diff options
30 files changed, 449 insertions, 94 deletions
diff --git a/manifests/certmonger/ca/crl.pp b/manifests/certmonger/ca/crl.pp index 59a3681..2454460 100644 --- a/manifests/certmonger/ca/crl.pp +++ b/manifests/certmonger/ca/crl.pp @@ -49,7 +49,7 @@ # (optional) Defaults to '0'. # # [*hour*] -# (optional) Defaults to '1'. +# (optional) Defaults to '*/2'. # # [*monthday*] # (optional) Defaults to '*'. @@ -78,10 +78,10 @@ class tripleo::certmonger::ca::crl ( $crl_preprocessed = '/etc/pki/CA/crl/overcloud-crl.bin', $crl_preprocessed_format = 'DER', $minute = '0', - $hour = '1', + $hour = '*/2', $monthday = '*', $month = '*', - $weekday = '6', + $weekday = '*', $maxdelay = 0, $reload_cmds = [], ) { diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index 2f29674..e12ae77 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -1048,7 +1048,7 @@ class tripleo::haproxy ( mode => 'http', public_ssl_port => $ports[nova_api_ssl_port], service_network => $nova_osapi_network, - #member_options => union($haproxy_member_options, $internal_tls_member_options), + member_options => union($haproxy_member_options, $internal_tls_member_options), } } diff --git a/manifests/profile/base/aodh/api.pp b/manifests/profile/base/aodh/api.pp index 300c0ca..d6ec32b 100644 --- a/manifests/profile/base/aodh/api.pp +++ b/manifests/profile/base/aodh/api.pp @@ -23,6 +23,10 @@ # This is set by t-h-t. # Defaults to hiera('aodh_api_network', undef) # +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# # [*certificates_specs*] # (Optional) The specifications to give to certmonger for the certificate(s) # it will create. @@ -47,10 +51,16 @@ class tripleo::profile::base::aodh::api ( $aodh_network = hiera('aodh_api_network', undef), + $bootstrap_node = hiera('bootstrap_nodeid', undef), $certificates_specs = hiera('apache_certificates_specs', {}), $enable_internal_tls = hiera('enable_internal_tls', false), $step = Integer(hiera('step')), ) { + if $::hostname == downcase($bootstrap_node) { + $is_bootstrap = true + } else { + $is_bootstrap = false + } include ::tripleo::profile::base::aodh @@ -66,7 +76,7 @@ class tripleo::profile::base::aodh::api ( } - if $step >= 3 { + if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { include ::aodh::api include ::apache::mod::ssl class { '::aodh::wsgi::apache': diff --git a/manifests/profile/base/ceilometer/api.pp b/manifests/profile/base/ceilometer/api.pp index 6a30a40..11c1da3 100644 --- a/manifests/profile/base/ceilometer/api.pp +++ b/manifests/profile/base/ceilometer/api.pp @@ -23,6 +23,10 @@ # This is set by t-h-t. # Defaults to hiera('ceilometer_api_network', undef) # +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# # [*certificates_specs*] # (Optional) The specifications to give to certmonger for the certificate(s) # it will create. @@ -45,11 +49,18 @@ # Defaults to hiera('step') # class tripleo::profile::base::ceilometer::api ( + $bootstrap_node = hiera('bootstrap_nodeid', undef), $ceilometer_network = hiera('ceilometer_api_network', undef), $certificates_specs = hiera('apache_certificates_specs', {}), $enable_internal_tls = hiera('enable_internal_tls', false), $step = Integer(hiera('step')), ) { + if $::hostname == downcase($bootstrap_node) { + $is_bootstrap = true + } else { + $is_bootstrap = false + } + include ::tripleo::profile::base::ceilometer if $enable_internal_tls { @@ -63,7 +74,7 @@ class tripleo::profile::base::ceilometer::api ( $tls_keyfile = undef } - if $step >= 3 { + if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { include ::ceilometer::api include ::apache::mod::ssl class { '::ceilometer::wsgi::apache': diff --git a/manifests/profile/base/database/mysql.pp b/manifests/profile/base/database/mysql.pp index 8eb6079..fbb8b11 100644 --- a/manifests/profile/base/database/mysql.pp +++ b/manifests/profile/base/database/mysql.pp @@ -95,6 +95,9 @@ class tripleo::profile::base::database::mysql ( if $enable_internal_tls { $tls_certfile = $certificate_specs['service_certificate'] $tls_keyfile = $certificate_specs['service_key'] + + # Force users/grants created to use TLS connections + Openstacklib::Db::Mysql <||> { tls_options => ['SSL'] } } else { $tls_certfile = undef $tls_keyfile = undef @@ -217,6 +220,10 @@ class tripleo::profile::base::database::mysql ( if