summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Rakefile6
-rw-r--r--lib/puppet/parser/functions/ip_to_erl_format.rb31
-rw-r--r--lib/puppet/parser/functions/noop_resource.rb53
-rw-r--r--manifests/certmonger/mysql.pp6
-rw-r--r--manifests/firewall/pre.pp6
-rw-r--r--manifests/haproxy.pp233
-rw-r--r--manifests/keepalived.pp28
-rw-r--r--manifests/network/contrail/analytics.pp331
-rw-r--r--manifests/network/contrail/analyticsdatabase.pp202
-rw-r--r--manifests/network/contrail/config.pp397
-rw-r--r--manifests/network/contrail/control.pp197
-rw-r--r--manifests/network/contrail/database.pp149
-rw-r--r--manifests/network/contrail/heat.pp80
-rw-r--r--manifests/network/contrail/neutron_plugin.pp203
-rw-r--r--manifests/network/contrail/provision.pp92
-rw-r--r--manifests/network/contrail/vrouter.pp302
-rw-r--r--manifests/network/contrail/webui.pp104
-rw-r--r--manifests/pacemaker/haproxy_with_vip.pp52
-rw-r--r--manifests/profile/base/auditd.pp30
-rw-r--r--manifests/profile/base/congress.pp86
-rw-r--r--manifests/profile/base/database/mysql.pp9
-rw-r--r--manifests/profile/base/docker_registry.pp17
-rw-r--r--manifests/profile/base/glance/api.pp91
-rw-r--r--manifests/profile/base/horizon.pp2
-rw-r--r--manifests/profile/base/keystone.pp10
-rw-r--r--manifests/profile/base/metrics/collectd.pp111
-rw-r--r--manifests/profile/base/metrics/collectd/collectd_plugin.pp6
-rw-r--r--manifests/profile/base/metrics/collectd/collectd_service.pp11
-rw-r--r--manifests/profile/base/neutron/server.pp108
-rw-r--r--manifests/profile/base/nova/api.pp21
-rw-r--r--manifests/profile/base/nova/ec2api.pp35
-rw-r--r--manifests/profile/base/pacemaker.pp64
-rw-r--r--manifests/profile/base/pacemaker_remote.pp (renamed from manifests/profile/base/glance/registry.pp)31
-rw-r--r--manifests/profile/base/rabbitmq.pp28
-rw-r--r--manifests/profile/base/swift/proxy.pp77
-rw-r--r--manifests/profile/base/tacker.pp86
-rw-r--r--manifests/profile/pacemaker/ceph/rbdmirror.pp98
-rw-r--r--manifests/profile/pacemaker/cinder/backup.pp22
-rw-r--r--manifests/profile/pacemaker/cinder/volume.pp22
-rw-r--r--manifests/profile/pacemaker/database/mysql.pp20
-rw-r--r--manifests/profile/pacemaker/database/redis.pp36
-rw-r--r--manifests/profile/pacemaker/haproxy.pp79
-rw-r--r--manifests/profile/pacemaker/manila.pp22
-rw-r--r--manifests/profile/pacemaker/rabbitmq.pp50
-rw-r--r--metadata.json2
-rw-r--r--releasenotes/notes/nova_cells_setup-2c3e3344d8adcc26.yaml3
-rw-r--r--releasenotes/notes/puppet-auditd-0f6cbd6a2d193aac.yaml4
-rw-r--r--releasenotes/source/conf.py4
-rw-r--r--spec/classes/tripleo_profile_base_nova_api_spec.rb7
-rw-r--r--spec/classes/tripleo_profile_base_octavia_api_spec.rb3
-rw-r--r--spec/classes/tripleo_profile_pacemaker_ceph_rbdmirror_spec.rp64
-rw-r--r--spec/functions/ip_to_erl_format_spec.rb11
52 files changed, 3168 insertions, 574 deletions
diff --git a/Rakefile b/Rakefile
index 168d108..0ff1f03 100644
--- a/Rakefile
+++ b/Rakefile
@@ -1 +1,7 @@
require 'puppet-openstack_spec_helper/rake_tasks'
+
+# We disable the unquoted node name check because puppet-pacemaker node
+# properies make use of attributes called 'node' and puppet-lint breaks on
+# them: https://github.com/rodjek/puppet-lint/issues/501
+# We are not using site.pp with nodes so this is safe.
+PuppetLint.configuration.send('disable_unquoted_node_name')
diff --git a/lib/puppet/parser/functions/ip_to_erl_format.rb b/lib/puppet/parser/functions/ip_to_erl_format.rb
new file mode 100644
index 0000000..4c066b9
--- /dev/null
+++ b/lib/puppet/parser/functions/ip_to_erl_format.rb
@@ -0,0 +1,31 @@
+require 'ipaddr'
+
+# Custom function to convert an IP4/6 address from a string to the
+# erlang inet kernel format.
+# For example from "172.17.0.16" to {172,17,0,16}
+# See http://erlang.org/doc/man/kernel_app.html and http://erlang.org/doc/man/inet.html
+# for more information.
+module Puppet::Parser::Functions
+ newfunction(:ip_to_erl_format, :type => :rvalue, :doc => "Convert an IP address to the erlang inet format.") do |arg|
+ if arg[0].class != String
+ raise Puppet::ParseError, "Syntax error: #{arg[0]} must be a String"
+ end
+ ip = IPAddr.new arg[0]
+ output = '{'
+ if ip.ipv6?
+ split_char = ':'
+ base = 16
+ else
+ split_char = '.'
+ base = 10
+ end
+ # to_string() prints the canonicalized form
+ ip.to_string().split(split_char).each {
+ |x| output += x.to_i(base).to_s + ','
+ }
+ # Remove the last spurious comma
+ output = output.chomp(',')
+ output += '}'
+ return output
+ end
+end
diff --git a/lib/puppet/parser/functions/noop_resource.rb b/lib/puppet/parser/functions/noop_resource.rb
new file mode 100644
index 0000000..921eb5d
--- /dev/null
+++ b/lib/puppet/parser/functions/noop_resource.rb
@@ -0,0 +1,53 @@
+# Copyright 2017 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# Author: Dan Prince <dprince@redhat.com>
+#
+# A function to create noop providers (set as the default) for the named
+# resource. This works alongside of 'puppet apply --tags' to disable
+# some custom resource types that still attempt to run commands during
+# prefetch, etc.
+class Puppet::Provider::Noop < Puppet::Provider
+
+ def create
+ true
+ end
+
+ def destroy
+ true
+ end
+
+ def exists?
+ false
+ end
+
+ # some puppet-keystone resources require this
+ def self.resource_to_name(domain, name, check_for_default = true)
+ return name
+ end
+
+end
+
+module Puppet::Parser::Functions
+ newfunction(:noop_resource, :type => :rvalue, :doc => "Create a default noop provider for the specified resource.") do |arg|
+ if arg[0].class == String
+ Puppet::Type.type(arg[0].downcase.to_sym).provide(:noop, :parent => Puppet::Provider::Noop) do
+ defaultfor :osfamily => :redhat
+ end
+ else
+ end
+ return true
+ end
+end
diff --git a/manifests/certmonger/mysql.pp b/manifests/certmonger/mysql.pp
index 9cb6b13..dd9b184 100644
--- a/manifests/certmonger/mysql.pp
+++ b/manifests/certmonger/mysql.pp
@@ -45,7 +45,7 @@ class tripleo::certmonger::mysql (
include ::certmonger
include ::mysql::params
- $postsave_cmd = "systemctl reload ${::mysql::params::service_name}"
+ $postsave_cmd = "systemctl reload ${::mysql::params::server_service_name}"
certmonger_certificate { 'mysql' :
ensure => 'present',
certfile => $service_certificate,
@@ -69,6 +69,6 @@ class tripleo::certmonger::mysql (
require => Certmonger_certificate['mysql'],
}
- File[$service_certificate] ~> Service<| title == $::mysql::params::service_name |>
- File[$service_key] ~> Service<| title == $::mysql::params::service_name |>
+ File[$service_certificate] ~> Service<| title == $::mysql::params::server_service_name |>
+ File[$service_key] ~> Service<| title == $::mysql::params::server_service_name |>
}
diff --git a/manifests/firewall/pre.pp b/manifests/firewall/pre.pp
index 7af7fbc..39120d9 100644
--- a/manifests/firewall/pre.pp
+++ b/manifests/firewall/pre.pp
@@ -54,4 +54,10 @@ class tripleo::firewall::pre(
extras => $firewall_settings,
}
+ tripleo::firewall::rule{ '004 accept ipv6 dhcpv6':
+ dport => '546',
+ proto => 'udp',
+ state => ['NEW'],
+ destination => 'fe80::/64',
+ }
}
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index 2fa02c9..e1c44ee 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -64,6 +64,26 @@
# Can be a string or an array.
# Defaults to undef
#
+# [*contrail_config_hosts*]
+# (optional) Specify the contrail config hosts ips.
+# Defaults to hiera('contrail_config_node_ips')
+#
+# [*contrail_config_hosts_names*]
+# (optional) Specify the contrail config hosts.
+# Defaults to hiera('contrail_config_node_ips')
+#
+# [*contrail_config*]
+# (optional) Switch to check that contrail config is enabled.
+# Defaults to hiera('contrail_config_enabled')
+#
+# [*contrail_webui*]
+# (optional) Switch to check that contrail config is enabled.
+# Defaults to hiera('contrail_webui_enabled')
+#
+# [*contrail_analytics*]
+# (optional) Switch to check that contrail config is enabled.
+# Defaults to hiera('contrail_analytics_enabled')
+#
# [*public_virtual_ip*]
# Public IP or group of IPs to bind the pools
# Can be a string or an array.
@@ -143,6 +163,10 @@
# (optional) Enable or not Cinder API binding
# Defaults to hiera('cinder_api_enabled', false)
#
+# [*congress*]
+# (optional) Enable or not Congress API binding
+# Defaults to hiera('congress_enabled', false)
+#
# [*manila*]
# (optional) Enable or not Manila API binding
# Defaults to hiera('manila_api_enabled', false)
@@ -151,6 +175,10 @@
# (optional) Enable or not Sahara API binding
# defaults to hiera('sahara_api_enabled', false)
#
+# [*tacker*]
+# (optional) Enable or not Tacker API binding
+# Defaults to hiera('tacker_enabled', false)
+#
# [*trove*]
# (optional) Enable or not Trove API binding
# defaults to hiera('trove_api_enabled', false)
@@ -159,10 +187,6 @@
# (optional) Enable or not Glance API binding
# Defaults to hiera('glance_api_enabled', false)
#
-# [*glance_registry*]
-# (optional) Enable or not Glance registry binding
-# Defaults to hiera('glance_registry_enabled', false)
-#
# [*nova_osapi*]
# (optional) Enable or not Nova API binding
# Defaults to hiera('nova_api_enabled', false)
@@ -179,6 +203,14 @@
# (optional) Enable or not Nova novncproxy binding
# Defaults to hiera('nova_vnc_proxy_enabled', false)
#
+# [*ec2_api*]
+# (optional) Enable or not EC2 API binding
+# Defaults to hiera('ec2_api_enabled', false)
+#
+# [*ec2_api_metadata*]
+# (optional) Enable or not EC2 API metadata binding
+# Defaults to hiera('ec2_api_enabled', false)
+#
# [*ceilometer*]
# (optional) Enable or not Ceilometer API binding
# Defaults to hiera('ceilometer_api_enabled', false)
@@ -316,6 +348,10 @@
# (optional) Specify the network cinder is running on.
# Defaults to hiera('cinder_api_network', undef)
#
+# [*congress_network*]
+# (optional) Specify the network congress is running on.
+# Defaults to hiera('congress_api_network', undef)
+#
# [*docker_registry_network*]
# (optional) Specify the network docker-registry is running on.
# Defaults to hiera('docker_registry_network', undef)
@@ -324,10 +360,6 @@
# (optional) Specify the network glance_api is running on.
# Defaults to hiera('glance_api_network', undef)
#
-# [*glance_registry_network*]
-# (optional) Specify the network glance_registry is running on.
-# Defaults to hiera('glance_registry_network', undef)
-#
# [*gnocchi_network*]
# (optional) Specify the network gnocchi is running on.
# Defaults to hiera('gnocchi_api_network', undef)
@@ -388,6 +420,14 @@
# (optional) Specify the network nova_placement is running on.
# Defaults to hiera('nova_placement_network', undef)
#
+# [*ec2_api_network*]
+# (optional) Specify the network ec2_api is running on.
+# Defaults to hiera('ec2_api_network', undef)
+#
+# [*ec2_api_metadata_network*]
+# (optional) Specify the network ec2_api_metadata is running on.
+# Defaults to hiera('ec2_api_network', undef)
+#
# [*opendaylight_network*]
# (optional) Specify the network opendaylight is running on.
# Defaults to hiera('opendaylight_api_network', undef)
@@ -408,6 +448,10 @@
# (optional) Specify the network swift_proxy_server is running on.
# Defaults to hiera('swift_proxy_network', undef)
#
+# [*tacker_network*]
+# (optional) Specify the network tacker is running on.
+# Defaults to hiera('tacker_api_network', undef)
+#
# [*trove_network*]
# (optional) Specify the network trove is running on.
# Defaults to hiera('trove_api_network', undef)
@@ -431,7 +475,6 @@
# 'docker_registry_ssl_port' (Defaults to 13787)
# 'glance_api_port' (Defaults to 9292)
# 'glance_api_ssl_port' (Defaults to 13292)
-# 'glance_registry_port' (Defaults to 9191)
# 'gnocchi_api_port' (Defaults to 8041)
# 'gnocchi_api_ssl_port' (Defaults to 13041)
# 'mistral_api_port' (Defaults to 8989)
@@ -496,6 +539,11 @@ class tripleo::haproxy (
$haproxy_stats_password = undef,
$controller_hosts = hiera('controller_node_ips'),
$controller_hosts_names = hiera('controller_node_names', undef),
+ $contrail_config_hosts = hiera('contrail_config_node_ips', undef),
+ $contrail_config_hosts_names = hiera('contrail_config_node_names', undef),
+ $contrail_analytics = hiera('contrail_analytics_enabled', false),
+ $contrail_config = hiera('contrail_config_enabled', false),
+ $contrail_webui = hiera('contrail_webui_enabled', false),
$service_certificate = undef,
$use_internal_certificates = false,
$internal_certificates_specs = {},
@@ -508,15 +556,18 @@ class tripleo::haproxy (
$keystone_public = hiera('keystone_enabled', false),
$neutron = hiera('neutron_api_enabled', false),
$cinder = hiera('cinder_api_enabled', false),
+ $congress = hiera('congress_enabled', false),
$manila = hiera('manila_api_enabled', false),
$sahara = hiera('sahara_api_enabled', false),
+ $tacker = hiera('tacker_enabled', false),
$trove = hiera('trove_api_enabled', false),
$glance_api = hiera('glance_api_enabled', false),
- $glance_registry = hiera('glance_registry_enabled', false),
$nova_osapi = hiera('nova_api_enabled', false),
$nova_placement = hiera('nova_placement_enabled', false),
$nova_metadata = hiera('nova_api_enabled', false),
$nova_novncproxy = hiera('nova_vnc_proxy_enabled', false),
+ $ec2_api = hiera('ec2_api_enabled', false),
+ $ec2_api_metadata = hiera('ec2_api_enabled', false),
$ceilometer = hiera('ceilometer_api_enabled', false),
$aodh = hiera('aodh_api_enabled', false),
$panko = hiera('panko_api_enabled', false),
@@ -550,9 +601,9 @@ class tripleo::haproxy (
$ceilometer_network = hiera('ceilometer_api_network', undef),
$ceph_rgw_network = hiera('ceph_rgw_network', undef),
$cinder_network = hiera('cinder_api_network', undef),
+ $congress_network = hiera('congress_api_network', undef),
$docker_registry_network = hiera('docker_registry_network', undef),
$glance_api_network = hiera('glance_api_network', undef),
- $glance_registry_network = hiera('glance_registry_network', undef),
$gnocchi_network = hiera('gnocchi_api_network', undef),
$heat_api_network = hiera('heat_api_network', undef),
$heat_cfn_network = hiera('heat_api_cfn_network', undef),
@@ -570,8 +621,11 @@ class tripleo::haproxy (
$nova_placement_network = hiera('nova_placement_network', undef),
$panko_network = hiera('panko_api_network', undef),
$ovn_dbs_network = hiera('ovn_dbs_network', undef),
+ $ec2_api_network = hiera('ec2_api_network', undef),
+ $ec2_api_metadata_network = hiera('ec2_api_network', undef),
$sahara_network = hiera('sahara_api_network', undef),
$swift_proxy_server_network = hiera('swift_proxy_network', undef),
+ $tacker_network = hiera('tacker_api_network', undef),
$trove_network = hiera('trove_api_network', undef),
$zaqar_api_network = hiera('zaqar_api_network', undef),
$service_ports = {}
@@ -585,11 +639,20 @@ class tripleo::haproxy (
ceilometer_api_ssl_port => 13777,
cinder_api_port => 8776,
cinder_api_ssl_port => 13776,
+ congress_api_port => 1789,
+ congress_api_ssl_port => 13789,
+ contrail_config_port => 8082,
+ contrail_config_ssl_port => 18082,
+ contrail_discovery_port => 5998,
+ contrail_discovery_ssl_port => 15998,
+ contrail_analytics_port => 8090,
+ contrail_analytics_ssl_port => 18090,
+ contrail_webui_http_port => 8080,
+ contrail_webui_https_port => 8143,
docker_registry_port => 8787,
docker_registry_ssl_port => 13787,
glance_api_port => 9292,
glance_api_ssl_port => 13292,
- glance_registry_port => 9191,
gnocchi_api_port => 8041,
gnocchi_api_ssl_port => 13041,
mistral_api_port => 8989,
@@ -625,10 +688,15 @@ class tripleo::haproxy (
panko_api_ssl_port => 13779,
ovn_nbdb_port => 6641,
ovn_sbdb_port => 6642,
+ ec2_api_port => 8788,
+ ec2_api_ssl_port => 13788,
+ ec2_api_metadata_port => 8789,
sahara_api_port => 8386,
sahara_api_ssl_port => 13386,
swift_proxy_port => 8080,
swift_proxy_ssl_port => 13808,
+ tacker_api_port => 9890,
+ tacker_api_ssl_port => 13989,
trove_api_port => 8779,
trove_api_ssl_port => 13779,
ui_port => 3000,
@@ -840,6 +908,7 @@ class tripleo::haproxy (
},
public_ssl_port => $ports[neutron_api_ssl_port],
service_network => $neutron_network,
+ member_options => union($haproxy_member_options, $internal_tls_member_options),
}
}
@@ -862,6 +931,24 @@ class tripleo::haproxy (
}
}
+ if $congress {
+ ::tripleo::haproxy::endpoint { 'congress':
+ public_virtual_ip => $public_virtual_ip,
+ internal_ip => hiera('congress_api_vip', $controller_virtual_ip),
+ service_port => $ports[congress_api_port],
+ ip_addresses => hiera('congress_node_ips', $controller_hosts_real),
+ server_names => hiera('congress_api_node_names', $controller_hosts_names_real),
+ mode => 'http',
+ listen_options => {
+ 'http-request' => [
+ 'set-header X-Forwarded-Proto https if { ssl_fc }',
+ 'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
+ },
+ public_ssl_port => $ports[congress_api_ssl_port],
+ service_network => $congress_network,
+ }
+ }
+
if $manila {
::tripleo::haproxy::endpoint { 'manila':
public_virtual_ip => $public_virtual_ip,
@@ -892,6 +979,24 @@ class tripleo::haproxy (
}
}
+ if $tacker {
+ ::tripleo::haproxy::endpoint { 'tacker':
+ public_virtual_ip => $public_virtual_ip,
+ internal_ip => hiera('tacker_api_vip', $controller_virtual_ip),
+ service_port => $ports[tacker_api_port],
+ ip_addresses => hiera('tacker_node_ips', $controller_hosts_real),
+ server_names => hiera('tacker_api_node_names', $controller_hosts_names_real),
+ mode => 'http',
+ listen_options => {
+ 'http-request' => [
+ 'set-header X-Forwarded-Proto https if { ssl_fc }',
+ 'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
+ },
+ public_ssl_port => $ports[tacker_api_ssl_port],
+ service_network => $tacker_network,
+ }
+ }
+
if $trove {
::tripleo::haproxy::endpoint { 'trove':
public_virtual_ip => $public_virtual_ip,
@@ -919,16 +1024,7 @@ class tripleo::haproxy (
'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
},
service_network => $glance_api_network,
- }
- }
-
- if $glance_registry {
- ::tripleo::haproxy::endpoint { 'glance_registry':
- internal_ip => hiera('glance_registry_vip', $controller_virtual_ip),
- service_port => $ports[glance_registry_port],
- ip_addresses => hiera('glance_registry_node_ips', $controller_hosts_real),
- server_names => hiera('glance_registry_node_names', $controller_hosts_names_real),
- service_network => $glance_registry_network,
+ member_options => union($haproxy_member_options, $internal_tls_member_options),
}
}
@@ -998,6 +1094,34 @@ class tripleo::haproxy (
}
}
+ if $ec2_api {
+ ::tripleo::haproxy::endpoint { 'ec2_api':
+ public_virtual_ip => $public_virtual_ip,
+ internal_ip => hiera('ec2_api_vip', $controller_virtual_ip),
+ service_port => $ports[ec2_api_port],
+ ip_addresses => hiera('ec2_api_node_ips', $controller_hosts_real),
+ server_names => hiera('ec2_api_node_names', $controller_hosts_names_real),
+ mode => 'http',
+ listen_options => {
+ 'http-request' => [
+ 'set-header X-Forwarded-Proto https if { ssl_fc }',
+ 'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
+ },
+ public_ssl_port => $ports[ec2_api_ssl_port],
+ service_network => $ec2_api_network,
+ }
+ }
+
+ if $ec2_api_metadata {
+ ::tripleo::haproxy::endpoint { 'ec2_api_metadata':
+ internal_ip => hiera('ec2_api_vip', $controller_virtual_ip),
+ service_port => $ports[ec2_api_metadata_port],
