aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Puppetfile_extras18
-rw-r--r--lib/puppet/provider/package/norpm.rb7
-rw-r--r--manifests/certmonger/rabbitmq.pp79
-rw-r--r--manifests/haproxy.pp85
-rw-r--r--manifests/host/sriov/numvfs_persistence.pp2
-rw-r--r--manifests/network/contrail/analytics.pp331
-rw-r--r--manifests/network/contrail/analyticsdatabase.pp202
-rw-r--r--manifests/network/contrail/config.pp397
-rw-r--r--manifests/network/contrail/control.pp197
-rw-r--r--manifests/network/contrail/database.pp149
-rw-r--r--manifests/network/contrail/heat.pp80
-rw-r--r--manifests/network/contrail/neutron_plugin.pp203
-rw-r--r--manifests/network/contrail/provision.pp92
-rw-r--r--manifests/network/contrail/vrouter.pp302
-rw-r--r--manifests/network/contrail/webui.pp104
-rw-r--r--manifests/profile/base/aodh.pp80
-rw-r--r--manifests/profile/base/barbican/api.pp74
-rw-r--r--manifests/profile/base/ceilometer.pp78
-rw-r--r--manifests/profile/base/ceilometer/agent/polling.pp64
-rw-r--r--manifests/profile/base/cinder.pp84
-rw-r--r--manifests/profile/base/cinder/volume.pp29
-rw-r--r--manifests/profile/base/cinder/volume/dellps.pp (renamed from manifests/profile/base/cinder/volume/eqlx.pp)10
-rw-r--r--manifests/profile/base/cinder/volume/scaleio.pp56
-rw-r--r--manifests/profile/base/congress.pp64
-rw-r--r--manifests/profile/base/database/mysql.pp33
-rw-r--r--manifests/profile/base/database/mysql/client.pp93
-rw-r--r--manifests/profile/base/docker.pp68
-rw-r--r--manifests/profile/base/docker_registry.pp3
-rw-r--r--manifests/profile/base/gnocchi/metricd.pp2
-rw-r--r--manifests/profile/base/gnocchi/statsd.pp2
-rw-r--r--manifests/profile/base/heat.pp87
-rw-r--r--manifests/profile/base/heat/api.pp54
-rw-r--r--manifests/profile/base/heat/api_cfn.pp55
-rw-r--r--manifests/profile/base/heat/api_cloudwatch.pp55
-rw-r--r--manifests/profile/base/horizon.pp11
-rw-r--r--manifests/profile/base/ironic.pp50
-rw-r--r--manifests/profile/base/ironic_inspector.pp46
-rw-r--r--manifests/profile/base/keystone.pp102
-rw-r--r--manifests/profile/base/manila.pp80
-rw-r--r--manifests/profile/base/mistral.pp80
-rw-r--r--manifests/profile/base/neutron.pp108
-rw-r--r--manifests/profile/base/neutron/ovs.pp2
-rw-r--r--manifests/profile/base/nova.pp101
-rw-r--r--manifests/profile/base/nova/api.pp67
-rw-r--r--manifests/profile/base/nova/authtoken.pp56
-rw-r--r--manifests/profile/base/nova/compute.pp1
-rw-r--r--manifests/profile/base/nova/compute/libvirt.pp13
-rw-r--r--manifests/profile/base/nova/placement.pp3
-rw-r--r--manifests/profile/base/octavia.pp55
-rw-r--r--manifests/profile/base/octavia/health_manager.pp33
-rw-r--r--manifests/profile/base/octavia/housekeeping.pp34
-rw-r--r--manifests/profile/base/octavia/worker.pp34
-rw-r--r--manifests/profile/base/panko.pp18
-rw-r--r--manifests/profile/base/panko/api.pp18
-rw-r--r--manifests/profile/base/rabbitmq.pp92
-rw-r--r--manifests/profile/base/sahara.pp85
-rw-r--r--manifests/profile/base/swift/proxy.pp78
-rw-r--r--manifests/profile/base/tacker.pp60
-rw-r--r--manifests/profile/base/time/ntp.pp10
-rw-r--r--manifests/profile/base/vpp.pp32
-rw-r--r--manifests/profile/pacemaker/database/mysql.pp4
-rw-r--r--manifests/ui.pp133
-rw-r--r--metadata.json2
-rw-r--r--releasenotes/notes/6.2.0-64eaf596539f3ed1.yaml64
-rw-r--r--releasenotes/notes/add-ceilo-polling-agent-53fab550a09a6196.yaml6
-rw-r--r--releasenotes/notes/add-support-for-octavia-f1e472af89e9a05c.yaml4
-rw-r--r--releasenotes/notes/bugfix-1664561-50d76b25addb08dd.yaml4
-rw-r--r--releasenotes/notes/calculate-dhcp-agents-per-network-3089c5e7b15f8b7b.yaml5
-rw-r--r--releasenotes/notes/deploy-heat-APIs-over-httpd-46b111d0a4a4eed4.yaml3
-rw-r--r--releasenotes/notes/docker_profile-8571ae260eec69b8.yaml4
-rw-r--r--releasenotes/notes/enable-languages-in-ui-88a8caa6db9b4dd7.yaml5
-rw-r--r--releasenotes/notes/httpchk-for-haproxy-http-services-ace7d9bf94610ed9.yaml6
-rw-r--r--releasenotes/notes/innodb_file_per_table-f925b3bbf29d44ea.yaml20
-rw-r--r--releasenotes/notes/proxy-api-endpoints-359e5fb64d80d400.yaml6
-rw-r--r--releasenotes/notes/rabbitmq_password_change-4fce15c9ebb0e20c.yaml4
-rw-r--r--releasenotes/notes/remove-old-urls-dea2b7fdcb50dd48.yaml12
-rw-r--r--releasenotes/notes/sahara_auth_v3-65bd276b39b4e284.yaml4
-rw-r--r--releasenotes/notes/vncserver_listen-4417377cac38464c.yaml7
-rw-r--r--releasenotes/notes/vpp-7368457faab68824.yaml7
-rw-r--r--releasenotes/source/conf.py12
-rw-r--r--releasenotes/source/index.rst1
-rw-r--r--releasenotes/source/ocata.rst6
-rw-r--r--spec/classes/tripleo_certmonger_rabbitmq.rb64
-rw-r--r--spec/classes/tripleo_midonet_agent_spec.rb58
-rw-r--r--spec/classes/tripleo_profile_base_aodh_api_spec.rb2
-rw-r--r--spec/classes/tripleo_profile_base_aodh_evaluator_spec.rb2
-rw-r--r--spec/classes/tripleo_profile_base_aodh_listener_spec.rb2
-rw-r--r--spec/classes/tripleo_profile_base_aodh_notifier_spec.rb2
-rw-r--r--spec/classes/tripleo_profile_base_aodh_spec.rb12
-rw-r--r--spec/classes/tripleo_profile_base_ceilometer_agent_polling_spec.rb72
-rw-r--r--spec/classes/tripleo_profile_base_ceilometer_api_spec.rb2
-rw-r--r--spec/classes/tripleo_profile_base_ceilometer_collector_spec.rb2
-rw-r--r--spec/classes/tripleo_profile_base_ceilometer_expirer_spec.rb2
-rw-r--r--spec/classes/tripleo_profile_base_ceilometer_spec.rb6
-rw-r--r--spec/classes/tripleo_profile_base_cinder_api_spec.rb2
-rw-r--r--spec/classes/tripleo_profile_base_cinder_backup_ceph_spec.rb2
-rw-r--r--spec/classes/tripleo_profile_base_cinder_backup_spec.rb2
-rw-r--r--spec/classes/tripleo_profile_base_cinder_backup_swift_spec.rb2
-rw-r--r--spec/classes/tripleo_profile_base_cinder_scaleio_spec.rb58
-rw-r--r--spec/classes/tripleo_profile_base_cinder_scheduler_spec.rb2
-rw-r--r--spec/classes/tripleo_profile_base_cinder_spec.rb44
-rw-r--r--spec/classes/tripleo_profile_base_cinder_volume_dellps_spec.rb (renamed from spec/classes/tripleo_profile_base_cinder_volume_eqlx_spec.rb)12
-rw-r--r--spec/classes/tripleo_profile_base_cinder_volume_spec.rb21
-rw-r--r--spec/classes/tripleo_profile_base_docker_spec.rb68
-rw-r--r--spec/classes/tripleo_profile_base_neutron_spec.rb76
-rw-r--r--spec/classes/tripleo_profile_base_nova_api_spec.rb43
-rw-r--r--spec/classes/tripleo_profile_base_nova_authtoken_spec.rb69
-rw-r--r--spec/classes/tripleo_profile_base_nova_compute_ironic_spec.rb2
-rw-r--r--spec/classes/tripleo_profile_base_nova_compute_libvirt_spec.rb2
-rw-r--r--spec/classes/tripleo_profile_base_nova_compute_spec.rb6
-rw-r--r--spec/classes/tripleo_profile_base_nova_conductor_spec.rb2
-rw-r--r--spec/classes/tripleo_profile_base_nova_consoleauth_spec.rb2
-rw-r--r--spec/classes/tripleo_profile_base_nova_libvirt_spec.rb2
-rw-r--r--spec/classes/tripleo_profile_base_nova_placement_spec.rb124
-rw-r--r--spec/classes/tripleo_profile_base_nova_scheduler_spec.rb2
-rw-r--r--spec/classes/tripleo_profile_base_nova_spec.rb26
-rw-r--r--spec/classes/tripleo_profile_base_nova_vncproxy_spec.rb2
-rw-r--r--spec/classes/tripleo_profile_base_octavia_api_spec.rb9
-rw-r--r--spec/classes/tripleo_profile_base_octavia_spec.rb26
-rw-r--r--spec/classes/tripleo_profile_base_time_ntp_spec.rb39
-rw-r--r--spec/classes/tripleo_ui_spec.rb66
-rw-r--r--spec/fixtures/hieradata/default.yaml6
-rw-r--r--templates/ui/tripleo_ui_config.js.erb31
123 files changed, 4876 insertions, 925 deletions
diff --git a/Puppetfile_extras b/Puppetfile_extras
index ce158e4..05586a3 100644
--- a/Puppetfile_extras
+++ b/Puppetfile_extras
@@ -5,10 +5,6 @@ mod 'haproxy',
:git => 'https://github.com/puppetlabs/puppetlabs-haproxy',
:ref => 'master'
-mod 'midonet',
- :git => 'https://github.com/midonet/puppet-midonet',
- :ref => 'v2015.06.7'
-
mod 'tomcat',
:git => 'https://github.com/puppetlabs/puppetlabs-tomcat',
:ref => '1.3.2'
@@ -31,4 +27,16 @@ mod 'datacat',
mod 'etcd',
:git => 'https://github.com/cristifalcas/puppet-etcd',
- :ref => '1.10.0' \ No newline at end of file
+ :ref => '1.10.0'
+
+mod 'fdio',
+ :git => 'https://git.fd.io/puppet-fdio',
+ :ref => 'master'
+
+mod 'certmonger',
+ :git => 'https://github.com/earsdown/puppet-certmonger',
+ :ref => 'v1.1.1'
+
+mod 'ntp',
+ :git => 'https://github.com/puppetlabs/puppetlabs-ntp',
+ :ref => '4.2.x'
diff --git a/lib/puppet/provider/package/norpm.rb b/lib/puppet/provider/package/norpm.rb
index 0764265..abe1780 100644
--- a/lib/puppet/provider/package/norpm.rb
+++ b/lib/puppet/provider/package/norpm.rb
@@ -12,28 +12,35 @@
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
+require 'puppet'
require 'puppet/provider/package'
Puppet::Type.type(:package).provide :norpm, :source => :rpm, :parent => :rpm do
desc "RPM packaging provider that does not install anything."
+ has_feature :virtual_packages
+
def latest
@resource.fail "'latest' is unsupported by this provider."
end
def install
+ Puppet.warning("[norpm] Attempting to install #{name} but it will not be installed")
true
end
def uninstall
+ Puppet.warning("[norpm] Attempting to uninstall #{name} but it will not be removed")
true
end
def update
+ Puppet.warning("[norpm] Attempting to update #{name} but it will not be updated")
true
end
def purge
+ Puppet.warning("[norpm] Attempting to purge #{name} but it will not be removed")
true
end
diff --git a/manifests/certmonger/rabbitmq.pp b/manifests/certmonger/rabbitmq.pp
new file mode 100644
index 0000000..344adef
--- /dev/null
+++ b/manifests/certmonger/rabbitmq.pp
@@ -0,0 +1,79 @@
+# Copyright 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::certmonger::rabbitmq
+#
+# Request a certificate for RabbitMQ and do the necessary setup.
+#
+# === Parameters
+#
+# [*hostname*]
+# The hostname of the node. this will be set in the CN of the certificate.
+#
+# [*service_certificate*]
+# The path to the certificate that will be used for TLS in this service.
+#
+# [*service_key*]
+# The path to the key that will be used for TLS in this service.
+#
+# [*certmonger_ca*]
+# (Optional) The CA that certmonger will use to generate the certificates.
+# Defaults to hiera('certmonger_ca', 'local').
+#
+# [*file_owner*]
+# (Optional) The user which the certificate and key files belong to.
+# Defaults to 'root'
+#
+# [*principal*]
+# (Optional) The service principal that is set for the service in kerberos.
+# Defaults to undef
+#
+class tripleo::certmonger::rabbitmq (
+ $hostname,
+ $service_certificate,
+ $service_key,
+ $certmonger_ca = hiera('certmonger_ca', 'local'),
+ $principal = undef,
+) {
+ include ::certmonger
+ include ::rabbitmq::params
+
+ $postsave_cmd = "systemctl restart ${::rabbitmq::params::service_name}"
+ certmonger_certificate { 'rabbitmq' :
+ ensure => 'present',
+ certfile => $service_certificate,
+ keyfile => $service_key,
+ hostname => $hostname,
+ dnsname => $hostname,
+ principal => $principal,
+ postsave_cmd => $postsave_cmd,
+ ca => $certmonger_ca,
+ wait => true,
+ require => Class['::certmonger'],
+ }
+
+ file { $service_certificate :
+ owner => $::rabbitmq::params::rabbitmq_user,
+ group => $::rabbitmq::params::rabbitmq_group,
+ require => Certmonger_certificate['rabbitmq'],
+ }
+ file { $service_key :
+ owner => $::rabbitmq::params::rabbitmq_user,
+ group => $::rabbitmq::params::rabbitmq_group,
+ require => Certmonger_certificate['rabbitmq'],
+ }
+
+ File[$service_certificate] ~> Service<| title == $::rabbitmq::params::service_name |>
+ File[$service_key] ~> Service<| title == $::rabbitmq::params::service_name |>
+}
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index f34c58f..517df4b 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -64,6 +64,26 @@
# Can be a string or an array.
# Defaults to undef
#
+# [*contrail_config_hosts*]
+# (optional) Specify the contrail config hosts ips.
+# Defaults to hiera('contrail_config_node_ips')
+#
+# [*contrail_config_hosts_names*]
+# (optional) Specify the contrail config hosts.
+# Defaults to hiera('contrail_config_node_ips')
+#
+# [*contrail_config*]
+# (optional) Switch to check that contrail config is enabled.
+# Defaults to hiera('contrail_config_enabled')
+#
+# [*contrail_webui*]
+# (optional) Switch to check that contrail config is enabled.
+# Defaults to hiera('contrail_webui_enabled')
+#
+# [*contrail_analytics*]
+# (optional) Switch to check that contrail config is enabled.
+# Defaults to hiera('contrail_analytics_enabled')
+#
# [*public_virtual_ip*]
# Public IP or group of IPs to bind the pools
# Can be a string or an array.
@@ -519,6 +539,11 @@ class tripleo::haproxy (
$haproxy_stats_password = undef,
$controller_hosts = hiera('controller_node_ips'),
$controller_hosts_names = hiera('controller_node_names', undef),
+ $contrail_config_hosts = hiera('contrail_config_node_ips', undef),
+ $contrail_config_hosts_names = hiera('contrail_config_node_names', undef),
+ $contrail_analytics = hiera('contrail_analytics_enabled', false),
+ $contrail_config = hiera('contrail_config_enabled', false),
+ $contrail_webui = hiera('contrail_webui_enabled', false),
$service_certificate = undef,
$use_internal_certificates = false,
$internal_certificates_specs = {},
@@ -616,6 +641,14 @@ class tripleo::haproxy (
cinder_api_ssl_port => 13776,
congress_api_port => 1789,
congress_api_ssl_port => 13789,
+ contrail_config_port => 8082,
+ contrail_config_ssl_port => 18082,
+ contrail_discovery_port => 5998,
+ contrail_discovery_ssl_port => 15998,
+ contrail_analytics_port => 8090,
+ contrail_analytics_ssl_port => 18090,
+ contrail_webui_http_port => 8080,
+ contrail_webui_https_port => 8143,
docker_registry_port => 8787,
docker_registry_ssl_port => 13787,
glance_api_port => 9292,
@@ -1011,7 +1044,7 @@ class tripleo::haproxy (
},
public_ssl_port => $ports[nova_api_ssl_port],
service_network => $nova_osapi_network,
- member_options => union($haproxy_member_options, $internal_tls_member_options),
+ #member_options => union($haproxy_member_options, $internal_tls_member_options),
}
}
@@ -1232,6 +1265,7 @@ class tripleo::haproxy (
listen_options => $heat_options,
public_ssl_port => $ports[heat_api_ssl_port],
service_network => $heat_api_network,
+ member_options => union($haproxy_member_options, $internal_tls_member_options),
}
}
@@ -1246,6 +1280,7 @@ class tripleo::haproxy (
listen_options => $heat_options,
public_ssl_port => $ports[heat_cw_ssl_port],
service_network => $heat_cloudwatch_network,
+ member_options => union($haproxy_member_options, $internal_tls_member_options),
}
}
@@ -1260,6 +1295,7 @@ class tripleo::haproxy (
listen_options => $heat_options,
public_ssl_port => $ports[heat_cfn_ssl_port],
service_network => $heat_cfn_network,
+ member_options => union($haproxy_member_options, $internal_tls_member_options),
}
}
@@ -1561,5 +1597,50 @@ class tripleo::haproxy (
public_ssl_port => $ports[ui_ssl_port],
}
}
-
+ if $contrail_config {
+ ::tripleo::haproxy::endpoint { 'contrail_config':
+ public_virtual_ip => $public_virtual_ip,
+ internal_ip => hiera('contrail_config_vip', $controller_virtual_ip),
+ service_port => $ports[contrail_config_port],
+ ip_addresses => hiera('contrail_config_node_ips'),
+ server_names => hiera('contrail_config_node_ips'),
+ public_ssl_port => $ports[contrail_config_ssl_port],
+ }
+ ::tripleo::haproxy::endpoint { 'contrail_discovery':
+ public_virtual_ip => $public_virtual_ip,
+ internal_ip => hiera('contrail_config_vip', $controller_virtual_ip),
+ service_port => $ports[contrail_discovery_port],
+ ip_addresses => hiera('contrail_config_node_ips'),
+ server_names => hiera('contrail_config_node_ips'),
+ public_ssl_port => $ports[contrail_discovery_ssl_port],
+ }
+ }
+ if $contrail_analytics {
+ ::tripleo::haproxy::endpoint { 'contrail_analytics':
+ public_virtual_ip => $public_virtual_ip,
+ internal_ip => hiera('contrail_analytics_vip', $controller_virtual_ip),
+ service_port => $ports[contrail_analytics_port],
+ ip_addresses => hiera('contrail_config_node_ips'),
+ server_names => hiera('contrail_config_node_ips'),
+ public_ssl_port => $ports[contrail_analytics_ssl_port],
+ }
+ }
+ if $contrail_webui {
+ ::tripleo::haproxy::endpoint { 'contrail_webui_http':
+ public_virtual_ip => $public_virtual_ip,
+ internal_ip => hiera('contrail_webui_vip', $controller_virtual_ip),
+ service_port => $ports[contrail_webui_http_port],
+ ip_addresses => hiera('contrail_config_node_ips'),
+ server_names => hiera('contrail_config_node_ips'),
+ public_ssl_port => $ports[contrail_webui_http_port],
+ }
+ ::tripleo::haproxy::endpoint { 'contrail_webui_https':
+ public_virtual_ip => $public_virtual_ip,
+ internal_ip => hiera('contrail_webui_vip', $controller_virtual_ip),
+ service_port => $ports[contrail_webui_https_port],
+ ip_addresses => hiera('contrail_config_node_ips'),
+ server_names => hiera('contrail_config_node_ips'),
+ public_ssl_port => $ports[contrail_webui_https_port],
+ }
+ }
}
diff --git a/manifests/host/sriov/numvfs_persistence.pp b/manifests/host/sriov/numvfs_persistence.pp
index ec8c875..4c6af83 100644
--- a/manifests/host/sriov/numvfs_persistence.pp
+++ b/manifests/host/sriov/numvfs_persistence.pp
@@ -4,7 +4,7 @@
# === Parameters:
#
# [*vf_defs*]
-# (required) Array of of <physical_interface>:<numvfs>.
+# (required) Array of <physical_interface>:<numvfs>.
# Example: ['eth1:10','eth2:8']
#
# [*content_string*]
diff --git a/manifests/network/contrail/analytics.pp b/manifests/network/contrail/analytics.pp
index 4359a43..e34c7e6 100644
--- a/manifests/network/contrail/analytics.pp
+++ b/manifests/network/contrail/analytics.pp
@@ -43,6 +43,21 @@
# String value.
# Defaults to hiera('contrail::admin_user')
#
+# [*api_server*]
+# (optional) IP address of api server
+# String value.
+# Defaults to hiera('contrail_config_vip')
+#
+# [*api_port*]
+# (optional) port of api server
+# String value.
+# Defaults to hiera('contrail::api_port')
+#
+# [*analytics_aaa_mode*]
+# (optional) analytics aaa mode parameter
+# String value.
+# Defaults to hiera('contrail::analytics_aaa_mode')
+#
# [*auth_host*]
# (optional) keystone server ip address
# String (IPv4) value.
@@ -53,11 +68,26 @@
# Integer value.
# Defaults to hiera('contrail::auth_port')
#
+# [*auth_port_ssl*]
+# (optional) keystone ssl port.
+# Integer value.
+# Defaults to hiera('contrail::auth_port_ssl')
+#
# [*auth_protocol*]
# (optional) authentication protocol.
# String value.
# Defaults to hiera('contrail::auth_protocol')
#
+# [*ca_file*]
+# (optional) ca file name
+# String value.
+# Defaults to hiera('contrail::service_certificate',false)
+#
+# [*cert_file*]
+# (optional) cert file name
+# String value.
+# Defaults to hiera('contrail::service_certificate',false)
+#
# [*cassandra_server_list*]
# (optional) List IPs+port of Cassandra servers
# Array of strings value.
@@ -76,7 +106,7 @@
# [*disc_server_ip*]
# (optional) IPv4 address of discovery server.
# String (IPv4) value.
-# Defaults to hiera('contrail::disc_server_ip')
+# Defaults to hiera('contrail_config_vip')
#
# [*disc_server_port*]
# (optional) port Discovery server listens on.
@@ -103,6 +133,31 @@
# String (IPv4) value + port
# Defaults to hiera('contrail::memcached_server')
#
+# [*public_vip*]
+# (optional) Public virtual IP address
+# String (IPv4) value
+# Defaults to hiera('public_virtual_ip')
+#
+# [*rabbit_server*]
+# (optional) IPv4 addresses of rabbit server.
+# Array of String (IPv4) value.
+# Defaults to hiera('rabbitmq_node_ips')
+#
+# [*rabbit_user*]
+# (optional) Rabbit user
+# String value.
+# Defaults to hiera('contrail::rabbit_user')
+#
+# [*rabbit_password*]
+# (optional) Rabbit password
+# String value.
+# Defaults to hiera('contrail::rabbit_password')
+#
+# [*rabbit_port*]
+# (optional) port of rabbit server
+# String value.
+# Defaults to hiera('contrail::rabbit_port')
+#
# [*redis_server*]
# (optional) IPv4 address of redis server.
# String (IPv4) value.
@@ -123,123 +178,209 @@
# Integer value.
# Defaults to 8081
#
+# [*step*]
+# (optional) Step stack is in
+# Integer value.
+# Defaults to hiera('step')
+#
# [*zk_server_ip*]
# (optional) List IPs+port of Zookeeper servers
# Array of strings value.
# Defaults to hiera('contrail::zk_server_ip')
#
class tripleo::network::contrail::analytics(
- $host_ip,
- $admin_password = hiera('contrail::admin_password'),
- $admin_tenant_name = hiera('contrail::admin_tenant_name'),
- $admin_token = hiera('contrail::admin_token'),
- $admin_user = hiera('contrail::admin_user'),
- $auth_host = hiera('contrail::auth_host'),
- $auth_port = hiera('contrail::auth_port'),
- $auth_protocol = hiera('contrail::auth_protocol'),
- $cassandra_server_list = hiera('contrail::cassandra_server_list'),
- $collector_http_server_port = 8089,
- $collector_sandesh_port = 8086,
- $disc_server_ip = hiera('contrail::disc_server_ip'),
- $disc_server_port = hiera('contrail::disc_server_port'),
- $http_server_port = 8090,
- $insecure = hiera('contrail::insecure'),
- $kafka_broker_list = hiera('contrail::kafka_broker_list'),
- $memcached_servers = hiera('contrail::memcached_server'),
- $redis_server = '127.0.0.1',
- $redis_server_port = 6379,
- $rest_api_ip = '0.0.0.0',
- $rest_api_port = 8081,
- $zk_server_ip = hiera('contrail::zk_server_ip'),
+ $step = hiera('step'),
+ $admin_password = hiera('contrail::admin_password'),
+ $admin_tenant_name = hiera('contrail::admin_tenant_name'),
+ $admin_token = hiera('contrail::admin_token'),
+ $admin_user = hiera('contrail::admin_user'),
+ $api_server = hiera('contrail_config_vip'),
+ $api_port = hiera('contrail::api_port'),
+ $auth_host = hiera('contrail::auth_host'),
+ $auth_port = hiera('contrail::auth_port'),
+ $auth_protocol = hiera('contrail::auth_protocol'),
+ $auth_port_ssl = hiera('contrail::auth_port_ssl'),
+ $analytics_aaa_mode = hiera('contrail::analytics_aaa_mode'),
+ $cassandra_server_list = hiera('contrail_analytics_database_node_ips'),
+ $ca_file = hiera('contrail::service_certificate',false),
+ $cert_file = hiera('contrail::service_certificate',false),
+ $collector_http_server_port = hiera('contrail::analytics::collector_http_server_port'),
+ $collector_sandesh_port = hiera('contrail::analytics::collector_sandesh_port'),
+ $disc_server_ip = hiera('contrail_config_vip'),
+ $disc_server_port = hiera('contrail::disc_server_port'),
+ $http_server_port = hiera('contrail::analytics::http_server_port'),
+ $host_ip = hiera('contrail::analytics::host_ip'),
+ $insecure = hiera('contrail::insecure'),
+ $kafka_broker_list = hiera('contrail_analytics_database_node_ips'),
+ $memcached_servers = hiera('contrail::memcached_server'),
+ $public_vip = hiera('public_virtual_ip'),
+ $rabbit_server = hiera('rabbitmq_node_ips'),
+ $rabbit_user = hiera('contrail::rabbit_user'),
+ $rabbit_password = hiera('contrail::rabbit_password'),
+ $rabbit_port = hiera('contrail::rabbit_port'),
+ $redis_server = hiera('contrail::analytics::redis_server'),
+ $redis_server_port = hiera('contrail::analytics::redis_server_port'),
+ $rest_api_ip = hiera('contrail::analytics::rest_api_ip'),
+ $rest_api_port = hiera('contrail::analytics::rest_api_port'),
+ $zk_server_ip = hiera('contrail_database_node_ips'),
)
{
- class {'::contrail::keystone':
- keystone_config => {
- 'KEYSTONE' => {
+ $cassandra_server_list_9042 = join([join($cassandra_server_list, ':9042 '),':9042'],'')
+ $kafka_broker_list_9092 = join([join($kafka_broker_list, ':9092 '),':9092'],'')
+ $rabbit_server_list_5672 = join([join($rabbit_server, ":${rabbit_port},"),":${rabbit_port}"],'')
+ $redis_config = "bind ${host_ip} 127.0.0.1"
+ $zk_server_ip_2181 = join([join($zk_server_ip, ':2181 '),':2181'],'')
+ $zk_server_ip_2181_comma = join([join($zk_server_ip, ':2181,'),':2181'],'')
+
+ if $auth_protocol == 'https' {
+ $keystone_config = {
'admin_password' => $admin_password,
'admin_tenant_name' => $admin_tenant_name,
- 'admin_token' => $admin_token,
'admin_user' => $admin_user,
'auth_host' => $auth_host,
- 'auth_port' => $auth_port,
+ 'auth_port' => $auth_port_ssl,
'auth_protocol' => $auth_protocol,
'insecure' => $insecure,
- 'memcached_servers' => $memcached_servers,
- },
- },
- } ->
- class {'::contrail::analytics':
- analytics_api_config => {
- 'DEFAULTS' => {
- 'cassandra_server_list' => $cassandra_server_list,
- 'host_ip' => $host_ip,
- 'http_server_port' => $http_server_port,
- 'redis_server' => $redis_server,
- 'rest_api_ip' => $rest_api_ip,
- 'rest_api_port' => $rest_api_port,
- },
- 'DISCOVERY' => {
- 'disc_server_ip' => $disc_server_ip,
- 'disc_server_port' => $disc_server_port,
- },
- 'REDIS' => {
- 'redis_server_port' => $redis_server_port,
- 'redis_query_port' => $redis_server_port,
- 'server' => $redis_server,
- },
- },
- collector_config => {
- 'DEFAULTS' => {
- 'cassandra_server_list' => $cassandra_server_list,
- 'disc_server_ip' => $disc_server_ip,
- 'hostip' => $host_ip,
- 'http_server_port' => $collector_http_server_port,
- 'kafka_broker_list' => $kafka_broker_list,
- 'zookeeper_server_list' => $zk_server_ip,
- },
- 'COLLECTOR' => {
- 'port' => $collector_sandesh_port,
+ 'certfile' => $cert_file,
+ 'cafile' => $ca_file,
+ }
+ $vnc_api_lib_config = {
+ 'auth' => {
+ 'AUTHN_SERVER' => $public_vip,
+ 'AUTHN_PORT' => $auth_port_ssl,
+ 'AUTHN_PROTOCOL' => $auth_protocol,
+ 'certfile' => $cert_file,
+ 'cafile' => $ca_file,
},
- 'DISCOVERY' => {
- 'port' => $disc_server_port,
- 'server' => $disc_server_ip,
+ }
+ } else {
+ $keystone_config = {
+ 'admin_password' => $admin_password,
+ 'admin_tenant_name' => $admin_tenant_name,
+ 'admin_user' => $admin_user,
+ 'auth_host' => $auth_host,
+ 'auth_port' => $auth_port,
+ 'auth_protocol' => $auth_protocol,
+ 'insecure' => $insecure,
+ }
+ $vnc_api_lib_config = {
+ 'auth' => {
+ 'AUTHN_SERVER' => $public_vip,
},
- 'REDIS' => {
- 'port' => $redis_server_port,
- 'server' => $redis_server,
+ }
+ }
+ if $step >= 3 {
+ class {'::contrail::analytics':
+ alarm_gen_config => {
+ 'DEFAULTS' => {
+ 'host_ip' => $host_ip,
+ 'kafka_broker_list' => $kafka_broker_list_9092,
+ 'rabbitmq_server_list' => $rabbit_server_list_5672,
+ 'rabbitmq_user' => $rabbit_user,
+ 'rabbitmq_password' => $rabbit_password,
+ 'zk_list' => $zk_server_ip_2181,
+ },
+ 'DISCOVERY' => {
+ 'disc_server_ip' => $disc_server_ip,
+ 'disc_server_port' => $disc_server_port,
+ },
},
- },
- query_engine_config => {
- 'DEFAULTS' => {
- 'cassandra_server_list' => $cassandra_server_list,
- 'hostip' => $host_ip,
+ analytics_nodemgr_config => {
+ 'DISCOVERY' => {
+ 'server' => $disc_server_ip,
+ 'port' => $disc_server_port,
+ },
},
- 'DISCOVERY' => {
- 'port' => $disc_server_port,
- 'server' => $disc_server_ip,
+ analytics_api_config => {
+ 'DEFAULTS' => {
+ 'api_server' => "${api_server}:${api_port}",
+ 'aaa_mode' => $analytics_aaa_mode,
+ 'cassandra_server_list' => $cassandra_server_list_9042,
+ 'host_ip' => $host_ip,
+ 'http_server_port' => $http_server_port,
+ 'rest_api_ip' => $rest_api_ip,
+ 'rest_api_port' => $rest_api_port,
+ },
+ 'DISCOVERY' => {
+ 'disc_server_ip' => $disc_server_ip,
+ 'disc_server_port' => $disc_server_port,
+ },
+ 'REDIS' => {
+ 'redis_server_port' => $redis_server_port,
+ 'redis_query_port' => $redis_server_port,
+ 'server' => $redis_server,
+ },
+ 'KEYSTONE' => $keystone_config,
},
- 'REDIS' => {
- 'port' => $redis_server_port,
- 'server' => $redis_server,
+ collector_config => {
+ 'DEFAULT' => {
+ 'cassandra_server_list' => $cassandra_server_list_9042,
+ 'hostip' => $host_ip,
+ 'http_server_port' => $collector_http_server_port,
+ 'kafka_broker_list' => $kafka_broker_list_9092,
+ 'zookeeper_server_list' => $zk_server_ip_2181_comma,
+ },
+ 'COLLECTOR' => {
+ 'port' => $collector_sandesh_port,
+ },
+ 'DISCOVERY' => {
+ 'port' => $disc_server_port,
+ 'server' => $disc_server_ip,
+ },
+ 'REDIS' => {
+ 'port' => $redis_server_port,
+ 'server' => $redis_server,
+ },
},
- },
- snmp_collector_config => {
- 'DEFAULTS' => {
- 'zk_server_ip' => $zk_server_ip,
+ query_engine_config => {
+ 'DEFAULT' => {
+ 'cassandra_server_list' => $cassandra_server_list_9042,
+ 'hostip' => $host_ip,
+ },
+ 'DISCOVERY' => {
+ 'port' => $disc_server_port,
+ 'server' => $disc_server_ip,
+ },
+ 'REDIS' => {
+ 'port' => $redis_server_port,
+ 'server' => $redis_server,
+ },
},
- 'DISCOVERY' => {
- 'disc_server_ip' => $disc_server_ip,
- 'disc_server_port' => $disc_server_port,
+ snmp_collector_config => {
+ 'DEFAULTS' => {
+ 'zookeeper' => $zk_server_ip_2181_comma,
+ },
+ 'DISCOVERY' => {
+ 'disc_server_ip' => $disc_server_ip,
+ 'disc_server_port' => $disc_server_port,
+ },
},
- },
- topology_config => {
- 'DEFAULTS' => {
- 'zk_server_ip' => $zk_server_ip,
+ redis_config => $redis_config,
+ topology_config => {
+ 'DEFAULTS' => {
+ 'zookeeper' => $zk_server_ip_2181_comma,
+ },
+ 'DISCOVERY' => {
+ 'disc_server_ip' => $disc_server_ip,
+ 'disc_server_port' => $disc_server_port,
+ },
},
- 'DISCOVERY' => {
- 'disc_server_ip' => $disc_server_ip,
- 'disc_server_port' => $disc_server_port,
+ vnc_api_lib_config => $vnc_api_lib_config,
+ keystone_config => {
+ 'KEYSTONE' => $keystone_config,
},
- },
+ }
+ }
+ if $step >= 5 {
+ class {'::contrail::analytics::provision_analytics':
+ api_address => $api_server,
+ api_port => $api_port,
+ analytics_node_address => $host_ip,
+ analytics_node_name => $::fqdn,
+ keystone_admin_user => $admin_user,
+ keystone_admin_password => $admin_password,
+ keystone_admin_tenant_name => $admin_tenant_name,
+ openstack_vip => $public_vip,
+ }
}
}
diff --git a/manifests/network/contrail/analyticsdatabase.pp b/manifests/network/contrail/analyticsdatabase.pp
new file mode 100644
index 0000000..88b0327
--- /dev/null
+++ b/manifests/network/contrail/analyticsdatabase.pp
@@ -0,0 +1,202 @@
+#
+# Copyright (C) 2015 Juniper Networks
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::network::contrail::analyticsdatabase
+#
+# Configure Contrail Analytics Database services
+#
+# == Parameters:
+#
+# [*auth_host*]
+# (optional) IPv4 VIP of Keystone
+# String (IPv4) value
+# Defaults to hiera('contrail::auth_host')
+#
+# [*auth_port_ssl*]
+# (optional) keystone ssl port.
+# Integer value.
+# Defaults to hiera('contrail::auth_port_ssl')
+#
+# [*auth_protocol*]
+# (optional) authentication protocol.
+# String value.
+# Defaults to hiera('contrail::auth_protocol')
+#
+# [*api_server*]
+# (optional) IPv4 VIP of Contrail Config API
+# String (IPv4) value
+# Defaults to hiera('contrail_config_vip')
+#
+# [*api_port*]
+# (optional) Port of Contrail Config API
+# String value
+# Defaults to hiera('contrail::api_port')
+#
+# [*admin_password*]
+# (optional) Keystone Admin password
+# String value
+# Defaults to hiera('contrail::admin_password')
+#
+# [*admin_tenant_name*]
+# (optional) Keystone Admin tenant name
+# String value
+# Defaults to hiera('contrail::admin_tenant_name')
+#
+# [*admin_token*]
+# (optional) Keystone Admin token
+# String value
+# Defaults to hiera('contrail::admin_token')
+#
+# [*admin_user*]
+# (optional) Keystone Admin user
+# String value
+# Defaults to hiera('contrail::admin_user')
+#
+# [*ca_file*]
+# (optional) ca file name
+# String value.
+# Defaults to hiera('contrail::service_certificate',false)
+#
+# [*cert_file*]
+# (optional) cert file name
+# String value.
+# Defaults to hiera('contrail::service_certificate',false)
+#
+# [*cassandra_servers*]
+# (optional) List of analytics cassandra servers
+# List (IPv4) value
+# Defaults to hiera('contrail_analytics_database_node_ips')
+#
+# [*disc_server_ip*]
+# (optional) IPv4 VIP of Contrail Discovery
+# String (IPv4) value
+# Defaults to hiera('contrail_config_vip')
+#
+# [*disc_server_port*]
+# (optional) port Discovery server listens on.
+# Integer value.