hiera('ec2_api_enabled', false) { include ::ec2api::db::mysql } + if hiera('zaqar_enabled', false) and hiera('zaqar::db::mysql::user', '') == 'zaqar' { + # NOTE: by default zaqar uses mongodb + include ::zaqar::db::mysql + } } } diff --git a/manifests/profile/base/docker.pp b/manifests/profile/base/docker.pp index 28a2764..cf3a914 100644 --- a/manifests/profile/base/docker.pp +++ b/manifests/profile/base/docker.pp @@ -89,22 +89,34 @@ class tripleo::profile::base::docker ( require => Package['docker'], } + if $docker_options { + $options_changes = [ "set OPTIONS '\"${docker_options}\"'" ] + } else { + $options_changes = [ 'rm OPTIONS' ] + } + + augeas { 'docker-sysconfig-options': + lens => 'Shellvars.lns', + incl => '/etc/sysconfig/docker', + changes => $options_changes, + subscribe => Package['docker'], + notify => Service['docker'], + } + if $insecure_registry { if $docker_namespace == undef { fail('You must provide a $docker_namespace in order to configure insecure registry') } $namespace = strip($docker_namespace.split('/')[0]) - $changes = [ "set INSECURE_REGISTRY '\"--insecure-registry ${namespace}\"'", - "set OPTIONS '\"${docker_options}\"'" ] + $registry_changes = [ "set INSECURE_REGISTRY '\"--insecure-registry ${namespace}\"'" ] } else { - $changes = [ 'rm INSECURE_REGISTRY', - "set OPTIONS '\"${docker_options}\"'" ] + $registry_changes = [ 'rm INSECURE_REGISTRY' ] } - augeas { 'docker-sysconfig': + augeas { 'docker-sysconfig-registry': lens => 'Shellvars.lns', incl => '/etc/sysconfig/docker', - changes => $changes, + changes => $registry_changes, subscribe => Package['docker'], notify => Service['docker'], } diff --git a/manifests/profile/base/heat/api.pp b/manifests/profile/base/heat/api.pp index ff90590..2221b37 100644 --- a/manifests/profile/base/heat/api.pp +++ b/manifests/profile/base/heat/api.pp @@ -18,6 +18,10 @@ # # === Parameters # +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# # [*certificates_specs*] # (Optional) The specifications to give to certmonger for the certificate(s) # it will create. @@ -45,11 +49,18 @@ # Defaults to hiera('step') # class tripleo::profile::base::heat::api ( + $bootstrap_node = hiera('bootstrap_nodeid', undef), $certificates_specs = hiera('apache_certificates_specs', {}), $enable_internal_tls = hiera('enable_internal_tls', false), $heat_api_network = hiera('heat_api_network', undef), $step = Integer(hiera('step')), ) { + if $::hostname == downcase($bootstrap_node) { + $is_bootstrap = true + } else { + $is_bootstrap = false + } + include ::tripleo::profile::base::heat if $enable_internal_tls { @@ -63,7 +74,7 @@ class tripleo::profile::base::heat::api ( $tls_keyfile = undef } - if $step >= 3 { + if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { include ::heat::api include ::apache::mod::ssl class { '::heat::wsgi::apache_api': diff --git a/manifests/profile/base/heat/api_cfn.pp b/manifests/profile/base/heat/api_cfn.pp index e14760a..1014b04 100644 --- a/manifests/profile/base/heat/api_cfn.pp +++ b/manifests/profile/base/heat/api_cfn.pp @@ -18,6 +18,10 @@ # # === Parameters # +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# # [*certificates_specs*] # (Optional) The specifications to give to certmonger for the certificate(s) # it will create. @@ -45,11 +49,18 @@ # Defaults to hiera('step') # class tripleo::profile::base::heat::api_cfn ( + $bootstrap_node = hiera('bootstrap_nodeid', undef), $certificates_specs = hiera('apache_certificates_specs', {}), $enable_internal_tls = hiera('enable_internal_tls', false), $heat_api_cfn_network = hiera('heat_api_cfn_network', undef), $step = Integer(hiera('step')), ) { + if $::hostname == downcase($bootstrap_node) { + $is_bootstrap = true + } else { + $is_bootstrap = false + } + include ::tripleo::profile::base::heat if $enable_internal_tls { @@ -63,7 +74,7 @@ class tripleo::profile::base::heat::api_cfn ( $tls_keyfile = undef } - if $step >= 3 { + if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { include ::heat::api_cfn include ::apache::mod::ssl diff --git a/manifests/profile/base/heat/api_cloudwatch.pp b/manifests/profile/base/heat/api_cloudwatch.pp index 83d5307..4caac9d 100644 --- a/manifests/profile/base/heat/api_cloudwatch.pp +++ b/manifests/profile/base/heat/api_cloudwatch.pp @@ -18,6 +18,10 @@ # # === Parameters # +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# # [*certificates_specs*] # (Optional) The specifications to give to certmonger for the certificate(s) # it will create. @@ -45,11 +49,18 @@ # Defaults to hiera('step') # class tripleo::profile::base::heat::api_cloudwatch ( + $bootstrap_node = hiera('bootstrap_nodeid', undef), $certificates_specs = hiera('apache_certificates_specs', {}), $enable_internal_tls = hiera('enable_internal_tls', false), $heat_api_cloudwatch_network = hiera('heat_api_cloudwatch_network', undef), $step = Integer(hiera('step')), ) { + if $::hostname == downcase($bootstrap_node) { + $is_bootstrap = true + } else { + $is_bootstrap = false + } + include ::tripleo::profile::base::heat if $enable_internal_tls { @@ -63,7 +74,7 @@ class tripleo::profile::base::heat::api_cloudwatch ( $tls_keyfile = undef } - if $step >= 3 { + if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { include ::heat::api_cloudwatch include ::apache::mod::ssl diff --git a/manifests/profile/base/horizon.pp b/manifests/profile/base/horizon.pp index 12482b6..26ea20f 100644 --- a/manifests/profile/base/horizon.pp +++ b/manifests/profile/base/horizon.pp @@ -23,15 +23,26 @@ # for more details. # Defaults to hiera('step') # +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# # [*neutron_options*] # (Optional) A hash of parameters to enable features specific to Neutron # Defaults to hiera('horizon::neutron_options', {}) # class tripleo::profile::base::horizon ( $step = Integer(hiera('step')), + $bootstrap_node = hiera('bootstrap_nodeid', undef), $neutron_options = hiera('horizon::neutron_options', {}), ) { - if $step >= 3 { + if $::hostname == downcase($bootstrap_node) { + $is_bootstrap = true + } else { + $is_bootstrap = false + } + + if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { # Horizon include ::apache::mod::remoteip include ::apache::mod::status diff --git a/manifests/profile/base/ironic/api.pp b/manifests/profile/base/ironic/api.pp index 94b7efe..bbc91f5 100644 --- a/manifests/profile/base/ironic/api.pp +++ b/manifests/profile/base/ironic/api.pp @@ -18,16 +18,68 @@ # # === Parameters # +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# +# [*certificates_specs*] +# (Optional) The specifications to give to certmonger for the certificate(s) +# it will create. +# Example with hiera: +# apache_certificates_specs: +# httpd-internal_api: +# hostname: <overcloud controller fqdn> +# service_certificate: <service certificate path> +# service_key: <service key path> +# principal: "haproxy/<overcloud controller fqdn>" +# Defaults to hiera('apache_certificate_specs', {}). +# +# [*ironic_api_network*] +# (Optional) The network name where the ironic API endpoint is listening on. +# This is set by t-h-t. +# Defaults to hiera('ironic_api_network', undef) +# +# [*enable_internal_tls*] +# (Optional) Whether TLS in the internal network is enabled or not. +# Defaults to hiera('enable_internal_tls', false) +# # [*step*] # (Optional) The current step of the deployment # Defaults to hiera('step') # class tripleo::profile::base::ironic::api ( - $step = Integer(hiera('step')), + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $certificates_specs = hiera('apache_certificates_specs', {}), + $ironic_api_network = hiera('ironic_api_network', undef), + $enable_internal_tls = hiera('enable_internal_tls', false), + $step = Integer(hiera('step')), ) { include ::tripleo::profile::base::ironic - if $step >= 4 { - include ::ironic::api + if $::hostname == downcase($bootstrap_node) { + $is_bootstrap = true + } else { + $is_bootstrap = false } + + if $enable_internal_tls { + if !$ironic_api_network { + fail('ironic_api_network is not set in the hieradata.') + } + $tls_certfile = $certificates_specs["httpd-${ironic_api_network}"]['service_certificate'] + $tls_keyfile = $certificates_specs["httpd-${ironic_api_network}"]['service_key'] + } else { + $tls_certfile = undef + $tls_keyfile = undef + } + + if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { + include ::ironic::api + include ::apache::mod::ssl + class { '::ironic::wsgi::apache': + ssl_cert => $tls_certfile, + ssl_key => $tls_keyfile, + } + } + } diff --git a/manifests/profile/base/metrics/collectd.pp b/manifests/profile/base/metrics/collectd.pp index 098f795..088e6e2 100644 --- a/manifests/profile/base/metrics/collectd.pp +++ b/manifests/profile/base/metrics/collectd.pp @@ -23,6 +23,11 @@ # for more details. # Defaults to hiera('step') # +# [*enable_file_logging*] +# (Optional) Boolean. Whether to enable logfile plugin. +# which we should send metrics. +# Defaults to false +# # [*collectd_server*] # (Optional) String. The name or address of a collectd server to # which we should send metrics. @@ -49,6 +54,7 @@ class tripleo::profile::base::metrics::collectd ( $step = Integer(hiera('step')), + $enable_file_logging = false, $collectd_server = undef, $collectd_port = undef, $collectd_username = undef, @@ -58,6 +64,9 @@ class tripleo::profile::base::metrics::collectd ( ) { if $step >= 3 { include ::collectd + if $enable_file_logging { + include ::collectd::plugin::logfile + } if ! ($collectd_securitylevel in [undef, 'None', 'Sign', 'Encrypt']) { fail('collectd_securitylevel must be one of (None, Sign, Encrypt).') diff --git a/manifests/profile/base/mistral/api.pp b/manifests/profile/base/mistral/api.pp index 2ea5c9a..b5ca85e 100644 --- a/manifests/profile/base/mistral/api.pp +++ b/manifests/profile/base/mistral/api.pp @@ -56,9 +56,9 @@ class tripleo::profile::base::mistral::api ( $step = Integer(hiera('step')), ) { if $::hostname == downcase($bootstrap_node) { - $sync_db = true + $is_bootstrap = true } else { - $sync_db = false + $is_bootstrap = false } include ::tripleo::profile::base::mistral @@ -74,7 +74,7 @@ class tripleo::profile::base::mistral::api ( $tls_keyfile = undef } - if $step >= 3 { + if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { include ::mistral::api include ::apache::mod::ssl class { '::mistral::wsgi::apache': diff --git a/manifests/profile/base/neutron/opendaylight/configure_cluster.pp b/manifests/profile/base/neutron/opendaylight/configure_cluster.pp new file mode 100644 index 0000000..022e8ae --- /dev/null +++ b/manifests/profile/base/neutron/opendaylight/configure_cluster.pp @@ -0,0 +1,45 @@ +# Copyright 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Configures an OpenDaylight cluster. +# It creates the akka configuration file for ODL to cluster correctly +# It will not configure clustering if less than 3 nodes +# +# == Function: tripleo::profile::base::neutron::opendaylight::configure_cluster +# +# == Parameters +# +# [*node_name*] +# The short hostname of node +# +# [*odl_api_ips*] Array of IPs per ODL node +# Defaults to empty array +# +define tripleo::profile::base::neutron::opendaylight::configure_cluster( + $node_name, + $odl_api_ips = [], +) { + validate_array($odl_api_ips) + if size($odl_api_ips) > 2 { + $node_string = split($node_name, '-') + $ha_node_index = $node_string[-1] + 1 + $ha_node_ip_str = join($odl_api_ips, ' ') + exec { 'Configure ODL Clustering': + command => "configure_cluster.sh ${ha_node_index} ${ha_node_ip_str}", + path => '/opt/opendaylight/bin/:/usr/sbin:/usr/bin:/sbin:/bin', + creates => '/opt/opendaylight/configuration/initial/akka.conf' + } + } +} + diff --git a/manifests/profile/base/neutron/opendaylight/create_cluster.pp b/manifests/profile/base/neutron/opendaylight/create_cluster.pp new file mode 100644 index 0000000..c3e4f7f --- /dev/null +++ b/manifests/profile/base/neutron/opendaylight/create_cluster.pp @@ -0,0 +1,43 @@ +# Copyright 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Configures an OpenDaylight cluster. +# It creates the akka configuration file for ODL to cluster correctly +# It will not configure clustering if less than 3 nodes +# +# == Class: tripleo::profile::base::neutron::opendaylight::create_cluster +# +# OpenDaylight class only used for creating clusters with container deployments +# +# === Parameters +# +# [*odl_api_ips*] +# (Optional) List of OpenStack Controller IPs for ODL API +# Defaults to hiera('opendaylight_api_node_ips') +# +# [*node_name*] +# (Optional) The short hostname of node +# Defaults to hiera('bootstack_nodeid') +# +class tripleo::profile::base::neutron::opendaylight::create_cluster ( + $odl_api_ips = hiera('opendaylight_api_node_ips'), + $node_name = hiera('bootstack_nodeid') +) { + + tripleo::profile::base::neutron::opendaylight::configure_cluster {'ODL cluster': + node_name => $node_name, + odl_api_ips => $odl_api_ips, + } + +} diff --git a/manifests/profile/base/neutron/server.pp b/manifests/profile/base/neutron/server.pp index 0dee53e..60ef443 100644 --- a/manifests/profile/base/neutron/server.pp +++ b/manifests/profile/base/neutron/server.pp @@ -113,10 +113,7 @@ class tripleo::profile::base::neutron::server ( $l3_ha = false } - # We start neutron-server on the bootstrap node first, because - # it will try to populate tables and we need to make sure this happens - # before it starts on other nodes - if $step >= 4 and $sync_db or $step >= 5 and !