diff options
52 files changed, 3168 insertions, 574 deletions
@@ -1 +1,7 @@ require 'puppet-openstack_spec_helper/rake_tasks' + +# We disable the unquoted node name check because puppet-pacemaker node +# properies make use of attributes called 'node' and puppet-lint breaks on +# them: https://github.com/rodjek/puppet-lint/issues/501 +# We are not using site.pp with nodes so this is safe. +PuppetLint.configuration.send('disable_unquoted_node_name') diff --git a/lib/puppet/parser/functions/ip_to_erl_format.rb b/lib/puppet/parser/functions/ip_to_erl_format.rb new file mode 100644 index 0000000..4c066b9 --- /dev/null +++ b/lib/puppet/parser/functions/ip_to_erl_format.rb @@ -0,0 +1,31 @@ +require 'ipaddr' + +# Custom function to convert an IP4/6 address from a string to the +# erlang inet kernel format. +# For example from "172.17.0.16" to {172,17,0,16} +# See http://erlang.org/doc/man/kernel_app.html and http://erlang.org/doc/man/inet.html +# for more information. +module Puppet::Parser::Functions + newfunction(:ip_to_erl_format, :type => :rvalue, :doc => "Convert an IP address to the erlang inet format.") do |arg| + if arg[0].class != String + raise Puppet::ParseError, "Syntax error: #{arg[0]} must be a String" + end + ip = IPAddr.new arg[0] + output = '{' + if ip.ipv6? + split_char = ':' + base = 16 + else + split_char = '.' + base = 10 + end + # to_string() prints the canonicalized form + ip.to_string().split(split_char).each { + |x| output += x.to_i(base).to_s + ',' + } + # Remove the last spurious comma + output = output.chomp(',') + output += '}' + return output + end +end diff --git a/lib/puppet/parser/functions/noop_resource.rb b/lib/puppet/parser/functions/noop_resource.rb new file mode 100644 index 0000000..921eb5d --- /dev/null +++ b/lib/puppet/parser/functions/noop_resource.rb @@ -0,0 +1,53 @@ +# Copyright 2017 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Author: Dan Prince <dprince@redhat.com> +# +# A function to create noop providers (set as the default) for the named +# resource. This works alongside of 'puppet apply --tags' to disable +# some custom resource types that still attempt to run commands during +# prefetch, etc. +class Puppet::Provider::Noop < Puppet::Provider + + def create + true + end + + def destroy + true + end + + def exists? + false + end + + # some puppet-keystone resources require this + def self.resource_to_name(domain, name, check_for_default = true) + return name + end + +end + +module Puppet::Parser::Functions + newfunction(:noop_resource, :type => :rvalue, :doc => "Create a default noop provider for the specified resource.") do |arg| + if arg[0].class == String + Puppet::Type.type(arg[0].downcase.to_sym).provide(:noop, :parent => Puppet::Provider::Noop) do + defaultfor :osfamily => :redhat + end + else + end + return true + end +end diff --git a/manifests/certmonger/mysql.pp b/manifests/certmonger/mysql.pp index 9cb6b13..dd9b184 100644 --- a/manifests/certmonger/mysql.pp +++ b/manifests/certmonger/mysql.pp @@ -45,7 +45,7 @@ class tripleo::certmonger::mysql ( include ::certmonger include ::mysql::params - $postsave_cmd = "systemctl reload ${::mysql::params::service_name}" + $postsave_cmd = "systemctl reload ${::mysql::params::server_service_name}" certmonger_certificate { 'mysql' : ensure => 'present', certfile => $service_certificate, @@ -69,6 +69,6 @@ class tripleo::certmonger::mysql ( require => Certmonger_certificate['mysql'], } - File[$service_certificate] ~> Service<| title == $::mysql::params::service_name |> - File[$service_key] ~> Service<| title == $::mysql::params::service_name |> + File[$service_certificate] ~> Service<| title == $::mysql::params::server_service_name |> + File[$service_key] ~> Service<| title == $::mysql::params::server_service_name |> } diff --git a/manifests/firewall/pre.pp b/manifests/firewall/pre.pp index 7af7fbc..39120d9 100644 --- a/manifests/firewall/pre.pp +++ b/manifests/firewall/pre.pp @@ -54,4 +54,10 @@ class tripleo::firewall::pre( extras => $firewall_settings, } + tripleo::firewall::rule{ '004 accept ipv6 dhcpv6': + dport => '546', + proto => 'udp', + state => ['NEW'], + destination => 'fe80::/64', + } } diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index 2fa02c9..e1c44ee 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -64,6 +64,26 @@ # Can be a string or an array. # Defaults to undef # +# [*contrail_config_hosts*] +# (optional) Specify the contrail config hosts ips. +# Defaults to hiera('contrail_config_node_ips') +# +# [*contrail_config_hosts_names*] +# (optional) Specify the contrail config hosts. +# Defaults to hiera('contrail_config_node_ips') +# +# [*contrail_config*] +# (optional) Switch to check that contrail config is enabled. +# Defaults to hiera('contrail_config_enabled') +# +# [*contrail_webui*] +# (optional) Switch to check that contrail config is enabled. +# Defaults to hiera('contrail_webui_enabled') +# +# [*contrail_analytics*] +# (optional) Switch to check that contrail config is enabled. +# Defaults to hiera('contrail_analytics_enabled') +# # [*public_virtual_ip*] # Public IP or group of IPs to bind the pools # Can be a string or an array. @@ -143,6 +163,10 @@ # (optional) Enable or not Cinder API binding # Defaults to hiera('cinder_api_enabled', false) # +# [*congress*] +# (optional) Enable or not Congress API binding +# Defaults to hiera('congress_enabled', false) +# # [*manila*] # (optional) Enable or not Manila API binding # Defaults to hiera('manila_api_enabled', false) @@ -151,6 +175,10 @@ # (optional) Enable or not Sahara API binding # defaults to hiera('sahara_api_enabled', false) # +# [*tacker*] +# (optional) Enable or not Tacker API binding +# Defaults to hiera('tacker_enabled', false) +# # [*trove*] # (optional) Enable or not Trove API binding # defaults to hiera('trove_api_enabled', false) @@ -159,10 +187,6 @@ # (optional) Enable or not Glance API binding # Defaults to hiera('glance_api_enabled', false) # -# [*glance_registry*] -# (optional) Enable or not Glance registry binding -# Defaults to hiera('glance_registry_enabled', false) -# # [*nova_osapi*] # (optional) Enable or not Nova API binding # Defaults to hiera('nova_api_enabled', false) @@ -179,6 +203,14 @@ # (optional) Enable or not Nova novncproxy binding # Defaults to hiera('nova_vnc_proxy_enabled', false) # +# [*ec2_api*] +# (optional) Enable or not EC2 API binding +# Defaults to hiera('ec2_api_enabled', false) +# +# [*ec2_api_metadata*] +# (optional) Enable or not EC2 API metadata binding +# Defaults to hiera('ec2_api_enabled', false) +# # [*ceilometer*] # (optional) Enable or not Ceilometer API binding # Defaults to hiera('ceilometer_api_enabled', false) @@ -316,6 +348,10 @@ # (optional) Specify the network cinder is running on. # Defaults to hiera('cinder_api_network', undef) # +# [*congress_network*] +# (optional) Specify the network congress is running on. +# Defaults to hiera('congress_api_network', undef) +# # [*docker_registry_network*] # (optional) Specify the network docker-registry is running on. # Defaults to hiera('docker_registry_network', undef) @@ -324,10 +360,6 @@ # (optional) Specify the network glance_api is running on. # Defaults to hiera('glance_api_network', undef) # -# [*glance_registry_network*] -# (optional) Specify the network glance_registry is running on. -# Defaults to hiera('glance_registry_network', undef) -# # [*gnocchi_network*] # (optional) Specify the network gnocchi is running on. # Defaults to hiera('gnocchi_api_network', undef) @@ -388,6 +420,14 @@ # (optional) Specify the network nova_placement is running on. # Defaults to hiera('nova_placement_network', undef) # +# [*ec2_api_network*] +# (optional) Specify the network ec2_api is running on. +# Defaults to hiera('ec2_api_network', undef) +# +# [*ec2_api_metadata_network*] +# (optional) Specify the network ec2_api_metadata is running on. +# Defaults to hiera('ec2_api_network', undef) +# # [*opendaylight_network*] # (optional) Specify the network opendaylight is running on. # Defaults to hiera('opendaylight_api_network', undef) @@ -408,6 +448,10 @@ # (optional) Specify the network swift_proxy_server is running on. # Defaults to hiera('swift_proxy_network', undef) # +# [*tacker_network*] +# (optional) Specify the network tacker is running on. +# Defaults to hiera('tacker_api_network', undef) +# # [*trove_network*] # (optional) Specify the network trove is running on. # Defaults to hiera('trove_api_network', undef) @@ -431,7 +475,6 @@ # 'docker_registry_ssl_port' (Defaults to 13787) # 'glance_api_port' (Defaults to 9292) # 'glance_api_ssl_port' (Defaults to 13292) -# 'glance_registry_port' (Defaults to 9191) # 'gnocchi_api_port' (Defaults to 8041) # 'gnocchi_api_ssl_port' (Defaults to 13041) # 'mistral_api_port' (Defaults to 8989) @@ -496,6 +539,11 @@ class tripleo::haproxy ( $haproxy_stats_password = undef, $controller_hosts = hiera('controller_node_ips'), $controller_hosts_names = hiera('controller_node_names', undef), + $contrail_config_hosts = hiera('contrail_config_node_ips', undef), + $contrail_config_hosts_names = hiera('contrail_config_node_names', undef), + $contrail_analytics = hiera('contrail_analytics_enabled', false), + $contrail_config = hiera('contrail_config_enabled', false), + $contrail_webui = hiera('contrail_webui_enabled', false), $service_certificate = undef, $use_internal_certificates = false, $internal_certificates_specs = {}, @@ -508,15 +556,18 @@ class tripleo::haproxy ( $keystone_public = hiera('keystone_enabled', false), $neutron = hiera('neutron_api_enabled', false), $cinder = hiera('cinder_api_enabled', false), + $congress = hiera('congress_enabled', false), $manila = hiera('manila_api_enabled', false), $sahara = hiera('sahara_api_enabled', false), + $tacker = hiera('tacker_enabled', false), $trove = hiera('trove_api_enabled', false), $glance_api = hiera('glance_api_enabled', false), - $glance_registry = hiera('glance_registry_enabled', false), $nova_osapi = hiera('nova_api_enabled', false), $nova_placement = hiera('nova_placement_enabled', false), $nova_metadata = hiera('nova_api_enabled', false), $nova_novncproxy = hiera('nova_vnc_proxy_enabled', false), + $ec2_api = hiera('ec2_api_enabled', false), + $ec2_api_metadata = hiera('ec2_api_enabled', false), $ceilometer = hiera('ceilometer_api_enabled', false), $aodh = hiera('aodh_api_enabled', false), $panko = hiera('panko_api_enabled', false), @@ -550,9 +601,9 @@ class tripleo::haproxy ( $ceilometer_network = hiera('ceilometer_api_network', undef), $ceph_rgw_network = hiera('ceph_rgw_network', undef), $cinder_network = hiera('cinder_api_network', undef), + $congress_network = hiera('congress_api_network', undef), $docker_registry_network = hiera('docker_registry_network', undef), $glance_api_network = hiera('glance_api_network', undef), - $glance_registry_network = hiera('glance_registry_network', undef), $gnocchi_network = hiera('gnocchi_api_network', undef), $heat_api_network = hiera('heat_api_network', undef), $heat_cfn_network = hiera('heat_api_cfn_network', undef), @@ -570,8 +621,11 @@ class tripleo::haproxy ( $nova_placement_network = hiera('nova_placement_network', undef), $panko_network = hiera('panko_api_network', undef), $ovn_dbs_network = hiera('ovn_dbs_network', undef), + $ec2_api_network = hiera('ec2_api_network', undef), + $ec2_api_metadata_network = hiera('ec2_api_network', undef), $sahara_network = hiera('sahara_api_network', undef), $swift_proxy_server_network = hiera('swift_proxy_network', undef), + $tacker_network = hiera('tacker_api_network', undef), $trove_network = hiera('trove_api_network', undef), $zaqar_api_network = hiera('zaqar_api_network', undef), $service_ports = {} @@ -585,11 +639,20 @@ class tripleo::haproxy ( ceilometer_api_ssl_port => 13777, cinder_api_port => 8776, cinder_api_ssl_port => 13776, + congress_api_port => 1789, + congress_api_ssl_port => 13789, + contrail_config_port => 8082, + contrail_config_ssl_port => 18082, + contrail_discovery_port => 5998, + contrail_discovery_ssl_port => 15998, + contrail_analytics_port => 8090, + contrail_analytics_ssl_port => 18090, + contrail_webui_http_port => 8080, + contrail_webui_https_port => 8143, docker_registry_port => 8787, docker_registry_ssl_port => 13787, glance_api_port => 9292, glance_api_ssl_port => 13292, - glance_registry_port => 9191, gnocchi_api_port => 8041, gnocchi_api_ssl_port => 13041, mistral_api_port => 8989, @@ -625,10 +688,15 @@ class tripleo::haproxy ( panko_api_ssl_port => 13779, ovn_nbdb_port => 6641, ovn_sbdb_port => 6642, + ec2_api_port => 8788, + ec2_api_ssl_port => 13788, + ec2_api_metadata_port => 8789, sahara_api_port => 8386, sahara_api_ssl_port => 13386, swift_proxy_port => 8080, swift_proxy_ssl_port => 13808, + tacker_api_port => 9890, + tacker_api_ssl_port => 13989, trove_api_port => 8779, trove_api_ssl_port => 13779, ui_port => 3000, @@ -840,6 +908,7 @@ class tripleo::haproxy ( }, public_ssl_port => $ports[neutron_api_ssl_port], service_network => $neutron_network, + member_options => union($haproxy_member_options, $internal_tls_member_options), } } @@ -862,6 +931,24 @@ class tripleo::haproxy ( } } + if $congress { + ::tripleo::haproxy::endpoint { 'congress': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('congress_api_vip', $controller_virtual_ip), + service_port => $ports[congress_api_port], + ip_addresses => hiera('congress_node_ips', $controller_hosts_real), + server_names => hiera('congress_api_node_names', $controller_hosts_names_real), + mode => 'http', + listen_options => { + 'http-request' => [ + 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], + }, + public_ssl_port => $ports[congress_api_ssl_port], + service_network => $congress_network, + } + } + if $manila { ::tripleo::haproxy::endpoint { 'manila': public_virtual_ip => $public_virtual_ip, @@ -892,6 +979,24 @@ class tripleo::haproxy ( } } + if $tacker { + ::tripleo::haproxy::endpoint { 'tacker': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('tacker_api_vip', $controller_virtual_ip), + service_port => $ports[tacker_api_port], + ip_addresses => hiera('tacker_node_ips', $controller_hosts_real), + server_names => hiera('tacker_api_node_names', $controller_hosts_names_real), + mode => 'http', + listen_options => { + 'http-request' => [ + 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], + }, + public_ssl_port => $ports[tacker_api_ssl_port], + service_network => $tacker_network, + } + } + if $trove { ::tripleo::haproxy::endpoint { 'trove': public_virtual_ip => $public_virtual_ip, @@ -919,16 +1024,7 @@ class tripleo::haproxy ( 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], }, service_network => $glance_api_network, - } - } - - if $glance_registry { - ::tripleo::haproxy::endpoint { 'glance_registry': - internal_ip => hiera('glance_registry_vip', $controller_virtual_ip), - service_port => $ports[glance_registry_port], - ip_addresses => hiera('glance_registry_node_ips', $controller_hosts_real), - server_names => hiera('glance_registry_node_names', $controller_hosts_names_real), - service_network => $glance_registry_network, + member_options => union($haproxy_member_options, $internal_tls_member_options), } } @@ -998,6 +1094,34 @@ class tripleo::haproxy ( } } + if $ec2_api { + ::tripleo::haproxy::endpoint { 'ec2_api': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('ec2_api_vip', $controller_virtual_ip), + service_port => $ports[ec2_api_port], + ip_addresses => hiera('ec2_api_node_ips', $controller_hosts_real), + server_names => hiera('ec2_api_node_names', $controller_hosts_names_real), + mode => 'http', + listen_options => { + 'http-request' => [ + 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], + }, + public_ssl_port => $ports[ec2_api_ssl_port], + service_network => $ec2_api_network, + } + } + + if $ec2_api_metadata { + ::tripleo::haproxy::endpoint { 'ec2_api_metadata': + internal_ip => hiera('ec2_api_vip', $controller_virtual_ip), + service_port => $ports[ec2_api_metadata_port], + ip_addresses => hiera('ec2_api_node_ips', $controller_hosts_real), + server_names => hiera('ec2_api_node_names', $controller_hosts_names_real), + service_network => $ec2_api_metadata_network, + } + } + if $ceilometer { ::tripleo::haproxy::endpoint { 'ceilometer': public_virtual_ip => $public_virtual_ip, @@ -1250,6 +1374,15 @@ class tripleo::haproxy ( server_names => hiera('mysql_node_names', $controller_hosts_names_real), options => $mysql_member_options_real, } + if hiera('manage_firewall', true) { + include ::tripleo::firewall + $mysql_firewall_rules = { + '100 mysql_haproxy' => { + 'dport' => 3306, + } + } + create_resources('tripleo::firewall::rule', $mysql_firewall_rules) + } } if $rabbitmq { @@ -1326,6 +1459,15 @@ class tripleo::haproxy ( server_names => hiera('redis_node_names', $controller_hosts_names_real), options => $haproxy_member_options, } + if hiera('manage_firewall', true) { + include ::tripleo::firewall + $redis_firewall_rules = { + '100 redis_haproxy' => { + 'dport' => 6379, + } + } + create_resources('tripleo::firewall::rule', $redis_firewall_rules) + } } $midonet_cluster_vip = hiera('midonet_cluster_vip', $controller_virtual_ip) @@ -1452,5 +1594,50 @@ class tripleo::haproxy ( public_ssl_port => $ports[ui_ssl_port], } } - + if $contrail_config { + ::tripleo::haproxy::endpoint { 'contrail_config': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_config_vip', $controller_virtual_ip), + service_port => $ports[contrail_config_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_config_ssl_port], + } + ::tripleo::haproxy::endpoint { 'contrail_discovery': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_config_vip', $controller_virtual_ip), + service_port => $ports[contrail_discovery_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_discovery_ssl_port], + } + } + if $contrail_analytics { + ::tripleo::haproxy::endpoint { 'contrail_analytics': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_analytics_vip', $controller_virtual_ip), + service_port => $ports[contrail_analytics_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_analytics_ssl_port], + } + } + if $contrail_webui { + ::tripleo::haproxy::endpoint { 'contrail_webui_http': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_webui_vip', $controller_virtual_ip), + service_port => $ports[contrail_webui_http_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_webui_http_port], + } + ::tripleo::haproxy::endpoint { 