+# Defaults to hiera('contrail::disc_server_port')
+#
+# [*host_ip*]
+# (optional) host IP address of Database node
+# String (IPv4) value.
+# Defaults to hiera('contrail::analytics::database::host_ip')
+#
+# [*host_name*]
+# (optional) host name of database node
+# String value
+# Defaults to $::hostname
+#
+# [*kafka_hostnames*]
+# (optional) list of kafka server hostnames
+# List value
+# Defaults to hiera('contrail_analytics_database_short_node_names', '')
+#
+# [*public_vip*]
+# (optional) Public VIP
+# String (IPv4) value
+# Defaults to hiera('public_virtual_ip')
+#
+# [*step*]
+# (optional) step in the stack
+# String value
+# Defaults to hiera('step')
+#
+# [*zookeeper_server_ips*]
+# (optional) list of zookeeper server IPs
+# List value
+# Defaults to hiera('contrail_database_node_ips')
+#
+class tripleo::network::contrail::analyticsdatabase(
+ $step = hiera('step'),
+ $auth_host = hiera('contrail::auth_host'),
+ $api_server = hiera('contrail_config_vip'),
+ $api_port = hiera('contrail::api_port'),
+ $admin_password = hiera('contrail::admin_password'),
+ $admin_tenant_name = hiera('contrail::admin_tenant_name'),
+ $admin_token = hiera('contrail::admin_token'),
+ $admin_user = hiera('contrail::admin_user'),
+ $auth_port_ssl = hiera('contrail::auth_port_ssl'),
+ $auth_protocol = hiera('contrail::auth_protocol'),
+ $cassandra_servers = hiera('contrail_analytics_database_node_ips'),
+ $ca_file = hiera('contrail::service_certificate',false),
+ $cert_file = hiera('contrail::service_certificate',false),
+ $disc_server_ip = hiera('contrail_config_vip'),
+ $disc_server_port = hiera('contrail::disc_server_port'),
+ $host_ip = hiera('contrail::analytics::database::host_ip'),
+ $host_name = $::hostname,
+ $kafka_hostnames = hiera('contrail_analytics_database_short_node_names', ''),
+ $public_vip = hiera('public_virtual_ip'),
+ $zookeeper_server_ips = hiera('contrail_database_node_ips'),
+)
+{
+ if $auth_protocol == 'https' {
+ $vnc_api_lib_config = {
+ 'auth' => {
+ 'AUTHN_SERVER' => $public_vip,
+ 'AUTHN_PORT' => $auth_port_ssl,
+ 'AUTHN_PROTOCOL' => $auth_protocol,
+ 'certfile' => $cert_file,
+ 'cafile' => $ca_file,
+ },
+ }
+ } else {
+ $vnc_api_lib_config = {
+ 'auth' => {
+ 'AUTHN_SERVER' => $public_vip,
+ },
+ }
+ }
+ if $step == 2 {
+ class {'::contrail::analyticsdatabase':
+ analyticsdatabase_params => {
+ 'auth_host' => $auth_host,
+ 'api_server' => $api_server,
+ 'admin_password' => $admin_password,
+ 'admin_tenant_name' => $admin_tenant_name,
+ 'admin_token' => $admin_token,
+ 'admin_user' => $admin_user,
+ 'cassandra_servers' => $cassandra_servers,
+ 'host_ip' => $host_ip,
+ 'disc_server_ip' => $disc_server_ip,
+ 'disc_server_port' => $disc_server_port,
+ 'kafka_hostnames' => $kafka_hostnames,
+ 'zookeeper_server_ips' => $zookeeper_server_ips,
+ database_nodemgr_config => {
+ 'DEFAULT' => {
+ 'hostip' => $host_ip,
+ },
+ 'DISCOVERY' => {
+ 'port' => $disc_server_port,
+ 'server' => $disc_server_ip,
+ },
+ },
+ vnc_api_lib_config => $vnc_api_lib_config,
+ }
+ }
+ }
+ if $step >= 5 {
+ class {'::contrail::database::provision_database':
+ api_address => $api_server,
+ api_port => $api_port,
+ database_node_address => $host_ip,
+ database_node_name => $host_name,
+ keystone_admin_user => $admin_user,
+ keystone_admin_password => $admin_password,
+ keystone_admin_tenant_name => $admin_tenant_name,
+ openstack_vip => $public_vip,
+ }
+ }
+}
diff --git a/manifests/network/contrail/config.pp b/manifests/network/contrail/config.pp
index 7b9c85f..d02ab44 100644
--- a/manifests/network/contrail/config.pp
+++ b/manifests/network/contrail/config.pp
@@ -19,21 +19,11 @@
#
# == Parameters:
#
-# [*ifmap_password*]
-# (required) ifmap password
-# String value.
-#
-# [*ifmap_server_ip*]
-# (required) ifmap server ip address.
-# String value.
#
-# [*ifmap_username*]
-# (required) ifmap username
+# [*aaa_mode*]
+# (optional) aaa mode parameter
# String value.
-#
-# [*rabbit_server*]
-# (required) IPv4 address of rabbit server.
-# String (IPv4) value.
+# Defaults to hiera('contrail::aaa_mode')
#
# [*admin_password*]
# (optional) admin password
@@ -55,6 +45,16 @@
# String value.
# Defaults to hiera('contrail::admin_user')
#
+# [*api_server*]
+# (optional) VIP of Config API
+# String (IPv4) value.
+# Defaults to hiera('contrail_config_vip')
+#
+# [*api_port*]
+# (optional) Port of Config API
+# String value.
+# Defaults to hiera('contrail::api_port')
+#
# [*auth*]
# (optional) Authentication method.
# Defaults to hiera('contrail::auth')
@@ -68,81 +68,232 @@
# (optional) keystone port.
# Defaults to hiera('contrail::auth_port')
#
+# [*auth_port_ssl*]
+# (optional) keystone ssl port.
+# Integer value.
+# Defaults to hiera('contrail::auth_port_ssl')
+#
# [*auth_protocol*]
# (optional) authentication protocol.
# Defaults to hiera('contrail::auth_protocol')
#
+# [*ca_file*]
+# (optional) ca file name
+# String value.
+# Defaults to hiera('contrail::service_certificate',false)
+#
+# [*cert_file*]
+# (optional) cert file name
+# String value.
+# Defaults to hiera('contrail::service_certificate',false)
+#
# [*cassandra_server_list*]
# (optional) List IPs+port of Cassandra servers
# Array of strings value.
# Defaults to hiera('contrail::cassandra_server_list')
#
+# [*config_hostnames*]
+# (optional) Config hostname list
+# Array of string value.
+# Defaults to hiera('contrail_config_short_node_names')
+#
+# [*control_server_list*]
+# (optional) IPv4 addresses of control server.
+# Array of string (IPv4) value.
+# Defaults to hiera('contrail_control_node_ips')
+#
# [*disc_server_ip*]
# (optional) IPv4 address of discovery server.
# String (IPv4) value.
-# Defaults to hiera('contrail::disc_server_ip')
+# Defaults to hiera('contrail_config_vip'),
+#
+# [*disc_server_port*]
+# (optional) port of discovery server
+# String value.
+# Defaults to hiera('contrail::disc_server_port')
+#
+# [*host_ip*]
+# (optional) IPv4 address of Config server
+# String (IPv4) value.
+# Defaults to hiera('contrail::config::host_ip')
+#
+# [*ifmap_password*]
+# (optional) ifmap password
+# String value.
+# Defaults to hiera('contrail::config::ifmap_password')
+#
+# [*ifmap_server_ip*]
+# (optional) ifmap server ip address.
+# String value.
+# Defaults to hiera('contrail::config::host_ip')
+#
+# [*ifmap_username*]
+# (optional) ifmap username
+# String value.
+# Defaults to hiera('contrail::config::ifmap_password')
#
# [*insecure*]
# (optional) insecure mode.
# Defaults to hiera('contrail::insecure')
#
+# [*ipfabric_service_port*]
+# (optional) linklocal ip fabric port
+# String value
+# Defaults to 8775
+#
# [*listen_ip_address*]
# (optional) IP address to listen on.
# String (IPv4) value.
-# Defaults to '0.0.0.0'
+# Defaults to hiera('contrail::config::listen_ip_address')
#
# [*listen_port*]
# (optional) Listen port for config-api
-# Defaults to 8082
+# Defaults to hiera('contrail::api_port')
+#
+# [*linklocal_service_name*]
+# (optional) name of link local service
+# String value
+# Defaults to metadata
+#
+# [*linklocal_service_port*]
+# (optional) port of link local service
+# String value
+# Defaults to 80
+#
+# [*linklocal_service_name*]
+# (optional) name of link local service
+# String value
+# Defaults to metadata
+#
+# [*linklocal_service_ip*]
+# (optional) IPv4 address of link local service
+# String (IPv4) value
+# Defaults to 169.254.169.254
#
# [*memcached_servers*]
# (optional) IPv4 address of memcached servers
# String (IPv4) value + port
# Defaults to hiera('contrail::memcached_server')
#
-# [*multi_tenancy*]
-# (optional) Defines if mutli-tenancy is enabled.
-# Defaults to hiera('contrail::multi_tenancy')
+# [*public_vip*]
+# (optional) Public virtual ip
+# String value.
+# Defaults to hiera('public_virtual_ip')
+#
+# [*step*]
+# (optional) Step stack is in
+# Integer value.
+# Defaults to hiera('step')
+#
+# [*rabbit_server*]
+# (optional) rabbit server
+# Array of string value.
+# Defaults to hiera('rabbitmq_node_ips')
+#
+# [*rabbit_user*]
+# (optional) rabbit user
+# String value.
+# Defaults to hiera('contrail::rabbit_user')
+#
+# [*rabbit_password*]
+# (optional) rabbit password
+# String value.
+# Defaults to hiera('contrail::rabbit_password')
+#
+# [*rabbit_port*]
+# (optional) rabbit server port
+# String value.
+# Defaults to hiera('contrail::rabbit_port')
#
# [*redis_server*]
# (optional) IPv4 address of redis server.
# String (IPv4) value.
-# Defaults to '127.0.0.1'
+# Defaults to hiera('contrail::config::redis_server')
#
# [*zk_server_ip*]
# (optional) List IPs+port of Zookeeper servers
# Array of strings value.
-# Defaults to hiera('contrail::zk_server_ip')
+# Defaults to hiera('contrail_database_node_ips')
#
class tripleo::network::contrail::config(
- $ifmap_password,
- $ifmap_server_ip,
- $ifmap_username,
- $rabbit_server,
- $admin_password = hiera('contrail::admin_password'),
- $admin_tenant_name = hiera('contrail::admin_tenant_name'),
- $admin_token = hiera('contrail::admin_token'),
- $admin_user = hiera('contrail::admin_user'),
- $auth = hiera('contrail::auth'),
- $auth_host = hiera('contrail::auth_host'),
- $auth_port = hiera('contrail::auth_port'),
- $auth_protocol = hiera('contrail::auth_protocol'),
- $cassandra_server_list = hiera('contrail::cassandra_server_list'),
- $disc_server_ip = hiera('contrail::disc_server_ip'),
- $insecure = hiera('contrail::insecure'),
- $listen_ip_address = '0.0.0.0',
- $listen_port = 8082,
- $memcached_servers = hiera('contrail::memcached_server'),
- $multi_tenancy = hiera('contrail::multi_tenancy'),
- $redis_server = '127.0.0.1',
- $zk_server_ip = hiera('contrail::zk_server_ip'),
+ $step = hiera('step'),
+ $aaa_mode = hiera('contrail::aaa_mode'),
+ $admin_password = hiera('contrail::admin_password'),
+ $admin_tenant_name = hiera('contrail::admin_tenant_name'),
+ $admin_token = hiera('contrail::admin_token'),
+ $admin_user = hiera('contrail::admin_user'),
+ $api_server = hiera('contrail_config_vip'),
+ $api_port = hiera('contrail::api_port'),
+ $auth = hiera('contrail::auth'),
+ $auth_host = hiera('contrail::auth_host'),
+ $auth_port = hiera('contrail::auth_port'),
+ $auth_port_ssl = hiera('contrail::auth_port_ssl'),
+ $auth_protocol = hiera('contrail::auth_protocol'),
+ $cassandra_server_list = hiera('contrail_database_node_ips'),
+ $ca_file = hiera('contrail::service_certificate',false),
+ $cert_file = hiera('contrail::service_certificate',false),
+ $config_hostnames = hiera('contrail_config_short_node_names'),
+ $control_server_list = hiera('contrail_control_node_ips'),
+ $disc_server_ip = hiera('contrail_config_vip'),
+ $disc_server_port = hiera('contrail::disc_server_port'),
+ $host_ip = hiera('contrail::config::host_ip'),
+ $ifmap_password = hiera('contrail::config::ifmap_password'),
+ $ifmap_server_ip = hiera('contrail::config::host_ip'),
+ $ifmap_username = hiera('contrail::config::ifmap_username'),
+ $insecure = hiera('contrail::insecure'),
+ $ipfabric_service_port = 8775,
+ $listen_ip_address = hiera('contrail::config::listen_ip_address'),
+ $listen_port = hiera('contrail::api_port'),
+ $linklocal_service_port = 80,
+ $linklocal_service_name = 'metadata',
+ $linklocal_service_ip = '169.254.169.254',
+ $memcached_servers = hiera('contrail::memcached_server'),
+ $public_vip = hiera('public_virtual_ip'),
+ $rabbit_server = hiera('rabbitmq_node_ips'),
+ $rabbit_user = hiera('contrail::rabbit_user'),
+ $rabbit_password = hiera('contrail::rabbit_password'),
+ $rabbit_port = hiera('contrail::rabbit_port'),
+ $redis_server = hiera('contrail::config::redis_server'),
+ $zk_server_ip = hiera('contrail_database_node_ips'),
)
{
validate_ip_address($listen_ip_address)
validate_ip_address($disc_server_ip)
validate_ip_address($ifmap_server_ip)
- class {'::contrail::keystone':
- keystone_config => {
+ $basicauthusers_property_control = map($control_server_list) |$item| { "${item}.control:${item}.control" }
+ $basicauthusers_property_dns = $control_server_list.map |$item| { "${item}.dns:${item}.dns" }
+ $basicauthusers_property = concat($basicauthusers_property_control, $basicauthusers_property_dns)
+ $cassandra_server_list_9160 = join([join($cassandra_server_list, ':9160 '),':9160'],'')
+ $rabbit_server_list_5672 = join([join($rabbit_server, ':5672,'),':5672'],'')
+ $zk_server_ip_2181 = join([join($zk_server_ip, ':2181,'),':2181'],'')
+
+ if $auth_protocol == 'https' {
+ $keystone_config = {
+ 'KEYSTONE' => {
+ 'admin_password' => $admin_password,
+ 'admin_tenant_name' => $admin_tenant_name,
+ 'admin_token' => $admin_token,
+ 'admin_user' => $admin_user,
+ 'auth_host' => $auth_host,
+ 'auth_port' => $auth_port_ssl,
+ 'auth_protocol' => $auth_protocol,
+ 'insecure' => $insecure,
+ 'memcached_servers' => $memcached_servers,
+ 'certfile' => $cert_file,
+ 'cafile' => $ca_file,
+ },
+ }
+ $vnc_api_lib_config = {
+ 'auth' => {
+ 'AUTHN_SERVER' => $public_vip,
+ 'AUTHN_PORT' => $auth_port_ssl,
+ 'AUTHN_PROTOCOL' => $auth_protocol,
+ 'certfile' => $cert_file,
+ 'cafile' => $ca_file,
+ },
+ }
+ } else {
+ $keystone_config = {
'KEYSTONE' => {
'admin_password' => $admin_password,
'admin_tenant_name' => $admin_tenant_name,
@@ -154,62 +305,116 @@ class tripleo::network::contrail::config(
'insecure' => $insecure,
'memcached_servers' => $memcached_servers,
},
- },
- } ->
- class {'::contrail::config':
- api_config => {
- 'DEFAULTS' => {
- 'auth' => $auth,
- 'cassandra_server_list' => $cassandra_server_list,
- 'disc_server_ip' => $disc_server_ip,
- 'ifmap_password' => $ifmap_password,
- 'ifmap_server_ip' => $ifmap_server_ip,
- 'ifmap_username' => $ifmap_username,
- 'listen_ip_addr' => $listen_ip_address,
- 'listen_port' => $listen_port,
- 'multi_tenancy' => $multi_tenancy,
- 'rabbit_server' => $rabbit_server,
- 'redis_server' => $redis_server,
- 'zk_server_ip' => $zk_server_ip,
+ }
+ $vnc_api_lib_config = {
+ 'auth' => {
+ 'AUTHN_SERVER' => $public_vip,
},
- },
- device_manager_config => {
- 'DEFAULTS' => {
- 'cassandra_server_list' => $cassandra_server_list,
- 'disc_server_ip' => $disc_server_ip,
- 'rabbit_server' => $rabbit_server,
- 'redis_server' => $redis_server,
- 'zk_server_ip' => $zk_server_ip,
+ }
+ }
+ if $step >= 3 {
+ class {'::contrail::config':
+ api_config => {
+ 'DEFAULTS' => {
+ 'aaa_mode' => $aaa_mode,
+ 'auth' => $auth,
+ 'cassandra_server_list' => $cassandra_server_list_9160,
+ 'disc_server_ip' => $disc_server_ip,
+ 'ifmap_password' => $ifmap_password,
+ 'ifmap_server_ip' => $ifmap_server_ip,
+ 'ifmap_username' => $ifmap_username,
+ 'listen_ip_addr' => $listen_ip_address,
+ 'listen_port' => $listen_port,
+ 'rabbit_server' => $rabbit_server_list_5672,
+ 'rabbit_user' => $rabbit_user,
+ 'rabbit_password' => $rabbit_password,
+ 'redis_server' => $redis_server,
+ 'zk_server_ip' => $zk_server_ip_2181,
+ },
},
- },
- schema_config => {
- 'DEFAULTS' => {
- 'cassandra_server_list' => $cassandra_server_list,
- 'disc_server_ip' => $disc_server_ip,
- 'ifmap_password' => $ifmap_password,
- 'ifmap_server_ip' => $ifmap_server_ip,
- 'ifmap_username' => $ifmap_username,
- 'rabbit_server' => $rabbit_server,
- 'redis_server' => $redis_server,
- 'zk_server_ip' => $zk_server_ip,
+ basicauthusers_property => $basicauthusers_property,
+ config_nodemgr_config => {
+ 'DISCOVERY' => {
+ 'server' => $disc_server_ip,
+ 'port' => $disc_server_port,
+ },
},
- },
- discovery_config => {
- 'DEFAULTS' => {
- 'cassandra_server_list' => $cassandra_server_list,
- 'zk_server_ip' => $zk_server_ip,
+ device_manager_config => {
+ 'DEFAULTS' => {
+ 'cassandra_server_list' => $cassandra_server_list_9160,
+ 'disc_server_ip' => $disc_server_ip,
+ 'disc_server_port' => $disc_server_port,
+ 'rabbit_server' => $rabbit_server_list_5672,
+ 'rabbit_user' => $rabbit_user,
+ 'rabbit_password' => $rabbit_password,
+ 'redis_server' => $redis_server,
+ 'zk_server_ip' => $zk_server_ip_2181,
+ },
},
- },
- svc_monitor_config => {
- 'DEFAULTS' => {
- 'cassandra_server_list' => $cassandra_server_list,
- 'disc_server_ip' => $disc_server_ip,
- 'ifmap_password' => $ifmap_password,
- 'ifmap_server_ip' => $ifmap_server_ip,
- 'ifmap_username' => $ifmap_username,
- 'rabbit_server' => $rabbit_server,
- 'redis_server' => $redis_server,
+ discovery_config => {
+ 'DEFAULTS' => {
+ 'cassandra_server_list' => $cassandra_server_list_9160,
+ 'zk_server_ip' => $zk_server_ip_2181,
+ },
},
- },
+ keystone_config => $keystone_config,
+ schema_config => {
+ 'DEFAULTS' => {
+ 'cassandra_server_list' => $cassandra_server_list_9160,
+ 'disc_server_ip' => $disc_server_ip,
+ 'disc_server_port' => $disc_server_port,
+ 'ifmap_password' => $ifmap_password,
+ 'ifmap_server_ip' => $ifmap_server_ip,
+ 'ifmap_username' => $ifmap_username,
+ 'rabbit_server' => $rabbit_server_list_5672,
+ 'rabbit_user' => $rabbit_user,
+ 'rabbit_password' => $rabbit_password,
+ 'redis_server' => $redis_server,
+ 'zk_server_ip' => $zk_server_ip_2181,
+ },
+ },
+ svc_monitor_config => {
+ 'DEFAULTS' => {
+ 'cassandra_server_list' => $cassandra_server_list_9160,
+ 'disc_server_ip' => $disc_server_ip,
+ 'disc_server_port' => $disc_server_port,
+ 'ifmap_password' => $ifmap_password,
+ 'ifmap_server_ip' => $ifmap_server_ip,
+ 'ifmap_username' => $ifmap_username,
+ 'rabbit_server' => $rabbit_server_list_5672,
+ 'rabbit_user' => $rabbit_user,
+ 'rabbit_password' => $rabbit_password,
+ 'redis_server' => $redis_server,
+ 'zk_server_ip' => $zk_server_ip_2181,
+ },
+ },
+ vnc_api_lib_config => $vnc_api_lib_config,
+ }
+ }
+ if $step >= 5 {
+ class {'::contrail::config::provision_config':
+ api_address => $api_server,
+ api_port => $api_port,
+ config_node_address => $host_ip,
+ config_node_name => $::hostname,
+ keystone_admin_user => $admin_user,
+ keystone_admin_password => $admin_password,
+ keystone_admin_tenant_name => $admin_tenant_name,
+ openstack_vip => $public_vip,
+ }
+ if $config_hostnames[0] == $::hostname {
+ class {'::contrail::config::provision_linklocal':
+ api_address => $api_server,
+ api_port => $api_port,
+ ipfabric_service_ip => $api_server,
+ ipfabric_service_port => $ipfabric_service_port,
+ keystone_admin_user => $admin_user,
+ keystone_admin_password => $admin_password,
+ keystone_admin_tenant_name => $admin_tenant_name,
+ linklocal_service_name => $linklocal_service_name,
+ linklocal_service_ip => $linklocal_service_ip,
+ linklocal_service_port => $linklocal_service_port,
+ }
+ }
}
}
diff --git a/manifests/network/contrail/control.pp b/manifests/network/contrail/control.pp
index 2e50108..e9c7a9e 100644
--- a/manifests/network/contrail/control.pp
+++ b/manifests/network/contrail/control.pp
@@ -19,19 +19,6 @@
#
# == Parameters:
#
-# [*host_ip*]
-# (required) host IP address of Control
-# String (IPv4) value.
-#
-# [*ifmap_password*]
-# (required) ifmap password
-# String value.
-#
-# [*ifmap_username*]
-# (optional) ifmap username
-# String value.
-# Defaults to hiera('contrail::ifmap_username'),
-#
# [*admin_password*]
# (optional) admin password
# String value.
@@ -42,16 +29,21 @@
# String value.
# Defaults to hiera('contrail::admin_tenant_name'),
#
-# [*admin_token*]
-# (optional) admin token
-# String value.
-# Defaults to hiera('contrail::admin_token'),
-#
# [*admin_user*]
# (optional) admin user name.
# String value.
# Defaults to hiera('contrail::admin_user'),
#
+# [*api_server*]
+# (optional) IP address of api server
+# String value.
+# Defaults to hiera('contrail_config_vip')
+#
+# [*api_port*]
+# (optional) port of api server
+# String value.
+# Defaults to hiera('contrail::api_port')
+#
# [*auth_host*]
# (optional) keystone server ip address
# String (IPv4) value.
@@ -68,13 +60,33 @@
# [*disc_server_ip*]
# (optional) IPv4 address of discovery server.
# String (IPv4) value.
-# Defaults to hiera('contrail::disc_server_ip'),
+# Defaults to hiera('contrail_config_vip')
#
# [*disc_server_port*]
# (optional) port Discovery server listens on.
# Integer value.
# Defaults to hiera('contrail::disc_server_port'),
#
+# [*host_ip*]
+# (optional) IP address of host
+# String (IPv4) value.
+# Defaults to hiera('contrail::control::host_ip')
+#
+# [*ibgp_auto_mesh*]
+# (optional) iBPG auto mesh
+# String value.
+# Defaults to true
+#
+# [*ifmap_password*]
+# (optional) ifmap password
+# String value.
+# Defaults to hiera('contrail::ifmap_password'),
+#
+# [*ifmap_username*]
+# (optional) ifmap username
+# String value.
+# Defaults to hiera('contrail::ifmap_username'),
+#
# [*insecure*]
# (optional) insecure mode.
# Defaults to hiera('contrail::insecure'),
@@ -84,70 +96,103 @@
# String (IPv4) value + port
# Defaults to hiera('contrail::memcached_servers'),
#
+# [*public_vip*]
+# (optional) Public Virtual IP address
+# String (IPv4) value
+# Defaults to hiera('public_virtual_ip')
+#
+# [*router_asn*]
+# (optional) Autonomus System Number
+# String value
+# Defaults to hiera('contrail::control::asn')
+#
+# [*secret*]
+# (optional) RNDC secret for named
+# String value
+# Defaults to hiera('contrail::control::rndc_secret')
+#
+# [*step*]
+# (optional) Step stack is in
+# Integer value.
+# Defaults to hiera('step')
+#
class tripleo::network::contrail::control(
- $host_ip,
- $ifmap_password,
- $ifmap_username,
- $admin_password = hiera('contrail::admin_password'),
+ $step = hiera('step'),
+ $admin_password = hiera('contrail::admin_password'),
$admin_tenant_name = hiera('contrail::admin_tenant_name'),
- $admin_token = hiera('contrail::admin_token'),
- $admin_user = hiera('contrail::admin_user'),
- $auth_host = hiera('contrail::auth_host'),
- $auth_port = hiera('contrail::auth_port'),
- $auth_protocol = hiera('contrail::auth_protocol'),
- $disc_server_ip = hiera('contrail::disc_server_ip'),
- $disc_server_port = hiera('contrail::disc_server_port'),
- $insecure = hiera('contrail::insecure'),
+ $admin_user = hiera('contrail::admin_user'),
+ $api_server = hiera('contrail_config_vip'),
+ $api_port = hiera('contrail::api_port'),
+ $auth_host = hiera('contrail::auth_host'),
+ $auth_port = hiera('contrail::auth_port'),
+ $auth_protocol = hiera('contrail::auth_protocol'),
+ $disc_server_ip = hiera('contrail_config_vip'),
+ $disc_server_port = hiera('contrail::disc_server_port'),
+ $host_ip = hiera('contrail::control::host_ip'),
+ $ibgp_auto_mesh = true,
+ $ifmap_password = hiera('contrail::control::host_ip'),
+ $ifmap_username = hiera('contrail::control::host_ip'),
+ $insecure = hiera('contrail::insecure'),
$memcached_servers = hiera('contrail::memcached_server'),
+ $public_vip = hiera('public_virtual_ip'),
+ $router_asn = hiera('contrail::control::asn'),
+ $secret = hiera('contrail::control::rndc_secret'),
)
{
- class {'::contrail::keystone':
- keystone_config => {
- 'KEYSTONE' => {
- 'admin_tenant_name' => $admin_tenant_name,
- 'admin_token' => $admin_token,
- 'admin_password' => $admin_password,
- 'admin_user' => $admin_user,
- 'auth_host' => $auth_host,
- 'auth_port' => $auth_port,
- 'auth_protocol' => $auth_protocol,
- 'insecure' => $insecure,
- 'memcached_servers' => $memcached_servers,
+ $control_ifmap_user = "${ifmap_username}.control"
+ $control_ifmap_password = "${ifmap_username}.control"
+ $dns_ifmap_user = "${ifmap_username}.dns"
+ $dns_ifmap_password = "${ifmap_username}.dns"
+
+ if $step >= 3 {
+ class {'::contrail::control':
+ secret => $secret,
+ control_config => {
+ 'DEFAULT' => {
+ 'hostip' => $host_ip,
+ },
+ 'DISCOVERY' => {
+ 'port' => $disc_server_port,
+ 'server' => $disc_server_ip,
+ },
+ 'IFMAP' => {
+ 'password' => $control_ifmap_user,
+ 'user' => $control_ifmap_password,
+ },
},
- },
- } ->
- class {'::contrail::control':
- control_config => {
- 'DEFAULTS' => {
- 'hostip' => $host_ip,
+ dns_config => {
+ 'DEFAULT' => {
+ 'hostip' => $host_ip,
+ 'rndc_secret' => $secret,
+ },
+ 'DISCOVERY' => {
+ 'port' => $disc_server_port,
+ 'server' => $disc_server_ip,
+ },
+ 'IFMAP' => {
+ 'password' => $dns_ifmap_user,
+ 'user' => $dns_ifmap_password,
+ }
},
- 'DISCOVERY' => {
- 'port' => $disc_server_port,
- 'server' => $disc_server_ip,
+ control_nodemgr_config => {
+ 'DISCOVERY' => {
+ 'port' => $disc_server_port,
+ 'server' => $disc_server_ip,
+ },
},
- 'IFMAP' => {
- 'password' => $ifmap_password,
- 'user' => $ifmap_username,
- },
- },
- dns_config => {
- 'DEFAULTS' => {
- 'hostip' => $host_ip,
- },
- 'DISCOVERY' => {
- 'port' => $disc_server_port,
- 'server' => $disc_server_ip,
- },
- 'IFMAP' => {
- 'password' => $ifmap_password,
- 'user' => $ifmap_username,
- }
- },
- control_nodemgr_config => {
- 'DISCOVERY' => {
- 'port' => $disc_server_port,
- 'server' => $disc_server_ip,
- },
- },
+ }
+ }
+ if $step >= 5 {
+ class {'::contrail::control::provision_control':
+ api_address => $api_server,
+ api_port => $api_port,
+ control_node_address => $host_ip,
+ control_node_name => $::hostname,
+ ibgp_auto_mesh => $ibgp_auto_mesh,
+ keystone_admin_user => $admin_user,
+ keystone_admin_password => $admin_password,
+ keystone_admin_tenant_name => $admin_tenant_name,
+ router_asn => $router_asn,
+ }
}
}
diff --git a/manifests/network/contrail/database.pp b/manifests/network/contrail/database.pp
index 58f2670..f74eb1c 100644
--- a/manifests/network/contrail/database.pp
+++ b/manifests/network/contrail/database.pp
@@ -13,41 +13,154 @@
# License for the specific language governing permissions and limitations
# under the License.
#
-# == Class: tripleo::network::contrail::control
+# == Class: tripleo::network::contrail::database
#
-# Configure Contrail Control services
+# Configure Contrail Database services
#
# == Parameters:
#
-# [*host_ip*]
-# (required) host IP address of Database node
+# [*admin_password*]
+# (optional) admin password
+# String value.
+# Defaults to hiera('contrail::admin_password')
+#
+# [*admin_tenant_name*]
+# (optional) admin tenant name.
+# String value.
+# Defaults to hiera('contrail::admin_tenant_name')
+#
+# [*admin_token*]
+# (optional) admin token
+# String value.
+# Defaults to hiera('contrail::admin_token')
+#
+# [*admin_user*]
+# (optional) admin user name.
+# String value.
+# Defaults to hiera('contrail::admin_user')
+#
+# [*api_port*]
+# (optional) Port of Config API
+# String value.
+# Defaults to hiera('contrail::api_port')
+#
+# [*api_server*]
+# (optional) VIP of Config API
+# String (IPv4) value.
+# Defaults to hiera('contrail_config_vip')
+#
+# [*auth_host*]
+# (optional) keystone server ip address
# String (IPv4) value.
+# Defaults to hiera('contrail::auth_host')
+#
+# [*cassandra_servers*]
+# (optional) List IPs+port of Cassandra servers
+# Array of strings value.
+# Defaults to hiera('contrail_database_node_ips')
#
# [*disc_server_ip*]
# (optional) IPv4 address of discovery server.
# String (IPv4) value.
-# Defaults to hiera('contrail::disc_server_ip')
+# Defaults to hiera('contrail_config_vip'),
#
# [*disc_server_port*]
# (optional) port Discovery server listens on.
# Integer value.
# Defaults to hiera('contrail::disc_server_port')
#
+# [*host_ip*]
+# (required) host IP address of Database node
+# String (IPv4) value.
+#
+# [*host_name*]
+# (optional) host name of Database node
+# String value.
+# Defaults to $::hostname
+#
+# [*public_vip*]
+# (optional) Public virtual ip
+# String value.
+# Defaults to hiera('public_virtual_ip')
+#
+# [*step*]
+# (optional) Step stack is in
+# Integer value.
+# Defaults to hiera('step')
+#
+# [*zookeeper_client_ip*]
+# (optional) Zookeeper listen address
+# String (IPv4) value.
+# Defaults to hiera('contrail::database::host_ip')
+#
+# [*zookeeper_hostnames*]
+# (optional) Zookeeper hostname list
+# Array of string value.
+# Defaults to hiera('contrail_database_short_node_names')
+#
+# [*zookeeper_server_ips*]
+# (optional) Zookeeper ip list
+# Array of string (IPv4) values
+# Defaults to hiera('contrail_database_node_ips')
+#
class tripleo::network::contrail::database(
- $host_ip,
- $disc_server_ip = hiera('contrail::disc_server_ip'),
- $disc_server_port = hiera('contrail::disc_server_port'),
+ $admin_password = hiera('contrail::admin_password'),
+ $admin_tenant_name = hiera('contrail::admin_tenant_name'),
+ $admin_token = hiera('contrail::admin_token'),
+ $admin_user = hiera('contrail::admin_user'),
+ $api_port = hiera('contrail::api_port'),
+ $api_server = hiera('contrail_config_vip'),
+ $auth_host = hiera('contrail::auth_host'),
+ $cassandra_servers = hiera('contrail_database_node_ips'),
+ $disc_server_ip = hiera('contrail_config_vip'),
+ $disc_server_port = hiera('contrail::disc_server_port'),
+ $host_ip = hiera('contrail::database::host_ip'),
+ $host_name = $::hostname,
+ $public_vip = hiera('public_virtual_ip'),
+ $step = hiera('step'),
+ $zookeeper_client_ip = hiera('contrail::database::host_ip'),
+ $zookeeper_hostnames = hiera('contrail_database_short_node_names'),
+ $zookeeper_server_ips = hiera('contrail_database_node_ips'),
)
{
- class {'::contrail::database':
- database_nodemgr_config => {
- 'DEFAULTS' => {
- 'hostip' => $host_ip,
- },
- 'DISCOVERY' => {
- 'port' => $disc_server_port,
- 'server' => $disc_server_ip,
- },
- },
+ if $step == 2 {
+ class {'::contrail::database':
+ database_params => {
+ 'auth_host' => $auth_host,
+ 'api_server' => $api_server,
+ 'admin_password' => $admin_password,
+ 'admin_tenant_name' => $admin_tenant_name,
+ 'admin_token' => $admin_token,
+ 'admin_user' => $admin_user,
+ 'cassandra_servers' => $cassandra_servers,
+ 'host_ip' => $host_ip,
+ 'disc_server_ip' => $disc_server_ip,
+ 'disc_server_port' => $disc_server_port,
+ 'zookeeper_client_ip' => $zookeeper_client_ip,
+ 'zookeeper_hostnames' => $zookeeper_hostnames,
+ 'zookeeper_server_ips' => $zookeeper_server_ips,
+ database_nodemgr_config => {
+ 'DEFAULT' => {
+ 'hostip' => $host_ip,
+ },
+ 'DISCOVERY' => {
+ 'port' => $disc_server_port,
+ 'server' => $disc_server_ip,
+ },
+ },
+ }
+ }
+ }
+ if $step >= 5 {
+ class {'::contrail::database::provision_database':
+ api_address => $api_server,
+ api_port => $api_port,
+ database_node_address => $host_ip,
+ database_node_name => $host_name,
+ keystone_admin_user => $admin_user,
+ keystone_admin_password => $admin_password,
+ keystone_admin_tenant_name => $admin_tenant_name,
+ openstack_vip => $public_vip,
+ }
}
}
diff --git a/manifests/network/contrail/heat.pp b/manifests/network/contrail/heat.pp
new file mode 100644
index 0000000..637fdda
--- /dev/null
+++ b/manifests/network/contrail/heat.pp
@@ -0,0 +1,80 @@
+#
+# Copyright (C) 2015 Juniper Networks
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::network::contrail::heat
+#
+# Configure Contrail Heat plugin
+#
+# == Parameters:
+#
+# [*admin_password*]
+# (optional) admin password
+# String value.
+# Defaults to hiera('contrail::admin_password')
+#
+# [*admin_user*]
+# (optional) admin user name.
+# String value.
+# Defaults to hiera('contrail::admin_user')
+#
+# [*api_port*]
+# (optional) port of api server
+# String value.
+# Defaults to hiera('contrail::api_port')
+#
+# [*api_server*]
+# (optional) IP address of api server
+# String value.
+# Defaults to hiera('contrail_config_vip')
+#
+# [*auth_host*]
+# (optional) keystone server ip address
+# String (IPv4) value.
+# Defaults to hiera('contrail::auth_host')
+#
+# [*step*]
+# (optional) Step stack is in
+# Integer value.
+# Defaults to hiera('step')
+#
+# [*use_ssl*]
+# (optional) switch for ssl usage
+# String value.
+# Defaults to 'False'
+#
+class tripleo::network::contrail::heat(
+ $admin_password = hiera('contrail::admin_password'),
+ $admin_user = hiera('contrail::admin_user'),
+ $api_port = 8082,
+ $api_server = hiera('contrail_config_vip'),
+ $auth_host = hiera('contrail::auth_host'),
+ $step = hiera('step'),
+ $use_ssl = 'False',
+)
+{
+ class {'::contrail::heat':
+ heat_config => {
+ 'clients_contrail' => {
+ 'api_base_url' => '/',
+ 'api_server' => $api_server,
+ 'api_port' => $api_port,
+ 'auth_host_ip' => $auth_host,
+ 'user' => $admin_user,
+ 'password' => $admin_password,
+ 'use_ssl' => $use_ssl,
+ },
+ },
+ }
+}
diff --git a/manifests/network/contrail/neutron_plugin.pp b/manifests/network/contrail/neutron_plugin.pp
new file mode 100644
index 0000000..d9aa587
--- /dev/null
+++ b/manifests/network/contrail/neutron_plugin.pp
@@ -0,0 +1,203 @@
+# This class installs and configures Opencontrail Neutron Plugin.
+#
+# === Parameters
+#
+# [*admin_password*]
+# (optional) admin password
+# String value.
+# Defaults to hiera('contrail::admin_password')
+#
+# [*admin_tenant_name*]
+# (optional) admin tenant name.