$sync_db { + if $step >= 4 or ($step >= 3 and $sync_db) { if $enable_internal_tls { if !$neutron_network { fail('neutron_api_network is not set in the hieradata.') @@ -130,9 +127,14 @@ class tripleo::profile::base::neutron::server ( port => $tls_proxy_port, tls_cert => $tls_certfile, tls_key => $tls_keyfile, - notify => Class['::neutron::server'], } + Tripleo::Tls_proxy['neutron-api'] ~> Anchor<| title == 'neutron::service::begin' |> } + } + # We start neutron-server on the bootstrap node first, because + # it will try to populate tables and we need to make sure this happens + # before it starts on other nodes + if $step >= 4 and $sync_db or $step >= 5 and !$sync_db { include ::neutron::server::notifications # We need to override the hiera value neutron::server::sync_db which is set diff --git a/manifests/profile/base/nova/compute/libvirt.pp b/manifests/profile/base/nova/compute/libvirt.pp index ec592cb..4097be3 100644 --- a/manifests/profile/base/nova/compute/libvirt.pp +++ b/manifests/profile/base/nova/compute/libvirt.pp @@ -33,11 +33,7 @@ class tripleo::profile::base::nova::compute::libvirt ( $rbd_ephemeral_storage = hiera('nova::compute::rbd::ephemeral_storage', false) $rbd_persistent_storage = hiera('rbd_persistent_storage', false) if $rbd_ephemeral_storage or $rbd_persistent_storage { - $client_keys = hiera('ceph::profile::params::client_keys') - $client_user = join(['client.', hiera('nova::compute::rbd::libvirt_rbd_user')]) - class { '::nova::compute::rbd': - libvirt_rbd_secret_key => $client_keys[$client_user]['secret'], - } + include ::nova::compute::rbd } if $rbd_ephemeral_storage { diff --git a/manifests/profile/base/nova/placement.pp b/manifests/profile/base/nova/placement.pp index ac78287..48af39a 100644 --- a/manifests/profile/base/nova/placement.pp +++ b/manifests/profile/base/nova/placement.pp @@ -54,9 +54,9 @@ class tripleo::profile::base::nova::placement ( $step = Integer(hiera('step')), ) { if $::hostname == downcase($bootstrap_node) { - $sync_db = true + $is_bootstrap = true } else { - $sync_db = false + $is_bootstrap = false } include ::tripleo::profile::base::nova @@ -73,7 +73,7 @@ class tripleo::profile::base::nova::placement ( $tls_keyfile = undef } - if $step >= 3 { + if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { include ::apache::mod::ssl class { '::nova::wsgi::apache_placement': ssl_cert => $tls_certfile, diff --git a/manifests/profile/base/swift/proxy.pp b/manifests/profile/base/swift/proxy.pp index b047c36..afb5fa6 100644 --- a/manifests/profile/base/swift/proxy.pp +++ b/manifests/profile/base/swift/proxy.pp @@ -18,6 +18,10 @@ # # === Parameters # +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# # [*ceilometer_enabled*] # Whether the ceilometer pipeline is enabled. # Defaults to true @@ -96,6 +100,7 @@ # defaults to 8080 # class tripleo::profile::base::swift::proxy ( + $bootstrap_node = hiera('bootstrap_nodeid', undef), $ceilometer_enabled = true, $ceilometer_messaging_driver = hiera('messaging_notify_service_name', 'rabbit'), $ceilometer_messaging_hosts = any2array(hiera('rabbitmq_node_names', undef)), @@ -113,7 +118,12 @@ class tripleo::profile::base::swift::proxy ( $tls_proxy_fqdn = undef, $tls_proxy_port = 8080, ) { - if $step >= 4 { + if $::hostname == downcase($bootstrap_node) { + $is_bootstrap = true + } else { + $is_bootstrap = false + } + if $step >= 4 or ($step >= 3 and $is_bootstrap) { if $enable_internal_tls { if !