summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--lib/puppet/parser/functions/netmask_to_cidr.rb14
-rw-r--r--lib/puppet/provider/sriov_vf_config/numvfs.rb2
-rw-r--r--manifests/certmonger/ca/crl.pp6
-rw-r--r--manifests/certmonger/ca/local.pp2
-rw-r--r--manifests/certmonger/mysql.pp9
-rw-r--r--manifests/haproxy.pp62
-rw-r--r--manifests/host/sriov.pp2
-rw-r--r--manifests/network/contrail/analytics.pp33
-rw-r--r--manifests/network/contrail/analyticsdatabase.pp30
-rw-r--r--manifests/network/contrail/config.pp36
-rw-r--r--manifests/network/contrail/control.pp27
-rw-r--r--manifests/network/contrail/database.pp24
-rw-r--r--manifests/network/contrail/heat.pp24
-rw-r--r--manifests/network/contrail/neutron_plugin.pp77
-rw-r--r--manifests/network/contrail/provision.pp6
-rw-r--r--manifests/network/contrail/vrouter.pp96
-rw-r--r--manifests/network/contrail/webui.pp34
-rw-r--r--manifests/profile/base/aodh/api.pp12
-rw-r--r--manifests/profile/base/ceilometer/api.pp13
-rw-r--r--manifests/profile/base/ceilometer/upgrade.pp12
-rw-r--r--manifests/profile/base/cinder/volume.pp27
-rw-r--r--manifests/profile/base/cinder/volume/veritas_hyperscale.pp44
-rw-r--r--manifests/profile/base/database/mysql.pp10
-rw-r--r--manifests/profile/base/database/mysql/client.pp39
-rw-r--r--manifests/profile/base/docker.pp58
-rw-r--r--manifests/profile/base/glance/api.pp8
-rw-r--r--manifests/profile/base/heat/api.pp13
-rw-r--r--manifests/profile/base/heat/api_cfn.pp13
-rw-r--r--manifests/profile/base/heat/api_cloudwatch.pp13
-rw-r--r--manifests/profile/base/horizon.pp28
-rw-r--r--manifests/profile/base/ironic/api.pp58
-rw-r--r--manifests/profile/base/iscsid.pp45
-rw-r--r--manifests/profile/base/kernel.pp28
-rw-r--r--manifests/profile/base/keystone.pp3
-rw-r--r--manifests/profile/base/lvm.pp40
-rw-r--r--manifests/profile/base/metrics/collectd.pp9
-rw-r--r--manifests/profile/base/mistral/api.pp6
-rw-r--r--manifests/profile/base/neutron/opendaylight.pp4
-rw-r--r--manifests/profile/base/neutron/opendaylight/configure_cluster.pp45
-rw-r--r--manifests/profile/base/neutron/opendaylight/create_cluster.pp43
-rw-r--r--manifests/profile/base/neutron/server.pp12
-rw-r--r--manifests/profile/base/nova.pp170
-rw-r--r--manifests/profile/base/nova/authtoken.pp28
-rw-r--r--manifests/profile/base/nova/compute.pp13
-rw-r--r--manifests/profile/base/nova/compute/libvirt.pp7
-rw-r--r--manifests/profile/base/nova/libvirt.pp1
-rw-r--r--manifests/profile/base/nova/migration.pp (renamed from manifests/profile/base/ui.pp)25
-rw-r--r--manifests/profile/base/nova/migration/client.pp100
-rw-r--r--manifests/profile/base/nova/migration/target.pp120
-rw-r--r--manifests/profile/base/nova/placement.pp6
-rw-r--r--manifests/profile/base/rabbitmq.pp3
-rw-r--r--manifests/profile/base/swift/dispersion.pp33
-rw-r--r--manifests/profile/base/swift/proxy.pp16
-rw-r--r--manifests/profile/base/zaqar.pp66
-rw-r--r--manifests/profile/pacemaker/cinder/backup_bundle.pp9
-rw-r--r--manifests/profile/pacemaker/cinder/volume_bundle.pp4
-rw-r--r--manifests/profile/pacemaker/database/mysql.pp110
-rw-r--r--manifests/profile/pacemaker/database/mysql_bundle.pp2
-rw-r--r--manifests/profile/pacemaker/database/redis_bundle.pp43
-rw-r--r--manifests/profile/pacemaker/haproxy_bundle.pp25
-rw-r--r--manifests/profile/pacemaker/rabbitmq_bundle.pp4
-rw-r--r--manifests/ui.pp3
-rw-r--r--releasenotes/notes/add-mysql_maxconn-to-haproxy-84a5ad07d8d14ddd.yaml5
-rw-r--r--releasenotes/notes/allow-missing-pci-dev-for-sriov-bbc29f62fcac10ff.yaml5
-rw-r--r--releasenotes/notes/contrail-move-traffic-to-internal_api-ddc96d24c7018b81.yaml10
-rw-r--r--releasenotes/notes/innodb_flush_log_at_trx_commit-eb7d99749ca3c911.yaml17
-rw-r--r--releasenotes/notes/nf_conntrack_proto_sctp-a64300a3fc7b4e55.yaml9
-rw-r--r--releasenotes/notes/start-httpd-step3-and-4-2bd7be9e1429ef6d.yaml5
-rw-r--r--releasenotes/notes/swift-dispersion-profile-09dc69980028e751.yaml6
-rw-r--r--releasenotes/notes/veritas-hyperscale-driver-profile-970b5cb72f9fdcba.yaml3
-rw-r--r--releasenotes/notes/zaqar_undercloud_backends-66c268161cf7840e.yaml6
-rw-r--r--releasenotes/source/conf.py14
-rw-r--r--spec/classes/tripleo_certmonger_ca_local_spec.rb5
-rw-r--r--spec/classes/tripleo_haproxy_spec.rb115
-rw-r--r--spec/classes/tripleo_host_sriov_spec.rb4
-rw-r--r--spec/classes/tripleo_profile_base_aodh_api_spec.rb25
-rw-r--r--spec/classes/tripleo_profile_base_ceilometer_api_spec.rb27
-rw-r--r--spec/classes/tripleo_profile_base_cinder_veritas_hyperscale_spec.rb57
-rw-r--r--spec/classes/tripleo_profile_base_cinder_volume_spec.rb38
-rw-r--r--spec/classes/tripleo_profile_base_docker_spec.rb9
-rw-r--r--spec/classes/tripleo_profile_base_horizon_spec.rb28
-rw-r--r--spec/classes/tripleo_profile_base_iscsid_spec.rb42
-rw-r--r--spec/classes/tripleo_profile_base_kernel_spec.rb59
-rw-r--r--spec/classes/tripleo_profile_base_lvm_spec.rb53
-rw-r--r--spec/classes/tripleo_profile_base_nova_authtoken_spec.rb3
-rw-r--r--spec/classes/tripleo_profile_base_nova_compute_libvirt_spec.rb6
-rw-r--r--spec/classes/tripleo_profile_base_nova_compute_spec.rb15
-rw-r--r--spec/classes/tripleo_profile_base_nova_libvirt_spec.rb6
-rw-r--r--spec/classes/tripleo_profile_base_nova_migration_client_spec.rb188
-rw-r--r--spec/classes/tripleo_profile_base_nova_migration_spec.rb40
-rw-r--r--spec/classes/tripleo_profile_base_nova_migration_target_spec.rb283
-rw-r--r--spec/classes/tripleo_profile_base_nova_placement_spec.rb20
-rw-r--r--spec/classes/tripleo_profile_base_nova_spec.rb423
-rw-r--r--spec/fixtures/hieradata/default.yaml4
-rw-r--r--spec/functions/netmask_to_cidr_spec.rb6
-rw-r--r--test-requirements.txt4
96 files changed, 2388 insertions, 1007 deletions
diff --git a/lib/puppet/parser/functions/netmask_to_cidr.rb b/lib/puppet/parser/functions/netmask_to_cidr.rb
new file mode 100644
index 0000000..68ee4cf
--- /dev/null
+++ b/lib/puppet/parser/functions/netmask_to_cidr.rb
@@ -0,0 +1,14 @@
+# Custom function to transform netmask from IP notation to
+# CIDR format. Input is an IP address, output a CIDR:
+# 255.255.255.0 = 24
+# The CIDR formated netmask is needed for some
+# Contrail configuration files
+require 'ipaddr'
+module Puppet::Parser::Functions
+ newfunction(:netmask_to_cidr, :type => :rvalue) do |args|
+ if args[0].class != String
+ raise Puppet::ParseError, "Syntax error: #{args[0]} must be a String"
+ end
+ IPAddr.new(args[0]).to_i.to_s(2).count("1")
+ end
+end
diff --git a/lib/puppet/provider/sriov_vf_config/numvfs.rb b/lib/puppet/provider/sriov_vf_config/numvfs.rb
index cfa663c..22acf21 100644
--- a/lib/puppet/provider/sriov_vf_config/numvfs.rb
+++ b/lib/puppet/provider/sriov_vf_config/numvfs.rb
@@ -12,7 +12,7 @@ Puppet::Type.type(:sriov_vf_config).provide(:numvfs) do
if File.file?(sriov_numvfs_path)
_set_numvfs
else
- fail("#{sriov_numvfs_path} doesn't exist. Check if #{sriov_get_interface} is a valid network interface supporting SR-IOV")
+ warning("#{sriov_numvfs_path} doesn't exist. Check if #{sriov_get_interface} is a valid network interface supporting SR-IOV")
end
end
diff --git a/manifests/certmonger/ca/crl.pp b/manifests/certmonger/ca/crl.pp
index 59a3681..2454460 100644
--- a/manifests/certmonger/ca/crl.pp
+++ b/manifests/certmonger/ca/crl.pp
@@ -49,7 +49,7 @@
# (optional) Defaults to '0'.
#
# [*hour*]
-# (optional) Defaults to '1'.
+# (optional) Defaults to '*/2'.
#
# [*monthday*]
# (optional) Defaults to '*'.
@@ -78,10 +78,10 @@ class tripleo::certmonger::ca::crl (
$crl_preprocessed = '/etc/pki/CA/crl/overcloud-crl.bin',
$crl_preprocessed_format = 'DER',
$minute = '0',
- $hour = '1',
+ $hour = '*/2',
$monthday = '*',
$month = '*',
- $weekday = '6',
+ $weekday = '*',
$maxdelay = 0,
$reload_cmds = [],
) {
diff --git a/manifests/certmonger/ca/local.pp b/manifests/certmonger/ca/local.pp
index b7b7328..78dc09a 100644
--- a/manifests/certmonger/ca/local.pp
+++ b/manifests/certmonger/ca/local.pp
@@ -34,6 +34,6 @@ class tripleo::certmonger::ca::local(
creates => $ca_pem,
tries => 5,
try_sleep => 1,
- require => Service['certmonger'],
}
+ Service['certmonger'] ~> Exec<| title == 'extract-and-trust-ca' |>
}
diff --git a/manifests/certmonger/mysql.pp b/manifests/certmonger/mysql.pp
index dd9b184..0988c55 100644
--- a/manifests/certmonger/mysql.pp
+++ b/manifests/certmonger/mysql.pp
@@ -31,6 +31,12 @@
# (Optional) The CA that certmonger will use to generate the certificates.
# Defaults to hiera('certmonger_ca', 'local').
#
+# [*dnsnames*]
+# (Optional) The DNS names that will be added for the SubjectAltNames entry
+# in the certificate. If left unset, the value will be set to the $hostname.
+# This parameter can take both a string or an array of strings.
+# Defaults to $hostname
+#
# [*principal*]
# (Optional) The haproxy service principal that is set for MySQL in kerberos.
# Defaults to undef
@@ -40,6 +46,7 @@ class tripleo::certmonger::mysql (
$service_certificate,
$service_key,
$certmonger_ca = hiera('certmonger_ca', 'local'),
+ $dnsnames = $hostname,
$principal = undef,
) {
include ::certmonger
@@ -51,7 +58,7 @@ class tripleo::certmonger::mysql (
certfile => $service_certificate,
keyfile => $service_key,
hostname => $hostname,
- dnsname => $hostname,
+ dnsname => $dnsnames,
principal => $principal,
postsave_cmd => $postsave_cmd,
ca => $certmonger_ca,
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index 6da6dcf..924699b 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -155,6 +155,10 @@
# When set, enables SSL on the haproxy stats endpoint using the specified file.
# Defaults to undef
#
+# [*haproxy_stats*]
+# (optional) Enable or not the haproxy stats interface
+# Defaults to true
+#
# [*keystone_admin*]
# (optional) Enable or not Keystone Admin API binding
# Defaults to hiera('keystone_enabled', false)
@@ -279,6 +283,10 @@
# (optional) Enable check via clustercheck for mysql
# Defaults to false
#
+# [*mysql_max_conn*]
+# (optional) Set the maxconn parameter for mysql
+# Defaults to undef
+#
# [*mysql_member_options*]
# The options to use for the mysql HAProxy balancer members.
# If this parameter is undefined, the actual value configured will depend
@@ -571,6 +579,7 @@ class tripleo::haproxy (
$ca_bundle = '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt',
$crl_file = undef,
$haproxy_stats_certificate = undef,
+ $haproxy_stats = true,
$keystone_admin = hiera('keystone_enabled', false),
$keystone_public = hiera('keystone_enabled', false),
$neutron = hiera('neutron_api_enabled', false),
@@ -602,6 +611,7 @@ class tripleo::haproxy (
$ironic_inspector = hiera('ironic_inspector_enabled', false),
$mysql = hiera('mysql_enabled', false),
$mysql_clustercheck = false,
+ $mysql_max_conn = undef,
$mysql_member_options = undef,
$rabbitmq = false,
$etcd = hiera('etcd_enabled', false),
@@ -668,6 +678,8 @@ class tripleo::haproxy (
contrail_discovery_ssl_port => 15998,
contrail_analytics_port => 8090,
contrail_analytics_ssl_port => 18090,
+ contrail_analytics_rest_port => 8081,
+ contrail_analytics_ssl_rest_port => 18081,
contrail_webui_http_port => 8080,
contrail_webui_https_port => 8143,
docker_registry_port => 8787,
@@ -871,19 +883,21 @@ class tripleo::haproxy (
listen_options => $default_listen_options,
}
- $stats_base = ['enable', 'uri /']
- if $haproxy_stats_password {
- $stats_config = union($stats_base, ["auth ${haproxy_stats_user}:${haproxy_stats_password}"])
- } else {
- $stats_config = $stats_base
- }
- haproxy::listen { 'haproxy.stats':
- bind => $haproxy_stats_bind_opts,
- mode => 'http',
- options => {
- 'stats' => $stats_config,
- },
- collect_exported => false,
+ if $haproxy_stats {
+ $stats_base = ['enable', 'uri /']
+ if $haproxy_stats_password {
+ $stats_config = union($stats_base, ["auth ${haproxy_stats_user}:${haproxy_stats_password}"])
+ } else {
+ $stats_config = $stats_base
+ }
+ haproxy::listen { 'haproxy.stats':
+ bind => $haproxy_stats_bind_opts,
+ mode => 'http',
+ options => {
+ 'stats' => $stats_config,
+ },
+ collect_exported => false,
+ }
}
if $keystone_admin {
@@ -1036,7 +1050,7 @@ class tripleo::haproxy (
mode => 'http',
public_ssl_port => $ports[nova_api_ssl_port],
service_network => $nova_osapi_network,
- #member_options => union($haproxy_member_options, $internal_tls_member_options),
+ member_options => union($haproxy_member_options, $internal_tls_member_options),
}
}
@@ -1314,6 +1328,7 @@ class tripleo::haproxy (
'timeout server' => '90m',
'stick-table' => 'type ip size 1000',
'stick' => 'on dst',
+ 'maxconn' => $mysql_max_conn
}
if $mysql_member_options {
$mysql_member_options_real = $mysql_member_options
@@ -1324,6 +1339,7 @@ class tripleo::haproxy (
$mysql_listen_options = {
'timeout client' => '90m',
'timeout server' => '90m',
+ 'maxconn' => $mysql_max_conn
}
if $mysql_member_options {
$mysql_member_options_real = $mysql_member_options
@@ -1575,7 +1591,7 @@ class tripleo::haproxy (
if $contrail_config {
::tripleo::haproxy::endpoint { 'contrail_config':
public_virtual_ip => $public_virtual_ip,
- internal_ip => hiera('contrail_config_vip', $controller_virtual_ip),
+ internal_ip => hiera('contrail_config_vip', hiera('internal_api_virtual_ip')),
service_port => $ports[contrail_config_port],
ip_addresses => hiera('contrail_config_node_ips'),
server_names => hiera('contrail_config_node_ips'),
@@ -1583,7 +1599,7 @@ class tripleo::haproxy (
}
::tripleo::haproxy::endpoint { 'contrail_discovery':
public_virtual_ip => $public_virtual_ip,
- internal_ip => hiera('contrail_config_vip', $controller_virtual_ip),
+ internal_ip => hiera('contrail_config_vip', hiera('internal_api_virtual_ip')),
service_port => $ports[contrail_discovery_port],
ip_addresses => hiera('contrail_config_node_ips'),
server_names => hiera('contrail_config_node_ips'),
@@ -1593,17 +1609,25 @@ class tripleo::haproxy (
if $contrail_analytics {
::tripleo::haproxy::endpoint { 'contrail_analytics':
public_virtual_ip => $public_virtual_ip,
- internal_ip => hiera('contrail_analytics_vip', $controller_virtual_ip),
+ internal_ip => hiera('contrail_analytics_vip', hiera('internal_api_virtual_ip')),
service_port => $ports[contrail_analytics_port],
ip_addresses => hiera('contrail_config_node_ips'),
server_names => hiera('contrail_config_node_ips'),
public_ssl_port => $ports[contrail_analytics_ssl_port],
}
+ ::tripleo::haproxy::endpoint { 'contrail_analytics_rest':
+ public_virtual_ip => $public_virtual_ip,
+ internal_ip => hiera('contrail_analytics_vip', hiera('internal_api_virtual_ip')),
+ service_port => $ports[contrail_analytics_rest_port],
+ ip_addresses => hiera('contrail_analytics_node_ips', $::contrail_analytics_node_ips),
+ server_names => hiera('contrail_analytics_node_ips', $::contrail_analytics_node_ips),
+ public_ssl_port => $ports[contrail_analytics_ssl_rest_port],
+ }
}
if $contrail_webui {
::tripleo::haproxy::endpoint { 'contrail_webui_http':
public_virtual_ip => $public_virtual_ip,
- internal_ip => hiera('contrail_webui_vip', $controller_virtual_ip),
+ internal_ip => hiera('contrail_webui_vip', hiera('internal_api_virtual_ip')),
service_port => $ports[contrail_webui_http_port],
ip_addresses => hiera('contrail_config_node_ips'),
server_names => hiera('contrail_config_node_ips'),
@@ -1611,7 +1635,7 @@ class tripleo::haproxy (
}
::tripleo::haproxy::endpoint { 'contrail_webui_https':
public_virtual_ip => $public_virtual_ip,
- internal_ip => hiera('contrail_webui_vip', $controller_virtual_ip),
+ internal_ip => hiera('contrail_webui_vip', hiera('internal_api_virtual_ip')),
service_port => $ports[contrail_webui_https_port],
ip_addresses => hiera('contrail_config_node_ips'),
server_names => hiera('contrail_config_node_ips'),
diff --git a/manifests/host/sriov.pp b/manifests/host/sriov.pp
index b94c472..c06796d 100644
--- a/manifests/host/sriov.pp
+++ b/manifests/host/sriov.pp
@@ -16,7 +16,7 @@ class tripleo::host::sriov (
) {
if !empty($number_of_vfs) {
- sriov_vf_config { $number_of_vfs: ensure => present }
+ sriov_vf_config { $number_of_vfs: }
# the numvfs configuration needs to be persisted for every boot
tripleo::host::sriov::numvfs_persistence {'persistent_numvfs':
diff --git a/manifests/network/contrail/analytics.pp b/manifests/network/contrail/analytics.pp
index 296fa19..6cfb60e 100644
--- a/manifests/network/contrail/analytics.pp
+++ b/manifests/network/contrail/analytics.pp
@@ -46,7 +46,7 @@
# [*api_server*]
# (optional) IP address of api server
# String value.
-# Defaults to hiera('contrail_config_vip')
+# Defaults to hiera('contrail_config_vip',hiera('internal_api_virtual_ip'))
#
# [*api_port*]
# (optional) port of api server
@@ -68,11 +68,6 @@
# Integer value.
# Defaults to hiera('contrail::auth_port')
#
-# [*auth_port_ssl*]
-# (optional) keystone ssl port.
-# Integer value.
-# Defaults to hiera('contrail::auth_port_ssl')
-#
# [*auth_protocol*]
# (optional) authentication protocol.
# String value.
@@ -106,7 +101,7 @@
# [*disc_server_ip*]
# (optional) IPv4 address of discovery server.
# String (IPv4) value.
-# Defaults to hiera('contrail_config_vip')
+# Defaults to hiera('contrail::disc_server_ip')
#
# [*disc_server_port*]
# (optional) port Discovery server listens on.
@@ -133,10 +128,10 @@
# String (IPv4) value + port
# Defaults to hiera('contrail::memcached_server')
#
-# [*public_vip*]
+# [*internal_vip*]
# (optional) Public virtual IP address
# String (IPv4) value
-# Defaults to hiera('public_virtual_ip')
+# Defaults to hiera('internal_api_virtual_ip')
#
# [*rabbit_server*]
# (optional) IPv4 addresses of rabbit server.
@@ -194,26 +189,25 @@ class tripleo::network::contrail::analytics(
$admin_tenant_name = hiera('contrail::admin_tenant_name'),
$admin_token = hiera('contrail::admin_token'),
$admin_user = hiera('contrail::admin_user'),
- $api_server = hiera('contrail_config_vip'),
+ $api_server = hiera('contrail_config_vip',hiera('internal_api_virtual_ip')),
$api_port = hiera('contrail::api_port'),
$auth_host = hiera('contrail::auth_host'),
$auth_port = hiera('contrail::auth_port'),
$auth_protocol = hiera('contrail::auth_protocol'),
- $auth_port_ssl = hiera('contrail::auth_port_ssl'),
$analytics_aaa_mode = hiera('contrail::analytics_aaa_mode'),
$cassandra_server_list = hiera('contrail_analytics_database_node_ips'),
$ca_file = hiera('contrail::service_certificate',false),
$cert_file = hiera('contrail::service_certificate',false),
$collector_http_server_port = hiera('contrail::analytics::collector_http_server_port'),
$collector_sandesh_port = hiera('contrail::analytics::collector_sandesh_port'),
- $disc_server_ip = hiera('contrail_config_vip'),
+ $disc_server_ip = hiera('contrail_config_vip',hiera('internal_api_virtual_ip')),
$disc_server_port = hiera('contrail::disc_server_port'),
$http_server_port = hiera('contrail::analytics::http_server_port'),
$host_ip = hiera('contrail::analytics::host_ip'),
$insecure = hiera('contrail::insecure'),
$kafka_broker_list = hiera('contrail_analytics_database_node_ips'),
$memcached_servers = hiera('contrail::memcached_server'),
- $public_vip = hiera('public_virtual_ip'),
+ $internal_vip = hiera('internal_api_virtual_ip'),
$rabbit_server = hiera('rabbitmq_node_ips'),
$rabbit_user = hiera('contrail::rabbit_user'),
$rabbit_password = hiera('contrail::rabbit_password'),
@@ -227,7 +221,7 @@ class tripleo::network::contrail::analytics(
{
$cassandra_server_list_9042 = join([join($cassandra_server_list, ':9042 '),':9042'],'')
$kafka_broker_list_9092 = join([join($kafka_broker_list, ':9092 '),':9092'],'')
- $rabbit_server_list_5672 = join([join($rabbit_server, ":${rabbit_port},"),":${rabbit_port}"],'')
+ $rabbit_server_list_5672 = join([join($rabbit_server, ':5672,'),':5672'],'')
$redis_config = "bind ${host_ip} 127.0.0.1"
$zk_server_ip_2181 = join([join($zk_server_ip, ':2181 '),':2181'],'')
$zk_server_ip_2181_comma = join([join($zk_server_ip, ':2181,'),':2181'],'')
@@ -238,7 +232,7 @@ class tripleo::network::contrail::analytics(
'admin_tenant_name' => $admin_tenant_name,
'admin_user' => $admin_user,
'auth_host' => $auth_host,
- 'auth_port' => $auth_port_ssl,
+ 'auth_port' => $auth_port,
'auth_protocol' => $auth_protocol,
'insecure' => $insecure,
'certfile' => $cert_file,
@@ -246,8 +240,8 @@ class tripleo::network::contrail::analytics(
}
$vnc_api_lib_config = {
'auth' => {
- 'AUTHN_SERVER' => $public_vip,
- 'AUTHN_PORT' => $auth_port_ssl,
+ 'AUTHN_SERVER' => $auth_host,
+ 'AUTHN_PORT' => $auth_port,
'AUTHN_PROTOCOL' => $auth_protocol,
'certfile' => $cert_file,
'cafile' => $ca_file,
@@ -265,7 +259,7 @@ class tripleo::network::contrail::analytics(
}
$vnc_api_lib_config = {
'auth' => {
- 'AUTHN_SERVER' => $public_vip,
+ 'AUTHN_SERVER' => $auth_host,
},
}
}
@@ -354,6 +348,7 @@ class tripleo::network::contrail::analytics(
'disc_server_ip' => $disc_server_ip,
'disc_server_port' => $disc_server_port,
},
+ 'KEYSTONE' => $keystone_config,
},
redis_config => $redis_config,
topology_config => {
@@ -380,7 +375,7 @@ class tripleo::network::contrail::analytics(
keystone_admin_user => $admin_user,
keystone_admin_password => $admin_password,
keystone_admin_tenant_name => $admin_tenant_name,
- openstack_vip => $public_vip,
+ openstack_vip => $auth_host,
}
}
}
diff --git a/manifests/network/contrail/analyticsdatabase.pp b/manifests/network/contrail/analyticsdatabase.pp
index cf3016a..1cffaf2 100644
--- a/manifests/network/contrail/analyticsdatabase.pp
+++ b/manifests/network/contrail/analyticsdatabase.pp
@@ -24,10 +24,10 @@
# String (IPv4) value
# Defaults to hiera('contrail::auth_host')
#
-# [*auth_port_ssl*]
-# (optional) keystone ssl port.
