diff options
155 files changed, 4612 insertions, 3291 deletions
@@ -1,3 +1,10 @@ +Team and repository tags +======================== + +[![Team and repository tags](http://governance.openstack.org/badges/puppet-tripleo.svg)](http://governance.openstack.org/reference/tags/index.html) + +<!-- Change things from this point on --> + # puppet-tripleo Lightweight composition layer for Puppet TripleO. diff --git a/manifests/certmonger/haproxy.pp b/manifests/certmonger/haproxy.pp index 504acf3..3b8fd09 100644 --- a/manifests/certmonger/haproxy.pp +++ b/manifests/certmonger/haproxy.pp @@ -36,6 +36,10 @@ # The post-save-command that certmonger will use once it renews the # certificate. # +# [*certmonger_ca*] +# (Optional) The CA that certmonger will use to generate the certificates. +# Defaults to hiera('certmonger_ca', 'local'). +# # [*principal*] # The haproxy service principal that is set for HAProxy in kerberos. # @@ -45,7 +49,8 @@ define tripleo::certmonger::haproxy ( $service_key, $hostname, $postsave_cmd, - $principal = undef, + $certmonger_ca = hiera('certmonger_ca', 'local'), + $principal = undef, ){ include ::haproxy::params certmonger_certificate { "${title}-cert": @@ -69,10 +74,21 @@ define tripleo::certmonger::haproxy ( order => '01', require => Certmonger_certificate["${title}-cert"], } + + if $certmonger_ca == 'local' { + $ca_pem = getparam(Class['tripleo::certmonger::ca::local'], 'ca_pem') + concat::fragment { "${title}-ca-fragment": + target => $service_pem, + source => $ca_pem, + order => '10', + require => Class['tripleo::certmonger::ca::local'], + } + } + concat::fragment { "${title}-key-fragment": target => $service_pem, source => $service_key, - order => 10, + order => 20, require => Certmonger_certificate["${title}-cert"], } } diff --git a/manifests/certmonger/httpd.pp b/manifests/certmonger/httpd.pp new file mode 100644 index 0000000..94b48b7 --- /dev/null +++ b/manifests/certmonger/httpd.pp @@ -0,0 +1,62 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Resource: tripleo::certmonger::httpd +# +# Request a certificate for the httpd service and do the necessary setup. +# +# === Parameters +# +# [*hostname*] +# The hostname of the node. this will be set in the CN of the certificate. +# +# [*service_certificate*] +# The path to the certificate that will be used for TLS in this service. +# +# [*service_key*] +# The path to the key that will be used for TLS in this service. +# +# [*certmonger_ca*] +# (Optional) The CA that certmonger will use to generate the certificates. +# Defaults to hiera('certmonger_ca', 'local'). +# +# [*principal*] +# The haproxy service principal that is set for HAProxy in kerberos. +# +define tripleo::certmonger::httpd ( + $hostname, + $service_certificate, + $service_key, + $certmonger_ca = hiera('certmonger_ca', 'local'), + $principal = undef, +) { + include ::certmonger + include ::apache::params + + $postsave_cmd = "systemctl reload ${::apache::params::service_name}" + certmonger_certificate { $name : + ensure => 'present', + certfile => $service_certificate, + keyfile => $service_key, + hostname => $hostname, + dnsname => $hostname, + principal => $principal, + postsave_cmd => $postsave_cmd, + ca => $certmonger_ca, + wait => true, + require => Class['::certmonger'], + } + + Certmonger_certificate[$name] ~> Service<| title == $::apache::params::service_name |> +} diff --git a/manifests/certmonger/mysql.pp b/manifests/certmonger/mysql.pp new file mode 100644 index 0000000..62aff9a --- /dev/null +++ b/manifests/certmonger/mysql.pp @@ -0,0 +1,84 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::certmonger::mysql +# +# Request a certificate for the MySQL/Mariadb service and do the necessary setup. +# +# === Parameters +# +# [*hostname*] +# The hostname of the node. this will be set in the CN of the certificate. +# +# [*service_certificate*] +# The path to the certificate that will be used for TLS in this service. +# +# [*service_key*] +# The path to the key that will be used for TLS in this service. +# +# [*certmonger_ca*] +# (Optional) The CA that certmonger will use to generate the certificates. +# Defaults to hiera('certmonger_ca', 'local'). +# +# [*mysql_network*] +# (Optional) The network name where the mysql endpoint is listening on. +# This is set by t-h-t. +# Defaults to hiera('mysql_network', undef) +# +# [*principal*] +# (Optional) The haproxy service principal that is set for MySQL in kerberos. +# Defaults to undef +# +class tripleo::certmonger::mysql ( + $hostname, + $service_certificate, + $service_key, + $certmonger_ca = hiera('certmonger_ca', 'local'), + $mysql_network = hiera('mysql_network', undef), + $principal = undef, +) { + include ::certmonger + include ::mysql::params + + if !$mysql_network { + fail('mysql_network is not set in the hieradata.') + } + + $postsave_cmd = "systemctl reload ${::mysql::params::service_name}" + certmonger_certificate { 'mysql' : + ensure => 'present', + certfile => $service_certificate, + keyfile => $service_key, + hostname => $hostname, + dnsname => $hostname, + principal => $principal, + postsave_cmd => $postsave_cmd, + ca => $certmonger_ca, + wait => true, + require => Class['::certmonger'], + } + file { $service_certificate : + owner => 'mysql', + group => 'mysql', + require => Certmonger_certificate['mysql'], + } + file { $service_key : + owner => 'mysql', + group => 'mysql', + require => Certmonger_certificate['mysql'], + } + + File[$service_certificate] ~> Service<| title == $::mysql::params::service_name |> + File[$service_key] ~> Service<| title == $::mysql::params::service_name |> +} diff --git a/manifests/firewall.pp b/manifests/firewall.pp index edcb5e7..8c6a53b 100644 --- a/manifests/firewall.pp +++ b/manifests/firewall.pp @@ -51,8 +51,6 @@ class tripleo::firewall( $firewall_post_extras = {}, ) { - include ::stdlib - if $manage_firewall { # Only purges IPv4 rules @@ -79,14 +77,15 @@ class tripleo::firewall( ensure_resource('class', 'tripleo::firewall::pre', { 'firewall_settings' => $firewall_pre_extras, - 'stage' => 'setup', }) ensure_resource('class', 'tripleo::firewall::post', { - 'stage' => 'runtime', 'firewall_settings' => $firewall_post_extras, }) + Class['tripleo::firewall::pre'] -> Class['tripleo::firewall::post'] + Service<||> -> Class['tripleo::firewall::post'] + # Allow composable services to load their own custom # example with Hiera. # NOTE(dprince): In the future when we have a better hiera @@ -102,7 +101,7 @@ class tripleo::firewall( # dport: 999 # proto: udp # action: accept - $service_names = reject(hiera('service_names', []), '^$') + $service_names = hiera('service_names', []) tripleo::firewall::service_rules { $service_names: } } diff --git a/manifests/firewall/rule.pp b/manifests/firewall/rule.pp index c63162b..6801dc4 100644 --- a/manifests/firewall/rule.pp +++ b/manifests/firewall/rule.pp @@ -83,14 +83,21 @@ define tripleo::firewall::rule ( 'sport' => $sport, 'proto' => $proto, 'action' => $action, - 'state' => $state, 'source' => $source, 'iniface' => $iniface, 'chain' => $chain, 'destination' => $destination, } + if $proto != 'gre' { + $state_rule = { + 'state' => $state + } + } else { + $state_rule = {} + } + - $rule = merge($basic, $extras) + $rule = merge($basic, $state_rule, $extras) validate_hash($rule) create_resources('firewall', { "${title}" => $rule }) diff --git a/manifests/glance/nfs_mount.pp b/manifests/glance/nfs_mount.pp new file mode 100644 index 0000000..035191d --- /dev/null +++ b/manifests/glance/nfs_mount.pp @@ -0,0 +1,80 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::glance::nfs_mount +# +# NFS mount for Glance image storage file backend +# +# === Parameters +# +# [*share*] +# NFS share to mount, in 'IP:PATH' format. +# +# [*options*] +# (Optional) NFS mount options. Defaults to +# 'intr,context=system_u:object_r:glance_var_lib_t:s0' +# +# [*edit_fstab*] +# (Optional) Whether to persist the mount info to fstab. +# Defaults to true. +# +# [*fstab_fstype*] +# (Optional) File system type to use in fstab for the mount. +# Defaults to 'nfs4'. +# +# [*fstab_prepend_options*] +# (Optional) Extra mount options for fstab (prepended to $options). +# Defaults to 'bg', so that a potentially failed mount doesn't +# prevent the machine from booting. +# +class tripleo::glance::nfs_mount ( + $share, + $options = 'intr,context=system_u:object_r:glance_var_lib_t:s0', + $edit_fstab = true, + $fstab_fstype = 'nfs4', + $fstab_prepend_options = 'bg' +) { + + $images_dir = '/var/lib/glance/images' + + if $options and $options != '' { + $options_part = "-o ${options}" + } else { + $options_part = '' + } + + if $fstab_prepend_options and $fstab_prepend_options != '' { + $fstab_prepend_part = "${fstab_prepend_options}," + } else { + $fstab_prepend_part = '' + } + + file { $images_dir: + ensure => directory, + } -> + exec { 'NFS mount for glance file backend': + path => ['/usr/sbin', '/usr/bin'], + command => "mount -t nfs '${share}' '${images_dir}' ${options_part}", + unless => "mount | grep ' ${images_dir} '", + } + + if $edit_fstab { + file_line { 'NFS for glance in fstab': + ensure => present, + line => "${share} ${images_dir} ${fstab_fstype} ${fstab_prepend_part}${options} 0 0", + match => " ${images_dir} ", + path => '/etc/fstab', + } + } +} diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index 1fc0312..58b73e0 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -19,10 +19,6 @@ # # === Parameters: # -# [*keepalived*] -# Whether to configure keepalived to manage the VIPs or not. -# Defaults to true -# # [*haproxy_service_manage*] # Will be passed as value for service_manage to HAProxy module. # Defaults to true @@ -37,7 +33,7 @@ # # [*haproxy_default_timeout*] # The value to use as timeout in the HAProxy default config section. -# Defaults to [ 'http-request 10s', 'queue 1m', 'connect 10s', 'client 1m', 'server 1m', 'check 10s' ] +# Defaults to [ 'http-request 10s', 'queue 2m', 'connect 10s', 'client 2m', 'server 2m', 'check 10s' ] # # [*haproxy_listen_bind_param*] # A list of params to be added to the HAProxy listener bind directive. By @@ -89,10 +85,27 @@ # When set, enables SSL on the public API endpoints using the specified file. # Defaults to undef # -# [*internal_certificate*] -# Filename of an HAProxy-compatible certificate and key file -# When set, enables SSL on the internal API endpoints using the specified file. -# Defaults to undef +# [*use_internal_certificates*] +# Flag that indicates if we'll use an internal certificate for this specific +# service. When set, enables SSL on the internal API endpoints using the file +# that certmonger is tracking; this is derived from the network the service is +# listening on. +# Defaults to false +# +# [*internal_certificates_specs*] +# A hash that should contain the specs that were used to create the +# certificates. As the name indicates, only the internal certificates will be +# fetched from here. And the keys should follow the following pattern +# "haproxy-<network name>". The network name should be as it was defined in +# tripleo-heat-templates. +# Note that this is only taken into account if the $use_internal_certificates +# flag is set. +# Defaults to {} +# +# [*enable_internal_tls*] +# A flag that indicates if the servers in the internal network are using TLS. +# This enables the 'ssl' option for the server members that are proxied. +# Defaults to hiera('enable_internal_tls', false) # # [*ssl_cipher_suite*] # The default string describing the list of cipher algorithms ("cipher suite") @@ -104,6 +117,11 @@ # String that sets the default ssl options to force on all "bind" lines. # Defaults to 'no-sslv3' # +# [*ca_bundle*] +# Path to the CA bundle to be used for HAProxy to validate the certificates of +# the servers it balances +# Defaults to '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt' +# # [*haproxy_stats_certificate*] # Filename of an HAProxy-compatible certificate and key file # When set, enables SSL on the haproxy stats endpoint using the specified file. @@ -165,6 +183,14 @@ # (optional) Enable or not Aodh API binding # Defaults to hiera('aodh_api_enabled', false) # +# [*panko*] +# (optional) Enable or not Panko API binding +# Defaults to hiera('panko_api_enabled', false) +# +# [*barbican*] +# (optional) Enable or not Barbican API binding +# Defaults to hiera('barbican_api_enabled', false) +# # [*gnocchi*] # (optional) Enable or not Gnocchi API binding # Defaults to hiera('gnocchi_api_enabled', false) @@ -209,10 +235,22 @@ # (optional) Enable check via clustercheck for mysql # Defaults to false # +# [*mysql_member_options*] +# The options to use for the mysql HAProxy balancer members. +# If this parameter is undefined, the actual value configured will depend +# on the value of $mysql_clustercheck. If cluster checking is enabled, +# the mysql member options will be: "['backup', 'port 9200', 'on-marked-down shutdown-sessions', 'check', 'inter 1s']" +# and if mysql cluster checking is disabled, the member options will be: "union($haproxy_member_options, ['backup'])" +# Defaults to undef +# # [*rabbitmq*] # (optional) Enable or not RabbitMQ binding # Defaults to false # +# [*docker_registry*] +# (optional) Enable or not the Docker Registry API binding +# Defaults to hiera('enable_docker_registry', false) +# # [*redis*] # (optional) Enable or not Redis binding # Defaults to hiera('redis_enabled', false) @@ -242,15 +280,135 @@ # (optional) Enable or not Zaqar Websockets binding # Defaults to false # +# [*ui*] +# (optional) Enable or not TripleO UI +# Defaults to false +# +# [*aodh_network*] +# (optional) Specify the network aodh is running on. +# Defaults to hiera('aodh_api_network', undef) +# +# [*barbican_network*] +# (optional) Specify the network barbican is running on. +# Defaults to hiera('barbican_api_network', undef) +# +# [*ceilometer_network*] +# (optional) Specify the network ceilometer is running on. +# Defaults to hiera('ceilometer_api_network', undef) +# +# [*ceph_rgw_network*] +# (optional) Specify the network ceph_rgw is running on. +# Defaults to hiera('ceph_rgw_network', undef) +# +# [*cinder_network*] +# (optional) Specify the network cinder is running on. +# Defaults to hiera('cinder_api_network', undef) +# +# [*docker_registry_network*] +# (optional) Specify the network docker-registry is running on. +# Defaults to hiera('docker_registry_network', undef) +# +# [*glance_api_network*] +# (optional) Specify the network glance_api is running on. +# Defaults to hiera('glance_api_network', undef) +# +# [*glance_registry_network*] +# (optional) Specify the network glance_registry is running on. +# Defaults to hiera('glance_registry_network', undef) +# +# [*gnocchi_network*] +# (optional) Specify the network gnocchi is running on. +# Defaults to hiera('gnocchi_api_network', undef) +# +# [*heat_api_network*] +# (optional) Specify the network heat_api is running on. +# Defaults to hiera('heat_api_network', undef) +# +# [*heat_cfn_network*] +# (optional) Specify the network heat_cfn is running on. +# Defaults to hiera('heat_api_cfn_network', undef) +# +# [*heat_cloudwatch_network*] +# (optional) Specify the network heat_cloudwatch is running on. +# Defaults to hiera('heat_api_cloudwatch_network', undef) +# +# [*ironic_inspector_network*] +# (optional) Specify the network ironic_inspector is running on. +# Defaults to hiera('ironic_inspector_network', undef) +# +# [*ironic_network*] +# (optional) Specify the network ironic is running on. +# Defaults to hiera('ironic_api_network', undef) +# +# [*keystone_admin_network*] +# (optional) Specify the network keystone_admin is running on. +# Defaults to hiera('keystone_network', undef) +# +# [*keystone_public_network*] +# (optional) Specify the network keystone_public is running on. +# Defaults to hiera('keystone_network', undef) +# +# [*manila_network*] +# (optional) Specify the network manila is running on. +# Defaults to hiera('manila_api_network', undef) +# +# [*mistral_network*] +# (optional) Specify the network mistral is running on. +# Defaults to hiera('mistral_api_network', undef) +# +# [*neutron_network*] +# (optional) Specify the network neutron is running on. +# Defaults to hiera('neutron_api_network', undef) +# +# [*nova_metadata_network*] +# (optional) Specify the network nova_metadata is running on. +# Defaults to hiera('nova_api_network', undef) +# +# [*nova_novncproxy_network*] +# (optional) Specify the network nova_novncproxy is running on. +# Defaults to hiera('nova_vncproxy_network', undef) +# +# [*nova_osapi_network*] +# (optional) Specify the network nova_osapi is running on. +# Defaults to hiera('nova_api_network', undef) +# +# [*opendaylight_network*] +# (optional) Specify the network opendaylight is running on. +# Defaults to hiera('opendaylight_api_network', undef) +# +# [*panko_network*] +# (optional) Specify the network panko is running on. +# Defaults to hiera('panko_api_network', undef) +# +# [*sahara_network*] +# (optional) Specify the network sahara is running on. +# Defaults to hiera('sahara_api_network', undef) +# +# [*swift_proxy_server_network*] +# (optional) Specify the network swift_proxy_server is running on. +# Defaults to hiera('swift_proxy_network', undef) +# +# [*trove_network*] +# (optional) Specify the network trove is running on. +# Defaults to hiera('trove_api_network', undef) +# +# [*zaqar_api_network*] +# (optional) Specify the network zaqar_api is running on. +# Defaults to hiera('zaqar_api_network', undef) +# # [*service_ports*] # (optional) Hash that contains the values to override from the service ports # The available keys to modify the services' ports are: # 'aodh_api_port' (Defaults to 8042) # 'aodh_api_ssl_port' (Defaults to 13042) +# 'barbican_api_port' (Defaults to 9311) +# 'barbican_api_ssl_port' (Defaults to 13311) # 'ceilometer_api_port' (Defaults to 8777) # 'ceilometer_api_ssl_port' (Defaults to 13777) # 'cinder_api_port' (Defaults to 8776) # 'cinder_api_ssl_port' (Defaults to 13776) +# 'docker_registry_port' (Defaults to 8787) +# 'docker_registry_ssl_port' (Defaults to 13787) # 'glance_api_port' (Defaults to 9292) # 'glance_api_ssl_port' (Defaults to 13292) # 'glance_registry_port' (Defaults to 9191) @@ -281,6 +439,8 @@ # 'nova_metadata_port' (Defaults to 8775) # 'nova_novnc_port' (Defaults to 6080) # 'nova_novnc_ssl_port' (Defaults to 13080) +# 'panko_api_port' (Defaults to 8779) +# 'panko_api_ssl_port' (Defaults to 13779) # 'sahara_api_port' (Defaults to 8386) # 'sahara_api_ssl_port' (Defaults to 13386) # 'swift_proxy_port' (Defaults to 8080) @@ -300,65 +460,103 @@ class tripleo::haproxy ( $controller_virtual_ip, $public_virtual_ip, - $keepalived = true, - $haproxy_service_manage = true, - $haproxy_global_maxconn = 20480, - $haproxy_default_maxconn = 4096, - $haproxy_default_timeout = [ 'http-request 10s', 'queue 1m', 'connect 10s', 'client 1m', 'server 1m', 'check 10s' ], - $haproxy_listen_bind_param = [ 'transparent' ], - $haproxy_member_options = [ 'check', 'inter 2000', 'rise 2', 'fall 5' ], - $haproxy_log_address = '/dev/log', - $haproxy_stats_user = 'admin', - $haproxy_stats_password = undef, - $controller_hosts = hiera('controller_node_ips'), - $controller_hosts_names = hiera('controller_node_names', undef), - $service_certificate = undef, - $internal_certificate = undef, - $ssl_cipher_suite = '!SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES', - $ssl_options = 'no-sslv3', - $haproxy_stats_certificate = undef, - $keystone_admin = hiera('keystone_enabled', false), - $keystone_public = hiera('keystone_enabled', false), - $neutron = hiera('neutron_api_enabled', false), - $cinder = hiera('cinder_api_enabled', false), - $manila = hiera('manila_api_enabled', false), - $sahara = hiera('sahara_api_enabled', false), - $trove = hiera('trove_api_enabled', false), - $glance_api = hiera('glance_api_enabled', false), - $glance_registry = hiera('glance_registry_enabled', false), - $nova_osapi = hiera('nova_api_enabled', false), - $nova_metadata = hiera('nova_api_enabled', false), - $nova_novncproxy = hiera('nova_vnc_proxy_enabled', false), - $ceilometer = hiera('ceilometer_api_enabled', false), - $aodh = hiera('aodh_api_enabled', false), - $gnocchi = hiera('gnocchi_api_enabled', false), - $mistral = hiera('mistral_api_enabled', false), - $swift_proxy_server = hiera('swift_proxy_enabled', false), - $heat_api = hiera('heat_api_enabled', false), - $heat_cloudwatch = hiera('heat_api_cloudwatch_enabled', false), - $heat_cfn = hiera('heat_api_cfn_enabled', false), - $horizon = hiera('horizon_enabled', false), - $ironic = hiera('ironic_api_enabled', false), - $ironic_inspector = hiera('ironic_inspector_enabled', false), - $mysql = hiera('mysql_enabled', false), - $mysql_clustercheck = false, - $rabbitmq = false, - $redis = hiera('redis_enabled', false), - $redis_password = undef, - $midonet_api = false, - $zaqar_api = hiera('zaqar_api_enabled', false), - $ceph_rgw = hiera('ceph_rgw_enabled', false), - $opendaylight = hiera('opendaylight_api_enabled', false), - $zaqar_ws = hiera('zaqar_api_enabled', false), - $service_ports = {} + $haproxy_service_manage = true, + $haproxy_global_maxconn = 20480, + $haproxy_default_maxconn = 4096, + $haproxy_default_timeout = [ 'http-request 10s', 'queue 2m', 'connect 10s', 'client 2m', 'server 2m', 'check 10s' ], + $haproxy_listen_bind_param = [ 'transparent' ], + $haproxy_member_options = [ 'check', 'inter 2000', 'rise 2', 'fall 5' ], + $haproxy_log_address = '/dev/log', + $haproxy_stats_user = 'admin', + $haproxy_stats_password = undef, + $controller_hosts = hiera('controller_node_ips'), + $controller_hosts_names = hiera('controller_node_names', undef), + $service_certificate = undef, + $use_internal_certificates = false, + $internal_certificates_specs = {}, + $enable_internal_tls = hiera('enable_internal_tls', false), + $ssl_cipher_suite = '!SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES', + $ssl_options = 'no-sslv3', + $ca_bundle = '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt', + $haproxy_stats_certificate = undef, + $keystone_admin = hiera('keystone_enabled', false), + $keystone_public = hiera('keystone_enabled', false), + $neutron = hiera('neutron_api_enabled', false), + $cinder = hiera('cinder_api_enabled', false), + $manila = hiera('manila_api_enabled', false), + $sahara = hiera('sahara_api_enabled', false), + $trove = hiera('trove_api_enabled', false), + $glance_api = hiera('glance_api_enabled', false), + $glance_registry = hiera('glance_registry_enabled', false), + $nova_osapi = hiera('nova_api_enabled', false), + $nova_metadata = hiera('nova_api_enabled', false), + $nova_novncproxy = hiera('nova_vnc_proxy_enabled', false), + $ceilometer = hiera('ceilometer_api_enabled', false), + $aodh = hiera('aodh_api_enabled', false), + $panko = hiera('panko_api_enabled', false), + $barbican = hiera('barbican_api_enabled', false), + $gnocchi = hiera('gnocchi_api_enabled', false), + $mistral = hiera('mistral_api_enabled', false), + $swift_proxy_server = hiera('swift_proxy_enabled', false), + $heat_api = hiera('heat_api_enabled', false), + $heat_cloudwatch = hiera('heat_api_cloudwatch_enabled', false), + $heat_cfn = hiera('heat_api_cfn_enabled', false), + $horizon = hiera('horizon_enabled', false), + $ironic = hiera('ironic_api_enabled', false), + $ironic_inspector = hiera('ironic_inspector_enabled', false), + $mysql = hiera('mysql_enabled', false), + $mysql_clustercheck = false, + $mysql_member_options = undef, + $rabbitmq = false, + $docker_registry = hiera('enable_docker_registry', false), + $redis = hiera('redis_enabled', false), + $redis_password = undef, + $midonet_api = false, + $zaqar_api = hiera('zaqar_api_enabled', false), + $ceph_rgw = hiera('ceph_rgw_enabled', false), + $opendaylight = hiera('opendaylight_api_enabled', false), + $zaqar_ws = hiera('zaqar_api_enabled', false), + $ui = hiera('enable_ui', false), + $aodh_network = hiera('aodh_api_network', undef), + $barbican_network = hiera('barbican_api_network', false), + $ceilometer_network = hiera('ceilometer_api_network', undef), + $ceph_rgw_network = hiera('ceph_rgw_network', undef), + $cinder_network = hiera('cinder_api_network', undef), + $docker_registry_network = hiera('docker_registry_network', undef), + $glance_api_network = hiera('glance_api_network', undef), + $glance_registry_network = hiera('glance_registry_network', undef), + $gnocchi_network = hiera('gnocchi_api_network', undef), + $heat_api_network = hiera('heat_api_network', undef), + $heat_cfn_network = hiera('heat_api_cfn_network', undef), + $heat_cloudwatch_network = hiera('heat_api_cloudwatch_network', undef), + $ironic_inspector_network = hiera('ironic_inspector_network', undef), + $ironic_network = hiera('ironic_api_network', undef), + $keystone_admin_network = hiera('keystone_admin_api_network', undef), + $keystone_public_network = hiera('keystone_public_api_network', undef), + $manila_network = hiera('manila_api_network', undef), + $mistral_network = hiera('mistral_api_network', undef), + $neutron_network = hiera('neutron_api_network', undef), + $nova_metadata_network = hiera('nova_api_network', undef), + $nova_novncproxy_network = hiera('nova_vnc_proxy_network', undef), + $nova_osapi_network = hiera('nova_api_network', undef), + $panko_network = hiera('panko_api_network', undef), + $sahara_network = hiera('sahara_api_network', undef), + $swift_proxy_server_network = hiera('swift_proxy_network', undef), + $trove_network = hiera('trove_api_network', undef), + $zaqar_api_network = hiera('zaqar_api_network', undef), + $service_ports = {} ) { $default_service_ports = { aodh_api_port => 8042, aodh_api_ssl_port => 13042, + barbican_api_port => 9311, + barbican_api_ssl_port => 13311, ceilometer_api_port => 8777, ceilometer_api_ssl_port => 13777, cinder_api_port => 8776, cinder_api_ssl_port => 13776, + docker_registry_port => 8787, + docker_registry_ssl_port => 13787, glance_api_port => 9292, glance_api_ssl_port => 13292, glance_registry_port => 9191, @@ -382,6 +580,7 @@ class tripleo::haproxy ( keystone_public_api_ssl_port => 13000, manila_api_port => 8786, manila_api_ssl_port => 13786, + midonet_cluster_port => 8181, neutron_api_port => 9696, neutron_api_ssl_port => 13696, nova_api_port => 8774, @@ -389,12 +588,16 @@ class tripleo::haproxy ( nova_metadata_port => 8775, nova_novnc_port => 6080, nova_novnc_ssl_port => 13080, + panko_api_port => 8779, + panko_api_ssl_port => 13779, sahara_api_port => 8386, sahara_api_ssl_port => 13386, swift_proxy_port => 8080, swift_proxy_ssl_port => 13808, trove_api_port => 8779, trove_api_ssl_port => 13779, + ui_port => 3000, + ui_ssl_port => 443, zaqar_api_port => 8888, zaqar_api_ssl_port => 13888, ceph_rgw_port => 8080, @@ -404,6 +607,12 @@ class tripleo::haproxy ( } $ports = merge($default_service_ports, $service_ports) + if $enable_internal_tls { + $internal_tls_member_options = ['ssl', 'verify required', "ca-file ${ca_bundle}"] + } else { + $internal_tls_member_options = [] + } + $controller_hosts_real = any2array(split($controller_hosts, ',')) if ! $controller_hosts_names { $controller_hosts_names_real = $controller_hosts_real @@ -411,11 +620,6 @@ class tripleo::haproxy ( $controller_hosts_names_real = downcase(any2array(split($controller_hosts_names, ','))) } - # This code will be removed once we switch undercloud and overcloud to use both haproxy & keepalived roles. - if $keepalived { - include ::tripleo::keepalived - } - # TODO(bnemec): When we have support for SSL on private and admin endpoints, # have the haproxy stats endpoint use that certificate by default. if $haproxy_stats_certificate { @@ -439,11 +643,14 @@ class tripleo::haproxy ( "${public_virtual_ip}:443" => union($haproxy_listen_bind_param, ['ssl', 'crt', $service_certificate]), } $horizon_options = { - 'cookie' => 'SERVERID insert indirect nocache', - 'rsprep' => '^Location:\ http://(.*) Location:\ https://\1', + 'cookie' => 'SERVERID insert indirect nocache', + 'rsprep' => '^Location:\ http://(.*) Location:\ https://\1', # NOTE(jaosorior): We always redirect to https for the public_virtual_ip. - 'redirect' => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }", - 'option' => 'forwardfor', + 'redirect' => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }", + 'option' => 'forwardfor', + 'http-request' => [ + 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], } } else { $horizon_bind_opts = { @@ -492,6 +699,10 @@ class tripleo::haproxy ( 'maxconn' => $haproxy_global_maxconn, 'ssl-default-bind-ciphers' => $ssl_cipher_suite, 'ssl-default-bind-options' => $ssl_options, + 'stats' => [ + 'socket /var/run/haproxy.sock mode 600 level user', + 'timeout 2m' + ], }, defaults_options => { 'mode' => 'tcp', @@ -503,10 +714,11 @@ class tripleo::haproxy ( } Tripleo::Haproxy::Endpoint { - haproxy_listen_bind_param => $haproxy_listen_bind_param, - member_options => $haproxy_member_options, - public_certificate => $service_certificate, - internal_certificate => $internal_certificate, + haproxy_listen_bind_param => $haproxy_listen_bind_param, + member_options => $haproxy_member_options, + public_certificate => $service_certificate, + use_internal_certificates => $use_internal_certificates, + internal_certificates_specs => $internal_certificates_specs, } $stats_base = ['enable', 'uri /'] @@ -530,7 +742,7 @@ class tripleo::haproxy ( internal_ip => hiera('keystone_admin_api_vip', $controller_virtual_ip), service_port => $ports[keystone_admin_api_port], ip_addresses => hiera('keystone_admin_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('keystone_admin_api_node_names', $controller_hosts_names_real), mode => 'http', listen_options => { 'http-request' => [ @@ -538,6 +750,8 @@ class tripleo::haproxy ( 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], }, public_ssl_port => $ports[keystone_admin_api_ssl_port], + service_network => $keystone_admin_network, + member_options => union($haproxy_member_options, $internal_tls_member_options), } } @@ -562,10 +776,12 @@ class tripleo::haproxy ( internal_ip => hiera('keystone_public_api_vip', $controller_virtual_ip), service_port => $ports[keystone_public_api_port], ip_addresses => hiera('keystone_public_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('keystone_public_api_node_names', $controller_hosts_names_real), mode => 'http', listen_options => merge($keystone_listen_opts, $keystone_public_tls_listen_opts), public_ssl_port => $ports[keystone_public_api_ssl_port], + service_network => $keystone_public_network, + member_options => union($haproxy_member_options, $internal_tls_member_options), } } @@ -575,8 +791,15 @@ class tripleo::haproxy ( internal_ip => hiera('neutron_api_vip', $controller_virtual_ip), service_port => $ports[neutron_api_port], ip_addresses => hiera('neutron_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('neutron_api_node_names', $controller_hosts_names_real), + mode => 'http', + listen_options => { + 'http-request' => [ + 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], + }, public_ssl_port => $ports[neutron_api_ssl_port], + service_network => $neutron_network, } } @@ -586,7 +809,7 @@ class tripleo::haproxy ( internal_ip => hiera('cinder_api_vip', $controller_virtual_ip), service_port => $ports[cinder_api_port], ip_addresses => hiera('cinder_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('cinder_api_node_names', $controller_hosts_names_real), mode => 'http', listen_options => { 'http-request' => [ @@ -594,6 +817,8 @@ class tripleo::haproxy ( 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], }, public_ssl_port => $ports[cinder_api_ssl_port], + service_network => $cinder_network, + member_options => union($haproxy_member_options, $internal_tls_member_options), } } @@ -603,13 +828,15 @@ class tripleo::haproxy ( internal_ip => hiera('manila_api_vip', $controller_virtual_ip), service_port => $ports[manila_api_port], ip_addresses => hiera('manila_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('manila_api_node_names', $controller_hosts_names_real), + mode => 'http', listen_options => { 'http-request' => [ 'set-header X-Forwarded-Proto https if { ssl_fc }', 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], }, public_ssl_port => $ports[manila_api_ssl_port], + service_network => $manila_network, } } @@ -619,8 +846,9 @@ class tripleo::haproxy ( internal_ip => hiera('sahara_api_vip', $controller_virtual_ip), service_port => $ports[sahara_api_port], ip_addresses => hiera('sahara_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('sahara_api_node_names', $controller_hosts_names_real), public_ssl_port => $ports[sahara_api_ssl_port], + service_network => $sahara_network, } } @@ -630,8 +858,9 @@ class tripleo::haproxy ( internal_ip => hiera('trove_api_vip', $controller_virtual_ip), service_port => $ports[trove_api_port], ip_addresses => hiera('trove_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('trove_api_node_names', $controller_hosts_names_real), public_ssl_port => $ports[trove_api_ssl_port], + service_network => $trove_network, } } @@ -641,7 +870,7 @@ class tripleo::haproxy ( internal_ip => hiera('glance_api_vip', $controller_virtual_ip), service_port => $ports[glance_api_port], ip_addresses => hiera('glance_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('glance_api_node_names', $controller_hosts_names_real), public_ssl_port => $ports[glance_api_ssl_port], mode => 'http', listen_options => { @@ -649,15 +878,17 @@ class tripleo::haproxy ( 'set-header X-Forwarded-Proto https if { ssl_fc }', 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], }, + service_network => $glance_api_network, } } if $glance_registry { ::tripleo::haproxy::endpoint { 'glance_registry': - internal_ip => hiera('glance_registry_vip', $controller_virtual_ip), - service_port => $ports[glance_registry_port], - ip_addresses => hiera('glance_registry_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + internal_ip => hiera('glance_registry_vip', $controller_virtual_ip), + service_port => $ports[glance_registry_port], + ip_addresses => hiera('glance_registry_node_ips', $controller_hosts_real), + server_names => hiera('glance_registry_node_names', $controller_hosts_names_real), + service_network => $glance_registry_network, } } @@ -668,7 +899,7 @@ class tripleo::haproxy ( internal_ip => $nova_api_vip, service_port => $ports[nova_api_port], ip_addresses => hiera('nova_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('nova_api_node_names', $controller_hosts_names_real), mode => 'http', listen_options => { 'http-request' => [ @@ -676,15 +907,18 @@ class tripleo::haproxy ( 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], }, public_ssl_port => $ports[nova_api_ssl_port], + service_network => $nova_osapi_network, + member_options => union($haproxy_member_options, $internal_tls_member_options), } } if $nova_metadata { ::tripleo::haproxy::endpoint { 'nova_metadata': - internal_ip => hiera('nova_metadata_vip', $controller_virtual_ip), - service_port => $ports[nova_metadata_port], - ip_addresses => hiera('nova_metadata_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + internal_ip => hiera('nova_metadata_vip', $controller_virtual_ip), + service_port => $ports[nova_metadata_port], + ip_addresses => hiera('nova_metadata_node_ips', $controller_hosts_real), + server_names => hiera('nova_metadata_node_names', $controller_hosts_names_real), + service_network => $nova_metadata_network, } } @@ -694,12 +928,13 @@ class tripleo::haproxy ( internal_ip => $nova_api_vip, service_port => $ports[nova_novnc_port], ip_addresses => hiera('nova_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('nova_api_node_names', $controller_hosts_names_real), listen_options => { 'balance' => 'source', 'timeout' => [ 'tunnel 1h' ], }, public_ssl_port => $ports[nova_novnc_ssl_port], + service_network => $nova_novncproxy_network, } } @@ -709,8 +944,16 @@ class tripleo::haproxy ( internal_ip => hiera('ceilometer_api_vip', $controller_virtual_ip), service_port => $ports[ceilometer_api_port], ip_addresses => hiera('ceilometer_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('ceilometer_api_node_names', $controller_hosts_names_real), + mode => 'http', + listen_options => { + 'http-request' => [ + 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], + }, public_ssl_port => $ports[ceilometer_api_ssl_port], + service_network => $ceilometer_network, + member_options => union($haproxy_member_options, $internal_tls_member_options), } } @@ -720,8 +963,47 @@ class tripleo::haproxy ( internal_ip => hiera('aodh_api_vip', $controller_virtual_ip), service_port => $ports[aodh_api_port], ip_addresses => hiera('aodh_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('aodh_api_node_names', $controller_hosts_names_real), + mode => 'http', + listen_options => { + 'http-request' => [ + 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], + }, public_ssl_port => $ports[aodh_api_ssl_port], + service_network => $aodh_network, + member_options => union($haproxy_member_options, $internal_tls_member_options), + } + } + + if $panko { + ::tripleo::haproxy::endpoint { 'panko': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('panko_api_vip', $controller_virtual_ip), + service_port => $ports[panko_api_port], + ip_addresses => hiera('panko_api_node_ips', $controller_hosts_real), + server_names => hiera('panko_api_node_names', $controller_hosts_names_real), + listen_options => { + 'http-request' => [ + 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], + }, + public_ssl_port => $ports[panko_api_ssl_port], + service_network => $panko_network, + member_options => union($haproxy_member_options, $internal_tls_member_options), + } + } + + if $barbican { + ::tripleo::haproxy::endpoint { 'barbican': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('barbican_api_vip', $controller_virtual_ip), + service_port => $ports[barbican_api_port], + ip_addresses => hiera('barbican_api_node_ips', $controller_hosts_real), + server_names => hiera('barbican_api_node_names', $controller_hosts_names_real), + public_ssl_port => $ports[barbican_api_ssl_port], + service_network => $barbican_network, + member_options => union($haproxy_member_options, $internal_tls_member_options), } } @@ -731,8 +1013,16 @@ class tripleo::haproxy ( internal_ip => hiera('gnocchi_api_vip', $controller_virtual_ip), service_port => $ports[gnocchi_api_port], ip_addresses => hiera('gnocchi_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('gnocchi_api_node_names', $controller_hosts_names_real), + mode => 'http', + listen_options => { + 'http-request' => [ + 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], + }, public_ssl_port => $ports[gnocchi_api_ssl_port], + service_network => $gnocchi_network, + member_options => union($haproxy_member_options, $internal_tls_member_options), } } @@ -742,19 +1032,26 @@ class tripleo::haproxy ( internal_ip => hiera('mistral_api_vip', $controller_virtual_ip), service_port => $ports[mistral_api_port], ip_addresses => hiera('mistral_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('mistral_api_node_names', $controller_hosts_names_real), public_ssl_port => $ports[mistral_api_ssl_port], + service_network => $mistral_network, } } if $swift_proxy_server { + $swift_proxy_server_listen_options = { + 'timeout client' => '2m', + 'timeout server' => '2m', + } ::tripleo::haproxy::endpoint { 'swift_proxy_server': public_virtual_ip => $public_virtual_ip, internal_ip => hiera('swift_proxy_vip', $controller_virtual_ip), service_port => $ports[swift_proxy_port], ip_addresses => hiera('swift_proxy_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('swift_proxy_node_names', $controller_hosts_names_real), + listen_options => $swift_proxy_server_listen_options, public_ssl_port => $ports[swift_proxy_ssl_port], + service_network => $swift_proxy_server_network, } } @@ -779,10 +1076,11 @@ class tripleo::haproxy ( internal_ip => $heat_api_vip, service_port => $ports[heat_api_port], ip_addresses => $heat_ip_addresses, - server_names => $controller_hosts_names_real, + server_names => hiera('heat_api_node_names', $controller_hosts_names_real), mode => 'http', listen_options => $heat_options, public_ssl_port => $ports[heat_api_ssl_port], + service_network => $heat_api_network, } } @@ -792,10 +1090,11 @@ class tripleo::haproxy ( internal_ip => $heat_api_vip, service_port => $ports[heat_cw_port], ip_addresses => $heat_ip_addresses, - server_names => $controller_hosts_names_real, + server_names => hiera('heat_api_node_names', $controller_hosts_names_real), mode => 'http', listen_options => $heat_options, public_ssl_port => $ports[heat_cw_ssl_port], + service_network => $heat_cloudwatch_network, } } @@ -805,10 +1104,11 @@ class tripleo::haproxy ( internal_ip => $heat_api_vip, service_port => $ports[heat_cfn_port], ip_addresses => $heat_ip_addresses, - server_names => $controller_hosts_names_real, + server_names => hiera('heat_api_node_names', $controller_hosts_names_real), mode => 'http', listen_options => $heat_options, public_ssl_port => $ports[heat_cfn_ssl_port], + service_network => $heat_cfn_network, } } @@ -823,7 +1123,7 @@ class tripleo::haproxy ( listening_service => 'horizon', ports => '80', ipaddresses => hiera('horizon_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('horizon_node_names', $controller_hosts_names_real), options => union($haproxy_member_options, ["cookie ${::hostname}"]), } } @@ -834,8 +1134,9 @@ class tripleo::haproxy ( internal_ip => hiera('ironic_api_vip', $controller_virtual_ip), service_port => $ports[ironic_api_port], ip_addresses => hiera('ironic_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('ironic_api_node_names', $controller_hosts_names_real), public_ssl_port => $ports[ironic_api_ssl_port], + service_network => $ironic_network, } } @@ -845,8 +1146,9 @@ class tripleo::haproxy ( internal_ip => hiera('ironic_inspector_vip', $controller_virtual_ip), service_port => $ports[ironic_inspector_port], ip_addresses => hiera('ironic_inspector_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('ironic_inspector_node_names', $controller_hosts_names_real), public_ssl_port => $ports[ironic_inspector_ssl_port], + service_network => $ironic_inspector_network, } } @@ -858,13 +1160,21 @@ class tripleo::haproxy ( 'stick-table' => 'type ip size 1000', 'stick' => 'on dst', } - $mysql_member_options = union($haproxy_member_options, ['backup', 'port 9200', 'on-marked-down shutdown-sessions']) + if $mysql_member_options { + $mysql_member_options_real = $mysql_member_options + } else { + $mysql_member_options_real = ['backup', 'port 9200', 'on-marked-down shutdown-sessions', 'check', 'inter 1s'] + } } else { $mysql_listen_options = { 'timeout client' => '90m', 'timeout server' => '90m', } - $mysql_member_options = union($haproxy_member_options, ['backup']) + if $mysql_member_options { + $mysql_member_options_real = $mysql_member_options + } else { + $mysql_member_options_real = union($haproxy_member_options, ['backup']) + } } if $mysql { @@ -877,8 +1187,8 @@ class tripleo::haproxy ( listening_service => 'mysql', ports => '3306', ipaddresses => hiera('mysql_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, - options => $mysql_member_options, + server_names => hiera('mysql_node_names', $controller_hosts_names_real), + options => $mysql_member_options_real, } } @@ -895,11 +1205,23 @@ class tripleo::haproxy ( listening_service => 'rabbitmq', ports => '5672', ipaddresses => hiera('rabbitmq_network', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('rabbitmq_node_names', $controller_hosts_names_real), options => $haproxy_member_options, } } + if $docker_registry { + ::tripleo::haproxy::endpoint { 'docker-registry': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('docker_registry_vip', $controller_virtual_ip), + service_port => $ports[docker_registry_port], + ip_addresses => hiera('docker_registry_node_ips', $controller_hosts_real), + server_names => hiera('docker_registry_node_names', $controller_hosts_names_real), + public_ssl_port => $ports[docker_registry_ssl_port], + service_network => $docker_registry_network, + } + } + if $redis { if $redis_password { $redis_tcp_check_options = ["send AUTH\\ ${redis_password}\\r\\n"] @@ -924,15 +1246,15 @@ class tripleo::haproxy ( listening_service => 'redis', ports => '6379', ipaddresses => hiera('redis_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('redis_node_names', $controller_hosts_names_real), options => $haproxy_member_options, } } - $midonet_api_vip = hiera('midonet_api_vip', $controller_virtual_ip) + $midonet_cluster_vip = hiera('midonet_cluster_vip', $controller_virtual_ip) $midonet_bind_opts = { - "${midonet_api_vip}:8081" => [], - "${public_virtual_ip}:8081" => [], + "${midonet_cluster_vip}:${ports[midonet_cluster_port]}" => [], + "${public_virtual_ip}:${ports[midonet_cluster_port]}" => [], } if $midonet_api { @@ -942,9 +1264,9 @@ class tripleo::haproxy ( } haproxy::balancermember { 'midonet_api': listening_service => 'midonet_api', - ports => '8081', + ports => $ports[midonet_cluster_port], ipaddresses => hiera('midonet_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('midonet_api_node_names', $controller_hosts_names_real), options => $haproxy_member_options, } } @@ -954,9 +1276,10 @@ class tripleo::haproxy ( internal_ip => hiera('zaqar_api_vip', $controller_virtual_ip), service_port => $ports[zaqar_api_port], ip_addresses => hiera('zaqar_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('zaqar_api_node_names', $controller_hosts_names_real), mode => 'http', public_ssl_port => $ports[zaqar_api_ssl_port], + service_network => $zaqar_api_network, } } @@ -966,15 +1289,16 @@ class tripleo::haproxy ( internal_ip => hiera('ceph_rgw_vip', $controller_virtual_ip), service_port => $ports[ceph_rgw_port], ip_addresses => hiera('ceph_rgw_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('ceph_rgw_node_names', $controller_hosts_names_real), public_ssl_port => $ports[ceph_rgw_ssl_port], + service_network => $ceph_rgw_network, } } $opendaylight_api_vip = hiera('opendaylight_api_vip', $controller_virtual_ip) $opendaylight_bind_opts = { - "${opendaylight_api_vip}:8081" => [], - "${public_virtual_ip}:8081" => [], + "${opendaylight_api_vip}:8081" => $haproxy_listen_bind_param, + "${public_virtual_ip}:8081" => $haproxy_listen_bind_param, } if $opendaylight { @@ -989,7 +1313,7 @@ class tripleo::haproxy ( listening_service => 'opendaylight', ports => '8081', ipaddresses => hiera('opendaylight_api_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('opendaylight_api_node_names', $controller_hosts_names_real), options => ['check', 'inter 2000', 'rise 2', 'fall 5'], } } @@ -1000,7 +1324,7 @@ class tripleo::haproxy ( internal_ip => hiera('zaqar_ws_vip', $controller_virtual_ip), service_port => $ports[zaqar_ws_port], ip_addresses => hiera('zaqar_ws_node_ips', $controller_hosts_real), - server_names => $controller_hosts_names_real, + server_names => hiera('zaqar_ws_node_names', $controller_hosts_names_real), mode => 'http', haproxy_listen_bind_param => [], # We don't use a transparent proxy here listen_options => { @@ -1013,6 +1337,20 @@ class tripleo::haproxy ( 'timeout' => ['connect 5s', 'client 25s', 'server 25s', 'tunnel 3600s'], }, public_ssl_port => $ports[zaqar_ws_ssl_port], + service_network => $zaqar_api_network, + } + } + + if $ui { + ::tripleo::haproxy::endpoint { 'ui': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('ui_vip', $controller_virtual_ip), + service_port => $ports[ui_port], + ip_addresses => hiera('ui_ips', $controller_hosts_real), + server_names => $controller_hosts_names_real, + mode => 'http', + public_ssl_port => $ports[ui_ssl_port], } } + } diff --git a/manifests/haproxy/endpoint.pp b/manifests/haproxy/endpoint.pp index b7403a4..4311049 100644 --- a/manifests/haproxy/endpoint.pp +++ b/manifests/haproxy/endpoint.pp @@ -64,9 +64,27 @@ # Certificate path used to enable TLS for the public proxy endpoint. # Defaults to undef. # -# [*internal_certificate*] -# Certificate path used to enable TLS for the internal proxy endpoint. -# Defaults to undef. +# [*use_internal_certificates*] +# Flag that indicates if we'll use an internal certificate for this specific +# service. When set, enables SSL on the internal API endpoints using the file +# that certmonger is tracking; this is derived from the network the service is +# listening on. +# Defaults to false +# +# [*internal_certificates_specs*] +# A hash that should contain the specs that were used to create the +# certificates. As the name indicates, only the internal certificates will be +# fetched from here. And the keys should follow the following pattern +# "haproxy-<network name>". The network name should be as it was defined in +# tripleo-heat-templates. +# Note that this is only taken into account if the $use_internal_certificates +# flag is set. +# Defaults to {} +# +# [*service_network*] +# (optional) Indicates the network that the service is running on. Used for +# fetching the certificate for that specific network. +# Defaults to undef # define tripleo::haproxy::endpoint ( $internal_ip, @@ -74,15 +92,17 @@ define tripleo::haproxy::endpoint ( $ip_addresses, $server_names, $member_options, - $public_virtual_ip = undef, - $mode = undef, - $haproxy_listen_bind_param = undef, - $listen_options = { + $public_virtual_ip = undef, + $mode = undef, + $haproxy_listen_bind_param = undef, + $listen_options = { 'option' => [], }, - $public_ssl_port = undef, - $public_certificate = undef, - $internal_certificate = undef, + $public_ssl_port = undef, + $public_certificate = undef, + $use_internal_certificates = false, + $internal_certificates_specs = {}, + $service_network = undef, ) { if $public_virtual_ip { # service exposed to the public network @@ -98,9 +118,17 @@ define tripleo::haproxy::endpoint ( $public_bind_opts = {} } - if $internal_certificate { + if $use_internal_certificates { + if !$service_network { + fail("The service_network for this service is undefined. Can't configure TLS for the internal network.") + } + # NOTE(jaosorior): The key of the internal_certificates_specs hash must + # must match the convention haproxy-<network name> or else this + # will fail. Futherly, it must contain the path that we'll use under + # 'service_pem'. + $internal_cert_path = $internal_certificates_specs["haproxy-${service_network}"]['service_pem'] $internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${service_port}"), - union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate])) + union($haproxy_listen_bind_param, ['ssl', 'crt', $internal_cert_path])) } else { $internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${service_port}"), $haproxy_listen_bind_param) } diff --git a/manifests/keepalived.pp b/manifests/keepalived.pp index c0fb3ef..0e9262d 100644 --- a/manifests/keepalived.pp +++ b/manifests/keepalived.pp @@ -158,5 +158,4 @@ class tripleo::keepalived ( priority => 101, } } - } diff --git a/manifests/network/midonet/api.pp b/manifests/network/midonet/api.pp deleted file mode 100644 index 83efd2c..0000000 --- a/manifests/network/midonet/api.pp +++ /dev/null @@ -1,122 +0,0 @@ -# -# Copyright (C) 2015 Midokura SARL -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::network::midonet::api -# -# Configure the MidoNet API -# -# == Parameters: -# -# [*zookeeper_servers*] -# (required) List IPs of the zookeeper server cluster. Zookeeper is the -# backend database where MidoNet stores the virtual network topology. -# Array of strings value. -# -# [*vip*] -# (required) Public Virtual IP where the API will be exposed. -# String (IPv4) value. -# -# [*keystone_ip*] -# (required) MidoNet API is registered as an OpenStack service. Provide the -# keystone ip address. -# String (IPv4) value. -# -# [*keystone_admin_token*] -# (required) MidoNet API is registered as an OpenStack service. It needs the -# keystone admin token to perform some admin calls. -# String value. -# -# [*bind_address*] -# (required) MidoNet API uses a Tomcat instance to offer the REST service. The -# ip address where to bind the tomcat service. -# String (IPv4) value. -# -# [*admin_password*] -# (required) OpenStack admin user password. -# String value. -# -# [*keystone_port*] -# (optional) MidoNet API is registered as an OpenStack service. Provide -# the keystone port. -# Defaults to 35357 -# -# [*keystone_tenant_name*] -# (optional) Tenant of the keystone service. -# Defaults to 'admin' -# -# [*admin_user_name*] -# (optional) OpenStack admin user name. -# Defaults to 'admin' -# -# [*admin_tenant_name*] -# (optional). OpenStack admin tenant name. -# Defaults to 'admin' -# - -class tripleo::network::midonet::api( - $zookeeper_servers, - $vip, - $keystone_ip, - $keystone_admin_token, - $bind_address, - $admin_password, - $keystone_port = 35357, - $keystone_tenant_name = 'admin', - $admin_user_name = 'admin', - $admin_tenant_name = 'admin' -) -{ - - # TODO: Remove this comment once we can guarantee that all the distros - # deploying TripleO use Puppet > 3.7 because of this bug: - # https://tickets.puppetlabs.com/browse/PUP-1299 - - # validate_array($zookeeper_servers) - validate_ip_address($vip) - validate_ip_address($keystone_ip) - validate_ip_address($bind_address) - - # Run Tomcat and MidoNet API - class {'::tomcat': - install_from_source => false - } -> - - package {'midonet-api': - ensure => present - } -> - - class {'::midonet::midonet_api::run': - zk_servers => list_to_zookeeper_hash($zookeeper_servers), - keystone_auth => true, - tomcat_package => 'tomcat', - vtep => false, - api_ip => $vip, - api_port => '8081', - keystone_host => $keystone_ip, - keystone_port => $keystone_port, - keystone_admin_token => $keystone_admin_token, - keystone_tenant_name => $keystone_tenant_name, - catalina_base => '/usr/share/tomcat', - bind_address => $bind_address - } - - # Configure the CLI - class {'::midonet::midonet_cli': - api_endpoint => "http://${vip}:8081/midonet-api", - username => $admin_user_name, - password => $admin_password, - tenant_name => $admin_tenant_name - } -} diff --git a/manifests/network/os_net_config.pp b/manifests/network/os_net_config.pp index 7e07f6c..3283b5f 100644 --- a/manifests/network/os_net_config.pp +++ b/manifests/network/os_net_config.pp @@ -30,6 +30,17 @@ class tripleo::network::os_net_config { Package['openvswitch'], Service['openvswitch'], ], + notify => Exec['trigger-keepalived-restart'], } + # By modifying the keepalived.conf file we ensure that puppet will + # trigger a restart of keepalived during the main stage. Adding back + # any lost conf during the os-net-config step. + exec { 'trigger-keepalived-restart': + command => '/usr/bin/echo "# Restart keepalived" >> /etc/keepalived/keepalived.conf', + path => '/usr/bin:/bin', + refreshonly => true, + # Only if keepalived is installed + onlyif => 'test -e /etc/keepalived/keepalived.conf', + } } diff --git a/manifests/pacemaker/resource_restart_flag.pp b/manifests/pacemaker/resource_restart_flag.pp index aded802..c201c9b 100644 --- a/manifests/pacemaker/resource_restart_flag.pp +++ b/manifests/pacemaker/resource_restart_flag.pp @@ -26,10 +26,21 @@ # define tripleo::pacemaker::resource_restart_flag() { + ensure_resource('file', ['/var/lib/tripleo', '/var/lib/tripleo/pacemaker-restarts'], + { + 'ensure' => 'directory', + 'owner' => 'root', + 'mode' => '0755', + 'group' => 'root', + } + ) + exec { "${title} resource restart flag": command => "touch /var/lib/tripleo/pacemaker-restarts/${title}", path => ['/bin','/usr/bin','/sbin','/usr/sbin'], refreshonly => true, } + File['/var/lib/tripleo/pacemaker-restarts'] -> + Exec["${title} resource restart flag"] } diff --git a/manifests/packages.pp b/manifests/packages.pp index 5e111fa..ec2635a 100644 --- a/manifests/packages.pp +++ b/manifests/packages.pp @@ -32,6 +32,9 @@ class tripleo::packages ( $enable_upgrade = false, ) { + # required for stages + include ::stdlib + if !$enable_install and !$enable_upgrade { case $::osfamily { 'RedHat': { @@ -45,33 +48,12 @@ class tripleo::packages ( if $enable_upgrade { Package <| |> { ensure => 'latest' } - - case $::osfamily { - 'RedHat': { - $pkg_upgrade_cmd = 'yum -y update' - } - default: { - warning('Please specify a package upgrade command for distribution.') - } - } - - exec { 'package-upgrade': - command => $pkg_upgrade_cmd, - path => '/usr/bin', - timeout => 0, - } - # A resource chain to ensure the upgrade ordering we want: - # 1) Upgrade all packages via exec. - # Note: The Package Puppet resources can be managed after or before package-upgrade, - # it does not matter. what we need to make sure is that they'll notify their - # respective services (if they have ~> in their manifests or here with the ->) - # for the other packages, they'll be upgraded before any Service notify. - # This approach prevents from Puppet dependencies cycle. - # 2) This upgrade will be run before any Service notified & managed by Puppet. - # Note: For example, during the Puppet catalog, configuration will change for most of - # the services so the Services will be likely restarted after the package upgrade. - Exec['package-upgrade'] -> Service <| |> - + # Running the package upgrade before managing Services in the main stage. + # So we're sure that services will be able to restart with the new version + # of the package. + ensure_resource('class', 'tripleo::packages::upgrades', { + 'stage' => 'setup', + }) } } diff --git a/manifests/packages/upgrades.pp b/manifests/packages/upgrades.pp new file mode 100644 index 0000000..a6ca1c8 --- /dev/null +++ b/manifests/packages/upgrades.pp @@ -0,0 +1,43 @@ +# Copyright 2016 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# == Class: tripleo::packages::upgrades +# +# Upgrade packages using yum. +# +class tripleo::packages::upgrades { + + # required for stages + include ::stdlib + + case $::osfamily { + 'RedHat': { + $pkg_upgrade_cmd = 'yum -y update' + } + default: { + fail('Please specify a package upgrade command for distribution.') + } + } + + # Running the package upgrade before managing Services in the main stage. + # So we're sure that services will be able to restart with the new version + # of the package. + ensure_resource('exec', 'package-upgrade', { + 'command' => $pkg_upgrade_cmd, + 'path' => '/usr/bin', + 'timeout' => 0, + }) + +} diff --git a/manifests/profile/base/aodh.pp b/manifests/profile/base/aodh.pp index 49a543a..6e70b50 100644 --- a/manifests/profile/base/aodh.pp +++ b/manifests/profile/base/aodh.pp @@ -28,14 +28,18 @@ # Defaults to hiera('bootstrap_nodeid') # # [*rabbit_hosts*] -# list of the rabbbit host IPs -# Defaults to hiera('rabbitmq_node_ips') +# list of the rabbbit host fqdns +# Defaults to hiera('rabbitmq_node_names') # +# [*rabbit_port*] +# IP port for rabbitmq service +# Defaults to hiera('aodh::rabbit_port', 5672) class tripleo::profile::base::aodh ( $step = hiera('step'), $bootstrap_node = hiera('bootstrap_nodeid', undef), - $rabbit_hosts = hiera('rabbitmq_node_ips', undef), + $rabbit_hosts = hiera('rabbitmq_node_names', undef), + $rabbit_port = hiera('aodh::rabbit_port', 5672), ) { if $::hostname == downcase($bootstrap_node) { @@ -45,8 +49,9 @@ class tripleo::profile::base::aodh ( } if $step >= 4 or ($step >= 3 and $sync_db) { + $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") class { '::aodh' : - rabbit_hosts => $rabbit_hosts, + rabbit_hosts => $rabbit_endpoints, } include ::aodh::auth include ::aodh::config diff --git a/manifests/profile/base/aodh/api.pp b/manifests/profile/base/aodh/api.pp index 2dcf802..af4a5b3 100644 --- a/manifests/profile/base/aodh/api.pp +++ b/manifests/profile/base/aodh/api.pp @@ -18,32 +18,72 @@ # # === Parameters # +# [*aodh_network*] +# (Optional) The network name where the aodh endpoint is listening on. +# This is set by t-h-t. +# Defaults to hiera('aodh_api_network', undef) +# +# [*certificates_specs*] +# (Optional) The specifications to give to certmonger for the certificate(s) +# it will create. +# Example with hiera: +# apache_certificates_specs: +# httpd-internal_api: +# hostname: <overcloud controller fqdn> +# service_certificate: <service certificate path> +# service_key: <service key path> +# principal: "haproxy/<overcloud controller fqdn>" +# Defaults to hiera('apache_certificate_specs', {}). +# +# [*enable_internal_tls*] +# (Optional) Whether TLS in the internal network is enabled or not. +# Defaults to hiera('enable_internal_tls', false) +# +# [*generate_service_certificates*] +# (Optional) Whether or not certmonger will generate certificates for +# HAProxy. This could be as many as specified by the $certificates_specs +# variable. +# Note that this doesn't configure the certificates in haproxy, it merely +# creates the certificates. +# Defaults to hiera('generate_service_certificate', false). +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') # -# [*enable_combination_alarms*] -# (optional) Setting to enable combination alarms -# Defaults to: false -# class tripleo::profile::base::aodh::api ( - $step = hiera('step'), - $enable_combination_alarms = false, + $aodh_network = hiera('aodh_api_network', undef), + $certificates_specs = hiera('apache_certificates_specs', {}), + $enable_internal_tls = hiera('enable_internal_tls', false), + $generate_service_certificates = hiera('generate_service_certificates', false), + $step = hiera('step'), ) { include ::tripleo::profile::base::aodh + if $enable_internal_tls { + if $generate_service_certificates { + ensure_resources('tripleo::certmonger::httpd', $certificates_specs) + } + + if !$aodh_network { + fail('aodh_api_network is not set in the hieradata.') + } + $tls_certfile = $certificates_specs["httpd-${aodh_network}"]['service_certificate'] + $tls_keyfile = $certificates_specs["httpd-${aodh_network}"]['service_key'] + } else { + $tls_certfile = undef + $tls_keyfile = undef + } + + if $step >= 4 { include ::aodh::api - include ::aodh::wsgi::apache - - #NOTE: Combination alarms are deprecated in newton and disabled by default. - # we need a way to override this setting for users still using this type - # of alarms. - aodh_config { - 'api/enable_combination_alarms' : value => $enable_combination_alarms; + class { '::aodh::wsgi::apache': + ssl_cert => $tls_certfile, + ssl_key => $tls_keyfile, } } } diff --git a/manifests/profile/base/aodh/evaluator.pp b/manifests/profile/base/aodh/evaluator.pp index 610d5a8..d9b48b3 100644 --- a/manifests/profile/base/aodh/evaluator.pp +++ b/manifests/profile/base/aodh/evaluator.pp @@ -30,7 +30,9 @@ class tripleo::profile::base::aodh::evaluator ( include ::tripleo::profile::base::aodh if $step >= 4 { - include ::aodh::evaluator + class { '::aodh::evaluator': + coordination_url => join(['redis://:', hiera('aodh_redis_password'), '@', normalize_ip_for_uri(hiera('redis_vip')), ':6379/']), + } } } diff --git a/manifests/profile/pacemaker/gnocchi/api.pp b/manifests/profile/base/barbican.pp index 29f2435..f4d6230 100644 --- a/manifests/profile/pacemaker/gnocchi/api.pp +++ b/manifests/profile/base/barbican.pp @@ -12,9 +12,9 @@ # License for the specific language governing permissions and limitations # under the License. # -# == Class: tripleo::profile::pacemaker::gnocchi::api +# == Class: tripleo::profile::base::barbican # -# Gnocchi profile for tripleo api +# Barbican profile for tripleo # # === Parameters # @@ -23,10 +23,14 @@ # for more details. # Defaults to hiera('step') # -class tripleo::profile::pacemaker::gnocchi::api ( + +class tripleo::profile::base::barbican ( $step = hiera('step'), ) { - include ::tripleo::profile::pacemaker::gnocchi - include ::tripleo::profile::pacemaker::apache - include ::tripleo::profile::base::gnocchi::api + + if $step >= 3 { + include ::barbican + include ::barbican::config + include ::barbican::client + } } diff --git a/manifests/profile/base/barbican/api.pp b/manifests/profile/base/barbican/api.pp new file mode 100644 index 0000000..b464317 --- /dev/null +++ b/manifests/profile/base/barbican/api.pp @@ -0,0 +1,107 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::barbican::api +# +# Barbican profile for tripleo api +# +# === Parameters +# +# [*barbican_network*] +# (Optional) The network name where the barbican endpoint is listening on. +# This is set by t-h-t. +# Defaults to hiera('barbican_api_network', undef) +# +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# +# [*certificates_specs*] +# (Optional) The specifications to give to certmonger for the certificate(s) +# it will create. +# Example with hiera: +# apache_certificates_specs: +# httpd-internal_api: +# hostname: <overcloud controller fqdn> +# service_certificate: <service certificate path> +# service_key: <service key path> +# principal: "haproxy/<overcloud controller fqdn>" +# Defaults to hiera('apache_certificate_specs', {}). +# +# [*enable_internal_tls*] +# (Optional) Whether TLS in the internal network is enabled or not. +# Defaults to hiera('enable_internal_tls', false) +# +# [*generate_service_certificates*] +# (Optional) Whether or not certmonger will generate certificates for +# HAProxy. This could be as many as specified by the $certificates_specs +# variable. +# Note that this doesn't configure the certificates in haproxy, it merely +# creates the certificates. +# Defaults to hiera('generate_service_certificate', false). +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::barbican::api ( + $barbican_network = hiera('barbican_api_network', undef), + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $certificates_specs = hiera('apache_certificates_specs', {}), + $enable_internal_tls = hiera('enable_internal_tls', false), + $generate_service_certificates = hiera('generate_service_certificates', false), + $step = hiera('step'), +) { + if $::hostname == downcase($bootstrap_node) { + $sync_db = true + } else { + $sync_db = false + } + + if $enable_internal_tls { + if $generate_service_certificates { + ensure_resources('tripleo::certmonger::httpd', $certificates_specs) + } + + if !$barbican_network { + fail('barbican_api_network is not set in the hieradata.') + } + $tls_certfile = $certificates_specs["httpd-${barbican_network}"]['service_certificate'] + $tls_keyfile = $certificates_specs["httpd-${barbican_network}"]['service_key'] + } else { + $tls_certfile = undef + $tls_keyfile = undef + } + + include ::tripleo::profile::base::barbican + + if $step >= 3 and $sync_db { + include ::barbican::db::mysql + } + + if $step >= 4 or ( $step >= 3 and $sync_db ) { + class { '::barbican::api': + sync_db => $sync_db + } + include ::barbican::keystone::authtoken + include ::barbican::api::logging + include ::barbican::keystone::notification + include ::barbican::quota + class { '::barbican::wsgi::apache': + ssl_cert => $tls_certfile, + ssl_key => $tls_keyfile, + } + } +} diff --git a/manifests/profile/base/ceilometer.pp b/manifests/profile/base/ceilometer.pp index aaf904f..bbe7f27 100644 --- a/manifests/profile/base/ceilometer.pp +++ b/manifests/profile/base/ceilometer.pp @@ -24,17 +24,23 @@ # Defaults to hiera('step') # # [*rabbit_hosts*] -# list of the rabbbit host IPs -# Defaults to hiera('rabbitmq_node_ips') +# list of the rabbbit host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*rabbit_port*] +# IP port for rabbitmq service +# Defaults to hiera('ceilometer::rabbit_port', 5672) class tripleo::profile::base::ceilometer ( - $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_ips', undef), + $step = hiera('step'), + $rabbit_hosts = hiera('rabbitmq_node_names', undef), + $rabbit_port = hiera('ceilometer::rabbit_port', 5672), ) { if $step >= 3 { + $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") class { '::ceilometer' : - rabbit_hosts => $rabbit_hosts, + rabbit_hosts => $rabbit_endpoints, } include ::ceilometer::config } diff --git a/manifests/profile/base/ceilometer/agent/central.pp b/manifests/profile/base/ceilometer/agent/central.pp index c91e610..033d34c 100644 --- a/manifests/profile/base/ceilometer/agent/central.pp +++ b/manifests/profile/base/ceilometer/agent/central.pp @@ -30,7 +30,9 @@ class tripleo::profile::base::ceilometer::agent::central ( if $step >= 4 { include ::ceilometer::agent::auth - include ::ceilometer::agent::central + class { '::ceilometer::agent::central': + coordination_url => join(['redis://:', hiera('ceilometer_redis_password'), '@', normalize_ip_for_uri(hiera('redis_vip')), ':6379/']), + } } } diff --git a/manifests/profile/base/ceilometer/api.pp b/manifests/profile/base/ceilometer/api.pp index da94da2..6ef4748 100644 --- a/manifests/profile/base/ceilometer/api.pp +++ b/manifests/profile/base/ceilometer/api.pp @@ -18,18 +18,69 @@ # # === Parameters # +# [*ceilometer_network*] +# (Optional) The network name where the ceilometer endpoint is listening on. +# This is set by t-h-t. +# Defaults to hiera('ceilometer_api_network', undef) +# +# [*certificates_specs*] +# (Optional) The specifications to give to certmonger for the certificate(s) +# it will create. +# Example with hiera: +# apache_certificates_specs: +# httpd-internal_api: +# hostname: <overcloud controller fqdn> +# service_certificate: <service certificate path> +# service_key: <service key path> +# principal: "haproxy/<overcloud controller fqdn>" +# Defaults to hiera('apache_certificate_specs', {}). +# +# [*enable_internal_tls*] +# (Optional) Whether TLS in the internal network is enabled or not. +# Defaults to hiera('enable_internal_tls', false) +# +# [*generate_service_certificates*] +# (Optional) Whether or not certmonger will generate certificates for +# HAProxy. This could be as many as specified by the $certificates_specs +# variable. +# Note that this doesn't configure the certificates in haproxy, it merely +# creates the certificates. +# Defaults to hiera('generate_service_certificate', false). +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') # class tripleo::profile::base::ceilometer::api ( - $step = hiera('step'), + $ceilometer_network = hiera('ceilometer_api_network', undef), + $certificates_specs = hiera('apache_certificates_specs', {}), + $enable_internal_tls = hiera('enable_internal_tls', false), + $generate_service_certificates = hiera('generate_service_certificates', false), + $step = hiera('step'), ) { include ::tripleo::profile::base::ceilometer + if $enable_internal_tls { + if $generate_service_certificates { + ensure_resources('tripleo::certmonger::httpd', $certificates_specs) + } + + if !