summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--manifests/firewall/pre.pp2
-rw-r--r--manifests/firewall/rule.pp12
-rw-r--r--manifests/profile/base/database/schemas.pp132
-rw-r--r--manifests/profile/base/glance/registry.pp10
-rw-r--r--manifests/profile/base/keystone.pp10
-rw-r--r--manifests/profile/pacemaker/database/schemas.pp65
-rw-r--r--manifests/profile/pacemaker/glance.pp26
-rw-r--r--manifests/profile/pacemaker/keystone.pp24
-rw-r--r--metadata.json28
-rw-r--r--spec/classes/tripleo_firewall_spec.rb18
10 files changed, 103 insertions, 224 deletions
diff --git a/manifests/firewall/pre.pp b/manifests/firewall/pre.pp
index 2d7203a..7af7fbc 100644
--- a/manifests/firewall/pre.pp
+++ b/manifests/firewall/pre.pp
@@ -50,7 +50,7 @@ class tripleo::firewall::pre(
}
tripleo::firewall::rule{ '003 accept ssh':
- port => '22',
+ dport => '22',
extras => $firewall_settings,
}
diff --git a/manifests/firewall/rule.pp b/manifests/firewall/rule.pp
index ca9c6d0..c63162b 100644
--- a/manifests/firewall/rule.pp
+++ b/manifests/firewall/rule.pp
@@ -23,6 +23,14 @@
# (optional) The port associated to the rule.
# Defaults to undef
#
+# [*dport*]
+# (optional) The destination port associated to the rule.
+# Defaults to undef
+#
+# [*sport*]
+# (optional) The source port associated to the rule.
+# Defaults to undef
+#
# [*proto*]
# (optional) The protocol associated to the rule.
# Defaults to 'tcp'
@@ -57,6 +65,8 @@
#
define tripleo::firewall::rule (
$port = undef,
+ $dport = undef,
+ $sport = undef,
$proto = 'tcp',
$action = 'accept',
$state = ['NEW'],
@@ -69,6 +79,8 @@ define tripleo::firewall::rule (
$basic = {
'port' => $port,
+ 'dport' => $dport,
+ 'sport' => $sport,
'proto' => $proto,
'action' => $action,
'state' => $state,
diff --git a/manifests/profile/base/database/schemas.pp b/manifests/profile/base/database/schemas.pp
deleted file mode 100644
index 472a0f4..0000000
--- a/manifests/profile/base/database/schemas.pp
+++ /dev/null
@@ -1,132 +0,0 @@
-# Copyright 2016 Red Hat, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-#
-# == Class: tripleo::profile::base::database::schemas
-#
-# OpenStack Database Schema profile for tripleo
-#
-# === Parameters
-#
-# [*step*]
-# (Optional) The current deployment step
-# Defaults to hiera('step')
-#
-# [*ceilometer_backend*]
-# (Optional) The backend used by ceilometer, usually either 'mysql'
-# or 'mongodb'
-# Defaults to hiera('ceilometer_backend')
-#
-# [*enable_aodh*]
-# (Optional) Whether to create schemas for Aodh
-# Defaults to true
-#
-# [*enable_ceilometer*]
-# (Optional) Whether to create schemas for Ceilometer
-# Defaults to true
-#
-# [*enable_cinder*]
-# (Optional) Whether to create schemas for Cinder
-# Defaults to true
-#
-# [*enable_heat*]
-# (Optional) Whether to create schemas for Heat
-# Defaults to true
-#
-# [*enable_keystone*]
-# (Optional) Whether to create schemas for Keystone
-# Defaults to true
-#
-# [*enable_glance*]
-# (Optional) Whether to create schemas for Glance
-# Defaults to true
-#
-# [*enable_gnocchi*]
-# (Optional) Whether to create schemas for Gnocchi
-# Defaults to true
-#
-# [*enable_nova*]
-# (Optional) Whether to create schemas for Nova
-# Defaults to true
-#
-# [*enable_neutron*]
-# (Optional) Whether to create schemas for Neutron
-# Defaults to true
-#
-# [*enable_sahara*]
-# (Optional) Whether to create schemas for Sahara
-# Defaults to true
-#
-# [*gnocchi_indexer_backend*]