+# String value.
+# Defaults to hiera('contrail::admin_tenant_name')
+#
+# [*admin_token*]
+# (optional) admin token
+# String value.
+# Defaults to hiera('contrail::admin_token')
+#
+# [*admin_user*]
+# (optional) admin user name.
+# String value.
+# Defaults to hiera('contrail::admin_user')
+#
+# [*api_port*]
+# (optional) port of api server
+# String value.
+# Defaults to hiera('contrail::api_port')
+#
+# [*api_server*]
+# (optional) IP address of api server
+# String value.
+# Defaults to hiera('contrail_config_vip')
+#
+# [*auth_host*]
+# (optional) keystone server ip address
+# String (IPv4) value.
+# Defaults to hiera('contrail::auth_host')
+#
+# [*auth_port*]
+# (optional) keystone port.
+# Integer value.
+# Defaults to hiera('contrail::auth_port')
+#
+# [*auth_port_ssl*]
+# (optional) keystone ssl port.
+# Integer value.
+# Defaults to hiera('contrail::auth_port_ssl')
+#
+# [*auth_protocol*]
+# (optional) authentication protocol.
+# String value.
+# Defaults to hiera('contrail::auth_protocol')
+#
+# [*ca_file*]
+# (optional) ca file name
+# String value.
+# Defaults to hiera('contrail::service_certificate',false)
+#
+# [*cert_file*]
+# (optional) cert file name
+# String value.
+# Defaults to hiera('contrail::service_certificate',false)
+#
+# [*contrail_extensions*]
+# Array of OpenContrail extensions to be supported
+# Defaults to $::os_service_default
+# Example:
+#
+# class {'neutron::plugins::opencontrail' :
+# contrail_extensions => ['ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam']
+# }
+#
+# [*package_ensure*]
+# (optional) Ensure state for package.
+# Defaults to 'present'.
+#
+# [*purge_config*]
+# (optional) Whether to set only the specified config options
+# in the opencontrail config.
+# Defaults to false.
+#
+class tripleo::network::contrail::neutron_plugin (
+ $admin_password = hiera('contrail::admin_password'),
+ $admin_tenant_name = hiera('contrail::admin_tenant_name'),
+ $admin_token = hiera('contrail::admin_token'),
+ $admin_user = hiera('contrail::admin_user'),
+ $api_port = hiera('contrail::api_port'),
+ $api_server = hiera('contrail_config_vip'),
+ $auth_host = hiera('contrail::auth_host'),
+ $auth_port = hiera('contrail::auth_port'),
+ $auth_port_ssl = hiera('contrail::auth_port_ssl'),
+ $auth_protocol = hiera('contrail::auth_protocol'),
+ $ca_file = hiera('tripleo::haproxy::service_certificate',false),
+ $cert_file = hiera('tripleo::haproxy::service_certificate',false),
+ $contrail_extensions = hiera('contrail::vrouter::contrail_extensions'),
+ $package_ensure = 'present',
+ $purge_config = false,
+) {
+
+ include ::neutron::deps
+ include ::neutron::params
+
+ validate_array($contrail_extensions)
+
+ package { 'neutron-plugin-contrail':
+ ensure => $package_ensure,
+ name => $::neutron::params::opencontrail_plugin_package,
+ tag => ['neutron-package', 'openstack'],
+ }
+ package {'python-contrail':
+ ensure => installed,
+ }
+
+ ensure_resource('file', '/etc/neutron/plugins/opencontrail', {
+ ensure => directory,
+ owner => 'root',
+ group => 'neutron',
+ mode => '0640'}
+ )
+
+ if $::osfamily == 'Debian' {
+ file_line { '/etc/default/neutron-server:NEUTRON_PLUGIN_CONFIG':
+ path => '/etc/default/neutron-server',
+ match => '^NEUTRON_PLUGIN_CONFIG=(.*)$',
+ line => "NEUTRON_PLUGIN_CONFIG=${::neutron::params::opencontrail_config_file}",
+ tag => 'neutron-file-line',
+ }
+ }
+
+ if $::osfamily == 'Redhat' {
+ file { '/etc/neutron/plugin.ini':
+ ensure => link,
+ target => $::neutron::params::opencontrail_config_file,
+ require => Package[$::neutron::params::opencontrail_plugin_package],
+ tag => 'neutron-config-file',
+ }
+ $api_paste_config_file = '/usr/share/neutron/api-paste.ini'
+ }
+ ini_setting { 'filter:user_token':
+ ensure => present,
+ path => $api_paste_config_file,
+ section => 'filter:user_token',
+ setting => 'paste.filter_factory',
+ value => 'neutron_plugin_contrail.plugins.opencontrail.neutron_middleware:token_factory',
+ }
+ ini_setting { 'composite:neutronapi_v2_0':
+ ensure => present,
+ path => $api_paste_config_file,
+ section => 'composite:neutronapi_v2_0',
+ setting => 'keystone',
+ value => 'user_token cors http_proxy_to_wsgi request_id catch_errors authtoken keystonecontext extensions neutronapiapp_v2_0',
+ }
+ resources { 'neutron_plugin_opencontrail':
+ purge => $purge_config,
+ }
+
+ exec { 'add neutron user to haproxy group':
+ command => '/usr/sbin/usermod -a -G haproxy neutron',
+ }
+
+ if $auth_protocol == 'https' {
+ $auth_url = join([$auth_protocol,'://',$auth_host,':',$auth_port_ssl,'/v2.0'])
+ neutron_plugin_opencontrail {
+ 'APISERVER/api_server_ip': value => $api_server;
+ 'APISERVER/api_server_port': value => $api_port;
+ 'APISERVER/contrail_extensions': value => join($contrail_extensions, ',');
+ 'KEYSTONE/auth_url': value => $auth_url;
+ 'KEYSTONE/admin_user' : value => $admin_user;
+ 'KEYSTONE/admin_tenant_name': value => $admin_tenant_name;
+ 'KEYSTONE/admin_password': value => $admin_password, secret =>true;
+ 'KEYSTONE/admin_token': value => $admin_token, secret =>true;
+ 'KEYSTONE/cafile': value => $ca_file;
+ 'KEYSTONE/certfile': value => $cert_file;
+ 'keystone_authtoken/admin_user': value => $admin_user;
+ 'keystone_authtoken/admin_tenant': value => $admin_tenant_name;
+ 'keystone_authtoken/admin_password': value => $admin_password, secret =>true;
+ 'keystone_authtoken/auth_host': value => $auth_host;
+ 'keystone_authtoken/auth_protocol': value => $auth_protocol;
+ 'keystone_authtoken/auth_port': value => $auth_port_ssl;
+ 'keystone_authtoken/cafile': value => $ca_file;
+ 'keystone_authtoken/certfile': value => $cert_file;
+ }
+ } else {
+ $auth_url = join([$auth_protocol,'://',$auth_host,':',$auth_port,'/v2.0'])
+ neutron_plugin_opencontrail {
+ 'APISERVER/api_server_ip': value => $api_server;
+ 'APISERVER/api_server_port': value => $api_port;
+ 'APISERVER/contrail_extensions': value => join($contrail_extensions, ',');
+ 'KEYSTONE/auth_url': value => $auth_url;
+ 'KEYSTONE/admin_user' : value => $admin_user;
+ 'KEYSTONE/admin_tenant_name': value => $admin_tenant_name;
+ 'KEYSTONE/admin_password': value => $admin_password, secret =>true;
+ 'KEYSTONE/admin_token': value => $admin_token, secret =>true;
+ 'keystone_authtoken/admin_user': value => $admin_user;
+ 'keystone_authtoken/admin_tenant': value => $admin_tenant_name;
+ 'keystone_authtoken/admin_password': value => $admin_password, secret =>true;
+ 'keystone_authtoken/auth_host': value => $auth_host;
+ 'keystone_authtoken/auth_protocol': value => $auth_protocol;
+ 'keystone_authtoken/auth_port': value => $auth_port;
+ }
+ }
+}
diff --git a/manifests/network/contrail/provision.pp b/manifests/network/contrail/provision.pp
new file mode 100644
index 0000000..3025737
--- /dev/null
+++ b/manifests/network/contrail/provision.pp
@@ -0,0 +1,92 @@
+#
+# Copyright (C) 2015 Juniper Networks
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::network::contrail::provision
+#
+# Provisions Contrail Control and link local services
+#
+# == Parameters:
+#
+# [*admin_password*]
+# (optional) admin password
+# String value.
+# Defaults to hiera('contrail::admin_password'),
+#
+# [*admin_tenant_name*]
+# (optional) admin tenant name.
+# String value.
+# Defaults to hiera('contrail::admin_tenant_name'),
+#
+# [*admin_token*]
+# (optional) admin token
+# String value.
+# Defaults to hiera('contrail::admin_token'),
+#
+# [*admin_user*]
+# (optional) admin user name.
+# String value.
+# Defaults to hiera('contrail::admin_user'),
+#
+# [*api_server*]
+# (optional) IP address of api server
+# String value.
+# Defaults to hiera('contrail_config_vip')
+#
+# [*auth_host*]
+# (optional) keystone server ip address
+# String (IPv4) value.
+# Defaults to hiera('contrail::auth_host'),
+#
+# [*auth_port*]
+# (optional) keystone port.
+# Defaults to hiera('contrail::auth_port'),
+#
+# [*auth_protocol*]
+# (optional) authentication protocol.
+# Defaults to hiera('contrail::auth_protocol'),
+#
+# [*step*]
+# (optional) Step stack is in
+# Integer value.
+# Defaults to hiera('step')
+#
+class tripleo::network::contrail::provision(
+ $admin_password = hiera('contrail::admin_password'),
+ $admin_tenant_name = hiera('contrail::admin_tenant_name'),
+ $admin_token = hiera('contrail::admin_token'),
+ $admin_user = hiera('contrail::admin_user'),
+ $api_server = hiera('contrail_config_vip'),
+ $auth_host = hiera('contrail::auth_host'),
+ $auth_port = hiera('contrail::auth_port'),
+ $auth_protocol = hiera('contrail::auth_protocol'),
+ $step = hiera('step'),
+)
+{
+ if $step >= 5 {
+ class {'::contrail::control::provision_control':
+ api_address => $api_server,
+ keystone_admin_user => $admin_user,
+ keystone_admin_password => $admin_password,
+ keystone_admin_tenant_name => $admin_tenant_name,
+ }
+ class {'::contrail::control::provision_linklocal':
+ api_address => $api_server,
+ keystone_admin_user => $admin_user,
+ keystone_admin_password => $admin_password,
+ keystone_admin_tenant_name => $admin_tenant_name,
+ ipfabric_service_ip => $api_server,
+ }
+ }
+}
diff --git a/manifests/network/contrail/vrouter.pp b/manifests/network/contrail/vrouter.pp
new file mode 100644
index 0000000..2bccd1d
--- /dev/null
+++ b/manifests/network/contrail/vrouter.pp
@@ -0,0 +1,302 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::neutron::opencontrail::vrouter
+#
+# Opencontrail profile to run the contrail vrouter
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) The current step of the deployment
+# Defaults to hiera('step')
+#
+# [*admin_password*]
+# (optional) admin password
+# String value.
+# Defaults to hiera('contrail::admin_password')
+#
+# [*admin_tenant_name*]
+# (optional) admin tenant name.
+# String value.
+# Defaults to hiera('contrail::admin_tenant_name')
+#
+# [*admin_token*]
+# (optional) admin token
+# String value.
+# Defaults to hiera('contrail::admin_token')
+#
+# [*admin_user*]
+# (optional) admin user name.
+# String value.
+# Defaults to hiera('contrail::admin_user')
+#
+# [*api_server*]
+# (optional) IP address of api server
+# String value.
+# Defaults to hiera('contrail_config_vip')
+#
+# [*api_port*]
+# (optional) port of api server
+# String value.
+# Defaults to hiera('contrail::api_port')
+#
+# [*auth_host*]
+# (optional) keystone server ip address
+# String (IPv4) value.
+# Defaults to hiera('contrail::auth_host')
+#
+# [*auth_port*]
+# (optional) keystone port.
+# Integer value.
+# Defaults to hiera('contrail::auth_port')
+#
+# [*auth_port_ssl*]
+# (optional) keystone ssl port.
+# Integer value.
+# Defaults to hiera('contrail::auth_port_ssl')
+#
+# [*auth_protocol*]
+# (optional) authentication protocol.
+# String value.
+# Defaults to hiera('contrail::auth_protocol')
+#
+# [*ca_file*]
+# (optional) ca file name
+# String value.
+# Defaults to hiera('contrail::service_certificate',false)
+#
+# [*cert_file*]
+# (optional) cert file name
+# String value.
+# Defaults to hiera('contrail::service_certificate',false)
+#
+# [*control_server*]
+# (optional) Contrail control server IP
+# Array of String (IPv4) value.
+# Defaults to hiera('contrail_control_node_ips')
+#
+# [*disc_server_ip*]
+# (optional) IPv4 address of discovery server.
+# String (IPv4) value.
+# Defaults to hiera('contrail_config_vip'),
+#
+# [*disc_server_port*]
+# (optional) port Discovery server listens on.
+# Integer value.
+# Defaults to hiera('contrail::disc_server_port')
+#
+# [*gateway*]
+# (optional) Default GW for vrouter
+# String (IPv4) value.
+# Defaults to hiera('contrail::vrouter::gateway')
+#
+# [*host_ip*]
+# (optional) host IP address of vrouter
+# String (IPv4) value.
+# Defaults to hiera('contrail::vrouter::host_ip')
+#
+# [*insecure*]
+# (optional) insecure connections allowed
+# String value.
+# Defaults to hiera('contrail::insecure')
+#
+# [*memcached_servers*]
+# (optional) memcached server ip
+# String (IPv4) value.
+# Defaults to hiera('contrail::memcached_server')
+#
+# [*metadata_secret*]
+# (optional) secret for metadata
+# String value.
+# Defaults to hiera('contrail::vrouter::metadata_proxy_shared_secret')
+#
+# [*netmask*]
+# (optional) netmask for vrouter interface
+# String (IPv4) value.
+# Defaults to hiera('contrail::vrouter::netmask')
+#
+# [*physical_interface*]
+# (optional) vrouter interface
+# String value.
+# Defaults to hiera('contrail::vrouter::physical_interface')
+#
+# [*public_vip*]
+# (optional) Public VIP to Keystone
+# String (IPv4) value.
+# Defaults to hiera('public_virtual_ip')
+#
+# [*is_tsn*]
+# (optional) Turns vrouter into TSN
+# String value.
+# Defaults to hiera('contrail::vrouter::is_tsn',false)
+#
+class tripleo::network::contrail::vrouter (
+ $step = hiera('step'),
+ $admin_password = hiera('contrail::admin_password'),
+ $admin_tenant_name = hiera('contrail::admin_tenant_name'),
+ $admin_token = hiera('contrail::admin_token'),
+ $admin_user = hiera('contrail::admin_user'),
+ $api_port = hiera('contrail::api_port'),
+ $api_server = hiera('contrail_config_vip'),
+ $auth_host = hiera('contrail::auth_host'),
+ $auth_port = hiera('contrail::auth_port'),
+ $auth_port_ssl = hiera('contrail::auth_port_ssl'),
+ $auth_protocol = hiera('contrail::auth_protocol'),
+ $ca_file = hiera('contrail::service_certificate',false),
+ $cert_file = hiera('contrail::service_certificate',false),
+ $control_server = hiera('contrail_control_node_ips'),
+ $disc_server_ip = hiera('contrail_config_vip'),
+ $disc_server_port = hiera('contrail::disc_server_port'),
+ $gateway = hiera('contrail::vrouter::gateway'),
+ $host_ip = hiera('contrail::vrouter::host_ip'),
+ $insecure = hiera('contrail::insecure'),
+ $memcached_servers = hiera('contrail::memcached_server'),
+ $metadata_secret = hiera('contrail::vrouter::metadata_proxy_shared_secret'),
+ $netmask = hiera('contrail::vrouter::netmask'),
+ $physical_interface = hiera('contrail::vrouter::physical_interface'),
+ $public_vip = hiera('public_virtual_ip'),
+ $is_tsn = hiera('contrail::vrouter::is_tsn',false),
+) {
+ $cidr = netmask_to_cidr($netmask)
+ notify { 'cidr':
+ message => $cidr,
+ }
+ $macaddress = inline_template("<%= scope.lookupvar('::macaddress_${physical_interface}') -%>")
+ #include ::contrail::vrouter
+ # NOTE: it's not possible to use this class without a functional
+ # contrail controller up and running
+ $control_server_list = join($control_server, ' ')
+ if $auth_protocol == 'https' {
+ $keystone_config = {
+ 'KEYSTONE' => {
+ 'admin_password' => $admin_password,
+ 'admin_tenant_name' => $admin_tenant_name,
+ 'admin_token' => $admin_token,
+ 'admin_user' => $admin_user,
+ 'auth_host' => $auth_host,
+ 'auth_port' => $auth_port_ssl,
+ 'auth_protocol' => $auth_protocol,
+ 'insecure' => $insecure,
+ 'memcached_servers' => $memcached_servers,
+ 'certfile' => $cert_file,
+ 'cafile' => $ca_file,
+ },
+ }
+ $vnc_api_lib_config = {
+ 'auth' => {
+ 'AUTHN_SERVER' => $public_vip,
+ 'AUTHN_PORT' => $auth_port_ssl,
+ 'AUTHN_PROTOCOL' => $auth_protocol,
+ 'certfile' => $cert_file,
+ 'cafile' => $ca_file,
+ },
+ }
+ } else {
+ $keystone_config = {
+ 'KEYSTONE' => {
+ 'admin_password' => $admin_password,
+ 'admin_tenant_name' => $admin_tenant_name,
+ 'admin_token' => $admin_token,
+ 'admin_user' => $admin_user,
+ 'auth_host' => $auth_host,
+ 'auth_port' => $auth_port,
+ 'auth_protocol' => $auth_protocol,
+ 'insecure' => $insecure,
+ 'memcached_servers' => $memcached_servers,
+ },
+ }
+ $vnc_api_lib_config = {
+ 'auth' => {
+ 'AUTHN_SERVER' => $public_vip,
+ },
+ }
+ }
+ if $is_tsn {
+ $vrouter_agent_config = {
+ 'DEBUG' => {
+ 'agent_mode' => 'tsn',
+ },
+ 'CONTROL-NODE' => {
+ 'server' => $control_server_list,
+ },
+ 'VIRTUAL-HOST-INTERFACE' => {
+ 'compute_node_address' => $host_ip,
+ 'gateway' => $gateway,
+ 'ip' => "${host_ip}/${cidr}",
+ 'name' => 'vhost0',
+ 'physical_interface' => $physical_interface,
+ },
+ 'METADATA' => {
+ 'metadata_proxy_secret' => $metadata_secret,
+ },
+ 'DISCOVERY' => {
+ 'server' => $disc_server_ip,
+ 'port' => $disc_server_port,
+ },
+ }
+ } else {
+ $vrouter_agent_config = {
+ 'CONTROL-NODE' => {
+ 'server' => $control_server_list,
+ },
+ 'VIRTUAL-HOST-INTERFACE' => {
+ 'compute_node_address' => $host_ip,
+ 'gateway' => $gateway,
+ 'ip' => "${host_ip}/${cidr}",
+ 'name' => 'vhost0',
+ 'physical_interface' => $physical_interface,
+ },
+ 'METADATA' => {
+ 'metadata_proxy_secret' => $metadata_secret,
+ },
+ 'DISCOVERY' => {
+ 'server' => $disc_server_ip,
+ 'port' => $disc_server_port,
+ },
+ }
+ }
+ class {'::contrail::vrouter':
+ discovery_ip => $disc_server_ip,
+ gateway => $gateway,
+ host_ip => $host_ip,
+ is_tsn => $is_tsn,
+ macaddr => $macaddress,
+ mask => $cidr,
+ netmask => $netmask,
+ physical_interface => $physical_interface,
+ vhost_ip => $host_ip,
+ keystone_config => $keystone_config,
+ vrouter_agent_config => $vrouter_agent_config,
+ vrouter_nodemgr_config => {
+ 'DISCOVERY' => {
+ 'server' => $disc_server_ip,
+ 'port' => $disc_server_port,
+ },
+ },
+ vnc_api_lib_config => $vnc_api_lib_config,
+ }
+ if $step >= 5 {
+ class {'::contrail::vrouter::provision_vrouter':
+ api_address => $api_server,
+ api_port => $api_port,
+ host_ip => $host_ip,
+ node_name => $::hostname,
+ keystone_admin_user => $admin_user,
+ keystone_admin_password => $admin_password,
+ keystone_admin_tenant_name => $admin_tenant_name,
+ is_tsn => $is_tsn,
+ }
+ }
+}
diff --git a/manifests/network/contrail/webui.pp b/manifests/network/contrail/webui.pp
index 0b308a4..b621811 100644
--- a/manifests/network/contrail/webui.pp
+++ b/manifests/network/contrail/webui.pp
@@ -19,18 +19,6 @@
#
# == Parameters:
#
-# [*contrail_analytics_vip*]
-# (required) VIP of Contrail Analytics
-# String (IPv4) value.
-#
-# [*contrail_config_vip*]
-# (required) VIP of Contrail Config
-# String (IPv4) value.
-#
-# [*neutron_vip*]
-# (required) VIP of Neutron
-# String (IPv4) value.
-#
# [*admin_password*]
# (optional) admin password
# String value.
@@ -56,11 +44,46 @@
# String (IPv4) value.
# Defaults to hiera('contrail::auth_host')
#
+# [*auth_port_public*]
+# (optional) keystone port.
+# Integer value.
+# Defaults to hiera('contrail::auth_port_public')
+#
+# [*auth_port_ssl*]
+# (optional) keystone ssl port.
+# Integer value.
+# Defaults to hiera('contrail::auth_port_ssl')
+#
+# [*auth_port_ssl_public*]
+# (optional) keystone public ssl port.
+# Integer value.
+# Defaults to hiera('contrail::auth_port_ssl_public')
+#
+# [*auth_protocol*]
+# (optional) authentication protocol.
+# String value.
+# Defaults to hiera('contrail::auth_protocol')
+#
+# [*cert_file*]
+# (optional) cert file name
+# String value.
+# Defaults to hiera('contrail::service_certificate',false)
+#
# [*cassandra_server_list*]
# (optional) List IPs+port of Cassandra servers
# Array of strings value.
# Defaults to hiera('contrail::cassandra_server_list')
#
+# [*contrail_analytics_vip*]
+# (optional) VIP of Contrail Analytics
+# String (IPv4) value.
+# Defaults to hiera('contrail_analytics_vip')
+#
+# [*contrail_config_vip*]
+# (optional) VIP of Contrail Config
+# String (IPv4) value.
+# Defaults to hiera('contrail_config_vip')
+#
# [*contrail_webui_http_port*]
# (optional) Webui HTTP Port
# Integer value.
@@ -71,38 +94,55 @@
# Integer value.
# Defaults to 8143
#
+# [*neutron_vip*]
+# (optional) VIP of Neutron
+# String (IPv4) value.
+# Defaults to hiera('neutron_api_vip')
+#
# [*redis_ip*]
# (optional) IP of Redis
# String (IPv4) value.
# Defaults to '127.0.0.1'
#
class tripleo::network::contrail::webui(
- $contrail_analytics_vip,
- $contrail_config_vip,
- $neutron_vip,
- $admin_password = hiera('contrail::admin_password'),
- $admin_tenant_name = hiera('contrail::admin_tenant_name'),
- $admin_token = hiera('contrail::admin_token'),
- $admin_user = hiera('contrail::admin_user'),
- $auth_host = hiera('contrail::auth_host'),
- $cassandra_server_list = hiera('contrail::cassandra_server_list'),
- $contrail_webui_http_port = 8080,
- $contrail_webui_https_port = 8143,
- $redis_ip = '127.0.0.1',
+ $admin_password = hiera('contrail::admin_password'),
+ $admin_tenant_name = hiera('contrail::admin_tenant_name'),
+ $admin_token = hiera('contrail::admin_token'),
+ $admin_user = hiera('contrail::admin_user'),
+ $auth_host = hiera('contrail::auth_host'),
+ $auth_protocol = hiera('contrail::auth_protocol'),
+ $auth_port_public = hiera('contrail::auth_port_public'),
+ $auth_port_ssl_public = hiera('contrail::auth_port_ssl_public'),
+ $cassandra_server_list = hiera('contrail_database_node_ips'),
+ $cert_file = hiera('contrail::cert_file'),
+ $contrail_analytics_vip = hiera('contrail_analytics_vip'),
+ $contrail_config_vip = hiera('contrail_config_vip'),
+ $contrail_webui_http_port = hiera('contrail::webui::http_port'),
+ $contrail_webui_https_port = hiera('contrail::webui::https_port'),
+ $neutron_vip = hiera('neutron_api_vip'),
+ $redis_ip = hiera('contrail::webui::redis_ip'),
)
{
+ if $auth_protocol == 'https' {
+ $auth_port = $auth_port_ssl_public
+ } else {
+ $auth_port = $auth_port_public
+ }
class {'::contrail::webui':
- openstack_vip => $auth_host,
- contrail_config_vip => $contrail_config_vip,
- contrail_analytics_vip => $contrail_analytics_vip,
- neutron_vip => $neutron_vip,
- cassandra_ip => $cassandra_server_list,
- redis_ip => $redis_ip,
- contrail_webui_http_port => $contrail_webui_http_port,
- contrail_webui_https_port => $contrail_webui_https_port,
admin_user => $admin_user,
admin_password => $admin_password,
admin_token => $admin_token,
admin_tenant_name => $admin_tenant_name,
+ auth_port => $auth_port,
+ auth_protocol => $auth_protocol,
+ cassandra_ip => $cassandra_server_list,
+ cert_file => $cert_file,
+ contrail_config_vip => $contrail_config_vip,
+ contrail_analytics_vip => $contrail_analytics_vip,
+ contrail_webui_http_port => $contrail_webui_http_port,
+ contrail_webui_https_port => $contrail_webui_https_port,
+ neutron_vip => $neutron_vip,
+ openstack_vip => $auth_host,
+ redis_ip => $redis_ip,
}
}
diff --git a/manifests/profile/base/aodh.pp b/manifests/profile/base/aodh.pp
index 6e70b50..da8aaa6 100644
--- a/manifests/profile/base/aodh.pp
+++ b/manifests/profile/base/aodh.pp
@@ -27,19 +27,64 @@
# (Optional) The hostname of the node responsible for bootstrapping tasks
# Defaults to hiera('bootstrap_nodeid')
#
-# [*rabbit_hosts*]
-# list of the rabbbit host fqdns
+# [*oslomsg_rpc_proto*]
+# Protocol driver for the oslo messaging rpc service
+# Defaults to hiera('messaging_rpc_service_name', rabbit)
+#
+# [*oslomsg_rpc_hosts*]
+# list of the oslo messaging rpc host fqdns
# Defaults to hiera('rabbitmq_node_names')
#
-# [*rabbit_port*]
-# IP port for rabbitmq service
+# [*oslomsg_rpc_port*]
+# IP port for oslo messaging rpc service
# Defaults to hiera('aodh::rabbit_port', 5672)
+#
+# [*oslomsg_rpc_username*]
+# Username for oslo messaging rpc service
+# Defaults to hiera('aodh::rabbit_userid', 'guest')
+#
+# [*oslomsg_rpc_password*]
+# Password for oslo messaging rpc service
+# Defaults to hiera('aodh::rabbit_password')
+#
+# [*oslomsg_notify_proto*]
+# Protocol driver for the oslo messaging notify service
+# Defaults to hiera('messaging_notify_service_name', rabbit)
+#
+# [*oslomsg_notify_hosts*]
+# list of the oslo messaging notify host fqdns
+# Defaults to hiera('rabbitmq_node_names')
+#
+# [*oslomsg_notify_port*]
+# IP port for oslo messaging notify service
+# Defaults to hiera('aodh::rabbit_port', 5672)
+#
+# [*oslomsg_notify_username*]
+# Username for oslo messaging notify service
+# Defaults to hiera('aodh::rabbit_userid', 'guest')
+#
+# [*oslomsg_notify_password*]
+# Password for oslo messaging notify service
+# Defaults to hiera('aodh::rabbit_password')
+#
+# [*oslomsg_use_ssl*]
+# Enable ssl oslo messaging services
+# Defaults to hiera('aodh::rabbit_use_ssl', '0')
class tripleo::profile::base::aodh (
- $step = hiera('step'),
- $bootstrap_node = hiera('bootstrap_nodeid', undef),
- $rabbit_hosts = hiera('rabbitmq_node_names', undef),
- $rabbit_port = hiera('aodh::rabbit_port', 5672),
+ $step = hiera('step'),
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
+ $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_rpc_password = hiera('aodh::rabbit_password'),
+ $oslomsg_rpc_port = hiera('aodh::rabbit_port', '5672'),
+ $oslomsg_rpc_username = hiera('aodh::rabbit_userid', 'guest'),
+ $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'),
+ $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_notify_password = hiera('aodh::rabbit_password'),
+ $oslomsg_notify_port = hiera('aodh::rabbit_port', '5672'),
+ $oslomsg_notify_username = hiera('aodh::rabbit_userid', 'guest'),
+ $oslomsg_use_ssl = hiera('aodh::rabbit_use_ssl', '0'),
) {
if $::hostname == downcase($bootstrap_node) {
@@ -49,9 +94,24 @@ class tripleo::profile::base::aodh (
}
if $step >= 4 or ($step >= 3 and $sync_db) {
- $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}")
+ $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
class { '::aodh' :
- rabbit_hosts => $rabbit_endpoints,
+ default_transport_url => os_transport_url({
+ 'transport' => $oslomsg_rpc_proto,
+ 'hosts' => $oslomsg_rpc_hosts,
+ 'port' => $oslomsg_rpc_port,
+ 'username' => $oslomsg_rpc_username,
+ 'password' => $oslomsg_rpc_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
+ notification_transport_url => os_transport_url({
+ 'transport' => $oslomsg_notify_proto,
+ 'hosts' => $oslomsg_notify_hosts,
+ 'port' => $oslomsg_notify_port,
+ 'username' => $oslomsg_notify_username,
+ 'password' => $oslomsg_notify_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
}
include ::aodh::auth
include ::aodh::config
diff --git a/manifests/profile/base/barbican/api.pp b/manifests/profile/base/barbican/api.pp
index b464317..22984b1 100644
--- a/manifests/profile/base/barbican/api.pp
+++ b/manifests/profile/base/barbican/api.pp
@@ -56,6 +56,50 @@
# for more details.
# Defaults to hiera('step')
#
+# [*oslomsg_rpc_proto*]
+# Protocol driver for the oslo messaging rpc service
+# Defaults to hiera('messaging_rpc_service_name', rabbit)
+#
+# [*oslomsg_rpc_hosts*]
+# list of the oslo messaging rpc host fqdns
+# Defaults to hiera('rabbitmq_node_names')
+#
+# [*oslomsg_rpc_port*]
+# IP port for oslo messaging rpc service
+# Defaults to hiera('barbican::api::rabbit_port', 5672)
+#
+# [*oslomsg_rpc_username*]
+# Username for oslo messaging rpc service
+# Defaults to hiera('barbican::api::rabbit_userid', 'guest')
+#
+# [*oslomsg_rpc_password*]
+# Password for oslo messaging rpc service
+# Defaults to hiera('barbican::api::rabbit_password')
+#
+# [*oslomsg_notify_proto*]
+# Protocol driver for the oslo messaging notify service
+# Defaults to hiera('messaging_notify_service_name', rabbit)
+#
+# [*oslomsg_notify_hosts*]
+# list of the oslo messaging notify host fqdns
+# Defaults to hiera('rabbitmq_node_names')
+#
+# [*oslomsg_notify_port*]
+# IP port for oslo messaging notify service
+# Defaults to hiera('barbican::api::rabbit_port', 5672)
+#
+# [*oslomsg_notify_username*]
+# Username for oslo messaging notify service
+# Defaults to hiera('barbican::api::rabbit_userid', 'guest')
+#
+# [*oslomsg_notify_password*]
+# Password for oslo messaging notify service
+# Defaults to hiera('barbican::api::rabbit_password')
+#
+# [*oslomsg_use_ssl*]
+# Enable ssl oslo messaging services
+# Defaults to hiera('barbican::api::rabbit_use_ssl', '0')
+
class tripleo::profile::base::barbican::api (
$barbican_network = hiera('barbican_api_network', undef),
$bootstrap_node = hiera('bootstrap_nodeid', undef),
@@ -63,6 +107,17 @@ class tripleo::profile::base::barbican::api (
$enable_internal_tls = hiera('enable_internal_tls', false),
$generate_service_certificates = hiera('generate_service_certificates', false),
$step = hiera('step'),
+ $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
+ $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_rpc_password = hiera('barbican::api::rabbit_password'),
+ $oslomsg_rpc_port = hiera('barbican::api::rabbit_port', '5672'),
+ $oslomsg_rpc_username = hiera('barbican::api::rabbit_userid', 'guest'),
+ $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'),
+ $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_notify_password = hiera('barbican::api::rabbit_password'),
+ $oslomsg_notify_port = hiera('barbican::api::rabbit_port', '5672'),
+ $oslomsg_notify_username = hiera('barbican::api::rabbit_userid', 'guest'),
+ $oslomsg_use_ssl = hiera('barbican::api::rabbit_use_ssl', '0'),
) {
if $::hostname == downcase($bootstrap_node) {
$sync_db = true
@@ -92,8 +147,25 @@ class tripleo::profile::base::barbican::api (
}
if $step >= 4 or ( $step >= 3 and $sync_db ) {
+ $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
class { '::barbican::api':
- sync_db => $sync_db
+ sync_db => $sync_db,
+ default_transport_url => os_transport_url({
+ 'transport' => $oslomsg_rpc_proto,
+ 'hosts' => $oslomsg_rpc_hosts,
+ 'port' => $oslomsg_rpc_port,
+ 'username' => $oslomsg_rpc_username,
+ 'password' => $oslomsg_rpc_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
+ notification_transport_url => os_transport_url({
+ 'transport' => $oslomsg_notify_proto,
+ 'hosts' => $oslomsg_notify_hosts,
+ 'port' => $oslomsg_notify_port,
+ 'username' => $oslomsg_notify_username,
+ 'password' => $oslomsg_notify_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
}
include ::barbican::keystone::authtoken
include ::barbican::api::logging
diff --git a/manifests/profile/base/ceilometer.pp b/manifests/profile/base/ceilometer.pp
index bbe7f27..2855bd2 100644
--- a/manifests/profile/base/ceilometer.pp
+++ b/manifests/profile/base/ceilometer.pp
@@ -23,24 +23,84 @@
# for more details.
# Defaults to hiera('step')
#
-# [*rabbit_hosts*]
-# list of the rabbbit host fqdns
+# [*oslomsg_rpc_proto*]
+# Protocol driver for the oslo messaging rpc service
+# Defaults to hiera('messaging_rpc_service_name', rabbit)
+#
+# [*oslomsg_rpc_hosts*]
+# list of the oslo messaging rpc host fqdns
# Defaults to hiera('rabbitmq_node_names')
#
-# [*rabbit_port*]
-# IP port for rabbitmq service
+# [*oslomsg_rpc_port*]
+# IP port for oslo messaging rpc service
# Defaults to hiera('ceilometer::rabbit_port', 5672)
+#
+# [*oslomsg_rpc_username*]
+# Username for oslo messaging rpc service
+# Defaults to hiera('ceilometer::rabbit_userid', 'guest')
+#
+# [*oslomsg_rpc_password*]
+# Password for oslo messaging rpc service
+# Defaults to hiera('ceilometer::rabbit_password')
+#
+# [*oslomsg_notify_proto*]
+# Protocol driver for the oslo messaging notify service
+# Defaults to hiera('messaging_notify_service_name', rabbit)
+#
+# [*oslomsg_notify_hosts*]
+# list of the oslo messaging notify host fqdns
+# Defaults to hiera('rabbitmq_node_names')
+#
+# [*oslomsg_notify_port*]
+# IP port for oslo messaging notify service
+# Defaults to hiera('ceilometer::rabbit_port', 5672)
+#
+# [*oslomsg_notify_username*]
+# Username for oslo messaging notify service
+# Defaults to hiera('ceilometer::rabbit_userid', 'guest')
+#
+# [*oslomsg_notify_password*]
+# Password for oslo messaging notify service
+# Defaults to hiera('ceilometer::rabbit_password')
+#
+# [*oslomsg_use_ssl*]
+# Enable ssl oslo messaging services
+# Defaults to hiera('ceilometer::rabbit_use_ssl', '0')
class tripleo::profile::base::ceilometer (
- $step = hiera('step'),
- $rabbit_hosts = hiera('rabbitmq_node_names', undef),
- $rabbit_port = hiera('ceilometer::rabbit_port', 5672),
+ $step = hiera('step'),
+ $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
+ $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_rpc_password = hiera('ceilometer::rabbit_password'),
+ $oslomsg_rpc_port = hiera('ceilometer::rabbit_port', '5672'),
+ $oslomsg_rpc_username = hiera('ceilometer::rabbit_userid', 'guest'),
+ $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'),
+ $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_notify_password = hiera('ceilometer::rabbit_password'),
+ $oslomsg_notify_port = hiera('ceilometer::rabbit_port', '5672'),
+ $oslomsg_notify_username = hiera('ceilometer::rabbit_userid', 'guest'),
+ $oslomsg_use_ssl = hiera('ceilometer::rabbit_use_ssl', '0'),
) {
if $step >= 3 {
- $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}")
+ $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
class { '::ceilometer' :
- rabbit_hosts => $rabbit_endpoints,
+ default_transport_url => os_transport_url({
+ 'transport' => $oslomsg_rpc_proto,
+ 'hosts' => $oslomsg_rpc_hosts,
+ 'port' => $oslomsg_rpc_port,
+ 'username' => $oslomsg_rpc_username,
+ 'password' => $oslomsg_rpc_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
+ notification_transport_url => os_transport_url({
+ 'transport' => $oslomsg_notify_proto,
+ 'hosts' => $oslomsg_notify_hosts,
+ 'port' => $oslomsg_notify_port,
+ 'username' => $oslomsg_notify_username,
+ 'password' => $oslomsg_notify_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
}
include ::ceilometer::config
}
diff --git a/manifests/profile/base/ceilometer/agent/polling.pp b/manifests/profile/base/ceilometer/agent/polling.pp
new file mode 100644
index 0000000..3706c2e
--- /dev/null
+++ b/manifests/profile/base/ceilometer/agent/polling.pp
@@ -0,0 +1,64 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::ceilometer::agent::polling
+#
+# Ceilometer polling Agent profile for tripleo
+#
+# === Parameters
+#
+# [*central_namespace*]
+# (Optional) Use central namespace for polling agent.