$ceilometer_network { + fail('ceilometer_api_network is not set in the hieradata.') + } + $tls_certfile = $certificates_specs["httpd-${ceilometer_network}"]['service_certificate'] + $tls_keyfile = $certificates_specs["httpd-${ceilometer_network}"]['service_key'] + } else { + $tls_certfile = undef + $tls_keyfile = undef + } + if $step >= 4 { include ::ceilometer::api - include ::ceilometer::wsgi::apache + class { '::ceilometer::wsgi::apache': + ssl_cert => $tls_certfile, + ssl_key => $tls_keyfile, + } } } diff --git a/manifests/profile/base/ceilometer/collector.pp b/manifests/profile/base/ceilometer/collector.pp index e892478..20eab54 100644 --- a/manifests/profile/base/ceilometer/collector.pp +++ b/manifests/profile/base/ceilometer/collector.pp @@ -27,9 +27,30 @@ # for more details. # Defaults to hiera('step') # +# [*ceilometer_backend*] +# (Optional) The ceilometer backend to use. +# Defaults to hiera('ceilometer_backend', 'mongodb') +# +# [*mongodb_ipv6*] +# (Optional) Flag to indicate if mongodb is using ipv6 +# Defaults to hiera('mongodb::server::ipv6', false) +# +# [*mongodb_node_ips*] +# (Optional) Array of mongodb node ip address. Required if backend is set +# to mongodb. +# Defaults to hiera('mongodb_node_ips', []) +# +# [*mongodb_replset*] +# (Optional) Replica set for mongodb. Required if backend is mongodb +# Defaults to hiera(''mongodb::server::replset', '') +# class tripleo::profile::base::ceilometer::collector ( - $bootstrap_node = hiera('bootstrap_nodeid', undef), - $step = hiera('step'), + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $step = hiera('step'), + $ceilometer_backend = hiera('ceilometer_backend', 'mongodb'), + $mongodb_ipv6 = hiera('mongodb::server::ipv6', false), + $mongodb_node_ips = hiera('mongodb_node_ips', []), + $mongodb_replset = hiera('mongodb::server::replset', undef) ) { if $::hostname == downcase($bootstrap_node) { $sync_db = true @@ -37,39 +58,28 @@ class tripleo::profile::base::ceilometer::collector ( $sync_db = false } - $ceilometer_backend = downcase(hiera('ceilometer_backend', 'mongodb')) - # MongoDB - if $ceilometer_backend == 'mongodb' { - # NOTE(gfidente): We need to pass the list of IPv6 addresses *with* port and - # without the brackets as 'members' argument for the 'mongodb_replset' - # resource. - if str2bool(hiera('mongodb::server::ipv6', false)) { - $mongo_node_ips_with_port_prefixed = prefix(hiera('mongodb_node_ips'), '[') - $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017') - $mongo_node_ips_with_port_nobr = suffix(hiera('mongodb_node_ips'), ':27017') - } else { - $mongo_node_ips_with_port = suffix(hiera('mongodb_node_ips'), ':27017') - $mongo_node_ips_with_port_nobr = suffix(hiera('mongodb_node_ips'), ':27017') - } - $mongo_node_string = join($mongo_node_ips_with_port, ',') - - $mongodb_replset = hiera('mongodb::server::replset') - $ceilometer_mongodb_conn_string = "mongodb://${mongo_node_string}/ceilometer?replicaSet=${mongodb_replset}" - } - include ::tripleo::profile::base::ceilometer - if $step >= 3 and $sync_db { - include ::ceilometer::db::sync - } - if $step >= 4 or ($step >= 3 and $sync_db) { - if $ceilometer_backend == 'mongodb' { + if downcase($ceilometer_backend) == 'mongodb' { + if empty($mongodb_node_ips) { + fail('Provided mongodb node ip addresses are empty') + } + if !$mongodb_replset { + fail('mongodb_replset is required when using mongodb') + } + $mongo_nodes = suffix(any2array(normalize_ip_for_uri($mongodb_node_ips)), ':27017') + $mongo_node_string = join($mongo_nodes, ',') + $ceilometer_mongodb_conn_string = "mongodb://${mongo_node_string}/ceilometer?replicaSet=${mongodb_replset}" + class { '::ceilometer::db' : + sync_db => $sync_db, database_connection => $ceilometer_mongodb_conn_string, } } else { - include ::ceilometer::db + class { '::ceilometer::db' : + sync_db => $sync_db, + } } include ::ceilometer::collector include ::ceilometer::dispatcher::gnocchi diff --git a/manifests/profile/base/ceph.pp b/manifests/profile/base/ceph.pp index 6ffd4ef..f4404e0 100644 --- a/manifests/profile/base/ceph.pp +++ b/manifests/profile/base/ceph.pp @@ -20,7 +20,7 @@ # # [*ceph_mon_initial_members*] # (Optional) List of IP addresses to use as mon_initial_members -# Defaults to hiera('ceph_mon_node_names') +# Defaults to hiera('ceph_mon_short_node_names') # # [*ceph_mon_host*] # (Optional) List of IP addresses to use as mon_host @@ -36,18 +36,23 @@ # Defaults to hiera('step') # class tripleo::profile::base::ceph ( - $ceph_mon_initial_members = hiera('ceph_mon_node_names', undef), + $ceph_mon_initial_members = hiera('ceph_mon_short_node_names', undef), $ceph_mon_host = hiera('ceph_mon_node_ips', '127.0.0.1'), $enable_ceph_storage = false, $step = hiera('step'), ) { + if ! $ceph_mon_initial_members { + $ceph_mon_initial_members_real = hiera('ceph_mon_node_names', undef) + } else { + $ceph_mon_initial_members_real = $ceph_mon_initial_members + } if $step >= 2 { - if $ceph_mon_initial_members { - if is_array($ceph_mon_initial_members) { - $mon_initial_members = downcase(join($ceph_mon_initial_members, ',')) + if $ceph_mon_initial_members_real { + if is_array($ceph_mon_initial_members_real) { + $mon_initial_members = downcase(join($ceph_mon_initial_members_real, ',')) } else { - $mon_initial_members = downcase($ceph_mon_initial_members) + $mon_initial_members = downcase($ceph_mon_initial_members_real) } } else { $mon_initial_members = undef diff --git a/manifests/profile/base/ceph/rgw.pp b/manifests/profile/base/ceph/rgw.pp index 7cd2b6a..2ecca52 100644 --- a/manifests/profile/base/ceph/rgw.pp +++ b/manifests/profile/base/ceph/rgw.pp @@ -18,6 +18,14 @@ # # === Parameters # +# [*civetweb_bind_ip*] +# IP address where to bind the RGW civetweb instance +# (Optional) Defaults to 127.0.0.1 +# +# [*civetweb_bind_port*] +# PORT where to bind the RGW civetweb instance +# (Optional) Defaults to 8080 +# # [*keystone_admin_token*] # The keystone admin token # @@ -36,14 +44,22 @@ class tripleo::profile::base::ceph::rgw ( $keystone_admin_token, $keystone_url, $rgw_key, - $step = hiera('step'), + $civetweb_bind_ip = '127.0.0.1', + $civetweb_bind_port = '8080', + $step = hiera('step'), ) { include ::tripleo::profile::base::ceph if $step >= 3 { - include ::ceph::profile::rgw $rgw_name = hiera('ceph::profile::params::rgw_name', 'radosgw.gateway') + $civetweb_bind_ip_real = normalize_ip_for_uri($civetweb_bind_ip) + include ::ceph::params + include ::ceph::profile::base + ceph::rgw { $rgw_name: + frontend_type => 'civetweb', + rgw_frontends => "civetweb port=${civetweb_bind_ip_real}:${civetweb_bind_port}" + } ceph::key { "client.${rgw_name}": secret => $rgw_key, cap_mon => 'allow *', diff --git a/manifests/profile/base/cinder.pp b/manifests/profile/base/cinder.pp index 510ea40..6a821f3 100644 --- a/manifests/profile/base/cinder.pp +++ b/manifests/profile/base/cinder.pp @@ -31,14 +31,19 @@ # Defaults to hiera('step') # # [*rabbit_hosts*] -# list of the rabbbit host IPs -# Defaults to hiera('rabbitmq_node_ips') +# list of the rabbbit host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*rabbit_port*] +# IP port for rabbitmq service +# Defaults to hiera('cinder::rabbit_port', 5672) class tripleo::profile::base::cinder ( $bootstrap_node = hiera('bootstrap_nodeid', undef), $cinder_enable_db_purge = true, $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_ips', undef), + $rabbit_hosts = hiera('rabbitmq_node_names', undef), + $rabbit_port = hiera('cinder::rabbit_port', 5672), ) { if $::hostname == downcase($bootstrap_node) { $sync_db = true @@ -47,8 +52,9 @@ class tripleo::profile::base::cinder ( } if $step >= 4 or ($step >= 3 and $sync_db) { + $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") class { '::cinder' : - rabbit_hosts => $rabbit_hosts, + rabbit_hosts => $rabbit_endpoints, } include ::cinder::config } diff --git a/manifests/profile/base/cinder/api.pp b/manifests/profile/base/cinder/api.pp index 31635eb..5ea2058 100644 --- a/manifests/profile/base/cinder/api.pp +++ b/manifests/profile/base/cinder/api.pp @@ -22,14 +22,47 @@ # (Optional) The hostname of the node responsible for bootstrapping tasks # Defaults to hiera('bootstrap_nodeid') # +# [*certificates_specs*] +# (Optional) The specifications to give to certmonger for the certificate(s) +# it will create. +# Example with hiera: +# apache_certificates_specs: +# httpd-internal_api: +# hostname: <overcloud controller fqdn> +# service_certificate: <service certificate path> +# service_key: <service key path> +# principal: "haproxy/<overcloud controller fqdn>" +# Defaults to hiera('apache_certificate_specs', {}). +# +# [*cinder_api_network*] +# (Optional) The network name where the cinder API endpoint is listening on. +# This is set by t-h-t. +# Defaults to hiera('cinder_api_network', undef) +# +# [*enable_internal_tls*] +# (Optional) Whether TLS in the internal network is enabled or not. +# Defaults to hiera('enable_internal_tls', false) +# +# [*generate_service_certificates*] +# (Optional) Whether or not certmonger will generate certificates for +# HAProxy. This could be as many as specified by the $certificates_specs +# variable. +# Note that this doesn't configure the certificates in haproxy, it merely +# creates the certificates. +# Defaults to hiera('generate_service_certificate', false). +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') # class tripleo::profile::base::cinder::api ( - $bootstrap_node = hiera('bootstrap_nodeid', undef), - $step = hiera('step'), + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $certificates_specs = hiera('apache_certificates_specs', {}), + $cinder_api_network = hiera('cinder_api_network', undef), + $enable_internal_tls = hiera('enable_internal_tls', false), + $generate_service_certificates = hiera('generate_service_certificates', false), + $step = hiera('step'), ) { if $::hostname == downcase($bootstrap_node) { $sync_db = true @@ -39,8 +72,27 @@ class tripleo::profile::base::cinder::api ( include ::tripleo::profile::base::cinder + if $enable_internal_tls { + if $generate_service_certificates { + ensure_resources('tripleo::certmonger::httpd', $certificates_specs) + } + + if !$cinder_api_network { + fail('cinder_api_network is not set in the hieradata.') + } + $tls_certfile = $certificates_specs["httpd-${cinder_api_network}"]['service_certificate'] + $tls_keyfile = $certificates_specs["httpd-${cinder_api_network}"]['service_key'] + } else { + $tls_certfile = undef + $tls_keyfile = undef + } + if $step >= 4 or ($step >= 3 and $sync_db) { include ::cinder::api + class { '::cinder::wsgi::apache': + ssl_cert => $tls_certfile, + ssl_key => $tls_keyfile, + } include ::cinder::ceilometer include ::cinder::glance } diff --git a/manifests/profile/base/cinder/volume.pp b/manifests/profile/base/cinder/volume.pp index 7d562ec..64927b6 100644 --- a/manifests/profile/base/cinder/volume.pp +++ b/manifests/profile/base/cinder/volume.pp @@ -108,13 +108,19 @@ class tripleo::profile::base::cinder::volume ( $cinder_rbd_backend_name = undef } - $cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend_name, - $cinder_rbd_backend_name, - $cinder_eqlx_backend_name, - $cinder_dellsc_backend_name, - $cinder_netapp_backend_name, - $cinder_nfs_backend_name, - $cinder_user_enabled_backends]) + $backends = delete_undef_values([$cinder_iscsi_backend_name, + $cinder_rbd_backend_name, + $cinder_eqlx_backend_name, + $cinder_dellsc_backend_name, + $cinder_netapp_backend_name, + $cinder_nfs_backend_name, + $cinder_user_enabled_backends]) + # NOTE(aschultz): during testing it was found that puppet 3 may incorrectly + # include a "" in the previous array which is not removed by the + # delete_undef_values function. So we need to make sure we don't have any + # "" strings in our array. + $cinder_enabled_backends = delete($backends, '') + class { '::cinder::backends' : enabled_backends => $cinder_enabled_backends, } diff --git a/manifests/profile/base/cinder/volume/eqlx.pp b/manifests/profile/base/cinder/volume/eqlx.pp index 2399459..fe24f4b 100644 --- a/manifests/profile/base/cinder/volume/eqlx.pp +++ b/manifests/profile/base/cinder/volume/eqlx.pp @@ -43,7 +43,7 @@ class tripleo::profile::base::cinder::volume::eqlx ( eqlx_pool => hiera('cinder::backend::eqlx::eqlx_pool', undef), eqlx_use_chap => hiera('cinder::backend::eqlx::eqlx_use_chap', undef), eqlx_chap_login => hiera('cinder::backend::eqlx::eqlx_chap_login', undef), - eqlx_chap_password => hiera('cinder::backend::eqlx::eqlx_san_password', undef), + eqlx_chap_password => hiera('cinder::backend::eqlx::eqlx_chap_password', undef), } } diff --git a/manifests/profile/base/cinder/volume/iscsi.pp b/manifests/profile/base/cinder/volume/iscsi.pp index 8baaf1c..4d333c8 100644 --- a/manifests/profile/base/cinder/volume/iscsi.pp +++ b/manifests/profile/base/cinder/volume/iscsi.pp @@ -29,6 +29,10 @@ # (Optional) The iscsi helper to use # Defaults to 'tgtadm' # +# [*cinder_iscsi_protocol*] +# (Optional) The iscsi protocol to use +# Defaults to 'iscsi' +# # [*cinder_lvm_loop_device_size*] # (Optional) The size (in MB) of the LVM loopback volume # Defaults to '10280' @@ -42,6 +46,7 @@ class tripleo::profile::base::cinder::volume::iscsi ( $cinder_iscsi_address, $backend_name = hiera('cinder::backend::iscsi::volume_backend_name', 'tripleo_iscsi'), $cinder_iscsi_helper = 'tgtadm', + $cinder_iscsi_protocol = 'iscsi', $cinder_lvm_loop_device_size = '10280', $step = hiera('step'), ) { @@ -58,6 +63,7 @@ class tripleo::profile::base::cinder::volume::iscsi ( cinder::backend::iscsi { $backend_name : iscsi_ip_address => normalize_ip_for_uri($cinder_iscsi_address), iscsi_helper => $cinder_iscsi_helper, + iscsi_protocol => $cinder_iscsi_protocol, } } diff --git a/manifests/profile/base/database/mysql.pp b/manifests/profile/base/database/mysql.pp index 9da1456..a039439 100644 --- a/manifests/profile/base/database/mysql.pp +++ b/manifests/profile/base/database/mysql.pp @@ -26,6 +26,28 @@ # (Optional) The hostname of the node responsible for bootstrapping tasks # Defaults to hiera('bootstrap_nodeid') # +# [*certificate_specs*] +# (Optional) The specifications to give to certmonger for the certificate +# it will create. Note that the certificate nickname must be 'mysql' in +# the case of this service. +# Example with hiera: +# tripleo::profile::base::database::mysql::certificate_specs: +# hostname: <overcloud controller fqdn> +# service_certificate: <service certificate path> +# service_key: <service key path> +# principal: "mysql/<overcloud controller fqdn>" +# Defaults to {}. +# +# [*enable_internal_tls*] +# (Optional) Whether TLS in the internal network is enabled or not. +# Defaults to hiera('enable_internal_tls', false) +# +# [*generate_service_certificates*] +# (Optional) Whether or not certmonger will generate certificates for +# MySQL. This could be as many as specified by the $certificates_specs +# variable. +# Defaults to hiera('generate_service_certificate', false). +# # [*manage_resources*] # (Optional) Whether or not manage root user, root my.cnf, and service. # Defaults to true @@ -45,12 +67,15 @@ # Defaults to hiera('step') # class tripleo::profile::base::database::mysql ( - $bind_address = $::hostname, - $bootstrap_node = hiera('bootstrap_nodeid', undef), - $manage_resources = true, - $mysql_server_options = {}, - $remove_default_accounts = true, - $step = hiera('step'), + $bind_address = $::hostname, + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $certificate_specs = {}, + $enable_internal_tls = hiera('enable_internal_tls', false), + $generate_service_certificates = hiera('generate_service_certificates', false), + $manage_resources = true, + $mysql_server_options = {}, + $remove_default_accounts = true, + $step = hiera('step'), ) { if $::hostname == downcase($bootstrap_node) { @@ -60,6 +85,18 @@ class tripleo::profile::base::database::mysql ( } validate_hash($mysql_server_options) + validate_hash($certificate_specs) + + if $enable_internal_tls { + if $generate_service_certificates { + ensure_resource('class', 'tripleo::certmonger::mysql', $certificate_specs) + } + $tls_certfile = $certificate_specs['service_certificate'] + $tls_keyfile = $certificate_specs['service_key'] + } else { + $tls_certfile = undef + $tls_keyfile = undef + } # non-ha scenario if $manage_resources { @@ -84,6 +121,10 @@ class tripleo::profile::base::database::mysql ( 'bind-address' => $bind_address, 'max_connections' => hiera('mysql_max_connections'), 'open_files_limit' => '-1', + 'ssl' => $enable_internal_tls, + 'ssl-key' => $tls_keyfile, + 'ssl-cert' => $tls_certfile, + 'ssl-ca' => undef, } } $mysql_server_options_real = deep_merge($mysql_server_default, $mysql_server_options) @@ -109,7 +150,7 @@ class tripleo::profile::base::database::mysql ( if hiera('cinder_api_enabled', false) { include ::cinder::db::mysql } - if hiera('glance_registry_enabled', false) { + if hiera('glance_api_enabled', false) { include ::glance::db::mysql } if hiera('gnocchi_api_enabled', false) { @@ -143,6 +184,9 @@ class tripleo::profile::base::database::mysql ( if hiera('trove_api_enabled', false) { include ::trove::db::mysql } + if hiera('panko_api_enabled', false) { + include ::panko::db::mysql + } } } diff --git a/manifests/profile/base/glance/api.pp b/manifests/profile/base/glance/api.pp index ecffd7f..5ba7a0b 100644 --- a/manifests/profile/base/glance/api.pp +++ b/manifests/profile/base/glance/api.pp @@ -22,21 +22,35 @@ # (Optional) Glance backend(s) to use. # Defaults to downcase(hiera('glance_backend', 'swift')) # +# [*glance_nfs_enabled*] +# (Optional) Whether to use NFS mount as 'file' backend storage location. +# Defaults to false +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') # # [*rabbit_hosts*] -# list of the rabbbit host IPs -# Defaults to hiera('rabbitmq_node_ips') +# list of the rabbbit host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*rabbit_port*] +# IP port for rabbitmq service +# Defaults to hiera('glance::notify::rabbitmq::rabbit_port', 5672) class tripleo::profile::base::glance::api ( - $glance_backend = downcase(hiera('glance_backend', 'swift')), - $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_ips', undef), + $glance_backend = downcase(hiera('glance_backend', 'swift')), + $glance_nfs_enabled = false, + $step = hiera('step'), + $rabbit_hosts = hiera('rabbitmq_node_names', undef), + $rabbit_port = hiera('glance::notify::rabbitmq::rabbit_port', 5672), ) { + if $step >= 1 and $glance_nfs_enabled { + include ::tripleo::glance::nfs_mount + } + if $step >= 4 { case $glance_backend { 'swift': { $backend_store = 'glance.store.swift.Store' } @@ -53,8 +67,9 @@ class tripleo::profile::base::glance::api ( class { '::glance::api': stores => $glance_store, } + $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") class { '::glance::notify::rabbitmq' : - rabbit_hosts => $rabbit_hosts, + rabbit_hosts => $rabbit_endpoints, } include join(['::glance::backend::', $glance_backend]) } diff --git a/manifests/profile/base/gnocchi/api.pp b/manifests/profile/base/gnocchi/api.pp index 732ea26..2fde1fc 100644 --- a/manifests/profile/base/gnocchi/api.pp +++ b/manifests/profile/base/gnocchi/api.pp @@ -22,19 +22,52 @@ # (Optional) The hostname of the node responsible for bootstrapping tasks # Defaults to hiera('bootstrap_nodeid') # +# [*certificates_specs*] +# (Optional) The specifications to give to certmonger for the certificate(s) +# it will create. +# Example with hiera: +# apache_certificates_specs: +# httpd-internal_api: +# hostname: <overcloud controller fqdn> +# service_certificate: <service certificate path> +# service_key: <service key path> +# principal: "haproxy/<overcloud controller fqdn>" +# Defaults to hiera('apache_certificate_specs', {}). +# +# [*enable_internal_tls*] +# (Optional) Whether TLS in the internal network is enabled or not. +# Defaults to hiera('enable_internal_tls', false) +# +# [*generate_service_certificates*] +# (Optional) Whether or not certmonger will generate certificates for +# HAProxy. This could be as many as specified by the $certificates_specs +# variable. +# Note that this doesn't configure the certificates in haproxy, it merely +# creates the certificates. +# Defaults to hiera('generate_service_certificate', false). +# # [*gnocchi_backend*] # (Optional) Gnocchi backend string file, swift or rbd # Defaults to swift # +# [*gnocchi_network*] +# (Optional) The network name where the gnocchi endpoint is listening on. +# This is set by t-h-t. +# Defaults to hiera('gnocchi_api_network', undef) +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') # class tripleo::profile::base::gnocchi::api ( - $bootstrap_node = hiera('bootstrap_nodeid', undef), - $gnocchi_backend = downcase(hiera('gnocchi_backend', 'swift')), - $step = hiera('step'), + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $certificates_specs = hiera('apache_certificates_specs', {}), + $enable_internal_tls = hiera('enable_internal_tls', false), + $generate_service_certificates = hiera('generate_service_certificates', false), + $gnocchi_backend = downcase(hiera('gnocchi_backend', 'swift')), + $gnocchi_network = hiera('gnocchi_api_network', undef), + $step = hiera('step'), ) { if $::hostname == downcase($bootstrap_node) { $sync_db = true @@ -44,14 +77,35 @@ class tripleo::profile::base::gnocchi::api ( include ::tripleo::profile::base::gnocchi + if $enable_internal_tls { + if $generate_service_certificates { + ensure_resources('tripleo::certmonger::httpd', $certificates_specs) + } + + if !$gnocchi_network { + fail('gnocchi_api_network is not set in the hieradata.') + } + $tls_certfile = $certificates_specs["httpd-${gnocchi_network}"]['service_certificate'] + $tls_keyfile = $certificates_specs["httpd-${gnocchi_network}"]['service_key'] + } else { + $tls_certfile = undef + $tls_keyfile = undef + } + if $step >= 3 and $sync_db { include ::gnocchi::db::sync } if $step >= 4 { include ::gnocchi::api - include ::gnocchi::wsgi::apache - include ::gnocchi::storage + class { '::gnocchi::wsgi::apache': + ssl_cert => $tls_certfile, + ssl_key => $tls_keyfile, + } + + class { '::gnocchi::storage': + coordination_url => join(['redis://:', hiera('gnocchi_redis_password'), '@', normalize_ip_for_uri(hiera('redis_vip')), ':6379/']), + } case $gnocchi_backend { 'swift': { include ::gnocchi::storage::swift } 'file': { include ::gnocchi::storage::file } diff --git a/manifests/profile/base/haproxy.pp b/manifests/profile/base/haproxy.pp index e018f36..f16ec1b 100644 --- a/manifests/profile/base/haproxy.pp +++ b/manifests/profile/base/haproxy.pp @@ -84,7 +84,9 @@ class tripleo::profile::base::haproxy ( Tripleo::Certmonger::Haproxy<||> ~> Haproxy::Listen<||> } - include ::tripleo::haproxy + class {'::tripleo::haproxy': + internal_certificates_specs => $certificates_specs, + } unless hiera('tripleo::haproxy::haproxy_service_manage', true) { # Reload HAProxy configuration if the haproxy class has refreshed or any @@ -93,7 +95,7 @@ class tripleo::profile::base::haproxy ( command => 'systemctl reload haproxy', path => ['/usr/bin', '/usr/sbin'], refreshonly => true, - onlyif => 'pcs property | grep -q "maintenance-mode.*true"', + onlyif => 'systemctl is-active haproxy | grep -q active', subscribe => Class['::haproxy'] } Haproxy::Listen<||> ~> Exec['haproxy-reload'] diff --git a/manifests/profile/base/heat.pp b/manifests/profile/base/heat.pp index 027ab7e..c743ce0 100644 --- a/manifests/profile/base/heat.pp +++ b/manifests/profile/base/heat.pp @@ -36,19 +36,24 @@ # Defaults to hiera('step') # # [*rabbit_hosts*] -# list of the rabbbit host IPs -# Defaults to hiera('rabbitmq_node_ips') +# list of the rabbbit host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*rabbit_port*] +# IP port for rabbitmq service +# Defaults to hiera('heat::rabbit_port', 5672) class tripleo::profile::base::heat ( $bootstrap_node = downcase(hiera('bootstrap_nodeid')), $manage_db_purge = hiera('heat_enable_db_purge', true), $notification_driver = 'messaging', $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_ips', undef), + $rabbit_hosts = hiera('rabbitmq_node_names', undef), + $rabbit_port = hiera('heat::rabbit_port', 5672), ) { - # Domain resources will be created at step5 on the bootstrap_node so we + # Domain resources will be created at step5 on the node running keystone.pp # configure heat.conf at step3 and 4 but actually create the domain later. - if $step == 3 or $step == 4 { + if $step >= 3 { class { '::heat::keystone::domain': manage_domain => false, manage_user => false, @@ -57,9 +62,10 @@ class tripleo::profile::base::heat ( } if $step >= 4 { + $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") class { '::heat' : notification_driver => $notification_driver, - rabbit_hosts => $rabbit_hosts, + rabbit_hosts => $rabbit_endpoints, } include ::heat::config include ::heat::cors @@ -69,20 +75,6 @@ class tripleo::profile::base::heat ( if $manage_db_purge { include ::heat::cron::purge_deleted } - if $bootstrap_node == $::hostname { - # Class ::heat::keystone::domain has to run on bootstrap node - # because it creates DB entities via API calls. - include ::heat::keystone::domain - - Class['::keystone::roles::admin'] -> Class['::heat::keystone::domain'] - } else { - # On non-bootstrap node we don't need to create Keystone resources again - class { '::heat::keystone::domain': - manage_domain => false, - manage_user => false, - manage_role => false, - } - } } } diff --git a/manifests/profile/base/ironic.pp b/manifests/profile/base/ironic.pp index c4e525a..5db1e1f 100644 --- a/manifests/profile/base/ironic.pp +++ b/manifests/profile/base/ironic.pp @@ -27,13 +27,18 @@ # Defaults to hiera('step') # # [*rabbit_hosts*] -# list of the rabbbit host IPs -# Defaults to hiera('rabbitmq_node_ips') +# list of the rabbbit host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*rabbit_port*] +# IP port for rabbitmq service +# Defaults to hiera('ironic::rabbit_port', 5672) class tripleo::profile::base::ironic ( $bootstrap_node = hiera('bootstrap_nodeid', undef), $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_ips', undef), + $rabbit_hosts = hiera('rabbitmq_node_names', undef), + $rabbit_port = hiera('ironic::rabbit_port', 5672), ) { # Database is accessed by both API and conductor, hence it's here. if $::hostname == downcase($bootstrap_node) { @@ -43,9 +48,10 @@ class tripleo::profile::base::ironic ( } if $step >= 4 or ($step >= 3 and $sync_db) { + $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") class { '::ironic': sync_db => $sync_db, - rabbit_hosts => $rabbit_hosts, + rabbit_hosts => $rabbit_endpoints, } include ::ironic::cors diff --git a/manifests/profile/base/keepalived.pp b/manifests/profile/base/keepalived.pp index f2063d6..8dd03dc 100644 --- a/manifests/profile/base/keepalived.pp +++ b/manifests/profile/base/keepalived.pp @@ -27,13 +27,54 @@ # for more details. # Defaults to hiera('step') # +# [*control_virtual_interface*] +# (Optional) Interface specified for control plane network +# Defaults to hiera('tripleo::keepalived::control_virtual_interface', false) +# +# [*control_virtual_ip*] +# Virtual IP address used for control plane network +# Defaults to hiera('tripleo::keepalived::controller_virtual_ip') +# +# [*public_virtual_interface*] +# (Optional) Interface specified for public/external network +# Defaults to hiera('tripleo::keepalived::public_virtual_interface', false) +# +# [*public_virtual_ip*] +# Virtual IP address used for public/ network +# Defaults to hiera('tripleo::keepalived::public_virtual_ip') +# class tripleo::profile::base::keepalived ( - $enable_load_balancer = hiera('enable_load_balancer', true), - $step = hiera('step'), + $enable_load_balancer = hiera('enable_load_balancer', true), + $control_virtual_interface = hiera('tripleo::keepalived::control_virtual_interface', false), + $control_virtual_ip = hiera('tripleo::keepalived::controller_virtual_ip'), + $public_virtual_interface = hiera('tripleo::keepalived::public_virtual_interface', false), + $public_virtual_ip = hiera('tripleo::keepalived::public_virtual_ip'), + $step = hiera('step'), ) { if $step >= 1 { if $enable_load_balancer and hiera('enable_keepalived', true){ - include ::tripleo::keepalived + if ! $control_virtual_interface { + $control_detected_interface = interface_for_ip($control_virtual_ip) + if ! $control_detected_interface { + fail('Unable to find interface for control plane network') + } + } else { + $control_detected_interface = $control_virtual_interface + } + + if ! $public_virtual_interface { + $public_detected_interface = interface_for_ip($public_virtual_ip) + if ! $public_detected_interface { + fail('Unable to find interface for public network') + } + } else { + $public_detected_interface = $public_virtual_interface + } + + class { '::tripleo::keepalived': + control_virtual_interface => $control_detected_interface, + public_virtual_interface => $public_detected_interface, + } } } } diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index d515f8f..26e7b1f 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -18,48 +18,144 @@ # # === Parameters # +# [*admin_endpoint_network*] +# (Optional) The network name where the admin endpoint is listening on. +# This is set by t-h-t. +# Defaults to hiera('keystone_admin_api_network', undef) +# # [*bootstrap_node*] # (Optional) The hostname of the node responsible for bootstrapping tasks # Defaults to hiera('bootstrap_nodeid') # +# [*certificates_specs*] +# (Optional) The specifications to give to certmonger for the certificate(s) +# it will create. +# Example with hiera: +# apache_certificates_specs: +# httpd-internal_api: +# hostname: <overcloud controller fqdn> +# service_certificate: <service certificate path> +# service_key: <service key path> +# principal: "haproxy/<overcloud controller fqdn>" +# Defaults to hiera('apache_certificate_specs', {}). +# +# [*enable_internal_tls*] +# (Optional) Whether TLS in the internal network is enabled or not. +# Defaults to hiera('enable_internal_tls', false) +# +# [*generate_service_certificates*] +# (Optional) Whether or not certmonger will generate certificates for +# HAProxy. This could be as many as specified by the $certificates_specs +# variable. +# Note that this doesn't configure the certificates in haproxy, it merely +# creates the certificates. +# Defaults to hiera('generate_service_certificate', false). +# +# [*heat_admin_domain*] +# domain name for heat admin +# Defaults to undef +# +# [*heat_admin_email*] +# heat admin email address +# Defaults to undef +# +# [*heat_admin_password*] +# heat admin password +# Defaults to undef +# +# [*heat_admin_user*] +# heat admin user name +# Defaults to undef +# # [*manage_db_purge*] # (Optional) Whether keystone token flushing should be enabled # Defaults to hiera('keystone_enable_db_purge', true) # +# [*public_endpoint_network*] +# (Optional) The network name where the admin endpoint is listening on. +# This is set by t-h-t. +# Defaults to hiera('keystone_public_api_network', undef) +# +# +# [*rabbit_hosts*] +# list of the rabbbit host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*rabbit_port*] +# IP port for rabbitmq service +# Defaults to hiera('keystone::rabbit_port', 5672) +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') # -# [*rabbit_hosts*] -# list of the rabbbit host IPs -# Defaults to hiera('rabbitmq_node_ips') - class tripleo::profile::base::keystone ( - $bootstrap_node = hiera('bootstrap_nodeid', undef), - $manage_db_purge = hiera('keystone_enable_db_purge', true), - $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_ips', undef), + $admin_endpoint_network = hiera('keystone_admin_api_network', undef), + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $certificates_specs = hiera('apache_certificates_specs', {}), + $enable_internal_tls = hiera('enable_internal_tls', false), + $generate_service_certificates = hiera('generate_service_certificates', false), + $heat_admin_domain = undef, + $heat_admin_email = undef, + $heat_admin_password = undef, + $heat_admin_user = undef, + $manage_db_purge = hiera('keystone_enable_db_purge', true), + $public_endpoint_network = hiera('keystone_public_api_network', undef), + $rabbit_hosts = hiera('rabbitmq_node_names', undef), + $rabbit_port = hiera('keystone::rabbit_port', 5672), + $step = hiera('step'), ) { if $::hostname == downcase($bootstrap_node) { $sync_db = true $manage_roles = true $manage_endpoint = true + $manage_domain = true } else { $sync_db = false $manage_roles = false $manage_endpoint = false + $manage_domain = false + } + + if $enable_internal_tls { + if $generate_service_certificates { + ensure_resources('tripleo::certmonger::httpd', $certificates_specs) + } + + if !$public_endpoint_network { + fail('keystone_public_api_network is not set in the hieradata.') + } + $tls_certfile = $certificates_specs["httpd-${public_endpoint_network}"]['service_certificate'] + $tls_keyfile = $certificates_specs["httpd-${public_endpoint_network}"]['service_key'] + + if !