diff options
24 files changed, 782 insertions, 59 deletions
diff --git a/Puppetfile_extras b/Puppetfile_extras index b9f664f..ce158e4 100644 --- a/Puppetfile_extras +++ b/Puppetfile_extras @@ -29,3 +29,6 @@ mod 'datacat', :git => 'https://github.com/richardc/puppet-datacat', :ref => '0.6.2' +mod 'etcd', + :git => 'https://github.com/cristifalcas/puppet-etcd', + :ref => '1.10.0'
\ No newline at end of file diff --git a/lib/puppet/parser/functions/noop_resource.rb b/lib/puppet/parser/functions/noop_resource.rb new file mode 100644 index 0000000..921eb5d --- /dev/null +++ b/lib/puppet/parser/functions/noop_resource.rb @@ -0,0 +1,53 @@ +# Copyright 2017 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Author: Dan Prince <dprince@redhat.com> +# +# A function to create noop providers (set as the default) for the named +# resource. This works alongside of 'puppet apply --tags' to disable +# some custom resource types that still attempt to run commands during +# prefetch, etc. +class Puppet::Provider::Noop < Puppet::Provider + + def create + true + end + + def destroy + true + end + + def exists? + false + end + + # some puppet-keystone resources require this + def self.resource_to_name(domain, name, check_for_default = true) + return name + end + +end + +module Puppet::Parser::Functions + newfunction(:noop_resource, :type => :rvalue, :doc => "Create a default noop provider for the specified resource.") do |arg| + if arg[0].class == String + Puppet::Type.type(arg[0].downcase.to_sym).provide(:noop, :parent => Puppet::Provider::Noop) do + defaultfor :osfamily => :redhat + end + else + end + return true + end +end diff --git a/lib/puppet/provider/package/norpm.rb b/lib/puppet/provider/package/norpm.rb index 0145d9f..0764265 100644 --- a/lib/puppet/provider/package/norpm.rb +++ b/lib/puppet/provider/package/norpm.rb @@ -33,6 +33,10 @@ Puppet::Type.type(:package).provide :norpm, :source => :rpm, :parent => :rpm do true end + def purge + true + end + def self.instances return [] end diff --git a/manifests/certmonger/mysql.pp b/manifests/certmonger/mysql.pp index 62aff9a..9cb6b13 100644 --- a/manifests/certmonger/mysql.pp +++ b/manifests/certmonger/mysql.pp @@ -31,11 +31,6 @@ # (Optional) The CA that certmonger will use to generate the certificates. # Defaults to hiera('certmonger_ca', 'local'). # -# [*mysql_network*] -# (Optional) The network name where the mysql endpoint is listening on. -# This is set by t-h-t. -# Defaults to hiera('mysql_network', undef) -# # [*principal*] # (Optional) The haproxy service principal that is set for MySQL in kerberos. # Defaults to undef @@ -45,16 +40,11 @@ class tripleo::certmonger::mysql ( $service_certificate, $service_key, $certmonger_ca = hiera('certmonger_ca', 'local'), - $mysql_network = hiera('mysql_network', undef), $principal = undef, ) { include ::certmonger include ::mysql::params - if !$mysql_network { - fail('mysql_network is not set in the hieradata.') - } - $postsave_cmd = "systemctl reload ${::mysql::params::service_name}" certmonger_certificate { 'mysql' : ensure => 'present', diff --git a/manifests/fencing.pp b/manifests/fencing.pp index 55280a9..fa8c2e5 100644 --- a/manifests/fencing.pp +++ b/manifests/fencing.pp @@ -59,4 +59,7 @@ class tripleo::fencing( $ipmilan_devices = local_fence_devices('fence_ipmilan', $all_devices) create_resources('pacemaker::stonith::fence_ipmilan', $ipmilan_devices, $common_params) + + $ironic_devices = local_fence_devices('fence_ironic', $all_devices) + create_resources('pacemaker::stonith::fence_ironic', $ironic_devices, $common_params) } diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index cc21e37..4bbe1d6 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -159,10 +159,6 @@ # (optional) Enable or not Glance API binding # Defaults to hiera('glance_api_enabled', false) # -# [*glance_registry*] -# (optional) Enable or not Glance registry binding -# Defaults to hiera('glance_registry_enabled', false) -# # [*nova_osapi*] # (optional) Enable or not Nova API binding # Defaults to hiera('nova_api_enabled', false) @@ -179,6 +175,14 @@ # (optional) Enable