+# [*auth_port*]
+# (optional) keystone port.
# Integer value.
-# Defaults to hiera('contrail::auth_port_ssl')
+# Defaults to hiera('contrail::auth_port')
#
# [*auth_protocol*]
# (optional) authentication protocol.
@@ -37,7 +37,7 @@
# [*api_server*]
# (optional) IPv4 VIP of Contrail Config API
# String (IPv4) value
-# Defaults to hiera('contrail_config_vip')
+# Defaults to hiera('contrail_config_vip',hiera('internal_api_virtual_ip'))
#
# [*api_port*]
# (optional) Port of Contrail Config API
@@ -82,7 +82,7 @@
# [*disc_server_ip*]
# (optional) IPv4 VIP of Contrail Discovery
# String (IPv4) value
-# Defaults to hiera('contrail_config_vip')
+# Defaults to hiera('contrail_config_vip',hiera('internal_api_virtual_ip'))
#
# [*disc_server_port*]
# (optional) port Discovery server listens on.
@@ -104,10 +104,10 @@
# List value
# Defaults to hiera('contrail_analytics_database_short_node_names', '')
#
-# [*public_vip*]
+# [*internal_vip*]
# (optional) Public VIP
# String (IPv4) value
-# Defaults to hiera('public_virtual_ip')
+# Defaults to hiera('internal_api_virtual_ip')
#
# [*step*]
# (optional) step in the stack
@@ -122,31 +122,31 @@
class tripleo::network::contrail::analyticsdatabase(
$step = Integer(hiera('step')),
$auth_host = hiera('contrail::auth_host'),
- $api_server = hiera('contrail_config_vip'),
+ $api_server = hiera('contrail_config_vip',hiera('internal_api_virtual_ip')),
$api_port = hiera('contrail::api_port'),
$admin_password = hiera('contrail::admin_password'),
$admin_tenant_name = hiera('contrail::admin_tenant_name'),
$admin_token = hiera('contrail::admin_token'),
$admin_user = hiera('contrail::admin_user'),
- $auth_port_ssl = hiera('contrail::auth_port_ssl'),
$auth_protocol = hiera('contrail::auth_protocol'),
+ $auth_port = hiera('contrail::auth_port'),
$cassandra_servers = hiera('contrail_analytics_database_node_ips'),
$ca_file = hiera('contrail::service_certificate',false),
$cert_file = hiera('contrail::service_certificate',false),
- $disc_server_ip = hiera('contrail_config_vip'),
+ $disc_server_ip = hiera('contrail_config_vip',hiera('internal_api_virtual_ip')),
$disc_server_port = hiera('contrail::disc_server_port'),
$host_ip = hiera('contrail::analytics::database::host_ip'),
$host_name = $::hostname,
$kafka_hostnames = hiera('contrail_analytics_database_short_node_names', ''),
- $public_vip = hiera('public_virtual_ip'),
+ $internal_vip = hiera('internal_api_virtual_ip'),
$zookeeper_server_ips = hiera('contrail_database_node_ips'),
)
{
if $auth_protocol == 'https' {
$vnc_api_lib_config = {
'auth' => {
- 'AUTHN_SERVER' => $public_vip,
- 'AUTHN_PORT' => $auth_port_ssl,
+ 'AUTHN_SERVER' => $auth_host,
+ 'AUTHN_PORT' => $auth_port,
'AUTHN_PROTOCOL' => $auth_protocol,
'certfile' => $cert_file,
'cafile' => $ca_file,
@@ -155,7 +155,7 @@ class tripleo::network::contrail::analyticsdatabase(
} else {
$vnc_api_lib_config = {
'auth' => {
- 'AUTHN_SERVER' => $public_vip,
+ 'AUTHN_SERVER' => $auth_host,
},
}
}
@@ -196,7 +196,7 @@ class tripleo::network::contrail::analyticsdatabase(
keystone_admin_user => $admin_user,
keystone_admin_password => $admin_password,
keystone_admin_tenant_name => $admin_tenant_name,
- openstack_vip => $public_vip,
+ openstack_vip => $auth_host,
}
}
}
diff --git a/manifests/network/contrail/config.pp b/manifests/network/contrail/config.pp
index 3fc4fd8..2cd1613 100644
--- a/manifests/network/contrail/config.pp
+++ b/manifests/network/contrail/config.pp
@@ -48,7 +48,7 @@
# [*api_server*]
# (optional) VIP of Config API
# String (IPv4) value.
-# Defaults to hiera('contrail_config_vip')
+# Defaults to hiera('contrail_config_vip',hiera('internal_api_virtual_ip'))
#
# [*api_port*]
# (optional) Port of Config API
@@ -68,11 +68,6 @@
# (optional) keystone port.
# Defaults to hiera('contrail::auth_port')
#
-# [*auth_port_ssl*]
-# (optional) keystone ssl port.
-# Integer value.
-# Defaults to hiera('contrail::auth_port_ssl')
-#
# [*auth_protocol*]
# (optional) authentication protocol.
# Defaults to hiera('contrail::auth_protocol')
@@ -105,7 +100,7 @@
# [*disc_server_ip*]
# (optional) IPv4 address of discovery server.
# String (IPv4) value.
-# Defaults to hiera('contrail_config_vip'),
+# Defaults to hiera('contrail::disc_server_ip')
#
# [*disc_server_port*]
# (optional) port of discovery server
@@ -175,10 +170,10 @@
# String (IPv4) value + port
# Defaults to hiera('contrail::memcached_server')
#
-# [*public_vip*]
+# [*internal_vip*]
# (optional) Public virtual ip
# String value.
-# Defaults to hiera('public_virtual_ip')
+# Defaults to hiera('internal_api_virtual_ip')
#
# [*step*]
# (optional) Step stack is in
@@ -222,19 +217,18 @@ class tripleo::network::contrail::config(
$admin_tenant_name = hiera('contrail::admin_tenant_name'),
$admin_token = hiera('contrail::admin_token'),
$admin_user = hiera('contrail::admin_user'),
- $api_server = hiera('contrail_config_vip'),
+ $api_server = hiera('contrail_config_vip',hiera('internal_api_virtual_ip')),
$api_port = hiera('contrail::api_port'),
$auth = hiera('contrail::auth'),
$auth_host = hiera('contrail::auth_host'),
$auth_port = hiera('contrail::auth_port'),
- $auth_port_ssl = hiera('contrail::auth_port_ssl'),
$auth_protocol = hiera('contrail::auth_protocol'),
$cassandra_server_list = hiera('contrail_database_node_ips'),
$ca_file = hiera('contrail::service_certificate',false),
$cert_file = hiera('contrail::service_certificate',false),
$config_hostnames = hiera('contrail_config_short_node_names'),
$control_server_list = hiera('contrail_control_node_ips'),
- $disc_server_ip = hiera('contrail_config_vip'),
+ $disc_server_ip = hiera('contrail_config_vip',hiera('internal_api_virtual_ip')),
$disc_server_port = hiera('contrail::disc_server_port'),
$host_ip = hiera('contrail::config::host_ip'),
$ifmap_password = hiera('contrail::config::ifmap_password'),
@@ -248,7 +242,7 @@ class tripleo::network::contrail::config(
$linklocal_service_name = 'metadata',
$linklocal_service_ip = '169.254.169.254',
$memcached_servers = hiera('contrail::memcached_server'),
- $public_vip = hiera('public_virtual_ip'),
+ $internal_vip = hiera('internal_api_virtual_ip'),
$rabbit_server = hiera('rabbitmq_node_ips'),
$rabbit_user = hiera('contrail::rabbit_user'),
$rabbit_password = hiera('contrail::rabbit_password'),
@@ -275,7 +269,7 @@ class tripleo::network::contrail::config(
'admin_token' => $admin_token,
'admin_user' => $admin_user,
'auth_host' => $auth_host,
- 'auth_port' => $auth_port_ssl,
+ 'auth_port' => $auth_port,
'auth_protocol' => $auth_protocol,
'insecure' => $insecure,
'memcached_servers' => $memcached_servers,
@@ -285,8 +279,8 @@ class tripleo::network::contrail::config(
}
$vnc_api_lib_config = {
'auth' => {
- 'AUTHN_SERVER' => $public_vip,
- 'AUTHN_PORT' => $auth_port_ssl,
+ 'AUTHN_SERVER' => $auth_host,
+ 'AUTHN_PORT' => $auth_port,
'AUTHN_PROTOCOL' => $auth_protocol,
'certfile' => $cert_file,
'cafile' => $ca_file,
@@ -308,7 +302,7 @@ class tripleo::network::contrail::config(
}
$vnc_api_lib_config = {
'auth' => {
- 'AUTHN_SERVER' => $public_vip,
+ 'AUTHN_SERVER' => $auth_host,
},
}
}
@@ -341,6 +335,8 @@ class tripleo::network::contrail::config(
},
device_manager_config => {
'DEFAULTS' => {
+ 'api_server_ip' => $api_server,
+ 'api_server_port' => $api_port,
'cassandra_server_list' => $cassandra_server_list_9160,
'disc_server_ip' => $disc_server_ip,
'disc_server_port' => $disc_server_port,
@@ -360,6 +356,8 @@ class tripleo::network::contrail::config(
keystone_config => $keystone_config,
schema_config => {
'DEFAULTS' => {
+ 'api_server_ip' => $api_server,
+ 'api_server_port' => $api_port,
'cassandra_server_list' => $cassandra_server_list_9160,
'disc_server_ip' => $disc_server_ip,
'disc_server_port' => $disc_server_port,
@@ -375,6 +373,8 @@ class tripleo::network::contrail::config(
},
svc_monitor_config => {
'DEFAULTS' => {
+ 'api_server_ip' => $api_server,
+ 'api_server_port' => $api_port,
'cassandra_server_list' => $cassandra_server_list_9160,
'disc_server_ip' => $disc_server_ip,
'disc_server_port' => $disc_server_port,
@@ -400,7 +400,7 @@ class tripleo::network::contrail::config(
keystone_admin_user => $admin_user,
keystone_admin_password => $admin_password,
keystone_admin_tenant_name => $admin_tenant_name,
- openstack_vip => $public_vip,
+ openstack_vip => $auth_host,
}
if $config_hostnames[0] == $::hostname {
class {'::contrail::config::provision_linklocal':
diff --git a/manifests/network/contrail/control.pp b/manifests/network/contrail/control.pp
index 530d607..bad533e 100644
--- a/manifests/network/contrail/control.pp
+++ b/manifests/network/contrail/control.pp
@@ -29,6 +29,11 @@
# String value.
# Defaults to hiera('contrail::admin_tenant_name'),
#
+# [*admin_token*]
+# (optional) admin token
+# String value.
+# Defaults to hiera('contrail::admin_token'),
+#
# [*admin_user*]
# (optional) admin user name.
# String value.
@@ -37,7 +42,7 @@
# [*api_server*]
# (optional) IP address of api server
# String value.
-# Defaults to hiera('contrail_config_vip')
+# Defaults to hiera('contrail_config_vip',hiera('internal_api_virtual_ip'))
#
# [*api_port*]
# (optional) port of api server
@@ -60,7 +65,7 @@
# [*disc_server_ip*]
# (optional) IPv4 address of discovery server.
# String (IPv4) value.
-# Defaults to hiera('contrail_config_vip')
+# Defaults to hiera('contrail::disc_server_ip'),
#
# [*disc_server_port*]
# (optional) port Discovery server listens on.
@@ -96,10 +101,15 @@
# String (IPv4) value + port
# Defaults to hiera('contrail::memcached_servers'),
#
-# [*public_vip*]
+# [*manage_named*]
+# (optional) switch for managing named
+# String
+# Defaults to hiera('contrail::manage_named'),
+#
+# [*internal_vip*]
# (optional) Public Virtual IP address
# String (IPv4) value
-# Defaults to hiera('public_virtual_ip')
+# Defaults to hiera('internal_api_virtual_ip')
#
# [*router_asn*]
# (optional) Autonomus System Number
@@ -120,13 +130,14 @@ class tripleo::network::contrail::control(
$step = Integer(hiera('step')),
$admin_password = hiera('contrail::admin_password'),
$admin_tenant_name = hiera('contrail::admin_tenant_name'),
+ $admin_token = hiera('contrail::admin_token'),
$admin_user = hiera('contrail::admin_user'),
- $api_server = hiera('contrail_config_vip'),
+ $api_server = hiera('contrail_config_vip',hiera('internal_api_virtual_ip')),
$api_port = hiera('contrail::api_port'),
$auth_host = hiera('contrail::auth_host'),
$auth_port = hiera('contrail::auth_port'),
$auth_protocol = hiera('contrail::auth_protocol'),
- $disc_server_ip = hiera('contrail_config_vip'),
+ $disc_server_ip = hiera('contrail_config_vip',hiera('internal_api_virtual_ip')),
$disc_server_port = hiera('contrail::disc_server_port'),
$host_ip = hiera('contrail::control::host_ip'),
$ibgp_auto_mesh = true,
@@ -134,9 +145,10 @@ class tripleo::network::contrail::control(
$ifmap_username = hiera('contrail::control::host_ip'),
$insecure = hiera('contrail::insecure'),
$memcached_servers = hiera('contrail::memcached_server'),
- $public_vip = hiera('public_virtual_ip'),
+ $internal_vip = hiera('internal_api_virtual_ip'),
$router_asn = hiera('contrail::control::asn'),
$secret = hiera('contrail::control::rndc_secret'),
+ $manage_named = hiera('contrail::control::manage_named'),
)
{
$control_ifmap_user = "${ifmap_username}.control"
@@ -147,6 +159,7 @@ class tripleo::network::contrail::control(
if $step >= 3 {
class {'::contrail::control':
secret => $secret,
+ manage_named => $manage_named,
control_config => {
'DEFAULT' => {
'hostip' => $host_ip,
diff --git a/manifests/network/contrail/database.pp b/manifests/network/contrail/database.pp
index 3d6b40b..35ac9cd 100644
--- a/manifests/network/contrail/database.pp
+++ b/manifests/network/contrail/database.pp
@@ -39,16 +39,16 @@
# String value.
# Defaults to hiera('contrail::admin_user')
#
+# [*api_server*]
+# (optional) VIP of Config API
+# String (IPv4) value.
+# Defaults to hiera('contrail_config_vip',hiera('internal_api_virtual_ip'))
+#
# [*api_port*]
# (optional) Port of Config API
# String value.
# Defaults to hiera('contrail::api_port')
#
-# [*api_server*]
-# (optional) VIP of Config API
-# String (IPv4) value.
-# Defaults to hiera('contrail_config_vip')
-#
# [*auth_host*]
# (optional) keystone server ip address
# String (IPv4) value.
@@ -62,7 +62,7 @@
# [*disc_server_ip*]
# (optional) IPv4 address of discovery server.
# String (IPv4) value.
-# Defaults to hiera('contrail_config_vip'),
+# Defaults to hiera('contrail::disc_server_ip')
#
# [*disc_server_port*]
# (optional) port Discovery server listens on.
@@ -78,10 +78,10 @@
# String value.
# Defaults to $::hostname
#
-# [*public_vip*]
+# [*internal_vip*]
# (optional) Public virtual ip
# String value.
-# Defaults to hiera('public_virtual_ip')
+# Defaults to hiera('internal_api_virtual_ip')
#
# [*step*]
# (optional) Step stack is in
@@ -108,15 +108,15 @@ class tripleo::network::contrail::database(
$admin_tenant_name = hiera('contrail::admin_tenant_name'),
$admin_token = hiera('contrail::admin_token'),
$admin_user = hiera('contrail::admin_user'),
+ $api_server = hiera('contrail_config_vip',hiera('internal_api_virtual_ip')),
$api_port = hiera('contrail::api_port'),
- $api_server = hiera('contrail_config_vip'),
$auth_host = hiera('contrail::auth_host'),
$cassandra_servers = hiera('contrail_database_node_ips'),
- $disc_server_ip = hiera('contrail_config_vip'),
+ $disc_server_ip = hiera('contrail_config_vip',hiera('internal_api_virtual_ip')),
$disc_server_port = hiera('contrail::disc_server_port'),
$host_ip = hiera('contrail::database::host_ip'),
$host_name = $::hostname,
- $public_vip = hiera('public_virtual_ip'),
+ $internal_vip = hiera('internal_api_virtual_ip'),
$step = Integer(hiera('step')),
$zookeeper_client_ip = hiera('contrail::database::host_ip'),
$zookeeper_hostnames = hiera('contrail_database_short_node_names'),
@@ -160,7 +160,7 @@ class tripleo::network::contrail::database(
keystone_admin_user => $admin_user,
keystone_admin_password => $admin_password,
keystone_admin_tenant_name => $admin_tenant_name,
- openstack_vip => $public_vip,
+ openstack_vip => $auth_host,
}
}
}
diff --git a/manifests/network/contrail/heat.pp b/manifests/network/contrail/heat.pp
index 4ef2a31..cc4b5ec 100644
--- a/manifests/network/contrail/heat.pp
+++ b/manifests/network/contrail/heat.pp
@@ -24,21 +24,31 @@
# String value.
# Defaults to hiera('contrail::admin_password')
#
+# [*admin_tenant_name*]
+# (optional) admin tenant name.
+# String value.
+# Defaults to hiera('contrail::admin_tenant_name')
+#
+# [*admin_token*]
+# (optional) admin token
+# String value.
+# Defaults to hiera('contrail::admin_token')
+#
# [*admin_user*]
# (optional) admin user name.
# String value.
# Defaults to hiera('contrail::admin_user')
#
+# [*api_server*]
+# (optional) IP address of api server
+# String value.
+# Defaults to hiera('contrail_config_vip',hiera('internal_api_virtual_ip'))
+#
# [*api_port*]
# (optional) port of api server
# String value.
# Defaults to hiera('contrail::api_port')
#
-# [*api_server*]
-# (optional) IP address of api server
-# String value.
-# Defaults to hiera('contrail_config_vip')
-#
# [*auth_host*]
# (optional) keystone server ip address
# String (IPv4) value.
@@ -56,14 +66,16 @@
#
class tripleo::network::contrail::heat(
$admin_password = hiera('contrail::admin_password'),
+ $admin_token = hiera('contrail::admin_token'),
$admin_user = hiera('contrail::admin_user'),
+ $api_server = hiera('contrail_config_vip',hiera('internal_api_virtual_ip')),
$api_port = 8082,
- $api_server = hiera('contrail_config_vip'),
$auth_host = hiera('contrail::auth_host'),
$step = Integer(hiera('step')),
$use_ssl = 'False',
)
{
+
class {'::contrail::heat':
heat_config => {
'clients_contrail' => {
diff --git a/manifests/network/contrail/neutron_plugin.pp b/manifests/network/contrail/neutron_plugin.pp
index d9aa587..52cdc62 100644
--- a/manifests/network/contrail/neutron_plugin.pp
+++ b/manifests/network/contrail/neutron_plugin.pp
@@ -22,16 +22,16 @@
# String value.
# Defaults to hiera('contrail::admin_user')
#
+# [*api_server*]
+# (optional) IP address of api server
+# String value.
+# Defaults to hiera('contrail_config_vip',hiera('internal_api_virtual_ip'))
+#
# [*api_port*]
# (optional) port of api server
# String value.
# Defaults to hiera('contrail::api_port')
#
-# [*api_server*]
-# (optional) IP address of api server
-# String value.
-# Defaults to hiera('contrail_config_vip')
-#
# [*auth_host*]
# (optional) keystone server ip address
# String (IPv4) value.
@@ -42,11 +42,6 @@
# Integer value.
# Defaults to hiera('contrail::auth_port')
#
-# [*auth_port_ssl*]
-# (optional) keystone ssl port.
-# Integer value.
-# Defaults to hiera('contrail::auth_port_ssl')
-#
# [*auth_protocol*]
# (optional) authentication protocol.
# String value.
@@ -62,6 +57,14 @@
# String value.
# Defaults to hiera('contrail::service_certificate',false)
#
+# [*api_server_ip*]
+# IP address of the API Server
+# Defaults to $::os_service_default
+#
+# [*api_server_port*]
+# Port of the API Server.
+# Defaults to $::os_service_default
+#
# [*contrail_extensions*]
# Array of OpenContrail extensions to be supported
# Defaults to $::os_service_default
@@ -71,6 +74,26 @@
# contrail_extensions => ['ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam']
# }
#
+# [*keystone_auth_url*]
+# Url of the keystone auth server
+# Defaults to $::os_service_default
+#
+# [*keystone_admin_user*]
+# Admin user name
+# Defaults to $::os_service_default
+#
+# [*keystone_admin_tenant_name*]
+# Admin_tenant_name
+# Defaults to $::os_service_default
+#
+# [*keystone_admin_password*]
+# Admin password
+# Defaults to $::os_service_default
+#
+# [*keystone_admin_token*]
+# Admin token
+# Defaults to $::os_service_default
+#
# [*package_ensure*]
# (optional) Ensure state for package.
# Defaults to 'present'.
@@ -81,21 +104,20 @@
# Defaults to false.
#
class tripleo::network::contrail::neutron_plugin (
- $admin_password = hiera('contrail::admin_password'),
- $admin_tenant_name = hiera('contrail::admin_tenant_name'),
- $admin_token = hiera('contrail::admin_token'),
- $admin_user = hiera('contrail::admin_user'),
- $api_port = hiera('contrail::api_port'),
- $api_server = hiera('contrail_config_vip'),
- $auth_host = hiera('contrail::auth_host'),
- $auth_port = hiera('contrail::auth_port'),
- $auth_port_ssl = hiera('contrail::auth_port_ssl'),
- $auth_protocol = hiera('contrail::auth_protocol'),
- $ca_file = hiera('tripleo::haproxy::service_certificate',false),
- $cert_file = hiera('tripleo::haproxy::service_certificate',false),
- $contrail_extensions = hiera('contrail::vrouter::contrail_extensions'),
- $package_ensure = 'present',
- $purge_config = false,
+ $contrail_extensions = hiera('contrail::vrouter::contrail_extensions'),
+ $admin_password = hiera('contrail::admin_password'),
+ $admin_tenant_name = hiera('contrail::admin_tenant_name'),
+ $admin_token = hiera('contrail::admin_token'),
+ $admin_user = hiera('contrail::admin_user'),
+ $api_server = hiera('contrail_config_vip',hiera('internal_api_virtual_ip')),
+ $api_port = hiera('contrail::api_port'),
+ $auth_host = hiera('contrail::auth_host'),
+ $auth_port = hiera('contrail::auth_port'),
+ $auth_protocol = hiera('contrail::auth_protocol'),
+ $ca_file = hiera('tripleo::haproxy::service_certificate',false),
+ $cert_file = hiera('tripleo::haproxy::service_certificate',false),
+ $purge_config = false,
+ $package_ensure = 'present',
) {
include ::neutron::deps
@@ -159,8 +181,8 @@ class tripleo::network::contrail::neutron_plugin (
command => '/usr/sbin/usermod -a -G haproxy neutron',
}
+ $auth_url = join([$auth_protocol,'://',$auth_host,':',$auth_port,'/v2.0'])
if $auth_protocol == 'https' {
- $auth_url = join([$auth_protocol,'://',$auth_host,':',$auth_port_ssl,'/v2.0'])
neutron_plugin_opencontrail {
'APISERVER/api_server_ip': value => $api_server;
'APISERVER/api_server_port': value => $api_port;
@@ -177,12 +199,11 @@ class tripleo::network::contrail::neutron_plugin (
'keystone_authtoken/admin_password': value => $admin_password, secret =>true;
'keystone_authtoken/auth_host': value => $auth_host;
'keystone_authtoken/auth_protocol': value => $auth_protocol;
- 'keystone_authtoken/auth_port': value => $auth_port_ssl;
+ 'keystone_authtoken/auth_port': value => $auth_port;
'keystone_authtoken/cafile': value => $ca_file;
'keystone_authtoken/certfile': value => $cert_file;
}
} else {
- $auth_url = join([$auth_protocol,'://',$auth_host,':',$auth_port,'/v2.0'])
neutron_plugin_opencontrail {
'APISERVER/api_server_ip': value => $api_server;
'APISERVER/api_server_port': value => $api_port;
diff --git a/manifests/network/contrail/provision.pp b/manifests/network/contrail/provision.pp
index 742c4a2..393e3b1 100644
--- a/manifests/network/contrail/provision.pp
+++ b/manifests/network/contrail/provision.pp
@@ -19,6 +19,10 @@
#
# == Parameters:
#
+# [*host_ip*]
+# (required) host IP address of Control
+# String (IPv4) value.
+#
# [*admin_password*]
# (optional) admin password
# String value.
@@ -42,7 +46,7 @@
# [*api_server*]
# (optional) IP address of api server
# String value.
-# Defaults to hiera('contrail_config_vip')
+# Defaults to hiera('contrail_config_vip',hiera('internal_api_virtual_ip'))
#
# [*auth_host*]
# (optional) keystone server ip address
diff --git a/manifests/network/contrail/vrouter.pp b/manifests/network/contrail/vrouter.pp
index 678a77d..37c7a7b 100644
--- a/manifests/network/contrail/vrouter.pp
+++ b/manifests/network/contrail/vrouter.pp
@@ -45,7 +45,7 @@
# [*api_server*]
# (optional) IP address of api server
# String value.
-# Defaults to hiera('contrail_config_vip')
+# Defaults to hiera('contrail_config_vip',hiera('internal_api_virtual_ip'))
#
# [*api_port*]
# (optional) port of api server
@@ -62,11 +62,6 @@
# Integer value.
# Defaults to hiera('contrail::auth_port')
#
-# [*auth_port_ssl*]
-# (optional) keystone ssl port.
