summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--manifests/firewall.pp7
-rw-r--r--manifests/haproxy.pp48
-rw-r--r--manifests/profile/base/database/mysql.pp3
-rw-r--r--manifests/profile/base/keepalived.pp47
-rw-r--r--manifests/profile/base/keystone.pp3
-rw-r--r--manifests/profile/base/panko.pp47
-rw-r--r--manifests/profile/base/panko/api.pp35
7 files changed, 171 insertions, 19 deletions
diff --git a/manifests/firewall.pp b/manifests/firewall.pp
index 3184cd3..8c6a53b 100644
--- a/manifests/firewall.pp
+++ b/manifests/firewall.pp
@@ -51,8 +51,6 @@ class tripleo::firewall(
$firewall_post_extras = {},
) {
- include ::stdlib
-
if $manage_firewall {
# Only purges IPv4 rules
@@ -79,14 +77,15 @@ class tripleo::firewall(
ensure_resource('class', 'tripleo::firewall::pre', {
'firewall_settings' => $firewall_pre_extras,
- 'stage' => 'setup',
})
ensure_resource('class', 'tripleo::firewall::post', {
- 'stage' => 'runtime',
'firewall_settings' => $firewall_post_extras,
})
+ Class['tripleo::firewall::pre'] -> Class['tripleo::firewall::post']
+ Service<||> -> Class['tripleo::firewall::post']
+
# Allow composable services to load their own custom
# example with Hiera.
# NOTE(dprince): In the future when we have a better hiera
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index 6f68562..ededc76 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -19,10 +19,6 @@
#
# === Parameters:
#
-# [*keepalived*]
-# Whether to configure keepalived to manage the VIPs or not.
-# Defaults to hiera('keepalived_enabled')
-#
# [*haproxy_service_manage*]
# Will be passed as value for service_manage to HAProxy module.
# Defaults to true
@@ -182,6 +178,10 @@
# (optional) Enable or not Aodh API binding
# Defaults to hiera('aodh_api_enabled', false)
#
+# [*panko*]
+# (optional) Enable or not Panko API binding
+# Defaults to hiera('panko_api_enabled', false)
+#
# [*barbican*]
# (optional) Enable or not Barbican API binding
# Defaults to hiera('barbican_api_enabled', false)
@@ -371,6 +371,10 @@
# (optional) Specify the network opendaylight is running on.
# Defaults to hiera('opendaylight_api_network', undef)
#
+# [*panko_network*]
+# (optional) Specify the network panko is running on.
+# Defaults to hiera('panko_api_network', undef)
+#
# [*sahara_network*]
# (optional) Specify the network sahara is running on.
# Defaults to hiera('sahara_api_network', undef)
@@ -430,6 +434,8 @@
# 'nova_metadata_port' (Defaults to 8775)
# 'nova_novnc_port' (Defaults to 6080)
# 'nova_novnc_ssl_port' (Defaults to 13080)
+# 'panko_api_port' (Defaults to 8779)
+# 'panko_api_ssl_port' (Defaults to 13779)
# 'sahara_api_port' (Defaults to 8386)
# 'sahara_api_ssl_port' (Defaults to 13386)
# 'swift_proxy_port' (Defaults to 8080)
@@ -449,7 +455,6 @@
class tripleo::haproxy (
$controller_virtual_ip,
$public_virtual_ip,
- $keepalived = hiera('keepalived_enabled', false),
$haproxy_service_manage = true,
$haproxy_global_maxconn = 20480,
$haproxy_default_maxconn = 4096,
@@ -482,6 +487,7 @@ class tripleo::haproxy (
$nova_novncproxy = hiera('nova_vnc_proxy_enabled', false),
$ceilometer = hiera('ceilometer_api_enabled', false),
$aodh = hiera('aodh_api_enabled', false),
+ $panko = hiera('panko_api_enabled', false),
$barbican = hiera('barbican_api_enabled', false),
$gnocchi = hiera('gnocchi_api_enabled', false),
$mistral = hiera('mistral_api_enabled', false),
@@ -527,6 +533,7 @@ class tripleo::haproxy (
$nova_metadata_network = hiera('nova_api_network', undef),
$nova_novncproxy_network = hiera('nova_vnc_proxy_network', undef),
$nova_osapi_network = hiera('nova_api_network', undef),
+ $panko_network = hiera('panko_api_network', undef),
$sahara_network = hiera('sahara_api_network', undef),
$swift_proxy_server_network = hiera('swift_proxy_network', undef),
$trove_network = hiera('trove_api_network', undef),
@@ -574,6 +581,8 @@ class tripleo::haproxy (
nova_metadata_port => 8775,
nova_novnc_port => 6080,
nova_novnc_ssl_port => 13080,
+ panko_api_port => 8779,
+ panko_api_ssl_port => 13779,
sahara_api_port => 8386,
sahara_api_ssl_port => 13386,
swift_proxy_port => 8080,
@@ -605,13 +614,6 @@ class tripleo::haproxy (
$controller_hosts_names_real = downcase(any2array(split($controller_hosts_names, ',')))
}
- # This code will be removed once we switch undercloud and overcloud to use both haproxy & keepalived roles.
