether to create schemas for Sahara -# Defaults to true -# -# [*gnocchi_indexer_backend*] -# (Optional) Type of backend used as Gnocchi indexer -# Defaults to hiera('gnocchi_indexer_backend') -# -class tripleo::profile::base::database::schemas ( - $step = hiera('step'), - $ceilometer_backend = hiera('ceilometer_backend'), - $enable_aodh = true, - $enable_ceilometer = true, - $enable_cinder = true, - $enable_heat = true, - $enable_keystone = true, - $enable_glance = true, - $enable_gnocchi = true, - $enable_nova = true, - $enable_neutron = true, - $enable_sahara = true, - $gnocchi_indexer_backend = hiera('gnocchi_indexer_backend'), -) { - if $step >= 2 { - if downcase($ceilometer_backend) == 'mysql' { - if $enable_ceilometer { - include ::ceilometer::db::mysql - } - if $enable_aodh { - include ::aodh::db::mysql - } - } - - if $enable_gnocchi and downcase($gnocchi_indexer_backend) == 'mysql' { - include ::gnocchi::db::mysql - } - - if $enable_cinder { - include ::cinder::db::mysql - } - - if $enable_keystone { - include ::keystone::db::mysql - } - - if $enable_glance { - include ::glance::db::mysql - } - - if $enable_nova { - include ::nova::db::mysql - include ::nova::db::mysql_api - } - - if $enable_neutron { - include ::neutron::db::mysql - } - - if $enable_heat { - include ::heat::db::mysql - } - - if $enable_sahara { - include ::sahara::db::mysql - } - } -} diff --git a/manifests/profile/base/glance/registry.pp b/manifests/profile/base/glance/registry.pp index bed4a5e..b77b356 100644 --- a/manifests/profile/base/glance/registry.pp +++ b/manifests/profile/base/glance/registry.pp @@ -20,7 +20,7 @@ # # [*sync_db*] # (Optional) Whether to run db sync -# Defaults to undef +# Defaults to true # # [*manage_service*] # (Optional) Whether to manage the glance service @@ -40,14 +40,18 @@ # Defaults to downcase(hiera('glance_backend', 'swift')) # class tripleo::profile::base::glance::registry ( - $sync_db = undef, + $sync_db = true, $manage_service = undef, $enabled = undef, $step = hiera('step'), $glance_backend = downcase(hiera('glance_backend', 'swift')), ) { - if $step >= 4 { + if $step >= 3 and $sync_db { + include ::glance::db::mysql + } + + if $step >= 4 or ( $step >= 3 and $sync_db ) { # TODO: notifications, scrubber, etc. include ::glance include ::glance::config diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index f17bf30..2f7a27a 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -20,7 +20,7 @@ # # [*sync_db*] # (Optional) Whether to run db sync -# Defaults to undef +# Defaults to true # # [*manage_service*] # (Optional) Whether to manage the keystone service @@ -52,7 +52,7 @@ # Defaults to hiera('step') # class tripleo::profile::base::keystone ( - $sync_db = undef, + $sync_db = true, $manage_service = undef, $enabled = undef, $bootstrap_master = undef, @@ -62,7 +62,11 @@ class tripleo::profile::base::keystone ( $step = hiera('step'), ) { - if $step >= 4 { + if $step >= 3 and $sync_db { + include ::keystone::db::mysql + } + + if $step >= 4 or ( $step >= 3 and $sync_db ) { class { '::keystone': sync_db => $sync_db, manage_service => $manage_service, diff --git a/manifests/profile/pacemaker/database/schemas.pp b/manifests/profile/pacemaker/database/schemas.pp deleted file mode 100644 index 489e75b..0000000 --- a/manifests/profile/pacemaker/database/schemas.pp +++ /dev/null @@ -1,65 