summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--manifests/firewall.pp7
-rw-r--r--manifests/haproxy.pp49
-rw-r--r--manifests/profile/base/database/mysql.pp3
-rw-r--r--manifests/profile/base/keepalived.pp47
-rw-r--r--manifests/profile/base/keystone.pp43
-rw-r--r--manifests/profile/base/neutron/server.pp33
-rw-r--r--manifests/profile/base/panko.pp47
-rw-r--r--manifests/profile/base/panko/api.pp35
8 files changed, 225 insertions, 39 deletions
diff --git a/manifests/firewall.pp b/manifests/firewall.pp
index 3184cd3..8c6a53b 100644
--- a/manifests/firewall.pp
+++ b/manifests/firewall.pp
@@ -51,8 +51,6 @@ class tripleo::firewall(
$firewall_post_extras = {},
) {
- include ::stdlib
-
if $manage_firewall {
# Only purges IPv4 rules
@@ -79,14 +77,15 @@ class tripleo::firewall(
ensure_resource('class', 'tripleo::firewall::pre', {
'firewall_settings' => $firewall_pre_extras,
- 'stage' => 'setup',
})
ensure_resource('class', 'tripleo::firewall::post', {
- 'stage' => 'runtime',
'firewall_settings' => $firewall_post_extras,
})
+ Class['tripleo::firewall::pre'] -> Class['tripleo::firewall::post']
+ Service<||> -> Class['tripleo::firewall::post']
+
# Allow composable services to load their own custom
# example with Hiera.
# NOTE(dprince): In the future when we have a better hiera
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index 2cd69c5..2f3f062 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -19,10 +19,6 @@
#
# === Parameters:
#
-# [*keepalived*]
-# Whether to configure keepalived to manage the VIPs or not.
-# Defaults to true
-#
# [*haproxy_service_manage*]
# Will be passed as value for service_manage to HAProxy module.
# Defaults to true
@@ -182,6 +178,10 @@
# (optional) Enable or not Aodh API binding
# Defaults to hiera('aodh_api_enabled', false)
#
+# [*panko*]
+# (optional) Enable or not Panko API binding
+# Defaults to hiera('panko_api_enabled', false)
+#
# [*barbican*]
# (optional) Enable or not Barbican API binding
# Defaults to hiera('barbican_api_enabled', false)
@@ -371,6 +371,10 @@
# (optional) Specify the network opendaylight is running on.
# Defaults to hiera('opendaylight_api_network', undef)
#
+# [*panko_network*]
+# (optional) Specify the network panko is running on.
+# Defaults to hiera('panko_api_network', undef)
+#
# [*sahara_network*]
# (optional) Specify the network sahara is running on.
# Defaults to hiera('sahara_api_network', undef)
@@ -430,6 +434,8 @@
# 'nova_metadata_port' (Defaults to 8775)
# 'nova_novnc_port' (Defaults to 6080)
# 'nova_novnc_ssl_port' (Defaults to 13080)
+# 'panko_api_port' (Defaults to 8779)
+# 'panko_api_ssl_port' (Defaults to 13779)
# 'sahara_api_port' (Defaults to 8386)
# 'sahara_api_ssl_port' (Defaults to 13386)
# 'swift_proxy_port' (Defaults to 8080)
@@ -449,7 +455,6 @@
class tripleo::haproxy (
$controller_virtual_ip,
$public_virtual_ip,
- $keepalived = true,
$haproxy_service_manage = true,
$haproxy_global_maxconn = 20480,
$haproxy_default_maxconn = 4096,
@@ -482,6 +487,7 @@ class tripleo::haproxy (
$nova_novncproxy = hiera('nova_vnc_proxy_enabled', false),
$ceilometer = hiera('ceilometer_api_enabled', false),
$aodh = hiera('aodh_api_enabled', false),
+ $panko = hiera('panko_api_enabled', false),
$barbican = hiera('barbican_api_enabled', false),
$gnocchi = hiera('gnocchi_api_enabled', false),
$mistral = hiera('mistral_api_enabled', false),
@@ -527,6 +533,7 @@ class tripleo::haproxy (
$nova_metadata_network = hiera('nova_api_network', undef),
$nova_novncproxy_network = hiera('nova_vnc_proxy_network', undef),
$nova_osapi_network = hiera('nova_api_network', undef),
+ $panko_network = hiera('panko_api_network', undef),
$sahara_network = hiera('sahara_api_network', undef),
$swift_proxy_server_network = hiera('swift_proxy_network', undef),
$trove_network = hiera('trove_api_network', undef),
@@ -574,6 +581,8 @@ class tripleo::haproxy (
nova_metadata_port => 8775,
nova_novnc_port => 6080,
nova_novnc_ssl_port => 13080,
+ panko_api_port => 8779,
+ panko_api_ssl_port => 13779,
sahara_api_port => 8386,
sahara_api_ssl_port => 13386,
swift_proxy_port => 8080,
@@ -605,13 +614,6 @@ class tripleo::haproxy (
$controller_hosts_names_real = downcase(any2array(split($controller_hosts_names, ',')))
}
- # This code will be removed once we switch undercloud and overcloud to use both haproxy & keepalived roles.
