diff options
| -rw-r--r-- | manifests/firewall/post.pp | 2 | ||||
| -rw-r--r-- | manifests/firewall/rule.pp | 16 | ||||
| -rw-r--r-- | manifests/profile/base/neutron/linuxbridge.pp | 20 | ||||
| -rw-r--r-- | manifests/profile/base/swift/proxy.pp | 2 | ||||
| -rw-r--r-- | manifests/profile/pacemaker/rabbitmq.pp | 8 | ||||
| -rw-r--r-- | manifests/tls_proxy.pp | 1 |
6 files changed, 44 insertions, 5 deletions
diff --git a/manifests/firewall/post.pp b/manifests/firewall/post.pp index b76db75..7b5f563 100644 --- a/manifests/firewall/post.pp +++ b/manifests/firewall/post.pp @@ -36,7 +36,7 @@ class tripleo::firewall::post( if $debug { warning('debug is enabled, the traffic is not blocked.') } else { - firewall { '998 log all': + tripleo::firewall::rule{ '998 log all': proto => 'all', jump => 'LOG', } diff --git a/manifests/firewall/rule.pp b/manifests/firewall/rule.pp index 688144e..f1ea0c9 100644 --- a/manifests/firewall/rule.pp +++ b/manifests/firewall/rule.pp @@ -39,6 +39,10 @@ # (optional) The action policy associated to the rule. # Defaults to 'accept' # +# [*jump*] +# (optional) The chain to jump to. +# If present, overrides action +# # [*state*] # (optional) Array of states associated to the rule.. # Defaults to ['NEW'] @@ -75,6 +79,7 @@ define tripleo::firewall::rule ( $chain = 'INPUT', $destination = undef, $extras = {}, + $jump = undef, ) { if $port == 'all' { @@ -85,16 +90,25 @@ define tripleo::firewall::rule ( $port_real = $port } + if $jump != undef { + $jump_real = $jump + $action_real = undef + } else { + $jump_real = undef + $action_real = $action + } + $basic = { 'port' => $port_real, 'dport' => $dport, 'sport' => $sport, 'proto' => $proto, - 'action' => $action, + 'action' => $action_real, 'source' => $source, 'iniface' => $iniface, 'chain' => $chain, 'destination' => $destination, + 'jump' => $jump_real, } if $proto == 'icmp' { $ipv6 = { diff --git a/manifests/profile/base/neutron/linuxbridge.pp b/manifests/profile/base/neutron/linuxbridge.pp new file mode 100644 index 0000000..9f4899a --- /dev/null +++ b/manifests/profile/base/neutron/linuxbridge.pp @@ -0,0 +1,20 @@ +# == Class: tripleo::profile::base::neutron::linuxbridge +# +# Neutron linuxbridge agent profile for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templatee +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::neutron::linuxbridge( + $step = hiera('step'), +) { + include ::tripleo::profile::base::neutron + + if $step >= 5 { + include ::neutron::agents::ml2::linuxbridge + } +} diff --git a/manifests/profile/base/swift/proxy.pp b/manifests/profile/base/swift/proxy.pp index e80c8c9..4e0e568 100644 --- a/manifests/profile/base/swift/proxy.pp +++ b/manifests/profile/base/swift/proxy.pp @@ -127,7 +127,7 @@ class tripleo::profile::base::swift::proxy ( port => $tls_proxy_port, tls_cert => $tls_certfile, tls_key => $tls_keyfile, - notify => Class['::neutron::server'], + notify => Class['::swift::proxy'], } } $swift_memcache_servers = suffix(any2array(normalize_ip_for_uri($memcache_servers)), ":${memcache_port}") diff --git a/manifests/profile/pacemaker/rabbitmq.pp b/manifests/profile/pacemaker/rabbitmq.pp index f4b679a..bf6a38d 100644 --- a/manifests/profile/pacemaker/rabbitmq.pp +++ b/manifests/profile/pacemaker/rabbitmq.pp @@ -30,7 +30,7 @@ # (Optional) The number of HA queues in to be configured in rabbitmq # Defaults to hiera('rabbitmq::nr_ha_queues'), which is usually 0 meaning # that the queues number will be CEIL(N/2) where N is the number of rabbitmq -# nodes. +# nodes. The special value of -1 represents the mode 'ha-mode: all' # # [*rabbit_nodes*] # (Optional) The list of rabbitmq nodes names @@ -90,12 +90,16 @@ class tripleo::profile::pacemaker::rabbitmq ( if $user_ha_queues == 0 { $nr_rabbit_nodes = size($rabbit_nodes) $nr_ha_queues = $nr_rabbit_nodes / 2 + ($nr_rabbit_nodes % 2) + $params = "set_policy='ha-all ^(?!amq\\.).* {\"ha-mode\":\"exactly\",\"ha-params\":${nr_ha_queues}}'" + } elsif $user_ha_queues == -1 { + $params = 'set_policy=\'ha-all ^(?!amq\.).* {"ha-mode":"all"}\'' } else { $nr_ha_queues = $user_ha_queues + $params = "set_policy='ha-all ^(?!amq\\.).* {\"ha-mode\":\"exactly\",\"ha-params\":${nr_ha_queues}}'" } pacemaker::resource::ocf { 'rabbitmq': ocf_agent_name => 'heartbeat:rabbitmq-cluster', - resource_params => "set_policy='ha-all ^(?!amq\\.).* {\"ha-mode\":\"exactly\",\"ha-params\":${nr_ha_queues}}'", + resource_params => $params, clone_params => 'ordered=true interleave=true', meta_params => 'notify=true', op_params => 'start timeout=200s stop timeout=200s', diff --git a/manifests/tls_proxy.pp b/manifests/tls_proxy.pp index 36d6b6d..607e20f 100644 --- a/manifests/tls_proxy.pp +++ b/manifests/tls_proxy.pp @@ -40,6 +40,7 @@ define tripleo::tls_proxy( $tls_cert, $tls_key, ) { + include ::apache ::apache::vhost { "${title}-proxy": ensure => 'present', docroot => undef, # This is required by the manifest |