$swift_proxy_network { fail('swift_proxy_network is not set in the hieradata.') @@ -127,9 +137,11 @@ class tripleo::profile::base::swift::proxy ( port => $tls_proxy_port, tls_cert => $tls_certfile, tls_key => $tls_keyfile, - notify => Class['::swift::proxy'], } + Tripleo::Tls_proxy['swift-proxy-api'] ~> Anchor<| title == 'swift::service::begin' |> } + } + if $step >= 4 { $swift_memcache_servers = suffix(any2array(normalize_ip_for_uri($memcache_servers)), ":${memcache_port}") include ::swift::config include ::swift::proxy diff --git a/manifests/profile/base/ui.pp b/manifests/profile/base/ui.pp deleted file mode 100644 index 710c210..0000000 --- a/manifests/profile/base/ui.pp +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::ui -# -# UI profile for tripleo -# -class tripleo::profile::base::ui () { - include ::tripleo::ui -} - diff --git a/manifests/profile/base/zaqar.pp b/manifests/profile/base/zaqar.pp index b9171b0..cd84d04 100644 --- a/manifests/profile/base/zaqar.pp +++ b/manifests/profile/base/zaqar.pp @@ -18,9 +18,17 @@ # # === Parameters # -# [*sync_db*] -# (Optional) Whether to run db sync -# Defaults to true +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# +# [*management_store*] +# (Optional) The management store for Zaqar. +# Defaults to 'mongodb' +# +# [*messaging_store*] +# (Optional) The messaging store for Zaqar. +# Defaults to 'mongodb' # # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates @@ -28,27 +36,53 @@ # Defaults to hiera('step') # class tripleo::profile::base::zaqar ( + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $management_store = 'mongodb', + $messaging_store = 'mongodb', $step = Integer(hiera('step')), ) { - if $step >= 4 { + if $::hostname == downcase($bootstrap_node) { + $is_bootstrap = true + } else { + $is_bootstrap = false + } + + if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { include ::zaqar - if str2bool(hiera('mongodb::server::ipv6', false)) { - $mongo_node_ips_with_port_prefixed = prefix(hiera('mongodb_node_ips'), '[') - $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017') - } else { - $mongo_node_ips_with_port = suffix(hiera('mongodb_node_ips'), ':27017') + if $messaging_store == 'mongodb' or $management_store == 'mongodb' { + if str2bool(hiera('mongodb::server::ipv6', false)) { + $mongo_node_ips_with_port_prefixed = prefix(hiera('mongodb_node_ips'), '[') + $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017') + } else { + $mongo_node_ips_with_port = suffix(hiera('mongodb_node_ips'), ':27017') + } + $mongodb_replset = hiera('mongodb::server::replset') + $mongo_node_string = join($mongo_node_ips_with_port, ',') + $mongo_database_connection = "mongodb://${mongo_node_string}/zaqar?replicaSet=${mongodb_replset}" } - $mongodb_replset = hiera('mongodb::server::replset') - $mongo_node_string = join($mongo_node_ips_with_port, ',') - $database_connection = "mongodb://${mongo_node_string}/zaqar?replicaSet=${mongodb_replset}" - class { '::zaqar::management::mongodb': - uri => $database_connection, + + if $messaging_store == 'swift' { + include ::zaqar::messaging::swift + } elsif $messaging_store == 'mongodb' { + class {'::zaqar::messaging::mongodb': + uri => $mongo_database_connection, + } + } else { + fail("unsupported Zaqar messaging_store set: ${messaging_store}") } - class {'::zaqar::messaging::mongodb': - uri => $database_connection, + + if $management_store == 'sqlalchemy' { + include ::zaqar::management::sqlalchemy + } elsif $management_store == 'mongodb' { + class { '::zaqar::management::mongodb': + uri => $mongo_database_connection, + } + } else { + fail("unsupported Zaqar management_store set: ${management_store}") } + include ::zaqar::transport::websocket include ::apache::mod::ssl include ::zaqar::transport::wsgi diff --git a/releasenotes/notes/start-httpd-step3-and-4-2bd7be9e1429ef6d.yaml b/releasenotes/notes/start-httpd-step3-and-4-2bd7be9e1429ef6d.yaml new file mode 100644 index 0000000..02e0d48 --- /dev/null +++ b/releasenotes/notes/start-httpd-step3-and-4-2bd7be9e1429ef6d.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - In order to avoid service restarts, all services deploy their httpd + configuration at the same time. Thus, httpd now starts in step 3 for the + bootstrap nodes, and step 4 for all other nodes. diff --git a/releasenotes/notes/zaqar_undercloud_backends-66c268161cf7840e.yaml b/releasenotes/notes/zaqar_undercloud_backends-66c268161cf7840e.yaml new file mode 100644 index 0000000..d1a463b --- /dev/null +++ b/releasenotes/notes/zaqar_undercloud_backends-66c268161cf7840e.