diff options
| -rw-r--r-- | .fixtures.yml | 21 | ||||
| -rw-r--r-- | Gemfile | 5 | ||||
| -rw-r--r-- | lib/facter/netmask_ipv6.rb | 47 | ||||
| -rw-r--r-- | lib/puppet/parser/functions/extract_id.rb | 14 | ||||
| -rw-r--r-- | lib/puppet/parser/functions/interface_for_ip.rb | 32 | ||||
| -rw-r--r-- | lib/puppet/parser/functions/list_to_zookeeper_hash.rb | 24 | ||||
| -rw-r--r-- | manifests/cluster/cassandra.pp | 73 | ||||
| -rw-r--r-- | manifests/cluster/zookeeper.pp | 69 | ||||
| -rw-r--r-- | manifests/loadbalancer.pp | 144 | ||||
| -rw-r--r-- | manifests/network/midonet/agent.pp | 66 | ||||
| -rw-r--r-- | manifests/network/midonet/api.pp | 122 | ||||
| -rw-r--r-- | manifests/packages.pp | 21 | ||||
| -rw-r--r-- | manifests/ssl/cinder_config.pp | 28 | ||||
| -rw-r--r-- | spec/classes/tripleo_cluster_cassandra_spec.rb | 54 | ||||
| -rw-r--r-- | spec/classes/tripleo_cluster_zookeeper_spec.rb | 115 | ||||
| -rw-r--r-- | spec/classes/tripleo_firewall_spec.rb | 5 | ||||
| -rw-r--r-- | spec/classes/tripleo_midonet_agent_spec.rb | 62 | ||||
| -rw-r--r-- | spec/classes/tripleo_midonet_api_spec.rb | 72 | ||||
| -rw-r--r-- | spec/classes/tripleo_packages_spec.rb | 52 | ||||
| -rw-r--r-- | spec/spec_helper.rb | 5 |
20 files changed, 1007 insertions, 24 deletions
diff --git a/.fixtures.yml b/.fixtures.yml index e3ab8f9..69512da 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -2,5 +2,26 @@ fixtures: repositories: 'firewall': 'git://github.com/puppetlabs/puppetlabs-firewall.git' 'stdlib': 'git://github.com/puppetlabs/puppetlabs-stdlib.git' + 'midonet': + repo: 'git://github.com/midonet/puppet-midonet.git' + ref: 'v2015.06.7' + 'tomcat': + repo: 'git://github.com/puppetlabs/puppetlabs-tomcat.git' + ref: '1.3.2' + 'inifile': + repo: 'git://github.com/puppetlabs/puppetlabs-inifile.git' + ref: '1.4.2' + 'cassandra': + repo: 'git://github.com/locp/cassandra.git' + ref: '1.9.2' + 'zookeeper': + repo: 'git://github.com/deric/puppet-zookeeper.git' + ref: 'v0.3.9' + 'datacat': + repo: 'git://github.com/richardc/puppet-datacat' + ref: '0.6.2' + 'java': + repo: 'git://github.com/puppetlabs/puppetlabs-java' + ref: '1.4.2' symlinks: "tripleo": "#{source_dir}" @@ -13,7 +13,10 @@ group :development, :test do gem 'puppet-lint-variable_contains_upcase', :require => 'false' gem 'puppet-lint-numericvariable', :require => 'false' gem 'json', :require => 'false' - gem 'webmock', :require => 'false' + # adding 'psych' explicitly + # https://github.com/bundler/bundler/issues/2068 + # TODO: drop it in a future release of 'bundle'. + gem 'psych', :require => 'false' end group :system_tests do diff --git a/lib/facter/netmask_ipv6.rb b/lib/facter/netmask_ipv6.rb new file mode 100644 index 0000000..5261485 --- /dev/null +++ b/lib/facter/netmask_ipv6.rb @@ -0,0 +1,47 @@ +require 'ipaddr' + +def netmask6(value) + if value + ip = IPAddr.new('::0').mask(value) + ip.inspect.split('/')[1].gsub('>', '') + end +end + +if Facter.value('facterversion')[0].to_i < 3 + Facter::Util::IP.get_interfaces.each do |interface| + Facter.add('netmask6_' + Facter::Util::IP.alphafy(interface)) do + setcode do + tmp = [] + regex = %r{inet6\s+.*\s+(?:prefixlen)\s+(\d+)}x + output_int = Facter::Util::IP.get_output_for_interface_and_label(interface, 'netmask6') + + output_int.each_line do |line| + prefixlen = nil + matches = line.match(regex) + prefixlen = matches[1] if matches + + if prefixlen + value = netmask6(prefixlen) + tmp.push(value) + end + end + + tmp.shift if tmp + end + end + end + + Facter.add('netmask6') do + setcode do + prefixlen = nil + regex = %r{#{Facter.value(:ipaddress6)}.*?