+ ip_addresses => hiera('ec2_api_node_ips', $controller_hosts_real),
+ server_names => hiera('ec2_api_node_names', $controller_hosts_names_real),
+ service_network => $ec2_api_metadata_network,
+ }
+ }
+
if $ceilometer {
::tripleo::haproxy::endpoint { 'ceilometer':
public_virtual_ip => $public_virtual_ip,
@@ -1250,6 +1374,15 @@ class tripleo::haproxy (
server_names => hiera('mysql_node_names', $controller_hosts_names_real),
options => $mysql_member_options_real,
}
+ if hiera('manage_firewall', true) {
+ include ::tripleo::firewall
+ $mysql_firewall_rules = {
+ '100 mysql_haproxy' => {
+ 'dport' => 3306,
+ }
+ }
+ create_resources('tripleo::firewall::rule', $mysql_firewall_rules)
+ }
}
if $rabbitmq {
@@ -1326,6 +1459,15 @@ class tripleo::haproxy (
server_names => hiera('redis_node_names', $controller_hosts_names_real),
options => $haproxy_member_options,
}
+ if hiera('manage_firewall', true) {
+ include ::tripleo::firewall
+ $redis_firewall_rules = {
+ '100 redis_haproxy' => {
+ 'dport' => 6379,
+ }
+ }
+ create_resources('tripleo::firewall::rule', $redis_firewall_rules)
+ }
}
$midonet_cluster_vip = hiera('midonet_cluster_vip', $controller_virtual_ip)
@@ -1452,5 +1594,50 @@ class tripleo::haproxy (
public_ssl_port => $ports[ui_ssl_port],
}
}
-
+ if $contrail_config {
+ ::tripleo::haproxy::endpoint { 'contrail_config':
+ public_virtual_ip => $public_virtual_ip,
+ internal_ip => hiera('contrail_config_vip', $controller_virtual_ip),
+ service_port => $ports[contrail_config_port],
+ ip_addresses => hiera('contrail_config_node_ips'),
+ server_names => hiera('contrail_config_node_ips'),
+ public_ssl_port => $ports[contrail_config_ssl_port],
+ }
+ ::tripleo::haproxy::endpoint { 'contrail_discovery':
+ public_virtual_ip => $public_virtual_ip,
+ internal_ip => hiera('contrail_config_vip', $controller_virtual_ip),
+ service_port => $ports[contrail_discovery_port],
+ ip_addresses => hiera('contrail_config_node_ips'),
+ server_names => hiera('contrail_config_node_ips'),
+ public_ssl_port => $ports[contrail_discovery_ssl_port],
+ }
+ }
+ if $contrail_analytics {
+ ::tripleo::haproxy::endpoint { 'contrail_analytics':
+ public_virtual_ip => $public_virtual_ip,
+ internal_ip => hiera('contrail_analytics_vip', $controller_virtual_ip),
+ service_port => $ports[contrail_analytics_port],
+ ip_addresses => hiera('contrail_config_node_ips'),
+ server_names => hiera('contrail_config_node_ips'),
+ public_ssl_port => $ports[contrail_analytics_ssl_port],
+ }
+ }
+ if $contrail_webui {
+ ::tripleo::haproxy::endpoint { 'contrail_webui_http':
+ public_virtual_ip => $public_virtual_ip,
+ internal_ip => hiera('contrail_webui_vip', $controller_virtual_ip),
+ service_port => $ports[contrail_webui_http_port],
+ ip_addresses => hiera('contrail_config_node_ips'),
+ server_names => hiera('contrail_config_node_ips'),
+ public_ssl_port => $ports[contrail_webui_http_port],
+ }
+ ::tripleo::haproxy::endpoint { 'contrail_webui_https':
+ public_virtual_ip => $public_virtual_ip,
+ internal_ip => hiera('contrail_webui_vip', $controller_virtual_ip),
+ service_port => $ports[contrail_webui_https_port],
+ ip_addresses => hiera('contrail_config_node_ips'),
+ server_names => hiera('contrail_config_node_ips'),
+ public_ssl_port => $ports[contrail_webui_https_port],
+ }
+ }
}
diff --git a/manifests/keepalived.pp b/manifests/keepalived.pp
index 0e9262d..a6d5832 100644
--- a/manifests/keepalived.pp
+++ b/manifests/keepalived.pp
@@ -113,10 +113,15 @@ class tripleo::keepalived (
if $internal_api_virtual_ip and $internal_api_virtual_ip != $controller_virtual_ip {
$internal_api_virtual_interface = interface_for_ip($internal_api_virtual_ip)
+ if is_ipv6_address($internal_api_virtual_ip) {
+ $internal_api_virtual_netmask = '64'
+ } else {
+ $internal_api_virtual_netmask = '32'
+ }
# KEEPALIVE INTERNAL API NETWORK
keepalived::instance { '53':
interface => $internal_api_virtual_interface,
- virtual_ips => [join([$internal_api_virtual_ip, ' dev ', $internal_api_virtual_interface])],
+ virtual_ips => [join(["${internal_api_virtual_ip}/${internal_api_virtual_netmask}", ' dev ', $internal_api_virtual_interface])],
state => 'MASTER',
track_script => ['haproxy'],
priority => 101,
@@ -125,10 +130,15 @@ class tripleo::keepalived (
if $storage_virtual_ip and $storage_virtual_ip != $controller_virtual_ip {
$storage_virtual_interface = interface_for_ip($storage_virtual_ip)
+ if is_ipv6_address($storage_virtual_ip) {
+ $storage_virtual_netmask = '64'
+ } else {
+ $storage_virtual_netmask = '32'
+ }
# KEEPALIVE STORAGE NETWORK
keepalived::instance { '54':
interface => $storage_virtual_interface,
- virtual_ips => [join([$storage_virtual_ip, ' dev ', $storage_virtual_interface])],
+ virtual_ips => [join(["${storage_virtual_ip}/${storage_virtual_netmask}", ' dev ', $storage_virtual_interface])],
state => 'MASTER',
track_script => ['haproxy'],
priority => 101,
@@ -137,10 +147,15 @@ class tripleo::keepalived (
if $storage_mgmt_virtual_ip and $storage_mgmt_virtual_ip != $controller_virtual_ip {
$storage_mgmt_virtual_interface = interface_for_ip($storage_mgmt_virtual_ip)
+ if is_ipv6_address($storage_mgmt_virtual_ip) {
+ $storage_mgmt_virtual_netmask = '64'
+ } else {
+ $storage_mgmt_virtual_netmask = '32'
+ }
# KEEPALIVE STORAGE MANAGEMENT NETWORK
keepalived::instance { '55':
interface => $storage_mgmt_virtual_interface,
- virtual_ips => [join([$storage_mgmt_virtual_ip, ' dev ', $storage_mgmt_virtual_interface])],
+ virtual_ips => [join(["${storage_mgmt_virtual_ip}/${storage_mgmt_virtual_netmask}", ' dev ', $storage_mgmt_virtual_interface])],
state => 'MASTER',
track_script => ['haproxy'],
priority => 101,
@@ -149,10 +164,15 @@ class tripleo::keepalived (
if $redis_virtual_ip and $redis_virtual_ip != $controller_virtual_ip {
$redis_virtual_interface = interface_for_ip($redis_virtual_ip)
+ if is_ipv6_address($redis_virtual_ip) {
+ $redis_virtual_netmask = '64'
+ } else {
+ $redis_virtual_netmask = '32'
+ }
# KEEPALIVE STORAGE MANAGEMENT NETWORK
keepalived::instance { '56':
interface => $redis_virtual_interface,
- virtual_ips => [join([$redis_virtual_ip, ' dev ', $redis_virtual_interface])],
+ virtual_ips => [join(["${redis_virtual_ip}/${redis_virtual_netmask}", ' dev ', $redis_virtual_interface])],
state => 'MASTER',
track_script => ['haproxy'],
priority => 101,
diff --git a/manifests/network/contrail/analytics.pp b/manifests/network/contrail/analytics.pp
index 4359a43..e34c7e6 100644
--- a/manifests/network/contrail/analytics.pp
+++ b/manifests/network/contrail/analytics.pp
@@ -43,6 +43,21 @@
# String value.
# Defaults to hiera('contrail::admin_user')
#
+# [*api_server*]
+# (optional) IP address of api server
+# String value.
+# Defaults to hiera('contrail_config_vip')
+#
+# [*api_port*]
+# (optional) port of api server
+# String value.
+# Defaults to hiera('contrail::api_port')
+#
+# [*analytics_aaa_mode*]
+# (optional) analytics aaa mode parameter
+# String value.
+# Defaults to hiera('contrail::analytics_aaa_mode')
+#
# [*auth_host*]
# (optional) keystone server ip address
# String (IPv4) value.
@@ -53,11 +68,26 @@
# Integer value.
# Defaults to hiera('contrail::auth_port')
#
+# [*auth_port_ssl*]
+# (optional) keystone ssl port.
+# Integer value.
+# Defaults to hiera('contrail::auth_port_ssl')
+#
# [*auth_protocol*]
# (optional) authentication protocol.
# String value.
# Defaults to hiera('contrail::auth_protocol')
#
+# [*ca_file*]
+# (optional) ca file name
+# String value.
+# Defaults to hiera('contrail::service_certificate',false)
+#
+# [*cert_file*]
+# (optional) cert file name
+# String value.
+# Defaults to hiera('contrail::service_certificate',false)
+#
# [*cassandra_server_list*]
# (optional) List IPs+port of Cassandra servers
# Array of strings value.
@@ -76,7 +106,7 @@
# [*disc_server_ip*]
# (optional) IPv4 address of discovery server.
# String (IPv4) value.
-# Defaults to hiera('contrail::disc_server_ip')
+# Defaults to hiera('contrail_config_vip')
#
# [*disc_server_port*]
# (optional) port Discovery server listens on.
@@ -103,6 +133,31 @@
# String (IPv4) value + port
# Defaults to hiera('contrail::memcached_server')
#
+# [*public_vip*]
+# (optional) Public virtual IP address
+# String (IPv4) value
+# Defaults to hiera('public_virtual_ip')
+#
+# [*rabbit_server*]
+# (optional) IPv4 addresses of rabbit server.
+# Array of String (IPv4) value.
+# Defaults to hiera('rabbitmq_node_ips')
+#
+# [*rabbit_user*]
+# (optional) Rabbit user
+# String value.
+# Defaults to hiera('contrail::rabbit_user')
+#
+# [*rabbit_password*]
+# (optional) Rabbit password
+# String value.
+# Defaults to hiera('contrail::rabbit_password')
+#
+# [*rabbit_port*]
+# (optional) port of rabbit server
+# String value.
+# Defaults to hiera('contrail::rabbit_port')
+#
# [*redis_server*]
# (optional) IPv4 address of redis server.
# String (IPv4) value.
@@ -123,123 +178,209 @@
# Integer value.
# Defaults to 8081
#
+# [*step*]
+# (optional) Step stack is in
+# Integer value.
+# Defaults to hiera('step')
+#
# [*zk_server_ip*]
# (optional) List IPs+port of Zookeeper servers
# Array of strings value.
# Defaults to hiera('contrail::zk_server_ip')
#
class tripleo::network::contrail::analytics(
- $host_ip,
- $admin_password = hiera('contrail::admin_password'),
- $admin_tenant_name = hiera('contrail::admin_tenant_name'),
- $admin_token = hiera('contrail::admin_token'),
- $admin_user = hiera('contrail::admin_user'),
- $auth_host = hiera('contrail::auth_host'),
- $auth_port = hiera('contrail::auth_port'),
- $auth_protocol = hiera('contrail::auth_protocol'),
- $cassandra_server_list = hiera('contrail::cassandra_server_list'),
- $collector_http_server_port = 8089,
- $collector_sandesh_port = 8086,
- $disc_server_ip = hiera('contrail::disc_server_ip'),
- $disc_server_port = hiera('contrail::disc_server_port'),
- $http_server_port = 8090,
- $insecure = hiera('contrail::insecure'),
- $kafka_broker_list = hiera('contrail::kafka_broker_list'),
- $memcached_servers = hiera('contrail::memcached_server'),
- $redis_server = '127.0.0.1',
- $redis_server_port = 6379,
- $rest_api_ip = '0.0.0.0',
- $rest_api_port = 8081,
- $zk_server_ip = hiera('contrail::zk_server_ip'),
+ $step = hiera('step'),
+ $admin_password = hiera('contrail::admin_password'),
+ $admin_tenant_name = hiera('contrail::admin_tenant_name'),
+ $admin_token = hiera('contrail::admin_token'),
+ $admin_user = hiera('contrail::admin_user'),
+ $api_server = hiera('contrail_config_vip'),
+ $api_port = hiera('contrail::api_port'),
+ $auth_host = hiera('contrail::auth_host'),
+ $auth_port = hiera('contrail::auth_port'),
+ $auth_protocol = hiera('contrail::auth_protocol'),
+ $auth_port_ssl = hiera('contrail::auth_port_ssl'),
+ $analytics_aaa_mode = hiera('contrail::analytics_aaa_mode'),
+ $cassandra_server_list = hiera('contrail_analytics_database_node_ips'),
+ $ca_file = hiera('contrail::service_certificate',false),
+ $cert_file = hiera('contrail::service_certificate',false),
+ $collector_http_server_port = hiera('contrail::analytics::collector_http_server_port'),
+ $collector_sandesh_port = hiera('contrail::analytics::collector_sandesh_port'),
+ $disc_server_ip = hiera('contrail_config_vip'),
+ $disc_server_port = hiera('contrail::disc_server_port'),
+ $http_server_port = hiera('contrail::analytics::http_server_port'),
+ $host_ip = hiera('contrail::analytics::host_ip'),
+ $insecure = hiera('contrail::insecure'),
+ $kafka_broker_list = hiera('contrail_analytics_database_node_ips'),
+ $memcached_servers = hiera('contrail::memcached_server'),
+ $public_vip = hiera('public_virtual_ip'),
+ $rabbit_server = hiera('rabbitmq_node_ips'),
+ $rabbit_user = hiera('contrail::rabbit_user'),
+ $rabbit_password = hiera('contrail::rabbit_password'),
+ $rabbit_port = hiera('contrail::rabbit_port'),
+ $redis_server = hiera('contrail::analytics::redis_server'),
+ $redis_server_port = hiera('contrail::analytics::redis_server_port'),
+ $rest_api_ip = hiera('contrail::analytics::rest_api_ip'),
+ $rest_api_port = hiera('contrail::analytics::rest_api_port'),
+ $zk_server_ip = hiera('contrail_database_node_ips'),
)
{
- class {'::contrail::keystone':
- keystone_config => {
- 'KEYSTONE' => {
+ $cassandra_server_list_9042 = join([join($cassandra_server_list, ':9042 '),':9042'],'')
+ $kafka_broker_list_9092 = join([join($kafka_broker_list, ':9092 '),':9092'],'')
+ $rabbit_server_list_5672 = join([join($rabbit_server, ":${rabbit_port},"),":${rabbit_port}"],'')
+ $redis_config = "bind ${host_ip} 127.0.0.1"
+ $zk_server_ip_2181 = join([join($zk_server_ip, ':2181 '),':2181'],'')
+ $zk_server_ip_2181_comma = join([join($zk_server_ip, ':2181,'),':2181'],'')
+
+ if $auth_protocol == 'https' {
+ $keystone_config = {
'admin_password' => $admin_password,
'admin_tenant_name' => $admin_tenant_name,
- 'admin_token' => $admin_token,
'admin_user' => $admin_user,
'auth_host' => $auth_host,
- 'auth_port' => $auth_port,
+ 'auth_port' => $auth_port_ssl,
'auth_protocol' => $auth_protocol,
'insecure' => $insecure,
- 'memcached_servers' => $memcached_servers,
- },
- },
- } ->
- class {'::contrail::analytics':
- analytics_api_config => {
- 'DEFAULTS' => {
- 'cassandra_server_list' => $cassandra_server_list,
- 'host_ip' => $host_ip,
- 'http_server_port' => $http_server_port,
- 'redis_server' => $redis_server,
- 'rest_api_ip' => $rest_api_ip,
- 'rest_api_port' => $rest_api_port,
- },
- 'DISCOVERY' => {
- 'disc_server_ip' => $disc_server_ip,
- 'disc_server_port' => $disc_server_port,
- },
- 'REDIS' => {
- 'redis_server_port' => $redis_server_port,
- 'redis_query_port' => $redis_server_port,
- 'server' => $redis_server,
- },
- },
- collector_config => {
- 'DEFAULTS' => {
- 'cassandra_server_list' => $cassandra_server_list,
- 'disc_server_ip' => $disc_server_ip,
- 'hostip' => $host_ip,
- 'http_server_port' => $collector_http_server_port,
- 'kafka_broker_list' => $kafka_broker_list,
- 'zookeeper_server_list' => $zk_server_ip,
- },
- 'COLLECTOR' => {
- 'port' => $collector_sandesh_port,
+ 'certfile' => $cert_file,
+ 'cafile' => $ca_file,
+ }
+ $vnc_api_lib_config = {
+ 'auth' => {
+ 'AUTHN_SERVER' => $public_vip,
+ 'AUTHN_PORT' => $auth_port_ssl,
+ 'AUTHN_PROTOCOL' => $auth_protocol,
+ 'certfile' => $cert_file,
+ 'cafile' => $ca_file,
},
- 'DISCOVERY' => {
- 'port' => $disc_server_port,
- 'server' => $disc_server_ip,
+ }
+ } else {
+ $keystone_config = {
+ 'admin_password' => $admin_password,
+ 'admin_tenant_name' => $admin_tenant_name,
+ 'admin_user' => $admin_user,
+ 'auth_host' => $auth_host,
+ 'auth_port' => $auth_port,
+ 'auth_protocol' => $auth_protocol,
+ 'insecure' => $insecure,
+ }
+ $vnc_api_lib_config = {
+ 'auth' => {
+ 'AUTHN_SERVER' => $public_vip,
},
- 'REDIS' => {
- 'port' => $redis_server_port,
- 'server' => $redis_server,
+ }
+ }
+ if $step >= 3 {
+ class {'::contrail::analytics':
+ alarm_gen_config => {
+ 'DEFAULTS' => {
+ 'host_ip' => $host_ip,
+ 'kafka_broker_list' => $kafka_broker_list_9092,
+ 'rabbitmq_server_list' => $rabbit_server_list_5672,
+ 'rabbitmq_user' => $rabbit_user,
+ 'rabbitmq_password' => $rabbit_password,
+ 'zk_list' => $zk_server_ip_2181,
+ },
+ 'DISCOVERY' => {
+ 'disc_server_ip' => $disc_server_ip,
+ 'disc_server_port' => $disc_server_port,
+ },
},
- },
- query_engine_config => {
- 'DEFAULTS' => {
- 'cassandra_server_list' => $cassandra_server_list,
- 'hostip' => $host_ip,
+ analytics_nodemgr_config => {
+ 'DISCOVERY' => {
+ 'server' => $disc_server_ip,
+ 'port' => $disc_server_port,
+ },
},
- 'DISCOVERY' => {
- 'port' => $disc_server_port,
- 'server' => $disc_server_ip,
+ analytics_api_config => {
+ 'DEFAULTS' => {
+ 'api_server' => "${api_server}:${api_port}",
+ 'aaa_mode' => $analytics_aaa_mode,
+ 'cassandra_server_list' => $cassandra_server_list_9042,
+ 'host_ip' => $host_ip,
+ 'http_server_port' => $http_server_port,
+ 'rest_api_ip' => $rest_api_ip,
+ 'rest_api_port' => $rest_api_port,
+ },
+ 'DISCOVERY' => {
+ 'disc_server_ip' => $disc_server_ip,
+ 'disc_server_port' => $disc_server_port,
+ },
+ 'REDIS' => {
+ 'redis_server_port' => $redis_server_port,
+ 'redis_query_port' => $redis_server_port,
+ 'server' => $redis_server,
+ },
+ 'KEYSTONE' => $keystone_config,
},
- 'REDIS' => {
- 'port' => $redis_server_port,
- 'server' => $redis_server,
+ collector_config => {
+ 'DEFAULT' => {
+ 'cassandra_server_list' => $cassandra_server_list_9042,
+ 'hostip' => $host_ip,
+ 'http_server_port' => $collector_http_server_port,
+ 'kafka_broker_list' => $kafka_broker_list_9092,
+ 'zookeeper_server_list' => $zk_server_ip_2181_comma,
+ },
+ 'COLLECTOR' => {
+ 'port' => $collector_sandesh_port,
+ },
+ 'DISCOVERY' => {
+ 'port' => $disc_server_port,
+ 'server' => $disc_server_ip,
+ },
+ 'REDIS' => {
+ 'port' => $redis_server_port,
+ 'server' => $redis_server,
+ },
},
- },
- snmp_collector_config => {
- 'DEFAULTS' => {
- 'zk_server_ip' => $zk_server_ip,
+ query_engine_config => {
+ 'DEFAULT' => {
+ 'cassandra_server_list' => $cassandra_server_list_9042,
+ 'hostip' => $host_ip,
+ },
+ 'DISCOVERY' => {
+ 'port' => $disc_server_port,
+ 'server' => $disc_server_ip,
+ },
+ 'REDIS' => {
+ 'port' => $redis_server_port,
+ 'server' => $redis_server,
+ },
},
- 'DISCOVERY' => {
- 'disc_server_ip' => $disc_server_ip,
- 'disc_server_port' => $disc_server_port,
+ snmp_collector_config => {
+ 'DEFAULTS' => {
+ 'zookeeper' => $zk_server_ip_2181_comma,
+ },
+ 'DISCOVERY' => {
+ 'disc_server_ip' => $disc_server_ip,
+ 'disc_server_port' => $disc_server_port,
+ },
},
- },
- topology_config => {
- 'DEFAULTS' => {
- 'zk_server_ip' => $zk_server_ip,
+ redis_config => $redis_config,
+ topology_config => {
+ 'DEFAULTS' => {
+ 'zookeeper' => $zk_server_ip_2181_comma,
+ },
+ 'DISCOVERY' => {
+ 'disc_server_ip' => $disc_server_ip,
+ 'disc_server_port' => $disc_server_port,
+ },
},
- 'DISCOVERY' => {
- 'disc_server_ip' => $disc_server_ip,
- 'disc_server_port' => $disc_server_port,
+ vnc_api_lib_config => $vnc_api_lib_config,
+ keystone_config => {
+ 'KEYSTONE' => $keystone_config,
},
- },
+ }
+ }
+ if $step >= 5 {
+ class {'::contrail::analytics::provision_analytics':
+ api_address => $api_server,
+ api_port => $api_port,
+ analytics_node_address => $host_ip,
+ analytics_node_name => $::fqdn,
+ keystone_admin_user => $admin_user,
+ keystone_admin_password => $admin_password,
+ keystone_admin_tenant_name => $admin_tenant_name,
+ openstack_vip => $public_vip,
+ }
}
}
diff --git a/manifests/network/contrail/analyticsdatabase.pp b/manifests/network/contrail/analyticsdatabase.pp
new file mode 100644
index 0000000..88b0327
--- /dev/null
+++ b/manifests/network/contrail/analyticsdatabase.pp
@@ -0,0 +1,202 @@
+#
+# Copyright (C) 2015 Juniper Networks
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::network::contrail::analyticsdatabase
+#
+# Configure Contrail Analytics Database services
+#
+# == Parameters:
+#
+# [*auth_host*]
+# (optional) IPv4 VIP of Keystone
+# String (IPv4) value
+# Defaults to hiera('contrail::auth_host')
+#
+# [*auth_port_ssl*]
+# (optional) keystone ssl port.
+# Integer value.
+# Defaults to hiera('contrail::auth_port_ssl')
+#
+# [*auth_protocol*]
+# (optional) authentication protocol.
+# String value.