or not Nova novncproxy binding # Defaults to hiera('nova_vnc_proxy_enabled', false) # +# [*ec2_api*] +# (optional) Enable or not EC2 API binding +# Defaults to hiera('ec2_api_enabled', false) +# +# [*ec2_api_metadata*] +# (optional) Enable or not EC2 API metadata binding +# Defaults to hiera('ec2_api_enabled', false) +# # [*ceilometer*] # (optional) Enable or not Ceilometer API binding # Defaults to hiera('ceilometer_api_enabled', false) @@ -251,6 +255,10 @@ # (optional) Enable or not RabbitMQ binding # Defaults to false # +# [*etcd*] +# (optional) Enable or not Etcd binding +# Defaults to hiera('etcd_enabled', false) +# # [*docker_registry*] # (optional) Enable or not the Docker Registry API binding # Defaults to hiera('enable_docker_registry', false) @@ -320,10 +328,6 @@ # (optional) Specify the network glance_api is running on. # Defaults to hiera('glance_api_network', undef) # -# [*glance_registry_network*] -# (optional) Specify the network glance_registry is running on. -# Defaults to hiera('glance_registry_network', undef) -# # [*gnocchi_network*] # (optional) Specify the network gnocchi is running on. # Defaults to hiera('gnocchi_api_network', undef) @@ -380,6 +384,18 @@ # (optional) Specify the network nova_osapi is running on. # Defaults to hiera('nova_api_network', undef) # +# [*nova_placement_network*] +# (optional) Specify the network nova_placement is running on. +# Defaults to hiera('nova_placement_network', undef) +# +# [*ec2_api_network*] +# (optional) Specify the network ec2_api is running on. +# Defaults to hiera('ec2_api_network', undef) +# +# [*ec2_api_metadata_network*] +# (optional) Specify the network ec2_api_metadata is running on. +# Defaults to hiera('ec2_api_network', undef) +# # [*opendaylight_network*] # (optional) Specify the network opendaylight is running on. # Defaults to hiera('opendaylight_api_network', undef) @@ -423,7 +439,6 @@ # 'docker_registry_ssl_port' (Defaults to 13787) # 'glance_api_port' (Defaults to 9292) # 'glance_api_ssl_port' (Defaults to 13292) -# 'glance_registry_port' (Defaults to 9191) # 'gnocchi_api_port' (Defaults to 8041) # 'gnocchi_api_ssl_port' (Defaults to 13041) # 'mistral_api_port' (Defaults to 8989) @@ -504,11 +519,12 @@ class tripleo::haproxy ( $sahara = hiera('sahara_api_enabled', false), $trove = hiera('trove_api_enabled', false), $glance_api = hiera('glance_api_enabled', false), - $glance_registry = hiera('glance_registry_enabled', false), $nova_osapi = hiera('nova_api_enabled', false), $nova_placement = hiera('nova_placement_enabled', false), $nova_metadata = hiera('nova_api_enabled', false), $nova_novncproxy = hiera('nova_vnc_proxy_enabled', false), + $ec2_api = hiera('ec2_api_enabled', false), + $ec2_api_metadata = hiera('ec2_api_enabled', false), $ceilometer = hiera('ceilometer_api_enabled', false), $aodh = hiera('aodh_api_enabled', false), $panko = hiera('panko_api_enabled', false), @@ -526,6 +542,7 @@ class tripleo::haproxy ( $mysql_clustercheck = false, $mysql_member_options = undef, $rabbitmq = false, + $etcd = hiera('etcd_enabled', false), $docker_registry = hiera('enable_docker_registry', false), $redis = hiera('redis_enabled', false), $redis_password = undef, @@ -543,7 +560,6 @@ class tripleo::haproxy ( $cinder_network = hiera('cinder_api_network', undef), $docker_registry_network = hiera('docker_registry_network', undef), $glance_api_network = hiera('glance_api_network', undef), - $glance_registry_network = hiera('glance_registry_network', undef), $gnocchi_network = hiera('gnocchi_api_network', undef), $heat_api_network = hiera('heat_api_network', undef), $heat_cfn_network = hiera('heat_api_cfn_network', undef), @@ -558,8 +574,11 @@ class tripleo::haproxy ( $nova_metadata_network = hiera('nova_api_network', undef), $nova_novncproxy_network = hiera('nova_vnc_proxy_network', undef), $nova_osapi_network = hiera('nova_api_network', undef), + $nova_placement_network = hiera('nova_placement_network', undef), $panko_network = hiera('panko_api_network', undef), $ovn_dbs_network = hiera('ovn_dbs_network', undef), + $ec2_api_network = hiera('ec2_api_network', undef), + $ec2_api_metadata_network = hiera('ec2_api_network', undef), $sahara_network = hiera('sahara_api_network', undef), $swift_proxy_server_network = hiera('swift_proxy_network', undef), $trove_network = hiera('trove_api_network', undef), @@ -579,7 +598,6 @@ class tripleo::haproxy ( docker_registry_ssl_port => 13787, glance_api_port => 9292, glance_api_ssl_port => 13292, - glance_registry_port => 9191, gnocchi_api_port => 8041, gnocchi_api_ssl_port => 13041, mistral_api_port => 8989, @@ -615,6 +633,9 @@ class tripleo::haproxy ( panko_api_ssl_port => 13779, ovn_nbdb_port => 6641, ovn_sbdb_port => 6642, + ec2_api_port => 8788, + ec2_api_ssl_port => 13788, + ec2_api_metadata_port => 8789, sahara_api_port => 8386, sahara_api_ssl_port => 13386, swift_proxy_port => 8080, @@ -713,6 +734,11 @@ class tripleo::haproxy ( "${redis_vip}:6379" => $haproxy_listen_bind_param, } + $etcd_vip = hiera('etcd_vip', $controller_virtual_ip) + $etcd_bind_opts = { + "${etcd_vip}:2379" => $haproxy_listen_bind_param, + } + class { '::haproxy': service_manage => $haproxy_service_manage, global_options => { @@ -907,16 +933,6 @@ class tripleo::haproxy ( } } - if $glance_registry { - ::tripleo::haproxy::endpoint { 'glance_registry': - internal_ip => hiera('glance_registry_vip', $controller_virtual_ip), - service_port => $ports[glance_registry_port], - ip_addresses => hiera('glance_registry_node_ips', $controller_hosts_real), - server_names => hiera('glance_registry_node_names', $controller_hosts_names_real), - service_network => $glance_registry_network, - } - } - $nova_api_vip = hiera('nova_api_vip', $controller_virtual_ip) if $nova_osapi { ::tripleo::haproxy::endpoint { 'nova_osapi': @@ -952,7 +968,7 @@ class tripleo::haproxy ( 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], }, public_ssl_port => $ports[nova_placement_ssl_port], - service_network => $nova_osapi_network, + service_network => $nova_placement_network, member_options => union($haproxy_member_options, $internal_tls_member_options), } } @@ -983,6 +999,34 @@ class tripleo::haproxy ( } } + if $ec2_api { + ::tripleo::haproxy::endpoint { 'ec2_api': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('ec2_api_vip', $controller_virtual_ip), + service_port => $ports[ec2_api_port], + ip_addresses => hiera('ec2_api_node_ips', $controller_hosts_real), + server_names => hiera('ec2_api_node_names', $controller_hosts_names_real), + mode => 'http', + listen_options => { + 'http-request' => [ + 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], + }, + public_ssl_port => $ports[ec2_api_ssl_port], + service_network => $ec2_api_network, + } + } + + if $ec2_api_metadata { + ::tripleo::haproxy::endpoint { 'ec2_api_metadata': + internal_ip => hiera('ec2_api_vip', $controller_virtual_ip), + service_port => $ports[ec2_api_metadata_port], + ip_addresses => hiera('ec2_api_node_ips', $controller_hosts_real), + server_names => hiera('ec2_api_node_names', $controller_hosts_names_real), + service_network => $ec2_api_metadata_network, + } + } + if $ceilometer { ::tripleo::haproxy::endpoint { 'ceilometer': public_virtual_ip => $public_virtual_ip, @@ -1235,6 +1279,15 @@ class tripleo::haproxy ( server_names => hiera('mysql_node_names', $controller_hosts_names_real), options => $mysql_member_options_real, } + if hiera('manage_firewall', true) { + include ::tripleo::firewall + $mysql_firewall_rules = { + '100 mysql_haproxy' => { + 'dport' => 3306, + } + } + create_resources('tripleo::firewall::rule', $mysql_firewall_rules) + } } if $rabbitmq { @@ -1255,6 +1308,23 @@ class tripleo::haproxy ( } } + if $etcd { + haproxy::listen { 'etcd': + bind => $etcd_bind_opts, + options => { + 'balance' => 'source', + }, + collect_exported => false, + } + haproxy::balancermember { 'etcd': + listening_service => 'etcd', + ports => '2379', + ipaddresses => hiera('etcd_node_ips', $controller_hosts_real), + server_names => hiera('etcd_node_names', $controller_hosts_names_real), + options => $haproxy_member_options, + } + } + if $docker_registry { ::tripleo::haproxy::endpoint { 'docker-registry': public_virtual_ip => $public_virtual_ip, @@ -1294,6 +1364,15 @@ class tripleo::haproxy ( server_names => hiera('redis_node_names', $controller_hosts_names_real), options => $haproxy_member_options, } + if hiera('manage_firewall', true) { + include ::tripleo::firewall + $redis_firewall_rules = { + '100 redis_haproxy' => { + 'dport' => 6379, + } + } + create_resources('tripleo::firewall::rule', $redis_firewall_rules) + } } $midonet_cluster_vip = hiera('midonet_cluster_vip', $controller_virtual_ip) diff --git a/manifests/haproxy/endpoint.pp b/manifests/haproxy/endpoint.pp index 2f60b24..da2aba3 100644 --- a/manifests/haproxy/endpoint.pp +++ b/manifests/haproxy/endpoint.pp @@ -36,7 +36,7 @@ # # [*public_virtual_ip*] # Address in which the proxy endpoint will be listening in the public network. -# If this service is internal only this should be ommited. +# If this service is internal only this should be ommitted. # Defaults to undef. # # [*mode*] diff --git a/manifests/profile/base/cinder.pp b/manifests/profile/base/cinder.pp index 6a821f3..6e8fbb2 100644 --- a/manifests/profile/base/cinder.pp +++ b/manifests/profile/base/cinder.pp @@ -57,6 +57,7 @@ class tripleo::profile::base::cinder ( rabbit_hosts => $rabbit_endpoints, } include ::cinder::config + include ::cinder::glance } if $step >= 5 { diff --git a/manifests/profile/base/cinder/api.pp b/manifests/profile/base/cinder/api.pp index 5ea2058..450a8e6 100644 --- a/manifests/profile/base/cinder/api.pp +++ b/manifests/profile/base/cinder/api.pp @@ -94,7 +94,6 @@ class tripleo::profile::base::cinder::api ( ssl_key => $tls_keyfile, } include ::cinder::ceilometer - include ::cinder::glance } } diff --git a/manifests/profile/base/database/mysql.pp b/manifests/profile/base/database/mysql.pp index 1692108..5154464 100644 --- a/manifests/profile/base/database/mysql.pp +++ b/manifests/profile/base/database/mysql.pp @@ -191,6 +191,9 @@ class tripleo::profile::base::database::mysql ( if hiera('panko_api_enabled', false) { include ::panko::db::mysql } + if hiera('ec2_api_enabled', false) { + include ::ec2api::db::mysql + } } } diff --git a/manifests/profile/base/etcd.pp b/manifests/profile/base/etcd.pp new file mode 100644 index 0000000..505e29f --- /dev/null +++ b/manifests/profile/base/etcd.pp @@ -0,0 +1,66 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::etcd +# +# etcd profile for tripleo +# +# === Parameters +# +# [*bind_ip*] +# (optional) IP to bind etcd service to. +# Defaults to '127.0.0.1'. +# +# [*client_port*] +# (optional) etcd client listening port. +# Defaults to '2379'. +# +# [*peer_port*] +# (optional) etcd peer listening port. +# Defaults to '2380'. +# +# [*nodes*] +# (Optional) Array of host(s) for etcd nodes. +# Defaults to hiera('etcd_node_ips', []). +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::etcd ( + $bind_ip = '127.0.0.1', + $client_port = '2379', + $peer_port = '2380', + $nodes = hiera('etcd_node_names', []), + $step = hiera('step'), +) { + if $step >= 1 { + if count($nodes) > 1 { + $cluster_enabled = true + } else { + $cluster_enabled = false + } + + class {'::etcd': + listen_client_urls => "http://${bind_ip}:${client_port}", + advertise_client_urls => "http://${bind_ip}:${client_port}", + listen_peer_urls => "http://${bind_ip}:${peer_port}", + initial_advertise_peer_urls => "http://${bind_ip}:${peer_port}", + initial_cluster => regsubst($nodes, '.+', "\\0=http://\\0:${peer_port}"), + cluster_enabled => $cluster_enabled, + proxy => 'off', + } + } +} diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index a388def..a3a39e9 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -255,6 +255,8 @@ class tripleo::profile::base::keystone ( include ::zaqar::keystone::auth include ::zaqar::keystone::auth_websocket } + if hiera('ec2_api_enabled', false) { + include ::ec2api::keystone::auth + } } } - diff --git a/manifests/profile/base/nova.pp b/manifests/profile/base/nova.pp index dae627c..fe1e6a6 100644 --- a/manifests/profile/base/nova.pp +++ b/manifests/profile/base/nova.pp @@ -110,6 +110,7 @@ class tripleo::profile::base::nova ( } if $step >= 4 { + include ::nova::placement if $manage_migration { class { '::nova::migration::libvirt': configure_libvirt => $libvirt_enabled, diff --git a/manifests/profile/base/nova/ec2api.pp b/manifests/profile/base/nova/ec2api.pp new file mode 100644 index 0000000..f34b071 --- /dev/null +++ b/manifests/profile/base/nova/ec2api.pp @@ -0,0 +1,35 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::nova::ec2api +# +# EC2-compatible Nova API profile for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::nova::ec2api ( + $step = hiera('step') +) { + if $step >= 4 { + include ::ec2api + include ::ec2api::api + include ::ec2api::db::sync + include ::ec2api::metadata + } +} diff --git a/manifests/profile/base/nova/placement.pp b/manifests/profile/base/nova/placement.pp index 7edd4e8..aa8c3c7 100644 --- a/manifests/profile/base/nova/placement.pp +++ b/manifests/profile/base/nova/placement.pp @@ -86,8 +86,6 @@ class tripleo::profile::base::nova::placement ( } if $step >= 4 { - include ::nova::placement - class { '::nova::wsgi::apache_placement': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/octavia.pp b/manifests/profile/base/octavia.pp new file mode 100644 index 0000000..46ca009 --- /dev/null +++ b/manifests/profile/base/octavia.pp @@ -0,0 +1,57 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::octavia +# +# Octavia server profile for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step of the deployment +# Defaults to hiera('step') +# +# [*rabbit_user*] +# [*rabbit_password*] +# (Optional) RabbitMQ user details +# Defaults to undef +# +# [*rabbit_hosts*] +# list of the rabbbit host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*rabbit_port*] +# IP port for rabbitmq service +# Defaults to 5672. +# +class tripleo::profile::base::octavia ( + $step = hiera('step'), + $rabbit_user = undef, + $rabbit_password = undef, + $rabbit_hosts = hiera('rabbitmq_node_names', undef), + $rabbit_port = '5672' +) { + if $step >= 3 { + class { '::octavia' : + default_transport_url => os_transport_url({ + 'transport' => 'rabbit', + 'hosts' => $rabbit_hosts, + 'port' => sprintf('%s', $rabbit_port), + 'username' => $rabbit_user, + 'password' => $rabbit_password + }) + } + include ::octavia::config + } +} diff --git a/manifests/profile/base/glance/registry.pp b/manifests/profile/base/octavia/api.pp index cd40aeb..d457478 100644 --- a/manifests/profile/base/glance/registry.pp +++ b/manifests/profile/base/octavia/api.pp @@ -12,39 +12,43 @@ # License for the specific language governing permissions and limitations # under the License. # -# == Class: tripleo::profile::base::glance::registry +# == Class: tripleo::profile::base::octavia::api # -# Glance Registry profile for tripleo +# Octavia API server profile for tripleo # # === Parameters # # [*bootstrap_node*] -# DEPRECATED # (Optional) The hostname of the node responsible for bootstrapping tasks # Defaults to hiera('bootstrap_nodeid') # -# [*glance_backend*] -# (Optional) Glance backend(s) to use. -# Defaults to downcase(hiera('glance_backend', 'swift')) -# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') # -class tripleo::profile::base::glance::registry ( - $bootstrap_node = undef, - $glance_backend = downcase(hiera('glance_backend', 'swift')), +class tripleo::profile::base::octavia::api ( + $bootstrap_node = hiera('bootstrap_nodeid', undef), $step = hiera('step'), ) { + if $::hostname == downcase($bootstrap_node) { + $sync_db = true + } else { + $sync_db = false + } - if $step >= 4 { - # TODO: notifications, scrubber, etc. - include ::glance - include ::glance::config - include ::glance::registry - include ::glance::notify::rabbitmq - include join(['::glance::backend::', $glance_backend]) + include ::tripleo::profile::base::octavia + + if $step >= 3 and $sync_db { + include ::octavia::db::mysql } + # We start the Octavia API server on the bootstrap node first, because + # it will try to populate tables and we need to make sure this happens + # before it starts on other nodes + if ($step >= 4 and $sync_db) or ($step >= 5 and !