-# Integer value.
-# Defaults to hiera('contrail::auth_port_ssl')
-#
# [*auth_protocol*]
# (optional) authentication protocol.
# String value.
@@ -90,7 +85,7 @@
# [*disc_server_ip*]
# (optional) IPv4 address of discovery server.
# String (IPv4) value.
-# Defaults to hiera('contrail_config_vip'),
+# Defaults to hiera('contrail::disc_server_ip')
#
# [*disc_server_port*]
# (optional) port Discovery server listens on.
@@ -132,16 +127,21 @@
# String value.
# Defaults to hiera('contrail::vrouter::physical_interface')
#
-# [*public_vip*]
+# [*internal_vip*]
# (optional) Public VIP to Keystone
# String (IPv4) value.
-# Defaults to hiera('public_virtual_ip')
+# Defaults to hiera('internal_api_virtual_ip')
#
# [*is_tsn*]
# (optional) Turns vrouter into TSN
# String value.
# Defaults to hiera('contrail::vrouter::is_tsn',false)
#
+# [*is_dpdk*]
+# (optional) Turns vrouter into DPDK Compute Node
+# String value.
+# Defaults to hiera('contrail::vrouter::is_dpdk',false)
+#
class tripleo::network::contrail::vrouter (
$step = Integer(hiera('step')),
$admin_password = hiera('contrail::admin_password'),
@@ -149,15 +149,14 @@ class tripleo::network::contrail::vrouter (
$admin_token = hiera('contrail::admin_token'),
$admin_user = hiera('contrail::admin_user'),
$api_port = hiera('contrail::api_port'),
- $api_server = hiera('contrail_config_vip'),
+ $api_server = hiera('contrail_config_vip',hiera('internal_api_virtual_ip')),
$auth_host = hiera('contrail::auth_host'),
$auth_port = hiera('contrail::auth_port'),
- $auth_port_ssl = hiera('contrail::auth_port_ssl'),
$auth_protocol = hiera('contrail::auth_protocol'),
$ca_file = hiera('contrail::service_certificate',false),
$cert_file = hiera('contrail::service_certificate',false),
- $control_server = hiera('contrail_control_node_ips'),
- $disc_server_ip = hiera('contrail_config_vip'),
+ $control_server = hiera('contrail::vrouter::control_node_ips'),
+ $disc_server_ip = hiera('contrail_config_vip',hiera('internal_api_virtual_ip')),
$disc_server_port = hiera('contrail::disc_server_port'),
$gateway = hiera('contrail::vrouter::gateway'),
$host_ip = hiera('contrail::vrouter::host_ip'),
@@ -166,18 +165,23 @@ class tripleo::network::contrail::vrouter (
$metadata_secret = hiera('contrail::vrouter::metadata_proxy_shared_secret'),
$netmask = hiera('contrail::vrouter::netmask'),
$physical_interface = hiera('contrail::vrouter::physical_interface'),
- $public_vip = hiera('public_virtual_ip'),
+ $internal_vip = hiera('internal_api_virtual_ip'),
$is_tsn = hiera('contrail::vrouter::is_tsn',false),
+ $is_dpdk = hiera('contrail::vrouter::is_dpdk',false),
) {
$cidr = netmask_to_cidr($netmask)
notify { 'cidr':
message => $cidr,
}
- $macaddress = inline_template("<%= scope.lookupvar('::macaddress_${physical_interface}') -%>")
#include ::contrail::vrouter
# NOTE: it's not possible to use this class without a functional
# contrail controller up and running
- $control_server_list = join($control_server, ' ')
+ if size($control_server) == 0 {
+ #$control_server_list = join(hiera('contrail_control_node_ips'), ' ')
+ $control_server_list = ''
+ } else {
+ $control_server_list = join($control_server, ' ')
+ }
if $auth_protocol == 'https' {
$keystone_config = {
'KEYSTONE' => {
@@ -186,7 +190,7 @@ class tripleo::network::contrail::vrouter (
'admin_token' => $admin_token,
'admin_user' => $admin_user,
'auth_host' => $auth_host,
- 'auth_port' => $auth_port_ssl,
+ 'auth_port' => $auth_port,
'auth_protocol' => $auth_protocol,
'insecure' => $insecure,
'memcached_servers' => $memcached_servers,
@@ -196,8 +200,8 @@ class tripleo::network::contrail::vrouter (
}
$vnc_api_lib_config = {
'auth' => {
- 'AUTHN_SERVER' => $public_vip,
- 'AUTHN_PORT' => $auth_port_ssl,
+ 'AUTHN_SERVER' => $auth_host,
+ 'AUTHN_PORT' => $auth_port,
'AUTHN_PROTOCOL' => $auth_protocol,
'certfile' => $cert_file,
'cafile' => $ca_file,
@@ -219,18 +223,59 @@ class tripleo::network::contrail::vrouter (
}
$vnc_api_lib_config = {
'auth' => {
- 'AUTHN_SERVER' => $public_vip,
+ 'AUTHN_SERVER' => $auth_host,
},
}
}
if $is_tsn {
+ $macaddress = inline_template("<%= scope.lookupvar('::macaddress_${physical_interface}') -%>")
$vrouter_agent_config = {
- 'DEBUG' => {
+ 'DEFAULT' => {
'agent_mode' => 'tsn',
},
+ 'DNS' => {
+ 'server' => $control_server_list,
+ },
+ 'CONTROL-NODE' => {
+ 'server' => $control_server_list,
+ },
+ 'NETWORKS' => {
+ 'control_network_ip' => $host_ip,
+ },
+ 'VIRTUAL-HOST-INTERFACE' => {
+ 'compute_node_address' => $host_ip,
+ 'gateway' => $gateway,
+ 'ip' => "${host_ip}/${cidr}",
+ 'name' => 'vhost0',
+ 'physical_interface' => $physical_interface,
+ },
+ 'METADATA' => {
+ 'metadata_proxy_secret' => $metadata_secret,
+ },
+ 'DISCOVERY' => {
+ 'server' => $disc_server_ip,
+ 'port' => $disc_server_port,
+ },
+ }
+ } elsif $is_dpdk {
+ $pciaddress = generate('/bin/cat','/etc/contrail/dpdk_pci')
+ $macaddress = generate('/bin/cat','/etc/contrail/dpdk_mac')
+ $vrouter_agent_config = {
+ 'DEFAULT' => {
+ 'platform' => 'dpdk',
+ 'physical_uio_driver' => 'uio_pci_generic',
+ 'physical_interface_mac' => $macaddress,
+ 'physical_interface_address' => $pciaddress,
+ },
+ 'DNS' => {
+ 'server' => $control_server_list,
+ },
'CONTROL-NODE' => {
'server' => $control_server_list,
},
+ 'NETWORKS' => {
+ 'control_network_ip' => $host_ip,
+ },
'VIRTUAL-HOST-INTERFACE' => {
'compute_node_address' => $host_ip,
'gateway' => $gateway,
@@ -247,10 +292,17 @@ class tripleo::network::contrail::vrouter (
},
}
} else {
+ $macaddress = inline_template("<%= scope.lookupvar('::macaddress_${physical_interface}') -%>")
$vrouter_agent_config = {
+ 'DNS' => {
+ 'server' => $control_server_list,
+ },
'CONTROL-NODE' => {
'server' => $control_server_list,
},
+ 'NETWORKS' => {
+ 'control_network_ip' => $host_ip,
+ },
'VIRTUAL-HOST-INTERFACE' => {
'compute_node_address' => $host_ip,
'gateway' => $gateway,
@@ -272,6 +324,7 @@ class tripleo::network::contrail::vrouter (
gateway => $gateway,
host_ip => $host_ip,
is_tsn => $is_tsn,
+ is_dpdk => $is_dpdk,
macaddr => $macaddress,
mask => $cidr,
netmask => $netmask,
@@ -297,6 +350,7 @@ class tripleo::network::contrail::vrouter (
keystone_admin_password => $admin_password,
keystone_admin_tenant_name => $admin_tenant_name,
is_tsn => $is_tsn,
+ is_dpdk => $is_dpdk,
}
}
}
diff --git a/manifests/network/contrail/webui.pp b/manifests/network/contrail/webui.pp
index b621811..f0b1af6 100644
--- a/manifests/network/contrail/webui.pp
+++ b/manifests/network/contrail/webui.pp
@@ -49,16 +49,6 @@
# Integer value.
# Defaults to hiera('contrail::auth_port_public')
#
-# [*auth_port_ssl*]
-# (optional) keystone ssl port.
-# Integer value.
-# Defaults to hiera('contrail::auth_port_ssl')
-#
-# [*auth_port_ssl_public*]
-# (optional) keystone public ssl port.
-# Integer value.
-# Defaults to hiera('contrail::auth_port_ssl_public')
-#
# [*auth_protocol*]
# (optional) authentication protocol.
# String value.
@@ -77,12 +67,12 @@
# [*contrail_analytics_vip*]
# (optional) VIP of Contrail Analytics
# String (IPv4) value.
-# Defaults to hiera('contrail_analytics_vip')
+# Defaults to hiera('contrail_analytics_vip',hiera('internal_api_virtual_ip'))
#
# [*contrail_config_vip*]
# (optional) VIP of Contrail Config
# String (IPv4) value.
-# Defaults to hiera('contrail_config_vip')
+# Defaults to hiera('contrail_config_vip',hiera('internal_api_virtual_ip'))
#
# [*contrail_webui_http_port*]
# (optional) Webui HTTP Port
@@ -97,7 +87,7 @@
# [*neutron_vip*]
# (optional) VIP of Neutron
# String (IPv4) value.
-# Defaults to hiera('neutron_api_vip')
+# Defaults to hiera('internal_api_virtual_ip')
#
# [*redis_ip*]
# (optional) IP of Redis
@@ -109,31 +99,25 @@ class tripleo::network::contrail::webui(
$admin_tenant_name = hiera('contrail::admin_tenant_name'),
$admin_token = hiera('contrail::admin_token'),
$admin_user = hiera('contrail::admin_user'),
- $auth_host = hiera('contrail::auth_host'),
+ $auth_host = hiera('internal_api_virtual_ip'),
$auth_protocol = hiera('contrail::auth_protocol'),
$auth_port_public = hiera('contrail::auth_port_public'),
- $auth_port_ssl_public = hiera('contrail::auth_port_ssl_public'),
$cassandra_server_list = hiera('contrail_database_node_ips'),
- $cert_file = hiera('contrail::cert_file'),
- $contrail_analytics_vip = hiera('contrail_analytics_vip'),
- $contrail_config_vip = hiera('contrail_config_vip'),
+ $cert_file = hiera('contrail::service_certificate',false),
+ $contrail_analytics_vip = hiera('contrail_analytics_vip',hiera('internal_api_virtual_ip')),
+ $contrail_config_vip = hiera('contrail_config_vip',hiera('internal_api_virtual_ip')),
$contrail_webui_http_port = hiera('contrail::webui::http_port'),
$contrail_webui_https_port = hiera('contrail::webui::https_port'),
- $neutron_vip = hiera('neutron_api_vip'),
+ $neutron_vip = hiera('internal_api_virtual_ip'),
$redis_ip = hiera('contrail::webui::redis_ip'),
)
{
- if $auth_protocol == 'https' {
- $auth_port = $auth_port_ssl_public
- } else {
- $auth_port = $auth_port_public
- }
class {'::contrail::webui':
admin_user => $admin_user,
admin_password => $admin_password,
admin_token => $admin_token,
admin_tenant_name => $admin_tenant_name,
- auth_port => $auth_port,
+ auth_port => $auth_port_public,
auth_protocol => $auth_protocol,
cassandra_ip => $cassandra_server_list,
cert_file => $cert_file,
diff --git a/manifests/profile/base/aodh/api.pp b/manifests/profile/base/aodh/api.pp
index 300c0ca..d6ec32b 100644
--- a/manifests/profile/base/aodh/api.pp
+++ b/manifests/profile/base/aodh/api.pp
@@ -23,6 +23,10 @@
# This is set by t-h-t.
# Defaults to hiera('aodh_api_network', undef)
#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
# [*certificates_specs*]
# (Optional) The specifications to give to certmonger for the certificate(s)
# it will create.
@@ -47,10 +51,16 @@
class tripleo::profile::base::aodh::api (
$aodh_network = hiera('aodh_api_network', undef),
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$step = Integer(hiera('step')),
) {
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
+ }
include ::tripleo::profile::base::aodh
@@ -66,7 +76,7 @@ class tripleo::profile::base::aodh::api (
}
- if $step >= 3 {
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::aodh::api
include ::apache::mod::ssl
class { '::aodh::wsgi::apache':
diff --git a/manifests/profile/base/ceilometer/api.pp b/manifests/profile/base/ceilometer/api.pp
index 6a30a40..11c1da3 100644
--- a/manifests/profile/base/ceilometer/api.pp
+++ b/manifests/profile/base/ceilometer/api.pp
@@ -23,6 +23,10 @@
# This is set by t-h-t.
# Defaults to hiera('ceilometer_api_network', undef)
#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
# [*certificates_specs*]
# (Optional) The specifications to give to certmonger for the certificate(s)
# it will create.
@@ -45,11 +49,18 @@
# Defaults to hiera('step')
#
class tripleo::profile::base::ceilometer::api (
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
$ceilometer_network = hiera('ceilometer_api_network', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$step = Integer(hiera('step')),
) {
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
+ }
+
include ::tripleo::profile::base::ceilometer
if $enable_internal_tls {
@@ -63,7 +74,7 @@ class tripleo::profile::base::ceilometer::api (
$tls_keyfile = undef
}
- if $step >= 3 {
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::ceilometer::api
include ::apache::mod::ssl
class { '::ceilometer::wsgi::apache':
diff --git a/manifests/profile/base/ceilometer/upgrade.pp b/manifests/profile/base/ceilometer/upgrade.pp
index f192b48..0031b79 100644
--- a/manifests/profile/base/ceilometer/upgrade.pp
+++ b/manifests/profile/base/ceilometer/upgrade.pp
@@ -42,8 +42,16 @@ class tripleo::profile::base::ceilometer::upgrade (
# are created safely.
if $step >= 5 and $sync_db {
exec {'ceilometer-db-upgrade':
- command => 'ceilometer-upgrade --skip-metering-database',
- path => ['/usr/bin', '/usr/sbin'],
+ command => 'ceilometer-upgrade --skip-metering-database',
+ path => ['/usr/bin', '/usr/sbin'],
+ # LP#1703444 - When this runs, it talks to gnocchi on all controllers
+ # which then reaches out to keystone via haproxy. Since the deployment
+ # may restart httpd on these other nodes it can result in an intermittent
+ # 503 which fails this command. We should retry the upgrade in case of
+ # error since we cannot ensure that there might not be some other deploy
+ # process running on the other nodes.
+ try_sleep => 5,
+ tries => 10
}
}
}
diff --git a/manifests/profile/base/cinder/volume.pp b/manifests/profile/base/cinder/volume.pp
index 3581540..bdfdd17 100644
--- a/manifests/profile/base/cinder/volume.pp
+++ b/manifests/profile/base/cinder/volume.pp
@@ -20,11 +20,11 @@
#
# [*cinder_enable_pure_backend*]
# (Optional) Whether to enable the pure backend
-# Defaults to true
+# Defaults to false
#
# [*cinder_enable_dellsc_backend*]
# (Optional) Whether to enable the delsc backend
-# Defaults to true
+# Defaults to false
#
# [*cinder_enable_hpelefthand_backend*]
# (Optional) Whether to enable the hpelefthand backend
@@ -32,7 +32,7 @@
#
# [*cinder_enable_dellps_backend*]
# (Optional) Whether to enable the dellps backend
-# Defaults to true
+# Defaults to false
#
# [*cinder_enable_iscsi_backend*]
# (Optional) Whether to enable the iscsi backend
@@ -40,19 +40,23 @@
#
# [*cinder_enable_netapp_backend*]
# (Optional) Whether to enable the netapp backend
-# Defaults to true
+# Defaults to false
#
# [*cinder_enable_nfs_backend*]
# (Optional) Whether to enable the nfs backend
-# Defaults to true
+# Defaults to false
#
# [*cinder_enable_rbd_backend*]
# (Optional) Whether to enable the rbd backend
-# Defaults to true
+# Defaults to false
#
# [*cinder_enable_scaleio_backend*]
# (Optional) Whether to enable the scaleio backend
-# Defaults to true
+# Defaults to false
+#
+#[*cinder_enable_vrts_hs_backend*]
+# (Optional) Whether to enable the Veritas HyperScale backend
+# Defaults to false
#
# [*cinder_user_enabled_backends*]
# (Optional) List of additional backend stanzas to activate
@@ -73,6 +77,7 @@ class tripleo::profile::base::cinder::volume (
$cinder_enable_nfs_backend = false,
$cinder_enable_rbd_backend = false,
$cinder_enable_scaleio_backend = false,
+ $cinder_enable_vrts_hs_backend = false,
$cinder_user_enabled_backends = hiera('cinder_user_enabled_backends', undef),
$step = Integer(hiera('step')),
) {
@@ -144,6 +149,13 @@ class tripleo::profile::base::cinder::volume (
$cinder_scaleio_backend_name = undef
}
+ if $cinder_enable_vrts_hs_backend {
+ include ::tripleo::profile::base::cinder::volume::veritas_hyperscale
+ $cinder_veritas_hyperscale_backend_name = 'Veritas_HyperScale'
+ } else {
+ $cinder_veritas_hyperscale_backend_name = undef
+ }
+
$backends = delete_undef_values([$cinder_iscsi_backend_name,
$cinder_rbd_backend_name,
$cinder_pure_backend_name,
@@ -153,6 +165,7 @@ class tripleo::profile::base::cinder::volume (
$cinder_netapp_backend_name,
$cinder_nfs_backend_name,
$cinder_scaleio_backend_name,
+ $cinder_veritas_hyperscale_backend_name,
$cinder_user_enabled_backends])
# NOTE(aschultz): during testing it was found that puppet 3 may incorrectly
# include a "" in the previous array which is not removed by the
diff --git a/manifests/profile/base/cinder/volume/veritas_hyperscale.pp b/manifests/profile/base/cinder/volume/veritas_hyperscale.pp
new file mode 100644
index 0000000..4516d01
--- /dev/null
+++ b/manifests/profile/base/cinder/volume/veritas_hyperscale.pp
@@ -0,0 +1,44 @@
+# Copyright (c) 2017 Veritas Technologies LLC.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::cinder::volume::veritas_hyperscale
+#
+# Cinder Volume Veritas HyperScale profile for tripleo
+#
+# === Parameters
+#
+# [*backend_name*]
+# (Optional) The name of Veritas HyperScale cinder backend.
+# Currently the backend name is hard-coded in the driver, and it won't
+# function if other value is set in hiera.
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::cinder::volume::veritas_hyperscale (
+ # Note: Currently the backend name is hard-coded in the driver, and it won't
+ # function if other value is set in hiera.
+ $backend_name = hiera('cinder::backend::veritas_hyperscale::volume_backend_name', 'Veritas_HyperScale'),
+ $step = Integer(hiera('step')),
+) {
+ include ::tripleo::profile::base::cinder::volume
+
+ if $step >= 4 {
+ cinder::backend::veritas_hyperscale { $backend_name :
+ }
+ }
+
+}
diff --git a/manifests/profile/base/database/mysql.pp b/manifests/profile/base/database/mysql.pp
index 8eb6079..3bf41cf 100644
--- a/manifests/profile/base/database/mysql.pp
+++ b/manifests/profile/base/database/mysql.pp
@@ -95,6 +95,9 @@ class tripleo::profile::base::database::mysql (
if $enable_internal_tls {
$tls_certfile = $certificate_specs['service_certificate']
$tls_keyfile = $certificate_specs['service_key']
+
+ # Force users/grants created to use TLS connections
+ Openstacklib::Db::Mysql <||> { tls_options => ['SSL'] }
} else {
$tls_certfile = undef
$tls_keyfile = undef
@@ -217,6 +220,13 @@ class tripleo::profile::base::database::mysql (
if hiera('ec2_api_enabled', false) {
include ::ec2api::db::mysql
}
+ if hiera('zaqar_enabled', false) and hiera('zaqar::db::mysql::user', '') == 'zaqar' {
+ # NOTE: by default zaqar uses mongodb
+ include ::zaqar::db::mysql
+ }
+ if hiera('veritas_hyperscale_controller_enabled', false) {
+ include ::veritas_hyperscale::db::mysql
+ }
}
}
diff --git a/manifests/profile/base/database/mysql/client.pp b/manifests/profile/base/database/mysql/client.pp
index 1e55f05..68d524b 100644
--- a/manifests/profile/base/database/mysql/client.pp
+++ b/manifests/profile/base/database/mysql/client.pp
@@ -53,13 +53,6 @@ class tripleo::profile::base::database::mysql::client (
$step = Integer(hiera('step')),
) {
if $step >= 1 {
- # If the folder /etc/my.cnf.d does not exist (e.g. if mariadb is not
- # present in the base image but installed as a package afterwards),
- # create it. We do not want to touch the permissions in case it already
- # exists due to the mariadb server package being pre-installed
- # Note: We use exec instead of file in the case that the mysql class is
- # included on this node as well (we'd get duplicate declaration in such a
- # situation when using file)
if $mysql_client_bind_address {
$client_bind_changes = [
"set ${mysql_read_default_group}/bind-address '${mysql_client_bind_address}'"
@@ -85,15 +78,37 @@ class tripleo::profile::base::database::mysql::client (
$conf_changes = union($client_bind_changes, $changes_ssl)
# Create /etc/my.cnf.d/tripleo.cnf
- exec { 'directory-create-etc-my.cnf.d':
- command => 'mkdir -p /etc/my.cnf.d',
- unless => 'test -d /etc/my.cnf.d',
- path => ['/usr/bin', '/usr/sbin', '/bin', '/sbin'],
- } ->
+ # If the folder /etc/my.cnf.d does not exist (e.g. if mariadb is not
+ # present in the base image but installed as a package afterwards),
+ # create it. We do not want to touch the permissions in case it already
+ # exists due to the mariadb server package being pre-installed
+ if $::uuid == 'docker' {
+ # When generating configuration with docker-puppet, services do
+ # not include any profile that would ensure creation of /etc/my.cnf.d,
+ # so we enforce the check here.
+ file {'/etc/my.cnf.d':
+ ensure => 'directory'
+ }
+ } else {
+ # Otherwise, depending on the role, puppet may run this profile
+ # concurrently with the mysql profile, so we use an exec resource
+ # in order to avoid getting duplicate declaration errors
+ exec { 'directory-create-etc-my.cnf.d':
+ command => 'mkdir -p /etc/my.cnf.d',
+ unless => 'test -d /etc/my.cnf.d',
+ path => ['/usr/bin', '/usr/sbin', '/bin', '/sbin'],
+ before => Augeas['tripleo-mysql-client-conf']
+ }
+ }
+
augeas { 'tripleo-mysql-client-conf':
incl => $mysql_read_default_file,
lens => 'Puppet.lns',
changes => $conf_changes,
}
+
+ # If a profile created a file resource for the parent directory,
+ # ensure it is being run before the config file generation
+ File<| title == '/etc/my.cnf.d' |> -> Augeas['tripleo-mysql-client-conf']
}
}
diff --git a/manifests/profile/base/docker.pp b/manifests/profile/base/docker.pp
index 28a2764..2c9824a 100644
--- a/manifests/profile/base/docker.pp
+++ b/manifests/profile/base/docker.pp
@@ -19,14 +19,10 @@
#
# === Parameters
#
-# [*docker_namespace*]
-# The namespace to be used when setting INSECURE_REGISTRY
-# this will be split on "/" to derive the docker registry
-# (defaults to undef)
-#
-# [*insecure_registry*]
-# Set docker_namespace to INSECURE_REGISTRY, used when a local registry
-# is enabled (defaults to false)
+# [*insecure_registry_address*]
+# The host/port combiniation of the insecure registry. This is used to configure
+# /etc/sysconfig/docker so that a local (insecure) registry can be accessed.