+# Defaults to false.
+#
+# [*compute_namespace*]
+# (Optional) Use compute namespace for polling agent.
+# Defaults to false.
+#
+# [*ipmi_namespace*]
+# (Optional) Use ipmi namespace for polling agent.
+# Defaults to false.
+#
+# [*ceilometer_redis_password*]
+# (Optional) redis password to configure coordination url
+#
+# [*redis_vip*]
+# (Optional) redis vip to configure coordination url
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::ceilometer::agent::polling (
+ $central_namespace = hiera('central_namespace', false),
+ $compute_namespace = hiera('compute_namespace', false),
+ $ipmi_namespace = hiera('ipmi_namespace', false),
+ $ceilometer_redis_password = hiera('ceilometer_redis_password', undef),
+ $redis_vip = hiera('redis_vip', undef),
+ $step = hiera('step'),
+) {
+ include ::tripleo::profile::base::ceilometer
+
+ if $step >= 4 {
+ include ::ceilometer::agent::auth
+ class { '::ceilometer::agent::polling':
+ central_namespace => $central_namespace,
+ compute_namespace => $compute_namespace,
+ ipmi_namespace => $ipmi_namespace,
+ coordination_url => join(['redis://:', $ceilometer_redis_password, '@', normalize_ip_for_uri($redis_vip), ':6379/']),
+ }
+ }
+
+}
diff --git a/manifests/profile/base/cinder.pp b/manifests/profile/base/cinder.pp
index 6e8fbb2..fc3c659 100644
--- a/manifests/profile/base/cinder.pp
+++ b/manifests/profile/base/cinder.pp
@@ -30,20 +30,65 @@
# (Optional) The current step of the deployment
# Defaults to hiera('step')
#
-# [*rabbit_hosts*]
-# list of the rabbbit host fqdns
+# [*oslomsg_rpc_proto*]
+# Protocol driver for the oslo messaging rpc service
+# Defaults to hiera('messaging_rpc_service_name', rabbit)
+#
+# [*oslomsg_rpc_hosts*]
+# list of the oslo messaging rpc host fqdns
+# Defaults to hiera('rabbitmq_node_names')
+#
+# [*oslomsg_rpc_port*]
+# IP port for oslo messaging rpc service
+# Defaults to hiera('cinder::rabbit_port', 5672)
+#
+# [*oslomsg_rpc_username*]
+# Username for oslo messaging rpc service
+# Defaults to hiera('cinder::rabbit_userid', 'guest')
+#
+# [*oslomsg_rpc_password*]
+# Password for oslo messaging rpc service
+# Defaults to hiera('cinder::rabbit_password')
+#
+# [*oslomsg_notify_proto*]
+# Protocol driver for the oslo messaging notify service
+# Defaults to hiera('messaging_notify_service_name', rabbit)
+#
+# [*oslomsg_notify_hosts*]
+# list of the oslo messaging notify host fqdns
# Defaults to hiera('rabbitmq_node_names')
#
-# [*rabbit_port*]
-# IP port for rabbitmq service
+# [*oslomsg_notify_port*]
+# IP port for oslo messaging notify service
# Defaults to hiera('cinder::rabbit_port', 5672)
+#
+# [*oslomsg_notify_username*]
+# Username for oslo messaging notify service
+# Defaults to hiera('cinder::rabbit_userid', 'guest')
+#
+# [*oslomsg_notify_password*]
+# Password for oslo messaging notify service
+# Defaults to hiera('cinder::rabbit_password')
+#
+# [*oslomsg_use_ssl*]
+# Enable ssl oslo messaging services
+# Defaults to hiera('cinder::rabbit_use_ssl', '0')
class tripleo::profile::base::cinder (
- $bootstrap_node = hiera('bootstrap_nodeid', undef),
- $cinder_enable_db_purge = true,
- $step = hiera('step'),
- $rabbit_hosts = hiera('rabbitmq_node_names', undef),
- $rabbit_port = hiera('cinder::rabbit_port', 5672),
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $cinder_enable_db_purge = true,
+ $step = hiera('step'),
+ $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
+ $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_rpc_password = hiera('cinder::rabbit_password'),
+ $oslomsg_rpc_port = hiera('cinder::rabbit_port', '5672'),
+ $oslomsg_rpc_username = hiera('cinder::rabbit_userid', 'guest'),
+ $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'),
+ $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_notify_password = hiera('cinder::rabbit_password'),
+ $oslomsg_notify_port = hiera('cinder::rabbit_port', '5672'),
+ $oslomsg_notify_username = hiera('cinder::rabbit_userid', 'guest'),
+ $oslomsg_use_ssl = hiera('cinder::rabbit_use_ssl', '0'),
) {
if $::hostname == downcase($bootstrap_node) {
$sync_db = true
@@ -52,9 +97,26 @@ class tripleo::profile::base::cinder (
}
if $step >= 4 or ($step >= 3 and $sync_db) {
- $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}")
+ $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
class { '::cinder' :
- rabbit_hosts => $rabbit_endpoints,
+ default_transport_url => os_transport_url({
+ 'transport' => $oslomsg_rpc_proto,
+ 'hosts' => $oslomsg_rpc_hosts,
+ 'port' => $oslomsg_rpc_port,
+ 'username' => $oslomsg_rpc_username,
+ 'password' => $oslomsg_rpc_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
+ }
+ class { '::cinder::ceilometer' :
+ notification_transport_url => os_transport_url({
+ 'transport' => $oslomsg_notify_proto,
+ 'hosts' => $oslomsg_notify_hosts,
+ 'port' => $oslomsg_notify_port,
+ 'username' => $oslomsg_notify_username,
+ 'password' => $oslomsg_notify_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
}
include ::cinder::config
include ::cinder::glance
diff --git a/manifests/profile/base/cinder/volume.pp b/manifests/profile/base/cinder/volume.pp
index 7663b6f..9fb1594 100644
--- a/manifests/profile/base/cinder/volume.pp
+++ b/manifests/profile/base/cinder/volume.pp
@@ -26,8 +26,8 @@
# (Optional) Whether to enable the hpelefthand backend
# Defaults to false
#
-# [*cinder_enable_eqlx_backend*]
-# (Optional) Whether to enable the eqlx backend
+# [*cinder_enable_dellps_backend*]
+# (Optional) Whether to enable the dellps backend
# Defaults to true
#
# [*cinder_enable_iscsi_backend*]
@@ -46,6 +46,10 @@
# (Optional) Whether to enable the rbd backend
# Defaults to true
#
+# [*cinder_enable_scaleio_backend*]
+# (Optional) Whether to enable the scaleio backend
+# Defaults to true
+#
# [*cinder_user_enabled_backends*]
# (Optional) List of additional backend stanzas to activate
# Defaults to hiera('cinder_user_enabled_backends')
@@ -58,11 +62,12 @@
class tripleo::profile::base::cinder::volume (
$cinder_enable_dellsc_backend = false,
$cinder_enable_hpelefthand_backend = false,
- $cinder_enable_eqlx_backend = false,
+ $cinder_enable_dellps_backend = false,
$cinder_enable_iscsi_backend = true,
$cinder_enable_netapp_backend = false,
$cinder_enable_nfs_backend = false,
$cinder_enable_rbd_backend = false,
+ $cinder_enable_scaleio_backend = false,
$cinder_user_enabled_backends = hiera('cinder_user_enabled_backends', undef),
$step = hiera('step'),
) {
@@ -85,11 +90,11 @@ class tripleo::profile::base::cinder::volume (
$cinder_hpelefthand_backend_name = undef
}
- if $cinder_enable_eqlx_backend {
- include ::tripleo::profile::base::cinder::volume::eqlx
- $cinder_eqlx_backend_name = hiera('cinder::backend::eqlx::volume_backend_name', 'tripleo_eqlx')
+ if $cinder_enable_dellps_backend {
+ include ::tripleo::profile::base::cinder::volume::dellps
+ $cinder_dellps_backend_name = hiera('cinder::backend::dellps::volume_backend_name', 'tripleo_dellps')
} else {
- $cinder_eqlx_backend_name = undef
+ $cinder_dellps_backend_name = undef
}
if $cinder_enable_iscsi_backend {
@@ -120,13 +125,21 @@ class tripleo::profile::base::cinder::volume (
$cinder_rbd_backend_name = undef
}
+ if $cinder_enable_scaleio_backend {
+ include ::tripleo::profile::base::cinder::volume::scaleio
+ $cinder_scaleio_backend_name = hiera('cinder::backend::scaleio::volume_backend_name', 'tripleo_scaleio')
+ } else {
+ $cinder_scaleio_backend_name = undef
+ }
+
$backends = delete_undef_values([$cinder_iscsi_backend_name,
$cinder_rbd_backend_name,
- $cinder_eqlx_backend_name,
+ $cinder_dellps_backend_name,
$cinder_dellsc_backend_name,
$cinder_hpelefthand_backend_name,
$cinder_netapp_backend_name,
$cinder_nfs_backend_name,
+ $cinder_scaleio_backend_name,
$cinder_user_enabled_backends])
# NOTE(aschultz): during testing it was found that puppet 3 may incorrectly
# include a "" in the previous array which is not removed by the
diff --git a/manifests/profile/base/cinder/volume/eqlx.pp b/manifests/profile/base/cinder/volume/dellps.pp
index fe24f4b..1338240 100644
--- a/manifests/profile/base/cinder/volume/eqlx.pp
+++ b/manifests/profile/base/cinder/volume/dellps.pp
@@ -12,23 +12,23 @@
# License for the specific language governing permissions and limitations
# under the License.
#
-# == Class: tripleo::profile::base::cinder::volume::eqlx
+# == Class: tripleo::profile::base::cinder::volume::dellps
#
-# Cinder Volume eqlx profile for tripleo
+# Cinder Volume for dellps profile tripleo
#
# === Parameters
#
# [*backend_name*]
# (Optional) Name given to the Cinder backend stanza
-# Defaults to 'tripleo_eqlx'
+# Defaults to 'tripleo_dellps'
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to hiera('step')
#
-class tripleo::profile::base::cinder::volume::eqlx (
- $backend_name = hiera('cinder::backend::eqlx::volume_backend_name', 'tripleo_eqlx'),
+class tripleo::profile::base::cinder::volume::dellps (
+ $backend_name = hiera('cinder::backend::eqlx::volume_backend_name', 'tripleo_dellps'),
$step = hiera('step'),
) {
include ::tripleo::profile::base::cinder::volume
diff --git a/manifests/profile/base/cinder/volume/scaleio.pp b/manifests/profile/base/cinder/volume/scaleio.pp
new file mode 100644
index 0000000..a30cffa
--- /dev/null
+++ b/manifests/profile/base/cinder/volume/scaleio.pp
@@ -0,0 +1,56 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::cinder::volume::scaleio
+#
+# Cinder Volume scaleio profile for tripleo
+#
+# === Parameters
+#
+# [*backend_name*]
+# (Optional) Name given to the Cinder backend stanza
+# Defaults to 'tripleo_scaleio'
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::cinder::volume::scaleio (
+ $backend_name = hiera('cinder::backend::scaleio::volume_backend_name', 'tripleo_scaleio'),
+ $step = hiera('step'),
+) {
+ include ::tripleo::profile::base::cinder::volume
+
+ if $step >= 4 {
+ cinder::backend::scaleio { $backend_name :
+ sio_login => hiera('cinder::backend::scaleio::sio_login', undef),
+ sio_password => hiera('cinder::backend::scaleio::sio_password', undef),
+ sio_server_hostname => hiera('cinder::backend::scaleio::sio_server_hostname', undef),
+ sio_server_port => hiera('cinder::backend::scaleio::sio_server_port', undef),
+ sio_verify_server_certificate => hiera('cinder::backend::scaleio::sio_verify_server_certificate', undef),
+ sio_server_certificate_path => hiera('cinder::backend::scaleio::sio_server_certificate_path', undef),
+ sio_protection_domain_name => hiera('cinder::backend::scaleio::sio_protection_domain_name', undef),
+ sio_protection_domain_id => hiera('cinder::backend::scaleio::sio_protection_domain_id', undef),
+ sio_storage_pool_id => hiera('cinder::backend::scaleio::sio_storage_pool_id', undef),
+ sio_storage_pool_name => hiera('cinder::backend::scaleio::sio_storage_pool_name', undef),
+ sio_storage_pools => hiera('cinder::backend::scaleio::sio_storage_pools', undef),
+ sio_round_volume_capacity => hiera('cinder::backend::scaleio::sio_round_volume_capacity', undef),
+ sio_unmap_volume_before_deletion => hiera('cinder::backend::scaleio::sio_unmap_volume_before_deletion', undef),
+ sio_max_over_subscription_ratio => hiera('cinder::backend::scaleio::sio_max_over_subscription_ratio', undef),
+ sio_thin_provision => hiera('cinder::backend::scaleio::sio_thin_provision', undef),
+ }
+ }
+
+}
diff --git a/manifests/profile/base/congress.pp b/manifests/profile/base/congress.pp
index 1731e81..3d1a693 100644
--- a/manifests/profile/base/congress.pp
+++ b/manifests/profile/base/congress.pp
@@ -22,43 +22,43 @@
# (Optional) The hostname of the node responsible for bootstrapping tasks
# Defaults to hiera('bootstrap_nodeid')
#
-# [*messaging_driver*]
-# Driver for messaging service.
-# Defaults to hiera('messaging_service_name', 'rabbit')
+# [*step*]
+# (Optional) The current step of the deployment
+# Defaults to hiera('step')
#
-# [*messaging_hosts*]
-# list of the messaging host fqdns
-# Defaults to hiera('rabbitmq_node_names')
+# [*oslomsg_rpc_proto*]
+# Protocol driver for the oslo messaging rpc service
+# Defaults to hiera('messaging_rpc_service_name', rabbit)
#
-# [*messaging_password*]
-# Password for messaging congress queue
-# Defaults to hiera('congress::rabbit_password')
+# [*oslomsg_rpc_hosts*]
+# list of the oslo messaging rpc host fqdns
+# Defaults to hiera('rabbitmq_node_names')
#
-# [*messaging_port*]
-# IP port for messaging service
+# [*oslomsg_rpc_port*]
+# IP port for oslo messaging rpc service
# Defaults to hiera('congress::rabbit_port', 5672)
#
-# [*messaging_username*]
-# Username for messaging congress queue
+# [*oslomsg_rpc_username*]
+# Username for oslo messaging rpc service
# Defaults to hiera('congress::rabbit_userid', 'guest')
#
-# [*messaging_use_ssl*]
-# Flag indicating ssl usage.
-# Defaults to hiera('congress::rabbit_use_ssl', '0')
+# [*oslomsg_rpc_password*]
+# Password for oslo messaging rpc service
+# Defaults to hiera('congress::rabbit_password')
#
-# [*step*]
-# (Optional) The current step of the deployment
-# Defaults to hiera('step')
+# [*oslomsg_use_ssl*]
+# Enable ssl oslo messaging services
+# Defaults to hiera('congress::rabbit_use_ssl', '0')
class tripleo::profile::base::congress (
$bootstrap_node = hiera('bootstrap_nodeid', undef),
- $messaging_driver = hiera('messaging_service_name', 'rabbit'),
- $messaging_hosts = any2array(hiera('rabbitmq_node_names', undef)),
- $messaging_password = hiera('congress::rabbit_password'),
- $messaging_port = hiera('congress::rabbit_port', '5672'),
- $messaging_username = hiera('congress::rabbit_userid', 'guest'),
- $messaging_use_ssl = hiera('congress::rabbit_use_ssl', '0'),
$step = hiera('step'),
+ $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
+ $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_rpc_password = hiera('congress::rabbit_password'),
+ $oslomsg_rpc_port = hiera('congress::rabbit_port', '5672'),
+ $oslomsg_rpc_username = hiera('congress::rabbit_userid', 'guest'),
+ $oslomsg_use_ssl = hiera('congress::rabbit_use_ssl', '0'),
) {
if $::hostname == downcase($bootstrap_node) {
$sync_db = true
@@ -67,16 +67,16 @@ class tripleo::profile::base::congress (
}
if $step >= 4 or ($step >= 3 and $sync_db){
- $messaging_use_ssl_real = sprintf('%s', bool2num(str2bool($messaging_use_ssl)))
+ $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
class { '::congress':
sync_db => $sync_db,
default_transport_url => os_transport_url({
- 'transport' => $messaging_driver,
- 'hosts' => $messaging_hosts,
- 'port' => sprintf('%s', $messaging_port),
- 'username' => $messaging_username,
- 'password' => $messaging_password,
- 'ssl' => $messaging_use_ssl_real,
+ 'transport' => $oslomsg_rpc_proto,
+ 'hosts' => $oslomsg_rpc_hosts,
+ 'port' => sprintf('%s', $oslomsg_rpc_port),
+ 'username' => $oslomsg_rpc_username,
+ 'password' => $oslomsg_rpc_password,
+ 'ssl' => $oslomsg_use_ssl_real,
}),
}
diff --git a/manifests/profile/base/database/mysql.pp b/manifests/profile/base/database/mysql.pp
index 4ccfabc..a0193cf 100644
--- a/manifests/profile/base/database/mysql.pp
+++ b/manifests/profile/base/database/mysql.pp
@@ -42,6 +42,11 @@
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to hiera('enable_internal_tls', false)
#
+# [*generate_dropin_file_limit*]
+# (Optional) Generate a systemd drop-in file to raise the file descriptor
+# limit for the mysql service.
+# Defaults to false
+#
# [*generate_service_certificates*]
# (Optional) Whether or not certmonger will generate certificates for
# MySQL. This could be as many as specified by the $certificates_specs
@@ -72,6 +77,7 @@ class tripleo::profile::base::database::mysql (
$bootstrap_node = hiera('bootstrap_nodeid', undef),
$certificate_specs = {},
$enable_internal_tls = hiera('enable_internal_tls', false),
+ $generate_dropin_file_limit = false,
$generate_service_certificates = hiera('generate_service_certificates', false),
$manage_resources = true,
$mysql_server_options = {},
@@ -119,13 +125,14 @@ class tripleo::profile::base::database::mysql (
# MysqlNetwork and ControllerHostnameResolveNetwork in ServiceNetMap
$mysql_server_default = {
'mysqld' => {
- 'bind-address' => $bind_address,
- 'max_connections' => hiera('mysql_max_connections'),
- 'open_files_limit' => '-1',
- 'ssl' => $enable_internal_tls,
- 'ssl-key' => $tls_keyfile,
- 'ssl-cert' => $tls_certfile,
- 'ssl-ca' => undef,
+ 'bind-address' => $bind_address,
+ 'max_connections' => hiera('mysql_max_connections'),
+ 'open_files_limit' => '-1',
+ 'innodb_file_per_table' => 'ON',
+ 'ssl' => $enable_internal_tls,
+ 'ssl-key' => $tls_keyfile,
+ 'ssl-cert' => $tls_certfile,
+ 'ssl-ca' => undef,
}
}
$mysql_server_options_real = deep_merge($mysql_server_default, $mysql_server_options)
@@ -138,6 +145,15 @@ class tripleo::profile::base::database::mysql (
service_enabled => $manage_resources,
remove_default_accounts => $remove_default_accounts,
}
+
+ if $generate_dropin_file_limit {
+ # Raise the mysql file limit
+ ::systemd::service_limits { 'mariadb.service':
+ limits => {
+ LimitNOFILE => 16384
+ }
+ }
+ }
}
if $step >= 2 and $sync_db {
@@ -166,6 +182,9 @@ class tripleo::profile::base::database::mysql (
if hiera('ironic_api_enabled', false) {
include ::ironic::db::mysql
}
+ if hiera('ironic_inspector_enabled', false) {
+ include ::ironic::inspector::db::mysql
+ }
if hiera('keystone_enabled', false) {
include ::keystone::db::mysql
}
diff --git a/manifests/profile/base/database/mysql/client.pp b/manifests/profile/base/database/mysql/client.pp
new file mode 100644
index 0000000..22384a9
--- /dev/null
+++ b/manifests/profile/base/database/mysql/client.pp
@@ -0,0 +1,93 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::haproxy
+#
+# Loadbalancer profile for tripleo
+#
+# === Parameters
+#
+# [*enable_ssl*]
+# (Optional) Whether SSL should be used for the connection to the server or
+# not.
+# Defaults to false
+#
+# [*mysql_read_default_file*]
+# (Optional) Name of the file that will be passed to pymysql connection strings
+# Defaults to '/etc/my.cnf.d/tripleo.cnf'
+#
+# [*mysql_read_default_group*]
+# (Optional) Name of the ini section to be passed to pymysql connection strings
+# Defaults to 'tripleo'
+#
+# [*mysql_client_bind_address*]
+# (Optional) Client IP address of the host that will be written in the mysql_read_default_file
+# Defaults to undef
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::database::mysql::client (
+ $enable_ssl = false,
+ $mysql_read_default_file = '/etc/my.cnf.d/tripleo.cnf',
+ $mysql_read_default_group = 'tripleo',
+ $mysql_client_bind_address = undef,
+ $step = hiera('step'),
+) {
+ if $step >= 1 {
+ # If the folder /etc/my.cnf.d does not exist (e.g. if mariadb is not
+ # present in the base image but installed as a package afterwards),
+ # create it. We do not want to touch the permissions in case it already
+ # exists due to the mariadb server package being pre-installed
+ # Note: We use exec instead of file in the case that the mysql class is
+ # included on this node as well (we'd get duplicate declaration in such a
+ # situation when using file)
+ if $mysql_client_bind_address {
+ $client_bind_changes = [
+ "set ${mysql_read_default_group}/bind-address '${mysql_client_bind_address}'"
+ ]
+ } else {
+ $client_bind_changes = [
+ "rm ${mysql_read_default_group}/bind-address"
+ ]
+ }
+
+ if $enable_ssl {
+ $changes_ssl = [
+ "set ${mysql_read_default_group}/ssl '1'",
+ "set ${mysql_read_default_group}/ssl-ca '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt'"
+ ]
+ } else {
+ $changes_ssl = [
+ "rm ${mysql_read_default_group}/ssl",
+ "rm ${mysql_read_default_group}/ssl-ca"
+ ]
+ }
+
+ $conf_changes = union($client_bind_changes, $changes_ssl)
+
+ # Create /etc/my.cnf.d/tripleo.cnf
+ exec { 'directory-create-etc-my.cnf.d':
+ command => 'mkdir -p /etc/my.cnf.d',
+ path => ['/usr/bin', '/usr/sbin', '/bin', '/sbin'],
+ } ->
+ augeas { 'tripleo-mysql-client-conf':
+ incl => $mysql_read_default_file,
+ lens => 'Puppet.lns',
+ changes => $conf_changes,
+ }
+ }
+}
diff --git a/manifests/profile/base/docker.pp b/manifests/profile/base/docker.pp
new file mode 100644
index 0000000..5e18a85
--- /dev/null
+++ b/manifests/profile/base/docker.pp
@@ -0,0 +1,68 @@
+# Copyright 2017 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::docker
+#
+# docker profile for tripleo
+#
+# === Parameters
+#
+# [*docker_namespace*]
+# The namespace to be used when setting INSECURE_REGISTRY
+# this will be split on "/" to derive the docker registry
+# (defaults to undef)
+#
+# [*insecure_registry*]
+# Set docker_namespace to INSECURE_REGISTRY, used when a local registry
+# is enabled (defaults to false)
+#
+# [*step*]
+# step defaults to hiera('step')
+#
+class tripleo::profile::base::docker (
+ $docker_namespace = undef,
+ $insecure_registry = false,
+ $step = hiera('step'),
+) {
+ if $step >= 1 {
+ package {'docker':
+ ensure => installed,
+ }
+
+ service { 'docker':
+ ensure => 'running',
+ enable => true,
+ require => Package['docker'],
+ }
+
+ if $insecure_registry {
+ if $docker_namespace == undef {
+ fail('You must provide a $docker_namespace in order to configure insecure registry')
+ }
+ $namespace = strip($docker_namespace.split('/')[0])
+ $changes = [ "set INSECURE_REGISTRY '\"--insecure-registry ${namespace}\"'", ]
+ } else {
+ $changes = [ 'rm INSECURE_REGISTRY', ]
+ }
+
+ augeas { 'docker-sysconfig':
+ lens => 'Shellvars.lns',
+ incl => '/etc/sysconfig/docker',
+ changes => $changes,
+ subscribe => Package['docker'],
+ notify => Service['docker'],
+ }
+ }
+}
diff --git a/manifests/profile/base/docker_registry.pp b/manifests/profile/base/docker_registry.pp
index ebe84bf..0452575 100644
--- a/manifests/profile/base/docker_registry.pp
+++ b/manifests/profile/base/docker_registry.pp
@@ -38,7 +38,8 @@ class tripleo::profile::base::docker_registry (
) {
# We want a v2 registry
package{'docker-registry':
- ensure => absent,
+ ensure => absent,
+ allow_virtual => false,
}
package{'docker-distribution': }
package{'docker': }
diff --git a/manifests/profile/base/gnocchi/metricd.pp b/manifests/profile/base/gnocchi/metricd.pp
index e69bbd5..f6f80cd 100644
--- a/manifests/profile/base/gnocchi/metricd.pp
+++ b/manifests/profile/base/gnocchi/metricd.pp
@@ -30,7 +30,5 @@ class tripleo::profile::base::gnocchi::metricd (
if $step >= 5 {
include ::gnocchi::metricd
- Keystone_endpoint<||> -> Service['gnocchi-metricd']
- Keystone_user_role<||> -> Service['gnocchi-metricd']
}
}
diff --git a/manifests/profile/base/gnocchi/statsd.pp b/manifests/profile/base/gnocchi/statsd.pp
index 1fe4067..7c98a0a 100644
--- a/manifests/profile/base/gnocchi/statsd.pp
+++ b/manifests/profile/base/gnocchi/statsd.pp
@@ -30,7 +30,5 @@ class tripleo::profile::base::gnocchi::statsd (
if $step >= 5 {
include ::gnocchi::statsd
- Keystone_endpoint<||> -> Service['gnocchi-statsd']
- Keystone_user_role<||> -> Service['gnocchi-statsd']
}
}
diff --git a/manifests/profile/base/heat.pp b/manifests/profile/base/heat.pp
index 6e7e5f6..4ff5b41 100644
--- a/manifests/profile/base/heat.pp
+++ b/manifests/profile/base/heat.pp
@@ -35,21 +35,66 @@
# for more details.
# Defaults to hiera('step')
#
-# [*rabbit_hosts*]
-# list of the rabbbit host fqdns
+# [*oslomsg_rpc_proto*]
+# Protocol driver for the oslo messaging rpc service
+# Defaults to hiera('messaging_rpc_service_name', rabbit)
+#
+# [*oslomsg_rpc_hosts*]
+# list of the oslo messaging rpc host fqdns
+# Defaults to hiera('rabbitmq_node_names')
+#
+# [*oslomsg_rpc_port*]
+# IP port for oslo messaging rpc service
+# Defaults to hiera('heat::rabbit_port', 5672)
+#
+# [*oslomsg_rpc_username*]
+# Username for oslo messaging rpc service
+# Defaults to hiera('heat::rabbit_userid', 'guest')
+#
+# [*oslomsg_rpc_password*]
+# Password for oslo messaging rpc service
+# Defaults to hiera('heat::rabbit_password')
+#
+# [*oslomsg_notify_proto*]
+# Protocol driver for the oslo messaging notify service
+# Defaults to hiera('messaging_notify_service_name', rabbit)
+#
+# [*oslomsg_notify_hosts*]
+# list of the oslo messaging notify host fqdns
# Defaults to hiera('rabbitmq_node_names')
#
-# [*rabbit_port*]
-# IP port for rabbitmq service
+# [*oslomsg_notify_port*]
+# IP port for oslo messaging notify service
# Defaults to hiera('heat::rabbit_port', 5672)
+#
+# [*oslomsg_notify_username*]
+# Username for oslo messaging notify service
+# Defaults to hiera('heat::rabbit_userid', 'guest')
+#
+# [*oslomsg_notify_password*]
+# Password for oslo messaging notify service
+# Defaults to hiera('heat::rabbit_password')
+#
+# [*oslomsg_use_ssl*]
+# Enable ssl oslo messaging services
+# Defaults to hiera('heat::rabbit_use_ssl', '0')
class tripleo::profile::base::heat (
- $bootstrap_node = downcase(hiera('bootstrap_nodeid')),
- $manage_db_purge = hiera('heat_enable_db_purge', true),
- $notification_driver = 'messaging',
- $step = hiera('step'),
- $rabbit_hosts = hiera('rabbitmq_node_names', undef),
- $rabbit_port = hiera('heat::rabbit_port', 5672),
+ $bootstrap_node = downcase(hiera('bootstrap_nodeid')),
+ $manage_db_purge = hiera('heat_enable_db_purge', true),
+ $notification_driver = 'messaging',
+ $step = hiera('step'),
+ $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
+ $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_rpc_password = hiera('heat::rabbit_password'),
+ $oslomsg_rpc_port = hiera('heat::rabbit_port', '5672'),
+ $oslomsg_rpc_username = hiera('heat::rabbit_userid', 'guest'),
+ $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'),
+ $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_notify_password = hiera('heat::rabbit_password'),
+ $oslomsg_notify_port = hiera('heat::rabbit_port', '5672'),
+ $oslomsg_notify_username = hiera('heat::rabbit_userid', 'guest'),
+ $oslomsg_use_ssl = hiera('heat::rabbit_use_ssl', '0'),
) {
# Domain resources will be created at step5 on the node running keystone.pp
# configure heat.conf at step3 and 4 but actually create the domain later.
@@ -60,10 +105,26 @@ class tripleo::profile::base::heat (
manage_role => false,
}
- $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}")
+ $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
+
class { '::heat' :
- notification_driver => $notification_driver,
- rabbit_hosts => $rabbit_endpoints,
+ notification_driver => $notification_driver,
+ default_transport_url => os_transport_url({
+ 'transport' => $oslomsg_rpc_proto,
+ 'hosts' => $oslomsg_rpc_hosts,
+ 'port' => $oslomsg_rpc_port,
+ 'username' => $oslomsg_rpc_username,
+ 'password' => $oslomsg_rpc_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
+ notification_transport_url => os_transport_url({
+ 'transport' => $oslomsg_notify_proto,
+ 'hosts' => $oslomsg_notify_hosts,
+ 'port' => $oslomsg_notify_port,
+ 'username' => $oslomsg_notify_username,
+ 'password' => $oslomsg_notify_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
}
include ::heat::config
include ::heat::cors
diff --git a/manifests/profile/base/heat/api.pp b/manifests/profile/base/heat/api.pp
index 7166298..9ffba9c 100644
--- a/manifests/profile/base/heat/api.pp
+++ b/manifests/profile/base/heat/api.pp
@@ -18,18 +18,70 @@
#
# === Parameters
#
+# [*certificates_specs*]
+# (Optional) The specifications to give to certmonger for the certificate(s)
+# it will create.
+# Example with hiera:
+# apache_certificates_specs:
+# httpd-internal_api:
+# hostname: <overcloud controller fqdn>
+# service_certificate: <service certificate path>
+# service_key: <service key path>
+# principal: "haproxy/<overcloud controller fqdn>"
+# Defaults to hiera('apache_certificate_specs', {}).
+#
+# [*enable_internal_tls*]
+# (Optional) Whether TLS in the internal network is enabled or not.
+# Defaults to hiera('enable_internal_tls', false)
+#
+# [*generate_service_certificates*]
+# (Optional) Whether or not certmonger will generate certificates for
+# HAProxy. This could be as many as specified by the $certificates_specs
+# variable.
+# Note that this doesn't configure the certificates in haproxy, it merely
+# creates the certificates.
+# Defaults to hiera('generate_service_certificate', false).
+#
+# [*heat_api_network*]
+# (Optional) The network name where the heat API endpoint is listening on.
+# This is set by t-h-t.
+# Defaults to hiera('heat_api_network', undef)
+#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to hiera('step')
#
class tripleo::profile::base::heat::api (
- $step = hiera('step'),
+ $certificates_specs = hiera('apache_certificates_specs', {}),
+ $enable_internal_tls = hiera('enable_internal_tls', false),
+ $generate_service_certificates = hiera('generate_service_certificates', false),
+ $heat_api_network = hiera('heat_api_network', undef),
+ $step = hiera('step'),
) {
include ::tripleo::profile::base::heat
+ if $enable_internal_tls {
+ if $generate_service_certificates {
+ ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
+ }
+
+ if !$heat_api_network {
+ fail('heat_api_network is not set in the hieradata.')
+ }
+ $tls_certfile = $certificates_specs["httpd-${heat_api_network}"]['service_certificate']
+ $tls_keyfile = $certificates_specs["httpd-${heat_api_network}"]['service_key']
+ } else {
+ $tls_certfile = undef
+ $tls_keyfile = undef
+ }
+
if $step >= 4 {
include ::heat::api
+ class { '::heat::wsgi::apache_api':
+ ssl_cert => $tls_certfile,
+ ssl_key => $tls_keyfile,
+ }
}
}
diff --git a/manifests/profile/base/heat/api_cfn.pp b/manifests/profile/base/heat/api_cfn.pp
index c1adae6..987d3b2 100644
--- a/manifests/profile/base/heat/api_cfn.pp
+++ b/manifests/profile/base/heat/api_cfn.pp
@@ -18,18 +18,71 @@
#
# === Parameters
#
+# [*certificates_specs*]
+# (Optional) The specifications to give to certmonger for the certificate(s)
+# it will create.
+# Example with hiera:
+# apache_certificates_specs:
+# httpd-internal_api:
+# hostname: <overcloud controller fqdn>
+# service_certificate: <service certificate path>
+# service_key: <service key path>
+# principal: "haproxy/<overcloud controller fqdn>"
+# Defaults to hiera('apache_certificate_specs', {}).
+#
+# [*enable_internal_tls*]
+# (Optional) Whether TLS in the internal network is enabled or not.
+# Defaults to hiera('enable_internal_tls', false)
+#
+# [*generate_service_certificates*]
+# (Optional) Whether or not certmonger will generate certificates for
+# HAProxy. This could be as many as specified by the $certificates_specs
+# variable.
+# Note that this doesn't configure the certificates in haproxy, it merely
+# creates the certificates.
+# Defaults to hiera('generate_service_certificate', false).
+#
+# [*heat_api_cfn_network*]
+# (Optional) The network name where the heat cfn endpoint is listening on.
+# This is set by t-h-t.
+# Defaults to hiera('heat_api_cfn_network', undef)
+#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to hiera('step')
#
class tripleo::profile::base::heat::api_cfn (
- $step = hiera('step'),
+ $certificates_specs = hiera('apache_certificates_specs', {}),
+ $enable_internal_tls = hiera('enable_internal_tls', false),
+ $generate_service_certificates = hiera('generate_service_certificates', false),
+ $heat_api_cfn_network = hiera('heat_api_cfn_network', undef),
+ $step = hiera('step'),
) {
include ::tripleo::profile::base::heat
+ if $enable_internal_tls {
+ if $generate_service_certificates {
+ ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
+ }
+
+ if !$heat_api_cfn_network {
+ fail('heat_api_cfn_network is not set in the hieradata.')
+ }
+ $tls_certfile = $certificates_specs["httpd-${heat_api_cfn_network}"]['service_certificate']
+ $tls_keyfile = $certificates_specs["httpd-${heat_api_cfn_network}"]['service_key']
+ } else {
+ $tls_certfile = undef
+ $tls_keyfile = undef
+ }
+
if $step >= 4 {
include ::heat::api_cfn
+
+ class { '::heat::wsgi::apache_api_cfn':
+ ssl_cert => $tls_certfile,
+ ssl_key => $tls_keyfile,
+ }
}
}
diff --git a/manifests/profile/base/heat/api_cloudwatch.pp b/manifests/profile/base/heat/api_cloudwatch.pp
index 3004db9..4dd2607 100644
--- a/manifests/profile/base/heat/api_cloudwatch.pp
+++ b/manifests/profile/base/heat/api_cloudwatch.pp
@@ -18,18 +18,71 @@
#
# === Parameters
#
+# [*certificates_specs*]
+# (Optional) The specifications to give to certmonger for the certificate(s)
+# it will create.
+# Example with hiera:
+# apache_certificates_specs:
+# httpd-internal_api:
+# hostname: <overcloud controller fqdn>
+# service_certificate: <service certificate path>
+# service_key: <service key path>
+# principal: "haproxy/<overcloud controller fqdn>"
+# Defaults to hiera('apache_certificate_specs', {}).
+#
+# [*enable_internal_tls*]
+# (Optional) Whether TLS in the internal network is enabled or not.
+# Defaults to hiera('enable_internal_tls', false)
+#
+# [*generate_service_certificates*]
+# (Optional) Whether or not certmonger will generate certificates for
+# HAProxy. This could be as many as specified by the $certificates_specs
+# variable.
+# Note that this doesn't configure the certificates in haproxy, it merely
+# creates the certificates.
+# Defaults to hiera('generate_service_certificate', false).
+#
+# [*heat_api_cloudwatch_network*]
+# (Optional) The network name where the heat cloudwatch endpoint is listening
+# on. This is set by t-h-t.
+# Defaults to hiera('heat_api_cloudwatch_network', undef)
+#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to hiera('step')
#
class tripleo::profile::base::heat::api_cloudwatch (
- $step = hiera('step'),
+ $certificates_specs = hiera('apache_certificates_specs', {}),
+ $enable_internal_tls = hiera('enable_internal_tls', false),
+ $generate_service_certificates = hiera('generate_service_certificates', false),
+ $heat_api_cloudwatch_network = hiera('heat_api_cloudwatch_network', undef),
+ $step = hiera('step'),
) {
include ::tripleo::profile::base::heat
+ if $enable_internal_tls {
+ if $generate_service_certificates {
+ ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
+ }
+
+ if !$heat_api_cloudwatch_network {
+ fail('heat_api_cloudwatch_network is not set in the hieradata.')
