diff options
37 files changed, 308 insertions, 238 deletions
diff --git a/Puppetfile_extras b/Puppetfile_extras index e21e63f..0b617b9 100644 --- a/Puppetfile_extras +++ b/Puppetfile_extras @@ -44,3 +44,7 @@ mod 'ntp', mod 'systemd', :git => 'https://github.com/camptocamp/puppet-systemd', :ref => 'master' + +mod 'opendaylight', + :git => 'https://github.com/dfarrell07/puppet-opendaylight', + :ref => 'master' diff --git a/manifests/profile/base/aodh/api.pp b/manifests/profile/base/aodh/api.pp index af4a5b3..0834536 100644 --- a/manifests/profile/base/aodh/api.pp +++ b/manifests/profile/base/aodh/api.pp @@ -39,14 +39,6 @@ # (Optional) Whether TLS in the internal network is enabled or not. # Defaults to hiera('enable_internal_tls', false) # -# [*generate_service_certificates*] -# (Optional) Whether or not certmonger will generate certificates for -# HAProxy. This could be as many as specified by the $certificates_specs -# variable. -# Note that this doesn't configure the certificates in haproxy, it merely -# creates the certificates. -# Defaults to hiera('generate_service_certificate', false). -# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. @@ -57,17 +49,12 @@ class tripleo::profile::base::aodh::api ( $aodh_network = hiera('aodh_api_network', undef), $certificates_specs = hiera('apache_certificates_specs', {}), $enable_internal_tls = hiera('enable_internal_tls', false), - $generate_service_certificates = hiera('generate_service_certificates', false), $step = hiera('step'), ) { include ::tripleo::profile::base::aodh if $enable_internal_tls { - if $generate_service_certificates { - ensure_resources('tripleo::certmonger::httpd', $certificates_specs) - } - if !$aodh_network { fail('aodh_api_network is not set in the hieradata.') } diff --git a/manifests/profile/base/barbican/api.pp b/manifests/profile/base/barbican/api.pp index 22984b1..71e4ea1 100644 --- a/manifests/profile/base/barbican/api.pp +++ b/manifests/profile/base/barbican/api.pp @@ -43,14 +43,6 @@ # (Optional) Whether TLS in the internal network is enabled or not. # Defaults to hiera('enable_internal_tls', false) # -# [*generate_service_certificates*] -# (Optional) Whether or not certmonger will generate certificates for -# HAProxy. This could be as many as specified by the $certificates_specs -# variable. -# Note that this doesn't configure the certificates in haproxy, it merely -# creates the certificates. -# Defaults to hiera('generate_service_certificate', false). -# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. @@ -105,7 +97,6 @@ class tripleo::profile::base::barbican::api ( $bootstrap_node = hiera('bootstrap_nodeid', undef), $certificates_specs = hiera('apache_certificates_specs', {}), $enable_internal_tls = hiera('enable_internal_tls', false), - $generate_service_certificates = hiera('generate_service_certificates', false), $step = hiera('step'), $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), @@ -126,10 +117,6 @@ class tripleo::profile::base::barbican::api ( } if $enable_internal_tls { - if $generate_service_certificates { - ensure_resources('tripleo::certmonger::httpd', $certificates_specs) - } - if !$barbican_network { fail('barbican_api_network is not set in the hieradata.') } diff --git a/manifests/profile/base/ceilometer/api.pp b/manifests/profile/base/ceilometer/api.pp index 6ef4748..28504c5 100644 --- a/manifests/profile/base/ceilometer/api.pp +++ b/manifests/profile/base/ceilometer/api.pp @@ -39,14 +39,6 @@ # (Optional) Whether TLS in the internal network is enabled or not. # Defaults to hiera('enable_internal_tls', false) # -# [*generate_service_certificates*] -# (Optional) Whether or not certmonger will generate certificates for -# HAProxy. This could be as many as specified by the $certificates_specs -# variable. -# Note that this doesn't configure the certificates in haproxy, it merely -# creates the certificates. -# Defaults to hiera('generate_service_certificate', false). -# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. @@ -56,16 +48,11 @@ class tripleo::profile::base::ceilometer::api ( $ceilometer_network = hiera('ceilometer_api_network', undef), $certificates_specs = hiera('apache_certificates_specs', {}), $enable_internal_tls = hiera('enable_internal_tls', false), - $generate_service_certificates = hiera('generate_service_certificates', false), $step = hiera('step'), ) { include ::tripleo::profile::base::ceilometer if $enable_internal_tls { - if $generate_service_certificates { - ensure_resources('tripleo::certmonger::httpd', $certificates_specs) - } - if !$ceilometer_network { fail('ceilometer_api_network is not set in the hieradata.') } diff --git a/manifests/profile/base/ceilometer/collector.pp b/manifests/profile/base/ceilometer/collector.pp index 20eab54..6b58286 100644 --- a/manifests/profile/base/ceilometer/collector.pp +++ b/manifests/profile/base/ceilometer/collector.pp @@ -85,4 +85,12 @@ class tripleo::profile::base::ceilometer::collector ( include ::ceilometer::dispatcher::gnocchi } + # Re-run ceilometer-upgrade again in step 5 so gnocchi resource types + # are created safely. + if $step >= 5 and $sync_db { + exec {'ceilometer-db-upgrade': + command => 'ceilometer-upgrade --skip-metering-database', + path => ['/usr/bin', '/usr/sbin'], + } + } } diff --git a/manifests/profile/base/ceph/rgw.pp b/manifests/profile/base/ceph/rgw.pp index 8443de0..d00f7cd 100644 --- a/manifests/profile/base/ceph/rgw.pp +++ b/manifests/profile/base/ceph/rgw.pp @@ -60,7 +60,7 @@ class tripleo::profile::base::ceph::rgw ( $rgw_name = hiera('ceph::profile::params::rgw_name', 'radosgw.gateway') $civetweb_bind_ip_real = normalize_ip_for_uri($civetweb_bind_ip) include ::ceph::params - include ::ceph::profile::base + include ::ceph::profile::client ceph::rgw { $rgw_name: frontend_type => 'civetweb', rgw_frontends => "civetweb port=${civetweb_bind_ip_real}:${civetweb_bind_port}", diff --git a/manifests/profile/base/cinder/api.pp b/manifests/profile/base/cinder/api.pp index 450a8e6..c432fd6 100644 --- a/manifests/profile/base/cinder/api.pp +++ b/manifests/profile/base/cinder/api.pp @@ -43,14 +43,6 @@ # (Optional) Whether TLS in the internal network is enabled or not. # Defaults to hiera('enable_internal_tls', false) # -# [*generate_service_certificates*] -# (Optional) Whether or not certmonger will generate certificates for -# HAProxy. This could be as many as specified by the $certificates_specs -# variable. -# Note that this doesn't configure the certificates in haproxy, it merely -# creates the certificates. -# Defaults to hiera('generate_service_certificate', false). -# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. @@ -61,7 +53,6 @@ class tripleo::profile::base::cinder::api ( $certificates_specs = hiera('apache_certificates_specs', {}), $cinder_api_network = hiera('cinder_api_network', undef), $enable_internal_tls = hiera('enable_internal_tls', false), - $generate_service_certificates = hiera('generate_service_certificates', false), $step = hiera('step'), ) { if $::hostname == downcase($bootstrap_node) { @@ -73,10 +64,6 @@ class tripleo::profile::base::cinder::api ( include ::tripleo::profile::base::cinder if $enable_internal_tls { - if $generate_service_certificates { - ensure_resources('tripleo::certmonger::httpd', $certificates_specs) - } - if !$cinder_api_network { fail('cinder_api_network is not set in the hieradata.') } diff --git a/manifests/profile/base/database/mysql.pp b/manifests/profile/base/database/mysql.pp index 80b07d4..b4ac8ac 100644 --- a/manifests/profile/base/database/mysql.pp +++ b/manifests/profile/base/database/mysql.pp @@ -47,12 +47,6 @@ # limit for the mysql service. # Defaults to false # -# [*generate_service_certificates*] -# (Optional) Whether or not certmonger will generate certificates for -# MySQL. This could be as many as specified by the $certificates_specs -# variable. -# Defaults to hiera('generate_service_certificate', false). -# # [*manage_resources*] # (Optional) Whether or not manage root user, root my.cnf, and service. # Defaults to true @@ -82,7 +76,6 @@ class tripleo::profile::base::database::mysql ( $certificate_specs = {}, $enable_internal_tls = hiera('enable_internal_tls', false), $generate_dropin_file_limit = false, - $generate_service_certificates = hiera('generate_service_certificates', false), $manage_resources = true, $mysql_server_options = {}, $mysql_max_connections = hiera('mysql_max_connections', undef), @@ -100,9 +93,6 @@ class tripleo::profile::base::database::mysql ( validate_hash($certificate_specs) if $enable_internal_tls { - if $generate_service_certificates { - ensure_resource('class', 'tripleo::certmonger::mysql', $certificate_specs) - } $tls_certfile = $certificate_specs['service_certificate'] $tls_keyfile = $certificate_specs['service_key'] } else { diff --git a/manifests/profile/base/docker_registry.pp b/manifests/profile/base/docker_registry.pp index 0452575..2f1783d 100644 --- a/manifests/profile/base/docker_registry.pp +++ b/manifests/profile/base/docker_registry.pp @@ -43,6 +43,7 @@ class tripleo::profile::base::docker_registry ( } package{'docker-distribution': } package{'docker': } + package{'openstack-kolla': } file { '/etc/docker-distribution/registry/config.yml' : ensure => file, content => template('tripleo/docker_distribution/registry_config.yml.erb'), diff --git a/manifests/profile/base/glance/api.pp b/manifests/profile/base/glance/api.pp index e5807f6..8ed7fb7 100644 --- a/manifests/profile/base/glance/api.pp +++ b/manifests/profile/base/glance/api.pp @@ -38,14 +38,6 @@ # (Optional) Whether TLS in the internal network is enabled or not. # Defaults to hiera('enable_internal_tls', false) # -# [*generate_service_certificates*] -# (Optional) Whether or not certmonger will generate certificates for -# HAProxy. This could be as many as specified by the $certificates_specs -# variable. -# Note that this doesn't configure the certificates in haproxy, it merely -# creates the certificates. -# Defaults to hiera('generate_service_certificate', false). -# # [*glance_backend*] # (Optional) Glance backend(s) to use. # Defaults to downcase(hiera('glance_backend', 'swift')) @@ -91,7 +83,6 @@ class tripleo::profile::base::glance::api ( $bootstrap_node = hiera('bootstrap_nodeid', undef), $certificates_specs = hiera('apache_certificates_specs', {}), $enable_internal_tls = hiera('enable_internal_tls', false), - $generate_service_certificates = hiera('generate_service_certificates', false), $glance_backend = downcase(hiera('glance_backend', 'swift')), $glance_network = hiera('glance_api_network', undef), $glance_nfs_enabled = false, @@ -102,10 +93,6 @@ class tripleo::profile::base::glance::api ( $tls_proxy_fqdn = undef, $tls_proxy_port = 9292, ) { - if $enable_internal_tls and $generate_service_certificates { - ensure_resources('tripleo::certmonger::httpd', $certificates_specs) - } - if $::hostname == downcase($bootstrap_node) { $sync_db = true } else { diff --git a/manifests/profile/base/gnocchi/api.pp b/manifests/profile/base/gnocchi/api.pp index 2fde1fc..79ee265 100644 --- a/manifests/profile/base/gnocchi/api.pp +++ b/manifests/profile/base/gnocchi/api.pp @@ -38,14 +38,6 @@ # (Optional) Whether TLS in the internal network is