- if $keepalived {
- include ::tripleo::keepalived
- # Make sure keepalive starts before haproxy.
- Class['::keepalived::service'] -> Class['::haproxy']
- }
-
# TODO(bnemec): When we have support for SSL on private and admin endpoints,
# have the haproxy stats endpoint use that certificate by default.
if $haproxy_stats_certificate {
@@ -784,6 +786,7 @@ class tripleo::haproxy (
service_port => $ports[neutron_api_port],
ip_addresses => hiera('neutron_api_node_ips', $controller_hosts_real),
server_names => hiera('neutron_api_node_names', $controller_hosts_names_real),
+ mode => 'http',
listen_options => {
'http-request' => [
'set-header X-Forwarded-Proto https if { ssl_fc }',
@@ -820,6 +823,7 @@ class tripleo::haproxy (
service_port => $ports[manila_api_port],
ip_addresses => hiera('manila_api_node_ips', $controller_hosts_real),
server_names => hiera('manila_api_node_names', $controller_hosts_names_real),
+ mode => 'http',
listen_options => {
'http-request' => [
'set-header X-Forwarded-Proto https if { ssl_fc }',
@@ -935,6 +939,7 @@ class tripleo::haproxy (
service_port => $ports[ceilometer_api_port],
ip_addresses => hiera('ceilometer_api_node_ips', $controller_hosts_real),
server_names => hiera('ceilometer_api_node_names', $controller_hosts_names_real),
+ mode => 'http',
listen_options => {
'http-request' => [
'set-header X-Forwarded-Proto https if { ssl_fc }',
@@ -953,6 +958,7 @@ class tripleo::haproxy (
service_port => $ports[aodh_api_port],
ip_addresses => hiera('aodh_api_node_ips', $controller_hosts_real),
server_names => hiera('aodh_api_node_names', $controller_hosts_names_real),
+ mode => 'http',
listen_options => {
'http-request' => [
'set-header X-Forwarded-Proto https if { ssl_fc }',
@@ -964,6 +970,24 @@ class tripleo::haproxy (
}
}
+ if $panko {
+ ::tripleo::haproxy::endpoint { 'panko':
+ public_virtual_ip => $public_virtual_ip,
+ internal_ip => hiera('panko_api_vip', $controller_virtual_ip),
+ service_port => $ports[panko_api_port],
+ ip_addresses => hiera('panko_api_node_ips', $controller_hosts_real),
+ server_names => hiera('panko_api_node_names', $controller_hosts_names_real),
+ listen_options => {
+ 'http-request' => [
+ 'set-header X-Forwarded-Proto https if { ssl_fc }',
+ 'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
+ },
+ public_ssl_port => $ports[panko_api_ssl_port],
+ service_network => $panko_network,
+ member_options => union($haproxy_member_options, $internal_tls_member_options),
+ }
+ }
+
if $barbican {
::tripleo::haproxy::endpoint { 'barbican':
public_virtual_ip => $public_virtual_ip,
@@ -984,6 +1008,7 @@ class tripleo::haproxy (
service_port => $ports[gnocchi_api_port],
ip_addresses => hiera('gnocchi_api_node_ips', $controller_hosts_real),
server_names => hiera('gnocchi_api_node_names', $controller_hosts_names_real),
+ mode => 'http',
listen_options => {
'http-request' => [
'set-header X-Forwarded-Proto https if { ssl_fc }',
diff --git a/manifests/profile/base/database/mysql.pp b/manifests/profile/base/database/mysql.pp
index 9da1456..8bef7c4 100644
--- a/manifests/profile/base/database/mysql.pp
+++ b/manifests/profile/base/database/mysql.pp
@@ -143,6 +143,9 @@ class tripleo::profile::base::database::mysql (
if hiera('trove_api_enabled', false) {
include ::trove::db::mysql
}
+ if hiera('panko_api_enabled', false) {
+ include ::panko::db::mysql
+ }
}
}
diff --git a/manifests/profile/base/keepalived.pp b/manifests/profile/base/keepalived.pp