+# Defaults to hiera('contrail::auth_protocol')
+#
+# [*api_server*]
+# (optional) IPv4 VIP of Contrail Config API
+# String (IPv4) value
+# Defaults to hiera('contrail_config_vip')
+#
+# [*api_port*]
+# (optional) Port of Contrail Config API
+# String value
+# Defaults to hiera('contrail::api_port')
+#
+# [*admin_password*]
+# (optional) Keystone Admin password
+# String value
+# Defaults to hiera('contrail::admin_password')
+#
+# [*admin_tenant_name*]
+# (optional) Keystone Admin tenant name
+# String value
+# Defaults to hiera('contrail::admin_tenant_name')
+#
+# [*admin_token*]
+# (optional) Keystone Admin token
+# String value
+# Defaults to hiera('contrail::admin_token')
+#
+# [*admin_user*]
+# (optional) Keystone Admin user
+# String value
+# Defaults to hiera('contrail::admin_user')
+#
+# [*ca_file*]
+# (optional) ca file name
+# String value.
+# Defaults to hiera('contrail::service_certificate',false)
+#
+# [*cert_file*]
+# (optional) cert file name
+# String value.
+# Defaults to hiera('contrail::service_certificate',false)
+#
+# [*cassandra_servers*]
+# (optional) List of analytics cassandra servers
+# List (IPv4) value
+# Defaults to hiera('contrail_analytics_database_node_ips')
+#
+# [*disc_server_ip*]
+# (optional) IPv4 VIP of Contrail Discovery
+# String (IPv4) value
+# Defaults to hiera('contrail_config_vip')
+#
+# [*disc_server_port*]
+# (optional) port Discovery server listens on.
+# Integer value.
+# Defaults to hiera('contrail::disc_server_port')
+#
+# [*host_ip*]
+# (optional) host IP address of Database node
+# String (IPv4) value.
+# Defaults to hiera('contrail::analytics::database::host_ip')
+#
+# [*host_name*]
+# (optional) host name of database node
+# String value
+# Defaults to $::hostname
+#
+# [*kafka_hostnames*]
+# (optional) list of kafka server hostnames
+# List value
+# Defaults to hiera('contrail_analytics_database_short_node_names', '')
+#
+# [*public_vip*]
+# (optional) Public VIP
+# String (IPv4) value
+# Defaults to hiera('public_virtual_ip')
+#
+# [*step*]
+# (optional) step in the stack
+# String value
+# Defaults to hiera('step')
+#
+# [*zookeeper_server_ips*]
+# (optional) list of zookeeper server IPs
+# List value
+# Defaults to hiera('contrail_database_node_ips')
+#
+class tripleo::network::contrail::analyticsdatabase(
+ $step = hiera('step'),
+ $auth_host = hiera('contrail::auth_host'),
+ $api_server = hiera('contrail_config_vip'),
+ $api_port = hiera('contrail::api_port'),
+ $admin_password = hiera('contrail::admin_password'),
+ $admin_tenant_name = hiera('contrail::admin_tenant_name'),
+ $admin_token = hiera('contrail::admin_token'),
+ $admin_user = hiera('contrail::admin_user'),
+ $auth_port_ssl = hiera('contrail::auth_port_ssl'),
+ $auth_protocol = hiera('contrail::auth_protocol'),
+ $cassandra_servers = hiera('contrail_analytics_database_node_ips'),
+ $ca_file = hiera('contrail::service_certificate',false),
+ $cert_file = hiera('contrail::service_certificate',false),
+ $disc_server_ip = hiera('contrail_config_vip'),
+ $disc_server_port = hiera('contrail::disc_server_port'),
+ $host_ip = hiera('contrail::analytics::database::host_ip'),
+ $host_name = $::hostname,
+ $kafka_hostnames = hiera('contrail_analytics_database_short_node_names', ''),
+ $public_vip = hiera('public_virtual_ip'),
+ $zookeeper_server_ips = hiera('contrail_database_node_ips'),
+)
+{
+ if $auth_protocol == 'https' {
+ $vnc_api_lib_config = {
+ 'auth' => {
+ 'AUTHN_SERVER' => $public_vip,
+ 'AUTHN_PORT' => $auth_port_ssl,
+ 'AUTHN_PROTOCOL' => $auth_protocol,
+ 'certfile' => $cert_file,
+ 'cafile' => $ca_file,
+ },
+ }
+ } else {
+ $vnc_api_lib_config = {
+ 'auth' => {
+ 'AUTHN_SERVER' => $public_vip,
+ },
+ }
+ }
+ if $step == 2 {
+ class {'::contrail::analyticsdatabase':
+ analyticsdatabase_params => {
+ 'auth_host' => $auth_host,
+ 'api_server' => $api_server,
+ 'admin_password' => $admin_password,
+ 'admin_tenant_name' => $admin_tenant_name,
+ 'admin_token' => $admin_token,
+ 'admin_user' => $admin_user,
+ 'cassandra_servers' => $cassandra_servers,
+ 'host_ip' => $host_ip,
+ 'disc_server_ip' => $disc_server_ip,
+ 'disc_server_port' => $disc_server_port,
+ 'kafka_hostnames' => $kafka_hostnames,
+ 'zookeeper_server_ips' => $zookeeper_server_ips,
+ database_nodemgr_config => {
+ 'DEFAULT' => {
+ 'hostip' => $host_ip,
+ },
+ 'DISCOVERY' => {
+ 'port' => $disc_server_port,
+ 'server' => $disc_server_ip,
+ },
+ },
+ vnc_api_lib_config => $vnc_api_lib_config,
+ }
+ }
+ }
+ if $step >= 5 {
+ class {'::contrail::database::provision_database':
+ api_address => $api_server,
+ api_port => $api_port,
+ database_node_address => $host_ip,
+ database_node_name => $host_name,
+ keystone_admin_user => $admin_user,
+ keystone_admin_password => $admin_password,
+ keystone_admin_tenant_name => $admin_tenant_name,
+ openstack_vip => $public_vip,
+ }
+ }
+}
diff --git a/manifests/network/contrail/config.pp b/manifests/network/contrail/config.pp
index 7b9c85f..d02ab44 100644
--- a/manifests/network/contrail/config.pp
+++ b/manifests/network/contrail/config.pp
@@ -19,21 +19,11 @@
#
# == Parameters:
#
-# [*ifmap_password*]
-# (required) ifmap password
-# String value.
-#
-# [*ifmap_server_ip*]
-# (required) ifmap server ip address.
-# String value.
#
-# [*ifmap_username*]
-# (required) ifmap username
+# [*aaa_mode*]
+# (optional) aaa mode parameter
# String value.
-#
-# [*rabbit_server*]
-# (required) IPv4 address of rabbit server.
-# String (IPv4) value.
+# Defaults to hiera('contrail::aaa_mode')
#
# [*admin_password*]
# (optional) admin password
@@ -55,6 +45,16 @@
# String value.
# Defaults to hiera('contrail::admin_user')
#
+# [*api_server*]
+# (optional) VIP of Config API
+# String (IPv4) value.
+# Defaults to hiera('contrail_config_vip')
+#
+# [*api_port*]
+# (optional) Port of Config API
+# String value.
+# Defaults to hiera('contrail::api_port')
+#
# [*auth*]
# (optional) Authentication method.
# Defaults to hiera('contrail::auth')
@@ -68,81 +68,232 @@
# (optional) keystone port.
# Defaults to hiera('contrail::auth_port')
#
+# [*auth_port_ssl*]
+# (optional) keystone ssl port.
+# Integer value.
+# Defaults to hiera('contrail::auth_port_ssl')
+#
# [*auth_protocol*]
# (optional) authentication protocol.
# Defaults to hiera('contrail::auth_protocol')
#
+# [*ca_file*]
+# (optional) ca file name
+# String value.
+# Defaults to hiera('contrail::service_certificate',false)
+#
+# [*cert_file*]
+# (optional) cert file name
+# String value.
+# Defaults to hiera('contrail::service_certificate',false)
+#
# [*cassandra_server_list*]
# (optional) List IPs+port of Cassandra servers
# Array of strings value.
# Defaults to hiera('contrail::cassandra_server_list')
#
+# [*config_hostnames*]
+# (optional) Config hostname list
+# Array of string value.
+# Defaults to hiera('contrail_config_short_node_names')
+#
+# [*control_server_list*]
+# (optional) IPv4 addresses of control server.
+# Array of string (IPv4) value.
+# Defaults to hiera('contrail_control_node_ips')
+#
# [*disc_server_ip*]
# (optional) IPv4 address of discovery server.
# String (IPv4) value.
-# Defaults to hiera('contrail::disc_server_ip')
+# Defaults to hiera('contrail_config_vip'),
+#
+# [*disc_server_port*]
+# (optional) port of discovery server
+# String value.
+# Defaults to hiera('contrail::disc_server_port')
+#
+# [*host_ip*]
+# (optional) IPv4 address of Config server
+# String (IPv4) value.
+# Defaults to hiera('contrail::config::host_ip')
+#
+# [*ifmap_password*]
+# (optional) ifmap password
+# String value.
+# Defaults to hiera('contrail::config::ifmap_password')
+#
+# [*ifmap_server_ip*]
+# (optional) ifmap server ip address.
+# String value.
+# Defaults to hiera('contrail::config::host_ip')
+#
+# [*ifmap_username*]
+# (optional) ifmap username
+# String value.
+# Defaults to hiera('contrail::config::ifmap_password')
#
# [*insecure*]
# (optional) insecure mode.
# Defaults to hiera('contrail::insecure')
#
+# [*ipfabric_service_port*]
+# (optional) linklocal ip fabric port
+# String value
+# Defaults to 8775
+#
# [*listen_ip_address*]
# (optional) IP address to listen on.
# String (IPv4) value.
-# Defaults to '0.0.0.0'
+# Defaults to hiera('contrail::config::listen_ip_address')
#
# [*listen_port*]
# (optional) Listen port for config-api
-# Defaults to 8082
+# Defaults to hiera('contrail::api_port')
+#
+# [*linklocal_service_name*]
+# (optional) name of link local service
+# String value
+# Defaults to metadata
+#
+# [*linklocal_service_port*]
+# (optional) port of link local service
+# String value
+# Defaults to 80
+#
+# [*linklocal_service_name*]
+# (optional) name of link local service
+# String value
+# Defaults to metadata
+#
+# [*linklocal_service_ip*]
+# (optional) IPv4 address of link local service
+# String (IPv4) value
+# Defaults to 169.254.169.254
#
# [*memcached_servers*]
# (optional) IPv4 address of memcached servers
# String (IPv4) value + port
# Defaults to hiera('contrail::memcached_server')
#
-# [*multi_tenancy*]
-# (optional) Defines if mutli-tenancy is enabled.
-# Defaults to hiera('contrail::multi_tenancy')
+# [*public_vip*]
+# (optional) Public virtual ip
+# String value.
+# Defaults to hiera('public_virtual_ip')
+#
+# [*step*]
+# (optional) Step stack is in
+# Integer value.
+# Defaults to hiera('step')
+#
+# [*rabbit_server*]
+# (optional) rabbit server
+# Array of string value.
+# Defaults to hiera('rabbitmq_node_ips')
+#
+# [*rabbit_user*]
+# (optional) rabbit user
+# String value.
+# Defaults to hiera('contrail::rabbit_user')
+#
+# [*rabbit_password*]
+# (optional) rabbit password
+# String value.
+# Defaults to hiera('contrail::rabbit_password')
+#
+# [*rabbit_port*]
+# (optional) rabbit server port
+# String value.
+# Defaults to hiera('contrail::rabbit_port')
#
# [*redis_server*]
# (optional) IPv4 address of redis server.
# String (IPv4) value.
-# Defaults to '127.0.0.1'
+# Defaults to hiera('contrail::config::redis_server')
#
# [*zk_server_ip*]
# (optional) List IPs+port of Zookeeper servers
# Array of strings value.
-# Defaults to hiera('contrail::zk_server_ip')
+# Defaults to hiera('contrail_database_node_ips')
#
class tripleo::network::contrail::config(
- $ifmap_password,
- $ifmap_server_ip,
- $ifmap_username,
- $rabbit_server,
- $admin_password = hiera('contrail::admin_password'),
- $admin_tenant_name = hiera('contrail::admin_tenant_name'),
- $admin_token = hiera('contrail::admin_token'),
- $admin_user = hiera('contrail::admin_user'),
- $auth = hiera('contrail::auth'),
- $auth_host = hiera('contrail::auth_host'),
- $auth_port = hiera('contrail::auth_port'),
- $auth_protocol = hiera('contrail::auth_protocol'),
- $cassandra_server_list = hiera('contrail::cassandra_server_list'),
- $disc_server_ip = hiera('contrail::disc_server_ip'),
- $insecure = hiera('contrail::insecure'),
- $listen_ip_address = '0.0.0.0',
- $listen_port = 8082,
- $memcached_servers = hiera('contrail::memcached_server'),
- $multi_tenancy = hiera('contrail::multi_tenancy'),
- $redis_server = '127.0.0.1',
- $zk_server_ip = hiera('contrail::zk_server_ip'),
+ $step = hiera('step'),
+ $aaa_mode = hiera('contrail::aaa_mode'),
+ $admin_password = hiera('contrail::admin_password'),
+ $admin_tenant_name = hiera('contrail::admin_tenant_name'),
+ $admin_token = hiera('contrail::admin_token'),
+ $admin_user = hiera('contrail::admin_user'),
+ $api_server = hiera('contrail_config_vip'),
+ $api_port = hiera('contrail::api_port'),
+ $auth = hiera('contrail::auth'),
+ $auth_host = hiera('contrail::auth_host'),
+ $auth_port = hiera('contrail::auth_port'),
+ $auth_port_ssl = hiera('contrail::auth_port_ssl'),
+ $auth_protocol = hiera('contrail::auth_protocol'),
+ $cassandra_server_list = hiera('contrail_database_node_ips'),
+ $ca_file = hiera('contrail::service_certificate',false),
+ $cert_file = hiera('contrail::service_certificate',false),
+ $config_hostnames = hiera('contrail_config_short_node_names'),
+ $control_server_list = hiera('contrail_control_node_ips'),
+ $disc_server_ip = hiera('contrail_config_vip'),
+ $disc_server_port = hiera('contrail::disc_server_port'),
+ $host_ip = hiera('contrail::config::host_ip'),
+ $ifmap_password = hiera('contrail::config::ifmap_password'),
+ $ifmap_server_ip = hiera('contrail::config::host_ip'),
+ $ifmap_username = hiera('contrail::config::ifmap_username'),
+ $insecure = hiera('contrail::insecure'),
+ $ipfabric_service_port = 8775,
+ $listen_ip_address = hiera('contrail::config::listen_ip_address'),
+ $listen_port = hiera('contrail::api_port'),
+ $linklocal_service_port = 80,
+ $linklocal_service_name = 'metadata',
+ $linklocal_service_ip = '169.254.169.254',
+ $memcached_servers = hiera('contrail::memcached_server'),
+ $public_vip = hiera('public_virtual_ip'),
+ $rabbit_server = hiera('rabbitmq_node_ips'),
+ $rabbit_user = hiera('contrail::rabbit_user'),
+ $rabbit_password = hiera('contrail::rabbit_password'),
+ $rabbit_port = hiera('contrail::rabbit_port'),
+ $redis_server = hiera('contrail::config::redis_server'),
+ $zk_server_ip = hiera('contrail_database_node_ips'),
)
{
validate_ip_address($listen_ip_address)
validate_ip_address($disc_server_ip)
validate_ip_address($ifmap_server_ip)
- class {'::contrail::keystone':
- keystone_config => {
+ $basicauthusers_property_control = map($control_server_list) |$item| { "${item}.control:${item}.control" }
+ $basicauthusers_property_dns = $control_server_list.map |$item| { "${item}.dns:${item}.dns" }
+ $basicauthusers_property = concat($basicauthusers_property_control, $basicauthusers_property_dns)
+ $cassandra_server_list_9160 = join([join($cassandra_server_list, ':9160 '),':9160'],'')
+ $rabbit_server_list_5672 = join([join($rabbit_server, ':5672,'),':5672'],'')
+ $zk_server_ip_2181 = join([join($zk_server_ip, ':2181,'),':2181'],'')
+
+ if $auth_protocol == 'https' {
+ $keystone_config = {
+ 'KEYSTONE' => {
+ 'admin_password' => $admin_password,
+ 'admin_tenant_name' => $admin_tenant_name,
+ 'admin_token' => $admin_token,
+ 'admin_user' => $admin_user,
+ 'auth_host' => $auth_host,
+ 'auth_port' => $auth_port_ssl,
+ 'auth_protocol' => $auth_protocol,
+ 'insecure' => $insecure,
+ 'memcached_servers' => $memcached_servers,
+ 'certfile' => $cert_file,
+ 'cafile' => $ca_file,
+ },
+ }
+ $vnc_api_lib_config = {
+ 'auth' => {
+ 'AUTHN_SERVER' => $public_vip,
+ 'AUTHN_PORT' => $auth_port_ssl,
+ 'AUTHN_PROTOCOL' => $auth_protocol,
+ 'certfile' => $cert_file,
+ 'cafile' => $ca_file,
+ },
+ }
+ } else {
+ $keystone_config = {
'KEYSTONE' => {
'admin_password' => $admin_password,
'admin_tenant_name' => $admin_tenant_name,
@@ -154,62 +305,116 @@ class tripleo::network::contrail::config(
'insecure' => $insecure,
'memcached_servers' => $memcached_servers,
},
- },
- } ->
- class {'::contrail::config':
- api_config => {
- 'DEFAULTS' => {
- 'auth' => $auth,
- 'cassandra_server_list' => $cassandra_server_list,
- 'disc_server_ip' => $disc_server_ip,
- 'ifmap_password' => $ifmap_password,
- 'ifmap_server_ip' => $ifmap_server_ip,
- 'ifmap_username' => $ifmap_username,
- 'listen_ip_addr' => $listen_ip_address,
- 'listen_port' => $listen_port,
- 'multi_tenancy' => $multi_tenancy,
- 'rabbit_server' => $rabbit_server,
- 'redis_server' => $redis_server,
- 'zk_server_ip' => $zk_server_ip,
+ }
+ $vnc_api_lib_config = {
+ 'auth' => {
+ 'AUTHN_SERVER' => $public_vip,
},
- },
- device_manager_config => {
- 'DEFAULTS' => {
- 'cassandra_server_list' => $cassandra_server_list,
- 'disc_server_ip' => $disc_server_ip,
- 'rabbit_server' => $rabbit_server,
- 'redis_server' => $redis_server,
- 'zk_server_ip' => $zk_server_ip,
+ }
+ }
+ if $step >= 3 {
+ class {'::contrail::config':
+ api_config => {
+ 'DEFAULTS' => {
+ 'aaa_mode' => $aaa_mode,
+ 'auth' => $auth,
+ 'cassandra_server_list' => $cassandra_server_list_9160,
+ 'disc_server_ip' => $disc_server_ip,
+ 'ifmap_password' => $ifmap_password,
+ 'ifmap_server_ip' => $ifmap_server_ip,
+ 'ifmap_username' => $ifmap_username,
+ 'listen_ip_addr' => $listen_ip_address,
+ 'listen_port' => $listen_port,
+ 'rabbit_server' => $rabbit_server_list_5672,
+ 'rabbit_user' => $rabbit_user,
+ 'rabbit_password' => $rabbit_password,
+ 'redis_server' => $redis_server,
+ 'zk_server_ip' => $zk_server_ip_2181,
+ },
},
- },
- schema_config => {
- 'DEFAULTS' => {
- 'cassandra_server_list' => $cassandra_server_list,
- 'disc_server_ip' => $disc_server_ip,
- 'ifmap_password' => $ifmap_password,
- 'ifmap_server_ip' => $ifmap_server_ip,
- 'ifmap_username' => $ifmap_username,
- 'rabbit_server' => $rabbit_server,
- 'redis_server' => $redis_server,
- 'zk_server_ip' => $zk_server_ip,
+ basicauthusers_property => $basicauthusers_property,
+ config_nodemgr_config => {
+ 'DISCOVERY' => {
+ 'server' => $disc_server_ip,
+ 'port' => $disc_server_port,
+ },
},
- },
- discovery_config => {
- 'DEFAULTS' => {
- 'cassandra_server_list' => $cassandra_server_list,
- 'zk_server_ip' => $zk_server_ip,
+ device_manager_config => {
+ 'DEFAULTS' => {
+ 'cassandra_server_list' => $cassandra_server_list_9160,
+ 'disc_server_ip' => $disc_server_ip,
+ 'disc_server_port' => $disc_server_port,
+ 'rabbit_server' => $rabbit_server_list_5672,
+ 'rabbit_user' => $rabbit_user,
+ 'rabbit_password' => $rabbit_password,
+ 'redis_server' => $redis_server,
+ 'zk_server_ip' => $zk_server_ip_2181,
+ },
},
- },
- svc_monitor_config => {
- 'DEFAULTS' => {
- 'cassandra_server_list' => $cassandra_server_list,
- 'disc_server_ip' => $disc_server_ip,
- 'ifmap_password' => $ifmap_password,
- 'ifmap_server_ip' => $ifmap_server_ip,
- 'ifmap_username' => $ifmap_username,
- 'rabbit_server' => $rabbit_server,
- 'redis_server' => $redis_server,
+ discovery_config => {
+ 'DEFAULTS' => {
+ 'cassandra_server_list' => $cassandra_server_list_9160,
+ 'zk_server_ip' => $zk_server_ip_2181,
+ },
},
- },
+ keystone_config => $keystone_config,
+ schema_config => {
+ 'DEFAULTS' => {
+ 'cassandra_server_list' => $cassandra_server_list_9160,
+ 'disc_server_ip' => $disc_server_ip,
+ 'disc_server_port' => $disc_server_port,
+ 'ifmap_password' => $ifmap_password,
+ 'ifmap_server_ip' => $ifmap_server_ip,
+ 'ifmap_username' => $ifmap_username,
+ 'rabbit_server' => $rabbit_server_list_5672,
+ 'rabbit_user' => $rabbit_user,
+ 'rabbit_password' => $rabbit_password,
+ 'redis_server' => $redis_server,
+ 'zk_server_ip' => $zk_server_ip_2181,
+ },
+ },
+ svc_monitor_config => {
+ 'DEFAULTS' => {
+ 'cassandra_server_list' => $cassandra_server_list_9160,
+ 'disc_server_ip' => $disc_server_ip,
+ 'disc_server_port' => $disc_server_port,
+ 'ifmap_password' => $ifmap_password,
+ 'ifmap_server_ip' => $ifmap_server_ip,
+ 'ifmap_username' => $ifmap_username,
+ 'rabbit_server' => $rabbit_server_list_5672,
+ 'rabbit_user' => $rabbit_user,
+ 'rabbit_password' => $rabbit_password,
+ 'redis_server' => $redis_server,
+ 'zk_server_ip' => $zk_server_ip_2181,
+ },
+ },
+ vnc_api_lib_config => $vnc_api_lib_config,
+ }
+ }
+ if $step >= 5 {
+ class {'::contrail::config::provision_config':
+ api_address => $api_server,
+ api_port => $api_port,
+ config_node_address => $host_ip,
+ config_node_name => $::hostname,
+ keystone_admin_user => $admin_user,
+ keystone_admin_password => $admin_password,
+ keystone_admin_tenant_name => $admin_tenant_name,
+ openstack_vip => $public_vip,
+ }
+ if $config_hostnames[0] == $::hostname {
+ class {'::contrail::config::provision_linklocal':
+ api_address => $api_server,
+ api_port => $api_port,
+ ipfabric_service_ip => $api_server,
+ ipfabric_service_port => $ipfabric_service_port,
+ keystone_admin_user => $admin_user,
+ keystone_admin_password => $admin_password,
+ keystone_admin_tenant_name => $admin_tenant_name,
+ linklocal_service_name => $linklocal_service_name,
+ linklocal_service_ip => $linklocal_service_ip,
+ linklocal_service_port => $linklocal_service_port,
+ }
+ }
}
}
diff --git a/manifests/network/contrail/control.pp b/manifests/network/contrail/control.pp
index 2e50108..e9c7a9e 100644
--- a/manifests/network/contrail/control.pp
+++ b/manifests/network/contrail/control.pp
@@ -19,19 +19,6 @@
#
# == Parameters:
#
-# [*host_ip*]
-# (required) host IP address of Control
-# String (IPv4) value.