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Support configurable backends Zaqar backends. + Updates the Zaqar profile so that we have support for configuring + alternate versions of the messaging and management backends. diff --git a/releasenotes/source/conf.py b/releasenotes/source/conf.py index 4661b77..d045d6a 100644 --- a/releasenotes/source/conf.py +++ b/releasenotes/source/conf.py @@ -20,6 +20,7 @@ # -- General configuration ------------------------------------------------ + # If your documentation needs a minimal Sphinx version, state it here. #needs_sphinx = '1.0' @@ -27,7 +28,7 @@ # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom # ones. extensions = [ - 'oslosphinx', + 'openstackdocstheme', 'reno.sphinxext', ] @@ -99,7 +100,7 @@ pygments_style = 'sphinx' # The theme to use for HTML and HTML Help pages. See the documentation for # a list of builtin themes. -html_theme = 'default' +html_theme = 'openstackdocs' # Theme options are theme-specific and customize the look and feel of a theme # further. For a list of options available for each theme, see the @@ -107,7 +108,7 @@ html_theme = 'default' #html_theme_options = {} # Add any paths that contain custom themes here, relative to this directory. -#html_theme_path = [] +# html_theme_path = [] # The name for this set of Sphinx documents. If None, it defaults to # "<project> v<release> documentation". @@ -137,7 +138,7 @@ html_static_path = ['_static'] # If not '', a 'Last updated on:' timestamp is inserted at every page bottom, # using the given strftime format. -#html_last_updated_fmt = '%b %d, %Y' +html_last_updated_fmt = '%Y-%m-%d %H:%M' # If true, SmartyPants will be used to convert quotes and dashes to # typographically correct entities. @@ -260,3 +261,8 @@ texinfo_documents = [ # -- Options for Internationalization output ------------------------------ locale_dirs = ['locale/'] + +# openstackdocstheme options +repository_name = 'openstack/puppet-tripleo' +bug_project = 'puppet-tripleo' +bug_tag = '' diff --git a/spec/classes/tripleo_profile_base_aodh_api_spec.rb b/spec/classes/tripleo_profile_base_aodh_api_spec.rb index a82cf49..27bd735 100644 --- a/spec/classes/tripleo_profile_base_aodh_api_spec.rb +++ b/spec/classes/tripleo_profile_base_aodh_api_spec.rb @@ -33,12 +33,35 @@ describe 'tripleo::profile::base::aodh::api' do end end - context 'with step 3' do + context 'with step 3 and not bootstrap' do let(:params) { { :step => 3, } } it 'should trigger complete configuration' do + is_expected.not_to contain_class('aodh::api') + is_expected.not_to contain_class('aodh::wsgi::apache') + end + end + + context 'with step 3 and bootstrap' do + let(:params) { { + :step => 3, + :bootstrap_node => 'node.example.com' + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('aodh::api') + is_expected.to contain_class('aodh::wsgi::apache') + end + end + + context 'with step 4' do + let(:params) { { + :step => 4, + } } + + it 'should trigger complete configuration' do is_expected.to contain_class('aodh::api') is_expected.to contain_class('aodh::wsgi::apache') end diff --git a/spec/classes/tripleo_profile_base_ceilometer_api_spec.rb b/spec/classes/tripleo_profile_base_ceilometer_api_spec.rb index cec2b54..9cb657f 100644 --- a/spec/classes/tripleo_profile_base_ceilometer_api_spec.rb +++ b/spec/classes/tripleo_profile_base_ceilometer_api_spec.rb @@ -32,9 +32,32 @@ describe 'tripleo::profile::base::ceilometer::api' do end end - context 'with step 3' do + context 'with step 3 and not bootstrap' do let(:params) { { - :step => 3, + :step => 3, + } } + + it 'should trigger complete configuration' do + is_expected.not_to contain_class('ceilometer::api') + is_expected.not_to contain_class('ceilometer::wsgi::apache') + end + end + + context 'with step 3 and bootstrap' do + let(:params) { { + :step => 3, + :bootstrap_node => 'node.example.com' + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('ceilometer::api') + is_expected.to contain_class('ceilometer::wsgi::apache') + end + end + + context 'with step 4' do + let(:params) { { + :step => 4, } } it 'should trigger complete configuration' do diff --git a/spec/classes/tripleo_profile_base_docker_spec.rb b/spec/classes/tripleo_profile_base_docker_spec.rb index bb21055..dc5efa7 100644 --- a/spec/classes/tripleo_profile_base_docker_spec.rb +++ b/spec/classes/tripleo_profile_base_docker_spec.rb @@ -27,8 +27,7 @@ describe 'tripleo::profile::base::docker' do