diff options
25 files changed, 1443 insertions, 122 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index eab7cc9..c4d018d 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -89,10 +89,22 @@ # When set, enables SSL on the public API endpoints using the specified file. # Defaults to undef # -# [*internal_certificate*] -# Filename of an HAProxy-compatible certificate and key file -# When set, enables SSL on the internal API endpoints using the specified file. -# Defaults to undef +# [*use_internal_certificates*] +# Flag that indicates if we'll use an internal certificate for this specific +# service. When set, enables SSL on the internal API endpoints using the file +# that certmonger is tracking; this is derived from the network the service is +# listening on. +# Defaults to false +# +# [*internal_certificates_specs*] +# A hash that should contain the specs that were used to create the +# certificates. As the name indicates, only the internal certificates will be +# fetched from here. And the keys should follow the following pattern +# "haproxy-<network name>". The network name should be as it was defined in +# tripleo-heat-templates. +# Note that this is only taken into account if the $use_internal_certificates +# flag is set. +# Defaults to {} # # [*ssl_cipher_suite*] # The default string describing the list of cipher algorithms ("cipher suite") @@ -242,6 +254,106 @@ # (optional) Enable or not Zaqar Websockets binding # Defaults to false # +# [*aodh_network*] +# (optional) Specify the network aodh is running on. +# Defaults to hiera('aodh_api_network', undef) +# +# [*ceilometer_network*] +# (optional) Specify the network ceilometer is running on. +# Defaults to hiera('ceilometer_api_network', undef) +# +# [*ceph_rgw_network*] +# (optional) Specify the network ceph_rgw is running on. +# Defaults to hiera('ceph_rgw_network', undef) +# +# [*cinder_network*] +# (optional) Specify the network cinder is running on. +# Defaults to hiera('cinder_api_network', undef) +# +# [*glance_api_network*] +# (optional) Specify the network glance_api is running on. +# Defaults to hiera('glance_api_network', undef) +# +# [*glance_registry_network*] +# (optional) Specify the network glance_registry is running on. +# Defaults to hiera('glance_registry_network', undef) +# +# [*gnocchi_network*] +# (optional) Specify the network gnocchi is running on. +# Defaults to hiera('gnocchi_api_network', undef) +# +# [*heat_api_network*] +# (optional) Specify the network heat_api is running on. +# Defaults to hiera('heat_api_network', undef) +# +# [*heat_cfn_network*] +# (optional) Specify the network heat_cfn is running on. +# Defaults to hiera('heat_api_cfn_network', undef) +# +# [*heat_cloudwatch_network*] +# (optional) Specify the network heat_cloudwatch is running on. +# Defaults to hiera('heat_api_cloudwatch_network', undef) +# +# [*ironic_inspector_network*] +# (optional) Specify the network ironic_inspector is running on. +# Defaults to hiera('ironic_inspector_network', undef) +# +# [*ironic_network*] +# (optional) Specify the network ironic is running on. +# Defaults to hiera('ironic_api_network', undef) +# +# [*keystone_admin_network*] +# (optional) Specify the network keystone_admin is running on. +# Defaults to hiera('keystone_network', undef) +# +# [*keystone_public_network*] +# (optional) Specify the network keystone_public is running on. +# Defaults to hiera('keystone_network', undef) +# +# [*manila_network*] +# (optional) Specify the network manila is running on. +# Defaults to hiera('manila_api_network', undef) +# +# [*mistral_network*] +# (optional) Specify the network mistral is running on. +# Defaults to hiera('mistral_api_network', undef) +# +# [*neutron_network*] +# (optional) Specify the network neutron is running on. +# Defaults to hiera('neutron_api_network', undef) +# +# [*nova_metadata_network*] +# (optional) Specify the network nova_metadata is running on. +# Defaults to hiera('nova_api_network', undef) +# +# [*nova_novncproxy_network*] +# (optional) Specify the network nova_novncproxy is running on. +# Defaults to hiera('nova_vncproxy_network', undef) +# +# [*nova_osapi_network*] +# (optional) Specify the network nova_osapi is running on. +# Defaults to hiera('nova_api_network', undef) +# +# [*opendaylight_network*] +# (optional) Specify the network opendaylight is running on. +# Defaults to hiera('opendaylight_api_network', undef) +# +# [*sahara_network*] +# (optional) Specify the network sahara is running on. +# Defaults to hiera('sahara_api_network', undef) +# +# [*swift_proxy_server_network*] +# (optional) Specify the network swift_proxy_server is running on. +# Defaults to hiera('swift_proxy_network', undef) +# +# [*trove_network*] +# (optional) Specify the network trove is running on. +# Defaults to hiera('trove_api_network', undef) +# +# [*zaqar_api_network*] +# (optional) Specify the network zaqar_api is running on. +# Defaults to hiera('zaqar_api_network', undef) +# # [*service_ports*] # (optional) Hash that contains the values to override from the service ports # The available keys to modify the services' ports are: @@ -300,57 +412,82 @@ class tripleo::haproxy ( $controller_virtual_ip, $public_virtual_ip, - $keepalived = true, - $haproxy_service_manage = true, - $haproxy_global_maxconn = 20480, - $haproxy_default_maxconn = 4096, - $haproxy_default_timeout = [ 'http-request 10s', 'queue 1m', 'connect 10s', 'client 1m', 'server 1m', 'check 10s' ], - $haproxy_listen_bind_param = [ 'transparent' ], - $haproxy_member_options = [ 'check', 'inter 2000', 'rise 2', 'fall 5' ], - $haproxy_log_address = '/dev/log', - $haproxy_stats_user = 'admin', - $haproxy_stats_password = undef, - $controller_hosts = hiera('controller_node_ips'), - $controller_hosts_names = hiera('controller_node_names', undef), - $service_certificate = undef, - $internal_certificate = undef, - $ssl_cipher_suite = '!SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES', - $ssl_options = 'no-sslv3', - $haproxy_stats_certificate = undef, - $keystone_admin = hiera('keystone_enabled', false), - $keystone_public = hiera('keystone_enabled', false), - $neutron = hiera('neutron_api_enabled', false), - $cinder = hiera('cinder_api_enabled', false), - $manila = hiera('manila_api_enabled', false), - $sahara = hiera('sahara_api_enabled', false), - $trove = hiera('trove_api_enabled', false), - $glance_api = hiera('glance_api_enabled', false), - $glance_registry = hiera('glance_registry_enabled', false), - $nova_osapi = hiera('nova_api_enabled', false), - $nova_metadata = hiera('nova_api_enabled', false), - $nova_novncproxy = hiera('nova_vnc_proxy_enabled', false), - $ceilometer = hiera('ceilometer_api_enabled', false), - $aodh = hiera('aodh_api_enabled', false), - $gnocchi = hiera('gnocchi_api_enabled', false), - $mistral = hiera('mistral_api_enabled', false), - $swift_proxy_server = hiera('swift_proxy_enabled', false), - $heat_api = hiera('heat_api_enabled', false), - $heat_cloudwatch = hiera('heat_api_cloudwatch_enabled', false), - $heat_cfn = hiera('heat_api_cfn_enabled', false), - $horizon = hiera('horizon_enabled', false), - $ironic = hiera('ironic_api_enabled', false), - $ironic_inspector = hiera('ironic_inspector_enabled', false), - $mysql = hiera('mysql_enabled', false), - $mysql_clustercheck = false, - $rabbitmq = false, - $redis = hiera('redis_enabled', false), - $redis_password = undef, - $midonet_api = false, - $zaqar_api = hiera('zaqar_api_enabled', false), - $ceph_rgw = hiera('ceph_rgw_enabled', false), - $opendaylight = hiera('opendaylight_api_enabled', false), - $zaqar_ws = hiera('zaqar_api_enabled', false), - $service_ports = {} + $keepalived = true, + $haproxy_service_manage = true, + $haproxy_global_maxconn = 20480, + $haproxy_default_maxconn = 4096, + $haproxy_default_timeout = [ 'http-request 10s', 'queue 1m', 'connect 10s', 'client 1m', 'server 1m', 'check 10s' ], + $haproxy_listen_bind_param = [ 'transparent' ], + $haproxy_member_options = [ 'check', 'inter 2000', 'rise 2', 'fall 5' ], + $haproxy_log_address = '/dev/log', + $haproxy_stats_user = 'admin', + $haproxy_stats_password = undef, + $controller_hosts = hiera('controller_node_ips'), + $controller_hosts_names = hiera('controller_node_names', undef), + $service_certificate = undef, + $use_internal_certificates = false, + $internal_certificates_specs = {}, + $ssl_cipher_suite = '!SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES', + $ssl_options = 'no-sslv3', + $haproxy_stats_certificate = undef, + $keystone_admin = hiera('keystone_enabled', false), + $keystone_public = hiera('keystone_enabled', false), + $neutron = hiera('neutron_api_enabled', false), + $cinder = hiera('cinder_api_enabled', false), + $manila = hiera('manila_api_enabled', false), + $sahara = hiera('sahara_api_enabled', false), + $trove = hiera('trove_api_enabled', false), + $glance_api = hiera('glance_api_enabled', false), + $glance_registry = hiera('glance_registry_enabled', false), + $nova_osapi = hiera('nova_api_enabled', false), + $nova_metadata = hiera('nova_api_enabled', false), + $nova_novncproxy = hiera('nova_vnc_proxy_enabled', false), + $ceilometer = hiera('ceilometer_api_enabled', false), + $aodh = hiera('aodh_api_enabled', false), + $gnocchi = hiera('gnocchi_api_enabled', false), + $mistral = hiera('mistral_api_enabled', false), + $swift_proxy_server = hiera('swift_proxy_enabled', false), + $heat_api = hiera('heat_api_enabled', false), + $heat_cloudwatch = hiera('heat_api_cloudwatch_enabled', false), + $heat_cfn = hiera('heat_api_cfn_enabled', false), + $horizon = hiera('horizon_enabled', false), + $ironic = hiera('ironic_api_enabled', false), + $ironic_inspector = hiera('ironic_inspector_enabled', false), + $mysql = hiera('mysql_enabled', false), + $mysql_clustercheck = false, + $rabbitmq = false, + $redis = hiera('redis_enabled', false), + $redis_password = undef, + $midonet_api = false, + $zaqar_api = hiera('zaqar_api_enabled', false), + $ceph_rgw = hiera('ceph_rgw_enabled', false), + $opendaylight = hiera('opendaylight_api_enabled', false), + $zaqar_ws = hiera('zaqar_api_enabled', false), + $aodh_network = hiera('aodh_api_network', undef), + $ceilometer_network = hiera('ceilometer_api_network', undef), + $ceph_rgw_network = hiera('ceph_rgw_network', undef), + $cinder_network = hiera('cinder_api_network', undef), + $glance_api_network = hiera('glance_api_network', undef), + $glance_registry_network = hiera('glance_registry_network', undef), + $gnocchi_network = hiera('gnocchi_api_network', undef), + $heat_api_network = hiera('heat_api_network', undef), + $heat_cfn_network = hiera('heat_api_cfn_network', undef), + $heat_cloudwatch_network = hiera('heat_api_cloudwatch_network', undef), + $ironic_inspector_network = hiera('ironic_inspector_network', undef), + $ironic_network = hiera('ironic_api_network', undef), + $keystone_admin_network = hiera('keystone_admin_api_network', undef), + $keystone_public_network = hiera('keystone_public_api_network', undef), + $manila_network = hiera('manila_api_network', undef), + $mistral_network = hiera('mistral_api_network', undef), + $neutron_network = hiera('neutron_api_network', undef), + $nova_metadata_network = hiera('nova_api_network', undef), + $nova_novncproxy_network = hiera('nova_vnc_proxy_network', undef), + $nova_osapi_network = hiera('nova_api_network', undef), + $sahara_network = hiera('sahara_api_network', undef), + $swift_proxy_server_network = hiera('swift_proxy_network', undef), + $trove_network = hiera('trove_api_network', undef), + $zaqar_api_network = hiera('zaqar_api_network', undef), + $service_ports = {} ) { $default_service_ports = { aodh_api_port => 8042, @@ -506,10 +643,11 @@ class tripleo::haproxy ( } Tripleo::Haproxy::Endpoint { - haproxy_listen_bind_param => $haproxy_listen_bind_param, - member_options => $haproxy_member_options, - public_certificate => $service_certificate, - internal_certificate => $internal_certificate, + haproxy_listen_bind_param => $haproxy_listen_bind_param, + member_options => $haproxy_member_options, + public_certificate => $service_certificate, + use_internal_certificates => $use_internal_certificates, + internal_certificates_specs => $internal_certificates_specs, } $stats_base = ['enable', 'uri /'] @@ -541,6 +679,7 @@ class tripleo::haproxy ( 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], }, public_ssl_port => $ports[keystone_admin_api_ssl_port], + service_network => $keystone_admin_network, } } @@ -569,6 +708,7 @@ class tripleo::haproxy ( mode => 'http', listen_options => merge($keystone_listen_opts, $keystone_public_tls_listen_opts), public_ssl_port => $ports[keystone_public_api_ssl_port], + service_network => $keystone_public_network, } } @@ -580,6 +720,7 @@ class tripleo::haproxy ( ip_addresses => hiera('neutron_api_node_ips', $controller_hosts_real), server_names => hiera('neutron_api_node_names', $controller_hosts_names_real), public_ssl_port => $ports[neutron_api_ssl_port], + service_network => $neutron_network, } } @@ -597,6 +738,7 @@ class tripleo::haproxy ( 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], }, public_ssl_port => $ports[cinder_api_ssl_port], + service_network => $cinder_network, } } @@ -613,6 +755,7 @@ class tripleo::haproxy ( 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], }, public_ssl_port => $ports[manila_api_ssl_port], + service_network => $manila_network, } } @@ -624,6 +767,7 @@ class tripleo::haproxy ( ip_addresses => hiera('sahara_api_node_ips', $controller_hosts_real), server_names => hiera('sahara_api_node_names', $controller_hosts_names_real), public_ssl_port => $ports[sahara_api_ssl_port], + service_network => $sahara_network, } } @@ -635,6 +779,7 @@ class tripleo::haproxy ( ip_addresses => hiera('trove_api_node_ips', $controller_hosts_real), server_names => hiera('trove_api_node_names', $controller_hosts_names_real), public_ssl_port => $ports[trove_api_ssl_port], + service_network => $trove_network, } } @@ -652,15 +797,17 @@ class tripleo::haproxy ( 'set-header X-Forwarded-Proto https if { ssl_fc }', 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], }, + service_network => $glance_api_network, } } if $glance_registry { ::tripleo::haproxy::endpoint { 'glance_registry': - internal_ip => hiera('glance_registry_vip', $controller_virtual_ip), - service_port => $ports[glance_registry_port], - ip_addresses => hiera('glance_registry_node_ips', $controller_hosts_real), - server_names => hiera('glance_registry_node_names', $controller_hosts_names_real), + internal_ip => hiera('glance_registry_vip', $controller_virtual_ip), + service_port => $ports[glance_registry_port], + ip_addresses => hiera('glance_registry_node_ips', $controller_hosts_real), + server_names => hiera('glance_registry_node_names', $controller_hosts_names_real), + service_network => $glance_registry_network, } } @@ -679,15 +826,17 @@ class tripleo::haproxy ( 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], }, public_ssl_port => $ports[nova_api_ssl_port], + service_network => $nova_osapi_network, } } if $nova_metadata { ::tripleo::haproxy::endpoint { 'nova_metadata': - internal_ip => hiera('nova_metadata_vip', $controller_virtual_ip), - service_port => $ports[nova_metadata_port], - ip_addresses => hiera('nova_metadata_node_ips', $controller_hosts_real), - server_names => hiera('nova_metadata_node_names', $controller_hosts_names_real), + internal_ip => hiera('nova_metadata_vip', $controller_virtual_ip), + service_port => $ports[nova_metadata_port], + ip_addresses => hiera('nova_metadata_node_ips', $controller_hosts_real), + server_names => hiera('nova_metadata_node_names', $controller_hosts_names_real), + service_network => $nova_metadata_network, } } @@ -703,6 +852,7 @@ class tripleo::haproxy ( 'timeout' => [ 'tunnel 1h' ], }, public_ssl_port => $ports[nova_novnc_ssl_port], + service_network => $nova_novncproxy_network, } } @@ -714,6 +864,7 @@ class tripleo::haproxy ( ip_addresses => hiera('ceilometer_api_node_ips', $controller_hosts_real), server_names => hiera('ceilometer_api_node_names', $controller_hosts_names_real), public_ssl_port => $ports[ceilometer_api_ssl_port], + service_network => $ceilometer_network, } } @@ -725,6 +876,7 @@ class tripleo::haproxy ( ip_addresses => hiera('aodh_api_node_ips', $controller_hosts_real), server_names => hiera('aodh_api_node_names', $controller_hosts_names_real), public_ssl_port => $ports[aodh_api_ssl_port], + service_network => $aodh_network, } } @@ -736,6 +888,7 @@ class tripleo::haproxy ( ip_addresses => hiera('gnocchi_api_node_ips', $controller_hosts_real), server_names => hiera('gnocchi_api_node_names', $controller_hosts_names_real), public_ssl_port => $ports[gnocchi_api_ssl_port], + service_network => $gnocchi_network, } } @@ -747,6 +900,7 @@ class tripleo::haproxy ( ip_addresses => hiera('mistral_api_node_ips', $controller_hosts_real), server_names => hiera('mistral_api_node_names', $controller_hosts_names_real), public_ssl_port => $ports[mistral_api_ssl_port], + service_network => $mistral_network, } } @@ -758,6 +912,7 @@ class tripleo::haproxy ( ip_addresses => hiera('swift_proxy_node_ips', $controller_hosts_real), server_names => hiera('swift_proxy_node_names', $controller_hosts_names_real), public_ssl_port => $ports[swift_proxy_ssl_port], + service_network => $swift_proxy_server_network, } } @@ -786,6 +941,7 @@ class tripleo::haproxy ( mode => 'http', listen_options => $heat_options, public_ssl_port => $ports[heat_api_ssl_port], + service_network => $heat_api_network, } } @@ -799,6 +955,7 @@ class tripleo::haproxy ( mode => 'http', listen_options => $heat_options, public_ssl_port => $ports[heat_cw_ssl_port], + service_network => $heat_cloudwatch_network, } } @@ -812,6 +969,7 @@ class tripleo::haproxy ( mode => 'http', listen_options => $heat_options, public_ssl_port => $ports[heat_cfn_ssl_port], + service_network => $heat_cfn_network, } } @@ -839,6 +997,7 @@ class tripleo::haproxy ( ip_addresses => hiera('ironic_api_node_ips', $controller_hosts_real), server_names => hiera('ironic_api_node_names', $controller_hosts_names_real), public_ssl_port => $ports[ironic_api_ssl_port], + service_network => $ironic_network, } } @@ -850,6 +1009,7 @@ class tripleo::haproxy ( ip_addresses => hiera('ironic_inspector_node_ips', $controller_hosts_real), server_names => hiera('ironic_inspector_node_names', $controller_hosts_names_real), public_ssl_port => $ports[ironic_inspector_ssl_port], + service_network => $ironic_inspector_network, } } @@ -960,6 +1120,7 @@ class tripleo::haproxy ( server_names => hiera('zaqar_api_node_names', $controller_hosts_names_real), mode => 'http', public_ssl_port => $ports[zaqar_api_ssl_port], + service_network => $zaqar_api_network, } } @@ -971,6 +1132,7 @@ class tripleo::haproxy ( ip_addresses => hiera('ceph_rgw_node_ips', $controller_hosts_real), server_names => hiera('ceph_rgw_node_names', $controller_hosts_names_real), public_ssl_port => $ports[ceph_rgw_ssl_port], + service_network => $ceph_rgw_network, } } @@ -1016,6 +1178,7 @@ class tripleo::haproxy ( 'timeout' => ['connect 5s', 'client 25s', 'server 25s', 'tunnel 3600s'], }, public_ssl_port => $ports[zaqar_ws_ssl_port], + service_network => $zaqar_api_network, } } } diff --git a/manifests/haproxy/endpoint.pp b/manifests/haproxy/endpoint.pp index b7403a4..4311049 100644 --- a/manifests/haproxy/endpoint.pp +++ b/manifests/haproxy/endpoint.pp @@ -64,9 +64,27 @@ # Certificate path used to enable TLS for the public proxy endpoint. # Defaults to undef. # -# [*internal_certificate*] -# Certificate path used to enable TLS for the internal proxy endpoint. -# Defaults to undef. +# [*use_internal_certificates*] +# Flag that indicates if we'll use an internal certificate for this specific +# service. When set, enables SSL on the internal API endpoints using the file +# that certmonger is tracking; this is derived from the network the service is +# listening on. +# Defaults to false +# +# [*internal_certificates_specs*] +# A hash that should contain the specs that were used to create the +# certificates. As the name indicates, only the internal certificates will be +# fetched from here. And the keys should follow the following pattern +# "haproxy-<network name>". The network name should be as it was defined in +# tripleo-heat-templates. +# Note that this is only taken into account if the $use_internal_certificates +# flag is set. +# Defaults to {} +# +# [*service_network*] +# (optional) Indicates the network that the service is running on. Used for +# fetching the certificate for that specific network. +# Defaults to undef # define tripleo::haproxy::endpoint ( $internal_ip, @@ -74,15 +92,17 @@ define tripleo::haproxy::endpoint ( $ip_addresses, $server_names, $member_options, - $public_virtual_ip = undef, - $mode = undef, - $haproxy_listen_bind_param = undef, - $listen_options = { + $public_virtual_ip = undef, + $mode = undef, + $haproxy_listen_bind_param = undef, + $listen_options = { 'option' => [], }, - $public_ssl_port = undef, - $public_certificate = undef, - $internal_certificate = undef, + $public_ssl_port = undef, + $public_certificate = undef, + $use_internal_certificates = false, + $internal_certificates_specs = {}, + $service_network = undef, ) { if $public_virtual_ip { # service exposed to the public network @@ -98,9 +118,17 @@ define tripleo::haproxy::endpoint ( $public_bind_opts = {} } - if $internal_certificate { + if $use_internal_certificates { + if !