diff options
34 files changed, 669 insertions, 92 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index c979295..b2cc264 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -228,6 +228,10 @@ # # [*zaqar_api*] # (optional) Enable or not Zaqar Api binding +# Defaults to false +# +# [*opendaylight*] +# (optional) Enable or not OpenDaylight binding # Defaults to false # # [*service_ports*] @@ -329,6 +333,7 @@ class tripleo::haproxy ( $redis_password = undef, $midonet_api = false, $zaqar_api = false, + $opendaylight = false, $service_ports = {} ) { $default_service_ports = { @@ -517,6 +522,21 @@ class tripleo::haproxy ( } if $keystone_public { + $keystone_listen_opts = { + 'http-request' => [ + 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], + } + if $service_certificate { + $keystone_public_tls_listen_opts = { + 'rsprep' => '^Location:\ http://(.*) Location:\ https://\1', + # NOTE(jaosorior): We always redirect to https for the public_virtual_ip. + 'redirect' => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }", + 'option' => 'forwardfor', + } + } else { + $keystone_public_tls_listen_opts = {} + } ::tripleo::haproxy::endpoint { 'keystone_public': public_virtual_ip => $public_virtual_ip, internal_ip => hiera('keystone_public_api_vip', $controller_virtual_ip), @@ -524,11 +544,7 @@ class tripleo::haproxy ( ip_addresses => hiera('keystone_public_api_node_ips', $controller_hosts_real), server_names => $controller_hosts_names_real, mode => 'http', - listen_options => { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], - }, + listen_options => merge($keystone_listen_opts, $keystone_public_tls_listen_opts), public_ssl_port => $ports[keystone_public_api_ssl_port], } } @@ -918,4 +934,27 @@ class tripleo::haproxy ( public_ssl_port => $ports[zaqar_api_ssl_port], } } + + $opendaylight_api_vip = hiera('opendaylight_api_vip', $controller_virtual_ip) + $opendaylight_bind_opts = { + "${opendaylight_api_vip}:8081" => [], + "${public_virtual_ip}:8081" => [], + } + + if $opendaylight { + haproxy::listen { 'opendaylight': + bind => $opendaylight_bind_opts, + options => { + 'balance' => 'source', + }, + collect_exported => false, + } + haproxy::balancermember { 'opendaylight': + listening_service => 'opendaylight', + ports => '8081', + ipaddresses => hiera('opendaylight_api_node_ips', $controller_hosts_real), + server_names => $controller_hosts_names_real, + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } } diff --git a/manifests/profile/base/aodh.pp b/manifests/profile/base/aodh.pp index 28156a0..07c0a88 100644 --- a/manifests/profile/base/aodh.pp +++ b/manifests/profile/base/aodh.pp @@ -42,7 +42,7 @@ class tripleo::profile::base::aodh ( include ::aodh::db::mysql } - if $step >= 4 and $sync_db { + if $step >= 4 or ($step >= 3 and $sync_db) { include ::aodh include ::aodh::auth include ::aodh::config diff --git a/manifests/profile/base/aodh/api.pp b/manifests/profile/base/aodh/api.pp index 3aa436d..2dcf802 100644 --- a/manifests/profile/base/aodh/api.pp +++ b/manifests/profile/base/aodh/api.pp @@ -23,25 +23,27 @@ # for more details. # Defaults to hiera('step') # -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to hiera('bootstrap_nodeid') +# [*enable_combination_alarms*] +# (optional) Setting to enable combination alarms +# Defaults to: false # + class tripleo::profile::base::aodh::api ( - $step = hiera('step'), - $bootstrap_node = hiera('bootstrap_nodeid', undef), + $step = hiera('step'), + $enable_combination_alarms = false, ) { - if $::hostname == downcase($bootstrap_node) { - $sync_db = true - } else { - $sync_db = false - } - include ::tripleo::profile::base::aodh - if $step >= 4 and $sync_db { + if $step >= 4 { include ::aodh::api include ::aodh::wsgi::apache + + #NOTE: Combination alarms are