-#
-# [*ifmap_password*]
-# (required) ifmap password
-# String value.
-#
-# [*ifmap_username*]
-# (optional) ifmap username
-# String value.
-# Defaults to hiera('contrail::ifmap_username'),
-#
# [*admin_password*]
# (optional) admin password
# String value.
@@ -42,16 +29,21 @@
# String value.
# Defaults to hiera('contrail::admin_tenant_name'),
#
-# [*admin_token*]
-# (optional) admin token
-# String value.
-# Defaults to hiera('contrail::admin_token'),
-#
# [*admin_user*]
# (optional) admin user name.
# String value.
# Defaults to hiera('contrail::admin_user'),
#
+# [*api_server*]
+# (optional) IP address of api server
+# String value.
+# Defaults to hiera('contrail_config_vip')
+#
+# [*api_port*]
+# (optional) port of api server
+# String value.
+# Defaults to hiera('contrail::api_port')
+#
# [*auth_host*]
# (optional) keystone server ip address
# String (IPv4) value.
@@ -68,13 +60,33 @@
# [*disc_server_ip*]
# (optional) IPv4 address of discovery server.
# String (IPv4) value.
-# Defaults to hiera('contrail::disc_server_ip'),
+# Defaults to hiera('contrail_config_vip')
#
# [*disc_server_port*]
# (optional) port Discovery server listens on.
# Integer value.
# Defaults to hiera('contrail::disc_server_port'),
#
+# [*host_ip*]
+# (optional) IP address of host
+# String (IPv4) value.
+# Defaults to hiera('contrail::control::host_ip')
+#
+# [*ibgp_auto_mesh*]
+# (optional) iBPG auto mesh
+# String value.
+# Defaults to true
+#
+# [*ifmap_password*]
+# (optional) ifmap password
+# String value.
+# Defaults to hiera('contrail::ifmap_password'),
+#
+# [*ifmap_username*]
+# (optional) ifmap username
+# String value.
+# Defaults to hiera('contrail::ifmap_username'),
+#
# [*insecure*]
# (optional) insecure mode.
# Defaults to hiera('contrail::insecure'),
@@ -84,70 +96,103 @@
# String (IPv4) value + port
# Defaults to hiera('contrail::memcached_servers'),
#
+# [*public_vip*]
+# (optional) Public Virtual IP address
+# String (IPv4) value
+# Defaults to hiera('public_virtual_ip')
+#
+# [*router_asn*]
+# (optional) Autonomus System Number
+# String value
+# Defaults to hiera('contrail::control::asn')
+#
+# [*secret*]
+# (optional) RNDC secret for named
+# String value
+# Defaults to hiera('contrail::control::rndc_secret')
+#
+# [*step*]
+# (optional) Step stack is in
+# Integer value.
+# Defaults to hiera('step')
+#
class tripleo::network::contrail::control(
- $host_ip,
- $ifmap_password,
- $ifmap_username,
- $admin_password = hiera('contrail::admin_password'),
+ $step = hiera('step'),
+ $admin_password = hiera('contrail::admin_password'),
$admin_tenant_name = hiera('contrail::admin_tenant_name'),
- $admin_token = hiera('contrail::admin_token'),
- $admin_user = hiera('contrail::admin_user'),
- $auth_host = hiera('contrail::auth_host'),
- $auth_port = hiera('contrail::auth_port'),
- $auth_protocol = hiera('contrail::auth_protocol'),
- $disc_server_ip = hiera('contrail::disc_server_ip'),
- $disc_server_port = hiera('contrail::disc_server_port'),
- $insecure = hiera('contrail::insecure'),
+ $admin_user = hiera('contrail::admin_user'),
+ $api_server = hiera('contrail_config_vip'),
+ $api_port = hiera('contrail::api_port'),
+ $auth_host = hiera('contrail::auth_host'),
+ $auth_port = hiera('contrail::auth_port'),
+ $auth_protocol = hiera('contrail::auth_protocol'),
+ $disc_server_ip = hiera('contrail_config_vip'),
+ $disc_server_port = hiera('contrail::disc_server_port'),
+ $host_ip = hiera('contrail::control::host_ip'),
+ $ibgp_auto_mesh = true,
+ $ifmap_password = hiera('contrail::control::host_ip'),
+ $ifmap_username = hiera('contrail::control::host_ip'),
+ $insecure = hiera('contrail::insecure'),
$memcached_servers = hiera('contrail::memcached_server'),
+ $public_vip = hiera('public_virtual_ip'),
+ $router_asn = hiera('contrail::control::asn'),
+ $secret = hiera('contrail::control::rndc_secret'),
)
{
- class {'::contrail::keystone':
- keystone_config => {
- 'KEYSTONE' => {
- 'admin_tenant_name' => $admin_tenant_name,
- 'admin_token' => $admin_token,
- 'admin_password' => $admin_password,
- 'admin_user' => $admin_user,
- 'auth_host' => $auth_host,
- 'auth_port' => $auth_port,
- 'auth_protocol' => $auth_protocol,
- 'insecure' => $insecure,
- 'memcached_servers' => $memcached_servers,
+ $control_ifmap_user = "${ifmap_username}.control"
+ $control_ifmap_password = "${ifmap_username}.control"
+ $dns_ifmap_user = "${ifmap_username}.dns"
+ $dns_ifmap_password = "${ifmap_username}.dns"
+
+ if $step >= 3 {
+ class {'::contrail::control':
+ secret => $secret,
+ control_config => {
+ 'DEFAULT' => {
+ 'hostip' => $host_ip,
+ },
+ 'DISCOVERY' => {
+ 'port' => $disc_server_port,
+ 'server' => $disc_server_ip,
+ },
+ 'IFMAP' => {
+ 'password' => $control_ifmap_user,
+ 'user' => $control_ifmap_password,
+ },
},
- },
- } ->
- class {'::contrail::control':
- control_config => {
- 'DEFAULTS' => {
- 'hostip' => $host_ip,
+ dns_config => {
+ 'DEFAULT' => {
+ 'hostip' => $host_ip,
+ 'rndc_secret' => $secret,
+ },
+ 'DISCOVERY' => {
+ 'port' => $disc_server_port,
+ 'server' => $disc_server_ip,
+ },
+ 'IFMAP' => {
+ 'password' => $dns_ifmap_user,
+ 'user' => $dns_ifmap_password,
+ }
},
- 'DISCOVERY' => {
- 'port' => $disc_server_port,
- 'server' => $disc_server_ip,
+ control_nodemgr_config => {
+ 'DISCOVERY' => {
+ 'port' => $disc_server_port,
+ 'server' => $disc_server_ip,
+ },
},
- 'IFMAP' => {
- 'password' => $ifmap_password,
- 'user' => $ifmap_username,
- },
- },
- dns_config => {
- 'DEFAULTS' => {
- 'hostip' => $host_ip,
- },
- 'DISCOVERY' => {
- 'port' => $disc_server_port,
- 'server' => $disc_server_ip,
- },
- 'IFMAP' => {
- 'password' => $ifmap_password,
- 'user' => $ifmap_username,
- }
- },
- control_nodemgr_config => {
- 'DISCOVERY' => {
- 'port' => $disc_server_port,
- 'server' => $disc_server_ip,
- },
- },
+ }
+ }
+ if $step >= 5 {
+ class {'::contrail::control::provision_control':
+ api_address => $api_server,
+ api_port => $api_port,
+ control_node_address => $host_ip,
+ control_node_name => $::hostname,
+ ibgp_auto_mesh => $ibgp_auto_mesh,
+ keystone_admin_user => $admin_user,
+ keystone_admin_password => $admin_password,
+ keystone_admin_tenant_name => $admin_tenant_name,
+ router_asn => $router_asn,
+ }
}
}
diff --git a/manifests/network/contrail/database.pp b/manifests/network/contrail/database.pp
index 58f2670..f74eb1c 100644
--- a/manifests/network/contrail/database.pp
+++ b/manifests/network/contrail/database.pp
@@ -13,41 +13,154 @@
# License for the specific language governing permissions and limitations
# under the License.
#
-# == Class: tripleo::network::contrail::control
+# == Class: tripleo::network::contrail::database
#
-# Configure Contrail Control services
+# Configure Contrail Database services
#
# == Parameters:
#
-# [*host_ip*]
-# (required) host IP address of Database node
+# [*admin_password*]
+# (optional) admin password
+# String value.
+# Defaults to hiera('contrail::admin_password')
+#
+# [*admin_tenant_name*]
+# (optional) admin tenant name.
+# String value.
+# Defaults to hiera('contrail::admin_tenant_name')
+#
+# [*admin_token*]
+# (optional) admin token
+# String value.
+# Defaults to hiera('contrail::admin_token')
+#
+# [*admin_user*]
+# (optional) admin user name.
+# String value.
+# Defaults to hiera('contrail::admin_user')
+#
+# [*api_port*]
+# (optional) Port of Config API
+# String value.
+# Defaults to hiera('contrail::api_port')
+#
+# [*api_server*]
+# (optional) VIP of Config API
+# String (IPv4) value.
+# Defaults to hiera('contrail_config_vip')
+#
+# [*auth_host*]
+# (optional) keystone server ip address
# String (IPv4) value.
+# Defaults to hiera('contrail::auth_host')
+#
+# [*cassandra_servers*]
+# (optional) List IPs+port of Cassandra servers
+# Array of strings value.
+# Defaults to hiera('contrail_database_node_ips')
#
# [*disc_server_ip*]
# (optional) IPv4 address of discovery server.
# String (IPv4) value.
-# Defaults to hiera('contrail::disc_server_ip')
+# Defaults to hiera('contrail_config_vip'),
#
# [*disc_server_port*]
# (optional) port Discovery server listens on.
# Integer value.
# Defaults to hiera('contrail::disc_server_port')
#
+# [*host_ip*]
+# (required) host IP address of Database node
+# String (IPv4) value.
+#
+# [*host_name*]
+# (optional) host name of Database node
+# String value.
+# Defaults to $::hostname
+#
+# [*public_vip*]
+# (optional) Public virtual ip
+# String value.
+# Defaults to hiera('public_virtual_ip')
+#
+# [*step*]
+# (optional) Step stack is in
+# Integer value.
+# Defaults to hiera('step')
+#
+# [*zookeeper_client_ip*]
+# (optional) Zookeeper listen address
+# String (IPv4) value.
+# Defaults to hiera('contrail::database::host_ip')
+#
+# [*zookeeper_hostnames*]
+# (optional) Zookeeper hostname list
+# Array of string value.
+# Defaults to hiera('contrail_database_short_node_names')
+#
+# [*zookeeper_server_ips*]
+# (optional) Zookeeper ip list
+# Array of string (IPv4) values
+# Defaults to hiera('contrail_database_node_ips')
+#
class tripleo::network::contrail::database(
- $host_ip,
- $disc_server_ip = hiera('contrail::disc_server_ip'),
- $disc_server_port = hiera('contrail::disc_server_port'),
+ $admin_password = hiera('contrail::admin_password'),
+ $admin_tenant_name = hiera('contrail::admin_tenant_name'),
+ $admin_token = hiera('contrail::admin_token'),
+ $admin_user = hiera('contrail::admin_user'),
+ $api_port = hiera('contrail::api_port'),
+ $api_server = hiera('contrail_config_vip'),
+ $auth_host = hiera('contrail::auth_host'),
+ $cassandra_servers = hiera('contrail_database_node_ips'),
+ $disc_server_ip = hiera('contrail_config_vip'),
+ $disc_server_port = hiera('contrail::disc_server_port'),
+ $host_ip = hiera('contrail::database::host_ip'),
+ $host_name = $::hostname,
+ $public_vip = hiera('public_virtual_ip'),
+ $step = hiera('step'),
+ $zookeeper_client_ip = hiera('contrail::database::host_ip'),
+ $zookeeper_hostnames = hiera('contrail_database_short_node_names'),
+ $zookeeper_server_ips = hiera('contrail_database_node_ips'),
)
{
- class {'::contrail::database':
- database_nodemgr_config => {
- 'DEFAULTS' => {
- 'hostip' => $host_ip,
- },
- 'DISCOVERY' => {
- 'port' => $disc_server_port,
- 'server' => $disc_server_ip,
- },
- },
+ if $step == 2 {
+ class {'::contrail::database':
+ database_params => {
+ 'auth_host' => $auth_host,
+ 'api_server' => $api_server,
+ 'admin_password' => $admin_password,
+ 'admin_tenant_name' => $admin_tenant_name,
+ 'admin_token' => $admin_token,
+ 'admin_user' => $admin_user,
+ 'cassandra_servers' => $cassandra_servers,
+ 'host_ip' => $host_ip,
+ 'disc_server_ip' => $disc_server_ip,
+ 'disc_server_port' => $disc_server_port,
+ 'zookeeper_client_ip' => $zookeeper_client_ip,
+ 'zookeeper_hostnames' => $zookeeper_hostnames,
+ 'zookeeper_server_ips' => $zookeeper_server_ips,
+ database_nodemgr_config => {
+ 'DEFAULT' => {
+ 'hostip' => $host_ip,
+ },
+ 'DISCOVERY' => {
+ 'port' => $disc_server_port,
+ 'server' => $disc_server_ip,
+ },
+ },
+ }
+ }
+ }
+ if $step >= 5 {
+ class {'::contrail::database::provision_database':
+ api_address => $api_server,
+ api_port => $api_port,
+ database_node_address => $host_ip,
+ database_node_name => $host_name,
+ keystone_admin_user => $admin_user,
+ keystone_admin_password => $admin_password,
+ keystone_admin_tenant_name => $admin_tenant_name,
+ openstack_vip => $public_vip,
+ }
}
}
diff --git a/manifests/network/contrail/heat.pp b/manifests/network/contrail/heat.pp
new file mode 100644
index 0000000..637fdda
--- /dev/null
+++ b/manifests/network/contrail/heat.pp
@@ -0,0 +1,80 @@
+#
+# Copyright (C) 2015 Juniper Networks
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::network::contrail::heat
+#
+# Configure Contrail Heat plugin
+#
+# == Parameters:
+#
+# [*admin_password*]
+# (optional) admin password
+# String value.
+# Defaults to hiera('contrail::admin_password')
+#
+# [*admin_user*]
+# (optional) admin user name.
+# String value.
+# Defaults to hiera('contrail::admin_user')
+#
+# [*api_port*]
+# (optional) port of api server
+# String value.
+# Defaults to hiera('contrail::api_port')
+#
+# [*api_server*]
+# (optional) IP address of api server
+# String value.
+# Defaults to hiera('contrail_config_vip')
+#
+# [*auth_host*]
+# (optional) keystone server ip address
+# String (IPv4) value.
+# Defaults to hiera('contrail::auth_host')
+#
+# [*step*]
+# (optional) Step stack is in
+# Integer value.
+# Defaults to hiera('step')
+#
+# [*use_ssl*]
+# (optional) switch for ssl usage
+# String value.
+# Defaults to 'False'
+#
+class tripleo::network::contrail::heat(
+ $admin_password = hiera('contrail::admin_password'),
+ $admin_user = hiera('contrail::admin_user'),
+ $api_port = 8082,
+ $api_server = hiera('contrail_config_vip'),
+ $auth_host = hiera('contrail::auth_host'),
+ $step = hiera('step'),
+ $use_ssl = 'False',
+)
+{
+ class {'::contrail::heat':
+ heat_config => {
+ 'clients_contrail' => {
+ 'api_base_url' => '/',
+ 'api_server' => $api_server,
+ 'api_port' => $api_port,
+ 'auth_host_ip' => $auth_host,
+ 'user' => $admin_user,
+ 'password' => $admin_password,
+ 'use_ssl' => $use_ssl,
+ },
+ },
+ }
+}
diff --git a/manifests/network/contrail/neutron_plugin.pp b/manifests/network/contrail/neutron_plugin.pp
new file mode 100644
index 0000000..d9aa587
--- /dev/null
+++ b/manifests/network/contrail/neutron_plugin.pp
@@ -0,0 +1,203 @@
+# This class installs and configures Opencontrail Neutron Plugin.
+#
+# === Parameters
+#
+# [*admin_password*]
+# (optional) admin password
+# String value.
+# Defaults to hiera('contrail::admin_password')
+#
+# [*admin_tenant_name*]
+# (optional) admin tenant name.
+# String value.
+# Defaults to hiera('contrail::admin_tenant_name')
+#
+# [*admin_token*]
+# (optional) admin token
+# String value.
+# Defaults to hiera('contrail::admin_token')
+#
+# [*admin_user*]
+# (optional) admin user name.
+# String value.
+# Defaults to hiera('contrail::admin_user')
+#
+# [*api_port*]
+# (optional) port of api server
+# String value.
+# Defaults to hiera('contrail::api_port')
+#
+# [*api_server*]
+# (optional) IP address of api server
+# String value.
+# Defaults to hiera('contrail_config_vip')
+#
+# [*auth_host*]
+# (optional) keystone server ip address
+# String (IPv4) value.
+# Defaults to hiera('contrail::auth_host')
+#
+# [*auth_port*]
+# (optional) keystone port.
+# Integer value.
+# Defaults to hiera('contrail::auth_port')
+#
+# [*auth_port_ssl*]
+# (optional) keystone ssl port.
+# Integer value.
+# Defaults to hiera('contrail::auth_port_ssl')
+#
+# [*auth_protocol*]
+# (optional) authentication protocol.
+# String value.
+# Defaults to hiera('contrail::auth_protocol')
+#
+# [*ca_file*]
+# (optional) ca file name
+# String value.
+# Defaults to hiera('contrail::service_certificate',false)
+#
+# [*cert_file*]
+# (optional) cert file name
+# String value.
+# Defaults to hiera('contrail::service_certificate',false)
+#
+# [*contrail_extensions*]
+# Array of OpenContrail extensions to be supported
+# Defaults to $::os_service_default
+# Example:
+#
+# class {'neutron::plugins::opencontrail' :
+# contrail_extensions => ['ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam']
+# }
+#
+# [*package_ensure*]
+# (optional) Ensure state for package.
+# Defaults to 'present'.
+#
+# [*purge_config*]
+# (optional) Whether to set only the specified config options
+# in the opencontrail config.
+# Defaults to false.
+#
+class tripleo::network::contrail::neutron_plugin (
+ $admin_password = hiera('contrail::admin_password'),
+ $admin_tenant_name = hiera('contrail::admin_tenant_name'),
+ $admin_token = hiera('contrail::admin_token'),
+ $admin_user = hiera('contrail::admin_user'),
+ $api_port = hiera('contrail::api_port'),
+ $api_server = hiera('contrail_config_vip'),
+ $auth_host = hiera('contrail::auth_host'),
+ $auth_port = hiera('contrail::auth_port'),
+ $auth_port_ssl = hiera('contrail::auth_port_ssl'),
+ $auth_protocol = hiera('contrail::auth_protocol'),
+ $ca_file = hiera('tripleo::haproxy::service_certificate',false),
+ $cert_file = hiera('tripleo::haproxy::service_certificate',false),
+ $contrail_extensions = hiera('contrail::vrouter::contrail_extensions'),
+ $package_ensure = 'present',
+ $purge_config = false,
+) {
+
+ include ::neutron::deps
+ include ::neutron::params
+
+ validate_array($contrail_extensions)
+
+ package { 'neutron-plugin-contrail':
+ ensure => $package_ensure,
+ name => $::neutron::params::opencontrail_plugin_package,
+ tag => ['neutron-package', 'openstack'],
+ }
+ package {'python-contrail':
+ ensure => installed,
+ }
+
+ ensure_resource('file', '/etc/neutron/plugins/opencontrail', {
+ ensure => directory,
+ owner => 'root',
+ group => 'neutron',
+ mode => '0640'}
+ )
+
+ if $::osfamily == 'Debian' {
+ file_line { '/etc/default/neutron-server:NEUTRON_PLUGIN_CONFIG':
+ path => '/etc/default/neutron-server',
+ match => '^NEUTRON_PLUGIN_CONFIG=(.*)$',
+ line => "NEUTRON_PLUGIN_CONFIG=${::neutron::params::opencontrail_config_file}",
+ tag => 'neutron-file-line',
+ }
+ }
+
+ if $::osfamily == 'Redhat' {
+ file { '/etc/neutron/plugin.ini':
+ ensure => link,
+ target => $::neutron::params::opencontrail_config_file,
+ require => Package[$::neutron::params::opencontrail_plugin_package],
+ tag => 'neutron-config-file',
+ }
+ $api_paste_config_file = '/usr/share/neutron/api-paste.ini'
+ }
+ ini_setting { 'filter:user_token':
+ ensure => present,
+ path => $api_paste_config_file,
+ section => 'filter:user_token',
+ setting => 'paste.filter_factory',
+ value => 'neutron_plugin_contrail.plugins.opencontrail.neutron_middleware:token_factory',
+ }
+ ini_setting { 'composite:neutronapi_v2_0':
+ ensure => present,
+ path => $api_paste_config_file,
+ section => 'composite:neutronapi_v2_0',
+ setting => 'keystone',
+ value => 'user_token cors http_proxy_to_wsgi request_id catch_errors authtoken keystonecontext extensions neutronapiapp_v2_0',
+ }
+ resources { 'neutron_plugin_opencontrail':
+ purge => $purge_config,
+ }
+
+ exec { 'add neutron user to haproxy group':
+ command => '/usr/sbin/usermod -a -G haproxy neutron',
+ }
+
+ if $auth_protocol == 'https' {
+ $auth_url = join([$auth_protocol,'://',$auth_host,':',$auth_port_ssl,'/v2.0'])
+ neutron_plugin_opencontrail {
+ 'APISERVER/api_server_ip': value => $api_server;
+ 'APISERVER/api_server_port': value => $api_port;
+ 'APISERVER/contrail_extensions': value => join($contrail_extensions, ',');
+ 'KEYSTONE/auth_url': value => $auth_url;
+ 'KEYSTONE/admin_user' : value => $admin_user;
+ 'KEYSTONE/admin_tenant_name': value => $admin_tenant_name;
+ 'KEYSTONE/admin_password': value => $admin_password, secret =>true;
+ 'KEYSTONE/admin_token': value => $admin_token, secret =>true;
+ 'KEYSTONE/cafile': value => $ca_file;
+ 'KEYSTONE/certfile': value => $cert_file;
+ 'keystone_authtoken/admin_user': value => $admin_user;
+ 'keystone_authtoken/admin_tenant': value => $admin_tenant_name;
+ 'keystone_authtoken/admin_password': value => $admin_password, secret =>true;
+ 'keystone_authtoken/auth_host': value => $auth_host;
+ 'keystone_authtoken/auth_protocol': value => $auth_protocol;
+ 'keystone_authtoken/auth_port': value => $auth_port_ssl;
+ 'keystone_authtoken/cafile': value => $ca_file;
+ 'keystone_authtoken/certfile': value => $cert_file;
+ }
+ } else {
+ $auth_url = join([$auth_protocol,'://',$auth_host,':',$auth_port,'/v2.0'])
+ neutron_plugin_opencontrail {
+ 'APISERVER/api_server_ip': value => $api_server;
+ 'APISERVER/api_server_port': value => $api_port;
+ 'APISERVER/contrail_extensions': value => join($contrail_extensions, ',');
+ 'KEYSTONE/auth_url': value => $auth_url;
+ 'KEYSTONE/admin_user' : value => $admin_user;
+ 'KEYSTONE/admin_tenant_name': value => $admin_tenant_name;
+ 'KEYSTONE/admin_password': value => $admin_password, secret =>true;
+ 'KEYSTONE/admin_token': value => $admin_token, secret =>true;
+ 'keystone_authtoken/admin_user': value => $admin_user;
+ 'keystone_authtoken/admin_tenant': value => $admin_tenant_name;
+ 'keystone_authtoken/admin_password': value => $admin_password, secret =>true;
+ 'keystone_authtoken/auth_host': value => $auth_host;
+ 'keystone_authtoken/auth_protocol': value => $auth_protocol;
+ 'keystone_authtoken/auth_port': value => $auth_port;
+ }
+ }
+}
diff --git a/manifests/network/contrail/provision.pp b/manifests/network/contrail/provision.pp
new file mode 100644
index 0000000..3025737
--- /dev/null
+++ b/manifests/network/contrail/provision.pp
@@ -0,0 +1,92 @@
+#
+# Copyright (C) 2015 Juniper Networks
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::network::contrail::provision
+#
+# Provisions Contrail Control and link local services
+#
+# == Parameters:
+#
+# [*admin_password*]
+# (optional) admin password
+# String value.