enabled or not. # Defaults to hiera('enable_internal_tls', false) # -# [*generate_service_certificates*] -# (Optional) Whether or not certmonger will generate certificates for -# HAProxy. This could be as many as specified by the $certificates_specs -# variable. -# Note that this doesn't configure the certificates in haproxy, it merely -# creates the certificates. -# Defaults to hiera('generate_service_certificate', false). -# # [*gnocchi_backend*] # (Optional) Gnocchi backend string file, swift or rbd # Defaults to swift @@ -64,7 +56,6 @@ class tripleo::profile::base::gnocchi::api ( $bootstrap_node = hiera('bootstrap_nodeid', undef), $certificates_specs = hiera('apache_certificates_specs', {}), $enable_internal_tls = hiera('enable_internal_tls', false), - $generate_service_certificates = hiera('generate_service_certificates', false), $gnocchi_backend = downcase(hiera('gnocchi_backend', 'swift')), $gnocchi_network = hiera('gnocchi_api_network', undef), $step = hiera('step'), @@ -78,10 +69,6 @@ class tripleo::profile::base::gnocchi::api ( include ::tripleo::profile::base::gnocchi if $enable_internal_tls { - if $generate_service_certificates { - ensure_resources('tripleo::certmonger::httpd', $certificates_specs) - } - if !$gnocchi_network { fail('gnocchi_api_network is not set in the hieradata.') } @@ -113,4 +100,13 @@ class tripleo::profile::base::gnocchi::api ( default: { fail('Unrecognized gnocchi_backend parameter.') } } } + + # Re-run gnochci upgrade with storage as swift/ceph should be up at this + # stage. + if $step >= 5 and $sync_db { + exec {'run gnocchi upgrade with storage': + command => 'gnocchi-upgrade --config-file=/etc/gnocchi/gnocchi.conf', + path => ['/usr/bin', '/usr/sbin'], + } + } } diff --git a/manifests/profile/base/haproxy.pp b/manifests/profile/base/haproxy.pp index 8568b28..9a03487 100644 --- a/manifests/profile/base/haproxy.pp +++ b/manifests/profile/base/haproxy.pp @@ -36,14 +36,6 @@ # (Optional) Whether or not loadbalancer is enabled. # Defaults to hiera('enable_load_balancer', true). # -# [*generate_service_certificates*] -# (Optional) Whether or not certmonger will generate certificates for -# HAProxy. This could be as many as specified by the $certificates_specs -# variable. -# Note that this doesn't configure the certificates in haproxy, it merely -# creates the certificates. -# Defaults to hiera('generate_service_certificate', false). -# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. @@ -52,18 +44,10 @@ class tripleo::profile::base::haproxy ( $certificates_specs = {}, $enable_load_balancer = hiera('enable_load_balancer', true), - $generate_service_certificates = hiera('generate_service_certificates', false), $step = hiera('step'), ) { if $step >= 1 { if $enable_load_balancer { - if str2bool($generate_service_certificates) { - ensure_resources('tripleo::certmonger::haproxy', $certificates_specs) - # The haproxy fronends (or listen resources) depend on the certificate - # existing and need to be refreshed if it changed. - Tripleo::Certmonger::Haproxy<||> ~> Haproxy::Listen<||> - } - class {'::tripleo::haproxy': internal_certificates_specs => $certificates_specs, } diff --git a/manifests/profile/base/heat/api.pp b/manifests/profile/base/heat/api.pp index 9ffba9c..f35735b 100644 --- a/manifests/profile/base/heat/api.pp +++ b/manifests/profile/base/heat/api.pp @@ -34,14 +34,6 @@ # (Optional) Whether TLS in the internal network is enabled or not. # Defaults to hiera('enable_internal_tls', false) # -# [*generate_service_certificates*] -# (Optional) Whether or not certmonger will generate certificates for -# HAProxy. This could be as many as specified by the $certificates_specs -# variable. -# Note that this doesn't configure the certificates in haproxy, it merely -# creates the certificates. -# Defaults to hiera('generate_service_certificate', false). -# # [*heat_api_network*] # (Optional) The network name where the heat API endpoint is listening on. # This is set by t-h-t. @@ -55,17 +47,12 @@ class tripleo::profile::base::heat::api ( $certificates_specs = hiera('apache_certificates_specs', {}), $enable_internal_tls = hiera('enable_internal_tls', false), - $generate_service_certificates = hiera('generate_service_certificates', false), $heat_api_network = hiera('heat_api_network', undef), $step = hiera('step'), ) { include ::tripleo::profile::base::heat if $enable_internal_tls { - if $generate_service_certificates { - ensure_resources('tripleo::certmonger::httpd', $certificates_specs) - } - if !$heat_api_network { fail('heat_api_network is not set in the hieradata.') } diff --git a/manifests/profile/base/heat/api_cfn.pp b/manifests/profile/base/heat/api_cfn.pp index 987d3b2..2545dbc 100644 --- a/manifests/profile/base/heat/api_cfn.pp +++ b/manifests/profile/base/heat/api_cfn.pp @@ -34,14 +34,6 @@ # (Optional) Whether TLS in the internal network is enabled or not. # Defaults to hiera('enable_internal_tls', false) # -# [*generate_service_certificates*] -# (Optional) Whether or not certmonger will generate certificates for -# HAProxy. This could be as many as specified by the $certificates_specs -# variable. -# Note that this doesn't configure the certificates in haproxy, it merely -# creates the certificates. -# Defaults to hiera('generate_service_certificate', false). -# # [*heat_api_cfn_network*] # (Optional) The network name where the heat cfn endpoint is listening on. # This is set by t-h-t. @@ -55,17 +47,12 @@ class tripleo::profile::base::heat::api_cfn ( $certificates_specs = hiera('apache_certificates_specs', {}), $enable_internal_tls = hiera('enable_internal_tls', false), - $generate_service_certificates = hiera('generate_service_certificates', false), $heat_api_cfn_network = hiera('heat_api_cfn_network', undef), $step = hiera('step'), ) { include ::tripleo::profile::base::heat if $enable_internal_tls { - if $generate_service_certificates { - ensure_resources('tripleo::certmonger::httpd', $certificates_specs) - } - if !