diff options
| -rw-r--r-- | lib/facter/alt_fqdns.rb | 2 | ||||
| -rw-r--r-- | manifests/certmonger.pp | 37 | ||||
| -rw-r--r-- | manifests/certmonger/haproxy.pp | 70 | ||||
| -rw-r--r-- | manifests/haproxy.pp | 40 | ||||
| -rw-r--r-- | manifests/profile/base/horizon.pp | 50 | ||||
| -rw-r--r-- | manifests/profile/base/mistral.pp | 39 | ||||
| -rw-r--r-- | manifests/profile/base/mistral/api.pp | 36 | ||||
| -rw-r--r-- | manifests/profile/base/mistral/engine.pp | 46 | ||||
| -rw-r--r-- | manifests/profile/base/mistral/executor.pp | 36 | ||||
| -rw-r--r-- | manifests/profile/base/neutron/dhcp.pp | 13 | ||||
| -rw-r--r-- | manifests/profile/base/nova/compute.pp | 11 | ||||
| -rw-r--r-- | manifests/profile/base/pacemaker.pp | 93 | ||||
| -rw-r--r-- | manifests/profile/pacemaker/gnocchi.pp | 11 |
13 files changed, 466 insertions, 18 deletions
diff --git a/lib/facter/alt_fqdns.rb b/lib/facter/alt_fqdns.rb index 24d6ef1..8a4d59b 100644 --- a/lib/facter/alt_fqdns.rb +++ b/lib/facter/alt_fqdns.rb @@ -26,7 +26,7 @@ Facter.value(:hostname), network, Facter.value(:domain), - ].reject { |part| part.empty? } + ].reject { |part| part.nil? || part.empty? } external_hostname_parts.join(".") end end diff --git a/manifests/certmonger.pp b/manifests/certmonger.pp new file mode 100644 index 0000000..e5f5e04 --- /dev/null +++ b/manifests/certmonger.pp @@ -0,0 +1,37 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::certmonger +# +# Sets some default defaults necessary for the global certmonger setup. +# +# === Parameters +# +# [*global_ca*] +# The certmonger nickname for the CA that will be used. +# +class tripleo::certmonger ( + $global_ca +){ + include ::certmonger + + Certmonger_certificate { + ca => $global_ca, + ensure => 'present', + certbackend => 'FILE', + keybackend => 'FILE', + wait => true, + require => Class['::certmonger'], + } +} diff --git a/manifests/certmonger/haproxy.pp b/manifests/certmonger/haproxy.pp new file mode 100644 index 0000000..0806e40 --- /dev/null +++ b/manifests/certmonger/haproxy.pp @@ -0,0 +1,70 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Resource: tripleo::certmonger::haproxy +# +# Request a certificate for the HAProxy service and does the necessary logic to +# get it into a format that the service understands. +# +# === Parameters +# +# [*service_pem*] +# The file in PEM format that the HAProxy service will use as a certificate. +# +# [*service_certificate*] +# The certificate file that certmonger will be tracking. +# +# [*service_key*] +# The key file that certmonger will use for the certificate. +# +# [*hostname*] +# The hostname that certmonger will use as the common name for the +# certificate. +# +# [*postsave_cmd*] +# The post-save-command that certmonger will use once it renews the +# certificate. +# +define tripleo::certmonger::haproxy ( + $service_pem, + $service_certificate, + $service_key, + $hostname, + $postsave_cmd, +){ + certmonger_certificate { "${title}-cert": + hostname => $hostname, + certfile => $service_certificate, + keyfile => $service_key, + postsave_cmd => $postsave_cmd, + } + concat { $service_pem : + ensure => present, + mode => '0640', + owner => 'haproxy', + group => 'haproxy', + } + concat::fragment { "${title}-cert-fragment": + target => $service_pem, + source => $service_certificate, + order => '01', + require => Certmonger_certificate["${title}-cert"], + } + concat::fragment { "${title}-key-fragment": + target => $service_pem, + source => $service_key, + order => 10, + require => Certmonger_certificate["${title}-cert"], + } +} diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index e3e48ce..407fbb7 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -169,6 +169,10 @@ # (optional) Enable or not Gnocchi API binding # Defaults to false # +# [*mistral*] +# (optional) Enable or not Mistral