+# Example: 127.0.0.1:8787 (defaults to unset)
#
# [*registry_mirror*]
# Configure a registry-mirror in the /etc/docker/daemon.json file.
@@ -59,9 +55,19 @@
# List of TripleO services enabled on the role.
# Defaults to hiera('services_names')
#
+# DEPRECATED PARAMETERS
+#
+# [*docker_namespace*]
+# DEPRECATED: The namespace to be used when setting INSECURE_REGISTRY
+# this will be split on "/" to derive the docker registry
+# (defaults to undef)
+#
+# [*insecure_registry*]
+# DEPRECATED: Set docker_namespace to INSECURE_REGISTRY, used when a local registry
+# is enabled (defaults to false)
+#
class tripleo::profile::base::docker (
- $docker_namespace = undef,
- $insecure_registry = false,
+ $insecure_registry_address = undef,
$registry_mirror = false,
$docker_options = '--log-driver=journald --signature-verification=false',
$configure_storage = true,
@@ -69,7 +75,10 @@ class tripleo::profile::base::docker (
$step = Integer(hiera('step')),
$configure_libvirt_polkit = undef,
$docker_nova_uid = 42436,
- $services_enabled = hiera('service_names', [])
+ $services_enabled = hiera('service_names', []),
+ # DEPRECATED PARAMETERS
+ $docker_namespace = undef,
+ $insecure_registry = false,
) {
if $configure_libvirt_polkit == undef {
@@ -89,22 +98,37 @@ class tripleo::profile::base::docker (
require => Package['docker'],
}
+ if $docker_options {
+ $options_changes = [ "set OPTIONS '\"${docker_options}\"'" ]
+ } else {
+ $options_changes = [ 'rm OPTIONS' ]
+ }
+
+ augeas { 'docker-sysconfig-options':
+ lens => 'Shellvars.lns',
+ incl => '/etc/sysconfig/docker',
+ changes => $options_changes,
+ subscribe => Package['docker'],
+ notify => Service['docker'],
+ }
+
if $insecure_registry {
+ warning('The $insecure_registry and $docker_namespace are deprecated. Use $insecure_registry_address instead.')
if $docker_namespace == undef {
fail('You must provide a $docker_namespace in order to configure insecure registry')
}
$namespace = strip($docker_namespace.split('/')[0])
- $changes = [ "set INSECURE_REGISTRY '\"--insecure-registry ${namespace}\"'",
- "set OPTIONS '\"${docker_options}\"'" ]
+ $registry_changes = [ "set INSECURE_REGISTRY '\"--insecure-registry ${namespace}\"'" ]
+ } elsif $insecure_registry_address {
+ $registry_changes = [ "set INSECURE_REGISTRY '\"--insecure-registry ${insecure_registry_address}\"'" ]
} else {
- $changes = [ 'rm INSECURE_REGISTRY',
- "set OPTIONS '\"${docker_options}\"'" ]
+ $registry_changes = [ 'rm INSECURE_REGISTRY' ]
}
- augeas { 'docker-sysconfig':
+ augeas { 'docker-sysconfig-registry':
lens => 'Shellvars.lns',
incl => '/etc/sysconfig/docker',
- changes => $changes,
+ changes => $registry_changes,
subscribe => Package['docker'],
notify => Service['docker'],
}
diff --git a/manifests/profile/base/glance/api.pp b/manifests/profile/base/glance/api.pp
index 2896185..d9c89d5 100644
--- a/manifests/profile/base/glance/api.pp
+++ b/manifests/profile/base/glance/api.pp
@@ -127,12 +127,12 @@ class tripleo::profile::base::glance::api (
}
}
case $glance_backend {
- 'swift': { $backend_store = 'glance.store.swift.Store' }
- 'file': { $backend_store = 'glance.store.filesystem.Store' }
- 'rbd': { $backend_store = 'glance.store.rbd.Store' }
+ 'swift': { $backend_store = 'swift' }
+ 'file': { $backend_store = 'file' }
+ 'rbd': { $backend_store = 'rbd' }
default: { fail('Unrecognized glance_backend parameter.') }
}
- $http_store = ['glance.store.http.Store']
+ $http_store = ['http']
$glance_store = concat($http_store, $backend_store)
# TODO: notifications, scrubber, etc.
diff --git a/manifests/profile/base/heat/api.pp b/manifests/profile/base/heat/api.pp
index ff90590..2221b37 100644
--- a/manifests/profile/base/heat/api.pp
+++ b/manifests/profile/base/heat/api.pp
@@ -18,6 +18,10 @@
#
# === Parameters
#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
# [*certificates_specs*]
# (Optional) The specifications to give to certmonger for the certificate(s)
# it will create.
@@ -45,11 +49,18 @@
# Defaults to hiera('step')
#
class tripleo::profile::base::heat::api (
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$heat_api_network = hiera('heat_api_network', undef),
$step = Integer(hiera('step')),
) {
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
+ }
+
include ::tripleo::profile::base::heat
if $enable_internal_tls {
@@ -63,7 +74,7 @@ class tripleo::profile::base::heat::api (
$tls_keyfile = undef
}
- if $step >= 3 {
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::heat::api
include ::apache::mod::ssl
class { '::heat::wsgi::apache_api':
diff --git a/manifests/profile/base/heat/api_cfn.pp b/manifests/profile/base/heat/api_cfn.pp
index e14760a..1014b04 100644
--- a/manifests/profile/base/heat/api_cfn.pp
+++ b/manifests/profile/base/heat/api_cfn.pp
@@ -18,6 +18,10 @@
#
# === Parameters
#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
# [*certificates_specs*]
# (Optional) The specifications to give to certmonger for the certificate(s)
# it will create.
@@ -45,11 +49,18 @@
# Defaults to hiera('step')
#
class tripleo::profile::base::heat::api_cfn (
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$heat_api_cfn_network = hiera('heat_api_cfn_network', undef),
$step = Integer(hiera('step')),
) {
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
+ }
+
include ::tripleo::profile::base::heat
if $enable_internal_tls {
@@ -63,7 +74,7 @@ class tripleo::profile::base::heat::api_cfn (
$tls_keyfile = undef
}
- if $step >= 3 {
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::heat::api_cfn
include ::apache::mod::ssl
diff --git a/manifests/profile/base/heat/api_cloudwatch.pp b/manifests/profile/base/heat/api_cloudwatch.pp
index 83d5307..4caac9d 100644
--- a/manifests/profile/base/heat/api_cloudwatch.pp
+++ b/manifests/profile/base/heat/api_cloudwatch.pp
@@ -18,6 +18,10 @@
#
# === Parameters
#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
# [*certificates_specs*]
# (Optional) The specifications to give to certmonger for the certificate(s)
# it will create.
@@ -45,11 +49,18 @@
# Defaults to hiera('step')
#
class tripleo::profile::base::heat::api_cloudwatch (
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$heat_api_cloudwatch_network = hiera('heat_api_cloudwatch_network', undef),
$step = Integer(hiera('step')),
) {
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
+ }
+
include ::tripleo::profile::base::heat
if $enable_internal_tls {
@@ -63,7 +74,7 @@ class tripleo::profile::base::heat::api_cloudwatch (
$tls_keyfile = undef
}
- if $step >= 3 {
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::heat::api_cloudwatch
include ::apache::mod::ssl
diff --git a/manifests/profile/base/horizon.pp b/manifests/profile/base/horizon.pp
index 12482b6..3f01d01 100644
--- a/manifests/profile/base/horizon.pp
+++ b/manifests/profile/base/horizon.pp
@@ -23,15 +23,31 @@
# for more details.
# Defaults to hiera('step')
#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
# [*neutron_options*]
# (Optional) A hash of parameters to enable features specific to Neutron
# Defaults to hiera('horizon::neutron_options', {})
#
+# [*memcached_ips*]
+# (Optional) Array of ipv4 or ipv6 addresses for memcache.
+# Defaults to hiera('memcached_node_ips')
+#
class tripleo::profile::base::horizon (
$step = Integer(hiera('step')),
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
$neutron_options = hiera('horizon::neutron_options', {}),
+ $memcached_ips = hiera('memcached_node_ips')
) {
- if $step >= 3 {
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
+ }
+
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
# Horizon
include ::apache::mod::remoteip
include ::apache::mod::status
@@ -41,12 +57,14 @@ class tripleo::profile::base::horizon (
$_profile_support = 'None'
}
$neutron_options_real = merge({'profile_support' => $_profile_support }, $neutron_options)
- $memcached_ipv6 = hiera('memcached_ipv6', false)
- if $memcached_ipv6 {
- $horizon_memcached_servers = hiera('memcached_node_ips_v6', '[::1]')
+
+ if is_ipv6_address($memcached_ips[0]) {
+ $horizon_memcached_servers = prefix(any2array(normalize_ip_for_uri($memcached_ips)), 'inet6:')
+
} else {
- $horizon_memcached_servers = hiera('memcached_node_ips', '127.0.0.1')
+ $horizon_memcached_servers = any2array(normalize_ip_for_uri($memcached_ips))
}
+
class { '::horizon':
cache_server_ip => $horizon_memcached_servers,
neutron_options => $neutron_options_real,
diff --git a/manifests/profile/base/ironic/api.pp b/manifests/profile/base/ironic/api.pp
index 94b7efe..bbc91f5 100644
--- a/manifests/profile/base/ironic/api.pp
+++ b/manifests/profile/base/ironic/api.pp
@@ -18,16 +18,68 @@
#
# === Parameters
#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
+# [*certificates_specs*]
+# (Optional) The specifications to give to certmonger for the certificate(s)
+# it will create.
+# Example with hiera:
+# apache_certificates_specs:
+# httpd-internal_api:
+# hostname: <overcloud controller fqdn>
+# service_certificate: <service certificate path>
+# service_key: <service key path>
+# principal: "haproxy/<overcloud controller fqdn>"
+# Defaults to hiera('apache_certificate_specs', {}).
+#
+# [*ironic_api_network*]
+# (Optional) The network name where the ironic API endpoint is listening on.
+# This is set by t-h-t.
+# Defaults to hiera('ironic_api_network', undef)
+#
+# [*enable_internal_tls*]
+# (Optional) Whether TLS in the internal network is enabled or not.
+# Defaults to hiera('enable_internal_tls', false)
+#
# [*step*]
# (Optional) The current step of the deployment
# Defaults to hiera('step')
#
class tripleo::profile::base::ironic::api (
- $step = Integer(hiera('step')),
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $certificates_specs = hiera('apache_certificates_specs', {}),
+ $ironic_api_network = hiera('ironic_api_network', undef),
+ $enable_internal_tls = hiera('enable_internal_tls', false),
+ $step = Integer(hiera('step')),
) {
include ::tripleo::profile::base::ironic
- if $step >= 4 {
- include ::ironic::api
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
}
+
+ if $enable_internal_tls {
+ if !$ironic_api_network {
+ fail('ironic_api_network is not set in the hieradata.')
+ }
+ $tls_certfile = $certificates_specs["httpd-${ironic_api_network}"]['service_certificate']
+ $tls_keyfile = $certificates_specs["httpd-${ironic_api_network}"]['service_key']
+ } else {
+ $tls_certfile = undef
+ $tls_keyfile = undef
+ }
+
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
+ include ::ironic::api
+ include ::apache::mod::ssl
+ class { '::ironic::wsgi::apache':
+ ssl_cert => $tls_certfile,
+ ssl_key => $tls_keyfile,
+ }
+ }
+
}
diff --git a/manifests/profile/base/iscsid.pp b/manifests/profile/base/iscsid.pp
new file mode 100644
index 0000000..3637097
--- /dev/null
+++ b/manifests/profile/base/iscsid.pp
@@ -0,0 +1,45 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::iscsid
+#
+# Nova Compute profile for tripleo
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::iscsid (
+ $step = Integer(hiera('step')),
+) {
+
+ if $step >= 2 {
+ # When utilising images for deployment, we need to reset the iSCSI initiator name to make it unique
+ # https://bugzilla.redhat.com/show_bug.cgi?id=1244328
+ ensure_resource('package', 'iscsi-initiator-utils', { ensure => 'present' })
+ exec { 'reset-iscsi-initiator-name':
+ command => '/bin/echo InitiatorName=$(/usr/sbin/iscsi-iname) > /etc/iscsi/initiatorname.iscsi',
+ onlyif => '/usr/bin/test ! -f /etc/iscsi/.initiator_reset',
+ before => File['/etc/iscsi/.initiator_reset'],
+ require => Package['iscsi-initiator-utils'],
+ tag => 'iscsid_config'
+ }
+ file { '/etc/iscsi/.initiator_reset':
+ ensure => present,
+ }
+ }
+}
diff --git a/manifests/profile/base/kernel.pp b/manifests/profile/base/kernel.pp
index df13a98..48caf37 100644
--- a/manifests/profile/base/kernel.pp
+++ b/manifests/profile/base/kernel.pp
@@ -17,14 +17,32 @@
#
# Load and configure Kernel modules.
#
-class tripleo::profile::base::kernel {
+# === Parameters
+#
+# [*module_list*]
+# (Optional) List of kernel modules to load.
+# Defaults to hiera('kernel_modules')
+#
+# [*sysctl_settings*]
+# (Optional) List of sysctl settings to load.
+# Defaults to hiera('sysctl_settings')
+#
+class tripleo::profile::base::kernel (
+ $module_list = hiera('kernel_modules', undef),
+ $sysctl_settings = hiera('sysctl_settings', undef),
+) {
- if hiera('kernel_modules', undef) {
- create_resources(kmod::load, hiera('kernel_modules'), { })
+ if $module_list {
+ create_resources(kmod::load, $module_list, { })
}
- if hiera('sysctl_settings', undef) {
- create_resources(sysctl::value, hiera('sysctl_settings'), { })
+ if $sysctl_settings {
+ create_resources(sysctl::value, $sysctl_settings, { })
}
Exec <| tag == 'kmod::load' |> -> Sysctl <| |>
+ # RHEL 7.4+ workaround where this functionality is built into the
+ # kernel instead of being built as a module.
+ # That way, we can support both 7.3 and 7.4 RHEL versions.
+ # https://bugzilla.redhat.com/show_bug.cgi?id=1387537
+ Exec <| title == 'modprobe nf_conntrack_proto_sctp' |> { returns => [0,1] }
}
diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp
index 91a660c..47b5276 100644
--- a/manifests/profile/base/keystone.pp
+++ b/manifests/profile/base/keystone.pp
@@ -347,5 +347,8 @@ class tripleo::profile::base::keystone (
if hiera('novajoin_enabled', false) {
include ::nova::metadata::novajoin::auth
}
+ if hiera('veritas_hyperscale_controller_enabled', false) {
+ include ::veritas_hyperscale::hs_keystone
+ }
}
}
diff --git a/manifests/profile/base/lvm.pp b/manifests/profile/base/lvm.pp
new file mode 100644
index 0000000..91810ce
--- /dev/null
+++ b/manifests/profile/base/lvm.pp
@@ -0,0 +1,40 @@
+# Copyright 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::lvm
+#
+# LVM profile for tripleo
+#
+# === Parameters
+#
+# [*enable_udev*]
+# (Optional) Whether to enable udev usage by LVM.
+# Defaults to true
+#
+class tripleo::profile::base::lvm (
+ $enable_udev = true,
+) {
+
+ if $enable_udev {
+ $udev_options_value = 1
+ } else {
+ $udev_options_value = 0
+ }
+ augeas {'udev options in lvm.conf':
+ context => '/files/etc/lvm/lvm.conf/activation/dict/',
+ changes => ["set udev_sync/int ${udev_options_value}",
+ "set udev_rules/int ${udev_options_value}"],
+ }
+
+}
diff --git a/manifests/profile/base/metrics/collectd.pp b/manifests/profile/base/metrics/collectd.pp
index 098f795..088e6e2 100644
--- a/manifests/profile/base/metrics/collectd.pp
+++ b/manifests/profile/base/metrics/collectd.pp
@@ -23,6 +23,11 @@
# for more details.
# Defaults to hiera('step')
#
+# [*enable_file_logging*]
+# (Optional) Boolean. Whether to enable logfile plugin.
+# which we should send metrics.
+# Defaults to false
+#
# [*collectd_server*]
# (Optional) String. The name or address of a collectd server to
# which we should send metrics.
@@ -49,6 +54,7 @@
class tripleo::profile::base::metrics::collectd (
$step = Integer(hiera('step')),
+ $enable_file_logging = false,
$collectd_server = undef,
$collectd_port = undef,
$collectd_username = undef,
@@ -58,6 +64,9 @@ class tripleo::profile::base::metrics::collectd (
) {
if $step >= 3 {
include ::collectd
+ if $enable_file_logging {
+ include ::collectd::plugin::logfile
+ }
if ! ($collectd_securitylevel in [undef, 'None', 'Sign', 'Encrypt']) {
fail('collectd_securitylevel must be one of (None, Sign, Encrypt).')
diff --git a/manifests/profile/base/mistral/api.pp b/manifests/profile/base/mistral/api.pp
index 2ea5c9a..b5ca85e 100644
--- a/manifests/profile/base/mistral/api.pp
+++ b/manifests/profile/base/mistral/api.pp
@@ -56,9 +56,9 @@ class tripleo::profile::base::mistral::api (
$step = Integer(hiera('step')),
) {
if $::hostname == downcase($bootstrap_node) {
- $sync_db = true
+ $is_bootstrap = true
} else {
- $sync_db = false
+ $is_bootstrap = false
}
include ::tripleo::profile::base::mistral
@@ -74,7 +74,7 @@ class tripleo::profile::base::mistral::api (
$tls_keyfile = undef
}
- if $step >= 3 {
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::mistral::api
include ::apache::mod::ssl
class { '::mistral::wsgi::apache':
diff --git a/manifests/profile/base/neutron/opendaylight.pp b/manifests/profile/base/neutron/opendaylight.pp
index 5d25ae2..7a35b6b 100644
--- a/manifests/profile/base/neutron/opendaylight.pp
+++ b/manifests/profile/base/neutron/opendaylight.pp
@@ -28,12 +28,12 @@
#
# [*node_name*]
# (Optional) The short hostname of node
-# Defaults to hiera('bootstack_nodeid')
+# Defaults to hiera('bootstrap_nodeid')
#
class tripleo::profile::base::neutron::opendaylight (
$step = Integer(hiera('step')),
$odl_api_ips = hiera('opendaylight_api_node_ips'),
- $node_name = hiera('bootstack_nodeid')
+ $node_name = hiera('bootstrap_nodeid')
) {
if $step >= 1 {
diff --git a/manifests/profile/base/neutron/opendaylight/configure_cluster.pp b/manifests/profile/base/neutron/opendaylight/configure_cluster.pp
new file mode 100644
index 0000000..022e8ae
--- /dev/null
+++ b/manifests/profile/base/neutron/opendaylight/configure_cluster.pp
@@ -0,0 +1,45 @@
+# Copyright 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# Configures an OpenDaylight cluster.
+# It creates the akka configuration file for ODL to cluster correctly
+# It will not configure clustering if less than 3 nodes
+#
+# == Function: tripleo::profile::base::neutron::opendaylight::configure_cluster
+#
+# == Parameters
+#
+# [*node_name*]
+# The short hostname of node
+#
+# [*odl_api_ips*] Array of IPs per ODL node
+# Defaults to empty array
+#
+define tripleo::profile::base::neutron::opendaylight::configure_cluster(
+ $node_name,
+ $odl_api_ips = [],
+) {
+ validate_array($odl_api_ips)
+ if size($odl_api_ips) > 2 {
+ $node_string = split($node_name, '-')
+ $ha_node_index = $node_string[-1] + 1
+ $ha_node_ip_str = join($odl_api_ips, ' ')
+ exec { 'Configure ODL Clustering':
+ command => "configure_cluster.sh ${ha_node_index} ${ha_node_ip_str}",
+ path => '/opt/opendaylight/bin/:/usr/sbin:/usr/bin:/sbin:/bin',
+ creates => '/opt/opendaylight/configuration/initial/akka.conf'
+ }
+ }
+}
+
diff --git a/manifests/profile/base/neutron/opendaylight/create_cluster.pp b/manifests/profile/base/neutron/opendaylight/create_cluster.pp
new file mode 100644
index 0000000..94cd898
--- /dev/null
+++ b/manifests/profile/base/neutron/opendaylight/create_cluster.pp
@@ -0,0 +1,43 @@
+# Copyright 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# Configures an OpenDaylight cluster.
+# It creates the akka configuration file for ODL to cluster correctly
+# It will not configure clustering if less than 3 nodes
+#
+# == Class: tripleo::profile::base::neutron::opendaylight::create_cluster
+#
+# OpenDaylight class only used for creating clusters with container deployments
+#
+# === Parameters
+#
+# [*odl_api_ips*]
+# (Optional) List of OpenStack Controller IPs for ODL API
+# Defaults to hiera('opendaylight_api_node_ips')
+#
+# [*node_name*]
+# (Optional) The short hostname of node
+# Defaults to hiera('bootstrap_nodeid')
+#
+class tripleo::profile::base::neutron::opendaylight::create_cluster (
+ $odl_api_ips = hiera('opendaylight_api_node_ips'),
+ $node_name = hiera('bootstrap_nodeid')
+) {
+
+ tripleo::profile::base::neutron::opendaylight::configure_cluster {'ODL cluster':
+ node_name => $node_name,
+ odl_api_ips => $odl_api_ips,
+ }
+
+}
diff --git a/manifests/profile/base/neutron/server.pp b/manifests/profile/base/neutron/server.pp
index 0dee53e..60ef443 100644
--- a/manifests/profile/base/neutron/server.pp
+++ b/manifests/profile/base/neutron/server.pp
@@ -113,10 +113,7 @@ class tripleo::profile::base::neutron::server (
$l3_ha = false
}
- # We start neutron-server on the bootstrap node first, because
- # it will try to populate tables and we need to make sure this happens
- # before it starts on other nodes
- if $step >= 4 and $sync_db or $step >= 5 and !$sync_db {
+ if $step >= 4 or ($step >= 3 and $sync_db) {
if $enable_internal_tls {
if !$neutron_network {
fail('neutron_api_network is not set in the hieradata.')
@@ -130,9 +127,14 @@ class tripleo::profile::base::neutron::server (
port => $tls_proxy_port,
tls_cert => $tls_certfile,
tls_key => $tls_keyfile,
- notify => Class['::neutron::server'],
}
+ Tripleo::Tls_proxy['neutron-api'] ~> Anchor<| title == 'neutron::service::begin' |>
}
+ }
+ # We start neutron-server on the bootstrap node first, because
+ # it will try to populate tables and we need to make sure this happens
+ # before it starts on other nodes
+ if $step >= 4 and $sync_db or $step >= 5 and !$sync_db {
include ::neutron::server::notifications
# We need to override the hiera value neutron::server::sync_db which is set
diff --git a/manifests/profile/base/nova.pp b/manifests/profile/base/nova.pp
index 65e8ebc..eb6856f 100644
--- a/manifests/profile/base/nova.pp
+++ b/manifests/profile/base/nova.pp
@@ -22,14 +22,6 @@
# (Optional) The hostname of the node responsible for bootstrapping tasks
# Defaults to hiera('bootstrap_nodeid')
#
-# [*libvirt_enabled*]
-# (Optional) Whether or not Libvirt is enabled.
-# Defaults to false
-#
-# [*manage_migration*]
-# (Optional) Whether or not manage Nova Live migration
-# Defaults to false
-#
# [*oslomsg_rpc_proto*]
# Protocol driver for the oslo messaging rpc service
# Defaults to hiera('messaging_rpc_service_name', rabbit)
@@ -74,65 +66,43 @@
# Enable ssl oslo messaging services
# Defaults to hiera('nova::rabbit_use_ssl', '0')
#
-# [*nova_compute_enabled*]
-# (Optional) Whether or not nova-compute is enabled.
-# Defaults to false
-#
# [*step*]
# (Optional) The current step of the deployment
# Defaults to hiera('step')
#
-# [*migration_ssh_key*]
-# (Optional) SSH key pair for migration SSH tunnel.
-# Expects a hash with keys 'private_key' and 'public_key'.
-# Defaults to {}
-#
-# [*migration_ssh_localaddrs*]
-# (Optional) Restrict ssh migration to clients connecting via this list of
-# IPs.
-# Defaults to [] (no restriction)
-#
-# [*libvirt_tls*]
-# (Optional) Whether or not libvird TLS service is enabled.
-# Defaults to false
+# [*memcached_ips*]
+# (Optional) Array of ipv4 or ipv6 addresses for memcache.
+# Defaults to hiera('memcached_node_ips')
class tripleo::profile::base::nova (
- $bootstrap_node = hiera('bootstrap_nodeid', undef),
- $libvirt_enabled = false,
- $manage_migration = false,
- $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
- $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
- $oslomsg_rpc_password = hiera('nova::rabbit_password'),
- $oslomsg_rpc_port = hiera('nova::rabbit_port', '5672'),
- $oslomsg_rpc_username = hiera('nova::rabbit_userid', 'guest'),
- $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'),
- $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)),
- $oslomsg_notify_password = hiera('nova::rabbit_password'),
- $oslomsg_notify_port = hiera('nova::rabbit_port', '5672'),
- $oslomsg_notify_username = hiera('nova::rabbit_userid', 'guest'),
- $oslomsg_use_ssl = hiera('nova::rabbit_use_ssl', '0'),
- $nova_compute_enabled = false,
- $step = Integer(hiera('step')),
- $migration_ssh_key = {},
- $migration_ssh_localaddrs = [],
- $libvirt_tls = false
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
+ $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_rpc_password = hiera('nova::rabbit_password'),
+ $oslomsg_rpc_port = hiera('nova::rabbit_port', '5672'),
+ $oslomsg_rpc_username = hiera('nova::rabbit_userid', 'guest'),
+ $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'),
+ $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_notify_password = hiera('nova::rabbit_password'),
+ $oslomsg_notify_port = hiera('nova::rabbit_port', '5672'),
+ $oslomsg_notify_username = hiera('nova::rabbit_userid', 'guest'),
+ $oslomsg_use_ssl = hiera('nova::rabbit_use_ssl', '0'),
+ $step = Integer(hiera('step')),
+ $memcached_ips = hiera('memcached_node_ips'),
) {
+
if $::hostname == downcase($bootstrap_node) {
$sync_db = true
} else {
$sync_db = false
}
- if hiera('nova::use_ipv6', false) {
- $memcache_servers = suffix(hiera('memcached_node_ips_v6'), ':11211')
+ if is_ipv6_address($memcached_ips[0]) {
+ $memcache_servers = prefix(suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211'), 'inet6:')
} else {
- $memcache_servers = suffix(hiera('memcached_node_ips'), ':11211')
+ $memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211')
}
- validate_array($migration_ssh_localaddrs)
- $migration_ssh_localaddrs.each |$x| { validate_ip_address($x) }
- $migration_ssh_localaddrs_real = unique($migration_ssh_localaddrs)
-
if $step >= 4 or ($step >= 3 and $sync_db) {
$oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
include ::nova::config
@@ -161,102 +131,4 @@ class tripleo::profile::base::nova (
}
include ::nova::placement
}
-
- if $step >= 4 {
- if $manage_migration {
- # Libvirt setup (live-migration)
- if $libvirt_tls {
- class { '::nova::migration::libvirt':
- transport => 'tls',
- configure_libvirt => $libvirt_enabled,
- configure_nova => $nova_compute_enabled,
- }
- } else {
- # Reuse the cold-migration SSH tunnel when TLS is not enabled
- class { '::nova::migration::libvirt':
- transport => 'ssh',
- configure_libvirt => $libvirt_enabled,
- configure_nova => $nova_compute_enabled,
- client_user => 'nova_migration',
- client_extraparams => {'keyfile' => '/etc/nova/migration/identity'}
- }
- }
-
- $services_enabled = hiera('service_names', [])
- if !empty($migration_ssh_key) and 'sshd' in $services_enabled {
- # Nova SSH tunnel setup (cold-migration)
-
- # Server side
- if !empty($migration_ssh_localaddrs_real) {
- $allow_type = sprintf('LocalAddress %s User', join($migration_ssh_localaddrs_real,','))
- $deny_type = 'LocalAddress'
- $deny_name = sprintf('!%s', join($migration_ssh_localaddrs_real,',!'))
