diff options
| -rw-r--r-- | manifests/haproxy/endpoint.pp | 1 | ||||
| -rw-r--r-- | manifests/profile/base/logging/logrotate.pp | 112 | ||||
| -rw-r--r-- | manifests/profile/pacemaker/haproxy_bundle.pp | 115 | ||||
| -rw-r--r-- | manifests/ui.pp | 34 | ||||
| -rw-r--r-- | spec/classes/tripleo_profile_base_logging_logrotate_spec.rb | 59 | ||||
| -rw-r--r-- | templates/logrotate/containers_logrotate.conf.erb | 14 | ||||
| -rw-r--r-- | templates/ui/tripleo_ui_config.js.erb | 10 |
7 files changed, 297 insertions, 48 deletions
diff --git a/manifests/haproxy/endpoint.pp b/manifests/haproxy/endpoint.pp index 3bde942..4436e19 100644 --- a/manifests/haproxy/endpoint.pp +++ b/manifests/haproxy/endpoint.pp @@ -133,6 +133,7 @@ define tripleo::haproxy::endpoint ( } else { # internal service only $public_bind_opts = {} + $listen_options_real = $listen_options } if $use_internal_certificates { diff --git a/manifests/profile/base/logging/logrotate.pp b/manifests/profile/base/logging/logrotate.pp new file mode 100644 index 0000000..1545875 --- /dev/null +++ b/manifests/profile/base/logging/logrotate.pp @@ -0,0 +1,112 @@ +# Copyright 2017 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::logging::logrotate +# +# Installs a cron job that rotates containerized services logs. +# +# === Parameters +# +# [*step*] +# (Optional) String. The current step of the deployment +# Defaults to hiera('step') +# +# [*ensure*] +# (optional) Defaults to present. +# Valid values are present, absent. +# +# [*minute*] +# (optional) Defaults to '0'. Configures cron job for logrotate. +# +# [*hour*] +# (optional) Defaults to '*'. Configures cron job for logrotate. +# +# [*monthday*] +# (optional) Defaults to '*'. Configures cron job for logrotate. +# +# [*month*] +# (optional) Defaults to '*'. Configures cron job for logrotate. +# +# [*weekday*] +# (optional) Defaults to '*'. Configures cron job for logrotate. +# +# [*maxdelay*] +# (optional) Seconds. Defaults to 90. Should be a positive integer. +# Induces a random delay before running the cronjob to avoid running all +# cron jobs at the same time on all hosts this job is configured. +# +# [*user*] +# (optional) Defaults to 'root'. Configures cron job for logrotate. +# +# [*delaycompress*] +# (optional) Defaults to True. +# Configures the logrotate delaycompress parameter. +# +# [*size*] +# (optional) Defaults to '10M'. +# Configures the logrotate size parameter. +# +# [*rotate*] +# (optional) Defaults to 14. +# Configures the logrotate rotate parameter. +# +class tripleo::profile::base::logging::logrotate ( + $step = Integer(hiera('step')), + $ensure = present, + $minute = 0, + $hour = '*', + $monthday = '*', + $month = '*', + $weekday = '*', + Integer $maxdelay = 90, + $user = 'root', + $delaycompress = true, + $size = '10M', + $rotate = 14, +) { + + if $step >= 4 { + if $maxdelay == 0 { + $sleep = '' + } else { + $sleep = "sleep `expr \${RANDOM} \\% ${maxdelay}`; " + } + + $svc = 'logrotate-crond' + $config = "/etc/${svc}.conf" + $state = "/var/lib/logrotate/${svc}.status" + $cmd = "${sleep}/usr/sbin/logrotate -s ${state} ${config}" + + file { "${config}": + ensure => $ensure, + owner => $user, + group => $user, + mode => '0640', + content => template('tripleo/logrotate/containers_logrotate.conf.erb'), + } + + cron { "${svc}": + ensure => $ensure, + command => "${cmd} 2>&1|logger -t ${svc}", + environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh', + user => $user, + minute => $minute, + hour => $hour, + monthday => $monthday, + month => $month, + weekday => $weekday, + } + } +} diff --git a/manifests/profile/pacemaker/haproxy_bundle.pp b/manifests/profile/pacemaker/haproxy_bundle.pp index b785ea7..1b9a191 100644 --- a/manifests/profile/pacemaker/haproxy_bundle.pp +++ b/manifests/profile/pacemaker/haproxy_bundle.pp @@ -30,10 +30,34 @@ # (Optional) Whether load balancing is enabled for this cluster # Defaults to hiera('enable_load_balancer', true) # +# [*ca_bundle*] +# (Optional) The path to the CA file that will be used for the TLS +# configuration. It's only used if internal TLS is enabled. +# Defaults to hiera('tripleo::haproxy::ca_bundle', undef) +# +# [*crl_file*] +# (Optional) The path to the file that contains the certificate +# revocation list. It's only used if internal TLS is enabled. +# Defaults to hiera('tripleo::haproxy::crl_file', undef) +# # [*deployed_ssl_cert_path*] # (Optional) The