$heat_api_cfn_network { fail('heat_api_cfn_network is not set in the hieradata.') } diff --git a/manifests/profile/base/heat/api_cloudwatch.pp b/manifests/profile/base/heat/api_cloudwatch.pp index 4dd2607..872de8d 100644 --- a/manifests/profile/base/heat/api_cloudwatch.pp +++ b/manifests/profile/base/heat/api_cloudwatch.pp @@ -34,14 +34,6 @@ # (Optional) Whether TLS in the internal network is enabled or not. # Defaults to hiera('enable_internal_tls', false) # -# [*generate_service_certificates*] -# (Optional) Whether or not certmonger will generate certificates for -# HAProxy. This could be as many as specified by the $certificates_specs -# variable. -# Note that this doesn't configure the certificates in haproxy, it merely -# creates the certificates. -# Defaults to hiera('generate_service_certificate', false). -# # [*heat_api_cloudwatch_network*] # (Optional) The network name where the heat cloudwatch endpoint is listening # on. This is set by t-h-t. @@ -55,17 +47,12 @@ class tripleo::profile::base::heat::api_cloudwatch ( $certificates_specs = hiera('apache_certificates_specs', {}), $enable_internal_tls = hiera('enable_internal_tls', false), - $generate_service_certificates = hiera('generate_service_certificates', false), $heat_api_cloudwatch_network = hiera('heat_api_cloudwatch_network', undef), $step = hiera('step'), ) { include ::tripleo::profile::base::heat if $enable_internal_tls { - if $generate_service_certificates { - ensure_resources('tripleo::certmonger::httpd', $certificates_specs) - } - if !$heat_api_cloudwatch_network { fail('heat_api_cloudwatch_network is not set in the hieradata.') } diff --git a/manifests/profile/base/ironic/conductor.pp b/manifests/profile/base/ironic/conductor.pp index 4824648..7f90da9 100644 --- a/manifests/profile/base/ironic/conductor.pp +++ b/manifests/profile/base/ironic/conductor.pp @@ -44,5 +44,12 @@ class tripleo::profile::base::ironic::conductor ( include ::ironic::drivers::ilo include ::ironic::drivers::ipmi include ::ironic::drivers::ssh + + # Configure access to other services + include ::ironic::drivers::inspector + include ::ironic::glance + include ::ironic::neutron + include ::ironic::service_catalog + include ::ironic::swift } } diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index 9b2fc51..9598d64 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -43,14 +43,6 @@ # (Optional) Whether TLS in the internal network is enabled or not. # Defaults to hiera('enable_internal_tls', false) # -# [*generate_service_certificates*] -# (Optional) Whether or not certmonger will generate certificates for -# HAProxy. This could be as many as specified by the $certificates_specs -# variable. -# Note that this doesn't configure the certificates in haproxy, it merely -# creates the certificates. -# Defaults to hiera('generate_service_certificate', false). -# # [*heat_admin_domain*] # domain name for heat admin # Defaults to undef @@ -130,7 +122,6 @@ class tripleo::profile::base::keystone ( $bootstrap_node = hiera('bootstrap_nodeid', undef), $certificates_specs = hiera('apache_certificates_specs', {}), $enable_internal_tls = hiera('enable_internal_tls', false), - $generate_service_certificates = hiera('generate_service_certificates', false), $heat_admin_domain = undef, $heat_admin_email = undef, $heat_admin_password = undef, @@ -163,10 +154,6 @@ class tripleo::profile::base::keystone ( } if $enable_internal_tls { - if $generate_service_certificates { - ensure_resources('tripleo::certmonger::httpd', $certificates_specs) - } - if !$public_endpoint_network { fail('keystone_public_api_network is not set in the hieradata.') } @@ -208,6 +195,10 @@ class tripleo::profile::base::keystone ( }), } + if 'amqp' in [$oslomsg_rpc_proto, $oslomsg_notify_proto]{ + include ::keystone::messaging::amqp + } + include ::keystone::config class { '::keystone::wsgi::apache': ssl_cert => $tls_certfile, diff --git a/manifests/profile/base/neutron/l2gw.pp b/manifests/profile/base/neutron/l2gw.pp new file mode 100644 index 0000000..da71108 --- /dev/null +++ b/manifests/profile/base/neutron/l2gw.pp @@ -0,0 +1,37 @@ +# +# Copyright (C) 2017 Red Hat Inc. +# +# Author: Peng Liu <pliu@redhat.com> +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::neutron::l2gw +# +# Neutron L2 Gateway Service plugin profile for TripleO +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::neutron::l2gw ( + $step = hiera('step'), +) { + include ::tripleo::profile::base::neutron + + if $step >= 4 { + include ::neutron::services::l2gw + } +} diff --git a/manifests/profile/base/neutron/opendaylight.pp b/manifests/profile/base/neutron/opendaylight.pp index 556fe63..b5e6d11 100644 --- a/manifests/profile/base/neutron/opendaylight.pp +++ b/manifests/profile/base/neutron/opendaylight.pp @@ -22,19 +22,35 @@ # (Optional) The current step of the deployment # Defaults to hiera('step') # -# [*primary_node*] -# (Optional) The hostname of the first node of this role type -# Defaults to hiera('bootstrap_nodeid', undef) +# [*odl_api_ips*] +# (Optional) List of OpenStack Controller IPs for ODL API +# Defaults to hiera('opendaylight_api_node_ips') +# +# [*node_name*] +# (Optional) The short hostname of node +# Defaults to hiera('bootstack_nodeid') # class