(?:prefixlen)\s*(\d+)}x + + String(Facter::Util::IP.exec_ifconfig(['2>/dev/null'])).split(/\n/).collect do |line| + matches = line.match(regex) + prefixlen = matches[1] if matches + end + + netmask6(prefixlen) if prefixlen + end + end +end diff --git a/lib/puppet/parser/functions/extract_id.rb b/lib/puppet/parser/functions/extract_id.rb new file mode 100644 index 0000000..61734ab --- /dev/null +++ b/lib/puppet/parser/functions/extract_id.rb @@ -0,0 +1,14 @@ +# Custom function to extract the index from a list. +# The list are a list of hostname, and the index is the n'th +# position of the host in list +module Puppet::Parser::Functions + newfunction(:extract_id, :type => :rvalue) do |argv| + hosts = argv[0] + if hosts.class != Array + hosts = [hosts] + end + hostname = argv[1] + hash = Hash[hosts.map.with_index.to_a] + return hash[hostname].to_i + 1 + end +end diff --git a/lib/puppet/parser/functions/interface_for_ip.rb b/lib/puppet/parser/functions/interface_for_ip.rb index 1c67120..fd68be0 100644 --- a/lib/puppet/parser/functions/interface_for_ip.rb +++ b/lib/puppet/parser/functions/interface_for_ip.rb @@ -8,25 +8,31 @@ module Puppet::Parser::Functions newfunction(:interface_for_ip, :type => :rvalue, :doc => "Find the bind IP address for the provided subnet.") do |arg| if arg[0].class == String begin - ip_to_find = arg[0] + ip1 = IPAddr.new(arg[0]) Dir.foreach('/sys/class/net/') do |interface| - next if interface == '.' or interface == '..' + next if interface == '.' || interface == '..' iface_no_dash = interface.gsub('-', '_') - interface_ip = lookupvar("ipaddress_#{iface_no_dash}") - netmask = lookupvar("netmask_#{iface_no_dash}") - if not interface_ip.nil? then - ip1=IPAddr.new(interface_ip) - ip2=IPAddr.new(ip_to_find) - if ip1.mask(netmask) == ip2.mask(netmask) then - return interface - end + + if ip1.ipv4? + ipaddress_name = "ipaddress_#{iface_no_dash}" + netmask_name = "netmask_#{iface_no_dash}" + else + ipaddress_name = "ipaddress6_#{iface_no_dash}" + netmask_name = "netmask6_#{iface_no_dash}" + end + + interface_ip = lookupvar(ipaddress_name) + netmask = lookupvar(netmask_name) + unless interface_ip.nil? then + ip2 = IPAddr.new(interface_ip) + return interface if ip1.mask(netmask) == ip2.mask(netmask) end end - rescue JSON::ParserError - raise Puppet::ParseError, "Syntax error: #{arg[0]} is invalid" + rescue IPAddr::InvalidAddressError => e + raise Puppet::ParseError, "#{e}: #{arg[0]}" end else - raise Puppet::ParseError, "Syntax error: #{arg[0]} is not a String" + raise Puppet::ParseError, "Syntax error: #{arg[0]} must be a String" end return '' end diff --git a/lib/puppet/parser/functions/list_to_zookeeper_hash.rb b/lib/puppet/parser/functions/list_to_zookeeper_hash.rb new file mode 100644 index 0000000..814326e --- /dev/null +++ b/lib/puppet/parser/functions/list_to_zookeeper_hash.rb @@ -0,0 +1,24 @@ +# Custom function to convert a list of ips to a map +# like {'ip' => xxx.xxx.xxx.xxx }. This function is needed +# because a not-so-good design of the puppet-midonet module +# and we hope to deprecate it soon. + +module Puppet::Parser::Functions + newfunction(:list_to_zookeeper_hash, :type => :rvalue, :doc => <<-EOS + This function returns Zookeper configuration list of hash + EOS + ) do |argv| + zk_list = argv[0] + if zk_list.class != Array + zk_list = [zk_list] + end + result = Array.new + zk_list.each do |zk_ip| + zk_map = Hash.new + zk_map['ip'] = zk_ip + zk_map['port'] = 2181 + result.push(zk_map) + end + return result + end +end diff --git a/manifests/cluster/cassandra.pp b/manifests/cluster/cassandra.pp new file mode 100644 index 0000000..b20926b --- /dev/null +++ b/manifests/cluster/cassandra.pp @@ -0,0 +1,73 @@ +# +# Copyright (C) 2015 Midokura SARL +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::cluster::cassandra +# +# Deploys a cassandra service that belongs to a cluster. Uses puppet-cassandra +# +# == Parameters: +# +# [*cassandra_servers*] +# (required) All the IP addresses of the cassandra cluster. +# Array of strings value. +# +# [*cassandra_ip*] +# (required) IP address of the current host. +# String value +# +# [*storage_port*] +# (optional) Inter-node cluster communication port. +# Defaults to 7000. +# +# [*ssl_storage_port*] +# (optional) SSL Inter-node cluster communication port. +# Defaults to 7001. +# +# [*client_port*] +# (optional) Cassandra client port. +# Defaults to 9042. +# +# [*client_port_thrift*] +# (optional) Cassandra client port thrift. +# Defaults to 9160. +# +class tripleo::cluster::cassandra( + $cassandra_servers, + $cassandra_ip, + $storage_port = '7000', + $ssl_storage_port = '7001', + $client_port = '9042', + $client_port_thrift = '9160' +) +{ + + # TODO: Remove this comment once we can guarantee that all the distros + # deploying TripleO use Puppet > 3.7 because of this bug: + # https://tickets.puppetlabs.com/browse/PUP-1299 + # + # validate_array($cassandra_servers) + validate_ipv4_address($cassandra_ip) + + class {'::cassandra': + cluster_name => 'TripleO', + seeds => $cassandra_servers, + listen_address => $cassandra_ip, + storage_port => $storage_port, + ssl_storage_port => $ssl_storage_port, + native_transport_port => $client_port, + rpc_port => $client_port_thrift + } + +} diff --git a/manifests/cluster/zookeeper.pp b/manifests/cluster/zookeeper.pp new file mode 100644 index 0000000..82d21ee --- /dev/null +++ b/manifests/cluster/zookeeper.pp @@ -0,0 +1,69 @@ +# +# Copyright (C) 2015 Midokura SARL +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::cluster::zookeeper +# +# Deploys a zookeeper service that belongs to a cluster. Uses deric-zookeeper +# +# == Parameters: +# +# [*zookeeper_server_ips*] +# (required) List of IP addresses of the zookeeper cluster. +# Arrays of strings value. +# +# [*zookeeper_client_ip*] +# (required) IP address of the host where zookeeper will listen IP addresses. +# String (IPv4) value. +# +# [*zookeeper_hostnames*] +# (required) List of hostnames of the zookeeper cluster. The hostname of the +# node will be used to define the ID of the zookeeper configuration +# Array of strings value. +# + +class tripleo::cluster::zookeeper( + $zookeeper_server_ips, + $zookeeper_client_ip, + $zookeeper_hostnames +) +{ + # TODO: Remove comments below once we can guarantee that all the distros + # deploying TripleO use Puppet > 3.7 because of this bug: + # https://tickets.puppetlabs.com/browse/PUP-1299 + + # validate_array($zookeeper_server_ips) + validate_ipv4_address($zookeeper_client_ip) + # validate_array($zookeeper_hostnames) + + # TODO(devvesa) Zookeeper package should provide these paths, + # remove this lines as soon as it will. + file {['/usr/lib', '/usr/lib/zookeeper', '/usr/lib/zookeeper/bin/']: + ensure => directory + } + + file {'/usr/lib/zookeeper/bin/zkEnv.sh': + ensure => link, + target => '/usr/libexec/zkEnv.sh' + } + + class {'::zookeeper': + servers => $zookeeper_server_ips, + client_ip => $zookeeper_client_ip, + id => extract_id($zookeeper_hostnames, $::hostname), + cfg_dir => '/etc/zookeeper/conf', + } + + File['/usr/lib/zookeeper/bin/zkEnv.sh'] -> Class['::zookeeper'] +} diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp index ec38c5c..5308a01 100644 --- a/manifests/loadbalancer.pp +++ b/manifests/loadbalancer.pp @@ -35,6 +35,10 @@ # The value to use as maxconn in the haproxy default config section. # Defaults to 4096 # +# [*haproxy_default_timeout*] +# The value to use as timeout in the haproxy default config section. +# Defaults to [ 'http-request 10s', 'queue 1m', 'connect 10s', 'client 1m', 'server 1m', 'check 10s' ] +# # [*haproxy_log_address*] # The IPv4, IPv6 or filesystem socket path of the syslog server. # Defaults to '/dev/log' @@ -133,6 +137,15 @@ # [*aodh_certificate*] # Filename of an HAProxy-compatible certificate and key file # When set, enables SSL on the Aodh public API endpoint using the specified file. +# +# [*sahara_certificate*] +# Filename of an HAProxy-compatible certificate and key file +# When set, enables SSL on the Sahara public API endpoint using the specified file. +# Defaults to undef +# +# [*trove_certificate*] +# Filename of an HAProxy-compatible certificate and key file +# When set, enables SSL on the Trove public API endpoint using the specified file. # Defaults to undef # # [*gnocchi_certificate*] @@ -180,6 +193,14 @@ # (optional) Enable or not Manila API binding # Defaults to false # +# [*sahara*] +# (optional) Enable or not Sahara API binding +# defaults to false +# +# [*trove*] +# (optional) Enable or not Trove API binding +# defaults to false +# # [*glance_api*] # (optional) Enable or not Glance API binding # Defaults to false @@ -256,6 +277,10 @@ # (optional) Enable or not Redis binding # Defaults to false # +# [*midonet_api*] +# (optional) Enable or not MidoNet API binding +# Defaults to false +# class tripleo::loadbalancer ( $controller_virtual_ip, $control_virtual_interface, @@ -268,6 +293,7 @@ class tripleo::loadbalancer ( $haproxy_service_manage = true, $haproxy_global_maxconn = 20480, $haproxy_default_maxconn = 4096, + $haproxy_default_timeout = [ 'http-request 10s', 'queue 1m', 'connect 10s', 'client 1m', 'server 1m', 'check 10s' ], $haproxy_log_address = '/dev/log', $controller_host = undef, $controller_hosts = undef, @@ -276,6 +302,8 @@ class tripleo::loadbalancer ( $keystone_certificate = undef, $neutron_certificate = undef, $cinder_certificate = undef, + $sahara_certificate = undef, + $trove_certificate = undef, $manila_certificate = undef, $glance_certificate = undef, $nova_certificate = undef, @@ -290,6 +318,8 @@ class tripleo::loadbalancer ( $keystone_public = false, $neutron = false, $cinder = false, + $sahara = false, + $trove = false, $manila = false, $glance_api = false, $glance_registry = false, @@ -310,6 +340,7 @@ class tripleo::loadbalancer ( $mysql_clustercheck = false, $rabbitmq = false, $redis = false, + $midonet_api = false, ) { if !$controller_host and !$controller_hosts { @@ -423,6 +454,16 @@ class tripleo::loadbalancer ( } else { $cinder_bind_certificate = $service_certificate } + if $sahara_certificate { + $sahara_bind_certificate = $sahara_certificate + } else { + $sahara_bind_certificate = $service_certificate + } + if $trove_certificate { + $trove_bind_certificate = $trove_certificate + } else { + $trove_bind_certificate = $trove_certificate + } if $manila_certificate { $manila_bind_certificate = $manila_certificate } else { @@ -548,6 +589,32 @@ class tripleo::loadbalancer ( } } + $sahara_api_vip = hiera('sahara_api_vip', $controller_virtual_ip) + if $sahara_bind_certificate { + $sahara_bind_opts = { + "${sahara_api_vip}:8386" => [], + "${public_virtual_ip}:13786" => ['ssl', 'crt', $sahara_bind_certificate], + } + } else { + $sahara_bind_opts = { + "${sahara_api_vip}:8386" => [], + "${public_virtual_ip}:8386" => [], + } + } + + $trove_api_vip = hiera('$trove_api_vip', $controller_virtual_ip) + if $trove_bind_certificate { + $trove_bind_opts = { + "${trove_api_vip}:8779" => [], + "${public_virtual_ip}:13779" => ['ssl', 'crt', $trove_bind_certificate], + } + } else { + $trove_bind_opts = { + "${trove_api_vip}:8779" => [], + "${public_virtual_ip}:8779" => [], + } + } + $nova_api_vip = hiera('nova_api_vip', $controller_virtual_ip) if $nova_bind_certificate { $nova_osapi_bind_opts = { @@ -637,6 +704,7 @@ class tripleo::loadbalancer ( } $heat_options = { 'rsprep' => "^Location:\\ http://${public_virtual_ip}(.*) Location:\\ https://${public_virtual_ip}\\1", + 'http-request' => ['set-header X-Forwarded-Proto https if { ssl_fc }'], } $heat_cw_bind_opts = { "${heat_api_vip}:8003" => [], @@ -704,7 +772,7 @@ class tripleo::loadbalancer ( 'mode' => 'tcp', 'log' => 'global', 'retries' => '3', - 'timeout' => [ 'http-request 10s', 'queue 1m', 'connect 10s', 'client 1m', 'server 1m', 'check 10s' ], + 'timeout' => $haproxy_default_timeout, 'maxconn' => $haproxy_default_maxconn, }, } @@ -743,6 +811,10 @@ class tripleo::loadbalancer ( haproxy::listen { 'keystone_public': bind => $keystone_public_bind_opts, collect_exported => false, + mode => 'http', # Needed for http-request option + options => { + 'http-request' => ['set-header X-Forwarded-Proto https if { ssl_fc }'], + }, } haproxy::balancermember { 'keystone_public': listening_service => 'keystone_public', @@ -771,6 +843,10 @@ class tripleo::loadbalancer ( haproxy::listen { 'cinder': bind => $cinder_bind_opts, collect_exported => false, + mode => 'http', # Needed for http-request option + options => { + 'http-request' => ['set-header X-Forwarded-Proto https if { ssl_fc }'], + }, } haproxy::balancermember { 'cinder': listening_service => 'cinder', @@ -795,6 +871,34 @@ class tripleo::loadbalancer ( } } + if $sahara { + haproxy::listen { 'sahara': + bind => $sahara_bind_opts, + collect_exported => false, + } + haproxy::balancermember { 'sahara': + listening_service => 'sahara', + ports => '8386', + ipaddresses => hiera('sahara_api_node_ips', $controller_hosts_real), + server_names => $controller_hosts_names_real, + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $trove { + haproxy::listen { 'trove': + bind => $trove_bind_opts, + collect_exported => false, + } + haproxy::balancermember { 'trove': + listening_service => 'trove', + ports => '8779', + ipaddresses => hiera('trove_api_node_ips', $controller_hosts_real), + server_names => $controller_hosts_names_real, + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + if $glance_api { haproxy::listen { 'glance_api': bind => $glance_bind_opts, @@ -842,6 +946,10 @@ class tripleo::loadbalancer ( haproxy::listen { 'nova_osapi': bind => $nova_osapi_bind_opts, collect_exported => false, + mode => 'http', + options => { + 'http-request' => ['set-header X-Forwarded-Proto https if { ssl_fc }'], + }, } haproxy::balancermember { 'nova_osapi': listening_service => 'nova_osapi', @@ -872,6 +980,7 @@ class tripleo::loadbalancer ( bind => $nova_novnc_bind_opts, options => { 'balance' => 'source', + 'timeout' => [ 'tunnel 1h' ], }, collect_exported => false, } @@ -998,21 +1107,23 @@ class tripleo::loadbalancer ( ports => '80', ipaddresses => hiera('horizon_node_ips', $controller_hosts_real), server_names => $controller_hosts_names_real, - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + options => ["cookie ${::hostname}", 'check', 'inter 2000', 'rise 2', 'fall 5'], } } if $mysql_clustercheck { $mysql_listen_options = { - 'option' => [ 'tcpka', 'httpchk' ], - 'timeout' => [ 'client 0', 'server 0' ], - 'stick-table' => 'type ip size 1000', - 'stick' => 'on dst', + 'option' => [ 'tcpka', 'httpchk' ], + 'timeout client' => '90m', + 'timeout server' => '90m', + 'stick-table' => 'type ip size 1000', + 'stick' => 'on dst', } $mysql_member_options = ['check', 'inter 2000', 'rise 2', 'fall 5', 'backup', 'port 9200', 'on-marked-down shutdown-sessions'] } else { $mysql_listen_options = { - 'timeout' => [ 'client 0', 'server 0' ], + 'timeout client' => '90m', + 'timeout server' => '90m', } $mysql_member_options = ['check', 'inter 2000', 'rise 2', 'fall 5', 'backup'] } @@ -1087,4 +1198,23 @@ class tripleo::loadbalancer ( } } + $midonet_api_vip = hiera('midonet_api_vip', $controller_virtual_ip) + $midonet_bind_opts = { + "${midonet_api_vip}:8081" => [], + "${public_virtual_ip}:8081" => [], + } + + if $midonet_api { + haproxy::listen { 'midonet_api': + bind => $midonet_bind_opts, + collect_exported => false, + } + haproxy::balancermember { 'midonet_api': + listening_service => 'midonet_api', + ports => '8081', + ipaddresses => hiera('midonet_api_node_ips', $controller_hosts_real), + server_names => $controller_hosts_names_real, + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } } diff --git a/manifests/network/midonet/agent.pp b/manifests/network/midonet/agent.pp new file mode 100644 index 0000000..0e65282 --- /dev/null +++ b/manifests/network/midonet/agent.pp @@ -0,0 +1,66 @@ +# +# Copyright (C) 2015 Midokura SARL +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::network::midonet::agent +# +# Configure the midonet agent +# +# == Parameters: +# +# [*zookeeper_servers*] +# (required) List of IPs of the zookeeper server cluster. It will configure +# the connection using the 2181 port. +# Array of strings value. +# +# [*cassandra_seeds*] +# (required) List of IPs of the cassandra cluster. +# Array of strings value. +# +class tripleo::network::midonet::agent ( + $zookeeper_servers, + $cassandra_seeds +) { + + # TODO: Remove comments below once we can guarantee that all the distros + # deploying TripleO use Puppet > 3.7 because of this bug: + # https://tickets.puppetlabs.com/browse/PUP-1299 + + # validate_array($zookeeper_servers) + # validate_array($cassandra_seeds) + + + # FIXME: This statement should be controlled by hiera on heat templates + # project + # Make sure openvswitch service is not running + service {'openvswitch': + ensure => stopped, + enable => false + } + + exec {'delete datapaths': + command => '/usr/bin/mm-dpctl --delete-dp ovs-system', + path => '/usr/bin:/usr/sbin:/bin', + onlyif => '/usr/bin/mm-dpctl --show-dp ovs-system' + } + + # Configure and run the agent + class {'::midonet::midonet_agent': + zk_servers => list_to_zookeeper_hash($zookeeper_servers), + cassandra_seeds => $cassandra_seeds + } + + Service['openvswitch'] -> Class['::midonet::midonet_agent::run'] + Exec['delete datapaths'] -> Class['::midonet::midonet_agent::run'] +} diff --git a/manifests/network/midonet/api.pp b/manifests/network/midonet/api.pp new file mode 100644 index 0000000..83efd2c --- /dev/null +++ b/manifests/network/midonet/api.pp @@ -0,0 +1,122 @@ +# +# Copyright (C) 2015 Midokura SARL +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::network::midonet::api +# +# Configure the MidoNet API +# +# == Parameters: +# +# [*zookeeper_servers*] +# (required) List IPs of the zookeeper server cluster. Zookeeper is the +# backend database where MidoNet stores the virtual network topology. +# Array of strings value. +# +# [*vip*] +# (required) Public Virtual IP where the API will be exposed. +# String (IPv4) value. +# +# [*keystone_ip*] +# (required) MidoNet API is registered as an OpenStack service. Provide the +# keystone ip address. +# String (IPv4) value. +# +# [*keystone_admin_token*] +# (required) MidoNet API is registered as an OpenStack service. It needs the +# keystone admin token to perform some admin calls. +# String value. +# +# [*bind_address*] +# (required) MidoNet API uses a Tomcat instance to offer the REST service. The +# ip address where to bind the tomcat service. +# String (IPv4) value. +# +# [*admin_password*] +# (required) OpenStack admin user password. +# String value. +# +# [*keystone_port*] +# (optional) MidoNet API is registered as an OpenStack service. Provide +# the keystone port. +# Defaults to 35357 +# +# [*keystone_tenant_name*] +# (optional) Tenant of the keystone service. +# Defaults to 'admin' +# +# [*admin_user_name*] +# (optional) OpenStack admin user name. +# Defaults to 'admin' +# +# [*admin_tenant_name*] +# (optional). OpenStack admin tenant name. +# Defaults to 'admin' +# + +class tripleo::network::midonet::api( + $zookeeper_servers, + $vip, + $keystone_ip, + $keystone_admin_token, + $bind_address, + $admin_password, + $keystone_port = 35357, + $keystone_tenant_name = 'admin', + $admin_user_name = 'admin', + $admin_tenant_name = 'admin' +) +{ + + # TODO: Remove this comment once we can guarantee that all the distros + # deploying TripleO use Puppet > 3.7 because of this bug: + # https://tickets.puppetlabs.com/browse/PUP-1299 + + # validate_array($zookeeper_servers) + validate_ip_address($vip) + validate_ip_address($keystone_ip) + validate_ip_address($bind_address) + + # Run Tomcat and MidoNet API + class {'::tomcat': + install_from_source => false + } -> + + package {'midonet-api': + ensure => present + } -> + + class {'::midonet::midonet_api::run': + zk_servers => list_to_zookeeper_hash($zookeeper_servers), + keystone_auth => true, + tomcat_package => 'tomcat', + vtep => false, + api_ip => $vip, + api_port => '8081', + keystone_host => $keystone_ip, + keystone_port => $keystone_port, + keystone_admin_token => $keystone_admin_token, + keystone_tenant_name => $keystone_tenant_name, + catalina_base => '/usr/share/tomcat', + bind_address => $bind_address + } + + # Configure the CLI + class {'::midonet::midonet_cli': + api_endpoint => "http://${vip}:8081/midonet-api", + username => $admin_user_name, + password => $admin_password, + tenant_name => $admin_tenant_name + } +} diff --git a/manifests/packages.pp b/manifests/packages.pp index ac11efd..c0971e9 100644 --- a/manifests/packages.pp +++ b/manifests/packages.pp @@ -45,7 +45,26 @@ class tripleo::packages ( if $enable_upgrade { Package <| |> { ensure => 'latest' } + + case $::osfamily { + 'RedHat': { + $pkg_upgrade_cmd = 'yum -y update' + } + default: { + warning('Please specify a package upgrade command for distribution.') + } + } + + exec { 'package-upgrade': + command => $pkg_upgrade_cmd, + path => '/usr/bin', + } + # A resource chain to ensure the upgrade ordering we want: + # 1) upgrade puppet managed packages (will trigger puppet dependencies) + # 2) then upgrade all packages via exec + # 3) then restart services + Package <| |> -> Exec['package-upgrade'] -> Service <| |> + } } - diff --git a/manifests/ssl/cinder_config.pp b/manifests/ssl/cinder_config.pp new file mode 100644 index 0000000..e1ed113 --- /dev/null +++ b/manifests/ssl/cinder_config.pp @@ -0,0 +1,28 @@ +# Copyright 2016 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# == Class: tripleo::ssl::cinder_config +# +# Enable SSL middleware for the cinder service's pipeline. +# + +class tripleo::ssl::cinder_config { + cinder_api_paste_ini { + 