+# Defaults to hiera('contrail::admin_password'),
+#
+# [*admin_tenant_name*]
+# (optional) admin tenant name.
+# String value.
+# Defaults to hiera('contrail::admin_tenant_name'),
+#
+# [*admin_token*]
+# (optional) admin token
+# String value.
+# Defaults to hiera('contrail::admin_token'),
+#
+# [*admin_user*]
+# (optional) admin user name.
+# String value.
+# Defaults to hiera('contrail::admin_user'),
+#
+# [*api_server*]
+# (optional) IP address of api server
+# String value.
+# Defaults to hiera('contrail_config_vip')
+#
+# [*auth_host*]
+# (optional) keystone server ip address
+# String (IPv4) value.
+# Defaults to hiera('contrail::auth_host'),
+#
+# [*auth_port*]
+# (optional) keystone port.
+# Defaults to hiera('contrail::auth_port'),
+#
+# [*auth_protocol*]
+# (optional) authentication protocol.
+# Defaults to hiera('contrail::auth_protocol'),
+#
+# [*step*]
+# (optional) Step stack is in
+# Integer value.
+# Defaults to hiera('step')
+#
+class tripleo::network::contrail::provision(
+ $admin_password = hiera('contrail::admin_password'),
+ $admin_tenant_name = hiera('contrail::admin_tenant_name'),
+ $admin_token = hiera('contrail::admin_token'),
+ $admin_user = hiera('contrail::admin_user'),
+ $api_server = hiera('contrail_config_vip'),
+ $auth_host = hiera('contrail::auth_host'),
+ $auth_port = hiera('contrail::auth_port'),
+ $auth_protocol = hiera('contrail::auth_protocol'),
+ $step = hiera('step'),
+)
+{
+ if $step >= 5 {
+ class {'::contrail::control::provision_control':
+ api_address => $api_server,
+ keystone_admin_user => $admin_user,
+ keystone_admin_password => $admin_password,
+ keystone_admin_tenant_name => $admin_tenant_name,
+ }
+ class {'::contrail::control::provision_linklocal':
+ api_address => $api_server,
+ keystone_admin_user => $admin_user,
+ keystone_admin_password => $admin_password,
+ keystone_admin_tenant_name => $admin_tenant_name,
+ ipfabric_service_ip => $api_server,
+ }
+ }
+}
diff --git a/manifests/network/contrail/vrouter.pp b/manifests/network/contrail/vrouter.pp
new file mode 100644
index 0000000..2bccd1d
--- /dev/null
+++ b/manifests/network/contrail/vrouter.pp
@@ -0,0 +1,302 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::neutron::opencontrail::vrouter
+#
+# Opencontrail profile to run the contrail vrouter
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) The current step of the deployment
+# Defaults to hiera('step')
+#
+# [*admin_password*]
+# (optional) admin password
+# String value.
+# Defaults to hiera('contrail::admin_password')
+#
+# [*admin_tenant_name*]
+# (optional) admin tenant name.
+# String value.
+# Defaults to hiera('contrail::admin_tenant_name')
+#
+# [*admin_token*]
+# (optional) admin token
+# String value.
+# Defaults to hiera('contrail::admin_token')
+#
+# [*admin_user*]
+# (optional) admin user name.
+# String value.
+# Defaults to hiera('contrail::admin_user')
+#
+# [*api_server*]
+# (optional) IP address of api server
+# String value.
+# Defaults to hiera('contrail_config_vip')
+#
+# [*api_port*]
+# (optional) port of api server
+# String value.
+# Defaults to hiera('contrail::api_port')
+#
+# [*auth_host*]
+# (optional) keystone server ip address
+# String (IPv4) value.
+# Defaults to hiera('contrail::auth_host')
+#
+# [*auth_port*]
+# (optional) keystone port.
+# Integer value.
+# Defaults to hiera('contrail::auth_port')
+#
+# [*auth_port_ssl*]
+# (optional) keystone ssl port.
+# Integer value.
+# Defaults to hiera('contrail::auth_port_ssl')
+#
+# [*auth_protocol*]
+# (optional) authentication protocol.
+# String value.
+# Defaults to hiera('contrail::auth_protocol')
+#
+# [*ca_file*]
+# (optional) ca file name
+# String value.
+# Defaults to hiera('contrail::service_certificate',false)
+#
+# [*cert_file*]
+# (optional) cert file name
+# String value.
+# Defaults to hiera('contrail::service_certificate',false)
+#
+# [*control_server*]
+# (optional) Contrail control server IP
+# Array of String (IPv4) value.
+# Defaults to hiera('contrail_control_node_ips')
+#
+# [*disc_server_ip*]
+# (optional) IPv4 address of discovery server.
+# String (IPv4) value.
+# Defaults to hiera('contrail_config_vip'),
+#
+# [*disc_server_port*]
+# (optional) port Discovery server listens on.
+# Integer value.
+# Defaults to hiera('contrail::disc_server_port')
+#
+# [*gateway*]
+# (optional) Default GW for vrouter
+# String (IPv4) value.
+# Defaults to hiera('contrail::vrouter::gateway')
+#
+# [*host_ip*]
+# (optional) host IP address of vrouter
+# String (IPv4) value.
+# Defaults to hiera('contrail::vrouter::host_ip')
+#
+# [*insecure*]
+# (optional) insecure connections allowed
+# String value.
+# Defaults to hiera('contrail::insecure')
+#
+# [*memcached_servers*]
+# (optional) memcached server ip
+# String (IPv4) value.
+# Defaults to hiera('contrail::memcached_server')
+#
+# [*metadata_secret*]
+# (optional) secret for metadata
+# String value.
+# Defaults to hiera('contrail::vrouter::metadata_proxy_shared_secret')
+#
+# [*netmask*]
+# (optional) netmask for vrouter interface
+# String (IPv4) value.
+# Defaults to hiera('contrail::vrouter::netmask')
+#
+# [*physical_interface*]
+# (optional) vrouter interface
+# String value.
+# Defaults to hiera('contrail::vrouter::physical_interface')
+#
+# [*public_vip*]
+# (optional) Public VIP to Keystone
+# String (IPv4) value.
+# Defaults to hiera('public_virtual_ip')
+#
+# [*is_tsn*]
+# (optional) Turns vrouter into TSN
+# String value.
+# Defaults to hiera('contrail::vrouter::is_tsn',false)
+#
+class tripleo::network::contrail::vrouter (
+ $step = hiera('step'),
+ $admin_password = hiera('contrail::admin_password'),
+ $admin_tenant_name = hiera('contrail::admin_tenant_name'),
+ $admin_token = hiera('contrail::admin_token'),
+ $admin_user = hiera('contrail::admin_user'),
+ $api_port = hiera('contrail::api_port'),
+ $api_server = hiera('contrail_config_vip'),
+ $auth_host = hiera('contrail::auth_host'),
+ $auth_port = hiera('contrail::auth_port'),
+ $auth_port_ssl = hiera('contrail::auth_port_ssl'),
+ $auth_protocol = hiera('contrail::auth_protocol'),
+ $ca_file = hiera('contrail::service_certificate',false),
+ $cert_file = hiera('contrail::service_certificate',false),
+ $control_server = hiera('contrail_control_node_ips'),
+ $disc_server_ip = hiera('contrail_config_vip'),
+ $disc_server_port = hiera('contrail::disc_server_port'),
+ $gateway = hiera('contrail::vrouter::gateway'),
+ $host_ip = hiera('contrail::vrouter::host_ip'),
+ $insecure = hiera('contrail::insecure'),
+ $memcached_servers = hiera('contrail::memcached_server'),
+ $metadata_secret = hiera('contrail::vrouter::metadata_proxy_shared_secret'),
+ $netmask = hiera('contrail::vrouter::netmask'),
+ $physical_interface = hiera('contrail::vrouter::physical_interface'),
+ $public_vip = hiera('public_virtual_ip'),
+ $is_tsn = hiera('contrail::vrouter::is_tsn',false),
+) {
+ $cidr = netmask_to_cidr($netmask)
+ notify { 'cidr':
+ message => $cidr,
+ }
+ $macaddress = inline_template("<%= scope.lookupvar('::macaddress_${physical_interface}') -%>")
+ #include ::contrail::vrouter
+ # NOTE: it's not possible to use this class without a functional
+ # contrail controller up and running
+ $control_server_list = join($control_server, ' ')
+ if $auth_protocol == 'https' {
+ $keystone_config = {
+ 'KEYSTONE' => {
+ 'admin_password' => $admin_password,
+ 'admin_tenant_name' => $admin_tenant_name,
+ 'admin_token' => $admin_token,
+ 'admin_user' => $admin_user,
+ 'auth_host' => $auth_host,
+ 'auth_port' => $auth_port_ssl,
+ 'auth_protocol' => $auth_protocol,
+ 'insecure' => $insecure,
+ 'memcached_servers' => $memcached_servers,
+ 'certfile' => $cert_file,
+ 'cafile' => $ca_file,
+ },
+ }
+ $vnc_api_lib_config = {
+ 'auth' => {
+ 'AUTHN_SERVER' => $public_vip,
+ 'AUTHN_PORT' => $auth_port_ssl,
+ 'AUTHN_PROTOCOL' => $auth_protocol,
+ 'certfile' => $cert_file,
+ 'cafile' => $ca_file,
+ },
+ }
+ } else {
+ $keystone_config = {
+ 'KEYSTONE' => {
+ 'admin_password' => $admin_password,
+ 'admin_tenant_name' => $admin_tenant_name,
+ 'admin_token' => $admin_token,
+ 'admin_user' => $admin_user,
+ 'auth_host' => $auth_host,
+ 'auth_port' => $auth_port,
+ 'auth_protocol' => $auth_protocol,
+ 'insecure' => $insecure,
+ 'memcached_servers' => $memcached_servers,
+ },
+ }
+ $vnc_api_lib_config = {
+ 'auth' => {
+ 'AUTHN_SERVER' => $public_vip,
+ },
+ }
+ }
+ if $is_tsn {
+ $vrouter_agent_config = {
+ 'DEBUG' => {
+ 'agent_mode' => 'tsn',
+ },
+ 'CONTROL-NODE' => {
+ 'server' => $control_server_list,
+ },
+ 'VIRTUAL-HOST-INTERFACE' => {
+ 'compute_node_address' => $host_ip,
+ 'gateway' => $gateway,
+ 'ip' => "${host_ip}/${cidr}",
+ 'name' => 'vhost0',
+ 'physical_interface' => $physical_interface,
+ },
+ 'METADATA' => {
+ 'metadata_proxy_secret' => $metadata_secret,
+ },
+ 'DISCOVERY' => {
+ 'server' => $disc_server_ip,
+ 'port' => $disc_server_port,
+ },
+ }
+ } else {
+ $vrouter_agent_config = {
+ 'CONTROL-NODE' => {
+ 'server' => $control_server_list,
+ },
+ 'VIRTUAL-HOST-INTERFACE' => {
+ 'compute_node_address' => $host_ip,
+ 'gateway' => $gateway,
+ 'ip' => "${host_ip}/${cidr}",
+ 'name' => 'vhost0',
+ 'physical_interface' => $physical_interface,
+ },
+ 'METADATA' => {
+ 'metadata_proxy_secret' => $metadata_secret,
+ },
+ 'DISCOVERY' => {
+ 'server' => $disc_server_ip,
+ 'port' => $disc_server_port,
+ },
+ }
+ }
+ class {'::contrail::vrouter':
+ discovery_ip => $disc_server_ip,
+ gateway => $gateway,
+ host_ip => $host_ip,
+ is_tsn => $is_tsn,
+ macaddr => $macaddress,
+ mask => $cidr,
+ netmask => $netmask,
+ physical_interface => $physical_interface,
+ vhost_ip => $host_ip,
+ keystone_config => $keystone_config,
+ vrouter_agent_config => $vrouter_agent_config,
+ vrouter_nodemgr_config => {
+ 'DISCOVERY' => {
+ 'server' => $disc_server_ip,
+ 'port' => $disc_server_port,
+ },
+ },
+ vnc_api_lib_config => $vnc_api_lib_config,
+ }
+ if $step >= 5 {
+ class {'::contrail::vrouter::provision_vrouter':
+ api_address => $api_server,
+ api_port => $api_port,
+ host_ip => $host_ip,
+ node_name => $::hostname,
+ keystone_admin_user => $admin_user,
+ keystone_admin_password => $admin_password,
+ keystone_admin_tenant_name => $admin_tenant_name,
+ is_tsn => $is_tsn,
+ }
+ }
+}
diff --git a/manifests/network/contrail/webui.pp b/manifests/network/contrail/webui.pp
index 0b308a4..b621811 100644
--- a/manifests/network/contrail/webui.pp
+++ b/manifests/network/contrail/webui.pp
@@ -19,18 +19,6 @@
#
# == Parameters:
#
-# [*contrail_analytics_vip*]
-# (required) VIP of Contrail Analytics
-# String (IPv4) value.
-#
-# [*contrail_config_vip*]
-# (required) VIP of Contrail Config
-# String (IPv4) value.
-#
-# [*neutron_vip*]
-# (required) VIP of Neutron
-# String (IPv4) value.
-#
# [*admin_password*]
# (optional) admin password
# String value.
@@ -56,11 +44,46 @@
# String (IPv4) value.
# Defaults to hiera('contrail::auth_host')
#
+# [*auth_port_public*]
+# (optional) keystone port.
+# Integer value.
+# Defaults to hiera('contrail::auth_port_public')
+#
+# [*auth_port_ssl*]
+# (optional) keystone ssl port.
+# Integer value.
+# Defaults to hiera('contrail::auth_port_ssl')
+#
+# [*auth_port_ssl_public*]
+# (optional) keystone public ssl port.
+# Integer value.
+# Defaults to hiera('contrail::auth_port_ssl_public')
+#
+# [*auth_protocol*]
+# (optional) authentication protocol.
+# String value.
+# Defaults to hiera('contrail::auth_protocol')
+#
+# [*cert_file*]
+# (optional) cert file name
+# String value.
+# Defaults to hiera('contrail::service_certificate',false)
+#
# [*cassandra_server_list*]
# (optional) List IPs+port of Cassandra servers
# Array of strings value.
# Defaults to hiera('contrail::cassandra_server_list')
#
+# [*contrail_analytics_vip*]
+# (optional) VIP of Contrail Analytics
+# String (IPv4) value.
+# Defaults to hiera('contrail_analytics_vip')
+#
+# [*contrail_config_vip*]
+# (optional) VIP of Contrail Config
+# String (IPv4) value.
+# Defaults to hiera('contrail_config_vip')
+#
# [*contrail_webui_http_port*]
# (optional) Webui HTTP Port
# Integer value.
@@ -71,38 +94,55 @@
# Integer value.
# Defaults to 8143
#
+# [*neutron_vip*]
+# (optional) VIP of Neutron
+# String (IPv4) value.
+# Defaults to hiera('neutron_api_vip')
+#
# [*redis_ip*]
# (optional) IP of Redis
# String (IPv4) value.
# Defaults to '127.0.0.1'
#
class tripleo::network::contrail::webui(
- $contrail_analytics_vip,
- $contrail_config_vip,
- $neutron_vip,
- $admin_password = hiera('contrail::admin_password'),
- $admin_tenant_name = hiera('contrail::admin_tenant_name'),
- $admin_token = hiera('contrail::admin_token'),
- $admin_user = hiera('contrail::admin_user'),
- $auth_host = hiera('contrail::auth_host'),
- $cassandra_server_list = hiera('contrail::cassandra_server_list'),
- $contrail_webui_http_port = 8080,
- $contrail_webui_https_port = 8143,
- $redis_ip = '127.0.0.1',
+ $admin_password = hiera('contrail::admin_password'),
+ $admin_tenant_name = hiera('contrail::admin_tenant_name'),
+ $admin_token = hiera('contrail::admin_token'),
+ $admin_user = hiera('contrail::admin_user'),
+ $auth_host = hiera('contrail::auth_host'),
+ $auth_protocol = hiera('contrail::auth_protocol'),
+ $auth_port_public = hiera('contrail::auth_port_public'),
+ $auth_port_ssl_public = hiera('contrail::auth_port_ssl_public'),
+ $cassandra_server_list = hiera('contrail_database_node_ips'),
+ $cert_file = hiera('contrail::cert_file'),
+ $contrail_analytics_vip = hiera('contrail_analytics_vip'),
+ $contrail_config_vip = hiera('contrail_config_vip'),
+ $contrail_webui_http_port = hiera('contrail::webui::http_port'),
+ $contrail_webui_https_port = hiera('contrail::webui::https_port'),
+ $neutron_vip = hiera('neutron_api_vip'),
+ $redis_ip = hiera('contrail::webui::redis_ip'),
)
{
+ if $auth_protocol == 'https' {
+ $auth_port = $auth_port_ssl_public
+ } else {
+ $auth_port = $auth_port_public
+ }
class {'::contrail::webui':
- openstack_vip => $auth_host,
- contrail_config_vip => $contrail_config_vip,
- contrail_analytics_vip => $contrail_analytics_vip,
- neutron_vip => $neutron_vip,
- cassandra_ip => $cassandra_server_list,
- redis_ip => $redis_ip,
- contrail_webui_http_port => $contrail_webui_http_port,
- contrail_webui_https_port => $contrail_webui_https_port,
admin_user => $admin_user,
admin_password => $admin_password,
admin_token => $admin_token,
admin_tenant_name => $admin_tenant_name,
+ auth_port => $auth_port,
+ auth_protocol => $auth_protocol,
+ cassandra_ip => $cassandra_server_list,
+ cert_file => $cert_file,
+ contrail_config_vip => $contrail_config_vip,
+ contrail_analytics_vip => $contrail_analytics_vip,
+ contrail_webui_http_port => $contrail_webui_http_port,
+ contrail_webui_https_port => $contrail_webui_https_port,
+ neutron_vip => $neutron_vip,
+ openstack_vip => $auth_host,
+ redis_ip => $redis_ip,
}
}
diff --git a/manifests/pacemaker/haproxy_with_vip.pp b/manifests/pacemaker/haproxy_with_vip.pp
index 0539beb..a27b94b 100644
--- a/manifests/pacemaker/haproxy_with_vip.pp
+++ b/manifests/pacemaker/haproxy_with_vip.pp
@@ -27,11 +27,35 @@
# (String) IP address on which HAProxy is colocated
# Required
#
+# [*location_rule*]
+# (optional) Add a location constraint before actually enabling
+# the resource. Must be a hash like the following example:
+# location_rule => {
+# resource_discovery => 'exclusive', # optional
+# role => 'master|slave', # optional
+# score => 0, # optional
+# score_attribute => foo, # optional
+# # Multiple expressions can be used
+# expression => ['opsrole eq controller']
+# }
+# Defaults to undef
+#
+# [*pcs_tries*]
+# (Optional) The number of times pcs commands should be retried.
+# Defaults to 1
+#
# [*ensure*]
# (Boolean) Create the all the resources only if true. False won't
# destroy the resource, it will just not create them.
# Default to true
-define tripleo::pacemaker::haproxy_with_vip($vip_name, $ip_address, $ensure = true) {
+#
+define tripleo::pacemaker::haproxy_with_vip(
+ $vip_name,
+ $ip_address,
+ $location_rule = undef,
+ $pcs_tries = 1,
+ $ensure = true)
+{
if($ensure) {
if is_ipv6_address($ip_address) {
$netmask = '64'
@@ -40,25 +64,29 @@ define tripleo::pacemaker::haproxy_with_vip($vip_name, $ip_address, $ensure = tr
}
pacemaker::resource::ip { "${vip_name}_vip":
- ip_address => $ip_address,
- cidr_netmask => $netmask,
+ ip_address => $ip_address,
+ cidr_netmask => $netmask,
+ location_rule => $location_rule,
+ tries => $pcs_tries,
}
- pacemaker::constraint::base { "${vip_name}_vip-then-haproxy":
- constraint_type => 'order',
+ pacemaker::constraint::order { "${vip_name}_vip-then-haproxy":
first_resource => "ip-${ip_address}",
second_resource => 'haproxy-clone',
first_action => 'start',
second_action => 'start',
constraint_params => 'kind=Optional',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip["${vip_name}_vip"]],
+ tries => $pcs_tries,
}
pacemaker::constraint::colocation { "${vip_name}_vip-with-haproxy":
- source => "ip-${ip_address}",
- target => 'haproxy-clone',
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip["${vip_name}_vip"]],
+ source => "ip-${ip_address}",
+ target => 'haproxy-clone',
+ score => 'INFINITY',
+ tries => $pcs_tries,
}
+
+ Pacemaker::Resource::Ip["${vip_name}_vip"] ->
+ Pacemaker::Resource::Service['haproxy'] ->
+ Pacemaker::Constraint::Order["${vip_name}_vip-then-haproxy"] ->
+ Pacemaker::Constraint::Colocation["${vip_name}_vip-with-haproxy"]
}
}
diff --git a/manifests/profile/base/auditd.pp b/manifests/profile/base/auditd.pp
new file mode 100644
index 0000000..628db08
--- /dev/null
+++ b/manifests/profile/base/auditd.pp
@@ -0,0 +1,30 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == class: tripleo::profile::base::auditd
+#
+# auditd profile for tripleo
+#
+# === Parameters
+#
+# [*step*]
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::auditd (
+ $step = hiera('step'),
+) {
+ if $step >= 4 {
+ include ::auditd
+ }
+}
diff --git a/manifests/profile/base/congress.pp b/manifests/profile/base/congress.pp
new file mode 100644
index 0000000..1731e81
--- /dev/null
+++ b/manifests/profile/base/congress.pp
@@ -0,0 +1,86 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::congress
+#
+# Congress server profile for tripleo
+#
+# === Parameters
+#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
+# [*messaging_driver*]
+# Driver for messaging service.
