summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--manifests/glance/nfs_mount.pp80
-rw-r--r--manifests/haproxy.pp30
-rw-r--r--manifests/profile/base/barbican.pp36
-rw-r--r--manifests/profile/base/barbican/api.pp56
-rw-r--r--manifests/profile/base/glance/api.pp17
-rw-r--r--manifests/profile/base/heat.pp2
-rw-r--r--manifests/profile/base/keystone.pp54
-rw-r--r--metadata.json2
-rw-r--r--spec/classes/tripleo_profile_base_barbican_api_spec.rb107
-rw-r--r--spec/classes/tripleo_profile_base_barbican_spec.rb56
-rw-r--r--spec/fixtures/hieradata/default.yaml3
11 files changed, 420 insertions, 23 deletions
diff --git a/manifests/glance/nfs_mount.pp b/manifests/glance/nfs_mount.pp
new file mode 100644
index 0000000..035191d
--- /dev/null
+++ b/manifests/glance/nfs_mount.pp
@@ -0,0 +1,80 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::glance::nfs_mount
+#
+# NFS mount for Glance image storage file backend
+#
+# === Parameters
+#
+# [*share*]
+# NFS share to mount, in 'IP:PATH' format.
+#
+# [*options*]
+# (Optional) NFS mount options. Defaults to
+# 'intr,context=system_u:object_r:glance_var_lib_t:s0'
+#
+# [*edit_fstab*]
+# (Optional) Whether to persist the mount info to fstab.
+# Defaults to true.
+#
+# [*fstab_fstype*]
+# (Optional) File system type to use in fstab for the mount.
+# Defaults to 'nfs4'.
+#
+# [*fstab_prepend_options*]
+# (Optional) Extra mount options for fstab (prepended to $options).
+# Defaults to 'bg', so that a potentially failed mount doesn't
+# prevent the machine from booting.
+#
+class tripleo::glance::nfs_mount (
+ $share,
+ $options = 'intr,context=system_u:object_r:glance_var_lib_t:s0',
+ $edit_fstab = true,
+ $fstab_fstype = 'nfs4',
+ $fstab_prepend_options = 'bg'
+) {
+
+ $images_dir = '/var/lib/glance/images'
+
+ if $options and $options != '' {
+ $options_part = "-o ${options}"
+ } else {
+ $options_part = ''
+ }
+
+ if $fstab_prepend_options and $fstab_prepend_options != '' {
+ $fstab_prepend_part = "${fstab_prepend_options},"
+ } else {
+ $fstab_prepend_part = ''
+ }
+
+ file { $images_dir:
+ ensure => directory,
+ } ->
+ exec { 'NFS mount for glance file backend':
+ path => ['/usr/sbin', '/usr/bin'],
+ command => "mount -t nfs '${share}' '${images_dir}' ${options_part}",
+ unless => "mount | grep ' ${images_dir} '",
+ }
+
+ if $edit_fstab {
+ file_line { 'NFS for glance in fstab':
+ ensure => present,
+ line => "${share} ${images_dir} ${fstab_fstype} ${fstab_prepend_part}${options} 0 0",
+ match => " ${images_dir} ",
+ path => '/etc/fstab',
+ }
+ }
+}
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index 5f563ba..d925da0 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -182,6 +182,10 @@
# (optional) Enable or not Aodh API binding
# Defaults to hiera('aodh_api_enabled', false)
#
+# [*barbican*]
+# (optional) Enable or not Barbican API binding
+# Defaults to false
+#
# [*gnocchi*]
# (optional) Enable or not Gnocchi API binding
# Defaults to hiera('gnocchi_api_enabled', false)
@@ -271,6 +275,10 @@
# (optional) Specify the network aodh is running on.
# Defaults to hiera('aodh_api_network', undef)
#
+# [*barbican_network*]
+# (optional) Specify the network barbican is running on.