index f2063d6..8dd03dc 100644
--- a/manifests/profile/base/keepalived.pp
+++ b/manifests/profile/base/keepalived.pp
@@ -27,13 +27,54 @@
# for more details.
# Defaults to hiera('step')
#
+# [*control_virtual_interface*]
+# (Optional) Interface specified for control plane network
+# Defaults to hiera('tripleo::keepalived::control_virtual_interface', false)
+#
+# [*control_virtual_ip*]
+# Virtual IP address used for control plane network
+# Defaults to hiera('tripleo::keepalived::controller_virtual_ip')
+#
+# [*public_virtual_interface*]
+# (Optional) Interface specified for public/external network
+# Defaults to hiera('tripleo::keepalived::public_virtual_interface', false)
+#
+# [*public_virtual_ip*]
+# Virtual IP address used for public/ network
+# Defaults to hiera('tripleo::keepalived::public_virtual_ip')
+#
class tripleo::profile::base::keepalived (
- $enable_load_balancer = hiera('enable_load_balancer', true),
- $step = hiera('step'),
+ $enable_load_balancer = hiera('enable_load_balancer', true),
+ $control_virtual_interface = hiera('tripleo::keepalived::control_virtual_interface', false),
+ $control_virtual_ip = hiera('tripleo::keepalived::controller_virtual_ip'),
+ $public_virtual_interface = hiera('tripleo::keepalived::public_virtual_interface', false),
+ $public_virtual_ip = hiera('tripleo::keepalived::public_virtual_ip'),
+ $step = hiera('step'),
) {
if $step >= 1 {
if $enable_load_balancer and hiera('enable_keepalived', true){
- include ::tripleo::keepalived
+ if ! $control_virtual_interface {
+ $control_detected_interface = interface_for_ip($control_virtual_ip)
+ if ! $control_detected_interface {
+ fail('Unable to find interface for control plane network')
+ }
+ } else {
+ $control_detected_interface = $control_virtual_interface
+ }
+
+ if ! $public_virtual_interface {
+ $public_detected_interface = interface_for_ip($public_virtual_ip)
+ if ! $public_detected_interface {
+ fail('Unable to find interface for public network')
+ }
+ } else {
+ $public_detected_interface = $public_virtual_interface
+ }
+
+ class { '::tripleo::keepalived':
+ control_virtual_interface => $control_detected_interface,
+ public_virtual_interface => $public_detected_interface,
+ }
}
}
}
diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp
index 699e3c0..ff8d790 100644
--- a/manifests/profile/base/keystone.pp
+++ b/manifests/profile/base/keystone.pp
@@ -51,6 +51,22 @@
# creates the certificates.
# Defaults to hiera('generate_service_certificate', false).
#
+# [*heat_admin_domain*]
+# domain name for heat admin
+# Defaults to undef
+#
+# [*heat_admin_email*]
+# heat admin email address
+# Defaults to undef
+#
+# [*heat_admin_password*]
+# heat admin password
+# Defaults to undef
+#
+# [*heat_admin_user*]
+# heat admin user name
+# Defaults to undef
+#
# [*manage_db_purge*]
# (Optional) Whether keystone token flushing should be enabled
# Defaults to hiera('keystone_enable_db_purge', true)
@@ -74,37 +90,21 @@
# for more details.
# Defaults to hiera('step')
#
-# [*heat_admin_domain*]
-# domain name for heat admin
-# Defaults to undef
-#
-# [*heat_admin_user*]
-# heat admin user name
-# Defaults to undef
-#
-# [*heat_admin_email*]
-# heat admin email address
-# Defaults to undef
-#
-# [*heat_admin_password*]
-# heat admin password
-# Defaults to undef
-#
class tripleo::profile::base::keystone (
$admin_endpoint_network = hiera('keystone_admin_api_network', undef),
$bootstrap_node = hiera('bootstrap_nodeid', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$generate_service_certificates = hiera('generate_service_certificates', false),
+ $heat_admin_domain = undef,
+ $heat_admin_email = undef,
+ $heat_admin_password = undef,
+ $heat_admin_user = undef,
$manage_db_purge = hiera('keystone_enable_db_purge', true),
$public_endpoint_network = hiera('keystone_public_api_network', undef),
$rabbit_hosts = hiera('rabbitmq_node_ips', undef),
$rabbit_port = hiera('keystone::rabbit_port', 5672),
$step = hiera('step'),
- $heat_admin_domain = undef,
- $heat_admin_user = undef,
- $heat_admin_email = undef,
- $heat_admin_password = undef,
) {
if $::hostname == downcase($bootstrap_node) {
$sync_db = true
@@ -236,6 +236,9 @@ class tripleo::profile::base::keystone (
if hiera('nova_api_enabled', false) {
include ::nova::keystone::auth
}
+ if hiera('panko_api_enabled', false) {
+ include ::panko::keystone::auth
+ }
if hiera('sahara_api_enabled', false) {
include ::sahara::keystone::auth
}
diff --git a/manifests/profile/base/neutron/server.pp b/manifests/profile/base/neutron/server.pp