+ }
+ $tls_certfile = $certificates_specs["httpd-${heat_api_cloudwatch_network}"]['service_certificate']
+ $tls_keyfile = $certificates_specs["httpd-${heat_api_cloudwatch_network}"]['service_key']
+ } else {
+ $tls_certfile = undef
+ $tls_keyfile = undef
+ }
+
if $step >= 4 {
include ::heat::api_cloudwatch
+
+ class { '::heat::wsgi::apache_api_cloudwatch':
+ ssl_cert => $tls_certfile,
+ ssl_key => $tls_keyfile,
+ }
}
}
diff --git a/manifests/profile/base/horizon.pp b/manifests/profile/base/horizon.pp
index bd28ab0..278c25c 100644
--- a/manifests/profile/base/horizon.pp
+++ b/manifests/profile/base/horizon.pp
@@ -23,8 +23,13 @@
# for more details.
# Defaults to hiera('step')
#
+# [*neutron_options*]
+# (Optional) A hash of parameters to enable features specific to Neutron
+# Defaults to hiera('horizon::neutron_options', {})
+#
class tripleo::profile::base::horizon (
- $step = hiera('step'),
+ $step = hiera('step'),
+ $neutron_options = hiera('horizon::neutron_options', {}),
) {
if $step >= 4 {
# Horizon
@@ -35,7 +40,7 @@ class tripleo::profile::base::horizon (
} else {
$_profile_support = 'None'
}
- $neutron_options = {'profile_support' => $_profile_support }
+ $neutron_options_real = merge({'profile_support' => $_profile_support }, $neutron_options)
$memcached_ipv6 = hiera('memcached_ipv6', false)
if $memcached_ipv6 {
$horizon_memcached_servers = hiera('memcached_node_ips_v6', '[::1]')
@@ -44,7 +49,7 @@ class tripleo::profile::base::horizon (
}
class { '::horizon':
cache_server_ip => $horizon_memcached_servers,
- neutron_options => $neutron_options,
+ neutron_options => $neutron_options_real,
}
}
}
diff --git a/manifests/profile/base/ironic.pp b/manifests/profile/base/ironic.pp
index 5db1e1f..7ba629f 100644
--- a/manifests/profile/base/ironic.pp
+++ b/manifests/profile/base/ironic.pp
@@ -26,19 +26,39 @@
# (Optional) The current step of the deployment
# Defaults to hiera('step')
#
-# [*rabbit_hosts*]
-# list of the rabbbit host fqdns
+# [*oslomsg_rpc_proto*]
+# Protocol driver for the oslo messaging rpc service
+# Defaults to hiera('messaging_rpc_service_name', rabbit)
+#
+# [*oslomsg_rpc_hosts*]
+# list of the oslo messaging rpc host fqdns
# Defaults to hiera('rabbitmq_node_names')
#
-# [*rabbit_port*]
-# IP port for rabbitmq service
+# [*oslomsg_rpc_port*]
+# IP port for oslo messaging rpc service
# Defaults to hiera('ironic::rabbit_port', 5672)
+#
+# [*oslomsg_rpc_username*]
+# Username for oslo messaging rpc service
+# Defaults to hiera('ironic::rabbit_userid', 'guest')
+#
+# [*oslomsg_rpc_password*]
+# Password for oslo messaging rpc service
+# Defaults to hiera('ironic::rabbit_password')
+#
+# [*oslomsg_use_ssl*]
+# Enable ssl oslo messaging services
+# Defaults to hiera('ironic::rabbit_use_ssl', '0')
class tripleo::profile::base::ironic (
- $bootstrap_node = hiera('bootstrap_nodeid', undef),
- $step = hiera('step'),
- $rabbit_hosts = hiera('rabbitmq_node_names', undef),
- $rabbit_port = hiera('ironic::rabbit_port', 5672),
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $step = hiera('step'),
+ $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
+ $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_rpc_password = hiera('ironic::rabbit_password'),
+ $oslomsg_rpc_port = hiera('ironic::rabbit_port', '5672'),
+ $oslomsg_rpc_username = hiera('ironic::rabbit_userid', 'guest'),
+ $oslomsg_use_ssl = hiera('ironic::rabbit_use_ssl', '0'),
) {
# Database is accessed by both API and conductor, hence it's here.
if $::hostname == downcase($bootstrap_node) {
@@ -48,12 +68,20 @@ class tripleo::profile::base::ironic (
}
if $step >= 4 or ($step >= 3 and $sync_db) {
- $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}")
+ $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
class { '::ironic':
- sync_db => $sync_db,
- rabbit_hosts => $rabbit_endpoints,
+ sync_db => $sync_db,
+ default_transport_url => os_transport_url({
+ 'transport' => $oslomsg_rpc_proto,
+ 'hosts' => $oslomsg_rpc_hosts,
+ 'port' => sprintf('%s', $oslomsg_rpc_port),
+ 'username' => $oslomsg_rpc_username,
+ 'password' => $oslomsg_rpc_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
}
+ include ::ironic::config
include ::ironic::cors
}
}
diff --git a/manifests/profile/base/ironic_inspector.pp b/manifests/profile/base/ironic_inspector.pp
new file mode 100644
index 0000000..b4276c6
--- /dev/null
+++ b/manifests/profile/base/ironic_inspector.pp
@@ -0,0 +1,46 @@
+# Copyright 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::ironic_inspector
+#
+# Ironic inspector profile for TripleO
+#
+# === Parameters
+#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
+# [*step*]
+# (Optional) The current step of the deployment
+# Defaults to hiera('step')
+
+class tripleo::profile::base::ironic_inspector (
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $step = hiera('step'),
+) {
+
+ if $::hostname == downcase($bootstrap_node) {
+ $sync_db = true
+ } else {
+ $sync_db = false
+ }
+
+ if $step >= 4 or ($step >= 3 and $sync_db) {
+ class { '::ironic::inspector':
+ sync_db => $sync_db,
+ }
+ }
+
+}
diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp
index 72049e3..9b2fc51 100644
--- a/manifests/profile/base/keystone.pp
+++ b/manifests/profile/base/keystone.pp
@@ -76,15 +76,50 @@
# This is set by t-h-t.
# Defaults to hiera('keystone_public_api_network', undef)
#
+# [*oslomsg_rpc_proto*]
+# Protocol driver for the oslo messaging rpc service
+# Defaults to hiera('messaging_rpc_service_name', rabbit)
#
-# [*rabbit_hosts*]
-# list of the rabbbit host fqdns
+# [*oslomsg_rpc_hosts*]
+# list of the oslo messaging rpc host fqdns
# Defaults to hiera('rabbitmq_node_names')
#
-# [*rabbit_port*]
-# IP port for rabbitmq service
+# [*oslomsg_rpc_port*]
+# IP port for oslo messaging rpc service
# Defaults to hiera('keystone::rabbit_port', 5672)
#
+# [*oslomsg_rpc_username*]
+# Username for oslo messaging rpc service
+# Defaults to hiera('keystone::rabbit_userid', 'guest')
+#
+# [*oslomsg_rpc_password*]
+# Password for oslo messaging rpc service
+# Defaults to hiera('keystone::rabbit_password')
+#
+# [*oslomsg_notify_proto*]
+# Protocol driver for the oslo messaging notify service
+# Defaults to hiera('messaging_notify_service_name', rabbit)
+#
+# [*oslomsg_notify_hosts*]
+# list of the oslo messaging notify host fqdns
+# Defaults to hiera('rabbitmq_node_names')
+#
+# [*oslomsg_notify_port*]
+# IP port for oslo messaging notify service
+# Defaults to hiera('keystone::rabbit_port', 5672)
+#
+# [*oslomsg_notify_username*]
+# Username for oslo messaging notify service
+# Defaults to hiera('keystone::rabbit_userid', 'guest')
+#
+# [*oslomsg_notify_password*]
+# Password for oslo messaging notify service
+# Defaults to hiera('keystone::rabbit_password')
+#
+# [*oslomsg_use_ssl*]
+# Enable ssl oslo messaging services
+# Defaults to hiera('keystone::rabbit_use_ssl', '0')
+#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
@@ -102,8 +137,17 @@ class tripleo::profile::base::keystone (
$heat_admin_user = undef,
$manage_db_purge = hiera('keystone_enable_db_purge', true),
$public_endpoint_network = hiera('keystone_public_api_network', undef),
- $rabbit_hosts = hiera('rabbitmq_node_names', undef),
- $rabbit_port = hiera('keystone::rabbit_port', 5672),
+ $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
+ $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_rpc_password = hiera('keystone::rabbit_password'),
+ $oslomsg_rpc_port = hiera('keystone::rabbit_port', '5672'),
+ $oslomsg_rpc_username = hiera('keystone::rabbit_userid', 'guest'),
+ $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'),
+ $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_notify_password = hiera('keystone::rabbit_password'),
+ $oslomsg_notify_port = hiera('keystone::rabbit_port', '5672'),
+ $oslomsg_notify_username = hiera('keystone::rabbit_userid', 'guest'),
+ $oslomsg_use_ssl = hiera('keystone::rabbit_use_ssl', '0'),
$step = hiera('step'),
) {
if $::hostname == downcase($bootstrap_node) {
@@ -142,11 +186,26 @@ class tripleo::profile::base::keystone (
}
if $step >= 4 or ( $step >= 3 and $sync_db ) {
- $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}")
+ $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
class { '::keystone':
- sync_db => $sync_db,
- enable_bootstrap => $sync_db,
- rabbit_hosts => $rabbit_endpoints,
+ sync_db => $sync_db,
+ enable_bootstrap => $sync_db,
+ default_transport_url => os_transport_url({
+ 'transport' => $oslomsg_rpc_proto,
+ 'hosts' => $oslomsg_rpc_hosts,
+ 'port' => $oslomsg_rpc_port,
+ 'username' => $oslomsg_rpc_username,
+ 'password' => $oslomsg_rpc_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
+ notification_transport_url => os_transport_url({
+ 'transport' => $oslomsg_notify_proto,
+ 'hosts' => $oslomsg_notify_hosts,
+ 'port' => $oslomsg_notify_port,
+ 'username' => $oslomsg_notify_username,
+ 'password' => $oslomsg_notify_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
}
include ::keystone::config
@@ -157,22 +216,13 @@ class tripleo::profile::base::keystone (
ssl_key_admin => $tls_keyfile_admin,
}
include ::keystone::cors
-
- if $manage_roles {
- include ::keystone::roles::admin
- }
-
- if $manage_endpoint {
- include ::keystone::endpoint
- }
-
}
- if $step >= 5 and $manage_db_purge {
+ if $step >= 4 and $manage_db_purge {
include ::keystone::cron::token_flush
}
- if $step >= 5 and $manage_domain {
+ if $step == 3 and $manage_domain {
if hiera('heat_engine_enabled', false) {
# create these seperate and don't use ::heat::keystone::domain since
# that class writes out the configs
@@ -193,7 +243,12 @@ class tripleo::profile::base::keystone (
}
}
- if $step >= 5 and $manage_endpoint{
+ if $step == 3 and $manage_roles {
+ include ::keystone::roles::admin
+ }
+
+ if $step == 3 and $manage_endpoint {
+ include ::keystone::endpoint
if hiera('aodh_api_enabled', false) {
include ::aodh::keystone::auth
}
@@ -227,6 +282,9 @@ class tripleo::profile::base::keystone (
if hiera('ironic_api_enabled', false) {
include ::ironic::keystone::auth
}
+ if hiera('ironic_inspector_enabled', false) {
+ include ::ironic::keystone::auth_inspector
+ }
if hiera('manila_api_enabled', false) {
include ::manila::keystone::auth
}
diff --git a/manifests/profile/base/manila.pp b/manifests/profile/base/manila.pp
index f021f64..cad2cdf 100644
--- a/manifests/profile/base/manila.pp
+++ b/manifests/profile/base/manila.pp
@@ -26,19 +26,64 @@
# (Optional) The current step of the deployment
# Defaults to hiera('step')
#
-# [*rabbit_hosts*]
-# list of the rabbbit host fqdns
+# [*oslomsg_rpc_proto*]
+# Protocol driver for the oslo messaging rpc service
+# Defaults to hiera('messaging_rpc_service_name', rabbit)
+#
+# [*oslomsg_rpc_hosts*]
+# list of the oslo messaging rpc host fqdns
# Defaults to hiera('rabbitmq_node_names')
#
-# [*rabbit_port*]
-# IP port for rabbitmq service
+# [*oslomsg_rpc_port*]
+# IP port for oslo messaging rpc service
# Defaults to hiera('manila::rabbit_port', 5672)
+#
+# [*oslomsg_rpc_username*]
+# Username for oslo messaging rpc service
+# Defaults to hiera('manila::rabbit_userid', 'guest')
+#
+# [*oslomsg_rpc_password*]
+# Password for oslo messaging rpc service
+# Defaults to hiera('manila::rabbit_password')
+#
+# [*oslomsg_notify_proto*]
+# Protocol driver for the oslo messaging notify service
+# Defaults to hiera('messaging_notify_service_name', rabbit)
+#
+# [*oslomsg_notify_hosts*]
+# list of the oslo messaging notify host fqdns
+# Defaults to hiera('rabbitmq_node_names')
+#
+# [*oslomsg_notify_port*]
+# IP port for oslo messaging notify service
+# Defaults to hiera('manila::rabbit_port', 5672)
+#
+# [*oslomsg_notify_username*]
+# Username for oslo messaging notify service
+# Defaults to hiera('manila::rabbit_userid', 'guest')
+#
+# [*oslomsg_notify_password*]
+# Password for oslo messaging notify service
+# Defaults to hiera('manila::rabbit_password')
+#
+# [*oslomsg_use_ssl*]
+# Enable ssl oslo messaging services
+# Defaults to hiera('manila::rabbit_use_ssl', '0')
class tripleo::profile::base::manila (
- $bootstrap_node = hiera('bootstrap_nodeid', undef),
- $step = hiera('step'),
- $rabbit_hosts = hiera('rabbitmq_node_names', undef),
- $rabbit_port = hiera('manila::rabbit_port', 5672),
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $step = hiera('step'),
+ $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
+ $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_rpc_password = hiera('manila::rabbit_password'),
+ $oslomsg_rpc_port = hiera('manila::rabbit_port', '5672'),
+ $oslomsg_rpc_username = hiera('manila::rabbit_userid', 'guest'),
+ $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'),
+ $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_notify_password = hiera('manila::rabbit_password'),
+ $oslomsg_notify_port = hiera('manila::rabbit_port', '5672'),
+ $oslomsg_notify_username = hiera('manila::rabbit_userid', 'guest'),
+ $oslomsg_use_ssl = hiera('manila::rabbit_use_ssl', '0'),
) {
if $::hostname == downcase($bootstrap_node) {
$sync_db = true
@@ -47,9 +92,24 @@ class tripleo::profile::base::manila (
}
if $step >= 4 or ($step >= 3 and $sync_db) {
- $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}")
+ $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
class { '::manila' :
- rabbit_hosts => $rabbit_endpoints,
+ default_transport_url => os_transport_url({
+ 'transport' => $oslomsg_rpc_proto,
+ 'hosts' => $oslomsg_rpc_hosts,
+ 'port' => $oslomsg_rpc_port,
+ 'username' => $oslomsg_rpc_username,
+ 'password' => $oslomsg_rpc_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
+ notification_transport_url => os_transport_url({
+ 'transport' => $oslomsg_notify_proto,
+ 'hosts' => $oslomsg_notify_hosts,
+ 'port' => $oslomsg_notify_port,
+ 'username' => $oslomsg_notify_username,
+ 'password' => $oslomsg_notify_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
}
include ::manila::config
}
diff --git a/manifests/profile/base/mistral.pp b/manifests/profile/base/mistral.pp
index d8e1330..0eb849d 100644
--- a/manifests/profile/base/mistral.pp
+++ b/manifests/profile/base/mistral.pp
@@ -27,19 +27,64 @@
# for more details.
# Defaults to hiera('step')
#
-# [*rabbit_hosts*]
-# list of the rabbbit host fqdns
+# [*oslomsg_rpc_proto*]
+# Protocol driver for the oslo messaging rpc service
+# Defaults to hiera('messaging_rpc_service_name', rabbit)
+#
+# [*oslomsg_rpc_hosts*]
+# list of the oslo messaging rpc host fqdns
# Defaults to hiera('rabbitmq_node_names')
#
-# [*rabbit_port*]
-# IP port for rabbitmq service
+# [*oslomsg_rpc_port*]
+# IP port for oslo messaging rpc service
# Defaults to hiera('mistral::rabbit_port', 5672)
+#
+# [*oslomsg_rpc_username*]
+# Username for oslo messaging rpc service
+# Defaults to hiera('mistral::rabbit_userid', 'guest')
+#
+# [*oslomsg_rpc_password*]
+# Password for oslo messaging rpc service
+# Defaults to hiera('mistral::rabbit_password')
+#
+# [*oslomsg_notify_proto*]
+# Protocol driver for the oslo messaging notify service
+# Defaults to hiera('messaging_notify_service_name', rabbit)
+#
+# [*oslomsg_notify_hosts*]
+# list of the oslo messaging notify host fqdns
+# Defaults to hiera('rabbitmq_node_names')
+#
+# [*oslomsg_notify_port*]
+# IP port for oslo messaging notify service
+# Defaults to hiera('mistral::rabbit_port', 5672)
+#
+# [*oslomsg_notify_username*]
+# Username for oslo messaging notify service
+# Defaults to hiera('mistral::rabbit_userid', 'guest')
+#
+# [*oslomsg_notify_password*]
+# Password for oslo messaging notify service
+# Defaults to hiera('mistral::rabbit_password')
+#
+# [*oslomsg_use_ssl*]
+# Enable ssl oslo messaging services
+# Defaults to hiera('mistral::rabbit_use_ssl', '0')
class tripleo::profile::base::mistral (
- $bootstrap_node = hiera('bootstrap_nodeid', undef),
- $step = hiera('step'),
- $rabbit_hosts = hiera('rabbitmq_node_names', undef),
- $rabbit_port = hiera('mistral::rabbit_port', 5672),
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $step = hiera('step'),
+ $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
+ $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_rpc_password = hiera('mistral::rabbit_password'),
+ $oslomsg_rpc_port = hiera('mistral::rabbit_port', '5672'),
+ $oslomsg_rpc_username = hiera('mistral::rabbit_userid', 'guest'),
+ $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'),
+ $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_notify_password = hiera('mistral::rabbit_password'),
+ $oslomsg_notify_port = hiera('mistral::rabbit_port', '5672'),
+ $oslomsg_notify_username = hiera('mistral::rabbit_userid', 'guest'),
+ $oslomsg_use_ssl = hiera('mistral::rabbit_use_ssl', '0'),
) {
if $::hostname == downcase($bootstrap_node) {
$sync_db = true
@@ -48,9 +93,24 @@ class tripleo::profile::base::mistral (
}
if $step >= 4 or ($step >= 3 and $sync_db) {
- $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}")
+ $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
class { '::mistral':
- rabbit_hosts => $rabbit_endpoints,
+ default_transport_url => os_transport_url({
+ 'transport' => $oslomsg_rpc_proto,
+ 'hosts' => $oslomsg_rpc_hosts,
+ 'port' => $oslomsg_rpc_port,
+ 'username' => $oslomsg_rpc_username,
+ 'password' => $oslomsg_rpc_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
+ notification_transport_url => os_transport_url({
+ 'transport' => $oslomsg_notify_proto,
+ 'hosts' => $oslomsg_notify_hosts,
+ 'port' => $oslomsg_notify_port,
+ 'username' => $oslomsg_notify_username,
+ 'password' => $oslomsg_notify_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
}
include ::mistral::config
include ::mistral::client
diff --git a/manifests/profile/base/neutron.pp b/manifests/profile/base/neutron.pp
index e6a32db..2f01b75 100644
--- a/manifests/profile/base/neutron.pp
+++ b/manifests/profile/base/neutron.pp
@@ -22,23 +22,111 @@
# (Optional) The current step of the deployment
# Defaults to hiera('step')
#
-# [*rabbit_hosts*]
-# list of the rabbbit host fqdns
+# [*oslomsg_rpc_proto*]
+# Protocol driver for the oslo messaging rpc service
+# Defaults to hiera('messaging_rpc_service_name', rabbit)
+#
+# [*oslomsg_rpc_hosts*]
+# list of the oslo messaging rpc host fqdns
+# Defaults to hiera('rabbitmq_node_names')
+#
+# [*oslomsg_rpc_port*]
+# IP port for oslo messaging rpc service
+# Defaults to hiera('neutron::rabbit_port', 5672)
+#
+# [*oslomsg_rpc_username*]
+# Username for oslo messaging rpc service
+# Defaults to hiera('neutron::rabbit_userid', 'guest')
+#
+# [*oslomsg_rpc_password*]
+# Password for oslo messaging rpc service
+# Defaults to hiera('neutron::rabbit_password')
+#
+# [*oslomsg_notify_proto*]
+# Protocol driver for the oslo messaging notify service
+# Defaults to hiera('messaging_notify_service_name', rabbit)
+#
+# [*oslomsg_notify_hosts*]
+# list of the oslo messaging notify host fqdns
# Defaults to hiera('rabbitmq_node_names')
#
-# [*rabbit_port*]
-# IP port for rabbitmq service
-# Defaults to hiera('neutron::rabbit_port', 5672
+# [*oslomsg_notify_port*]
+# IP port for oslo messaging notify service
+# Defaults to hiera('neutron::rabbit_port', 5672)
+#
+# [*oslomsg_notify_username*]
+# Username for oslo messaging notify service
+# Defaults to hiera('neutron::rabbit_userid', 'guest')
+#
+# [*oslomsg_notify_password*]
+# Password for oslo messaging notify service
+# Defaults to hiera('neutron::rabbit_password')
+#
+# [*oslomsg_use_ssl*]
+# Enable ssl oslo messaging services
+# Defaults to hiera('neutron::rabbit_use_ssl', '0')
+#
+# [*dhcp_agents_per_network*]
+# (Optional) TripleO configured number of DHCP agents
+# to use per network. If left to the default value, neutron will be
+# configured with the number of DHCP agents being deployed.
+# Defaults to undef
+#
+# [*dhcp_nodes*]
+# (Optional) List of nodes running the DHCP agent. Used to
+# set neutron's dhcp_agents_per_network value to the number
+# of available agents.
+# Defaults to hiera('neutron_dhcp_short_node_names') or []
+#
class tripleo::profile::base::neutron (
- $step = hiera('step'),
- $rabbit_hosts = hiera('rabbitmq_node_names', undef),
- $rabbit_port = hiera('neutron::rabbit_port', 5672),
+ $step = hiera('step'),
+ $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
+ $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_rpc_password = hiera('neutron::rabbit_password'),
+ $oslomsg_rpc_port = hiera('neutron::rabbit_port', '5672'),
+ $oslomsg_rpc_username = hiera('neutron::rabbit_userid', 'guest'),
+ $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'),
+ $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_notify_password = hiera('neutron::rabbit_password'),
+ $oslomsg_notify_port = hiera('neutron::rabbit_port', '5672'),
+ $oslomsg_notify_username = hiera('neutron::rabbit_userid', 'guest'),
+ $oslomsg_use_ssl = hiera('neutron::rabbit_use_ssl', '0'),
+ $dhcp_agents_per_network = undef,
+ $dhcp_nodes = hiera('neutron_dhcp_short_node_names', []),
) {
if $step >= 3 {
- $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}")
+ $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
+
+ $dhcp_agent_count = size($dhcp_nodes)
+ if $dhcp_agents_per_network {
+ $dhcp_agents_per_net = $dhcp_agents_per_network
+ if ($dhcp_agents_per_net > $dhcp_agent_count) {
+ warning("dhcp_agents_per_network (${dhcp_agents_per_net}) is greater\
+ than the number of deployed dhcp agents (${dhcp_agent_count})")
+ }
+ }
+ elsif $dhcp_agent_count > 0 {
+ $dhcp_agents_per_net = $dhcp_agent_count
+ }
class { '::neutron' :
- rabbit_hosts => $rabbit_endpoints,
+ default_transport_url => os_transport_url({
+ 'transport' => $oslomsg_rpc_proto,
+ 'hosts' => $oslomsg_rpc_hosts,
+ 'port' => $oslomsg_rpc_port,
+ 'username' => $oslomsg_rpc_username,
+ 'password' => $oslomsg_rpc_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
+ notification_transport_url => os_transport_url({
+ 'transport' => $oslomsg_notify_proto,
+ 'hosts' => $oslomsg_notify_hosts,
+ 'port' => $oslomsg_notify_port,
+ 'username' => $oslomsg_notify_username,
+ 'password' => $oslomsg_notify_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
+ dhcp_agents_per_network => $dhcp_agents_per_net,
}
include ::neutron::config
}
diff --git a/manifests/profile/base/neutron/ovs.pp b/manifests/profile/base/neutron/ovs.pp
index a4e0cd3..bec7e96 100644
--- a/manifests/profile/base/neutron/ovs.pp
+++ b/manifests/profile/base/neutron/ovs.pp
@@ -28,7 +28,7 @@ class tripleo::profile::base::neutron::ovs(
) {
include ::tripleo::profile::base::neutron
- if $step >= 4 {
+ if $step >= 5 {
include ::neutron::agents::ml2::ovs
# Optional since manage_service may be false and neutron server may not be colocated.
diff --git a/manifests/profile/base/nova.pp b/manifests/profile/base/nova.pp
index fe1e6a6..36425f6 100644
--- a/manifests/profile/base/nova.pp
+++ b/manifests/profile/base/nova.pp
@@ -30,28 +30,48 @@
# (Optional) Whether or not manage Nova Live migration
# Defaults to false
#
-# [*messaging_driver*]
-# Driver for messaging service.
-# Defaults to hiera('messaging_service_name', 'rabbit')
+# [*oslomsg_rpc_proto*]
+# Protocol driver for the oslo messaging rpc service
+# Defaults to hiera('messaging_rpc_service_name', rabbit)
#
-# [*messaging_hosts*]
-# list of the messaging host fqdns
+# [*oslomsg_rpc_hosts*]
+# list of the oslo messaging rpc host fqdns
# Defaults to hiera('rabbitmq_node_names')
#
-# [*messaging_password*]
-# Password for messaging nova queue
+# [*oslomsg_rpc_port*]
+# IP port for oslo messaging rpc service
+# Defaults to hiera('nova::rabbit_port', 5672)
+#
+# [*oslomsg_rpc_username*]
+# Username for oslo messaging rpc service
+# Defaults to hiera('nova::rabbit_userid', 'guest')
+#
+# [*oslomsg_rpc_password*]
+# Password for oslo messaging rpc service
# Defaults to hiera('nova::rabbit_password')
#
-# [*messaging_port*]
-# IP port for messaging service
+# [*oslomsg_notify_proto*]
+# Protocol driver for the oslo messaging notify service
+# Defaults to hiera('messaging_notify_service_name', rabbit)
+#
+# [*oslomsg_notify_hosts*]
+# list of the oslo messaging notify host fqdns
+# Defaults to hiera('rabbitmq_node_names')
+#
+# [*oslomsg_notify_port*]
+# IP port for oslo messaging notify service
# Defaults to hiera('nova::rabbit_port', 5672)
#
-# [*messaging_username*]
-# Username for messaging nova queue
+# [*oslomsg_notify_username*]
+# Username for oslo messaging notify service
# Defaults to hiera('nova::rabbit_userid', 'guest')
#
-# [*messaging_use_ssl*]
-# Flag indicating ssl usage.
+# [*oslomsg_notify_password*]
+# Password for oslo messaging notify service
+# Defaults to hiera('nova::rabbit_password')
+#
+# [*oslomsg_use_ssl*]
+# Enable ssl oslo messaging services
# Defaults to hiera('nova::rabbit_use_ssl', '0')
#
# [*nova_compute_enabled*]
@@ -63,17 +83,22 @@
# Defaults to hiera('step')
#
class tripleo::profile::base::nova (
- $bootstrap_node = hiera('bootstrap_nodeid', undef),
- $libvirt_enabled = false,
- $manage_migration = false,
- $messaging_driver = hiera('messaging_service_name', 'rabbit'),
- $messaging_hosts = any2array(hiera('rabbitmq_node_names', undef)),
- $messaging_password = hiera('nova::rabbit_password'),
- $messaging_port = hiera('nova::rabbit_port', '5672'),
- $messaging_username = hiera('nova::rabbit_userid', 'guest'),
- $messaging_use_ssl = hiera('nova::rabbit_use_ssl', '0'),
- $nova_compute_enabled = false,
- $step = hiera('step'),
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $libvirt_enabled = false,
+ $manage_migration = false,
+ $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
+ $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_rpc_password = hiera('nova::rabbit_password'),
+ $oslomsg_rpc_port = hiera('nova::rabbit_port', '5672'),
+ $oslomsg_rpc_username = hiera('nova::rabbit_userid', 'guest'),
+ $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'),
+ $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_notify_password = hiera('nova::rabbit_password'),
+ $oslomsg_notify_port = hiera('nova::rabbit_port', '5672'),
+ $oslomsg_notify_username = hiera('nova::rabbit_userid', 'guest'),
+ $oslomsg_use_ssl = hiera('nova::rabbit_use_ssl', '0'),
+ $nova_compute_enabled = false,
+ $step = hiera('step'),
) {
if $::hostname == downcase($bootstrap_node) {
$sync_db = true
@@ -88,17 +113,23 @@ class tripleo::profile::base::nova (
}
if $step >= 4 or ($step >= 3 and $sync_db) {
- $messaging_use_ssl_real = sprintf('%s', bool2num(str2bool($messaging_use_ssl)))
- # TODO(ccamacho): remove sprintf once we properly type the port, needs
- # to be a string for the os_transport_url function.
+ $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
class { '::nova' :
- default_transport_url => os_transport_url({
- 'transport' => $messaging_driver,
- 'hosts' => $messaging_hosts,
- 'port' => sprintf('%s', $messaging_port),
- 'username' => $messaging_username,
- 'password' => $messaging_password,
- 'ssl' => $messaging_use_ssl_real,
+ default_transport_url => os_transport_url({
+ 'transport' => $oslomsg_rpc_proto,
+ 'hosts' => $oslomsg_rpc_hosts,
+ 'port' => $oslomsg_rpc_port,
+ 'username' => $oslomsg_rpc_username,
+ 'password' => $oslomsg_rpc_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
+ notification_transport_url => os_transport_url({
+ 'transport' => $oslomsg_notify_proto,
+ 'hosts' => $oslomsg_notify_hosts,
+ 'port' => $oslomsg_notify_port,
+ 'username' => $oslomsg_notify_username,
+ 'password' => $oslomsg_notify_password,
+ 'ssl' => $oslomsg_use_ssl_real,
}),
}
include ::nova::config
@@ -107,10 +138,10 @@ class tripleo::profile::base::nova (
backend => 'oslo_cache.memcache_pool',
memcache_servers => $memcache_servers,
}
+ include ::nova::placement
}
if $step >= 4 {
- include ::nova::placement
if $manage_migration {
class { '::nova::migration::libvirt':
configure_libvirt => $libvirt_enabled,
diff --git a/manifests/profile/base/nova/api.pp b/manifests/profile/base/nova/api.pp
index 83baae2..cda2b66 100644
--- a/manifests/profile/base/nova/api.pp
+++ b/manifests/profile/base/nova/api.pp
@@ -49,6 +49,11 @@
# This is set by t-h-t.
# Defaults to hiera('nova_api_network', undef)
#
+# [*nova_api_wsgi_enabled*]
+# (Optional) Whether or not deploy Nova API in WSGI with Apache.
+# Nova Team discourages it.
+# Defaults to hiera('nova_wsgi_enabled', false)
+#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
@@ -60,6 +65,7 @@ class tripleo::profile::base::nova::api (
$enable_internal_tls = hiera('enable_internal_tls', false),
$generate_service_certificates = hiera('generate_service_certificates', false),
$nova_api_network = hiera('nova_api_network', undef),
+ $nova_api_wsgi_enabled = hiera('nova_wsgi_enabled', false),
$step = hiera('step'),
) {
if $::hostname == downcase($bootstrap_node) {
@@ -69,21 +75,7 @@ class tripleo::profile::base::nova::api (
}
include ::tripleo::profile::base::nova
-
- if $enable_internal_tls {
- if $generate_service_certificates {
- ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
- }
-
- if !$nova_api_network {
- fail('nova_api_network is not set in the hieradata.')
- }
- $tls_certfile = $certificates_specs["httpd-${nova_api_network}"]['service_certificate']
- $tls_keyfile = $certificates_specs["httpd-${nova_api_network}"]['service_key']
- } else {
- $tls_certfile = undef
- $tls_keyfile = undef
- }
+ include ::tripleo::profile::base::nova::authtoken
if $step >= 3 and $sync_db {
include ::nova::cell_v2::simple_setup
@@ -91,31 +83,48 @@ class tripleo::profile::base::nova::api (
if $step >= 4 or ($step >= 3 and $sync_db) {
- if hiera('nova::use_ipv6', false) {
- $memcache_servers = suffix(any2array(normalize_ip_for_uri(hiera('memcached_node_ips_v6'))), ':11211')
- } else {
- $memcache_servers = suffix(any2array(normalize_ip_for_uri(hiera('memcached_node_ips'))), ':11211')
- }
-
- class { '::nova::keystone::authtoken':
- memcached_servers => $memcache_servers
- }
-
class { '::nova::api':
sync_db => $sync_db,
sync_db_api => $sync_db,
}
- class { '::nova::wsgi::apache_api':
- ssl_cert => $tls_certfile,
- ssl_key => $tls_keyfile,
- }
include ::nova::network::neutron
}
+ # Temporarily disable Nova API deployed in WSGI
+ # https://bugs.launchpad.net/nova/+bug/1661360
+ if $nova_api_wsgi_enabled {
+ if $enable_internal_tls {
+ if $generate_service_certificates {
+ ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
+ }
+
+ if !$nova_api_network {
+ fail('nova_api_network is not set in the hieradata.')
+ }
+ $tls_certfile = $certificates_specs["httpd-${nova_api_network}"]['service_certificate']
+ $tls_keyfile = $certificates_specs["httpd-${nova_api_network}"]['service_key']
+ } else {
+ $tls_certfile = undef
+ $tls_keyfile = undef
+ }
+ if $step >= 4 or ($step >= 3 and $sync_db) {
+ class { '::nova::wsgi::apache_api':
+ ssl_cert => $tls_certfile,
+ ssl_key => $tls_keyfile,
+ }
+ }
+ }
if $step >= 5 {
if hiera('nova_enable_db_purge', true) {
include ::nova::cron::archive_deleted_rows
}
+ # At step 5, we consider all nova-compute services started and registred to nova-conductor
+ # So we want to update Nova Cells database to be aware of these hosts by executing the
+ # nova-cell_v2-discover_hosts command again.
+ # Doing it on a single nova-api node to avoid race condition.
+ if $sync_db {
+ Exec<| title == 'nova-cell_v2-discover_hosts' |> { refreshonly => false }
+ }
}
}
diff --git a/manifests/profile/base/nova/authtoken.pp b/manifests/profile/base/nova/authtoken.pp
new file mode 100644
index 0000000..ee6c331
--- /dev/null
+++ b/manifests/profile/base/nova/authtoken.pp
@@ -0,0 +1,56 @@
+# Copyright 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::nova::authtoken
+#
+# Nova authtoken profile for TripleO
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+# [*use_ipv6*]
+# (Optional) Flag indicating if ipv6 should be used for caching
+# Defaults to hiera('nova::use_ipv6', false)
+#
+# [*memcache_nodes_ipv6*]
+# (Optional) Array of ipv6 addresses for memcache. Used if use_ipv6 is true.
+# Defaults to hiera('memcached_node_ipvs_v6', ['::1'])
+#
+# [*memcache_nodes_ipv4*]
+# (Optional) Array of ipv4 addresses for memcache. Used by default unless
+# use_ipv6 is set to true.
+# Defaults to hiera('memcached_node_ips', ['127.0.0.1'])
+#
+class tripleo::profile::base::nova::authtoken (
+ $step = hiera('step'),
+ $use_ipv6 = hiera('nova::use_ipv6', false),
+ $memcache_nodes_ipv6 = hiera('memcached_node_ips_v6', ['::1']),
+ $memcache_nodes_ipv4 = hiera('memcached_node_ips', ['127.0.0.1']),
+) {
+
+ if $step >= 3 {
+ $memcached_ips = $use_ipv6 ? {
+ true => $memcache_nodes_ipv6,
+ default => $memcache_nodes_ipv4
+ }
+
+ $memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211')
+
+ class { '::nova::keystone::authtoken':
+ memcached_servers => $memcache_servers
+ }
+ }
+}
diff --git a/manifests/profile/base/nova/compute.pp b/manifests/profile/base/nova/compute.pp
index 076996a..0eb2ed7 100644
--- a/manifests/profile/base/nova/compute.pp
+++ b/manifests/profile/base/nova/compute.pp
@@ -42,6 +42,7 @@ class tripleo::profile::base::nova::compute (
# before nova-compute.
Service<| title == 'nova-conductor' |> -> Service['nova-compute']
+
# deploy bits to connect nova compute to neutron
include ::nova::network::neutron
diff --git a/manifests/profile/base/nova/compute/libvirt.pp b/manifests/profile/base/nova/compute/libvirt.pp
index 6767f6b..cc9beb6 100644
--- a/manifests/profile/base/nova/compute/libvirt.pp
+++ b/manifests/profile/base/nova/compute/libvirt.pp
@@ -40,24 +40,13 @@ class tripleo::profile::base::nova::compute::libvirt (
}
}
- # TODO(emilien): Some work needs to be done in puppet-nova to separate nova-compute config
- # when running libvirt and libvirt itself, so we allow micro-services deployments.
- if str2bool(hiera('nova::use_ipv6', false)) {
- $vncserver_listen = '::0'
- } else {
- $vncserver_listen = '0.0.0.0'
- }
-
if $rbd_ephemeral_storage {
class { '::nova::compute::libvirt':
libvirt_disk_cachemodes => ['network=writeback'],
libvirt_hw_disk_discard => 'unmap',
- vncserver_listen => $vncserver_listen,
}
} else {
- class { '::nova::compute::libvirt' :
- vncserver_listen => $vncserver_listen,
- }
+ include ::nova::compute::libvirt
}
include ::nova::compute::libvirt::qemu
diff --git a/manifests/profile/base/nova/placement.pp b/manifests/profile/base/nova/placement.pp
index aa8c3c7..46658b8 100644
--- a/manifests/profile/base/nova/placement.pp
+++ b/manifests/profile/base/nova/placement.pp
@@ -69,6 +69,7 @@ class tripleo::profile::base::nova::placement (
}
include ::tripleo::profile::base::nova
+ include ::tripleo::profile::base::nova::authtoken
if $enable_internal_tls {
if $generate_service_certificates {
@@ -85,7 +86,7 @@ class tripleo::profile::base::nova::placement (
$tls_keyfile = undef
}
- if $step >= 4 {
+ if $step >= 3 {
class { '::nova::wsgi::apache_placement':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/octavia.pp b/manifests/profile/base/octavia.pp
index 46ca009..e8310d8 100644
--- a/manifests/profile/base/octavia.pp
+++ b/manifests/profile/base/octavia.pp
@@ -22,35 +22,50 @@
# (Optional) The current step of the deployment
# Defaults to hiera('step')
#
-# [*rabbit_user*]
-# [*rabbit_password*]
-# (Optional) RabbitMQ user details
-# Defaults to undef
+# [*oslomsg_rpc_proto*]
+# Protocol driver for the oslo messaging rpc service
+# Defaults to hiera('messaging_rpc_service_name', rabbit)
#
-# [*rabbit_hosts*]
-# list of the rabbbit host fqdns
+# [*oslomsg_rpc_hosts*]
+# list of the oslo messaging rpc host fqdns
# Defaults to hiera('rabbitmq_node_names')
#
-# [*rabbit_port*]
-# IP port for rabbitmq service
-# Defaults to 5672.
