diff options
32 files changed, 346 insertions, 39 deletions
diff --git a/manifests/certmonger/apache_dirs.pp b/manifests/certmonger/apache_dirs.pp new file mode 100644 index 0000000..2588e46 --- /dev/null +++ b/manifests/certmonger/apache_dirs.pp @@ -0,0 +1,55 @@ +# Copyright 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# : = Class: tripleo::certmonger::apache_dirs +# +# Creates the necessary directories for apache's certificates and keys in the +# assigned locations if specified. It also assigns the correct SELinux tags. +# +# === Parameters: +# +# [*certificate_dir*] +# (Optional) Directory where apache's certificates will be stored. If left +# unspecified, it won't be created. +# Defaults to undef +# +# [*key_dir*] +# (Optional) Directory where apache's keys will be stored. +# Defaults to undef +# +class tripleo::certmonger::apache_dirs( + $certificate_dir = undef, + $key_dir = undef, +){ + + if $certificate_dir { + file { $certificate_dir : + ensure => 'directory', + selrole => 'object_r', + seltype => 'cert_t', + seluser => 'system_u', + } + File[$certificate_dir] ~> Certmonger_certificate<| tag == 'apache-cert' |> + } + + if $key_dir { + file { $key_dir : + ensure => 'directory', + selrole => 'object_r', + seltype => 'cert_t', + seluser => 'system_u', + } + File[$key_dir] ~> Certmonger_certificate<| tag == 'apache-cert' |> + } +} diff --git a/manifests/certmonger/httpd.pp b/manifests/certmonger/httpd.pp index 94b48b7..74c0b5a 100644 --- a/manifests/certmonger/httpd.pp +++ b/manifests/certmonger/httpd.pp @@ -55,6 +55,7 @@ define tripleo::certmonger::httpd ( postsave_cmd => $postsave_cmd, ca => $certmonger_ca, wait => true, + tag => 'apache-cert', require => Class['::certmonger'], } diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index 87c4909..d497056 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -428,6 +428,10 @@ # (optional) Specify the network ec2_api_metadata is running on. # Defaults to hiera('ec2_api_network', undef) # +# [*etcd_network*] +# (optional) Specify the network etcd is running on. +# Defaults to hiera('etcd_network', undef) +# # [*opendaylight_network*] # (optional) Specify the network opendaylight is running on. # Defaults to hiera('opendaylight_api_network', undef) @@ -623,6 +627,7 @@ class tripleo::haproxy ( $ovn_dbs_network = hiera('ovn_dbs_network', undef), $ec2_api_network = hiera('ec2_api_network', undef), $ec2_api_metadata_network = hiera('ec2_api_network', undef), + $etcd_network = hiera('etcd_network', undef), $sahara_network = hiera('sahara_api_network', undef), $swift_proxy_server_network = hiera('swift_proxy_network', undef), $tacker_network = hiera('tacker_api_network', undef), @@ -651,6 +656,7 @@ class tripleo::haproxy ( contrail_webui_https_port => 8143, docker_registry_port => 8787, docker_registry_ssl_port => 13787, + etcd_port => 2379, glance_api_port => 9292, glance_api_ssl_port => 13292, gnocchi_api_port => 8041, @@ -712,6 +718,9 @@ class tripleo::haproxy ( if $enable_internal_tls { $internal_tls_member_options = ['ssl', 'verify required', "ca-file ${ca_bundle}"] + Haproxy::Balancermember { + verifyhost => true + } } else { $internal_tls_member_options = [] } @@ -791,11 +800,6 @@ class tripleo::haproxy ( "${redis_vip}:6379" => $haproxy_listen_bind_param, } - $etcd_vip = hiera('etcd_vip', $controller_virtual_ip) - $etcd_bind_opts = { - "${etcd_vip}:2379" => $haproxy_listen_bind_param, - } - class { '::haproxy': service_manage => $haproxy_service_manage, global_options => { @@ -1184,13 +1188,17 @@ class tripleo::haproxy ( $heat_api_vip = hiera('heat_api_vip', $controller_virtual_ip) $heat_ip_addresses = hiera('heat_api_node_ips', $controller_hosts_real) + $heat_timeout_options = { + 'timeout client' => '10m', + 'timeout server' => '10m', + } if $service_certificate { $heat_ssl_options = { 'rsprep' => "^Location:\\ http://${public_virtual_ip}(.