tripleo::profile::base::neutron::opendaylight ( $step = hiera('step'), - $primary_node = hiera('bootstrap_nodeid', undef), + $odl_api_ips = hiera('opendaylight_api_node_ips'), + $node_name = hiera('bootstack_nodeid') ) { if $step >= 1 { - # Configure ODL only on first node of the role where this service is - # applied - if $primary_node == downcase($::hostname) { + validate_array($odl_api_ips) + if empty($odl_api_ips) { + fail('No IPs assigned to OpenDaylight Api Service') + } elsif size($odl_api_ips) == 2 { + fail('2 node OpenDaylight deployments are unsupported. Use 1 or greater than 2') + } elsif size($odl_api_ips) > 2 { + $node_string = split($node_name, '-') + $ha_node_index = $node_string[-1] + 1 + class { '::opendaylight': + enable_ha => true, + ha_node_ips => $odl_api_ips, + ha_node_index => $ha_node_index, + } + } else { include ::opendaylight } } diff --git a/manifests/profile/base/neutron/plugins/ml2/opendaylight.pp b/manifests/profile/base/neutron/plugins/ml2/opendaylight.pp index c120931..2618d4f 100644 --- a/manifests/profile/base/neutron/plugins/ml2/opendaylight.pp +++ b/manifests/profile/base/neutron/plugins/ml2/opendaylight.pp @@ -30,6 +30,10 @@ # (Optional) Password to configure for OpenDaylight # Defaults to 'admin' # +# [*odl_url_ip*] +# (Optional) Virtual IP address for ODL Api Service +# Defaults to hiera('opendaylight_api_vip') +# # [*conn_proto*] # (Optional) Protocol to use to for ODL REST access # Defaults to hiera('opendaylight::nb_connection_protocol') @@ -43,14 +47,13 @@ class tripleo::profile::base::neutron::plugins::ml2::opendaylight ( $odl_port = hiera('opendaylight::odl_rest_port'), $odl_username = hiera('opendaylight::username'), $odl_password = hiera('opendaylight::password'), + $odl_url_ip = hiera('opendaylight_api_vip'), $conn_proto = hiera('opendaylight::nb_connection_protocol'), $step = hiera('step'), ) { if $step >= 4 { - $odl_url_ip = hiera('opendaylight_api_vip') - - if ! $odl_url_ip { fail('OpenDaylight Controller IP/VIP is Empty') } + if ! $odl_url_ip { fail('OpenDaylight API VIP is Empty') } class { '::neutron::plugins::ml2::opendaylight': odl_username => $odl_username, diff --git a/manifests/profile/base/neutron/plugins/ovs/opendaylight.pp b/manifests/profile/base/neutron/plugins/ovs/opendaylight.pp index 91c5168..4da8df9 100644 --- a/manifests/profile/base/neutron/plugins/ovs/opendaylight.pp +++ b/manifests/profile/base/neutron/plugins/ovs/opendaylight.pp @@ -30,6 +30,10 @@ # (Optional) List of OpenStack Controller IPs for ODL API # Defaults to hiera('opendaylight_api_node_ips') # +# [*odl_url_ip*] +# (Optional) Virtual IP address for ODL Api Service +# Defaults to hiera('opendaylight_api_vip') +# # [*conn_proto*] # (Optional) Protocol to use to for ODL REST access # Defaults to hiera('opendaylight::nb_connection_protocol') @@ -43,25 +47,25 @@ class tripleo::profile::base::neutron::plugins::ovs::opendaylight ( $odl_port = hiera('opendaylight::odl_rest_port'), $odl_check_url = hiera('opendaylight_check_url'), $odl_api_ips = hiera('opendaylight_api_node_ips'), + $odl_url_ip = hiera('opendaylight_api_vip'), $conn_proto = hiera('opendaylight::nb_connection_protocol'), $step = hiera('step'), ) { if $step >= 4 { - $opendaylight_controller_ip = $odl_api_ips[0] - $odl_url_ip = hiera('opendaylight_api_vip') - - if ! $opendaylight_controller_ip { fail('OpenDaylight Controller IP is Empty') } + if empty($odl_api_ips) { fail('No IPs assigned to OpenDaylight Api Service') } if ! $odl_url_ip { fail('OpenDaylight API VIP is Empty') } # Build URL to check if ODL is up before connecting OVS $opendaylight_url = "${conn_proto}://${odl_url_ip}:${odl_port}/${odl_check_url}" + $odl_ovsdb_str = join(regsubst($odl_api_ips, '.+', 'tcp:\0:6640'), ' ') + class { '::neutron::plugins::ovs::opendaylight': tunnel_ip => hiera('neutron::agents::ml2::ovs::local_ip'), odl_check_url => $opendaylight_url, - odl_ovsdb_iface => "tcp:${opendaylight_controller_ip}:6640", + odl_ovsdb_iface => $odl_ovsdb_str, } } } diff --git a/manifests/profile/base/neutron/server.pp b/manifests/profile/base/neutron/server.pp index 5d6909f..d67a40c 100644 --- a/manifests/profile/base/neutron/server.pp +++ b/manifests/profile/base/neutron/server.pp @@ -43,14 +43,6 @@ # (Optional) Whether TLS in the internal network is enabled or not. # Defaults to hiera('enable_internal_tls', false) # -# [*generate_service_certificates*] -# (Optional) Whether or not certmonger will generate certificates for -# HAProxy. This could be as many as specified by the $certificates_specs -# variable. -# Note that this doesn't configure the certificates in haproxy, it merely -# creates the certificates. -# Defaults to hiera('generate_service_certificate', false). -# # [*l3_ha_override*] # (Optional) Override the calculated value for neutron::server::l3_ha # by default this is calculated to enable when DVR is not enabled @@ -95,7 +87,6 @@ class tripleo::profile::base::neutron::server ( $certificates_specs = hiera('apache_certificates_specs', {}), $dvr_enabled = hiera('neutron::server::router_distributed', false), $enable_internal_tls = hiera('enable_internal_tls', false), - $generate_service_certificates = hiera('generate_service_certificates', false), $l3_ha_override = '', $l3_nodes = hiera('neutron_l3_short_node_names', []), $neutron_network = hiera('neutron_api_network', undef), @@ -104,10 +95,6 @@ class tripleo::profile::base::neutron::server ( $tls_proxy_fqdn = undef, $tls_proxy_port = 9696, ) { - if $enable_internal_tls and $generate_service_certificates { - ensure_resources('tripleo::certmonger::httpd', $certificates_specs) - } - if $::hostname == downcase($bootstrap_node) { $sync_db = true } else { diff --git a/manifests/profile/base/nova/api.pp b/manifests/profile/base/nova/api.pp index cda2b66..95a1721 100644 --- a/manifests/profile/base/nova/api.pp +++ b/manifests/profile/base/nova/api.pp @@ -36,14 +36,6 @@ # (Optional) Whether TLS in the internal network is enabled or not. # Defaults to hiera('enable_internal_tls', false) # -# [*generate_service_certificates*] -# (Optional) Whether or not certmonger will generate certificates for -# HAProxy. This could be as many as specified by the $certificates_specs -# variable. -# Note that this doesn't configure the certificates in haproxy, it merely -# creates the certificates. -# Defaults to hiera('generate_service_certificate', false). -# # [*nova_api_network*] # (Optional) The network name where the nova API endpoint is listening on. # This is set by t-h-t. @@ -63,7 +55,6 @@ class tripleo::profile::base::nova::api ( $bootstrap_node = hiera('bootstrap_nodeid', undef), $certificates_specs = hiera('apache_certificates_specs', {}), $enable_internal_tls = hiera('enable_internal_tls', false), - $generate_service_certificates = hiera('generate_service_certificates', false), $nova_api_network = hiera('nova_api_network', undef), $nova_api_wsgi_enabled = hiera('nova_wsgi_enabled', false), $step = hiera('step'), @@ -93,10 +84,6 @@ class tripleo::profile::base::nova::api ( # https://bugs.launchpad.net/nova/+bug/1661360 if $nova_api_wsgi_enabled { if $enable_internal_tls { - if $generate_service_certificates { - ensure_resources('tripleo::certmonger::httpd', $certificates_specs) - } - if !$nova_api_network { fail('nova_api_network is not set in the hieradata.') } diff --git a/manifests/profile/base/nova/compute.pp b/manifests/profile/base/nova/compute.pp index 0eb2ed7..84b8bd5 100644 --- a/manifests/profile/base/nova/compute.pp +++ b/manifests/profile/base/nova/compute.pp @@ -48,10 +48,12 @@ class tripleo::profile::base::nova::compute ( # When utilising images for deployment, we need to reset the iSCSI initiator name to make it unique # https://bugzilla.redhat.com/show_bug.cgi?id=1244328 + ensure_resource('package', 'iscsi-initiator-utils', { ensure => 'present' }) exec { 'reset-iscsi-initiator-name': command => '/bin/echo InitiatorName=$(/usr/sbin/iscsi-iname) > /etc/iscsi/initiatorname.iscsi', onlyif => '/usr/bin/test ! -f /etc/iscsi/.initiator_reset', before => File['/etc/iscsi/.initiator_reset'], + require => Package['iscsi-initiator-utils'], } file { '/etc/iscsi/.initiator_reset': ensure => present, diff --git a/manifests/profile/base/nova/placement.pp b/manifests/profile/base/nova/placement.pp index 46658b8..16bfe17 100644 --- a/manifests/profile/base/nova/placement.pp +++ b/manifests/profile/base/nova/placement.pp @@ -36,14 +36,6 @@ # (Optional) Whether TLS in the internal network is enabled or not. # Defaults to hiera('enable_internal_tls', false) # -# [*generate_service_certificates*] -# (Optional) Whether or not certmonger will generate certificates for -# HAProxy. This could be as many as specified by the $certificates_specs -# variable. -# Note that this doesn't configure the certificates in haproxy, it merely -# creates the certificates. -# Defaults to hiera('generate_service_certificate', false). -# # [*nova_placement_network*] # (Optional) The network name where the nova placement endpoint is listening on. # This is set by t-h-t. @@ -58,7 +50,6 @@ class tripleo::profile::base::nova::placement ( $bootstrap_node = hiera('bootstrap_nodeid', undef), $certificates_specs = hiera('apache_certificates_specs', {}), $enable_internal_tls = hiera('enable_internal_tls', false), - $generate_service_certificates = hiera('generate_service_certificates', false), $nova_placement_network = hiera('nova_placement_network', undef), $step = hiera('step'), ) { @@ -72,10 +63,6 @@ class tripleo::profile::base::nova::placement ( include ::tripleo::profile::base::nova::authtoken if $enable_internal_tls { - if $generate_service_certificates { - ensure_resources('tripleo::certmonger::httpd', $certificates_specs) - } - if !$nova_placement_network { fail('nova_placement_network is not set in the hieradata.') } diff --git a/manifests/profile/base/panko/api.pp b/manifests/profile/base/panko/api.pp index a6643ce..90e80a2 100644 --- a/manifests/profile/base/panko/api.pp +++ b/manifests/profile/base/panko/api.pp @@ -38,14 +38,6 @@ # (Optional) Whether TLS in the internal network is enabled or not. # Defaults to hiera('enable_internal_tls', false) # -# [*generate_service_certificates*] -# (Optional) Whether or not certmonger will generate certificates for -# HAProxy. This could be as many as specified by the $certificates_specs -# variable. -# Note that this doesn't configure the certificates in haproxy, it merely -# creates the certificates. -# Defaults to hiera('generate_service_certificate', false). -# # [*panko_network*] # (Optional) The network name where the panko endpoint is listening on. # This is set by t-h-t. @@ -60,7 +52,6 @@ class tripleo::profile::base::panko::api ( $bootstrap_node = hiera('bootstrap_nodeid', undef), $certificates_specs = hiera('apache_certificates_specs', {}), $enable_internal_tls = hiera('enable_internal_tls', false), - $generate_service_certificates = hiera('generate_service_certificates', false), $panko_network = hiera('panko_api_network', undef), $step = hiera('step'), ) { @@ -73,10 +64,6 @@ class tripleo::profile::base::panko::api ( include ::tripleo::profile::base::panko if $enable_internal_tls { - if $generate_service_certificates { - ensure_resources('tripleo::certmonger::httpd', $certificates_specs) - } - if !