diff options
28 files changed, 504 insertions, 126 deletions
diff --git a/Puppetfile_extras b/Puppetfile_extras index b927d99..7339074 100644 --- a/Puppetfile_extras +++ b/Puppetfile_extras @@ -28,3 +28,11 @@ mod 'datacat', mod 'etcd', :git => 'https://github.com/cristifalcas/puppet-etcd', :ref => '1.10.0' + +mod 'fdio', + :git => 'https://git.fd.io/puppet-fdio', + :ref => 'master' + +mod 'certmonger', + :git => 'https://github.com/earsdown/puppet-certmonger', + :ref => 'v1.1.1' diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index 13d4ba5..2ed9449 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -750,7 +750,7 @@ class tripleo::haproxy ( 'rsprep' => '^Location:\ http://(.*) Location:\ https://\1', # NOTE(jaosorior): We always redirect to https for the public_virtual_ip. 'redirect' => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }", - 'option' => 'forwardfor', + 'option' => [ 'forwardfor', 'httpchk' ], 'http-request' => [ 'set-header X-Forwarded-Proto https if { ssl_fc }', 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], @@ -762,7 +762,7 @@ class tripleo::haproxy ( } $horizon_options = { 'cookie' => 'SERVERID insert indirect nocache', - 'option' => 'forwardfor', + 'option' => [ 'forwardfor', 'httpchk' ], } } @@ -821,12 +821,20 @@ class tripleo::haproxy ( }, } + + $default_listen_options = { + 'option' => [ 'httpchk', ], + 'http-request' => [ + 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], + } Tripleo::Haproxy::Endpoint { haproxy_listen_bind_param => $haproxy_listen_bind_param, member_options => $haproxy_member_options, public_certificate => $service_certificate, use_internal_certificates => $use_internal_certificates, internal_certificates_specs => $internal_certificates_specs, + listen_options => $default_listen_options, } $stats_base = ['enable', 'uri /'] @@ -852,11 +860,7 @@ class tripleo::haproxy ( ip_addresses => hiera('keystone_admin_api_node_ips', $controller_hosts_real), server_names => hiera('keystone_admin_api_node_names', $controller_hosts_names_real), mode => 'http', - listen_options => { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], - }, + listen_options => merge($default_listen_options, { 'option' => [ 'httpchk GET /v3' ] }), public_ssl_port => $ports[keystone_admin_api_ssl_port], service_network => $keystone_admin_network, member_options => union($haproxy_member_options, $internal_tls_member_options), @@ -864,11 +868,6 @@ class tripleo::haproxy ( } if $keystone_public { - $keystone_listen_opts = { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], - } if $service_certificate { $keystone_public_tls_listen_opts = { 'rsprep' => '^Location:\ http://(.*) Location:\ https://\1', @@ -877,7 +876,9 @@ class tripleo::haproxy ( 'option' => 'forwardfor', } } else { - $keystone_public_tls_listen_opts = {} + $keystone_public_tls_listen_opts = { + 'option' => [ 'httpchk GET /v3', ], + } } ::tripleo::haproxy::endpoint { 'keystone_public': public_virtual_ip => $public_virtual_ip, @@ -886,7 +887,7 @@ class tripleo::haproxy ( ip_addresses => hiera('keystone_public_api_node_ips', $controller_hosts_real), server_names => hiera('keystone_public_api_node_names', $controller_hosts_names_real), mode => 'http', - listen_options => merge($keystone_listen_opts, $keystone_public_tls_listen_opts), + listen_options => merge($default_listen_options, $keystone_public_tls_listen_opts), public_ssl_port => $ports[keystone_public_api_ssl_port], service_network => $keystone_public_network, member_options => union($haproxy_member_options, $internal_tls_member_options), @@ -901,11 +902,6 @@ class tripleo::haproxy ( ip_addresses => hiera('neutron_api_node_ips', $controller_hosts_real), server_names => hiera('neutron_api_node_names', $controller_hosts_names_real), mode => 'http', - listen_options => { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], - }, public_ssl_port => $ports[neutron_api_ssl_port], service_network => $neutron_network, member_options => union($haproxy_member_options, $internal_tls_member_options), @@ -920,11 +916,6 @@ class tripleo::haproxy ( ip_addresses => hiera('cinder_api_node_ips', $controller_hosts_real), server_names => hiera('cinder_api_node_names', $controller_hosts_names_real), mode => 'http', - listen_options => { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], - }, public_ssl_port => $ports[cinder_api_ssl_port], service_network => $cinder_network, member_options => union($haproxy_member_options, $internal_tls_member_options), @@ -939,11 +930,6 @@ class tripleo::haproxy ( ip_addresses => hiera('congress_node_ips', $controller_hosts_real), server_names => hiera('congress_api_node_names', $controller_hosts_names_real), mode => 'http', - listen_options => { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], - }, public_ssl_port => $ports[congress_api_ssl_port], service_network => $congress_network, } @@ -957,11 +943,6 @@ class tripleo::haproxy ( ip_addresses => hiera('manila_api_node_ips', $controller_hosts_real), server_names => hiera('manila_api_node_names', $controller_hosts_names_real), mode => 'http', - listen_options => { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], - }, public_ssl_port => $ports[manila_api_ssl_port], service_network => $manila_network, } @@ -987,11 +968,6 @@ class tripleo::haproxy ( ip_addresses => hiera('tacker_node_ips', $controller_hosts_real), server_names => hiera('tacker_api_node_names', $controller_hosts_names_real), mode => 'http', - listen_options => { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], - }, public_ssl_port => $ports[tacker_api_ssl_port], service_network => $tacker_network, } @@ -1018,11 +994,7 @@ class tripleo::haproxy ( server_names => hiera('glance_api_node_names', $controller_hosts_names_real), public_ssl_port => $ports[glance_api_ssl_port], mode => 'http', - listen_options => { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], - }, + listen_options => merge($default_listen_options, { 'option' => [ 'httpchk GET /healthcheck', ]}), service_network => $glance_api_network, member_options => union($haproxy_member_options, $internal_tls_member_options), } @@ -1037,11 +1009,6 @@ class tripleo::haproxy ( ip_addresses => hiera('nova_api_node_ips', $controller_hosts_real), server_names => hiera('nova_api_node_names', $controller_hosts_names_real), mode => 'http', - listen_options => { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], - }, public_ssl_port => $ports[nova_api_ssl_port], service_network => $nova_osapi_network, #member_options => union($haproxy_member_options, $internal_tls_member_options), @@ -1057,11 +1024,6 @@ class tripleo::haproxy ( ip_addresses => hiera('nova_placement_node_ips', $controller_hosts_real), server_names => hiera('nova_placement_node_names', $controller_hosts_names_real), mode => 'http', - listen_options => { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], - }, public_ssl_port => $ports[nova_placement_ssl_port], service_network => $nova_placement_network, member_options => union($haproxy_member_options, $internal_tls_member_options), @@ -1074,6 +1036,9 @@ class tripleo::haproxy ( service_port => $ports[nova_metadata_port], ip_addresses => hiera('nova_metadata_node_ips', $controller_hosts_real), server_names => hiera('nova_metadata_node_names', $controller_hosts_names_real), + listen_options => { + 'option' => [ 'httpchk', ], + }, service_network => $nova_metadata_network, } } @@ -1085,10 +1050,11 @@ class tripleo::haproxy ( service_port => $ports[nova_novnc_port], ip_addresses => hiera('nova_api_node_ips', $controller_hosts_real), server_names => hiera('nova_api_node_names', $controller_hosts_names_real), - listen_options => { + listen_options => merge($default_listen_options, { + 'option' => [ 'tcpka' ], 'balance' => 'source', 'timeout' => [ 'tunnel 1h' ], - }, + }), public_ssl_port => $ports[nova_novnc_ssl_port], service_network => $nova_novncproxy_network, } @@ -1102,11 +1068,6 @@ class tripleo::haproxy ( ip_addresses => hiera('ec2_api_node_ips', $controller_hosts_real), server_names => hiera('ec2_api_node_names', $controller_hosts_names_real), mode => 'http', - listen_options => { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], - }, public_ssl_port => $ports[ec2_api_ssl_port], service_network => $ec2_api_network, } @@ -1130,11 +1091,6 @@ class tripleo::haproxy ( ip_addresses => hiera('ceilometer_api_node_ips', $controller_hosts_real), server_names => hiera('ceilometer_api_node_names', $controller_hosts_names_real), mode => 'http', - listen_options => { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], - }, public_ssl_port => $ports[ceilometer_api_ssl_port], service_network => $ceilometer_network, member_options => union($haproxy_member_options, $internal_tls_member_options), @@ -1149,11 +1105,6 @@ class tripleo::haproxy ( ip_addresses => hiera('aodh_api_node_ips', $controller_hosts_real), server_names => hiera('aodh_api_node_names', $controller_hosts_names_real), mode => 'http', - listen_options => { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], - }, public_ssl_port => $ports[aodh_api_ssl_port], service_network => $aodh_network, member_options => union($haproxy_member_options, $internal_tls_member_options), @@ -1167,11 +1118,6 @@ class tripleo::haproxy ( service_port => $ports[panko_api_port], ip_addresses => hiera('panko_api_node_ips', $controller_hosts_real), server_names => hiera('panko_api_node_names', $controller_hosts_names_real), - listen_options => { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], - }, public_ssl_port => $ports[panko_api_ssl_port], service_network => $panko_network, member_options => union($haproxy_member_options, $internal_tls_member_options), @@ -1199,11 +1145,6 @@ class tripleo::haproxy ( ip_addresses => hiera('gnocchi_api_node_ips', $controller_hosts_real), server_names => hiera('gnocchi_api_node_names', $controller_hosts_names_real), mode => 'http', - listen_options => { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], - }, public_ssl_port => $ports[gnocchi_api_ssl_port], service_network => $gnocchi_network, member_options => union($haproxy_member_options, $internal_tls_member_options), @@ -1224,6 +1165,7 @@ class tripleo::haproxy ( if $swift_proxy_server { $swift_proxy_server_listen_options = { + 'option' => [ 'httpchk GET /healthcheck', ], 'timeout client' => '2m', 'timeout server' => '2m', } @@ -1241,17 +1183,13 @@ class tripleo::haproxy ( $heat_api_vip = hiera('heat_api_vip', $controller_virtual_ip) $heat_ip_addresses = hiera('heat_api_node_ips', $controller_hosts_real) - $heat_base_options = { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }']} if $service_certificate { $heat_ssl_options = { 'rsprep' => "^Location:\\ http://${public_virtual_ip}(.*) Location:\\ https://${public_virtual_ip}\\1", } - $heat_options = merge($heat_base_options, $heat_ssl_options) + $heat_options = merge($default_listen_options, $heat_ssl_options) } else { - $heat_options = $heat_base_options + $heat_options = $default_listen_options } if $heat_api { diff --git a/manifests/profile/base/aodh.pp b/manifests/profile/base/aodh.pp index d6561a2..da8aaa6 100644 --- a/manifests/profile/base/aodh.pp +++ b/manifests/profile/base/aodh.pp @@ -99,7 +99,7 @@ class tripleo::profile::base::aodh ( default_transport_url => os_transport_url({ 'transport' => $oslomsg_rpc_proto, 'hosts' => $oslomsg_rpc_hosts, - 'port' => sprintf('%s', $oslomsg_rpc_port), + 'port' => $oslomsg_rpc_port, 'username' => $oslomsg_rpc_username, 'password' => $oslomsg_rpc_password, 'ssl' => $oslomsg_use_ssl_real, @@ -107,7 +107,7 @@ class tripleo::profile::base::aodh ( notification_transport_url => os_transport_url({ 'transport' => $oslomsg_notify_proto, 'hosts' => $oslomsg_notify_hosts, - 'port' => sprintf('%s', $oslomsg_notify_port), + 'port' => $oslomsg_notify_port, 'username' => $oslomsg_notify_username, 'password' => $oslomsg_notify_password, 'ssl' => $oslomsg_use_ssl_real, diff --git a/manifests/profile/base/barbican/api.pp b/manifests/profile/base/barbican/api.pp index 64c2b62..22984b1 100644 --- a/manifests/profile/base/barbican/api.pp +++ b/manifests/profile/base/barbican/api.pp @@ -153,7 +153,7 @@ class tripleo::profile::base::barbican::api ( default_transport_url => os_transport_url({ 'transport' => $oslomsg_rpc_proto, 'hosts' => $oslomsg_rpc_hosts, - 'port' => sprintf('%s', $oslomsg_rpc_port), + 'port' => $oslomsg_rpc_port, 'username' => $oslomsg_rpc_username, 'password' => $oslomsg_rpc_password, 'ssl' => $oslomsg_use_ssl_real, @@ -161,7 +161,7 @@ class tripleo::profile::base::barbican::api ( notification_transport_url => os_transport_url({ 'transport' => $oslomsg_notify_proto, 'hosts' => $oslomsg_notify_hosts, - 'port' => sprintf('%s', $oslomsg_notify_port), + 'port' => $oslomsg_notify_port, 'username' => $oslomsg_notify_username, 'password' => $oslomsg_notify_password, 'ssl' => $oslomsg_use_ssl_real, diff --git a/manifests/profile/base/ceilometer.pp b/manifests/profile/base/ceilometer.pp index 61575d1..2855bd2 100644 --- a/manifests/profile/base/ceilometer.pp +++ b/manifests/profile/base/ceilometer.pp @@ -88,7 +88,7 @@ class tripleo::profile::base::ceilometer ( default_transport_url => os_transport_url({ 'transport' => $oslomsg_rpc_proto, 'hosts' => $oslomsg_rpc_hosts, - 'port' => sprintf('%s', $oslomsg_rpc_port), + 'port' => $oslomsg_rpc_port, 'username' => $oslomsg_rpc_username, 'password' => $oslomsg_rpc_password, 'ssl' => $oslomsg_use_ssl_real, @@ -96,7 +96,7 @@ class tripleo::profile::base::ceilometer ( notification_transport_url => os_transport_url({ 'transport' => $oslomsg_notify_proto, 'hosts' => $oslomsg_notify_hosts, - 'port' => sprintf('%s', $oslomsg_notify_port), + 'port' => $oslomsg_notify_port, 'username' => $oslomsg_notify_username, 'password' => $oslomsg_notify_password, 'ssl' => $oslomsg_use_ssl_real, diff --git a/manifests/profile/base/ceilometer/agent/polling.pp b/manifests/profile/base/ceilometer/agent/polling.pp new file mode 100644 index 0000000..3706c2e --- /dev/null +++ b/manifests/profile/base/ceilometer/agent/polling.pp @@ -0,0 +1,64 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::ceilometer::agent::polling +# +# Ceilometer polling Agent profile for tripleo +# +# === Parameters +# +# [*central_namespace*] +# (Optional) Use central namespace for polling agent. +# Defaults to false. +# +# [*compute_namespace*] +# (Optional) Use compute namespace for polling agent. +# Defaults to false. +# +# [*ipmi_namespace*] +# (Optional) Use ipmi namespace for polling agent. +# Defaults to false. +# +# [*ceilometer_redis_password*] +# (Optional) redis password to configure coordination url +# +# [*redis_vip*] +# (Optional) redis vip to configure coordination url +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::ceilometer::agent::polling ( + $central_namespace = hiera('central_namespace', false), + $compute_namespace = hiera('compute_namespace', false), + $ipmi_namespace = hiera('ipmi_namespace', false), + $ceilometer_redis_password = hiera('ceilometer_redis_password', undef), + $redis_vip = hiera('redis_vip', undef), + $step = hiera('step'), +) { + include ::tripleo::profile::base::ceilometer + + if $step >= 4 { + include ::ceilometer::agent::auth + class { '::ceilometer::agent::polling': + central_namespace => $central_namespace, + compute_namespace => $compute_namespace, + ipmi_namespace => $ipmi_namespace, + coordination_url => join(['redis://:', $ceilometer_redis_password, '@', normalize_ip_for_uri($redis_vip), ':6379/']), + } + } + +} diff --git a/manifests/profile/base/cinder.pp b/manifests/profile/base/cinder.pp index d6fad03..fc3c659 100644 --- a/manifests/profile/base/cinder.pp +++ b/manifests/profile/base/cinder.pp @@ -102,7 +102,7 @@ class tripleo::profile::base::cinder ( default_transport_url => os_transport_url({ 'transport' => $oslomsg_rpc_proto, 'hosts' => $oslomsg_rpc_hosts, - 'port' => sprintf('%s', $oslomsg_rpc_port), + 'port' => $oslomsg_rpc_port, 'username' => $oslomsg_rpc_username, 'password' => $oslomsg_rpc_password, 'ssl' => $oslomsg_use_ssl_real, @@ -112,7 +112,7 @@ class tripleo::profile::base::cinder ( notification_transport_url => os_transport_url({ 'transport' => $oslomsg_notify_proto, 'hosts' => $oslomsg_notify_hosts, - 'port' => sprintf('%s', $oslomsg_notify_port), + 'port' => $oslomsg_notify_port, 'username' => $oslomsg_notify_username, 'password' => $oslomsg_notify_password, 'ssl' => $oslomsg_use_ssl_real, diff --git a/manifests/profile/base/docker_registry.pp b/manifests/profile/base/docker_registry.pp index ebe84bf..0452575 100644 --- a/manifests/profile/base/docker_registry.pp +++ b/manifests/profile/base/docker_registry.pp @@ -38,7 +38,8 @@ class tripleo::profile::base::docker_registry ( ) { # We want a v2 registry package{'docker-registry': - ensure => absent, + ensure => absent, + allow_virtual => false, } package{'docker-distribution': } package{'docker': } diff --git a/manifests/profile/base/heat.pp b/manifests/profile/base/heat.pp index 171f51b..4ff5b41 100644 --- a/manifests/profile/base/heat.pp +++ b/manifests/profile/base/heat.pp @@ -107,14 +107,12 @@ class tripleo::profile::base::heat ( $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) - # TODO(ccamacho): remove sprintf once we properly type the port, needs - # to be a string for the os_transport_url function. class { '::heat' : notification_driver => $notification_driver, default_transport_url => os_transport_url({ 'transport' => $oslomsg_rpc_proto, 'hosts' => $oslomsg_rpc_hosts, - 'port' => sprintf('%s', $oslomsg_rpc_port), + 'port' => $oslomsg_rpc_port, 'username' => $oslomsg_rpc_username, 'password' => $oslomsg_rpc_password, 'ssl' => $oslomsg_use_ssl_real, @@ -122,7 +120,7 @@ class tripleo::profile::base::heat ( notification_transport_url => os_transport_url({ 'transport' => $oslomsg_notify_proto, 'hosts' => $oslomsg_notify_hosts, - 'port' => sprintf('%s', $oslomsg_notify_port), + 'port' => $oslomsg_notify_port, 'username' => $oslomsg_notify_username, 