diff options
| -rw-r--r-- | lib/facter/netmask_ipv6.rb | 47 | ||||
| -rw-r--r-- | lib/puppet/parser/functions/interface_for_ip.rb | 32 | ||||
| -rw-r--r-- | manifests/loadbalancer.pp | 113 | ||||
| -rw-r--r-- | manifests/packages.pp | 21 | ||||
| -rw-r--r-- | spec/classes/tripleo_packages_spec.rb | 52 |
5 files changed, 245 insertions, 20 deletions
diff --git a/lib/facter/netmask_ipv6.rb b/lib/facter/netmask_ipv6.rb new file mode 100644 index 0000000..5261485 --- /dev/null +++ b/lib/facter/netmask_ipv6.rb @@ -0,0 +1,47 @@ +require 'ipaddr' + +def netmask6(value) + if value + ip = IPAddr.new('::0').mask(value) + ip.inspect.split('/')[1].gsub('>', '') + end +end + +if Facter.value('facterversion')[0].to_i < 3 + Facter::Util::IP.get_interfaces.each do |interface| + Facter.add('netmask6_' + Facter::Util::IP.alphafy(interface)) do + setcode do + tmp = [] + regex = %r{inet6\s+.*\s+(?:prefixlen)\s+(\d+)}x + output_int = Facter::Util::IP.get_output_for_interface_and_label(interface, 'netmask6') + + output_int.each_line do |line| + prefixlen = nil + matches = line.match(regex) + prefixlen = matches[1] if matches + + if prefixlen + value = netmask6(prefixlen) + tmp.push(value) + end + end + + tmp.shift if tmp + end + end + end + + Facter.add('netmask6') do + setcode do + prefixlen = nil + regex = %r{#{Facter.value(:ipaddress6)}.*?(?:prefixlen)\s*(\d+)}x + + String(Facter::Util::IP.exec_ifconfig(['2>/dev/null'])).split(/\n/).collect do |line| + matches = line.match(regex) + prefixlen = matches[1] if matches + end + + netmask6(prefixlen) if prefixlen + end + end +end diff --git a/lib/puppet/parser/functions/interface_for_ip.rb b/lib/puppet/parser/functions/interface_for_ip.rb index 1c67120..fd68be0 100644 --- a/lib/puppet/parser/functions/interface_for_ip.rb +++ b/lib/puppet/parser/functions/interface_for_ip.rb @@ -8,25 +8,31 @@ module Puppet::Parser::Functions newfunction(:interface_for_ip, :type => :rvalue, :doc => "Find the bind IP address for the provided subnet.") do |arg| if arg[0].class == String begin - ip_to_find = arg[0] + ip1 = IPAddr.new(arg[0]) Dir.foreach('/sys/class/net/') do |interface| - next if interface == '.' or interface == '..' + next if interface == '.' || interface == '..' iface_no_dash = interface.gsub('-', '_') - interface_ip = lookupvar("ipaddress_#{iface_no_dash}") - netmask = lookupvar("netmask_#{iface_no_dash}") - if not interface_ip.nil? then - ip1=IPAddr.new(interface_ip) - ip2=IPAddr.new(ip_to_find) - if ip1.mask(netmask) == ip2.mask(netmask) then - return interface - end + + if ip1.ipv4? + ipaddress_name = "ipaddress_#{iface_no_dash}" + netmask_name = "netmask_#{iface_no_dash}" + else + ipaddress_name = "ipaddress6_#{iface_no_dash}" + netmask_name = "netmask6_#{iface_no_dash}" + end + + interface_ip = lookupvar(ipaddress_name) + netmask = lookupvar(netmask_name) + unless interface_ip.nil? then + ip2 = IPAddr.new(interface_ip) + return interface if ip1.mask(netmask) == ip2.mask(netmask) end end - rescue JSON::ParserError - raise Puppet::ParseError, "Syntax error: #{arg[0]} is invalid" + rescue IPAddr::InvalidAddressError => e + raise Puppet::ParseError, "#{e}: #{arg[0]}" end else - raise Puppet::ParseError, "Syntax error: #{arg[0]} is not a String" + raise Puppet::ParseError, "Syntax error: #{arg[0]} must be a String" end return '' end diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp index 3fe5ee9..de995de 100644 --- a/manifests/loadbalancer.pp +++ b/manifests/loadbalancer.pp @@ -35,6 +35,10 @@ # The value to use as maxconn in the haproxy default config section. # Defaults to 4096 # +# [*haproxy_default_timeout*] +# The value to use as timeout in the haproxy default config section. +# Defaults to [ 'http-request 10s', 'queue 1m', 'connect 10s', 'client 1m', 'server 1m', 'check 10s' ] +# # [*haproxy_log_address*] # The IPv4, IPv6 or filesystem socket path of the syslog server. # Defaults to '/dev/log' @@ -133,6 +137,15 @@ # [*aodh_certificate*] # Filename of an HAProxy-compatible certificate and key file # When set, enables SSL on the Aodh public API endpoint using the specified file. +# +# [*sahara_certificate*] +# Filename of an HAProxy-compatible certificate and key file +# When set, enables SSL on the Sahara public API endpoint using the specified file. +# Defaults to undef +# +# [*trove_certificate*] +# Filename of an HAProxy-compatible certificate and key file +# When set, enables SSL on the Trove public API endpoint using the specified file. # Defaults to undef # # [*swift_certificate*] @@ -175,6 +188,14 @@ # (optional) Enable or not Manila API binding # Defaults to false # +# [*sahara*] +# (optional) Enable or not Sahara API binding +# defaults to false +# +# [*trove*] +# (optional) Enable or not Trove API binding +# defaults to false +# # [*glance_api*] # (optional) Enable or not Glance API binding # Defaults to false @@ -263,6 +284,7 @@ class tripleo::loadbalancer ( $haproxy_service_manage = true, $haproxy_global_maxconn = 20480, $haproxy_default_maxconn = 4096, + $haproxy_default_timeout = [ 'http-request 10s', 'queue 1m', 'connect 10s', 'client 1m', 'server 1m', 'check 10s' ], $haproxy_log_address = '/dev/log', $controller_host = undef, $controller_hosts = undef, @@ -271,6 +293,8 @@ class tripleo::loadbalancer ( $keystone_certificate = undef, $neutron_certificate = undef, $cinder_certificate = undef, + $sahara_certificate = undef, + $trove_certificate = undef, $manila_certificate = undef, $glance_certificate = undef, $nova_certificate = undef, @@ -284,6 +308,8 @@ class tripleo::loadbalancer ( $keystone_public = false, $neutron = false, $cinder = false, + $sahara = false, + $trove = false, $manila = false, $glance_api = false, $glance_registry = false, @@ -417,6 +443,16 @@ class tripleo::loadbalancer ( } else { $cinder_bind_certificate = $service_certificate } + if $sahara_certificate { + $sahara_bind_certificate = $sahara_certificate + } else { + $sahara_bind_certificate = $service_certificate + } + if $trove_certificate { + $trove_bind_certificate = $trove_certificate + } else { + $trove_bind_certificate = $trove_certificate + } if $manila_certificate { $manila_bind_certificate = $manila_certificate } else { @@ -537,6 +573,32 @@ class tripleo::loadbalancer ( } } + $sahara_api_vip = hiera('sahara_api_vip', $controller_virtual_ip) + if $sahara_bind_certificate { + $sahara_bind_opts = { + "${sahara_api_vip}:8386" => [], + "${public_virtual_ip}:13786" => ['ssl', 'crt', $sahara_bind_certificate], + } + } else { + $sahara_bind_opts = { + "${sahara_api_vip}:8386" => [], + "${public_virtual_ip}:8386" => [], + } + } + + $trove_api_vip = hiera('$trove_api_vip', $controller_virtual_ip) + if $trove_bind_certificate { + $trove_bind_opts = { + "${trove_api_vip}:8779" => [], + "${public_virtual_ip}:13779" => ['ssl', 'crt', $trove_bind_certificate], + } + } else { + $trove_bind_opts = { + "${trove_api_vip}:8779" => [], + "${public_virtual_ip}:8779" => [], + } + } + $nova_api_vip = hiera('nova_api_vip', $controller_virtual_ip) if $nova_bind_certificate { $nova_osapi_bind_opts = { @@ -613,6 +675,7 @@ class tripleo::loadbalancer ( } $heat_options = { 'rsprep' => "^Location:\\ http://${public_virtual_ip}(.*) Location:\\ https://${public_virtual_ip}\\1", + 'http-request' => ['set-header X-Forwarded-Proto https if { ssl_fc }'], } $heat_cw_bind_opts = { "${heat_api_vip}:8003" => [], @@ -680,7 +743,7 @@ class tripleo::loadbalancer ( 'mode' => 'tcp', 'log' => 'global', 'retries' => '3', - 'timeout' => [ 'http-request 10s', 'queue 1m', 'connect 10s', 'client 1m', 'server 1m', 'check 10s' ], + 'timeout' => $haproxy_default_timeout, 'maxconn' => $haproxy_default_maxconn, }, } @@ -719,6 +782,10 @@ class tripleo::loadbalancer ( haproxy::listen { 'keystone_public': bind => $keystone_public_bind_opts, collect_exported => false, + mode => 'http', # Needed for http-request option + options => { + 'http-request' => ['set-header