'contrail_webui_https': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_webui_vip', $controller_virtual_ip), + service_port => $ports[contrail_webui_https_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_webui_https_port], + } + } } diff --git a/manifests/keepalived.pp b/manifests/keepalived.pp index 0e9262d..a6d5832 100644 --- a/manifests/keepalived.pp +++ b/manifests/keepalived.pp @@ -113,10 +113,15 @@ class tripleo::keepalived ( if $internal_api_virtual_ip and $internal_api_virtual_ip != $controller_virtual_ip { $internal_api_virtual_interface = interface_for_ip($internal_api_virtual_ip) + if is_ipv6_address($internal_api_virtual_ip) { + $internal_api_virtual_netmask = '64' + } else { + $internal_api_virtual_netmask = '32' + } # KEEPALIVE INTERNAL API NETWORK keepalived::instance { '53': interface => $internal_api_virtual_interface, - virtual_ips => [join([$internal_api_virtual_ip, ' dev ', $internal_api_virtual_interface])], + virtual_ips => [join(["${internal_api_virtual_ip}/${internal_api_virtual_netmask}", ' dev ', $internal_api_virtual_interface])], state => 'MASTER', track_script => ['haproxy'], priority => 101, @@ -125,10 +130,15 @@ class tripleo::keepalived ( if $storage_virtual_ip and $storage_virtual_ip != $controller_virtual_ip { $storage_virtual_interface = interface_for_ip($storage_virtual_ip) + if is_ipv6_address($storage_virtual_ip) { + $storage_virtual_netmask = '64' + } else { + $storage_virtual_netmask = '32' + } # KEEPALIVE STORAGE NETWORK keepalived::instance { '54': interface => $storage_virtual_interface, - virtual_ips => [join([$storage_virtual_ip, ' dev ', $storage_virtual_interface])], + virtual_ips => [join(["${storage_virtual_ip}/${storage_virtual_netmask}", ' dev ', $storage_virtual_interface])], state => 'MASTER', track_script => ['haproxy'], priority => 101, @@ -137,10 +147,15 @@ class tripleo::keepalived ( if $storage_mgmt_virtual_ip and $storage_mgmt_virtual_ip != $controller_virtual_ip { $storage_mgmt_virtual_interface = interface_for_ip($storage_mgmt_virtual_ip) + if is_ipv6_address($storage_mgmt_virtual_ip) { + $storage_mgmt_virtual_netmask = '64' + } else { + $storage_mgmt_virtual_netmask = '32' + } # KEEPALIVE STORAGE MANAGEMENT NETWORK keepalived::instance { '55': interface => $storage_mgmt_virtual_interface, - virtual_ips => [join([$storage_mgmt_virtual_ip, ' dev ', $storage_mgmt_virtual_interface])], + virtual_ips => [join(["${storage_mgmt_virtual_ip}/${storage_mgmt_virtual_netmask}", ' dev ', $storage_mgmt_virtual_interface])], state => 'MASTER', track_script => ['haproxy'], priority => 101, @@ -149,10 +164,15 @@ class tripleo::keepalived ( if $redis_virtual_ip and $redis_virtual_ip != $controller_virtual_ip { $redis_virtual_interface = interface_for_ip($redis_virtual_ip) + if is_ipv6_address($redis_virtual_ip) { + $redis_virtual_netmask = '64' + } else { + $redis_virtual_netmask = '32' + } # KEEPALIVE STORAGE MANAGEMENT NETWORK keepalived::instance { '56': interface => $redis_virtual_interface, - virtual_ips => [join([$redis_virtual_ip, ' dev ', $redis_virtual_interface])], + virtual_ips => [join(["${redis_virtual_ip}/${redis_virtual_netmask}", ' dev ', $redis_virtual_interface])], state => 'MASTER', track_script => ['haproxy'], priority => 101, diff --git a/manifests/network/contrail/analytics.pp b/manifests/network/contrail/analytics.pp index 4359a43..e34c7e6 100644 --- a/manifests/network/contrail/analytics.pp +++ b/manifests/network/contrail/analytics.pp @@ -43,6 +43,21 @@ # String value. # Defaults to hiera('contrail::admin_user') # +# [*api_server*] +# (optional) IP address of api server +# String value. +# Defaults to hiera('contrail_config_vip') +# +# [*api_port*] +# (optional) port of api server +# String value. +# Defaults to hiera('contrail::api_port') +# +# [*analytics_aaa_mode*] +# (optional) analytics aaa mode parameter +# String value. +# Defaults to hiera('contrail::analytics_aaa_mode') +# # [*auth_host*] # (optional) keystone server ip address # String (IPv4) value. @@ -53,11 +68,26 @@ # Integer value. # Defaults to hiera('contrail::auth_port') # +# [*auth_port_ssl*] +# (optional) keystone ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl') +# # [*auth_protocol*] # (optional) authentication protocol. # String value. # Defaults to hiera('contrail::auth_protocol') # +# [*ca_file*] +# (optional) ca file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*cert_file*] +# (optional) cert file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# # [*cassandra_server_list*] # (optional) List IPs+port of Cassandra servers # Array of strings value. @@ -76,7 +106,7 @@ # [*disc_server_ip*] # (optional) IPv4 address of discovery server. # String (IPv4) value. -# Defaults to hiera('contrail::disc_server_ip') +# Defaults to hiera('contrail_config_vip') # # [*disc_server_port*] # (optional) port Discovery server listens on. @@ -103,6 +133,31 @@ # String (IPv4) value + port # Defaults to hiera('contrail::memcached_server') # +# [*public_vip*] +# (optional) Public virtual IP address +# String (IPv4) value +# Defaults to hiera('public_virtual_ip') +# +# [*rabbit_server*] +# (optional) IPv4 addresses of rabbit server. +# Array of String (IPv4) value. +# Defaults to hiera('rabbitmq_node_ips') +# +# [*rabbit_user*] +# (optional) Rabbit user +# String value. +# Defaults to hiera('contrail::rabbit_user') +# +# [*rabbit_password*] +# (optional) Rabbit password +# String value. +# Defaults to hiera('contrail::rabbit_password') +# +# [*rabbit_port*] +# (optional) port of rabbit server +# String value. +# Defaults to hiera('contrail::rabbit_port') +# # [*redis_server*] # (optional) IPv4 address of redis server. # String (IPv4) value. @@ -123,123 +178,209 @@ # Integer value. # Defaults to 8081 # +# [*step*] +# (optional) Step stack is in +# Integer value. +# Defaults to hiera('step') +# # [*zk_server_ip*] # (optional) List IPs+port of Zookeeper servers # Array of strings value. # Defaults to hiera('contrail::zk_server_ip') # class tripleo::network::contrail::analytics( - $host_ip, - $admin_password = hiera('contrail::admin_password'), - $admin_tenant_name = hiera('contrail::admin_tenant_name'), - $admin_token = hiera('contrail::admin_token'), - $admin_user = hiera('contrail::admin_user'), - $auth_host = hiera('contrail::auth_host'), - $auth_port = hiera('contrail::auth_port'), - $auth_protocol = hiera('contrail::auth_protocol'), - $cassandra_server_list = hiera('contrail::cassandra_server_list'), - $collector_http_server_port = 8089, - $collector_sandesh_port = 8086, - $disc_server_ip = hiera('contrail::disc_server_ip'), - $disc_server_port = hiera('contrail::disc_server_port'), - $http_server_port = 8090, - $insecure = hiera('contrail::insecure'), - $kafka_broker_list = hiera('contrail::kafka_broker_list'), - $memcached_servers = hiera('contrail::memcached_server'), - $redis_server = '127.0.0.1', - $redis_server_port = 6379, - $rest_api_ip = '0.0.0.0', - $rest_api_port = 8081, - $zk_server_ip = hiera('contrail::zk_server_ip'), + $step = hiera('step'), + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $api_server = hiera('contrail_config_vip'), + $api_port = hiera('contrail::api_port'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_protocol = hiera('contrail::auth_protocol'), + $auth_port_ssl = hiera('contrail::auth_port_ssl'), + $analytics_aaa_mode = hiera('contrail::analytics_aaa_mode'), + $cassandra_server_list = hiera('contrail_analytics_database_node_ips'), + $ca_file = hiera('contrail::service_certificate',false), + $cert_file = hiera('contrail::service_certificate',false), + $collector_http_server_port = hiera('contrail::analytics::collector_http_server_port'), + $collector_sandesh_port = hiera('contrail::analytics::collector_sandesh_port'), + $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $http_server_port = hiera('contrail::analytics::http_server_port'), + $host_ip = hiera('contrail::analytics::host_ip'), + $insecure = hiera('contrail::insecure'), + $kafka_broker_list = hiera('contrail_analytics_database_node_ips'), + $memcached_servers = hiera('contrail::memcached_server'), + $public_vip = hiera('public_virtual_ip'), + $rabbit_server = hiera('rabbitmq_node_ips'), + $rabbit_user = hiera('contrail::rabbit_user'), + $rabbit_password = hiera('contrail::rabbit_password'), + $rabbit_port = hiera('contrail::rabbit_port'), + $redis_server = hiera('contrail::analytics::redis_server'), + $redis_server_port = hiera('contrail::analytics::redis_server_port'), + $rest_api_ip = hiera('contrail::analytics::rest_api_ip'), + $rest_api_port = hiera('contrail::analytics::rest_api_port'), + $zk_server_ip = hiera('contrail_database_node_ips'), ) { - class {'::contrail::keystone': - keystone_config => { - 'KEYSTONE' => { + $cassandra_server_list_9042 = join([join($cassandra_server_list, ':9042 '),':9042'],'') + $kafka_broker_list_9092 = join([join($kafka_broker_list, ':9092 '),':9092'],'') + $rabbit_server_list_5672 = join([join($rabbit_server, ":${rabbit_port},"),":${rabbit_port}"],'') + $redis_config = "bind ${host_ip} 127.0.0.1" + $zk_server_ip_2181 = join([join($zk_server_ip, ':2181 '),':2181'],'') + $zk_server_ip_2181_comma = join([join($zk_server_ip, ':2181,'),':2181'],'') + + if $auth_protocol == 'https' { + $keystone_config = { 'admin_password' => $admin_password, 'admin_tenant_name' => $admin_tenant_name, - 'admin_token' => $admin_token, 'admin_user' => $admin_user, 'auth_host' => $auth_host, - 'auth_port' => $auth_port, + 'auth_port' => $auth_port_ssl, 'auth_protocol' => $auth_protocol, 'insecure' => $insecure, - 'memcached_servers' => $memcached_servers, - }, - }, - } -> - class {'::contrail::analytics': - analytics_api_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'host_ip' => $host_ip, - 'http_server_port' => $http_server_port, - 'redis_server' => $redis_server, - 'rest_api_ip' => $rest_api_ip, - 'rest_api_port' => $rest_api_port, - }, - 'DISCOVERY' => { - 'disc_server_ip' => $disc_server_ip, - 'disc_server_port' => $disc_server_port, - }, - 'REDIS' => { - 'redis_server_port' => $redis_server_port, - 'redis_query_port' => $redis_server_port, - 'server' => $redis_server, - }, - }, - collector_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'disc_server_ip' => $disc_server_ip, - 'hostip' => $host_ip, - 'http_server_port' => $collector_http_server_port, - 'kafka_broker_list' => $kafka_broker_list, - 'zookeeper_server_list' => $zk_server_ip, - }, - 'COLLECTOR' => { - 'port' => $collector_sandesh_port, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, + 'AUTHN_PORT' => $auth_port_ssl, + 'AUTHN_PROTOCOL' => $auth_protocol, + 'certfile' => $cert_file, + 'cafile' => $ca_file, }, - 'DISCOVERY' => { - 'port' => $disc_server_port, - 'server' => $disc_server_ip, + } + } else { + $keystone_config = { + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_user' => $admin_user, + 'auth_host' => $auth_host, + 'auth_port' => $auth_port, + 'auth_protocol' => $auth_protocol, + 'insecure' => $insecure, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, }, - 'REDIS' => { - 'port' => $redis_server_port, - 'server' => $redis_server, + } + } + if $step >= 3 { + class {'::contrail::analytics': + alarm_gen_config => { + 'DEFAULTS' => { + 'host_ip' => $host_ip, + 'kafka_broker_list' => $kafka_broker_list_9092, + 'rabbitmq_server_list' => $rabbit_server_list_5672, + 'rabbitmq_user' => $rabbit_user, + 'rabbitmq_password' => $rabbit_password, + 'zk_list' => $zk_server_ip_2181, + }, + 'DISCOVERY' => { + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + }, }, - }, - query_engine_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'hostip' => $host_ip, + analytics_nodemgr_config => { + 'DISCOVERY' => { + 'server' => $disc_server_ip, + 'port' => $disc_server_port, + }, }, - 'DISCOVERY' => { - 'port' => $disc_server_port, - 'server' => $disc_server_ip, + analytics_api_config => { + 'DEFAULTS' => { + 'api_server' => "${api_server}:${api_port}", + 'aaa_mode' => $analytics_aaa_mode, + 'cassandra_server_list' => $cassandra_server_list_9042, + 'host_ip' => $host_ip, + 'http_server_port' => $http_server_port, + 'rest_api_ip' => $rest_api_ip, + 'rest_api_port' => $rest_api_port, + }, + 'DISCOVERY' => { + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + }, + 'REDIS' => { + 'redis_server_port' => $redis_server_port, + 'redis_query_port' => $redis_server_port, + 'server' => $redis_server, + }, + 'KEYSTONE' => $keystone_config, }, - 'REDIS' => { - 'port' => $redis_server_port, - 'server' => $redis_server, + collector_config => { + 'DEFAULT' => { + 'cassandra_server_list' => $cassandra_server_list_9042, + 'hostip' => $host_ip, + 'http_server_port' => $collector_http_server_port, + 'kafka_broker_list' => $kafka_broker_list_9092, + 'zookeeper_server_list' => $zk_server_ip_2181_comma, + }, + 'COLLECTOR' => { + 'port' => $collector_sandesh_port, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + 'REDIS' => { + 'port' => $redis_server_port, + 'server' => $redis_server, + }, }, - }, - snmp_collector_config => { - 'DEFAULTS' => { - 'zk_server_ip' => $zk_server_ip, + query_engine_config => { + 'DEFAULT' => { + 'cassandra_server_list' => $cassandra_server_list_9042, + 'hostip' => $host_ip, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + 'REDIS' => { + 'port' => $redis_server_port, + 'server' => $redis_server, + }, }, - 'DISCOVERY' => { - 'disc_server_ip' => $disc_server_ip, - 'disc_server_port' => $disc_server_port, + snmp_collector_config => { + 'DEFAULTS' => { + 'zookeeper' => $zk_server_ip_2181_comma, + }, + 'DISCOVERY' => { + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + }, }, - }, - topology_config => { - 'DEFAULTS' => { - 'zk_server_ip' => $zk_server_ip, + redis_config => $redis_config, + topology_config => { + 'DEFAULTS' => { + 'zookeeper' => $zk_server_ip_2181_comma, + }, + 'DISCOVERY' => { + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + }, }, - 'DISCOVERY' => { - 'disc_server_ip' => $disc_server_ip, - 'disc_server_port' => $disc_server_port, + vnc_api_lib_config => $vnc_api_lib_config, + keystone_config => { + 'KEYSTONE' => $keystone_config, }, - }, + } + } + if $step >= 5 { + class {'::contrail::analytics::provision_analytics': + api_address => $api_server, + api_port => $api_port, + analytics_node_address => $host_ip, + analytics_node_name => $::fqdn, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + openstack_vip => $public_vip, + } } } diff --git a/manifests/network/contrail/analyticsdatabase.pp b/manifests/network/contrail/analyticsdatabase.pp new file mode 100644 index 0000000..88b0327 --- /dev/null +++ b/manifests/network/contrail/analyticsdatabase.pp @@ -0,0 +1,202 @@ +# +# Copyright (C) 2015 Juniper Networks +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::network::contrail::analyticsdatabase +# +# Configure Contrail Analytics Database services +# +# == Parameters: +# +# [*auth_host*] +# (optional) IPv4 VIP of Keystone +# String (IPv4) value +# Defaults to hiera('contrail::auth_host') +# +# [*auth_port_ssl*] +# (optional) keystone ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl') +# +# [*auth_protocol*] +# (optional) authentication protocol. +# String value. +# Defaults to hiera('contrail::auth_protocol') +# +# [*api_server*] +# (optional) IPv4 VIP of Contrail Config API +# String (IPv4) value +# Defaults to hiera('contrail_config_vip') +# +# [*api_port*] +# (optional) Port of Contrail Config API +# String value +# Defaults to hiera('contrail::api_port') +# +# [*admin_password*] +# (optional) Keystone Admin password +# String value +# Defaults to hiera('contrail::admin_password') +# +# [*admin_tenant_name*] +# (optional) Keystone Admin tenant name +# String value +# Defaults to hiera('contrail::admin_tenant_name') +# +# [*admin_token*] +# (optional) Keystone Admin token +# String value +# Defaults to hiera('contrail::admin_token') +# +# [*admin_user*] +# (optional) Keystone Admin user +# String value +# Defaults to hiera('contrail::admin_user') +# +# [*ca_file*] +# (optional) ca file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*cert_file*] +# (optional) cert file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*cassandra_servers*] +# (optional) List of analytics cassandra servers +# List (IPv4) value +# Defaults to hiera('contrail_analytics_database_node_ips') +# +# [*disc_server_ip*] +# (optional) IPv4 VIP of Contrail Discovery +# String (IPv4) value +# Defaults to hiera('contrail_config_vip') +# +# [*disc_server_port*] +# (optional) port Discovery server listens on. +# Integer value. +# Defaults to hiera('contrail::disc_server_port') +# +# [*host_ip*] +# (optional) host IP address of Database node +# String (IPv4) value. +# Defaults to hiera('contrail::analytics::database::host_ip') +# +# [*host_name*] +# (optional) host name of database node +# String value +# Defaults to $::hostname +# +# [*kafka_hostnames*] +# (optional) list of kafka server hostnames +# List value +# Defaults to hiera('contrail_analytics_database_short_node_names', '') +# +# [*public_vip*] +# (optional) Public VIP +# String (IPv4) value +# Defaults to hiera('public_virtual_ip') +# +# [*step*] +# (optional) step in the stack +# String value +# Defaults to hiera('step') +# +# [*zookeeper_server_ips*] +# (optional) list of zookeeper server IPs +# List value +# Defaults to hiera('contrail_database_node_ips') +# +class tripleo::network::contrail::analyticsdatabase( + $step = hiera('step'), + $auth_host = hiera('contrail::auth_host'), + $api_server = hiera('contrail_config_vip'), + $api_port = hiera('contrail::api_port'), + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $auth_port_ssl = hiera('contrail::auth_port_ssl'), + $auth_protocol = hiera('contrail::auth_protocol'), + $cassandra_servers = hiera('contrail_analytics_database_node_ips'), + $ca_file = hiera('contrail::service_certificate',false), + $cert_file = hiera('contrail::service_certificate',false), + $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $host_ip = hiera('contrail::analytics::database::host_ip'), + $host_name = $::hostname, + $kafka_hostnames = hiera('contrail_analytics_database_short_node_names', ''), + $public_vip = hiera('public_virtual_ip'), + $zookeeper_server_ips = hiera('contrail_database_node_ips'), +) +{ + if $auth_protocol == 'https' { + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, + 'AUTHN_PORT' => $auth_port_ssl, + 'AUTHN_PROTOCOL' => $auth_protocol, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + }, + } + } else { + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, + }, + } + } + if $step == 2 { + class {'::contrail::analyticsdatabase': + analyticsdatabase_params => { + 'auth_host' => $auth_host, + 'api_server' => $api_server, + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_user' => $admin_user, + 'cassandra_servers' => $cassandra_servers, + 'host_ip' => $host_ip, + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + 'kafka_hostnames' => $kafka_hostnames, + 'zookeeper_server_ips' => $zookeeper_server_ips, + database_nodemgr_config => { + 'DEFAULT' => { + 'hostip' => $host_ip, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + }, + vnc_api_lib_config => $vnc_api_lib_config, + } + } + } + if $step >= 5 { + class {'::contrail::database::provision_database': + api_address => $api_server, + api_port => $api_port, + database_node_address => $host_ip, + database_node_name => $host_name, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + openstack_vip => $public_vip, + } + } +} diff --git a/manifests/network/contrail/config.pp b/manifests/network/contrail/config.pp index 7b9c85f..d02ab44 100644 --- a/manifests/network/contrail/config.pp +++ b/manifests/network/contrail/config.pp @@ -19,21 +19,11 @@ # # == Parameters: # -# [*ifmap_password*] -# (required) ifmap password -# String value. -# -# [*ifmap_server_ip*] -# (required) ifmap server ip address. -# String value. # -# [*ifmap_username*] -# (required) ifmap username +# [*aaa_mode*] +# (optional) aaa mode parameter # String value. -# -# [*rabbit_server*] -# (required) IPv4 address of rabbit server. -# String (IPv4) value. +# Defaults to hiera('contrail::aaa_mode') # # [*admin_password*] # (optional) admin password @@ -55,6 +45,16 @@ # String value. # Defaults to hiera('contrail::admin_user') # +# [*api_server*] +# (optional) VIP of Config API +# String (IPv4) value. +# Defaults to hiera('contrail_config_vip') +# +# [*api_port*] +# (optional) Port of Config API +# String value. +# Defaults to hiera('contrail::api_port') +# # [*auth*] # (optional) Authentication method. # Defaults to hiera('contrail::auth') @@ -68,81 +68,232 @@ # (optional) keystone port. # Defaults to hiera('contrail::auth_port') # +# [*auth_port_ssl*] +# (optional) keystone ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl') +# # [*auth_protocol*] # (optional) authentication protocol. # Defaults to hiera('contrail::auth_protocol') # +# [*ca_file*] +# (optional) ca file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*cert_file*] +# (optional) cert file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# # [*cassandra_server_list*] # (optional) List IPs+port of Cassandra servers # Array of strings value. # Defaults to hiera('contrail::cassandra_server_list') # +# [*config_hostnames*] +# (optional) Config hostname list +# Array of string value. +# Defaults to hiera('contrail_config_short_node_names') +# +# [*control_server_list*] +# (optional) IPv4 addresses of control server. +# Array of string (IPv4) value. +# Defaults to hiera('contrail_control_node_ips') +# # [*disc_server_ip*] # (optional) IPv4 address of discovery server. # String (IPv4) value. -# Defaults to hiera('contrail::disc_server_ip') +# Defaults to hiera('contrail_config_vip'), +# +# [*disc_server_port*] +# (optional) port of discovery server +# String value. +# Defaults to hiera('contrail::disc_server_port') +# +# [*host_ip*] +# (optional) IPv4 address of Config server +# String (IPv4) value. +# Defaults to hiera('contrail::config::host_ip') +# +# [*ifmap_password*] +# (optional) ifmap password +# String value. +# Defaults to hiera('contrail::config::ifmap_password') +# +# [*ifmap_server_ip*] +# (optional) ifmap server ip address. +# String value. +# Defaults to hiera('contrail::config::host_ip') +# +# [*ifmap_username*] +# (optional) ifmap username +# String value. +# Defaults to hiera('contrail::config::ifmap_password') # # [*insecure*] # (optional) insecure mode. # Defaults to hiera('contrail::insecure') # +# [*ipfabric_service_port*] +# (optional) linklocal ip fabric port +# String value +# Defaults to 8775 +# # [*listen_ip_address*] # (optional) IP address to listen on. # String (IPv4) value. -# Defaults to '0.0.0.0' +# Defaults to hiera('contrail::config::listen_ip_address') # # [*listen_port*] # (optional) Listen port for config-api -# Defaults to 8082 +# Defaults to hiera('contrail::api_port') +# +# [*linklocal_service_name*] +# (optional) name of link local service +# String value +# Defaults to metadata +# +# [*linklocal_service_port*] +# (optional) port of link local service +# String value +# Defaults to 80 +# +# [*linklocal_service_name*] +# (optional) name of link local service +# String value +# Defaults to metadata +# +# [*linklocal_service_ip*] +# (optional) IPv4 address of link local service +# String (IPv4) value +# Defaults to 169.254.169.254 # # [*memcached_servers*] # (optional) IPv4 address of memcached servers # String (IPv4) value + port # Defaults to hiera('contrail::memcached_server') # -# [*multi_tenancy*] -# (optional) Defines if mutli-tenancy is enabled. -# Defaults to hiera('contrail::multi_tenancy') +# [*public_vip*] +# (optional) Public virtual ip +# String value. +# Defaults to hiera('public_virtual_ip') +# +# [*step*] +# (optional) Step stack is in +# Integer value. +# Defaults to hiera('step') +# +# [*rabbit_server*] +# (optional) rabbit server +# Array of string value. +# Defaults to hiera('rabbitmq_node_ips') +# +# [*rabbit_user*] +# (optional) rabbit user +# String value. +# Defaults to hiera('contrail::rabbit_user') +# +# [*rabbit_password*] +# (optional) rabbit password +# String value. +# Defaults to hiera('contrail::rabbit_password') +# +# [*rabbit_port*] +# (optional) rabbit server port +# String value. +# Defaults to hiera('contrail::rabbit_port') # # [*redis_server*] # (optional) IPv4 address of redis server. # String (IPv4) value. -# Defaults to '127.0.0.1' +# Defaults to hiera('contrail::config::redis_server') # # [*zk_server_ip*] # (optional) List IPs+port of Zookeeper servers # Array of strings value. -# Defaults to hiera('contrail::zk_server_ip') +# Defaults to hiera('contrail_database_node_ips') # class tripleo::network::contrail::config( - $ifmap_password, - $ifmap_server_ip, - $ifmap_username, - $rabbit_server, - $admin_password = hiera('contrail::admin_password'), - $admin_tenant_name = hiera('contrail::admin_tenant_name'), - $admin_token = hiera('contrail::admin_token'), - $admin_user = hiera('contrail::admin_user'), - $auth = hiera('contrail::auth'), - $auth_host = hiera('contrail::auth_host'), - $auth_port = hiera('contrail::auth_port'), - $auth_protocol = hiera('contrail::auth_protocol'), - $cassandra_server_list = hiera('contrail::cassandra_server_list'), - $disc_server_ip = hiera('contrail::disc_server_ip'), - $insecure = hiera('contrail::insecure'), - $listen_ip_address = '0.0.0.0', - $listen_port = 8082, - $memcached_servers = hiera('contrail::memcached_server'), - $multi_tenancy = hiera('contrail::multi_tenancy'), - $redis_server = '127.0.0.1', - $zk_server_ip = hiera('contrail::zk_server_ip'), + $step = hiera('step'), + $aaa_mode = hiera('contrail::aaa_mode'), + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $api_server = hiera('contrail_config_vip'), + $api_port = hiera('contrail::api_port'), + $auth = hiera('contrail::auth'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_port_ssl = hiera('contrail::auth_port_ssl'), + $auth_protocol = hiera('contrail::auth_protocol'), + $cassandra_server_list = hiera('contrail_database_node_ips'), + $ca_file = hiera('contrail::service_certificate',false), + $cert_file = hiera('contrail::service_certificate',false), + $config_hostnames = hiera('contrail_config_short_node_names'), + $control_server_list = hiera('contrail_control_node_ips'), + $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $host_ip = hiera('contrail::config::host_ip'), + $ifmap_password = hiera('contrail::config::ifmap_password'), + $ifmap_server_ip = hiera('contrail::config::host_ip'), + $ifmap_username = hiera('contrail::config::ifmap_username'), + $insecure = hiera('contrail::insecure'), + $ipfabric_service_port = 8775, + $listen_ip_address = hiera('contrail::config::listen_ip_address'), + $listen_port = hiera('contrail::api_port'), + $linklocal_service_port = 80, + $linklocal_service_name = 'metadata', + $linklocal_service_ip = '169.254.169.254', + $memcached_servers = hiera('contrail::memcached_server'), + $public_vip = hiera('public_virtual_ip'), + $rabbit_server = hiera('rabbitmq_node_ips'), + $rabbit_user = hiera('contrail::rabbit_user'), + $rabbit_password = hiera('contrail::rabbit_password'), + $rabbit_port = hiera('contrail::rabbit_port'), + $redis_server = hiera('contrail::config::redis_server'), + $zk_server_ip = hiera('contrail_database_node_ips'), ) { validate_ip_address($listen_ip_address) validate_ip_address($disc_server_ip) validate_ip_address($ifmap_server_ip) - class {'::contrail::keystone': - keystone_config => { + $basicauthusers_property_control = map($control_server_list) |$item| { "${item}.control:${item}.control" } + $basicauthusers_property_dns = $control_server_list.map |$item| { "${item}.dns:${item}.dns" } + $basicauthusers_property = concat($basicauthusers_property_control, $basicauthusers_property_dns) + $cassandra_server_list_9160 = join([join($cassandra_server_list, ':9160 '),':9160'],'') + $rabbit_server_list_5672 = join([join($rabbit_server, ':5672,'),':5672'],'') + $zk_server_ip_2181 = join([join($zk_server_ip, ':2181,'),':2181'],'') + + if $auth_protocol == 'https' { + $keystone_config = { + 'KEYSTONE' => { + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_user' => $admin_user, + 'auth_host' => $auth_host, + 'auth_port' => $auth_port_ssl, + 'auth_protocol' => $auth_protocol, + 'insecure' => $insecure, + 'memcached_servers' => $memcached_servers, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + }, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, + 'AUTHN_PORT' => $auth_port_ssl, + 'AUTHN_PROTOCOL' => $auth_protocol, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + }, + } + } else { + $keystone_config = { 'KEYSTONE' => { 'admin_password' => $admin_password, 'admin_tenant_name' => $admin_tenant_name, @@ -154,62 +305,116 @@ class tripleo::network::contrail::config( 'insecure' => $insecure, 'memcached_servers' => $memcached_servers, }, - }, - } -> - class {'::contrail::config': - api_config => { - 'DEFAULTS' => { - 'auth' => $auth, - 'cassandra_server_list' => $cassandra_server_list, - 'disc_server_ip' => $disc_server_ip, - 'ifmap_password' => $ifmap_password, - 'ifmap_server_ip' => $ifmap_server_ip, - 'ifmap_username' => $ifmap_username, - 'listen_ip_addr' => $listen_ip_address, - 'listen_port' => $listen_port, - 'multi_tenancy' => $multi_tenancy, - 'rabbit_server' => $rabbit_server, - 'redis_server' => $redis_server, - 'zk_server_ip' => $zk_server_ip, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, }, - }, - device_manager_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'disc_server_ip' => $disc_server_ip, - 'rabbit_server' => $rabbit_server, - 'redis_server' => $redis_server, - 'zk_server_ip' => $zk_server_ip, + } + } + if $step >= 3 { + class {'::contrail::config': + api_config => { + 'DEFAULTS' => { + 'aaa_mode' => $aaa_mode, + 'auth' => $auth, + 'cassandra_server_list' => $cassandra_server_list_9160, + 'disc_server_ip' => $disc_server_ip, + 'ifmap_password' => $ifmap_password, + 'ifmap_server_ip' => $ifmap_server_ip, + 'ifmap_username' => $ifmap_username, + 'listen_ip_addr' => $listen_ip_address, + 'listen_port' => $listen_port, + 'rabbit_server' => $rabbit_server_list_5672, + 'rabbit_user' => $rabbit_user, + 'rabbit_password' => $rabbit_password, + 'redis_server' => $redis_server, + 'zk_server_ip' => $zk_server_ip_2181, + }, }, - }, - schema_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'disc_server_ip' => $disc_server_ip, - 'ifmap_password' => $ifmap_password, - 'ifmap_server_ip' => $ifmap_server_ip, - 'ifmap_username' => $ifmap_username, - 'rabbit_server' => $rabbit_server, - 'redis_server' => $redis_server, - 'zk_server_ip' => $zk_server_ip, + basicauthusers_property => $basicauthusers_property, + config_nodemgr_config => { + 'DISCOVERY' => { + 'server' => $disc_server_ip, + 'port' => $disc_server_port, + }, }, - }, - discovery_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'zk_server_ip' => $zk_server_ip, + device_manager_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list_9160, + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + 'rabbit_server' => $rabbit_server_list_5672, + 'rabbit_user' => $rabbit_user, + 'rabbit_password' => $rabbit_password, + 'redis_server' => $redis_server, + 'zk_server_ip' => $zk_server_ip_2181, + }, }, - }, - svc_monitor_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'disc_server_ip' => $disc_server_ip, - 'ifmap_password' => $ifmap_password, - 'ifmap_server_ip' => $ifmap_server_ip, - 'ifmap_username' => $ifmap_username, - 'rabbit_server' => $rabbit_server, - 'redis_server' => $redis_server, + discovery_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list_9160, + 'zk_server_ip' => $zk_server_ip_2181, + }, }, - }, + keystone_config => $keystone_config, + schema_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list_9160, + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + 'ifmap_password' => $ifmap_password, + 'ifmap_server_ip' => $ifmap_server_ip, + 'ifmap_username' => $ifmap_username, + 'rabbit_server' => $rabbit_server_list_5672, + 'rabbit_user' => $rabbit_user, + 'rabbit_password' => $rabbit_password, + 'redis_server' => $redis_server, + 'zk_server_ip' => $zk_server_ip_2181, + }, + }, + svc_monitor_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list_9160, + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + 'ifmap_password' => $ifmap_password, + 'ifmap_server_ip' => $ifmap_server_ip, + 'ifmap_username' => $ifmap_username, + 'rabbit_server' => $rabbit_server_list_5672, + 'rabbit_user' => $rabbit_user, + 'rabbit_password' => $rabbit_password, + 'redis_server' => $redis_server, + 'zk_server_ip' => $zk_server_ip_2181, + }, + }, + vnc_api_lib_config => $vnc_api_lib_config, + } + } + if $step >= 5 { + class {'::contrail::config::provision_config': + api_address => $api_server, + api_port => $api_port, + config_node_address => $host_ip, + config_node_name => $::hostname, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + openstack_vip => $public_vip, + } + if $config_hostnames[0] == $::hostname { + class {'::contrail::config::provision_linklocal': + api_address => $api_server, + api_port => $api_port, + ipfabric_service_ip => $api_server, + ipfabric_service_port => $ipfabric_service_port, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + linklocal_service_name => $linklocal_service_name, + linklocal_service_ip => $linklocal_service_ip, + linklocal_service_port => $linklocal_service_port, + } + } } } diff --git a/manifests/network/contrail/control.pp b/manifests/network/contrail/control.pp index 2e50108..e9c7a9e 100644 --- a/manifests/network/contrail/control.pp +++ b/manifests/network/contrail/control.pp @@ -19,19 +19,6 @@ # # == Parameters: # -# [*host_ip*] -# (required) host IP address of Control -# String (IPv4) value. -# -# [*ifmap_password*] -# (required) ifmap password -# String value. -# -# [*ifmap_username*] -# (optional) ifmap username -# String value. -# Defaults to hiera('contrail::ifmap_username'), -# # [*admin_password*] # (optional) admin password # String value. @@ -42,16 +29,21 @@ # String value. # Defaults to hiera('contrail::admin_tenant_name'), # -# [*admin_token*] -# (optional) admin token -# String value. -# Defaults to hiera('contrail::admin_token'), -# # [*admin_user*] # (optional) admin user name. # String value. # Defaults to hiera('contrail::admin_user'), # +# [*api_server*] +# (optional) IP address of api server +# String value. +# Defaults to hiera('contrail_config_vip') +# +# [*api_port*] +# (optional) port of api server +# String value. +# Defaults to hiera('contrail::api_port') +# # [*auth_host*] # (optional) keystone server ip address # String (IPv4) value. @@ -68,13 +60,33 @@ # [*disc_server_ip*] # (optional) IPv4 address of discovery server. # String (IPv4) value. -# Defaults to hiera('contrail::disc_server_ip'), +# Defaults to hiera('contrail_config_vip') # # [*disc_server_port*] # (optional) port Discovery server listens on. # Integer value. # Defaults to hiera('contrail::disc_server_port'), # +# [*host_ip*] +# (optional) IP address of host +# String (IPv4) value. +# Defaults to hiera('contrail::control::host_ip') +# +# [*ibgp_auto_mesh*] +# (optional) iBPG auto mesh +# String value. +# Defaults to true +# +# [*ifmap_password*] +# (optional) ifmap password +# String value. +# Defaults to hiera('contrail::ifmap_password'), +# +# [*ifmap_username*] +# (optional) ifmap username +# String value. +# Defaults to hiera('contrail::ifmap_username'), +# # [*insecure*] # (optional) insecure mode. # Defaults to hiera('contrail::insecure'), @@ -84,70 +96,103 @@ # String (IPv4) value + port # Defaults to hiera('contrail::memcached_servers'), # +# [*public_vip*] +# (optional) Public Virtual IP address +# String (IPv4) value +# Defaults to hiera('public_virtual_ip') +# +# [*router_asn*] +# (optional) Autonomus System Number +# String value +# Defaults to hiera('contrail::control::asn') +# +# [*secret*] +# (optional) RNDC secret for named +# String value +# Defaults to hiera('contrail::control::rndc_secret') +# +# [*step*] +# (optional) Step stack is in +# Integer value. +# Defaults to hiera('step') +# class tripleo::network::contrail::control( - $host_ip, - $ifmap_password, - $ifmap_username, - $admin_password = hiera('contrail::admin_password'), + $step = hiera('step'), + $admin_password = hiera('contrail::admin_password'), $admin_tenant_name = hiera('contrail::admin_tenant_name'), - $admin_token = hiera('contrail::admin_token'), - $admin_user = hiera('contrail::admin_user'), - $auth_host = hiera('contrail::auth_host'), - $auth_port = hiera('contrail::auth_port'), - $auth_protocol = hiera('contrail::auth_protocol'), - $disc_server_ip = hiera('contrail::disc_server_ip'), - $disc_server_port = hiera('contrail::disc_server_port'), - $insecure = hiera('contrail::insecure'), + $admin_user = hiera('contrail::admin_user'), + $api_server = hiera('contrail_config_vip'), + $api_port = hiera('contrail::api_port'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_protocol = hiera('contrail::auth_protocol'), + $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $host_ip = hiera('contrail::control::host_ip'), + $ibgp_auto_mesh = true, + $ifmap_password = hiera('contrail::control::host_ip'), + $ifmap_username = hiera('contrail::control::host_ip'), + $insecure = hiera('contrail::insecure'), $memcached_servers = hiera('contrail::memcached_server'), + $public_vip = hiera('public_virtual_ip'), + $router_asn = hiera('contrail::control::asn'), + $secret = hiera('contrail::control::rndc_secret'), ) { - class {'::contrail::keystone': - keystone_config => { - 'KEYSTONE' => { - 'admin_tenant_name' => $admin_tenant_name, - 'admin_token' => $admin_token, - 'admin_password' => $admin_password, - 'admin_user' => $admin_user, - 'auth_host' => $auth_host, - 'auth_port' => $auth_port, - 'auth_protocol' => $auth_protocol, - 'insecure' => $insecure, - 'memcached_servers' => $memcached_servers, + $control_ifmap_user = "${ifmap_username}.control" + $control_ifmap_password = "${ifmap_username}.control" + $dns_ifmap_user = "${ifmap_username}.dns" + $dns_ifmap_password = "${ifmap_username}.dns" + + if $step >= 3 { + class {'::contrail::control': + secret => $secret, + control_config => { + 'DEFAULT' => { + 'hostip' => $host_ip, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + 'IFMAP' => { + 'password' => $control_ifmap_user, + 'user' => $control_ifmap_password, + }, }, - }, - } -> - class {'::contrail::control': - control_config => { - 'DEFAULTS' => { - 'hostip' => $host_ip, + dns_config => { + 'DEFAULT' => { + 'hostip' => $host_ip, + 'rndc_secret' => $secret, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + 'IFMAP' => { + 'password' => $dns_ifmap_user, + 'user' => $dns_ifmap_password, + } }, - 'DISCOVERY' => { - 'port' => $disc_server_port, - 'server' => $disc_server_ip, + control_nodemgr_config => { + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, }, - 'IFMAP' => { - 'password' => $ifmap_password, - 'user' => $ifmap_username, - }, - }, - dns_config => { - 'DEFAULTS' => { - 'hostip' => $host_ip, - }, - 'DISCOVERY' => { - 'port' => $disc_server_port, - 'server' => $disc_server_ip, - }, - 'IFMAP' => { - 'password' => $ifmap_password, - 'user' => $ifmap_username, - } - }, - control_nodemgr_config => { - 'DISCOVERY' => { - 'port' => $disc_server_port, - 'server' => $disc_server_ip, - }, - }, + } + } + if $step >= 5 { + class {'::contrail::control::provision_control': + api_address => $api_server, + api_port => $api_port, + control_node_address => $host_ip, + control_node_name => $::hostname, + ibgp_auto_mesh => $ibgp_auto_mesh, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + router_asn => $router_asn, + } } } diff --git a/manifests/network/contrail/database.pp b/manifests/network/contrail/database.pp index 58f2670..f74eb1c 100644 --- a/manifests/network/contrail/database.pp +++ b/manifests/network/contrail/database.pp @@ -13,41 +13,154 @@ # License for the specific language governing permissions and limitations # under the License. # -# == Class: tripleo::network::contrail::control +# == Class: tripleo::network::contrail::database # -# Configure Contrail Control services +# Configure Contrail Database services # # == Parameters: # -# [*host_ip*] -# (required) host IP address of Database node +# [*admin_password*] +# (optional) admin password +# String value. +# Defaults to hiera('contrail::admin_password') +# +# [*admin_tenant_name*] +# (optional) admin tenant name. +# String value. +# Defaults to hiera('contrail::admin_tenant_name') +# +# [*admin_token*] +# (optional) admin token +# String value. +# Defaults to hiera('contrail::admin_token') +# +# [*admin_user*] +# (optional) admin user name. +# String value. +# Defaults to hiera('contrail::admin_user') +# +# [*api_port*] +# (optional) Port of Config API +# String value. +# Defaults to hiera('contrail::api_port') +# +# [*api_server*] +# (optional) VIP of Config API +# String (IPv4) value. +# Defaults to hiera('contrail_config_vip') +# +# [*auth_host*] +# (optional) keystone server ip address # String (IPv4) value. +# Defaults to hiera('contrail::auth_host') +# +# [*cassandra_servers*] +# (optional) List IPs+port of Cassandra servers +# Array of strings value. +# Defaults to hiera('contrail_database_node_ips') # # [*disc_server_ip*] # (optional) IPv4 address of discovery server. # String (IPv4) value. -# Defaults to hiera('contrail::disc_server_ip') +# Defaults to hiera('contrail_config_vip'), # # [*disc_server_port*] # (optional) port Discovery server listens on. # Integer value. # Defaults to hiera('contrail::disc_server_port') # +# [*host_ip*] +# (required) host IP address of Database node +# String (IPv4) value. +# +# [*host_name*] +# (optional) host name of Database node +# String value. +# Defaults to $::hostname +# +# [*public_vip*] +# (optional) Public virtual ip +# String value. +# Defaults to hiera('public_virtual_ip') +# +# [*step*] +# (optional) Step stack is in +# Integer value. +# Defaults to hiera('step') +# +# [*zookeeper_client_ip*] +# (optional) Zookeeper listen address +# String (IPv4) value. +# Defaults to hiera('contrail::database::host_ip') +# +# [*zookeeper_hostnames*] +# (optional) Zookeeper hostname list +# Array of string value. +# Defaults to hiera('contrail_database_short_node_names') +# +# [*zookeeper_server_ips*] +# (optional) Zookeeper ip list +# Array of string (IPv4) values +# Defaults to hiera('contrail_database_node_ips') +# class tripleo::network::contrail::database( - $host_ip, - $disc_server_ip = hiera('contrail::disc_server_ip'), - $disc_server_port = hiera('contrail::disc_server_port'), + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $api_port = hiera('contrail::api_port'), + $api_server = hiera('contrail_config_vip'), + $auth_host = hiera('contrail::auth_host'), + $cassandra_servers = hiera('contrail_database_node_ips'), + $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $host_ip = hiera('contrail::database::host_ip'), + $host_name = $::hostname, + $public_vip = hiera('public_virtual_ip'), + $step = hiera('step'), + $zookeeper_client_ip = hiera('contrail::database::host_ip'), + $zookeeper_hostnames = hiera('contrail_database_short_node_names'), + $zookeeper_server_ips = hiera('contrail_database_node_ips'), ) { - class {'::contrail::database': - database_nodemgr_config => { - 'DEFAULTS' => { - 'hostip' => $host_ip, - }, - 'DISCOVERY' => { - 'port' => $disc_server_port, - 'server' => $disc_server_ip, - }, - }, + if $step == 2 { + class {'::contrail::database': + database_params => { + 'auth_host' => $auth_host, + 'api_server' => $api_server, + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_user' => $admin_user, + 'cassandra_servers' => $cassandra_servers, + 'host_ip' => $host_ip, + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + 'zookeeper_client_ip' => $zookeeper_client_ip, + 'zookeeper_hostnames' => $zookeeper_hostnames, + 'zookeeper_server_ips' => $zookeeper_server_ips, + database_nodemgr_config => { + 'DEFAULT' => { + 'hostip' => $host_ip, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + }, + } + } + } + if $step >= 5 { + class {'::contrail::database::provision_database': + api_address => $api_server, + api_port => $api_port, + database_node_address => $host_ip, + database_node_name => $host_name, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + openstack_vip => $public_vip, + } } } diff --git a/manifests/network/contrail/heat.pp b/manifests/network/contrail/heat.pp new file mode 100644 index 0000000..637fdda --- /dev/null +++ b/manifests/network/contrail/heat.pp @@ -0,0 +1,80 @@ +# +# Copyright (C) 2015 Juniper Networks +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::network::contrail::heat +# +# Configure Contrail Heat plugin +# +# == Parameters: +# +# [*admin_password*] +# (optional) admin password +# String value. +# Defaults to hiera('contrail::admin_password') +# +# [*admin_user*] +# (optional) admin user name. +# String value. +# Defaults to hiera('contrail::admin_user') +# +# [*api_port*] +# (optional) port of api server +# String value. +# Defaults to hiera('contrail::api_port') +# +# [*api_server*] +# (optional) IP address of api server +# String value. +# Defaults to hiera('contrail_config_vip') +# +# [*auth_host*] +# (optional) keystone server ip address +# String (IPv4) value. +# Defaults to hiera('contrail::auth_host') +# +# [*step*] +# (optional) Step stack is in +# Integer value. +# Defaults to hiera('step') +# +# [*use_ssl*] +# (optional) switch for ssl usage +# String value. +# Defaults to 'False' +# +class tripleo::network::contrail::heat( + $admin_password = hiera('contrail::admin_password'), + $admin_user = hiera('contrail::admin_user'), + $api_port = 8082, + $api_server = hiera('contrail_config_vip'), + $auth_host = hiera('contrail::auth_host'), + $step = hiera('step'), + $use_ssl = 'False', +) +{ + class {'::contrail::heat': + heat_config => { + 'clients_contrail' => { + 'api_base_url' => '/', + 'api_server' => $api_server, + 'api_port' => $api_port, + 'auth_host_ip' => $auth_host, + 'user' => $admin_user, + 'password' => $admin_password, + 'use_ssl' => $use_ssl, + }, + }, + } +} diff --git a/manifests/network/contrail/neutron_plugin.pp b/manifests/network/contrail/neutron_plugin.pp new file mode 100644 index 0000000..d9aa587 --- /dev/null +++ b/manifests/network/contrail/neutron_plugin.pp @@ -0,0 +1,203 @@ +# This class installs and configures Opencontrail Neutron Plugin. +# +# === Parameters +# +# [*admin_password*] +# (optional) admin password +# String value. +# Defaults to hiera('contrail::admin_password') +# +# [*admin_tenant_name*] +# (optional) admin tenant name. +# String value. +# Defaults to hiera('contrail::admin_tenant_name') +# +# [*admin_token*] +# (optional) admin token +# String value. +# Defaults to hiera('contrail::admin_token') +# +# [*admin_user*] +# (optional) admin user name. +# String value. +# Defaults to hiera('contrail::admin_user') +# +# [*api_port*] +# (optional) port of api server +# String value. +# Defaults to hiera('contrail::api_port') +# +# [*api_server*] +# (optional) IP address of api server +# String value. +# Defaults to hiera('contrail_config_vip') +# +# [*auth_host*] +# (optional) keystone server ip address +# String (IPv4) value. +# Defaults to hiera('contrail::auth_host') +# +# [*auth_port*] +# (optional) keystone port. +# Integer value. +# Defaults to hiera('contrail::auth_port') +# +# [*auth_port_ssl*] +# (optional) keystone ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl') +# +# [*auth_protocol*] +# (optional) authentication protocol. +# String value. +# Defaults to hiera('contrail::auth_protocol') +# +# [*ca_file*] +# (optional) ca file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*cert_file*] +# (optional) cert file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*contrail_extensions*] +# Array of OpenContrail extensions to be supported +# Defaults to $::os_service_default +# Example: +# +# class {'neutron::plugins::opencontrail' : +# contrail_extensions => ['ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam'] +# } +# +# [*package_ensure*] +# (optional) Ensure state for package. +# Defaults to 'present'. +# +# [*purge_config*] +# (optional) Whether to set only the specified config options +# in the opencontrail config. +# Defaults to false. +# +class tripleo::network::contrail::neutron_plugin ( + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $api_port = hiera('contrail::api_port'), + $api_server = hiera('contrail_config_vip'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_port_ssl = hiera('contrail::auth_port_ssl'), + $auth_protocol = hiera('contrail::auth_protocol'), + $ca_file = hiera('tripleo::haproxy::service_certificate',false), + $cert_file = hiera('tripleo::haproxy::service_certificate',false), + $contrail_extensions = hiera('contrail::vrouter::contrail_extensions'), + $package_ensure = 'present', + $purge_config = false, +) { + + include ::neutron::deps + include ::neutron::params + + validate_array($contrail_extensions) + + package { 'neutron-plugin-contrail': + ensure => $package_ensure, + name => $::neutron::params::opencontrail_plugin_package, + tag => ['neutron-package', 'openstack'], + } + package {'python-contrail': + ensure => installed, + } + + ensure_resource('file', '/etc/neutron/plugins/opencontrail', { + ensure => directory, + owner => 'root', + group => 'neutron', + mode => '0640'} + ) + + if $::osfamily == 'Debian' { + file_line { '/etc/default/neutron-server:NEUTRON_PLUGIN_CONFIG': + path => '/etc/default/neutron-server', + match => '^NEUTRON_PLUGIN_CONFIG=(.*)$', + line => "NEUTRON_PLUGIN_CONFIG=${::neutron::params::opencontrail_config_file}", + tag => 'neutron-file-line', + } + } + + if $::osfamily == 'Redhat' { + file { '/etc/neutron/plugin.ini': + ensure => link, + target => $::neutron::params::opencontrail_config_file, + require => Package[$::neutron::params::opencontrail_plugin_package], + tag => 'neutron-config-file', + } + $api_paste_config_file = '/usr/share/neutron/api-paste.ini' + } + ini_setting { 'filter:user_token': + ensure => present, + path => $api_paste_config_file, + section => 'filter:user_token', + setting => 'paste.filter_factory', + value => 'neutron_plugin_contrail.plugins.opencontrail.neutron_middleware:token_factory', + } + ini_setting { 'composite:neutronapi_v2_0': + ensure => present, + path => $api_paste_config_file, + section => 'composite:neutronapi_v2_0', + setting => 'keystone', + value => 'user_token cors http_proxy_to_wsgi request_id catch_errors authtoken keystonecontext extensions neutronapiapp_v2_0', + } + resources { 'neutron_plugin_opencontrail': + purge => $purge_config, + } + + exec { 'add neutron user to haproxy group': + command => '/usr/sbin/usermod -a -G haproxy neutron', + } + + if $auth_protocol == 'https' { + $auth_url = join([$auth_protocol,'://',$auth_host,':',$auth_port_ssl,'/v2.0']) + neutron_plugin_opencontrail { + 'APISERVER/api_server_ip': value => $api_server; + 'APISERVER/api_server_port': value => $api_port; + 'APISERVER/contrail_extensions': value => join($contrail_extensions, ','); + 'KEYSTONE/auth_url': value => $auth_url; + 'KEYSTONE/admin_user' : value => $admin_user; + 'KEYSTONE/admin_tenant_name': value => $admin_tenant_name; + 'KEYSTONE/admin_password': value => $admin_password, secret =>true; + 'KEYSTONE/admin_token': value => $admin_token, secret =>true; + 'KEYSTONE/cafile': value => $ca_file; + 'KEYSTONE/certfile': value => $cert_file; + 'keystone_authtoken/admin_user': value => $admin_user; + 'keystone_authtoken/admin_tenant': value => $admin_tenant_name; + 'keystone_authtoken/admin_password': value => $admin_password, secret =>true; + 'keystone_authtoken/auth_host': value => $auth_host; + 'keystone_authtoken/auth_protocol': value => $auth_protocol; + 'keystone_authtoken/auth_port': value => $auth_port_ssl; + 'keystone_authtoken/cafile': value => $ca_file; + 'keystone_authtoken/certfile': value => $cert_file; + } + } else { + $auth_url = join([$auth_protocol,'://',$auth_host,':',$auth_port,'/v2.0']) + neutron_plugin_opencontrail { + 'APISERVER/api_server_ip': value => $api_server; + 'APISERVER/api_server_port': value => $api_port; + 'APISERVER/contrail_extensions': value => join($contrail_extensions, ','); + 'KEYSTONE/auth_url': value => $auth_url; + 'KEYSTONE/admin_user' : value => $admin_user; + 'KEYSTONE/admin_tenant_name': value => $admin_tenant_name; + 'KEYSTONE/admin_password': value => $admin_password, secret =>true; + 'KEYSTONE/admin_token': value => $admin_token, secret =>true; + 'keystone_authtoken/admin_user': value => $admin_user; + 'keystone_authtoken/admin_tenant': value => $admin_tenant_name; + 'keystone_authtoken/admin_password': value => $admin_password, secret =>true; + 'keystone_authtoken/auth_host': value => $auth_host; + 'keystone_authtoken/auth_protocol': value => $auth_protocol; + 'keystone_authtoken/auth_port': value => $auth_port; + } + } +} diff --git a/manifests/network/contrail/provision.pp b/manifests/network/contrail/provision.pp new file mode 100644 index 0000000..3025737 --- /dev/null +++ b/manifests/network/contrail/provision.pp @@ -0,0 +1,92 @@ +# +# Copyright (C) 2015 Juniper Networks +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::network::contrail::provision +# +# Provisions Contrail Control and link local services +# +# == Parameters: +# +# [*admin_password*] +# (optional) admin password +# String value. +# Defaults to hiera('contrail::admin_password'), +# +# [*admin_tenant_name*] +# (optional) admin tenant name. +# String value. +# Defaults to hiera('contrail::admin_tenant_name'), +# +# [*admin_token*] +# (optional) admin token +# String value. +# Defaults to hiera('contrail::admin_token'), +# +# [*admin_user*] +# (optional) admin user name. +# String value. +# Defaults to hiera('contrail::admin_user'), +# +# [*api_server*] +# (optional) IP address of api server +# String value. +# Defaults to hiera('contrail_config_vip') +# +# [*auth_host*] +# (optional) keystone server ip address +# String (IPv4) value. +# Defaults to hiera('contrail::auth_host'), +# +# [*auth_port*] +# (optional) keystone port. +# Defaults to hiera('contrail::auth_port'), +# +# [*auth_protocol*] +# (optional) authentication protocol. +# Defaults to hiera('contrail::auth_protocol'), +# +# [*step*] +# (optional) Step stack is in +# Integer value. +# Defaults to hiera('step') +# +class tripleo::network::contrail::provision( + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $api_server = hiera('contrail_config_vip'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_protocol = hiera('contrail::auth_protocol'), + $step = hiera('step'), +) +{ + if $step >= 5 { + class {'::contrail::control::provision_control': + api_address => $api_server, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + } + class {'::contrail::control::provision_linklocal': + api_address => $api_server, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + ipfabric_service_ip => $api_server, + } + } +} diff --git a/manifests/network/contrail/vrouter.pp b/manifests/network/contrail/vrouter.pp new file mode 100644 index 0000000..2bccd1d --- /dev/null +++ b/manifests/network/contrail/vrouter.pp @@ -0,0 +1,302 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::neutron::opencontrail::vrouter +# +# Opencontrail profile to run the contrail vrouter +# +# === Parameters +# +# [*step*] +# (Optional) The current step of the deployment +# Defaults to hiera('step') +# +# [*admin_password*] +# (optional) admin password +# String value. +# Defaults to hiera('contrail::admin_password') +# +# [*admin_tenant_name*] +# (optional) admin tenant name. +# String value. +# Defaults to hiera('contrail::admin_tenant_name') +# +# [*admin_token*] +# (optional) admin token +# String value. +# Defaults to hiera('contrail::admin_token') +# +# [*admin_user*] +# (optional) admin user name. +# String value. +# Defaults to hiera('contrail::admin_user') +# +# [*api_server*] +# (optional) IP address of api server +# String value. +# Defaults to hiera('contrail_config_vip') +# +# [*api_port*] +# (optional) port of api server +# String value. +# Defaults to hiera('contrail::api_port') +# +# [*auth_host*] +# (optional) keystone server ip address +# String (IPv4) value. +# Defaults to hiera('contrail::auth_host') +# +# [*auth_port*] +# (optional) keystone port. +# Integer value. +# Defaults to hiera('contrail::auth_port') +# +# [*auth_port_ssl*] +# (optional) keystone ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl') +# +# [*auth_protocol*] +# (optional) authentication protocol. +# String value. +# Defaults to hiera('contrail::auth_protocol') +# +# [*ca_file*] +# (optional) ca file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*cert_file*] +# (optional) cert file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*control_server*] +# (optional) Contrail control server IP +# Array of String (IPv4) value. +# Defaults to hiera('contrail_control_node_ips') +# +# [*disc_server_ip*] +# (optional) IPv4 address of discovery server. +# String (IPv4) value. +# Defaults to hiera('contrail_config_vip'), +# +# [*disc_server_port*] +# (optional) port Discovery server listens on. +# Integer value. +# Defaults to hiera('contrail::disc_server_port') +# +# [*gateway*] +# (optional) Default GW for vrouter +# String (IPv4) value. +# Defaults to hiera('contrail::vrouter::gateway') +# +# [*host_ip*] +# (optional) host IP address of vrouter +# String (IPv4) value. +# Defaults to hiera('contrail::vrouter::host_ip') +# +# [*insecure*] +# (optional) insecure connections allowed +# String value. +# Defaults to hiera('contrail::insecure') +# +# [*memcached_servers*] +# (optional) memcached server ip +# String (IPv4) value. +# Defaults to hiera('contrail::memcached_server') +# +# [*metadata_secret*] +# (optional) secret for metadata +# String value. +# Defaults to hiera('contrail::vrouter::metadata_proxy_shared_secret') +# +# [*netmask*] +# (optional) netmask for vrouter interface +# String (IPv4) value. +# Defaults to hiera('contrail::vrouter::netmask') +# +# [*physical_interface*] +# (optional) vrouter interface +# String value. +# Defaults to hiera('contrail::vrouter::physical_interface') +# +# [*public_vip*] +# (optional) Public VIP to Keystone +# String (IPv4) value. +# Defaults to hiera('public_virtual_ip') +# +# [*is_tsn*] +# (optional) Turns vrouter into TSN +# String value. +# Defaults to hiera('contrail::vrouter::is_tsn',false) +# +class tripleo::network::contrail::vrouter ( + $step = hiera('step'), + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $api_port = hiera('contrail::api_port'), + $api_server = hiera('contrail_config_vip'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_port_ssl = hiera('contrail::auth_port_ssl'), + $auth_protocol = hiera('contrail::auth_protocol'), + $ca_file = hiera('contrail::service_certificate',false), + $cert_file = hiera('contrail::service_certificate',false), + $control_server = hiera('contrail_control_node_ips'), + $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $gateway = hiera('contrail::vrouter::gateway'), + $host_ip = hiera('contrail::vrouter::host_ip'), + $insecure = hiera('contrail::insecure'), + $memcached_servers = hiera('contrail::memcached_server'), + $metadata_secret = hiera('contrail::vrouter::metadata_proxy_shared_secret'), + $netmask = hiera('contrail::vrouter::netmask'), + $physical_interface = hiera('contrail::vrouter::physical_interface'), + $public_vip = hiera('public_virtual_ip'), + $is_tsn = hiera('contrail::vrouter::is_tsn',false), +) { + $cidr = netmask_to_cidr($netmask) + notify { 'cidr': + message => $cidr, + } + $macaddress = inline_template("<%= scope.lookupvar('::macaddress_${physical_interface}') -%>") + #include ::contrail::vrouter + # NOTE: it's not possible to use this class without a functional + # contrail controller up and running + $control_server_list = join($control_server, ' ') + if $auth_protocol == 'https' { + $keystone_config = { + 'KEYSTONE' => { + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_user' => $admin_user, + 'auth_host' => $auth_host, + 'auth_port' => $auth_port_ssl, + 'auth_protocol' => $auth_protocol, + 'insecure' => $insecure, + 'memcached_servers' => $memcached_servers, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + }, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, + 'AUTHN_PORT' => $auth_port_ssl, + 'AUTHN_PROTOCOL' => $auth_protocol, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + }, + } + } else { + $keystone_config = { + 'KEYSTONE' => { + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_user' => $admin_user, + 'auth_host' => $auth_host, + 'auth_port' => $auth_port, + 'auth_protocol' => $auth_protocol, + 'insecure' => $insecure, + 'memcached_servers' => $memcached_servers, + }, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, + }, + } + } + if $is_tsn { + $vrouter_agent_config = { + 'DEBUG' => { + 'agent_mode' => 'tsn', + }, + 'CONTROL-NODE' => { + 'server' => $control_server_list, + }, + 'VIRTUAL-HOST-INTERFACE' => { + 'compute_node_address' => $host_ip, + 'gateway' => $gateway, + 'ip' => "${host_ip}/${cidr}", + 'name' => 'vhost0', + 'physical_interface' => $physical_interface, + }, + 'METADATA' => { + 'metadata_proxy_secret' => $metadata_secret, + }, + 'DISCOVERY' => { + 'server' => $disc_server_ip, + 'port' => $disc_server_port, + }, + } + } else { + $vrouter_agent_config = { + 'CONTROL-NODE' => { + 'server' => $control_server_list, + }, + 'VIRTUAL-HOST-INTERFACE' => { + 'compute_node_address' => $host_ip, + 'gateway' => $gateway, + 'ip' => "${host_ip}/${cidr}", + 'name' => 'vhost0', + 'physical_interface' => $physical_interface, + }, + 'METADATA' => { + 'metadata_proxy_secret' => $metadata_secret, + }, + 'DISCOVERY' => { + 'server' => $disc_server_ip, + 'port' => $disc_server_port, + }, + } + } + class {'::contrail::vrouter': + discovery_ip => $disc_server_ip, + gateway => $gateway, + host_ip => $host_ip, + is_tsn => $is_tsn, + macaddr => $macaddress, + mask => $cidr, + netmask => $netmask, + physical_interface => $physical_interface, + vhost_ip => $host_ip, + keystone_config => $keystone_config, + vrouter_agent_config => $vrouter_agent_config, + vrouter_nodemgr_config => { + 'DISCOVERY' => { + 'server' => $disc_server_ip, + 'port' => $disc_server_port, + }, + }, + vnc_api_lib_config => $vnc_api_lib_config, + } + if $step >= 5 { + class {'::contrail::vrouter::provision_vrouter': + api_address => $api_server, + api_port => $api_port, + host_ip => $host_ip, + node_name => $::hostname, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + is_tsn => $is_tsn, + } + } +} diff --git a/manifests/network/contrail/webui.pp b/manifests/network/contrail/webui.pp index 0b308a4..b621811 100644 --- a/manifests/network/contrail/webui.pp +++ b/manifests/network/contrail/webui.pp @@ -19,18 +19,6 @@ # # == Parameters: # -# [*contrail_analytics_vip*] -# (required) VIP of Contrail Analytics -# String (IPv4) value. -# -# [*contrail_config_vip*] -# (required) VIP of Contrail Config -# String (IPv4) value. -# -# [*neutron_vip*] -# (required) VIP of Neutron -# String (IPv4) value. -# # [*admin_password*] # (optional) admin password # String value. @@ -56,11 +44,46 @@ # String (IPv4) value. # Defaults to hiera('contrail::auth_host') # +# [*auth_port_public*] +# (optional) keystone port. +# Integer value. +# Defaults to hiera('contrail::auth_port_public') +# +# [*auth_port_ssl*] +# (optional) keystone ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl') +# +# [*auth_port_ssl_public*] +# (optional) keystone public ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl_public') +# +# [*auth_protocol*] +# (optional) authentication protocol. +# String value. +# Defaults to hiera('contrail::auth_protocol') +# +# [*cert_file*] +# (optional) cert file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# # [*cassandra_server_list*] # (optional) List IPs+port of Cassandra servers # Array of strings value. # Defaults to hiera('contrail::cassandra_server_list') # +# [*contrail_analytics_vip*] +# (optional) VIP of Contrail Analytics +# String (IPv4) value. +# Defaults to hiera('contrail_analytics_vip') +# +# [*contrail_config_vip*] +# (optional) VIP of Contrail Config +# String (IPv4) value. +# Defaults to hiera('contrail_config_vip') +# # [*contrail_webui_http_port*] # (optional) Webui HTTP Port # Integer value. @@ -71,38 +94,55 @@ # Integer value. # Defaults to 8143 # +# [*neutron_vip*] +# (optional) VIP of Neutron +# String (IPv4) value. +# Defaults to hiera('neutron_api_vip') +# # [*redis_ip*] # (optional) IP of Redis # String (IPv4) value. # Defaults to '127.0.0.1' # class tripleo::network::contrail::webui( - $contrail_analytics_vip, - $contrail_config_vip, - $neutron_vip, - $admin_password = hiera('contrail::admin_password'), - $admin_tenant_name = hiera('contrail::admin_tenant_name'), - $admin_token = hiera('contrail::admin_token'), - $admin_user = hiera('contrail::admin_user'), - $auth_host = hiera('contrail::auth_host'), - $cassandra_server_list = hiera('contrail::cassandra_server_list'), - $contrail_webui_http_port = 8080, - $contrail_webui_https_port = 8143, - $redis_ip = '127.0.0.1', + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $auth_host = hiera('contrail::auth_host'), + $auth_protocol = hiera('contrail::auth_protocol'), + $auth_port_public = hiera('contrail::auth_port_public'), + $auth_port_ssl_public = hiera('contrail::auth_port_ssl_public'), + $cassandra_server_list = hiera('contrail_database_node_ips'), + $cert_file = hiera('contrail::cert_file'), + $contrail_analytics_vip = hiera('contrail_analytics_vip'), + $contrail_config_vip = hiera('contrail_config_vip'), + $contrail_webui_http_port = hiera('contrail::webui::http_port'), + $contrail_webui_https_port = hiera('contrail::webui::https_port'), + $neutron_vip = hiera('neutron_api_vip'), + $redis_ip = hiera('contrail::webui::redis_ip'), ) { + if $auth_protocol == 'https' { + $auth_port = $auth_port_ssl_public + } else { + $auth_port = $auth_port_public + } class {'::contrail::webui': - openstack_vip => $auth_host, - contrail_config_vip => $contrail_config_vip, - contrail_analytics_vip => $contrail_analytics_vip, - neutron_vip => $neutron_vip, - cassandra_ip => $cassandra_server_list, - redis_ip => $redis_ip, - contrail_webui_http_port => $contrail_webui_http_port, - contrail_webui_https_port => $contrail_webui_https_port, admin_user => $admin_user, admin_password => $admin_password, admin_token => $admin_token, admin_tenant_name => $admin_tenant_name, + auth_port => $auth_port, + auth_protocol => $auth_protocol, + cassandra_ip => $cassandra_server_list, + cert_file => $cert_file, + contrail_config_vip => $contrail_config_vip, + contrail_analytics_vip => $contrail_analytics_vip, + contrail_webui_http_port => $contrail_webui_http_port, + contrail_webui_https_port => $contrail_webui_https_port, + neutron_vip => $neutron_vip, + openstack_vip => $auth_host, + redis_ip => $redis_ip, } } diff --git a/manifests/pacemaker/haproxy_with_vip.pp b/manifests/pacemaker/haproxy_with_vip.pp index 0539beb..a27b94b 100644 --- a/manifests/pacemaker/haproxy_with_vip.pp +++ b/manifests/pacemaker/haproxy_with_vip.pp @@ -27,11 +27,35 @@ # (String) IP address on which HAProxy is colocated # Required # +# [*location_rule*] +# (optional) Add a location constraint before actually enabling +# the resource. Must be a hash like the following example: +# location_rule => { +# resource_discovery => 'exclusive', # optional +# role => 'master|slave', # optional +# score => 0, # optional +# score_attribute => foo, # optional +# # Multiple expressions can be used +# expression => ['opsrole eq controller'] +# } +# Defaults to undef +# +# [*pcs_tries*] +# (Optional) The number of times pcs commands should be retried. +# Defaults to 1 +# # [*ensure*] # (Boolean) Create the all the resources only if true. False won't # destroy the resource, it will just not create them. # Default to true -define tripleo::pacemaker::haproxy_with_vip($vip_name, $ip_address, $ensure = true) { +# +define tripleo::pacemaker::haproxy_with_vip( + $vip_name, + $ip_address, + $location_rule = undef, + $pcs_tries = 1, + $ensure = true) +{ if($ensure) { if is_ipv6_address($ip_address) { $netmask = '64' @@ -40,25 +64,29 @@ define tripleo::pacemaker::haproxy_with_vip($vip_name, $ip_address, $ensure = tr } pacemaker::resource::ip { "${vip_name}_vip": - ip_address => $ip_address, - cidr_netmask => $netmask, + ip_address => $ip_address, + cidr_netmask => $netmask, + location_rule => $location_rule, + tries => $pcs_tries, } - pacemaker::constraint::base { "${vip_name}_vip-then-haproxy": - constraint_type => 'order', + pacemaker::constraint::order { "${vip_name}_vip-then-haproxy": first_resource => "ip-${ip_address}", second_resource => 'haproxy-clone', first_action => 'start', second_action => 'start', constraint_params => 'kind=Optional', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip["${vip_name}_vip"]], + tries => $pcs_tries, } pacemaker::constraint::colocation { "${vip_name}_vip-with-haproxy": - source => "ip-${ip_address}", - target => 'haproxy-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip["${vip_name}_vip"]], + source => "ip-${ip_address}", + target => 'haproxy-clone', + score => 'INFINITY', + tries => $pcs_tries, } + + Pacemaker::Resource::Ip["${vip_name}_vip"] -> + Pacemaker::Resource::Service['haproxy'] -> + Pacemaker::Constraint::Order["${vip_name}_vip-then-haproxy"] -> + Pacemaker::Constraint::Colocation["${vip_name}_vip-with-haproxy"] } } diff --git a/manifests/profile/base/auditd.pp b/manifests/profile/base/auditd.pp new file mode 100644 index 0000000..628db08 --- /dev/null +++ b/manifests/profile/base/auditd.pp @@ -0,0 +1,30 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == class: tripleo::profile::base::auditd +# +# auditd profile for tripleo +# +# === Parameters +# +# [*step*] +# Defaults to hiera('step') +# +class tripleo::profile::base::auditd ( + $step = hiera('step'), +) { + if $step >= 4 { + include ::auditd + } +} diff --git a/manifests/profile/base/congress.pp b/manifests/profile/base/congress.pp new file mode 100644 index 0000000..1731e81 --- /dev/null +++ b/manifests/profile/base/congress.pp @@ -0,0 +1,86 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::congress +# +# Congress server profile for tripleo +# +# === Parameters +# +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# +# [*messaging_driver*] +# Driver for messaging service. +# Defaults to hiera('messaging_service_name', 'rabbit') +# +# [*messaging_hosts*] +# list of the messaging host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*messaging_password*] +# Password for messaging congress queue +# Defaults to hiera('congress::rabbit_password') +# +# [*messaging_port*] +# IP port for messaging service +# Defaults to hiera('congress::rabbit_port', 5672) +# +# [*messaging_username*] +# Username for messaging congress queue +# Defaults to hiera('congress::rabbit_userid', 'guest') +# +# [*messaging_use_ssl*] +# Flag indicating ssl usage. +# Defaults to hiera('congress::rabbit_use_ssl', '0') +# +# [*step*] +# (Optional) The current step of the deployment +# Defaults to hiera('step') + +class tripleo::profile::base::congress ( + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $messaging_driver = hiera('messaging_service_name', 'rabbit'), + $messaging_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $messaging_password = hiera('congress::rabbit_password'), + $messaging_port = hiera('congress::rabbit_port', '5672'), + $messaging_username = hiera('congress::rabbit_userid', 'guest'), + $messaging_use_ssl = hiera('congress::rabbit_use_ssl', '0'), + $step = hiera('step'), +) { + if $::hostname == downcase($bootstrap_node) { + $sync_db = true + } else { + $sync_db = false + } + + if $step >= 4 or ($step >= 3 and $sync_db){ + $messaging_use_ssl_real = sprintf('%s', bool2num(str2bool($messaging_use_ssl))) + class { '::congress': + sync_db => $sync_db, + default_transport_url => os_transport_url({ + 'transport' => $messaging_driver, + 'hosts' => $messaging_hosts, + 'port' => sprintf('%s', $messaging_port), + 'username' => $messaging_username, + 'password' => $messaging_password, + 'ssl' => $messaging_use_ssl_real, + }), + } + + include ::congress::server + include ::congress::db + } +} diff --git a/manifests/profile/base/database/mysql.pp b/manifests/profile/base/database/mysql.pp index 1692108..4ccfabc 100644 --- a/manifests/profile/base/database/mysql.pp +++ b/manifests/profile/base/database/mysql.pp @@ -151,6 +151,9 @@ class tripleo::profile::base::database::mysql ( if hiera('cinder_api_enabled', false) { include ::cinder::db::mysql } + if hiera('congress_enabled', false) { + include ::congress::db::mysql + } if hiera('glance_api_enabled', false) { include ::glance::db::mysql } @@ -185,12 +188,18 @@ class tripleo::profile::base::database::mysql ( if hiera('sahara_api_enabled', false) { include ::sahara::db::mysql } + if hiera('tacker_enabled', false) { + include ::tacker::db::mysql + } if hiera('trove_api_enabled', false) { include ::trove::db::mysql } if hiera('panko_api_enabled', false) { include ::panko::db::mysql } + if hiera('ec2_api_enabled', false) { + include ::ec2api::db::mysql + } } } diff --git a/manifests/profile/base/docker_registry.pp b/manifests/profile/base/docker_registry.pp index 05a516d..ebe84bf 100644 --- a/manifests/profile/base/docker_registry.pp +++ b/manifests/profile/base/docker_registry.pp @@ -19,21 +19,22 @@ # === Parameters: # # [*registry_host*] -# (String) IP address on which the Docker registry is listening on +# (String) IP address or hostname the Docker registry binds to # Defaults to hiera('controller_host') # # [*registry_port*] # (Integer) The port on which the Docker registry is listening on # Defaults to 8787 # -# [*controller_admin_vip*] -# (String) VIP of the host -# Defaults to