'password' => $oslomsg_notify_password, 'ssl' => $oslomsg_use_ssl_real, diff --git a/manifests/profile/base/horizon.pp b/manifests/profile/base/horizon.pp index 1849435..278c25c 100644 --- a/manifests/profile/base/horizon.pp +++ b/manifests/profile/base/horizon.pp @@ -25,11 +25,11 @@ # # [*neutron_options*] # (Optional) A hash of parameters to enable features specific to Neutron -# Defaults to hiera('horizon::neutron_options', undef) +# Defaults to hiera('horizon::neutron_options', {}) # class tripleo::profile::base::horizon ( $step = hiera('step'), - $neutron_options = hiera('horizon::neutron_options', undef), + $neutron_options = hiera('horizon::neutron_options', {}), ) { if $step >= 4 { # Horizon diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index 6933c09..9b2fc51 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -193,7 +193,7 @@ class tripleo::profile::base::keystone ( default_transport_url => os_transport_url({ 'transport' => $oslomsg_rpc_proto, 'hosts' => $oslomsg_rpc_hosts, - 'port' => sprintf('%s', $oslomsg_rpc_port), + 'port' => $oslomsg_rpc_port, 'username' => $oslomsg_rpc_username, 'password' => $oslomsg_rpc_password, 'ssl' => $oslomsg_use_ssl_real, @@ -201,7 +201,7 @@ class tripleo::profile::base::keystone ( notification_transport_url => os_transport_url({ 'transport' => $oslomsg_notify_proto, 'hosts' => $oslomsg_notify_hosts, - 'port' => sprintf('%s', $oslomsg_notify_port), + 'port' => $oslomsg_notify_port, 'username' => $oslomsg_notify_username, 'password' => $oslomsg_notify_password, 'ssl' => $oslomsg_use_ssl_real, diff --git a/manifests/profile/base/manila.pp b/manifests/profile/base/manila.pp index 87179ab..cad2cdf 100644 --- a/manifests/profile/base/manila.pp +++ b/manifests/profile/base/manila.pp @@ -97,7 +97,7 @@ class tripleo::profile::base::manila ( default_transport_url => os_transport_url({ 'transport' => $oslomsg_rpc_proto, 'hosts' => $oslomsg_rpc_hosts, - 'port' => sprintf('%s', $oslomsg_rpc_port), + 'port' => $oslomsg_rpc_port, 'username' => $oslomsg_rpc_username, 'password' => $oslomsg_rpc_password, 'ssl' => $oslomsg_use_ssl_real, @@ -105,7 +105,7 @@ class tripleo::profile::base::manila ( notification_transport_url => os_transport_url({ 'transport' => $oslomsg_notify_proto, 'hosts' => $oslomsg_notify_hosts, - 'port' => sprintf('%s', $oslomsg_notify_port), + 'port' => $oslomsg_notify_port, 'username' => $oslomsg_notify_username, 'password' => $oslomsg_notify_password, 'ssl' => $oslomsg_use_ssl_real, diff --git a/manifests/profile/base/mistral.pp b/manifests/profile/base/mistral.pp index 05773ac..0eb849d 100644 --- a/manifests/profile/base/mistral.pp +++ b/manifests/profile/base/mistral.pp @@ -98,7 +98,7 @@ class tripleo::profile::base::mistral ( default_transport_url => os_transport_url({ 'transport' => $oslomsg_rpc_proto, 'hosts' => $oslomsg_rpc_hosts, - 'port' => sprintf('%s', $oslomsg_rpc_port), + 'port' => $oslomsg_rpc_port, 'username' => $oslomsg_rpc_username, 'password' => $oslomsg_rpc_password, 'ssl' => $oslomsg_use_ssl_real, @@ -106,7 +106,7 @@ class tripleo::profile::base::mistral ( notification_transport_url => os_transport_url({ 'transport' => $oslomsg_notify_proto, 'hosts' => $oslomsg_notify_hosts, - 'port' => sprintf('%s', $oslomsg_notify_port), + 'port' => $oslomsg_notify_port, 'username' => $oslomsg_notify_username, 'password' => $oslomsg_notify_password, 'ssl' => $oslomsg_use_ssl_real, diff --git a/manifests/profile/base/neutron.pp b/manifests/profile/base/neutron.pp index 271003e..0d647f8 100644 --- a/manifests/profile/base/neutron.pp +++ b/manifests/profile/base/neutron.pp @@ -86,7 +86,7 @@ class tripleo::profile::base::neutron ( default_transport_url => os_transport_url({ 'transport' => $oslomsg_rpc_proto, 'hosts' => $oslomsg_rpc_hosts, - 'port' => sprintf('%s', $oslomsg_rpc_port), + 'port' => $oslomsg_rpc_port, 'username' => $oslomsg_rpc_username, 'password' => $oslomsg_rpc_password, 'ssl' => $oslomsg_use_ssl_real, @@ -94,7 +94,7 @@ class tripleo::profile::base::neutron ( notification_transport_url => os_transport_url({ 'transport' => $oslomsg_notify_proto, 'hosts' => $oslomsg_notify_hosts, - 'port' => sprintf('%s', $oslomsg_notify_port), + 'port' => $oslomsg_notify_port, 'username' => $oslomsg_notify_username, 'password' => $oslomsg_notify_password, 'ssl' => $oslomsg_use_ssl_real, diff --git a/manifests/profile/base/nova.pp b/manifests/profile/base/nova.pp index 7daed83..36425f6 100644 --- a/manifests/profile/base/nova.pp +++ b/manifests/profile/base/nova.pp @@ -114,13 +114,11 @@ class tripleo::profile::base::nova ( if $step >= 4 or ($step >= 3 and $sync_db) { $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) - # TODO(ccamacho): remove sprintf once we properly type the port, needs - # to be a string for the os_transport_url function. class { '::nova' : default_transport_url => os_transport_url({ 'transport' => $oslomsg_rpc_proto, 'hosts' => $oslomsg_rpc_hosts, - 'port' => sprintf('%s', $oslomsg_rpc_port), + 'port' => $oslomsg_rpc_port, 'username' => $oslomsg_rpc_username, 'password' => $oslomsg_rpc_password, 'ssl' => $oslomsg_use_ssl_real, @@ -128,7 +126,7 @@ class tripleo::profile::base::nova ( notification_transport_url => os_transport_url({ 'transport' => $oslomsg_notify_proto, 'hosts' => $oslomsg_notify_hosts, - 'port' => sprintf('%s', $oslomsg_notify_port), + 'port' => $oslomsg_notify_port, 'username' => $oslomsg_notify_username, 'password' => $oslomsg_notify_password, 'ssl' => $oslomsg_use_ssl_real, diff --git a/manifests/profile/base/nova/api.pp b/manifests/profile/base/nova/api.pp index 287d14c..cda2b66 100644 --- a/manifests/profile/base/nova/api.pp +++ b/manifests/profile/base/nova/api.pp @@ -75,6 +75,7 @@ class tripleo::profile::base::nova::api ( } include ::tripleo::profile::base::nova + include ::tripleo::profile::base::nova::authtoken if $step >= 3 and $sync_db { include ::nova::cell_v2::simple_setup @@ -82,16 +83,6 @@ class tripleo::profile::base::nova::api ( if $step >= 4 or ($step >= 3 and $sync_db) { - if hiera('nova::use_ipv6', false) { - $memcache_servers = suffix(any2array(normalize_ip_for_uri(hiera('memcached_node_ips_v6'))), ':11211') - } else { - $memcache_servers = suffix(any2array(normalize_ip_for_uri(hiera('memcached_node_ips'))), ':11211') - } - - class { '::nova::keystone::authtoken': - memcached_servers => $memcache_servers - } - class { '::nova::api': sync_db => $sync_db, sync_db_api => $sync_db, diff --git a/manifests/profile/base/nova/authtoken.pp b/manifests/profile/base/nova/authtoken.pp new file mode 100644 index 0000000..ee6c331 --- /dev/null +++ b/manifests/profile/base/nova/authtoken.pp @@ -0,0 +1,56 @@ +# Copyright 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::nova::authtoken +# +# Nova authtoken profile for TripleO +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +# [*use_ipv6*] +# (Optional) Flag indicating if ipv6 should be used for caching +# Defaults to hiera('nova::use_ipv6', false) +# +# [*memcache_nodes_ipv6*] +# (Optional) Array of ipv6 addresses for memcache. Used if use_ipv6 is true. +# Defaults to hiera('memcached_node_ipvs_v6', ['::1']) +# +# [*memcache_nodes_ipv4*] +# (Optional) Array of ipv4 addresses for memcache. Used by default unless +# use_ipv6 is set to true. +# Defaults to hiera('memcached_node_ips', ['127.0.0.1']) +# +class tripleo::profile::base::nova::authtoken ( + $step = hiera('step'), + $use_ipv6 = hiera('nova::use_ipv6', false), + $memcache_nodes_ipv6 = hiera('memcached_node_ips_v6', ['::1']), + $memcache_nodes_ipv4 = hiera('memcached_node_ips', ['127.0.0.1']), +) { + + if $step >= 3 { + $memcached_ips = $use_ipv6 ? { + true => $memcache_nodes_ipv6, + default => $memcache_nodes_ipv4 + } + + $memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211') + + class { '::nova::keystone::authtoken': + memcached_servers => $memcache_servers + } + } +} diff --git a/manifests/profile/base/nova/placement.pp b/manifests/profile/base/nova/placement.pp index c429373..46658b8 100644 --- a/manifests/profile/base/nova/placement.pp +++ b/manifests/profile/base/nova/placement.pp @@ -69,6 +69,7 @@ class tripleo::profile::base::nova::placement ( } include ::tripleo::profile::base::nova + include ::tripleo::profile::base::nova::authtoken if $enable_internal_tls { if $generate_service_certificates { diff --git a/manifests/profile/base/sahara.pp b/manifests/profile/base/sahara.pp index 9633dc3..c9c656d 100644 --- a/manifests/profile/base/sahara.pp +++ b/manifests/profile/base/sahara.pp @@ -98,7 +98,7 @@ class tripleo::profile::base::sahara ( default_transport_url => os_transport_url({ 'transport' => $oslomsg_rpc_proto, 'hosts' => $oslomsg_rpc_hosts, - 'port' => sprintf('%s', $oslomsg_rpc_port), + 'port' => $oslomsg_rpc_port, 'username' => $oslomsg_rpc_username, 'password' => $oslomsg_rpc_password, 'ssl' => $oslomsg_use_ssl_real, @@ -108,7 +108,7 @@ class tripleo::profile::base::sahara ( notification_transport_url => os_transport_url({ 'transport' => $oslomsg_notify_proto, 