deprecated in newton and disabled by default. + # we need a way to override this setting for users still using this type + # of alarms. + aodh_config { + 'api/enable_combination_alarms' : value => $enable_combination_alarms; + } } } diff --git a/manifests/profile/base/aodh/evaluator.pp b/manifests/profile/base/aodh/evaluator.pp index 46d1d14..610d5a8 100644 --- a/manifests/profile/base/aodh/evaluator.pp +++ b/manifests/profile/base/aodh/evaluator.pp @@ -23,24 +23,13 @@ # for more details. # Defaults to hiera('step') # -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to hiera('bootstrap_nodeid') -# class tripleo::profile::base::aodh::evaluator ( - $step = hiera('step'), - $bootstrap_node = hiera('bootstrap_nodeid', undef), + $step = hiera('step'), ) { - if $::hostname == downcase($bootstrap_node) { - $sync_db = true - } else { - $sync_db = false - } - include ::tripleo::profile::base::aodh - if $step >= 4 and $sync_db { + if $step >= 4 { include ::aodh::evaluator } diff --git a/manifests/profile/base/aodh/listener.pp b/manifests/profile/base/aodh/listener.pp index 93f37fa..d36e1bb 100644 --- a/manifests/profile/base/aodh/listener.pp +++ b/manifests/profile/base/aodh/listener.pp @@ -23,24 +23,13 @@ # for more details. # Defaults to hiera('step') # -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to hiera('bootstrap_nodeid') -# class tripleo::profile::base::aodh::listener ( - $step = hiera('step'), - $bootstrap_node = hiera('bootstrap_nodeid', undef), + $step = hiera('step'), ) { - if $::hostname == downcase($bootstrap_node) { - $sync_db = true - } else { - $sync_db = false - } - include ::tripleo::profile::base::aodh - if $step >= 4 and $sync_db { + if $step >= 4 { include ::aodh::listener } diff --git a/manifests/profile/base/aodh/notifier.pp b/manifests/profile/base/aodh/notifier.pp index 0686012..d2a3945 100644 --- a/manifests/profile/base/aodh/notifier.pp +++ b/manifests/profile/base/aodh/notifier.pp @@ -23,24 +23,13 @@ # for more details. # Defaults to hiera('step') # -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to hiera('bootstrap_nodeid') -# class tripleo::profile::base::aodh::notifier ( - $step = hiera('step'), - $bootstrap_node = hiera('bootstrap_nodeid', undef), + $step = hiera('step'), ) { - if $::hostname == downcase($bootstrap_node) { - $sync_db = true - } else { - $sync_db = false - } - include ::tripleo::profile::base::aodh - if $step >= 4 and $sync_db { + if $step >= 4 { include ::aodh::notifier } diff --git a/manifests/profile/base/ceilometer/api.pp b/manifests/profile/base/ceilometer/api.pp index b300a91..da94da2 100644 --- a/manifests/profile/base/ceilometer/api.pp +++ b/manifests/profile/base/ceilometer/api.pp @@ -30,6 +30,6 @@ class tripleo::profile::base::ceilometer::api ( if $step >= 4 { include ::ceilometer::api + include ::ceilometer::wsgi::apache } - } diff --git a/manifests/profile/base/ceilometer/collector.pp b/manifests/profile/base/ceilometer/collector.pp index a8ca88b..baaf4c8 100644 --- a/manifests/profile/base/ceilometer/collector.pp +++ b/manifests/profile/base/ceilometer/collector.pp @@ -44,12 +44,12 @@ class tripleo::profile::base::ceilometer::collector ( # without the brackets as 'members' argument for the 'mongodb_replset' # resource. if str2bool(hiera('mongodb::server::ipv6', false)) { - $mongo_node_ips_with_port_prefixed = prefix(hiera('mongo_node_ips'), '[') + $mongo_node_ips_with_port_prefixed = prefix(hiera('mongodb_node_ips'), '[') $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017') - $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017') + $mongo_node_ips_with_port_nobr = suffix(hiera('mongodb_node_ips'), ':27017') } else { - $mongo_node_ips_with_port = suffix(hiera('mongo_node_ips'), ':27017') - $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017') + $mongo_node_ips_with_port = suffix(hiera('mongodb_node_ips'), ':27017') + $mongo_node_ips_with_port_nobr = suffix(hiera('mongodb_node_ips'), ':27017') } $mongo_node_string = join($mongo_node_ips_with_port, ',') diff --git a/manifests/profile/base/cinder/backup.pp b/manifests/profile/base/cinder/backup.pp new file mode 100644 index 0000000..df015f7 --- /dev/null +++ b/manifests/profile/base/cinder/backup.pp @@ -0,0 +1,36 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::cinder::backup +# +# Cinder Backup profile for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::cinder::backup ( + $step = hiera('step'), +) { + + include ::tripleo::profile::base::cinder + + if $step >= 4 { + include ::cinder::backup + } + +} diff --git a/manifests/profile/base/cinder/backup/ceph.pp b/manifests/profile/base/cinder/backup/ceph.pp new file mode 100644 index 0000000..67a666e --- /dev/null +++ b/manifests/profile/base/cinder/backup/ceph.pp @@ -0,0 +1,36 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::cinder::backup::ceph +# +# Cinder Backup Ceph profile for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::cinder::backup::ceph ( + $step = hiera('step'), +) { + + include ::tripleo::profile::base::cinder::backup + + if $step >= 4 { + include ::cinder::backup::ceph + } + +} diff --git a/manifests/profile/base/cinder/backup/swift.pp b/manifests/profile/base/cinder/backup/swift.pp new file mode 100644 index 0000000..12561bf --- /dev/null +++ b/manifests/profile/base/cinder/backup/swift.pp @@ -0,0 +1,36 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::cinder::backup::swift +# +# Cinder Backup Ceph profile for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::cinder::backup::swift ( + $step = hiera('step'), +) { + + include ::tripleo::profile::base::cinder::backup + + if $step >= 4 { + include ::cinder::backup::swift + } + +} diff --git a/manifests/profile/base/database/mongodbcommon.pp b/manifests/profile/base/database/mongodbcommon.pp index 13af899..c61e692 100644 --- a/manifests/profile/base/database/mongodbcommon.pp +++ b/manifests/profile/base/database/mongodbcommon.pp @@ -27,7 +27,7 @@ # class tripleo::profile::base::database::mongodbcommon ( $mongodb_ipv6_enabled = false, - $mongodb_node_ips = hiera('mongo_node_ips'), + $mongodb_node_ips = hiera('mongodb_node_ips'), ) { $port = '27017' diff --git a/manifests/profile/base/heat.pp b/manifests/profile/base/heat.pp index dcf0f21..cafe95e 100644 --- a/manifests/profile/base/heat.pp +++ b/manifests/profile/base/heat.pp @@ -56,6 +56,7 @@ class tripleo::profile::base::heat ( notification_driver => $notification_driver, } include ::heat::config + include ::heat::cors } if $step >= 5 { diff --git a/manifests/profile/base/horizon.pp b/manifests/profile/base/horizon.pp index 1b7df19..be07c0e 100644 --- a/manifests/profile/base/horizon.pp +++ b/manifests/profile/base/horizon.pp @@ -38,9 +38,9 @@ class tripleo::profile::base::horizon ( $neutron_options = {'profile_support' => $_profile_support } $memcached_ipv6 = hiera('memcached_ipv6', false) if $memcached_ipv6 { - $horizon_memcached_servers = hiera('memcache_node_ips_v6', '[::1]') + $horizon_memcached_servers = hiera('memcached_node_ips_v6', '[::1]') } else { - $horizon_memcached_servers = hiera('memcache_node_ips', '127.0.0.1') + $horizon_memcached_servers = hiera('memcached_node_ips', '127.0.0.1') } class { '::horizon': cache_server_ip => $horizon_memcached_servers, diff --git a/manifests/profile/base/ironic.pp b/manifests/profile/base/ironic.pp index f098d37..da89839 100644 --- a/manifests/profile/base/ironic.pp +++ b/manifests/profile/base/ironic.pp @@ -45,5 +45,7 @@ class tripleo::profile::base::ironic ( class { '::ironic': sync_db => $sync_db, } + + include ::ironic::cors } } diff --git a/manifests/profile/base/kernel.pp b/manifests/profile/base/kernel.pp index db0280f..df13a98 100644 --- a/manifests/profile/base/kernel.pp +++ b/manifests/profile/base/kernel.pp @@ -19,8 +19,12 @@ # class tripleo::profile::base::kernel { - create_resources(kmod::load, hiera('kernel_modules'), { }) - create_resources(sysctl::value, hiera('sysctl_settings'), { }) - Exec <| tag == 'kmod::load' |> -> Sysctl <| |> + if hiera('kernel_modules', undef) { + create_resources(kmod::load, hiera('kernel_modules'), { }) + } + if hiera('sysctl_settings', undef) { + create_resources(sysctl::value, hiera('sysctl_settings'), { }) + } + Exec <| tag == 'kmod::load' |> -> Sysctl <| |> } diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index d8c8e24..354d24c 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -58,6 +58,7 @@ class tripleo::profile::base::keystone ( include ::keystone::config include ::keystone::wsgi::apache + include ::keystone::cors if $manage_roles { include ::keystone::roles::admin @@ -72,5 +73,53 @@ class tripleo::profile::base::keystone ( if $step >= 5 and $manage_db_purge { include ::keystone::cron::token_flush } + + if $step >= 5 and $manage_endpoint{ + if hiera('aodh_api_enabled', false) { + include ::aodh::keystone::auth + } + if hiera('ceilometer_api_enabled', false) { + include ::ceilometer::keystone::auth + } + if hiera('cinder_api_enabled', false) { + include ::cinder::keystone::auth + } + if hiera('glance_api_enabled', false) { + include ::glance::keystone::auth + } + if hiera('gnocchi_api_enabled', false) { + include ::gnocchi::keystone::auth + } + if hiera('heat_api_enabled', false) { + include ::heat::keystone::auth + } + if hiera('heat_api_cfn_enabled', false) { + include ::heat::keystone::auth_cfn + } + if hiera('ironic_api_enabled', false) { + include ::ironic::keystone::auth + } + if hiera('manila_api_enabled', false) { + include ::manila::keystone::auth + } + if hiera('mistral_api_enabled', false) { + include ::mistral::keystone::auth + } + if hiera('neutron_api_enabled', false) { + include ::neutron::keystone::auth + } + if hiera('nova_api_enabled', false) { + include ::nova::keystone::auth + } + if hiera('sahara_api_enabled', false) { + include ::sahara::keystone::auth + } + if hiera('swift_proxy_enabled', false) { + include ::swift::keystone::auth + } + if hiera('trove_api_enabled', false) { + include ::trove::keystone::auth + } + } } diff --git a/manifests/profile/base/mistral.pp b/manifests/profile/base/mistral.pp index 0c41193..cffb03e 100644 --- a/manifests/profile/base/mistral.pp +++ b/manifests/profile/base/mistral.pp @@ -46,5 +46,6 @@ class tripleo::profile::base::mistral ( include ::mistral::config include ::mistral::client include ::mistral::db::sync + include ::mistral::cors } } diff --git a/manifests/profile/base/neutron/opendaylight.pp b/manifests/profile/base/neutron/opendaylight.pp new file mode 100644 index 0000000..ffe28ce --- /dev/null +++ b/manifests/profile/base/neutron/opendaylight.pp @@ -0,0 +1,46 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::neutron::opendaylight +# +# OpenDaylight Neutron profile for TripleO +# +# === Parameters +# +# [*step*] +# (Optional) The current step of the deployment +# Defaults to hiera('step') +# +# [*primary_controller*] +# (Optional) The hostname of the first controller +# Defaults to hiera('bootstrap_nodeid', undef) +# +class tripleo::profile::base::neutron::opendaylight ( + $step = hiera('step'), + $primary_controller = hiera('bootstrap_nodeid', undef), +) { + + include ::tripleo::profile::base::neutron + + if ! str2bool(hiera('opendaylight::enable_l3')) { + include ::tripleo::profile::base::neutron::l3 + } + + if $step >= 1 { + # Configure ODL only on first controller + if hiera('odl_on_controller') and $primary_controller == downcase($::hostname) { + include ::opendaylight + } + } +} diff --git a/manifests/profile/base/neutron/plugins/ml2.pp b/manifests/profile/base/neutron/plugins/ml2.pp index c89bc02..401e627 100644 --- a/manifests/profile/base/neutron/plugins/ml2.pp +++ b/manifests/profile/base/neutron/plugins/ml2.pp @@ -63,5 +63,10 @@ class tripleo::profile::base::neutron::plugins::ml2 ( if 'bsn_ml2' in $mechanism_drivers { include ::neutron::plugins::ml2::bigswitch::restproxy } + + if 'opendaylight' in $mechanism_drivers { + include ::tripleo::profile::base::neutron::plugins::ml2::opendaylight + } + } } diff --git a/manifests/profile/base/neutron/plugins/ml2/opendaylight.pp b/manifests/profile/base/neutron/plugins/ml2/opendaylight.pp new file mode 100644 index 0000000..f25aea6 --- /dev/null +++ b/manifests/profile/base/neutron/plugins/ml2/opendaylight.pp @@ -0,0 +1,54 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::neutron::plugins::ml2::opendaylight +# +# OpenDaylight ML2 Neutron profile for TripleO +# +# === Parameters +# +# [*odl_port*] +# (Optional) Port to use for OpenDaylight +# Defaults to hiera('opendaylight::odl_rest_port') +# +# [*conn_proto*] +# (Optional) Protocol to use to for ODL REST access +# Defaults to hiera('opendaylight::nb_connection_protocol') +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::neutron::plugins::ml2::opendaylight ( + $odl_port = hiera('opendaylight::odl_rest_port'), + $conn_proto = hiera('opendaylight::nb_connection_protocol'), + $step = hiera('step'), +) { + + if $step >= 4 { + # Figure out ODL IP + if hiera('odl_on_controller') { + $odl_url_ip = hiera('opendaylight_api_vip') + } else { + $odl_url_ip = hiera('opendaylight::odl_bind_ip') + } + + if ! $odl_url_ip { fail('OpenDaylight Controller IP/VIP is Empty') } + + class { '::neutron::plugins::ml2::opendaylight': + odl_url => "${conn_proto}://${odl_url_ip}:${odl_port}/controller/nb/v2/neutron"; + } + } +} diff --git a/manifests/profile/base/neutron/plugins/ovs/opendaylight.pp b/manifests/profile/base/neutron/plugins/ovs/opendaylight.pp new file mode 100644 index 0000000..7548046 --- /dev/null +++ b/manifests/profile/base/neutron/plugins/ovs/opendaylight.pp @@ -0,0 +1,73 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::neutron::plugins::ovs::opendaylight +# +# OpenDaylight Neutron OVS profile for TripleO +# +# === Parameters +# +# [*odl_port*] +# (Optional) Port to use for OpenDaylight +# Defaults to hiera('opendaylight::odl_rest_port') +# +# [*odl_check_url*] +# (Optional) URL path used to check if ODL is up +# Defaults to hiera('opendaylight_check_url') +# +# [*odl_api_ips*] +# (Optional) List of OpenStack Controller IPs for ODL API +# Defaults to hiera('opendaylight_api_node_ips') +# +# [*conn_proto*] +# (Optional) Protocol to use to for ODL REST access +# Defaults to hiera('opendaylight::nb_connection_protocol') +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::neutron::plugins::ovs::opendaylight ( + $odl_port = hiera('opendaylight::odl_rest_port'), + $odl_check_url = hiera('opendaylight_check_url'), + $odl_api_ips = hiera('opendaylight_api_node_ips'), + $conn_proto = hiera('opendaylight::nb_connection_protocol'), + $step = hiera('step'), +) { + + if $step >= 4 { + # Figure out ODL IP (and VIP if on controller) + if hiera('odl_on_controller') { + $opendaylight_controller_ip = $odl_api_ips[0] + $odl_url_ip = hiera('opendaylight_api_vip') + } else { + $opendaylight_controller_ip = hiera('opendaylight::odl_bind_ip') + $odl_url_ip = $opendaylight_controller_ip + } + + if ! $opendaylight_controller_ip { fail('OpenDaylight Controller IP is Empty') } + + if ! $odl_url_ip { fail('OpenDaylight API VIP is Empty') } + + # Build URL to check if ODL is up before connecting OVS + $opendaylight_url = "${conn_proto}://${odl_url_ip}:${odl_port}/${odl_check_url}" + + class { '::neutron::plugins::ovs::opendaylight': + tunnel_ip => hiera('neutron::agents::ml2::ovs::local_ip'), + odl_check_url => $opendaylight_url, + odl_ovsdb_iface => "tcp:${opendaylight_controller_ip}:6640", + } + } +} diff --git a/manifests/profile/base/neutron/sriov.pp b/manifests/profile/base/neutron/sriov.pp new file mode 100644 index 0000000..9b5f34c --- /dev/null +++ b/manifests/profile/base/neutron/sriov.pp @@ -0,0 +1,42 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::neutron::sriov +# +# Neutron SR-IOV nic Agent profile for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +# [*mechanism_drivers*] +# (Optional) The mechanism drivers to use with the Ml2 plugin +# Defaults to hiera('neutron::plugins::ml2::mechanism_drivers') +# + +class tripleo::profile::base::neutron::sriov( + $step = hiera('step'), + $mechanism_drivers = hiera('neutron::plugins::ml2::mechanism_drivers'), +) { + + if $step >= 4 { + if 'sriovnicswitch' in $mechanism_drivers { + include ::neutron::agents::ml2::sriov + } + } + +} diff --git a/manifests/profile/base/nova.pp b/manifests/profile/base/nova.pp index 07c3be1..b43b8e8 100644 --- a/manifests/profile/base/nova.pp +++ b/manifests/profile/base/nova.pp @@ -52,9 +52,9 @@ class tripleo::profile::base::nova ( } if hiera('nova::use_ipv6', false) { - $memcache_servers = suffix(hiera('memcache_node_ips_v6'), ':11211') + $memcache_servers = suffix(hiera('memcached_node_ips_v6'), ':11211') } else { - $memcache_servers = suffix(hiera('memcache_node_ips'), ':11211') + $memcache_servers = suffix(hiera('memcached_node_ips'), ':11211') } if hiera('step') >= 4 or (hiera('step') >= 3 and $sync_db) { diff --git a/manifests/profile/base/rabbitmq.pp b/manifests/profile/base/rabbitmq.pp index dc6ea4d..2fd2347 100644 --- a/manifests/profile/base/rabbitmq.pp +++ b/manifests/profile/base/rabbitmq.pp @@ -36,7 +36,7 @@ # # [*nodes*] # (Optional) Array of host(s) for RabbitMQ nodes. -# Defaults to hiera('rabbit_node_ips', []). +# Defaults to hiera('rabbitmq_node_ips', []). # # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates @@ -48,7 +48,7 @@ class tripleo::profile::base::rabbitmq ( $environment = hiera('rabbitmq_environment'), $ipv6 = str2bool(hiera('rabbit_ipv6', false)), $kernel_variables = hiera('rabbitmq_kernel_variables'), - $nodes = hiera('rabbit_node_ips', []), + $nodes = hiera('rabbitmq_node_ips', []), $step = hiera('step'), ) { # IPv6 environment, necessary for RabbitMQ. diff --git a/manifests/profile/base/swift/storage.pp b/manifests/profile/base/swift/storage.pp index 5e266a9..0b09ea6 100644 --- a/manifests/profile/base/swift/storage.pp +++ b/manifests/profile/base/swift/storage.pp @@ -34,6 +34,7 @@ class tripleo::profile::base::swift::storage ( ) { if $step >= 4 { if $enable_swift_storage { + include ::swift::storage::disks include ::swift::storage::all if(!defined(File['/srv/node'])) { file { '/srv/node': diff --git a/manifests/profile/base/ui.pp b/manifests/profile/base/ui.pp new file mode 100644 index 0000000..22371d1 --- /dev/null +++ b/manifests/profile/base/ui.pp @@ -0,0 +1,24 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::ui +# +# UI profile for tripleo +# +class tripleo::profile::base::ui () { + package {'openstack-tripleo-ui': } + + include ::apache +} + diff --git a/manifests/profile/pacemaker/ceilometer.pp b/manifests/profile/pacemaker/ceilometer.pp index 531b4bc..a31128d 100644 --- a/manifests/profile/pacemaker/ceilometer.pp +++ b/manifests/profile/pacemaker/ceilometer.pp @@ -87,22 +87,6 @@ class tripleo::profile::pacemaker::ceilometer ( require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name], Pacemaker::Resource::Service[$::ceilometer::params::collector_service_name]], } - pacemaker::constraint::base { 'ceilometer-collector-then-ceilometer-api-constraint': - constraint_type => 'order', - first_resource => "${::ceilometer::params::collector_service_name}-clone", - second_resource => "${::ceilometer::params::api_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::ceilometer::params::collector_service_name], - Pacemaker::Resource::Service[$::ceilometer::params::api_service_name]], - } - pacemaker::constraint::colocation { 'ceilometer-api-with-ceilometer-collector-colocation': - source => "${::ceilometer::params::api_service_name}-clone", - target => "${::ceilometer::params::collector_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::ceilometer::params::api_service_name], - Pacemaker::Resource::Service[$::ceilometer::params::collector_service_name]], - } } } diff --git a/manifests/profile/pacemaker/ceilometer/api.pp b/manifests/profile/pacemaker/ceilometer/api.pp index 0eddaec..169121b 100644 --- a/manifests/profile/pacemaker/ceilometer/api.pp +++ b/manifests/profile/pacemaker/ceilometer/api.pp @@ -34,10 +34,11 @@ class tripleo::profile::pacemaker::ceilometer::api ( include ::ceilometer::params include ::tripleo::profile::pacemaker::ceilometer include ::tripleo::profile::base::ceilometer::api + include ::tripleo::profile::pacemaker::apache if $step >= 5 and downcase($::hostname) == $pacemaker_master { - pacemaker::resource::service { $::ceilometer::params::api_service_name : - clone_params => 'interleave=true', + class { '::tripleo::profile::base::ceilometer::api': + step => $step, } } diff --git a/manifests/profile/pacemaker/cinder/backup.pp b/manifests/profile/pacemaker/cinder/backup.pp new file mode 100644 index 0000000..20a0104 --- /dev/null +++ b/manifests/profile/pacemaker/cinder/backup.pp @@ -0,0 +1,54 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::pacemaker::cinder::backup +# +# Cinder Backup Pacemaker HA profile for tripleo +# +# === Parameters +# +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::pacemaker::cinder::backup ( + $bootstrap_node = hiera('bootstrap_nodeid'), + $step = hiera('step'), +) { + + Service <| tag == 'cinder::backup' |> { + hasrestart => true, + restart => '/bin/true', + start => '/bin/true', + stop => '/bin/true', + } + + if $::hostname == downcase($bootstrap_node) { + $pacemaker_master = true + } else { + $pacemaker_master = false + } + + include ::tripleo::profile::base::cinder::backup + + if $step >= 5 and $pacemaker_master { + pacemaker::resource::service { $::cinder::params::backup_service : } + } + +} diff --git a/manifests/profile/pacemaker/database/mysql.pp b/manifests/profile/pacemaker/database/mysql.pp index 255b260..fceb415 100644 --- a/manifests/profile/pacemaker/database/mysql.pp +++ b/manifests/profile/pacemaker/database/mysql.pp @@ -71,7 +71,7 @@ class tripleo::profile::pacemaker::database::mysql ( mysql_server_options => $mysqld_options, } - if $step >= 2 and $pacemaker_master { + if $step >= 2 { if $pacemaker_master { pacemaker::resource::ocf { 'galera' : ocf_agent_name => 'heartbeat:galera', diff --git a/manifests/profile/pacemaker/manila.pp b/manifests/profile/pacemaker/manila.pp index 43ae875..37c67ab 100644 --- a/manifests/profile/pacemaker/manila.pp +++ b/manifests/profile/pacemaker/manila.pp @@ -83,6 +83,34 @@ # (Optional) # Defaults to hiera('manila::backend::generic::volume_snapshot_name_template') # +# [*manila_cephfsnative_enable*] +# (Optional) Enable the CephFS Native backend. +# Defaults to hiera('manila_cephfsnative_enable_backend', 'false') +# +# [*cephfs_handles_share_servers*] +# (Optional) +# Defaults to hiera('manila::backend::cephfsnative::driver_handles_share_servers', false) +# +# [*cephfs_backend_name*] +# (Optional) +# Defaults to hiera('manila::backend::cephfsnative::cephfs_backend_name') +# +# [*cephfs_conf_path*] +# (Optional) +# Defaults