- if str2bool($keepalived) {
- include ::tripleo::keepalived
- # Make sure keepalive starts before haproxy.
- Class['::keepalived::service'] -> Class['::haproxy']
- }
-
# TODO(bnemec): When we have support for SSL on private and admin endpoints,
# have the haproxy stats endpoint use that certificate by default.
if $haproxy_stats_certificate {
@@ -784,6 +786,7 @@ class tripleo::haproxy (
service_port => $ports[neutron_api_port],
ip_addresses => hiera('neutron_api_node_ips', $controller_hosts_real),
server_names => hiera('neutron_api_node_names', $controller_hosts_names_real),
+ mode => 'http',
listen_options => {
'http-request' => [
'set-header X-Forwarded-Proto https if { ssl_fc }',
@@ -935,6 +938,7 @@ class tripleo::haproxy (
service_port => $ports[ceilometer_api_port],
ip_addresses => hiera('ceilometer_api_node_ips', $controller_hosts_real),
server_names => hiera('ceilometer_api_node_names', $controller_hosts_names_real),
+ mode => 'http',
listen_options => {
'http-request' => [
'set-header X-Forwarded-Proto https if { ssl_fc }',
@@ -953,6 +957,7 @@ class tripleo::haproxy (
service_port => $ports[aodh_api_port],
ip_addresses => hiera('aodh_api_node_ips', $controller_hosts_real),
server_names => hiera('aodh_api_node_names', $controller_hosts_names_real),
+ mode => 'http',
listen_options => {
'http-request' => [
'set-header X-Forwarded-Proto https if { ssl_fc }',
@@ -964,6 +969,24 @@ class tripleo::haproxy (
}
}
+ if $panko {
+ ::tripleo::haproxy::endpoint { 'panko':
+ public_virtual_ip => $public_virtual_ip,
+ internal_ip => hiera('panko_api_vip', $controller_virtual_ip),
+ service_port => $ports[panko_api_port],
+ ip_addresses => hiera('panko_api_node_ips', $controller_hosts_real),
+ server_names => hiera('panko_api_node_names', $controller_hosts_names_real),
+ listen_options => {
+ 'http-request' => [
+ 'set-header X-Forwarded-Proto https if { ssl_fc }',
+ 'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
+ },
+ public_ssl_port => $ports[panko_api_ssl_port],
+ service_network => $panko_network,
+ member_options => union($haproxy_member_options, $internal_tls_member_options),
+ }
+ }
+
if $barbican {
::tripleo::haproxy::endpoint { 'barbican':
public_virtual_ip => $public_virtual_ip,
@@ -984,6 +1007,7 @@ class tripleo::haproxy (
service_port => $ports[gnocchi_api_port],
ip_addresses => hiera('gnocchi_api_node_ips', $controller_hosts_real),
server_names => hiera('gnocchi_api_node_names', $controller_hosts_names_real),
+ mode => 'http',
listen_options => {
'http-request' => [
'set-header X-Forwarded-Proto https if { ssl_fc }',
diff --git a/manifests/profile/base/database/mysql.pp b/manifests/profile/base/database/mysql.pp
index 9da1456..8bef7c4 100644
--- a/manifests/profile/base/database/mysql.pp
+++ b/manifests/profile/base/database/mysql.pp
@@ -143,6 +143,9 @@ class tripleo::profile::base::database::mysql (
if hiera('trove_api_enabled', false) {
include ::trove::db::mysql
}
+ if hiera('panko_api_enabled', false) {
+ include ::panko::db::mysql
+ }
}
}
diff --git a/manifests/profile/base/keepalived.pp b/manifests/profile/base/keepalived.pp