$service_network { + fail("The service_network for this service is undefined. Can't configure TLS for the internal network.") + } + # NOTE(jaosorior): The key of the internal_certificates_specs hash must + # must match the convention haproxy-<network name> or else this + # will fail. Futherly, it must contain the path that we'll use under + # 'service_pem'. + $internal_cert_path = $internal_certificates_specs["haproxy-${service_network}"]['service_pem'] $internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${service_port}"), - union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate])) + union($haproxy_listen_bind_param, ['ssl', 'crt', $internal_cert_path])) } else { $internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${service_port}"), $haproxy_listen_bind_param) } diff --git a/manifests/profile/base/ceilometer/collector.pp b/manifests/profile/base/ceilometer/collector.pp index e892478..443873f 100644 --- a/manifests/profile/base/ceilometer/collector.pp +++ b/manifests/profile/base/ceilometer/collector.pp @@ -27,9 +27,30 @@ # for more details. # Defaults to hiera('step') # +# [*ceilometer_backend*] +# (Optional) The ceilometer backend to use. +# Defaults to hiera('ceilometer_backend', 'mongodb') +# +# [*mongodb_ipv6*] +# (Optional) Flag to indicate if mongodb is using ipv6 +# Defaults to hiera('mongodb::server::ipv6', false) +# +# [*mongodb_node_ips*] +# (Optional) Array of mongodb node ip address. Required if backend is set +# to mongodb. +# Defaults to hiera('mongodb_node_ips', []) +# +# [*mongodb_replset*] +# (Optional) Replica set for mongodb. Required if backend is mongodb +# Defaults to hiera(''mongodb::server::replset', '') +# class tripleo::profile::base::ceilometer::collector ( - $bootstrap_node = hiera('bootstrap_nodeid', undef), - $step = hiera('step'), + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $step = hiera('step'), + $ceilometer_backend = hiera('ceilometer_backend', 'mongodb'), + $mongodb_ipv6 = hiera('mongodb::server::ipv6', false), + $mongodb_node_ips = hiera('mongodb_node_ips', []), + $mongodb_replset = hiera('mongodb::server::replset', undef) ) { if $::hostname == downcase($bootstrap_node) { $sync_db = true @@ -37,26 +58,6 @@ class tripleo::profile::base::ceilometer::collector ( $sync_db = false } - $ceilometer_backend = downcase(hiera('ceilometer_backend', 'mongodb')) - # MongoDB - if $ceilometer_backend == 'mongodb' { - # NOTE(gfidente): We need to pass the list of IPv6 addresses *with* port and - # without the brackets as 'members' argument for the 'mongodb_replset' - # resource. - if str2bool(hiera('mongodb::server::ipv6', false)) { - $mongo_node_ips_with_port_prefixed = prefix(hiera('mongodb_node_ips'), '[') - $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017') - $mongo_node_ips_with_port_nobr = suffix(hiera('mongodb_node_ips'), ':27017') - } else { - $mongo_node_ips_with_port = suffix(hiera('mongodb_node_ips'), ':27017') - $mongo_node_ips_with_port_nobr = suffix(hiera('mongodb_node_ips'), ':27017') - } - $mongo_node_string = join($mongo_node_ips_with_port, ',') - - $mongodb_replset = hiera('mongodb::server::replset') - $ceilometer_mongodb_conn_string = "mongodb://${mongo_node_string}/ceilometer?replicaSet=${mongodb_replset}" - } - include ::tripleo::profile::base::ceilometer if $step >= 3 and $sync_db { @@ -64,7 +65,28 @@ class tripleo::profile::base::ceilometer::collector ( } if $step >= 4 or ($step >= 3 and $sync_db) { - if $ceilometer_backend == 'mongodb' { + if downcase($ceilometer_backend) == 'mongodb' { + if empty($mongodb_node_ips) { + fail('Provided mongodb node ip addresses are empty') + } + if !$mongodb_replset { + fail('mongodb_replset is required when using mongodb') + } + # NOTE(gfidente): We need to pass the list of IPv6 addresses *with* port + # and without the brackets as 'members' argument for the 'mongodb_replset' + # resource. + if str2bool($mongodb_ipv6) { + $mongo_node_ips_with_port_prefixed = prefix($mongodb_node_ips, '[') + $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017') + $mongo_node_ips_with_port_nobr = suffix($mongodb_node_ips, ':27017') + } else { + $mongo_node_ips_with_port = suffix($mongodb_node_ips, ':27017') + $mongo_node_ips_with_port_nobr = suffix($mongodb_node_ips, ':27017') + } + $mongo_node_string = join($mongo_node_ips_with_port, ',') + + $ceilometer_mongodb_conn_string = "mongodb://${mongo_node_string}/ceilometer?replicaSet=${mongodb_replset}" + class { '::ceilometer::db' : database_connection => $ceilometer_mongodb_conn_string, } diff --git a/manifests/profile/base/ceph.pp b/manifests/profile/base/ceph.pp index 6ffd4ef..f4404e0 100644 --- a/manifests/profile/base/ceph.pp +++ b/manifests/profile/base/ceph.pp @@ -20,7 +20,7 @@ # # [*ceph_mon_initial_members*] # (Optional) List of IP addresses to use as mon_initial_members -# Defaults to hiera('ceph_mon_node_names') +# Defaults to hiera('ceph_mon_short_node_names') # # [*ceph_mon_host*] # (Optional) List of IP addresses to use as mon_host @@ -36,18 +36,23 @@ # Defaults to hiera('step') # class tripleo::profile::base::ceph ( - $ceph_mon_initial_members = hiera('ceph_mon_node_names', undef), + $ceph_mon_initial_members = hiera('ceph_mon_short_node_names', undef), $ceph_mon_host = hiera('ceph_mon_node_ips', '127.0.0.1'), $enable_ceph_storage = false, $step = hiera('step'), ) { + if ! $ceph_mon_initial_members { + $ceph_mon_initial_members_real = hiera('ceph_mon_node_names', undef) + } else { + $ceph_mon_initial_members_real = $ceph_mon_initial_members + } if $step >= 2 { - if $ceph_mon_initial_members { - if is_array($ceph_mon_initial_members) { - $mon_initial_members = downcase(join($ceph_mon_initial_members, ',')) + if $ceph_mon_initial_members_real { + if is_array($ceph_mon_initial_members_real) { + $mon_initial_members = downcase(join($ceph_mon_initial_members_real, ',')) } else { - $mon_initial_members = downcase($ceph_mon_initial_members) + $mon_initial_members = downcase($ceph_mon_initial_members_real) } } else { $mon_initial_members = undef diff --git a/manifests/profile/base/haproxy.pp b/manifests/profile/base/haproxy.pp index e018f36..afeb8c0 100644 --- a/manifests/profile/base/haproxy.pp +++ b/manifests/profile/base/haproxy.pp @@ -84,7 +84,9 @@ class tripleo::profile::base::haproxy ( Tripleo::Certmonger::Haproxy<||> ~> Haproxy::Listen<||> } - include ::tripleo::haproxy + class {'::tripleo::haproxy': + internal_certificates_specs => $certificates_specs, + } unless hiera('tripleo::haproxy::haproxy_service_manage', true) { # Reload HAProxy configuration if the haproxy class has refreshed or any diff --git a/manifests/profile/base/manila/api.pp b/manifests/profile/base/manila/api.pp index 1f78ab3..021fffd 100644 --- a/manifests/profile/base/manila/api.pp +++ b/manifests/profile/base/manila/api.pp @@ -18,6 +18,18 @@ # # === Parameters # +# [*backend_generic_enabled*] +# (Optional) Whether or not the generic backend is enabled +# Defaults to hiera('manila_backend_generic_enabled', false) +# +# [*backend_netapp_enabled*] +# (Optional) Whether or not the netapp backend is enabled +# Defaults to hiera('manila_backend_netapp_enabled', false) +# +# [*backend_cephfs_enabled*] +# (Optional) Whether