to hiera('manila::backend::cephfsnative::cephfs_conf_path') +# +# [*cephfs_auth_id*] +# (Optional) +# Defaults to hiera('manila::backend::cephfsnative::cephfs_auth_id') +# +# [*cephfs_cluster_name*] +# (Optional) +# Defaults to hiera('manila::backend::cephfsnative::cephfs_cluster_name') +# +# [*cephfs_enable_snapshots*] +# (Optional) +# Defaults to hiera('manila::backend::cephfsnative::cephfs_enable_snapshots') +# class tripleo::profile::pacemaker::manila ( $bootstrap_node = hiera('bootstrap_nodeid'), $cinder_volume_type = hiera('manila::backend::generic::cinder_volume_type', ''), @@ -100,6 +128,13 @@ class tripleo::profile::pacemaker::manila ( $step = hiera('step'), $volume_name_template = hiera('manila::backend::generic::volume_name_template'), $volume_snapshot_name_template = hiera('manila::backend::generic::volume_snapshot_name_template'), + $manila_cephfsnative_enable = hiera('manila::backend::cephfsnative::enable_backend', false), + $cephfs_handles_share_servers = hiera('manila::backend::cephfsnative::driver_handles_share_servers'), + $cephfs_backend_name = hiera('manila::backend::cephfsnative::cephfs_backend_name'), + $cephfs_conf_path = hiera('manila::backend::cephfsnative::cephfs_conf_path'), + $cephfs_auth_id = hiera('manila::backend::cephfsnative::cephfs_auth_id'), + $cephfs_cluster_name = hiera('manila::backend::cephfsnative::cephfs_cluster_name'), + $cephfs_enable_snapshots = hiera('manila::backend::cephfsnative::cephfs_enable_snapshots'), ) { if $::hostname == downcase($bootstrap_node) { $pacemaker_master = true @@ -145,7 +180,25 @@ class tripleo::profile::pacemaker::manila ( include ::manila::volume::cinder } - $manila_enabled_backends = delete_undef_values([$manila_generic_backend]) + # manila cephfsnative: + if $manila_cephfsnative_enable { + $manila_cephfsnative_backend = hiera('manila::backend::cephfsnative::title') + manila::backend::cephfsnative { $manila_cephfsnative_backend : + driver_handles_share_servers => $cephfs_handles_share_servers, + cephfs_backend_name => $cephfs_backend_name, + cephfs_conf_path => $cephfs_conf_path, + cephfs_auth_id => $cephfs_auth_id, + cephfs_cluster_name => $cephfs_cluster_name, + cephfs_enable_snapshots => $cephfs_enable_snapshots, + } + } + + $manila_enabled_backends = delete_undef_values( + [ + $manila_generic_backend, + $manila_cephfsnative_backend + ] + ) class { '::manila::backends' : enabled_share_backends => $manila_enabled_backends, } diff --git a/manifests/trusted_ca.pp b/manifests/trusted_ca.pp new file mode 100644 index 0000000..4e62418 --- /dev/null +++ b/manifests/trusted_ca.pp @@ -0,0 +1,39 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::trusted_ca +# +# Does the necessary action to deploy and trust a CA certificate. +# +# === Parameters +# +# [*content*] +# The content of the CA certificate in PEM format. +# +define tripleo::trusted_ca( + $content, +) { + file { "/etc/pki/ca-trust/source/anchors/${name}.pem": + content => $content, + mode => '0644', + owner => 'root', + group => 'root', + } + exec { "trust-ca-${name}": + command => 'update-ca-trust extract', + path => '/usr/bin', + subscribe => File["/etc/pki/ca-trust/source/anchors/${name}.pem"], + refreshonly => true, + } +} diff --git a/manifests/trusted_cas.pp b/manifests/trusted_cas.pp new file mode 100644 index 0000000..265a700 --- /dev/null +++ b/manifests/trusted_cas.pp @@ -0,0 +1,28 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::trusted_cas +# +# Does the necessary actions to deploy and trust a set of CA certificates. +# +# === Parameters +# +# [*ca_map*] +# The content of the CA certificate in PEM format. +# +class tripleo::trusted_cas( + $ca_map = {}, +) { + create_resources('::tripleo::trusted_ca', $ca_map) +} |