$panko_network { fail('panko_api_network is not set in the hieradata.') } diff --git a/manifests/profile/base/qdr.pp b/manifests/profile/base/qdr.pp new file mode 100644 index 0000000..9827f2e --- /dev/null +++ b/manifests/profile/base/qdr.pp @@ -0,0 +1,54 @@ +# Copyright 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::qdr +# +# Qpid dispatch router profile for tripleo +# +# === Parameters +# +# [*qdr_username*] +# Username for the qrouter daemon +# Defaults to undef +# +# [*qdr_password*] +# Password for the qrouter daemon +# Defaults to undef +# +# [*qdr_listener_port*] +# Port for the listener (not that we do not use qdr::listener_port +# directly because it requires a string and we have a number. +# Defaults to hiera('tripleo::profile::base::qdr::qdr_listener_port', 5672) +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::qdr ( + $qdr_username = undef, + $qdr_password = undef, + $qdr_listener_port = hiera('tripleo::profile::base::qdr::qdr_listener_port', 5672), + $step = hiera('step'), +) { + if $step >= 1 { + class { '::qdr': + listener_port => "${qdr_listener_port}", + } -> + qdr_user { $qdr_username: + ensure => present, + password => $qdr_password, + } + } +} diff --git a/manifests/profile/base/rabbitmq.pp b/manifests/profile/base/rabbitmq.pp index b04d721..9d1417c 100644 --- a/manifests/profile/base/rabbitmq.pp +++ b/manifests/profile/base/rabbitmq.pp @@ -42,12 +42,6 @@ # (Optional) RabbitMQ environment. # Defaults to hiera('rabbitmq_environment'). # -# [*generate_service_certificates*] -# (Optional) Whether or not certmonger will generate certificates for -# MySQL. This could be as many as specified by the $certificates_specs -# variable. -# Defaults to hiera('generate_service_certificate', false). -# # [*inet_dist_interface*] # (Optional) Address to bind the inter-cluster interface # to. It is the inet_dist_use_interface option in the kernel variables @@ -87,7 +81,6 @@ class tripleo::profile::base::rabbitmq ( $config_variables = hiera('rabbitmq_config_variables'), $enable_internal_tls = undef, # TODO(jaosorior): pass this via t-h-t $environment = hiera('rabbitmq_environment'), - $generate_service_certificates = hiera('generate_service_certificates', false), $inet_dist_interface = hiera('rabbitmq::interface', undef), $ipv6 = str2bool(hiera('rabbit_ipv6', false)), $kernel_variables = hiera('rabbitmq_kernel_variables'), @@ -98,9 +91,6 @@ class tripleo::profile::base::rabbitmq ( $step = hiera('step'), ) { if $enable_internal_tls { - if $generate_service_certificates { - ensure_resource('class', 'tripleo::certmonger::rabbitmq', $certificate_specs) - } $tls_certfile = $certificate_specs['service_certificate'] $tls_keyfile = $certificate_specs['service_key'] } else { @@ -160,6 +150,9 @@ class tripleo::profile::base::rabbitmq ( ssl_key => $tls_keyfile, } } + } + + if $step >= 2 { # In case of HA, starting of rabbitmq-server is managed by pacemaker, because of which, a dependency # to Service['rabbitmq-server'] will not work. Sticking with UPDATE action. if $stack_action == 'UPDATE' { diff --git a/releasenotes/notes/add-opendaylight-ha-47a40c03917faf9c.yaml b/releasenotes/notes/add-opendaylight-ha-47a40c03917faf9c.yaml new file mode 100644 index 0000000..e0a6d35 --- /dev/null +++ b/releasenotes/notes/add-opendaylight-ha-47a40c03917faf9c.yaml @@ -0,0 +1,5 @@ +--- +features: + - Adds OpenDaylight HA support. Now when ODL is applied to three or + more nodes ODL will be deployed as a cluster in HA, rather than + the previous behavior of only running on the first node. diff --git a/releasenotes/notes/l2gw_plugin_support-e0b1faafe8e1135f.yaml b/releasenotes/notes/l2gw_plugin_support-e0b1faafe8e1135f.yaml new file mode 100644 index 0000000..694f492 --- /dev/null +++ b/releasenotes/notes/l2gw_plugin_support-e0b1faafe8e1135f.yaml @@ -0,0 +1,3 @@ +--- +features: + - Add support for l2 gateway Neutron service plugin. diff --git a/releasenotes/notes/messaging-amqp-7efec1bcb435e7cf.yaml b/releasenotes/notes/messaging-amqp-7efec1bcb435e7cf.yaml new file mode 100644 index 0000000..b6f211c --- /dev/null +++ b/releasenotes/notes/messaging-amqp-7efec1bcb435e7cf.yaml @@ -0,0 +1,4 @@ +--- +features: + - Include the amqp messaging class when the oslo.messaging rpc + protocol is enabled for AMQP 1.0. diff --git a/releasenotes/notes/rabbitmq-user-check-95da891a2e197d89.yaml b/releasenotes/notes/rabbitmq-user-check-95da891a2e197d89.yaml new file mode 100644 index 0000000..0857f63 --- /dev/null +++ b/releasenotes/notes/rabbitmq-user-check-95da891a2e197d89.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - The rabbitmq user check is moved to step >= 2 from step >= 1. There + is no guarantee that rabbitmq is running at step 1, especially if + updating a failed stack that never made it past step 1 to begin + with. diff --git a/releasenotes/notes/re-run-ceilo-upgrade-0d9ba69fe4bfe780.yaml b/releasenotes/notes/re-run-ceilo-upgrade-0d9ba69fe4bfe780.yaml new file mode 100644 index 0000000..c354431 --- /dev/null +++ b/releasenotes/notes/re-run-ceilo-upgrade-0d9ba69fe4bfe780.