hiera('controller_admin_vip') +# [*registry_admin_host*] +# (String) IP address or hostname the Docker registry binds to in the admin +# network +# Defaults to hiera('controller_admin_host') # class tripleo::profile::base::docker_registry ( - $registry_host = hiera('controller_host'), - $registry_port = 8787, - $controller_admin_vip = hiera('controller_admin_vip'), + $registry_host = hiera('controller_host'), + $registry_port = 8787, + $registry_admin_host = hiera('controller_admin_host'), ) { # We want a v2 registry package{'docker-registry': @@ -55,7 +56,7 @@ class tripleo::profile::base::docker_registry ( line => join ([ 'INSECURE_REGISTRY="', '--insecure-registry ', $registry_host, ':', $registry_port, ' ', - '--insecure-registry ', $controller_admin_vip, ':', $registry_port, '"']), + '--insecure-registry ', $registry_admin_host, ':', $registry_port, '"']), match => 'INSECURE_REGISTRY=', require => Package['docker'], notify => Service['docker'], diff --git a/manifests/profile/base/glance/api.pp b/manifests/profile/base/glance/api.pp index 8945fff..e5807f6 100644 --- a/manifests/profile/base/glance/api.pp +++ b/manifests/profile/base/glance/api.pp @@ -22,10 +22,39 @@ # (Optional) The hostname of the node responsible for bootstrapping tasks # Defaults to hiera('bootstrap_nodeid') # +# [*certificates_specs*] +# (Optional) The specifications to give to certmonger for the certificate(s) +# it will create. +# Example with hiera: +# apache_certificates_specs: +# httpd-internal_api: +# hostname: <overcloud controller fqdn> +# service_certificate: <service certificate path> +# service_key: <service key path> +# principal: "haproxy/<overcloud controller fqdn>" +# Defaults to hiera('apache_certificate_specs', {}). +# +# [*enable_internal_tls*] +# (Optional) Whether TLS in the internal network is enabled or not. +# Defaults to hiera('enable_internal_tls', false) +# +# [*generate_service_certificates*] +# (Optional) Whether or not certmonger will generate certificates for +# HAProxy. This could be as many as specified by the $certificates_specs +# variable. +# Note that this doesn't configure the certificates in haproxy, it merely +# creates the certificates. +# Defaults to hiera('generate_service_certificate', false). +# # [*glance_backend*] # (Optional) Glance backend(s) to use. # Defaults to downcase(hiera('glance_backend', 'swift')) # +# [*glance_network*] +# (Optional) The network name where the glance endpoint is listening on. +# This is set by t-h-t. +# Defaults to hiera('glance_api_network', undef) +# # [*glance_nfs_enabled*] # (Optional) Whether to use NFS mount as 'file' backend storage location. # Defaults to false @@ -42,15 +71,40 @@ # [*rabbit_port*] # IP port for rabbitmq service # Defaults to hiera('glance::notify::rabbitmq::rabbit_port', 5672) - +# +# [*tls_proxy_bind_ip*] +# IP on which the TLS proxy will listen on. Required only if +# enable_internal_tls is set. +# Defaults to undef +# +# [*tls_proxy_fqdn*] +# fqdn on which the tls proxy will listen on. required only used if +# enable_internal_tls is set. +# defaults to undef +# +# [*tls_proxy_port*] +# port on which the tls proxy will listen on. Only used if +# enable_internal_tls is set. +# defaults to 9292 +# class tripleo::profile::base::glance::api ( - $bootstrap_node = hiera('bootstrap_nodeid', undef), - $glance_backend = downcase(hiera('glance_backend', 'swift')), - $glance_nfs_enabled = false, - $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_names', undef), - $rabbit_port = hiera('glance::notify::rabbitmq::rabbit_port', 5672), + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $certificates_specs = hiera('apache_certificates_specs', {}), + $enable_internal_tls = hiera('enable_internal_tls', false), + $generate_service_certificates = hiera('generate_service_certificates', false), + $glance_backend = downcase(hiera('glance_backend', 'swift')), + $glance_network = hiera('glance_api_network', undef), + $glance_nfs_enabled = false, + $step = hiera('step'), + $rabbit_hosts = hiera('rabbitmq_node_names', undef), + $rabbit_port = hiera('glance::notify::rabbitmq::rabbit_port', 5672), + $tls_proxy_bind_ip = undef, + $tls_proxy_fqdn = undef, + $tls_proxy_port = 9292, ) { + if $enable_internal_tls and $generate_service_certificates { + ensure_resources('tripleo::certmonger::httpd', $certificates_specs) + } if $::hostname == downcase($bootstrap_node) { $sync_db = true @@ -63,6 +117,28 @@ class tripleo::profile::base::glance::api ( } if $step >= 4 or ($step >= 3 and $sync_db) { + if $enable_internal_tls { + if !$glance_network { + fail('glance_api_network is not set in the hieradata.') + } + if !$tls_proxy_bind_ip { + fail('glance_api_tls_proxy_bind_ip is not set in the hieradata.') + } + if !$tls_proxy_fqdn { + fail('tls_proxy_fqdn is required if internal TLS is enabled.') + } + $tls_certfile = $certificates_specs["httpd-${glance_network}"]['service_certificate'] + $tls_keyfile = $certificates_specs["httpd-${glance_network}"]['service_key'] + + ::tripleo::tls_proxy { 'glance-api': + servername => $tls_proxy_fqdn, + ip => $tls_proxy_bind_ip, + port => $tls_proxy_port, + tls_cert => $tls_certfile, + tls_key => $tls_keyfile, + notify => Class['::glance::api'], + } + } case $glance_backend { 'swift': { $backend_store = 'glance.store.swift.Store' } 'file': { $backend_store = 'glance.store.filesystem.Store' } @@ -75,6 +151,7 @@ class tripleo::profile::base::glance::api ( # TODO: notifications, scrubber, etc. include ::glance include ::glance::config + # TODO(jaosorior): Remove bind_host when we set it up conditionally in t-h-t class { '::glance::api': stores => $glance_store, sync_db => $sync_db, diff --git a/manifests/profile/base/horizon.pp b/manifests/profile/base/horizon.pp index be07c0e..bd28ab0 100644 --- a/manifests/profile/base/horizon.pp +++ b/manifests/profile/base/horizon.pp @@ -30,7 +30,7 @@ class tripleo::profile::base::horizon ( # Horizon include ::apache::mod::remoteip include ::apache::mod::status - if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { + if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers', undef) { $_profile_support = 'cisco' } else { $_profile_support = 'None' diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index a388def..72049e3 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -209,6 +209,9 @@ class tripleo::profile::base::keystone ( if hiera('cinder_api_enabled', false) { include ::cinder::keystone::auth } + if hiera('congress_enabled', false) { + include ::congress::keystone::auth + } if hiera('glance_api_enabled', false) { include ::glance::keystone::auth } @@ -248,6 +251,9 @@ class tripleo::profile::base::keystone ( if hiera('swift_proxy_enabled', false) { include ::swift::keystone::auth } + if hiera('tacker_enabled', false) { + include ::tacker::keystone::auth + } if hiera('trove_api_enabled', false) { include ::trove::keystone::auth } @@ -255,6 +261,8 @@ class tripleo::profile::base::keystone ( include ::zaqar::keystone::auth include ::zaqar::keystone::auth_websocket } + if hiera('ec2_api_enabled', false) { + include ::ec2api::keystone::auth + } } } - diff --git a/manifests/profile/base/metrics/collectd.pp b/manifests/profile/base/metrics/collectd.pp index 0f738d1..d8e6f89 100644 --- a/manifests/profile/base/metrics/collectd.pp +++ b/manifests/profile/base/metrics/collectd.pp @@ -1,13 +1,27 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# # == Class: tripleo::profile::base::metrics::collectd # # Collectd configuration for TripleO # # === Parameters # -# [*collectd_plugins*] -# (Optional) List. A list of collectd plugins to configure (the -# corresponding collectd::plugin::NAME class must exist in the -# collectd package). +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') # # [*collectd_server*] # (Optional) String. The name or address of a collectd server to @@ -28,61 +42,62 @@ # [*collectd_securitylevel*] # (Optional) String. # -# [*collectd_interface*] -# (Optional) String. Name of a network interface. -# -# [*collectd_graphite_server*] -# (Optional) String. The name or address of a graphite server to -# which we should send metrics. -# -# [*collectd_graphite_port*] -# (Optional) Integer. This is the port to which we will connect on -# the graphite server. Defaults to 2004. -# -# [*collectd_graphite_prefix*] -# (Optional) String. Prefix to add to metric names. Defaults to -# 'overcloud.'. -# -# [*collectd_graphite_protocol*] -# (Optional) String. One of 'udp' or 'tcp'. -# +# [*service_names*] +# (Optional) List of strings. A list of active services in this tripleo +# deployment. This is used to look up service-specific plugins that +# need to be installed. class tripleo::profile::base::metrics::collectd ( - $collectd_plugins = [], + $step = hiera('step'), $collectd_server = undef, - $collectd_port = 25826, + $collectd_port = undef, $collectd_username = undef, $collectd_password = undef, $collectd_securitylevel = undef, - - $collectd_graphite_server = undef, - $collectd_graphite_port = 2004, - $collectd_graphite_prefix = undef, - $collectd_graphite_protocol = 'udp' + $service_names = hiera('service_names', []) ) { - include ::collectd - ::tripleo::profile::base::metrics::collectd::plugin_helper { $collectd_plugins: } + if $step >= 3 { + include ::collectd - if ! ($collectd_graphite_protocol in ['udp', 'tcp']) { - fail("collectd_graphite_protocol must be one of 'udp' or 'tcp'") - } + if ! ($collectd_securitylevel in [undef, 'None', 'Sign', 'Encrypt']) { + fail('collectd_securitylevel must be one of (None, Sign, Encrypt).') + } + + # Load per-service plugin configuration + ::tripleo::profile::base::metrics::collectd::collectd_service { + $service_names: } + + # Because THT doesn't allow us to default values to undef, we need + # to perform a number of transformations here to avoid passing a bunch of + # empty strings to the collectd plugins. - if $collectd_server { - ::collectd::plugin::network::server { $collectd_server: - username => $collectd_username, - password => $collectd_password, - port => $collectd_port, - securitylevel => $collectd_securitylevel, + $_collectd_username = empty($collectd_username) ? { + true => undef, + default => $collectd_username + } + + $_collectd_password = empty($collectd_password) ? { + true => undef, + default => $collectd_password } - } - if $collectd_graphite_server { - ::collectd::plugin::write_graphite::carbon { 'openstack_graphite': - graphitehost => $collectd_graphite_server, - graphiteport => $collectd_graphite_port, - graphiteprefix => $collectd_graphite_prefix, - protocol => $collectd_graphite_protocol, + $_collectd_port = empty($collectd_port) ? { + true => undef, + default => $collectd_port + } + + $_collectd_securitylevel = empty($collectd_securitylevel) ? { + true => undef, + default => $collectd_securitylevel + } + + if ! empty($collectd_server) { + ::collectd::plugin::network::server { $collectd_server: + username => $_collectd_username, + password => $_collectd_password, + port => $_collectd_port, + securitylevel => $_collectd_securitylevel, + } } } } - diff --git a/manifests/profile/base/metrics/collectd/collectd_plugin.pp b/manifests/profile/base/metrics/collectd/collectd_plugin.pp new file mode 100644 index 0000000..5ab940b --- /dev/null +++ b/manifests/profile/base/metrics/collectd/collectd_plugin.pp @@ -0,0 +1,6 @@ +# We use this to transform a list of unqualified plugin names +# (like ['disk', 'ntpd']) into the correct collectd plugin classes. +define tripleo::profile::base::metrics::collectd::collectd_plugin ( +) { + include "collectd::plugin::${title}" +} diff --git a/manifests/profile/base/metrics/collectd/collectd_service.pp b/manifests/profile/base/metrics/collectd/collectd_service.pp new file mode 100644 index 0000000..c1b3a60 --- /dev/null +++ b/manifests/profile/base/metrics/collectd/collectd_service.pp @@ -0,0 +1,11 @@ +# This is used to look up a list of service-specific collectd plugins +# in the hiera data provided by THT. +define tripleo::profile::base::metrics::collectd::collectd_service ( +) { + $plugins = hiera("tripleo.collectd.plugins.${title}", []) + + if $plugins { + ::tripleo::profile::base::metrics::collectd::collectd_plugin { + $plugins: } + } +} diff --git a/manifests/profile/base/neutron/server.pp b/manifests/profile/base/neutron/server.pp index 4667ae2..5d6909f 100644 --- a/manifests/profile/base/neutron/server.pp +++ b/manifests/profile/base/neutron/server.pp @@ -22,10 +22,34 @@ # (Optional) The hostname of the node responsible for bootstrapping tasks # Defaults to hiera('bootstrap_nodeid') # -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') +# [*certificates_specs*] +# (Optional) The specifications to give to certmonger for the certificate(s) +# it will create. +# Example with hiera: +# apache_certificates_specs: +# httpd-internal_api: +# hostname: <overcloud controller fqdn> +# service_certificate: <service certificate path> +# service_key: <service key path> +# principal: "haproxy/<overcloud controller fqdn>" +# Defaults to hiera('apache_certificate_specs', {}). +# +# [*dvr_enabled*] +# (Optional) Is dvr enabled, used when no override is passed to +# l3_ha_override to calculate enabling l3 HA. +# Defaults to hiera('neutron::server::router_distributed') or false +# +# [*enable_internal_tls*] +# (Optional) Whether TLS in the internal network is enabled or not. +# Defaults to hiera('enable_internal_tls', false) +# +# [*generate_service_certificates*] +# (Optional) Whether or not certmonger will generate certificates for +# HAProxy. This could be as many as specified by the $certificates_specs +# variable. +# Note that this doesn't configure the certificates in haproxy, it merely +# creates the certificates. +# Defaults to hiera('generate_service_certificate', false). # # [*l3_ha_override*] # (Optional) Override the calculated value for neutron::server::l3_ha @@ -41,17 +65,49 @@ # (we need to default neutron_l3_short_node_names to an empty list # because some neutron backends disable the l3 agent) # -# [*dvr_enabled*] -# (Optional) Is dvr enabled, used when no override is passed to -# l3_ha_override to calculate enabling l3 HA. -# Defaults to hiera('neutron::server::router_distributed') or false +# [*neutron_network*] +# (Optional) The network name where the neutron endpoint is listening on. +# This is set by t-h-t. +# Defaults to hiera('neutron_api_network', undef) +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +# [*tls_proxy_bind_ip*] +# IP on which the TLS proxy will listen on. Required only if +# enable_internal_tls is set. +# Defaults to undef +# +# [*tls_proxy_fqdn*] +# fqdn on which the tls proxy will listen on. required only used if +# enable_internal_tls is set. +# defaults to undef +# +# [*tls_proxy_port*] +# port on which the tls proxy will listen on. Only used if +# enable_internal_tls is set. +# defaults to 9696 +# class tripleo::profile::base::neutron::server ( - $bootstrap_node = hiera('bootstrap_nodeid', undef), - $step = hiera('step'), - $l3_ha_override = '', - $l3_nodes = hiera('neutron_l3_short_node_names', []), - $dvr_enabled = hiera('neutron::server::router_distributed', false) + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $certificates_specs = hiera('apache_certificates_specs', {}), + $dvr_enabled = hiera('neutron::server::router_distributed', false), + $enable_internal_tls = hiera('enable_internal_tls', false), + $generate_service_certificates = hiera('generate_service_certificates', false), + $l3_ha_override = '', + $l3_nodes = hiera('neutron_l3_short_node_names', []), + $neutron_network = hiera('neutron_api_network', undef), + $step = hiera('step'), + $tls_proxy_bind_ip = undef, + $tls_proxy_fqdn = undef, + $tls_proxy_port = 9696, ) { + if $enable_internal_tls and $generate_service_certificates { + ensure_resources('tripleo::certmonger::httpd', $certificates_specs) + } + if $::hostname == downcase($bootstrap_node) { $sync_db = true } else { @@ -73,7 +129,24 @@ class tripleo::profile::base::neutron::server ( # We start neutron-server on the bootstrap node first, because # it will try to populate tables and we need to make sure this happens # before it starts on other nodes - if $step >= 4 and $sync_db { + if $step >= 4 and $sync_db or $step >= 5 and !$sync_db { + if $enable_internal_tls { + if !$neutron_network { + fail('neutron_api_network is not set in the hieradata.') + } + $tls_certfile = $certificates_specs["httpd-${neutron_network}"]['service_certificate'] + $tls_keyfile = $certificates_specs["httpd-${neutron_network}"]['service_key'] + + ::tripleo::tls_proxy { 'neutron-api': + servername => $tls_proxy_fqdn, + ip => $tls_proxy_bind_ip, + port => $tls_proxy_port, + tls_cert => $tls_certfile, + tls_key => $tls_keyfile, + notify => Class['::neutron::server'], + } + } + include ::neutron::server::notifications # We need to override the hiera value neutron::server::sync_db which is set # to true @@ -82,11 +155,4 @@ class tripleo::profile::base::neutron::server ( l3_ha => $l3_ha, } } - if $step >= 5 and !