filepath of the certificate as it will be stored in # the controller. -# Defaults to '/etc/pki/tls/private/overcloud_endpoint.pem' +# Defaults to hiera('tripleo::haproxy::service_certificate', undef) +# +# [*enable_internal_tls*] +# (Optional) Whether TLS in the internal network is enabled or not. +# Defaults to hiera('enable_internal_tls', false) +# +# [*internal_certs_directory*] +# (Optional) Directory the holds the certificates to be used when +# when TLS is enabled in the internal network +# Defaults to undef +# +# [*internal_keys_directory*] +# (Optional) Directory the holds the certificates to be used when +# when TLS is enabled in the internal network +# Defaults to undef # # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates @@ -45,12 +69,17 @@ # Defaults to hiera('pcs_tries', 20) # class tripleo::profile::pacemaker::haproxy_bundle ( - $haproxy_docker_image = hiera('tripleo::profile::pacemaker::haproxy::haproxy_docker_image', undef), - $bootstrap_node = hiera('haproxy_short_bootstrap_node_name'), - $enable_load_balancer = hiera('enable_load_balancer', true), - $deployed_ssl_cert_path = '/etc/pki/tls/private/overcloud_endpoint.pem', - $step = Integer(hiera('step')), - $pcs_tries = hiera('pcs_tries', 20), + $haproxy_docker_image = hiera('tripleo::profile::pacemaker::haproxy::haproxy_docker_image', undef), + $bootstrap_node = hiera('haproxy_short_bootstrap_node_name'), + $enable_load_balancer = hiera('enable_load_balancer', true), + $ca_bundle = hiera('tripleo::haproxy::ca_bundle', undef), + $crl_file = hiera('tripleo::haproxy::crl_file', undef), + $enable_internal_tls = hiera('enable_internal_tls', false), + $internal_certs_directory = undef, + $internal_keys_directory = undef, + $deployed_ssl_cert_path = hiera('tripleo::haproxy::service_certificate', undef), + $step = Integer(hiera('step')), + $pcs_tries = hiera('pcs_tries', 20), ) { include ::tripleo::profile::base::haproxy @@ -90,14 +119,8 @@ class tripleo::profile::pacemaker::haproxy_bundle ( $haproxy_nodes = hiera('haproxy_short_node_names') $haproxy_nodes_count = count($haproxy_nodes) - pacemaker::resource::bundle { 'haproxy-bundle': - image => $haproxy_docker_image, - replicas => $haproxy_nodes_count, - location_rule => $haproxy_location_rule, - container_options => 'network=host', - options => '--user=root --log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS', - run_command => '/bin/bash /usr/local/bin/kolla_start', - storage_maps => { + + $storage_maps = { 'haproxy-cfg-files' => { 'source-dir' => '/var/lib/kolla/config_files/haproxy.json', 'target-dir' => '/var/lib/kolla/config_files/config.json', @@ -143,12 +166,68 @@ class tripleo::profile::pacemaker::haproxy_bundle ( 'target-dir' => '/dev/log', 'options' => 'rw', }, - 'haproxy-cert' => { + }; + + if $deployed_ssl_cert_path { + $cert_storage_maps = { + 'haproxy-cert' => { 'source-dir' => $deployed_ssl_cert_path, - 'target-dir' => $deployed_ssl_cert_path, + 'target-dir' => "/var/lib/kolla/config_files/src-tls${deployed_ssl_cert_path}", 'options' => 'ro', }, - }, + } + } else { + $cert_storage_maps = {} + } + + if $enable_internal_tls { + $haproxy_storage_maps = { + 'haproxy-pki-certs' => { + 'source-dir' => $internal_certs_directory, + 'target-dir' => "/var/lib/kolla/config_files/src-tls${internal_certs_directory}", + 'options' => 'ro', + }, + 'haproxy-pki-keys' => { + 'source-dir' => $internal_keys_directory, + 'target-dir' => "/var/lib/kolla/config_files/src-tls${internal_keys_directory}", + 'options' => 'ro', + }, + } + if $ca_bundle { + $ca_storage_maps = { + 'haproxy-pki-ca-file' => { + 'source-dir' => $ca_bundle, + 'target-dir' => "/var/lib/kolla/config_files/src-tls${ca_bundle}", + 'options' => 'ro', + }, + } + } else { + $ca_storage_maps = {} + } + if $crl_file { + $crl_storage_maps = { + 'haproxy-pki-crl-file' => { + 'source-dir' => $crl_file, + 'target-dir' => $crl_file, + 'options' => 'ro', + }, + } + } else { + $crl_storage_maps = {} + } + $storage_maps_internal_tls = merge($haproxy_storage_maps, $ca_storage_maps, $crl_storage_maps) + } else { + $storage_maps_internal_tls = {} + } + + pacemaker::resource::bundle { 'haproxy-bundle': + image => $haproxy_docker_image, + replicas => $haproxy_nodes_count, + location_rule => $haproxy_location_rule, + container_options => 'network=host', + options => '--user=root --log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS', + run_command => '/bin/bash /usr/local/bin/kolla_start', + storage_maps => merge($storage_maps, $cert_storage_maps, $storage_maps_internal_tls), } $control_vip = hiera('controller_virtual_ip') tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_control_vip': diff --git a/manifests/ui.pp b/manifests/ui.pp index d744044..cb1da21 100644 --- a/manifests/ui.pp +++ b/manifests/ui.pp @@ -31,19 +31,9 @@ # The port on which the UI is listening. # Defaults to 3000 # -# [*enabled_languages*] -# Which languages to show in the UI. -# A hash. -# Defaults to -# { -# 'de' => 'German', -# 'en' => 'English', -# 'es' => 'Spanish', -# 'id' => 'Indonesian', -# 'ja' => 'Japanese', -# 'ko-KR' => 'Korean', -# 'zh-CN' => 'Simplified Chinese' -# } +# [*excluded_languages*] +# A list of languages that shouldn't be enabled in the UI, e.g. ['en', 'de'] +# Defaults to [] # # [*endpoint_proxy_keystone*] # The keystone proxy endpoint url @@ -107,19 +97,11 @@ # Defaults to 'tripleo' # class tripleo::ui ( - $servername = $::fqdn, - $bind_host = hiera('controller_host'), - $ui_port = 3000, - $zaqar_default_queue = 'tripleo', - $enabled_languages = { - 'de' => 'German', - 'en' => 'English', - 'es' => 'Spanish', - 'id' => 'Indonesian', - 'ja' => 'Japanese', - 'ko-KR' => 'Korean', - 'zh-CN' => 'Simplified Chinese' - }, + $servername = $::fqdn, + $bind_host = hiera('controller_host'), + $ui_port = 3000, + $zaqar_default_queue = 'tripleo', + $excluded_languages = [], $endpoint_proxy_zaqar = undef, $endpoint_proxy_keystone = undef, $endpoint_proxy_heat = undef, diff --git a/spec/classes/tripleo_profile_base_logging_logrotate_spec.rb b/spec/classes/tripleo_profile_base_logging_logrotate_spec.rb new file mode 100644 index 0000000..df109b4 --- /dev/null +++ b/spec/classes/tripleo_profile_base_logging_logrotate_spec.rb @@ -0,0 +1,59 @@ +# +# Copyright (C) 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::logging::logrotate' do + shared_examples_for 'tripleo::profile::base::logging::logrotate' do + + context 'with step less than 4' do + let(:params) { { :step => 3 } } + + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::logging::logrotate') + is_expected.to_not contain_cron('logrotate-crond') + is_expected.to_not contain_file('/etc/logrotate-crond.conf') + end + end + + context 'with defaults and step greater than 3' do + let(:params) { { :step => 4 } } + + it { is_expected.to contain_class('tripleo::profile::base::logging::logrotate') } + it { is_expected.to contain_cron('logrotate-crond').with( + :ensure => 'present', + :command => 'sleep `expr ${RANDOM} \\% 90`; /usr/sbin/logrotate -s ' + + '/var/lib/logrotate/logrotate-crond.status ' + + '/etc/logrotate-crond.conf 2>&1|logger -t logrotate-crond', + :user => 'root', + :minute => 0, + :hour => '*', + :monthday => '*', + :month => '*', + :weekday => '*') } + it { is_expected.to contain_file('/etc/logrotate-crond.conf') } + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let (:facts) { + facts + } + it_behaves_like 'tripleo::profile::base::logging::logrotate' + end + end +end diff --git a/templates/logrotate/containers_logrotate.conf.erb b/templates/logrotate/containers_logrotate.conf.erb new file mode 100644 index 0000000..cbf17b4 --- /dev/null +++ b/templates/logrotate/containers_logrotate.conf.erb @@ -0,0 +1,14 @@ +/var/log/containers/*/*.log { + rotate <%= @rotate %> + size <%= @size %> + missingok + notifempty +<%- if @delaycompress %> + delaycompress +<%- end %> + postrotate + /sbin/lsof -nPs +L1 +D /var/log 2>&1|\ + /bin/perl -ne '/\S+\s+(\d+).*\/var\/log\/.*\(deleted\)/ && print "$1\n"' |\ + /bin/xargs -n1 -r -t kill -HUP + endscript +} diff --git a/templates/ui/tripleo_ui_config.js.erb b/templates/ui/tripleo_ui_config.js.erb index cd02798..613042b 100644 --- a/templates/ui/tripleo_ui_config.js.erb +++ b/templates/ui/tripleo_ui_config.js.erb @@ -16,10 +16,12 @@ window.tripleOUiConfig = { 'zaqar_default_queue': '<%= @zaqar_default_queue %>', // Languages - // If you choose more than one language, a language switcher will appear in - // the navigation bar. - // Only 'en' (English) is enabled by default. - 'languages': <%= @enabled_languages.to_json %>, + // + // By default, all available languages are enabled. Use this setting to + // disable certain languages. + // + 'excludedLanguages': <%= @excluded_languages.to_json %>, + // Logging // 'loggers': ['console'] |