*) Location:\\ https://${public_virtual_ip}\\1", } - $heat_options = merge($default_listen_options, $heat_ssl_options) + $heat_options = merge($default_listen_options, $heat_ssl_options, $heat_timeout_options) } else { - $heat_options = $default_listen_options + $heat_options = merge($default_listen_options, $heat_timeout_options) } if $heat_api { @@ -1346,19 +1354,15 @@ class tripleo::haproxy ( } if $etcd { - haproxy::listen { 'etcd': - bind => $etcd_bind_opts, - options => { + ::tripleo::haproxy::endpoint { 'etcd': + internal_ip => hiera('etcd_vip', $controller_virtual_ip), + service_port => $ports[etcd_port], + ip_addresses => hiera('etcd_node_ips', $controller_hosts_real), + server_names => hiera('etcd_node_names', $controller_hosts_names_real), + service_network => $etcd_network, + listen_options => { 'balance' => 'source', - }, - collect_exported => false, - } - haproxy::balancermember { 'etcd': - listening_service => 'etcd', - ports => '2379', - ipaddresses => hiera('etcd_node_ips', $controller_hosts_real), - server_names => hiera('etcd_node_names', $controller_hosts_names_real), - options => $haproxy_member_options, + } } } diff --git a/manifests/keepalived.pp b/manifests/keepalived.pp index aa0e5d6..35b0821 100644 --- a/manifests/keepalived.pp +++ b/manifests/keepalived.pp @@ -64,6 +64,11 @@ # A string. # Defaults to false # +# [*virtual_router_id_base*] +# Base for range used for virtual router IDs. +# An integer. +# Defaults to 50 +# class tripleo::keepalived ( $controller_virtual_ip, @@ -75,6 +80,7 @@ class tripleo::keepalived ( $storage_mgmt_virtual_ip = false, $redis_virtual_ip = false, $ovndbs_virtual_ip = false, + $virtual_router_id_base = 50, ) { case $::osfamily { @@ -100,7 +106,7 @@ class tripleo::keepalived ( } # KEEPALIVE INSTANCE CONTROL - keepalived::instance { '51': + keepalived::instance { "${$virtual_router_id_base + 1}": interface => $control_virtual_interface, virtual_ips => [join([$controller_virtual_ip, ' dev ', $control_virtual_interface])], state => 'MASTER', @@ -109,7 +115,7 @@ class tripleo::keepalived ( } # KEEPALIVE INSTANCE PUBLIC - keepalived::instance { '52': + keepalived::instance { "${$virtual_router_id_base + 2}": interface => $public_virtual_interface, virtual_ips => [join([$public_virtual_ip, ' dev ', $public_virtual_interface])], state => 'MASTER', @@ -126,7 +132,7 @@ class tripleo::keepalived ( $internal_api_virtual_netmask = '32' } # KEEPALIVE INTERNAL API NETWORK - keepalived::instance { '53': + keepalived::instance { "${$virtual_router_id_base + 3}": interface => $internal_api_virtual_interface, virtual_ips => [join(["${internal_api_virtual_ip}/${internal_api_virtual_netmask}", ' dev ', $internal_api_virtual_interface])], state => 'MASTER', @@ -143,7 +149,7 @@ class tripleo::keepalived ( $storage_virtual_netmask = '32' } # KEEPALIVE STORAGE NETWORK - keepalived::instance { '54': + keepalived::instance { "${$virtual_router_id_base + 4}": interface => $storage_virtual_interface, virtual_ips => [join(["${storage_virtual_ip}/${storage_virtual_netmask}", ' dev ', $storage_virtual_interface])], state => 'MASTER', @@ -160,7 +166,7 @@ class tripleo::keepalived ( $storage_mgmt_virtual_netmask = '32' } # KEEPALIVE STORAGE MANAGEMENT NETWORK - keepalived::instance { '55': + keepalived::instance { "${$virtual_router_id_base + 5}": interface => $storage_mgmt_virtual_interface, virtual_ips => [join(["${storage_mgmt_virtual_ip}/${storage_mgmt_virtual_netmask}", ' dev ', $storage_mgmt_virtual_interface])], state => 'MASTER', @@ -177,7 +183,7 @@ class tripleo::keepalived ( $redis_virtual_netmask = '32' } # KEEPALIVE STORAGE MANAGEMENT NETWORK - keepalived::instance { '56': + keepalived::instance { "${$virtual_router_id_base + 6}": interface => $redis_virtual_interface, virtual_ips => [join(["${redis_virtual_ip}/${redis_virtual_netmask}", ' dev ', $redis_virtual_interface])], state => 'MASTER', @@ -185,10 +191,11 @@ class tripleo::keepalived ( priority => 101, } } + if $ovndbs_virtual_ip and $ovndbs_virtual_ip != $controller_virtual_ip { $ovndbs_virtual_interface = interface_for_ip($ovndbs_virtual_ip) # KEEPALIVE OVNDBS MANAGEMENT NETWORK - keepalived::instance { '57': + keepalived::instance { "${$virtual_router_id_base + 7}": interface => $ovndbs_virtual_interface, virtual_ips => [join([$ovndbs_virtual_ip, ' dev ', $ovndbs_virtual_interface])], state => 'MASTER', diff --git a/manifests/profile/base/aodh/api.pp b/manifests/profile/base/aodh/api.pp index 22fc000..5c539fc 100644 --- a/manifests/profile/base/aodh/api.pp +++ b/manifests/profile/base/aodh/api.pp @@ -68,6 +68,7 @@ class tripleo::profile::base::aodh::api ( if $step >= 3 { include ::aodh::api + include ::apache::mod::ssl class { '::aodh::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/barbican/api.pp b/manifests/profile/base/barbican/api.pp index 71e4ea1..211e442 100644 --- a/manifests/profile/base/barbican/api.pp +++ b/manifests/profile/base/barbican/api.pp @@ -158,6 +158,7 @@ class tripleo::profile::base::barbican::api ( include ::barbican::api::logging include ::barbican::keystone::notification include ::barbican::quota + include ::apache::mod::ssl class { '::barbican::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/ceilometer/api.pp b/manifests/profile/base/ceilometer/api.pp index 28504c5..0176380 100644 --- a/manifests/profile/base/ceilometer/api.pp +++ b/manifests/profile/base/ceilometer/api.pp @@ -63,8 +63,9 @@ class tripleo::profile::base::ceilometer::api ( $tls_keyfile = undef } - if $step >= 4 { + if $step >= 3 { include ::ceilometer::api + include ::apache::mod::ssl class { '::ceilometer::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/certmonger_user.pp b/manifests/profile/base/certmonger_user.pp index 424ef09..4d91ac9 100644 --- a/manifests/profile/base/certmonger_user.pp +++ b/manifests/profile/base/certmonger_user.pp @@ -68,6 +68,7 @@ class tripleo::profile::base::certmonger_user ( include ::tripleo::certmonger::ca::libvirt unless empty($apache_certificates_specs) { + include ::tripleo::certmonger::apache_dirs ensure_resources('tripleo::certmonger::httpd', $apache_certificates_specs) } unless empty($libvirt_certificates_specs) { diff --git a/manifests/profile/base/cinder/api.pp b/manifests/profile/base/cinder/api.pp index c432fd6..2fd9a65 100644 --- a/manifests/profile/base/cinder/api.pp +++ b/manifests/profile/base/cinder/api.pp @@ -76,6 +76,7 @@ class tripleo::profile::base::cinder::api ( if $step >= 4 or ($step >= 3 and $sync_db) { include ::cinder::api + include ::apache::mod::ssl class { '::cinder::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/cinder/volume/dellsc.pp b/manifests/profile/base/cinder/volume/dellsc.pp index 534bcb7..ab6bbeb 100644 --- a/manifests/profile/base/cinder/volume/dellsc.pp +++ b/manifests/profile/base/cinder/volume/dellsc.pp @@ -44,6 +44,7 @@ class tripleo::profile::base::cinder::volume::dellsc ( dell_sc_api_port => hiera('cinder::backend::dellsc_iscsi::dell_sc_api_port', undef), dell_sc_server_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_server_folder', undef), dell_sc_volume_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_volume_folder', undef), + excluded_domain_ip => hiera('cinder::backend::dellsc_iscsi::excluded_domain_ip', undef), } } diff --git a/manifests/profile/base/docker.pp b/manifests/profile/base/docker.pp index 4797d86..d035f6a 100644 --- a/manifests/profile/base/docker.pp +++ b/manifests/profile/base/docker.pp @@ -79,12 +79,21 @@ class tripleo::profile::base::docker ( $mirror_changes = [ 'rm dict/entry[. = "registry-mirrors"]', ] } + file { '/etc/docker/daemon.json': + ensure => 'present', + content => '{}', + mode => '0644', + replace => false, + require => Package['docker'] + } + augeas { 'docker-daemon.json': lens => 'Json.lns', incl => '/etc/docker/daemon.json', changes => $mirror_changes, subscribe => Package['docker'], notify => Service['docker'], + require => File['/etc/docker/daemon.json'], } } diff --git a/manifests/profile/base/docker_registry.pp b/manifests/profile/base/docker_registry.pp index 73fb6e0..cb262d9 100644 --- a/manifests/profile/base/docker_registry.pp +++ b/manifests/profile/base/docker_registry.pp @@ -31,10 +31,15 @@ # network # Defaults to hiera('controller_admin_host') # +# [*enable_container_images_build*] +# (Optional) Whether to install tools to build docker container images +# Defaults to hiera('enable_container_images_build', true) +# class tripleo::profile::base::docker_registry ( - $registry_host = hiera('controller_host'), - $registry_port = 8787, - $registry_admin_host = hiera('controller_admin_host'), + $registry_host = hiera('controller_host'), + $registry_port = 8787, + $registry_admin_host = hiera('controller_admin_host'), + $enable_container_images_build = hiera('enable_container_images_build', true), ) { include ::tripleo::profile::base::docker @@ -45,7 +50,9 @@ class tripleo::profile::base::docker_registry ( allow_virtual => false, } package{'docker-distribution': } - package{'openstack-kolla': } + if str2bool($enable_container_images_build) { + package{'openstack-kolla': } + } file { '/etc/docker-distribution/registry/config.yml' : ensure => file, content => template('tripleo/docker_distribution/registry_config.yml.erb'), diff --git a/manifests/profile/base/gnocchi/api.pp b/manifests/profile/base/gnocchi/api.pp index 79ee265..4a47184 100644 --- a/manifests/profile/base/gnocchi/api.pp +++ b/manifests/profile/base/gnocchi/api.pp @@ -83,13 +83,16 @@ class tripleo::profile::base::gnocchi::api ( include ::gnocchi::db::sync } - if $step >= 4 { + if $step >= 3 { include ::gnocchi::api + include ::apache::mod::ssl class { '::gnocchi::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, } + } + if $step >= 4 { class { '::gnocchi::storage': coordination_url => join(['redis://:', hiera('gnocchi_redis_password'), '@', normalize_ip_for_uri(hiera('redis_vip')), ':6379/']), } diff --git a/manifests/profile/base/heat/api.pp b/manifests/profile/base/heat/api.pp index 8e2da7e..79eb77e 100644 --- a/manifests/profile/base/heat/api.pp +++ b/manifests/profile/base/heat/api.pp @@ -65,6 +65,7 @@ class tripleo::profile::base::heat::api ( if $step >= 3 { include ::heat::api + include ::apache::mod::ssl class { '::heat::wsgi::apache_api': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/heat/api_cfn.pp b/manifests/profile/base/heat/api_cfn.pp index 02eb82a..dad7b76 100644 --- a/manifests/profile/base/heat/api_cfn.pp +++ b/manifests/profile/base/heat/api_cfn.pp @@ -66,6 +66,7 @@ class tripleo::profile::base::heat::api_cfn ( if $step >= 3 { include ::heat::api_cfn + include ::apache::mod::ssl class { '::heat::wsgi::apache_api_cfn': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/heat/api_cloudwatch.pp b/manifests/profile/base/heat/api_cloudwatch.pp index 558d247..428bcf2 100644 --- a/manifests/profile/base/heat/api_cloudwatch.pp +++ b/manifests/profile/base/heat/api_cloudwatch.pp @@ -66,6 +66,7 @@ class tripleo::profile::base::heat::api_cloudwatch ( if $step >= 3 { include ::heat::api_cloudwatch + include ::apache::mod::ssl class { '::heat::wsgi::apache_api_cloudwatch': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index ec896e7..31f5c93 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -211,6 +211,7 @@ class tripleo::profile::base::keystone ( } include ::keystone::config + include ::apache::mod::ssl class { '::keystone::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, @@ -321,7 +322,7 @@ class tripleo::profile::base::keystone ( if hiera('sahara_api_enabled', false) { include ::sahara::keystone::auth } - if hiera('swift_proxy_enabled', false) { + if hiera('swift_proxy_enabled', false) or hiera('external_swift_proxy_enabled',false) { include ::swift::keystone::auth } if hiera('tacker_enabled', false) { diff --git a/manifests/profile/base/neutron/agents/bigswitch.pp b/manifests/profile/base/neutron/agents/bigswitch.pp new file mode 100644 index 0000000..137dec0 --- /dev/null +++ b/manifests/profile/base/neutron/agents/bigswitch.pp @@ -0,0 +1,31 @@ +# Copyright 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::neutron::agents::bigswitch +# +# Bigswitch Neutron agent profile +# +# === Parameters +# +# [*step*] +# (Optional) The current step of the deployment +# Defaults to hiera('step') +# +class tripleo::profile::base::neutron::agents::bigswitch( + $step = hiera('step'), +) { + if $step >= 4 { + include ::neutron::agents::bigswitch + } +} diff --git a/manifests/profile/base/nova/api.pp b/manifests/profile/base/nova/api.pp index 95a1721..bdb3007 100644 --- a/manifests/profile/base/nova/api.pp +++ b/manifests/profile/base/nova/api.pp @@ -94,6 +94,7 @@ class tripleo::profile::base::nova::api ( $tls_keyfile = undef } if $step >= 4 or ($step >= 3 and $sync_db) { + include ::apache::mod::ssl class { '::nova::wsgi::apache_api': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/nova/placement.pp b/manifests/profile/base/nova/placement.pp index 16bfe17..c78b3c2 100644 --- a/manifests/profile/base/nova/placement.pp +++ b/manifests/profile/base/nova/placement.pp @@ -74,6 +74,7 @@ class tripleo::profile::base::nova::placement ( } if $step >= 3 { + include ::apache::mod::ssl class { '::nova::wsgi::apache_placement': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/panko/api.pp b/manifests/profile/base/panko/api.pp index 90e80a2..165969f 100644 --- a/manifests/profile/base/panko/api.pp +++ b/manifests/profile/base/panko/api.pp @@ -79,6 +79,7 @@ class tripleo::profile::base::panko::api ( class { '::panko::api': sync_db => $sync_db, } + include ::apache::mod::ssl class { '::panko::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/sshd.pp b/manifests/profile/base/sshd.pp index f43089c..2b86032 100644 --- a/manifests/profile/base/sshd.pp +++ b/manifests/profile/base/sshd.pp @@ -32,7 +32,7 @@ class tripleo::profile::base::sshd ( $motd = hiera('MOTD', undef), ) { - include ::ssh + include ::ssh::server if $bannertext { $filelist = [ '/etc/issue', '/etc/issue.net', ] diff --git a/manifests/profile/base/zaqar.pp b/manifests/profile/base/zaqar.pp index 89a03ad..7fbcd34 100644 --- a/manifests/profile/base/zaqar.pp +++ b/manifests/profile/base/zaqar.pp @@ -50,6 +50,7 @@ class tripleo::profile::base::zaqar ( uri => $database_connection, } include ::zaqar::transport::websocket + include ::apache::mod::ssl include ::zaqar::transport::wsgi # TODO (bcrochet): At some point, the transports should be split out to diff --git a/releasenotes/notes/enable-support-for-external-swift-proxy-f12c99b34516a023.yaml