'hosts' => $oslomsg_notify_hosts, - 'port' => sprintf('%s', $oslomsg_notify_port), + 'port' => $oslomsg_notify_port, 'username' => $oslomsg_notify_username, 'password' => $oslomsg_notify_password, 'ssl' => $oslomsg_use_ssl_real, diff --git a/manifests/profile/base/vpp.pp b/manifests/profile/base/vpp.pp new file mode 100644 index 0000000..05f52f9 --- /dev/null +++ b/manifests/profile/base/vpp.pp @@ -0,0 +1,32 @@ +# Copyright 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::vpp +# +# vpp profile for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::vpp ( + $step = hiera('step'), +) { + if $step >= 1 { + include ::fdio + } +} diff --git a/releasenotes/notes/add-ceilo-polling-agent-53fab550a09a6196.yaml b/releasenotes/notes/add-ceilo-polling-agent-53fab550a09a6196.yaml new file mode 100644 index 0000000..127991b --- /dev/null +++ b/releasenotes/notes/add-ceilo-polling-agent-53fab550a09a6196.yaml @@ -0,0 +1,6 @@ +--- +features: + - Add support for cielometer polling agent. The central, compute and ipmi + agent services should use polling agent with namespace. This has been + done in packaging already since few releases now. Let puppet do it + correctly as well. diff --git a/releasenotes/notes/bugfix-1664561-50d76b25addb08dd.yaml b/releasenotes/notes/bugfix-1664561-50d76b25addb08dd.yaml new file mode 100644 index 0000000..0eb90de --- /dev/null +++ b/releasenotes/notes/bugfix-1664561-50d76b25addb08dd.yaml @@ -0,0 +1,4 @@ +--- +fixes: + - Bugfix 1664561. Removing the string cast when using + the os_transport_url function. diff --git a/releasenotes/notes/httpchk-for-haproxy-http-services-ace7d9bf94610ed9.yaml b/releasenotes/notes/httpchk-for-haproxy-http-services-ace7d9bf94610ed9.yaml new file mode 100644 index 0000000..4c9d763 --- /dev/null +++ b/releasenotes/notes/httpchk-for-haproxy-http-services-ace7d9bf94610ed9.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Enabled httpdchk in HAProxy for http based services to reduce situtations + where the port may be open but the service is not actively serving http + requests. diff --git a/releasenotes/notes/vpp-7368457faab68824.yaml b/releasenotes/notes/vpp-7368457faab68824.yaml new file mode 100644 index 0000000..94264c5 --- /dev/null +++ b/releasenotes/notes/vpp-7368457faab68824.yaml @@ -0,0 +1,7 @@ +--- +features: + - | + Add profiles for VPP service. Vector Packet Processing (VPP) is a high + performance packet processing stack that runs in user space in Linux. + VPP is used as an alternative to kernel networking stack for accelerated + network data path. diff --git a/spec/classes/tripleo_profile_base_ceilometer_agent_polling_spec.rb b/spec/classes/tripleo_profile_base_ceilometer_agent_polling_spec.rb new file mode 100644 index 0000000..38c94c6 --- /dev/null +++ b/spec/classes/tripleo_profile_base_ceilometer_agent_polling_spec.rb @@ -0,0 +1,72 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::ceilometer::agent::polling' do + shared_examples_for 'tripleo::profile::base::ceilometer::agent::polling' do + before :each do + facts.merge!({ :step => params[:step] }) + end + + let(:pre_condition) do + "class { '::tripleo::profile::base::ceilometer': step => #{params[:step]}, oslomsg_rpc_hosts => ['localhost.localdomain'] }" + end + + context 'with step less than 4' do + let(:params) { { :step => 3 } } + + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::ceilometer::agent::polling') + is_expected.to_not contain_class('ceilometer::agent::polling') + end + end + + context 'with step 4 on polling agent' do + + let(:pre_condition) do + "class { '::ceilometer::agent::auth': auth_password => 'password' }" + end + + let(:params) { { + :step => 4, + :ceilometer_redis_password => 'password', + :redis_vip => '127.0.0.1', + :central_namespace => true + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('ceilometer::agent::polling').with( + :central_namespace => true, + :compute_namespace => false, + :ipmi_namespace => false, + :coordination_url => 'redis://:password@127.0.0.1:6379/', + ) + end + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::ceilometer::agent::polling' + end + end +end diff --git a/spec/classes/tripleo_profile_base_nova_api_spec.rb b/spec/classes/tripleo_profile_base_nova_api_spec.rb index 070a1f1..3a2a685 100644 --- a/spec/classes/tripleo_profile_base_nova_api_spec.rb +++ b/spec/classes/tripleo_profile_base_nova_api_spec.rb @@ -26,6 +26,9 @@ describe 'tripleo::profile::base::nova::api' do oslomsg_rpc_username => 'nova', oslomsg_rpc_password => 'foo' } + class { '::tripleo::profile::base::nova::authtoken': + step => #{params[:step]}, + } eos end diff --git a/spec/classes/tripleo_profile_base_nova_authtoken_spec.rb b/spec/classes/tripleo_profile_base_nova_authtoken_spec.rb new file mode 100644 index 0000000..f910729 --- /dev/null +++ b/spec/classes/tripleo_profile_base_nova_authtoken_spec.rb @@ -0,0 +1,69 @@ +# +# Copyright (C) 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::nova::authtoken' do + shared_examples_for 'tripleo::profile::base::nova::authtoken' do + context 'with step less than 3' do + let(:params) { { + :step => 1, + } } + + it { + is_expected.to contain_class('tripleo::profile::base::nova::authtoken') + is_expected.to_not contain_class('nova::keystone::authtoken') + } + end + + context 'with step 3' do + let(:params) { { + :step => 3, + } } + + it { + is_expected.to contain_class('tripleo::profile::base::nova::authtoken') + is_expected.to contain_class('nova::keystone::authtoken').with( + :memcached_servers => ['127.0.0.1:11211']) + } + end + + context 'with step 3 with ipv6' do + let(:params) { { + :step => 3, + :use_ipv6 => true, + } } + + it { + is_expected.to contain_class('tripleo::profile::base::nova::authtoken') + is_expected.to contain_class('nova::keystone::authtoken').with( + :memcached_servers => ['[::1]:11211']) + } + end + + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::nova::authtoken' + end + end +end diff --git a/spec/classes/tripleo_profile_base_nova_placement_spec.rb b/spec/classes/tripleo_profile_base_nova_placement_spec.rb new file mode 100644 index 0000000..2a18320 --- /dev/null +++ b/spec/classes/tripleo_profile_base_nova_placement_spec.rb @@ -0,0 +1,124 @@ +# +# Copyright (C) 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::nova::placement' do + shared_examples_for 'tripleo::profile::base::nova::placement' do + let(:pre_condition) do + <<-eos + class { '::tripleo::profile::base::nova': + step => #{params[:step]}, + oslomsg_rpc_hosts => [ 'localhost' ], + oslomsg_rpc_username => 'nova', + oslomsg_rpc_password => 'foo' + } + class { '::tripleo::profile::base::nova::authtoken': + step => #{params[:step]}, + } +eos + end + + context 'with step less than 3' do + let(:params) { { + :step => 1, + } } + + it { + is_expected.to contain_class('tripleo::profile::base::nova::placement') + is_expected.to contain_class('tripleo::profile::base::nova') + is_expected.to_not contain_class('nova::keystone::authtoken') + is_expected.to_not contain_class('nova::wsgi::apache_placement') + } + end + + context 'with step less than 3 and internal tls and generate certs' do + let(:params) { { + :step => 1, + :enable_internal_tls => true, + :generate_service_certificates => true, + :nova_placement_network => 'bar', + :certificates_specs => { + 'httpd-bar' => { + 'hostname' => 'foo', + 'service_certificate' => '/foo.pem', + 'service_key' => '/foo.key', + }, + } + } } + + it { + is_expected.to contain_class('tripleo::profile::base::nova::placement') + is_expected.to contain_class('tripleo::profile::base::nova') + is_expected.to contain_tripleo__certmonger__httpd('httpd-bar') + is_expected.to_not contain_class('nova::keystone::authtoken') + is_expected.to_not contain_class('nova::wsgi::apache_placement') + } + end + + + context 'with step 3' do + let(:params) { { + :step => 3, + } } + + it { + is_expected.to contain_class('tripleo::profile::base::nova::placement') + is_expected.to contain_class('tripleo::profile::base::nova') + is_expected.to contain_class('nova::keystone::authtoken') + is_expected.to contain_class('nova::wsgi::apache_placement') + } + end + + context 'with step 3 with enable_internal_tls and skip generate certs' do + let(:params) { { + :step => 3, + :enable_internal_tls => true, + :generate_service_certificates => false, + :nova_placement_network => 'bar', + :certificates_specs => { + 'httpd-bar' => { + 'hostname' => 'foo', + 'service_certificate' => '/foo.pem', + 'service_key' => '/foo.key', + }, + } + + } } + + it { + is_expected.to contain_class('tripleo::profile::base::nova::placement') + is_expected.to contain_class('tripleo::profile::base::nova') + is_expected.to_not contain_tripleo__certmonger__httpd('foo') + is_expected.to contain_class('nova::keystone::authtoken') + is_expected.to contain_class('nova::wsgi::apache_placement').with( + :ssl_cert => '/foo.pem', + :ssl_key => '/foo.key') + } + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::nova::placement' + end + end +end |