'filter:ssl_header_handler/paste.filter_factory': + value => 'oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory'; + 'pipeline:apiversions/pipeline': + value => 'ssl_header_handler faultwrap osvolumeversionapp'; + } +} diff --git a/spec/classes/tripleo_cluster_cassandra_spec.rb b/spec/classes/tripleo_cluster_cassandra_spec.rb new file mode 100644 index 0000000..13be98e --- /dev/null +++ b/spec/classes/tripleo_cluster_cassandra_spec.rb @@ -0,0 +1,54 @@ +# +# Copyright (C) 2015 Midokura SARL +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Unit tests for the cassandra service + +require 'spec_helper' + +describe 'tripleo::cluster::cassandra' do + + shared_examples_for 'cassandra cluster service' do + + let :facts do + { + :hostname => 'host1.midonet', + :osfamily => 'RedHat', + :operatingsystemmajrelease => 7, + } + end + + let :params do + { + :cassandra_servers => ['192.168.2.2', '192.168.2.3'], + :cassandra_ip => '192.168.2.2' + } + end + + it 'should configure cassandra' do + is_expected.to contain_class('cassandra').with( + :seeds => ['192.168.2.2', '192.168.2.3'], + :listen_address => '192.168.2.2', + :storage_port => 7000, + :ssl_storage_port => 7001, + :native_transport_port => 9042, + :rpc_port => 9160 + ) + + end + end + + it_configures 'cassandra cluster service' + +end diff --git a/spec/classes/tripleo_cluster_zookeeper_spec.rb b/spec/classes/tripleo_cluster_zookeeper_spec.rb new file mode 100644 index 0000000..ed46164 --- /dev/null +++ b/spec/classes/tripleo_cluster_zookeeper_spec.rb @@ -0,0 +1,115 @@ +# +# Copyright (C) 2015 Midokura SARL +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Unit tests for the zookeeper service + +require 'spec_helper' + +describe 'tripleo::cluster::zookeeper' do + + let :default_params do + { + :zookeeper_server_ips => ['23.43.2.34', '23.43.2.35', '24.43.2.36'], + :zookeeper_hostnames => ['host1.midonet', 'host2.midonet', 'host3.midonet'] + } + end + + context 'on host1' do + let :facts do + { + :hostname => 'host1.midonet', + :osfamily => 'RedHat', + :operatingsystemmajrelease => 7, + } + end + + let :params do + { + :zookeeper_client_ip => '23.43.2.34' + } + end + + before do + params.merge!(default_params) + end + + it 'should call zookeeper using id==1' do + is_expected.to contain_class('zookeeper').with( + :servers => ['23.43.2.34', '23.43.2.35', '24.43.2.36'], + :client_ip => '23.43.2.34', + :id => 1 + ) + end + + end + + context 'on host2' do + let :facts do + { + :hostname => 'host2.midonet', + :osfamily => 'RedHat', + :operatingsystemmajrelease => 7, + } + end + + let :params do + { + :zookeeper_client_ip => '23.43.2.35' + } + end + + before do + params.merge!(default_params) + end + + it 'should call zookeeper using id==1' do + is_expected.to contain_class('zookeeper').with( + :servers => ['23.43.2.34', '23.43.2.35', '24.43.2.36'], + :client_ip => '23.43.2.35', + :id => 2 + ) + end + end + + context 'on host3' do + let :facts do + { + :hostname => 'host3.midonet', + :osfamily => 'RedHat', + :operatingsystemmajrelease => 7, + } + end + + let :params do + { + :zookeeper_client_ip => '23.43.2.36' + } + end + + before do + params.merge!(default_params) + end + + it 'should call zookeeper using id==1' do + is_expected.to contain_class('zookeeper').with( + :servers => ['23.43.2.34', '23.43.2.35', '24.43.2.36'], + :client_ip => '23.43.2.36', + :id => 3 + ) + end + + end + +end diff --git a/spec/classes/tripleo_firewall_spec.rb b/spec/classes/tripleo_firewall_spec.rb index c1249b9..7d1d1ec 100644 --- a/spec/classes/tripleo_firewall_spec.rb +++ b/spec/classes/tripleo_firewall_spec.rb @@ -105,7 +105,10 @@ describe 'tripleo::firewall' do context 'on RedHat platforms' do let :facts do - { :osfamily => 'RedHat' } + { + :osfamily => 'RedHat', + :operatingsystemrelease => '7.1', + } end it_configures 'tripleo node' diff --git a/spec/classes/tripleo_midonet_agent_spec.rb b/spec/classes/tripleo_midonet_agent_spec.rb new file mode 100644 index 0000000..eb3abfe --- /dev/null +++ b/spec/classes/tripleo_midonet_agent_spec.rb @@ -0,0 +1,62 @@ +# +# Copyright (C) 2015 Midokura SARL +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Unit tests for the midonet agent + +require 'spec_helper' + +describe 