-
- ssh::server::match_block { 'nova_migration deny':
- name => $deny_name,
- type => $deny_type,
- order => 2,
- options => {
- 'DenyUsers' => 'nova_migration'
- },
- notify => Service['sshd']
- }
- }
- else {
- $allow_type = 'User'
- }
- $allow_name = 'nova_migration'
-
- ssh::server::match_block { 'nova_migration allow':
- name => $allow_name,
- type => $allow_type,
- order => 1,
- options => {
- 'ForceCommand' => '/bin/nova-migration-wrapper',
- 'PasswordAuthentication' => 'no',
- 'AllowTcpForwarding' => 'no',
- 'X11Forwarding' => 'no',
- 'AuthorizedKeysFile' => '/etc/nova/migration/authorized_keys'
- },
- notify => Service['sshd']
- }
-
- $migration_authorized_keys = $migration_ssh_key['public_key']
- $migration_identity = $migration_ssh_key['private_key']
- $migration_user_shell = '/bin/bash'
- }
- else {
- # Remove the keys and prevent login when migration over SSH is not enabled
- $migration_authorized_keys = '# Migration over SSH disabled by TripleO'
- $migration_identity = '# Migration over SSH disabled by TripleO'
- $migration_user_shell = '/sbin/nologin'
- }
-
- package { 'openstack-nova-migration':
- ensure => present,
- tag => ['openstack', 'nova-package'],
- }
-
- file { '/etc/nova/migration/authorized_keys':
- content => $migration_authorized_keys,
- mode => '0640',
- owner => 'root',
- group => 'nova_migration',
- require => Package['openstack-nova-migration']
- }
-
- file { '/etc/nova/migration/identity':
- content => $migration_identity,
- mode => '0600',
- owner => 'nova',
- group => 'nova',
- require => Package['openstack-nova-migration']
- }
-
- user {'nova_migration':
- shell => $migration_user_shell,
- require => Package['openstack-nova-migration']
- }
- }
- }
}
diff --git a/manifests/profile/base/nova/authtoken.pp b/manifests/profile/base/nova/authtoken.pp
index d8285ba..7eb37bc 100644
--- a/manifests/profile/base/nova/authtoken.pp
+++ b/manifests/profile/base/nova/authtoken.pp
@@ -21,34 +21,22 @@
# for more details.
# Defaults to hiera('step')
#
-# [*use_ipv6*]
-# (Optional) Flag indicating if ipv6 should be used for caching
-# Defaults to hiera('nova::use_ipv6', false)
-#
-# [*memcache_nodes_ipv6*]
-# (Optional) Array of ipv6 addresses for memcache. Used if use_ipv6 is true.
-# Defaults to hiera('memcached_node_ipvs_v6', ['::1'])
-#
-# [*memcache_nodes_ipv4*]
-# (Optional) Array of ipv4 addresses for memcache. Used by default unless
-# use_ipv6 is set to true.
-# Defaults to hiera('memcached_node_ips', ['127.0.0.1'])
+# [*memcached_ips*]
+# (Optional) Array of ipv4 or ipv6 addresses for memcache.
+# Defaults to hiera('memcached_node_ips')
#
class tripleo::profile::base::nova::authtoken (
$step = Integer(hiera('step')),
- $use_ipv6 = hiera('nova::use_ipv6', false),
- $memcache_nodes_ipv6 = hiera('memcached_node_ips_v6', ['::1']),
- $memcache_nodes_ipv4 = hiera('memcached_node_ips', ['127.0.0.1']),
+ $memcached_ips = hiera('memcached_node_ips'),
) {
if $step >= 3 {
- $memcached_ips = $use_ipv6 ? {
- true => $memcache_nodes_ipv6,
- default => $memcache_nodes_ipv4
+ if is_ipv6_address($memcached_ips[0]) {
+ $memcache_servers = prefix(suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211'), 'inet6:')
+ } else {
+ $memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211')
}
- $memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211')
-
class { '::nova::keystone::authtoken':
memcached_servers => $memcache_servers
}
diff --git a/manifests/profile/base/nova/compute.pp b/manifests/profile/base/nova/compute.pp
index bd50204..3eae880 100644
--- a/manifests/profile/base/nova/compute.pp
+++ b/manifests/profile/base/nova/compute.pp
@@ -45,19 +45,6 @@ class tripleo::profile::base::nova::compute (
# deploy bits to connect nova compute to neutron
include ::nova::network::neutron
-
- # When utilising images for deployment, we need to reset the iSCSI initiator name to make it unique
- # https://bugzilla.redhat.com/show_bug.cgi?id=1244328
- ensure_resource('package', 'iscsi-initiator-utils', { ensure => 'present' })
- exec { 'reset-iscsi-initiator-name':
- command => '/bin/echo InitiatorName=$(/usr/sbin/iscsi-iname) > /etc/iscsi/initiatorname.iscsi',
- onlyif => '/usr/bin/test ! -f /etc/iscsi/.initiator_reset',
- before => File['/etc/iscsi/.initiator_reset'],
- require => Package['iscsi-initiator-utils'],
- }
- file { '/etc/iscsi/.initiator_reset':
- ensure => present,
- }
}
# If NFS is used as a Cinder backend
diff --git a/manifests/profile/base/nova/compute/libvirt.pp b/manifests/profile/base/nova/compute/libvirt.pp
index ec592cb..8a7c4d6 100644
--- a/manifests/profile/base/nova/compute/libvirt.pp
+++ b/manifests/profile/base/nova/compute/libvirt.pp
@@ -28,16 +28,13 @@ class tripleo::profile::base::nova::compute::libvirt (
) {
if $step >= 4 {
include ::tripleo::profile::base::nova::compute
+ include ::tripleo::profile::base::nova::migration::client
# Ceph + Libvirt
$rbd_ephemeral_storage = hiera('nova::compute::rbd::ephemeral_storage', false)
$rbd_persistent_storage = hiera('rbd_persistent_storage', false)
if $rbd_ephemeral_storage or $rbd_persistent_storage {
- $client_keys = hiera('ceph::profile::params::client_keys')
- $client_user = join(['client.', hiera('nova::compute::rbd::libvirt_rbd_user')])
- class { '::nova::compute::rbd':
- libvirt_rbd_secret_key => $client_keys[$client_user]['secret'],
- }
+ include ::nova::compute::rbd
}
if $rbd_ephemeral_storage {
diff --git a/manifests/profile/base/nova/libvirt.pp b/manifests/profile/base/nova/libvirt.pp
index b639858..06baa39 100644
--- a/manifests/profile/base/nova/libvirt.pp
+++ b/manifests/profile/base/nova/libvirt.pp
@@ -28,6 +28,7 @@ class tripleo::profile::base::nova::libvirt (
) {
if $step >= 4 {
include ::tripleo::profile::base::nova
+ include ::tripleo::profile::base::nova::migration::client
include ::nova::compute::libvirt::services
file { ['/etc/libvirt/qemu/networks/autostart/default.xml',
diff --git a/manifests/profile/base/ui.pp b/manifests/profile/base/nova/migration.pp
index 681496a..0c4c844 100644
--- a/manifests/profile/base/ui.pp
+++ b/manifests/profile/base/nova/migration.pp
@@ -12,15 +12,24 @@
# License for the specific language governing permissions and limitations
# under the License.
#
-# == Class: tripleo::profile::base::ui
+# == Class: tripleo::profile::base::nova::migration
#
-# UI profile for tripleo
+# Nova migration profile for tripleo, common to both client and target.
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) The current step of the deployment
+# Defaults to hiera('step')
#
-class tripleo::profile::base::ui () {
- package {'openstack-tripleo-ui': }
-
- include ::apache
- include ::tripleo::ui
+class tripleo::profile::base::nova::migration (
+ $step = Integer(hiera('step')),
+) {
+ if $step >= 3 {
+ package { 'openstack-nova-migration':
+ ensure => present,
+ tag => ['openstack', 'nova-package'],
+ }
+ }
}
-
diff --git a/manifests/profile/base/nova/migration/client.pp b/manifests/profile/base/nova/migration/client.pp
new file mode 100644
index 0000000..12b83dc
--- /dev/null
+++ b/manifests/profile/base/nova/migration/client.pp
@@ -0,0 +1,100 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::nova::migration
+#
+# Nova migration client profile for tripleo
+#
+# === Parameters
+#
+# [*libvirt_enabled*]
+# (Optional) Whether or not Libvirt is enabled.
+# Defaults to false
+#
+# [*nova_compute_enabled*]
+# (Optional) Whether or not nova-compute is enabled.
+# Defaults to false
+#
+# [*step*]
+# (Optional) The current step of the deployment
+# Defaults to hiera('step')
+#
+# [*ssh_private_key*]
+# (Optional) SSH private_key for migration SSH tunnel.
+# Defaults to ''
+#
+# [*ssh_port*]
+# (Optional) Port that SSH target services is listening on.
+# Defaults to 22
+#
+# [*libvirt_tls*]
+# (Optional) Whether or not libvird TLS service is enabled.
+# Defaults to false
+
+class tripleo::profile::base::nova::migration::client (
+ $libvirt_enabled = false,
+ $nova_compute_enabled = false,
+ $step = Integer(hiera('step')),
+ $ssh_private_key = '',
+ $ssh_port = 22,
+ $libvirt_tls = false,
+) {
+
+ include ::tripleo::profile::base::nova::migration
+
+ if $step >= 4 {
+
+ # Libvirt setup (live-migration)
+ if $libvirt_tls {
+ class { '::nova::migration::libvirt':
+ transport => 'tls',
+ configure_libvirt => $libvirt_enabled,
+ configure_nova => $nova_compute_enabled,
+ }
+ } else {
+ # Reuse the cold-migration SSH tunnel when TLS is not enabled
+ class { '::nova::migration::libvirt':
+ transport => 'ssh',
+ configure_libvirt => $libvirt_enabled,
+ configure_nova => $nova_compute_enabled,
+ client_user => 'nova_migration',
+ client_extraparams => {'keyfile' => '/etc/nova/migration/identity'},
+ client_port => $ssh_port
+ }
+ }
+
+ if !empty($ssh_private_key) {
+ # Nova SSH tunnel setup (cold-migration)
+ $migration_identity = $ssh_private_key
+ }
+ else {
+ $migration_identity = '# Migration over SSH disabled by TripleO'
+ }
+
+ file { '/etc/nova/migration/identity':
+ content => $migration_identity,
+ mode => '0600',
+ owner => 'nova',
+ group => 'nova',
+ require => Package['openstack-nova-migration']
+ }
+
+ file_line { 'nova_ssh_port':
+ ensure => present,
+ path => '/var/lib/nova/.ssh/config',
+ after => '^Host \*$',
+ line => " Port ${ssh_port}",
+ }
+ }
+}
diff --git a/manifests/profile/base/nova/migration/target.pp b/manifests/profile/base/nova/migration/target.pp
new file mode 100644
index 0000000..7c21028
--- /dev/null
+++ b/manifests/profile/base/nova/migration/target.pp
@@ -0,0 +1,120 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::nova::migration::target
+#
+# Nova migration target profile for tripleo
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) The current step of the deployment
+# Defaults to hiera('step')
+#
+# [*ssh_authorized_keys*]
+# (Optional) List of SSH public keys authorized for migration.
+# If no keys are provided then migration over ssh will be disabled.
+# Defaults to []
+#
+# [*ssh_localaddrs*]
+# (Optional) Restrict ssh migration to clients connecting via this list of
+# IPs.
+# Defaults to [] (no restriction)
+#
+# [*services_enabled*]
+# (Optional) List of services enabled on the current role.
+# If the nova_migration_target service is not enabled then migration over
+# ssh will be disabled.
+# Defaults to hiera('service_names', [])
+
+class tripleo::profile::base::nova::migration::target (
+ $step = Integer(hiera('step')),
+ $ssh_authorized_keys = [],
+ $ssh_localaddrs = [],
+ $services_enabled = hiera('service_names', []),
+) {
+
+ include ::tripleo::profile::base::nova::migration
+
+ validate_array($ssh_localaddrs)
+ $ssh_localaddrs.each |$x| { validate_ip_address($x) }
+ $ssh_localaddrs_real = unique($ssh_localaddrs)
+ validate_array($ssh_authorized_keys)
+ $ssh_authorized_keys_real = join($ssh_authorized_keys, '\n')
+
+ if $step >= 4 {
+ if !empty($ssh_authorized_keys_real) {
+ if ('nova_migration_target' in $services_enabled) {
+ if !empty($ssh_localaddrs_real) {
+ $allow_type = sprintf('LocalAddress %s User', join($ssh_localaddrs_real,','))
+ $deny_type = 'LocalAddress'
+ $deny_name = sprintf('!%s', join($ssh_localaddrs_real,',!'))
+
+ ssh::server::match_block { 'nova_migration deny':
+ name => $deny_name,
+ type => $deny_type,
+ order => 2,
+ options => {
+ 'DenyUsers' => 'nova_migration'
+ },
+ notify => Service['sshd']
+ }
+ }
+ else {
+ $allow_type = 'User'
+ }
+ $allow_name = 'nova_migration'
+
+ ssh::server::match_block { 'nova_migration allow':
+ name => $allow_name,
+ type => $allow_type,
+ order => 1,
+ options => {
+ 'ForceCommand' => '/bin/nova-migration-wrapper',
+ 'PasswordAuthentication' => 'no',
+ 'AllowTcpForwarding' => 'no',
+ 'X11Forwarding' => 'no',
+ 'AuthorizedKeysFile' => '/etc/nova/migration/authorized_keys'
+ },
+ notify => Service['sshd']
+ }
+ $migration_authorized_keys = $ssh_authorized_keys_real
+ $migration_user_shell = '/bin/bash'
+ }
+ else {
+ # Remove the keys and prevent login when migration over SSH is not enabled
+ $migration_authorized_keys = '# Migration over SSH disabled by TripleO'
+ $migration_user_shell = '/sbin/nologin'
+ }
+ }
+ else {
+ # Remove the keys and prevent login when migration over SSH is not enabled
+ $migration_authorized_keys = '# Migration over SSH disabled by TripleO'
+ $migration_user_shell = '/sbin/nologin'
+ }
+
+ file { '/etc/nova/migration/authorized_keys':
+ content => $migration_authorized_keys,
+ mode => '0640',
+ owner => 'root',
+ group => 'nova_migration',
+ require => Package['openstack-nova-migration']
+ }
+
+ user {'nova_migration':
+ shell => $migration_user_shell,
+ require => Package['openstack-nova-migration']
+ }
+ }
+}
diff --git a/manifests/profile/base/nova/placement.pp b/manifests/profile/base/nova/placement.pp
index ac78287..48af39a 100644
--- a/manifests/profile/base/nova/placement.pp
+++ b/manifests/profile/base/nova/placement.pp
@@ -54,9 +54,9 @@ class tripleo::profile::base::nova::placement (
$step = Integer(hiera('step')),
) {
if $::hostname == downcase($bootstrap_node) {
- $sync_db = true
+ $is_bootstrap = true
} else {
- $sync_db = false
+ $is_bootstrap = false
}
include ::tripleo::profile::base::nova
@@ -73,7 +73,7 @@ class tripleo::profile::base::nova::placement (
$tls_keyfile = undef
}
- if $step >= 3 {
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::apache::mod::ssl
class { '::nova::wsgi::apache_placement':
ssl_cert => $tls_certfile,
diff --git a/manifests/profile/base/rabbitmq.pp b/manifests/profile/base/rabbitmq.pp
index 8ab6049..d0b4a05 100644
--- a/manifests/profile/base/rabbitmq.pp
+++ b/manifests/profile/base/rabbitmq.pp
@@ -166,4 +166,7 @@ class tripleo::profile::base::rabbitmq (
}
}
+ if $step >= 1 and hiera('veritas_hyperscale_controller_enabled', false) {
+ include ::veritas_hyperscale::hs_rabbitmq
+ }
}
diff --git a/manifests/profile/base/swift/dispersion.pp b/manifests/profile/base/swift/dispersion.pp
new file mode 100644
index 0000000..44af463
--- /dev/null
+++ b/manifests/profile/base/swift/dispersion.pp
@@ -0,0 +1,33 @@
+# Copyright 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::swift::dispersion
+#
+# Swift dispersion profile for tripleo
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::swift::dispersion (
+ $step = Integer(hiera('step')),
+) {
+ if $step >= 5 {
+ include ::swift::client
+ include ::swift::dispersion
+ }
+}
diff --git a/manifests/profile/base/swift/proxy.pp b/manifests/profile/base/swift/proxy.pp
index b047c36..afb5fa6 100644
--- a/manifests/profile/base/swift/proxy.pp
+++ b/manifests/profile/base/swift/proxy.pp
@@ -18,6 +18,10 @@
#
# === Parameters
#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
# [*ceilometer_enabled*]
# Whether the ceilometer pipeline is enabled.
# Defaults to true
@@ -96,6 +100,7 @@
# defaults to 8080
#
class tripleo::profile::base::swift::proxy (
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
$ceilometer_enabled = true,
$ceilometer_messaging_driver = hiera('messaging_notify_service_name', 'rabbit'),
$ceilometer_messaging_hosts = any2array(hiera('rabbitmq_node_names', undef)),
@@ -113,7 +118,12 @@ class tripleo::profile::base::swift::proxy (
$tls_proxy_fqdn = undef,
$tls_proxy_port = 8080,
) {
- if $step >= 4 {
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
+ }
+ if $step >= 4 or ($step >= 3 and $is_bootstrap) {
if $enable_internal_tls {
if !$swift_proxy_network {
fail('swift_proxy_network is not set in the hieradata.')
@@ -127,9 +137,11 @@ class tripleo::profile::base::swift::proxy (
port => $tls_proxy_port,
tls_cert => $tls_certfile,
tls_key => $tls_keyfile,
- notify => Class['::swift::proxy'],
}
+ Tripleo::Tls_proxy['swift-proxy-api'] ~> Anchor<| title == 'swift::service::begin' |>
}
+ }
+ if $step >= 4 {
$swift_memcache_servers = suffix(any2array(normalize_ip_for_uri($memcache_servers)), ":${memcache_port}")
include ::swift::config
include ::swift::proxy
diff --git a/manifests/profile/base/zaqar.pp b/manifests/profile/base/zaqar.pp
index b9171b0..cd84d04 100644
--- a/manifests/profile/base/zaqar.pp
+++ b/manifests/profile/base/zaqar.pp
@@ -18,9 +18,17 @@
#
# === Parameters
#
-# [*sync_db*]
-# (Optional) Whether to run db sync
-# Defaults to true
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
+# [*management_store*]
+# (Optional) The management store for Zaqar.
+# Defaults to 'mongodb'
+#
+# [*messaging_store*]
+# (Optional) The messaging store for Zaqar.
+# Defaults to 'mongodb'
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
@@ -28,27 +36,53 @@
# Defaults to hiera('step')
#
class tripleo::profile::base::zaqar (
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $management_store = 'mongodb',
+ $messaging_store = 'mongodb',
$step = Integer(hiera('step')),
) {
- if $step >= 4 {
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
+ }
+
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::zaqar
- if str2bool(hiera('mongodb::server::ipv6', false)) {
- $mongo_node_ips_with_port_prefixed = prefix(hiera('mongodb_node_ips'), '[')
- $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017')
- } else {
- $mongo_node_ips_with_port = suffix(hiera('mongodb_node_ips'), ':27017')
+ if $messaging_store == 'mongodb' or $management_store == 'mongodb' {
+ if str2bool(hiera('mongodb::server::ipv6', false)) {
+ $mongo_node_ips_with_port_prefixed = prefix(hiera('mongodb_node_ips'), '[')
+ $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017')
+ } else {
+ $mongo_node_ips_with_port = suffix(hiera('mongodb_node_ips'), ':27017')
+ }
+ $mongodb_replset = hiera('mongodb::server::replset')
+ $mongo_node_string = join($mongo_node_ips_with_port, ',')
+ $mongo_database_connection = "mongodb://${mongo_node_string}/zaqar?replicaSet=${mongodb_replset}"
}
- $mongodb_replset = hiera('mongodb::server::replset')
- $mongo_node_string = join($mongo_node_ips_with_port, ',')
- $database_connection = "mongodb://${mongo_node_string}/zaqar?replicaSet=${mongodb_replset}"
- class { '::zaqar::management::mongodb':
- uri => $database_connection,
+
+ if $messaging_store == 'swift' {
+ include ::zaqar::messaging::swift
+ } elsif $messaging_store == 'mongodb' {
+ class {'::zaqar::messaging::mongodb':
+ uri => $mongo_database_connection,
+ }
+ } else {
+ fail("unsupported Zaqar messaging_store set: ${messaging_store}")
}
- class {'::zaqar::messaging::mongodb':
- uri => $database_connection,
+
+ if $management_store == 'sqlalchemy' {
+ include ::zaqar::management::sqlalchemy
+ } elsif $management_store == 'mongodb' {
+ class { '::zaqar::management::mongodb':
+ uri => $mongo_database_connection,
+ }
+ } else {
+ fail("unsupported Zaqar management_store set: ${management_store}")
}
+
include ::zaqar::transport::websocket
include ::apache::mod::ssl
include ::zaqar::transport::wsgi
diff --git a/manifests/profile/pacemaker/cinder/backup_bundle.pp b/manifests/profile/pacemaker/cinder/backup_bundle.pp
index a5e1a9b..2a82c3e 100644
--- a/manifests/profile/pacemaker/cinder/backup_bundle.pp
+++ b/manifests/profile/pacemaker/cinder/backup_bundle.pp
@@ -85,13 +85,8 @@ class tripleo::profile::pacemaker::cinder::backup_bundle (
'options' => 'ro',
},
'cinder-backup-cfg-data' => {
- 'source-dir' => '/var/lib/config-data/cinder/etc/cinder',
- 'target-dir' => '/etc/cinder',
- 'options' => 'ro',
- },
- 'cinder-backup-cfg-ceph' => {
- 'source-dir' => '/var/lib/config-data/cinder/etc/ceph',
- 'target-dir' => '/etc/ceph',
+ 'source-dir' => '/var/lib/config-data/puppet-generated/cinder/',
+ 'target-dir' => '/var/lib/kolla/config_files/src',
'options' => 'ro',
},
'cinder-backup-hosts' => {
diff --git a/manifests/profile/pacemaker/cinder/volume_bundle.pp b/manifests/profile/pacemaker/cinder/volume_bundle.pp
index 39199a5..8d58036 100644
--- a/manifests/profile/pacemaker/cinder/volume_bundle.pp
+++ b/manifests/profile/pacemaker/cinder/volume_bundle.pp
@@ -85,8 +85,8 @@ class tripleo::profile::pacemaker::cinder::volume_bundle (
'options' => 'ro',
},
'cinder-volume-cfg-data' => {
- 'source-dir' => '/var/lib/config-data/cinder/etc/cinder',
- 'target-dir' => '/etc/cinder',
+ 'source-dir' => '/var/lib/config-data/puppet-generated/cinder/',
+ 'target-dir' => '/var/lib/kolla/config_files/src',
'options' => 'ro',
},
'cinder-volume-hosts' => {
diff --git a/manifests/profile/pacemaker/database/mysql.pp b/manifests/profile/pacemaker/database/mysql.pp
index 3aff62f..b9f2a65 100644
--- a/manifests/profile/pacemaker/database/mysql.pp
+++ b/manifests/profile/pacemaker/database/mysql.pp
@@ -26,11 +26,39 @@
# (Optional) The address that the local mysql instance should bind to.
# Defaults to $::hostname
#
+# [*ca_file*]
+# (Optional) The path to the CA file that will be used for the TLS
+# configuration. It's only used if internal TLS is enabled.
+# Defaults to undef
+#
+# [*certificate_specs*]
+# (Optional) The specifications to give to certmonger for the certificate
+# it will create. Note that the certificate nickname must be 'mysql' in
+# the case of this service.
+# Example with hiera:
+# tripleo::profile::base::database::mysql::certificate_specs:
+# hostname: <overcloud controller fqdn>
+# service_certificate: <service certificate path>
+# service_key: <service key path>
+# principal: "mysql/<overcloud controller fqdn>"
+# Defaults to hiera('tripleo::profile::base::database::mysql::certificate_specs', {}).
+#
+# [*enable_internal_tls*]
+# (Optional) Whether TLS in the internal network is enabled or not.
+# Defaults to hiera('enable_internal_tls', false)
+#
# [*gmcast_listen_addr*]
# (Optional) This variable defines the address on which the node listens to
# connections from other nodes in the cluster.
# Defaults to hiera('mysql_bind_host')
#
+# [*innodb_flush_log_at_trx_commit*]
+# (Optional) Disk flush behavior for MySQL under Galera. A value of
+# '1' indicates flush to disk per transaction. A value of '2' indicates
+# flush to disk every second, flushing all unflushed transactions in
+# one step.