-# (Optional) Type of backend used as Gnocchi indexer
-# Defaults to hiera('gnocchi_indexer_backend')
-#
-class tripleo::profile::base::database::schemas (
- $step = hiera('step'),
- $ceilometer_backend = hiera('ceilometer_backend'),
- $enable_aodh = true,
- $enable_ceilometer = true,
- $enable_cinder = true,
- $enable_heat = true,
- $enable_keystone = true,
- $enable_glance = true,
- $enable_gnocchi = true,
- $enable_nova = true,
- $enable_neutron = true,
- $enable_sahara = true,
- $gnocchi_indexer_backend = hiera('gnocchi_indexer_backend'),
-) {
- if $step >= 2 {
- if downcase($ceilometer_backend) == 'mysql' {
- if $enable_ceilometer {
- include ::ceilometer::db::mysql
- }
- if $enable_aodh {
- include ::aodh::db::mysql
- }
- }
-
- if $enable_gnocchi and downcase($gnocchi_indexer_backend) == 'mysql' {
- include ::gnocchi::db::mysql
- }
-
- if $enable_cinder {
- include ::cinder::db::mysql
- }
-
- if $enable_keystone {
- include ::keystone::db::mysql
- }
-
- if $enable_glance {
- include ::glance::db::mysql
- }
-
- if $enable_nova {
- include ::nova::db::mysql
- include ::nova::db::mysql_api
- }
-
- if $enable_neutron {
- include ::neutron::db::mysql
- }
-
- if $enable_heat {
- include ::heat::db::mysql
- }
-
- if $enable_sahara {
- include ::sahara::db::mysql
- }
- }
-}
diff --git a/manifests/profile/base/glance/registry.pp b/manifests/profile/base/glance/registry.pp
index bed4a5e..b77b356 100644
--- a/manifests/profile/base/glance/registry.pp
+++ b/manifests/profile/base/glance/registry.pp
@@ -20,7 +20,7 @@
#
# [*sync_db*]
# (Optional) Whether to run db sync
-# Defaults to undef
+# Defaults to true
#
# [*manage_service*]
# (Optional) Whether to manage the glance service
@@ -40,14 +40,18 @@
# Defaults to downcase(hiera('glance_backend', 'swift'))
#
class tripleo::profile::base::glance::registry (
- $sync_db = undef,
+ $sync_db = true,
$manage_service = undef,
$enabled = undef,
$step = hiera('step'),
$glance_backend = downcase(hiera('glance_backend', 'swift')),
) {
- if $step >= 4 {
+ if $step >= 3 and $sync_db {
+ include ::glance::db::mysql
+ }
+
+ if $step >= 4 or ( $step >= 3 and $sync_db ) {
# TODO: notifications, scrubber, etc.
include ::glance
include ::glance::config
diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp
index f17bf30..2f7a27a 100644
--- a/manifests/profile/base/keystone.pp
+++ b/manifests/profile/base/keystone.pp
@@ -20,7 +20,7 @@
#
# [*sync_db*]
# (Optional) Whether to run db sync
-# Defaults to undef
+# Defaults to true
#
# [*manage_service*]
# (Optional) Whether to manage the keystone service
@@ -52,7 +52,7 @@
# Defaults to hiera('step')
#
class tripleo::profile::base::keystone (
- $sync_db = undef,
+ $sync_db = true,
$manage_service = undef,
$enabled = undef,
$bootstrap_master = undef,
@@ -62,7 +62,11 @@ class tripleo::profile::base::keystone (
$step = hiera('step'),
) {
- if $step >= 4 {
+ if $step >= 3 and $sync_db {
+ include ::keystone::db::mysql
+ }
+
+ if $step >= 4 or ( $step >= 3 and $sync_db ) {
class { '::keystone':
sync_db => $sync_db,
manage_service => $manage_service,
diff --git a/manifests/profile/pacemaker/database/schemas.pp b/manifests/profile/pacemaker/database/schemas.pp
deleted file mode 100644
index 489e75b..0000000
--- a/manifests/profile/pacemaker/database/schemas.pp
+++ /dev/null
@@ -1,65 +0,0 @@
-# Copyright 2016 Red Hat, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-#