+# Defaults to hiera('barbican_api_network', undef)
+#
# [*ceilometer_network*]
# (optional) Specify the network ceilometer is running on.
# Defaults to hiera('ceilometer_api_network', undef)
@@ -376,6 +384,8 @@
# The available keys to modify the services' ports are:
# 'aodh_api_port' (Defaults to 8042)
# 'aodh_api_ssl_port' (Defaults to 13042)
+# 'barbican_api_port' (Defaults to 9311)
+# 'barbican_api_ssl_port' (Defaults to 13311)
# 'ceilometer_api_port' (Defaults to 8777)
# 'ceilometer_api_ssl_port' (Defaults to 13777)
# 'cinder_api_port' (Defaults to 8776)
@@ -464,6 +474,7 @@ class tripleo::haproxy (
$nova_novncproxy = hiera('nova_vnc_proxy_enabled', false),
$ceilometer = hiera('ceilometer_api_enabled', false),
$aodh = hiera('aodh_api_enabled', false),
+ $barbican = hiera('barbican_api_enabled', false),
$gnocchi = hiera('gnocchi_api_enabled', false),
$mistral = hiera('mistral_api_enabled', false),
$swift_proxy_server = hiera('swift_proxy_enabled', false),
@@ -486,6 +497,7 @@ class tripleo::haproxy (
$zaqar_ws = hiera('zaqar_api_enabled', false),
$ui = hiera('enable_ui', false),
$aodh_network = hiera('aodh_api_network', undef),
+ $barbican_network = hiera('barbican_api_network', false),
$ceilometer_network = hiera('ceilometer_api_network', undef),
$ceph_rgw_network = hiera('ceph_rgw_network', undef),
$cinder_network = hiera('cinder_api_network', undef),
@@ -515,6 +527,8 @@ class tripleo::haproxy (
$default_service_ports = {
aodh_api_port => 8042,
aodh_api_ssl_port => 13042,
+ barbican_api_port => 9311,
+ barbican_api_ssl_port => 13311,
ceilometer_api_port => 8777,
ceilometer_api_ssl_port => 13777,
cinder_api_port => 8776,
@@ -922,6 +936,18 @@ class tripleo::haproxy (
}
}
+ if $barbican {
+ ::tripleo::haproxy::endpoint { 'barbican':
+ public_virtual_ip => $public_virtual_ip,
+ internal_ip => hiera('barbican_api_vip', $controller_virtual_ip),
+ service_port => $ports[barbican_api_port],
+ ip_addresses => hiera('barbican_api_node_ips', $controller_hosts_real),
+ server_names => hiera('aodh_api_node_names', $controller_hosts_names_real),
+ public_ssl_port => $ports[barbican_api_ssl_port],
+ service_network => $barbican_network
+ }
+ }
+
if $gnocchi {
::tripleo::haproxy::endpoint { 'gnocchi':
public_virtual_ip => $public_virtual_ip,
@@ -1197,8 +1223,8 @@ class tripleo::haproxy (
$opendaylight_api_vip = hiera('opendaylight_api_vip', $controller_virtual_ip)
$opendaylight_bind_opts = {
- "${opendaylight_api_vip}:8081" => [],
- "${public_virtual_ip}:8081" => [],
+ "${opendaylight_api_vip}:8081" => $haproxy_listen_bind_param,
+ "${public_virtual_ip}:8081" => $haproxy_listen_bind_param,
}
if $opendaylight {
diff --git a/manifests/profile/base/barbican.pp b/manifests/profile/base/barbican.pp
new file mode 100644
index 0000000..f4d6230
--- /dev/null
+++ b/manifests/profile/base/barbican.pp
@@ -0,0 +1,36 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::barbican
+#
+# Barbican profile for tripleo
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+
+class tripleo::profile::base::barbican (
+ $step = hiera('step'),
+) {
+
+ if $step >= 3 {
+ include ::barbican
+ include ::barbican::config
+ include ::barbican::client
+ }
+}
diff --git a/manifests/profile/base/barbican/api.pp b/manifests/profile/base/barbican/api.pp
new file mode 100644
index 0000000..470e649
--- /dev/null
+++ b/manifests/profile/base/barbican/api.pp
@@ -0,0 +1,56 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::barbican::api
+#
+# Barbican profile for tripleo api
+#
+# === Parameters
+#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::barbican::api (
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $step = hiera('step'),
+) {
+ if $::hostname == downcase($bootstrap_node) {
+ $sync_db = true
+ } else {
+ $sync_db = false
+ }
+
+ include ::tripleo::profile::base::barbican
+
+ if $step >= 3 and $sync_db {
+ include ::barbican::db::mysql
+ }
+
+ if $step >= 4 or ( $step >= 3 and $sync_db ) {
+ class { '::barbican::api':
+ sync_db => $sync_db
+ }
+ include ::barbican::keystone::authtoken
+ include ::barbican::api::logging
+ include ::barbican::keystone::notification
+ include ::barbican::quota
+ include ::barbican::wsgi::apache
+ }
+}
diff --git a/manifests/profile/base/glance/api.pp b/manifests/profile/base/glance/api.pp