X-Forwarded-Proto https if { ssl_fc }'], + }, } haproxy::balancermember { 'keystone_public': listening_service => 'keystone_public', @@ -771,6 +838,34 @@ class tripleo::loadbalancer ( } } + if $sahara { + haproxy::listen { 'sahara': + bind => $sahara_bind_opts, + collect_exported => false, + } + haproxy::balancermember { 'sahara': + listening_service => 'sahara', + ports => '8386', + ipaddresses => hiera('sahara_api_node_ips', $controller_hosts_real), + server_names => $controller_hosts_names_real, + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $trove { + haproxy::listen { 'trove': + bind => $trove_bind_opts, + collect_exported => false, + } + haproxy::balancermember { 'trove': + listening_service => 'trove', + ports => '8779', + ipaddresses => hiera('trove_api_node_ips', $controller_hosts_real), + server_names => $controller_hosts_names_real, + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + if $glance_api { haproxy::listen { 'glance_api': bind => $glance_bind_opts, @@ -818,6 +913,10 @@ class tripleo::loadbalancer ( haproxy::listen { 'nova_osapi': bind => $nova_osapi_bind_opts, collect_exported => false, + mode => 'http', + options => { + 'http-request' => ['set-header X-Forwarded-Proto https if { ssl_fc }'], + }, } haproxy::balancermember { 'nova_osapi': listening_service => 'nova_osapi', @@ -967,15 +1066,17 @@ class tripleo::loadbalancer ( if $mysql_clustercheck { $mysql_listen_options = { - 'option' => [ 'tcpka', 'httpchk' ], - 'timeout' => [ 'client 0', 'server 0' ], - 'stick-table' => 'type ip size 1000', - 'stick' => 'on dst', + 'option' => [ 'tcpka', 'httpchk' ], + 'timeout client' => '90m', + 'timeout server' => '90m', + 'stick-table' => 'type ip size 1000', + 'stick' => 'on dst', } $mysql_member_options = ['check', 'inter 2000', 'rise 2', 'fall 5', 'backup', 'port 9200', 'on-marked-down shutdown-sessions'] } else { $mysql_listen_options = { - 'timeout' => [ 'client 0', 'server 0' ], + 'timeout client' => '90m', + 'timeout server' => '90m', } $mysql_member_options = ['check', 'inter 2000', 'rise 2', 'fall 5', 'backup'] } diff --git a/manifests/packages.pp b/manifests/packages.pp index ac11efd..c0971e9 100644 --- a/manifests/packages.pp +++ b/manifests/packages.pp @@ -45,7 +45,26 @@ class tripleo::packages ( if $enable_upgrade { Package <| |> { ensure => 'latest' } + + case $::osfamily { + 'RedHat': { + $pkg_upgrade_cmd = 'yum -y update' + } + default: { + warning('Please specify a package upgrade command for distribution.') + } + } + + exec { 'package-upgrade': + command => $pkg_upgrade_cmd, + path => '/usr/bin', + } + # A resource chain to ensure the upgrade ordering we want: + # 1) upgrade puppet managed packages (will trigger puppet dependencies) + # 2) then upgrade all packages via exec + # 3) then restart services + Package <| |> -> Exec['package-upgrade'] -> Service <| |> + } } - diff --git a/spec/classes/tripleo_packages_spec.rb b/spec/classes/tripleo_packages_spec.rb new file mode 100644 index 0000000..55a135b --- /dev/null +++ b/spec/classes/tripleo_packages_spec.rb @@ -0,0 +1,52 @@ +# +# Copyright (C) 2015 Red Hat Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +require 'spec_helper' + +describe 'tripleo::packages' do + + shared_examples_for 'Red Hat distributions' do + + let :pre_condition do + " + package{'nova-compute': ensure => present} + service{'nova-compute': ensure => 'running'} + " + end + + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemmajrelease => 7, + } + end + + let :params do + { + :enable_upgrade => true + } + end + + it 'should contain correct upgrade ordering' do + is_expected.to contain_package('nova-compute').that_comes_before('Exec[package-upgrade]') + is_expected.to contain_exec('package-upgrade').that_comes_before('Service[nova-compute]') + is_expected.to contain_exec('package-upgrade').with(:command => 'yum -y update') + end + + end + + it_configures 'Red Hat distributions' + +end |