+# Defaults to hiera('innodb_flush_log_at_trx_commit', '1')
+#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
@@ -41,11 +69,15 @@
# Defaults to hiera('pcs_tries', 20)
#
class tripleo::profile::pacemaker::database::mysql (
- $bootstrap_node = hiera('mysql_short_bootstrap_node_name'),
- $bind_address = $::hostname,
- $gmcast_listen_addr = hiera('mysql_bind_host'),
- $step = Integer(hiera('step')),
- $pcs_tries = hiera('pcs_tries', 20),
+ $bootstrap_node = hiera('mysql_short_bootstrap_node_name'),
+ $bind_address = $::hostname,
+ $ca_file = undef,
+ $certificate_specs = hiera('tripleo::profile::base::database::mysql::certificate_specs', {}),
+ $enable_internal_tls = hiera('enable_internal_tls', false),
+ $gmcast_listen_addr = hiera('mysql_bind_host'),
+ $innodb_flush_log_at_trx_commit = hiera('innodb_flush_log_at_trx_commit', '1'),
+ $step = Integer(hiera('step')),
+ $pcs_tries = hiera('pcs_tries', 20),
) {
if $::hostname == downcase($bootstrap_node) {
$pacemaker_master = true
@@ -70,35 +102,49 @@ class tripleo::profile::pacemaker::database::mysql (
$processed_galera_name_pairs = $galera_name_pairs.map |$pair| { join($pair, ':') }
$cluster_host_map = join($processed_galera_name_pairs, ';')
+ if $enable_internal_tls {
+ $tls_certfile = $certificate_specs['service_certificate']
+ $tls_keyfile = $certificate_specs['service_key']
+ if $ca_file {
+ $tls_ca_options = "socket.ssl_ca=${ca_file}"
+ } else {
+ $tls_ca_options = ''
+ }
+ $tls_options = "socket.ssl_key=${tls_keyfile};socket.ssl_cert=${tls_certfile};${tls_ca_options};"
+ } else {
+ $tls_options = ''
+ }
+
$mysqld_options = {
'mysqld' => {
- 'skip-name-resolve' => '1',
- 'binlog_format' => 'ROW',
- 'default-storage-engine' => 'innodb',
- 'innodb_autoinc_lock_mode' => '2',
- 'innodb_locks_unsafe_for_binlog'=> '1',
- 'innodb_file_per_table' => 'ON',
- 'query_cache_size' => '0',
- 'query_cache_type' => '0',
- 'bind-address' => $bind_address,
- 'max_connections' => hiera('mysql_max_connections'),
- 'open_files_limit' => '-1',
- 'wsrep_on' => 'ON',
- 'wsrep_provider' => '/usr/lib64/galera/libgalera_smm.so',
- 'wsrep_cluster_name' => 'galera_cluster',
- 'wsrep_cluster_address' => "gcomm://${galera_nodes}",
- 'wsrep_slave_threads' => '1',
- 'wsrep_certify_nonPK' => '1',
- 'wsrep_max_ws_rows' => '131072',
- 'wsrep_max_ws_size' => '1073741824',
- 'wsrep_debug' => '0',
- 'wsrep_convert_LOCK_to_trx' => '0',
- 'wsrep_retry_autocommit' => '1',
- 'wsrep_auto_increment_control' => '1',
- 'wsrep_drupal_282555_workaround'=> '0',
- 'wsrep_causal_reads' => '0',
- 'wsrep_sst_method' => 'rsync',
- 'wsrep_provider_options' => "gmcast.listen_addr=tcp://${gmcast_listen_addr}:4567;",
+ 'skip-name-resolve' => '1',
+ 'binlog_format' => 'ROW',
+ 'default-storage-engine' => 'innodb',
+ 'innodb_autoinc_lock_mode' => '2',
+ 'innodb_locks_unsafe_for_binlog' => '1',
+ 'innodb_file_per_table' => 'ON',
+ 'innodb_flush_log_at_trx_commit' => $innodb_flush_log_at_trx_commit,
+ 'query_cache_size' => '0',
+ 'query_cache_type' => '0',
+ 'bind-address' => $bind_address,
+ 'max_connections' => hiera('mysql_max_connections'),
+ 'open_files_limit' => '-1',
+ 'wsrep_on' => 'ON',
+ 'wsrep_provider' => '/usr/lib64/galera/libgalera_smm.so',
+ 'wsrep_cluster_name' => 'galera_cluster',
+ 'wsrep_cluster_address' => "gcomm://${galera_nodes}",
+ 'wsrep_slave_threads' => '1',
+ 'wsrep_certify_nonPK' => '1',
+ 'wsrep_max_ws_rows' => '131072',
+ 'wsrep_max_ws_size' => '1073741824',
+ 'wsrep_debug' => '0',
+ 'wsrep_convert_LOCK_to_trx' => '0',
+ 'wsrep_retry_autocommit' => '1',
+ 'wsrep_auto_increment_control' => '1',
+ 'wsrep_drupal_282555_workaround' => '0',
+ 'wsrep_causal_reads' => '0',
+ 'wsrep_sst_method' => 'rsync',
+ 'wsrep_provider_options' => "gmcast.listen_addr=tcp://${gmcast_listen_addr}:4567;${tls_options}",
}
}
diff --git a/manifests/profile/pacemaker/database/mysql_bundle.pp b/manifests/profile/pacemaker/database/mysql_bundle.pp
index 56e9e28..a80b2de 100644
--- a/manifests/profile/pacemaker/database/mysql_bundle.pp
+++ b/manifests/profile/pacemaker/database/mysql_bundle.pp
@@ -215,7 +215,7 @@ MYSQL_HOST=localhost\n",
'options' => 'ro',
},
'mysql-cfg-data' => {
- 'source-dir' => '/var/lib/config-data/mysql',
+ 'source-dir' => '/var/lib/config-data/puppet-generated/mysql/',
'target-dir' => '/var/lib/kolla/config_files/src',
'options' => 'ro',
},
diff --git a/manifests/profile/pacemaker/database/redis_bundle.pp b/manifests/profile/pacemaker/database/redis_bundle.pp
index dd090d7..ea153a8 100644
--- a/manifests/profile/pacemaker/database/redis_bundle.pp
+++ b/manifests/profile/pacemaker/database/redis_bundle.pp
@@ -83,77 +83,62 @@ class tripleo::profile::pacemaker::database::redis_bundle (
run_command => '/bin/bash /usr/local/bin/kolla_start',
network => "control-port=${redis_docker_control_port}",
storage_maps => {
- 'redis-cfg-files' => {
+ 'redis-cfg-files' => {
'source-dir' => '/var/lib/kolla/config_files/redis.json',
'target-dir' => '/var/lib/kolla/config_files/config.json',
'options' => 'ro',
},
- 'redis-cfg-data-redis' => {
- 'source-dir' => '/var/lib/config-data/redis/etc/redis',
- 'target-dir' => '/etc/redis',
+ 'redis-cfg-data-redis' => {
+ 'source-dir' => '/var/lib/config-data/puppet-generated/redis/',
+ 'target-dir' => '/var/lib/kolla/config_files/src',
'options' => 'ro',
},
- 'redis-cfg-data-redis-conf' => {
- 'source-dir' => '/var/lib/config-data/redis/etc/redis.conf',
- 'target-dir' => '/etc/redis.conf',
- 'options' => 'ro',
- },
- 'redis-cfg-data-redis-conf-puppet' => {
- 'source-dir' => '/var/lib/config-data/redis/etc/redis.conf.puppet',
- 'target-dir' => '/etc/redis.conf.puppet',
- 'options' => 'ro',
- },
- 'redis-cfg-data-redis-sentinel' => {
- 'source-dir' => '/var/lib/config-data/redis/etc/redis-sentinel.conf',
- 'target-dir' => '/etc/redis-sentinel.conf',
- 'options' => 'ro',
- },
- 'redis-hosts' => {
+ 'redis-hosts' => {
'source-dir' => '/etc/hosts',
'target-dir' => '/etc/hosts',
'options' => 'ro',
},
- 'redis-localtime' => {
+ 'redis-localtime' => {
'source-dir' => '/etc/localtime',
'target-dir' => '/etc/localtime',
'options' => 'ro',
},
- 'redis-lib' => {
+ 'redis-lib' => {
'source-dir' => '/var/lib/redis',
'target-dir' => '/var/lib/redis',
'options' => 'rw',
},
- 'redis-log' => {
+ 'redis-log' => {
'source-dir' => '/var/log/redis',
'target-dir' => '/var/log/redis',
'options' => 'rw',
},
- 'redis-run' => {
+ 'redis-run' => {
'source-dir' => '/var/run/redis',
'target-dir' => '/var/run/redis',
'options' => 'rw',
},
- 'redis-pki-extracted' => {
+ 'redis-pki-extracted' => {
'source-dir' => '/etc/pki/ca-trust/extracted',
'target-dir' => '/etc/pki/ca-trust/extracted',
'options' => 'ro',
},
- 'redis-pki-ca-bundle-crt' => {
+ 'redis-pki-ca-bundle-crt' => {
'source-dir' => '/etc/pki/tls/certs/ca-bundle.crt',
'target-dir' => '/etc/pki/tls/certs/ca-bundle.crt',
'options' => 'ro',
},
- 'redis-pki-ca-bundle-trust-crt' => {
+ 'redis-pki-ca-bundle-trust-crt' => {
'source-dir' => '/etc/pki/tls/certs/ca-bundle.trust.crt',
'target-dir' => '/etc/pki/tls/certs/ca-bundle.trust.crt',
'options' => 'ro',
},
- 'redis-pki-cert' => {
+ 'redis-pki-cert' => {
'source-dir' => '/etc/pki/tls/cert.pem',
'target-dir' => '/etc/pki/tls/cert.pem',
'options' => 'ro',
},
- 'redis-dev-log' => {
+ 'redis-dev-log' => {
'source-dir' => '/dev/log',
'target-dir' => '/dev/log',
'options' => 'rw',
diff --git a/manifests/profile/pacemaker/haproxy_bundle.pp b/manifests/profile/pacemaker/haproxy_bundle.pp
index 9c1bdf3..b785ea7 100644
--- a/manifests/profile/pacemaker/haproxy_bundle.pp
+++ b/manifests/profile/pacemaker/haproxy_bundle.pp
@@ -30,6 +30,11 @@
# (Optional) Whether load balancing is enabled for this cluster
# Defaults to hiera('enable_load_balancer', true)
#
+# [*deployed_ssl_cert_path*]
+# (Optional) The filepath of the certificate as it will be stored in
+# the controller.
+# Defaults to '/etc/pki/tls/private/overcloud_endpoint.pem'
+#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
@@ -40,11 +45,12 @@
# Defaults to hiera('pcs_tries', 20)
#
class tripleo::profile::pacemaker::haproxy_bundle (
- $haproxy_docker_image = hiera('tripleo::profile::pacemaker::haproxy::haproxy_docker_image', undef),
- $bootstrap_node = hiera('haproxy_short_bootstrap_node_name'),
- $enable_load_balancer = hiera('enable_load_balancer', true),
- $step = Integer(hiera('step')),
- $pcs_tries = hiera('pcs_tries', 20),
+ $haproxy_docker_image = hiera('tripleo::profile::pacemaker::haproxy::haproxy_docker_image', undef),
+ $bootstrap_node = hiera('haproxy_short_bootstrap_node_name'),
+ $enable_load_balancer = hiera('enable_load_balancer', true),
+ $deployed_ssl_cert_path = '/etc/pki/tls/private/overcloud_endpoint.pem',
+ $step = Integer(hiera('step')),
+ $pcs_tries = hiera('pcs_tries', 20),
) {
include ::tripleo::profile::base::haproxy
@@ -98,8 +104,8 @@ class tripleo::profile::pacemaker::haproxy_bundle (
'options' => 'ro',
},
'haproxy-cfg-data' => {
- 'source-dir' => '/var/lib/config-data/haproxy/etc',
- 'target-dir' => '/etc',
+ 'source-dir' => '/var/lib/config-data/puppet-generated/haproxy/',
+ 'target-dir' => '/var/lib/kolla/config_files/src',
'options' => 'ro',
},
'haproxy-hosts' => {
@@ -137,6 +143,11 @@ class tripleo::profile::pacemaker::haproxy_bundle (
'target-dir' => '/dev/log',
'options' => 'rw',
},
+ 'haproxy-cert' => {
+ 'source-dir' => $deployed_ssl_cert_path,
+ 'target-dir' => $deployed_ssl_cert_path,
+ 'options' => 'ro',
+ },
},
}
$control_vip = hiera('controller_virtual_ip')
diff --git a/manifests/profile/pacemaker/rabbitmq_bundle.pp b/manifests/profile/pacemaker/rabbitmq_bundle.pp
index 0a6295c..2f848b4 100644
--- a/manifests/profile/pacemaker/rabbitmq_bundle.pp
+++ b/manifests/profile/pacemaker/rabbitmq_bundle.pp
@@ -121,8 +121,8 @@ class tripleo::profile::pacemaker::rabbitmq_bundle (
'options' => 'ro',
},
'rabbitmq-cfg-data' => {
- 'source-dir' => '/var/lib/config-data/rabbitmq/etc/rabbitmq',
- 'target-dir' => '/etc/rabbitmq',
+ 'source-dir' => '/var/lib/config-data/puppet-generated/rabbitmq/',
+ 'target-dir' => '/var/lib/kolla/config_files/src',
'options' => 'ro',
},
'rabbitmq-hosts' => {
diff --git a/manifests/ui.pp b/manifests/ui.pp
index 825ffc2..d744044 100644
--- a/manifests/ui.pp
+++ b/manifests/ui.pp
@@ -136,13 +136,16 @@ class tripleo::ui (
$endpoint_config_swift = undef,
) {
+ package {'openstack-tripleo-ui': }
+ include ::apache
include ::apache::mod::proxy
include ::apache::mod::proxy_http
include ::apache::mod::proxy_wstunnel
::apache::vhost { 'tripleo-ui':
ensure => 'present',
+ require => Package['openstack-tripleo-ui'],
servername => $servername,
ip => $bind_host,
port => $ui_port,
diff --git a/releasenotes/notes/add-mysql_maxconn-to-haproxy-84a5ad07d8d14ddd.yaml b/releasenotes/notes/add-mysql_maxconn-to-haproxy-84a5ad07d8d14ddd.yaml
new file mode 100644
index 0000000..8359456
--- /dev/null
+++ b/releasenotes/notes/add-mysql_maxconn-to-haproxy-84a5ad07d8d14ddd.yaml
@@ -0,0 +1,5 @@
+---
+features:
+ - |
+ Added new parameter mysql_maxconn to the tripleo::haproxy class,
+ allowing haproxy maxconn to be configured for the MySQL server.
diff --git a/releasenotes/notes/allow-missing-pci-dev-for-sriov-bbc29f62fcac10ff.yaml b/releasenotes/notes/allow-missing-pci-dev-for-sriov-bbc29f62fcac10ff.yaml
new file mode 100644
index 0000000..f2fc2f2
--- /dev/null
+++ b/releasenotes/notes/allow-missing-pci-dev-for-sriov-bbc29f62fcac10ff.yaml
@@ -0,0 +1,5 @@
+---
+fixes:
+ - |
+ Allow VF configuration files to be written for non-existent PCI devices to
+ allow updates while physical functions are currently in use by a guest.
diff --git a/releasenotes/notes/contrail-move-traffic-to-internal_api-ddc96d24c7018b81.yaml b/releasenotes/notes/contrail-move-traffic-to-internal_api-ddc96d24c7018b81.yaml
new file mode 100644
index 0000000..2505c54
--- /dev/null
+++ b/releasenotes/notes/contrail-move-traffic-to-internal_api-ddc96d24c7018b81.yaml
@@ -0,0 +1,10 @@
+---
+fixes:
+ - |
+ Traffic between Contrail nodes used the public network. This release will
+ move the traffic to the internal_api network per default and also allows
+ to optionally use the storage_mgmt network. This is in preparation for
+ for composable networks, where Contrail will have its own network.
+features:
+ - |
+ This release allows to enable Contrail DPDK on the compute nodes.
diff --git a/releasenotes/notes/innodb_flush_log_at_trx_commit-eb7d99749ca3c911.yaml b/releasenotes/notes/innodb_flush_log_at_trx_commit-eb7d99749ca3c911.yaml
new file mode 100644
index 0000000..7dbd5a7
--- /dev/null
+++ b/releasenotes/notes/innodb_flush_log_at_trx_commit-eb7d99749ca3c911.yaml
@@ -0,0 +1,17 @@
+---
+features:
+ - |
+ Enable innodb_flush_log_at_trx_commit configuration for Galera only.
+upgrade:
+ - |
+ Setting the innodb_flush_log_at_trx_commit flag to the value of "2" instead
+ of its default value of "1" means that the underlying MySQL/MariaDB engine
+ will no longer flush transactions to disk on a per-transaction basis;
+ instead, flushes occur once per second. This leads to far fewer
+ disk writes and can dramatically improve write performance, at the cost
+ of durability (e.g. will lose the last second's worth of transactions)
+ if the database engine is ungracefully shut down. The
+ clustered nature of Galera mitigates this risk in that transactions
+ are replicated to other nodes before completion, and the setting of
+ "2" is considered to be generally safe for a Galera cluster, with the
+ exception case of simultaneous power loss for all nodes.
diff --git a/releasenotes/notes/nf_conntrack_proto_sctp-a64300a3fc7b4e55.yaml b/releasenotes/notes/nf_conntrack_proto_sctp-a64300a3fc7b4e55.yaml
new file mode 100644
index 0000000..9aad5ee
--- /dev/null
+++ b/releasenotes/notes/nf_conntrack_proto_sctp-a64300a3fc7b4e55.yaml
@@ -0,0 +1,9 @@
+---
+issues:
+ - |
+ Ignore failures if nf_conntrack_proto_sctp module failed to load.
+ Since RHEL 7.4, nf_conntrack_proto_sctp module is compiled into the
+ kernel instead of as a module as the sctp support.
+ TripleO will still try to load the module to support RHEL 7.3, but
+ in the future will remove the module management and rely on the kernel
+ provided in newer versions of RHEL.
diff --git a/releasenotes/notes/start-httpd-step3-and-4-2bd7be9e1429ef6d.yaml b/releasenotes/notes/start-httpd-step3-and-4-2bd7be9e1429ef6d.yaml
new file mode 100644
index 0000000..02e0d48
--- /dev/null
+++ b/releasenotes/notes/start-httpd-step3-and-4-2bd7be9e1429ef6d.yaml
@@ -0,0 +1,5 @@
+---
+fixes:
+ - In order to avoid service restarts, all services deploy their httpd
+ configuration at the same time. Thus, httpd now starts in step 3 for the
+ bootstrap nodes, and step 4 for all other nodes.
diff --git a/releasenotes/notes/swift-dispersion-profile-09dc69980028e751.yaml b/releasenotes/notes/swift-dispersion-profile-09dc69980028e751.yaml
new file mode 100644
index 0000000..18c8642
--- /dev/null
+++ b/releasenotes/notes/swift-dispersion-profile-09dc69980028e751.yaml
@@ -0,0 +1,6 @@
+---
+features:
+ - |
+ Added a new profile for the setup of the Swift dispersion tool. This will
+ be executed in step 5 or later to ensure Swift and Keystone are already up
+ and running.
diff --git a/releasenotes/notes/veritas-hyperscale-driver-profile-970b5cb72f9fdcba.yaml b/releasenotes/notes/veritas-hyperscale-driver-profile-970b5cb72f9fdcba.yaml
new file mode 100644
index 0000000..0f98d44
--- /dev/null
+++ b/releasenotes/notes/veritas-hyperscale-driver-profile-970b5cb72f9fdcba.yaml
@@ -0,0 +1,3 @@
+---
+features:
+ - New profile for Veritas HyperScale Cinder backend.
diff --git a/releasenotes/notes/zaqar_undercloud_backends-66c268161cf7840e.yaml b/releasenotes/notes/zaqar_undercloud_backends-66c268161cf7840e.yaml
new file mode 100644
index 0000000..d1a463b
--- /dev/null
+++ b/releasenotes/notes/zaqar_undercloud_backends-66c268161cf7840e.yaml
@@ -0,0 +1,6 @@
+---
+features:
+ - |
+ Support configurable backends Zaqar backends.
+ Updates the Zaqar profile so that we have support for configuring
+ alternate versions of the messaging and management backends.
diff --git a/releasenotes/source/conf.py b/releasenotes/source/conf.py
index 4661b77..d045d6a 100644
--- a/releasenotes/source/conf.py
+++ b/releasenotes/source/conf.py
@@ -20,6 +20,7 @@
# -- General configuration ------------------------------------------------
+
# If your documentation needs a minimal Sphinx version, state it here.
#needs_sphinx = '1.0'
@@ -27,7 +28,7 @@
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
# ones.
extensions = [
- 'oslosphinx',
+ 'openstackdocstheme',
'reno.sphinxext',
]
@@ -99,7 +100,7 @@ pygments_style = 'sphinx'
# The theme to use for HTML and HTML Help pages. See the documentation for
# a list of builtin themes.
-html_theme = 'default'
+html_theme = 'openstackdocs'
# Theme options are theme-specific and customize the look and feel of a theme
# further. For a list of options available for each theme, see the
@@ -107,7 +108,7 @@ html_theme = 'default'
#html_theme_options = {}
# Add any paths that contain custom themes here, relative to this directory.
-#html_theme_path = []
+# html_theme_path = []
# The name for this set of Sphinx documents. If None, it defaults to
# "<project> v<release> documentation".
@@ -137,7 +138,7 @@ html_static_path = ['_static']
# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
# using the given strftime format.
-#html_last_updated_fmt = '%b %d, %Y'
+html_last_updated_fmt = '%Y-%m-%d %H:%M'