index f3db396..a7d4487 100644
--- a/manifests/profile/base/glance/api.pp
+++ b/manifests/profile/base/glance/api.pp
@@ -22,6 +22,10 @@
# (Optional) Glance backend(s) to use.
# Defaults to downcase(hiera('glance_backend', 'swift'))
#
+# [*glance_nfs_enabled*]
+# (Optional) Whether to use NFS mount as 'file' backend storage location.
+# Defaults to false
+#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
@@ -36,12 +40,17 @@
# Defaults to hiera('glance::notify::rabbitmq::rabbit_port', 5672)
class tripleo::profile::base::glance::api (
- $glance_backend = downcase(hiera('glance_backend', 'swift')),
- $step = hiera('step'),
- $rabbit_hosts = hiera('rabbitmq_node_ips', undef),
- $rabbit_port = hiera('glance::notify::rabbitmq::rabbit_port', 5672),
+ $glance_backend = downcase(hiera('glance_backend', 'swift')),
+ $glance_nfs_enabled = false,
+ $step = hiera('step'),
+ $rabbit_hosts = hiera('rabbitmq_node_ips', undef),
+ $rabbit_port = hiera('glance::notify::rabbitmq::rabbit_port', 5672),
) {
+ if $step >= 1 and $glance_nfs_enabled {
+ include ::tripleo::glance::nfs_mount
+ }
+
if $step >= 4 {
case $glance_backend {
'swift': { $backend_store = 'glance.store.swift.Store' }
diff --git a/manifests/profile/base/heat.pp b/manifests/profile/base/heat.pp
index abb9f76..2babf4c 100644
--- a/manifests/profile/base/heat.pp
+++ b/manifests/profile/base/heat.pp
@@ -53,7 +53,7 @@ class tripleo::profile::base::heat (
) {
# Domain resources will be created at step5 on the node running keystone.pp
# configure heat.conf at step3 and 4 but actually create the domain later.
- if $step == 3 or $step == 4 {
+ if $step >= 3 {
class { '::heat::keystone::domain':
manage_domain => false,
manage_user => false,
diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp
index 8a70110..e30f712 100644
--- a/manifests/profile/base/keystone.pp
+++ b/manifests/profile/base/keystone.pp
@@ -74,6 +74,23 @@
# for more details.
# Defaults to hiera('step')
#
+# [*heat_admin_domain*]
+# domain name for heat admin
+# Defaults to hiera('heat::keystone::domain::domain_name', 'heat')
+#
+# [*heat_admin_user*]
+# heat admin user name
+# Defaults to hiera('heat::keystone::domain::domain_admin', 'heat_admin')
+#
+# [*heat_admin_email*]
+# heat admin email address
+# Defaults to hiera('heat::keystone::domain::domain_admin_email',
+# 'heat_admin@localhost')
+#
+# [*heat_admin_password*]
+# heat admin password
+# Defaults to hiera('heat::keystone::domain::domain_password')
+#
class tripleo::profile::base::keystone (
$admin_endpoint_network = hiera('keystone_admin_api_network', undef),
$bootstrap_node = hiera('bootstrap_nodeid', undef),
@@ -85,6 +102,10 @@ class tripleo::profile::base::keystone (
$rabbit_hosts = hiera('rabbitmq_node_ips', undef),
$rabbit_port = hiera('keystone::rabbit_port', 5672),
$step = hiera('step'),
+ $heat_admin_domain = hiera('heat::keystone::domain::domain_name', 'heat'),
+ $heat_admin_user = hiera('heat::keystone::domain::domain_admin', 'heat_admin'),
+ $heat_admin_email = hiera('heat::keystone::domain::domain_admin_email', 'heat_admin@localhost'),
+ $heat_admin_password = hiera('heat::keystone::domain::domain_password'),
) {
if $::hostname == downcase($bootstrap_node) {
$sync_db = true
@@ -153,22 +174,22 @@ class tripleo::profile::base::keystone (
if $step >= 5 and $manage_domain {
if hiera('heat_engine_enabled', false) {
- # if Heat and Keystone are collocated, so we want to
- # both configure heat.conf and create Keystone resources.