b/releasenotes/notes/enable-support-for-external-swift-proxy-f12c99b34516a023.yaml new file mode 100644 index 0000000..83b05bb --- /dev/null +++ b/releasenotes/notes/enable-support-for-external-swift-proxy-f12c99b34516a023.yaml @@ -0,0 +1,5 @@ +--- +features: + - Added support for external swift proxy. Users may need to + configure endpoints pointing to swift proxy service + already available. diff --git a/releasenotes/notes/ensure-ssl-conf-2f32c6ead6f3bb0e.yaml b/releasenotes/notes/ensure-ssl-conf-2f32c6ead6f3bb0e.yaml new file mode 100644 index 0000000..92f2360 --- /dev/null +++ b/releasenotes/notes/ensure-ssl-conf-2f32c6ead6f3bb0e.yaml @@ -0,0 +1,10 @@ +--- +fixes: + - | + With having package mod_ssl by default installed in images we introduced + issue with mod_ssl package update. In case of SSL not being used or + provided by HAproxy the puppet-apache module by default purges the + ssl.conf file. The package update then recreates the file with default + Listen 443 option. This causes conflict on 443 port during httpd restart. + If we include ::apache::mod::ssl the ssl.conf file will be configured and + the Listen option will be used only if there is vhost set to use SSL. diff --git a/releasenotes/notes/heat_api_timeout-cbb01242534cec79.yaml b/releasenotes/notes/heat_api_timeout-cbb01242534cec79.yaml new file mode 100644 index 0000000..a3b7d91 --- /dev/null +++ b/releasenotes/notes/heat_api_timeout-cbb01242534cec79.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - For Heat API, increase the HAproxy timeout from 2 minutes to 10 minutes so + we give a chance to Heat to use the rpc_response_timeout value which is set + to 600 by default in TripleO. diff --git a/releasenotes/notes/neutron-bigswitch-agent-profile-1250bb1518199a67.yaml b/releasenotes/notes/neutron-bigswitch-agent-profile-1250bb1518199a67.yaml new file mode 100644 index 0000000..daaf6f4 --- /dev/null +++ b/releasenotes/notes/neutron-bigswitch-agent-profile-1250bb1518199a67.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Moves bigswitch neutron agent configuration to a new tripleo profile + tripleo::profile::base::neutron::agents::bigswitch diff --git a/spec/classes/tripleo_profile_base_ceilometer_api_spec.rb b/spec/classes/tripleo_profile_base_ceilometer_api_spec.rb index 936df4f..cec2b54 100644 --- a/spec/classes/tripleo_profile_base_ceilometer_api_spec.rb +++ b/spec/classes/tripleo_profile_base_ceilometer_api_spec.rb @@ -22,8 +22,8 @@ describe 'tripleo::profile::base::ceilometer::api' do "class { '::tripleo::profile::base::ceilometer': step => #{params[:step]}, oslomsg_rpc_hosts => ['localhost.localdomain'] }" end - context 'with step less than 4' do - let(:params) { { :step => 3 } } + context 'with step less than 2' do + let(:params) { { :step => 2 } } it 'should do nothing' do is_expected.to contain_class('tripleo::profile::base::ceilometer::api') @@ -32,9 +32,9 @@ describe 'tripleo::profile::base::ceilometer::api' do end end - context 'with step 4' do + context 'with step 3' do let(:params) { { - :step => 4, + :step => 3, } } it 'should trigger complete configuration' do diff --git a/spec/classes/tripleo_profile_base_gnocchi_api_spec.rb b/spec/classes/tripleo_profile_base_gnocchi_api_spec.rb new file mode 100644 index 0000000..805a28e --- /dev/null +++ b/spec/classes/tripleo_profile_base_gnocchi_api_spec.rb @@ -0,0 +1,101 @@ +# +# Copyright (C) 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::gnocchi::api' do + shared_examples_for 'tripleo::profile::base::gnocchi::api' do + let(:pre_condition) do + "class { '::tripleo::profile::base::gnocchi': step => #{params[:step]}, }" + end + + context 'with step less than 3' do + let(:params) { { :step => 2 } } + + it { + is_expected.to