+# Defaults to hiera('messaging_service_name', 'rabbit')
+#
+# [*messaging_hosts*]
+# list of the messaging host fqdns
+# Defaults to hiera('rabbitmq_node_names')
+#
+# [*messaging_password*]
+# Password for messaging congress queue
+# Defaults to hiera('congress::rabbit_password')
+#
+# [*messaging_port*]
+# IP port for messaging service
+# Defaults to hiera('congress::rabbit_port', 5672)
+#
+# [*messaging_username*]
+# Username for messaging congress queue
+# Defaults to hiera('congress::rabbit_userid', 'guest')
+#
+# [*messaging_use_ssl*]
+# Flag indicating ssl usage.
+# Defaults to hiera('congress::rabbit_use_ssl', '0')
+#
+# [*step*]
+# (Optional) The current step of the deployment
+# Defaults to hiera('step')
+
+class tripleo::profile::base::congress (
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $messaging_driver = hiera('messaging_service_name', 'rabbit'),
+ $messaging_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $messaging_password = hiera('congress::rabbit_password'),
+ $messaging_port = hiera('congress::rabbit_port', '5672'),
+ $messaging_username = hiera('congress::rabbit_userid', 'guest'),
+ $messaging_use_ssl = hiera('congress::rabbit_use_ssl', '0'),
+ $step = hiera('step'),
+) {
+ if $::hostname == downcase($bootstrap_node) {
+ $sync_db = true
+ } else {
+ $sync_db = false
+ }
+
+ if $step >= 4 or ($step >= 3 and $sync_db){
+ $messaging_use_ssl_real = sprintf('%s', bool2num(str2bool($messaging_use_ssl)))
+ class { '::congress':
+ sync_db => $sync_db,
+ default_transport_url => os_transport_url({
+ 'transport' => $messaging_driver,
+ 'hosts' => $messaging_hosts,
+ 'port' => sprintf('%s', $messaging_port),
+ 'username' => $messaging_username,
+ 'password' => $messaging_password,
+ 'ssl' => $messaging_use_ssl_real,
+ }),
+ }
+
+ include ::congress::server
+ include ::congress::db
+ }
+}
diff --git a/manifests/profile/base/database/mysql.pp b/manifests/profile/base/database/mysql.pp
index 1692108..4ccfabc 100644
--- a/manifests/profile/base/database/mysql.pp
+++ b/manifests/profile/base/database/mysql.pp
@@ -151,6 +151,9 @@ class tripleo::profile::base::database::mysql (
if hiera('cinder_api_enabled', false) {
include ::cinder::db::mysql
}
+ if hiera('congress_enabled', false) {
+ include ::congress::db::mysql
+ }
if hiera('glance_api_enabled', false) {
include ::glance::db::mysql
}
@@ -185,12 +188,18 @@ class tripleo::profile::base::database::mysql (
if hiera('sahara_api_enabled', false) {
include ::sahara::db::mysql
}
+ if hiera('tacker_enabled', false) {
+ include ::tacker::db::mysql
+ }
if hiera('trove_api_enabled', false) {
include ::trove::db::mysql
}
if hiera('panko_api_enabled', false) {
include ::panko::db::mysql
}
+ if hiera('ec2_api_enabled', false) {
+ include ::ec2api::db::mysql
+ }
}
}
diff --git a/manifests/profile/base/docker_registry.pp b/manifests/profile/base/docker_registry.pp
index 05a516d..ebe84bf 100644
--- a/manifests/profile/base/docker_registry.pp
+++ b/manifests/profile/base/docker_registry.pp
@@ -19,21 +19,22 @@
# === Parameters:
#
# [*registry_host*]
-# (String) IP address on which the Docker registry is listening on
+# (String) IP address or hostname the Docker registry binds to
# Defaults to hiera('controller_host')
#
# [*registry_port*]
# (Integer) The port on which the Docker registry is listening on
# Defaults to 8787
#
-# [*controller_admin_vip*]
-# (String) VIP of the host
-# Defaults to hiera('controller_admin_vip')
+# [*registry_admin_host*]
+# (String) IP address or hostname the Docker registry binds to in the admin
+# network
+# Defaults to hiera('controller_admin_host')
#
class tripleo::profile::base::docker_registry (
- $registry_host = hiera('controller_host'),
- $registry_port = 8787,
- $controller_admin_vip = hiera('controller_admin_vip'),
+ $registry_host = hiera('controller_host'),
+ $registry_port = 8787,
+ $registry_admin_host = hiera('controller_admin_host'),
) {
# We want a v2 registry
package{'docker-registry':
@@ -55,7 +56,7 @@ class tripleo::profile::base::docker_registry (
line => join ([
'INSECURE_REGISTRY="',
'--insecure-registry ', $registry_host, ':', $registry_port, ' ',
- '--insecure-registry ', $controller_admin_vip, ':', $registry_port, '"']),
+ '--insecure-registry ', $registry_admin_host, ':', $registry_port, '"']),
match => 'INSECURE_REGISTRY=',
require => Package['docker'],
notify => Service['docker'],
diff --git a/manifests/profile/base/glance/api.pp b/manifests/profile/base/glance/api.pp
index 8945fff..e5807f6 100644
--- a/manifests/profile/base/glance/api.pp
+++ b/manifests/profile/base/glance/api.pp
@@ -22,10 +22,39 @@
# (Optional) The hostname of the node responsible for bootstrapping tasks
# Defaults to hiera('bootstrap_nodeid')
#
+# [*certificates_specs*]
+# (Optional) The specifications to give to certmonger for the certificate(s)
+# it will create.
+# Example with hiera:
+# apache_certificates_specs:
+# httpd-internal_api:
+# hostname: <overcloud controller fqdn>
+# service_certificate: <service certificate path>
+# service_key: <service key path>
+# principal: "haproxy/<overcloud controller fqdn>"
+# Defaults to hiera('apache_certificate_specs', {}).
+#
+# [*enable_internal_tls*]
+# (Optional) Whether TLS in the internal network is enabled or not.
+# Defaults to hiera('enable_internal_tls', false)
+#
+# [*generate_service_certificates*]
+# (Optional) Whether or not certmonger will generate certificates for
+# HAProxy. This could be as many as specified by the $certificates_specs
+# variable.
+# Note that this doesn't configure the certificates in haproxy, it merely
+# creates the certificates.
+# Defaults to hiera('generate_service_certificate', false).
+#
# [*glance_backend*]
# (Optional) Glance backend(s) to use.
# Defaults to downcase(hiera('glance_backend', 'swift'))
#
+# [*glance_network*]
+# (Optional) The network name where the glance endpoint is listening on.
+# This is set by t-h-t.
+# Defaults to hiera('glance_api_network', undef)
+#
# [*glance_nfs_enabled*]
# (Optional) Whether to use NFS mount as 'file' backend storage location.
# Defaults to false
@@ -42,15 +71,40 @@
# [*rabbit_port*]
# IP port for rabbitmq service
# Defaults to hiera('glance::notify::rabbitmq::rabbit_port', 5672)
-
+#
+# [*tls_proxy_bind_ip*]
+# IP on which the TLS proxy will listen on. Required only if
+# enable_internal_tls is set.
+# Defaults to undef
+#
+# [*tls_proxy_fqdn*]
+# fqdn on which the tls proxy will listen on. required only used if
+# enable_internal_tls is set.
+# defaults to undef
+#
+# [*tls_proxy_port*]
+# port on which the tls proxy will listen on. Only used if
+# enable_internal_tls is set.
+# defaults to 9292
+#
class tripleo::profile::base::glance::api (
- $bootstrap_node = hiera('bootstrap_nodeid', undef),
- $glance_backend = downcase(hiera('glance_backend', 'swift')),
- $glance_nfs_enabled = false,
- $step = hiera('step'),
- $rabbit_hosts = hiera('rabbitmq_node_names', undef),
- $rabbit_port = hiera('glance::notify::rabbitmq::rabbit_port', 5672),
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $certificates_specs = hiera('apache_certificates_specs', {}),
+ $enable_internal_tls = hiera('enable_internal_tls', false),
+ $generate_service_certificates = hiera('generate_service_certificates', false),
+ $glance_backend = downcase(hiera('glance_backend', 'swift')),
+ $glance_network = hiera('glance_api_network', undef),
+ $glance_nfs_enabled = false,
+ $step = hiera('step'),
+ $rabbit_hosts = hiera('rabbitmq_node_names', undef),
+ $rabbit_port = hiera('glance::notify::rabbitmq::rabbit_port', 5672),
+ $tls_proxy_bind_ip = undef,
+ $tls_proxy_fqdn = undef,
+ $tls_proxy_port = 9292,
) {
+ if $enable_internal_tls and $generate_service_certificates {
+ ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
+ }
if $::hostname == downcase($bootstrap_node) {
$sync_db = true
@@ -63,6 +117,28 @@ class tripleo::profile::base::glance::api (
}
if $step >= 4 or ($step >= 3 and $sync_db) {
+ if $enable_internal_tls {
+ if !$glance_network {
+ fail('glance_api_network is not set in the hieradata.')
+ }
+ if !$tls_proxy_bind_ip {
+ fail('glance_api_tls_proxy_bind_ip is not set in the hieradata.')
+ }
+ if !$tls_proxy_fqdn {
+ fail('tls_proxy_fqdn is required if internal TLS is enabled.')
+ }
+ $tls_certfile = $certificates_specs["httpd-${glance_network}"]['service_certificate']
+ $tls_keyfile = $certificates_specs["httpd-${glance_network}"]['service_key']
+
+ ::tripleo::tls_proxy { 'glance-api':
+ servername => $tls_proxy_fqdn,
+ ip => $tls_proxy_bind_ip,
+ port => $tls_proxy_port,
+ tls_cert => $tls_certfile,
+ tls_key => $tls_keyfile,
+ notify => Class['::glance::api'],
+ }
+ }
case $glance_backend {
'swift': { $backend_store = 'glance.store.swift.Store' }
'file': { $backend_store = 'glance.store.filesystem.Store' }
@@ -75,6 +151,7 @@ class tripleo::profile::base::glance::api (
# TODO: notifications, scrubber, etc.
include ::glance
include ::glance::config
+ # TODO(jaosorior): Remove bind_host when we set it up conditionally in t-h-t
class { '::glance::api':
stores => $glance_store,
sync_db => $sync_db,
diff --git a/manifests/profile/base/horizon.pp b/manifests/profile/base/horizon.pp
index be07c0e..bd28ab0 100644
--- a/manifests/profile/base/horizon.pp
+++ b/manifests/profile/base/horizon.pp
@@ -30,7 +30,7 @@ class tripleo::profile::base::horizon (
# Horizon
include ::apache::mod::remoteip
include ::apache::mod::status
- if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') {
+ if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers', undef) {
$_profile_support = 'cisco'
} else {
$_profile_support = 'None'
diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp
index a388def..72049e3 100644
--- a/manifests/profile/base/keystone.pp
+++ b/manifests/profile/base/keystone.pp
@@ -209,6 +209,9 @@ class tripleo::profile::base::keystone (
if hiera('cinder_api_enabled', false) {
include ::cinder::keystone::auth
}
+ if hiera('congress_enabled', false) {
+ include ::congress::keystone::auth
+ }
if hiera('glance_api_enabled', false) {
include ::glance::keystone::auth
}
@@ -248,6 +251,9 @@ class tripleo::profile::base::keystone (
if hiera('swift_proxy_enabled', false) {
include ::swift::keystone::auth
}
+ if hiera('tacker_enabled', false) {
+ include ::tacker::keystone::auth
+ }
if hiera('trove_api_enabled', false) {
include ::trove::keystone::auth
}
@@ -255,6 +261,8 @@ class tripleo::profile::base::keystone (
include ::zaqar::keystone::auth
include ::zaqar::keystone::auth_websocket
}
+ if hiera('ec2_api_enabled', false) {
+ include ::ec2api::keystone::auth
+ }
}
}
-
diff --git a/manifests/profile/base/metrics/collectd.pp b/manifests/profile/base/metrics/collectd.pp
index 0f738d1..d8e6f89 100644
--- a/manifests/profile/base/metrics/collectd.pp
+++ b/manifests/profile/base/metrics/collectd.pp
@@ -1,13 +1,27 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
# == Class: tripleo::profile::base::metrics::collectd
#
# Collectd configuration for TripleO
#
# === Parameters
#
-# [*collectd_plugins*]
-# (Optional) List. A list of collectd plugins to configure (the
-# corresponding collectd::plugin::NAME class must exist in the
-# collectd package).
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
#
# [*collectd_server*]
# (Optional) String. The name or address of a collectd server to
@@ -28,61 +42,62 @@
# [*collectd_securitylevel*]
# (Optional) String.
#
-# [*collectd_interface*]
-# (Optional) String. Name of a network interface.
-#
-# [*collectd_graphite_server*]
-# (Optional) String. The name or address of a graphite server to
-# which we should send metrics.
-#
-# [*collectd_graphite_port*]
-# (Optional) Integer. This is the port to which we will connect on
-# the graphite server. Defaults to 2004.
-#
-# [*collectd_graphite_prefix*]
-# (Optional) String. Prefix to add to metric names. Defaults to
-# 'overcloud.'.
-#
-# [*collectd_graphite_protocol*]
-# (Optional) String. One of 'udp' or 'tcp'.
-#
+# [*service_names*]
+# (Optional) List of strings. A list of active services in this tripleo
+# deployment. This is used to look up service-specific plugins that
+# need to be installed.
class tripleo::profile::base::metrics::collectd (
- $collectd_plugins = [],
+ $step = hiera('step'),
$collectd_server = undef,
- $collectd_port = 25826,
+ $collectd_port = undef,
$collectd_username = undef,
$collectd_password = undef,
$collectd_securitylevel = undef,
-
- $collectd_graphite_server = undef,
- $collectd_graphite_port = 2004,
- $collectd_graphite_prefix = undef,
- $collectd_graphite_protocol = 'udp'
+ $service_names = hiera('service_names', [])
) {
- include ::collectd
- ::tripleo::profile::base::metrics::collectd::plugin_helper { $collectd_plugins: }
+ if $step >= 3 {
+ include ::collectd
- if ! ($collectd_graphite_protocol in ['udp', 'tcp']) {
- fail("collectd_graphite_protocol must be one of 'udp' or 'tcp'")
- }
+ if ! ($collectd_securitylevel in [undef, 'None', 'Sign', 'Encrypt']) {
+ fail('collectd_securitylevel must be one of (None, Sign, Encrypt).')
+ }
+
+ # Load per-service plugin configuration
+ ::tripleo::profile::base::metrics::collectd::collectd_service {
+ $service_names: }
+
+ # Because THT doesn't allow us to default values to undef, we need
+ # to perform a number of transformations here to avoid passing a bunch of
+ # empty strings to the collectd plugins.
- if $collectd_server {
- ::collectd::plugin::network::server { $collectd_server:
- username => $collectd_username,
- password => $collectd_password,
- port => $collectd_port,
- securitylevel => $collectd_securitylevel,
+ $_collectd_username = empty($collectd_username) ? {
+ true => undef,
+ default => $collectd_username
+ }
+
+ $_collectd_password = empty($collectd_password) ? {
+ true => undef,
+ default => $collectd_password
}
- }
- if $collectd_graphite_server {
- ::collectd::plugin::write_graphite::carbon { 'openstack_graphite':
- graphitehost => $collectd_graphite_server,
- graphiteport => $collectd_graphite_port,
- graphiteprefix => $collectd_graphite_prefix,
- protocol => $collectd_graphite_protocol,
+ $_collectd_port = empty($collectd_port) ? {
+ true => undef,
+ default => $collectd_port
+ }
+
+ $_collectd_securitylevel = empty($collectd_securitylevel) ? {
+ true => undef,
+ default => $collectd_securitylevel
+ }
+
+ if ! empty($collectd_server) {
+ ::collectd::plugin::network::server { $collectd_server:
+ username => $_collectd_username,
+ password => $_collectd_password,
+ port => $_collectd_port,
+ securitylevel => $_collectd_securitylevel,
+ }
}
}
}
-
diff --git a/manifests/profile/base/metrics/collectd/collectd_plugin.pp b/manifests/profile/base/metrics/collectd/collectd_plugin.pp
new file mode 100644
index 0000000..5ab940b
--- /dev/null
+++ b/manifests/profile/base/metrics/collectd/collectd_plugin.pp
@@ -0,0 +1,6 @@
+# We use this to transform a list of unqualified plugin names
+# (like ['disk', 'ntpd']) into the correct collectd plugin classes.
+define tripleo::profile::base::metrics::collectd::collectd_plugin (
+) {
+ include "collectd::plugin::${title}"
+}
diff --git a/manifests/profile/base/metrics/collectd/collectd_service.pp b/manifests/profile/base/metrics/collectd/collectd_service.pp
new file mode 100644
index 0000000..c1b3a60
--- /dev/null
+++ b/manifests/profile/base/metrics/collectd/collectd_service.pp
@@ -0,0 +1,11 @@
+# This is used to look up a list of service-specific collectd plugins
+# in the hiera data provided by THT.
+define tripleo::profile::base::metrics::collectd::collectd_service (
+) {
+ $plugins = hiera("tripleo.collectd.plugins.${title}", [])
+
+ if $plugins {
+ ::tripleo::profile::base::metrics::collectd::collectd_plugin {
+ $plugins: }
+ }
+}
diff --git a/manifests/profile/base/neutron/server.pp b/manifests/profile/base/neutron/server.pp
index 4667ae2..5d6909f 100644
--- a/manifests/profile/base/neutron/server.pp
+++ b/manifests/profile/base/neutron/server.pp
@@ -22,10 +22,34 @@
# (Optional) The hostname of the node responsible for bootstrapping tasks
# Defaults to hiera('bootstrap_nodeid')
#
-# [*step*]
-# (Optional) The current step in deployment. See tripleo-heat-templates
-# for more details.
-# Defaults to hiera('step')
+# [*certificates_specs*]
+# (Optional) The specifications to give to certmonger for the certificate(s)
+# it will create.
+# Example with hiera:
+# apache_certificates_specs:
+# httpd-internal_api:
+# hostname: <overcloud controller fqdn>
+# service_certificate: <service certificate path>
+# service_key: <service key path>
+# principal: "haproxy/<overcloud controller fqdn>"
+# Defaults to hiera('apache_certificate_specs', {}).
+#
+# [*dvr_enabled*]
+# (Optional) Is dvr enabled, used when no override is passed to
+# l3_ha_override to calculate enabling l3 HA.
+# Defaults to hiera('neutron::server::router_distributed') or false
+#
+# [*enable_internal_tls*]
+# (Optional) Whether TLS in the internal network is enabled or not.
+# Defaults to hiera('enable_internal_tls', false)
+#
+# [*generate_service_certificates*]
+# (Optional) Whether or not certmonger will generate certificates for
+# HAProxy. This could be as many as specified by the $certificates_specs
+# variable.
+# Note that this doesn't configure the certificates in haproxy, it merely
+# creates the certificates.
+# Defaults to hiera('generate_service_certificate', false).
#
# [*l3_ha_override*]
# (Optional) Override the calculated value for neutron::server::l3_ha
@@ -41,17 +65,49 @@
# (we need to default neutron_l3_short_node_names to an empty list
# because some neutron backends disable the l3 agent)
#
-# [*dvr_enabled*]
-# (Optional) Is dvr enabled, used when no override is passed to
-# l3_ha_override to calculate enabling l3 HA.
-# Defaults to hiera('neutron::server::router_distributed') or false
+# [*neutron_network*]
+# (Optional) The network name where the neutron endpoint is listening on.
+# This is set by t-h-t.
+# Defaults to hiera('neutron_api_network', undef)
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+# [*tls_proxy_bind_ip*]
+# IP on which the TLS proxy will listen on. Required only if
+# enable_internal_tls is set.
+# Defaults to undef
+#
+# [*tls_proxy_fqdn*]
+# fqdn on which the tls proxy will listen on. required only used if
+# enable_internal_tls is set.
+# defaults to undef
+#
+# [*tls_proxy_port*]
+# port on which the tls proxy will listen on. Only used if
+# enable_internal_tls is set.
+# defaults to 9696
+#
class tripleo::profile::base::neutron::server (
- $bootstrap_node = hiera('bootstrap_nodeid', undef),
- $step = hiera('step'),
- $l3_ha_override = '',
- $l3_nodes = hiera('neutron_l3_short_node_names', []),
- $dvr_enabled = hiera('neutron::server::router_distributed', false)
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $certificates_specs = hiera('apache_certificates_specs', {}),
+ $dvr_enabled = hiera('neutron::server::router_distributed', false),
+ $enable_internal_tls = hiera('enable_internal_tls', false),
+ $generate_service_certificates = hiera('generate_service_certificates', false),
+ $l3_ha_override = '',
+ $l3_nodes = hiera('neutron_l3_short_node_names', []),
+ $neutron_network = hiera('neutron_api_network', undef),
+ $step = hiera('step'),
+ $tls_proxy_bind_ip = undef,
+ $tls_proxy_fqdn = undef,
+ $tls_proxy_port = 9696,
) {
+ if $enable_internal_tls and $generate_service_certificates {
+ ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
+ }
+
if $::hostname == downcase($bootstrap_node) {
$sync_db = true
} else {
@@ -73,7 +129,24 @@ class tripleo::profile::base::neutron::server (
# We start neutron-server on the bootstrap node first, because
# it will try to populate tables and we need to make sure this happens
# before it starts on other nodes
- if $step >= 4 and $sync_db {
+ if $step >= 4 and $sync_db or $step >= 5 and !$sync_db {
+ if $enable_internal_tls {
+ if !$neutron_network {
+ fail('neutron_api_network is not set in the hieradata.')