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - Re-run gnocchi and ceilometer upgrade in step5. This is required + for gnocchi resource types to be created in ceilometer and gnocchi + to function properly. diff --git a/spec/classes/tripleo_profile_base_ceilometer_collector_spec.rb b/spec/classes/tripleo_profile_base_ceilometer_collector_spec.rb index 23b198a..0f9aad7 100644 --- a/spec/classes/tripleo_profile_base_ceilometer_collector_spec.rb +++ b/spec/classes/tripleo_profile_base_ceilometer_collector_spec.rb @@ -128,6 +128,32 @@ describe 'tripleo::profile::base::ceilometer::collector' do is_expected.to contain_class('ceilometer::dispatcher::gnocchi') end end + + context 'with step 5 on bootstrap node' do + let(:params) { { + :step => 5, + :bootstrap_node => 'node.example.com', + :mongodb_node_ips => ['127.0.0.1',], + :mongodb_replset => 'replicaset' + } } + + it 'should trigger complete configuration' do + is_expected.to contain_exec('ceilometer-db-upgrade') + end + end + + context 'with step 5 not on bootstrap node' do + let(:params) { { + :step => 5, + :bootstrap_node => 'somethingelse.example.com', + :mongodb_node_ips => ['127.0.0.1',], + :mongodb_replset => 'replicaset' + } } + + it 'should trigger complete configuration' do + is_expected.to_not contain_exec('ceilometer-db-upgrade') + end + end end diff --git a/spec/classes/tripleo_profile_base_neutron_opendaylight_spec.rb b/spec/classes/tripleo_profile_base_neutron_opendaylight_spec.rb new file mode 100644 index 0000000..1eb79ae --- /dev/null +++ b/spec/classes/tripleo_profile_base_neutron_opendaylight_spec.rb @@ -0,0 +1,88 @@ +# +# Copyright (C) 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::neutron::opendaylight' do + let :params do + { :step => 1, + :node_name => 'overcloud-controller-0', + } + end + shared_examples_for 'tripleo::profile::base::neutron::opendaylight' do + before :each do + facts.merge!({ :step => params[:step] }) + end + + context 'with noha' do + before do + params.merge!({ + :odl_api_ips => ['192.0.2.5'] + }) + end + it 'should install and configure opendaylight' do + is_expected.to contain_class('opendaylight') + end + end + + context 'with empty OpenDaylight API IPs' do + before do + params.merge!({ + :odl_api_ips => [] + }) + end + it 'should fail to install OpenDaylight' do + is_expected.to compile.and_raise_error(/No IPs assigned to OpenDaylight Api Service/) + end + end + + context 'with 2 OpenDaylight API IPs' do + before do + params.merge!({ + :odl_api_ips => ['192.0.2.5', '192.0.2.6'] + }) + end + it 'should fail to install OpenDaylight' do + is_expected.to compile.and_raise_error(/2 node OpenDaylight deployments are unsupported. Use 1 or greater than 2/) + end + end + + context 'with HA and 3 OpenDaylight API IPs' do + before do + params.merge!({ + :odl_api_ips => ['192.0.2.5', '192.0.2.6', '192.0.2.7'] + }) + end + it 'should install and configure OpenDaylight in HA' do + is_expected.to contain_class('opendaylight').with( + :enable_ha => true, + :ha_node_ips => params[:odl_api_ips], + :ha_node_index => '1', + ) + end + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::neutron::opendaylight' + end + end +end diff --git a/spec/classes/tripleo_profile_base_nova_compute_spec.rb b/spec/classes/tripleo_profile_base_nova_compute_spec.rb index d052682..545a1fa 100644 --- a/spec/classes/tripleo_profile_base_nova_compute_spec.rb +++ b/spec/classes/tripleo_profile_base_nova_compute_spec.rb @@ -27,6 +27,7 @@ describe 'tripleo::profile::base::nova::compute' do is_expected.to_not contain_class('tripleo::profile::base::nova') is_expected.to_not contain_class('nova::compute') is_expected.to_not contain_class('nova::network::neutron') + is_expected.to_not contain_package('iscsi-initiator-utils') is_expected.to_not contain_exec('reset-iscsi-initiator-name') is_expected.to_not contain_file('/etc/iscsi/.initiator_reset') } @@ -51,6 +52,7 @@ eos is_expected.to contain_class('tripleo::profile::base::nova') is_expected.to contain_class('nova::compute') is_expected.to contain_class('nova::network::neutron') + is_expected.to contain_package('iscsi-initiator-utils') is_expected.to contain_exec('reset-iscsi-initiator-name') is_expected.to contain_file('/etc/iscsi/.initiator_reset') is_expected.to_not contain_package('nfs-utils') @@ -66,6 +68,7 @@ eos is_expected.to contain_class('tripleo::profile::base::nova') is_expected.to contain_class('nova::compute') is_expected.to contain_class('nova::network::neutron') + is_expected.to contain_package('iscsi-initiator-utils') is_expected.to contain_exec('reset-iscsi-initiator-name') is_expected.to contain_file('/etc/iscsi/.initiator_reset') is_expected.to contain_package('nfs-utils') diff --git a/spec/classes/tripleo_profile_base_nova_placement_spec.rb b/spec/classes/tripleo_profile_base_nova_placement_spec.rb index 2a18320..04e032a 100644 --- a/spec/classes/tripleo_profile_base_nova_placement_spec.rb +++ b/spec/classes/tripleo_profile_base_nova_placement_spec.rb @@ -49,7 +49,6 @@ eos let(:params) { { :step => 1, :enable_internal_tls => true, - :generate_service_certificates => true, :nova_placement_network => 'bar', :certificates_specs => { 'httpd-bar' => { @@ -63,7 +62,6 @@ eos it { is_expected.to contain_class('tripleo::profile::base::nova::placement') is_expected.to contain_class('tripleo::profile::base::nova') - is_expected.to contain_tripleo__certmonger__httpd('httpd-bar') is_expected.to_not contain_class('nova::keystone::authtoken') is_expected.to_not contain_class('nova::wsgi::apache_placement') } @@ -87,7 +85,6 @@ eos let(:params) { { :step => 3, :enable_internal_tls => true, - :generate_service_certificates => false, :nova_placement_network => 'bar', :certificates_specs => { 'httpd-bar' => { @@ -102,7 +99,6 @@ eos it { is_expected.to contain_class('tripleo::profile::base::nova::placement') is_expected.to contain_class('tripleo::profile::base::nova') - is_expected.to_not contain_tripleo__certmonger__httpd('foo') is_expected.to contain_class('nova::keystone::authtoken') is_expected.to contain_class('nova::wsgi::apache_placement').with( :ssl_cert => '/foo.pem', |