diff options
20 files changed, 489 insertions, 7 deletions
diff --git a/lib/puppet/provider/sriov_vf_config/numvfs.rb b/lib/puppet/provider/sriov_vf_config/numvfs.rb new file mode 100644 index 0000000..cfa663c --- /dev/null +++ b/lib/puppet/provider/sriov_vf_config/numvfs.rb @@ -0,0 +1,57 @@ +Puppet::Type.type(:sriov_vf_config).provide(:numvfs) do + desc <<-EOT + The file /sys/class/net/<sriov_interface_name>/device/sriov_numvfs will be + present when a physical PCIe device supports SR-IOV. A number written to + this file will enable the specified number of VFs. This provider shall read + the file and ensure that the value is zero, before writing the number of + VFs that should be enabled. If the VFs needs to be disabled then we shall + write a zero to this file. + EOT + + def create + if File.file?(sriov_numvfs_path) + _set_numvfs + else + fail("#{sriov_numvfs_path} doesn't exist. Check if #{sriov_get_interface} is a valid network interface supporting SR-IOV") + end + end + + def destroy + if File.file?(sriov_numvfs_path) + File.write(sriov_numvfs_path,"0") + end + end + + def exists? + if File.file?(sriov_numvfs_path) + cur_value = File.read(sriov_numvfs_path) + if cur_value.to_i == sriov_numvfs_value + return true + end + end + return false + end + + def _set_numvfs + # During an update, the content of file sriov_numvfs_path has to be set + # to 0 (ZERO), before writing the actual value + cur_value = File.read(sriov_numvfs_path) + if cur_value != 0 + File.write(sriov_numvfs_path,"0") + end + File.write(sriov_numvfs_path,sriov_numvfs_value) + end + + def sriov_numvfs_path + "/sys/class/net/#{sriov_get_interface}/device/sriov_numvfs" + end + + def sriov_get_interface + resource[:name].split(':', 2).first + end + + def sriov_numvfs_value + resource[:name].split(':', 2).last.to_i + end + +end diff --git a/lib/puppet/type/sriov_vf_config.rb b/lib/puppet/type/sriov_vf_config.rb new file mode 100644 index 0000000..09a3671 --- /dev/null +++ b/lib/puppet/type/sriov_vf_config.rb @@ -0,0 +1,10 @@ +Puppet::Type.newtype(:sriov_vf_config) do + + ensurable + + newparam(:name) do + desc "sriov_numvfs conf as <physical_network>:<number_of_vfs> format" + newvalues(/^[a-z0-9\-_]+:[0-9]+$/) + end + +end diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index 075433b..b2cc264 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -886,7 +886,12 @@ class tripleo::haproxy ( options => { 'balance' => 'first', 'option' => ['tcp-check',], - 'tcp-check' => union($redis_tcp_check_options, ['send PING\r\n','expect string +PONG','send info\ replication\r\n','expect string role:master','send QUIT\r\n','expect string +OK']), + 'tcp-check' => union($redis_tcp_check_options, ['send PING\r\n', + 'expect string +PONG', + 'send info\ replication\r\n', + 'expect string role:master', + 'send QUIT\r\n', + 'expect string +OK']), }, collect_exported => false, } diff --git a/manifests/haproxy/endpoint.pp b/manifests/haproxy/endpoint.pp index ac6cb6c..b7403a4 100644 --- a/manifests/haproxy/endpoint.pp +++ b/manifests/haproxy/endpoint.pp @@ -88,7 +88,8 @@ define tripleo::haproxy::endpoint ( # service exposed to the public network if $public_certificate { - $public_bind_opts = list_to_hash(suffix(any2array($public_virtual_ip), ":${public_ssl_port}"), union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate])) + $public_bind_opts = list_to_hash(suffix(any2array($public_virtual_ip), ":${public_ssl_port}"), + union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate])) } else { $public_bind_opts = list_to_hash(suffix(any2array($public_virtual_ip), ":${service_port}"), $haproxy_listen_bind_param) } @@ -98,7 +99,8 @@ define tripleo::haproxy::endpoint ( } if $internal_certificate { - $internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${service_port}"), union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate])) + $internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${service_port}"), + union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate])) } else { $internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${service_port}"), $haproxy_listen_bind_param) } diff --git a/manifests/host/sriov.pp b/manifests/host/sriov.pp new file mode 100644 index 0000000..a30db42 --- /dev/null +++ b/manifests/host/sriov.pp @@ -0,0 +1,27 @@ +# == Class: tripleo::host::sriov +# +# Configures host configuration for the SR-IOV interfaces +# +# === Parameters +# +# [*number_of_vfs*] +# (optional) List of <physical_network>:<number_of_vfs> specifying the number +# VFs to be exposed per physical interface. +# For example, to configure two interface with number of VFs, specify +# it as ['eth1:4','eth2:10'] +# Defaults to [] +# +class tripleo::host::sriov ( + $number_of_vfs = [], +) { + + if !empty($number_of_vfs) { + sriov_vf_config { $number_of_vfs: ensure => present } + + # the numvfs configuration needs to be persisted for every boot + tripleo::host::sriov::numvfs_persistence {'persistent_numvfs': + vf_defs => $number_of_vfs, + content_string => "#!/bin/bash\n" + } + } +} diff --git a/manifests/host/sriov/numvfs_persistence.pp b/manifests/host/sriov/numvfs_persistence.pp new file mode 100644 index 0000000..1ee402c --- /dev/null +++ b/manifests/host/sriov/numvfs_persistence.pp @@ -0,0 +1,55 @@ +# +# tripleo::host::sriov::numvfs_persistence used by tripleo::host::sriov +# +# === Parameters: +# +# [*vf_defs*] +# (required) Array of of <physical_interface>:<numvfs>. +# Example: ['eth1:10','eth2:8'] +# +# [*content_string*] +# (required) String which shall be written to the script file. +# +define tripleo::host::sriov::numvfs_persistence( + $vf_defs, + $content_string +){ + # Since reduce isn't available, we use recursion to iterate each entries of + # "physical_interface:vfs" and accumulate the content that needs to be + # written to the script file. + include ::stdlib + + if empty($vf_defs) { + file { '/etc/sysconfig/allocate_vfs': + ensure => file, + content => $content_string, + group => 'root', + mode => '0755', + owner => 'root', + } + + file { '/sbin/ifup-local': + group => 'root', + mode => '0755', + owner => 'root', + content => '#!/bin/bash', + replace => false + } + + file_line { 'call_ifup-local': + path => '/sbin/ifup-local', + line => '/etc/sysconfig/allocate_vfs $1', + require => File['/sbin/ifup-local'], + } + } else { + $vfspec = split($vf_defs[0], ':') + $interface = $vfspec[0] + $count = $vfspec[1] + $vfdef_str = "${content_string}[ \"${interface}\" == \"\$1\" ] && echo ${count} > /sys/class/net/${interface}/device/sriov_numvfs\n" + tripleo::host::sriov::numvfs_persistence{"mapped ${interface}": + vf_defs => delete_at($vf_defs, 0), + content_string => $vfdef_str + } + } +} + diff --git a/manifests/profile/base/ceilometer/expirer.pp b/manifests/profile/base/ceilometer/expirer.pp index 0830307..eaaaefc 100644 --- a/manifests/profile/base/ceilometer/expirer.pp +++ b/manifests/profile/base/ceilometer/expirer.pp @@ -30,7 +30,8 @@ class tripleo::profile::base::ceilometer::expirer ( if $step >= 4 { include ::ceilometer::expirer - Cron <| title == 'ceilometer-expirer' |> { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" } + Cron <| title == 'ceilometer-expirer' |> + { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" } } } diff --git a/manifests/profile/base/cinder/volume.pp b/manifests/profile/base/cinder/volume.pp index dfb034f..7d562ec 100644 --- a/manifests/profile/base/cinder/volume.pp +++ b/manifests/profile/base/cinder/volume.pp @@ -108,7 +108,13 @@ class tripleo::profile::base::cinder::volume ( $cinder_rbd_backend_name = undef } - $cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend_name, $cinder_rbd_backend_name, $cinder_eqlx_backend_name, $cinder_dellsc_backend_name, $cinder_netapp_backend_name, $cinder_nfs_backend_name, $cinder_user_enabled_backends]) + $cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend_name, + $cinder_rbd_backend_name, + $cinder_eqlx_backend_name, + $cinder_dellsc_backend_name, + $cinder_netapp_backend_name, + $cinder_nfs_backend_name, + $cinder_user_enabled_backends]) class { '::cinder::backends' : enabled_backends => $cinder_enabled_backends, } diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index ac97b66..354d24c 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -73,5 +73,53 @@ class tripleo::profile::base::keystone ( if $step >= 5 and $manage_db_purge { include ::keystone::cron::token_flush } + + if $step >= 5 and $manage_endpoint{ + if hiera('aodh_api_enabled', false) { + include ::aodh::keystone::auth + } + if hiera('ceilometer_api_enabled', false) { + include ::ceilometer::keystone::auth + } + if hiera('cinder_api_enabled', false) { + include ::cinder::keystone::auth + } + if hiera('glance_api_enabled', false) { + include ::glance::keystone::auth + } + if hiera('gnocchi_api_enabled', false) { + include ::gnocchi::keystone::auth + } + if hiera('heat_api_enabled', false) { + include ::heat::keystone::auth + } + if hiera('heat_api_cfn_enabled', false) { + include ::heat::keystone::auth_cfn + } + if hiera('ironic_api_enabled', false) { + include ::ironic::keystone::auth + } + if hiera('manila_api_enabled', false) { + include ::manila::keystone::auth + } + if hiera('mistral_api_enabled', false) { + include ::mistral::keystone::auth + } + if hiera('neutron_api_enabled', false) { + include ::neutron::keystone::auth + } + if hiera('nova_api_enabled', false) { + include ::nova::keystone::auth + } + if hiera('sahara_api_enabled', false) { + include ::sahara::keystone::auth + } + if hiera('swift_proxy_enabled', false) { + include ::swift::keystone::auth + } + if hiera('trove_api_enabled', false) { + include ::trove::keystone::auth + } + } } diff --git a/manifests/profile/base/neutron/agents/ovn.pp b/manifests/profile/base/neutron/agents/ovn.pp new file mode 100644 index 0000000..443b164 --- /dev/null +++ b/manifests/profile/base/neutron/agents/ovn.pp @@ -0,0 +1,38 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::neutron::agents::ovn +# +# OVN Neutron agent profile for tripleo +# +# [*ovn_db_host*] +# The IP-Address/Hostname where OVN DBs are deployed +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::neutron::agents::ovn ( + $ovn_db_host, + $step = hiera('step') +) { + if $step >= 4 { + $ovn_sbdb_port = hiera('ovn::southbound::port') + class { '::ovn::controller': + ovn_remote => "tcp:${ovn_db_host}:${ovn_sbdb_port}", + ovn_encap_type => hiera('ovn::southboud::encap_type') + } + } +} diff --git a/manifests/profile/base/neutron/plugins/ml2.pp b/manifests/profile/base/neutron/plugins/ml2.pp index 401e627..4f4de0b 100644 --- a/manifests/profile/base/neutron/plugins/ml2.pp +++ b/manifests/profile/base/neutron/plugins/ml2.pp @@ -68,5 +68,8 @@ class tripleo::profile::base::neutron::plugins::ml2 ( include ::tripleo::profile::base::neutron::plugins::ml2::opendaylight } + if 'ovn' in $mechanism_drivers { + include ::tripleo::profile::base::neutron::plugins::ml2::ovn + } } } diff --git a/manifests/profile/base/neutron/plugins/ml2/ovn.pp b/manifests/profile/base/neutron/plugins/ml2/ovn.pp new file mode 100644 index 0000000..46477a7 --- /dev/null +++ b/manifests/profile/base/neutron/plugins/ml2/ovn.pp @@ -0,0 +1,46 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::neutron::plugins::ml2::ovn +# +# OVN Neutron ML2 profile for tripleo +# +# [*ovn_db_host*] +# The IP-Address/Hostname where OVN DBs are deployed +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::neutron::plugins::ml2::ovn ( + $ovn_db_host, + $step = hiera('step') +) { + if $step >= 4 { + if $::hostname == $ovn_db_host { + # NOTE: we might split northd from plugin later, in the case of + # micro-services, where neutron-server & northd are not in the same + # containers + include ::ovn::northd + } + $ovn_nb_port = hiera('ovn::northbound::port') + $ovn_sb_port = hiera('ovn::southbound::port') + class { '::neutron::plugins::ml2::ovn': + ovn_nb_connection => "tcp:${ovn_db_host}:${ovn_nb_port}", + ovn_sb_connection => "tcp:${ovn_db_host}:${ovn_sb_port}", + } + } +} + diff --git a/manifests/profile/base/neutron/sriov.pp b/manifests/profile/base/neutron/sriov.pp index 9b5f34c..00ecc21 100644 --- a/manifests/profile/base/neutron/sriov.pp +++ b/manifests/profile/base/neutron/sriov.pp @@ -36,6 +36,7 @@ class tripleo::profile::base::neutron::sriov( if $step >= 4 { if 'sriovnicswitch' in $mechanism_drivers { include ::neutron::agents::ml2::sriov + include ::tripleo::host::sriov } } diff --git a/manifests/profile/base/snmp.pp b/manifests/profile/base/snmp.pp index 2ed6752..301ac9a 100644 --- a/manifests/profile/base/snmp.pp +++ b/manifests/profile/base/snmp.pp @@ -43,7 +43,16 @@ class tripleo::profile::base::snmp ( } class { '::snmp': agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['createUser ', $snmpd_user, ' MD5 "', $snmpd_password, '"']), join(['rouser ', $snmpd_user]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], + snmpd_config => [ join(['createUser ', $snmpd_user, ' MD5 "', $snmpd_password, '"']), + join(['rouser ', $snmpd_user]), + 'proc cron', + 'includeAllDisks 10%', + 'master agentx', + 'trapsink localhost public', + 'iquerySecName internalUser', + 'rouser internalUser', + 'defaultMonitors yes', + 'linkUpDownNotifications yes' ], } } } diff --git a/manifests/profile/pacemaker/database/mysql.pp b/manifests/profile/pacemaker/database/mysql.pp index bec955c..2715260 100644 --- a/manifests/profile/pacemaker/database/mysql.pp +++ b/manifests/profile/pacemaker/database/mysql.pp @@ -159,8 +159,12 @@ MYSQL_HOST=localhost\n", # with proper credentials. This step happens on every node because this sql # statement does not automatically replicate across nodes. $mysql_root_password = hiera('mysql::server::root_password') + $galera_set_pwd = "/bin/touch /root/.my.cnf && \ + /bin/echo \"UPDATE mysql.user SET Password = PASSWORD('${mysql_root_password}') WHERE user = 'root'; \ + flush privileges;\" | \ + /bin/mysql --defaults-extra-file=/root/.my.cnf -u root" exec { 'galera-set-root-password': - command => "/bin/touch /root/.my.cnf && /bin/echo \"UPDATE mysql.user SET Password = PASSWORD('${mysql_root_password}') WHERE user = 'root'; flush privileges;\" | /bin/mysql --defaults-extra-file=/root/.my.cnf -u root", + command => $galera_set_pwd, } file { '/root/.my.cnf' : ensure => file, diff --git a/releasenotes/notes/sriov_numvfs-40564db9e1be589b.yaml b/releasenotes/notes/sriov_numvfs-40564db9e1be589b.yaml new file mode 100644 index 0000000..85cbdec --- /dev/null +++ b/releasenotes/notes/sriov_numvfs-40564db9e1be589b.yaml @@ -0,0 +1,4 @@ +--- +features: + - Added a provider to configure VFs for SR-IOV interface. + Added a define for persistence of the VFs configuratin. diff --git a/spec/classes/tripleo_host_sriov_spec.rb b/spec/classes/tripleo_host_sriov_spec.rb new file mode 100644 index 0000000..15d3813 --- /dev/null +++ b/spec/classes/tripleo_host_sriov_spec.rb @@ -0,0 +1,39 @@ +require 'spec_helper' + +describe 'tripleo::host::sriov' do + + shared_examples_for 'sriov vfs configuration for Red Hat distributions' do + + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemmajrelease => 7, + } + end + + let :params do + {:number_of_vfs => []} + end + + it 'does not configure numvfs by default' do + is_expected.not_to contain_sriov_vf_config([]) + end + + context 'when number_of_vfs is configured' do + let :params do + {:number_of_vfs => ['eth0:4','eth1:5']} + end + + it 'configures numvfs' do + is_expected.to contain_sriov_vf_config('eth0:4').with( :ensure => 'present' ) + is_expected.to contain_sriov_vf_config('eth1:5').with( :ensure => 'present') + is_expected.to contain_tripleo__host__sriov__numvfs_persistence('persistent_numvfs').with( + :vf_defs => ['eth0:4','eth1:5'], + :content_string => "#!