$sync_db) { + class { '::octavia::api': + sync_db => $sync_db, + } + } } diff --git a/manifests/profile/base/time/ntp.pp b/manifests/profile/base/time/ntp.pp new file mode 100644 index 0000000..c6ce309 --- /dev/null +++ b/manifests/profile/base/time/ntp.pp @@ -0,0 +1,28 @@ +# Copyright 2017 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::ntp +# +# Enable NTP via composable services. +# + +class tripleo::profile::base::time::ntp { + # if installed, we don't want chrony to conflict with ntp. + package { 'chrony': + ensure => 'purged', + before => Service['ntp'], + } + include ::ntp +} diff --git a/manifests/profile/pacemaker/ceph/rbdmirror.pp b/manifests/profile/pacemaker/ceph/rbdmirror.pp new file mode 100644 index 0000000..8e2ff77 --- /dev/null +++ b/manifests/profile/pacemaker/ceph/rbdmirror.pp @@ -0,0 +1,77 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::pacemaker::ceph::rbdmirror +# +# Ceph RBD mirror Pacemaker profile for tripleo +# +# === Parameters +# +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('ceph_rbdmirror_bootstrap_short_node_name') +# +# [*client_name*] +# (Optional) Name assigned to the RBD mirror client +# Defaults to 'rbd-mirror' +# +# [*stack_action*] +# (Optional) Action executed on the stack. See tripleo-heat-templates +# for more details. +# Defaults to hiera('stack_action') +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::pacemaker::ceph::rbdmirror ( + $bootstrap_node = hiera('ceph_rbdmirror_bootstrap_short_node_name'), + $client_name = 'openstack', + $stack_action = hiera('stack_action'), + $step = hiera('step'), +) { + Service <| tag == 'ceph-rbd-mirror' |> { + hasrestart => true, + restart => '/bin/true', + start => '/bin/true', + stop => '/bin/true', + } + + if $::hostname == downcase($bootstrap_node) { + $pacemaker_master = true + } else { + $pacemaker_master = false + } + + include ::tripleo::profile::base::ceph + + if $step >= 3 { + ceph::mirror { $client_name: + rbd_mirror_enable => false, + rbd_mirror_ensure => 'stopped', + } -> + pacemaker::resource::service { "ceph-rbd-mirror_${client_name}": + # NOTE(gfidente): systemd uses the @ sign but it is an invalid + # character in a pcmk resource name, so we need to use it only + # for the name of the service + service_name => "ceph-rbd-mirror@${client_name}" + } + } + + if $step >= 3 and $pacemaker_master and $stack_action == 'UPDATE' { + Ceph_config<||> ~> Tripleo::Pacemaker::Resource_restart_flag["ceph-rbd-mirror@${client_name}"] + tripleo::pacemaker::resource_restart_flag { "ceph-rbd-mirror@${client_name}": } + } +} diff --git a/spec/classes/tripleo_profile_base_cinder_api_spec.rb b/spec/classes/tripleo_profile_base_cinder_api_spec.rb index a0c607d..6a36632 100644 --- a/spec/classes/tripleo_profile_base_cinder_api_spec.rb +++ b/spec/classes/tripleo_profile_base_cinder_api_spec.rb @@ -30,7 +30,6 @@ describe 'tripleo::profile::base::cinder::api' do is_expected.to contain_class('tripleo::profile::base::cinder') is_expected.to_not contain_class('cinder::api') is_expected.to_not contain_class('cinder::ceilometer') - is_expected.to_not contain_class('cinder::glance') end end @@ -43,7 +42,6 @@ describe 'tripleo::profile::base::cinder::api' do it 'should trigger complete configuration' do is_expected.to contain_class('cinder::api') is_expected.to contain_class('cinder::ceilometer') - is_expected.to contain_class('cinder::glance') end end @@ -56,7 +54,6 @@ describe 'tripleo::profile::base::cinder::api' do it 'should not trigger any configuration' do is_expected.to_not contain_class('cinder::api') is_expected.to_not contain_class('cinder::ceilometer') - is_expected.to_not contain_class('cinder::glance') end end @@ -68,7 +65,6 @@ describe 'tripleo::profile::base::cinder::api' do it 'should trigger complete configuration' do is_expected.to contain_class('cinder::api') is_expected.to contain_class('cinder::ceilometer') - is_expected.to contain_class('cinder::glance') end end end diff --git a/spec/classes/tripleo_profile_base_cinder_spec.rb b/spec/classes/tripleo_profile_base_cinder_spec.rb index 6a36152..81fa047 100644 --- a/spec/classes/tripleo_profile_base_cinder_spec.rb +++ b/spec/classes/tripleo_profile_base_cinder_spec.rb @@ -24,6 +24,7 @@ describe 