+# [*oslomsg_rpc_port*]
+# IP port for oslo messaging rpc service
+# Defaults to hiera('octavia::rabbit_port', 5672)
#
+# [*oslomsg_rpc_username*]
+# Username for oslo messaging rpc service
+# Defaults to hiera('octavia::rabbit_userid', 'guest')
+#
+# [*oslomsg_rpc_password*]
+# Password for oslo messaging rpc service
+# Defaults to hiera('octavia::rabbit_password')
+#
+# [*oslomsg_use_ssl*]
+# Enable ssl oslo messaging services
+# Defaults to hiera('octavia::rabbit_use_ssl', '0')
+
class tripleo::profile::base::octavia (
- $step = hiera('step'),
- $rabbit_user = undef,
- $rabbit_password = undef,
- $rabbit_hosts = hiera('rabbitmq_node_names', undef),
- $rabbit_port = '5672'
+ $step = hiera('step'),
+ $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
+ $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_rpc_password = hiera('octavia::rabbit_password'),
+ $oslomsg_rpc_port = hiera('octavia::rabbit_port', '5672'),
+ $oslomsg_rpc_username = hiera('octavia::rabbit_userid', 'guest'),
+ $oslomsg_use_ssl = hiera('octavia::rabbit_use_ssl', '0'),
) {
if $step >= 3 {
+ $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
class { '::octavia' :
default_transport_url => os_transport_url({
- 'transport' => 'rabbit',
- 'hosts' => $rabbit_hosts,
- 'port' => sprintf('%s', $rabbit_port),
- 'username' => $rabbit_user,
- 'password' => $rabbit_password
- })
+ 'transport' => $oslomsg_rpc_proto,
+ 'hosts' => $oslomsg_rpc_hosts,
+ 'port' => sprintf('%s', $oslomsg_rpc_port),
+ 'username' => $oslomsg_rpc_username,
+ 'password' => $oslomsg_rpc_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
}
include ::octavia::config
}
diff --git a/manifests/profile/base/octavia/health_manager.pp b/manifests/profile/base/octavia/health_manager.pp
new file mode 100644
index 0000000..bac5f65
--- /dev/null
+++ b/manifests/profile/base/octavia/health_manager.pp
@@ -0,0 +1,33 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::octavia::health_manager
+#
+# Octavia Health Manager server for tripleo
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::octavia::health_manager (
+ $step = hiera('step'),
+) {
+ include ::tripleo::profile::base::octavia
+ if $step >= 5 {
+ include ::octavia::health_manager
+ }
+}
diff --git a/manifests/profile/base/octavia/housekeeping.pp b/manifests/profile/base/octavia/housekeeping.pp
new file mode 100644
index 0000000..0dcd5cf
--- /dev/null
+++ b/manifests/profile/base/octavia/housekeeping.pp
@@ -0,0 +1,34 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::octavia::housekeeping
+#
+# Octavia Housekeeping profile for tripleo
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::octavia::housekeeping (
+ $step = hiera('step'),
+) {
+ include ::tripleo::profile::base::octavia
+
+ if $step >= 5 {
+ include ::octavia::housekeeping
+ }
+}
diff --git a/manifests/profile/base/octavia/worker.pp b/manifests/profile/base/octavia/worker.pp
new file mode 100644
index 0000000..7df324d
--- /dev/null
+++ b/manifests/profile/base/octavia/worker.pp
@@ -0,0 +1,34 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::octavia::worker
+#
+# Octavia Worker profile for tripleo
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::octavia::worker (
+ $step = hiera('step'),
+) {
+ include ::tripleo::profile::base::octavia
+
+ if $step >= 5 {
+ include ::octavia::worker
+ }
+}
diff --git a/manifests/profile/base/panko.pp b/manifests/profile/base/panko.pp
index 880cf7d..286e4ac 100644
--- a/manifests/profile/base/panko.pp
+++ b/manifests/profile/base/panko.pp
@@ -23,26 +23,12 @@
# for more details.
# Defaults to hiera('step')
#
-# [*bootstrap_node*]
-# (Optional) The hostname of the node responsible for bootstrapping tasks
-# Defaults to hiera('bootstrap_nodeid')
class tripleo::profile::base::panko (
- $step = hiera('step'),
- $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $step = hiera('step'),
) {
-
- if $::hostname == downcase($bootstrap_node) {
- $sync_db = true
- } else {
- $sync_db = false
- }
-
- if $step >= 4 or ($step >= 3 and $sync_db) {
+ if $step >= 3 {
include ::panko
- include ::panko::db
include ::panko::config
- include ::panko::db::sync
}
-
}
diff --git a/manifests/profile/base/panko/api.pp b/manifests/profile/base/panko/api.pp
index 45ee0c0..a6643ce 100644
--- a/manifests/profile/base/panko/api.pp
+++ b/manifests/profile/base/panko/api.pp
@@ -18,6 +18,10 @@
#
# === Parameters
#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
# [*certificates_specs*]
# (Optional) The specifications to give to certmonger for the certificate(s)
# it will create.
@@ -53,12 +57,19 @@
# Defaults to hiera('step')
#
class tripleo::profile::base::panko::api (
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$generate_service_certificates = hiera('generate_service_certificates', false),
$panko_network = hiera('panko_api_network', undef),
$step = hiera('step'),
) {
+ if $::hostname == downcase($bootstrap_node) {
+ $sync_db = true
+ } else {
+ $sync_db = false
+ }
+
include ::tripleo::profile::base::panko
if $enable_internal_tls {
@@ -76,8 +87,11 @@ class tripleo::profile::base::panko::api (
$tls_keyfile = undef
}
- if $step >= 4 {
- include ::panko::api
+ if $step >= 4 or ( $step >= 3 and $sync_db ) {
+ include ::panko::db
+ class { '::panko::api':
+ sync_db => $sync_db,
+ }
class { '::panko::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/rabbitmq.pp b/manifests/profile/base/rabbitmq.pp
index fd8de8f..b04d721 100644
--- a/manifests/profile/base/rabbitmq.pp
+++ b/manifests/profile/base/rabbitmq.pp
@@ -18,14 +18,41 @@
#
# === Parameters
#
+# [*certificate_specs*]
+# (Optional) The specifications to give to certmonger for the certificate
+# it will create. Note that the certificate nickname must be 'mysql' in
+# the case of this service.
+# Example with hiera:
+# tripleo::profile::base::database::mysql::certificate_specs:
+# hostname: <overcloud controller fqdn>
+# service_certificate: <service certificate path>
+# service_key: <service key path>
+# principal: "mysql/<overcloud controller fqdn>"
+# Defaults to {}.
+#
# [*config_variables*]
# (Optional) RabbitMQ environment.
# Defaults to hiera('rabbitmq_config_variables').
#
+# [*enable_internal_tls*]
+# (Optional) Whether TLS in the internal network is enabled or not.
+# Defaults to undef
+#
# [*environment*]
# (Optional) RabbitMQ environment.
# Defaults to hiera('rabbitmq_environment').
#
+# [*generate_service_certificates*]
+# (Optional) Whether or not certmonger will generate certificates for
+# MySQL. This could be as many as specified by the $certificates_specs
+# variable.
+# Defaults to hiera('generate_service_certificate', false).
+#
+# [*inet_dist_interface*]
+# (Optional) Address to bind the inter-cluster interface
+# to. It is the inet_dist_use_interface option in the kernel variables
+# Defaults to hiera('rabbitmq::interface', undef).
+#
# [*ipv6*]
# (Optional) Whether to deploy RabbitMQ on IPv6 network.
# Defaults to str2bool(hiera('rabbit_ipv6', false)).
@@ -34,29 +61,53 @@
# (Optional) RabbitMQ environment.
# Defaults to hiera('rabbitmq_environment').
#
-# [*inet_dist_interface*]
-# (Optional) Address to bind the inter-cluster interface
-# to. It is the inet_dist_use_interface option in the kernel variables
-# Defaults to hiera('rabbitmq::interface', undef).
-#
# [*nodes*]
# (Optional) Array of host(s) for RabbitMQ nodes.
# Defaults to hiera('rabbitmq_node_names', []).
#
+# [*rabbitmq_pass*]
+# (Optional) RabbitMQ Default Password.
+# Defaults to hiera('rabbitmq::default_pass')
+#
+# [*rabbitmq_user*]
+# (Optional) RabbitMQ Default User.
+# Defaults to hiera('rabbitmq::default_user')
+#
+# [*stack_action*]
+# (Optional) Action of the stack deployment.
+# Defaults to hiera('stack_action')
+#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to hiera('step')
#
class tripleo::profile::base::rabbitmq (
- $config_variables = hiera('rabbitmq_config_variables'),
- $environment = hiera('rabbitmq_environment'),
- $ipv6 = str2bool(hiera('rabbit_ipv6', false)),
- $kernel_variables = hiera('rabbitmq_kernel_variables'),
- $inet_dist_interface = hiera('rabbitmq::interface', undef),
- $nodes = hiera('rabbitmq_node_names', []),
- $step = hiera('step'),
+ $certificate_specs = {},
+ $config_variables = hiera('rabbitmq_config_variables'),
+ $enable_internal_tls = undef, # TODO(jaosorior): pass this via t-h-t
+ $environment = hiera('rabbitmq_environment'),
+ $generate_service_certificates = hiera('generate_service_certificates', false),
+ $inet_dist_interface = hiera('rabbitmq::interface', undef),
+ $ipv6 = str2bool(hiera('rabbit_ipv6', false)),
+ $kernel_variables = hiera('rabbitmq_kernel_variables'),
+ $nodes = hiera('rabbitmq_node_names', []),
+ $rabbitmq_pass = hiera('rabbitmq::default_pass'),
+ $rabbitmq_user = hiera('rabbitmq::default_user'),
+ $stack_action = hiera('stack_action'),
+ $step = hiera('step'),
) {
+ if $enable_internal_tls {
+ if $generate_service_certificates {
+ ensure_resource('class', 'tripleo::certmonger::rabbitmq', $certificate_specs)
+ }
+ $tls_certfile = $certificate_specs['service_certificate']
+ $tls_keyfile = $certificate_specs['service_key']
+ } else {
+ $tls_certfile = undef
+ $tls_keyfile = undef
+ }
+
# IPv6 environment, necessary for RabbitMQ.
if $ipv6 {
$rabbit_env = merge($environment, {
@@ -85,6 +136,9 @@ class tripleo::profile::base::rabbitmq (
config_kernel_variables => $real_kernel_variables,
config_variables => $config_variables,
environment_variables => $rabbit_env,
+ # TLS options
+ ssl_cert => $tls_certfile,
+ ssl_key => $tls_keyfile,
}
# when running multi-nodes without Pacemaker
if $manage_service {
@@ -101,6 +155,20 @@ class tripleo::profile::base::rabbitmq (
config_kernel_variables => $kernel_variables,
config_variables => $config_variables,
environment_variables => $rabbit_env,
+ # TLS options
+ ssl_cert => $tls_certfile,
+ ssl_key => $tls_keyfile,
+ }
+ }
+ # In case of HA, starting of rabbitmq-server is managed by pacemaker, because of which, a dependency
+ # to Service['rabbitmq-server'] will not work. Sticking with UPDATE action.
+ if $stack_action == 'UPDATE' {
+ # Required for changing password on update scenario. Password will be changed only when
+ # called explicity, if the rabbitmq service is already running.
+ rabbitmq_user { $rabbitmq_user :
+ password => $rabbitmq_pass,
+ provider => 'rabbitmqctl',
+ admin => true,
}
}
}
diff --git a/manifests/profile/base/sahara.pp b/manifests/profile/base/sahara.pp
index 8db071b..7f4ecbe 100644
--- a/manifests/profile/base/sahara.pp
+++ b/manifests/profile/base/sahara.pp
@@ -26,19 +26,64 @@
# (Optional) The current step of the deployment
# Defaults to hiera('step')
#
-# [*rabbit_hosts*]
-# list of the rabbbit host fqdns
+# [*oslomsg_rpc_proto*]
+# Protocol driver for the oslo messaging rpc service
+# Defaults to hiera('messaging_rpc_service_name', rabbit)
+#
+# [*oslomsg_rpc_hosts*]
+# list of the oslo messaging rpc host fqdns
+# Defaults to hiera('rabbitmq_node_names')
+#
+# [*oslomsg_rpc_port*]
+# IP port for oslo messaging rpc service
+# Defaults to hiera('sahara::rabbit_port', 5672)
+#
+# [*oslomsg_rpc_username*]
+# Username for oslo messaging rpc service
+# Defaults to hiera('sahara::rabbit_userid', 'guest')
+#
+# [*oslomsg_rpc_password*]
+# Password for oslo messaging rpc service
+# Defaults to hiera('sahara::rabbit_password')
+#
+# [*oslomsg_notify_proto*]
+# Protocol driver for the oslo messaging notify service
+# Defaults to hiera('messaging_notify_service_name', rabbit)
+#
+# [*oslomsg_notify_hosts*]
+# list of the oslo messaging notify host fqdns
# Defaults to hiera('rabbitmq_node_names')
#
-# [*rabbit_port*]
-# IP port for rabbitmq service
+# [*oslomsg_notify_port*]
+# IP port for oslo messaging notify service
# Defaults to hiera('sahara::rabbit_port', 5672)
+#
+# [*oslomsg_notify_username*]
+# Username for oslo messaging notify service
+# Defaults to hiera('sahara::rabbit_userid', 'guest')
+#
+# [*oslomsg_notify_password*]
+# Password for oslo messaging notify service
+# Defaults to hiera('sahara::rabbit_password')
+#
+# [*oslomsg_use_ssl*]
+# Enable ssl oslo messaging services
+# Defaults to hiera('sahara::rabbit_use_ssl', '0')
class tripleo::profile::base::sahara (
- $bootstrap_node = hiera('bootstrap_nodeid', undef),
- $step = hiera('step'),
- $rabbit_hosts = hiera('rabbitmq_node_names', undef),
- $rabbit_port = hiera('sahara::rabbit_port', 5672),
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $step = hiera('step'),
+ $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
+ $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_rpc_password = hiera('sahara::rabbit_password'),
+ $oslomsg_rpc_port = hiera('sahara::rabbit_port', '5672'),
+ $oslomsg_rpc_username = hiera('sahara::rabbit_userid', 'guest'),
+ $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'),
+ $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_notify_password = hiera('sahara::rabbit_password'),
+ $oslomsg_notify_port = hiera('sahara::rabbit_port', '5672'),
+ $oslomsg_notify_username = hiera('sahara::rabbit_userid', 'guest'),
+ $oslomsg_use_ssl = hiera('sahara::rabbit_use_ssl', '0'),
) {
if $::hostname == downcase($bootstrap_node) {
$sync_db = true
@@ -47,10 +92,28 @@ class tripleo::profile::base::sahara (
}
if $step >= 4 or ($step >= 3 and $sync_db){
- $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}")
+ $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
class { '::sahara':
- sync_db => $sync_db,
- rabbit_hosts => $rabbit_endpoints,
+ sync_db => $sync_db,
+ default_transport_url => os_transport_url({
+ 'transport' => $oslomsg_rpc_proto,
+ 'hosts' => $oslomsg_rpc_hosts,
+ 'port' => $oslomsg_rpc_port,
+ 'username' => $oslomsg_rpc_username,
+ 'password' => $oslomsg_rpc_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
+ }
+ class { '::sahara::notify':
+ notification_transport_url => os_transport_url({
+ 'transport' => $oslomsg_notify_proto,
+ 'hosts' => $oslomsg_notify_hosts,
+ 'port' => $oslomsg_notify_port,
+ 'username' => $oslomsg_notify_username,
+ 'password' => $oslomsg_notify_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
}
+ include ::sahara::keystone::authtoken
}
}
diff --git a/manifests/profile/base/swift/proxy.pp b/manifests/profile/base/swift/proxy.pp
index 5bd75bd..0d9ba68 100644
--- a/manifests/profile/base/swift/proxy.pp
+++ b/manifests/profile/base/swift/proxy.pp
@@ -18,38 +18,58 @@
#
# === Parameters
#
-# [*step*]
-# (Optional) The current step in deployment. See tripleo-heat-templates
-# for more details.
-# Defaults to hiera('step')
+# [*ceilometer_enabled*]
+# Whether the ceilometer pipeline is enabled.
+# Defaults to true
#
-# [*memcache_servers*]
-# (Optional) List of memcache servers
-# Defaults to hiera('memcached_node_ips')
+# [*ceilometer_messaging_driver*]
+# Driver for messaging service.
+# Defaults to hiera('messaging_notify_service_name', 'rabbit')
+#
+# [*ceilometer_messaging_hosts*]
+# list of the messaging host fqdns
+# Defaults to hiera('rabbitmq_node_names')
+#
+# [*ceilometer_messaging_password*]
+# Password for messaging nova queue
+# Defaults to hiera('swift::proxy::ceilometer::rabbit_password', undef)
+#
+# [*ceilometer_messaging_port*]
+# IP port for messaging service
+# Defaults to hiera('tripleo::profile::base::swift::proxy::rabbit_port', 5672)
+#
+# [*ceilometer_messaging_use_ssl*]
+# Flag indicating ssl usage.
+# Defaults to '0'
+#
+# [*ceilometer_messaging_username*]
+# Username for messaging nova queue
+# Defaults to hiera('swift::proxy::ceilometer::rabbit_user', 'guest')
#
# [*memcache_port*]
# (Optional) memcache port
# Defaults to 11211
#
-# [*rabbit_hosts*]
-# list of the rabbbit host fqdns
-# Defaults to hiera('rabbitmq_node_names')
-#
-# [*rabbit_port*]
-# IP port for rabbitmq service
-# Defaults to 5672
+# [*memcache_servers*]
+# (Optional) List of memcache servers
+# Defaults to hiera('memcached_node_ips')
#
-# [*ceilometer_enabled*]
-# Whether the ceilometer pipeline is enabled.
-# Defaults to true
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
#
class tripleo::profile::base::swift::proxy (
- $step = hiera('step'),
- $memcache_servers = hiera('memcached_node_ips'),
- $memcache_port = 11211,
- $rabbit_hosts = hiera('rabbitmq_node_names', undef),
- $rabbit_port = 5672,
- $ceilometer_enabled = true,
+ $ceilometer_enabled = true,
+ $ceilometer_messaging_driver = hiera('messaging_notify_service_name', 'rabbit'),
+ $ceilometer_messaging_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $ceilometer_messaging_password = hiera('swift::proxy::ceilometer::rabbit_password', undef),
+ $ceilometer_messaging_port = hiera('tripleo::profile::base::swift::proxy::rabbit_port', '5672'),
+ $ceilometer_messaging_use_ssl = '0',
+ $ceilometer_messaging_username = hiera('swift::proxy::ceilometer::rabbit_user', 'guest'),
+ $memcache_port = 11211,
+ $memcache_servers = hiera('memcached_node_ips'),
+ $step = hiera('step'),
) {
if $step >= 4 {
$swift_memcache_servers = suffix(any2array(normalize_ip_for_uri($memcache_servers)), ":${memcache_port}")
@@ -68,10 +88,17 @@ class tripleo::profile::base::swift::proxy (
include ::swift::proxy::tempurl
include ::swift::proxy::formpost
include ::swift::proxy::bulk
- $swift_rabbit_hosts = suffix(any2array($rabbit_hosts), ":${rabbit_port}")
+ $ceilometer_messaging_use_ssl_real = sprintf('%s', bool2num(str2bool($ceilometer_messaging_use_ssl)))
if $ceilometer_enabled {
class { '::swift::proxy::ceilometer':
- rabbit_hosts => $swift_rabbit_hosts,
+ default_transport_url => os_transport_url({
+ 'transport' => $ceilometer_messaging_driver,
+ 'hosts' => $ceilometer_messaging_hosts,
+ 'port' => sprintf('%s', $ceilometer_messaging_port),
+ 'username' => $ceilometer_messaging_username,
+ 'password' => $ceilometer_messaging_password,
+ 'ssl' => $ceilometer_messaging_use_ssl_real,
+ }),
}
}
include ::swift::proxy::versioned_writes
@@ -82,6 +109,7 @@ class tripleo::profile::base::swift::proxy (
include ::swift::proxy::account_quotas
class { '::swift::objectexpirer':
+ pipeline => ['catch_errors', 'cache', 'proxy-server'],
memcache_servers => $swift_memcache_servers
}
}
diff --git a/manifests/profile/base/tacker.pp b/manifests/profile/base/tacker.pp
index e9f6b77..fa85ec1 100644
--- a/manifests/profile/base/tacker.pp
+++ b/manifests/profile/base/tacker.pp
@@ -22,29 +22,29 @@
# (Optional) The hostname of the node responsible for bootstrapping tasks
# Defaults to hiera('bootstrap_nodeid')
#
-# [*messaging_driver*]
-# Driver for messaging service.
-# Defaults to hiera('messaging_service_name', 'rabbit')
+# [*oslomsg_rpc_proto*]
+# Protocol driver for the oslo messaging rpc service
+# Defaults to hiera('messaging_rpc_service_name', rabbit)
#
-# [*messaging_hosts*]
-# list of the messaging host fqdns
+# [*oslomsg_rpc_hosts*]
+# list of the oslo messaging rpc host fqdns
# Defaults to hiera('rabbitmq_node_names')
#
-# [*messaging_password*]
-# Password for messaging nova queue
-# Defaults to hiera('nova::rabbit_password')
+# [*oslomsg_rpc_port*]
+# IP port for oslo messaging rpc service
+# Defaults to hiera('tacker::rabbit_port', 5672)
#
-# [*messaging_port*]
-# IP port for messaging service
-# Defaults to hiera('nova::rabbit_port', 5672)
+# [*oslomsg_rpc_username*]
+# Username for oslo messaging rpc service
+# Defaults to hiera('tacker::rabbit_userid', 'guest')
#
-# [*messaging_username*]
-# Username for messaging nova queue
-# Defaults to hiera('nova::rabbit_userid', 'guest')
+# [*oslomsg_rpc_password*]
+# Password for oslo messaging rpc service
+# Defaults to hiera('tacker::rabbit_password')
#
-# [*messaging_use_ssl*]
-# Flag indicating ssl usage.
-# Defaults to hiera('nova::rabbit_use_ssl', '0')
+# [*oslomsg_use_ssl*]
+# Enable ssl oslo messaging services
+# Defaults to hiera('tacker::rabbit_use_ssl', '0')
#
# [*step*]
# (Optional) The current step of the deployment
@@ -52,12 +52,12 @@
class tripleo::profile::base::tacker (
$bootstrap_node = hiera('bootstrap_nodeid', undef),
- $messaging_driver = hiera('messaging_service_name', 'rabbit'),
- $messaging_hosts = any2array(hiera('rabbitmq_node_names', undef)),
- $messaging_password = hiera('tacker::rabbit_password'),
- $messaging_port = hiera('tacker::rabbit_port', '5672'),
- $messaging_username = hiera('tacker::rabbit_userid', 'guest'),
- $messaging_use_ssl = hiera('tacker::rabbit_use_ssl', '0'),
+ $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
+ $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_rpc_password = hiera('tacker::rabbit_password'),
+ $oslomsg_rpc_port = hiera('tacker::rabbit_port', '5672'),
+ $oslomsg_rpc_username = hiera('tacker::rabbit_userid', 'guest'),
+ $oslomsg_use_ssl = hiera('tacker::rabbit_use_ssl', '0'),
$step = hiera('step'),
) {
if $::hostname == downcase($bootstrap_node) {
@@ -67,16 +67,16 @@ class tripleo::profile::base::tacker (
}
if $step >= 4 or ($step >= 3 and $sync_db){
- $messaging_use_ssl_real = sprintf('%s', bool2num(str2bool($messaging_use_ssl)))
+ $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
class { '::tacker':
sync_db => $sync_db,
default_transport_url => os_transport_url({
- 'transport' => $messaging_driver,
- 'hosts' => $messaging_hosts,
- 'port' => sprintf('%s', $messaging_port),
- 'username' => $messaging_username,
- 'password' => $messaging_password,
- 'ssl' => $messaging_use_ssl_real,
+ 'transport' => $oslomsg_rpc_proto,
+ 'hosts' => $oslomsg_rpc_hosts,
+ 'port' => sprintf('%s', $oslomsg_rpc_port),
+ 'username' => $oslomsg_rpc_username,
+ 'password' => $oslomsg_rpc_password,
+ 'ssl' => $oslomsg_use_ssl_real,
}),
}
diff --git a/manifests/profile/base/time/ntp.pp b/manifests/profile/base/time/ntp.pp
index c6ce309..06a3048 100644
--- a/manifests/profile/base/time/ntp.pp
+++ b/manifests/profile/base/time/ntp.pp
@@ -19,10 +19,12 @@
#
class tripleo::profile::base::time::ntp {
- # if installed, we don't want chrony to conflict with ntp.
- package { 'chrony':
- ensure => 'purged',
- before => Service['ntp'],
+ # If installed, we don't want chrony to conflict with ntp. LP#1665426
+ # It should be noted that this work even if the package is not installed
+ service { 'chronyd':
+ ensure => stopped,
+ enable => false,
+ before => Class['ntp']
}
include ::ntp
}
diff --git a/manifests/profile/base/vpp.pp b/manifests/profile/base/vpp.pp
new file mode 100644
index 0000000..05f52f9
--- /dev/null
+++ b/manifests/profile/base/vpp.pp
@@ -0,0 +1,32 @@
+# Copyright 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::vpp
+#
+# vpp profile for tripleo
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::vpp (
+ $step = hiera('step'),
+) {
+ if $step >= 1 {
+ include ::fdio
+ }
+}
diff --git a/manifests/profile/pacemaker/database/mysql.pp b/manifests/profile/pacemaker/database/mysql.pp
index 6a83f10..bc5e644 100644
--- a/manifests/profile/pacemaker/database/mysql.pp
+++ b/manifests/profile/pacemaker/database/mysql.pp
@@ -75,6 +75,7 @@ class tripleo::profile::pacemaker::database::mysql (
'default-storage-engine' => 'innodb',
'innodb_autoinc_lock_mode' => '2',
'innodb_locks_unsafe_for_binlog'=> '1',
+ 'innodb_file_per_table' => 'ON',
'query_cache_size' => '0',
'query_cache_type' => '0',
'bind-address' => $bind_address,
@@ -179,12 +180,13 @@ class tripleo::profile::pacemaker::database::mysql (
# This step is to create a sysconfig clustercheck file with the root user and empty password
# on the first install only (because later on the clustercheck db user will be used)
# We are using exec and not file in order to not have duplicate definition errors in puppet
- # when we later set the the file to contain the clustercheck data
+ # when we later set the file to contain the clustercheck data
exec { 'create-root-sysconfig-clustercheck':
command => "/bin/echo 'MYSQL_USERNAME=root\nMYSQL_PASSWORD=\'\'\nMYSQL_HOST=localhost\n' > /etc/sysconfig/clustercheck",
unless => '/bin/test -e /etc/sysconfig/clustercheck && grep -q clustercheck /etc/sysconfig/clustercheck',
}
xinetd::service { 'galera-monitor' :
+ bind => hiera('mysql_bind_host'),
port => '9200',
server => '/usr/bin/clustercheck',
per_source => 'UNLIMITED',
diff --git a/manifests/ui.pp b/manifests/ui.pp
index 27e3e50..d51ef2e 100644
--- a/manifests/ui.pp
+++ b/manifests/ui.pp
@@ -31,37 +31,58 @@
# The port on which the UI is listening.
# Defaults to 3000
#
-# [*keystone_url*]
-# The keystone service url
-# Defaults to hiera('keystone::endpoint::public_url')
+# [*enabled_languages*]
+# Which languages to show in the UI.
+# An array.
+# Defaults to ['en-GB', 'en', 'de', 'ja', 'ko-KR', 'zh-CN', 'es']
#
-# [*heat_url*]
-# The heat service url
-# Defaults to hiera('heat::keystone::auth::public_url')
+# [*endpoint_proxy_keystone*]
+# The keystone proxy endpoint url
+# Defaults to undef
#
-# [*heat_url*]
-# The heat service url
-# Defaults to hiera('heat::keystone::auth::public_url')
+# [*endpoint_config_keystone*]
+# The keystone config endpoint url
+# Defaults to undef
#
-# [*heat_url*]
-# The heat service url
-# Defaults to hiera('heat::keystone::auth::public_url')
+# [*endpoint_proxy_heat*]
+# The heat proxy endpoint url
+# Defaults to undef
#
-# [*ironic_url*]
-# The ironic service url
-# Defaults to hiera('ironic::keystone::auth::public_url')
+# [*endpoint_config_heat*]
+# The heat config endpoint url
+# Defaults to undef
#
-# [*mistral_url*]
-# The mistral service url
-# Defaults to hiera('mistral::keystone::auth::public_url')
+# [*endpoint_proxy_ironic*]
+# The ironic proxy endpoint url
+# Defaults to undef
#
-# [*swift_url*]
-# The swift service url
-# Defaults to hiera('swift::keystone::auth::public_url')
+# [*endpoint_config_ironic*]
+# The ironic config endpoint url
+# Defaults to undef
#
-# [*zaqar_websocket_url*]
-# The zaqar websocket url
-# Defaults to hiera('zaquar::keystone::auth_websocket::public_url')
+# [*endpoint_proxy_mistral*]
+# The mistral proxy endpoint url
+# Defaults to undef
+#
+# [*endpoint_config_mistral*]
+# The mistral config endpoint url
+# Defaults to undef
+#
+# [*endpoint_proxy_swift*]
+# The swift proxy endpoint url
+# Defaults to undef
+#
+# [*endpoint_config_swift*]
+# The swift config endpoint url
+# Defaults to undef
+#
+# [*endpoint_proxy_zaqar*]
+# The zaqar proxy endpoint url
+# Defaults to undef
+#
+# [*endpoint_config_zaqar*]
+# The zaqar config endpoint url
+# Defaults to undf
#
# [*zaqar_default_queue*]
# The zaqar default queue
@@ -69,18 +90,30 @@
# Defaults to 'tripleo'
#
class tripleo::ui (
- $servername = $::fqdn,
- $bind_host = hiera('controller_host'),
- $ui_port = 3000,
- $keystone_url = hiera('keystone_auth_uri_v2'),
- $heat_url = hiera('heat::keystone::auth::public_url', undef),
- $ironic_url = hiera('ironic::keystone::auth::public_url', undef),
- $mistral_url = hiera('mistral::keystone::auth::public_url', undef),
- $swift_url = hiera('swift::keystone::auth::public_url', undef),
- $zaqar_websocket_url = hiera('zaqar::keystone::auth_websocket::public_url', undef),
- $zaqar_default_queue = 'tripleo'
+ $servername = $::fqdn,
+ $bind_host = hiera('controller_host'),
+ $ui_port = 3000,
+ $zaqar_default_queue = 'tripleo',
+ $enabled_languages = ['en-GB', 'en', 'de', 'ja', 'ko-KR', 'zh-CN', 'es'],
+ $endpoint_proxy_zaqar = undef,
+ $endpoint_proxy_keystone = undef,
+ $endpoint_proxy_heat = undef,
+ $endpoint_proxy_ironic = undef,
+ $endpoint_proxy_mistral = undef,
+ $endpoint_proxy_swift = undef,
+ $endpoint_config_zaqar = undef,
+ $endpoint_config_keystone = undef,
+ $endpoint_config_heat = undef,
+ $endpoint_config_ironic = undef,
+ $endpoint_config_mistral = undef,
+ $endpoint_config_swift = undef,
+
) {
+ include ::apache::mod::proxy
+ include ::apache::mod::proxy_http
+ include ::apache::mod::proxy_wstunnel
+
::apache::vhost { 'tripleo-ui':
ensure => 'present',
servername => $servername,
@@ -89,6 +122,38 @@ class tripleo::ui (
docroot => '/var/www/openstack-tripleo-ui/dist',
options => ['Indexes', 'FollowSymLinks'],
fallbackresource => '/index.html',
+ proxy_pass => [
+ {
+ 'path' => '/zaqar',
+ 'url' => $endpoint_proxy_zaqar
+ },
+ {
+ 'path' => '/keystone',
+ 'url' => $endpoint_proxy_keystone,
+ 'reverse_urls' => $endpoint_proxy_keystone
+ },
+ {
+ 'path' => '/heat',
+ 'url' => $endpoint_proxy_heat,
+ 'reverse_urls' => $endpoint_proxy_heat
+ },
+ {
+ 'path' => '/ironic',
+ 'url' => $endpoint_proxy_ironic,
+ 'reverse_urls' => $endpoint_proxy_ironic
+ },
+ {
+ 'path' => '/mistral',
+ 'url' => $endpoint_proxy_mistral,
+ 'reverse_urls' => $endpoint_proxy_mistral
+ },
+ {
+ 'path' => '/swift',
+ 'url' => $endpoint_proxy_swift,
+ 'reverse_urls' => $endpoint_proxy_swift
+ },
+ ],
+
}
# We already use apache::vhost to generate our own
diff --git a/metadata.json b/metadata.json
index 308c63a..32b5d95 100644
--- a/metadata.json
+++ b/metadata.json
@@ -1,6 +1,6 @@
{
"name": "openstack-tripleo",
- "version": "6.1.0",
+ "version": "7.0.0",
"author": "OpenStack Contributors",
"summary": "Puppet module for TripleO",
"license": "Apache-2.0",
diff --git a/releasenotes/notes/6.2.0-64eaf596539f3ed1.yaml b/releasenotes/notes/6.2.0-64eaf596539f3ed1.yaml
new file mode 100644
index 0000000..c41deab
--- /dev/null
+++ b/releasenotes/notes/6.2.0-64eaf596539f3ed1.yaml
@@ -0,0 +1,64 @@
+---
+features:
+ - Add networking-fujitsu support to Neutron ML2 profile.
+ - Split OVN plugin and northd configuration.
+ - Introduce tripleo::tls_proxy used to set up a TLS proxy using
+ mod_proxy that redirects towards localhost.
+ - HPELeftHandISCSIDriver support for Cinder Volume profile.
+ - Add support for CollectD profile, for performance monitoring.
+ - Configure Nova Cells v2 database, required in Ocata.
+ - Configure the basic setup for Nova Cells v2.
+ - Support for opendalight_v2 mechanism_driver in Neutron ML2 profile.
+ - Support for Ceph MDS service profile.
+ - Add IPv6 support to Firewall rules. It will create both IPv4 & IPv6 rules
+ at the same time. It automatically converts icmp rules to ipv6-icmp. When
+ a source or destination is specified, it will only create rules to the
+ right version of IP that is needed.
+ - Add support for not using admin_token in Ceph/RGW profile.
+ - Add Docker Registry profile.
+ - Add Nova Placement API profile.
+ - Add NTP profile.
+ - Add etcd profile, used by networking-vpp ML2 plugin.
+ - Add profiles for Octavia services.
+ - Enable object-expirer on Swift proxy profile.
+ - Set memcache_servers in /etc/swift/object-expirer.conf.
+ - Add support for fence_ironic fencing agent.
+ - Add a noop_resource function, which allow to disable any resource type
+ in a catalog, with --tags option to puppet apply.
+ - Add Ceph RBD mirrog Pacemaker profile.
+ - Remove Glance Registry profile, not used anymore. Glance API v1 is not
+ available anymore.
+ - Add Nova EC2API profile.
+ - Add support for Pacemaker Remote with a new profile.
+ - Updates Pacemaker profiles for Composable HA architecture.
+ - Add Tacker profile.
+ - Add Congress profile.
+ - Add a default rule for dhcpv6 traffic.
+ - Re-organizes Contrail services to the correct roles.
+ - Set innodb_file_per_table to ON for MySQL / Galera
+ - Switch Nova / Libvirt VNC server binding to use the IP address
+ provided in Hiera instead of 0.0.0.0.
+ - Proxy API endpoints that TripleO UI uses.
+ - Rebranding of Eqlx to Dell EMC PS Series.
+ - Add support for ScaleIO backend in Cinder Volume profile.
+ - Add support to changing the Rabbitmq password on stack-update.
+deprecations:
+ - Remove tripleo::vip_hosts class, no longer used.
+security:
+ - CVE-2016-9599 Enforce Firewall TCP / UDP rules management, by
+ sanitizing dynamic HAproxy endpoints firewall rules, securing
+ firewall rules creations (disallow TCP/UDP rules without sport or
+ dport), but allow to open all traffic for TCP/UDP when actually
+ desired.
+fixes:
+ - Fixes `bug 1648736
+ <https://bugs.launchpad.net/tripleo/+bug/1648736>`__ so swift-proxy
+ is decoupled from ceilometer packages.
+ - Fixes `bug 1652107
+ <https://bugs.launchpad.net/tripleo/+bug/1652107>`__ so we ensure
+ package updates don't happen unexpectedly.
+ - Fixes `bug 1645898
+ <https://bugs.launchpad.net/tripleo/+bug/1645898>`__ so we ensure
+ to bind the rabbit inter-cluster to a specific interface.