/bin/bash\n" + ) + end + end + end + + it_configures 'sriov vfs configuration for Red Hat distributions' +end diff --git a/spec/defines/tripleo_host_sriov_numvfs_persistence_spec.rb b/spec/defines/tripleo_host_sriov_numvfs_persistence_spec.rb new file mode 100644 index 0000000..57559a2 --- /dev/null +++ b/spec/defines/tripleo_host_sriov_numvfs_persistence_spec.rb @@ -0,0 +1,40 @@ +require 'spec_helper' + +describe 'tripleo::host::sriov::numvfs_persistence' do + + describe 'confugure numvfs for persistence' do + + let :title do + 'numvfs' + end + + let :params do + { + :name => 'persistence', + :vf_defs => ['eth0:10','eth1:8'], + :content_string => "Hashbang\n" + } + end + + it 'configures persistence' do + is_expected.to contain_file('/etc/sysconfig/allocate_vfs').with( + :ensure => 'file', + :content => "Hashbang\n[ \"eth0\" == \"\$1\" ] && echo 10 > /sys/class/net/eth0/device/sriov_numvfs\n[ \"eth1\" == \"\$1\" ] && echo 8 > /sys/class/net/eth1/device/sriov_numvfs\n", + :group => 'root', + :mode => '0755', + :owner => 'root', + ) + is_expected.to contain_file('/sbin/ifup-local').with( + :group => 'root', + :mode => '0755', + :owner => 'root', + :content => '#!/bin/bash', + :replace => false, + ) + is_expected.to contain_file_line('call_ifup-local').with( + :path => '/sbin/ifup-local', + :line => '/etc/sysconfig/allocate_vfs $1', + ) + end + end +end diff --git a/spec/unit/provider/sriov_vf_config/numvfs_spec.rb b/spec/unit/provider/sriov_vf_config/numvfs_spec.rb new file mode 100644 index 0000000..ac1a398 --- /dev/null +++ b/spec/unit/provider/sriov_vf_config/numvfs_spec.rb @@ -0,0 +1,40 @@ +require 'puppet' +require 'spec_helper' +require 'puppet/provider/sriov_vf_config/numvfs' + +provider_class = Puppet::Type.type(:sriov_vf_config). + provider(:numvfs) + +describe provider_class do + + let(:test_cfg_path) { "/tmp/test-ifup-local.txt" } + let :numvfs_conf do + { + :name => 'eth0:10', + :ensure => 'present', + } + end + + describe 'when setting the attributes' do + let :resource do + Puppet::Type::Sriov_vf_config.new(numvfs_conf) + end + + let :provider do + provider_class.new(resource) + end + + it 'should return the correct interface name' do + expect(provider.sriov_get_interface).to eql('eth0') + end + + it 'should return the correct numvfs value' do + expect(provider.sriov_numvfs_value).to eql(10) + end + + it 'should return path of the file to enable vfs' do + expect(provider.sriov_numvfs_path).to eql('/sys/class/net/eth0/device/sriov_numvfs') + end + end + +end diff --git a/spec/unit/type/sriov_vf_config_spec.rb b/spec/unit/type/sriov_vf_config_spec.rb new file mode 100644 index 0000000..9a911f6 --- /dev/null +++ b/spec/unit/type/sriov_vf_config_spec.rb @@ -0,0 +1,47 @@ +require 'puppet' +require 'puppet/type/sriov_vf_config' + +describe 'Puppet::Type.type(:sriov_vf_config)' do + it 'should allow name to be passed' do + expect{Puppet::Type.type(:sriov_vf_config).new( + :name => 'eth0:10', + :ensure => 'present' + )}.not_to raise_error + end + it 'should allow name to be passed with -' do + expect{Puppet::Type.type(:sriov_vf_config).new( + :name => 'eth-0:10', + :ensure => 'present' + )}.not_to raise_error + end + it 'should allow name to be passed with _' do + expect{Puppet::Type.type(:sriov_vf_config).new( + :name => 'eth_0:10', + :ensure => 'present' + )}.not_to raise_error + end + it 'should throw error for invalid format' do + expect{Puppet::Type.type(:sriov_vf_config).new( + :name => 'eth0', + :ensure => 'present' + )}.to raise_error(Puppet::ResourceError) + end + it 'should throw error for invalid format without interface name' do + expect{Puppet::Type.type(:sriov_vf_config).new( + :name => ':9', + :ensure => 'present' + )}.to raise_error(Puppet::ResourceError) + end + it 'should throw error for invalid format for numvfs' do + expect{Puppet::Type.type(:sriov_vf_config).new( + :name => 'eth8:none', + :ensure => 'present' + )}.to raise_error(Puppet::ResourceError) + end + it 'should throw error for invalid format without numvfs' do + expect{Puppet::Type.type(:sriov_vf_config).new( + :name => 'eth0:', + :ensure => 'present' + )}.to raise_error(Puppet::ResourceError) + end +end |