'tripleo::profile::base::cinder' do is_expected.to contain_class('tripleo::profile::base::cinder') is_expected.to_not contain_class('cinder') is_expected.to_not contain_class('cinder::config') + is_expected.to_not contain_class('cinder::glance') is_expected.to_not contain_class('cinder:::cron::db_purge') end end @@ -41,6 +42,7 @@ describe 'tripleo::profile::base::cinder' do :rabbit_hosts => params[:rabbit_hosts].map{ |h| "#{h}:#{params[:rabbit_port]}" } ) is_expected.to contain_class('cinder::config') + is_expected.to contain_class('cinder::glance') is_expected.to_not contain_class('cinder::cron::db_purge') end end @@ -54,6 +56,7 @@ describe 'tripleo::profile::base::cinder' do it 'should not trigger any configuration' do is_expected.to_not contain_class('cinder') is_expected.to_not contain_class('cinder::config') + is_expected.to_not contain_class('cinder::glance') is_expected.to_not contain_class('cinder:::cron::db_purge') end end @@ -71,6 +74,7 @@ describe 'tripleo::profile::base::cinder' do :rabbit_hosts => params[:rabbit_hosts].map{ |h| "#{h}:#{params[:rabbit_port]}" } ) is_expected.to contain_class('cinder::config') + is_expected.to contain_class('cinder::glance') is_expected.to_not contain_class('cinder:::cron::db_purge') end end @@ -87,6 +91,7 @@ describe 'tripleo::profile::base::cinder' do :rabbit_hosts => params[:rabbit_hosts].map{ |h| "#{h}:5672" } ) is_expected.to contain_class('cinder::config') + is_expected.to contain_class('cinder::glance') is_expected.to contain_class('cinder::cron::db_purge') end end @@ -104,6 +109,7 @@ describe 'tripleo::profile::base::cinder' do :rabbit_hosts => params[:rabbit_hosts].map{ |h| "#{h}:5672" } ) is_expected.to contain_class('cinder::config') + is_expected.to contain_class('cinder::glance') is_expected.to_not contain_class('cinder::cron::db_purge') end end diff --git a/spec/classes/tripleo_profile_base_octavia_api_spec.rb b/spec/classes/tripleo_profile_base_octavia_api_spec.rb new file mode 100644 index 0000000..d916a32 --- /dev/null +++ b/spec/classes/tripleo_profile_base_octavia_api_spec.rb @@ -0,0 +1,135 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::octavia::api' do + + let :params do + { :step => 5, + :bootstrap_node => 'notbootstrap.example.com' + } + end + + shared_examples_for 'tripleo::profile::base::octavia::api' do + before :each do + facts.merge!({ :step => params[:step] }) + end + + let(:pre_condition) do + <<-eos + class { 'tripleo::profile::base::octavia' : + step => #{params[:step]}, + rabbit_user => 'bugs', + rabbit_password => 'rabbits_R_c00l', + rabbit_hosts => ['hole.field.com'] + } + class { 'octavia::db::mysql': + password => 'some_password' + } +eos + end + + context 'with step less than 3 on bootstrap' do + before do + params.merge!({ + :step => 2, + :bootstrap_node => 'node.example.com' + }) + end + + it 'should not do anything' do + is_expected.to_not contain_class('octavia::api') + end + end + + context 'with step less than 3 on non-bootstrap' do + before do + params.merge!({ :step => 2 }) + end + + it 'should not do anything' do + is_expected.to_not contain_class('octavia::api') + end + end + + context 'with step 3 on bootstrap node' do + before do + params.merge!({ + :step => 3, + :bootstrap_node => 'node.example.com' + }) + end + + it 'should should start configurating database' do + is_expected.to_not contain_class('octavia::api') + end + end + + context 'with step 3 on non-bootstrap node' do + before do + params.merge!({ :step => 3 }) + end + + it 'should do nothing' do + is_expected.to_not contain_class('octavia::api') + end + end + + context 'with step 4 on bootstrap node' do + before do + params.merge!({ + :step => 4, + :bootstrap_node => 'node.example.com' + }) + end + + it 'should should sync database' do + is_expected.to contain_class('octavia::api').with(:sync_db => true) + end + end + + context 'with step 4 on non-bootstrap node' do + before do + params.merge!({ :step => 4 }) + end + + it 'should do nothing' do + is_expected.to_not contain_class('octavia::api') + end + end + + context 'with step 5 on non-bootstrap node' do + before do + params.merge!