'tripleo::network::midonet::agent' do + + let :facts do + { + :hostname => 'host2.midonet', + :osfamily => 'RedHat', + :operatingsystem => 'CentOS', + :operatingsystemrelease => '7.1', + :operatingsystemmajrelease => 7, + } + end + + shared_examples_for 'midonet agent test' do + + let :params do + { + :zookeeper_servers => ['192.168.2.2', '192.168.2.3'], + :cassandra_seeds => ['192.168.2.2', '192.168.2.3'] + } + end + + it 'should stop openvswitch' do + is_expected.to contain_service('openvswitch').with( + :ensure => 'stopped', + :enable => false + ) + end + + it 'should run the agent with a list of maps' do + is_expected.to contain_class('midonet::midonet_agent').with( + :zk_servers => [{'ip' => '192.168.2.2', + 'port' => 2181}, + {'ip' => '192.168.2.3', + 'port' => 2181}], + :cassandra_seeds => ['192.168.2.2','192.168.2.3'] + ) + end + end + + it_configures 'midonet agent test' + + +end diff --git a/spec/classes/tripleo_midonet_api_spec.rb b/spec/classes/tripleo_midonet_api_spec.rb new file mode 100644 index 0000000..4b47294 --- /dev/null +++ b/spec/classes/tripleo_midonet_api_spec.rb @@ -0,0 +1,72 @@ +# +# Copyright (C) 2015 Midokura SARL +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Unit tests for the midonet api + +require 'spec_helper' + +describe 'tripleo::network::midonet::api' do + + let :facts do + { + :augeasversion => '1.0.0' + } + end + + shared_examples_for 'midonet api test' do + + let :params do + { + :zookeeper_servers => ['192.168.2.1', '192.168.2.2'], + :vip => '192.23.0.2', + :keystone_ip => '192.23.0.2', + :keystone_admin_token => 'admin_token', + :admin_password => 'admin_password', + :bind_address => '192.23.0.65' + } + end + + it 'should call api configuration' do + is_expected.to contain_class('midonet::midonet_api::run').with( + :zk_servers => [{'ip' => '192.168.2.1', 'port' => 2181}, + {'ip' => '192.168.2.2', 'port' => 2181}], + :keystone_auth => true, + :tomcat_package => 'tomcat', + :vtep => false, + :api_ip => '192.23.0.2', + :api_port => '8081', + :keystone_host => '192.23.0.2', + :keystone_port => 35357, + :keystone_admin_token => 'admin_token', + :keystone_tenant_name => 'admin', + :catalina_base => '/usr/share/tomcat', + :bind_address => '192.23.0.65' + ) + end + + it 'should install the cli' do + is_expected.to contain_class('midonet::midonet_cli').with( + :api_endpoint => 'http://192.23.0.2:8081/midonet-api', + :username => 'admin', + :password => 'admin_password', + :tenant_name => 'admin' + ) + end + + end + + it_configures 'midonet api test' + +end diff --git a/spec/classes/tripleo_packages_spec.rb b/spec/classes/tripleo_packages_spec.rb new file mode 100644 index 0000000..55a135b --- /dev/null +++ b/spec/classes/tripleo_packages_spec.rb @@ -0,0 +1,52 @@ +# +# Copyright (C) 2015 Red Hat Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +require 'spec_helper' + +describe 'tripleo::packages' do + + shared_examples_for 'Red Hat distributions' do + + let :pre_condition do + " + package{'nova-compute': ensure => present} + service{'nova-compute': ensure => 'running'} + " + end + + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemmajrelease => 7, + } + end + + let :params do + { + :enable_upgrade => true + } + end + + it 'should contain correct upgrade ordering' do + is_expected.to contain_package('nova-compute').that_comes_before('Exec[package-upgrade]') + is_expected.to contain_exec('package-upgrade').that_comes_before('Service[nova-compute]') + is_expected.to contain_exec('package-upgrade').with(:command => 'yum -y update') + end + + end + + it_configures 'Red Hat distributions' + +end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 700be6a..15d5eab 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,10 +1,13 @@ require 'puppetlabs_spec_helper/module_spec_helper' require 'shared_examples' -require 'webmock/rspec' + +fixture_path = File.expand_path(File.join(__FILE__, '..', 'fixtures')) RSpec.configure do |c| c.alias_it_should_behave_like_to :it_configures, 'configures' c.alias_it_should_behave_like_to :it_raises, 'raises' + c.module_path = File.join(fixture_path, 'modules') + c.manifest_dir = File.join(fixture_path, 'manifests') c.default_facts = { :kernel => 'Linux', |