or not the cephfs backend is enabled +# Defaults to hiera('manila_backend_cephfs_enabled', false) +# # [*bootstrap_node*] # (Optional) The hostname of the node responsible for bootstrapping tasks # Defaults to hiera('bootstrap_nodeid') @@ -28,8 +40,11 @@ # Defaults to hiera('step') class tripleo::profile::base::manila::api ( - $bootstrap_node = hiera('bootstrap_nodeid', undef), - $step = hiera('step'), + $backend_generic_enabled = hiera('manila_backend_generic_enabled', false), + $backend_netapp_enabled = hiera('manila_backend_netapp_enabled', false), + $backend_cephfs_enabled = hiera('manila_backend_cephfs_enabled', false), + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $step = hiera('step'), ) { if $::hostname == downcase($bootstrap_node) { $sync_db = true @@ -40,6 +55,20 @@ class tripleo::profile::base::manila::api ( include ::tripleo::profile::base::manila if $step >= 4 or ($step >= 3 and $sync_db) { - include ::manila::api + if $backend_generic_enabled or $backend_netapp_enabled { + $nfs_protocol = 'NFS' + $cifs_protocol = 'CIFS' + } else { + $nfs_protocol = undef + $cifs_protocol = undef + } + if $backend_cephfs_enabled { + $cephfs_protocol = 'CEPHFS' + } else { + $cephfs_protocol = undef + } + class { '::manila::api' : + enabled_share_protocols => join(delete_undef_values([$nfs_protocol,$cifs_protocol,$cephfs_protocol]), ',') + } } } diff --git a/manifests/profile/pacemaker/manila.pp b/manifests/profile/pacemaker/manila.pp index 5cbeb7f..8d6c2a7 100644 --- a/manifests/profile/pacemaker/manila.pp +++ b/manifests/profile/pacemaker/manila.pp @@ -18,6 +18,18 @@ # # === Parameters # +# [*backend_generic_enabled*] +# (Optional) Whether or not the generic backend is enabled +# Defaults to hiera('manila_backend_generic_enabled', false) +# +# [*backend_netapp_enabled*] +# (Optional) Whether or not the netapp backend is enabled +# Defaults to hiera('manila_backend_netapp_enabled', false) +# +# [*backend_cephfs_enabled*] +# (Optional) Whether or not the cephfs backend is enabled +# Defaults to hiera('manila_backend_cephfs_enabled', false) +# # [*bootstrap_node*] # (Optional) The hostname of the node responsible for bootstrapping tasks # Defaults to hiera('bootstrap_nodeid') @@ -28,8 +40,11 @@ # Defaults to hiera('step') # class tripleo::profile::pacemaker::manila ( - $bootstrap_node = hiera('bootstrap_nodeid'), - $step = hiera('step'), + $backend_generic_enabled = hiera('manila_backend_generic_enabled', false), + $backend_netapp_enabled = hiera('manila_backend_netapp_enabled', false), + $backend_cephfs_enabled = hiera('manila_backend_cephfs_enabled', false), + $bootstrap_node = hiera('bootstrap_nodeid'), + $step = hiera('step'), ) { if $::hostname == downcase($bootstrap_node) { $pacemaker_master = true @@ -52,8 +67,7 @@ class tripleo::profile::pacemaker::manila ( if $step >= 4 { # manila generic: - $manila_generic_enable = hiera('manila_generic_enable_backend', false) - if $manila_generic_enable { + if $backend_generic_enabled { $manila_generic_backend = hiera('manila::backend::generic::title') manila::backend::generic { $manila_generic_backend : driver_handles_share_servers => hiera('manila::backend::generic::driver_handles_share_servers', true), @@ -81,8 +95,7 @@ class tripleo::profile::pacemaker::manila ( } # manila cephfsnative: - $manila_cephfsnative_enable = hiera('manila::backend::cephfsnative::enable_backend', false) - if $manila_cephfsnative_enable { + if $backend_cephfs_enabled { $manila_cephfsnative_backend = hiera('manila::backend::cephfsnative::title') manila::backend::cephfsnative { $manila_cephfsnative_backend : driver_handles_share_servers => hiera('manila::backend::cephfsnative::driver_handles_share_servers', false), @@ -95,8 +108,7 @@ class tripleo::profile::pacemaker::manila ( } # manila netapp: - $manila_netapp_enable = hiera('manila_netapp_enable_backend', false) - if $manila_netapp_enable { + if $backend_netapp_enabled { $manila_netapp_backend = hiera('manila::backend::netapp::title') manila::backend::netapp { $manila_netapp_backend : driver_handles_share_servers => hiera('manila::backend::netapp::driver_handles_share_servers', true), diff --git a/metadata.json b/metadata.json index d28571b..1b135bd 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "openstack-tripleo", - "version": "5.2.0", + "version": "5.3.0", "author": "OpenStack Contributors", "summary": "Puppet module for TripleO", "license": "Apache-2.0", diff --git a/spec/classes/tripleo_profile_base_aodh_api_spec.rb b/spec/classes/tripleo_profile_base_aodh_api_spec.rb new file mode 100644 index 0000000..d1f0b6b --- /dev/null +++ b/spec/classes/tripleo_profile_base_aodh_api_spec.rb @@ -0,0 +1,74 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::aodh::api' do + shared_examples_for 'tripleo::profile::base::aodh::api' do + let(:pre_condition) do + "class { '::tripleo::profile::base::aodh': step => #{params[:step]}, rabbit_hosts => ['127.0.0.1'] }" + end + + context 'with step less than 4' do + let(:params) { { :step => 3 } } + + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::aodh::api') + is_expected.to contain_class('tripleo::profile::base::aodh') + is_expected.to_not contain_class('aodh::api') + is_expected.to_not contain_class('aodh::wsgi::apache') + is_expected.to_not contain_aodh_config('api/enable_combination_alarms') + end + end + + context 'with step 4' do + let(:params) { { + :step => 4, + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('aodh::api') + is_expected.to contain_class('aodh::wsgi::apache') + is_expected.to contain_aodh_config('api/enable_combination_alarms').with_value('false') + end + end + + context 'with step 4 and enable combo alarms' do + let(:params) { { + :step => 4, + :enable_combination_alarms => true + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('aodh::api') + is_expected.to contain_class('aodh::wsgi::apache') + is_expected.to contain_aodh_config('api/enable_combination_alarms').with_value('true') + end + end + + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::aodh::api' + end + end +end diff --git a/spec/classes/tripleo_profile_base_aodh_evaluator_spec.rb b/spec/classes/tripleo_profile_base_aodh_evaluator_spec.rb new file mode 100644 index 0000000..5ac7971 --- /dev/null +++ b/spec/classes/tripleo_profile_base_aodh_evaluator_spec.rb @@ -0,0 +1,59 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::aodh::evaluator' do + shared_examples_for 'tripleo::profile::base::aodh::evaluator' do + let(:pre_condition) do + "class { '::tripleo::profile::base::aodh': step => #{params[:step]}, rabbit_hosts => ['127.0.0.1'] }" + end + + context 'with step less than 4' do + let(:params) { { :step => 3 } } + + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::aodh::evaluator') + is_expected.to contain_class('tripleo::profile::base::aodh') + is_expected.to_not contain_class('aodh::evaluator') + end + end + + context 'with step 4' do + let(:params) { { + :step => 4, + } } + + it 'should trigger complete configuration' do + # TODO(aschultz): need to parameterize the pass/vip so we can test ipv6 + is_expected.to contain_class('aodh::evaluator').with( + :coordination_url => 