({ :step => 5 }) + end + + it 'should do nothing' do + is_expected.to contain_class('octavia::api').with(:sync_db => false) + end + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + it_behaves_like 'tripleo::profile::base::octavia::api' + end + end +end + diff --git a/spec/classes/tripleo_profile_base_octavia_spec.rb b/spec/classes/tripleo_profile_base_octavia_spec.rb new file mode 100644 index 0000000..89820ef --- /dev/null +++ b/spec/classes/tripleo_profile_base_octavia_spec.rb @@ -0,0 +1,119 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::octavia' do + + let :params do + { :rabbit_hosts => ['some.server.com'], + :step => 5 + } + end + + shared_examples_for 'tripleo::profile::base::octavia' do + + context 'with step less than 3' do + before do + params.merge!({ :step => 2 }) + end + + it 'should not do anything' do + is_expected.to_not contain_class('octavia') + is_expected.to_not contain_class('octavia::config') + end + end + + context 'with step 3' do + before do + params.merge!({ :step => 3 }) + end + + it 'should provide basic initialization' do + is_expected.to contain_class('octavia').with( + :default_transport_url => 'rabbit://some.server.com:5672/' + ) + is_expected.to contain_class('octavia::config') + end + end + + context 'with multiple hosts' do + before do + params.merge!({ :rabbit_hosts => ['some.server.com', 'someother.server.com'] }) + end + + it 'should construct a multihost URL' do + is_expected.to contain_class('octavia').with( + :default_transport_url => 'rabbit://some.server.com:5672,someother.server.com:5672/' + ) + end + end + + context 'with username provided' do + before do + params.merge!({ :rabbit_user => 'bunny' }) + end + + it 'should construct URL with username' do + is_expected.to contain_class('octavia').with( + :default_transport_url => 'rabbit://bunny@some.server.com:5672/' + ) + end + end + + context 'with username and password provided' do + before do + params.merge!( + { :rabbit_user => 'bunny', + :rabbit_password => 'carrot' + } + ) + end + + it 'should construct URL with username and password' do + is_expected.to contain_class('octavia').with( + :default_transport_url => 'rabbit://bunny:carrot@some.server.com:5672/' + ) + end + end + + context 'with multiple hosts and user info provided' do + before do + params.merge!( + { :rabbit_hosts => ['some.server.com', 'someother.server.com'], + :rabbit_user => 'bunny', + :rabbit_password => 'carrot' + } + ) + end + + it 'should distributed user info across hosts URL' do + is_expected.to contain_class('octavia').with( + :default_transport_url => 'rabbit://bunny:carrot@some.server.com:5672,bunny:carrot@someother.server.com:5672/' + ) + end + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({}) + end + it_behaves_like 'tripleo::profile::base::octavia' + end + end +end diff --git a/spec/classes/tripleo_profile_pacemaker_ceph_rbdmirror_spec.rp b/spec/classes/tripleo_profile_pacemaker_ceph_rbdmirror_spec.rp new file mode 100644 index 0000000..4df0a09 --- /dev/null +++ b/spec/classes/tripleo_profile_pacemaker_ceph_rbdmirror_spec.rp @@ -0,0 +1,64 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::pacemaker::ceph::rbdmirror' do + shared_examples_for 'tripleo::profile::pacemaker::ceph::rbdmirror' do + let (:pre_condition) do + <<-eof + class { '::tripleo::profile::base::ceph': + step => #{params[:step]} + } + eof + end + + context 'with step less than 3' do + let(:params) { { :step => 2 } } + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::ceph') + is_expected.to_not contain_class('ceph::mirror') + end + end + + context 'with step 3 and client_name' do + let(:params) { { + :step => 3, + :client_name => 'myname', + } } + + it 'should include rbdmirror configuration' do + is_expected.to contain_class('tripleo::profile::base::ceph') + is_expected.to contain_class('ceph::rbdmirror').with( + :rbd_mirror_enable => false, + :rbd_mirror_ensure => 'stopped', + ) + is_expected.to contain_class('pacemaker::resource::service') + end + end + + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::pacemaker::ceph::rbdmirror' + end + end +end |