$admin_endpoint_network { + fail('keystone_admin_api_network is not set in the hieradata.') + } + $tls_certfile_admin = $certificates_specs["httpd-${admin_endpoint_network}"]['service_certificate'] + $tls_keyfile_admin = $certificates_specs["httpd-${admin_endpoint_network}"]['service_key'] + } else { + $tls_certfile = undef + $tls_keyfile = undef + $tls_certfile_admin = undef + $tls_keyfile_admin = undef } if $step >= 4 or ( $step >= 3 and $sync_db ) { + $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") class { '::keystone': sync_db => $sync_db, enable_bootstrap => $sync_db, - rabbit_hosts => $rabbit_hosts, + rabbit_hosts => $rabbit_endpoints, } include ::keystone::config - include ::keystone::wsgi::apache + class { '::keystone::wsgi::apache': + ssl_cert => $tls_certfile, + ssl_key => $tls_keyfile, + ssl_cert_admin => $tls_certfile_admin, + ssl_key_admin => $tls_keyfile_admin, + } include ::keystone::cors if $manage_roles { @@ -76,10 +172,34 @@ class tripleo::profile::base::keystone ( include ::keystone::cron::token_flush } + if $step >= 5 and $manage_domain { + if hiera('heat_engine_enabled', false) { + # create these seperate and don't use ::heat::keystone::domain since + # that class writes out the configs + keystone_domain { $heat_admin_domain: + ensure => 'present', + enabled => true + } + keystone_user { "${heat_admin_user}::${heat_admin_domain}": + ensure => 'present', + enabled => true, + email => $heat_admin_email, + password => $heat_admin_password + } + keystone_user_role { "${heat_admin_user}::${heat_admin_domain}@::${heat_admin_domain}": + roles => ['admin'], + require => Class['::keystone::roles::admin'] + } + } + } + if $step >= 5 and $manage_endpoint{ if hiera('aodh_api_enabled', false) { include ::aodh::keystone::auth } + if hiera('barbican_api_enabled', false) { + include ::barbican::keystone::auth + } if hiera('ceilometer_api_enabled', false) { include ::ceilometer::keystone::auth } @@ -116,6 +236,9 @@ class tripleo::profile::base::keystone ( if hiera('nova_api_enabled', false) { include ::nova::keystone::auth } + if hiera('panko_api_enabled', false) { + include ::panko::keystone::auth + } if hiera('sahara_api_enabled', false) { include ::sahara::keystone::auth } @@ -125,6 +248,10 @@ class tripleo::profile::base::keystone ( if hiera('trove_api_enabled', false) { include ::trove::keystone::auth } + if hiera('zaqar_enabled', false) { + include ::zaqar::keystone::auth + include ::zaqar::keystone::auth_websocket + } } } diff --git a/manifests/profile/base/logging/fluentd.pp b/manifests/profile/base/logging/fluentd.pp index 3ed7d88..9e1aa8d 100644 --- a/manifests/profile/base/logging/fluentd.pp +++ b/manifests/profile/base/logging/fluentd.pp @@ -52,7 +52,7 @@ # secure-foward plugin. # # [*fluentd_listen_syslog*] -# (Optional, default true) When true, fluentd will listen for syslog +# (Optional, default true) When true, fluentd will listen for syslog # messages on a local UDP port. # # [*fluentd_syslog_port*] @@ -71,107 +71,105 @@ class tripleo::profile::base::logging::fluentd ( $fluentd_listen_syslog = true, $fluentd_syslog_port = 42185 ) { - if $step == undef or $step >= 3 { - include ::fluentd + include ::fluentd - if $fluentd_groups { - user { $::fluentd::config_owner: - ensure => present, - groups => $fluentd_groups, - membership => 'minimum', - } + if $fluentd_groups { + user { $::fluentd::config_owner: + ensure => present, + groups => $fluentd_groups, + membership => 'minimum', } + } - if $fluentd_pos_file_path { - file { $fluentd_pos_file_path: - ensure => 'directory', - owner => $::fluentd::config_owner, - group => $::fluentd::config_group, - mode => '0750', - } + if $fluentd_pos_file_path { + file { $fluentd_pos_file_path: + ensure => 'directory', + owner => $::fluentd::config_owner, + group => $::fluentd::config_group, + mode => '0750', } + } - ::fluentd::plugin { 'rubygem-fluent-plugin-add': - plugin_provider => 'yum', - } + ::fluentd::plugin { 'rubygem-fluent-plugin-add': + plugin_provider => 'yum', + } - if $fluentd_sources { - ::fluentd::config { '100-openstack-sources.conf': - config => { - 'source' => $fluentd_sources, - } + if $fluentd_sources { + ::fluentd::config { '100-openstack-sources.conf': + config => { + 'source' => $fluentd_sources, } } + } - if $fluentd_listen_syslog { - # fluentd will receive syslog messages by listening on a local udp - # socket. - ::fluentd::config { '110-system-sources.conf': - config => { - 'source' => { - 'type' => 'syslog', - 'tag' => 'system.messages', - 'port' => $fluentd_syslog_port, - } + if $fluentd_listen_syslog { + # fluentd will receive syslog messages by listening on a local udp + # socket. + ::fluentd::config { '110-system-sources.conf': + config => { + 'source' => { + 'type' => 'syslog', + 'tag' => 'system.messages', + 'port' => $fluentd_syslog_port, } } + } - file { '/etc/rsyslog.d/fluentd.conf': - content => "*.* @127.0.0.1:${fluentd_syslog_port}", - owner => 'root', - group => 'root', - mode => '0644', - } ~> exec { 'reload rsyslog': - command => '/bin/systemctl restart rsyslog', - } + file { '/etc/rsyslog.d/fluentd.conf': + content => "*.* @127.0.0.1:${fluentd_syslog_port}", + owner => 'root', + group => 'root', + mode => '0644', + } ~> exec { 'reload rsyslog': + command => '/bin/systemctl restart rsyslog', } + } - if $fluentd_filters { - ::fluentd::config { '200-openstack-filters.conf': - config => { - 'filter' => $fluentd_filters, - } + if $fluentd_filters { + ::fluentd::config { '200-openstack-filters.conf': + config => { + 'filter' => $fluentd_filters, } } + } - if $fluentd_servers and !empty($fluentd_servers) { - if $fluentd_use_ssl { - ::fluentd::plugin { 'rubygem-fluent-plugin-secure-forward': - plugin_provider => 'yum', - } + if $fluentd_servers and !empty($fluentd_servers) { + if $fluentd_use_ssl { + ::fluentd::plugin { 'rubygem-fluent-plugin-secure-forward': + plugin_provider => 'yum', + } - file {'/etc/fluentd/ca_cert.pem': - content => $fluentd_ssl_certificate, - owner => $::fluentd::config_owner, - group => $::fluentd::config_group, - mode => '0444', - } + file {'/etc/fluentd/ca_cert.pem': + content => $fluentd_ssl_certificate, + owner => $::fluentd::config_owner, + group => $::fluentd::config_group, + mode => '0444', + } - ::fluentd::config { '300-openstack-matches.conf': - config => { - 'match' => { - # lint:ignore:single_quote_string_with_variables - # lint:ignore:quoted_booleans - 'type' => 'secure_forward', - 'tag_pattern' => '**', - 'self_hostname' => '${hostname}', - 'secure' => 'true', - 'ca_cert_path' => '/etc/fluentd/ca_cert.pem', - 'shared_key' => $fluentd_shared_key, - 'server' => $fluentd_servers, - # lint:endignore - # lint:endignore - } + ::fluentd::config { '300-openstack-matches.conf': + config => { + 'match' => { + # lint:ignore:single_quote_string_with_variables + # lint:ignore:quoted_booleans + 'type' => 'secure_forward', + 'tag_pattern' => '**', + 'self_hostname' => '${hostname}', + 'secure' => 'true', + 'ca_cert_path' => '/etc/fluentd/ca_cert.pem', + 'shared_key' => $fluentd_shared_key, + 'server' => $fluentd_servers, + # lint:endignore + # lint:endignore } } - } else { - ::fluentd::config { '300-openstack-matches.conf': - config => { - 'match' => { - 'type' => 'forward', - 'tag_pattern' => '**', - 'server' => $fluentd_servers, - } + } + } else { + ::fluentd::config { '300-openstack-matches.conf': + config => { + 'match' => { + 'type' => 'forward', + 'tag_pattern' => '**', + 'server' => $fluentd_servers, } } } diff --git a/manifests/profile/base/manila.pp b/manifests/profile/base/manila.pp index 5210284..f021f64 100644 --- a/manifests/profile/base/manila.pp +++ b/manifests/profile/base/manila.pp @@ -27,13 +27,18 @@ # Defaults to hiera('step') # # [*rabbit_hosts*] -# list of the rabbbit host IPs -# Defaults to hiera('rabbitmq_node_ips') +# list of the rabbbit host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*rabbit_port*] +# IP port for rabbitmq service +# Defaults to hiera('manila::rabbit_port', 5672) class tripleo::profile::base::manila ( $bootstrap_node = hiera('bootstrap_nodeid', undef), $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_ips', undef), + $rabbit_hosts = hiera('rabbitmq_node_names', undef), + $rabbit_port = hiera('manila::rabbit_port', 5672), ) { if $::hostname == downcase($bootstrap_node) { $sync_db = true @@ -42,8 +47,9 @@ class tripleo::profile::base::manila ( } if $step >= 4 or ($step >= 3 and $sync_db) { + $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") class { '::manila' : - rabbit_hosts => $rabbit_hosts, + rabbit_hosts => $rabbit_endpoints, } include ::manila::config } diff --git a/manifests/profile/base/manila/api.pp b/manifests/profile/base/manila/api.pp index 1f78ab3..021fffd 100644 --- a/manifests/profile/base/manila/api.pp +++ b/manifests/profile/base/manila/api.pp @@ -18,6 +18,18 @@ # # === Parameters # +# [*backend_generic_enabled*] +# (Optional) Whether or not the generic backend is enabled +# Defaults to hiera('manila_backend_generic_enabled', false) +# +# [*backend_netapp_enabled*] +# (Optional) Whether or not the netapp backend is enabled +# Defaults to hiera('manila_backend_netapp_enabled', false) +# +# [*backend_cephfs_enabled*] +# (Optional) Whether or not the cephfs backend is enabled +# Defaults to hiera('manila_backend_cephfs_enabled', false) +# # [*bootstrap_node*] # (Optional) The hostname of the node responsible for bootstrapping tasks # Defaults to hiera('bootstrap_nodeid') @@ -28,8 +40,11 @@ # Defaults to hiera('step') class tripleo::profile::base::manila::api ( - $bootstrap_node = hiera('bootstrap_nodeid', undef), - $step = hiera('step'), + $backend_generic_enabled = hiera('manila_backend_generic_enabled', false), + $backend_netapp_enabled = hiera('manila_backend_netapp_enabled', false), + $backend_cephfs_enabled = hiera('manila_backend_cephfs_enabled', false), + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $step = hiera('step'), ) { if $::hostname == downcase($bootstrap_node) { $sync_db = true @@ -40,6 +55,20 @@ class tripleo::profile::base::manila::api ( include ::tripleo::profile::base::manila if $step >= 4 or ($step >= 3 and $sync_db) { - include ::manila::api + if $backend_generic_enabled or $backend_netapp_enabled { + $nfs_protocol = 'NFS' + $cifs_protocol = 'CIFS' + } else { + $nfs_protocol = undef + $cifs_protocol = undef + } + if $backend_cephfs_enabled { + $cephfs_protocol = 'CEPHFS' + } else { + $cephfs_protocol = undef + } + class { '::manila::api' : + enabled_share_protocols => join(delete_undef_values([$nfs_protocol,$cifs_protocol,$cephfs_protocol]), ',') + } } } diff --git a/manifests/profile/base/mistral.pp b/manifests/profile/base/mistral.pp index 9986d22..d8e1330 100644 --- a/manifests/profile/base/mistral.pp +++ b/manifests/profile/base/mistral.pp @@ -28,13 +28,18 @@ # Defaults to hiera('step') # # [*rabbit_hosts*] -# list of the rabbbit host IPs -# Defaults to hiera('rabbitmq_node_ips') +# list of the rabbbit host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*rabbit_port*] +# IP port for rabbitmq service +# Defaults to hiera('mistral::rabbit_port', 5672) class tripleo::profile::base::mistral ( $bootstrap_node = hiera('bootstrap_nodeid', undef), $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_ips', undef), + $rabbit_hosts = hiera('rabbitmq_node_names', undef), + $rabbit_port = hiera('mistral::rabbit_port', 5672), ) { if $::hostname == downcase($bootstrap_node) { $sync_db = true @@ -43,8 +48,9 @@ class tripleo::profile::base::mistral ( } if $step >= 4 or ($step >= 3 and $sync_db) { + $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") class { '::mistral': - rabbit_hosts => $rabbit_hosts, + rabbit_hosts => $rabbit_endpoints, } include ::mistral::config include ::mistral::client diff --git a/manifests/profile/base/monitoring/sensu.pp b/manifests/profile/base/monitoring/sensu.pp index a6872b3..91b7ac7 100644 --- a/manifests/profile/base/monitoring/sensu.pp +++ b/manifests/profile/base/monitoring/sensu.pp @@ -25,10 +25,8 @@ class tripleo::profile::base::monitoring::sensu ( $step = hiera('step', undef), ) { - if $step == undef or $step >= 3 { - include ::sensu - package { 'osops-tools-monitoring-oschecks': - ensure => 'present' - } + include ::sensu + package { 'osops-tools-monitoring-oschecks': + ensure => 'present' } } diff --git a/manifests/profile/base/neutron.pp b/manifests/profile/base/neutron.pp index 90a5c23..e6a32db 100644 --- a/manifests/profile/base/neutron.pp +++ b/manifests/profile/base/neutron.pp @@ -23,16 +23,22 @@ # Defaults to hiera('step') # # [*rabbit_hosts*] -# list of the rabbbit host IPs -# Defaults to hiera('rabbitmq_node_ips') +# list of the rabbbit host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*rabbit_port*] +# IP port for rabbitmq service +# Defaults to hiera('neutron::rabbit_port', 5672 class tripleo::profile::base::neutron ( $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_ips', undef), + $rabbit_hosts = hiera('rabbitmq_node_names', undef), + $rabbit_port = hiera('neutron::rabbit_port', 5672), ) { if $step >= 3 { + $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") class { '::neutron' : - rabbit_hosts => $rabbit_hosts, + rabbit_hosts => $rabbit_endpoints, } include ::neutron::config } diff --git a/manifests/profile/base/neutron/opendaylight.pp b/manifests/profile/base/neutron/opendaylight.pp index ffe28ce..a3f46ec 100644 --- a/manifests/profile/base/neutron/opendaylight.pp +++ b/manifests/profile/base/neutron/opendaylight.pp @@ -39,7 +39,7 @@ class tripleo::profile::base::neutron::opendaylight ( if $step >= 1 { # Configure ODL only on first controller - if hiera('odl_on_controller') and $primary_controller == downcase($::hostname) { + if $primary_controller == downcase($::hostname) { include ::opendaylight } } diff --git a/manifests/profile/base/neutron/plugins/ml2/opendaylight.pp b/manifests/profile/base/neutron/plugins/ml2/opendaylight.pp index f25aea6..c120931 100644 --- a/manifests/profile/base/neutron/plugins/ml2/opendaylight.pp +++ b/manifests/profile/base/neutron/plugins/ml2/opendaylight.pp @@ -22,6 +22,14 @@ # (Optional) Port to use for OpenDaylight # Defaults to hiera('opendaylight::odl_rest_port') # +# [*odl_username*] +# (Optional) Username to configure for OpenDaylight +# Defaults to 'admin' +# +# [*odl_password*] +# (Optional) Password to configure for OpenDaylight +# Defaults to 'admin' +# # [*conn_proto*] # (Optional) Protocol to use to for ODL REST access # Defaults to hiera('opendaylight::nb_connection_protocol') @@ -32,22 +40,21 @@ # Defaults to hiera('step') # class tripleo::profile::base::neutron::plugins::ml2::opendaylight ( - $odl_port = hiera('opendaylight::odl_rest_port'), - $conn_proto = hiera('opendaylight::nb_connection_protocol'), - $step = hiera('step'), + $odl_port = hiera('opendaylight::odl_rest_port'), + $odl_username = hiera('opendaylight::username'), + $odl_password = hiera('opendaylight::password'), + $conn_proto = hiera('opendaylight::nb_connection_protocol'), + $step = hiera('step'), ) { if $step >= 4 { - # Figure out ODL IP - if hiera('odl_on_controller') { - $odl_url_ip = hiera('opendaylight_api_vip') - } else { - $odl_url_ip = hiera('opendaylight::odl_bind_ip') - } + $odl_url_ip = hiera('opendaylight_api_vip') if ! $odl_url_ip { fail('OpenDaylight Controller IP/VIP is Empty') } class { '::neutron::plugins::ml2::opendaylight': + odl_username => $odl_username, + odl_password => $odl_password, odl_url => "${conn_proto}://${odl_url_ip}:${odl_port}/controller/nb/v2/neutron"; } } diff --git a/manifests/profile/base/neutron/plugins/ovs/opendaylight.pp b/manifests/profile/base/neutron/plugins/ovs/opendaylight.pp index 7548046..91c5168 100644 --- a/manifests/profile/base/neutron/plugins/ovs/opendaylight.pp +++ b/manifests/profile/base/neutron/plugins/ovs/opendaylight.pp @@ -48,14 +48,8 @@ class tripleo::profile::base::neutron::plugins::ovs::opendaylight ( ) { if $step >= 4 { - # Figure out ODL IP (and VIP if on controller) - if hiera('odl_on_controller') { - $opendaylight_controller_ip = $odl_api_ips[0] - $odl_url_ip = hiera('opendaylight_api_vip') - } else { - $opendaylight_controller_ip = hiera('opendaylight::odl_bind_ip') - $odl_url_ip = $opendaylight_controller_ip - } + $opendaylight_controller_ip = $odl_api_ips[0] + $odl_url_ip = hiera('opendaylight_api_vip') if ! $opendaylight_controller_ip { fail('OpenDaylight Controller IP is Empty') } diff --git a/manifests/profile/base/neutron/server.pp b/manifests/profile/base/neutron/server.pp index 82c2d5f..4667ae2 100644 --- a/manifests/profile/base/neutron/server.pp +++ b/manifests/profile/base/neutron/server.pp @@ -27,9 +27,30 @@ # for more details. # Defaults to hiera('step') # +# [*l3_ha_override*] +# (Optional) Override the calculated value for neutron::server::l3_ha +# by default this is calculated to enable when DVR is not enabled +# and the number of nodes running neutron api is more than one. +# Defaults to '' which aligns with the t-h-t default, and means use +# the calculated value. Other possible values are 'true' or 'false' +# +# [*l3_nodes*] +# (Optional) List of nodes running the l3 agent, used when no override +# is passed to l3_ha_override to calculate enabling l3 HA. +# Defaults to hiera('neutron_l3_short_node_names') or [] +# (we need to default neutron_l3_short_node_names to an empty list +# because some neutron backends disable the l3 agent) +# +# [*dvr_enabled*] +# (Optional) Is dvr enabled, used when no override is passed to +# l3_ha_override to calculate enabling l3 HA. +# Defaults to hiera('neutron::server::router_distributed') or false class tripleo::profile::base::neutron::server ( $bootstrap_node = hiera('bootstrap_nodeid', undef), $step = hiera('step'), + $l3_ha_override = '', + $l3_nodes = hiera('neutron_l3_short_node_names', []), + $dvr_enabled = hiera('neutron::server::router_distributed', false) ) { if $::hostname == downcase($bootstrap_node) { $sync_db = true @@ -39,6 +60,16 @@ class tripleo::profile::base::neutron::server ( include ::tripleo::profile::base::neutron + # Calculate neutron::server::l3_ha based on the number of API nodes + # combined with if DVR is enabled. + if $l3_ha_override != '' { + $l3_ha = str2bool($l3_ha_override) + } elsif ! str2bool($dvr_enabled) { + $l3_ha = size($l3_nodes) > 1 + } else { + $l3_ha = false + } + # We start neutron-server on the bootstrap node first, because # it will try to populate tables and we need to make sure this happens # before it starts on other nodes @@ -48,12 +79,14 @@ class tripleo::profile::base::neutron::server ( # to true class { '::neutron::server': sync_db => $sync_db, + l3_ha => $l3_ha, } } if $step >= 5 and !$sync_db { include ::neutron::server::notifications class { '::neutron::server': sync_db => $sync_db, + l3_ha => $l3_ha, } } } diff --git a/manifests/profile/base/nova.pp b/manifests/profile/base/nova.pp index 74f0460..7f1c862 100644 --- a/manifests/profile/base/nova.pp +++ b/manifests/profile/base/nova.pp @@ -39,8 +39,12 @@ # Defaults to hiera('step') # # [*rabbit_hosts*] -# list of the rabbbit host IPs -# Defaults to hiera('rabbitmq_node_ips') +# list of the rabbbit host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*rabbit_port*] +# IP port for rabbitmq service +# Defaults to hiera('nova::rabbit_port', 5672) class tripleo::profile::base::nova ( $bootstrap_node = hiera('bootstrap_nodeid', undef), @@ -48,7 +52,8 @@ class tripleo::profile::base::nova ( $manage_migration = false, $nova_compute_enabled = false, $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_ips', undef), + $rabbit_hosts = hiera('rabbitmq_node_names', undef), + $rabbit_port = hiera('nova::rabbit_port', 5672), ) { if $::hostname == downcase($bootstrap_node) { $sync_db = true @@ -63,8 +68,9 @@ class tripleo::profile::base::nova ( } if hiera('step') >= 4 or (hiera('step') >= 3 and $sync_db) { + $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") class { '::nova' : - rabbit_hosts => $rabbit_hosts, + rabbit_hosts => $rabbit_endpoints, } include ::nova::config class { '::nova::cache': diff --git a/manifests/profile/base/nova/api.pp b/manifests/profile/base/nova/api.pp index 3c472c5..e660990 100644 --- a/manifests/profile/base/nova/api.pp +++ b/manifests/profile/base/nova/api.pp @@ -20,14 +20,47 @@ # (Optional) The hostname of the node responsible for bootstrapping tasks # Defaults to hiera('bootstrap_nodeid') # +# [*certificates_specs*] +# (Optional) The specifications to give to certmonger for the certificate(s) +# it will create. +# Example with hiera: +# apache_certificates_specs: +# httpd-internal_api: +# hostname: <overcloud controller fqdn> +# service_certificate: <service certificate path> +# service_key: <service key path> +# principal: "haproxy/<overcloud controller fqdn>" +# Defaults to hiera('apache_certificate_specs', {}). +# +# [*enable_internal_tls*] +# (Optional) Whether TLS in the internal network is enabled or not. +# Defaults to hiera('enable_internal_tls', false) +# +# [*generate_service_certificates*] +# (Optional) Whether or not certmonger will generate certificates for +# HAProxy. This could be as many as specified by the $certificates_specs +# variable. +# Note that this doesn't configure the certificates in haproxy, it merely +# creates the certificates. +# Defaults to hiera('generate_service_certificate', false). +# +# [*nova_api_network*] +# (Optional) The network name where the nova API endpoint is listening on. +# This is set by t-h-t. +# Defaults to hiera('nova_api_network', undef) +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') # class tripleo::profile::base::nova::api ( - $bootstrap_node = hiera('bootstrap_nodeid', undef), - $step = hiera('step'), + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $certificates_specs = hiera('apache_certificates_specs', {}), + $enable_internal_tls = hiera('enable_internal_tls', false), + $generate_service_certificates = hiera('generate_service_certificates', false), + $nova_api_network = hiera('nova_api_network', undef), + $step = hiera('step'), ) { if $::hostname == downcase($bootstrap_node) { $sync_db = true @@ -37,11 +70,41 @@ class tripleo::profile::base::nova::api ( include ::tripleo::profile::base::nova + if $enable_internal_tls { + if $generate_service_certificates { + ensure_resources('tripleo::certmonger::httpd', $certificates_specs) + } + + if !$nova_api_network { + fail('nova_api_network is not set in the hieradata.') + } + $tls_certfile = $certificates_specs["httpd-${nova_api_network}"]['service_certificate'] + $tls_keyfile = $certificates_specs["httpd-${nova_api_network}"]['service_key'] + } else { + $tls_certfile = undef + $tls_keyfile = undef + } + if $step >= 4 or ($step >= 3 and $sync_db) { + + if hiera('nova::use_ipv6', false) { + $memcache_servers = suffix(any2array(normalize_ip_for_uri(hiera('memcached_node_ips_v6'))), ':11211') + } else { + $memcache_servers = suffix(any2array(normalize_ip_for_uri(hiera('memcached_node_ips'))), ':11211') + } + + class { '::nova::keystone::authtoken': + memcached_servers => $memcache_servers + } + class { '::nova::api': sync_db => $sync_db, sync_db_api => $sync_db, } + class { '::nova::wsgi::apache': + ssl_cert => $tls_certfile, + ssl_key => $tls_keyfile, + } include ::nova::network::neutron } diff --git a/manifests/profile/base/pacemaker.pp b/manifests/profile/base/pacemaker.pp index 0d628b5..cc5fd8a 100644 --- a/manifests/profile/base/pacemaker.pp +++ b/manifests/profile/base/pacemaker.pp @@ -68,17 +68,6 @@ class tripleo::profile::base::pacemaker ( # enable stonith after all fencing devices have been created Class['tripleo::fencing'] -> Class['pacemaker::stonith'] } - - # FIXME(gfidente): sets 200secs as default start timeout op - # param; until we can use pcmk global defaults we'll still - # need to add it to every resource which redefines op params - Pacemaker::Resource::Service { - op_params => 'start timeout=200s stop timeout=200s', - } - - file { '/var/lib/tripleo/pacemaker-restarts': - ensure => directory, - } ~> Tripleo::Pacemaker::Resource_restart_flag<||> } if $step >= 2 { diff --git a/manifests/profile/pacemaker/heat/api.pp b/manifests/profile/base/panko.pp index 0fc4f8a..4abed56 100644 --- a/manifests/profile/pacemaker/heat/api.pp +++ b/manifests/profile/base/panko.pp @@ -12,38 +12,36 @@ # License for the specific language governing permissions and limitations # under the License. # -# == Class: tripleo::profile::pacemaker::heat +# == Class: tripleo::profile::base::panko # -# Heat API Pacemaker HA profile for tripleo +# panko profile for tripleo # # === Parameters # -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to hiera('bootstrap_nodeid') -# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') # -class tripleo::profile::pacemaker::heat::api ( - $bootstrap_node = hiera('bootstrap_nodeid'), +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') + +class tripleo::profile::base::panko ( $step = hiera('step'), + $bootstrap_node = hiera('bootstrap_nodeid', undef), ) { + if $::hostname == downcase($bootstrap_node) { - $pacemaker_master = true + $sync_db = true } else { - $pacemaker_master = false + $sync_db = false } - include ::tripleo::profile::pacemaker::heat - include ::tripleo::profile::base::heat::api - - if $step >= 5 and $pacemaker_master { - pacemaker::resource::service { $::heat::params::api_service_name : - clone_params => 'interleave=true', - } + if $step >= 4 or ($step >= 3 and $sync_db) { + include ::panko + include ::panko::config + include ::panko::db::sync } } diff --git a/manifests/profile/base/panko/api.pp b/manifests/profile/base/panko/api.pp new file mode 100644 index 0000000..45ee0c0 --- /dev/null +++ b/manifests/profile/base/panko/api.pp @@ -0,0 +1,86 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::panko::api +# +# Panko API profile for tripleo +# +# === Parameters +# +# [*certificates_specs*] +# (Optional) The specifications to give to certmonger for the certificate(s) +# it will create. +# Example with hiera: +# apache_certificates_specs: +# httpd-internal_api: +# hostname: <overcloud controller fqdn> +# service_certificate: <service certificate path> +# service_key: <service key path> +# principal: "haproxy/<overcloud controller fqdn>" +# Defaults to hiera('apache_certificate_specs', {}). +# +# [*enable_internal_tls*] +# (Optional) Whether TLS in the internal network is enabled or not. +# Defaults to hiera('enable_internal_tls', false) +# +# [*generate_service_certificates*] +# (Optional) Whether or not certmonger will generate certificates for +# HAProxy. This could be as many as specified by the $certificates_specs +# variable. +# Note that this doesn't configure the certificates in haproxy, it merely +# creates the certificates. +# Defaults to hiera('generate_service_certificate', false). +# +# [*panko_network*] +# (Optional) The network name where the panko endpoint is listening on. +# This is set by t-h-t. +# Defaults to hiera('panko_api_network', undef) +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::panko::api ( + $certificates_specs = hiera('apache_certificates_specs', {}), + $enable_internal_tls = hiera('enable_internal_tls', false), + $generate_service_certificates = hiera('generate_service_certificates', false), + $panko_network = hiera('panko_api_network', undef), + $step = hiera('step'), +) { + include ::tripleo::profile::base::panko + + if $enable_internal_tls { + if $generate_service_certificates { + ensure_resources('tripleo::certmonger::httpd', $certificates_specs) + } + + if !$panko_network { + fail('panko_api_network is not set in the hieradata.') + } + $tls_certfile = $certificates_specs["httpd-${panko_network}"]['service_certificate'] + $tls_keyfile = $certificates_specs["httpd-${panko_network}"]['service_key'] + } else { + $tls_certfile = undef + $tls_keyfile = undef + } + + if $step >= 4 { + include ::panko::api + class { '::panko::wsgi::apache': + ssl_cert => $tls_certfile, + ssl_key => $tls_keyfile, + } + } +} diff --git a/manifests/profile/base/rabbitmq.pp b/manifests/profile/base/rabbitmq.pp index 2fd2347..15bab44 100644 --- a/manifests/profile/base/rabbitmq.pp +++ b/manifests/profile/base/rabbitmq.pp @@ -36,7 +36,7 @@ # # [*nodes*] # (Optional) Array of host(s) for RabbitMQ nodes. -# Defaults to hiera('rabbitmq_node_ips', []). +# Defaults to hiera('rabbitmq_node_names', []). # # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates @@ -48,13 +48,14 @@ class tripleo::profile::base::rabbitmq ( $environment = hiera('rabbitmq_environment'), $ipv6 = str2bool(hiera('rabbit_ipv6', false)), $kernel_variables = hiera('rabbitmq_kernel_variables'), - $nodes = hiera('rabbitmq_node_ips', []), + $nodes = hiera('rabbitmq_node_names', []), $step = hiera('step'), ) { # IPv6 environment, necessary for RabbitMQ. if $ipv6 { $rabbit_env = merge($environment, { - 'RABBITMQ_SERVER_START_ARGS' => '"-proto_dist inet6_tcp"' + 'RABBITMQ_SERVER_START_ARGS' => '"-proto_dist inet6_tcp"', + 'RABBITMQ_CTL_ERL_ARGS' => '"-proto_dist inet6_tcp"' }) } else { $rabbit_env = $environment @@ -67,7 +68,6 @@ class tripleo::profile::base::rabbitmq ( class { '::rabbitmq': config_cluster => $manage_service, cluster_nodes => $nodes, - tcp_keepalive => false, config_kernel_variables => $kernel_variables, config_variables => $config_variables, environment_variables => $rabbit_env, @@ -84,7 +84,6 @@ class tripleo::profile::base::rabbitmq ( } else { # Standard configuration class { '::rabbitmq': - tcp_keepalive => false, config_kernel_variables => $kernel_variables, config_variables => $config_variables, environment_variables => $rabbit_env, diff --git a/manifests/profile/base/sahara.pp b/manifests/profile/base/sahara.pp index cf0ee90..8db071b 100644 --- a/manifests/profile/base/sahara.pp +++ b/manifests/profile/base/sahara.pp @@ -27,13 +27,18 @@ # Defaults to hiera('step') # # [*rabbit_hosts*] -# list of the rabbbit host IPs -# Defaults to hiera('rabbitmq_node_ips') +# list of the rabbbit host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*rabbit_port*] +# IP port for rabbitmq service +# Defaults to hiera('sahara::rabbit_port', 5672) class tripleo::profile::base::sahara ( $bootstrap_node = hiera('bootstrap_nodeid', undef), $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_ips', undef), + $rabbit_hosts = hiera('rabbitmq_node_names', undef), + $rabbit_port = hiera('sahara::rabbit_port', 5672), ) { if $::hostname == downcase($bootstrap_node) { $sync_db = true @@ -42,9 +47,10 @@ class tripleo::profile::base::sahara ( } if $step >= 4 or ($step >= 3 and $sync_db){ + $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") class { '::sahara': sync_db => $sync_db, - rabbit_hosts => $rabbit_hosts, + rabbit_hosts => $rabbit_endpoints, } } } diff --git a/manifests/profile/base/swift/proxy.pp b/manifests/profile/base/swift/proxy.pp index 9d50462..974a725 100644 --- a/manifests/profile/base/swift/proxy.pp +++ b/manifests/profile/base/swift/proxy.pp @@ -31,13 +31,24 @@ # (Optional) memcache port # Defaults to 11211 # +# [*rabbit_hosts*] +# list of the rabbbit host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*rabbit_port*] +# IP port for rabbitmq service +# Defaults to hiera('swift::proxy::ceilometer::rabbit_port', 5672) +# class tripleo::profile::base::swift::proxy ( - $step = hiera('step'), + $step = hiera('step'), $memcache_servers = hiera('memcached_node_ips'), - $memcache_port = 11211, + $memcache_port = 11211, + $rabbit_hosts = hiera('rabbitmq_node_names', undef), + $rabbit_port = hiera('swift::proxy::ceilometer::rabbit_port', 5672), ) { if $step >= 4 { $swift_memcache_servers = suffix(any2array(normalize_ip_for_uri($memcache_servers)), ":${memcache_port}") + include ::swift::config include ::swift::proxy include ::swift::proxy::proxy_logging include ::swift::proxy::healthcheck @@ -52,5 +63,15 @@ class tripleo::profile::base::swift::proxy ( include ::swift::proxy::tempurl include ::swift::proxy::formpost include ::swift::proxy::bulk + $swift_rabbit_hosts = suffix(any2array($rabbit_hosts), ":${rabbit_port}") + class { '::swift::proxy::ceilometer': + rabbit_hosts => $swift_rabbit_hosts, + } + include ::swift::proxy::versioned_writes + include ::swift::proxy::slo + include ::swift::proxy::dlo + include ::swift::proxy::copy + include ::swift::proxy::container_quotas + include ::swift::proxy::account_quotas } } diff --git a/manifests/profile/base/swift/ringbuilder.pp b/manifests/profile/base/swift/ringbuilder.pp index c77d744..7e5fc74 100644 --- a/manifests/profile/base/swift/ringbuilder.pp +++ b/manifests/profile/base/swift/ringbuilder.pp @@ -54,6 +54,15 @@ # (Optional) list of ip addresses for nodes running swift_storage service # Defaults to hiera('swift_storage_node_ips') or an empty list # +# [*part_power*] +# (Optional) The total number of partitions that should exist in the ring. +# This is expressed as a power of 2. +# Defaults to undef +# +# [*min_part_hours*] +# Minimum amount of time before partitions can be moved. +# Defaults to undef +# class tripleo::profile::base::swift::ringbuilder ( $replicas, $build_ring = true, @@ -63,6 +72,8 @@ class tripleo::profile::base::swift::ringbuilder ( $raw_disk_prefix = 'r1z1-', $raw_disks = [], $swift_storage_node_ips = hiera('swift_storage_node_ips', []), + $part_power = undef, + $min_part_hours = undef, ) { if $step >= 2 { # pre-install swift here so we can build rings @@ -81,7 +92,9 @@ class tripleo::profile::base::swift::ringbuilder ( # create local rings swift::ringbuilder::create{ ['object', 'account', 'container']: + part_power => $part_power, replicas => min(count($device_array), $replicas), + min_part_hours => $min_part_hours, } -> # add all other devices diff --git a/manifests/profile/base/swift/storage.pp b/manifests/profile/base/swift/storage.pp index d1660de..568be66 100644 --- a/manifests/profile/base/swift/storage.pp +++ b/manifests/profile/base/swift/storage.pp @@ -34,6 +34,7 @@ class tripleo::profile::base::swift::storage ( ) { if $step >= 4 { if $enable_swift_storage { + include ::swift::config include ::swift::storage::disks include ::swift::storage::all if(!defined(File['/srv/node'])) { diff --git a/manifests/profile/base/zaqar.pp b/manifests/profile/base/zaqar.pp new file mode 100644 index 0000000..89a03ad --- /dev/null +++ b/manifests/profile/base/zaqar.pp @@ -0,0 +1,63 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::zaqar +# +# Zaqar profile for tripleo +# +# === Parameters +# +# [*sync_db*] +# (Optional) Whether to run db sync +# Defaults to true +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::zaqar ( + $step = hiera('step'), +) { + if $step >= 4 { + include ::zaqar + + if str2bool(hiera('mongodb::server::ipv6', false)) { + $mongo_node_ips_with_port_prefixed = prefix(hiera('mongodb_node_ips'), '[') + $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017') + } else { + $mongo_node_ips_with_port = suffix(hiera('mongodb_node_ips'), ':27017') + } + $mongodb_replset = hiera('mongodb::server::replset') + $mongo_node_string = join($mongo_node_ips_with_port, ',') + $database_connection = "mongodb://${mongo_node_string}/zaqar?replicaSet=${mongodb_replset}" + + class { '::zaqar::management::mongodb': + uri => $database_connection, + } + class {'::zaqar::messaging::mongodb': + uri => $database_connection, + } + include ::zaqar::transport::websocket + include ::zaqar::transport::wsgi + + # TODO (bcrochet): At some point, the transports should be split out to + # seperate services. + include ::zaqar::server + zaqar::server_instance{ '1': + transport => 'websocket' + } + } +} + diff --git a/manifests/profile/pacemaker/apache.pp b/manifests/profile/pacemaker/apache.pp deleted file mode 100644 index 980b3a4..0000000 --- a/manifests/profile/pacemaker/apache.pp +++ /dev/null @@ -1,57 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::apache -# -# Apache Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to hiera('bootstrap_nodeid') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::apache ( - $bootstrap_node = hiera('bootstrap_nodeid'), - $step = hiera('step'), -) { - if $::hostname == downcase($bootstrap_node) { - $pacemaker_master = true - } else { - $pacemaker_master = false - } - - if $step >= 5 and $pacemaker_master { - include ::apache::params - pacemaker::resource::service { $::apache::params::service_name: - clone_params => 'interleave=true', - verify_on_create => true, - } - pacemaker::constraint::base { 'openstack-core-then-httpd-constraint': - constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::apache::params::service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::apache::params::service_name], - Pacemaker::Resource::Ocf['openstack-core']], - } - } - -} diff --git a/manifests/profile/pacemaker/ceilometer.pp b/manifests/profile/pacemaker/ceilometer.pp deleted file mode 100644 index a31128d..0000000 --- a/manifests/profile/pacemaker/ceilometer.pp +++ /dev/null @@ -1,92 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::ceilometer -# -# Ceilometer Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to hiera('bootstrap_nodeid') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::ceilometer ( - $bootstrap_node = hiera('bootstrap_nodeid'), - $step = hiera('step'), -) { - include ::tripleo::profile::base::ceilometer - - $ceilometer_backend = downcase(hiera('ceilometer_backend', 'mongodb')) - if $step >= 5 and $::hostname == downcase($bootstrap_node) { - if $ceilometer_backend == 'mysql' { - class { '::ceilometer::db::mysql': - require => Exec['galera-ready'], - } - } - - # NOTE(emilien): the constraints won't live forever here as we're moving to - # pacemaker-lite architecture. - - # Fedora doesn't know `require-all` parameter for constraints yet - if $::operatingsystem == 'Fedora' { - $redis_ceilometer_constraint_params = undef - } else { - $redis_ceilometer_constraint_params = 'require-all=false' - } - pacemaker::constraint::base { 'redis-then-ceilometer-central-constraint': - constraint_type => 'order', - first_resource => 'redis-master', - second_resource => "${::ceilometer::params::agent_central_service_name}-clone", - first_action => 'promote', - second_action => 'start', - constraint_params => $redis_ceilometer_constraint_params, - require => [Pacemaker::Resource::Ocf['redis'], - Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name]], - } - pacemaker::constraint::base { 'keystone-then-ceilometer-central-constraint': - constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::ceilometer::params::agent_central_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name], - Pacemaker::Resource::Ocf['openstack-core']], - } - pacemaker::constraint::base { 'keystone-then-ceilometer-notification-constraint': - constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::ceilometer::params::agent_notification_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name], - Pacemaker::Resource::Ocf['openstack-core']], - } - pacemaker::constraint::base { 'ceilometer-central-then-ceilometer-collector-constraint': - constraint_type => 'order', - first_resource => "${::ceilometer::params::agent_central_service_name}-clone", - second_resource => "${::ceilometer::params::collector_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name], - Pacemaker::Resource::Service[$::ceilometer::params::collector_service_name]], - } - } - -} diff --git a/manifests/profile/pacemaker/ceilometer/agent/central.pp b/manifests/profile/pacemaker/ceilometer/agent/central.pp deleted file mode 100644 index 90266be..0000000 --- a/manifests/profile/pacemaker/ceilometer/agent/central.pp +++ /dev/null @@ -1,57 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::ceilometer::agent::central -# -# Ceilometer Central Agent Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*pacemaker_master*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to hiera('bootstrap_nodeid') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::ceilometer::agent::central ( - $pacemaker_master = hiera('bootstrap_nodeid'), - $step = hiera('step'), -) { - include ::ceilometer::params - include ::tripleo::profile::pacemaker::ceilometer - include ::tripleo::profile::base::ceilometer::agent::central - - if $step >= 5 and downcase($::hostname) == $pacemaker_master { - $ceilometer_backend = downcase(hiera('ceilometer_backend', 'mongodb')) - case downcase(hiera('ceilometer_backend')) { - /mysql/: { - pacemaker::resource::service { $::ceilometer::params::agent_central_service_name: - clone_params => 'interleave=true', - require => Pacemaker::Resource::Ocf['openstack-core'], - } - } - default: { - pacemaker::resource::service { $::ceilometer::params::agent_central_service_name: - clone_params => 'interleave=true', - require => [Pacemaker::Resource::Ocf['openstack-core'], - Pacemaker::Resource::Service[$::mongodb::params::service_name]], - } - } - } - } - -} diff --git a/manifests/profile/pacemaker/ceilometer/agent/notification.pp b/manifests/profile/pacemaker/ceilometer/agent/notification.pp deleted file mode 100644 index e419356..0000000 --- a/manifests/profile/pacemaker/ceilometer/agent/notification.pp +++ /dev/null @@ -1,44 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::ceilometer::agent::notification -# -# Ceilometer Notification Agent Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*pacemaker_master*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to hiera('bootstrap_nodeid') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::ceilometer::agent::notification ( - $pacemaker_master = hiera('bootstrap_nodeid'), - $step = hiera('step'), -) { - include ::ceilometer::params - include ::tripleo::profile::pacemaker::ceilometer - include ::tripleo::profile::base::ceilometer::agent::notification - - if $step >= 5 and downcase($::hostname) == $pacemaker_master { - pacemaker::resource::service { $::ceilometer::params::agent_notification_service_name : - clone_params => 'interleave=true', - } - } - -} diff --git a/manifests/profile/pacemaker/ceilometer/api.pp b/manifests/profile/pacemaker/ceilometer/api.pp deleted file mode 100644 index 169121b..0000000 --- a/manifests/profile/pacemaker/ceilometer/api.pp +++ /dev/null @@ -1,45 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::ceilometer::api -# -# Ceilometer API Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*pacemaker_master*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to hiera('bootstrap_nodeid') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::ceilometer::api ( - $pacemaker_master = hiera('bootstrap_nodeid'), - $step = hiera('step'), -) { - include ::ceilometer::params - include ::tripleo::profile::pacemaker::ceilometer - include ::tripleo::profile::base::ceilometer::api - include ::tripleo::profile::pacemaker::apache - - if $step >= 5 and downcase($::hostname) == $pacemaker_master { - class { '::tripleo::profile::base::ceilometer::api': - step => $step, - } - } - -} diff --git a/manifests/profile/pacemaker/ceilometer/collector.pp b/manifests/profile/pacemaker/ceilometer/collector.pp deleted file mode 100644 index d0f7217..0000000 --- a/manifests/profile/pacemaker/ceilometer/collector.pp +++ /dev/null @@ -1,48 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::ceilometer::collector -# -# Ceilometer Collector Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*pacemaker_master*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to hiera('bootstrap_nodeid') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::ceilometer::collector ( - $pacemaker_master = hiera('bootstrap_nodeid'), - $step = hiera('step'), -) { - include ::ceilometer::params - include ::tripleo::profile::pacemaker::ceilometer - include ::tripleo::profile::base::ceilometer::collector - - if $step >= 5 and downcase($::hostname) == $pacemaker_master { - $ceilometer_backend = downcase(hiera('ceilometer_backend', 'mongodb')) - if $ceilometer_backend == 'mysql' { - Exec<| title == 'galera-ready'|> -> Class['ceilometer::db::mysql'] - } - pacemaker::resource::service { $::ceilometer::params::collector_service_name : - clone_params => 'interleave=true', - } - } - -} diff --git a/manifests/profile/pacemaker/cinder/api.pp b/manifests/profile/pacemaker/cinder/api.pp deleted file mode 100644 index d18942d..0000000 --- a/manifests/profile/pacemaker/cinder/api.pp +++ /dev/null @@ -1,64 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::cinder::api -# -# Cinder API Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to hiera('bootstrap_nodeid') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::cinder::api ( - $bootstrap_node = hiera('bootstrap_nodeid'), - $step = hiera('step'), -) { - Service <| tag == 'cinder-service' |> { - hasrestart => true, - restart => '/bin/true', - start => '/bin/true', - stop => '/bin/true', - } - - if $::hostname == downcase($bootstrap_node) { - $pacemaker_master = true - } else { - $pacemaker_master = false - } - - include ::tripleo::profile::base::cinder::api - - if $step >= 5 and $pacemaker_master { - pacemaker::resource::service { $::cinder::params::api_service : - clone_params => 'interleave=true', - require => Pacemaker::Resource::Ocf['openstack-core'], - } - pacemaker::constraint::base { 'keystone-then-cinder-api-constraint': - constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::cinder::params::api_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Ocf['openstack-core'], - Pacemaker::Resource::Service[$::cinder::params::api_service]], - } - } -} diff --git a/manifests/profile/pacemaker/cinder/backup.pp b/manifests/profile/pacemaker/cinder/backup.pp index 72ec456..63988d6 100644 --- a/manifests/profile/pacemaker/cinder/backup.pp +++ b/manifests/profile/pacemaker/cinder/backup.pp @@ -54,7 +54,9 @@ class tripleo::profile::pacemaker::cinder::backup ( } if $step >= 5 and $pacemaker_master { - pacemaker::resource::service { $::cinder::params::backup_service : } + pacemaker::resource::service { $::cinder::params::backup_service : + op_params => 'start timeout=200s stop timeout=200s', + } } } diff --git a/manifests/profile/pacemaker/cinder/scheduler.pp b/manifests/profile/pacemaker/cinder/scheduler.pp deleted file mode 100644 index e25ef54..0000000 --- a/manifests/profile/pacemaker/cinder/scheduler.pp +++ /dev/null @@ -1,87 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::cinder::scheduler -# -# Cinder Scheduler Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to hiera('bootstrap_nodeid') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::cinder::scheduler ( - $bootstrap_node = hiera('bootstrap_nodeid'), - $step = hiera('step'), -) { - Service <| tag == 'cinder-service' |> { - hasrestart => true, - restart => '/bin/true', - start => '/bin/true', - stop => '/bin/true', - } - - if $::hostname == downcase($bootstrap_node) { - $pacemaker_master = true - } else { - $pacemaker_master = false - } - - include ::tripleo::profile::base::cinder::scheduler - - if $step >= 5 and $pacemaker_master { - pacemaker::resource::service { $::cinder::params::scheduler_service : - clone_params => 'interleave=true', - } - pacemaker::constraint::base { 'cinder-api-then-cinder-scheduler-constraint': - constraint_type => 'order', - first_resource => "${::cinder::params::api_service}-clone", - second_resource => "${::cinder::params::scheduler_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::cinder::params::api_service], - Pacemaker::Resource::Service[$::cinder::params::scheduler_service]], - } - pacemaker::constraint::colocation { 'cinder-scheduler-with-cinder-api-colocation': - source => "${::cinder::params::scheduler_service}-clone", - target => "${::cinder::params::api_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::cinder::params::api_service], - Pacemaker::Resource::Service[$::cinder::params::scheduler_service]], - } - pacemaker::constraint::base { 'cinder-scheduler-then-cinder-volume-constraint': - constraint_type => 'order', - first_resource => "${::cinder::params::scheduler_service}-clone", - second_resource => $::cinder::params::volume_service, - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::cinder::params::scheduler_service], - Pacemaker::Resource::Service[$::cinder::params::volume_service]], - } - pacemaker::constraint::colocation { 'cinder-volume-with-cinder-scheduler-colocation': - source => $::cinder::params::volume_service, - target => "${::cinder::params::scheduler_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::cinder::params::scheduler_service], - Pacemaker::Resource::Service[$::cinder::params::volume_service]], - } - } - -} diff --git a/manifests/profile/pacemaker/cinder/volume.pp b/manifests/profile/pacemaker/cinder/volume.pp index 82e2522..46e8b79 100644 --- a/manifests/profile/pacemaker/cinder/volume.pp +++ b/manifests/profile/pacemaker/cinder/volume.pp @@ -53,7 +53,9 @@ class tripleo::profile::pacemaker::cinder::volume ( } if $step >= 5 and $pacemaker_master { - pacemaker::resource::service { $::cinder::params::volume_service : } + pacemaker::resource::service { $::cinder::params::volume_service : + op_params => 'start timeout=200s stop timeout=200s', + } } } diff --git a/manifests/profile/pacemaker/core.pp b/manifests/profile/pacemaker/core.pp deleted file mode 100644 index 359a817..0000000 --- a/manifests/profile/pacemaker/core.pp +++ /dev/null @@ -1,58 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::core -# -# Core Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to hiera('bootstrap_nodeid') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::core ( - $bootstrap_node = hiera('bootstrap_nodeid'), - $step = hiera('step'), -) { - if $::hostname == downcase($bootstrap_node) { - $pacemaker_master = true - } else { - $pacemaker_master = false - } - - if $step >= 2 and $pacemaker_master { - pacemaker::resource::ocf { 'openstack-core': - ocf_agent_name => 'heartbeat:Dummy', - clone_params => 'interleave=true', - } - } - - if $step >= 5 and $pacemaker_master { - pacemaker::constraint::base { 'galera-then-openstack-core-constraint': - constraint_type => 'order', - first_resource => 'galera-master', - second_resource => 'openstack-core-clone', - first_action => 'promote', - second_action => 'start', - require => [Pacemaker::Resource::Ocf['galera'], - Pacemaker::Resource::Ocf['openstack-core']], - } - } -} diff --git a/manifests/profile/pacemaker/database/mongodb.pp b/manifests/profile/pacemaker/database/mongodb.pp deleted file mode 100644 index e4b5fcf..0000000 --- a/manifests/profile/pacemaker/database/mongodb.pp +++ /dev/null @@ -1,73 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::database::mongodb -# -# Mongodb Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*mongodb_replset*] -# Mongodb replicaset name -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to hiera('bootstrap_nodeid') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::database::mongodb ( - $mongodb_replset, - $bootstrap_node = hiera('bootstrap_nodeid'), - $step = hiera('step'), -) { - if $step >= 1 { - include ::mongodb::globals - include ::mongodb::client - include ::mongodb::server - } - - if $step >= 2 { - - include ::tripleo::profile::base::database::mongodbcommon - - if $::hostname == downcase($bootstrap_node) { - $pacemaker_master = true - } else { - $pacemaker_master = false - } - - if $pacemaker_master { - pacemaker::resource::service { $::mongodb::params::service_name : - op_params => 'start timeout=370s stop timeout=200s', - clone_params => true, - require => Class['::mongodb::server'], - } - # NOTE (spredzy) : The replset can only be run - # once all the nodes have joined the cluster. - tripleo::profile::pacemaker::database::mongodbvalidator { - $tripleo::profile::base::database::mongodbcommon::mongodb_node_ips : - port => $tripleo::profile::base::database::mongodbcommon::port, - require => Pacemaker::Resource::Service[$::mongodb::params::service_name], - before => Mongodb_replset[$mongodb_replset], - } - mongodb_replset { $mongodb_replset : - members => $tripleo::profile::base::database::mongodbcommon::mongo_node_ips_with_port_nobr, - } - } - } -} diff --git a/manifests/profile/pacemaker/database/mysql.pp b/manifests/profile/pacemaker/database/mysql.pp index 0169e16..edd09bd 100644 --- a/manifests/profile/pacemaker/database/mysql.pp +++ b/manifests/profile/pacemaker/database/mysql.pp @@ -45,7 +45,12 @@ class tripleo::profile::pacemaker::database::mysql ( # use only mysql_node_names when we land a patch in t-h-t that # switches to autogenerating these values from composable services - $galera_node_names_lookup = hiera('mysql_node_names', hiera('galera_node_names', $::hostname)) + # The galera node names need to match the pacemaker node names... so if we + # want to use FQDNs for this, the cluster will not finish bootstrapping, + # since all the nodes will be marked as slaves. For now, we'll stick to the + # short name which is already registered in pacemaker until we get around + # this issue. + $galera_node_names_lookup = hiera('mysql_short_node_names', hiera('mysql_node_names', $::hostname)) if is_array($galera_node_names_lookup) { $galera_nodes = downcase(join($galera_node_names_lookup, ',')) } else { @@ -84,9 +89,19 @@ class tripleo::profile::pacemaker::database::mysql ( } } + # remove_default_accounts parameter will execute some mysql commands + # to remove the default accounts created by MySQL package. + # We need MySQL running to run the commands successfully, so better to + # wait step 2 before trying to run the commands. + if $step >= 2 and $pacemaker_master { + $remove_default_accounts = true + } else { + $remove_default_accounts = false + } + class { '::tripleo::profile::base::database::mysql': manage_resources => false, - remove_default_accounts => $pacemaker_master, + remove_default_accounts => $remove_default_accounts, mysql_server_options => $mysqld_options, } @@ -131,9 +146,10 @@ class tripleo::profile::pacemaker::database::mysql ( user => 'clustercheck@localhost', } - # We create databases for services at step 2 as well. This ensures + # We create databases and users for services at step 2 as well. This ensures # Galara is up before those get created Exec['galera-ready'] -> Mysql_database<||> + Exec['galera-ready'] -> Mysql_user<||> } # This step is to create a sysconfig clustercheck file with the root user and empty password diff --git a/manifests/profile/pacemaker/database/redis.pp b/manifests/profile/pacemaker/database/redis.pp index e081516..37c36aa 100644 --- a/manifests/profile/pacemaker/database/redis.pp +++ b/manifests/profile/pacemaker/database/redis.pp @@ -31,10 +31,16 @@ # for more details. # Defaults to hiera('step') # +# [*redis_file_limit*] +# (Optional) The file limit to put in /etc/security/limits.d/redis.conf +# for when redis is managed by pacemaker. Defaults to hiera('redis_file_limit') +# or 10240 (default in redis systemd limits) +# class tripleo::profile::pacemaker::database::redis ( $bootstrap_node = hiera('bootstrap_nodeid'), $enable_load_balancer = hiera('enable_load_balancer', true), $step = hiera('step'), + $redis_file_limit = hiera('redis_file_limit', 10240), ) { if $::hostname == downcase($bootstrap_node) { $pacemaker_master = true @@ -44,6 +50,17 @@ class tripleo::profile::pacemaker::database::redis ( if $step >= 1 { include ::redis + # Until puppet-redis grows support for /etc/security/limits.conf/redis.conf + # https://github.com/arioch/puppet-redis/issues/130 + # we best explicitely set the file limit only in the pacemaker profile + # (the base profile does not need it as it is using systemd which has + # the limits set there) + file { '/etc/security/limits.d/redis.conf': + content => inline_template("redis soft nofile <%= @redis_file_limit %>\nredis hard nofile <%= @redis_file_limit %>\n"), + owner => '0', + group => '0', + mode => '0644', + } if $pacemaker_master and hiera('stack_action') == 'UPDATE' { tripleo::pacemaker::resource_restart_flag { 'redis-master': @@ -60,6 +77,7 @@ class tripleo::profile::pacemaker::database::redis ( master_params => '', meta_params => 'notify=true ordered=true interleave=true', resource_params => 'wait_last_known_master=true', + op_params => 'start timeout=200s stop timeout=200s', require => Class['::redis'], } } diff --git a/manifests/profile/pacemaker/glance.pp b/manifests/profile/pacemaker/glance.pp deleted file mode 100644 index 664b91f..0000000 --- a/manifests/profile/pacemaker/glance.pp +++ /dev/null @@ -1,129 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::glance -# -# Glance Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to hiera('bootstrap_nodeid') -# -# [*glance_backend*] -# (Optional) Glance backend(s) to use. -# Defaults to downcase(hiera('glance_backend', 'swift')) -# -# [*glance_file_pcmk_device*] -# (Optional) Device to mount glance file backend. -# Defaults to hiera('glance_file_pcmk_device', '') -# -# [*glance_file_pcmk_directory*] -# (Optional) Directory to mount glance file backend. -# Defaults to hiera('glance_file_pcmk_directory', '') -# -# [*glance_file_pcmk_fstype*] -# (Optional) Filesystem type to mount glance file backend. -# Defaults to hiera('glance_file_pcmk_fstype', '') -# -# [*glance_file_pcmk_manage*] -# (Optional) Whether or not manage glance_file_pcmk. -# Defaults to hiera('glance_file_pcmk_manage', false) -# -# [*glance_file_pcmk_options*] -# (Optional) pcmk options to mount Glance file backend.. -# Defaults to hiera('glance_file_pcmk_options', '') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::glance ( - $bootstrap_node = hiera('bootstrap_nodeid'), - $glance_backend = downcase(hiera('glance_backend', 'swift')), - $glance_file_pcmk_device = hiera('glance_file_pcmk_device', ''), - $glance_file_pcmk_directory = hiera('glance_file_pcmk_directory', ''), - $glance_file_pcmk_fstype = hiera('glance_file_pcmk_fstype', ''), - $glance_file_pcmk_manage = hiera('glance_file_pcmk_manage', false), - $glance_file_pcmk_options = hiera('glance_file_pcmk_options', ''), - $step = hiera('step'), -) { - Service <| tag == 'glance-service' |> { - hasrestart => true, - restart => '/bin/true', - start => '/bin/true', - stop => '/bin/true', - } - - if $::hostname == downcase($bootstrap_node) { - $pacemaker_master = true - } else { - $pacemaker_master = false - } - - include ::tripleo::profile::base::glance::api - include ::tripleo::profile::base::glance::registry - - if $step >= 4 { - if $glance_backend == 'file' and $glance_file_pcmk_manage { - $secontext = 'context="system_u:object_r:glance_var_lib_t:s0"' - pacemaker::resource::filesystem { 'glance-fs': - device => $glance_file_pcmk_device, - directory => $glance_file_pcmk_directory, - fstype => $glance_file_pcmk_fstype, - fsoptions => join([$secontext, $glance_file_pcmk_options],','), - clone_params => '', - } - } - } - - if $step >= 5 and $pacemaker_master { - pacemaker::resource::service { $::glance::params::registry_service_name : - clone_params => 'interleave=true', - require => Pacemaker::Resource::Ocf['openstack-core'], - } - pacemaker::resource::service { $::glance::params::api_service_name : - clone_params => 'interleave=true', - } - - pacemaker::constraint::base { 'keystone-then-glance-registry-constraint': - constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::glance::params::registry_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name], - Pacemaker::Resource::Ocf['openstack-core']], - } - pacemaker::constraint::base { 'glance-registry-then-glance-api-constraint': - constraint_type => 'order', - first_resource => "${::glance::params::registry_service_name}-clone", - second_resource => "${::glance::params::api_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name], - Pacemaker::Resource::Service[$::glance::params::api_service_name]], - } - pacemaker::constraint::colocation { 'glance-api-with-glance-registry-colocation': - source => "${::glance::params::api_service_name}-clone", - target => "${::glance::params::registry_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name], - Pacemaker::Resource::Service[$::glance::params::api_service_name]], - } - } - -} diff --git a/manifests/profile/pacemaker/gnocchi.pp b/manifests/profile/pacemaker/gnocchi.pp deleted file mode 100644 index 5bfc174..0000000 --- a/manifests/profile/pacemaker/gnocchi.pp +++ /dev/null @@ -1,97 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::gnocchi -# -# Gnocchi Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to hiera('bootstrap_nodeid') -# -# [*gnocchi_indexer_backend*] -# (Optional) Gnocchi indexer backend -# Defaults to mysql -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::gnocchi ( - $bootstrap_node = hiera('bootstrap_nodeid'), - $gnocchi_indexer_backend = downcase(hiera('gnocchi_indexer_backend', 'mysql')), - $step = hiera('step'), -) { - Service <| tag == 'gnocchi-service' |> { - hasrestart => true, - restart => '/bin/true', - start => '/bin/true', - stop => '/bin/true', - } - - if $::hostname == downcase($bootstrap_node) { - $pacemaker_master = true - } else { - $pacemaker_master = false - } - - if $step >= 2 and $pacemaker_master { - if $gnocchi_indexer_backend == 'mysql' { - class { '::gnocchi::db::mysql': - require => Exec['galera-ready'], - } - } - } - - if $step >= 3 { - include ::gnocchi - include ::gnocchi::config - include ::gnocchi::client - if $pacemaker_master { - include ::gnocchi::db::sync - } - } - - if $step >= 5 and $pacemaker_master { - - pacemaker::constraint::base { 'keystone-then-gnocchi-metricd-constraint': - constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::gnocchi::params::metricd_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::gnocchi::params::metricd_service_name], - Pacemaker::Resource::Ocf['openstack-core']], - } - pacemaker::constraint::base { 'gnocchi-metricd-then-gnocchi-statsd-constraint': - constraint_type => 'order', - first_resource => "${::gnocchi::params::metricd_service_name}-clone", - second_resource => "${::gnocchi::params::statsd_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::gnocchi::params::metricd_service_name], - Pacemaker::Resource::Service[$::gnocchi::params::statsd_service_name]], - } - pacemaker::constraint::colocation { 'gnocchi-statsd-with-metricd-colocation': - source => "${::gnocchi::params::statsd_service_name}-clone", - target => "${::gnocchi::params::metricd_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::gnocchi::params::metricd_service_name], - Pacemaker::Resource::Service[$::gnocchi::params::statsd_service_name]], - } - } -} diff --git a/manifests/profile/pacemaker/gnocchi/metricd.pp b/manifests/profile/pacemaker/gnocchi/metricd.pp deleted file mode 100644 index c9dc2d9..0000000 --- a/manifests/profile/pacemaker/gnocchi/metricd.pp +++ /dev/null @@ -1,45 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::gnocchi::metricd -# -# Gnocchi metricd profile -# -# === Parameters -# -# [*pacemaker_master*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to hiera('bootstrap_nodeid') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::gnocchi::metricd ( - $pacemaker_master = hiera('bootstrap_nodeid'), - $step = hiera('step'), -) { - include ::gnocchi::params - include ::tripleo::profile::pacemaker::gnocchi - - if $step >= 4 and downcase($::hostname) == $pacemaker_master { - - include ::gnocchi::metricd - - pacemaker::resource::service { $::gnocchi::params::metricd_service_name : - clone_params => 'interleave=true', - } - } -} diff --git a/manifests/profile/pacemaker/gnocchi/statsd.pp b/manifests/profile/pacemaker/gnocchi/statsd.pp deleted file mode 100644 index 42d30b9..0000000 --- a/manifests/profile/pacemaker/gnocchi/statsd.pp +++ /dev/null @@ -1,45 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::gnocchi::statsd -# -# Gnocchi statsd profile -# -# === Parameters -# -# [*pacemaker_master*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to hiera('bootstrap_nodeid') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::gnocchi::statsd ( - $pacemaker_master = hiera('bootstrap_nodeid'), - $step = hiera('step'), -) { - include ::gnocchi::params - include ::tripleo::profile::pacemaker::gnocchi - - if $step >= 4 and downcase($::hostname) == $pacemaker_master { - - include ::gnocchi::statsd - - pacemaker::resource::service { $::gnocchi::params::statsd_service_name : - clone_params => 'interleave=true', - } - } -} diff --git a/manifests/profile/pacemaker/haproxy.pp b/manifests/profile/pacemaker/haproxy.pp index b2e127b..605bb15 100644 --- a/manifests/profile/pacemaker/haproxy.pp +++ b/manifests/profile/pacemaker/haproxy.pp @@ -44,7 +44,7 @@ class tripleo::profile::pacemaker::haproxy ( $pacemaker_master = false } - if $step >= 1 and $pacemaker_master and hiera('stack_action') == 'UPDATE' { + if $step >= 1 and $pacemaker_master and hiera('stack_action') == 'UPDATE' and $enable_load_balancer { tripleo::pacemaker::resource_restart_flag { 'haproxy-clone': subscribe => Concat['/etc/haproxy/haproxy.cfg'], } @@ -56,6 +56,7 @@ class tripleo::profile::pacemaker::haproxy ( # of pacemaker VIPs could move into puppet-tripleo or we should # make use of less specific hiera parameters here for the settings. pacemaker::resource::service { 'haproxy': + op_params => 'start timeout=200s stop timeout=200s', clone_params => true, } diff --git a/manifests/profile/pacemaker/heat.pp b/manifests/profile/pacemaker/heat.pp deleted file mode 100644 index e3c1598..0000000 --- a/manifests/profile/pacemaker/heat.pp +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::heat -# -# Heat Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::heat ( - $step = hiera('step'), -) { - Service <| tag == 'heat-service' |> { - hasrestart => true, - restart => '/bin/true', - start => '/bin/true', - stop => '/bin/true', - } - - include ::tripleo::profile::base::heat - -} diff --git a/manifests/profile/pacemaker/heat/api_cfn.pp b/manifests/profile/pacemaker/heat/api_cfn.pp deleted file mode 100644 index 1230c6b..0000000 --- a/manifests/profile/pacemaker/heat/api_cfn.pp +++ /dev/null @@ -1,49 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::heat -# -# Heat Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to hiera('bootstrap_nodeid') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::heat::api_cfn ( - $bootstrap_node = hiera('bootstrap_nodeid'), - $step = hiera('step'), -) { - if $::hostname == downcase($bootstrap_node) { - $pacemaker_master = true - } else { - $pacemaker_master = false - } - - include ::tripleo::profile::pacemaker::heat - include ::tripleo::profile::base::heat::api_cfn - - if $step >= 5 and $pacemaker_master { - pacemaker::resource::service { $::heat::params::api_cfn_service_name : - clone_params => 'interleave=true', - } - } - -} diff --git a/manifests/profile/pacemaker/heat/api_cloudwatch.pp b/manifests/profile/pacemaker/heat/api_cloudwatch.pp deleted file mode 100644 index 6110a0c..0000000 --- a/manifests/profile/pacemaker/heat/api_cloudwatch.pp +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::heat -# -# Heat Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to hiera('bootstrap_nodeid') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::heat::api_cloudwatch ( - $bootstrap_node = hiera('bootstrap_nodeid'), - $step = hiera('step'), -) { - if $::hostname == downcase($bootstrap_node) { - $pacemaker_master = true - } else { - $pacemaker_master = false - } - - include ::tripleo::profile::pacemaker::heat - include ::tripleo::profile::base::heat::api_cloudwatch - - if $step >= 5 and $pacemaker_master { - # Heat - pacemaker::resource::service { $::heat::params::api_cloudwatch_service_name : - clone_params => 'interleave=true', - } - } - -} diff --git a/manifests/profile/pacemaker/heat/engine.pp b/manifests/profile/pacemaker/heat/engine.pp deleted file mode 100644 index 88744ad..0000000 --- a/manifests/profile/pacemaker/heat/engine.pp +++ /dev/null @@ -1,49 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::heat -# -# Heat Engine Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to hiera('bootstrap_nodeid') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::heat::engine ( - $bootstrap_node = hiera('bootstrap_nodeid'), - $step = hiera('step'), -) { - if $::hostname == downcase($bootstrap_node) { - $pacemaker_master = true - } else { - $pacemaker_master = false - } - - include ::tripleo::profile::pacemaker::heat - include ::tripleo::profile::base::heat::engine - - if $step >= 5 and $pacemaker_master { - pacemaker::resource::service { $::heat::params::engine_service_name : - clone_params => 'interleave=true', - } - } - -} diff --git a/manifests/profile/pacemaker/keystone.pp b/manifests/profile/pacemaker/keystone.pp deleted file mode 100644 index db14aea..0000000 --- a/manifests/profile/pacemaker/keystone.pp +++ /dev/null @@ -1,81 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::keystone -# -# Keystone Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to hiera('bootstrap_nodeid') -# -# [*enable_load_balancer*] -# (Optional) Whether load balancing is enabled for this cluster -# Defaults to hiera('enable_load_balancer', true) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::keystone ( - $bootstrap_node = hiera('bootstrap_nodeid'), - $enable_load_balancer = hiera('enable_load_balancer', true), - $step = hiera('step'), -) { - Service <| tag == 'keystone-service' |> { - hasrestart => true, - restart => '/bin/true', - start => '/bin/true', - stop => '/bin/true', - } - - if $::hostname == downcase($bootstrap_node) { - $pacemaker_master = true - } else { - $pacemaker_master = false - } - - include ::tripleo::profile::base::keystone - include ::tripleo::profile::pacemaker::apache - - if $step >= 5 and $pacemaker_master and $enable_load_balancer { - pacemaker::constraint::base { 'haproxy-then-keystone-constraint': - constraint_type => 'order', - first_resource => 'haproxy-clone', - second_resource => 'openstack-core-clone', - first_action => 'start', - second_action => 'start', - before => Pacemaker::Resource::Service[$::apache::params::service_name], - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ocf['openstack-core']], - } - } - - if $step >= 5 and $pacemaker_master { - pacemaker::constraint::base { 'rabbitmq-then-keystone-constraint': - constraint_type => 'order', - first_resource => 'rabbitmq-clone', - second_resource => 'openstack-core-clone', - first_action => 'start', - second_action => 'start', - before => Pacemaker::Resource::Service[$::apache::params::service_name], - require => [Pacemaker::Resource::Ocf['rabbitmq'], - Pacemaker::Resource::Ocf['openstack-core']], - } - } - -} diff --git a/manifests/profile/pacemaker/manila.pp b/manifests/profile/pacemaker/manila.pp index a1ff5ca..8d6c2a7 100644 --- a/manifests/profile/pacemaker/manila.pp +++ b/manifests/profile/pacemaker/manila.pp @@ -18,6 +18,18 @@ # # === Parameters # +# [*backend_generic_enabled*] +# (Optional) Whether or not the generic backend is enabled +# Defaults to hiera('manila_backend_generic_enabled', false) +# +# [*backend_netapp_enabled*] +# (Optional) Whether or not the netapp backend is enabled +# Defaults to hiera('manila_backend_netapp_enabled', false) +# +# [*backend_cephfs_enabled*] +# (Optional) Whether or not the cephfs backend is enabled +# Defaults to hiera('manila_backend_cephfs_enabled', false) +# # [*bootstrap_node*] # (Optional) The hostname of the node responsible for bootstrapping tasks # Defaults to