index f2063d6..8dd03dc 100644
--- a/manifests/profile/base/keepalived.pp
+++ b/manifests/profile/base/keepalived.pp
@@ -27,13 +27,54 @@
# for more details.
# Defaults to hiera('step')
#
+# [*control_virtual_interface*]
+# (Optional) Interface specified for control plane network
+# Defaults to hiera('tripleo::keepalived::control_virtual_interface', false)
+#
+# [*control_virtual_ip*]
+# Virtual IP address used for control plane network
+# Defaults to hiera('tripleo::keepalived::controller_virtual_ip')
+#
+# [*public_virtual_interface*]
+# (Optional) Interface specified for public/external network
+# Defaults to hiera('tripleo::keepalived::public_virtual_interface', false)
+#
+# [*public_virtual_ip*]
+# Virtual IP address used for public/ network
+# Defaults to hiera('tripleo::keepalived::public_virtual_ip')
+#
class tripleo::profile::base::keepalived (
- $enable_load_balancer = hiera('enable_load_balancer', true),
- $step = hiera('step'),
+ $enable_load_balancer = hiera('enable_load_balancer', true),
+ $control_virtual_interface = hiera('tripleo::keepalived::control_virtual_interface', false),
+ $control_virtual_ip = hiera('tripleo::keepalived::controller_virtual_ip'),
+ $public_virtual_interface = hiera('tripleo::keepalived::public_virtual_interface', false),
+ $public_virtual_ip = hiera('tripleo::keepalived::public_virtual_ip'),
+ $step = hiera('step'),
) {
if $step >= 1 {
if $enable_load_balancer and hiera('enable_keepalived', true){
- include ::tripleo::keepalived
+ if ! $control_virtual_interface {
+ $control_detected_interface = interface_for_ip($control_virtual_ip)
+ if ! $control_detected_interface {
+ fail('Unable to find interface for control plane network')
+ }
+ } else {
+ $control_detected_interface = $control_virtual_interface
+ }
+
+ if ! $public_virtual_interface {
+ $public_detected_interface = interface_for_ip($public_virtual_ip)
+ if ! $public_detected_interface {
+ fail('Unable to find interface for public network')
+ }
+ } else {
+ $public_detected_interface = $public_virtual_interface
+ }
+
+ class { '::tripleo::keepalived':
+ control_virtual_interface => $control_detected_interface,
+ public_virtual_interface => $public_detected_interface,
+ }
}
}
}
diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp
index 1519a02..ff8d790 100644
--- a/manifests/profile/base/keystone.pp
+++ b/manifests/profile/base/keystone.pp
@@ -236,6 +236,9 @@ class tripleo::profile::base::keystone (
if hiera('nova_api_enabled', false) {
include ::nova::keystone::auth
}
+ if hiera('panko_api_enabled', false) {
+ include ::panko::keystone::auth
+ }
if hiera('sahara_api_enabled', false) {
include ::sahara::keystone::auth
}
diff --git a/manifests/profile/base/panko.pp b/manifests/profile/base/panko.pp
new file mode 100644
index 0000000..4abed56
--- /dev/null
+++ b/manifests/profile/base/panko.pp
@@ -0,0 +1,47 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::panko
+#
+# panko profile for tripleo
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+
+class tripleo::profile::base::panko (
+ $step = hiera('step'),
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+) {
+
+ if $::hostname == downcase($bootstrap_node) {
+ $sync_db = true
+ } else {
+ $sync_db = false
+ }
+
+ if $step >= 4 or ($step >= 3 and $sync_db) {
+ include ::panko
+ include ::panko::config
+ include ::panko::db::sync
+ }
+
+}
diff --git a/manifests/profile/base/panko/api.pp b/manifests/profile/base/panko/api.pp
new file mode 100644
index 0000000..32dfc38
--- /dev/null
+++ b/manifests/profile/base/panko/api.pp
@@ -0,0 +1,35 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::panko::api
+#
+# Panko API profile for tripleo
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::panko::api (
+ $step = hiera('step'),
+) {
+ include ::tripleo::profile::base::panko
+
+ if $step >= 4 {
+ include ::panko::api
+ include ::panko::wsgi::apache
+ }
+}