# If true, SmartyPants will be used to convert quotes and dashes to
# typographically correct entities.
@@ -260,3 +261,8 @@ texinfo_documents = [
# -- Options for Internationalization output ------------------------------
locale_dirs = ['locale/']
+
+# openstackdocstheme options
+repository_name = 'openstack/puppet-tripleo'
+bug_project = 'puppet-tripleo'
+bug_tag = ''
diff --git a/spec/classes/tripleo_certmonger_ca_local_spec.rb b/spec/classes/tripleo_certmonger_ca_local_spec.rb
index 7ee9383..b6ecebc 100644
--- a/spec/classes/tripleo_certmonger_ca_local_spec.rb
+++ b/spec/classes/tripleo_certmonger_ca_local_spec.rb
@@ -21,6 +21,11 @@ require 'spec_helper'
describe 'tripleo::certmonger::ca::local' do
shared_examples_for 'tripleo::certmonger::ca::local' do
+
+ let :pre_condition do
+ "include ::certmonger"
+ end
+
let :params do
{
:ca_pem => '/etc/pki/ca-trust/source/anchors/cm-local-ca.pem',
diff --git a/spec/classes/tripleo_haproxy_spec.rb b/spec/classes/tripleo_haproxy_spec.rb
new file mode 100644
index 0000000..966729a
--- /dev/null
+++ b/spec/classes/tripleo_haproxy_spec.rb
@@ -0,0 +1,115 @@
+# Copyright 2016 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::haproxy' do
+
+ shared_examples_for 'tripleo::haproxy' do
+ let :params do {
+ :controller_virtual_ip => '10.1.0.1',
+ :public_virtual_ip => '192.168.0.1'
+ }
+ end
+
+ describe "default settings" do
+ it 'should configure haproxy' do
+ is_expected.to contain_haproxy__listen('mysql').with(
+ :options => {
+ 'timeout client' => "90m",
+ 'timeout server' => "90m",
+ 'maxconn' => :undef
+ }
+ )
+ end
+ end
+
+ describe "set clustercheck" do
+ before :each do
+ params.merge!({
+ :mysql_clustercheck => true,
+ })
+ end
+
+ it 'should configure haproxy with clustercheck' do
+ is_expected.to contain_haproxy__listen('mysql').with(
+ :options => {
+ 'timeout client' => "90m",
+ 'timeout server' => "90m",
+ 'option' => ["tcpka", "httpchk"],
+ 'timeout client' => "90m",
+ 'timeout server' => "90m",
+ 'stick-table' => "type ip size 1000",
+ 'stick' => "on dst",
+ 'maxconn' => :undef
+ }
+ )
+ end
+ end
+
+ describe "override maxconn with clustercheck" do
+ before :each do
+ params.merge!({
+ :mysql_clustercheck => true,
+ :mysql_max_conn => 6500,
+ })
+ end
+
+ it 'should configure haproxy' do
+ is_expected.to contain_haproxy__listen('mysql').with(
+ :options => {
+ 'option' => ["tcpka", "httpchk"],
+ 'timeout client' => "90m",
+ 'timeout server' => "90m",
+ 'stick-table' => "type ip size 1000",
+ 'stick' => "on dst",
+ 'maxconn' => 6500
+ }
+ )
+ end
+ end
+
+ describe "override maxconn without clustercheck" do
+ before :each do
+ params.merge!({
+ :mysql_max_conn => 6500,
+ })
+ end
+
+ it 'should configure haproxy' do
+ is_expected.to contain_haproxy__listen('mysql').with(
+ :options => {
+ 'timeout client' => "90m",
+ 'timeout server' => "90m",
+ 'maxconn' => 6500
+ }
+ )
+ end
+ end
+
+ end
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let(:facts) do
+ facts.merge({ })
+ end
+
+ it_behaves_like 'tripleo::haproxy'
+ end
+ end
+
+end \ No newline at end of file
diff --git a/spec/classes/tripleo_host_sriov_spec.rb b/spec/classes/tripleo_host_sriov_spec.rb
index 920eb9b..eb2213a 100644
--- a/spec/classes/tripleo_host_sriov_spec.rb
+++ b/spec/classes/tripleo_host_sriov_spec.rb
@@ -17,8 +17,8 @@ describe 'tripleo::host::sriov' do
end
it 'configures numvfs' do
- is_expected.to contain_sriov_vf_config('eth0:4').with( :ensure => 'present' )
- is_expected.to contain_sriov_vf_config('eth1:5').with( :ensure => 'present')
+ is_expected.to contain_sriov_vf_config('eth0:4')
+ is_expected.to contain_sriov_vf_config('eth1:5')
is_expected.to contain_tripleo__host__sriov__numvfs_persistence('persistent_numvfs').with(
:vf_defs => ['eth0:4','eth1:5'],
:content_string => "#!/bin/bash\n"
diff --git a/spec/classes/tripleo_profile_base_aodh_api_spec.rb b/spec/classes/tripleo_profile_base_aodh_api_spec.rb
index a82cf49..27bd735 100644
--- a/spec/classes/tripleo_profile_base_aodh_api_spec.rb
+++ b/spec/classes/tripleo_profile_base_aodh_api_spec.rb
@@ -33,12 +33,35 @@ describe 'tripleo::profile::base::aodh::api' do
end
end
- context 'with step 3' do
+ context 'with step 3 and not bootstrap' do
let(:params) { {
:step => 3,
} }
it 'should trigger complete configuration' do
+ is_expected.not_to contain_class('aodh::api')
+ is_expected.not_to contain_class('aodh::wsgi::apache')
+ end
+ end
+
+ context 'with step 3 and bootstrap' do
+ let(:params) { {
+ :step => 3,
+ :bootstrap_node => 'node.example.com'
+ } }
+
+ it 'should trigger complete configuration' do
+ is_expected.to contain_class('aodh::api')
+ is_expected.to contain_class('aodh::wsgi::apache')
+ end
+ end
+
+ context 'with step 4' do
+ let(:params) { {
+ :step => 4,
+ } }
+
+ it 'should trigger complete configuration' do
is_expected.to contain_class('aodh::api')
is_expected.to contain_class('aodh::wsgi::apache')
end
diff --git a/spec/classes/tripleo_profile_base_ceilometer_api_spec.rb b/spec/classes/tripleo_profile_base_ceilometer_api_spec.rb
index cec2b54..9cb657f 100644
--- a/spec/classes/tripleo_profile_base_ceilometer_api_spec.rb
+++ b/spec/classes/tripleo_profile_base_ceilometer_api_spec.rb
@@ -32,9 +32,32 @@ describe 'tripleo::profile::base::ceilometer::api' do
end
end
- context 'with step 3' do
+ context 'with step 3 and not bootstrap' do
let(:params) { {
- :step => 3,
+ :step => 3,
+ } }
+
+ it 'should trigger complete configuration' do
+ is_expected.not_to contain_class('ceilometer::api')
+ is_expected.not_to contain_class('ceilometer::wsgi::apache')
+ end
+ end
+
+ context 'with step 3 and bootstrap' do
+ let(:params) { {
+ :step => 3,
+ :bootstrap_node => 'node.example.com'
+ } }
+
+ it 'should trigger complete configuration' do
+ is_expected.to contain_class('ceilometer::api')
+ is_expected.to contain_class('ceilometer::wsgi::apache')
+ end
+ end
+
+ context 'with step 4' do
+ let(:params) { {
+ :step => 4,
} }
it 'should trigger complete configuration' do
diff --git a/spec/classes/tripleo_profile_base_cinder_veritas_hyperscale_spec.rb b/spec/classes/tripleo_profile_base_cinder_veritas_hyperscale_spec.rb
new file mode 100644
index 0000000..63c1147
--- /dev/null
+++ b/spec/classes/tripleo_profile_base_cinder_veritas_hyperscale_spec.rb
@@ -0,0 +1,57 @@
+#
+# Copyright (c) 2017 Veritas Technologies LLC.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::cinder::volume::veritas_hyperscale' do
+ shared_examples_for 'tripleo::profile::base::cinder::volume::veritas_hyperscale' do
+ before :each do
+ facts.merge!({ :step => params[:step] })
+ end
+
+ context 'with step less than 4' do
+ let(:params) { { :step => 3 } }
+
+ it 'should do nothing' do
+ is_expected.to contain_class('tripleo::profile::base::cinder::volume::veritas_hyperscale')
+ is_expected.to contain_class('tripleo::profile::base::cinder::volume')
+ is_expected.to contain_class('tripleo::profile::base::cinder')
+ is_expected.to_not contain_cinder__backend__veritas_hyperscale('Veritas_HyperScale')
+ end
+ end
+
+ context 'with step 4' do
+ let(:params) { {
+ :step => 4,
+ } }
+
+ it 'should trigger complete configuration' do
+ is_expected.to contain_cinder__backend__veritas_hyperscale('Veritas_HyperScale')
+ end
+ end
+ end
+
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let(:facts) do
+ facts.merge({ :hostname => 'node.example.com' })
+ end
+
+ it_behaves_like 'tripleo::profile::base::cinder::volume::veritas_hyperscale'
+ end
+ end
+end
diff --git a/spec/classes/tripleo_profile_base_cinder_volume_spec.rb b/spec/classes/tripleo_profile_base_cinder_volume_spec.rb
index aa3dd89..03f5325 100644
--- a/spec/classes/tripleo_profile_base_cinder_volume_spec.rb
+++ b/spec/classes/tripleo_profile_base_cinder_volume_spec.rb
@@ -132,6 +132,25 @@ describe 'tripleo::profile::base::cinder::volume' do
end
end
+ context 'with only veritas hyperscale' do
+ before :each do
+ params.merge!({
+ :cinder_enable_vrts_hs_backend => true,
+ :cinder_enable_iscsi_backend => false,
+ })
+ end
+ it 'should configure only veritas hyperscale' do
+ is_expected.to contain_class('tripleo::profile::base::cinder::volume::veritas_hyperscale')
+ is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::iscsi')
+ is_expected.to contain_class('tripleo::profile::base::cinder::volume')
+ is_expected.to contain_class('tripleo::profile::base::cinder')
+ is_expected.to contain_class('cinder::volume')
+ is_expected.to contain_class('cinder::backends').with(
+ :enabled_backends => ['Veritas_HyperScale']
+ )
+ end
+ end
+
context 'with only nfs' do
before :each do
params.merge!({
@@ -183,6 +202,7 @@ describe 'tripleo::profile::base::cinder::volume' do
is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::dellsc')
is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::dellps')
is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::netapp')
+ is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::veritas_hyperscale')
is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::nfs')
is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::rbd')
is_expected.to contain_class('tripleo::profile::base::cinder::volume')
@@ -197,13 +217,14 @@ describe 'tripleo::profile::base::cinder::volume' do
context 'with all tripleo backends' do
before :each do
params.merge!({
- :cinder_enable_nfs_backend => true,
- :cinder_enable_rbd_backend => true,
- :cinder_enable_iscsi_backend => true,
- :cinder_enable_pure_backend => true,
- :cinder_enable_dellsc_backend => true,
- :cinder_enable_dellps_backend => true,
- :cinder_enable_netapp_backend => true,
+ :cinder_enable_nfs_backend => true,
+ :cinder_enable_rbd_backend => true,
+ :cinder_enable_iscsi_backend => true,
+ :cinder_enable_pure_backend => true,
+ :cinder_enable_dellsc_backend => true,
+ :cinder_enable_dellps_backend => true,
+ :cinder_enable_netapp_backend => true,
+ :cinder_enable_vrts_hs_backend => true,
})
end
it 'should configure all backends' do
@@ -212,6 +233,7 @@ describe 'tripleo::profile::base::cinder::volume' do
is_expected.to contain_class('tripleo::profile::base::cinder::volume::dellsc')
is_expected.to contain_class('tripleo::profile::base::cinder::volume::dellps')
is_expected.to contain_class('tripleo::profile::base::cinder::volume::netapp')
+ is_expected.to contain_class('tripleo::profile::base::cinder::volume::veritas_hyperscale')
is_expected.to contain_class('tripleo::profile::base::cinder::volume::nfs')
is_expected.to contain_class('tripleo::profile::base::cinder::volume::rbd')
is_expected.to contain_class('tripleo::profile::base::cinder::volume')
@@ -219,7 +241,7 @@ describe 'tripleo::profile::base::cinder::volume' do
is_expected.to contain_class('cinder::volume')
is_expected.to contain_class('cinder::backends').with(
:enabled_backends => ['tripleo_iscsi', 'tripleo_ceph', 'tripleo_pure', 'tripleo_dellps',
- 'tripleo_dellsc', 'tripleo_netapp','tripleo_nfs']
+ 'tripleo_dellsc', 'tripleo_netapp','tripleo_nfs','Veritas_HyperScale']
)
end
end
diff --git a/spec/classes/tripleo_profile_base_docker_spec.rb b/spec/classes/tripleo_profile_base_docker_spec.rb
index bb21055..dc5efa7 100644
--- a/spec/classes/tripleo_profile_base_docker_spec.rb
+++ b/spec/classes/tripleo_profile_base_docker_spec.rb
@@ -27,8 +27,7 @@ describe 'tripleo::profile::base::docker' do
it { is_expected.to contain_package('docker') }
it { is_expected.to contain_service('docker') }
it {
- is_expected.to contain_augeas('docker-sysconfig').with_changes([
- 'rm INSECURE_REGISTRY',
+ is_expected.to contain_augeas('docker-sysconfig-options').with_changes([
"set OPTIONS '\"--log-driver=journald --signature-verification=false\"'",
])
}
@@ -45,9 +44,8 @@ describe 'tripleo::profile::base::docker' do
it { is_expected.to contain_package('docker') }
it { is_expected.to contain_service('docker') }
it {
- is_expected.to contain_augeas('docker-sysconfig').with_changes([
+ is_expected.to contain_augeas('docker-sysconfig-registry').with_changes([
"set INSECURE_REGISTRY '\"--insecure-registry foo:8787\"'",
- "set OPTIONS '\"--log-driver=journald --signature-verification=false\"'",
])
}
end
@@ -85,8 +83,7 @@ describe 'tripleo::profile::base::docker' do
it { is_expected.to contain_package('docker') }
it { is_expected.to contain_service('docker') }
it {
- is_expected.to contain_augeas('docker-sysconfig').with_changes([
- "rm INSECURE_REGISTRY",
+ is_expected.to contain_augeas('docker-sysconfig-options').with_changes([
"set OPTIONS '\"--log-driver=syslog\"'",
])
}
diff --git a/spec/classes/tripleo_profile_base_horizon_spec.rb b/spec/classes/tripleo_profile_base_horizon_spec.rb
index fb076b8..d8a672b 100644
--- a/spec/classes/tripleo_profile_base_horizon_spec.rb
+++ b/spec/classes/tripleo_profile_base_horizon_spec.rb
@@ -31,11 +31,37 @@ describe 'tripleo::profile::base::horizon' do
end
end
- context 'with step 3' do
+ context 'with step 3 and not bootstrap' do
let(:params) { {
:step => 3,
} }
+ it 'should not configure anything' do
+ is_expected.to_not contain_class('horizon')
+ is_expected.to_not contain_class('apache::mod::remoteip')
+ is_expected.to_not contain_class('apache::mod::status')
+ end
+ end
+
+ context 'with step 3 and bootstrap' do
+ let(:params) { {
+ :step => 3,
+ :bootstrap_node => 'node.example.com'
+ } }
+
+ it 'should trigger complete configuration' do
+ is_expected.to contain_class('horizon')
+ is_expected.to contain_class('apache::mod::remoteip')
+ is_expected.to contain_class('apache::mod::status')
+ end
+ end
+
+ context 'with step 4' do
+ let(:params) { {
+ :step => 3,
+ :bootstrap_node => 'node.example.com'
+ } }
+
it 'should trigger complete configuration' do
is_expected.to contain_class('horizon')
is_expected.to contain_class('apache::mod::remoteip')
diff --git a/spec/classes/tripleo_profile_base_iscsid_spec.rb b/spec/classes/tripleo_profile_base_iscsid_spec.rb
new file mode 100644
index 0000000..04f3c2c
--- /dev/null
+++ b/spec/classes/tripleo_profile_base_iscsid_spec.rb
@@ -0,0 +1,42 @@
+#
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::iscsid' do
+ shared_examples_for 'tripleo::profile::base::iscsid' do
+ context 'default params' do
+ let(:params) { { :step => 2, } }
+
+ it {
+ is_expected.to contain_package('iscsi-initiator-utils')
+ is_expected.to contain_exec('reset-iscsi-initiator-name')
+ is_expected.to contain_file('/etc/iscsi/.initiator_reset')
+ }
+ end
+ end
+
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let(:facts) do
+ facts.merge({ :hostname => 'node.example.com' })
+ end
+
+ it_behaves_like 'tripleo::profile::base::iscsid'
+ end
+ end
+end
diff --git a/spec/classes/tripleo_profile_base_kernel_spec.rb b/spec/classes/tripleo_profile_base_kernel_spec.rb
new file mode 100644
index 0000000..4c2aab2
--- /dev/null
+++ b/spec/classes/tripleo_profile_base_kernel_spec.rb
@@ -0,0 +1,59 @@
+#
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::kernel' do
+
+ shared_examples_for 'tripleo::profile::base::kernel' do
+ context 'with kernel modules' do
+ let :params do
+ {
+ :module_list => {
+ 'nf_conntrack' => {},
+ }
+ }
+ end
+
+ it 'should load kernel module' do
+ is_expected.to contain_kmod__load('nf_conntrack')
+ end
+ end
+ context 'with sysctl settings' do
+ let :params do
+ {
+ :sysctl_settings => {
+ 'net.ipv4.tcp_keepalive_intvl' => { 'value' => '1'},
+ }
+ }
+ end
+
+ it 'should load kernel module' do
+ is_expected.to contain_sysctl__value('net.ipv4.tcp_keepalive_intvl')
+ end
+ end
+ end
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let(:facts) {
+ facts
+ }
+
+ it_behaves_like 'tripleo::profile::base::kernel'
+ end
+ end
+end
diff --git a/spec/classes/tripleo_profile_base_lvm_spec.rb b/spec/classes/tripleo_profile_base_lvm_spec.rb
new file mode 100644
index 0000000..ac0031f
--- /dev/null
+++ b/spec/classes/tripleo_profile_base_lvm_spec.rb
@@ -0,0 +1,53 @@
+# coding: utf-8
+#
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::lvm' do
+
+ shared_examples_for 'tripleo::profile::base::lvm' do
+
+ context 'with default params' do
+ it 'should enable udev_sync and udev_rules' do
+ is_expected.to contain_augeas('udev options in lvm.conf')
+ .with_changes(["set udev_sync/int 1",
+ "set udev_rules/int 1"])
+ end
+ end
+
+ context 'with enable_udev false' do
+ let(:params) { { :enable_udev => false } }
+
+ it 'should disable udev_sync and udev_rules' do
+ is_expected.to contain_augeas('udev options in lvm.conf')
+ .with_changes(["set udev_sync/int 0",
+ "set udev_rules/int 0"])
+ end
+ end
+ end
+
+
+ on_supported_os.each do |os, facts|
+ context 'on #{os}' do
+ let(:facts) do
+ facts.merge({ :hostname => 'node.example.com' })
+ end
+
+ it_behaves_like 'tripleo::profile::base::lvm'
+ end
+ end
+end
diff --git a/spec/classes/tripleo_profile_base_nova_authtoken_spec.rb b/spec/classes/tripleo_profile_base_nova_authtoken_spec.rb
index f910729..0a87bf4 100644
--- a/spec/classes/tripleo_profile_base_nova_authtoken_spec.rb
+++ b/spec/classes/tripleo_profile_base_nova_authtoken_spec.rb
@@ -32,6 +32,7 @@ describe 'tripleo::profile::base::nova::authtoken' do
context 'with step 3' do
let(:params) { {
:step => 3,
+ :memcached_ips => '127.0.0.1',
} }
it {
@@ -44,7 +45,7 @@ describe 'tripleo::profile::base::nova::authtoken' do
context 'with step 3 with ipv6' do
let(:params) { {
:step => 3,
- :use_ipv6 => true,
+ :memcached_ips => '::1',
} }
it {
diff --git a/spec/classes/tripleo_profile_base_nova_compute_libvirt_spec.rb b/spec/classes/tripleo_profile_base_nova_compute_libvirt_spec.rb
index 32482a9..db9e77e 100644
--- a/spec/classes/tripleo_profile_base_nova_compute_libvirt_spec.rb
+++ b/spec/classes/tripleo_profile_base_nova_compute_libvirt_spec.rb
@@ -41,6 +41,12 @@ describe 'tripleo::profile::base::nova::compute::libvirt' do
class { '::tripleo::profile::base::nova::compute':
step => #{params[:step]},
}
+ class { '::tripleo::profile::base::nova::migration':
+ step => #{params[:step]}
+ }
+ class { '::tripleo::profile::base::nova::migration::client':
+ step => #{params[:step]}
+ }
eos
end
diff --git a/spec/classes/tripleo_profile_base_nova_compute_spec.rb b/spec/classes/tripleo_profile_base_nova_compute_spec.rb
index 545a1fa..b3959c4 100644
--- a/spec/classes/tripleo_profile_base_nova_compute_spec.rb
+++ b/spec/classes/tripleo_profile_base_nova_compute_spec.rb
@@ -27,9 +27,6 @@ describe 'tripleo::profile::base::nova::compute' do
is_expected.to_not contain_class('tripleo::profile::base::nova')
is_expected.to_not contain_class('nova::compute')
is_expected.to_not contain_class('nova::network::neutron')
- is_expected.to_not contain_package('iscsi-initiator-utils')
- is_expected.to_not contain_exec('reset-iscsi-initiator-name')
- is_expected.to_not contain_file('/etc/iscsi/.initiator_reset')
}
end
@@ -40,6 +37,12 @@ describe 'tripleo::profile::base::nova::compute' do
step => #{params[:step]},
oslomsg_rpc_hosts => [ '127.0.0.1' ],
}
+ class { '::tripleo::profile::base::nova::migration':
+ step => #{params[:step]}
+ }
+ class { '::tripleo::profile::base::nova::migration::client':
+ step => #{params[:step]}
+ }
eos
end
@@ -52,9 +55,6 @@ eos
is_expected.to contain_class('tripleo::profile::base::nova')
is_expected.to contain_class('nova::compute')
is_expected.to contain_class('nova::network::neutron')
- is_expected.to contain_package('iscsi-initiator-utils')
- is_expected.to contain_exec('reset-iscsi-initiator-name')
- is_expected.to contain_file('/etc/iscsi/.initiator_reset')
is_expected.to_not contain_package('nfs-utils')
}
end
@@ -68,9 +68,6 @@ eos
is_expected.to contain_class('tripleo::profile::base::nova')
is_expected.to contain_class('nova::compute')
is_expected.to contain_class('nova::network::neutron')
- is_expected.to contain_package('iscsi-initiator-utils')
- is_expected.to contain_exec('reset-iscsi-initiator-name')
- is_expected.to contain_file('/etc/iscsi/.initiator_reset')
is_expected.to contain_package('nfs-utils')
}
end
diff --git a/spec/classes/tripleo_profile_base_nova_libvirt_spec.rb b/spec/classes/tripleo_profile_base_nova_libvirt_spec.rb
index 36a6110..d9a06b2 100644
--- a/spec/classes/tripleo_profile_base_nova_libvirt_spec.rb
+++ b/spec/classes/tripleo_profile_base_nova_libvirt_spec.rb
@@ -39,6 +39,12 @@ describe 'tripleo::profile::base::nova::libvirt' do
step => #{params[:step]},
oslomsg_rpc_hosts => [ '127.0.0.1' ],
}
+ class { '::tripleo::profile::base::nova::migration':
+ step => #{params[:step]}
+ }
+ class { '::tripleo::profile::base::nova::migration::client':
+ step => #{params[:step]}
+ }
eos
end
diff --git a/spec/classes/tripleo_profile_base_nova_migration_client_spec.rb b/spec/classes/tripleo_profile_base_nova_migration_client_spec.rb
new file mode 100644
index 0000000..91294dd
--- /dev/null
+++ b/spec/classes/tripleo_profile_base_nova_migration_client_spec.rb
@@ -0,0 +1,188 @@
+#
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::nova::migration::client' do
+ shared_examples_for 'tripleo::profile::base::nova::migration::client' do
+
+ context 'with step 4' do
+ let(:pre_condition) {
+ <<-eos
+ include ::nova::compute::libvirt::services
+ class { '::tripleo::profile::base::nova::migration':
+ step => #{params[:step]}
+ }
+eos
+ }
+ let(:params) { {
+ :step => 4,
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova::migration')
+ is_expected.to contain_class('nova::migration::libvirt').with(
+ :transport => 'ssh',
+ :configure_libvirt => false,
+ :configure_nova => false
+ )
+ is_expected.to contain_file('/etc/nova/migration/identity').with(
+ :content => '# Migration over SSH disabled by TripleO',
+ :mode => '0600',
+ :owner => 'nova',
+ :group => 'nova',
+ )
+ }
+ end
+
+ context 'with step 4 with libvirt' do
+ let(:pre_condition) {
+ <<-eos
+ include ::nova::compute::libvirt::services
+ class { '::tripleo::profile::base::nova::migration':
+ step => #{params[:step]}
+ }
+eos
+ }
+ let(:params) { {
+ :step => 4,
+ :libvirt_enabled => true,
+ :nova_compute_enabled => true,
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova::migration')
+ is_expected.to contain_class('nova::migration::libvirt').with(
+ :transport => 'ssh',
+ :configure_libvirt => params[:libvirt_enabled],
+ :configure_nova => params[:nova_compute_enabled]
+ )
+ is_expected.to contain_file('/etc/nova/migration/identity').with(
+ :content => '# Migration over SSH disabled by TripleO',
+ :mode => '0600',
+ :owner => 'nova',
+ :group => 'nova',
+ )
+ }
+ end
+
+ context 'with step 4 with libvirt TLS' do
+ let(:pre_condition) {
+ <<-eos
+ include ::nova::compute::libvirt::services
+ class { '::tripleo::profile::base::nova::migration':
+ step => #{params[:step]}
+ }
+eos
+ }
+ let(:params) { {
+ :step => 4,
+ :libvirt_enabled => true,
+ :nova_compute_enabled => true,
+ :libvirt_tls => true,
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova::migration')
+ is_expected.to contain_class('nova::migration::libvirt').with(
+ :transport => 'tls',
+ :configure_libvirt => params[:libvirt_enabled],
+ :configure_nova => params[:nova_compute_enabled],
+ )
+ is_expected.to contain_file('/etc/nova/migration/identity').with(
+ :content => '# Migration over SSH disabled by TripleO',
+ :mode => '0600',
+ :owner => 'nova',
+ :group => 'nova',
+ )
+ }
+ end
+
+ context 'with step 4 with libvirt and migration ssh key' do
+ let(:pre_condition) {
+ <<-eos
+ include ::nova::compute::libvirt::services
+ class { '::tripleo::profile::base::nova::migration':
+ step => #{params[:step]}
+ }
+eos
+ }
+ let(:params) { {
+ :step => 4,
+ :libvirt_enabled => true,
+ :nova_compute_enabled => true,
+ :ssh_private_key => 'foo'
+ } }
+
+ it {
+ is_expected.to contain_class('nova::migration::libvirt').with(
+ :transport => 'ssh',
+ :configure_libvirt => params[:libvirt_enabled],
+ :configure_nova => params[:nova_compute_enabled]
+ )
+ is_expected.to contain_file('/etc/nova/migration/identity').with(
+ :content => 'foo',
+ :mode => '0600',
+ :owner => 'nova',
+ :group => 'nova',
+ )
+ }
+ end
+
+ context 'with step 4 with libvirt TLS and migration ssh key' do
+ let(:pre_condition) {
+ <<-eos
+ include ::nova::compute::libvirt::services
+ class { '::tripleo::profile::base::nova::migration':
+ step => #{params[:step]}
+ }
+eos
+ }
+ let(:params) { {
+ :step => 4,
+ :libvirt_enabled => true,
+ :nova_compute_enabled => true,
+ :libvirt_tls => true,
+ :ssh_private_key => 'foo'
+ } }
+
+ it {
+ is_expected.to contain_class('nova::migration::libvirt').with(
+ :transport => 'tls',
+ :configure_libvirt => params[:libvirt_enabled],