index 82c2d5f..4667ae2 100644
--- a/manifests/profile/base/neutron/server.pp
+++ b/manifests/profile/base/neutron/server.pp
@@ -27,9 +27,30 @@
# for more details.
# Defaults to hiera('step')
#
+# [*l3_ha_override*]
+# (Optional) Override the calculated value for neutron::server::l3_ha
+# by default this is calculated to enable when DVR is not enabled
+# and the number of nodes running neutron api is more than one.
+# Defaults to '' which aligns with the t-h-t default, and means use
+# the calculated value. Other possible values are 'true' or 'false'
+#
+# [*l3_nodes*]
+# (Optional) List of nodes running the l3 agent, used when no override
+# is passed to l3_ha_override to calculate enabling l3 HA.
+# Defaults to hiera('neutron_l3_short_node_names') or []
+# (we need to default neutron_l3_short_node_names to an empty list
+# because some neutron backends disable the l3 agent)
+#
+# [*dvr_enabled*]
+# (Optional) Is dvr enabled, used when no override is passed to
+# l3_ha_override to calculate enabling l3 HA.
+# Defaults to hiera('neutron::server::router_distributed') or false
class tripleo::profile::base::neutron::server (
$bootstrap_node = hiera('bootstrap_nodeid', undef),
$step = hiera('step'),
+ $l3_ha_override = '',
+ $l3_nodes = hiera('neutron_l3_short_node_names', []),
+ $dvr_enabled = hiera('neutron::server::router_distributed', false)
) {
if $::hostname == downcase($bootstrap_node) {
$sync_db = true
@@ -39,6 +60,16 @@ class tripleo::profile::base::neutron::server (
include ::tripleo::profile::base::neutron
+ # Calculate neutron::server::l3_ha based on the number of API nodes
+ # combined with if DVR is enabled.
+ if $l3_ha_override != '' {
+ $l3_ha = str2bool($l3_ha_override)
+ } elsif ! str2bool($dvr_enabled) {
+ $l3_ha = size($l3_nodes) > 1
+ } else {
+ $l3_ha = false
+ }
+
# We start neutron-server on the bootstrap node first, because
# it will try to populate tables and we need to make sure this happens
# before it starts on other nodes
@@ -48,12 +79,14 @@ class tripleo::profile::base::neutron::server (
# to true
class { '::neutron::server':
sync_db => $sync_db,
+ l3_ha => $l3_ha,
}
}
if $step >= 5 and !$sync_db {
include ::neutron::server::notifications
class { '::neutron::server':
sync_db => $sync_db,
+ l3_ha => $l3_ha,
}
}
}
diff --git a/manifests/profile/base/panko.pp b/manifests/profile/base/panko.pp
new file mode 100644
index 0000000..4abed56
--- /dev/null
+++ b/manifests/profile/base/panko.pp
@@ -0,0 +1,47 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::panko
+#
+# panko profile for tripleo
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+
+class tripleo::profile::base::panko (
+ $step = hiera('step'),
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+) {
+
+ if $::hostname == downcase($bootstrap_node) {
+ $sync_db = true
+ } else {
+ $sync_db = false
+ }
+
+ if $step >= 4 or ($step >= 3 and $sync_db) {
+ include ::panko
+ include ::panko::config
+ include ::panko::db::sync
+ }
+
+}
diff --git a/manifests/profile/base/panko/api.pp b/manifests/profile/base/panko/api.pp
new file mode 100644
index 0000000..32dfc38
--- /dev/null
+++ b/manifests/profile/base/panko/api.pp
@@ -0,0 +1,35 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::panko::api
+#
+# Panko API profile for tripleo
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::panko::api (
+ $step = hiera('step'),
+) {
+ include ::tripleo::profile::base::panko
+
+ if $step >= 4 {
+ include ::panko::api
+ include ::panko::wsgi::apache
+ }
+}