$sync_db { - include ::neutron::server::notifications - class { '::neutron::server': - sync_db => $sync_db, - l3_ha => $l3_ha, - } - } } diff --git a/manifests/profile/base/nova/api.pp b/manifests/profile/base/nova/api.pp index 8ded3ef..83baae2 100644 --- a/manifests/profile/base/nova/api.pp +++ b/manifests/profile/base/nova/api.pp @@ -85,25 +85,8 @@ class tripleo::profile::base::nova::api ( $tls_keyfile = undef } - if ($step >= 3 and $sync_db) { - $messaging_hosts_real = any2array($::tripleo::profile::base::nova::messaging_hosts) - # TODO(aschultz): remove sprintf once we properly type the port, needs - # to be a string for the os_transport_url function. - $messaging_port_real = sprintf('%s', $::tripleo::profile::base::nova::messaging_port) - $messaging_use_ssl_real = sprintf('%s', bool2num(str2bool($::tripleo::profile::base::nova::messaging_use_ssl))) - - #TODO(emilien): enable it again when it's fixed upstream in nova - # https://bugs.launchpad.net/tripleo/+bug/1649341 - # class { '::nova::db::sync_cell_v2': - # transport_url => os_transport_url({ - # 'transport' => $::tripleo::profile::base::nova::messaging_driver, - # 'hosts' => $messaging_hosts_real, - # 'port' => $messaging_port_real, - # 'username' => $::tripleo::profile::base::nova::messaging_username, - # 'password' => $::tripleo::profile::base::nova::messaging_password, - # 'ssl' => $messaging_use_ssl_real, - # }), - # } + if $step >= 3 and $sync_db { + include ::nova::cell_v2::simple_setup } if $step >= 4 or ($step >= 3 and $sync_db) { diff --git a/manifests/profile/base/nova/ec2api.pp b/manifests/profile/base/nova/ec2api.pp new file mode 100644 index 0000000..f34b071 --- /dev/null +++ b/manifests/profile/base/nova/ec2api.pp @@ -0,0 +1,35 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::nova::ec2api +# +# EC2-compatible Nova API profile for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::nova::ec2api ( + $step = hiera('step') +) { + if $step >= 4 { + include ::ec2api + include ::ec2api::api + include ::ec2api::db::sync + include ::ec2api::metadata + } +} diff --git a/manifests/profile/base/pacemaker.pp b/manifests/profile/base/pacemaker.pp index 671f1e7..6021731 100644 --- a/manifests/profile/base/pacemaker.pp +++ b/manifests/profile/base/pacemaker.pp @@ -23,9 +23,54 @@ # for more details. # Defaults to hiera('step') # +# [*pcs_tries*] +# (Optional) The number of times pcs commands should be retried. +# Defaults to hiera('pcs_tries', 20) +# +# [*remote_short_node_names*] +# (Optional) List of short node names for pacemaker remote nodes +# Defaults to hiera('pacemaker_remote_short_node_names', []) +# +# [*remote_node_ips*] +# (Optional) List of node ips for pacemaker remote nodes +# Defaults to hiera('pacemaker_remote_node_ips', []) +# +# [*remote_authkey*] +# (Optional) Authkey for pacemaker remote nodes +# Defaults to undef +# +# [*remote_reconnect_interval*] +# (Optional) Reconnect interval for the remote +# Defaults to hiera('pacemaker_remote_reconnect_interval', 60) +# +# [*remote_monitor_interval*] +# (Optional) Monitor interval for the remote +# Defaults to hiera('pacemaker_monitor_reconnect_interval', 20) +# +# [*remote_tries*] +# (Optional) Number of tries for the remote resource creation +# Defaults to hiera('pacemaker_remote_tries', 5) +# +# [*remote_try_sleep*] +# (Optional) Number of seconds to sleep between remote creation tries +# Defaults to hiera('pacemaker_remote_try_sleep', 60) +# class tripleo::profile::base::pacemaker ( - $step = hiera('step'), + $step = hiera('step'), + $pcs_tries = hiera('pcs_tries', 20), + $remote_short_node_names = hiera('pacemaker_remote_short_node_names', []), + $remote_node_ips = hiera('pacemaker_remote_node_ips', []), + $remote_authkey = undef, + $remote_reconnect_interval = hiera('pacemaker_remote_reconnect_interval', 60), + $remote_monitor_interval = hiera('pacemaker_remote_monitor_interval', 20), + $remote_tries = hiera('pacemaker_remote_tries', 5), + $remote_try_sleep = hiera('pacemaker_remote_try_sleep', 60), ) { + + if count($remote_short_node_names) != count($remote_node_ips) { + fail("Count of ${remote_short_node_names} is not equal to count of ${remote_node_ips}") + } + Pcmk_resource <| |> { tries => 10, try_sleep => 3, @@ -55,9 +100,11 @@ class tripleo::profile::base::pacemaker ( cluster_members => $pacemaker_cluster_members, setup_cluster => $pacemaker_master, cluster_setup_extras => $cluster_setup_extras, + remote_authkey => $remote_authkey, } class { '::pacemaker::stonith': disable => !$enable_fencing, + tries => $pcs_tries, } if $enable_fencing { include ::tripleo::fencing @@ -69,6 +116,21 @@ class tripleo::profile::base::pacemaker ( # enable stonith after all fencing devices have been created Class['tripleo::fencing'] -> Class['pacemaker::stonith'] } + # We have pacemaker remote nodes configured so let's add them as resources + # We do this during step 1 right after wait-for-settle, because during step 2 + # resources might already be created on pacemaker remote nodes and we need + # a guarantee that remote nodes are already up + if $pacemaker_master and count($remote_short_node_names) > 0 { + # Creates a { "node" => "ip_address", ...} hash + $remotes_hash = hash(zip($remote_short_node_names, $remote_node_ips)) + pacemaker::resource::remote { $remote_short_node_names: + remote_address => $remotes_hash[$title], + reconnect_interval => $remote_reconnect_interval, + op_params => "monitor interval=${remote_monitor_interval}", + tries => $remote_tries, + try_sleep => $remote_try_sleep, + } + } } if $step >= 2 { diff --git a/manifests/profile/base/glance/registry.pp b/manifests/profile/base/pacemaker_remote.pp index cd40aeb..e0fff63 100644 --- a/manifests/profile/base/glance/registry.pp +++ b/manifests/profile/base/pacemaker_remote.pp @@ -12,39 +12,26 @@ # License for the specific language governing permissions and limitations # under the License. # -# == Class: tripleo::profile::base::glance::registry +# == Class: tripleo::profile::base::pacemaker_remote # -# Glance Registry profile for tripleo +# Pacemaker remote profile for tripleo # # === Parameters # -# [*bootstrap_node*] -# DEPRECATED -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to hiera('bootstrap_nodeid') -# -# [*glance_backend*] -# (Optional) Glance backend(s) to use. -# Defaults to downcase(hiera('glance_backend', 'swift')) +# [*remote_authkey*] +# Authkey for pacemaker remote nodes +# Defaults to unset # # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') # -class tripleo::profile::base::glance::registry ( - $bootstrap_node = undef, - $glance_backend = downcase(hiera('glance_backend', 'swift')), +class tripleo::profile::base::pacemaker_remote ( + $remote_authkey, $step = hiera('step'), ) { - - if $step >= 4 { - # TODO: notifications, scrubber, etc. - include ::glance - include ::glance::config - include ::glance::registry - include ::glance::notify::rabbitmq - include join(['::glance::backend::', $glance_backend]) + class { '::pacemaker::remote': + remote_authkey => $remote_authkey, } - } diff --git a/manifests/profile/base/rabbitmq.pp b/manifests/profile/base/rabbitmq.pp index 15bab44..fd8de8f 100644 --- a/manifests/profile/base/rabbitmq.pp +++ b/manifests/profile/base/rabbitmq.pp @@ -34,6 +34,11 @@ # (Optional) RabbitMQ environment. # Defaults to hiera('rabbitmq_environment'). # +# [*inet_dist_interface*] +# (Optional) Address to bind the inter-cluster interface +# to. It is the inet_dist_use_interface option in the kernel variables +# Defaults to hiera('rabbitmq::interface', undef). +# # [*nodes*] # (Optional) Array of host(s) for RabbitMQ nodes. # Defaults to hiera('rabbitmq_node_names', []). @@ -44,12 +49,13 @@ # Defaults to hiera('step') # class tripleo::profile::base::rabbitmq ( - $config_variables = hiera('rabbitmq_config_variables'), - $environment = hiera('rabbitmq_environment'), - $ipv6 = str2bool(hiera('rabbit_ipv6', false)), - $kernel_variables = hiera('rabbitmq_kernel_variables'), - $nodes = hiera('rabbitmq_node_names', []), - $step = hiera('step'), + $config_variables = hiera('rabbitmq_config_variables'), + $environment = hiera('rabbitmq_environment'), + $ipv6 = str2bool(hiera('rabbit_ipv6', false)), + $kernel_variables = hiera('rabbitmq_kernel_variables'), + $inet_dist_interface = hiera('rabbitmq::interface', undef), + $nodes = hiera('rabbitmq_node_names', []), + $step = hiera('step'), ) { # IPv6 environment, necessary for RabbitMQ. if $ipv6 { @@ -60,6 +66,14 @@ class tripleo::profile::base::rabbitmq ( } else { $rabbit_env = $environment } + if $inet_dist_interface { + $real_kernel_variables = merge( + $kernel_variables, + { 'inet_dist_use_interface' => ip_to_erl_format($inet_dist_interface) }, + ) + } else { + $real_kernel_variables = $kernel_variables + } $manage_service = hiera('rabbitmq::service_manage', true) if $step >= 1 { @@ -68,7 +82,7 @@ class tripleo::profile::base::rabbitmq ( class { '::rabbitmq': config_cluster => $manage_service, cluster_nodes => $nodes, - config_kernel_variables => $kernel_variables, + config_kernel_variables => $real_kernel_variables, config_variables => $config_variables, environment_variables => $rabbit_env, } diff --git a/manifests/profile/base/swift/proxy.pp b/manifests/profile/base/swift/proxy.pp index 5bd75bd..20af9f9 100644 --- a/manifests/profile/base/swift/proxy.pp +++ b/manifests/profile/base/swift/proxy.pp @@ -18,38 +18,58 @@ # # === Parameters # -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') +# [*ceilometer_enabled*] +# Whether the ceilometer pipeline is enabled. +# Defaults to true # -# [*memcache_servers*] -# (Optional) List of memcache servers -# Defaults to hiera('memcached_node_ips') +# [*ceilometer_messaging_driver*] +# Driver for messaging service. +# Defaults to hiera('messaging_service_name', 'rabbit') +# +# [*ceilometer_messaging_hosts*] +# list of the messaging host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*ceilometer_messaging_password*] +# Password for messaging nova queue +# Defaults to hiera('swift::proxy::ceilometer::rabbit_password', undef) +# +# [*ceilometer_messaging_port*] +# IP port for messaging service +# Defaults to hiera('tripleo::profile::base::swift::proxy::rabbit_port', 5672) +# +# [*ceilometer_messaging_use_ssl*] +# Flag indicating ssl usage. +# Defaults to '0' +# +# [*ceilometer_messaging_username*] +# Username for messaging nova queue +# Defaults to hiera('swift::proxy::ceilometer::rabbit_user', 'guest') # # [*memcache_port*] # (Optional) memcache port # Defaults to 11211 # -# [*rabbit_hosts*] -# list of the rabbbit host fqdns -# Defaults to hiera('rabbitmq_node_names') -# -# [*rabbit_port*] -# IP port for rabbitmq service -# Defaults to 5672 +# [*memcache_servers*] +# (Optional) List of memcache servers +# Defaults to hiera('memcached_node_ips') # -# [*ceilometer_enabled*] -# Whether the ceilometer pipeline is enabled. -# Defaults to true +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') # class tripleo::profile::base::swift::proxy ( - $step = hiera('step'), - $memcache_servers = hiera('memcached_node_ips'), - $memcache_port = 11211, - $rabbit_hosts = hiera('rabbitmq_node_names', undef), - $rabbit_port = 5672, - $ceilometer_enabled = true, + $ceilometer_enabled = true, + $ceilometer_messaging_driver = hiera('messaging_service_name', 'rabbit'), + $ceilometer_messaging_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $ceilometer_messaging_password = hiera('swift::proxy::ceilometer::rabbit_password', undef), + $ceilometer_messaging_port = hiera('tripleo::profile::base::swift::proxy::rabbit_port', '5672'), + $ceilometer_messaging_use_ssl = '0', + $ceilometer_messaging_username = hiera('swift::proxy::ceilometer::rabbit_user', 'guest'), + $memcache_port = 11211, + $memcache_servers = hiera('memcached_node_ips'), + $step = hiera('step'), ) { if $step >= 4 { $swift_memcache_servers = suffix(any2array(normalize_ip_for_uri($memcache_servers)), ":${memcache_port}") @@ -68,10 +88,17 @@ class tripleo::profile::base::swift::proxy ( include ::swift::proxy::tempurl include ::swift::proxy::formpost include ::swift::proxy::bulk - $swift_rabbit_hosts = suffix(any2array($rabbit_hosts), ":${rabbit_port}") + $ceilometer_messaging_use_ssl_real = sprintf('%s', bool2num(str2bool($ceilometer_messaging_use_ssl))) if $ceilometer_enabled { class { '::swift::proxy::ceilometer': - rabbit_hosts => $swift_rabbit_hosts, + default_transport_url => os_transport_url({ + 'transport' => $ceilometer_messaging_driver, + 'hosts' => $ceilometer_messaging_hosts, + 'port' => sprintf('%s', $ceilometer_messaging_port), + 'username' => $ceilometer_messaging_username, + 'password' => $ceilometer_messaging_password, + 'ssl' => $ceilometer_messaging_use_ssl_real, + }), } } include ::swift::proxy::versioned_writes diff --git a/manifests/profile/base/tacker.pp b/manifests/profile/base/tacker.pp new file mode 100644 index 0000000..e9f6b77 --- /dev/null +++ b/manifests/profile/base/tacker.pp @@ -0,0 +1,86 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::tacker +# +# Tacker server profile for tripleo +# +# === Parameters +# +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# +# [*messaging_driver*] +# Driver for messaging service. +# Defaults to hiera('messaging_service_name', 'rabbit') +# +# [*messaging_hosts*] +# list of the messaging host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*messaging_password*] +# Password for messaging nova queue +# Defaults to hiera('nova::rabbit_password') +# +# [*messaging_port*] +# IP port for messaging service +# Defaults to hiera('nova::rabbit_port', 5672) +# +# [*messaging_username*] +# Username for messaging nova queue +# Defaults to hiera('nova::rabbit_userid', 'guest') +# +# [*messaging_use_ssl*] +# Flag indicating ssl usage. +# Defaults to hiera('nova::rabbit_use_ssl', '0') +# +# [*step*] +# (Optional) The current step of the deployment +# Defaults to hiera('step') + +class tripleo::profile::base::tacker ( + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $messaging_driver = hiera('messaging_service_name', 'rabbit'), + $messaging_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $messaging_password = hiera('tacker::rabbit_password'), + $messaging_port = hiera('tacker::rabbit_port', '5672'), + $messaging_username = hiera('tacker::rabbit_userid', 'guest'), + $messaging_use_ssl = hiera('tacker::rabbit_use_ssl', '0'), + $step = hiera('step'), +) { + if $::hostname == downcase($bootstrap_node) { + $sync_db = true + } else { + $sync_db = false + } + + if $step >= 4 or ($step >= 3 and $sync_db){ + $messaging_use_ssl_real = sprintf('%s', bool2num(str2bool($messaging_use_ssl))) + class { '::tacker': + sync_db => $sync_db, + default_transport_url => os_transport_url({ + 'transport' => $messaging_driver, + 'hosts' => $messaging_hosts, + 'port' => sprintf('%s', $messaging_port), + 'username' => $messaging_username, + 'password' => $messaging_password, + 'ssl' => $messaging_use_ssl_real, + }), + } + + include ::tacker::server + include ::tacker::db + } +} diff --git a/manifests/profile/pacemaker/ceph/rbdmirror.pp b/manifests/profile/pacemaker/ceph/rbdmirror.pp new file mode 100644 index 0000000..4066225 --- /dev/null +++ b/manifests/profile/pacemaker/ceph/rbdmirror.pp @@ -0,0 +1,98 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::pacemaker::ceph::rbdmirror +# +# Ceph RBD mirror Pacemaker profile for tripleo +# +# === Parameters +# +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('ceph_rbdmirror_bootstrap_short_node_name') +# +# [*client_name*] +# (Optional) Name assigned to the RBD mirror client +# Defaults to 'rbd-mirror' +# +# [*pcs_tries*] +# (Optional) The number of times pcs commands should be retried. +# Defaults to hiera('pcs_tries', 20) +# +# [*stack_action*] +# (Optional) Action executed on the stack. See tripleo-heat-templates +# for more details. +# Defaults to hiera('stack_action') +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::pacemaker::ceph::rbdmirror ( + $bootstrap_node = hiera('ceph_rbdmirror_short_bootstrap_node_name'), + $client_name = 'openstack', + $pcs_tries = hiera('pcs_tries', 20), + $stack_action = hiera('stack_action'), + $step = hiera('step'), +) { + Service <| tag == 'ceph-rbd-mirror' |> { + hasrestart => true, + restart => '/bin/true', + start => '/bin/true', + stop => '/bin/true', + } + + if $::hostname == downcase($bootstrap_node) { + $pacemaker_master = true + } else { + $pacemaker_master = false + } + + include ::tripleo::profile::base::ceph + + if $step >= 2 { + pacemaker::property { 'ceph-rbdmirror-role-node-property': + property => 'ceph-rbdmirror-role', + value => true, + tries => $pcs_tries, + node => $::hostname, + } + } + + if $step >= 3 { + require ::ceph::profile::client + ceph::mirror { $client_name: + rbd_mirror_enable => false, + rbd_mirror_ensure => 'stopped', + } -> + pacemaker::resource::service { "ceph-rbd-mirror_${client_name}": + # NOTE(gfidente): systemd uses the @ sign but it is an invalid + # character in a pcmk resource name, so we need to use it only + # for the name of the service + service_name => "ceph-rbd-mirror@${client_name}", + tries => $pcs_tries, + location_rule => { + resource_discovery => 'exclusive', + score => 0, + expression => ['ceph-rbdmirror-role eq true'], + } + } + } + + if $step >= 3 and $pacemaker_master and $stack_action == 'UPDATE' { + Ceph_config<||> ~> Tripleo::Pacemaker::Resource_restart_flag["ceph-rbd-mirror@${client_name}"] + tripleo::pacemaker::resource_restart_flag { "ceph-rbd-mirror@${client_name}": } + } +} diff --git a/manifests/profile/pacemaker/cinder/backup.pp b/manifests/profile/pacemaker/cinder/backup.pp index 4e33a34..ff0d8c9 100644 --- a/manifests/profile/pacemaker/cinder/backup.pp +++ b/manifests/profile/pacemaker/cinder/backup.pp @@ -27,9 +27,14 @@ # for more details. # Defaults to hiera('step') # +# [*pcs_tries*] +# (Optional) The number of times pcs commands should be retried. +# Defaults to hiera('pcs_tries', 20) +# class tripleo::profile::pacemaker::cinder::backup ( $bootstrap_node = hiera('cinder_backup_short_bootstrap_node_name'), $step = hiera('step'), + $pcs_tries = hiera('pcs_tries', 20), ) { Service <| tag == 'cinder::backup' |> { @@ -47,6 +52,15 @@ class tripleo::profile::pacemaker::cinder::backup ( include ::tripleo::profile::base::cinder::backup + if $step >= 2 { + pacemaker::property { 'cinder-backup-role-node-property': + property => 'cinder-backup-role', + value => true, + tries => $pcs_tries, + node => $::hostname, + } + } + if $step >= 3 and $pacemaker_master and hiera('stack_action') == 'UPDATE' { Cinder_config<||> ~> @@ -55,7 +69,13 @@ class tripleo::profile::pacemaker::cinder::backup ( if $step >= 5 and $pacemaker_master { pacemaker::resource::service { $::cinder::params::backup_service : - op_params => 'start timeout=200s stop timeout=200s', + op_params => 'start timeout=200s stop timeout=200s', + tries => $pcs_tries, + location_rule => { + resource_discovery => 'exclusive', + score => 0, + expression => ['cinder-backup-role eq true'], + } } } diff --git a/manifests/profile/pacemaker/cinder/volume.pp b/manifests/profile/pacemaker/cinder/volume.pp index b03a1f4..0d6a598 100644 --- a/manifests/profile/pacemaker/cinder/volume.pp +++ b/manifests/profile/pacemaker/cinder/volume.pp @@ -27,9 +27,14 @@ # for more details. # Defaults to hiera('step') # +# [*pcs_tries*] +# (Optional) The number of times pcs commands should be retried. +# Defaults to hiera('pcs_tries', 20) +# class tripleo::profile::pacemaker::cinder::volume ( $bootstrap_node = hiera('cinder_volume_short_bootstrap_node_name'), $step = hiera('step'), + $pcs_tries = hiera('pcs_tries', 20), ) { Service <| tag == 'cinder::volume' |> { hasrestart => true, @@ -46,6 +51,15 @@ class tripleo::profile::pacemaker::cinder::volume ( include ::tripleo::profile::base::cinder::volume + if $step >= 2 { + pacemaker::property { 'cinder-volume-role-node-property': + property => 'cinder-volume-role', + value => true, + tries => $pcs_tries, + node => $::hostname, + } + } + if $step >= 3 and $pacemaker_master and hiera('stack_action') == 'UPDATE' { Cinder_api_paste_ini<||> ~> Tripleo::Pacemaker::Resource_restart_flag["${::cinder::params::volume_service}"] Cinder_config<||> ~> Tripleo::Pacemaker::Resource_restart_flag["${::cinder::params::volume_service}"] @@ -54,7 +68,13 @@ class tripleo::profile::pacemaker::cinder::volume ( if $step >= 5 and $pacemaker_master { pacemaker::resource::service { $::cinder::params::volume_service : - op_params => 'start timeout=200s stop timeout=200s', + op_params => 'start timeout=200s stop timeout=200s', + tries => $pcs_tries, + location_rule => { + resource_discovery => 'exclusive', + score => 0, + expression => ['cinder-volume-role eq true'], + } } } diff --git a/manifests/profile/pacemaker/database/mysql.pp b/manifests/profile/pacemaker/database/mysql.pp index 3506cb1..6a83f10 100644 --- a/manifests/profile/pacemaker/database/mysql.pp +++ b/manifests/profile/pacemaker/database/mysql.pp @@ -36,11 +36,16 @@ # for more details. # Defaults to hiera('step') # +# [*pcs_tries*] +# (Optional) The number of times pcs commands should be retried. +# Defaults to hiera('pcs_tries', 20) +# class tripleo::profile::pacemaker::database::mysql ( $bootstrap_node = hiera('mysql_short_bootstrap_node_name'), $bind_address = $::hostname, $gmcast_listen_addr = hiera('mysql_bind_host'), $step = hiera('step'), + $pcs_tries = hiera('pcs_tries', 20), ) { if $::hostname == downcase($bootstrap_node) { $pacemaker_master = true @@ -118,6 +123,12 @@ class tripleo::profile::pacemaker::database::mysql ( } if $step >= 2 { + pacemaker::property { 'galera-role-node-property': + property => 'galera-role', + value => true, + tries => $pcs_tries, + node => $::hostname, + } if $pacemaker_master { pacemaker::resource::ocf { 'galera' : ocf_agent_name => 'heartbeat:galera', @@ -125,7 +136,14 @@ class tripleo::profile::pacemaker::database::mysql ( master_params => '', meta_params => "master-max=${galera_nodes_count} ordered=true", resource_params => "additional_parameters='--open-files-limit=16384' enable_creation=true wsrep_cluster_address='gcomm://${galera_nodes}'", - require => Class['::mysql::server'], + tries => $pcs_tries, + location_rule => { + resource_discovery => 'exclusive', + score => 0, + expression => ['galera-role eq true'], + }, + require => [Class['::mysql::server'], + Pacemaker::Property['galera-role-node-property']], before => Exec['galera-ready'], } exec { 'galera-ready' : diff --git a/manifests/profile/pacemaker/database/redis.pp b/manifests/profile/pacemaker/database/redis.pp index 7490fa0..3ef6815 100644 --- a/manifests/profile/pacemaker/database/redis.pp +++ b/manifests/profile/pacemaker/database/redis.pp @@ -36,11 +36,16 @@ # for when redis is managed by pacemaker. Defaults to hiera('redis_file_limit') # or 10240 (default in redis systemd limits) # +# [*pcs_tries*] +# (Optional) The number of times pcs commands should be retried. +# Defaults to hiera('pcs_tries', 20) +# class tripleo::profile::pacemaker::database::redis ( $bootstrap_node = hiera('redis_short_bootstrap_node_name'), $enable_load_balancer = hiera('enable_load_balancer', true), $step = hiera('step'), $redis_file_limit = hiera('redis_file_limit', 10240), + $pcs_tries = hiera('pcs_tries', 20), ) { if $::hostname == downcase($bootstrap_node) { $pacemaker_master = true @@ -71,14 +76,29 @@ class tripleo::profile::pacemaker::database::redis ( } } - if $step >= 2 and $pacemaker_master { - pacemaker::resource::ocf { 'redis': - ocf_agent_name => 'heartbeat:redis', - master_params => '', - meta_params => 'notify=true ordered=true interleave=true', - resource_params => 'wait_last_known_master=true', - op_params => 'start timeout=200s stop timeout=200s', - require => Class['::redis'], + if $step >= 2 { + pacemaker::property { 'redis-role-node-property': + property => 'redis-role', + value => true, + tries => $pcs_tries, + node => $::hostname, + } + if $pacemaker_master { + pacemaker::resource::ocf { 'redis': + ocf_agent_name => 'heartbeat:redis', + master_params => '', + meta_params => 'notify=true ordered=true interleave=true', + resource_params => 'wait_last_known_master=true', + op_params => 'start timeout=200s stop timeout=200s', + tries => $pcs_tries, + location_rule => { + resource_discovery => 'exclusive', + score => 0, + expression => ['redis-role eq true'], + }, + require => [Class['::redis'], + Pacemaker::Property['redis-role-node-property']], + } } } } diff --git a/manifests/profile/pacemaker/haproxy.pp b/manifests/profile/pacemaker/haproxy.pp index b326761..f006f78 100644 --- a/manifests/profile/pacemaker/haproxy.pp +++ b/manifests/profile/pacemaker/haproxy.pp @@ -31,10 +31,15 @@ # for more details. # Defaults to hiera('step') # +# [*pcs_tries*] +# (Optional) The number of times pcs commands should be retried. +# Defaults to hiera('pcs_tries', 20) +# class tripleo::profile::pacemaker::haproxy ( $bootstrap_node = hiera('haproxy_short_bootstrap_node_name'), $enable_load_balancer = hiera('enable_load_balancer', true), $step = hiera('step'), + $pcs_tries = hiera('pcs_tries', 20), ) { include ::tripleo::profile::base::haproxy @@ -50,56 +55,90 @@ class tripleo::profile::pacemaker::haproxy ( } } - if $step >= 2 and $pacemaker_master and $enable_load_balancer { + if $step >= 2 and $enable_load_balancer { + pacemaker::property { 'haproxy-role-node-property': + property => 'haproxy-role', + value => true, + tries => $pcs_tries, + node => $::hostname, + } + if $pacemaker_master { + $haproxy_location_rule = { + resource_discovery => 'exclusive', + score => 0, + expression => ['haproxy-role eq true'], + } # FIXME: we should not have to access tripleo::haproxy class # parameters here to configure pacemaker VIPs. The configuration # of pacemaker VIPs could move into puppet-tripleo or we should # make use of less specific hiera parameters here for the settings. pacemaker::resource::service { 'haproxy': - op_params => 'start timeout=200s stop timeout=200s', - clone_params => true, + op_params => 'start timeout=200s stop timeout=200s', + clone_params => true, + location_rule => $haproxy_location_rule, + tries => $pcs_tries, + require => Pacemaker::Property['haproxy-role-node-property'], } $control_vip = hiera('controller_virtual_ip') tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_control_vip': - vip_name => 'control', - ip_address => $control_vip, + vip_name => 'control', + ip_address => $control_vip, + location_rule => $haproxy_location_rule, + pcs_tries => $pcs_tries, + require => Pacemaker::Property['haproxy-role-node-property'], } $public_vip = hiera('public_virtual_ip') tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_public_vip': - ensure => $public_vip and $public_vip != $control_vip, - vip_name => 'public', - ip_address => $public_vip, + ensure => $public_vip and $public_vip != $control_vip, + vip_name => 'public', + ip_address => $public_vip, + location_rule => $haproxy_location_rule, + pcs_tries => $pcs_tries, + require => Pacemaker::Property['haproxy-role-node-property'], } $redis_vip = hiera('redis_vip') tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_redis_vip': - ensure => $redis_vip and $redis_vip != $control_vip, - vip_name => 'redis', - ip_address => $redis_vip, + ensure => $redis_vip and $redis_vip != $control_vip, + vip_name => 'redis', + ip_address => $redis_vip, + location_rule => $haproxy_location_rule, + pcs_tries => $pcs_tries, + require => Pacemaker::Property['haproxy-role-node-property'], } $internal_api_vip = hiera('internal_api_virtual_ip') tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_internal_api_vip': - ensure => $internal_api_vip and $internal_api_vip != $control_vip, - vip_name => 'internal_api', - ip_address => $internal_api_vip, + ensure => $internal_api_vip and $internal_api_vip != $control_vip, + vip_name => 'internal_api', + ip_address => $internal_api_vip, + location_rule => $haproxy_location_rule, + pcs_tries => $pcs_tries, + require => Pacemaker::Property['haproxy-role-node-property'], } $storage_vip = hiera('storage_virtual_ip') tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_storage_vip': - ensure => $storage_vip and $storage_vip != $control_vip, - vip_name => 'storage', - ip_address => $storage_vip, + ensure => $storage_vip and $storage_vip != $control_vip, + vip_name => 'storage', + ip_address => $storage_vip, + location_rule => $haproxy_location_rule, + pcs_tries => $pcs_tries, + require => Pacemaker::Property['haproxy-role-node-property'], } $storage_mgmt_vip = hiera('storage_mgmt_virtual_ip') tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_storage_mgmt_vip': - ensure => $storage_mgmt_vip and $storage_mgmt_vip != $control_vip, - vip_name => 'storage_mgmt', - ip_address => $storage_mgmt_vip, + ensure => $storage_mgmt_vip and $storage_mgmt_vip != $control_vip, + vip_name => 'storage_mgmt', + ip_address => $storage_mgmt_vip, + location_rule => $haproxy_location_rule, + pcs_tries => $pcs_tries, + require => Pacemaker::Property['haproxy-role-node-property'], } + } } } diff --git a/manifests/profile/pacemaker/manila.pp b/manifests/profile/pacemaker/manila.pp index 547a86f..7bcf8d6 100644 --- a/manifests/profile/pacemaker/manila.pp +++ b/manifests/profile/pacemaker/manila.pp @@ -45,6 +45,10 @@ # for more details. # Defaults to hiera('step') # +# [*pcs_tries*] +# (Optional) The number of times pcs commands should be retried. +# Defaults to hiera('pcs_tries', 20) +# class tripleo::profile::pacemaker::manila ( $backend_generic_enabled = hiera('manila_backend_generic_enabled', false), $backend_netapp_enabled = hiera('manila_backend_netapp_enabled', false), @@ -52,6 +56,7 @@ class tripleo::profile::pacemaker::manila ( $ceph_mds_enabled = hiera('ceph_mds_enabled', false), $bootstrap_node = hiera('manila_share_short_bootstrap_node_name'), $step = hiera('step'), + $pcs_tries = hiera('pcs_tries', 20), ) { if $::hostname == downcase($bootstrap_node) { $pacemaker_master = true @@ -70,6 +75,15 @@ class tripleo::profile::pacemaker::manila ( include ::tripleo::profile::base::manila::share + if $step >= 2 { + pacemaker::property { 'manila-share-role-node-property': + property => 'manila-share-role', + value => true, + tries => $pcs_tries, + node => $::hostname, + } + } + if $step >= 4 { # manila generic: if $backend_generic_enabled { @@ -185,7 +199,13 @@ allow command \"auth get\", allow command \"auth get-or-create\"', # only manila-share is pacemaker managed, and in a/p pacemaker::resource::service { $::manila::params::share_service : - op_params => 'start timeout=200s stop timeout=200s', + op_params => 'start timeout=200s stop timeout=200s', + tries => $pcs_tries, + location_rule => { + resource_discovery => 'exclusive', + score => 0, + expression => ['manila-share-role eq true'], + }, } } diff --git a/manifests/profile/pacemaker/rabbitmq.pp b/manifests/profile/pacemaker/rabbitmq.pp index 85ebe34..f4b679a 100644 --- a/manifests/profile/pacemaker/rabbitmq.pp +++ b/manifests/profile/pacemaker/rabbitmq.pp @@ -41,11 +41,16 @@ # for more details. # Defaults to hiera('step') # +# [*pcs_tries*] +# (Optional) The number of times pcs commands should be retried. +# Defaults to hiera('pcs_tries', 20) +# class tripleo::profile::pacemaker::rabbitmq ( $bootstrap_node = hiera('rabbitmq_short_bootstrap_node_name'), $erlang_cookie = hiera('rabbitmq::erlang_cookie'), $user_ha_queues = hiera('rabbitmq::nr_ha_queues', 0), $rabbit_nodes = hiera('rabbitmq_node_names'), + $pcs_tries = hiera('pcs_tries', 20), $step = hiera('step'), ) { if $::hostname == downcase($bootstrap_node) { @@ -72,22 +77,37 @@ class tripleo::profile::pacemaker::rabbitmq ( } } - if $step >= 2 and $pacemaker_master { - include ::stdlib - # The default nr of ha queues is ceiling(N/2) - if $user_ha_queues == 0 { - $nr_rabbit_nodes = size($rabbit_nodes) - $nr_ha_queues = $nr_rabbit_nodes / 2 + ($nr_rabbit_nodes % 2) - } else { - $nr_ha_queues = $user_ha_queues + if $step >= 2 { + pacemaker::property { 'rabbitmq-role-node-property': + property => 'rabbitmq-role', + value => true, + tries => $pcs_tries, + node => $::hostname, } - pacemaker::resource::ocf { 'rabbitmq': - ocf_agent_name => 'heartbeat:rabbitmq-cluster', - resource_params => "set_policy='ha-all ^(?!amq\\.).* {\"ha-mode\":\"exactly\",\"ha-params\":${nr_ha_queues}}'", - clone_params => 'ordered=true interleave=true', - meta_params => 'notify=true', - op_params => 'start timeout=200s stop timeout=200s', - require => Class['::rabbitmq'], + if $pacemaker_master { + include ::stdlib + # The default nr of ha queues is ceiling(N/2) + if $user_ha_queues == 0 { + $nr_rabbit_nodes = size($rabbit_nodes) + $nr_ha_queues = $nr_rabbit_nodes / 2 + ($nr_rabbit_nodes % 2) + } else { + $nr_ha_queues = $user_ha_queues + } + pacemaker::resource::ocf { 'rabbitmq': + ocf_agent_name => 'heartbeat:rabbitmq-cluster', + resource_params => "set_policy='ha-all ^(?!amq\\.).* {\"ha-mode\":\"exactly\",\"ha-params\":${nr_ha_queues}}'", + clone_params => 'ordered=true interleave=true', + meta_params => 'notify=true', + op_params => 'start timeout=200s stop timeout=200s', + tries => $pcs_tries, + location_rule => { + resource_discovery => 'exclusive', + score => 0, + expression => ['rabbitmq-role eq true'], + }, + require => [Class['::rabbitmq'], + Pacemaker::Property['rabbitmq-role-node-property']], + } } } } diff --git a/metadata.json b/metadata.json index 308c63a..0db84c7 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "openstack-tripleo", - "version": "6.1.0", + "version": "6.2.0", "author": "OpenStack Contributors", "summary": "Puppet module for TripleO", "license": "Apache-2.0", diff --git a/releasenotes/notes/nova_cells_setup-2c3e3344d8adcc26.yaml b/releasenotes/notes/nova_cells_setup-2c3e3344d8adcc26.yaml new file mode 100644 index 0000000..79439b2 --- /dev/null +++ b/releasenotes/notes/nova_cells_setup-2c3e3344d8adcc26.yaml @@ -0,0 +1,3 @@ +--- +features: + - Configure the basic cells setup for Nova, now required in Ocata. diff --git a/releasenotes/notes/puppet-auditd-0f6cbd6a2d193aac.yaml b/releasenotes/notes/puppet-auditd-0f6cbd6a2d193aac.yaml new file mode 100644 index 0000000..9eb7c79 --- /dev/null +++ b/releasenotes/notes/puppet-auditd-0f6cbd6a2d193aac.yaml @@ -0,0 +1,4 @@ +--- +features: + - Adds the ability to manage auditd.service and enter audit.rules + diff --git a/releasenotes/source/conf.py b/releasenotes/source/conf.py index be2f5ce..5cc0c41 100644 --- a/releasenotes/source/conf.py +++ b/releasenotes/source/conf.py @@ -52,9 +52,9 @@ copyright = u'2016, Puppet TripleO Developers' # built documents. # # The short X.Y version. -version = '6.0.0' +version = '6.2.0' # The full version, including alpha/beta/rc tags. -release = '6.0.0' +release = '6.2.0' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. diff --git a/spec/classes/tripleo_profile_base_nova_api_spec.rb b/spec/classes/tripleo_profile_base_nova_api_spec.rb index 4aa7367..f930342 100644 --- a/spec/classes/tripleo_profile_base_nova_api_spec.rb +++ b/spec/classes/tripleo_profile_base_nova_api_spec.rb @@ -53,11 +53,8 @@ eos it { is_expected.to contain_class('tripleo::profile::base::nova::api') is_expected.to contain_class('tripleo::profile::base::nova') - #TODO(emilien): enable it again when it's fixed upstream in nova - # https://bugs.launchpad.net/tripleo/+bug/1649341 - # is_expected.to contain_class('nova::db::sync_cell_v2').with( - # :transport_url => 'rabbit://nova:foo@localhost:5672/?ssl=0') - # is_expected.to contain_class('nova::keystone::authtoken') + is_expected.to contain_class('nova::cell_v2::simple_setup') + is_expected.to contain_class('nova::keystone::authtoken') is_expected.to contain_class('nova::api') is_expected.to contain_class('nova::wsgi::apache_api') is_expected.to contain_class('nova::network::neutron') diff --git a/spec/classes/tripleo_profile_base_octavia_api_spec.rb b/spec/classes/tripleo_profile_base_octavia_api_spec.rb index d916a32..e94e00c 100644 --- a/spec/classes/tripleo_profile_base_octavia_api_spec.rb +++ b/spec/classes/tripleo_profile_base_octavia_api_spec.rb @@ -40,6 +40,9 @@ describe 'tripleo::profile::base::octavia::api' do class { 'octavia::db::mysql': password => 'some_password' } + class { 'octavia::keystone::authtoken': + password => 'some_password' + } eos end diff --git a/spec/classes/tripleo_profile_pacemaker_ceph_rbdmirror_spec.rp b/spec/classes/tripleo_profile_pacemaker_ceph_rbdmirror_spec.rp new file mode 100644 index 0000000..4df0a09 --- /dev/null +++ b/spec/classes/tripleo_profile_pacemaker_ceph_rbdmirror_spec.rp @@ -0,0 +1,64 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::pacemaker::ceph::rbdmirror' do + shared_examples_for 'tripleo::profile::pacemaker::ceph::rbdmirror' do + let (:pre_condition) do + <<-eof + class { '::tripleo::profile::base::ceph': + step => #{params[:step]} + } + eof + end + + context 'with step less than 3' do + let(:params) { { :step => 2 } } + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::ceph') + is_expected.to_not contain_class('ceph::mirror') + end + end + + context 'with step 3 and client_name' do + let(:params) { { + :step => 3, + :client_name => 'myname', + } } + + it 'should include rbdmirror configuration' do + is_expected.to contain_class('tripleo::profile::base::ceph') + is_expected.to contain_class('ceph::rbdmirror').with( + :rbd_mirror_enable => false, + :rbd_mirror_ensure => 'stopped', + ) + is_expected.to contain_class('pacemaker::resource::service') + end + end + + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::pacemaker::ceph::rbdmirror' + end + end +end diff --git a/spec/functions/ip_to_erl_format_spec.rb b/spec/functions/ip_to_erl_format_spec.rb new file mode 100644 index 0000000..b587164 --- /dev/null +++ b/spec/functions/ip_to_erl_format_spec.rb @@ -0,0 +1,11 @@ +require 'spec_helper' +require 'puppet' + +describe 'ip_to_erl_format' do + it { should run.with_params('192.168.2.1').and_return('{192,168,2,1}') } + it { should run.with_params('0.0.0.0').and_return('{0,0,0,0}') } + it { should run.with_params('5a40:79cf:8251:5dc5:1624:3c03:3c04:9ba8').and_return('{23104,31183,33361,24005,5668,15363,15364,39848}') } + it { should run.with_params('fe80::204:acff:fe17:bf38').and_return('{65152,0,0,0,516,44287,65047,48952}') } + it { should run.with_params('::1:2').and_return('{0,0,0,0,0,0,1,2}') } + it { should run.with_params('192.256.0.0').and_raise_error(IPAddr::InvalidAddressError) } +end |