- # note: domain_password is given via Hiera.
- if defined(Class['::tripleo::profile::base::heat']) {
- include ::heat::keystone::domain
- } else {
- # if Heat and Keystone are not collocated, we want Puppet
- # to only create Keystone resources on the Keystone node
- # but not try to configure Heat, to avoid leaking the password.
- class { '::heat::keystone::domain':
- domain_name => $::os_service_default,
- domain_admin => $::os_service_default,
- domain_password => $::os_service_default,
- }
+ # create these seperate and don't use ::heat::keystone::domain since
+ # that class writes out the configs
+ keystone_domain { $heat_admin_domain:
+ ensure => 'present',
+ enabled => true
+ }
+ keystone_user { "${heat_admin_user}::${heat_admin_domain}":
+ ensure => 'present',
+ enabled => true,
+ email => $heat_admin_email,
+ password => $heat_admin_password
+ }
+ keystone_user_role { "${heat_admin_user}::${heat_admin_domain}@::${heat_admin_domain}":
+ roles => ['admin'],
+ require => Class['::keystone::roles::admin']
}
- Class['::keystone::roles::admin'] -> Class['::heat::keystone::domain']
}
}
@@ -176,6 +197,9 @@ class tripleo::profile::base::keystone (
if hiera('aodh_api_enabled', false) {
include ::aodh::keystone::auth
}
+ if hiera('barbican_api_enabled', false) {
+ include ::barbican::keystone::auth
+ }
if hiera('ceilometer_api_enabled', false) {
include ::ceilometer::keystone::auth
}
diff --git a/metadata.json b/metadata.json
index 1b135bd..c7f0e77 100644
--- a/metadata.json
+++ b/metadata.json
@@ -1,6 +1,6 @@
{
"name": "openstack-tripleo",
- "version": "5.3.0",
+ "version": "5.4.0",
"author": "OpenStack Contributors",
"summary": "Puppet module for TripleO",
"license": "Apache-2.0",
diff --git a/spec/classes/tripleo_profile_base_barbican_api_spec.rb b/spec/classes/tripleo_profile_base_barbican_api_spec.rb
new file mode 100644
index 0000000..169642e
--- /dev/null
+++ b/spec/classes/tripleo_profile_base_barbican_api_spec.rb
@@ -0,0 +1,107 @@
+#
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::barbican::api' do
+ shared_examples_for 'tripleo::profile::base::barbican::api' do
+ let(:pre_condition) do
+ "class { '::tripleo::profile::base::barbican': step => #{params[:step]} }"
+ end
+
+ context 'with step less than 3' do
+ let(:params) { { :step => 1 } }
+
+ it 'should do nothing' do
+ is_expected.to contain_class('tripleo::profile::base::barbican::api')
+ is_expected.to contain_class('tripleo::profile::base::barbican')
+ is_expected.to_not contain_class('barbican::api')
+ is_expected.to_not contain_class('barbican::api::logging')
+ is_expected.to_not contain_class('barbican::keystone::notification')
+ is_expected.to_not contain_class('barbican::quota')
+ is_expected.to_not contain_class('barbican::wsgi::apache')
+ end
+ end
+
+ context 'with step 3 on bootstrap node' do
+ let(:params) { {
+ :step => 3,
+ :bootstrap_node => 'node.example.com',
+ } }
+
+ it 'should trigger complete configuration' do
+ is_expected.to contain_class('tripleo::profile::base::barbican::api')
+ is_expected.to contain_class('tripleo::profile::base::barbican')
+ is_expected.to contain_class('barbican::db::mysql')
+ is_expected.to contain_class('barbican::db::sync')
+ is_expected.to contain_class('barbican::api')
+ is_expected.to contain_class('barbican::api::logging')
+ is_expected.to contain_class('barbican::keystone::notification')
+ is_expected.to contain_class('barbican::quota')
+ is_expected.to contain_class('barbican::wsgi::apache')
+ end
+ end
+