API binding +# Defaults to false +# # [*swift_proxy_server*] # (optional) Enable or not Swift API binding # Defaults to false @@ -193,6 +197,10 @@ # (optional) Enable or not Ironic API binding # Defaults to false # +# [*ironic_inspector*] +# (optional) Enable or not Ironic Inspector API binding +# Defaults to false +# # [*mysql*] # (optional) Enable or not MySQL Galera binding # Defaults to false @@ -232,6 +240,8 @@ # 'glance_registry_port' (Defaults to 9191) # 'gnocchi_api_port' (Defaults to 8041) # 'gnocchi_api_ssl_port' (Defaults to 13041) +# 'mistral_api_port' (Defaults to 8989) +# 'mistral_api_ssl_port' (Defaults to 13989) # 'heat_api_port' (Defaults to 8004) # 'heat_api_ssl_port' (Defaults to 13004) # 'heat_cfn_port' (Defaults to 8000) @@ -240,6 +250,8 @@ # 'heat_cw_ssl_port' (Defaults to 13003) # 'ironic_api_port' (Defaults to 6385) # 'ironic_api_ssl_port' (Defaults to 13385) +# 'ironic_inspector_port' (Defaults to 5050) +# 'ironic_inspector_ssl_port' (Defaults to 13050) # 'keystone_admin_api_port' (Defaults to 35357) # 'keystone_admin_api_ssl_port' (Defaults to 13357) # 'keystone_public_api_port' (Defaults to 5000) @@ -296,12 +308,14 @@ class tripleo::haproxy ( $ceilometer = false, $aodh = false, $gnocchi = false, + $mistral = false, $swift_proxy_server = false, $heat_api = false, $heat_cloudwatch = false, $heat_cfn = false, $horizon = false, $ironic = false, + $ironic_inspector = false, $mysql = false, $mysql_clustercheck = false, $rabbitmq = false, @@ -322,6 +336,8 @@ class tripleo::haproxy ( glance_registry_port => 9191, gnocchi_api_port => 8041, gnocchi_api_ssl_port => 13041, + mistral_api_port => 8989, + mistral_api_ssl_port => 13989, heat_api_port => 8004, heat_api_ssl_port => 13004, heat_cfn_port => 8000, @@ -330,6 +346,8 @@ class tripleo::haproxy ( heat_cw_ssl_port => 13003, ironic_api_port => 6385, ironic_api_ssl_port => 13385, + ironic_inspector_port => 5050, + ironic_inspector_ssl_port => 13050, keystone_admin_api_port => 35357, keystone_admin_api_ssl_port => 13357, keystone_public_api_port => 5000, @@ -662,6 +680,17 @@ class tripleo::haproxy ( } } + if $mistral { + ::tripleo::haproxy::endpoint { 'mistral': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('mistral_api_vip', $controller_virtual_ip), + service_port => $ports[mistral_api_port], + ip_addresses => hiera('mistral_api_node_ips', $controller_hosts_real), + server_names => $controller_hosts_names_real, + public_ssl_port => $ports[mistral_api_ssl_port], + } + } + if $swift_proxy_server { ::tripleo::haproxy::endpoint { 'swift_proxy_server': public_virtual_ip => $public_virtual_ip, @@ -754,6 +783,17 @@ class tripleo::haproxy ( } } + if $ironic_inspector { + ::tripleo::haproxy::endpoint { 'ironic-inspector': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('ironic_inspector_vip', $controller_virtual_ip), + service_port => $ports[ironic_inspector_port], + ip_addresses => hiera('ironic_inspector_node_ips', $controller_hosts_real), + server_names => $controller_hosts_names_real, + public_ssl_port => $ports[ironic_inspector_ssl_port], + } + } + if $mysql_clustercheck { $mysql_listen_options = { 'option' => [ 'tcpka', 'httpchk' ], diff --git a/manifests/profile/base/horizon.pp b/manifests/profile/base/horizon.pp new file mode 100644 index 0000000..1b7df19 --- /dev/null +++ b/manifests/profile/base/horizon.pp @@ -0,0 +1,50 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::horizon +# +# Horizon profile for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::horizon ( + $step = hiera('step'), +) { + if $step >= 4 { + # Horizon + include ::apache::mod::remoteip + include ::apache::mod::status + if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { + $_profile_support = 'cisco' + } else { + $_profile_support = 'None' + } + $neutron_options = {'profile_support' => $_profile_support } + $memcached_ipv6 = hiera('memcached_ipv6', false) + if $memcached_ipv6 { + $horizon_memcached_servers = hiera('memcache_node_ips_v6', '[::1]') + } else { + $horizon_memcached_servers = hiera('memcache_node_ips', '127.0.0.1') + } + class { '::horizon': + cache_server_ip => $horizon_memcached_servers, + neutron_options => $neutron_options, + } + } +} diff --git a/manifests/profile/base/mistral.pp b/manifests/profile/base/mistral.pp new file mode 100644 index 0000000..42507b9 --- /dev/null +++ b/manifests/profile/base/mistral.pp @@ -0,0 +1,39 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::mistral +# +# Mistral profile for tripleo +# +# === Parameters +# +# [*sync_db*] +# (Optional) Whether to run db sync +# Defaults to true +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::mistral ( + $sync_db = true, + $step = hiera('step'), +) { + + if $step >= 3 { + include ::mistral + include ::mistral::config + } +} diff --git a/manifests/profile/base/mistral/api.pp b/manifests/profile/base/mistral/api.pp new file mode 100644 index 0000000..b955c8d --- /dev/null +++ b/manifests/profile/base/mistral/api.pp @@ -0,0 +1,36 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::mistral::api +# +# Mistral API profile for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::mistral::api ( + $step = hiera('step'), +) { + + include ::tripleo::profile::base::mistral + + if $step >= 4 { + include ::mistral::api + } +} + diff --git a/manifests/profile/base/mistral/engine.pp b/manifests/profile/base/mistral/engine.pp new file mode 100644 index 0000000..141cbad --- /dev/null +++ b/manifests/profile/base/mistral/engine.pp @@ -0,0 +1,46 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::mistral::engine +# +# Mistral Engine profile for tripleo +# +# === Parameters +# +# [*sync_db*] +# (Optional) Whether to run db sync +# Defaults to undef +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::mistral::engine ( + $sync_db = true, + $step = hiera('step'), +) { + + include ::tripleo::profile::base::mistral + + if $step >= 3 and $sync_db { + include ::mistral::db::mysql + include ::mistral::db::sync + } + + if $step >= 4 { + include ::mistral::engine + } + +} diff --git a/manifests/profile/base/mistral/executor.pp b/manifests/profile/base/mistral/executor.pp new file mode 100644 index 0000000..d7b5776 --- /dev/null +++ b/manifests/profile/base/mistral/executor.pp @@ -0,0 +1,36 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::mistral::executor +# +# Mistral Executor profile for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::mistral::executor ( + $step = hiera('step'), +) { + + include ::tripleo::profile::base::mistral + + if $step >= 4 { + include ::mistral::executor + } + +} diff --git a/manifests/profile/base/neutron/dhcp.pp b/manifests/profile/base/neutron/dhcp.pp index 180fd37..a313478 100644 --- a/manifests/profile/base/neutron/dhcp.pp +++ b/manifests/profile/base/neutron/dhcp.pp @@ -18,31 +18,18 @@ # # === Parameters # -# [*neutron_dnsmasq_options*] -# (Optional) -# Defaults to hiera('neutron_dnsmasq_options') -# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') # class tripleo::profile::base::neutron::dhcp ( - $neutron_dnsmasq_options = hiera('neutron_dnsmasq_options', ''), $step = hiera('step'), ) { if $step >= 4 { include ::tripleo::profile::base::neutron include ::neutron::agents::dhcp - file { '/etc/neutron/dnsmasq-neutron.conf': - content => $neutron_dnsmasq_options, - owner => 'neutron', - group => 'neutron', - notify => Service['neutron-dhcp-service'], - require => Package['neutron'], - } - Service<| title == 'neutron-server' |> -> Service <| title == 'neutron-dhcp' |> } } diff --git a/manifests/profile/base/nova/compute.pp b/manifests/profile/base/nova/compute.pp index 16b61df..c734906 100644 --- a/manifests/profile/base/nova/compute.pp +++ b/manifests/profile/base/nova/compute.pp @@ -41,6 +41,17 @@ class tripleo::profile::base::nova::compute ( # deploy bits to connect nova compute to neutron include ::nova::network::neutron + + # When utilising images for deployment, we need to reset the iSCSI initiator name to make it unique + # https://bugzilla.redhat.com/show_bug.cgi?id=1244328 + exec { 'reset-iscsi-initiator-name': + command => '/bin/echo InitiatorName=$(/usr/sbin/iscsi-iname) > /etc/iscsi/initiatorname.iscsi', + onlyif => '/usr/bin/test ! -f /etc/iscsi/.initiator_reset', + before => File['/etc/iscsi/.initiator_reset'], + } + file { '/etc/iscsi/.initiator_reset': + ensure => present, + } } # If NFS is used as a Cinder backend diff --git a/manifests/profile/base/pacemaker.pp b/manifests/profile/base/pacemaker.pp new file mode 100644 index 0000000..fc58891 --- /dev/null +++ b/manifests/profile/base/pacemaker.pp @@ -0,0 +1,93 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::pacemaker +# +# Pacemaker profile for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::pacemaker ( + $step = hiera('step'), +) { + + Pcmk_resource <| |> { + tries => 10, + try_sleep => 3, + } + + if $::hostname == downcase(hiera('bootstrap_nodeid')) { + $pacemaker_master = true + } else { + $pacemaker_master = false + } + + $enable_fencing = str2bool(hiera('enable_fencing', false)) and hiera('step') >= 5 + + if hiera('step') >= 1 { + $pacemaker_cluster_members = downcase(regsubst(hiera('controller_node_names'), ',', ' ', 'G')) + $corosync_ipv6 = str2bool(hiera('corosync_ipv6', false)) + if $corosync_ipv6 { + $cluster_setup_extras = { '--token' => hiera('corosync_token_timeout', 1000), '--ipv6' => '' } + } else { + $cluster_setup_extras = { '--token' => hiera('corosync_token_timeout', 1000) } + } + class { '::pacemaker': + hacluster_pwd => hiera('hacluster_pwd'), + } -> + class { '::pacemaker::corosync': + cluster_members => $pacemaker_cluster_members, + setup_cluster => $pacemaker_master, + cluster_setup_extras => $cluster_setup_extras, + } + class { '::pacemaker::stonith': + disable => !$enable_fencing, + } + if $enable_fencing { + include ::tripleo::fencing + + # enable stonith after all Pacemaker resources have been created + Pcmk_resource<||> -> Class['tripleo::fencing'] + Pcmk_constraint<||> -> Class['tripleo::fencing'] + Exec <| tag == 'pacemaker_constraint' |> -> Class['tripleo::fencing'] + # enable stonith after all fencing devices have been created + Class['tripleo::fencing'] -> Class['pacemaker::stonith'] + } + + # FIXME(gfidente): sets 200secs as default start timeout op + # param; until we can use pcmk global defaults we'll still + # need to add it to every resource which redefines op params + Pacemaker::Resource::Service { + op_params => 'start timeout=200s stop timeout=200s', + } + } + + if hiera('step') >= 2 { + if $pacemaker_master { + include ::pacemaker::resource_defaults + + # Create an openstack-core dummy resource. See RHBZ 1290121 + pacemaker::resource::ocf { 'openstack-core': + ocf_agent_name => 'heartbeat:Dummy', + clone_params => true, + } + } + } + +} diff --git a/manifests/profile/pacemaker/gnocchi.pp b/manifests/profile/pacemaker/gnocchi.pp index ad566b1..a6d472c 100644 --- a/manifests/profile/pacemaker/gnocchi.pp +++ b/manifests/profile/pacemaker/gnocchi.pp @@ -56,15 +56,18 @@ class tripleo::profile::pacemaker::gnocchi ( $pacemaker_master = false } - if $step >= 3 and $sync_db { - include ::gnocchi - include ::gnocchi::config - include ::gnocchi::client + if $step >= 2 and $pacemaker_master { if $gnocchi_indexer_backend == 'mysql' { class { '::gnocchi::db::mysql': require => Exec['galera-ready'], } } + } + + if $step >= 3 and $sync_db { + include ::gnocchi + include ::gnocchi::config + include ::gnocchi::client include ::gnocchi::db::sync } |