-# == Class: tripleo::profile::base::pacemaker::schemas
-#
-# OpenStack Database Schema Pacemaker HA profile for tripleo
-#
-# === Parameters
-#
-# [*step*]
-# (Optional) The current deployment step
-# Defaults to hiera('step')
-#
-# [*ceilometer_backend*]
-# (Optional) The backend used by ceilometer, usually either 'mysql'
-# or 'mongodb'
-# Defaults to hiera('ceilometer_backend')
-#
-# [*gnocchi_indexer_backend*]
-# (Optional) Type of backend used as Gnocchi indexer
-# Defaults to hiera('gnocchi_indexer_backend')
-#
-# [*pacemaker_master*]
-# (Optional) The hostname of the pacemaker master in this cluster
-# Defaults to hiera('bootstrap_nodeid')
-#
-class tripleo::profile::pacemaker::database::schemas (
- $step = hiera('step'),
- $ceilometer_backend = hiera('ceilometer_backend'),
- $gnocchi_indexer_backend = hiera('gnocchi_indexer_backend'),
- $pacemaker_master = hiera('bootstrap_nodeid')
-) {
- if downcase($pacemaker_master) == $::hostname and $step >= 2 {
- include ::tripleo::profile::base::database::schemas
-
- if downcase($ceilometer_backend) == 'mysql' {
- Exec['galera-ready'] -> Class['::ceilometer::db::mysql']
- Exec['galera-ready'] -> Class['::aodh::db::mysql']
- }
-
- if downcase($gnocchi_indexer_backend) == 'mysql' {
- Exec['galera-ready'] -> Class['::gnocchi::db::mysql']
- }
-
- Exec['galera-ready'] -> Class['::cinder::db::mysql']
- Exec['galera-ready'] -> Class['::glance::db::mysql']
- Exec['galera-ready'] -> Class['::keystone::db::mysql']
- Exec['galera-ready'] -> Class['::nova::db::mysql']
- Exec['galera-ready'] -> Class['::nova::db::mysql_api']
- Exec['galera-ready'] -> Class['::neutron::db::mysql']
- Exec['galera-ready'] -> Class['::heat::db::mysql']
- Exec['galera-ready'] -> Class['::sahara::db::mysql']
- }
-}
diff --git a/manifests/profile/pacemaker/glance.pp b/manifests/profile/pacemaker/glance.pp
index 5727622..4dca67e 100644
--- a/manifests/profile/pacemaker/glance.pp
+++ b/manifests/profile/pacemaker/glance.pp
@@ -62,22 +62,30 @@ class tripleo::profile::pacemaker::glance (
$glance_file_pcmk_options = hiera('glance_file_pcmk_options', ''),
) {
+ Service <| tag == 'glance-service' |> {
+ hasrestart => true,
+ restart => '/bin/true',
+ start => '/bin/true',
+ stop => '/bin/true',
+ }
+
if $::hostname == downcase($bootstrap_node) {
$pacemaker_master = true
} else {
$pacemaker_master = false
}
+ class { '::tripleo::profile::base::glance::api':
+ manage_service => false,
+ enabled => false,
+ }
+ class { '::tripleo::profile::base::glance::registry':
+ sync_db => $pacemaker_master,
+ manage_service => false,
+ enabled => false,
+ }
+
if $step >= 4 {
- class { '::tripleo::profile::base::glance::api':
- manage_service => false,
- enabled => false,
- }
- class { '::tripleo::profile::base::glance::registry':
- sync_db => $pacemaker_master,
- manage_service => false,
- enabled => false,
- }
if $glance_backend == 'file' and $glance_file_pcmk_manage {
$secontext = 'context="system_u:object_r:glance_var_lib_t:s0"'
pacemaker::resource::filesystem { 'glance-fs':
diff --git a/manifests/profile/pacemaker/keystone.pp b/manifests/profile/pacemaker/keystone.pp
index 0f007a5..fb625e5 100644
--- a/manifests/profile/pacemaker/keystone.pp
+++ b/manifests/profile/pacemaker/keystone.pp
@@ -37,6 +37,13 @@ class tripleo::profile::pacemaker::keystone (
$enable_load_balancer = hiera('enable_load_balancer', true)
) {
+ Service <| tag == 'keystone-service' |> {