+ }
+ $tls_certfile = $certificates_specs["httpd-${neutron_network}"]['service_certificate']
+ $tls_keyfile = $certificates_specs["httpd-${neutron_network}"]['service_key']
+
+ ::tripleo::tls_proxy { 'neutron-api':
+ servername => $tls_proxy_fqdn,
+ ip => $tls_proxy_bind_ip,
+ port => $tls_proxy_port,
+ tls_cert => $tls_certfile,
+ tls_key => $tls_keyfile,
+ notify => Class['::neutron::server'],
+ }
+ }
+
include ::neutron::server::notifications
# We need to override the hiera value neutron::server::sync_db which is set
# to true
@@ -82,11 +155,4 @@ class tripleo::profile::base::neutron::server (
l3_ha => $l3_ha,
}
}
- if $step >= 5 and !$sync_db {
- include ::neutron::server::notifications
- class { '::neutron::server':
- sync_db => $sync_db,
- l3_ha => $l3_ha,
- }
- }
}
diff --git a/manifests/profile/base/nova/api.pp b/manifests/profile/base/nova/api.pp
index 8ded3ef..83baae2 100644
--- a/manifests/profile/base/nova/api.pp
+++ b/manifests/profile/base/nova/api.pp
@@ -85,25 +85,8 @@ class tripleo::profile::base::nova::api (
$tls_keyfile = undef
}
- if ($step >= 3 and $sync_db) {
- $messaging_hosts_real = any2array($::tripleo::profile::base::nova::messaging_hosts)
- # TODO(aschultz): remove sprintf once we properly type the port, needs
- # to be a string for the os_transport_url function.
- $messaging_port_real = sprintf('%s', $::tripleo::profile::base::nova::messaging_port)
- $messaging_use_ssl_real = sprintf('%s', bool2num(str2bool($::tripleo::profile::base::nova::messaging_use_ssl)))
-
- #TODO(emilien): enable it again when it's fixed upstream in nova
- # https://bugs.launchpad.net/tripleo/+bug/1649341
- # class { '::nova::db::sync_cell_v2':
- # transport_url => os_transport_url({
- # 'transport' => $::tripleo::profile::base::nova::messaging_driver,
- # 'hosts' => $messaging_hosts_real,
- # 'port' => $messaging_port_real,
- # 'username' => $::tripleo::profile::base::nova::messaging_username,
- # 'password' => $::tripleo::profile::base::nova::messaging_password,
- # 'ssl' => $messaging_use_ssl_real,
- # }),
- # }
+ if $step >= 3 and $sync_db {
+ include ::nova::cell_v2::simple_setup
}
if $step >= 4 or ($step >= 3 and $sync_db) {
diff --git a/manifests/profile/base/nova/ec2api.pp b/manifests/profile/base/nova/ec2api.pp
new file mode 100644
index 0000000..f34b071
--- /dev/null
+++ b/manifests/profile/base/nova/ec2api.pp
@@ -0,0 +1,35 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::nova::ec2api
+#
+# EC2-compatible Nova API profile for tripleo
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::nova::ec2api (
+ $step = hiera('step')
+) {
+ if $step >= 4 {
+ include ::ec2api
+ include ::ec2api::api
+ include ::ec2api::db::sync
+ include ::ec2api::metadata
+ }
+}
diff --git a/manifests/profile/base/pacemaker.pp b/manifests/profile/base/pacemaker.pp
index 671f1e7..6021731 100644
--- a/manifests/profile/base/pacemaker.pp
+++ b/manifests/profile/base/pacemaker.pp
@@ -23,9 +23,54 @@
# for more details.
# Defaults to hiera('step')
#
+# [*pcs_tries*]
+# (Optional) The number of times pcs commands should be retried.
+# Defaults to hiera('pcs_tries', 20)
+#
+# [*remote_short_node_names*]
+# (Optional) List of short node names for pacemaker remote nodes
+# Defaults to hiera('pacemaker_remote_short_node_names', [])
+#
+# [*remote_node_ips*]
+# (Optional) List of node ips for pacemaker remote nodes
+# Defaults to hiera('pacemaker_remote_node_ips', [])
+#
+# [*remote_authkey*]
+# (Optional) Authkey for pacemaker remote nodes
+# Defaults to undef
+#
+# [*remote_reconnect_interval*]
+# (Optional) Reconnect interval for the remote
+# Defaults to hiera('pacemaker_remote_reconnect_interval', 60)
+#
+# [*remote_monitor_interval*]
+# (Optional) Monitor interval for the remote
+# Defaults to hiera('pacemaker_monitor_reconnect_interval', 20)
+#
+# [*remote_tries*]
+# (Optional) Number of tries for the remote resource creation
+# Defaults to hiera('pacemaker_remote_tries', 5)
+#
+# [*remote_try_sleep*]
+# (Optional) Number of seconds to sleep between remote creation tries
+# Defaults to hiera('pacemaker_remote_try_sleep', 60)
+#
class tripleo::profile::base::pacemaker (
- $step = hiera('step'),
+ $step = hiera('step'),
+ $pcs_tries = hiera('pcs_tries', 20),
+ $remote_short_node_names = hiera('pacemaker_remote_short_node_names', []),
+ $remote_node_ips = hiera('pacemaker_remote_node_ips', []),
+ $remote_authkey = undef,
+ $remote_reconnect_interval = hiera('pacemaker_remote_reconnect_interval', 60),
+ $remote_monitor_interval = hiera('pacemaker_remote_monitor_interval', 20),
+ $remote_tries = hiera('pacemaker_remote_tries', 5),
+ $remote_try_sleep = hiera('pacemaker_remote_try_sleep', 60),
) {
+
+ if count($remote_short_node_names) != count($remote_node_ips) {
+ fail("Count of ${remote_short_node_names} is not equal to count of ${remote_node_ips}")
+ }
+
Pcmk_resource <| |> {
tries => 10,
try_sleep => 3,
@@ -55,9 +100,11 @@ class tripleo::profile::base::pacemaker (
cluster_members => $pacemaker_cluster_members,
setup_cluster => $pacemaker_master,
cluster_setup_extras => $cluster_setup_extras,
+ remote_authkey => $remote_authkey,
}
class { '::pacemaker::stonith':
disable => !$enable_fencing,
+ tries => $pcs_tries,
}
if $enable_fencing {
include ::tripleo::fencing
@@ -69,6 +116,21 @@ class tripleo::profile::base::pacemaker (
# enable stonith after all fencing devices have been created
Class['tripleo::fencing'] -> Class['pacemaker::stonith']
}
+ # We have pacemaker remote nodes configured so let's add them as resources
+ # We do this during step 1 right after wait-for-settle, because during step 2
+ # resources might already be created on pacemaker remote nodes and we need
+ # a guarantee that remote nodes are already up
+ if $pacemaker_master and count($remote_short_node_names) > 0 {
+ # Creates a { "node" => "ip_address", ...} hash
+ $remotes_hash = hash(zip($remote_short_node_names, $remote_node_ips))
+ pacemaker::resource::remote { $remote_short_node_names:
+ remote_address => $remotes_hash[$title],
+ reconnect_interval => $remote_reconnect_interval,
+ op_params => "monitor interval=${remote_monitor_interval}",
+ tries => $remote_tries,
+ try_sleep => $remote_try_sleep,
+ }
+ }
}
if $step >= 2 {
diff --git a/manifests/profile/base/glance/registry.pp b/manifests/profile/base/pacemaker_remote.pp
index cd40aeb..e0fff63 100644
--- a/manifests/profile/base/glance/registry.pp
+++ b/manifests/profile/base/pacemaker_remote.pp
@@ -12,39 +12,26 @@
# License for the specific language governing permissions and limitations
# under the License.
#
-# == Class: tripleo::profile::base::glance::registry
+# == Class: tripleo::profile::base::pacemaker_remote
#
-# Glance Registry profile for tripleo
+# Pacemaker remote profile for tripleo
#
# === Parameters
#
-# [*bootstrap_node*]
-# DEPRECATED
-# (Optional) The hostname of the node responsible for bootstrapping tasks
-# Defaults to hiera('bootstrap_nodeid')
-#
-# [*glance_backend*]
-# (Optional) Glance backend(s) to use.
-# Defaults to downcase(hiera('glance_backend', 'swift'))
+# [*remote_authkey*]
+# Authkey for pacemaker remote nodes
+# Defaults to unset
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to hiera('step')
#
-class tripleo::profile::base::glance::registry (
- $bootstrap_node = undef,
- $glance_backend = downcase(hiera('glance_backend', 'swift')),
+class tripleo::profile::base::pacemaker_remote (
+ $remote_authkey,
$step = hiera('step'),
) {
-
- if $step >= 4 {
- # TODO: notifications, scrubber, etc.
- include ::glance
- include ::glance::config
- include ::glance::registry
- include ::glance::notify::rabbitmq
- include join(['::glance::backend::', $glance_backend])
+ class { '::pacemaker::remote':
+ remote_authkey => $remote_authkey,
}
-
}
diff --git a/manifests/profile/base/rabbitmq.pp b/manifests/profile/base/rabbitmq.pp
index 15bab44..fd8de8f 100644
--- a/manifests/profile/base/rabbitmq.pp
+++ b/manifests/profile/base/rabbitmq.pp
@@ -34,6 +34,11 @@
# (Optional) RabbitMQ environment.
# Defaults to hiera('rabbitmq_environment').
#
+# [*inet_dist_interface*]
+# (Optional) Address to bind the inter-cluster interface
+# to. It is the inet_dist_use_interface option in the kernel variables
+# Defaults to hiera('rabbitmq::interface', undef).
+#
# [*nodes*]
# (Optional) Array of host(s) for RabbitMQ nodes.
# Defaults to hiera('rabbitmq_node_names', []).
@@ -44,12 +49,13 @@
# Defaults to hiera('step')
#
class tripleo::profile::base::rabbitmq (
- $config_variables = hiera('rabbitmq_config_variables'),
- $environment = hiera('rabbitmq_environment'),
- $ipv6 = str2bool(hiera('rabbit_ipv6', false)),
- $kernel_variables = hiera('rabbitmq_kernel_variables'),
- $nodes = hiera('rabbitmq_node_names', []),
- $step = hiera('step'),
+ $config_variables = hiera('rabbitmq_config_variables'),
+ $environment = hiera('rabbitmq_environment'),
+ $ipv6 = str2bool(hiera('rabbit_ipv6', false)),
+ $kernel_variables = hiera('rabbitmq_kernel_variables'),
+ $inet_dist_interface = hiera('rabbitmq::interface', undef),
+ $nodes = hiera('rabbitmq_node_names', []),
+ $step = hiera('step'),
) {
# IPv6 environment, necessary for RabbitMQ.
if $ipv6 {
@@ -60,6 +66,14 @@ class tripleo::profile::base::rabbitmq (
} else {
$rabbit_env = $environment
}
+ if $inet_dist_interface {
+ $real_kernel_variables = merge(
+ $kernel_variables,
+ { 'inet_dist_use_interface' => ip_to_erl_format($inet_dist_interface) },
+ )
+ } else {
+ $real_kernel_variables = $kernel_variables
+ }
$manage_service = hiera('rabbitmq::service_manage', true)
if $step >= 1 {
@@ -68,7 +82,7 @@ class tripleo::profile::base::rabbitmq (
class { '::rabbitmq':
config_cluster => $manage_service,
cluster_nodes => $nodes,
- config_kernel_variables => $kernel_variables,
+ config_kernel_variables => $real_kernel_variables,
config_variables => $config_variables,
environment_variables => $rabbit_env,
}
diff --git a/manifests/profile/base/swift/proxy.pp b/manifests/profile/base/swift/proxy.pp
index 5bd75bd..20af9f9 100644
--- a/manifests/profile/base/swift/proxy.pp
+++ b/manifests/profile/base/swift/proxy.pp
@@ -18,38 +18,58 @@
#
# === Parameters
#
-# [*step*]
-# (Optional) The current step in deployment. See tripleo-heat-templates
-# for more details.
-# Defaults to hiera('step')
+# [*ceilometer_enabled*]
+# Whether the ceilometer pipeline is enabled.
+# Defaults to true
#
-# [*memcache_servers*]
-# (Optional) List of memcache servers
-# Defaults to hiera('memcached_node_ips')
+# [*ceilometer_messaging_driver*]
+# Driver for messaging service.
+# Defaults to hiera('messaging_service_name', 'rabbit')
+#
+# [*ceilometer_messaging_hosts*]
+# list of the messaging host fqdns
+# Defaults to hiera('rabbitmq_node_names')
+#
+# [*ceilometer_messaging_password*]
+# Password for messaging nova queue
+# Defaults to hiera('swift::proxy::ceilometer::rabbit_password', undef)
+#
+# [*ceilometer_messaging_port*]
+# IP port for messaging service
+# Defaults to hiera('tripleo::profile::base::swift::proxy::rabbit_port', 5672)
+#
+# [*ceilometer_messaging_use_ssl*]
+# Flag indicating ssl usage.
+# Defaults to '0'
+#
+# [*ceilometer_messaging_username*]
+# Username for messaging nova queue
+# Defaults to hiera('swift::proxy::ceilometer::rabbit_user', 'guest')
#
# [*memcache_port*]
# (Optional) memcache port
# Defaults to 11211
#
-# [*rabbit_hosts*]
-# list of the rabbbit host fqdns
-# Defaults to hiera('rabbitmq_node_names')
-#
-# [*rabbit_port*]
-# IP port for rabbitmq service
-# Defaults to 5672
+# [*memcache_servers*]
+# (Optional) List of memcache servers
+# Defaults to hiera('memcached_node_ips')
#
-# [*ceilometer_enabled*]
-# Whether the ceilometer pipeline is enabled.
-# Defaults to true
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
#
class tripleo::profile::base::swift::proxy (
- $step = hiera('step'),
- $memcache_servers = hiera('memcached_node_ips'),
- $memcache_port = 11211,
- $rabbit_hosts = hiera('rabbitmq_node_names', undef),
- $rabbit_port = 5672,
- $ceilometer_enabled = true,
+ $ceilometer_enabled = true,
+ $ceilometer_messaging_driver = hiera('messaging_service_name', 'rabbit'),
+ $ceilometer_messaging_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $ceilometer_messaging_password = hiera('swift::proxy::ceilometer::rabbit_password', undef),
+ $ceilometer_messaging_port = hiera('tripleo::profile::base::swift::proxy::rabbit_port', '5672'),
+ $ceilometer_messaging_use_ssl = '0',
+ $ceilometer_messaging_username = hiera('swift::proxy::ceilometer::rabbit_user', 'guest'),
+ $memcache_port = 11211,
+ $memcache_servers = hiera('memcached_node_ips'),
+ $step = hiera('step'),
) {
if $step >= 4 {
$swift_memcache_servers = suffix(any2array(normalize_ip_for_uri($memcache_servers)), ":${memcache_port}")
@@ -68,10 +88,17 @@ class tripleo::profile::base::swift::proxy (
include ::swift::proxy::tempurl
include ::swift::proxy::formpost
include ::swift::proxy::bulk
- $swift_rabbit_hosts = suffix(any2array($rabbit_hosts), ":${rabbit_port}")
+ $ceilometer_messaging_use_ssl_real = sprintf('%s', bool2num(str2bool($ceilometer_messaging_use_ssl)))
if $ceilometer_enabled {
class { '::swift::proxy::ceilometer':
- rabbit_hosts => $swift_rabbit_hosts,
+ default_transport_url => os_transport_url({
+ 'transport' => $ceilometer_messaging_driver,
+ 'hosts' => $ceilometer_messaging_hosts,
+ 'port' => sprintf('%s', $ceilometer_messaging_port),
+ 'username' => $ceilometer_messaging_username,
+ 'password' => $ceilometer_messaging_password,
+ 'ssl' => $ceilometer_messaging_use_ssl_real,
+ }),
}
}
include ::swift::proxy::versioned_writes
diff --git a/manifests/profile/base/tacker.pp b/manifests/profile/base/tacker.pp
new file mode 100644
index 0000000..e9f6b77
--- /dev/null
+++ b/manifests/profile/base/tacker.pp
@@ -0,0 +1,86 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::tacker
+#
+# Tacker server profile for tripleo
+#
+# === Parameters
+#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
+# [*messaging_driver*]
+# Driver for messaging service.
+# Defaults to hiera('messaging_service_name', 'rabbit')
+#
+# [*messaging_hosts*]
+# list of the messaging host fqdns
+# Defaults to hiera('rabbitmq_node_names')
+#
+# [*messaging_password*]
+# Password for messaging nova queue
+# Defaults to hiera('nova::rabbit_password')
+#
+# [*messaging_port*]
+# IP port for messaging service
+# Defaults to hiera('nova::rabbit_port', 5672)
+#
+# [*messaging_username*]
+# Username for messaging nova queue
+# Defaults to hiera('nova::rabbit_userid', 'guest')
+#
+# [*messaging_use_ssl*]
+# Flag indicating ssl usage.
+# Defaults to hiera('nova::rabbit_use_ssl', '0')
+#
+# [*step*]
+# (Optional) The current step of the deployment
+# Defaults to hiera('step')
+
+class tripleo::profile::base::tacker (
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $messaging_driver = hiera('messaging_service_name', 'rabbit'),
+ $messaging_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $messaging_password = hiera('tacker::rabbit_password'),
+ $messaging_port = hiera('tacker::rabbit_port', '5672'),
+ $messaging_username = hiera('tacker::rabbit_userid', 'guest'),
+ $messaging_use_ssl = hiera('tacker::rabbit_use_ssl', '0'),
+ $step = hiera('step'),
+) {
+ if $::hostname == downcase($bootstrap_node) {
+ $sync_db = true
+ } else {
+ $sync_db = false
+ }
+
+ if $step >= 4 or ($step >= 3 and $sync_db){
+ $messaging_use_ssl_real = sprintf('%s', bool2num(str2bool($messaging_use_ssl)))
+ class { '::tacker':
+ sync_db => $sync_db,
+ default_transport_url => os_transport_url({
+ 'transport' => $messaging_driver,
+ 'hosts' => $messaging_hosts,
+ 'port' => sprintf('%s', $messaging_port),
+ 'username' => $messaging_username,
+ 'password' => $messaging_password,
+ 'ssl' => $messaging_use_ssl_real,
+ }),
+ }
+
+ include ::tacker::server
+ include ::tacker::db
+ }
+}
diff --git a/manifests/profile/pacemaker/ceph/rbdmirror.pp b/manifests/profile/pacemaker/ceph/rbdmirror.pp
new file mode 100644
index 0000000..4066225
--- /dev/null
+++ b/manifests/profile/pacemaker/ceph/rbdmirror.pp
@@ -0,0 +1,98 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::pacemaker::ceph::rbdmirror
+#
+# Ceph RBD mirror Pacemaker profile for tripleo
+#
+# === Parameters
+#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('ceph_rbdmirror_bootstrap_short_node_name')
+#
+# [*client_name*]
+# (Optional) Name assigned to the RBD mirror client
+# Defaults to 'rbd-mirror'
+#
+# [*pcs_tries*]
+# (Optional) The number of times pcs commands should be retried.
+# Defaults to hiera('pcs_tries', 20)
+#
+# [*stack_action*]
+# (Optional) Action executed on the stack. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('stack_action')
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::pacemaker::ceph::rbdmirror (
+ $bootstrap_node = hiera('ceph_rbdmirror_short_bootstrap_node_name'),
+ $client_name = 'openstack',
+ $pcs_tries = hiera('pcs_tries', 20),
+ $stack_action = hiera('stack_action'),
+ $step = hiera('step'),
+) {
+ Service <| tag == 'ceph-rbd-mirror' |> {
+ hasrestart => true,
+ restart => '/bin/true',
+ start => '/bin/true',
+ stop => '/bin/true',
+ }
+
+ if $::hostname == downcase($bootstrap_node) {
+ $pacemaker_master = true
+ } else {
+ $pacemaker_master = false
+ }
+
+ include ::tripleo::profile::base::ceph
+
+ if $step >= 2 {
+ pacemaker::property { 'ceph-rbdmirror-role-node-property':
+ property => 'ceph-rbdmirror-role',
+ value => true,
+ tries => $pcs_tries,
+ node => $::hostname,
+ }
+ }
+
+ if $step >= 3 {
+ require ::ceph::profile::client
+ ceph::mirror { $client_name:
+ rbd_mirror_enable => false,
+ rbd_mirror_ensure => 'stopped',
+ } ->
+ pacemaker::resource::service { "ceph-rbd-mirror_${client_name}":
+ # NOTE(gfidente): systemd uses the @ sign but it is an invalid
+ # character in a pcmk resource name, so we need to use it only
+ # for the name of the service
+ service_name => "ceph-rbd-mirror@${client_name}",
+ tries => $pcs_tries,
+ location_rule => {
+ resource_discovery => 'exclusive',
+ score => 0,
+ expression => ['ceph-rbdmirror-role eq true'],
+ }
+ }
+ }
+
+ if $step >= 3 and $pacemaker_master and $stack_action == 'UPDATE' {
+ Ceph_config<||> ~> Tripleo::Pacemaker::Resource_restart_flag["ceph-rbd-mirror@${client_name}"]
+ tripleo::pacemaker::resource_restart_flag { "ceph-rbd-mirror@${client_name}": }
+ }
+}
diff --git a/manifests/profile/pacemaker/cinder/backup.pp b/manifests/profile/pacemaker/cinder/backup.pp
index 4e33a34..ff0d8c9 100644
--- a/manifests/profile/pacemaker/cinder/backup.pp
+++ b/manifests/profile/pacemaker/cinder/backup.pp
@@ -27,9 +27,14 @@
# for more details.
# Defaults to hiera('step')
#
+# [*pcs_tries*]
+# (Optional) The number of times pcs commands should be retried.
+# Defaults to hiera('pcs_tries', 20)
+#
class tripleo::profile::pacemaker::cinder::backup (
$bootstrap_node = hiera('cinder_backup_short_bootstrap_node_name'),
$step = hiera('step'),
+ $pcs_tries = hiera('pcs_tries', 20),
) {
Service <| tag == 'cinder::backup' |> {
@@ -47,6 +52,15 @@ class tripleo::profile::pacemaker::cinder::backup (
include ::tripleo::profile::base::cinder::backup
+ if $step >= 2 {
+ pacemaker::property { 'cinder-backup-role-node-property':
+ property => 'cinder-backup-role',
+ value => true,
+ tries => $pcs_tries,
+ node => $::hostname,
+ }
+ }
+
if $step >= 3 and $pacemaker_master and hiera('stack_action') == 'UPDATE' {
Cinder_config<||>
~>
@@ -55,7 +69,13 @@ class tripleo::profile::pacemaker::cinder::backup (
if $step >= 5 and $pacemaker_master {
pacemaker::resource::service { $::cinder::params::backup_service :
- op_params => 'start timeout=200s stop timeout=200s',
+ op_params => 'start timeout=200s stop timeout=200s',
+ tries => $pcs_tries,
+ location_rule => {
+ resource_discovery => 'exclusive',
+ score => 0,
+ expression => ['cinder-backup-role eq true'],
+ }
}
}
diff --git a/manifests/profile/pacemaker/cinder/volume.pp b/manifests/profile/pacemaker/cinder/volume.pp
index b03a1f4..0d6a598 100644
--- a/manifests/profile/pacemaker/cinder/volume.pp
+++ b/manifests/profile/pacemaker/cinder/volume.pp
@@ -27,9 +27,14 @@
# for more details.
# Defaults to hiera('step')
#
+# [*pcs_tries*]
+# (Optional) The number of times pcs commands should be retried.