+other:
+ - Introduce more Puppet rspec tests that improve testing quality.
diff --git a/releasenotes/notes/add-ceilo-polling-agent-53fab550a09a6196.yaml b/releasenotes/notes/add-ceilo-polling-agent-53fab550a09a6196.yaml
new file mode 100644
index 0000000..5ab15d5
--- /dev/null
+++ b/releasenotes/notes/add-ceilo-polling-agent-53fab550a09a6196.yaml
@@ -0,0 +1,6 @@
+---
+features:
+ - Add support for ceilometer polling agent. The central, compute and ipmi
+ agent services should use polling agent with namespace. This has been
+ done in packaging already since few releases now. Let puppet do it
+ correctly as well.
diff --git a/releasenotes/notes/add-support-for-octavia-f1e472af89e9a05c.yaml b/releasenotes/notes/add-support-for-octavia-f1e472af89e9a05c.yaml
new file mode 100644
index 0000000..62744e0
--- /dev/null
+++ b/releasenotes/notes/add-support-for-octavia-f1e472af89e9a05c.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - |
+ Add profiles for the Octavia LBaaS service.
diff --git a/releasenotes/notes/bugfix-1664561-50d76b25addb08dd.yaml b/releasenotes/notes/bugfix-1664561-50d76b25addb08dd.yaml
new file mode 100644
index 0000000..0eb90de
--- /dev/null
+++ b/releasenotes/notes/bugfix-1664561-50d76b25addb08dd.yaml
@@ -0,0 +1,4 @@
+---
+fixes:
+ - Bugfix 1664561. Removing the string cast when using
+ the os_transport_url function.
diff --git a/releasenotes/notes/calculate-dhcp-agents-per-network-3089c5e7b15f8b7b.yaml b/releasenotes/notes/calculate-dhcp-agents-per-network-3089c5e7b15f8b7b.yaml
new file mode 100644
index 0000000..800cedc
--- /dev/null
+++ b/releasenotes/notes/calculate-dhcp-agents-per-network-3089c5e7b15f8b7b.yaml
@@ -0,0 +1,5 @@
+---
+features: |
+ - Unless a non-default value is provided, the dhcp_agents_per_network
+ neutron configuration variable is set to the number of deployed
+ neutron dhcp agents.
diff --git a/releasenotes/notes/deploy-heat-APIs-over-httpd-46b111d0a4a4eed4.yaml b/releasenotes/notes/deploy-heat-APIs-over-httpd-46b111d0a4a4eed4.yaml
new file mode 100644
index 0000000..a50a27d
--- /dev/null
+++ b/releasenotes/notes/deploy-heat-APIs-over-httpd-46b111d0a4a4eed4.yaml
@@ -0,0 +1,3 @@
+---
+features:
+ - Heat APIs (api, cfn and cloudwatch) are now deployed over httpd.
diff --git a/releasenotes/notes/docker_profile-8571ae260eec69b8.yaml b/releasenotes/notes/docker_profile-8571ae260eec69b8.yaml
new file mode 100644
index 0000000..ddbf175
--- /dev/null
+++ b/releasenotes/notes/docker_profile-8571ae260eec69b8.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - |
+ Added a new profile to configure the docker service
diff --git a/releasenotes/notes/enable-languages-in-ui-88a8caa6db9b4dd7.yaml b/releasenotes/notes/enable-languages-in-ui-88a8caa6db9b4dd7.yaml
new file mode 100644
index 0000000..2f7939d
--- /dev/null
+++ b/releasenotes/notes/enable-languages-in-ui-88a8caa6db9b4dd7.yaml
@@ -0,0 +1,5 @@
+---
+features:
+ - The undercloud UI is available in multiple languages, which can now
+ be configured via the manifest. All available languages are enabled
+ by default.
diff --git a/releasenotes/notes/httpchk-for-haproxy-http-services-ace7d9bf94610ed9.yaml b/releasenotes/notes/httpchk-for-haproxy-http-services-ace7d9bf94610ed9.yaml
new file mode 100644
index 0000000..4c9d763
--- /dev/null
+++ b/releasenotes/notes/httpchk-for-haproxy-http-services-ace7d9bf94610ed9.yaml
@@ -0,0 +1,6 @@
+---
+features:
+ - |
+ Enabled httpdchk in HAProxy for http based services to reduce situtations
+ where the port may be open but the service is not actively serving http
+ requests.
diff --git a/releasenotes/notes/innodb_file_per_table-f925b3bbf29d44ea.yaml b/releasenotes/notes/innodb_file_per_table-f925b3bbf29d44ea.yaml
new file mode 100644
index 0000000..e0b7c3c
--- /dev/null
+++ b/releasenotes/notes/innodb_file_per_table-f925b3bbf29d44ea.yaml
@@ -0,0 +1,20 @@
+---
+features:
+ - Enable innodb_file_per_table for MySQL/MariaDB databases
+upgrade:
+ - |
+ Newly created MySQL database tables will be stored in their own datafiles,
+ instead of in a single monolithic ibdata file.
+ - |
+ Existing MySQL database tables that are persisted within the monolithic
+ ibdata file will remain so unless the database is migrated as well.
+ - |
+ Migration of all current database tables out of the monolithic ibdata
+ file is possible by dumping and restoring the whole database to a new data
+ directory, however when using Galera the entire cluster must be shut
+ down and upgraded at once.
+ - |
+ Migration of individual tables to datafiles is possible using the
+ MySQL command "ALTER TABLE <databasename>.<tablename> ENGINE=InnoDB;",
+ however this will not shrink the ibdata file and also is not safe to run
+ on a running Galera cluster for large tables.
diff --git a/releasenotes/notes/proxy-api-endpoints-359e5fb64d80d400.yaml b/releasenotes/notes/proxy-api-endpoints-359e5fb64d80d400.yaml
new file mode 100644
index 0000000..63830e5
--- /dev/null
+++ b/releasenotes/notes/proxy-api-endpoints-359e5fb64d80d400.yaml
@@ -0,0 +1,6 @@
+---
+features:
+ - Added ability to proxy API service endpoints through
+ Apache mod_rewrite rules by creating ProxyPass and
+ ProxyPassReverse directives for each API service
+
diff --git a/releasenotes/notes/rabbitmq_password_change-4fce15c9ebb0e20c.yaml b/releasenotes/notes/rabbitmq_password_change-4fce15c9ebb0e20c.yaml
new file mode 100644
index 0000000..351db74
--- /dev/null
+++ b/releasenotes/notes/rabbitmq_password_change-4fce15c9ebb0e20c.yaml
@@ -0,0 +1,4 @@
+---
+issues:
+ - Invoke rabbitmq_user resource explicity to apply password change during
+ update, if any.
diff --git a/releasenotes/notes/remove-old-urls-dea2b7fdcb50dd48.yaml b/releasenotes/notes/remove-old-urls-dea2b7fdcb50dd48.yaml
new file mode 100644
index 0000000..d82ff11
--- /dev/null
+++ b/releasenotes/notes/remove-old-urls-dea2b7fdcb50dd48.yaml
@@ -0,0 +1,12 @@
+---
+upgrade:
+ - |
+ Removed the following URL configuration variables from tripleo::ui:
+
+ * keystone_url
+ * heat_url
+ * ironic_url
+ * mistral_url
+ * swift_url
+ * zaqar_websocket_url
+
diff --git a/releasenotes/notes/sahara_auth_v3-65bd276b39b4e284.yaml b/releasenotes/notes/sahara_auth_v3-65bd276b39b4e284.yaml
new file mode 100644
index 0000000..c744e0f
--- /dev/null
+++ b/releasenotes/notes/sahara_auth_v3-65bd276b39b4e284.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - Sahara is now deployed with keystone_authtoken parameters and move
+ forward with Keystone v3 version.
diff --git a/releasenotes/notes/vncserver_listen-4417377cac38464c.yaml b/releasenotes/notes/vncserver_listen-4417377cac38464c.yaml
new file mode 100644
index 0000000..0c0f8ea
--- /dev/null
+++ b/releasenotes/notes/vncserver_listen-4417377cac38464c.yaml
@@ -0,0 +1,7 @@
+---
+features:
+ - Configure VNC server to be binded on internal network interface on compute nodes.
+ This value comes from tripleo-heat-templates and is configured by default to use
+ an IP address from the internal API network.
+ We use the ServiceNetMap in tripleo-heat-templates to compute the IP address, and we won't
+ configure 0.0.0.0 anymore as it used to open the binding to any network, which is unsecure.
diff --git a/releasenotes/notes/vpp-7368457faab68824.yaml b/releasenotes/notes/vpp-7368457faab68824.yaml
new file mode 100644
index 0000000..94264c5
--- /dev/null
+++ b/releasenotes/notes/vpp-7368457faab68824.yaml
@@ -0,0 +1,7 @@
+---
+features:
+ - |
+ Add profiles for VPP service. Vector Packet Processing (VPP) is a high
+ performance packet processing stack that runs in user space in Linux.
+ VPP is used as an alternative to kernel networking stack for accelerated
+ network data path.
diff --git a/releasenotes/source/conf.py b/releasenotes/source/conf.py
index be2f5ce..e293b07 100644
--- a/releasenotes/source/conf.py
+++ b/releasenotes/source/conf.py
@@ -45,16 +45,16 @@ master_doc = 'index'
# General information about the project.
project = u'puppet-tripleo Release Notes'
-copyright = u'2016, Puppet TripleO Developers'
+copyright = u'2017, Puppet TripleO Developers'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
#
# The short X.Y version.
-version = '6.0.0'
+version = '7.0.0'
# The full version, including alpha/beta/rc tags.
-release = '6.0.0'
+release = '7.0.0'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
@@ -198,7 +198,7 @@ latex_elements = {
# author, documentclass [howto, manual, or own class]).
latex_documents = [
('index', 'puppet-tripleoReleaseNotes.tex', u'puppet-tripleo Release Notes Documentation',
- u'2016, Puppet TripleO Developers', 'manual'),
+ u'2017, Puppet TripleO Developers', 'manual'),
]
# The name of an image file (relative to this directory) to place at the top of
@@ -228,7 +228,7 @@ latex_documents = [
# (source start file, name, description, authors, manual section).
man_pages = [
('index', 'puppet-tripleoreleasenotes', u'puppet-tripleo Release Notes Documentation',
- [u'2016, Puppet TripleO Developers'], 1)
+ [u'2017, Puppet TripleO Developers'], 1)
]
# If true, show URL addresses after external links.
@@ -242,7 +242,7 @@ man_pages = [
# dir menu entry, description, category)
texinfo_documents = [
('index', 'puppet-tripleoReleaseNotes', u'puppet-tripleo Release Notes Documentation',
- u'2016, Puppet TripleO Developers', 'puppet-tripleoReleaseNotes', 'Puppet TripleO Project.',
+ u'2017, Puppet TripleO Developers', 'puppet-tripleoReleaseNotes', 'Puppet TripleO Project.',
'Miscellaneous'),
]
diff --git a/releasenotes/source/index.rst b/releasenotes/source/index.rst
index c462aaa..b6dd81d 100644
--- a/releasenotes/source/index.rst
+++ b/releasenotes/source/index.rst
@@ -6,3 +6,4 @@ puppet-tripleo Release Notes
:maxdepth: 1
unreleased
+ ocata
diff --git a/releasenotes/source/ocata.rst b/releasenotes/source/ocata.rst
new file mode 100644
index 0000000..ebe62f4
--- /dev/null
+++ b/releasenotes/source/ocata.rst
@@ -0,0 +1,6 @@
+===================================
+ Ocata Series Release Notes
+===================================
+
+.. release-notes::
+ :branch: origin/stable/ocata
diff --git a/spec/classes/tripleo_certmonger_rabbitmq.rb b/spec/classes/tripleo_certmonger_rabbitmq.rb
new file mode 100644
index 0000000..5c011ce
--- /dev/null
+++ b/spec/classes/tripleo_certmonger_rabbitmq.rb
@@ -0,0 +1,64 @@
+#
+# Copyright (C) 2017 Red Hat Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# Unit tests for tripleo
+#
+
+require 'spec_helper'
+
+describe 'tripleo::certmonger::rabbitmq' do
+
+ shared_examples_for 'tripleo::certmonger::rabbitmq' do
+ let :params do
+ {
+ :hostname => 'localhost',
+ :service_certificate => '/etc/pki/cert.crt',
+ :service_key => '/etc/pki/key.pem',
+ }
+ end
+
+ it 'should include the base for using certmonger' do
+ is_expected.to contain_class('certmonger')
+ end
+
+ it 'should include the rabbitmq parameters' do
+ is_expected.to contain_class('rabbitmq::params')
+ end
+
+ it 'should request a certificate' do
+ is_expected.to contain_certmonger_certificate('rabbitmq').with(
+ :ensure => 'present',
+ :certfile => '/etc/pki/cert.crt',
+ :keyfile => '/etc/pki/key.pem',
+ :hostname => 'localhost',
+ :dnsname => 'localhost',
+ :ca => 'local',
+ :wait => true,
+ )
+ is_expected.to contain_file('/etc/pki/cert.crt')
+ is_expected.to contain_file('/etc/pki/key.pem')
+ end
+ end
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let(:facts) do
+ facts.merge({})
+ end
+
+ it_behaves_like 'tripleo::certmonger::rabbitmq'
+ end
+ end
+end
diff --git a/spec/classes/tripleo_midonet_agent_spec.rb b/spec/classes/tripleo_midonet_agent_spec.rb
deleted file mode 100644
index 73d90b6..0000000
--- a/spec/classes/tripleo_midonet_agent_spec.rb
+++ /dev/null
@@ -1,58 +0,0 @@
-#
-# Copyright (C) 2015 Midokura SARL
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-#
-# Unit tests for the midonet agent
-
-require 'spec_helper'
-
-describe 'tripleo::network::midonet::agent' do
-
- shared_examples_for 'tripleo::network::midonet::agent' do
-
- let :params do
- {
- :zookeeper_servers => ['192.168.2.2', '192.168.2.3'],
- :cassandra_seeds => ['192.168.2.2', '192.168.2.3']
- }
- end
-
- it 'should stop openvswitch' do
- is_expected.to contain_service('openvswitch').with(
- :ensure => 'stopped',
- :enable => false
- )
- end
-
- it 'should run the agent with a list of maps' do
- is_expected.to contain_class('midonet::midonet_agent').with(
- :zk_servers => [{'ip' => '192.168.2.2',
- 'port' => 2181},
- {'ip' => '192.168.2.3',
- 'port' => 2181}],
- :cassandra_seeds => ['192.168.2.2','192.168.2.3']
- )
- end
- end
-
- on_supported_os.each do |os, facts|
- context "on #{os}" do
- let(:facts) do
- facts.merge({})
- end
-
- it_behaves_like 'tripleo::network::midonet::agent'
- end
- end
-end
diff --git a/spec/classes/tripleo_profile_base_aodh_api_spec.rb b/spec/classes/tripleo_profile_base_aodh_api_spec.rb
index 22f26cf..f2a26bf 100644
--- a/spec/classes/tripleo_profile_base_aodh_api_spec.rb
+++ b/spec/classes/tripleo_profile_base_aodh_api_spec.rb
@@ -19,7 +19,7 @@ require 'spec_helper'
describe 'tripleo::profile::base::aodh::api' do
shared_examples_for 'tripleo::profile::base::aodh::api' do
let(:pre_condition) do
- "class { '::tripleo::profile::base::aodh': step => #{params[:step]}, rabbit_hosts => ['localhost.localdomain'] }"
+ "class { '::tripleo::profile::base::aodh': step => #{params[:step]}, oslomsg_rpc_hosts => ['localhost.localdomain'] }"
end
context 'with step less than 4' do
diff --git a/spec/classes/tripleo_profile_base_aodh_evaluator_spec.rb b/spec/classes/tripleo_profile_base_aodh_evaluator_spec.rb
index 495794d..ce8869e 100644
--- a/spec/classes/tripleo_profile_base_aodh_evaluator_spec.rb
+++ b/spec/classes/tripleo_profile_base_aodh_evaluator_spec.rb
@@ -19,7 +19,7 @@ require 'spec_helper'
describe 'tripleo::profile::base::aodh::evaluator' do
shared_examples_for 'tripleo::profile::base::aodh::evaluator' do
let(:pre_condition) do
- "class { '::tripleo::profile::base::aodh': step => #{params[:step]}, rabbit_hosts => ['localhost.localdomain'] }"
+ "class { '::tripleo::profile::base::aodh': step => #{params[:step]}, oslomsg_rpc_hosts => ['localhost.localdomain'] }"
end
context 'with step less than 4' do
diff --git a/spec/classes/tripleo_profile_base_aodh_listener_spec.rb b/spec/classes/tripleo_profile_base_aodh_listener_spec.rb
index 022ee5c..47f363e 100644
--- a/spec/classes/tripleo_profile_base_aodh_listener_spec.rb
+++ b/spec/classes/tripleo_profile_base_aodh_listener_spec.rb
@@ -19,7 +19,7 @@ require 'spec_helper'
describe 'tripleo::profile::base::aodh::listener' do
shared_examples_for 'tripleo::profile::base::aodh::listener' do
let(:pre_condition) do
- "class { '::tripleo::profile::base::aodh': step => #{params[:step]}, rabbit_hosts => ['localhost.localdomain'] }"
+ "class { '::tripleo::profile::base::aodh': step => #{params[:step]}, oslomsg_rpc_hosts => ['localhost.localdomain'] }"
end
context 'with step less than 4' do
diff --git a/spec/classes/tripleo_profile_base_aodh_notifier_spec.rb b/spec/classes/tripleo_profile_base_aodh_notifier_spec.rb
index f2116ca..6c16615 100644
--- a/spec/classes/tripleo_profile_base_aodh_notifier_spec.rb
+++ b/spec/classes/tripleo_profile_base_aodh_notifier_spec.rb
@@ -19,7 +19,7 @@ require 'spec_helper'
describe 'tripleo::profile::base::aodh::notifier' do
shared_examples_for 'tripleo::profile::base::aodh::notifier' do
let(:pre_condition) do
- "class { '::tripleo::profile::base::aodh': step => #{params[:step]}, rabbit_hosts => ['localhost.localdomain'] }"
+ "class { '::tripleo::profile::base::aodh': step => #{params[:step]}, oslomsg_rpc_hosts => ['localhost.localdomain'] }"
end
context 'with step less than 4' do
diff --git a/spec/classes/tripleo_profile_base_aodh_spec.rb b/spec/classes/tripleo_profile_base_aodh_spec.rb
index 3befa23..7ef49ec 100644
--- a/spec/classes/tripleo_profile_base_aodh_spec.rb
+++ b/spec/classes/tripleo_profile_base_aodh_spec.rb
@@ -34,12 +34,14 @@ describe 'tripleo::profile::base::aodh' do
let(:params) { {
:step => 3,
:bootstrap_node => 'node.example.com',
- :rabbit_hosts => ['localhost1.localdomain', 'localhost2.localdomain']
+ :oslomsg_rpc_hosts => [ '127.0.0.1' ],
+ :oslomsg_rpc_username => 'aodh',
+ :oslomsg_rpc_password => 'foo',
} }
it 'should trigger complete configuration' do
is_expected.to contain_class('aodh').with(
- :rabbit_hosts => params[:rabbit_hosts].map { |h| h + ":5672" }
+ :default_transport_url => 'rabbit://aodh:foo@127.0.0.1:5672/?ssl=0'
)
is_expected.to contain_class('aodh::auth')
is_expected.to contain_class('aodh::config')
@@ -67,12 +69,14 @@ describe 'tripleo::profile::base::aodh' do
let(:params) { {
:step => 4,
:bootstrap_node => 'somethingelse.example.com',
- :rabbit_hosts => ['localhost1.localdomain', 'localhost2.localdomain']
+ :oslomsg_rpc_hosts => [ '127.0.0.1' ],
+ :oslomsg_rpc_username => 'aodh',
+ :oslomsg_rpc_password => 'foo',
} }
it 'should trigger aodh configuration without mysql grant' do
is_expected.to contain_class('aodh').with(
- :rabbit_hosts => params[:rabbit_hosts].map { |h| h + ":5672" }
+ :default_transport_url => 'rabbit://aodh:foo@127.0.0.1:5672/?ssl=0'
)
is_expected.to contain_class('aodh::auth')
is_expected.to contain_class('aodh::config')
diff --git a/spec/classes/tripleo_profile_base_ceilometer_agent_polling_spec.rb b/spec/classes/tripleo_profile_base_ceilometer_agent_polling_spec.rb
new file mode 100644
index 0000000..38c94c6
--- /dev/null
+++ b/spec/classes/tripleo_profile_base_ceilometer_agent_polling_spec.rb
@@ -0,0 +1,72 @@
+#
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::ceilometer::agent::polling' do
+ shared_examples_for 'tripleo::profile::base::ceilometer::agent::polling' do
+ before :each do
+ facts.merge!({ :step => params[:step] })
+ end
+
+ let(:pre_condition) do
+ "class { '::tripleo::profile::base::ceilometer': step => #{params[:step]}, oslomsg_rpc_hosts => ['localhost.localdomain'] }"
+ end
+
+ context 'with step less than 4' do
+ let(:params) { { :step => 3 } }
+
+ it 'should do nothing' do
+ is_expected.to contain_class('tripleo::profile::base::ceilometer::agent::polling')
+ is_expected.to_not contain_class('ceilometer::agent::polling')
+ end
+ end
+
+ context 'with step 4 on polling agent' do
+
+ let(:pre_condition) do
+ "class { '::ceilometer::agent::auth': auth_password => 'password' }"
+ end
+
+ let(:params) { {
+ :step => 4,
+ :ceilometer_redis_password => 'password',
+ :redis_vip => '127.0.0.1',
+ :central_namespace => true
+ } }
+
+ it 'should trigger complete configuration' do
+ is_expected.to contain_class('ceilometer::agent::polling').with(
+ :central_namespace => true,
+ :compute_namespace => false,
+ :ipmi_namespace => false,
+ :coordination_url => 'redis://:password@127.0.0.1:6379/',
+ )
+ end
+ end
+ end
+
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let(:facts) do
+ facts.merge({ :hostname => 'node.example.com' })
+ end
+
+ it_behaves_like 'tripleo::profile::base::ceilometer::agent::polling'
+ end
+ end
+end
diff --git a/spec/classes/tripleo_profile_base_ceilometer_api_spec.rb b/spec/classes/tripleo_profile_base_ceilometer_api_spec.rb
index acc9b51..936df4f 100644
--- a/spec/classes/tripleo_profile_base_ceilometer_api_spec.rb
+++ b/spec/classes/tripleo_profile_base_ceilometer_api_spec.rb
@@ -19,7 +19,7 @@ require 'spec_helper'
describe 'tripleo::profile::base::ceilometer::api' do
shared_examples_for 'tripleo::profile::base::ceilometer::api' do
let(:pre_condition) do
- "class { '::tripleo::profile::base::ceilometer': step => #{params[:step]}, rabbit_hosts => ['localhost.localdomain'] }"
+ "class { '::tripleo::profile::base::ceilometer': step => #{params[:step]}, oslomsg_rpc_hosts => ['localhost.localdomain'] }"
end
context 'with step less than 4' do
diff --git a/spec/classes/tripleo_profile_base_ceilometer_collector_spec.rb b/spec/classes/tripleo_profile_base_ceilometer_collector_spec.rb
index 2e4b50a..23b198a 100644
--- a/spec/classes/tripleo_profile_base_ceilometer_collector_spec.rb
+++ b/spec/classes/tripleo_profile_base_ceilometer_collector_spec.rb
@@ -19,7 +19,7 @@ require 'spec_helper'
describe 'tripleo::profile::base::ceilometer::collector' do
shared_examples_for 'tripleo::profile::base::ceilometer::collector' do
let(:pre_condition) do
- "class { '::tripleo::profile::base::ceilometer': step => #{params[:step]}, rabbit_hosts => ['localhost.localdomain'] }"
+ "class { '::tripleo::profile::base::ceilometer': step => #{params[:step]}, oslomsg_rpc_hosts => ['localhost.localdomain'] }"
end
context 'with step 3 on bootstrap node with mongodb' do
diff --git a/spec/classes/tripleo_profile_base_ceilometer_expirer_spec.rb b/spec/classes/tripleo_profile_base_ceilometer_expirer_spec.rb
index c13f3c8..b1567d0 100644
--- a/spec/classes/tripleo_profile_base_ceilometer_expirer_spec.rb
+++ b/spec/classes/tripleo_profile_base_ceilometer_expirer_spec.rb
@@ -19,7 +19,7 @@ require 'spec_helper'
describe 'tripleo::profile::base::ceilometer::expirer' do
shared_examples_for 'tripleo::profile::base::ceilometer::expirer' do
let(:pre_condition) do
- "class { '::tripleo::profile::base::ceilometer': step => #{params[:step]}, rabbit_hosts => ['localhost.localdomain'] }"
+ "class { '::tripleo::profile::base::ceilometer': step => #{params[:step]}, oslomsg_rpc_hosts => ['localhost.localdomain'] }"
end
context 'with step less than 4' do
diff --git a/spec/classes/tripleo_profile_base_ceilometer_spec.rb b/spec/classes/tripleo_profile_base_ceilometer_spec.rb
index 075aff8..9173203 100644
--- a/spec/classes/tripleo_profile_base_ceilometer_spec.rb
+++ b/spec/classes/tripleo_profile_base_ceilometer_spec.rb
@@ -30,12 +30,14 @@ describe 'tripleo::profile::base::ceilometer' do
context 'with step 3' do
let(:params) { {
:step => 3,
- :rabbit_hosts => ['localhost1.localdomain', 'localhost2.localdomain']
+ :oslomsg_rpc_hosts => [ '127.0.0.1' ],
+ :oslomsg_rpc_username => 'ceilometer',
+ :oslomsg_rpc_password => 'foo',
} }
it 'should trigger complete configuration' do
is_expected.to contain_class('ceilometer').with(
- :rabbit_hosts => params[:rabbit_hosts].map{ |h| h + ':5672' }
+ :default_transport_url => 'rabbit://ceilometer:foo@127.0.0.1:5672/?ssl=0'
)
is_expected.to contain_class('ceilometer::config')
end
diff --git a/spec/classes/tripleo_profile_base_cinder_api_spec.rb b/spec/classes/tripleo_profile_base_cinder_api_spec.rb
index 6a36632..03e2fd0 100644
--- a/spec/classes/tripleo_profile_base_cinder_api_spec.rb
+++ b/spec/classes/tripleo_profile_base_cinder_api_spec.rb
@@ -19,7 +19,7 @@ require 'spec_helper'
describe 'tripleo::profile::base::cinder::api' do
shared_examples_for 'tripleo::profile::base::cinder::api' do
let(:pre_condition) do
- "class { '::tripleo::profile::base::cinder': step => #{params[:step]}, rabbit_hosts => ['127.0.0.1'] }"
+ "class { '::tripleo::profile::base::cinder': step => #{params[:step]}, oslomsg_rpc_hosts => ['127.0.0.1'] }"
end
context 'with step less than 3' do
diff --git a/spec/classes/tripleo_profile_base_cinder_backup_ceph_spec.rb b/spec/classes/tripleo_profile_base_cinder_backup_ceph_spec.rb
index 46c3d15..2f90692 100644
--- a/spec/classes/tripleo_profile_base_cinder_backup_ceph_spec.rb
+++ b/spec/classes/tripleo_profile_base_cinder_backup_ceph_spec.rb
@@ -20,7 +20,7 @@ describe 'tripleo::profile::base::cinder::backup::ceph' do
shared_examples_for 'tripleo::profile::base::cinder::backup::ceph' do
let(:pre_condition) do
<<-EOF
- class { '::tripleo::profile::base::cinder': step => #{params[:step]}, rabbit_hosts => ['127.0.0.1'] }
+ class { '::tripleo::profile::base::cinder': step => #{params[:step]}, oslomsg_rpc_hosts => ['127.0.0.1'] }
class { '::tripleo::profile::base::cinder::backup': step => #{params[:step]} }
EOF
end
diff --git a/spec/classes/tripleo_profile_base_cinder_backup_spec.rb b/spec/classes/tripleo_profile_base_cinder_backup_spec.rb
index 0e15c9a..ad5a277 100644
--- a/spec/classes/tripleo_profile_base_cinder_backup_spec.rb
+++ b/spec/classes/tripleo_profile_base_cinder_backup_spec.rb
@@ -19,7 +19,7 @@ require 'spec_helper'
describe 'tripleo::profile::base::cinder::backup' do
shared_examples_for 'tripleo::profile::base::cinder::backup' do
let(:pre_condition) do
- "class { '::tripleo::profile::base::cinder': step => #{params[:step]}, rabbit_hosts => ['127.0.0.1'] }"
+ "class { '::tripleo::profile::base::cinder': step => #{params[:step]}, oslomsg_rpc_hosts => ['127.0.0.1'] }"
end
context 'with step less than 4' do
diff --git a/spec/classes/tripleo_profile_base_cinder_backup_swift_spec.rb b/spec/classes/tripleo_profile_base_cinder_backup_swift_spec.rb
index 2c9d71f..230d766 100644
--- a/spec/classes/tripleo_profile_base_cinder_backup_swift_spec.rb
+++ b/spec/classes/tripleo_profile_base_cinder_backup_swift_spec.rb
@@ -20,7 +20,7 @@ describe 'tripleo::profile::base::cinder::backup::swift' do
shared_examples_for 'tripleo::profile::base::cinder::backup::swift' do
let(:pre_condition) do
<<-EOF
- class { '::tripleo::profile::base::cinder': step => #{params[:step]}, rabbit_hosts => ['127.0.0.1'] }
+ class { '::tripleo::profile::base::cinder': step => #{params[:step]}, oslomsg_rpc_hosts => ['127.0.0.1'] }
class { '::tripleo::profile::base::cinder::backup': step => #{params[:step]} }
EOF
end
diff --git a/spec/classes/tripleo_profile_base_cinder_scaleio_spec.rb b/spec/classes/tripleo_profile_base_cinder_scaleio_spec.rb
new file mode 100644
index 0000000..0f12b0a
--- /dev/null
+++ b/spec/classes/tripleo_profile_base_cinder_scaleio_spec.rb
@@ -0,0 +1,58 @@
+#
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::cinder::volume::scaleio' do
+ shared_examples_for 'tripleo::profile::base::cinder::volume::scaleio' do
+ before :each do
+ facts.merge!({ :step => params[:step] })
+ end
+
+ context 'with step less than 4' do
+ let(:params) { { :step => 3 } }
+
+ it 'should do nothing' do
+ is_expected.to contain_class('tripleo::profile::base::cinder::volume::scaleio')
+ is_expected.to contain_class('tripleo::profile::base::cinder::volume')
+ is_expected.to contain_class('tripleo::profile::base::cinder')
+ is_expected.to_not contain_cinder__backend__scaleio('tripleo_scaleio')
+ end
+ end
+
+ context 'with step 4' do
+ let(:params) { {
+ :step => 4,
+ } }
+
+ it 'should trigger complete configuration' do
+ # TODO(aschultz): check hiera parameters
+ is_expected.to contain_cinder__backend__scaleio('tripleo_scaleio')
+ end
+ end
+ end
+
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let(:facts) do
+ facts.merge({ :hostname => 'node.example.com' })
+ end
+
+ it_behaves_like 'tripleo::profile::base::cinder::volume::scaleio'
+ end
+ end
+end
diff --git a/spec/classes/tripleo_profile_base_cinder_scheduler_spec.rb b/spec/classes/tripleo_profile_base_cinder_scheduler_spec.rb
index cd044ee..0333b1f 100644
--- a/spec/classes/tripleo_profile_base_cinder_scheduler_spec.rb
+++ b/spec/classes/tripleo_profile_base_cinder_scheduler_spec.rb
@@ -19,7 +19,7 @@ require 'spec_helper'
describe 'tripleo::profile::base::cinder::scheduler' do
shared_examples_for 'tripleo::profile::base::cinder::scheduler' do
let(:pre_condition) do
- "class { '::tripleo::profile::base::cinder': step => #{params[:step]}, rabbit_hosts => ['127.0.0.1'] }"
+ "class { '::tripleo::profile::base::cinder': step => #{params[:step]}, oslomsg_rpc_hosts => ['127.0.0.1'] }"
end
context 'with step less than 4' do
diff --git a/spec/classes/tripleo_profile_base_cinder_spec.rb b/spec/classes/tripleo_profile_base_cinder_spec.rb
index 81fa047..d22357d 100644
--- a/spec/classes/tripleo_profile_base_cinder_spec.rb
+++ b/spec/classes/tripleo_profile_base_cinder_spec.rb
@@ -31,15 +31,17 @@ describe 'tripleo::profile::base::cinder' do
context 'with step 3 on bootstrap node' do
let(:params) { {
- :step => 3,
- :bootstrap_node => 'node.example.com',
- :rabbit_hosts => ['127.0.0.1', '127.0.0.2'],
- :rabbit_port => '1234'
+ :step => 3,
+ :bootstrap_node => 'node.example.com',
+ :oslomsg_rpc_hosts => [ '127.0.0.1' ],
+ :oslomsg_rpc_username => 'cinder',
+ :oslomsg_rpc_password => 'foo',
+ :oslomsg_rpc_port => '1234'
} }
it 'should trigger complete configuration' do
is_expected.to contain_class('cinder').with(
- :rabbit_hosts => params[:rabbit_hosts].map{ |h| "#{h}:#{params[:rabbit_port]}" }
+ :default_transport_url => 'rabbit://cinder:foo@127.0.0.1:1234/?ssl=0'
)
is_expected.to contain_class('cinder::config')
is_expected.to contain_class('cinder::glance')
@@ -63,15 +65,17 @@ describe 'tripleo::profile::base::cinder' do
context 'with step 4 on other node' do
let(:params) { {
- :step => 4,
- :bootstrap_node => 'somethingelse.example.com',
- :rabbit_hosts => ['127.0.0.1', '127.0.0.2'],
- :rabbit_port => '5672'
+ :step => 4,
+ :bootstrap_node => 'somethingelse.example.com',
+ :oslomsg_rpc_hosts => [ '127.0.0.1' ],
+ :oslomsg_rpc_username => 'cinder',
+ :oslomsg_rpc_password => 'foo',
+ :oslomsg_rpc_port => '5672',
} }
it 'should trigger cinder configuration without mysql grant' do
is_expected.to contain_class('cinder').with(
- :rabbit_hosts => params[:rabbit_hosts].map{ |h| "#{h}:#{params[:rabbit_port]}" }
+ :default_transport_url => 'rabbit://cinder:foo@127.0.0.1:5672/?ssl=0'
)
is_expected.to contain_class('cinder::config')
is_expected.to contain_class('cinder::glance')
@@ -81,14 +85,16 @@ describe 'tripleo::profile::base::cinder' do
context 'with step 5' do
let(:params) { {
- :step => 5,
- :bootstrap_node => 'node.example.com',
- :rabbit_hosts => ['127.0.0.1', '127.0.0.2']
+ :step => 5,
+ :bootstrap_node => 'node.example.com',
+ :oslomsg_rpc_hosts => [ '127.0.0.1' ],
+ :oslomsg_rpc_username => 'cinder',
+ :oslomsg_rpc_password => 'foo',
} }
it 'should trigger complete configuration' do
is_expected.to contain_class('cinder').with(
- :rabbit_hosts => params[:rabbit_hosts].map{ |h| "#{h}:5672" }
+ :default_transport_url => 'rabbit://cinder:foo@127.0.0.1:5672/?ssl=0'
)
is_expected.to contain_class('cinder::config')
is_expected.to contain_class('cinder::glance')
@@ -98,15 +104,17 @@ describe 'tripleo::profile::base::cinder' do
context 'with step 5 without db_purge' do
let(:params) { {
- :step => 5,
- :bootstrap_node => 'node.example.com',
- :rabbit_hosts => ['127.0.0.1', '127.0.0.2'],
+ :step => 5,
+ :bootstrap_node => 'node.example.com',
+ :oslomsg_rpc_hosts => [ '127.0.0.1' ],
+ :oslomsg_rpc_username => 'cinder',
+ :oslomsg_rpc_password => 'foo',
:cinder_enable_db_purge => false
} }
it 'should trigger complete configuration' do
is_expected.to contain_class('cinder').with(
- :rabbit_hosts => params[:rabbit_hosts].map{ |h| "#{h}:5672" }
+ :default_transport_url => 'rabbit://cinder:foo@127.0.0.1:5672/?ssl=0'
)
is_expected.to contain_class('cinder::config')
is_expected.to contain_class('cinder::glance')
diff --git a/spec/classes/tripleo_profile_base_cinder_volume_eqlx_spec.rb b/spec/classes/tripleo_profile_base_cinder_volume_dellps_spec.rb
index 1a188aa..313b87c 100644
--- a/spec/classes/tripleo_profile_base_cinder_volume_eqlx_spec.rb
+++ b/spec/classes/tripleo_profile_base_cinder_volume_dellps_spec.rb
@@ -16,8 +16,8 @@
require 'spec_helper'
-describe 'tripleo::profile::base::cinder::volume::eqlx' do
- shared_examples_for 'tripleo::profile::base::cinder::volume::eqlx' do
+describe 'tripleo::profile::base::cinder::volume::dellps' do
+ shared_examples_for 'tripleo::profile::base::cinder::volume::dellps' do
before :each do
facts.merge!({ :step => params[:step] })
end
@@ -26,10 +26,10 @@ describe 'tripleo::profile::base::cinder::volume::eqlx' do
let(:params) { { :step => 3 } }
it 'should do nothing' do
- is_expected.to contain_class('tripleo::profile::base::cinder::volume::eqlx')
+ is_expected.to contain_class('tripleo::profile::base::cinder::volume::dellps')
is_expected.to contain_class('tripleo::profile::base::cinder::volume')
is_expected.to contain_class('tripleo::profile::base::cinder')
- is_expected.to_not contain_cinder__backend__eqlx('tripleo_eqlx')
+ is_expected.to_not contain_cinder__backend__eqlx('tripleo_dellps')
end
end
@@ -40,7 +40,7 @@ describe 'tripleo::profile::base::cinder::volume::eqlx' do
it 'should trigger complete configuration' do
# TODO(aschultz): check hiera parameters
- is_expected.to contain_cinder__backend__eqlx('tripleo_eqlx')
+ is_expected.to contain_cinder__backend__eqlx('tripleo_dellps')
end
end
end
@@ -52,7 +52,7 @@ describe 'tripleo::profile::base::cinder::volume::eqlx' do
facts.merge({ :hostname => 'node.example.com' })
end
- it_behaves_like 'tripleo::profile::base::cinder::volume::eqlx'
+ it_behaves_like 'tripleo::profile::base::cinder::volume::dellps'
end
end
end
diff --git a/spec/classes/tripleo_profile_base_cinder_volume_spec.rb b/spec/classes/tripleo_profile_base_cinder_volume_spec.rb