+ hasrestart => true,
+ restart => '/bin/true',
+ start => '/bin/true',
+ stop => '/bin/true',
+ }
+
if $::hostname == downcase($bootstrap_node) {
$pacemaker_master = true
} else {
@@ -51,15 +58,13 @@ class tripleo::profile::pacemaker::keystone (
$manage_roles = false
}
- if $step >= 4 {
- class { '::tripleo::profile::base::keystone':
- sync_db => $pacemaker_master,
- manage_service => false,
- enabled => false,
- bootstrap_master => $pacemaker_master,
- manage_roles => $manage_roles,
- manage_endpoint => $manage_roles
- }
+ class { '::tripleo::profile::base::keystone':
+ sync_db => $pacemaker_master,
+ manage_service => false,
+ enabled => false,
+ bootstrap_master => $pacemaker_master,
+ manage_roles => $manage_roles,
+ manage_endpoint => $manage_roles
}
if $step >= 5 and $pacemaker_master and $enable_load_balancer {
@@ -85,4 +90,5 @@ class tripleo::profile::pacemaker::keystone (
Pacemaker::Resource::Ocf['openstack-core']],
}
}
+
}
diff --git a/metadata.json b/metadata.json
new file mode 100644
index 0000000..457f86e
--- /dev/null
+++ b/metadata.json
@@ -0,0 +1,28 @@
+{
+ "name": "openstack-tripleo",
+ "version": "1.0.0",
+ "author": "OpenStack Contributors",
+ "summary": "Puppet module for TripleO",
+ "license": "Apache-2.0",
+ "source": "git://github.com/openstack/puppet-tripleo.git",
+ "project_page": "https://launchpad.net/puppet-tripleo",
+ "issues_url": "https://bugs.launchpad.net/puppet-tripleo",
+ "description": "Installs and configures Tripleo.",
+ "requirements": [
+ { "name": "pe","version_requirement": "3.x" },
+ { "name": "puppet","version_requirement": "3.x" }
+ ],
+ "operatingsystem_support": [
+ {
+ "operatingsystem": "Fedora",
+ "operatingsystemrelease": ["20"]
+ },
+ {
+ "operatingsystem": "RedHat",
+ "operatingsystemrelease": ["7"]
+ }
+ ],
+ "dependencies": [
+ { "name": "puppetlabs/stdlib", "version_requirement": ">= 3.2.0 < 5.0.0" }
+ ]
+}
diff --git a/spec/classes/tripleo_firewall_spec.rb b/spec/classes/tripleo_firewall_spec.rb
index aa5d1d7..27ac62a 100644
--- a/spec/classes/tripleo_firewall_spec.rb
+++ b/spec/classes/tripleo_firewall_spec.rb
@@ -51,7 +51,7 @@ describe 'tripleo::firewall' do
:state => ['NEW'],
)
is_expected.to contain_firewall('003 accept ssh').with(
- :port => '22',
+ :dport => '22',
:proto => 'tcp',
:action => 'accept',
:state => ['NEW'],
@@ -74,7 +74,9 @@ describe 'tripleo::firewall' do
:firewall_rules => {
'300 add custom application 1' => {'port' => '999', 'proto' => 'udp', 'action' => 'accept'},
'301 add custom application 2' => {'port' => '8081', 'proto' => 'tcp', 'action' => 'accept'},
- '302 fwd custom cidr 1' => {'chain' => 'FORWARD', 'destination' => '192.0.2.0/24'}
+ '302 fwd custom cidr 1' => {'chain' => 'FORWARD', 'destination' => '192.0.2.0/24'},
+ '303 add custom application 3' => {'dport' => '8081', 'proto' => 'tcp', 'action' => 'accept'},
+ '304 add custom application 4' => {'sport' => '1000', 'proto' => 'tcp', 'action' => 'accept'}
}
)
end
@@ -95,6 +97,18 @@ describe 'tripleo::firewall' do
:chain => 'FORWARD',
:destination => '192.0.2.0/24',
)
+ is_expected.to contain_firewall('303 add custom application 3').with(
+ :dport => '8081',
+ :proto => 'tcp',
+ :action => 'accept',
+ :state => ['NEW'],
+ )
+ is_expected.to contain_firewall('304 add custom application 4').with(
+ :sport => '1000',
+ :proto => 'tcp',
+ :action => 'accept',
+ :state => ['NEW'],
+ )
end
end