+# Defaults to hiera('pcs_tries', 20)
+#
class tripleo::profile::pacemaker::cinder::volume (
$bootstrap_node = hiera('cinder_volume_short_bootstrap_node_name'),
$step = hiera('step'),
+ $pcs_tries = hiera('pcs_tries', 20),
) {
Service <| tag == 'cinder::volume' |> {
hasrestart => true,
@@ -46,6 +51,15 @@ class tripleo::profile::pacemaker::cinder::volume (
include ::tripleo::profile::base::cinder::volume
+ if $step >= 2 {
+ pacemaker::property { 'cinder-volume-role-node-property':
+ property => 'cinder-volume-role',
+ value => true,
+ tries => $pcs_tries,
+ node => $::hostname,
+ }
+ }
+
if $step >= 3 and $pacemaker_master and hiera('stack_action') == 'UPDATE' {
Cinder_api_paste_ini<||> ~> Tripleo::Pacemaker::Resource_restart_flag["${::cinder::params::volume_service}"]
Cinder_config<||> ~> Tripleo::Pacemaker::Resource_restart_flag["${::cinder::params::volume_service}"]
@@ -54,7 +68,13 @@ class tripleo::profile::pacemaker::cinder::volume (
if $step >= 5 and $pacemaker_master {
pacemaker::resource::service { $::cinder::params::volume_service :
- op_params => 'start timeout=200s stop timeout=200s',
+ op_params => 'start timeout=200s stop timeout=200s',
+ tries => $pcs_tries,
+ location_rule => {
+ resource_discovery => 'exclusive',
+ score => 0,
+ expression => ['cinder-volume-role eq true'],
+ }
}
}
diff --git a/manifests/profile/pacemaker/database/mysql.pp b/manifests/profile/pacemaker/database/mysql.pp
index 3506cb1..6a83f10 100644
--- a/manifests/profile/pacemaker/database/mysql.pp
+++ b/manifests/profile/pacemaker/database/mysql.pp
@@ -36,11 +36,16 @@
# for more details.
# Defaults to hiera('step')
#
+# [*pcs_tries*]
+# (Optional) The number of times pcs commands should be retried.
+# Defaults to hiera('pcs_tries', 20)
+#
class tripleo::profile::pacemaker::database::mysql (
$bootstrap_node = hiera('mysql_short_bootstrap_node_name'),
$bind_address = $::hostname,
$gmcast_listen_addr = hiera('mysql_bind_host'),
$step = hiera('step'),
+ $pcs_tries = hiera('pcs_tries', 20),
) {
if $::hostname == downcase($bootstrap_node) {
$pacemaker_master = true
@@ -118,6 +123,12 @@ class tripleo::profile::pacemaker::database::mysql (
}
if $step >= 2 {
+ pacemaker::property { 'galera-role-node-property':
+ property => 'galera-role',
+ value => true,
+ tries => $pcs_tries,
+ node => $::hostname,
+ }
if $pacemaker_master {
pacemaker::resource::ocf { 'galera' :
ocf_agent_name => 'heartbeat:galera',
@@ -125,7 +136,14 @@ class tripleo::profile::pacemaker::database::mysql (
master_params => '',
meta_params => "master-max=${galera_nodes_count} ordered=true",
resource_params => "additional_parameters='--open-files-limit=16384' enable_creation=true wsrep_cluster_address='gcomm://${galera_nodes}'",
- require => Class['::mysql::server'],
+ tries => $pcs_tries,
+ location_rule => {
+ resource_discovery => 'exclusive',
+ score => 0,
+ expression => ['galera-role eq true'],
+ },
+ require => [Class['::mysql::server'],
+ Pacemaker::Property['galera-role-node-property']],
before => Exec['galera-ready'],
}
exec { 'galera-ready' :
diff --git a/manifests/profile/pacemaker/database/redis.pp b/manifests/profile/pacemaker/database/redis.pp
index 7490fa0..3ef6815 100644
--- a/manifests/profile/pacemaker/database/redis.pp
+++ b/manifests/profile/pacemaker/database/redis.pp
@@ -36,11 +36,16 @@
# for when redis is managed by pacemaker. Defaults to hiera('redis_file_limit')
# or 10240 (default in redis systemd limits)
#
+# [*pcs_tries*]
+# (Optional) The number of times pcs commands should be retried.
+# Defaults to hiera('pcs_tries', 20)
+#
class tripleo::profile::pacemaker::database::redis (
$bootstrap_node = hiera('redis_short_bootstrap_node_name'),
$enable_load_balancer = hiera('enable_load_balancer', true),
$step = hiera('step'),
$redis_file_limit = hiera('redis_file_limit', 10240),
+ $pcs_tries = hiera('pcs_tries', 20),
) {
if $::hostname == downcase($bootstrap_node) {
$pacemaker_master = true
@@ -71,14 +76,29 @@ class tripleo::profile::pacemaker::database::redis (
}
}
- if $step >= 2 and $pacemaker_master {
- pacemaker::resource::ocf { 'redis':
- ocf_agent_name => 'heartbeat:redis',
- master_params => '',
- meta_params => 'notify=true ordered=true interleave=true',
- resource_params => 'wait_last_known_master=true',
- op_params => 'start timeout=200s stop timeout=200s',
- require => Class['::redis'],
+ if $step >= 2 {
+ pacemaker::property { 'redis-role-node-property':
+ property => 'redis-role',
+ value => true,
+ tries => $pcs_tries,
+ node => $::hostname,
+ }
+ if $pacemaker_master {
+ pacemaker::resource::ocf { 'redis':
+ ocf_agent_name => 'heartbeat:redis',
+ master_params => '',
+ meta_params => 'notify=true ordered=true interleave=true',
+ resource_params => 'wait_last_known_master=true',
+ op_params => 'start timeout=200s stop timeout=200s',
+ tries => $pcs_tries,
+ location_rule => {
+ resource_discovery => 'exclusive',
+ score => 0,
+ expression => ['redis-role eq true'],
+ },
+ require => [Class['::redis'],
+ Pacemaker::Property['redis-role-node-property']],
+ }
}
}
}
diff --git a/manifests/profile/pacemaker/haproxy.pp b/manifests/profile/pacemaker/haproxy.pp
index b326761..f006f78 100644
--- a/manifests/profile/pacemaker/haproxy.pp
+++ b/manifests/profile/pacemaker/haproxy.pp
@@ -31,10 +31,15 @@
# for more details.
# Defaults to hiera('step')
#
+# [*pcs_tries*]
+# (Optional) The number of times pcs commands should be retried.
+# Defaults to hiera('pcs_tries', 20)
+#
class tripleo::profile::pacemaker::haproxy (
$bootstrap_node = hiera('haproxy_short_bootstrap_node_name'),
$enable_load_balancer = hiera('enable_load_balancer', true),
$step = hiera('step'),
+ $pcs_tries = hiera('pcs_tries', 20),
) {
include ::tripleo::profile::base::haproxy
@@ -50,56 +55,90 @@ class tripleo::profile::pacemaker::haproxy (
}
}
- if $step >= 2 and $pacemaker_master and $enable_load_balancer {
+ if $step >= 2 and $enable_load_balancer {
+ pacemaker::property { 'haproxy-role-node-property':
+ property => 'haproxy-role',
+ value => true,
+ tries => $pcs_tries,
+ node => $::hostname,
+ }
+ if $pacemaker_master {
+ $haproxy_location_rule = {
+ resource_discovery => 'exclusive',
+ score => 0,
+ expression => ['haproxy-role eq true'],
+ }
# FIXME: we should not have to access tripleo::haproxy class
# parameters here to configure pacemaker VIPs. The configuration
# of pacemaker VIPs could move into puppet-tripleo or we should
# make use of less specific hiera parameters here for the settings.
pacemaker::resource::service { 'haproxy':
- op_params => 'start timeout=200s stop timeout=200s',
- clone_params => true,
+ op_params => 'start timeout=200s stop timeout=200s',
+ clone_params => true,
+ location_rule => $haproxy_location_rule,
+ tries => $pcs_tries,
+ require => Pacemaker::Property['haproxy-role-node-property'],
}
$control_vip = hiera('controller_virtual_ip')
tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_control_vip':
- vip_name => 'control',
- ip_address => $control_vip,
+ vip_name => 'control',
+ ip_address => $control_vip,
+ location_rule => $haproxy_location_rule,
+ pcs_tries => $pcs_tries,
+ require => Pacemaker::Property['haproxy-role-node-property'],
}
$public_vip = hiera('public_virtual_ip')
tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_public_vip':
- ensure => $public_vip and $public_vip != $control_vip,
- vip_name => 'public',
- ip_address => $public_vip,
+ ensure => $public_vip and $public_vip != $control_vip,
+ vip_name => 'public',
+ ip_address => $public_vip,
+ location_rule => $haproxy_location_rule,
+ pcs_tries => $pcs_tries,
+ require => Pacemaker::Property['haproxy-role-node-property'],
}
$redis_vip = hiera('redis_vip')
tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_redis_vip':
- ensure => $redis_vip and $redis_vip != $control_vip,
- vip_name => 'redis',
- ip_address => $redis_vip,
+ ensure => $redis_vip and $redis_vip != $control_vip,
+ vip_name => 'redis',
+ ip_address => $redis_vip,
+ location_rule => $haproxy_location_rule,
+ pcs_tries => $pcs_tries,
+ require => Pacemaker::Property['haproxy-role-node-property'],
}
$internal_api_vip = hiera('internal_api_virtual_ip')
tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_internal_api_vip':
- ensure => $internal_api_vip and $internal_api_vip != $control_vip,
- vip_name => 'internal_api',
- ip_address => $internal_api_vip,
+ ensure => $internal_api_vip and $internal_api_vip != $control_vip,
+ vip_name => 'internal_api',
+ ip_address => $internal_api_vip,
+ location_rule => $haproxy_location_rule,
+ pcs_tries => $pcs_tries,
+ require => Pacemaker::Property['haproxy-role-node-property'],
}
$storage_vip = hiera('storage_virtual_ip')
tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_storage_vip':
- ensure => $storage_vip and $storage_vip != $control_vip,
- vip_name => 'storage',
- ip_address => $storage_vip,
+ ensure => $storage_vip and $storage_vip != $control_vip,
+ vip_name => 'storage',
+ ip_address => $storage_vip,
+ location_rule => $haproxy_location_rule,
+ pcs_tries => $pcs_tries,
+ require => Pacemaker::Property['haproxy-role-node-property'],
}
$storage_mgmt_vip = hiera('storage_mgmt_virtual_ip')
tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_storage_mgmt_vip':
- ensure => $storage_mgmt_vip and $storage_mgmt_vip != $control_vip,
- vip_name => 'storage_mgmt',
- ip_address => $storage_mgmt_vip,
+ ensure => $storage_mgmt_vip and $storage_mgmt_vip != $control_vip,
+ vip_name => 'storage_mgmt',
+ ip_address => $storage_mgmt_vip,
+ location_rule => $haproxy_location_rule,
+ pcs_tries => $pcs_tries,
+ require => Pacemaker::Property['haproxy-role-node-property'],
}
+ }
}
}
diff --git a/manifests/profile/pacemaker/manila.pp b/manifests/profile/pacemaker/manila.pp
index 547a86f..7bcf8d6 100644
--- a/manifests/profile/pacemaker/manila.pp
+++ b/manifests/profile/pacemaker/manila.pp
@@ -45,6 +45,10 @@
# for more details.
# Defaults to hiera('step')
#
+# [*pcs_tries*]
+# (Optional) The number of times pcs commands should be retried.
+# Defaults to hiera('pcs_tries', 20)
+#
class tripleo::profile::pacemaker::manila (
$backend_generic_enabled = hiera('manila_backend_generic_enabled', false),
$backend_netapp_enabled = hiera('manila_backend_netapp_enabled', false),
@@ -52,6 +56,7 @@ class tripleo::profile::pacemaker::manila (
$ceph_mds_enabled = hiera('ceph_mds_enabled', false),
$bootstrap_node = hiera('manila_share_short_bootstrap_node_name'),
$step = hiera('step'),
+ $pcs_tries = hiera('pcs_tries', 20),
) {
if $::hostname == downcase($bootstrap_node) {
$pacemaker_master = true
@@ -70,6 +75,15 @@ class tripleo::profile::pacemaker::manila (
include ::tripleo::profile::base::manila::share
+ if $step >= 2 {
+ pacemaker::property { 'manila-share-role-node-property':
+ property => 'manila-share-role',
+ value => true,
+ tries => $pcs_tries,
+ node => $::hostname,
+ }
+ }
+
if $step >= 4 {
# manila generic:
if $backend_generic_enabled {
@@ -185,7 +199,13 @@ allow command \"auth get\", allow command \"auth get-or-create\"',
# only manila-share is pacemaker managed, and in a/p
pacemaker::resource::service { $::manila::params::share_service :
- op_params => 'start timeout=200s stop timeout=200s',
+ op_params => 'start timeout=200s stop timeout=200s',
+ tries => $pcs_tries,
+ location_rule => {
+ resource_discovery => 'exclusive',
+ score => 0,
+ expression => ['manila-share-role eq true'],
+ },
}
}
diff --git a/manifests/profile/pacemaker/rabbitmq.pp b/manifests/profile/pacemaker/rabbitmq.pp
index 85ebe34..f4b679a 100644
--- a/manifests/profile/pacemaker/rabbitmq.pp
+++ b/manifests/profile/pacemaker/rabbitmq.pp
@@ -41,11 +41,16 @@
# for more details.
# Defaults to hiera('step')
#
+# [*pcs_tries*]
+# (Optional) The number of times pcs commands should be retried.
+# Defaults to hiera('pcs_tries', 20)
+#
class tripleo::profile::pacemaker::rabbitmq (
$bootstrap_node = hiera('rabbitmq_short_bootstrap_node_name'),
$erlang_cookie = hiera('rabbitmq::erlang_cookie'),
$user_ha_queues = hiera('rabbitmq::nr_ha_queues', 0),
$rabbit_nodes = hiera('rabbitmq_node_names'),
+ $pcs_tries = hiera('pcs_tries', 20),
$step = hiera('step'),
) {
if $::hostname == downcase($bootstrap_node) {
@@ -72,22 +77,37 @@ class tripleo::profile::pacemaker::rabbitmq (
}
}
- if $step >= 2 and $pacemaker_master {
- include ::stdlib
- # The default nr of ha queues is ceiling(N/2)
- if $user_ha_queues == 0 {
- $nr_rabbit_nodes = size($rabbit_nodes)
- $nr_ha_queues = $nr_rabbit_nodes / 2 + ($nr_rabbit_nodes % 2)
- } else {
- $nr_ha_queues = $user_ha_queues
+ if $step >= 2 {
+ pacemaker::property { 'rabbitmq-role-node-property':
+ property => 'rabbitmq-role',
+ value => true,
+ tries => $pcs_tries,
+ node => $::hostname,
}
- pacemaker::resource::ocf { 'rabbitmq':
- ocf_agent_name => 'heartbeat:rabbitmq-cluster',
- resource_params => "set_policy='ha-all ^(?!amq\\.).* {\"ha-mode\":\"exactly\",\"ha-params\":${nr_ha_queues}}'",
- clone_params => 'ordered=true interleave=true',
- meta_params => 'notify=true',
- op_params => 'start timeout=200s stop timeout=200s',
- require => Class['::rabbitmq'],
+ if $pacemaker_master {
+ include ::stdlib
+ # The default nr of ha queues is ceiling(N/2)
+ if $user_ha_queues == 0 {
+ $nr_rabbit_nodes = size($rabbit_nodes)
+ $nr_ha_queues = $nr_rabbit_nodes / 2 + ($nr_rabbit_nodes % 2)
+ } else {
+ $nr_ha_queues = $user_ha_queues
+ }
+ pacemaker::resource::ocf { 'rabbitmq':
+ ocf_agent_name => 'heartbeat:rabbitmq-cluster',
+ resource_params => "set_policy='ha-all ^(?!amq\\.).* {\"ha-mode\":\"exactly\",\"ha-params\":${nr_ha_queues}}'",
+ clone_params => 'ordered=true interleave=true',
+ meta_params => 'notify=true',
+ op_params => 'start timeout=200s stop timeout=200s',
+ tries => $pcs_tries,
+ location_rule => {
+ resource_discovery => 'exclusive',
+ score => 0,
+ expression => ['rabbitmq-role eq true'],
+ },
+ require => [Class['::rabbitmq'],
+ Pacemaker::Property['rabbitmq-role-node-property']],
+ }
}
}
}
diff --git a/metadata.json b/metadata.json
index 308c63a..0db84c7 100644
--- a/metadata.json
+++ b/metadata.json
@@ -1,6 +1,6 @@
{
"name": "openstack-tripleo",
- "version": "6.1.0",
+ "version": "6.2.0",
"author": "OpenStack Contributors",
"summary": "Puppet module for TripleO",
"license": "Apache-2.0",
diff --git a/releasenotes/notes/nova_cells_setup-2c3e3344d8adcc26.yaml b/releasenotes/notes/nova_cells_setup-2c3e3344d8adcc26.yaml
new file mode 100644
index 0000000..79439b2
--- /dev/null
+++ b/releasenotes/notes/nova_cells_setup-2c3e3344d8adcc26.yaml
@@ -0,0 +1,3 @@
+---
+features:
+ - Configure the basic cells setup for Nova, now required in Ocata.
diff --git a/releasenotes/notes/puppet-auditd-0f6cbd6a2d193aac.yaml b/releasenotes/notes/puppet-auditd-0f6cbd6a2d193aac.yaml
new file mode 100644
index 0000000..9eb7c79
--- /dev/null
+++ b/releasenotes/notes/puppet-auditd-0f6cbd6a2d193aac.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - Adds the ability to manage auditd.service and enter audit.rules
+
diff --git a/releasenotes/source/conf.py b/releasenotes/source/conf.py
index be2f5ce..5cc0c41 100644
--- a/releasenotes/source/conf.py
+++ b/releasenotes/source/conf.py
@@ -52,9 +52,9 @@ copyright = u'2016, Puppet TripleO Developers'
# built documents.
#
# The short X.Y version.
-version = '6.0.0'
+version = '6.2.0'
# The full version, including alpha/beta/rc tags.
-release = '6.0.0'
+release = '6.2.0'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
diff --git a/spec/classes/tripleo_profile_base_nova_api_spec.rb b/spec/classes/tripleo_profile_base_nova_api_spec.rb
index 4aa7367..f930342 100644
--- a/spec/classes/tripleo_profile_base_nova_api_spec.rb
+++ b/spec/classes/tripleo_profile_base_nova_api_spec.rb
@@ -53,11 +53,8 @@ eos
it {
is_expected.to contain_class('tripleo::profile::base::nova::api')
is_expected.to contain_class('tripleo::profile::base::nova')
- #TODO(emilien): enable it again when it's fixed upstream in nova
- # https://bugs.launchpad.net/tripleo/+bug/1649341
- # is_expected.to contain_class('nova::db::sync_cell_v2').with(
- # :transport_url => 'rabbit://nova:foo@localhost:5672/?ssl=0')
- # is_expected.to contain_class('nova::keystone::authtoken')
+ is_expected.to contain_class('nova::cell_v2::simple_setup')
+ is_expected.to contain_class('nova::keystone::authtoken')
is_expected.to contain_class('nova::api')
is_expected.to contain_class('nova::wsgi::apache_api')
is_expected.to contain_class('nova::network::neutron')
diff --git a/spec/classes/tripleo_profile_base_octavia_api_spec.rb b/spec/classes/tripleo_profile_base_octavia_api_spec.rb
index d916a32..e94e00c 100644
--- a/spec/classes/tripleo_profile_base_octavia_api_spec.rb
+++ b/spec/classes/tripleo_profile_base_octavia_api_spec.rb
@@ -40,6 +40,9 @@ describe 'tripleo::profile::base::octavia::api' do
class { 'octavia::db::mysql':
password => 'some_password'
}
+ class { 'octavia::keystone::authtoken':
+ password => 'some_password'
+ }
eos
end
diff --git a/spec/classes/tripleo_profile_pacemaker_ceph_rbdmirror_spec.rp b/spec/classes/tripleo_profile_pacemaker_ceph_rbdmirror_spec.rp
new file mode 100644
index 0000000..4df0a09
--- /dev/null
+++ b/spec/classes/tripleo_profile_pacemaker_ceph_rbdmirror_spec.rp
@@ -0,0 +1,64 @@
+#
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::pacemaker::ceph::rbdmirror' do
+ shared_examples_for 'tripleo::profile::pacemaker::ceph::rbdmirror' do
+ let (:pre_condition) do
+ <<-eof
+ class { '::tripleo::profile::base::ceph':
+ step => #{params[:step]}
+ }
+ eof
+ end
+
+ context 'with step less than 3' do
+ let(:params) { { :step => 2 } }
+ it 'should do nothing' do
+ is_expected.to contain_class('tripleo::profile::base::ceph')
+ is_expected.to_not contain_class('ceph::mirror')
+ end
+ end
+
+ context 'with step 3 and client_name' do
+ let(:params) { {
+ :step => 3,
+ :client_name => 'myname',
+ } }
+
+ it 'should include rbdmirror configuration' do
+ is_expected.to contain_class('tripleo::profile::base::ceph')
+ is_expected.to contain_class('ceph::rbdmirror').with(
+ :rbd_mirror_enable => false,
+ :rbd_mirror_ensure => 'stopped',
+ )
+ is_expected.to contain_class('pacemaker::resource::service')
+ end
+ end
+
+ end
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let(:facts) do
+ facts.merge({ :hostname => 'node.example.com' })
+ end
+
+ it_behaves_like 'tripleo::profile::pacemaker::ceph::rbdmirror'
+ end
+ end
+end
diff --git a/spec/functions/ip_to_erl_format_spec.rb b/spec/functions/ip_to_erl_format_spec.rb
new file mode 100644
index 0000000..b587164
--- /dev/null
+++ b/spec/functions/ip_to_erl_format_spec.rb
@@ -0,0 +1,11 @@
+require 'spec_helper'
+require 'puppet'
+
+describe 'ip_to_erl_format' do
+ it { should run.with_params('192.168.2.1').and_return('{192,168,2,1}') }
+ it { should run.with_params('0.0.0.0').and_return('{0,0,0,0}') }
+ it { should run.with_params('5a40:79cf:8251:5dc5:1624:3c03:3c04:9ba8').and_return('{23104,31183,33361,24005,5668,15363,15364,39848}') }
+ it { should run.with_params('fe80::204:acff:fe17:bf38').and_return('{65152,0,0,0,516,44287,65047,48952}') }
+ it { should run.with_params('::1:2').and_return('{0,0,0,0,0,0,1,2}') }
+ it { should run.with_params('192.256.0.0').and_raise_error(IPAddr::InvalidAddressError) }
+end