index e0ec9de..1542a49 100644
--- a/spec/classes/tripleo_profile_base_cinder_volume_spec.rb
+++ b/spec/classes/tripleo_profile_base_cinder_volume_spec.rb
@@ -1,3 +1,4 @@
+# coding: utf-8
#
# Copyright (C) 2016 Red Hat, Inc.
#
@@ -27,7 +28,7 @@ describe 'tripleo::profile::base::cinder::volume' do
end
let(:pre_condition) do
- "class { '::tripleo::profile::base::cinder': step => #{params[:step]}, rabbit_hosts => ['127.0.0.1'] }"
+ "class { '::tripleo::profile::base::cinder': step => #{params[:step]}, oslomsg_rpc_hosts => ['127.0.0.1'] }"
end
context 'with step less than 4' do
@@ -74,21 +75,21 @@ describe 'tripleo::profile::base::cinder::volume' do
end
end
- context 'with only eqlx' do
+ context 'with only dellps' do
before :each do
params.merge!({
- :cinder_enable_eqlx_backend => true,
+ :cinder_enable_dellps_backend => true,
:cinder_enable_iscsi_backend => false,
})
end
- it 'should configure only eqlx' do
- is_expected.to contain_class('tripleo::profile::base::cinder::volume::eqlx')
+ it 'should configure only dellps' do
+ is_expected.to contain_class('tripleo::profile::base::cinder::volume::dellps')
is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::iscsi')
is_expected.to contain_class('tripleo::profile::base::cinder::volume')
is_expected.to contain_class('tripleo::profile::base::cinder')
is_expected.to contain_class('cinder::volume')
is_expected.to contain_class('cinder::backends').with(
- :enabled_backends => ['tripleo_eqlx']
+ :enabled_backends => ['tripleo_dellps']
)
end
end
@@ -160,7 +161,7 @@ describe 'tripleo::profile::base::cinder::volume' do
it 'should configure only user backend' do
is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::iscsi')
is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::dellsc')
- is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::eqlx')
+ is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::dellps')
is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::netapp')
is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::nfs')
is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::rbd')
@@ -178,7 +179,7 @@ describe 'tripleo::profile::base::cinder::volume' do
params.merge!({
:cinder_enable_iscsi_backend => true,
:cinder_enable_dellsc_backend => true,
- :cinder_enable_eqlx_backend => true,
+ :cinder_enable_dellps_backend => true,
:cinder_enable_netapp_backend => true,
:cinder_enable_nfs_backend => true,
:cinder_enable_rbd_backend => true,
@@ -187,7 +188,7 @@ describe 'tripleo::profile::base::cinder::volume' do
it 'should configure all backends' do
is_expected.to contain_class('tripleo::profile::base::cinder::volume::iscsi')
is_expected.to contain_class('tripleo::profile::base::cinder::volume::dellsc')
- is_expected.to contain_class('tripleo::profile::base::cinder::volume::eqlx')
+ is_expected.to contain_class('tripleo::profile::base::cinder::volume::dellps')
is_expected.to contain_class('tripleo::profile::base::cinder::volume::netapp')
is_expected.to contain_class('tripleo::profile::base::cinder::volume::nfs')
is_expected.to contain_class('tripleo::profile::base::cinder::volume::rbd')
@@ -195,7 +196,7 @@ describe 'tripleo::profile::base::cinder::volume' do
is_expected.to contain_class('tripleo::profile::base::cinder')
is_expected.to contain_class('cinder::volume')
is_expected.to contain_class('cinder::backends').with(
- :enabled_backends => ['tripleo_iscsi', 'tripleo_ceph', 'tripleo_eqlx',
+ :enabled_backends => ['tripleo_iscsi', 'tripleo_ceph', 'tripleo_dellps',
'tripleo_dellsc', 'tripleo_netapp','tripleo_nfs']
)
end
diff --git a/spec/classes/tripleo_profile_base_docker_spec.rb b/spec/classes/tripleo_profile_base_docker_spec.rb
new file mode 100644
index 0000000..587cc29
--- /dev/null
+++ b/spec/classes/tripleo_profile_base_docker_spec.rb
@@ -0,0 +1,68 @@
+# Copyright 2016 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::docker' do
+ shared_examples_for 'tripleo::profile::base::docker' do
+ context 'with step 1 and defaults' do
+ let(:params) { {
+ :step => 1,
+ } }
+
+ it { is_expected.to contain_class('tripleo::profile::base::docker') }
+ it { is_expected.to contain_package('docker') }
+ it { is_expected.to contain_service('docker') }
+ it {
+ is_expected.to contain_augeas('docker-sysconfig').with_changes(['rm INSECURE_REGISTRY'])
+ }
+ end
+
+ context 'with step 1 and insecure_registry configured' do
+ let(:params) { {
+ :docker_namespace => 'foo:8787',
+ :insecure_registry => true,
+ :step => 1,
+ } }
+
+ it { is_expected.to contain_class('tripleo::profile::base::docker') }
+ it { is_expected.to contain_package('docker') }
+ it { is_expected.to contain_service('docker') }
+ it {
+ is_expected.to contain_augeas('docker-sysconfig').with_changes(["set INSECURE_REGISTRY '\"--insecure-registry foo:8787\"'"])
+ }
+ end
+
+ context 'with step 1 and insecure_registry configured but no docker_namespace' do
+ let(:params) { {
+ :insecure_registry => true,
+ :step => 1,
+ } }
+
+ it_raises 'a Puppet::Error', /You must provide a \$docker_namespace in order to configure insecure registry/
+ end
+ end
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let(:facts) do
+ facts.merge({ :hostname => 'node.example.com' })
+ end
+
+ it_behaves_like 'tripleo::profile::base::docker'
+ end
+ end
+end
diff --git a/spec/classes/tripleo_profile_base_neutron_spec.rb b/spec/classes/tripleo_profile_base_neutron_spec.rb
new file mode 100644
index 0000000..504be5b
--- /dev/null
+++ b/spec/classes/tripleo_profile_base_neutron_spec.rb
@@ -0,0 +1,76 @@
+#
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::neutron' do
+ let :params do
+ { :step => 5,
+ :oslomsg_notify_password => 'foobar',
+ :oslomsg_rpc_password => 'foobar'
+ }
+ end
+
+ shared_examples_for 'tripleo::profile::base::neutron' do
+ before :each do
+ facts.merge!({ :step => params[:step] })
+ end
+
+ context 'when no dhcp agents per network set' do
+ before do
+ params.merge!({
+ :dhcp_nodes => ['netcont1.localdomain', 'netcont2.localdomain', 'netcont3.localdomain']
+ })
+ end
+ it 'should equal the number of dhcp agents' do
+ is_expected.to contain_class('neutron').with(:dhcp_agents_per_network => 3)
+ end
+ end
+
+ context 'when dhcp agents per network is set' do
+ before do
+ params.merge!({
+ :dhcp_agents_per_network => 2
+ })
+ end
+ it 'should set the the value' do
+ is_expected.to contain_class('neutron').with(:dhcp_agents_per_network => 2)
+ end
+ end
+
+ context 'when dhcp agents per network is greater than number of agents' do
+ before do
+ params.merge!({
+ :dhcp_nodes => ['netcont1.localdomain', 'netcont2.localdomain'],
+ :dhcp_agents_per_network => 5
+ })
+ end
+ it 'should set value and complain about not enough agents' do
+ is_expected.to contain_class('neutron').with(:dhcp_agents_per_network => 5)
+ end
+ end
+ end
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let(:facts) do
+ facts.merge({ :hostname => 'node.example.com' })
+ end
+
+ it_behaves_like 'tripleo::profile::base::neutron'
+ end
+ end
+end
diff --git a/spec/classes/tripleo_profile_base_nova_api_spec.rb b/spec/classes/tripleo_profile_base_nova_api_spec.rb
index f930342..3a2a685 100644
--- a/spec/classes/tripleo_profile_base_nova_api_spec.rb
+++ b/spec/classes/tripleo_profile_base_nova_api_spec.rb
@@ -22,9 +22,12 @@ describe 'tripleo::profile::base::nova::api' do
<<-eos
class { '::tripleo::profile::base::nova':
step => #{params[:step]},
- messaging_hosts => [ 'localhost' ],
- messaging_username => 'nova',
- messaging_password => 'foo'
+ oslomsg_rpc_hosts => [ 'localhost' ],
+ oslomsg_rpc_username => 'nova',
+ oslomsg_rpc_password => 'foo'
+ }
+ class { '::tripleo::profile::base::nova::authtoken':
+ step => #{params[:step]},
}
eos
end
@@ -56,25 +59,25 @@ eos
is_expected.to contain_class('nova::cell_v2::simple_setup')
is_expected.to contain_class('nova::keystone::authtoken')
is_expected.to contain_class('nova::api')
- is_expected.to contain_class('nova::wsgi::apache_api')
+ is_expected.to_not contain_class('nova::wsgi::apache_api')
is_expected.to contain_class('nova::network::neutron')
}
end
- context 'with step 3 not on bootstrap node' do
+ context 'with step 3 on bootstrap node' do
let(:params) { {
- :step => 3,
- :bootstrap_node => 'other.example.com',
+ :step => 3,
+ :bootstrap_node => 'node.example.com',
} }
it {
is_expected.to contain_class('tripleo::profile::base::nova::api')
is_expected.to contain_class('tripleo::profile::base::nova')
- is_expected.to_not contain_class('nova::db::sync_cell_v2')
- is_expected.to_not contain_class('nova::keystone::authtoken')
- is_expected.to_not contain_class('nova::api')
+ is_expected.to contain_class('nova::cell_v2::simple_setup')
+ is_expected.to contain_class('nova::keystone::authtoken')
+ is_expected.to contain_class('nova::api')
is_expected.to_not contain_class('nova::wsgi::apache_api')
- is_expected.to_not contain_class('nova::network::neutron')
+ is_expected.to contain_class('nova::network::neutron')
}
end
@@ -88,6 +91,24 @@ eos
is_expected.to_not contain_class('nova::db::sync_cell_v2')
is_expected.to contain_class('nova::keystone::authtoken')
is_expected.to contain_class('nova::api')
+ is_expected.to_not contain_class('nova::wsgi::apache_api')
+ is_expected.to contain_class('nova::network::neutron')
+ }
+ end
+
+ context 'with step 4 not on bootstrap node' do
+ let(:params) { {
+ :step => 4,
+ :bootstrap_node => 'other.example.com',
+ :nova_api_wsgi_enabled => true,
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova::api')
+ is_expected.to contain_class('tripleo::profile::base::nova')
+ is_expected.to_not contain_class('nova::db::sync_cell_v2')
+ is_expected.to contain_class('nova::keystone::authtoken')
+ is_expected.to contain_class('nova::api')
is_expected.to contain_class('nova::wsgi::apache_api')
is_expected.to contain_class('nova::network::neutron')
}
diff --git a/spec/classes/tripleo_profile_base_nova_authtoken_spec.rb b/spec/classes/tripleo_profile_base_nova_authtoken_spec.rb
new file mode 100644
index 0000000..f910729
--- /dev/null
+++ b/spec/classes/tripleo_profile_base_nova_authtoken_spec.rb
@@ -0,0 +1,69 @@
+#
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::nova::authtoken' do
+ shared_examples_for 'tripleo::profile::base::nova::authtoken' do
+ context 'with step less than 3' do
+ let(:params) { {
+ :step => 1,
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova::authtoken')
+ is_expected.to_not contain_class('nova::keystone::authtoken')
+ }
+ end
+
+ context 'with step 3' do
+ let(:params) { {
+ :step => 3,
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova::authtoken')
+ is_expected.to contain_class('nova::keystone::authtoken').with(
+ :memcached_servers => ['127.0.0.1:11211'])
+ }
+ end
+
+ context 'with step 3 with ipv6' do
+ let(:params) { {
+ :step => 3,
+ :use_ipv6 => true,
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova::authtoken')
+ is_expected.to contain_class('nova::keystone::authtoken').with(
+ :memcached_servers => ['[::1]:11211'])
+ }
+ end
+
+ end
+
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let(:facts) do
+ facts.merge({ :hostname => 'node.example.com' })
+ end
+
+ it_behaves_like 'tripleo::profile::base::nova::authtoken'
+ end
+ end
+end
diff --git a/spec/classes/tripleo_profile_base_nova_compute_ironic_spec.rb b/spec/classes/tripleo_profile_base_nova_compute_ironic_spec.rb
index 2155695..e916b41 100644
--- a/spec/classes/tripleo_profile_base_nova_compute_ironic_spec.rb
+++ b/spec/classes/tripleo_profile_base_nova_compute_ironic_spec.rb
@@ -35,7 +35,7 @@ describe 'tripleo::profile::base::nova::compute::ironic' do
<<-eos
class { '::tripleo::profile::base::nova':
step => #{params[:step]},
- messaging_hosts => [ '127.0.0.1' ],
+ oslomsg_rpc_hosts => [ '127.0.0.1' ],
}
class { '::tripleo::profile::base::nova::compute':
step => #{params[:step]},
diff --git a/spec/classes/tripleo_profile_base_nova_compute_libvirt_spec.rb b/spec/classes/tripleo_profile_base_nova_compute_libvirt_spec.rb
index 0b33123..32482a9 100644
--- a/spec/classes/tripleo_profile_base_nova_compute_libvirt_spec.rb
+++ b/spec/classes/tripleo_profile_base_nova_compute_libvirt_spec.rb
@@ -36,7 +36,7 @@ describe 'tripleo::profile::base::nova::compute::libvirt' do
<<-eos
class { '::tripleo::profile::base::nova':
step => #{params[:step]},
- messaging_hosts => [ '127.0.0.1' ],
+ oslomsg_rpc_hosts => [ '127.0.0.1' ],
}
class { '::tripleo::profile::base::nova::compute':
step => #{params[:step]},
diff --git a/spec/classes/tripleo_profile_base_nova_compute_spec.rb b/spec/classes/tripleo_profile_base_nova_compute_spec.rb
index a0b2387..d052682 100644
--- a/spec/classes/tripleo_profile_base_nova_compute_spec.rb
+++ b/spec/classes/tripleo_profile_base_nova_compute_spec.rb
@@ -19,7 +19,7 @@ require 'spec_helper'
describe 'tripleo::profile::base::nova::compute' do
shared_examples_for 'tripleo::profile::base::nova::compute' do
- context 'with step less than 4' do
+ context 'with step less than 5' do
let(:params) { { :step => 1, } }
it {
@@ -32,12 +32,12 @@ describe 'tripleo::profile::base::nova::compute' do
}
end
- context 'with step 4' do
+ context 'with step 5' do
let(:pre_condition) do
<<-eos
class { '::tripleo::profile::base::nova':
step => #{params[:step]},
- messaging_hosts => [ '127.0.0.1' ],
+ oslomsg_rpc_hosts => [ '127.0.0.1' ],
}
eos
end
diff --git a/spec/classes/tripleo_profile_base_nova_conductor_spec.rb b/spec/classes/tripleo_profile_base_nova_conductor_spec.rb
index 8cdf8b0..dbb1ef0 100644
--- a/spec/classes/tripleo_profile_base_nova_conductor_spec.rb
+++ b/spec/classes/tripleo_profile_base_nova_conductor_spec.rb
@@ -22,7 +22,7 @@ describe 'tripleo::profile::base::nova::conductor' do
<<-eos
class { '::tripleo::profile::base::nova':
step => #{params[:step]},
- messaging_hosts => [ '127.0.0.1' ],
+ oslomsg_rpc_hosts => [ '127.0.0.1' ],
}
eos
end
diff --git a/spec/classes/tripleo_profile_base_nova_consoleauth_spec.rb b/spec/classes/tripleo_profile_base_nova_consoleauth_spec.rb
index e8a2dff..29b9550 100644
--- a/spec/classes/tripleo_profile_base_nova_consoleauth_spec.rb
+++ b/spec/classes/tripleo_profile_base_nova_consoleauth_spec.rb
@@ -34,7 +34,7 @@ describe 'tripleo::profile::base::nova::consoleauth' do
<<-eos
class { '::tripleo::profile::base::nova':
step => #{params[:step]},
- messaging_hosts => [ '127.0.0.1' ],
+ oslomsg_rpc_hosts => [ '127.0.0.1' ],
}
eos
end
diff --git a/spec/classes/tripleo_profile_base_nova_libvirt_spec.rb b/spec/classes/tripleo_profile_base_nova_libvirt_spec.rb
index d263a74..36a6110 100644
--- a/spec/classes/tripleo_profile_base_nova_libvirt_spec.rb
+++ b/spec/classes/tripleo_profile_base_nova_libvirt_spec.rb
@@ -37,7 +37,7 @@ describe 'tripleo::profile::base::nova::libvirt' do
<<-eos
class { '::tripleo::profile::base::nova':
step => #{params[:step]},
- messaging_hosts => [ '127.0.0.1' ],
+ oslomsg_rpc_hosts => [ '127.0.0.1' ],
}
eos
end
diff --git a/spec/classes/tripleo_profile_base_nova_placement_spec.rb b/spec/classes/tripleo_profile_base_nova_placement_spec.rb
new file mode 100644
index 0000000..2a18320
--- /dev/null
+++ b/spec/classes/tripleo_profile_base_nova_placement_spec.rb
@@ -0,0 +1,124 @@
+#
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::nova::placement' do
+ shared_examples_for 'tripleo::profile::base::nova::placement' do
+ let(:pre_condition) do
+ <<-eos
+ class { '::tripleo::profile::base::nova':
+ step => #{params[:step]},
+ oslomsg_rpc_hosts => [ 'localhost' ],
+ oslomsg_rpc_username => 'nova',
+ oslomsg_rpc_password => 'foo'
+ }
+ class { '::tripleo::profile::base::nova::authtoken':
+ step => #{params[:step]},
+ }
+eos
+ end
+
+ context 'with step less than 3' do
+ let(:params) { {
+ :step => 1,
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova::placement')
+ is_expected.to contain_class('tripleo::profile::base::nova')
+ is_expected.to_not contain_class('nova::keystone::authtoken')
+ is_expected.to_not contain_class('nova::wsgi::apache_placement')
+ }
+ end
+
+ context 'with step less than 3 and internal tls and generate certs' do
+ let(:params) { {
+ :step => 1,
+ :enable_internal_tls => true,
+ :generate_service_certificates => true,
+ :nova_placement_network => 'bar',
+ :certificates_specs => {
+ 'httpd-bar' => {
+ 'hostname' => 'foo',
+ 'service_certificate' => '/foo.pem',
+ 'service_key' => '/foo.key',
+ },
+ }
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova::placement')
+ is_expected.to contain_class('tripleo::profile::base::nova')
+ is_expected.to contain_tripleo__certmonger__httpd('httpd-bar')
+ is_expected.to_not contain_class('nova::keystone::authtoken')
+ is_expected.to_not contain_class('nova::wsgi::apache_placement')
+ }
+ end
+
+
+ context 'with step 3' do
+ let(:params) { {
+ :step => 3,
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova::placement')
+ is_expected.to contain_class('tripleo::profile::base::nova')
+ is_expected.to contain_class('nova::keystone::authtoken')
+ is_expected.to contain_class('nova::wsgi::apache_placement')
+ }
+ end
+
+ context 'with step 3 with enable_internal_tls and skip generate certs' do
+ let(:params) { {
+ :step => 3,
+ :enable_internal_tls => true,
+ :generate_service_certificates => false,
+ :nova_placement_network => 'bar',
+ :certificates_specs => {
+ 'httpd-bar' => {
+ 'hostname' => 'foo',
+ 'service_certificate' => '/foo.pem',
+ 'service_key' => '/foo.key',
+ },
+ }
+
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova::placement')
+ is_expected.to contain_class('tripleo::profile::base::nova')
+ is_expected.to_not contain_tripleo__certmonger__httpd('foo')
+ is_expected.to contain_class('nova::keystone::authtoken')
+ is_expected.to contain_class('nova::wsgi::apache_placement').with(
+ :ssl_cert => '/foo.pem',
+ :ssl_key => '/foo.key')
+ }
+ end
+ end
+
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let(:facts) do
+ facts.merge({ :hostname => 'node.example.com' })
+ end
+
+ it_behaves_like 'tripleo::profile::base::nova::placement'
+ end
+ end
+end
diff --git a/spec/classes/tripleo_profile_base_nova_scheduler_spec.rb b/spec/classes/tripleo_profile_base_nova_scheduler_spec.rb
index 87783c1..eb2372f 100644
--- a/spec/classes/tripleo_profile_base_nova_scheduler_spec.rb
+++ b/spec/classes/tripleo_profile_base_nova_scheduler_spec.rb
@@ -35,7 +35,7 @@ describe 'tripleo::profile::base::nova::scheduler' do
<<-eos
class { '::tripleo::profile::base::nova':
step => #{params[:step]},
- messaging_hosts => [ '127.0.0.1' ],
+ oslomsg_rpc_hosts => [ '127.0.0.1' ],
}
eos
end
diff --git a/spec/classes/tripleo_profile_base_nova_spec.rb b/spec/classes/tripleo_profile_base_nova_spec.rb
index 8ba78af..b5677cc 100644
--- a/spec/classes/tripleo_profile_base_nova_spec.rb
+++ b/spec/classes/tripleo_profile_base_nova_spec.rb
@@ -22,8 +22,8 @@ describe 'tripleo::profile::base::nova' do
context 'with step less than 3' do
let(:params) { {
:step => 1,
- :messaging_hosts => [ 'localhost' ],
- :messaging_password => 'foo'
+ :oslomsg_rpc_hosts => [ 'localhost' ],
+ :oslomsg_rpc_password => 'foo'
} }
it {
@@ -38,9 +38,9 @@ describe 'tripleo::profile::base::nova' do
let(:params) { {
:step => 3,
:bootstrap_node => 'node.example.com',
- :messaging_hosts => [ 'localhost' ],
- :messaging_username => 'nova',
- :messaging_password => 'foo',
+ :oslomsg_rpc_hosts => [ 'localhost' ],
+ :oslomsg_rpc_username => 'nova',
+ :oslomsg_rpc_password => 'foo',
} }
it {
@@ -49,6 +49,7 @@ describe 'tripleo::profile::base::nova' do
:default_transport_url => 'rabbit://nova:foo@localhost:5672/?ssl=0'
)
is_expected.to contain_class('nova::config')
+ is_expected.to contain_class('nova::placement')
is_expected.to contain_class('nova::cache').with(
:enabled => true,
:backend => 'oslo_cache.memcache_pool',
@@ -61,8 +62,8 @@ describe 'tripleo::profile::base::nova' do
let(:params) { {
:step => 3,
:bootstrap_node => 'other.example.com',
- :messaging_hosts => [ 'localhost' ],
- :messaging_password => 'foo'
+ :oslomsg_rpc_hosts => [ 'localhost' ],
+ :oslomsg_rpc_password => 'foo'
} }
it {
@@ -70,6 +71,7 @@ describe 'tripleo::profile::base::nova' do
is_expected.to_not contain_class('nova')
is_expected.to_not contain_class('nova::config')
is_expected.to_not contain_class('nova::cache')
+ is_expected.to_not contain_class('nova::placement')
}
end
@@ -77,8 +79,8 @@ describe 'tripleo::profile::base::nova' do
let(:params) { {
:step => 4,
:bootstrap_node => 'other.example.com',
- :messaging_hosts => [ 'localhost' ],
- :messaging_password => 'foo',
+ :oslomsg_rpc_hosts => [ 'localhost' ],
+ :oslomsg_rpc_password => 'foo',
} }
it {
@@ -86,6 +88,7 @@ describe 'tripleo::profile::base::nova' do
is_expected.to contain_class('nova')
is_expected.to contain_class('nova::config')
is_expected.to contain_class('nova::cache')
+ is_expected.to contain_class('nova::placement')
is_expected.to_not contain_class('nova::migration::libvirt')
}
end
@@ -100,14 +103,15 @@ describe 'tripleo::profile::base::nova' do
:manage_migration => true,
:nova_compute_enabled => true,
:bootstrap_node => 'node.example.com',
- :messaging_hosts => [ 'localhost' ],
- :messaging_password => 'foo',
+ :oslomsg_rpc_hosts => [ 'localhost' ],
+ :oslomsg_rpc_password => 'foo',
} }
it {
is_expected.to contain_class('tripleo::profile::base::nova')
is_expected.to contain_class('nova')
is_expected.to contain_class('nova::config')
+ is_expected.to contain_class('nova::placement')
is_expected.to contain_class('nova::cache')
is_expected.to contain_class('nova::migration::libvirt').with(
:configure_libvirt => params[:libvirt_enabled],
diff --git a/spec/classes/tripleo_profile_base_nova_vncproxy_spec.rb b/spec/classes/tripleo_profile_base_nova_vncproxy_spec.rb
index f077875..902b27c 100644
--- a/spec/classes/tripleo_profile_base_nova_vncproxy_spec.rb
+++ b/spec/classes/tripleo_profile_base_nova_vncproxy_spec.rb
@@ -34,7 +34,7 @@ describe 'tripleo::profile::base::nova::vncproxy' do
<<-eos
class { '::tripleo::profile::base::nova':
step => #{params[:step]},
- messaging_hosts => [ '127.0.0.1' ],
+ oslomsg_rpc_hosts => [ '127.0.0.1' ],
}
eos
end
diff --git a/spec/classes/tripleo_profile_base_octavia_api_spec.rb b/spec/classes/tripleo_profile_base_octavia_api_spec.rb
index d916a32..abc0111 100644
--- a/spec/classes/tripleo_profile_base_octavia_api_spec.rb
+++ b/spec/classes/tripleo_profile_base_octavia_api_spec.rb
@@ -33,13 +33,16 @@ describe 'tripleo::profile::base::octavia::api' do
<<-eos
class { 'tripleo::profile::base::octavia' :
step => #{params[:step]},
- rabbit_user => 'bugs',
- rabbit_password => 'rabbits_R_c00l',
- rabbit_hosts => ['hole.field.com']
+ oslomsg_rpc_username => 'bugs',
+ oslomsg_rpc_password => 'rabbits_R_c00l',
+ oslomsg_rpc_hosts => ['hole.field.com']
}
class { 'octavia::db::mysql':
password => 'some_password'
}
+ class { 'octavia::keystone::authtoken':
+ password => 'some_password'
+ }
eos
end
diff --git a/spec/classes/tripleo_profile_base_octavia_spec.rb b/spec/classes/tripleo_profile_base_octavia_spec.rb
index 89820ef..0070621 100644
--- a/spec/classes/tripleo_profile_base_octavia_spec.rb
+++ b/spec/classes/tripleo_profile_base_octavia_spec.rb
@@ -19,7 +19,7 @@ require 'spec_helper'
describe 'tripleo::profile::base::octavia' do
let :params do
- { :rabbit_hosts => ['some.server.com'],
+ { :oslomsg_rpc_hosts => ['some.server.com'],
:step => 5
}
end
@@ -44,7 +44,7 @@ describe 'tripleo::profile::base::octavia' do
it 'should provide basic initialization' do
is_expected.to contain_class('octavia').with(
- :default_transport_url => 'rabbit://some.server.com:5672/'
+ :default_transport_url => 'rabbit://guest:password@some.server.com:5672/?ssl=0'
)
is_expected.to contain_class('octavia::config')
end
@@ -52,24 +52,24 @@ describe 'tripleo::profile::base::octavia' do
context 'with multiple hosts' do
before do
- params.merge!({ :rabbit_hosts => ['some.server.com', 'someother.server.com'] })
+ params.merge!({ :oslomsg_rpc_hosts => ['some.server.com', 'someother.server.com'] })
end
it 'should construct a multihost URL' do
is_expected.to contain_class('octavia').with(
- :default_transport_url => 'rabbit://some.server.com:5672,someother.server.com:5672/'
+ :default_transport_url => 'rabbit://guest:password@some.server.com:5672,guest:password@someother.server.com:5672/?ssl=0'
)
end
end
context 'with username provided' do
before do
- params.merge!({ :rabbit_user => 'bunny' })
+ params.merge!({ :oslomsg_rpc_username => 'bunny' })
end
it 'should construct URL with username' do
is_expected.to contain_class('octavia').with(
- :default_transport_url => 'rabbit://bunny@some.server.com:5672/'
+ :default_transport_url => 'rabbit://bunny:password@some.server.com:5672/?ssl=0'
)
end
end
@@ -77,15 +77,15 @@ describe 'tripleo::profile::base::octavia' do
context 'with username and password provided' do
before do
params.merge!(
- { :rabbit_user => 'bunny',
- :rabbit_password => 'carrot'
+ { :oslomsg_rpc_username => 'bunny',
+ :oslomsg_rpc_password => 'carrot'
}
)
end
it 'should construct URL with username and password' do
is_expected.to contain_class('octavia').with(
- :default_transport_url => 'rabbit://bunny:carrot@some.server.com:5672/'
+ :default_transport_url => 'rabbit://bunny:carrot@some.server.com:5672/?ssl=0'
)
end
end
@@ -93,16 +93,16 @@ describe 'tripleo::profile::base::octavia' do
context 'with multiple hosts and user info provided' do
before do
params.merge!(
- { :rabbit_hosts => ['some.server.com', 'someother.server.com'],
- :rabbit_user => 'bunny',
- :rabbit_password => 'carrot'
+ { :oslomsg_rpc_hosts => ['some.server.com', 'someother.server.com'],
+ :oslomsg_rpc_username => 'bunny',
+ :oslomsg_rpc_password => 'carrot'
}
)
end
it 'should distributed user info across hosts URL' do
is_expected.to contain_class('octavia').with(
- :default_transport_url => 'rabbit://bunny:carrot@some.server.com:5672,bunny:carrot@someother.server.com:5672/'
+ :default_transport_url => 'rabbit://bunny:carrot@some.server.com:5672,bunny:carrot@someother.server.com:5672/?ssl=0'
)
end
end
diff --git a/spec/classes/tripleo_profile_base_time_ntp_spec.rb b/spec/classes/tripleo_profile_base_time_ntp_spec.rb
new file mode 100644
index 0000000..ec4b55f
--- /dev/null
+++ b/spec/classes/tripleo_profile_base_time_ntp_spec.rb
@@ -0,0 +1,39 @@
+#
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::time::ntp' do
+ shared_examples_for 'tripleo::profile::base::time::ntp' do
+
+ context 'with defaults' do
+ it { is_expected.to contain_class('tripleo::profile::base::time::ntp') }
+ it { is_expected.to contain_service('chronyd').with(
+ :ensure => 'stopped',
+ :enable => false) }
+ it { is_expected.to contain_class('ntp') }
+ end
+ end
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let (:facts) {
+ facts
+ }
+ it_behaves_like 'tripleo::profile::base::time::ntp'
+ end
+ end
+end
diff --git a/spec/classes/tripleo_ui_spec.rb b/spec/classes/tripleo_ui_spec.rb
index 588a944..f3a4f25 100644
--- a/spec/classes/tripleo_ui_spec.rb
+++ b/spec/classes/tripleo_ui_spec.rb
@@ -24,9 +24,20 @@ describe 'tripleo::ui' do
context 'with required parameters' do
let(:params) { {
- :servername => facts[:hostname],
- :bind_host => '127.0.0.1',
- :keystone_url => 'http://127.0.0.1:5000/'
+ :servername => facts[:hostname],
+ :bind_host => '127.0.0.1',
+ :endpoint_proxy_keystone => 'http://127.0.0.1:5000',
+ :endpoint_proxy_zaqar => 'ws://127.0.0.1:9000/zaqar',
+ :endpoint_proxy_heat => 'http://127.0.0.1:8004',
+ :endpoint_proxy_ironic => 'http://127.0.0.1:6385',
+ :endpoint_proxy_mistral => 'http://127.0.0.1:8989',
+ :endpoint_proxy_swift => 'http://127.0.0.1:8080',
+ :endpoint_config_keystone => 'https://127.0.0.1:443/keystone/v2.0',
+ :endpoint_config_zaqar => 'wss://127.0.0.1:443/zaqar',
+ :endpoint_config_heat => 'https://127.0.0.1:443/heat/v1/%(tenant_id)s',
+ :endpoint_config_ironic => 'https://127.0.0.1:443/ironic',
+ :endpoint_config_mistral => 'https://127.0.0.1:443/mistral/v2',
+ :endpoint_config_swift => 'https://127.0.0.1:443/swift/v1/AUTH_%(tenant_id)s'
} }
it 'should configure tripleo ui' do
@@ -42,23 +53,34 @@ describe 'tripleo::ui' do
)
is_expected.to contain_file('/etc/httpd/conf.d/openstack-tripleo-ui.conf').with_content(/cleaned by Puppet/)
is_expected.to contain_file('/var/www/openstack-tripleo-ui/dist/tripleo_ui_config.js')
- .with_content(/"keystone": "http:\/\/127.0.0.1:5000\/"/)
- .with_content(/"zaqar_default_queue": "tripleo"/)
+ .with_content(/'keystone': 'https:\/\/127.0.0.1:443\/keystone\/v2.0'/)
+ .with_content(/'heat': 'https:\/\/127.0.0.1:443\/heat\/v1\/%\(tenant_id\)s'/)
+ .with_content(/'zaqar-websocket': 'wss:\/\/127.0.0.1:443\/zaqar'/)
+ .with_content(/'ironic': 'https:\/\/127.0.0.1:443\/ironic'/)
+ .with_content(/'mistral': 'https:\/\/127.0.0.1:443\/mistral\/v2'/)
+ .with_content(/'swift': 'https:\/\/127.0.0.1:443\/swift\/v1\/AUTH_%\(tenant_id\)s'/)
+ .with_content(/'zaqar_default_queue': 'tripleo'/)
end
end
context 'with all parameters' do
let(:params) { {
- :servername => 'custom.example.com',
- :bind_host => '127.0.0.2',
- :ui_port => 3001,
- :keystone_url => 'http://127.0.0.1:1111/',
- :heat_url => 'http://127.0.0.1:2222/',
- :ironic_url => 'http://127.0.0.1:3333/',
- :mistral_url => 'http://127.0.0.1:4444/',
- :swift_url => 'http://127.0.0.1:5555/',
- :zaqar_websocket_url => 'http://127.0.0.1:6666/',
- :zaqar_default_queue => 'myqueue'
+ :servername => 'custom.example.com',
+ :bind_host => '127.0.0.2',
+ :ui_port => 3001,
+ :endpoint_proxy_keystone => 'http://127.0.0.1:5000',
+ :endpoint_proxy_zaqar => 'ws://127.0.0.1:9000/zaqar',
+ :endpoint_proxy_heat => 'http://127.0.0.1:8004',
+ :endpoint_proxy_ironic => 'http://127.0.0.1:6385',
+ :endpoint_proxy_mistral => 'http://127.0.0.1:8989',
+ :endpoint_proxy_swift => 'http://127.0.0.1:8080',
+ :endpoint_config_keystone => 'https://127.0.0.1:443/keystone/v2.0',
+ :endpoint_config_zaqar => 'wss://127.0.0.1:443/zaqar',
+ :endpoint_config_heat => 'https://127.0.0.1:443/heat/v1/%(tenant_id)s',
+ :endpoint_config_ironic => 'https://127.0.0.1:443/ironic',
+ :endpoint_config_mistral => 'https://127.0.0.1:443/mistral/v2',
+ :endpoint_config_swift => 'https://127.0.0.1:443/swift/v1/AUTH_%(tenant_id)s',
+ :zaqar_default_queue => 'tripleo'
} }
it 'should configure tripleo ui' do
@@ -74,13 +96,13 @@ describe 'tripleo::ui' do
)
is_expected.to contain_file('/etc/httpd/conf.d/openstack-tripleo-ui.conf').with_content(/cleaned by Puppet/)
is_expected.to contain_file('/var/www/openstack-tripleo-ui/dist/tripleo_ui_config.js')
- .with_content(/"keystone": "http:\/\/127.0.0.1:1111\/"/)
- .with_content(/"heat": "http:\/\/127.0.0.1:2222\/"/)
- .with_content(/"ironic": "http:\/\/127.0.0.1:3333\/"/)
- .with_content(/"mistral": "http:\/\/127.0.0.1:4444\/"/)
- .with_content(/"swift": "http:\/\/127.0.0.1:5555\/"/)
- .with_content(/"zaqar-websocket": "http:\/\/127.0.0.1:6666\/"/)
- .with_content(/"zaqar_default_queue": "myqueue"/)
+ .with_content(/'keystone': 'https:\/\/127.0.0.1:443\/keystone\/v2.0'/)
+ .with_content(/'heat': 'https:\/\/127.0.0.1:443\/heat\/v1\/%\(tenant_id\)s'/)
+ .with_content(/'zaqar-websocket': 'wss:\/\/127.0.0.1:443\/zaqar'/)
+ .with_content(/'ironic': 'https:\/\/127.0.0.1:443\/ironic'/)
+ .with_content(/'mistral': 'https:\/\/127.0.0.1:443\/mistral\/v2'/)
+ .with_content(/'swift': 'https:\/\/127.0.0.1:443\/swift\/v1\/AUTH_%\(tenant_id\)s'/)
+ .with_content(/'zaqar_default_queue': 'tripleo'/)
end
end
diff --git a/spec/fixtures/hieradata/default.yaml b/spec/fixtures/hieradata/default.yaml
index 4d5dc99..eadb444 100644
--- a/spec/fixtures/hieradata/default.yaml
+++ b/spec/fixtures/hieradata/default.yaml
@@ -3,14 +3,18 @@ my_hash:
network: '127.0.0.1'
not_hash: string
# aodh profile required hieradata
+aodh::rabbit_password: 'password'
aodh_redis_password: 'password'
redis_vip: '127.0.0.1'
aodh::auth::auth_password: 'password'
aodh::db::mysql::password: 'password'
aodh::keystone::authtoken::password: 'password'
# babican profile required hieradata
+barbican::api::rabbit_password: 'password'
barbican::db::mysql::password: 'password'
barbican::keystone::authtoken::password: 'password'
+# ceilometer related items
+ceilometer::rabbit_password: 'password'
ceilometer::keystone::authtoken::password: 'password'
# ceph related items
ceph::profile::params::mon_key: 'password'
@@ -33,3 +37,5 @@ memcached_node_ips_v6:
- '::1'
memcached_node_ips:
- '127.0.0.1'
+# octavia related items
+octavia::rabbit_password: 'password'
diff --git a/templates/ui/tripleo_ui_config.js.erb b/templates/ui/tripleo_ui_config.js.erb
index fef8afb..c984cc3 100644
--- a/templates/ui/tripleo_ui_config.js.erb
+++ b/templates/ui/tripleo_ui_config.js.erb
@@ -1,14 +1,25 @@
window.tripleOUiConfig = {
- "keystone": "<%= @keystone_url %>",
-
- // The UI automatically discovers below URLs by querying keystone but can be
- // changed here if desired.
- //"heat": "<%= @heat_url %>",
- //"ironic": "<%= @ironic_url %>",
- //"mistral": "<%= @mistral_url %>",
- //"swift": "<%= @swift_url %>",
- //"zaqar-websocket": "<%= @zaqar_websocket_url %>",
+ // Service URLs (defaults to UI host)
+ //
+ // A valid Keystone service URL is required. The other endpoints
+ // will then be obtained automatically from the Keystone catalog.
+ //
+ 'keystone': '<%= @endpoint_config_keystone %>',
+ 'heat': '<%= @endpoint_config_heat %>',
+ 'ironic': '<%= @endpoint_config_ironic %>',
+ 'mistral': '<%= @endpoint_config_mistral %>',
+ 'swift': '<%= @endpoint_config_swift %>',
+ 'zaqar-websocket': '<%= @endpoint_config_zaqar %>',
// Default websocket queue name
- "zaqar_default_queue": "<%= @zaqar_default_queue %>"
+ 'zaqar_default_queue': '<%= @zaqar_default_queue %>',
+
+ // Languages
+ // If you choose more than one language, a language switcher will appear in
+ // the navigation bar.
+ // Only 'en' (English) is enabled by default.
+ 'languages': ['<%= @enabled_languages.join("', '") %>'],
+
+ // Logging
+ // 'loggers': ['console']
};