contain_class('tripleo::profile::base::gnocchi::api') + is_expected.to_not contain_class('gnocchi::api') + is_expected.to_not contain_class('gnocchi::wsgi::apache') + } + end + + context 'with step 3 on bootstrap' do + let(:params) { { + :step => 3, + :bootstrap_node => 'node.example.com', + } } + + it { + is_expected.to contain_class('gnocchi::db::sync') + is_expected.to contain_class('gnocchi::api') + is_expected.to contain_class('gnocchi::wsgi::apache') + } + end + + context 'with step 3' do + let(:params) { { + :step => 3, + } } + + it { + is_expected.to_not contain_class('gnocchi::db::sync') + is_expected.to contain_class('gnocchi::api') + is_expected.to contain_class('gnocchi::wsgi::apache') + } + end + + # TODO(aschultz): fix profile class to not include hiera look ups in the + # step 4 so we can properly test it + #context 'with step 4' do + # let(:params) { { + # :step => 4, + # } } + # + # it { + # is_expected.to contain_class('gnocchi::api') + # is_expected.to contain_class('gnocchi::wsgi::apache') + # is_expected.to contain_class('gnocchi::storage') + # } + #end + # + #context 'with step 5 on bootstrap' do + # let(:params) { { + # :step => 5, + # :bootstrap_node => 'node.example.com' + # } } + # + # it { + # is_expected.to contain_class('gnocchi::api') + # is_expected.to contain_class('gnocchi::wsgi::apache') + # is_expected.to contain_exec('run gnocchi upgrade with storage').with( + # :command => 'gnocchi-upgrade --config-file=/etc/gnocchi/gnocchi.conf', + # :path => ['/usr/bin', '/usr/sbin'] + # ) + # } + #end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::gnocchi::api' + end + end +end diff --git a/spec/classes/tripleo_profile_base_neutron_agents_bigswitch_spec.rb b/spec/classes/tripleo_profile_base_neutron_agents_bigswitch_spec.rb new file mode 100644 index 0000000..228b2f8 --- /dev/null +++ b/spec/classes/tripleo_profile_base_neutron_agents_bigswitch_spec.rb @@ -0,0 +1,48 @@ +# +# Copyright (C) 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::neutron::agents::bigswitch' do + + shared_examples_for 'tripleo::profile::base::neutron::agents::bigswitch' do + + context 'when step less than 4' do + let(:params) { { :step => 3 } } + it { + is_expected.to_not contain_class('neutron::agents::bigswitch') + } + end + + context 'when step 4' do + let(:params) { { :step => 4 } } + it { + is_expected.to contain_class('neutron::agents::bigswitch') + } + end + + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::neutron::agents::bigswitch' + end + end +end diff --git a/spec/classes/tripleo_profile_base_sshd_spec.rb b/spec/classes/tripleo_profile_base_sshd_spec.rb index c611fe9..e84a1f5 100644 --- a/spec/classes/tripleo_profile_base_sshd_spec.rb +++ b/spec/classes/tripleo_profile_base_sshd_spec.rb @@ -24,7 +24,7 @@ describe 'tripleo::profile::base::sshd' do context 'it should do nothing' do it do - is_expected.to contain_class('ssh') + is_expected.to contain_class('ssh::server') is_expected.to_not contain_file('/etc/issue') is_expected.to_not contain_file('/etc/issue.net') is_expected.to_not contain_file('/etc/motd') diff --git a/spec/fixtures/hieradata/default.yaml b/spec/fixtures/hieradata/default.yaml index 9634e5d..16f39a5 100644 --- a/spec/fixtures/hieradata/default.yaml +++ b/spec/fixtures/hieradata/default.yaml @@ -28,6 +28,8 @@ ceph::profile::params::rgw_keystone_admin_password: 'keystone_admin_password' # cinder related items cinder::rabbit_password: 'password' cinder::keystone::authtoken::password: 'password' +# gnocchi related items +gnocchi::keystone::authtoken::password: 'password' # nova related items nova::rabbit_password: 'password' nova::keystone::authtoken::password: 'password' |