'redis://:password@127.0.0.1:6379/' + ) + end + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::aodh::evaluator' + end + end +end diff --git a/spec/classes/tripleo_profile_base_aodh_listener_spec.rb b/spec/classes/tripleo_profile_base_aodh_listener_spec.rb new file mode 100644 index 0000000..da1305f --- /dev/null +++ b/spec/classes/tripleo_profile_base_aodh_listener_spec.rb @@ -0,0 +1,56 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::aodh::listener' do + shared_examples_for 'tripleo::profile::base::aodh::listener' do + let(:pre_condition) do + "class { '::tripleo::profile::base::aodh': step => #{params[:step]}, rabbit_hosts => ['127.0.0.1'] }" + end + + context 'with step less than 4' do + let(:params) { { :step => 3 } } + + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::aodh::listener') + is_expected.to contain_class('tripleo::profile::base::aodh') + is_expected.to_not contain_class('aodh::listener') + end + end + + context 'with step 4' do + let(:params) { { + :step => 4, + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('aodh::listener') + end + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::aodh::listener' + end + end +end diff --git a/spec/classes/tripleo_profile_base_aodh_notifier_spec.rb b/spec/classes/tripleo_profile_base_aodh_notifier_spec.rb new file mode 100644 index 0000000..1b74a68 --- /dev/null +++ b/spec/classes/tripleo_profile_base_aodh_notifier_spec.rb @@ -0,0 +1,56 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::aodh::notifier' do + shared_examples_for 'tripleo::profile::base::aodh::notifier' do + let(:pre_condition) do + "class { '::tripleo::profile::base::aodh': step => #{params[:step]}, rabbit_hosts => ['127.0.0.1'] }" + end + + context 'with step less than 4' do + let(:params) { { :step => 3 } } + + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::aodh::notifier') + is_expected.to contain_class('tripleo::profile::base::aodh') + is_expected.to_not contain_class('aodh::notifier') + end + end + + context 'with step 4' do + let(:params) { { + :step => 4, + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('aodh::notifier') + end + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::aodh::notifier' + end + end +end diff --git a/spec/classes/tripleo_profile_base_aodh_spec.rb b/spec/classes/tripleo_profile_base_aodh_spec.rb new file mode 100644 index 0000000..10c17eb --- /dev/null +++ b/spec/classes/tripleo_profile_base_aodh_spec.rb @@ -0,0 +1,94 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::aodh' do + shared_examples_for 'tripleo::profile::base::aodh' do + context 'with step less than 3' do + let(:params) { { :step => 1 } } + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::aodh') + is_expected.to_not contain_class('aodh') + is_expected.to_not contain_class('aodh::auth') + is_expected.to_not contain_class('aodh::config') + is_expected.to_not contain_class('aodh::client') + is_expected.to_not contain_class('aodh::db::sync') + end + end + + context 'with step 3 on bootstrap node' do + let(:params) { { + :step => 3, + :bootstrap_node => 'node.example.com', + :rabbit_hosts => ['127.0.0.1', '127.0.0.2'] + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('aodh').with( + :rabbit_hosts => params[:rabbit_hosts] + ) + is_expected.to contain_class('aodh::auth') + is_expected.to contain_class('aodh::config') + is_expected.to contain_class('aodh::client') + is_expected.to contain_class('aodh::db::sync') + end + end + + context 'with step 3 not on bootstrap node' do + let(:params) { { + :step => 3, + :bootstrap_node => 'soemthingelse.example.com' + } } + + it 'should not trigger any configuration' do + is_expected.to_not contain_class('aodh') + is_expected.to_not contain_class('aodh::auth') + is_expected.to_not contain_class('aodh::config') + is_expected.to_not contain_class('aodh::client') + is_expected.to_not contain_class('aodh::db::sync') + end + end + + context 'with step 4 on other node' do + let(:params) { { + :step => 4, + :bootstrap_node => 'somethingelse.example.com', + :rabbit_hosts => ['127.0.0.1', '127.0.0.2'] + } } + + it 'should trigger aodh configuration without mysql grant' do + is_expected.to contain_class('aodh').with( + :rabbit_hosts => params[:rabbit_hosts] + ) + is_expected.to contain_class('aodh::auth') + is_expected.to contain_class('aodh::config') + is_expected.to contain_class('aodh::client') + is_expected.to contain_class('aodh::db::sync') + end + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::aodh' + end + end +end diff --git a/spec/classes/tripleo_profile_base_ceilometer_api_spec.rb b/spec/classes/tripleo_profile_base_ceilometer_api_spec.rb new file mode 100644 index 0000000..256b756 --- /dev/null +++ b/spec/classes/tripleo_profile_base_ceilometer_api_spec.rb @@ -0,0 +1,57 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::ceilometer::api' do + shared_examples_for 'tripleo::profile::base::ceilometer::api' do + let(:pre_condition) do + "class { '::tripleo::profile::base::ceilometer': step => #{params[:step]}, rabbit_hosts => ['127.0.0.1'] }" + end + + context 'with step less than 4' do + let(:params) { { :step => 3 } } + + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::ceilometer::api') + is_expected.to_not contain_class('ceilometer::api') + is_expected.to_not contain_class('ceilometer::wsgi::apache') + end + end + + context 'with step 4' do + let(:params) { { + :step => 4, + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('ceilometer::api') + is_expected.to contain_class('ceilometer::wsgi::apache') + end + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::ceilometer::api' + end + end +end diff --git a/spec/classes/tripleo_profile_base_ceilometer_collector_spec.rb b/spec/classes/tripleo_profile_base_ceilometer_collector_spec.rb new file mode 100644 index 0000000..e262491 --- /dev/null +++ b/spec/classes/tripleo_profile_base_ceilometer_collector_spec.rb @@ -0,0 +1,138 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::ceilometer::collector' do + shared_examples_for 'tripleo::profile::base::ceilometer::collector' do + let(:pre_condition) do + "class { '::tripleo::profile::base::ceilometer': step => #{params[:step]}, rabbit_hosts => ['127.0.0.1'] }" + end + + context 'with step 3 on bootstrap node with mongodb' do + let(:params) { { + :step => 3, + :bootstrap_node => 'node.example.com', + :mongodb_node_ips => ['127.0.0.1',], + :mongodb_replset => 'replicaset' + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('tripleo::profile::base::ceilometer::collector') + is_expected.to contain_class('ceilometer::db::sync') + is_expected.to contain_class('ceilometer::db').with( + :database_connection => 'mongodb://127.0.0.1:27017/ceilometer?replicaSet=replicaset' + ) + end + end + + context 'with step 3 on bootstrap node with mongodb with ipv6' do + let(:params) { { + :step => 3, + :bootstrap_node => 'node.example.com', + :mongodb_ipv6 => true, + :mongodb_node_ips => ['::1','fe80::ca5b:76ff:fe4b:be3b'], + :mongodb_replset => 'replicaset' + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('tripleo::profile::base::ceilometer::collector') + is_expected.to contain_class('ceilometer::db::sync') + is_expected.to