hiera('bootstrap_nodeid') @@ -28,8 +40,11 @@ # Defaults to hiera('step') # class tripleo::profile::pacemaker::manila ( - $bootstrap_node = hiera('bootstrap_nodeid'), - $step = hiera('step'), + $backend_generic_enabled = hiera('manila_backend_generic_enabled', false), + $backend_netapp_enabled = hiera('manila_backend_netapp_enabled', false), + $backend_cephfs_enabled = hiera('manila_backend_cephfs_enabled', false), + $bootstrap_node = hiera('bootstrap_nodeid'), + $step = hiera('step'), ) { if $::hostname == downcase($bootstrap_node) { $pacemaker_master = true @@ -52,8 +67,7 @@ class tripleo::profile::pacemaker::manila ( if $step >= 4 { # manila generic: - $manila_generic_enable = hiera('manila_generic_enable_backend', false) - if $manila_generic_enable { + if $backend_generic_enabled { $manila_generic_backend = hiera('manila::backend::generic::title') manila::backend::generic { $manila_generic_backend : driver_handles_share_servers => hiera('manila::backend::generic::driver_handles_share_servers', true), @@ -81,8 +95,7 @@ class tripleo::profile::pacemaker::manila ( } # manila cephfsnative: - $manila_cephfsnative_enable = hiera('manila::backend::cephfsnative::enable_backend', false) - if $manila_cephfsnative_enable { + if $backend_cephfs_enabled { $manila_cephfsnative_backend = hiera('manila::backend::cephfsnative::title') manila::backend::cephfsnative { $manila_cephfsnative_backend : driver_handles_share_servers => hiera('manila::backend::cephfsnative::driver_handles_share_servers', false), @@ -95,8 +108,7 @@ class tripleo::profile::pacemaker::manila ( } # manila netapp: - $manila_netapp_enable = hiera('manila_netapp_enable_backend', false) - if $manila_netapp_enable { + if $backend_netapp_enabled { $manila_netapp_backend = hiera('manila::backend::netapp::title') manila::backend::netapp { $manila_netapp_backend : driver_handles_share_servers => hiera('manila::backend::netapp::driver_handles_share_servers', true), @@ -139,7 +151,9 @@ class tripleo::profile::pacemaker::manila ( if $step >= 5 and $pacemaker_master { # only manila-share is pacemaker managed, and in a/p - pacemaker::resource::service { $::manila::params::share_service : } + pacemaker::resource::service { $::manila::params::share_service : + op_params => 'start timeout=200s stop timeout=200s', + } } } diff --git a/manifests/profile/pacemaker/memcached.pp b/manifests/profile/pacemaker/memcached.pp deleted file mode 100644 index 2a6bd4d..0000000 --- a/manifests/profile/pacemaker/memcached.pp +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::memcached -# -# Memcached Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to hiera('bootstrap_nodeid') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::memcached ( - $bootstrap_node = hiera('bootstrap_nodeid'), - $step = hiera('step'), -) { - if $::hostname == downcase($bootstrap_node) { - $pacemaker_master = true - } else { - $pacemaker_master = false - } - - include ::tripleo::profile::base::memcached - - if $step >= 2 and $pacemaker_master { - pacemaker::resource::service { $::memcached::params::service_name : - clone_params => 'interleave=true', - require => Class['::memcached'], - } - } - - if $step >= 5 and $pacemaker_master { - pacemaker::constraint::base { 'memcached-then-openstack-core-constraint': - constraint_type => 'order', - first_resource => 'memcached-clone', - second_resource => 'openstack-core-clone', - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service['memcached'], - Pacemaker::Resource::Ocf['openstack-core']], - } - } -} diff --git a/manifests/profile/pacemaker/neutron.pp b/manifests/profile/pacemaker/neutron.pp deleted file mode 100644 index 6525126..0000000 --- a/manifests/profile/pacemaker/neutron.pp +++ /dev/null @@ -1,211 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::neutron -# -# Neutron server profile for tripleo -# -# === Parameters -# -# [*enable_dhcp*] -# (Optional) Whether to include the Neutron DHCP agent pacemaker profile -# Defaults to hiera('neutron::enable_dhcp_agent', false) -# -# [*enable_l3*] -# (Optional) Whether to include the Neutron L3 agent pacemaker profile -# Defaults to hiera('neutron::enable_l3_agent', false) -# -# [*enable_metadata*] -# (Optional) Whether to include the Neutron Metadata agent pacemaker profile -# Defaults to hiera('neutron::enable_metadata_agent', false) -# -# [*enable_ovs*] -# (Optional) Whether to include the Neutron OVS agent pacemaker profile -# Defaults to hiera('neutron::enable_ovs_agent', false) -# -# [*pacemaker_master*] -# (Optional) The hostname of the pacemaker master -# Defaults to hiera('bootstrap_nodeid', undef) -# -# [*step*] -# (Optional) The step in the deployment -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::neutron ( - # We can drop the hiera defaults once the neutron roles are decomposed - $enable_dhcp = hiera('neutron::enable_dhcp_agent', false), - $enable_l3 = hiera('neutron::enable_l3_agent', false), - $enable_metadata = hiera('neutron::enable_metadata_agent', false), - $enable_ovs = hiera('neutron::enable_ovs_agent', false), - #Don't drop below this line - $pacemaker_master = hiera('bootstrap_nodeid', undef), - $step = hiera('step'), -) { - Service <| - tag == 'neutron-service' - |> { - hasrestart => true, - restart => '/bin/true', - start => '/bin/true', - stop => '/bin/true', - } - - include ::tripleo::profile::base::neutron - - if $step >= 4 { - include ::neutron::params - - # To be removed when puppet-oslo comes into service - neutron_config { - 'DEFAULT/notification_driver': value => 'messaging'; - } - } - - if $step >= 5 and $pacemaker_master == downcase($::hostname) { - if $step == 5 { - # Neutron - # NOTE(gfidente): Neutron will try to populate the database with some data - # as soon as neutron-server is started; to avoid races we want to make this - # happen only on one node, before normal Pacemaker initialization - # https://bugzilla.redhat.com/show_bug.cgi?id=1233061 - # NOTE(emilien): we need to run this Exec only at Step 4 otherwise this exec - # will try to start the service while it's already started by Pacemaker - # It would result to a deployment failure since systemd would return 1 to Puppet - # and the overcloud would fail to deploy (6 would be returned). - # This conditional prevents from a race condition during the deployment. - # https://bugzilla.redhat.com/show_bug.cgi?id=1290582 - exec { 'neutron-server-systemd-start-sleep' : - command => 'systemctl start neutron-server && /usr/bin/sleep 5', - path => '/usr/bin', - unless => '/sbin/pcs resource show neutron-server', - } -> - pacemaker::resource::service { $::neutron::params::server_service: - clone_params => 'interleave=true', - require => Pacemaker::Resource::Ocf['openstack-core'] - } - } else { - pacemaker::resource::service { $::neutron::params::server_service: - clone_params => 'interleave=true', - require => Pacemaker::Resource::Ocf['openstack-core'] - } - } - - pacemaker::constraint::base { 'keystone-to-neutron-server-constraint': - constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::neutron::params::server_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Ocf['openstack-core'], - Pacemaker::Resource::Service[$::neutron::params::server_service]], - } - - if $enable_ovs { - pacemaker::constraint::base { 'neutron-openvswitch-agent-to-dhcp-agent-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::ovs_agent_service}-clone", - second_resource => "${::neutron::params::dhcp_agent_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service], - Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]], - } - } - - if $enable_dhcp and $enable_ovs { - pacemaker::constraint::base { 'neutron-server-to-openvswitch-agent-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::server_service}-clone", - second_resource => "${::neutron::params::ovs_agent_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::neutron::params::server_service], - Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], - } - - pacemaker::constraint::colocation { 'neutron-openvswitch-agent-to-dhcp-agent-colocation': - source => "${::neutron::params::dhcp_agent_service}-clone", - target => "${::neutron::params::ovs_agent_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service], - Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]], - } - } - - if $enable_dhcp and $enable_l3 { - pacemaker::constraint::base { 'neutron-dhcp-agent-to-l3-agent-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::dhcp_agent_service}-clone", - second_resource => "${::neutron::params::l3_agent_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service], - Pacemaker::Resource::Service[$::neutron::params::l3_agent_service]] - } - - pacemaker::constraint::colocation { 'neutron-dhcp-agent-to-l3-agent-colocation': - source => "${::neutron::params::l3_agent_service}-clone", - target => "${::neutron::params::dhcp_agent_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service], - Pacemaker::Resource::Service[$::neutron::params::l3_agent_service]] - } - } - - if $enable_l3 and $enable_metadata { - pacemaker::constraint::base { 'neutron-l3-agent-to-metadata-agent-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::l3_agent_service}-clone", - second_resource => "${::neutron::params::metadata_agent_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::neutron::params::l3_agent_service], - Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service]] - } - pacemaker::constraint::colocation { 'neutron-l3-agent-to-metadata-agent-colocation': - source => "${::neutron::params::metadata_agent_service}-clone", - target => "${::neutron::params::l3_agent_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::neutron::params::l3_agent_service], - Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service]] - } - } - - #VSM - if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { - pacemaker::resource::ocf { 'vsm-p' : - ocf_agent_name => 'heartbeat:VirtualDomain', - resource_params => 'force_stop=true config=/var/spool/cisco/vsm/vsm_primary_deploy.xml', - require => Class['n1k_vsm'], - meta_params => 'resource-stickiness=INFINITY', - } - if str2bool(hiera('n1k_vsm::pacemaker_control', true)) { - pacemaker::resource::ocf { 'vsm-s' : - ocf_agent_name => 'heartbeat:VirtualDomain', - resource_params => 'force_stop=true config=/var/spool/cisco/vsm/vsm_secondary_deploy.xml', - require => Class['n1k_vsm'], - meta_params => 'resource-stickiness=INFINITY', - } - pacemaker::constraint::colocation { 'vsm-colocation-contraint': - source => 'vsm-p', - target => 'vsm-s', - score => '-INFINITY', - require => [Pacemaker::Resource::Ocf['vsm-p'], - Pacemaker::Resource::Ocf['vsm-s']], - } - } - } - - } -} diff --git a/manifests/profile/pacemaker/neutron/dhcp.pp b/manifests/profile/pacemaker/neutron/dhcp.pp deleted file mode 100644 index e76012f..0000000 --- a/manifests/profile/pacemaker/neutron/dhcp.pp +++ /dev/null @@ -1,43 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::neutron::dhcp -# -# Neutron DHCP Agent server profile for tripleo -# -# === Parameters -# -# [*pacemaker_master*] -# (Optional) The hostname of the pacemaker master -# Defaults to hiera('bootstrap_nodeid', undef) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::neutron::dhcp ( - $pacemaker_master = hiera('bootstrap_nodeid', undef), - $step = hiera('step'), -) { - include ::neutron::params - include ::tripleo::profile::pacemaker::neutron - include ::tripleo::profile::base::neutron::dhcp - - if $step >= 5 and downcase($::hostname) == $pacemaker_master { - pacemaker::resource::service { $::neutron::params::dhcp_agent_service: - clone_params => 'interleave=true', - } - } -} diff --git a/manifests/profile/pacemaker/neutron/l3.pp b/manifests/profile/pacemaker/neutron/l3.pp deleted file mode 100644 index c3ae3b8..0000000 --- a/manifests/profile/pacemaker/neutron/l3.pp +++ /dev/null @@ -1,43 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::neutron::l3 -# -# Neutron L3 Agent server profile for tripleo -# -# === Parameters -# -# [*pacemaker_master*] -# (Optional) The hostname of the pacemaker master -# Defaults to hiera('bootstrap_nodeid', undef) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::neutron::l3 ( - $pacemaker_master = hiera('bootstrap_nodeid', undef), - $step = hiera('step'), -) { - include ::neutron::params - include ::tripleo::profile::pacemaker::neutron - include ::tripleo::profile::base::neutron::l3 - - if $step >= 5 and downcase($::hostname) == $pacemaker_master { - pacemaker::resource::service { $::neutron::params::l3_agent_service: - clone_params => 'interleave=true', - } - } -} diff --git a/manifests/profile/pacemaker/neutron/metadata.pp b/manifests/profile/pacemaker/neutron/metadata.pp deleted file mode 100644 index f09edba..0000000 --- a/manifests/profile/pacemaker/neutron/metadata.pp +++ /dev/null @@ -1,43 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::neutron::metadata -# -# Neutron Metadata Agent server profile for tripleo -# -# === Parameters -# -# [*pacemaker_master*] -# (Optional) The hostname of the pacemaker master -# Defaults to hiera('bootstrap_nodeid', undef) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::neutron::metadata ( - $pacemaker_master = hiera('bootstrap_nodeid', undef), - $step = hiera('step'), -) { - include ::neutron::params - include ::tripleo::profile::pacemaker::neutron - include ::tripleo::profile::base::neutron::metadata - - if $step >= 5 and downcase($::hostname) == $pacemaker_master { - pacemaker::resource::service { $::neutron::params::metadata_agent_service: - clone_params => 'interleave=true', - } - } -} diff --git a/manifests/profile/pacemaker/neutron/midonet.pp b/manifests/profile/pacemaker/neutron/midonet.pp deleted file mode 100644 index 453641a..0000000 --- a/manifests/profile/pacemaker/neutron/midonet.pp +++ /dev/null @@ -1,80 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::neutron::midonet -# -# Neutron Midonet driver Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*pacemaker_master*] -# (Optional) The hostname of the pacemaker master -# Defaults to hiera('bootstrap_nodeid', undef) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::neutron::midonet ( - $pacemaker_master = hiera('bootstrap_nodeid', undef), - $step = hiera('step'), -) { - include ::neutron::params - include ::tripleo::profile::pacemaker::neutron - include ::tripleo::profile::base::neutron::midonet - - if $step >= 5 and downcase($::hostname) == $pacemaker_master { - - pacemaker::resource::service {'tomcat': - clone_params => 'interleave=true', - } - - #midonet-chain chain keystone-->neutron-server-->dhcp-->metadata->tomcat - pacemaker::constraint::base { 'neutron-server-to-dhcp-agent-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::server_service}-clone", - second_resource => "${::neutron::params::dhcp_agent_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::neutron::params::server_service], - Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]], - } - pacemaker::constraint::base { 'neutron-dhcp-agent-to-metadata-agent-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::dhcp_agent_service}-clone", - second_resource => "${::neutron::params::metadata_agent_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service], - Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service]], - } - pacemaker::constraint::base { 'neutron-metadata-agent-to-tomcat-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::metadata_agent_service}-clone", - second_resource => 'tomcat-clone', - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service], - Pacemaker::Resource::Service['tomcat']], - } - pacemaker::constraint::colocation { 'neutron-dhcp-agent-to-metadata-agent-colocation': - source => "${::neutron::params::metadata_agent_service}-clone", - target => "${::neutron::params::dhcp_agent_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service], - Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service]], - } - } -} diff --git a/manifests/profile/pacemaker/neutron/ovs.pp b/manifests/profile/pacemaker/neutron/ovs.pp deleted file mode 100644 index 7e3b15c..0000000 --- a/manifests/profile/pacemaker/neutron/ovs.pp +++ /dev/null @@ -1,87 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::neutron::ovs -# -# Neutron OVS Agent Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*pacemaker_master*] -# (Optional) The hostname of the pacemaker master -# Defaults to hiera('bootstrap_nodeid', undef) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::neutron::ovs ( - $pacemaker_master = hiera('bootstrap_nodeid', undef), - $step = hiera('step'), -) { - include ::neutron::params - include ::tripleo::profile::pacemaker::neutron - include ::tripleo::profile::base::neutron::ovs - - if $step >= 5 and downcase($::hostname) == $pacemaker_master { - - pacemaker::resource::service { $::neutron::params::ovs_agent_service: - clone_params => 'interleave=true', - } - - pacemaker::resource::ocf { $::neutron::params::ovs_cleanup_service: - ocf_agent_name => 'neutron:OVSCleanup', - clone_params => 'interleave=true', - } - pacemaker::resource::ocf { 'neutron-netns-cleanup': - ocf_agent_name => 'neutron:NetnsCleanup', - clone_params => 'interleave=true', - } - - # neutron - one chain ovs-cleanup-->netns-cleanup-->ovs-agent - pacemaker::constraint::base { 'neutron-ovs-cleanup-to-netns-cleanup-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::ovs_cleanup_service}-clone", - second_resource => 'neutron-netns-cleanup-clone', - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Ocf[$::neutron::params::ovs_cleanup_service], - Pacemaker::Resource::Ocf['neutron-netns-cleanup']], - } - pacemaker::constraint::colocation { 'neutron-ovs-cleanup-to-netns-cleanup-colocation': - source => 'neutron-netns-cleanup-clone', - target => "${::neutron::params::ovs_cleanup_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Ocf[$::neutron::params::ovs_cleanup_service], - Pacemaker::Resource::Ocf['neutron-netns-cleanup']], - } - pacemaker::constraint::base { 'neutron-netns-cleanup-to-openvswitch-agent-constraint': - constraint_type => 'order', - first_resource => 'neutron-netns-cleanup-clone', - second_resource => "${::neutron::params::ovs_agent_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Ocf['neutron-netns-cleanup'], - Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], - } - pacemaker::constraint::colocation { 'neutron-netns-cleanup-to-openvswitch-agent-colocation': - source => "${::neutron::params::ovs_agent_service}-clone", - target => 'neutron-netns-cleanup-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Ocf['neutron-netns-cleanup'], - Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], - } - } -} diff --git a/manifests/profile/pacemaker/neutron/plugins/ml2.pp b/manifests/profile/pacemaker/neutron/plugins/ml2.pp deleted file mode 100644 index aff682a..0000000 --- a/manifests/profile/pacemaker/neutron/plugins/ml2.pp +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::neutron::plugins::ml2 -# -# Neutron ML2 driver Pacemaker HA profile for tripleo -# -# === Parameters -# -class tripleo::profile::pacemaker::neutron::plugins::ml2 -{ - include ::neutron::params - include ::tripleo::profile::pacemaker::neutron - include ::tripleo::profile::base::neutron::plugins::ml2 -} diff --git a/manifests/profile/pacemaker/neutron/plugins/nuage.pp b/manifests/profile/pacemaker/neutron/plugins/nuage.pp deleted file mode 100644 index 03cdb7e..0000000 --- a/manifests/profile/pacemaker/neutron/plugins/nuage.pp +++ /dev/null @@ -1,24 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::neutron::plugins::nuage -# -# Nuage Neutron profile for tripleo pacemaker -# -# === Parameters -# -class tripleo::profile::pacemaker::neutron::plugins::nuage -{ - include ::tripleo::profile::base::neutron::plugins::nuage -} diff --git a/manifests/profile/pacemaker/neutron/plugins/opencontrail.pp b/manifests/profile/pacemaker/neutron/plugins/opencontrail.pp deleted file mode 100644 index 438245a..0000000 --- a/manifests/profile/pacemaker/neutron/plugins/opencontrail.pp +++ /dev/null @@ -1,24 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::neutron::plugins::opencontrail -# -# Opencontrail Neutron profile for tripleo pacemaker -# -# === Parameters -# -class tripleo::profile::pacemaker::neutron::plugins::opencontrail -{ - include ::tripleo::profile::base::neutron::plugins::opencontrail -} diff --git a/manifests/profile/pacemaker/neutron/plugins/plumgrid.pp b/manifests/profile/pacemaker/neutron/plugins/plumgrid.pp deleted file mode 100644 index 38b2179..0000000 --- a/manifests/profile/pacemaker/neutron/plugins/plumgrid.pp +++ /dev/null @@ -1,24 +0,0 @@ -# Copyright 2016 PLUMgrid, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::neutron::plugins::plumgrid -# -# PLUMgrid Neutron profile for tripleo pacemaker -# -# === Parameters -# -class tripleo::profile::pacemaker::neutron::plugins::plumgrid -{ - include ::tripleo::profile::base::neutron::plugins::plumgrid -} diff --git a/manifests/profile/pacemaker/neutron/server.pp b/manifests/profile/pacemaker/neutron/server.pp deleted file mode 100644 index d817ee7..0000000 --- a/manifests/profile/pacemaker/neutron/server.pp +++ /dev/null @@ -1,47 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::neutron::server -# -# Neutron Server Pacemaker profile for tripleo -# -# === Parameters -# -# [*pacemaker_master*] -# (Optional) The hostname of the pacemaker master -# Defaults to hiera('bootstrap_nodeid', undef) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::neutron::server ( - $pacemaker_master = hiera('bootstrap_nodeid', undef), - $step = hiera('step'), -) { - include ::neutron::params - include ::tripleo::profile::pacemaker::neutron - - $sync_db = ($::hostname == downcase($pacemaker_master)) - if $step >= 3 and $sync_db { - include ::neutron::db::mysql - } - - if $step >= 4 or ( $step >= 3 and $sync_db ) { - include ::neutron::server::notifications - include ::neutron::server - } - -} diff --git a/manifests/profile/pacemaker/nova.pp b/manifests/profile/pacemaker/nova.pp deleted file mode 100644 index 222035e..0000000 --- a/manifests/profile/pacemaker/nova.pp +++ /dev/null @@ -1,37 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::nova -# -# Nova base with Pacemaker profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The step in the deployment -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::nova ( - $step = hiera('step'), -) { - Service <| - tag == 'nova-service' - |> { - hasrestart => true, - restart => '/bin/true', - start => '/bin/true', - stop => '/bin/true', - } - -} diff --git a/manifests/profile/pacemaker/nova/api.pp b/manifests/profile/pacemaker/nova/api.pp deleted file mode 100644 index 188beda..0000000 --- a/manifests/profile/pacemaker/nova/api.pp +++ /dev/null @@ -1,87 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::nova::api -# -# Nova API with Pacemaker profile for tripleo -# -# === Parameters -# -# [*pacemaker_master*] -# (Optional) The hostname of the pacemaker master -# Defaults to downcase(hiera('bootstrap_nodeid')) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::nova::api ( - $pacemaker_master = downcase(hiera('bootstrap_nodeid')), - $step = hiera('step'), -) { - - include ::nova::params - include ::tripleo::profile::pacemaker::nova - - Service<| title == 'nova-api' |> { - hasrestart => true, - restart => '/bin/true', - start => '/bin/true', - stop => '/bin/true', - } - - include ::tripleo::profile::base::nova::api - - if $step >= 5 and downcase($::hostname) == $pacemaker_master { - pacemaker::resource::service { $::nova::params::api_service_name: - clone_params => 'interleave=true', - } - - pacemaker::constraint::base { 'nova-vncproxy-then-nova-api-constraint': - constraint_type => 'order', - first_resource => "${::nova::params::vncproxy_service_name}-clone", - second_resource => "${::nova::params::api_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name], - Pacemaker::Resource::Service[$::nova::params::api_service_name]], - } - pacemaker::constraint::colocation { 'nova-api-with-nova-vncproxy-colocation': - source => "${::nova::params::api_service_name}-clone", - target => "${::nova::params::vncproxy_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name], - Pacemaker::Resource::Service[$::nova::params::api_service_name]], - } - pacemaker::constraint::base { 'nova-api-then-nova-scheduler-constraint': - constraint_type => 'order', - first_resource => "${::nova::params::api_service_name}-clone", - second_resource => "${::nova::params::scheduler_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::nova::params::api_service_name], - Pacemaker::Resource::Service[$::nova::params::scheduler_service_name]], - } - pacemaker::constraint::colocation { 'nova-scheduler-with-nova-api-colocation': - source => "${::nova::params::scheduler_service_name}-clone", - target => "${::nova::params::api_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::nova::params::api_service_name], - Pacemaker::Resource::Service[$::nova::params::scheduler_service_name]], - } - - } - -} diff --git a/manifests/profile/pacemaker/nova/conductor.pp b/manifests/profile/pacemaker/nova/conductor.pp deleted file mode 100644 index f2605cb..0000000 --- a/manifests/profile/pacemaker/nova/conductor.pp +++ /dev/null @@ -1,76 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::nova::conductor -# -# Nova Conductor with Pacemaker profile for tripleo -# -# === Parameters -# -# [*pacemaker_master*] -# (Optional) The hostname of the pacemaker master -# Defaults to hiera('bootstrap_nodeid') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::nova::conductor ( - $pacemaker_master = hiera('bootstrap_nodeid'), - $step = hiera('step'), -) { - - include ::nova::params - include ::tripleo::profile::pacemaker::nova - include ::tripleo::profile::base::nova::conductor - - Service<| title == 'nova-conductor' |> { - hasrestart => true, - restart => '/bin/true', - start => '/bin/true', - stop => '/bin/true', - } - - if $step >= 5 and downcase($::hostname) == $pacemaker_master { - pacemaker::resource::service { $::nova::params::conductor_service_name: - clone_params => 'interleave=true', - } - - pacemaker::constraint::base { 'nova-scheduler-then-nova-conductor-constraint': - constraint_type => 'order', - first_resource => "${::nova::params::scheduler_service_name}-clone", - second_resource => "${::nova::params::conductor_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::nova::params::scheduler_service_name], - Pacemaker::Resource::Service[$::nova::params::conductor_service_name]], - } - pacemaker::constraint::colocation { 'nova-conductor-with-nova-scheduler-colocation': - source => "${::nova::params::conductor_service_name}-clone", - target => "${::nova::params::scheduler_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::nova::params::scheduler_service_name], - Pacemaker::Resource::Service[$::nova::params::conductor_service_name]], - } - - - # If Service['nova-compute'] is in catalog, make sure we start it after - # nova-conductor pcmk resource. - # Also make sure to restart nova-compute if nova-conductor pcmk resource changed - # the state, since nova-compute is deployed at a previous step. - Pacemaker::Resource::Service[$::nova::params::conductor_service_name] ~> Service<| title == 'nova-compute' |> - } - -} diff --git a/manifests/profile/pacemaker/nova/consoleauth.pp b/manifests/profile/pacemaker/nova/consoleauth.pp deleted file mode 100644 index 6cd8c15..0000000 --- a/manifests/profile/pacemaker/nova/consoleauth.pp +++ /dev/null @@ -1,86 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::nova::consoleauth -# -# Nova Consoleauth with Pacemaker profile for tripleo -# -# === Parameters -# -# [*pacemaker_master*] -# (Optional) The hostname of the pacemaker master -# Defaults to hiera('bootstrap_nodeid') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::nova::consoleauth ( - $pacemaker_master = hiera('bootstrap_nodeid'), - $step = hiera('step'), -) { - - include ::nova::params - include ::tripleo::profile::pacemaker::nova - include ::tripleo::profile::base::nova::consoleauth - - Service<| title == 'nova-consoleauth' |> { - hasrestart => true, - restart => '/bin/true', - start => '/bin/true', - stop => '/bin/true', - } - - if $step >= 5 and downcase($::hostname) == $pacemaker_master { - pacemaker::resource::service { $::nova::params::consoleauth_service_name: - clone_params => 'interleave=true', - } - - pacemaker::constraint::base { 'keystone-then-nova-consoleauth-constraint': - constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::nova::params::consoleauth_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name], - Pacemaker::Resource::Ocf['openstack-core']], - } - pacemaker::constraint::colocation { 'nova-consoleauth-with-openstack-core': - source => "${::nova::params::consoleauth_service_name}-clone", - target => 'openstack-core-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name], - Pacemaker::Resource::Ocf['openstack-core']], - } - pacemaker::constraint::base { 'nova-consoleauth-then-nova-vncproxy-constraint': - constraint_type => 'order', - first_resource => "${::nova::params::consoleauth_service_name}-clone", - second_resource => "${::nova::params::vncproxy_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name], - Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name]], - } - pacemaker::constraint::colocation { 'nova-vncproxy-with-nova-consoleauth-colocation': - source => "${::nova::params::vncproxy_service_name}-clone", - target => "${::nova::params::consoleauth_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name], - Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name]], - } - - } - -} diff --git a/manifests/profile/pacemaker/nova/scheduler.pp b/manifests/profile/pacemaker/nova/scheduler.pp deleted file mode 100644 index 8c387d2..0000000 --- a/manifests/profile/pacemaker/nova/scheduler.pp +++ /dev/null @@ -1,51 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::nova::scheduler -# -# Nova Scheduler with Pacemaker profile for tripleo -# -# === Parameters -# -# [*pacemaker_master*] -# (Optional) The hostname of the pacemaker master -# Defaults to hiera('bootstrap_nodeid') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::nova::scheduler ( - $pacemaker_master = hiera('bootstrap_nodeid'), - $step = hiera('step'), -) { - include ::nova::params - include ::tripleo::profile::pacemaker::nova - include ::tripleo::profile::base::nova::scheduler - - Service<| title == 'nova-scheduler' |> { - hasrestart => true, - restart => '/bin/true', - start => '/bin/true', - stop => '/bin/true', - } - - if $step >= 5 and downcase($::hostname) == $pacemaker_master { - pacemaker::resource::service { $::nova::params::scheduler_service_name: - clone_params => 'interleave=true', - } - } - -} diff --git a/manifests/profile/pacemaker/nova/vncproxy.pp b/manifests/profile/pacemaker/nova/vncproxy.pp deleted file mode 100644 index 3652daa..0000000 --- a/manifests/profile/pacemaker/nova/vncproxy.pp +++ /dev/null @@ -1,51 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::nova::vncproxy -# -# Nova vncproxy with Pacemaker profile for tripleo -# -# === Parameters -# -# [*pacemaker_master*] -# (Optional) The hostname of the pacemaker master -# Defaults to hiera('bootstrap_nodeid') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::nova::vncproxy ( - $pacemaker_master = hiera('bootstrap_nodeid'), - $step = hiera('step'), -) { - include ::nova::params - include ::tripleo::profile::pacemaker::nova - include ::tripleo::profile::base::nova::vncproxy - - Service<| title == 'nova-vncproxy' |> { - hasrestart => true, - restart => '/bin/true', - start => '/bin/true', - stop => '/bin/true', - } - - if $step >= 5 and downcase($::hostname) == $pacemaker_master { - pacemaker::resource::service { $::nova::params::vncproxy_service_name: - clone_params => 'interleave=true', - } - } - -} diff --git a/manifests/profile/pacemaker/rabbitmq.pp b/manifests/profile/pacemaker/rabbitmq.pp index 1f25e8b..dba01e3 100644 --- a/manifests/profile/pacemaker/rabbitmq.pp +++ b/manifests/profile/pacemaker/rabbitmq.pp @@ -26,6 +26,16 @@ # (Optional) Content of erlang cookie. # Defaults to hiera('rabbitmq::erlang_cookie'). # +# [*user_ha_queues*] +# (Optional) The number of HA queues in to be configured in rabbitmq +# Defaults to hiera('rabbitmq::nr_ha_queues'), which is usually 0 meaning +# that the queues number will be CEIL(N/2) where N is the number of rabbitmq +# nodes. +# +# [*rabbit_nodes*] +# (Optional) The list of rabbitmq nodes names +# Defaults to hiera('rabbitmq_node_names') +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. @@ -34,6 +44,8 @@ class tripleo::profile::pacemaker::rabbitmq ( $bootstrap_node = hiera('bootstrap_nodeid'), $erlang_cookie = hiera('rabbitmq::erlang_cookie'), + $user_ha_queues = hiera('rabbitmq::nr_ha_queues', 0), + $rabbit_nodes = hiera('rabbitmq_node_names'), $step = hiera('step'), ) { if $::hostname == downcase($bootstrap_node) { @@ -61,11 +73,20 @@ class tripleo::profile::pacemaker::rabbitmq ( } if $step >= 2 and $pacemaker_master { + include ::stdlib + # The default nr of ha queues is ceiling(N/2) + if $user_ha_queues == 0 { + $nr_rabbit_nodes = size($rabbit_nodes) + $nr_ha_queues = $nr_rabbit_nodes / 2 + ($nr_rabbit_nodes % 2) + } else { + $nr_ha_queues = $user_ha_queues + } pacemaker::resource::ocf { 'rabbitmq': ocf_agent_name => 'heartbeat:rabbitmq-cluster', - resource_params => 'set_policy=\'ha-all ^(?!amq\.).* {"ha-mode":"all"}\'', + resource_params => "set_policy='ha-all ^(?!amq\\.).