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::pacemaker::schemas -# -# OpenStack Database Schema Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current deployment step -# Defaults to hiera('step') -# -# [*ceilometer_backend*] -# (Optional) The backend used by ceilometer, usually either 'mysql' -# or 'mongodb' -# Defaults to hiera('ceilometer_backend') -# -# [*gnocchi_indexer_backend*] -# (Optional) Type of backend used as Gnocchi indexer -# Defaults to hiera('gnocchi_indexer_backend') -# -# [*pacemaker_master*] -# (Optional) The hostname of the pacemaker master in this cluster -# Defaults to hiera('bootstrap_nodeid') -# -class tripleo::profile::pacemaker::database::schemas ( - $step = hiera('step'), - $ceilometer_backend = hiera('ceilometer_backend'), - $gnocchi_indexer_backend = hiera('gnocchi_indexer_backend'), - $pacemaker_master = hiera('bootstrap_nodeid') -) { - if downcase($pacemaker_master) == $::hostname and $step >= 2 { - include ::tripleo::profile::base::database::schemas - - if downcase($ceilometer_backend) == 'mysql' { - Exec['galera-ready'] -> Class['::ceilometer::db::mysql'] - Exec['galera-ready'] -> Class['::aodh::db::mysql'] - } - - if downcase($gnocchi_indexer_backend) == 'mysql' { - Exec['galera-ready'] -> Class['::gnocchi::db::mysql'] - } - - Exec['galera-ready'] -> Class['::cinder::db::mysql'] - Exec['galera-ready'] -> Class['::glance::db::mysql'] - Exec['galera-ready'] -> Class['::keystone::db::mysql'] - Exec['galera-ready'] -> Class['::nova::db::mysql'] - Exec['galera-ready'] -> Class['::nova::db::mysql_api'] - Exec['galera-ready'] -> Class['::neutron::db::mysql'] - Exec['galera-ready'] -> Class['::heat::db::mysql'] - Exec['galera-ready'] -> Class['::sahara::db::mysql'] - } -} diff --git a/manifests/profile/pacemaker/glance.pp b/manifests/profile/pacemaker/glance.pp index 5727622..4dca67e 100644 --- a/manifests/profile/pacemaker/glance.pp +++ b/manifests/profile/pacemaker/glance.pp @@ -62,22 +62,30 @@ class tripleo::profile::pacemaker::glance ( $glance_file_pcmk_options = hiera('glance_file_pcmk_options', ''), ) { + Service <| tag == 'glance-service' |> { + hasrestart => true, + restart => '/bin/true', + start => '/bin/true', + stop => '/bin/true', + } + if $::hostname == downcase($bootstrap_node) { $pacemaker_master = true } else { $pacemaker_master = false } + class { '::tripleo::profile::base::glance::api': + manage_service => false, + enabled => false, + } + class { '::tripleo::profile::base::glance::registry': + sync_db => $pacemaker_master, + manage_service => false, + enabled => false, + } + if $step >= 4 { - class { '::tripleo::profile::base::glance::api': - manage_service => false, - enabled => false, - } - class { '::tripleo::profile::base::glance::registry': - sync_db => $pacemaker_master, - manage_service => false, - enabled => false, - } if $glance_backend == 'file' and $glance_file_pcmk_manage { $secontext = 'context="system_u:object_r:glance_var_lib_t:s0"' pacemaker::resource::filesystem { 'glance-fs': diff --git a/manifests/profile/pacemaker/keystone.pp b/manifests/profile/pacemaker/keystone.pp index 0f007a5..fb625e5 100644 --- a/manifests/profile/pacemaker/keystone.pp +++ b/manifests/profile/pacemaker/keystone.pp @@ -37,6 +37,13 @@ class tripleo::profile::pacemaker::keystone ( $enable_load_balancer = hiera('enable_load_balancer', true) ) { + Service <| tag == 'keystone-service' |> { + hasrestart => true, + restart => '/bin/true', + start => '/bin/true', + stop => '/bin/true', + } + if $::hostname == downcase($bootstrap_node) { $pacemaker_master = true } else { @@ -51,15 +58,13 @@ class tripleo::profile::pacemaker::keystone ( $manage_roles = false } - if $step >= 4 { - class { '::tripleo::profile::base::keystone': - sync_db => $pacemaker_master, - manage_service => false, - enabled => false, - bootstrap_master => $pacemaker_master, - manage_roles => $manage_roles, - manage_endpoint => $manage_roles - } + class { '::tripleo::profile::base::keystone': + sync_db => $pacemaker_master, + manage_service => false, + enabled => false, + bootstrap_master => $pacemaker_master, + manage_roles => $manage_roles, + manage_endpoint => $manage_roles } if $step >= 5 and $pacemaker_master and $enable_load_balancer { @@ -85,4 +90,5 @@ class tripleo::profile::pacemaker::keystone ( Pacemaker::Resource::Ocf['openstack-core']], } } + } diff --git a/metadata.json b/metadata.json new file mode 100644 index 0000000..457f86e --- /dev/null +++ b/metadata.json @@ -0,0 +1,28 @@ +{ + "name": "openstack-tripleo", + "version": "1.0.0", + "author": "OpenStack Contributors", + "summary": "Puppet module for TripleO", + "license": "Apache-2.0", + "source": "git://github.com/openstack/puppet-tripleo.git", + "project_page": "https://launchpad.net/puppet-tripleo", + "issues_url": "https://bugs.launchpad.net/puppet-tripleo", + "description": "Installs and configures Tripleo.", + "requirements": [ + { "name": "pe","version_requirement": "3.x" }, + { "name": "puppet","version_requirement": "3.x" } + ], + "operatingsystem_support": [ + { + "operatingsystem": "Fedora", + "operatingsystemrelease": ["20"] + }, + { + "operatingsystem": "RedHat", + "operatingsystemrelease": ["7"] + } + ], + "dependencies": [ + { "name": "puppetlabs/stdlib", "version_requirement": ">= 3.2.0 < 5.0.0" } + ] +} diff --git a/spec/classes/tripleo_firewall_spec.rb b/spec/classes/tripleo_firewall_spec.rb index aa5d1d7..27ac62a 100644 --- a/spec/classes/tripleo_firewall_spec.rb +++ b/spec/classes/tripleo_firewall_spec.rb @@ -51,7 +51,7 @@ describe 'tripleo::firewall' do :state => ['NEW'], ) is_expected.to contain_firewall('003 accept ssh').with( - :port => '22', + :dport => '22', :proto => 'tcp', :action => 'accept', :state => ['NEW'], @@ -74,7 +74,9 @@ describe 'tripleo::firewall' do :firewall_rules => { '300 add custom application 1' => {'port' => '999', 'proto' => 'udp', 'action' => 'accept'}, '301 add custom application 2' => {'port' => '8081', 'proto' => 'tcp', 'action' => 'accept'}, - '302 fwd custom cidr 1' => {'chain' => 'FORWARD', 'destination' => '192.0.2.0/24'} + '302 fwd custom cidr 1' => {'chain' => 'FORWARD', 'destination' => '192.0.2.0/24'}, + '303 add custom application 3' => {'dport' => '8081', 'proto' => 'tcp', 'action' => 'accept'}, + '304 add custom application 4' => {'sport' => '1000', 'proto' => 'tcp', 'action' => 'accept'} } ) end @@ -95,6 +97,18 @@ describe 'tripleo::firewall' do :chain => 'FORWARD', :destination => '192.0.2.0/24', ) + is_expected.to contain_firewall('303 add custom application 3').with( + :dport => '8081', + :proto => 'tcp', + :action => 'accept', + :state => ['NEW'], + ) + is_expected.to contain_firewall('304 add custom application 4').with( + :sport => '1000', + :proto => 'tcp', + :action => 'accept', + :state => ['NEW'], + ) end end |