+ context 'with step 3 not on bootstrap node' do
+ let(:params) { {
+ :step => 3,
+ :bootstrap_node => 'other.example.com',
+ } }
+
+ it 'should not trigger any configuration' do
+ is_expected.to contain_class('tripleo::profile::base::barbican::api')
+ is_expected.to contain_class('tripleo::profile::base::barbican')
+ is_expected.to_not contain_class('barbican::db::mysql')
+ is_expected.to_not contain_class('barbican::db::sync')
+ is_expected.to_not contain_class('barbican::api')
+ is_expected.to_not contain_class('barbican::api::logging')
+ is_expected.to_not contain_class('barbican::keystone::notification')
+ is_expected.to_not contain_class('barbican::quota')
+ is_expected.to_not contain_class('barbican::wsgi::apache')
+ end
+ end
+
+ context 'with step 4 not on bootstrap node' do
+ let(:params) { {
+ :step => 4,
+ :bootstrap_node => 'other.example.com',
+ } }
+
+ it 'should trigger complete configuration with out db items' do
+ is_expected.to_not contain_class('barbican::db::mysql')
+ # TODO(aschultz): barbican::api includes this automatically
+ #is_expected.to_not contain_class('barbican::db::sync')
+ is_expected.to contain_class('barbican::api')
+ is_expected.to contain_class('barbican::api::logging')
+ is_expected.to contain_class('barbican::keystone::notification')
+ is_expected.to contain_class('barbican::quota')
+ is_expected.to contain_class('barbican::wsgi::apache')
+ end
+ end
+
+ end
+
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let(:facts) do
+ facts.merge({ :hostname => 'node.example.com' })
+ end
+
+ it_behaves_like 'tripleo::profile::base::barbican::api'
+ end
+ end
+end
diff --git a/spec/classes/tripleo_profile_base_barbican_spec.rb b/spec/classes/tripleo_profile_base_barbican_spec.rb
new file mode 100644
index 0000000..470b2c2
--- /dev/null
+++ b/spec/classes/tripleo_profile_base_barbican_spec.rb
@@ -0,0 +1,56 @@
+#
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::barbican' do
+ shared_examples_for 'tripleo::profile::base::barbican' do
+ context 'with step less than 3' do
+ let(:params) { { :step => 1 } }
+ it 'should do nothing' do
+ is_expected.to contain_class('tripleo::profile::base::barbican')
+ is_expected.to_not contain_class('barbican')
+ is_expected.to_not contain_class('barbican::config')
+ is_expected.to_not contain_class('barbican::client')
+ end
+ end
+
+ context 'with step 3' do
+ let(:params) { {
+ :step => 3,
+ } }
+
+ it 'should trigger complete configuration' do
+ is_expected.to contain_class('barbican').with(
+ :rabbit_hosts => params[:rabbit_hosts]
+ )
+ is_expected.to contain_class('barbican')
+ is_expected.to contain_class('barbican::config')
+ is_expected.to contain_class('barbican::client')
+ end
+ end
+ end
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let(:facts) do
+ facts.merge({ :hostname => 'node.example.com' })
+ end
+
+ it_behaves_like 'tripleo::profile::base::barbican'
+ end
+ end
+end
diff --git a/spec/fixtures/hieradata/default.yaml b/spec/fixtures/hieradata/default.yaml
index f0f7f1c..87ae28c 100644
--- a/spec/fixtures/hieradata/default.yaml
+++ b/spec/fixtures/hieradata/default.yaml
@@ -8,6 +8,9 @@ redis_vip: '127.0.0.1'
aodh::auth::auth_password: 'password'
aodh::db::mysql::password: 'password'
aodh::keystone::authtoken::password: 'password'
+# babican profile required hieradata
+barbican::db::mysql::password: 'password'
+barbican::keystone::authtoken::password: 'password'
ceilometer::keystone::authtoken::password: 'password'
# ceph related items
ceph::profile::params::mon_key: 'password'