+ :configure_nova => params[:nova_compute_enabled]
+ )
+ is_expected.to contain_file('/etc/nova/migration/identity').with(
+ :content => 'foo',
+ :mode => '0600',
+ :owner => 'nova',
+ :group => 'nova',
+ )
+ }
+ end
+
+ end
+
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let(:facts) do
+ facts.merge({ :hostname => 'node.example.com' })
+ end
+ it_behaves_like 'tripleo::profile::base::nova::migration::client'
+ end
+ end
+end
diff --git a/spec/classes/tripleo_profile_base_nova_migration_spec.rb b/spec/classes/tripleo_profile_base_nova_migration_spec.rb
new file mode 100644
index 0000000..86c790e
--- /dev/null
+++ b/spec/classes/tripleo_profile_base_nova_migration_spec.rb
@@ -0,0 +1,40 @@
+#
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::nova::migration' do
+ shared_examples_for 'tripleo::profile::base::nova::migration' do
+
+ context 'with step 3' do
+ let(:params) { {
+ :step => 3,
+ } }
+
+ it {
+ is_expected.to contain_package('openstack-nova-migration')
+ }
+ end
+
+ end
+
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ it_behaves_like 'tripleo::profile::base::nova::migration'
+ end
+ end
+end
diff --git a/spec/classes/tripleo_profile_base_nova_migration_target_spec.rb b/spec/classes/tripleo_profile_base_nova_migration_target_spec.rb
new file mode 100644
index 0000000..a14b89a
--- /dev/null
+++ b/spec/classes/tripleo_profile_base_nova_migration_target_spec.rb
@@ -0,0 +1,283 @@
+#
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::nova::migration::target' do
+ shared_examples_for 'tripleo::profile::base::nova::migration::target' do
+
+ context 'with step 4 without authorized_keys' do
+ let(:pre_condition) {
+ <<-eos
+ class { '::tripleo::profile::base::nova::migration':
+ step => #{params[:step]}
+ }
+ class { '::ssh::server':
+ storeconfigs_enabled => false,
+ options => {}
+ }
+eos
+ }
+ let(:params) { {
+ :step => 4,
+ :services_enabled => ['docker', 'nova_migration_target']
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova::migration')
+ is_expected.to contain_file('/etc/nova/migration/authorized_keys').with(
+ :content => '# Migration over SSH disabled by TripleO',
+ :mode => '0640',
+ :owner => 'root',
+ :group => 'nova_migration',
+ )
+ is_expected.to contain_user('nova_migration').with(
+ :shell => '/sbin/nologin'
+ )
+ }
+ end
+
+ context 'with step 4 without nova_migration_target service enabled' do
+ let(:pre_condition) {
+ <<-eos
+ class { '::tripleo::profile::base::nova::migration':
+ step => #{params[:step]}
+ }
+ class { '::ssh::server':
+ storeconfigs_enabled => false,
+ options => {}
+ }
+eos
+ }
+ let(:params) { {
+ :step => 4,
+ :ssh_authorized_keys => ['bar', 'baz'],
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova::migration')
+ is_expected.to contain_file('/etc/nova/migration/authorized_keys').with(
+ :content => '# Migration over SSH disabled by TripleO',
+ :mode => '0640',
+ :owner => 'root',
+ :group => 'nova_migration',
+ )
+ is_expected.to contain_user('nova_migration').with(
+ :shell => '/sbin/nologin'
+ )
+ }
+ end
+
+ context 'with step 4 with invalid ssh_authorized_keys' do
+ let(:pre_condition) {
+ <<-eos
+ class { '::tripleo::profile::base::nova::migration':
+ step => #{params[:step]}
+ }
+ class { '::ssh::server':
+ storeconfigs_enabled => false,
+ options => {}
+ }
+eos
+ }
+ let(:params) { {
+ :step => 4,
+ :ssh_authorized_keys => 'ssh-rsa bar',
+ } }
+
+ it { is_expected.to_not compile }
+ end
+
+ context 'with step 4 with nova_migration_target services enabled' do
+ let(:pre_condition) {
+ <<-eos
+ class { '::tripleo::profile::base::nova::migration':
+ step => #{params[:step]}
+ }
+ class { '::ssh::server':
+ storeconfigs_enabled => false,
+ options => {}
+ }
+eos
+ }
+ let(:params) { {
+ :step => 4,
+ :ssh_authorized_keys => ['ssh-rsa bar', 'ssh-rsa baz'],
+ :services_enabled => ['docker', 'nova_migration_target']
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova::migration')
+ is_expected.to contain_ssh__server__match_block('nova_migration allow').with(
+ :type => 'User',
+ :name => 'nova_migration',
+ :options => {
+ 'ForceCommand' => '/bin/nova-migration-wrapper',
+ 'PasswordAuthentication' => 'no',
+ 'AllowTcpForwarding' => 'no',
+ 'X11Forwarding' => 'no',
+ 'AuthorizedKeysFile' => '/etc/nova/migration/authorized_keys'
+ }
+ )
+ is_expected.to_not contain_ssh__server__match_block('nova_migration deny')
+ is_expected.to contain_file('/etc/nova/migration/authorized_keys').with(
+ :content => 'ssh-rsa bar\nssh-rsa baz',
+ :mode => '0640',
+ :owner => 'root',
+ :group => 'nova_migration',
+ )
+ is_expected.to contain_user('nova_migration').with(
+ :shell => '/bin/bash'
+ )
+ }
+ end
+
+ context 'with step 4 with ssh_localaddrs' do
+ let(:pre_condition) {
+ <<-eos
+ class { '::tripleo::profile::base::nova::migration':
+ step => #{params[:step]}
+ }
+ class { '::ssh::server':
+ storeconfigs_enabled => false,
+ options => {}
+ }
+eos
+ }
+ let(:params) { {
+ :step => 4,
+ :ssh_authorized_keys => ['ssh-rsa bar', 'ssh-rsa baz'],
+ :services_enabled => ['docker', 'nova_migration_target'],
+ :ssh_localaddrs => ['127.0.0.1', '127.0.0.2']
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova::migration')
+ is_expected.to contain_ssh__server__match_block('nova_migration allow').with(
+ :type => 'LocalAddress 127.0.0.1,127.0.0.2 User',
+ :name => 'nova_migration',
+ :options => {
+ 'ForceCommand' => '/bin/nova-migration-wrapper',
+ 'PasswordAuthentication' => 'no',
+ 'AllowTcpForwarding' => 'no',
+ 'X11Forwarding' => 'no',
+ 'AuthorizedKeysFile' => '/etc/nova/migration/authorized_keys'
+ }
+ )
+ is_expected.to contain_ssh__server__match_block('nova_migration deny').with(
+ :type => 'LocalAddress',
+ :name => '!127.0.0.1,!127.0.0.2',
+ :options => {
+ 'DenyUsers' => 'nova_migration'
+ }
+ )
+ is_expected.to contain_file('/etc/nova/migration/authorized_keys').with(
+ :content => 'ssh-rsa bar\nssh-rsa baz',
+ :mode => '0640',
+ :owner => 'root',
+ :group => 'nova_migration',
+ )
+ is_expected.to contain_user('nova_migration').with(
+ :shell => '/bin/bash'
+ )
+ }
+ end
+
+ context 'with step 4 with duplicate ssh_localaddrs' do
+ let(:pre_condition) {
+ <<-eos
+ class { '::tripleo::profile::base::nova::migration':
+ step => #{params[:step]}
+ }
+ class { '::ssh::server':
+ storeconfigs_enabled => false,
+ options => {}
+ }
+eos
+ }
+ let(:params) { {
+ :step => 4,
+ :ssh_authorized_keys => ['ssh-rsa bar', 'ssh-rsa baz'],
+ :services_enabled => ['docker', 'nova_migration_target'],
+ :ssh_localaddrs => ['127.0.0.1', '127.0.0.1']
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova::migration')
+ is_expected.to contain_ssh__server__match_block('nova_migration allow').with(
+ :type => 'LocalAddress 127.0.0.1 User',
+ :name => 'nova_migration',
+ :options => {
+ 'ForceCommand' => '/bin/nova-migration-wrapper',
+ 'PasswordAuthentication' => 'no',
+ 'AllowTcpForwarding' => 'no',
+ 'X11Forwarding' => 'no',
+ 'AuthorizedKeysFile' => '/etc/nova/migration/authorized_keys'
+ }
+ )
+ is_expected.to contain_ssh__server__match_block('nova_migration deny').with(
+ :type => 'LocalAddress',
+ :name => '!127.0.0.1',
+ :options => {
+ 'DenyUsers' => 'nova_migration'
+ }
+ )
+ is_expected.to contain_file('/etc/nova/migration/authorized_keys').with(
+ :content => 'ssh-rsa bar\nssh-rsa baz',
+ :mode => '0640',
+ :owner => 'root',
+ :group => 'nova_migration',
+ )
+ is_expected.to contain_user('nova_migration').with(
+ :shell => '/bin/bash'
+ )
+ }
+ end
+
+ context 'with step 4 with invalid ssh_localaddrs' do
+ let(:pre_condition) {
+ <<-eos
+ class { '::tripleo::profile::base::nova::migration':
+ step => #{params[:step]}
+ }
+ class { '::ssh::server':
+ storeconfigs_enabled => false,
+ options => {}
+ }
+eos
+ }
+ let(:params) { {
+ :step => 4,
+ :ssh_authorized_keys => ['ssh-rsa bar', 'ssh-rsa baz'],
+ :services_enabled => ['docker', 'nova_migration_target'],
+ :ssh_localaddrs => ['127.0.0.1', '']
+ } }
+
+ it { is_expected.to_not compile }
+ end
+
+ end
+
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let(:facts) do
+ facts.merge({ :hostname => 'node.example.com' })
+ end
+ it_behaves_like 'tripleo::profile::base::nova::migration::target'
+ end
+ end
+end \ No newline at end of file
diff --git a/spec/classes/tripleo_profile_base_nova_placement_spec.rb b/spec/classes/tripleo_profile_base_nova_placement_spec.rb
index 04e032a..574489e 100644
--- a/spec/classes/tripleo_profile_base_nova_placement_spec.rb
+++ b/spec/classes/tripleo_profile_base_nova_placement_spec.rb
@@ -67,8 +67,7 @@ eos
}
end
-
- context 'with step 3' do
+ context 'with step 3 and not bootstrap' do
let(:params) { {
:step => 3,
} }
@@ -77,15 +76,30 @@ eos
is_expected.to contain_class('tripleo::profile::base::nova::placement')
is_expected.to contain_class('tripleo::profile::base::nova')
is_expected.to contain_class('nova::keystone::authtoken')
+ is_expected.not_to contain_class('nova::wsgi::apache_placement')
+ }
+ end
+
+ context 'with step 3 and bootstrap' do
+ let(:params) { {
+ :step => 3,
+ :bootstrap_node => 'node.example.com'
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova::placement')
+ is_expected.to contain_class('tripleo::profile::base::nova')
+ is_expected.to contain_class('nova::keystone::authtoken')
is_expected.to contain_class('nova::wsgi::apache_placement')
}
end
- context 'with step 3 with enable_internal_tls and skip generate certs' do
+ context 'with step 3 and bootstrap with enable_internal_tls and skip generate certs' do
let(:params) { {
:step => 3,
:enable_internal_tls => true,
:nova_placement_network => 'bar',
+ :bootstrap_node => 'node.example.com',
:certificates_specs => {
'httpd-bar' => {
'hostname' => 'foo',
diff --git a/spec/classes/tripleo_profile_base_nova_spec.rb b/spec/classes/tripleo_profile_base_nova_spec.rb
index a7f1cce..c6878c6 100644
--- a/spec/classes/tripleo_profile_base_nova_spec.rb
+++ b/spec/classes/tripleo_profile_base_nova_spec.rb
@@ -100,429 +100,6 @@ describe 'tripleo::profile::base::nova' do
}
end
- context 'with step 4 with libvirt' do
- let(:pre_condition) {
- 'include ::nova::compute::libvirt::services'
- }
- let(:params) { {
- :step => 4,
- :libvirt_enabled => true,
- :manage_migration => true,
- :nova_compute_enabled => true,
- :bootstrap_node => 'node.example.com',
- :oslomsg_rpc_hosts => [ 'localhost' ],
- :oslomsg_rpc_password => 'foo',
- } }
-
- it {
- is_expected.to contain_class('tripleo::profile::base::nova')
- is_expected.to contain_class('nova').with(
- :default_transport_url => /.+/,
- :notification_transport_url => /.+/,
- :nova_public_key => nil,
- :nova_private_key => nil,
- )
- is_expected.to contain_class('nova::config')
- is_expected.to contain_class('nova::placement')
- is_expected.to contain_class('nova::cache')
- is_expected.to contain_class('nova::migration::libvirt').with(
- :transport => 'ssh',
- :configure_libvirt => params[:libvirt_enabled],
- :configure_nova => params[:nova_compute_enabled]
- )
- is_expected.to contain_package('openstack-nova-migration').with(
- :ensure => 'present'
- )
- is_expected.to contain_file('/etc/nova/migration/authorized_keys').with(
- :content => '# Migration over SSH disabled by TripleO',
- :mode => '0640',
- :owner => 'root',
- :group => 'nova_migration',
- )
- is_expected.to contain_file('/etc/nova/migration/identity').with(
- :content => '# Migration over SSH disabled by TripleO',
- :mode => '0600',
- :owner => 'nova',
- :group => 'nova',
- )
- is_expected.to contain_user('nova_migration').with(
- :shell => '/sbin/nologin'
- )
- }
- end
-
- context 'with step 4 with libvirt TLS' do
- let(:pre_condition) {
- 'include ::nova::compute::libvirt::services'
- }
- let(:params) { {
- :step => 4,
- :libvirt_enabled => true,
- :manage_migration => true,
- :nova_compute_enabled => true,
- :bootstrap_node => 'node.example.com',
- :oslomsg_rpc_hosts => [ 'localhost' ],
- :oslomsg_rpc_password => 'foo',
- :libvirt_tls => true,
- } }
-
- it {
- is_expected.to contain_class('tripleo::profile::base::nova')
- is_expected.to contain_class('nova').with(
- :default_transport_url => /.+/,
- :notification_transport_url => /.+/,
- :nova_public_key => nil,
- :nova_private_key => nil,
- )
- is_expected.to contain_class('nova::config')
- is_expected.to contain_class('nova::placement')
- is_expected.to contain_class('nova::cache')
- is_expected.to contain_class('nova::migration::libvirt').with(
- :transport => 'tls',
- :configure_libvirt => params[:libvirt_enabled],
- :configure_nova => params[:nova_compute_enabled],
- )
- is_expected.to contain_package('openstack-nova-migration').with(
- :ensure => 'present'
- )
- is_expected.to contain_file('/etc/nova/migration/authorized_keys').with(
- :content => '# Migration over SSH disabled by TripleO',
- :mode => '0640',
- :owner => 'root',
- :group => 'nova_migration',
- )
- is_expected.to contain_file('/etc/nova/migration/identity').with(
- :content => '# Migration over SSH disabled by TripleO',
- :mode => '0600',
- :owner => 'nova',
- :group => 'nova',
- )
- is_expected.to contain_user('nova_migration').with(
- :shell => '/sbin/nologin'
- )
- }
- end
-
- context 'with step 4 with libvirt and migration ssh key' do
- let(:pre_condition) do
- <<-eof
- include ::nova::compute::libvirt::services
- class { '::ssh::server':
- storeconfigs_enabled => false,
- options => {}
- }
- eof
- end
- let(:params) { {
- :step => 4,
- :libvirt_enabled => true,
- :manage_migration => true,
- :nova_compute_enabled => true,
- :bootstrap_node => 'node.example.com',
- :oslomsg_rpc_hosts => [ 'localhost' ],
- :oslomsg_rpc_password => 'foo',
- :migration_ssh_key => { 'private_key' => 'foo', 'public_key' => 'ssh-rsa bar'}
- } }
-
- it {
- is_expected.to contain_class('tripleo::profile::base::nova')
- is_expected.to contain_class('nova').with(
- :default_transport_url => /.+/,
- :notification_transport_url => /.+/,
- :nova_public_key => nil,
- :nova_private_key => nil,
- )
- is_expected.to contain_class('nova::config')
- is_expected.to contain_class('nova::placement')
- is_expected.to contain_class('nova::cache')
- is_expected.to contain_class('nova::migration::libvirt').with(
- :transport => 'ssh',
- :configure_libvirt => params[:libvirt_enabled],
- :configure_nova => params[:nova_compute_enabled]
- )
- is_expected.to contain_ssh__server__match_block('nova_migration allow').with(
- :type => 'User',
- :name => 'nova_migration',
- :options => {
- 'ForceCommand' => '/bin/nova-migration-wrapper',
- 'PasswordAuthentication' => 'no',
- 'AllowTcpForwarding' => 'no',
- 'X11Forwarding' => 'no',
- 'AuthorizedKeysFile' => '/etc/nova/migration/authorized_keys'
- }
- )
- is_expected.to_not contain_ssh__server__match_block('nova_migration deny')
- is_expected.to contain_package('openstack-nova-migration').with(
- :ensure => 'present'
- )
- is_expected.to contain_file('/etc/nova/migration/authorized_keys').with(
- :content => 'ssh-rsa bar',
- :mode => '0640',
- :owner => 'root',
- :group => 'nova_migration',
- )
- is_expected.to contain_file('/etc/nova/migration/identity').with(
- :content => 'foo',
- :mode => '0600',
- :owner => 'nova',
- :group => 'nova',
- )
- is_expected.to contain_user('nova_migration').with(
- :shell => '/bin/bash'
- )
- }
- end
-
- context 'with step 4 with libvirt and migration ssh key and migration_ssh_localaddrs' do
- let(:pre_condition) do
- <<-eof
- include ::nova::compute::libvirt::services
- class { '::ssh::server':
- storeconfigs_enabled => false,
- options => {}
- }
- eof
- end
- let(:params) { {
- :step => 4,
- :libvirt_enabled => true,
- :manage_migration => true,
- :nova_compute_enabled => true,
- :bootstrap_node => 'node.example.com',
- :oslomsg_rpc_hosts => [ 'localhost' ],
- :oslomsg_rpc_password => 'foo',
- :migration_ssh_key => { 'private_key' => 'foo', 'public_key' => 'ssh-rsa bar'},
- :migration_ssh_localaddrs => ['127.0.0.1', '127.0.0.2']
- } }
-
- it {
- is_expected.to contain_class('tripleo::profile::base::nova')
- is_expected.to contain_class('nova').with(
- :default_transport_url => /.+/,
- :notification_transport_url => /.+/,
- :nova_public_key => nil,
- :nova_private_key => nil,
- )
- is_expected.to contain_class('nova::config')
- is_expected.to contain_class('nova::placement')
- is_expected.to contain_class('nova::cache')
- is_expected.to contain_class('nova::migration::libvirt').with(
- :transport => 'ssh',
- :configure_libvirt => params[:libvirt_enabled],
- :configure_nova => params[:nova_compute_enabled]
- )
- is_expected.to contain_ssh__server__match_block('nova_migration allow').with(
- :type => 'LocalAddress 127.0.0.1,127.0.0.2 User',
- :name => 'nova_migration',
- :options => {
- 'ForceCommand' => '/bin/nova-migration-wrapper',
- 'PasswordAuthentication' => 'no',
- 'AllowTcpForwarding' => 'no',
- 'X11Forwarding' => 'no',
- 'AuthorizedKeysFile' => '/etc/nova/migration/authorized_keys'
- }
- )
- is_expected.to contain_ssh__server__match_block('nova_migration deny').with(
- :type => 'LocalAddress',
- :name => '!127.0.0.1,!127.0.0.2',
- :options => {
- 'DenyUsers' => 'nova_migration'
- }
- )
- is_expected.to contain_package('openstack-nova-migration').with(
- :ensure => 'present'
- )
- is_expected.to contain_file('/etc/nova/migration/authorized_keys').with(
- :content => 'ssh-rsa bar',
- :mode => '0640',
- :owner => 'root',
- :group => 'nova_migration',
- )
- is_expected.to contain_file('/etc/nova/migration/identity').with(
- :content => 'foo',
- :mode => '0600',
- :owner => 'nova',
- :group => 'nova',
- )
- is_expected.to contain_user('nova_migration').with(
- :shell => '/bin/bash'
- )
- }
- end
-
- context 'with step 4 with libvirt and migration ssh key and invalid migration_ssh_localaddrs' do
- let(:pre_condition) do
- <<-eof
- include ::nova::compute::libvirt::services
- class { '::ssh::server':
- storeconfigs_enabled => false,
- options => {}
- }
- eof
- end
- let(:params) { {
- :step => 4,
- :libvirt_enabled => true,
- :manage_migration => true,
- :nova_compute_enabled => true,
- :bootstrap_node => 'node.example.com',
- :oslomsg_rpc_hosts => [ 'localhost' ],
- :oslomsg_rpc_password => 'foo',
- :migration_ssh_key => { 'private_key' => 'foo', 'public_key' => 'ssh-rsa bar'},
- :migration_ssh_localaddrs => ['127.0.0.1', '']
- } }
-
- it { is_expected.to_not compile }
- end
-
- context 'with step 4 with libvirt and migration ssh key and duplicate migration_ssh_localaddrs' do
- let(:pre_condition) do
- <<-eof
- include ::nova::compute::libvirt::services
- class { '::ssh::server':
- storeconfigs_enabled => false,
- options => {}
- }
- eof
- end
- let(:params) { {
- :step => 4,
- :libvirt_enabled => true,
- :manage_migration => true,
- :nova_compute_enabled => true,
- :bootstrap_node => 'node.example.com',
- :oslomsg_rpc_hosts => [ 'localhost' ],
- :oslomsg_rpc_password => 'foo',
- :migration_ssh_key => { 'private_key' => 'foo', 'public_key' => 'ssh-rsa bar'},
- :migration_ssh_localaddrs => ['127.0.0.1', '127.0.0.1']
- } }
-
- it {
- is_expected.to contain_class('tripleo::profile::base::nova')
- is_expected.to contain_class('nova').with(
- :default_transport_url => /.+/,
- :notification_transport_url => /.+/,
- :nova_public_key => nil,
- :nova_private_key => nil,
- )
- is_expected.to contain_class('nova::config')
- is_expected.to contain_class('nova::placement')
- is_expected.to contain_class('nova::cache')
- is_expected.to contain_class('nova::migration::libvirt').with(
- :transport => 'ssh',
- :configure_libvirt => params[:libvirt_enabled],
- :configure_nova => params[:nova_compute_enabled]
- )
- is_expected.to contain_ssh__server__match_block('nova_migration allow').with(
- :type => 'LocalAddress 127.0.0.1 User',
- :name => 'nova_migration',
- :options => {
- 'ForceCommand' => '/bin/nova-migration-wrapper',
- 'PasswordAuthentication' => 'no',
- 'AllowTcpForwarding' => 'no',
- 'X11Forwarding' => 'no',
- 'AuthorizedKeysFile' => '/etc/nova/migration/authorized_keys'
- }
- )
- is_expected.to contain_ssh__server__match_block('nova_migration deny').with(
- :type => 'LocalAddress',
- :name => '!127.0.0.1',
- :options => {
- 'DenyUsers' => 'nova_migration'
- }
- )
- is_expected.to contain_package('openstack-nova-migration').with(
- :ensure => 'present'
- )
- is_expected.to contain_file('/etc/nova/migration/authorized_keys').with(
- :content => 'ssh-rsa bar',
- :mode => '0640',
- :owner => 'root',
- :group => 'nova_migration',
- )
- is_expected.to contain_file('/etc/nova/migration/identity').with(
- :content => 'foo',
- :mode => '0600',
- :owner => 'nova',
- :group => 'nova',
- )
- is_expected.to contain_user('nova_migration').with(
- :shell => '/bin/bash'
- )
- }
- end
-
- context 'with step 4 with libvirt TLS and migration ssh key' do
- let(:pre_condition) do
- <<-eof
- include ::nova::compute::libvirt::services
- class { '::ssh::server':
- storeconfigs_enabled => false,
- options => {}
- }
- eof
- end
- let(:params) { {
- :step => 4,
- :libvirt_enabled => true,
- :manage_migration => true,
- :nova_compute_enabled => true,
- :bootstrap_node => 'node.example.com',
- :oslomsg_rpc_hosts => [ 'localhost' ],
- :oslomsg_rpc_password => 'foo',
- :libvirt_tls => true,
- :migration_ssh_key => { 'private_key' => 'foo', 'public_key' => 'ssh-rsa bar'}
- } }
-
- it {
- is_expected.to contain_class('tripleo::profile::base::nova')
- is_expected.to contain_class('nova').with(
- :default_transport_url => /.+/,
- :notification_transport_url => /.+/,
- :nova_public_key => nil,
- :nova_private_key => nil,
- )
- is_expected.to contain_class('nova::config')
- is_expected.to contain_class('nova::placement')
- is_expected.to contain_class('nova::cache')
- is_expected.to contain_class('nova::migration::libvirt').with(
- :transport => 'tls',
- :configure_libvirt => params[:libvirt_enabled],
- :configure_nova => params[:nova_compute_enabled]
- )
- is_expected.to contain_ssh__server__match_block('nova_migration allow').with(
- :type => 'User',
- :name => 'nova_migration',
- :options => {
- 'ForceCommand' => '/bin/nova-migration-wrapper',
- 'PasswordAuthentication' => 'no',
- 'AllowTcpForwarding' => 'no',
- 'X11Forwarding' => 'no',
- 'AuthorizedKeysFile' => '/etc/nova/migration/authorized_keys'
- }
- )
- is_expected.to_not contain_ssh__server__match_block('nova_migration deny')
- is_expected.to contain_package('openstack-nova-migration').with(
- :ensure => 'present'
- )
- is_expected.to contain_file('/etc/nova/migration/authorized_keys').with(
- :content => 'ssh-rsa bar',
- :mode => '0640',
- :owner => 'root',
- :group => 'nova_migration',
- )
- is_expected.to contain_file('/etc/nova/migration/identity').with(
- :content => 'foo',
- :mode => '0600',
- :owner => 'nova',
- :group => 'nova',
- )
- is_expected.to contain_user('nova_migration').with(
- :shell => '/bin/bash'
- )
- }
- end
-
end
diff --git a/spec/fixtures/hieradata/default.yaml b/spec/fixtures/hieradata/default.yaml
index 5d978cc..1164448 100644
--- a/spec/fixtures/hieradata/default.yaml
+++ b/spec/fixtures/hieradata/default.yaml
@@ -33,6 +33,9 @@ cinder::keystone::authtoken::password: 'password'
gnocchi::keystone::authtoken::password: 'password'
gnocchi::storage::ceph::ceph_username: 'gnocchi'
gnocchi::storage::ceph::ceph_secret: 'password'
+# haproxy related items
+mysql_enabled: true
+controller_node_ips: '10.1.0.1,10.1.0.2'
# nova related items
nova::rabbit_password: 'password'
nova::keystone::authtoken::password: 'password'
@@ -45,6 +48,5 @@ memcached_node_ips:
# octavia related items
octavia::rabbit_password: 'password'
horizon::secret_key: 'secrete'
-service_names: ['sshd']
#Neutron related
neutron::rabbit_password: 'password'
diff --git a/spec/functions/netmask_to_cidr_spec.rb b/spec/functions/netmask_to_cidr_spec.rb
new file mode 100644
index 0000000..e076456
--- /dev/null
+++ b/spec/functions/netmask_to_cidr_spec.rb
@@ -0,0 +1,6 @@
+require 'spec_helper'
+require 'puppet'
+
+describe 'netmask_to_cidr' do
+ it { should run.with_params('255.255.255.0').and_return(24) }
+end
diff --git a/test-requirements.txt b/test-requirements.txt
index 152ebef..a23c7e7 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -1,6 +1,6 @@
# This is required for the docs build jobs
-sphinx!=1.6.1,>=1.5.1 # BSD
-oslosphinx>=4.7.0 # Apache-2.0
+sphinx>=1.6.2 # BSD
+openstackdocstheme>=1.11.0 # Apache-2.0
# This is required for the releasenotes build jobs
# FIXME: reno is manually pinned to !=2.0.0 because of bug #1651995