it { is_expected.to contain_package('docker') } it { is_expected.to contain_service('docker') } it { - is_expected.to contain_augeas('docker-sysconfig').with_changes([ - 'rm INSECURE_REGISTRY', + is_expected.to contain_augeas('docker-sysconfig-options').with_changes([ "set OPTIONS '\"--log-driver=journald --signature-verification=false\"'", ]) } @@ -45,9 +44,8 @@ describe 'tripleo::profile::base::docker' do it { is_expected.to contain_package('docker') } it { is_expected.to contain_service('docker') } it { - is_expected.to contain_augeas('docker-sysconfig').with_changes([ + is_expected.to contain_augeas('docker-sysconfig-registry').with_changes([ "set INSECURE_REGISTRY '\"--insecure-registry foo:8787\"'", - "set OPTIONS '\"--log-driver=journald --signature-verification=false\"'", ]) } end @@ -85,8 +83,7 @@ describe 'tripleo::profile::base::docker' do it { is_expected.to contain_package('docker') } it { is_expected.to contain_service('docker') } it { - is_expected.to contain_augeas('docker-sysconfig').with_changes([ - "rm INSECURE_REGISTRY", + is_expected.to contain_augeas('docker-sysconfig-options').with_changes([ "set OPTIONS '\"--log-driver=syslog\"'", ]) } diff --git a/spec/classes/tripleo_profile_base_horizon_spec.rb b/spec/classes/tripleo_profile_base_horizon_spec.rb index fb076b8..d8a672b 100644 --- a/spec/classes/tripleo_profile_base_horizon_spec.rb +++ b/spec/classes/tripleo_profile_base_horizon_spec.rb @@ -31,11 +31,37 @@ describe 'tripleo::profile::base::horizon' do end end - context 'with step 3' do + context 'with step 3 and not bootstrap' do let(:params) { { :step => 3, } } + it 'should not configure anything' do + is_expected.to_not contain_class('horizon') + is_expected.to_not contain_class('apache::mod::remoteip') + is_expected.to_not contain_class('apache::mod::status') + end + end + + context 'with step 3 and bootstrap' do + let(:params) { { + :step => 3, + :bootstrap_node => 'node.example.com' + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('horizon') + is_expected.to contain_class('apache::mod::remoteip') + is_expected.to contain_class('apache::mod::status') + end + end + + context 'with step 4' do + let(:params) { { + :step => 3, + :bootstrap_node => 'node.example.com' + } } + it 'should trigger complete configuration' do is_expected.to contain_class('horizon') is_expected.to contain_class('apache::mod::remoteip') diff --git a/spec/classes/tripleo_profile_base_nova_placement_spec.rb b/spec/classes/tripleo_profile_base_nova_placement_spec.rb index 04e032a..574489e 100644 --- a/spec/classes/tripleo_profile_base_nova_placement_spec.rb +++ b/spec/classes/tripleo_profile_base_nova_placement_spec.rb @@ -67,8 +67,7 @@ eos } end - - context 'with step 3' do + context 'with step 3 and not bootstrap' do let(:params) { { :step => 3, } } @@ -77,15 +76,30 @@ eos is_expected.to contain_class('tripleo::profile::base::nova::placement') is_expected.to contain_class('tripleo::profile::base::nova') is_expected.to contain_class('nova::keystone::authtoken') + is_expected.not_to contain_class('nova::wsgi::apache_placement') + } + end + + context 'with step 3 and bootstrap' do + let(:params) { { + :step => 3, + :bootstrap_node => 'node.example.com' + } } + + it { + is_expected.to contain_class('tripleo::profile::base::nova::placement') + is_expected.to contain_class('tripleo::profile::base::nova') + is_expected.to contain_class('nova::keystone::authtoken') is_expected.to contain_class('nova::wsgi::apache_placement') } end - context 'with step 3 with enable_internal_tls and skip generate certs' do + context 'with step 3 and bootstrap with enable_internal_tls and skip generate certs' do let(:params) { { :step => 3, :enable_internal_tls => true, :nova_placement_network => 'bar', + :bootstrap_node => 'node.example.com', :certificates_specs => { 'httpd-bar' => { 'hostname' => 'foo', diff --git a/test-requirements.txt b/test-requirements.txt index 152ebef..a23c7e7 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,6 +1,6 @@ # This is required for the docs build jobs -sphinx!=1.6.1,>=1.5.1 # BSD -oslosphinx>=4.7.0 # Apache-2.0 +sphinx>=1.6.2 # BSD +openstackdocstheme>=1.11.0 # Apache-2.0 # This is required for the releasenotes build jobs # FIXME: reno is manually pinned to !=2.0.0 because of bug #1651995 |