* {\"ha-mode\":\"exactly\",\"ha-params\":${nr_ha_queues}}'", clone_params => 'ordered=true interleave=true', meta_params => 'notify=true', + op_params => 'start timeout=200s stop timeout=200s', require => Class['::rabbitmq'], } } diff --git a/manifests/profile/pacemaker/sahara.pp b/manifests/profile/pacemaker/sahara.pp deleted file mode 100644 index 07cd882..0000000 --- a/manifests/profile/pacemaker/sahara.pp +++ /dev/null @@ -1,37 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::sahara -# -# Sahara Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::sahara ( - $step = hiera('step'), -) { - Service <| tag == 'sahara-service' |> { - hasrestart => true, - restart => '/bin/true', - start => '/bin/true', - stop => '/bin/true', - } - - include ::tripleo::profile::base::sahara -} diff --git a/manifests/profile/pacemaker/sahara/api.pp b/manifests/profile/pacemaker/sahara/api.pp deleted file mode 100644 index 0e3d97a..0000000 --- a/manifests/profile/pacemaker/sahara/api.pp +++ /dev/null @@ -1,49 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::sahara::api -# -# Sahara API Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to hiera('bootstrap_nodeid') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::sahara::api ( - $bootstrap_node = hiera('bootstrap_nodeid'), - $step = hiera('step'), -) { - if $::hostname == downcase($bootstrap_node) { - $pacemaker_master = true - } else { - $pacemaker_master = false - } - - include ::tripleo::profile::pacemaker::sahara - include ::tripleo::profile::base::sahara::api - - if $step >= 5 and $pacemaker_master { - # Sahara - pacemaker::resource::service { $::sahara::params::api_service_name : - clone_params => 'interleave=true', - } - } -} diff --git a/manifests/profile/pacemaker/sahara/engine.pp b/manifests/profile/pacemaker/sahara/engine.pp deleted file mode 100644 index ada6c06..0000000 --- a/manifests/profile/pacemaker/sahara/engine.pp +++ /dev/null @@ -1,48 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::sahara::engine -# -# Sahara Engine Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to hiera('bootstrap_nodeid') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::pacemaker::sahara::engine ( - $bootstrap_node = hiera('bootstrap_nodeid'), - $step = hiera('step'), -) { - if $::hostname == downcase($bootstrap_node) { - $pacemaker_master = true - } else { - $pacemaker_master = false - } - - include ::tripleo::profile::pacemaker::sahara - include ::tripleo::profile::base::sahara::engine - - if $step >= 5 and $pacemaker_master { - pacemaker::resource::service { $::sahara::params::engine_service_name : - clone_params => 'interleave=true', - } - } -} diff --git a/manifests/ui.pp b/manifests/ui.pp index 0a12af0..27e3e50 100644 --- a/manifests/ui.pp +++ b/manifests/ui.pp @@ -25,7 +25,7 @@ # # [*bind_host*] # The host/ip address Apache will listen on. -# Optional. Defaults to undef (listen on all ip addresses). +# Optional. Defaults to hiera('controller_host') # # [*ui_port*] # The port on which the UI is listening. @@ -70,9 +70,9 @@ # class tripleo::ui ( $servername = $::fqdn, - $bind_host = undef, + $bind_host = hiera('controller_host'), $ui_port = 3000, - $keystone_url = hiera('keystone::endpoint::public_url'), + $keystone_url = hiera('keystone_auth_uri_v2'), $heat_url = hiera('heat::keystone::auth::public_url', undef), $ironic_url = hiera('ironic::keystone::auth::public_url', undef), $mistral_url = hiera('mistral::keystone::auth::public_url', undef), @@ -82,19 +82,28 @@ class tripleo::ui ( ) { ::apache::vhost { 'tripleo-ui': - ensure => 'present', - servername => $servername, - ip => $bind_host, - port => $ui_port, - docroot => '/var/www/openstack-tripleo-ui/dist', - options => ['Indexes', 'FollowSymLinks'], - rewrites => [ - { - comment => 'Redirect 404 to index', - rewrite_cond => ['%{REQUEST_FILENAME} !-f', '%{REQUEST_FILENAME} !-d'], - rewrite_rule => ['(.*) index.html'], - }, - ], + ensure => 'present', + servername => $servername, + ip => $bind_host, + port => $ui_port, + docroot => '/var/www/openstack-tripleo-ui/dist', + options => ['Indexes', 'FollowSymLinks'], + fallbackresource => '/index.html', + } + + # We already use apache::vhost to generate our own + # configuration file, let's clean the configuration + # embedded within the package + file { "${apache::confd_dir}/openstack-tripleo-ui.conf" : + ensure => present, + content => "# +# This file has been cleaned by Puppet. +# +# OpenStack TripleO UI configuration has been moved to: +# - 25-tripleo-ui.conf +#", + require => Package['openstack-tripleo-ui'], + before => Service[$::apache::params::service_name], } file { '/var/www/openstack-tripleo-ui/dist/tripleo_ui_config.js' : diff --git a/metadata.json b/metadata.json index d28571b..1aa1b4d 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "openstack-tripleo", - "version": "5.2.0", + "version": "6.1.0", "author": "OpenStack Contributors", "summary": "Puppet module for TripleO", "license": "Apache-2.0", diff --git a/releasenotes/notes/sriov_numvfs-40564db9e1be589b.yaml b/releasenotes/notes/sriov_numvfs-40564db9e1be589b.yaml index 85cbdec..5bcb588 100644 --- a/releasenotes/notes/sriov_numvfs-40564db9e1be589b.yaml +++ b/releasenotes/notes/sriov_numvfs-40564db9e1be589b.yaml @@ -1,4 +1,4 @@ --- features: - Added a provider to configure VFs for SR-IOV interface. - Added a define for persistence of the VFs configuratin. + - Added a define for persistence of the VFs configuration. diff --git a/spec/classes/tripleo_cluster_cassandra_spec.rb b/spec/classes/tripleo_cluster_cassandra_spec.rb deleted file mode 100644 index 3f7d471..0000000 --- a/spec/classes/tripleo_cluster_cassandra_spec.rb +++ /dev/null @@ -1,54 +0,0 @@ -# -# Copyright (C) 2015 Midokura SARL -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for the cassandra service - -require 'spec_helper' - -describe 'tripleo::cluster::cassandra' do - - shared_examples_for 'tripleo::cluster::cassandra' do - - let :params do - { - :cassandra_servers => ['192.168.2.2', '192.168.2.3'], - :cassandra_ip => '192.168.2.2' - } - end - - it 'should configure cassandra' do - is_expected.to contain_class('cassandra').with( - :seeds => ['192.168.2.2', '192.168.2.3'], - :listen_address => '192.168.2.2', - :storage_port => 7000, - :ssl_storage_port => 7001, - :native_transport_port => 9042, - :rpc_port => 9160 - ) - - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge({}) - end - - it_behaves_like 'tripleo::cluster::cassandra' - end - end - -end diff --git a/spec/classes/tripleo_cluster_zookeeper_spec.rb b/spec/classes/tripleo_cluster_zookeeper_spec.rb deleted file mode 100644 index fc003b6..0000000 --- a/spec/classes/tripleo_cluster_zookeeper_spec.rb +++ /dev/null @@ -1,86 +0,0 @@ -# -# Copyright (C) 2015 Midokura SARL -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for the zookeeper service - -require 'spec_helper' - -describe 'tripleo::cluster::zookeeper' do - - shared_examples_for 'tripleo::cluster::zookeeper' do - let :params do - { - :zookeeper_server_ips => ['23.43.2.34', '23.43.2.35', '24.43.2.36'], - :zookeeper_hostnames => ['host1.midonet', 'host2.midonet', 'host3.midonet'] - } - end - - context 'on host1' do - before :each do - facts.merge!({ :hostname => 'host1.midonet'}) - params.merge!({ :zookeeper_client_ip => '23.43.2.34' }) - end - - it 'should call zookeeper using id==1' do - is_expected.to contain_class('zookeeper').with( - :servers => ['23.43.2.34', '23.43.2.35', '24.43.2.36'], - :client_ip => '23.43.2.34', - :id => 1 - ) - end - end - - context 'on host2' do - before :each do - facts.merge!({ :hostname => 'host2.midonet'}) - params.merge!({ :zookeeper_client_ip => '23.43.2.35' }) - end - - it 'should call zookeeper using id==1' do - is_expected.to contain_class('zookeeper').with( - :servers => ['23.43.2.34', '23.43.2.35', '24.43.2.36'], - :client_ip => '23.43.2.35', - :id => 2 - ) - end - end - - context 'on host3' do - before :each do - facts.merge!({ :hostname => 'host3.midonet'}) - params.merge!({ :zookeeper_client_ip => '23.43.2.36' }) - end - - it 'should call zookeeper using id==1' do - is_expected.to contain_class('zookeeper').with( - :servers => ['23.43.2.34', '23.43.2.35', '24.43.2.36'], - :client_ip => '23.43.2.36', - :id => 3 - ) - end - - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge({}) - end - - it_behaves_like 'tripleo::cluster::zookeeper' - end - end -end diff --git a/spec/classes/tripleo_firewall_spec.rb b/spec/classes/tripleo_firewall_spec.rb index 1270aa7..3116a51 100644 --- a/spec/classes/tripleo_firewall_spec.rb +++ b/spec/classes/tripleo_firewall_spec.rb @@ -76,7 +76,8 @@ describe 'tripleo::firewall' do '301 add custom application 2' => {'port' => '8081', 'proto' => 'tcp', 'action' => 'accept'}, '302 fwd custom cidr 1' => {'chain' => 'FORWARD', 'destination' => '192.0.2.0/24'}, '303 add custom application 3' => {'dport' => '8081', 'proto' => 'tcp', 'action' => 'accept'}, - '304 add custom application 4' => {'sport' => '1000', 'proto' => 'tcp', 'action' => 'accept'} + '304 add custom application 4' => {'sport' => '1000', 'proto' => 'tcp', 'action' => 'accept'}, + '305 add gre rule' => {'proto' => 'gre'} } ) end @@ -109,6 +110,7 @@ describe 'tripleo::firewall' do :action => 'accept', :state => ['NEW'], ) + is_expected.to contain_firewall('305 add gre rule').without(:state) end end diff --git a/spec/classes/tripleo_midonet_api_spec.rb b/spec/classes/tripleo_midonet_api_spec.rb deleted file mode 100644 index 25b375b..0000000 --- a/spec/classes/tripleo_midonet_api_spec.rb +++ /dev/null @@ -1,76 +0,0 @@ -# -# Copyright (C) 2015 Midokura SARL -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for the midonet api - -require 'spec_helper' - -describe 'tripleo::network::midonet::api' do - - shared_examples_for 'tripleo::midonet::api' do - - let :params do - { - :zookeeper_servers => ['192.168.2.1', '192.168.2.2'], - :vip => '192.23.0.2', - :keystone_ip => '192.23.0.2', - :keystone_admin_token => 'admin_token', - :admin_password => 'admin_password', - :bind_address => '192.23.0.65' - } - end - - it 'should call api configuration' do - is_expected.to contain_class('midonet::midonet_api::run').with( - :zk_servers => [{'ip' => '192.168.2.1', 'port' => 2181}, - {'ip' => '192.168.2.2', 'port' => 2181}], - :keystone_auth => true, - :tomcat_package => 'tomcat', - :vtep => false, - :api_ip => '192.23.0.2', - :api_port => '8081', - :keystone_host => '192.23.0.2', - :keystone_port => 35357, - :keystone_admin_token => 'admin_token', - :keystone_tenant_name => 'admin', - :catalina_base => '/usr/share/tomcat', - :bind_address => '192.23.0.65' - ) - end - - it 'should install the cli' do - is_expected.to contain_class('midonet::midonet_cli').with( - :api_endpoint => 'http://192.23.0.2:8081/midonet-api', - :username => 'admin', - :password => 'admin_password', - :tenant_name => 'admin' - ) - end - - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge({ - :augeasversion => '1.0.0' - }) - end - - it_behaves_like 'tripleo::midonet::api' - end - end - -end diff --git a/spec/classes/tripleo_packages_spec.rb b/spec/classes/tripleo_packages_spec.rb index 076d9cd..8db238a 100644 --- a/spec/classes/tripleo_packages_spec.rb +++ b/spec/classes/tripleo_packages_spec.rb @@ -29,9 +29,8 @@ describe 'tripleo::packages' do } end - it 'should contain correct upgrade ordering' do - is_expected.to contain_exec('package-upgrade').that_comes_before('Service[nova-compute]') - is_expected.to contain_exec('package-upgrade').with(:command => 'yum -y update') + it 'should contain upgrade exec' do + is_expected.to contain_exec('package-upgrade').with(:command => 'yum -y update') end end diff --git a/spec/classes/tripleo_profile_base_aodh_api_spec.rb b/spec/classes/tripleo_profile_base_aodh_api_spec.rb new file mode 100644 index 0000000..22f26cf --- /dev/null +++ b/spec/classes/tripleo_profile_base_aodh_api_spec.rb @@ -0,0 +1,58 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::aodh::api' do + shared_examples_for 'tripleo::profile::base::aodh::api' do + let(:pre_condition) do + "class { '::tripleo::profile::base::aodh': step => #{params[:step]}, rabbit_hosts => ['localhost.localdomain'] }" + end + + context 'with step less than 4' do + let(:params) { { :step => 3 } } + + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::aodh::api') + is_expected.to contain_class('tripleo::profile::base::aodh') + is_expected.to_not contain_class('aodh::api') + is_expected.to_not contain_class('aodh::wsgi::apache') + end + end + + context 'with step 4' do + let(:params) { { + :step => 4, + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('aodh::api') + is_expected.to contain_class('aodh::wsgi::apache') + end + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::aodh::api' + end + end +end diff --git a/spec/classes/tripleo_profile_base_aodh_evaluator_spec.rb b/spec/classes/tripleo_profile_base_aodh_evaluator_spec.rb new file mode 100644 index 0000000..495794d --- /dev/null +++ b/spec/classes/tripleo_profile_base_aodh_evaluator_spec.rb @@ -0,0 +1,59 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::aodh::evaluator' do + shared_examples_for 'tripleo::profile::base::aodh::evaluator' do + let(:pre_condition) do + "class { '::tripleo::profile::base::aodh': step => #{params[:step]}, rabbit_hosts => ['localhost.localdomain'] }" + end + + context 'with step less than 4' do + let(:params) { { :step => 3 } } + + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::aodh::evaluator') + is_expected.to contain_class('tripleo::profile::base::aodh') + is_expected.to_not contain_class('aodh::evaluator') + end + end + + context 'with step 4' do + let(:params) { { + :step => 4, + } } + + it 'should trigger complete configuration' do + # TODO(aschultz): need to parameterize the pass/vip so we can test ipv6 + is_expected.to contain_class('aodh::evaluator').with( + :coordination_url => 'redis://:password@127.0.0.1:6379/' + ) + end + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::aodh::evaluator' + end + end +end diff --git a/spec/classes/tripleo_profile_base_aodh_listener_spec.rb b/spec/classes/tripleo_profile_base_aodh_listener_spec.rb new file mode 100644 index 0000000..022ee5c --- /dev/null +++ b/spec/classes/tripleo_profile_base_aodh_listener_spec.rb @@ -0,0 +1,56 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::aodh::listener' do + shared_examples_for 'tripleo::profile::base::aodh::listener' do + let(:pre_condition) do + "class { '::tripleo::profile::base::aodh': step => #{params[:step]}, rabbit_hosts => ['localhost.localdomain'] }" + end + + context 'with step less than 4' do + let(:params) { { :step => 3 } } + + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::aodh::listener') + is_expected.to contain_class('tripleo::profile::base::aodh') + is_expected.to_not contain_class('aodh::listener') + end + end + + context 'with step 4' do + let(:params) { { + :step => 4, + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('aodh::listener') + end + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::aodh::listener' + end + end +end diff --git a/spec/classes/tripleo_profile_base_aodh_notifier_spec.rb b/spec/classes/tripleo_profile_base_aodh_notifier_spec.rb new file mode 100644 index 0000000..f2116ca --- /dev/null +++ b/spec/classes/tripleo_profile_base_aodh_notifier_spec.rb @@ -0,0 +1,56 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::aodh::notifier' do + shared_examples_for 'tripleo::profile::base::aodh::notifier' do + let(:pre_condition) do + "class { '::tripleo::profile::base::aodh': step => #{params[:step]}, rabbit_hosts => ['localhost.localdomain'] }" + end + + context 'with step less than 4' do + let(:params) { { :step => 3 } } + + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::aodh::notifier') + is_expected.to contain_class('tripleo::profile::base::aodh') + is_expected.to_not contain_class('aodh::notifier') + end + end + + context 'with step 4' do + let(:params) { { + :step => 4, + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('aodh::notifier') + end + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::aodh::notifier' + end + end +end diff --git a/spec/classes/tripleo_profile_base_aodh_spec.rb b/spec/classes/tripleo_profile_base_aodh_spec.rb new file mode 100644 index 0000000..3befa23 --- /dev/null +++ b/spec/classes/tripleo_profile_base_aodh_spec.rb @@ -0,0 +1,94 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::aodh' do + shared_examples_for 'tripleo::profile::base::aodh' do + context 'with step less than 3' do + let(:params) { { :step => 1 } } + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::aodh') + is_expected.to_not contain_class('aodh') + is_expected.to_not contain_class('aodh::auth') + is_expected.to_not contain_class('aodh::config') + is_expected.to_not contain_class('aodh::client') + is_expected.to_not contain_class('aodh::db::sync') + end + end + + context 'with step 3 on bootstrap node' do + let(:params) { { + :step => 3, + :bootstrap_node => 'node.example.com', + :rabbit_hosts => ['localhost1.localdomain', 'localhost2.localdomain'] + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('aodh').with( + :rabbit_hosts => params[:rabbit_hosts].map { |h| h + ":5672" } + ) + is_expected.to contain_class('aodh::auth') + is_expected.to contain_class('aodh::config') + is_expected.to contain_class('aodh::client') + is_expected.to contain_class('aodh::db::sync') + end + end + + context 'with step 3 not on bootstrap node' do + let(:params) { { + :step => 3, + :bootstrap_node => 'soemthingelse.example.com' + } } + + it 'should not trigger any configuration' do + is_expected.to_not contain_class('aodh') + is_expected.to_not contain_class('aodh::auth') + is_expected.to_not contain_class('aodh::config') + is_expected.to_not contain_class('aodh::client') + is_expected.to_not contain_class('aodh::db::sync') + end + end + + context 'with step 4 on other node' do + let(:params) { { + :step => 4, + :bootstrap_node => 'somethingelse.example.com', + :rabbit_hosts => ['localhost1.localdomain', 'localhost2.localdomain'] + } } + + it 'should trigger aodh configuration without mysql grant' do + is_expected.to contain_class('aodh').with( + :rabbit_hosts => params[:rabbit_hosts].map { |h| h + ":5672" } + ) + is_expected.to contain_class('aodh::auth') + is_expected.to contain_class('aodh::config') + is_expected.to contain_class('aodh::client') + is_expected.to contain_class('aodh::db::sync') + end + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::aodh' + end + end +end diff --git a/spec/classes/tripleo_profile_base_barbican_api_spec.rb b/spec/classes/tripleo_profile_base_barbican_api_spec.rb new file mode 100644 index 0000000..169642e --- /dev/null +++ b/spec/classes/tripleo_profile_base_barbican_api_spec.rb @@ -0,0 +1,107 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::barbican::api' do + shared_examples_for 'tripleo::profile::base::barbican::api' do + let(:pre_condition) do + "class { '::tripleo::profile::base::barbican': step => #{params[:step]} }" + end + + context 'with step less than 3' do + let(:params) { { :step => 1 } } + + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::barbican::api') + is_expected.to contain_class('tripleo::profile::base::barbican') + is_expected.to_not contain_class('barbican::api') + is_expected.to_not contain_class('barbican::api::logging') + is_expected.to_not contain_class('barbican::keystone::notification') + is_expected.to_not contain_class('barbican::quota') + is_expected.to_not contain_class('barbican::wsgi::apache') + end + end + + context 'with step 3 on bootstrap node' do + let(:params) { { + :step => 3, + :bootstrap_node => 'node.example.com', + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('tripleo::profile::base::barbican::api') + is_expected.to contain_class('tripleo::profile::base::barbican') + is_expected.to contain_class('barbican::db::mysql') + is_expected.to contain_class('barbican::db::sync') + is_expected.to contain_class('barbican::api') + is_expected.to contain_class('barbican::api::logging') + is_expected.to contain_class('barbican::keystone::notification') + is_expected.to contain_class('barbican::quota') + is_expected.to contain_class('barbican::wsgi::apache') + end + end + + context 'with step 3 not on bootstrap node' do + let(:params) { { + :step => 3, + :bootstrap_node => 'other.example.com', + } } + + it 'should not trigger any configuration' do + is_expected.to contain_class('tripleo::profile::base::barbican::api') + is_expected.to contain_class('tripleo::profile::base::barbican') + is_expected.to_not contain_class('barbican::db::mysql') + is_expected.to_not contain_class('barbican::db::sync') + is_expected.to_not contain_class('barbican::api') + is_expected.to_not contain_class('barbican::api::logging') + is_expected.to_not contain_class('barbican::keystone::notification') + is_expected.to_not contain_class('barbican::quota') + is_expected.to_not contain_class('barbican::wsgi::apache') + end + end + + context 'with step 4 not on bootstrap node' do + let(:params) { { + :step => 4, + :bootstrap_node => 'other.example.com', + } } + + it 'should trigger complete configuration with out db items' do + is_expected.to_not contain_class('barbican::db::mysql') + # TODO(aschultz): barbican::api includes this automatically + #is_expected.to_not contain_class('barbican::db::sync') + is_expected.to contain_class('barbican::api') + is_expected.to contain_class('barbican::api::logging') + is_expected.to contain_class('barbican::keystone::notification') + is_expected.to contain_class('barbican::quota') + is_expected.to contain_class('barbican::wsgi::apache') + end + end + + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::barbican::api' + end + end +end diff --git a/spec/classes/tripleo_profile_base_barbican_spec.rb b/spec/classes/tripleo_profile_base_barbican_spec.rb new file mode 100644 index 0000000..470b2c2 --- /dev/null +++ b/spec/classes/tripleo_profile_base_barbican_spec.rb @@ -0,0 +1,56 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::barbican' do + shared_examples_for 'tripleo::profile::base::barbican' do + context 'with step less than 3' do + let(:params) { { :step => 1 } } + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::barbican') + is_expected.to_not contain_class('barbican') + is_expected.to_not contain_class('barbican::config') + is_expected.to_not contain_class('barbican::client') + end + end + + context 'with step 3' do + let(:params) { { + :step => 3, + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('barbican').with( + :rabbit_hosts => params[:rabbit_hosts] + ) + is_expected.to contain_class('barbican') + is_expected.to contain_class('barbican::config') + is_expected.to contain_class('barbican::client') + end + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::barbican' + end + end +end diff --git a/spec/classes/tripleo_profile_base_ceilometer_api_spec.rb b/spec/classes/tripleo_profile_base_ceilometer_api_spec.rb new file mode 100644 index 0000000..935e9e8 --- /dev/null +++ b/spec/classes/tripleo_profile_base_ceilometer_api_spec.rb @@ -0,0 +1,57 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::ceilometer::api' do + shared_examples_for 'tripleo::profile::base::ceilometer::api' do + let(:pre_condition) do + "class { '::tripleo::profile::base::ceilometer': step => #{params[:step]}, rabbit_hosts => ['localhost.localdomain'] }" + end + + context 'with step less than 4' do + let(:params) { { :step => 3 } } + + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::ceilometer::api') + is_expected.to_not contain_class('ceilometer::api') + is_expected.to_not contain_class('ceilometer::wsgi::apache') + end + end + + context 'with step 4' do + let(:params) { { + :step => 4, + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('ceilometer::api') + is_expected.to contain_class('ceilometer::wsgi::apache') + end + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::ceilometer::api' + end + end +end diff --git a/spec/classes/tripleo_profile_base_ceilometer_collector_spec.rb b/spec/classes/tripleo_profile_base_ceilometer_collector_spec.rb new file mode 100644 index 0000000..2e4b50a --- /dev/null +++ b/spec/classes/tripleo_profile_base_ceilometer_collector_spec.rb @@ -0,0 +1,143 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::ceilometer::collector' do + shared_examples_for 'tripleo::profile::base::ceilometer::collector' do + let(:pre_condition) do + "class { '::tripleo::profile::base::ceilometer': step => #{params[:step]}, rabbit_hosts => ['localhost.localdomain'] }" + end + + context 'with step 3 on bootstrap node with mongodb' do + let(:params) { { + :step => 3, + :bootstrap_node => 'node.example.com', + :mongodb_node_ips => ['127.0.0.1',], + :mongodb_replset => 'replicaset' + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('tripleo::profile::base::ceilometer::collector') + is_expected.to contain_class('ceilometer::db::sync') + is_expected.to contain_class('ceilometer::db').with( + :database_connection => 'mongodb://127.0.0.1:27017/ceilometer?replicaSet=replicaset' + ) + end + end + + context 'with step 3 on bootstrap node with mongodb with ipv6' do + let(:params) { { + :step => 3, + :bootstrap_node => 'node.example.com', + :mongodb_ipv6 => true, + :mongodb_node_ips => ['::1','fe80::ca5b:76ff:fe4b:be3b'], + :mongodb_replset => 'replicaset' + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('tripleo::profile::base::ceilometer::collector') + is_expected.to contain_class('ceilometer::db::sync') + is_expected.to contain_class('ceilometer::db').with( + :sync_db => true, + :database_connection => 'mongodb://[::1]:27017,[fe80::ca5b:76ff:fe4b:be3b]:27017/ceilometer?replicaSet=replicaset' + ) + end + end + + context 'with step 3 on bootstrap node without mongodb' do + let(:params) { { + :step => 3, + :bootstrap_node => 'node.example.com', + :ceilometer_backend => 'somethingelse', + :mongodb_node_ips => ['127.0.0.1',], + :mongodb_replset => 'replicaset' + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('tripleo::profile::base::ceilometer::collector') + is_expected.to contain_class('ceilometer::db::sync') + is_expected.to contain_class('ceilometer::db').without( + :database_connection => 'mongodb://127.0.0.1:27017/ceilometer?replicaSet=replicaset' + ) + is_expected.to contain_class('ceilometer::db').with( + :sync_db => true + ) + end + end + + context 'with step 3 not on bootstrap node' do + let(:params) { { + :step => 3, + :bootstrap_node => 'soemthingelse.example.com' + } } + + it 'should not trigger any configuration' do + is_expected.to contain_class('tripleo::profile::base::ceilometer::collector') + is_expected.to_not contain_class('ceilometer::db') + end + end + + context 'with step 4 on bootstrap node' do + let(:params) { { + :step => 4, + :bootstrap_node => 'node.example.com', + :mongodb_node_ips => ['127.0.0.1',], + :mongodb_replset => 'replicaset' + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('ceilometer::db::sync') + is_expected.to contain_class('ceilometer::db').with( + :sync_db => true, + :database_connection => 'mongodb://127.0.0.1:27017/ceilometer?replicaSet=replicaset' + ) + is_expected.to contain_class('ceilometer::collector') + is_expected.to contain_class('ceilometer::dispatcher::gnocchi') + end + end + + context 'with step 4 not on bootstrap node' do + let(:params) { { + :step => 4, + :bootstrap_node => 'somethingelse.example.com', + :mongodb_node_ips => ['127.0.0.1',], + :mongodb_replset => 'replicaset' + } } + + it 'should trigger complete configuration' do + is_expected.to_not contain_class('ceilometer::db::sync') + is_expected.to contain_class('ceilometer::db').with( + :sync_db => false, + :database_connection => 'mongodb://127.0.0.1:27017/ceilometer?replicaSet=replicaset' + ) + is_expected.to contain_class('ceilometer::collector') + is_expected.to contain_class('ceilometer::dispatcher::gnocchi') + end + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::ceilometer::collector' + end + end +end diff --git a/spec/classes/tripleo_profile_base_ceilometer_expirer_spec.rb b/spec/classes/tripleo_profile_base_ceilometer_expirer_spec.rb new file mode 100644 index 0000000..c13f3c8 --- /dev/null +++ b/spec/classes/tripleo_profile_base_ceilometer_expirer_spec.rb @@ -0,0 +1,58 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::ceilometer::expirer' do + shared_examples_for 'tripleo::profile::base::ceilometer::expirer' do + let(:pre_condition) do + "class { '::tripleo::profile::base::ceilometer': step => #{params[:step]}, rabbit_hosts => ['localhost.localdomain'] }" + end + + context 'with step less than 4' do + let(:params) { { :step => 3 } } + + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::ceilometer::expirer') + is_expected.to_not contain_class('ceilometer::expirer') + end + end + + context 'with step 4' do + let(:params) { { + :step => 4, + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('ceilometer::expirer') + is_expected.to contain_cron('ceilometer-expirer').with( + :command => 'sleep $(($(od -A n -t d -N 3 /dev/urandom) % 86400)) && ceilometer-expirer' + ) + end + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::ceilometer::expirer' + end + end +end diff --git a/spec/classes/tripleo_profile_base_ceilometer_spec.rb b/spec/classes/tripleo_profile_base_ceilometer_spec.rb new file mode 100644 index 0000000..075aff8 --- /dev/null +++ b/spec/classes/tripleo_profile_base_ceilometer_spec.rb @@ -0,0 +1,55 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::ceilometer' do + shared_examples_for 'tripleo::profile::base::ceilometer' do + context 'with step less than 3' do + let(:params) { { :step => 1 } } + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::ceilometer') + is_expected.to_not contain_class('ceilometer') + is_expected.to_not contain_class('ceilometer::config') + end + end + + context 'with step 3' do + let(:params) { { + :step => 3, + :rabbit_hosts => ['localhost1.localdomain', 'localhost2.localdomain'] + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('ceilometer').with( + :rabbit_hosts => params[:rabbit_hosts].map{ |h| h + ':5672' } + ) + is_expected.to contain_class('ceilometer::config') + end + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::ceilometer' + end + end +end diff --git a/spec/classes/tripleo_profile_base_ceph_client_spec.rb b/spec/classes/tripleo_profile_base_ceph_client_spec.rb new file mode 100644 index 0000000..11367d2 --- /dev/null +++ b/spec/classes/tripleo_profile_base_ceph_client_spec.rb @@ -0,0 +1,59 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::ceph::client' do + shared_examples_for 'tripleo::profile::base::ceph::client' do + let (:pre_condition) do + <<-eof + class { '::tripleo::profile::base::ceph': + step => #{params[:step]} + } + eof + end + + context 'with step less than 2' do + let(:params) { { :step => 1 } } + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::ceph::client') + is_expected.to contain_class('tripleo::profile::base::ceph') + is_expected.to_not contain_class('ceph::profile::client') + end + end + + context 'with step 2' do + let(:params) { { + :step => 2, + } } + + it 'should include client configuration' do + is_expected.to contain_class('tripleo::profile::base::ceph') + is_expected.to contain_class('ceph::profile::client') + end + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::ceph::client' + end + end +end diff --git a/spec/classes/tripleo_profile_base_ceph_mon_spec.rb b/spec/classes/tripleo_profile_base_ceph_mon_spec.rb new file mode 100644 index 0000000..d5dde4f --- /dev/null +++ b/spec/classes/tripleo_profile_base_ceph_mon_spec.rb @@ -0,0 +1,77 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::ceph::mon' do + shared_examples_for 'tripleo::profile::base::ceph::mon' do + let (:pre_condition) do + <<-eof + class { '::tripleo::profile::base::ceph': + step => #{params[:step]} + } + eof + end + + context 'with step less than 2' do + let(:params) { { :step => 1 } } + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::ceph::mon') + is_expected.to contain_class('tripleo::profile::base::ceph') + is_expected.to_not contain_class('ceph::profile::mon') + end + end + + context 'with step 2' do + let(:params) { { + :step => 2, + } } + + it 'should include mon configuration' do + is_expected.to contain_class('tripleo::profile::base::ceph') + is_expected.to contain_class('ceph::profile::mon') + end + end + + context 'with step 4 create pools' do + let(:params) { { + :step => 4, + :ceph_pools => { 'mypool' => { 'size' => 5, 'pg_num' => 128, 'pgp_num' => 128 } } + } } + + it 'should include mon configuration' do + is_expected.to contain_class('tripleo::profile::base::ceph') + is_expected.to contain_class('ceph::profile::mon') + is_expected.to contain_ceph__pool('mypool').with({ + :size => 5, + :pg_num => 128, + :pgp_num => 128 + }) + end + end + + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::ceph::mon' + end + end +end diff --git a/spec/classes/tripleo_profile_base_ceph_osd_spec.rb b/spec/classes/tripleo_profile_base_ceph_osd_spec.rb new file mode 100644 index 0000000..3008e12 --- /dev/null +++ b/spec/classes/tripleo_profile_base_ceph_osd_spec.rb @@ -0,0 +1,75 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::ceph::osd' do + shared_examples_for 'tripleo::profile::base::ceph::osd' do + let (:pre_condition) do + <<-eof + class { '::tripleo::profile::base::ceph': + step => #{params[:step]} + } + eof + end + + context 'with step less than 3' do + let(:params) { { :step => 1 } } + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::ceph::osd') + is_expected.to contain_class('tripleo::profile::base::ceph') + is_expected.to_not contain_class('ceph::profile::osd') + end + end + + context 'with step 3 defaults' do + let(:params) { { + :step => 3, + } } + + it 'should include osd configuration' do + is_expected.to contain_class('tripleo::profile::base::ceph') + is_expected.to contain_class('ceph::profile::osd') + is_expected.to_not contain_exec('set selinux to permissive on boot') + is_expected.to_not contain_exec('set selinux to permissive') + end + end + + context 'with step 3 enable selinux permissive' do + let(:params) { { + :step => 3, + :ceph_osd_selinux_permissive => true + } } + + it 'should include osd configuration' do + is_expected.to contain_class('tripleo::profile::base::ceph') + is_expected.to contain_class('ceph::profile::osd') + is_expected.to contain_exec('set selinux to permissive on boot') + is_expected.to contain_exec('set selinux to permissive') + end + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::ceph::osd' + end + end +end diff --git a/spec/classes/tripleo_profile_base_ceph_rgw_spec.rb b/spec/classes/tripleo_profile_base_ceph_rgw_spec.rb new file mode 100644 index 0000000..88f971b --- /dev/null +++ b/spec/classes/tripleo_profile_base_ceph_rgw_spec.rb @@ -0,0 +1,99 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::ceph::rgw' do + shared_examples_for 'tripleo::profile::base::ceph::rgw' do + let (:pre_condition) do + <<-eof + class { '::tripleo::profile::base::ceph': + step => #{params[:step]} + } + eof + end + + let (:default_params) do + { + :keystone_admin_token => 'token', + :keystone_url => 'url', + :rgw_key => 'key', + :civetweb_bind_ip => '2001:db8:0:1234:0:567:8:1', + :civetweb_bind_port => '8888', + } + end + + context 'with step less than 3' do + let(:params) { default_params.merge({ :step => 1 }) } + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::ceph::rgw') + is_expected.to contain_class('tripleo::profile::base::ceph') + is_expected.to_not contain_class('ceph::rgw') + end + end + + context 'with step 3' do + let(:params) { default_params.merge({ :step => 3 }) } + it 'should include rgw configuration' do + is_expected.to contain_class('tripleo::profile::base::ceph') + is_expected.to contain_ceph__rgw('radosgw.gateway').with( + :frontend_type => 'civetweb', + :rgw_frontends => 'civetweb port=[2001:db8:0:1234:0:567:8:1]:8888' + ) + is_expected.to contain_ceph__key('client.radosgw.gateway').with( + :secret => 'key', + :cap_mon => 'allow *', + :cap_osd => 'allow *', + :inject => true + ) + is_expected.to_not contain_ceph__rgw__keystone('radosgw.gateway') + end + end + + context 'with step 4' do + let(:params) { default_params.merge({ :step => 4 }) } + it 'should include rgw configuration' do + is_expected.to contain_class('tripleo::profile::base::ceph') + is_expected.to contain_ceph__rgw('radosgw.gateway').with( + :frontend_type => 'civetweb', + :rgw_frontends => 'civetweb port=[2001:db8:0:1234:0:567:8:1]:8888' + ) + is_expected.to contain_ceph__key('client.radosgw.gateway').with( + :secret => 'key', + :cap_mon => 'allow *', + :cap_osd => 'allow *', + :inject => true + ) + is_expected.to contain_ceph__rgw__keystone('radosgw.gateway').with( + :rgw_keystone_accepted_roles => ['admin', '_member_', 'Member'], + :use_pki => false, + :rgw_keystone_admin_token => 'token', + :rgw_keystone_url => 'url' + ) + end + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::ceph::rgw' + end + end +end diff --git a/spec/classes/tripleo_profile_base_ceph_spec.rb b/spec/classes/tripleo_profile_base_ceph_spec.rb new file mode 100644 index 0000000..1532fb7 --- /dev/null +++ b/spec/classes/tripleo_profile_base_ceph_spec.rb @@ -0,0 +1,99 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::ceph' do + shared_examples_for 'tripleo::profile::base::ceph' do + context 'with step less than 2' do + let(:params) { { :step => 1 } } + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::ceph') + is_expected.to_not contain_class('ceph::conf') + is_expected.to_not contain_class('ceph::profile::params') + end + end + + context 'with step 2' do + let(:params) { { + :step => 2, + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('ceph::profile::params').with( + :mon_initial_members => nil, + :mon_host => '127.0.0.1' + ) + is_expected.to contain_class('ceph::conf') + end + end + + context 'with step 2 with initial members' do + let(:params) { { + :step => 2, + :ceph_mon_initial_members => [ 'monA', 'monB', 'monc' ] + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('ceph::profile::params').with( + :mon_initial_members => 'mona,monb,monc', + :mon_host => '127.0.0.1' + ) + is_expected.to contain_class('ceph::conf') + end + end + + context 'with step 2 with ipv4 mon host' do + let(:params) { { + :step => 2, + :ceph_mon_host => ['10.0.0.1', '10.0.0.2'] + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('ceph::profile::params').with( + :mon_initial_members => nil, + :mon_host => '10.0.0.1,10.0.0.2' + ) + is_expected.to contain_class('ceph::conf') + end + end + + context 'with step 2 with ipv6 mon host' do + let(:params) { { + :step => 2, + :ceph_mon_host => ['fe80::fc54:ff:fe9e:7846', '10.0.0.2'] + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('ceph::profile::params').with( + :mon_initial_members => nil, + :mon_host => '[fe80::fc54:ff:fe9e:7846],10.0.0.2' + ) + is_expected.to contain_class('ceph::conf') + end + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::ceph' + end + end +end diff --git a/spec/classes/tripleo_profile_base_cinder_api_spec.rb b/spec/classes/tripleo_profile_base_cinder_api_spec.rb new file mode 100644 index 0000000..a0c607d --- /dev/null +++ b/spec/classes/tripleo_profile_base_cinder_api_spec.rb @@ -0,0 +1,86 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::cinder::api' do + shared_examples_for 'tripleo::profile::base::cinder::api' do + let(:pre_condition) do + "class { '::tripleo::profile::base::cinder': step => #{params[:step]}, rabbit_hosts => ['127.0.0.1'] }" + end + + context 'with step less than 3' do + let(:params) { { :step => 1 } } + + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::cinder::api') + is_expected.to contain_class('tripleo::profile::base::cinder') + is_expected.to_not contain_class('cinder::api') + is_expected.to_not contain_class('cinder::ceilometer') + is_expected.to_not contain_class('cinder::glance') + end + end + + context 'with step 3 on bootstrap node' do + let(:params) { { + :step => 3, + :bootstrap_node => 'node.example.com', + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('cinder::api') + is_expected.to contain_class('cinder::ceilometer') + is_expected.to contain_class('cinder::glance') + end + end + + context 'with step 3 not on bootstrap node' do + let(:params) { { + :step => 3, + :bootstrap_node => 'other.example.com', + } } + + it 'should not trigger any configuration' do + is_expected.to_not contain_class('cinder::api') + is_expected.to_not contain_class('cinder::ceilometer') + is_expected.to_not contain_class('cinder::glance') + end + end + + context 'with step 4' do + let(:params) { { + :step => 4, + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('cinder::api') + is_expected.to contain_class('cinder::ceilometer') + is_expected.to contain_class('cinder::glance') + end + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::cinder::api' + end + end +end diff --git a/spec/classes/tripleo_profile_base_cinder_backup_ceph_spec.rb b/spec/classes/tripleo_profile_base_cinder_backup_ceph_spec.rb new file mode 100644 index 0000000..46c3d15 --- /dev/null +++ b/spec/classes/tripleo_profile_base_cinder_backup_ceph_spec.rb @@ -0,0 +1,59 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::cinder::backup::ceph' do + shared_examples_for 'tripleo::profile::base::cinder::backup::ceph' do + let(:pre_condition) do + <<-EOF + class { '::tripleo::profile::base::cinder': step => #{params[:step]}, rabbit_hosts => ['127.0.0.1'] } + class { '::tripleo::profile::base::cinder::backup': step => #{params[:step]} } + EOF + end + + context 'with step less than 4' do + let(:params) { { :step => 3 } } + + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::cinder::backup::ceph') + is_expected.to contain_class('tripleo::profile::base::cinder::backup') + is_expected.to_not contain_class('cinder::backup::ceph') + end + end + + context 'with step 4' do + let(:params) { { + :step => 4, + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('cinder::backup::ceph') + end + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::cinder::backup::ceph' + end + end +end diff --git a/spec/classes/tripleo_profile_base_cinder_backup_spec.rb b/spec/classes/tripleo_profile_base_cinder_backup_spec.rb new file mode 100644 index 0000000..0e15c9a --- /dev/null +++ b/spec/classes/tripleo_profile_base_cinder_backup_spec.rb @@ -0,0 +1,56 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::cinder::backup' do + shared_examples_for 'tripleo::profile::base::cinder::backup' do + let(:pre_condition) do + "class { '::tripleo::profile::base::cinder': step => #{params[:step]}, rabbit_hosts => ['127.0.0.1'] }" + end + + context 'with step less than 4' do + let(:params) { { :step => 3 } } + + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::cinder::backup') + is_expected.to contain_class('tripleo::profile::base::cinder') + is_expected.to_not contain_class('cinder::backup') + end + end + + context 'with step 4' do + let(:params) { { + :step => 4, + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('cinder::backup') + end + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::cinder::backup' + end + end +end diff --git a/spec/classes/tripleo_profile_base_cinder_backup_swift_spec.rb b/spec/classes/tripleo_profile_base_cinder_backup_swift_spec.rb new file mode 100644 index 0000000..2c9d71f --- /dev/null +++ b/spec/classes/tripleo_profile_base_cinder_backup_swift_spec.rb @@ -0,0 +1,59 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::cinder::backup::swift' do + shared_examples_for 'tripleo::profile::base::cinder::backup::swift' do + let(:pre_condition) do + <<-EOF + class { '::tripleo::profile::base::cinder': step => #{params[:step]}, rabbit_hosts => ['127.0.0.1'] } + class { '::tripleo::profile::base::cinder::backup': step => #{params[:step]} } + EOF + end + + context 'with step less than 4' do + let(:params) { { :step => 3 } } + + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::cinder::backup::swift') + is_expected.to contain_class('tripleo::profile::base::cinder::backup') + is_expected.to_not contain_class('cinder::backup::swift') + end + end + + context 'with step 4' do + let(:params) { { + :step => 4, + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('cinder::backup::swift') + end + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::cinder::backup::swift' + end + end +end diff --git a/spec/classes/tripleo_profile_base_cinder_scheduler_spec.rb b/spec/classes/tripleo_profile_base_cinder_scheduler_spec.rb new file mode 100644 index 0000000..cd044ee --- /dev/null +++ b/spec/classes/tripleo_profile_base_cinder_scheduler_spec.rb @@ -0,0 +1,56 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::cinder::scheduler' do + shared_examples_for 'tripleo::profile::base::cinder::scheduler' do + let(:pre_condition) do + "class { '::tripleo::profile::base::cinder': step => #{params[:step]}, rabbit_hosts => ['127.0.0.1'] }" + end + + context 'with step less than 4' do + let(:params) { { :step => 3 } } + + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::cinder::scheduler') + is_expected.to contain_class('tripleo::profile::base::cinder') + is_expected.to_not contain_class('cinder::scheduler') + end + end + + context 'with step 4' do + let(:params) { { + :step => 4, + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('cinder::scheduler') + end + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::cinder::scheduler' + end + end +end diff --git a/spec/classes/tripleo_profile_base_cinder_spec.rb b/spec/classes/tripleo_profile_base_cinder_spec.rb new file mode 100644 index 0000000..6a36152 --- /dev/null +++ b/spec/classes/tripleo_profile_base_cinder_spec.rb @@ -0,0 +1,122 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::cinder' do + shared_examples_for 'tripleo::profile::base::cinder' do + context 'with step less than 3' do + let(:params) { { :step => 1 } } + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::cinder') + is_expected.to_not contain_class('cinder') + is_expected.to_not contain_class('cinder::config') + is_expected.to_not contain_class('cinder:::cron::db_purge') + end + end + + context 'with step 3 on bootstrap node' do + let(:params) { { + :step => 3, + :bootstrap_node => 'node.example.com', + :rabbit_hosts => ['127.0.0.1', '127.0.0.2'], + :rabbit_port => '1234' + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('cinder').with( + :rabbit_hosts => params[:rabbit_hosts].map{ |h| "#{h}:#{params[:rabbit_port]}" } + ) + is_expected.to contain_class('cinder::config') + is_expected.to_not contain_class('cinder::cron::db_purge') + end + end + + context 'with step 3 not on bootstrap node' do + let(:params) { { + :step => 3, + :bootstrap_node => 'soemthingelse.example.com' + } } + + it 'should not trigger any configuration' do + is_expected.to_not contain_class('cinder') + is_expected.to_not contain_class('cinder::config') + is_expected.to_not contain_class('cinder:::cron::db_purge') + end + end + + context 'with step 4 on other node' do + let(:params) { { + :step => 4, + :bootstrap_node => 'somethingelse.example.com', + :rabbit_hosts => ['127.0.0.1', '127.0.0.2'], + :rabbit_port => '5672' + } } + + it 'should trigger cinder configuration without mysql grant' do + is_expected.to contain_class('cinder').with( + :rabbit_hosts => params[:rabbit_hosts].map{ |h| "#{h}:#{params[:rabbit_port]}" } + ) + is_expected.to contain_class('cinder::config') + is_expected.to_not contain_class('cinder:::cron::db_purge') + end + end + + context 'with step 5' do + let(:params) { { + :step => 5, + :bootstrap_node => 'node.example.com', + :rabbit_hosts => ['127.0.0.1', '127.0.0.2'] + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('cinder').with( + :rabbit_hosts => params[:rabbit_hosts].map{ |h| "#{h}:5672" } + ) + is_expected.to contain_class('cinder::config') + is_expected.to contain_class('cinder::cron::db_purge') + end + end + + context 'with step 5 without db_purge' do + let(:params) { { + :step => 5, + :bootstrap_node => 'node.example.com', + :rabbit_hosts => ['127.0.0.1', '127.0.0.2'], + :cinder_enable_db_purge => false + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('cinder').with( + :rabbit_hosts => params[:rabbit_hosts].map{ |h| "#{h}:5672" } + ) + is_expected.to contain_class('cinder::config') + is_expected.to_not contain_class('cinder::cron::db_purge') + end + end + + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::cinder' + end + end +end diff --git a/spec/classes/tripleo_profile_base_cinder_volume_dellsc_spec.rb b/spec/classes/tripleo_profile_base_cinder_volume_dellsc_spec.rb new file mode 100644 index 0000000..328e886 --- /dev/null +++ b/spec/classes/tripleo_profile_base_cinder_volume_dellsc_spec.rb @@ -0,0 +1,58 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::cinder::volume::dellsc' do + shared_examples_for 'tripleo::profile::base::cinder::volume::dellsc' do + before :each do + facts.merge!({ :step => params[:step] }) + end + + context 'with step less than 4' do + let(:params) { { :step => 3 } } + + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::cinder::volume::dellsc') + is_expected.to contain_class('tripleo::profile::base::cinder::volume') + is_expected.to contain_class('tripleo::profile::base::cinder') + is_expected.to_not contain_cinder__backend__dellsc_iscsi('tripleo_dellsc') + end + end + + context 'with step 4' do + let(:params) { { + :step => 4, + } } + + it 'should trigger complete configuration' do + # TODO(aschultz): check hiera parameters + is_expected.to contain_cinder__backend__dellsc_iscsi('tripleo_dellsc') + end + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::cinder::volume::dellsc' + end + end +end diff --git a/spec/classes/tripleo_profile_base_cinder_volume_eqlx_spec.rb b/spec/classes/tripleo_profile_base_cinder_volume_eqlx_spec.rb new file mode 100644 index 0000000..1a188aa --- /dev/null +++ b/spec/classes/tripleo_profile_base_cinder_volume_eqlx_spec.rb @@ -0,0 +1,58 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::cinder::volume::eqlx' do + shared_examples_for 'tripleo::profile::base::cinder::volume::eqlx' do + before :each do + facts.merge!({ :step => params[:step] }) + end + + context 'with step less than 4' do + let(:params) { { :step => 3 } } + + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::cinder::volume::eqlx') + is_expected.to contain_class('tripleo::profile::base::cinder::volume') + is_expected.to contain_class('tripleo::profile::base::cinder') + is_expected.to_not contain_cinder__backend__eqlx('tripleo_eqlx') + end + end + + context 'with step 4' do + let(:params) { { + :step => 4, + } } + + it 'should trigger complete configuration' do + # TODO(aschultz): check hiera parameters + is_expected.to contain_cinder__backend__eqlx('tripleo_eqlx') + end + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::cinder::volume::eqlx' + end + end +end diff --git a/spec/classes/tripleo_profile_base_cinder_volume_iscsi_spec.rb b/spec/classes/tripleo_profile_base_cinder_volume_iscsi_spec.rb new file mode 100644 index 0000000..65bf3dc --- /dev/null +++ b/spec/classes/tripleo_profile_base_cinder_volume_iscsi_spec.rb @@ -0,0 +1,85 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::cinder::volume::iscsi' do + shared_examples_for 'tripleo::profile::base::cinder::volume::iscsi' do + before :each do + facts.merge!({ :step => params[:step] }) + end + + context 'with step less than 4' do + let(:params) { { + :cinder_iscsi_address => '127.0.0.1', + :step => 3 + } } + + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::cinder::volume::iscsi') + is_expected.to contain_class('tripleo::profile::base::cinder::volume') + is_expected.to contain_class('tripleo::profile::base::cinder') + is_expected.to_not contain_class('cinder::setup_test_volume') + is_expected.to_not contain_cinder__backend__iscsi('tripleo_iscsi') + end + end + + context 'with step 4' do + let(:params) { { + :cinder_iscsi_address => '127.0.0.1', + :step => 4, + } } + + context 'with defaults' do + it 'should trigger complete configuration' do + is_expected.to contain_class('cinder::setup_test_volume').with( + :size => '10280M' + ) + is_expected.to contain_cinder__backend__iscsi('tripleo_iscsi').with( + :iscsi_ip_address => '127.0.0.1', + :iscsi_helper => 'tgtadm', + :iscsi_protocol => 'iscsi' + ) + end + end + + context 'with ipv6 address' do + before :each do + params.merge!({ :cinder_iscsi_address => 'fe80::fc54:ff:fe9e:7846' }) + end + it 'should trigger complete configuration' do + is_expected.to contain_class('cinder::setup_test_volume').with( + :size => '10280M' + ) + is_expected.to contain_cinder__backend__iscsi('tripleo_iscsi').with( + :iscsi_ip_address => '[fe80::fc54:ff:fe9e:7846]' + ) + end + end + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::cinder::volume::iscsi' + end + end +end diff --git a/spec/classes/tripleo_profile_base_cinder_volume_netapp_spec.rb b/spec/classes/tripleo_profile_base_cinder_volume_netapp_spec.rb new file mode 100644 index 0000000..732720e --- /dev/null +++ b/spec/classes/tripleo_profile_base_cinder_volume_netapp_spec.rb @@ -0,0 +1,58 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::cinder::volume::netapp' do + shared_examples_for 'tripleo::profile::base::cinder::volume::netapp' do + before :each do + facts.merge!({ :step => params[:step] }) + end + + context 'with step less than 4' do + let(:params) { { :step => 3 } } + + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::cinder::volume::netapp') + is_expected.to contain_class('tripleo::profile::base::cinder::volume') + is_expected.to contain_class('tripleo::profile::base::cinder') + is_expected.to_not contain_cinder__backend__netapp('tripleo_netapp') + end + end + + context 'with step 4' do + let(:params) { { + :step => 4, + } } + + it 'should trigger complete configuration' do + # TODO(aschultz): check parameters via hiera + is_expected.to contain_cinder__backend__netapp('tripleo_netapp') + end + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::cinder::volume::netapp' + end + end +end diff --git a/spec/classes/tripleo_profile_base_cinder_volume_nfs_spec.rb b/spec/classes/tripleo_profile_base_cinder_volume_nfs_spec.rb new file mode 100644 index 0000000..194a70d --- /dev/null +++ b/spec/classes/tripleo_profile_base_cinder_volume_nfs_spec.rb @@ -0,0 +1,88 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::cinder::volume::nfs' do + shared_examples_for 'tripleo::profile::base::cinder::volume::nfs' do + before :each do + facts.merge!({ :step => params[:step] }) + end + + context 'with step less than 4' do + let(:params) { { + :cinder_nfs_servers => ['127.0.0.1'], + :step => 3 + } } + + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::cinder::volume::nfs') + is_expected.to contain_class('tripleo::profile::base::cinder::volume') + is_expected.to contain_class('tripleo::profile::base::cinder') + is_expected.to_not contain_cinder__backend__nfs('tripleo_nfs') + end + end + + context 'with step 4' do + let(:params) { { + :cinder_nfs_servers => ['127.0.0.1'], + :step => 4, + } } + + context 'with defaults' do + it 'should trigger complete configuration' do + is_expected.to contain_cinder__backend__nfs('tripleo_nfs').with( + :nfs_servers => ['127.0.0.1'], + :nfs_mount_options => '', + :nfs_shares_config => '/etc/cinder/shares-nfs.conf' + ) + end + end + + context 'with selinux' do + before :each do + facts.merge!({ :selinux => 'true' }) + end + it 'should configure selinux' do + is_expected.to contain_selboolean('virt_use_nfs').with( + :value => 'on', + :persistent => true, + ) + end + end + + context 'without selinux' do + before :each do + facts.merge!({ :selinux => 'false' }) + end + it 'should configure selinux' do + is_expected.to_not contain_selboolean('virt_use_nfs') + end + end + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::cinder::volume::nfs' + end + end +end diff --git a/spec/classes/tripleo_profile_base_cinder_volume_rbd_spec.rb b/spec/classes/tripleo_profile_base_cinder_volume_rbd_spec.rb new file mode 100644 index 0000000..559b836 --- /dev/null +++ b/spec/classes/tripleo_profile_base_cinder_volume_rbd_spec.rb @@ -0,0 +1,83 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::cinder::volume::rbd' do + shared_examples_for 'tripleo::profile::base::cinder::volume::rbd' do + before :each do + facts.merge!({ :step => params[:step] }) + end + + context 'with step less than 4' do + let(:params) { { :step => 3 } } + + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::cinder::volume::rbd') + is_expected.to contain_class('tripleo::profile::base::cinder::volume') + is_expected.to contain_class('tripleo::profile::base::cinder') + is_expected.to_not contain_cinder__backend__rbd('tripleo_ceph') + end + end + + context 'with step 4' do + let(:params) { { + :step => 4, + } } + + context 'with defaults' do + it 'should trigger complete configuration' do + is_expected.to contain_cinder__backend__rbd('tripleo_ceph').with( + :backend_host => 'hostgroup', + :rbd_pool => 'volumes', + :rbd_user => 'openstack', + ) + end + end + + context 'with customizations' do + before :each do + params.merge!({ + :backend_name => 'poodles', + :cinder_rbd_backend_host => 'fe80::fc54:ff:fe9e:7846', + :cinder_rbd_pool_name => 'poolname', + :cinder_rbd_secret_uuid => 'secretuuid', + :cinder_rbd_user_name => 'kcatsnepo' + }) + end + it 'should trigger complete configuration' do + is_expected.to contain_cinder__backend__rbd('poodles').with( + :backend_host => 'fe80::fc54:ff:fe9e:7846', + :rbd_pool => 'poolname', + :rbd_user => 'kcatsnepo', + :rbd_secret_uuid => 'secretuuid' + ) + end + end + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::cinder::volume::rbd' + end + end +end diff --git a/spec/classes/tripleo_profile_base_cinder_volume_spec.rb b/spec/classes/tripleo_profile_base_cinder_volume_spec.rb new file mode 100644 index 0000000..e0ec9de --- /dev/null +++ b/spec/classes/tripleo_profile_base_cinder_volume_spec.rb @@ -0,0 +1,216 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::cinder::volume' do + + shared_examples_for 'tripleo::profile::base::cinder::volume' do + # this hack allows hiera('step') to work as the spec hiera config will + # allow any included modules to automagically get the right step from + # hiera. (╯°□°)╯︵ ┻━┻ + before :each do + facts.merge!({ :step => params[:step] }) + end + + let(:pre_condition) do + "class { '::tripleo::profile::base::cinder': step => #{params[:step]}, rabbit_hosts => ['127.0.0.1'] }" + end + + context 'with step less than 4' do + let(:params) { { :step => 3 } } + + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::cinder::volume') + is_expected.to contain_class('tripleo::profile::base::cinder') + is_expected.to_not contain_class('cinder::volume') + end + end + + context 'with step 4' do + let(:params) { { :step => 4 } } + + context 'with defaults' do + it 'should configure iscsi' do + is_expected.to contain_class('tripleo::profile::base::cinder::volume::iscsi') + is_expected.to contain_class('tripleo::profile::base::cinder::volume') + is_expected.to contain_class('tripleo::profile::base::cinder') + is_expected.to contain_class('cinder::volume') + is_expected.to contain_class('cinder::backends').with( + :enabled_backends => ['tripleo_iscsi'] + ) + end + end + + context 'with only dellsc' do + before :each do + params.merge!({ + :cinder_enable_dellsc_backend => true, + :cinder_enable_iscsi_backend => false, + }) + end + it 'should configure only dellsc' do + is_expected.to contain_class('tripleo::profile::base::cinder::volume::dellsc') + is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::iscsi') + is_expected.to contain_class('tripleo::profile::base::cinder::volume') + is_expected.to contain_class('tripleo::profile::base::cinder') + is_expected.to contain_class('cinder::volume') + is_expected.to contain_class('cinder::backends').with( + :enabled_backends => ['tripleo_dellsc'] + ) + end + end + + context 'with only eqlx' do + before :each do + params.merge!({ + :cinder_enable_eqlx_backend => true, + :cinder_enable_iscsi_backend => false, + }) + end + it 'should configure only eqlx' do + is_expected.to contain_class('tripleo::profile::base::cinder::volume::eqlx') + is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::iscsi') + is_expected.to contain_class('tripleo::profile::base::cinder::volume') + is_expected.to contain_class('tripleo::profile::base::cinder') + is_expected.to contain_class('cinder::volume') + is_expected.to contain_class('cinder::backends').with( + :enabled_backends => ['tripleo_eqlx'] + ) + end + end + + context 'with only netapp' do + before :each do + params.merge!({ + :cinder_enable_netapp_backend => true, + :cinder_enable_iscsi_backend => false, + }) + end + it 'should configure only netapp' do + is_expected.to contain_class('tripleo::profile::base::cinder::volume::netapp') + is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::iscsi') + is_expected.to contain_class('tripleo::profile::base::cinder::volume') + is_expected.to contain_class('tripleo::profile::base::cinder') + is_expected.to contain_class('cinder::volume') + is_expected.to contain_class('cinder::backends').with( + :enabled_backends => ['tripleo_netapp'] + ) + end + end + + context 'with only nfs' do + before :each do + params.merge!({ + :cinder_enable_nfs_backend => true, + :cinder_enable_iscsi_backend => false, + }) + end + it 'should configure only nfs' do + is_expected.to contain_class('tripleo::profile::base::cinder::volume::nfs') + is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::iscsi') + is_expected.to contain_class('tripleo::profile::base::cinder::volume') + is_expected.to contain_class('tripleo::profile::base::cinder') + is_expected.to contain_class('cinder::volume') + is_expected.to contain_class('cinder::backends').with( + :enabled_backends => ['tripleo_nfs'] + ) + end + end + + context 'with only rbd' do + before :each do + params.merge!({ + :cinder_enable_rbd_backend => true, + :cinder_enable_iscsi_backend => false, + }) + end + it 'should configure only ceph' do + is_expected.to contain_class('tripleo::profile::base::cinder::volume::rbd') + is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::iscsi') + is_expected.to contain_class('tripleo::profile::base::cinder::volume') + is_expected.to contain_class('tripleo::profile::base::cinder') + is_expected.to contain_class('cinder::volume') + is_expected.to contain_class('cinder::backends').with( + :enabled_backends => ['tripleo_ceph'] + ) + end + end + + context 'with only user backend' do + before :each do + params.merge!({ + :cinder_enable_iscsi_backend => false, + :cinder_user_enabled_backends => 'poodles' + }) + end + it 'should configure only user backend' do + is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::iscsi') + is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::dellsc') + is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::eqlx') + is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::netapp') + is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::nfs') + is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::rbd') + is_expected.to contain_class('tripleo::profile::base::cinder::volume') + is_expected.to contain_class('tripleo::profile::base::cinder') + is_expected.to contain_class('cinder::volume') + is_expected.to contain_class('cinder::backends').with( + :enabled_backends => ['poodles'] + ) + end + end + + context 'with all tripleo backends' do + before :each do + params.merge!({ + :cinder_enable_iscsi_backend => true, + :cinder_enable_dellsc_backend => true, + :cinder_enable_eqlx_backend => true, + :cinder_enable_netapp_backend => true, + :cinder_enable_nfs_backend => true, + :cinder_enable_rbd_backend => true, + }) + end + it 'should configure all backends' do + is_expected.to contain_class('tripleo::profile::base::cinder::volume::iscsi') + is_expected.to contain_class('tripleo::profile::base::cinder::volume::dellsc') + is_expected.to contain_class('tripleo::profile::base::cinder::volume::eqlx') + is_expected.to contain_class('tripleo::profile::base::cinder::volume::netapp') + is_expected.to contain_class('tripleo::profile::base::cinder::volume::nfs') + is_expected.to contain_class('tripleo::profile::base::cinder::volume::rbd') + is_expected.to contain_class('tripleo::profile::base::cinder::volume') + is_expected.to contain_class('tripleo::profile::base::cinder') + is_expected.to contain_class('cinder::volume') + is_expected.to contain_class('cinder::backends').with( + :enabled_backends => ['tripleo_iscsi', 'tripleo_ceph', 'tripleo_eqlx', + 'tripleo_dellsc', 'tripleo_netapp','tripleo_nfs'] + ) + end + end + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::cinder::volume' + end + end +end diff --git a/spec/classes/tripleo_ui_spec.rb b/spec/classes/tripleo_ui_spec.rb new file mode 100644 index 0000000..588a944 --- /dev/null +++ b/spec/classes/tripleo_ui_spec.rb @@ -0,0 +1,99 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::ui' do + shared_examples_for 'tripleo::ui' do + let(:pre_condition) do + 'include ::apache' + end + + context 'with required parameters' do + let(:params) { { + :servername => facts[:hostname], + :bind_host => '127.0.0.1', + :keystone_url => 'http://127.0.0.1:5000/' + } } + + it 'should configure tripleo ui' do + is_expected.to contain_class('tripleo::ui') + is_expected.to contain_apache__vhost('tripleo-ui').with( + :ensure => 'present', + :servername => facts[:hostname], + :ip => '127.0.0.1', + :port => 3000, + :docroot => '/var/www/openstack-tripleo-ui/dist', + :options => [ 'Indexes', 'FollowSymLinks' ], + :fallbackresource => '/index.html' + ) + is_expected.to contain_file('/etc/httpd/conf.d/openstack-tripleo-ui.conf').with_content(/cleaned by Puppet/) + is_expected.to contain_file('/var/www/openstack-tripleo-ui/dist/tripleo_ui_config.js') + .with_content(/"keystone": "http:\/\/127.0.0.1:5000\/"/) + .with_content(/"zaqar_default_queue": "tripleo"/) + end + end + + context 'with all parameters' do + let(:params) { { + :servername => 'custom.example.com', + :bind_host => '127.0.0.2', + :ui_port => 3001, + :keystone_url => 'http://127.0.0.1:1111/', + :heat_url => 'http://127.0.0.1:2222/', + :ironic_url => 'http://127.0.0.1:3333/', + :mistral_url => 'http://127.0.0.1:4444/', + :swift_url => 'http://127.0.0.1:5555/', + :zaqar_websocket_url => 'http://127.0.0.1:6666/', + :zaqar_default_queue => 'myqueue' + } } + + it 'should configure tripleo ui' do + is_expected.to contain_class('tripleo::ui') + is_expected.to contain_apache__vhost('tripleo-ui').with( + :ensure => 'present', + :servername => 'custom.example.com', + :ip => '127.0.0.2', + :port => 3001, + :docroot => '/var/www/openstack-tripleo-ui/dist', + :options => [ 'Indexes', 'FollowSymLinks' ], + :fallbackresource => '/index.html' + ) + is_expected.to contain_file('/etc/httpd/conf.d/openstack-tripleo-ui.conf').with_content(/cleaned by Puppet/) + is_expected.to contain_file('/var/www/openstack-tripleo-ui/dist/tripleo_ui_config.js') + .with_content(/"keystone": "http:\/\/127.0.0.1:1111\/"/) + .with_content(/"heat": "http:\/\/127.0.0.1:2222\/"/) + .with_content(/"ironic": "http:\/\/127.0.0.1:3333\/"/) + .with_content(/"mistral": "http:\/\/127.0.0.1:4444\/"/) + .with_content(/"swift": "http:\/\/127.0.0.1:5555\/"/) + .with_content(/"zaqar-websocket": "http:\/\/127.0.0.1:6666\/"/) + .with_content(/"zaqar_default_queue": "myqueue"/) + end + end + + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::ui' + end + end +end diff --git a/spec/fixtures/hiera.yaml b/spec/fixtures/hiera.yaml index 1dc3360..07bc836 100644 --- a/spec/fixtures/hiera.yaml +++ b/spec/fixtures/hiera.yaml @@ -4,4 +4,5 @@ :yaml: :datadir: './spec/fixtures/hieradata' :hierarchy: - - default + - 'step%{::step}' + - 'default' diff --git a/spec/fixtures/hieradata/default.yaml b/spec/fixtures/hieradata/default.yaml index 0d0c944..d63fc76 100644 --- a/spec/fixtures/hieradata/default.yaml +++ b/spec/fixtures/hieradata/default.yaml @@ -1,3 +1,19 @@ +--- my_hash: network: '127.0.0.1' not_hash: string +# aodh profile required hieradata +aodh_redis_password: 'password' +redis_vip: '127.0.0.1' +aodh::auth::auth_password: 'password' +aodh::db::mysql::password: 'password' +aodh::keystone::authtoken::password: 'password' +# babican profile required hieradata +barbican::db::mysql::password: 'password' +barbican::keystone::authtoken::password: 'password' +ceilometer::keystone::authtoken::password: 'password' +# ceph related items +ceph::profile::params::mon_key: 'password' +# cinder related items +cinder::rabbit_password: 'password' +cinder::keystone::authtoken::password: 'password' diff --git a/spec/fixtures/hieradata/step1.yaml b/spec/fixtures/hieradata/step1.yaml new file mode 100644 index 0000000..795a4a7 --- /dev/null +++ b/spec/fixtures/hieradata/step1.yaml @@ -0,0 +1,2 @@ +--- +step: 1 diff --git a/spec/fixtures/hieradata/step2.yaml b/spec/fixtures/hieradata/step2.yaml new file mode 100644 index 0000000..4bd5851 --- /dev/null +++ b/spec/fixtures/hieradata/step2.yaml @@ -0,0 +1,2 @@ +--- +step: 2 diff --git a/spec/fixtures/hieradata/step3.yaml b/spec/fixtures/hieradata/step3.yaml new file mode 100644 index 0000000..1526e81 --- /dev/null +++ b/spec/fixtures/hieradata/step3.yaml @@ -0,0 +1,2 @@ +--- +step: 3 diff --git a/spec/fixtures/hieradata/step4.yaml b/spec/fixtures/hieradata/step4.yaml new file mode 100644 index 0000000..0b53225 --- /dev/null +++ b/spec/fixtures/hieradata/step4.yaml @@ -0,0 +1,9 @@ +--- +step: 4 +# items needed for tripleo::profile::base::cinder::volume +tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: '127.0.0.1' +tripleo::profile::base::cinder::volume::nfs::cinder_nfs_servers: + - '127.0.0.1' +cinder::backend::eqlx::eqlx_chap_login: 'user' +cinder::backend::eqlx::eqlx_chap_password: 'user' + diff --git a/spec/fixtures/hieradata/step5.yaml b/spec/fixtures/hieradata/step5.yaml new file mode 100644 index 0000000..442420f --- /dev/null +++ b/spec/fixtures/hieradata/step5.yaml @@ -0,0 +1,2 @@ +--- +step: 5 diff --git a/spec/fixtures/hieradata/step6.yaml b/spec/fixtures/hieradata/step6.yaml new file mode 100644 index 0000000..08ba54d --- /dev/null +++ b/spec/fixtures/hieradata/step6.yaml @@ -0,0 +1,2 @@ +--- +step: 6 diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index b06b436..4fa8cc3 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -19,6 +19,8 @@ RSpec.configure do |c| # custom global facts for all rspec tests add_custom_fact :concat_basedir, '/var/lib/puppet/concat' + # needed for testing Puppet Openstack modules + add_custom_fact :os_service_default, '<SERVICE DEFAULT>' end at_exit { RSpec::Puppet::Coverage.report! } diff --git a/templates/ui/tripleo_ui_config.js.erb b/templates/ui/tripleo_ui_config.js.erb index aca21cd..fef8afb 100644 --- a/templates/ui/tripleo_ui_config.js.erb +++ b/templates/ui/tripleo_ui_config.js.erb @@ -7,7 +7,7 @@ window.tripleOUiConfig = { //"ironic": "<%= @ironic_url %>", //"mistral": "<%= @mistral_url %>", //"swift": "<%= @swift_url %>", - //"zaqar_websocket_url": "<%= @zaqar_websocket_url %>", + //"zaqar-websocket": "<%= @zaqar_websocket_url %>", // Default websocket queue name "zaqar_default_queue": "<%= @zaqar_default_queue %>" |