contain_class('ceilometer::db').with( + :database_connection => 'mongodb://[::1]:27017,[fe80::ca5b:76ff:fe4b:be3b]:27017/ceilometer?replicaSet=replicaset' + ) + end + end + + context 'with step 3 on bootstrap node without mongodb' do + let(:params) { { + :step => 3, + :bootstrap_node => 'node.example.com', + :ceilometer_backend => 'somethingelse', + :mongodb_node_ips => ['127.0.0.1',], + :mongodb_replset => 'replicaset' + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('tripleo::profile::base::ceilometer::collector') + is_expected.to contain_class('ceilometer::db::sync') + is_expected.to contain_class('ceilometer::db').without( + :database_connection => 'mongodb://127.0.0.1:27017/ceilometer?replicaSet=replicaset' + ) + end + end + + context 'with step 3 not on bootstrap node' do + let(:params) { { + :step => 3, + :bootstrap_node => 'soemthingelse.example.com' + } } + + it 'should not trigger any configuration' do + is_expected.to contain_class('tripleo::profile::base::ceilometer::collector') + is_expected.to_not contain_class('ceilometer::db') + end + end + + context 'with step 4 on bootstrap node' do + let(:params) { { + :step => 4, + :bootstrap_node => 'node.example.com', + :mongodb_node_ips => ['127.0.0.1',], + :mongodb_replset => 'replicaset' + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('ceilometer::db::sync') + is_expected.to contain_class('ceilometer::db').with( + :database_connection => 'mongodb://127.0.0.1:27017/ceilometer?replicaSet=replicaset' + ) + is_expected.to contain_class('ceilometer::collector') + is_expected.to contain_class('ceilometer::dispatcher::gnocchi') + end + end + + context 'with step 4 not on bootstrap node' do + let(:params) { { + :step => 4, + :bootstrap_node => 'somethingelse.example.com', + :mongodb_node_ips => ['127.0.0.1',], + :mongodb_replset => 'replicaset' + } } + + it 'should trigger complete configuration' do + #TODO(aschultz): LP#1629373 + #is_expected.to_not contain_class('ceilometer::db::sync') + is_expected.to contain_class('ceilometer::db').with( + :database_connection => 'mongodb://127.0.0.1:27017/ceilometer?replicaSet=replicaset' + ) + is_expected.to contain_class('ceilometer::collector') + is_expected.to contain_class('ceilometer::dispatcher::gnocchi') + end + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::ceilometer::collector' + end + end +end diff --git a/spec/classes/tripleo_profile_base_ceilometer_expirer_spec.rb b/spec/classes/tripleo_profile_base_ceilometer_expirer_spec.rb new file mode 100644 index 0000000..bbef431 --- /dev/null +++ b/spec/classes/tripleo_profile_base_ceilometer_expirer_spec.rb @@ -0,0 +1,58 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::ceilometer::expirer' do + shared_examples_for 'tripleo::profile::base::ceilometer::expirer' do + let(:pre_condition) do + "class { '::tripleo::profile::base::ceilometer': step => #{params[:step]}, rabbit_hosts => ['127.0.0.1'] }" + end + + context 'with step less than 4' do + let(:params) { { :step => 3 } } + + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::ceilometer::expirer') + is_expected.to_not contain_class('ceilometer::expirer') + end + end + + context 'with step 4' do + let(:params) { { + :step => 4, + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('ceilometer::expirer') + is_expected.to contain_cron('ceilometer-expirer').with( + :command => 'sleep $(($(od -A n -t d -N 3 /dev/urandom) % 86400)) && ceilometer-expirer' + ) + end + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::ceilometer::expirer' + end + end +end diff --git a/spec/classes/tripleo_profile_base_ceilometer_spec.rb b/spec/classes/tripleo_profile_base_ceilometer_spec.rb new file mode 100644 index 0000000..73fb41b --- /dev/null +++ b/spec/classes/tripleo_profile_base_ceilometer_spec.rb @@ -0,0 +1,55 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::ceilometer' do + shared_examples_for 'tripleo::profile::base::ceilometer' do + context 'with step less than 3' do + let(:params) { { :step => 1 } } + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::ceilometer') + is_expected.to_not contain_class('ceilometer') + is_expected.to_not contain_class('ceilometer::config') + end + end + + context 'with step 3' do + let(:params) { { + :step => 3, + :rabbit_hosts => ['127.0.0.1', '127.0.0.2'] + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('ceilometer').with( + :rabbit_hosts => params[:rabbit_hosts] + ) + is_expected.to contain_class('ceilometer::config') + end + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::ceilometer' + end + end +end diff --git a/spec/classes/tripleo_profile_base_ceph_client_spec.rb b/spec/classes/tripleo_profile_base_ceph_client_spec.rb new file mode 100644 index 0000000..11367d2 --- /dev/null +++ b/spec/classes/tripleo_profile_base_ceph_client_spec.rb @@ -0,0 +1,59 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::ceph::client' do + shared_examples_for 'tripleo::profile::base::ceph::client' do + let (:pre_condition) do + <<-eof + class { '::tripleo::profile::base::ceph': + step => #{params[:step]} + } + eof + end + + context 'with step less than 2' do + let(:params) { { :step => 1 } } + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::ceph::client') + is_expected.to contain_class('tripleo::profile::base::ceph') + is_expected.to_not contain_class('ceph::profile::client') + end + end + + context 'with step 2' do + let(:params) { { + :step => 2, + } } + + it 'should include client configuration' do + is_expected.to contain_class('tripleo::profile::base::ceph') + is_expected.to contain_class('ceph::profile::client') + end + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::ceph::client' + end + end +end diff --git a/spec/classes/tripleo_profile_base_ceph_mon_spec.rb b/spec/classes/tripleo_profile_base_ceph_mon_spec.rb new file mode 100644 index 0000000..d5dde4f --- /dev/null +++ b/spec/classes/tripleo_profile_base_ceph_mon_spec.rb @@ -0,0 +1,77 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::ceph::mon' do + shared_examples_for 'tripleo::profile::base::ceph::mon' do + let (:pre_condition) do + <<-eof + class { '::tripleo::profile::base::ceph': + step => #{params[:step]} + } + eof + end + + context 'with step less than 2' do + let(:params) { { :step => 1 } } + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::ceph::mon') + is_expected.to contain_class('tripleo::profile::base::ceph') + is_expected.to_not contain_class('ceph::profile::mon') + end + end + + context 'with step 2' do + let(:params) { { + :step => 2, + } } + + it 'should include mon configuration' do + is_expected.to contain_class('tripleo::profile::base::ceph') + is_expected.to contain_class('ceph::profile::mon') + end + end + + context 'with step 4 create pools' do + let(:params) { { + :step => 4, + :ceph_pools => { 'mypool' => { 'size' => 5, 'pg_num' => 128, 'pgp_num' => 128 } } + } } + + it 'should include mon configuration' do + is_expected.to contain_class('tripleo::profile::base::ceph') + is_expected.to contain_class('ceph::profile::mon') + is_expected.to contain_ceph__pool('mypool').with({ + :size => 5, + :pg_num => 128, + :pgp_num => 128 + }) + end + end + + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::ceph::mon' + end + end +end diff --git a/spec/classes/tripleo_profile_base_ceph_osd_spec.rb b/spec/classes/tripleo_profile_base_ceph_osd_spec.rb new file mode 100644 index 0000000..3008e12 --- /dev/null +++ b/spec/classes/tripleo_profile_base_ceph_osd_spec.rb @@ -0,0 +1,75 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::ceph::osd' do + shared_examples_for 'tripleo::profile::base::ceph::osd' do + let (:pre_condition) do + <<-eof + class { '::tripleo::profile::base::ceph': + step => #{params[:step]} + } + eof + end + + context 'with step less than 3' do + let(:params) { { :step => 1 } } + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::ceph::osd') + is_expected.to contain_class('tripleo::profile::base::ceph') + is_expected.to_not contain_class('ceph::profile::osd') + end + end + + context 'with step 3 defaults' do + let(:params) { { + :step => 3, + } } + + it 'should include osd configuration' do + is_expected.to contain_class('tripleo::profile::base::ceph') + is_expected.to contain_class('ceph::profile::osd') + is_expected.to_not contain_exec('set selinux to permissive on boot') + is_expected.to_not contain_exec('set selinux to permissive') + end + end + + context 'with step 3 enable selinux permissive' do + let(:params) { { + :step => 3, + :ceph_osd_selinux_permissive => true + } } + + it 'should include osd configuration' do + is_expected.to contain_class('tripleo::profile::base::ceph') + is_expected.to contain_class('ceph::profile::osd') + is_expected.to contain_exec('set selinux to permissive on boot') + is_expected.to contain_exec('set selinux to permissive') + end + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::ceph::osd' + end + end +end diff --git a/spec/classes/tripleo_profile_base_ceph_rgw_spec.rb b/spec/classes/tripleo_profile_base_ceph_rgw_spec.rb new file mode 100644 index 0000000..e9459d0 --- /dev/null +++ b/spec/classes/tripleo_profile_base_ceph_rgw_spec.rb @@ -0,0 +1,91 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::ceph::rgw' do + shared_examples_for 'tripleo::profile::base::ceph::rgw' do + let (:pre_condition) do + <<-eof + class { '::tripleo::profile::base::ceph': + step => #{params[:step]} + } + eof + end + + let (:default_params) do + { + :keystone_admin_token => 'token', + :keystone_url => 'url', + :rgw_key => 'key' + } + end + + context 'with step less than 3' do + let(:params) { default_params.merge({ :step => 1 }) } + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::ceph::rgw') + is_expected.to contain_class('tripleo::profile::base::ceph') + is_expected.to_not contain_class('ceph::profile::rgw') + end + end + + context 'with step 3' do + let(:params) { default_params.merge({ :step => 3 }) } + it 'should include rgw configuration' do + is_expected.to contain_class('tripleo::profile::base::ceph') + is_expected.to contain_class('ceph::profile::rgw') + is_expected.to contain_ceph__key('client.radosgw.gateway').with( + :secret => 'key', + :cap_mon => 'allow *', + :cap_osd => 'allow *', + :inject => true + ) + is_expected.to_not contain_ceph__rgw__keystone('radosgw.gateway') + end + end + + context 'with step 4' do + let(:params) { default_params.merge({ :step => 4 }) } + it 'should include rgw configuration' do + is_expected.to contain_class('tripleo::profile::base::ceph') + is_expected.to contain_class('ceph::profile::rgw') + is_expected.to contain_ceph__key('client.radosgw.gateway').with( + :secret => 'key', + :cap_mon => 'allow *', + :cap_osd => 'allow *', + :inject => true + ) + is_expected.to contain_ceph__rgw__keystone('radosgw.gateway').with( + :rgw_keystone_accepted_roles => ['admin', '_member_', 'Member'], + :use_pki => false, + :rgw_keystone_admin_token => 'token', + :rgw_keystone_url => 'url' + ) + end + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::ceph::rgw' + end + end +end diff --git a/spec/classes/tripleo_profile_base_ceph_spec.rb b/spec/classes/tripleo_profile_base_ceph_spec.rb new file mode 100644 index 0000000..1532fb7 --- /dev/null +++ b/spec/classes/tripleo_profile_base_ceph_spec.rb @@ -0,0 +1,99 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::ceph' do + shared_examples_for 'tripleo::profile::base::ceph' do + context 'with step less than 2' do + let(:params) { { :step => 1 } } + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::ceph') + is_expected.to_not contain_class('ceph::conf') + is_expected.to_not contain_class('ceph::profile::params') + end + end + + context 'with step 2' do + let(:params) { { + :step => 2, + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('ceph::profile::params').with( + :mon_initial_members => nil, + :mon_host => '127.0.0.1' + ) + is_expected.to contain_class('ceph::conf') + end + end + + context 'with step 2 with initial members' do + let(:params) { { + :step => 2, + :ceph_mon_initial_members => [ 'monA', 'monB', 'monc' ] + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('ceph::profile::params').with( + :mon_initial_members => 'mona,monb,monc', + :mon_host => '127.0.0.1' + ) + is_expected.to contain_class('ceph::conf') + end + end + + context 'with step 2 with ipv4 mon host' do + let(:params) { { + :step => 2, + :ceph_mon_host => ['10.0.0.1', '10.0.0.2'] + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('ceph::profile::params').with( + :mon_initial_members => nil, + :mon_host => '10.0.0.1,10.0.0.2' + ) + is_expected.to contain_class('ceph::conf') + end + end + + context 'with step 2 with ipv6 mon host' do + let(:params) { { + :step => 2, + :ceph_mon_host => ['fe80::fc54:ff:fe9e:7846', '10.0.0.2'] + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('ceph::profile::params').with( + :mon_initial_members => nil, + :mon_host => '[fe80::fc54:ff:fe9e:7846],10.0.0.2' + ) + is_expected.to contain_class('ceph::conf') + end + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::ceph' + end + end +end diff --git a/spec/fixtures/hiera.yaml b/spec/fixtures/hiera.yaml index 1dc3360..d5368e9 100644 --- a/spec/fixtures/hiera.yaml +++ b/spec/fixtures/hiera.yaml @@ -4,4 +4,4 @@ :yaml: :datadir: './spec/fixtures/hieradata' :hierarchy: - - default + - 'default' diff --git a/spec/fixtures/hieradata/default.yaml b/spec/fixtures/hieradata/default.yaml index 0d0c944..f0f7f1c 100644 --- a/spec/fixtures/hieradata/default.yaml +++ b/spec/fixtures/hieradata/default.yaml @@ -1,3 +1,13 @@ +--- my_hash: network: '127.0.0.1' not_hash: string +# aodh profile required hieradata +aodh_redis_password: 'password' +redis_vip: '127.0.0.1' +aodh::auth::auth_password: 'password' +aodh::db::mysql::password: 'password' +aodh::keystone::authtoken::password: 'password' +ceilometer::keystone::authtoken::password: 'password' +# ceph related items +ceph::profile::params::mon_key: 'password' diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index b06b436..4fa8cc3 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -19,6 +19,8 @@ RSpec.configure do |c| # custom global facts for all rspec tests add_custom_fact :concat_basedir, '/var/lib/puppet/concat' + # needed for testing Puppet Openstack modules + add_custom_fact :os_service_default, '<SERVICE DEFAULT>' end at_exit { RSpec::Puppet::Coverage.report! } |