diff options
-rw-r--r-- | manifests/firewall.pp | 7 | ||||
-rw-r--r-- | manifests/haproxy.pp | 48 | ||||
-rw-r--r-- | manifests/profile/base/database/mysql.pp | 3 | ||||
-rw-r--r-- | manifests/profile/base/keepalived.pp | 47 | ||||
-rw-r--r-- | manifests/profile/base/keystone.pp | 3 | ||||
-rw-r--r-- | manifests/profile/base/panko.pp | 47 | ||||
-rw-r--r-- | manifests/profile/base/panko/api.pp | 35 |
7 files changed, 171 insertions, 19 deletions
diff --git a/manifests/firewall.pp b/manifests/firewall.pp index 3184cd3..8c6a53b 100644 --- a/manifests/firewall.pp +++ b/manifests/firewall.pp @@ -51,8 +51,6 @@ class tripleo::firewall( $firewall_post_extras = {}, ) { - include ::stdlib - if $manage_firewall { # Only purges IPv4 rules @@ -79,14 +77,15 @@ class tripleo::firewall( ensure_resource('class', 'tripleo::firewall::pre', { 'firewall_settings' => $firewall_pre_extras, - 'stage' => 'setup', }) ensure_resource('class', 'tripleo::firewall::post', { - 'stage' => 'runtime', 'firewall_settings' => $firewall_post_extras, }) + Class['tripleo::firewall::pre'] -> Class['tripleo::firewall::post'] + Service<||> -> Class['tripleo::firewall::post'] + # Allow composable services to load their own custom # example with Hiera. # NOTE(dprince): In the future when we have a better hiera diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index 6f68562..ededc76 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -19,10 +19,6 @@ # # === Parameters: # -# [*keepalived*] -# Whether to configure keepalived to manage the VIPs or not. -# Defaults to hiera('keepalived_enabled') -# # [*haproxy_service_manage*] # Will be passed as value for service_manage to HAProxy module. # Defaults to true @@ -182,6 +178,10 @@ # (optional) Enable or not Aodh API binding # Defaults to hiera('aodh_api_enabled', false) # +# [*panko*] +# (optional) Enable or not Panko API binding +# Defaults to hiera('panko_api_enabled', false) +# # [*barbican*] # (optional) Enable or not Barbican API binding # Defaults to hiera('barbican_api_enabled', false) @@ -371,6 +371,10 @@ # (optional) Specify the network opendaylight is running on. # Defaults to hiera('opendaylight_api_network', undef) # +# [*panko_network*] +# (optional) Specify the network panko is running on. +# Defaults to hiera('panko_api_network', undef) +# # [*sahara_network*] # (optional) Specify the network sahara is running on. # Defaults to hiera('sahara_api_network', undef) @@ -430,6 +434,8 @@ # 'nova_metadata_port' (Defaults to 8775) # 'nova_novnc_port' (Defaults to 6080) # 'nova_novnc_ssl_port' (Defaults to 13080) +# 'panko_api_port' (Defaults to 8779) +# 'panko_api_ssl_port' (Defaults to 13779) # 'sahara_api_port' (Defaults to 8386) # 'sahara_api_ssl_port' (Defaults to 13386) # 'swift_proxy_port' (Defaults to 8080) @@ -449,7 +455,6 @@ class tripleo::haproxy ( $controller_virtual_ip, $public_virtual_ip, - $keepalived = hiera('keepalived_enabled', false), $haproxy_service_manage = true, $haproxy_global_maxconn = 20480, $haproxy_default_maxconn = 4096, @@ -482,6 +487,7 @@ class tripleo::haproxy ( $nova_novncproxy = hiera('nova_vnc_proxy_enabled', false), $ceilometer = hiera('ceilometer_api_enabled', false), $aodh = hiera('aodh_api_enabled', false), + $panko = hiera('panko_api_enabled', false), $barbican = hiera('barbican_api_enabled', false), $gnocchi = hiera('gnocchi_api_enabled', false), $mistral = hiera('mistral_api_enabled', false), @@ -527,6 +533,7 @@ class tripleo::haproxy ( $nova_metadata_network = hiera('nova_api_network', undef), $nova_novncproxy_network = hiera('nova_vnc_proxy_network', undef), $nova_osapi_network = hiera('nova_api_network', undef), + $panko_network = hiera('panko_api_network', undef), $sahara_network = hiera('sahara_api_network', undef), $swift_proxy_server_network = hiera('swift_proxy_network', undef), $trove_network = hiera('trove_api_network', undef), @@ -574,6 +581,8 @@ class tripleo::haproxy ( nova_metadata_port => 8775, nova_novnc_port => 6080, nova_novnc_ssl_port => 13080, + panko_api_port => 8779, + panko_api_ssl_port => 13779, sahara_api_port => 8386, sahara_api_ssl_port => 13386, swift_proxy_port => 8080, @@ -605,13 +614,6 @@ class tripleo::haproxy ( $controller_hosts_names_real = downcase(any2array(split($controller_hosts_names, ','))) } - # This code will be removed once we switch undercloud and overcloud to use both haproxy & keepalived roles. - if str2bool($keepalived) { - include ::tripleo::keepalived - # Make sure keepalive starts before haproxy. - Class['::keepalived::service'] -> Class['::haproxy'] - } - # TODO(bnemec): When we have support for SSL on private and admin endpoints, # have the haproxy stats endpoint use that certificate by default. if $haproxy_stats_certificate { @@ -784,6 +786,7 @@ class tripleo::haproxy ( service_port => $ports[neutron_api_port], ip_addresses => hiera('neutron_api_node_ips', $controller_hosts_real), server_names => hiera('neutron_api_node_names', $controller_hosts_names_real), + mode => 'http', listen_options => { 'http-request' => [ 'set-header X-Forwarded-Proto https if { ssl_fc }', @@ -935,6 +938,7 @@ class tripleo::haproxy ( service_port => $ports[ceilometer_api_port], ip_addresses => hiera('ceilometer_api_node_ips', $controller_hosts_real), server_names => hiera('ceilometer_api_node_names', $controller_hosts_names_real), + mode => 'http', listen_options => { 'http-request' => [ 'set-header X-Forwarded-Proto https if { ssl_fc }', @@ -953,6 +957,7 @@ class tripleo::haproxy ( service_port => $ports[aodh_api_port], ip_addresses => hiera('aodh_api_node_ips', $controller_hosts_real), server_names => hiera('aodh_api_node_names', $controller_hosts_names_real), + mode => 'http', listen_options => { 'http-request' => [ 'set-header X-Forwarded-Proto https if { ssl_fc }', @@ -964,6 +969,24 @@ class tripleo::haproxy ( } } + if $panko { + ::tripleo::haproxy::endpoint { 'panko': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('panko_api_vip', $controller_virtual_ip), + service_port => $ports[panko_api_port], + ip_addresses => hiera('panko_api_node_ips', $controller_hosts_real), + server_names => hiera('panko_api_node_names', $controller_hosts_names_real), + listen_options => { + 'http-request' => [ + 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], + }, + public_ssl_port => $ports[panko_api_ssl_port], + service_network => $panko_network, + member_options => union($haproxy_member_options, $internal_tls_member_options), + } + } + if $barbican { ::tripleo::haproxy::endpoint { 'barbican': public_virtual_ip => $public_virtual_ip, @@ -984,6 +1007,7 @@ class tripleo::haproxy ( service_port => $ports[gnocchi_api_port], ip_addresses => hiera('gnocchi_api_node_ips', $controller_hosts_real), server_names => hiera('gnocchi_api_node_names', $controller_hosts_names_real), + mode => 'http', listen_options => { 'http-request' => [ 'set-header X-Forwarded-Proto https if { ssl_fc }', diff --git a/manifests/profile/base/database/mysql.pp b/manifests/profile/base/database/mysql.pp index 9da1456..8bef7c4 100644 --- a/manifests/profile/base/database/mysql.pp +++ b/manifests/profile/base/database/mysql.pp @@ -143,6 +143,9 @@ class tripleo::profile::base::database::mysql ( if hiera('trove_api_enabled', false) { include ::trove::db::mysql } + if hiera('panko_api_enabled', false) { + include ::panko::db::mysql + } } } diff --git a/manifests/profile/base/keepalived.pp b/manifests/profile/base/keepalived.pp index f2063d6..8dd03dc 100644 --- a/manifests/profile/base/keepalived.pp +++ b/manifests/profile/base/keepalived.pp @@ -27,13 +27,54 @@ # for more details. # Defaults to hiera('step') # +# [*control_virtual_interface*] +# (Optional) Interface specified for control plane network +# Defaults to hiera('tripleo::keepalived::control_virtual_interface', false) +# +# [*control_virtual_ip*] +# Virtual IP address used for control plane network +# Defaults to hiera('tripleo::keepalived::controller_virtual_ip') +# +# [*public_virtual_interface*] +# (Optional) Interface specified for public/external network +# Defaults to hiera('tripleo::keepalived::public_virtual_interface', false) +# +# [*public_virtual_ip*] +# Virtual IP address used for public/ network +# Defaults to hiera('tripleo::keepalived::public_virtual_ip') +# class tripleo::profile::base::keepalived ( - $enable_load_balancer = hiera('enable_load_balancer', true), - $step = hiera('step'), + $enable_load_balancer = hiera('enable_load_balancer', true), + $control_virtual_interface = hiera('tripleo::keepalived::control_virtual_interface', false), + $control_virtual_ip = hiera('tripleo::keepalived::controller_virtual_ip'), + $public_virtual_interface = hiera('tripleo::keepalived::public_virtual_interface', false), + $public_virtual_ip = hiera('tripleo::keepalived::public_virtual_ip'), + $step = hiera('step'), ) { if $step >= 1 { if $enable_load_balancer and hiera('enable_keepalived', true){ - include ::tripleo::keepalived + if ! $control_virtual_interface { + $control_detected_interface = interface_for_ip($control_virtual_ip) + if ! $control_detected_interface { + fail('Unable to find interface for control plane network') + } + } else { + $control_detected_interface = $control_virtual_interface + } + + if ! $public_virtual_interface { + $public_detected_interface = interface_for_ip($public_virtual_ip) + if ! $public_detected_interface { + fail('Unable to find interface for public network') + } + } else { + $public_detected_interface = $public_virtual_interface + } + + class { '::tripleo::keepalived': + control_virtual_interface => $control_detected_interface, + public_virtual_interface => $public_detected_interface, + } } } } diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index 1519a02..ff8d790 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -236,6 +236,9 @@ class tripleo::profile::base::keystone ( if hiera('nova_api_enabled', false) { include ::nova::keystone::auth } + if hiera('panko_api_enabled', false) { + include ::panko::keystone::auth + } if hiera('sahara_api_enabled', false) { include ::sahara::keystone::auth } diff --git a/manifests/profile/base/panko.pp b/manifests/profile/base/panko.pp new file mode 100644 index 0000000..4abed56 --- /dev/null +++ b/manifests/profile/base/panko.pp @@ -0,0 +1,47 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::panko +# +# panko profile for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') + +class tripleo::profile::base::panko ( + $step = hiera('step'), + $bootstrap_node = hiera('bootstrap_nodeid', undef), +) { + + if $::hostname == downcase($bootstrap_node) { + $sync_db = true + } else { + $sync_db = false + } + + if $step >= 4 or ($step >= 3 and $sync_db) { + include ::panko + include ::panko::config + include ::panko::db::sync + } + +} diff --git a/manifests/profile/base/panko/api.pp b/manifests/profile/base/panko/api.pp new file mode 100644 index 0000000..32dfc38 --- /dev/null +++ b/manifests/profile/base/panko/api.pp @@ -0,0 +1,35 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::panko::api +# +# Panko API profile for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::panko::api ( + $step = hiera('step'), +) { + include ::tripleo::profile::base::panko + + if $step >= 4 { + include ::panko::api + include ::panko::wsgi::apache + } +} |