diff options
| -rw-r--r-- | manifests/haproxy.pp | 17 | ||||
| -rw-r--r-- | manifests/haproxy/endpoint.pp | 13 | ||||
| -rw-r--r-- | manifests/profile/base/database/redis.pp | 2 | ||||
| -rw-r--r-- | manifests/profile/base/gnocchi/api.pp | 24 | ||||
| -rw-r--r-- | manifests/profile/base/pacemaker.pp | 8 | ||||
| -rw-r--r-- | manifests/profile/base/pacemaker_remote.pp | 7 | ||||
| -rw-r--r-- | manifests/profile/pacemaker/ovn_northd.pp | 36 | ||||
| -rw-r--r-- | spec/classes/tripleo_profile_base_database_redis_spec.rb | 106 | ||||
| -rw-r--r-- | spec/classes/tripleo_profile_base_gnocchi_api_spec.rb | 22 | ||||
| -rw-r--r-- | spec/fixtures/hieradata/default.yaml | 1 |
10 files changed, 150 insertions, 86 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index 208f328..6b305cb 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -780,7 +780,7 @@ class tripleo::haproxy ( 'cookie' => 'SERVERID insert indirect nocache', 'rsprep' => '^Location:\ http://(.*) Location:\ https://\1', # NOTE(jaosorior): We always redirect to https for the public_virtual_ip. - 'redirect' => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }", + 'redirect' => 'scheme https code 301 if !{ ssl_fc }', 'option' => [ 'forwardfor', 'httpchk' ], 'http-request' => [ 'set-header X-Forwarded-Proto https if { ssl_fc }', @@ -902,17 +902,8 @@ class tripleo::haproxy ( } if $keystone_public { - if $service_certificate { - $keystone_public_tls_listen_opts = { - 'rsprep' => '^Location:\ http://(.*) Location:\ https://\1', - # NOTE(jaosorior): We always redirect to https for the public_virtual_ip. - 'redirect' => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }", - 'option' => 'forwardfor', - } - } else { - $keystone_public_tls_listen_opts = { - 'option' => [ 'httpchk GET /v3', ], - } + $keystone_listen_opts = { + 'option' => [ 'httpchk GET /v3', ], } ::tripleo::haproxy::endpoint { 'keystone_public': public_virtual_ip => $public_virtual_ip, @@ -921,7 +912,7 @@ class tripleo::haproxy ( ip_addresses => hiera('keystone_public_api_node_ips', $controller_hosts_real), server_names => hiera('keystone_public_api_node_names', $controller_hosts_names_real), mode => 'http', - listen_options => merge($default_listen_options, $keystone_public_tls_listen_opts), + listen_options => merge($default_listen_options, $keystone_listen_opts), public_ssl_port => $ports[keystone_public_api_ssl_port], service_network => $keystone_public_network, member_options => union($haproxy_member_options, $internal_tls_member_options), diff --git a/manifests/haproxy/endpoint.pp b/manifests/haproxy/endpoint.pp index 16e0bd1..f1e80e8 100644 --- a/manifests/haproxy/endpoint.pp +++ b/manifests/haproxy/endpoint.pp @@ -108,9 +108,20 @@ define tripleo::haproxy::endpoint ( # service exposed to the public network if $public_certificate { + if $mode == 'http' { + $tls_listen_options = { + 'rsprep' => '^Location:\ http://(.*) Location:\ https://\1', + 'redirect' => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }", + 'option' => 'forwardfor', + } + $listen_options_real = merge($tls_listen_options, $listen_options) + } else { + $listen_options_real = $listen_options + } $public_bind_opts = list_to_hash(suffix(any2array($public_virtual_ip), ":${public_ssl_port}"), union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate])) } else { + $listen_options_real = $listen_options $public_bind_opts = list_to_hash(suffix(any2array($public_virtual_ip), ":${service_port}"), $haproxy_listen_bind_param) } } else { @@ -138,7 +149,7 @@ define tripleo::haproxy::endpoint ( bind => $bind_opts, collect_exported => false, mode => $mode, - options => $listen_options, + options => $listen_options_real, } haproxy::balancermember { "${name}": listening_service => $name, diff --git a/manifests/profile/base/database/redis.pp b/manifests/profile/base/database/redis.pp index 830ffc6..e357359 100644 --- a/manifests/profile/base/database/redis.pp +++ b/manifests/profile/base/database/redis.pp @@ -37,7 +37,7 @@ class tripleo::profile::base::database::redis ( $step = Integer(hiera('step')), ) { if $step >= 2 { - if $bootstrap_nodeid == $::hostname { + if downcase($bootstrap_nodeid) == $::hostname { $slaveof = undef } else { $slaveof = "${bootstrap_nodeid} 6379" diff --git a/manifests/profile/base/gnocchi/api.pp b/manifests/profile/base/gnocchi/api.pp index 4572397..3953f04 100644 --- a/manifests/profile/base/gnocchi/api.pp +++ b/manifests/profile/base/gnocchi/api.pp @@ -89,12 +89,11 @@ class tripleo::profile::base::gnocchi::api ( $tls_keyfile = undef } - if $step >= 3 and $sync_db { + if $step >= 4 and $sync_db { include ::gnocchi::db::sync } - if $step >= 3 { - include ::gnocchi::api + if $step >= 4 or ($step >= 3 and $sync_db) { include ::apache::mod::ssl class { '::gnocchi::wsgi::apache': ssl_cert => $tls_certfile, @@ -107,19 +106,20 @@ class tripleo::profile::base::gnocchi::api ( coordination_url => join(['redis://:', $gnocchi_redis_password, '@', normalize_ip_for_uri($redis_vip), ':6379/']), } case $gnocchi_backend { - 'swift': { include ::gnocchi::storage::swift } + 'swift': { + include ::gnocchi::storage::swift + if $sync_db { + include ::swift::deps + # Ensure we have swift proxy available before running gnocchi-upgrade + # as storage is initialized at this point. + Anchor<| title == 'swift::service::end' |> ~> Class['Gnocchi::db::sync'] + } + } 'file': { include ::gnocchi::storage::file } 'rbd': { include ::gnocchi::storage::ceph } default: { fail('Unrecognized gnocchi_backend parameter.') } } + include ::gnocchi::api } - # Re-run gnochci upgrade with storage as swift/ceph should be up at this - # stage. - if $step >= 5 and $sync_db { - exec {'run gnocchi upgrade with storage': - command => 'gnocchi-upgrade --config-file=/etc/gnocchi/gnocchi.conf', - path => ['/usr/bin', '/usr/sbin'], - } - } } diff --git a/manifests/profile/base/pacemaker.pp b/manifests/profile/base/pacemaker.pp index 264723b..bc15e62 100644 --- a/manifests/profile/base/pacemaker.pp +++ b/manifests/profile/base/pacemaker.pp @@ -111,9 +111,11 @@ class tripleo::profile::base::pacemaker ( cluster_setup_extras => $cluster_setup_extras, remote_authkey => $remote_authkey, } - class { '::pacemaker::stonith': - disable => !$enable_fencing, - tries => $pcs_tries, + if $pacemaker_master { + class { '::pacemaker::stonith': + disable => !$enable_fencing, + tries => $pcs_tries, + } } if $enable_fencing { include ::tripleo::fencing diff --git a/manifests/profile/base/pacemaker_remote.pp b/manifests/profile/base/pacemaker_remote.pp index 6b96713..f4265ff 100644 --- a/manifests/profile/base/pacemaker_remote.pp +++ b/manifests/profile/base/pacemaker_remote.pp @@ -46,11 +46,6 @@ class tripleo::profile::base::pacemaker_remote ( } $enable_fencing_real = str2bool($enable_fencing) and $step >= 5 - class { '::pacemaker::stonith': - disable => !$enable_fencing_real, - tries => $pcs_tries, - } - if $enable_fencing_real { include ::tripleo::fencing @@ -58,7 +53,5 @@ class tripleo::profile::base::pacemaker_remote ( Pcmk_resource<||> -> Class['tripleo::fencing'] Pcmk_constraint<||> -> Class['tripleo::fencing'] Exec <| tag == 'pacemaker_constraint' |> -> Class['tripleo::fencing'] - # enable stonith after all fencing devices have been created - Class['tripleo::fencing'] -> Class['pacemaker::stonith'] } } diff --git a/manifests/profile/pacemaker/ovn_northd.pp b/manifests/profile/pacemaker/ovn_northd.pp index fcf14ff..212c345 100644 --- a/manifests/profile/pacemaker/ovn_northd.pp +++ b/manifests/profile/pacemaker/ovn_northd.pp @@ -32,7 +32,8 @@ # Defaults to hiera('pcs_tries', 20) # # [*ovn_dbs_vip*] -# (Optional) The OVN database virtual IP to be managed by the pacemaker. +# (Optional) The vip to be used for OVN DB servers. It is expected that +# the vip resource to be created before calling this class. # Defaults to hiera('ovn_dbs_vip') # # [*nb_db_port*] @@ -67,21 +68,9 @@ class tripleo::profile::pacemaker::ovn_northd ( $ovndb_servers_ocf_name = 'ovn:ovndb-servers' $ovndb_vip_resource_name = "ip-${ovn_dbs_vip}" - if is_ipv6_address($ovn_dbs_vip) { - $netmask = '128' - $nic = interface_for_ip($ovn_dbs_vip) - } else { - $netmask = '32' - $nic = '' - } - - pacemaker::resource::ip { "${ovndb_vip_resource_name}": - ip_address => $ovn_dbs_vip, - cidr_netmask => $netmask, - nic => $nic, - tries => $pcs_tries, - } - + # By step 3, all the VIPs would have been created. + # After creating ovn ocf resource, colocate it with the + # VIP - ip-${ovn_dbs_vip}. pacemaker::resource::ocf { "${ovndb_servers_resource_name}": ocf_agent_name => "${ovndb_servers_ocf_name}", master_params => '', @@ -96,15 +85,6 @@ class tripleo::profile::pacemaker::ovn_northd ( meta_params => 'notify=true' } - pacemaker::constraint::order { "${ovndb_vip_resource_name}-then-${ovndb_servers_resource_name}": - first_resource => "${ovndb_vip_resource_name}", - second_resource => "${ovndb_servers_resource_name}-master", - first_action => 'start', - second_action => 'start', - constraint_params => 'kind=Mandatory', - tries => $pcs_tries, - } - pacemaker::constraint::colocation { "${ovndb_vip_resource_name}-with-${ovndb_servers_resource_name}": source => "${ovndb_vip_resource_name}", target => "${ovndb_servers_resource_name}-master", @@ -113,9 +93,7 @@ class tripleo::profile::pacemaker::ovn_northd ( tries => $pcs_tries, } - Pacemaker::Resource::Ip["${ovndb_vip_resource_name}"] -> - Pacemaker::Resource::Ocf["${ovndb_servers_resource_name}"] -> - Pacemaker::Constraint::Order["${ovndb_vip_resource_name}-then-${ovndb_servers_resource_name}"] -> - Pacemaker::Constraint::Colocation["${ovndb_vip_resource_name}-with-${ovndb_servers_resource_name}"] + Pacemaker::Resource::Ocf["${ovndb_servers_resource_name}"] -> + Pacemaker::Constraint::Colocation["${ovndb_vip_resource_name}-with-${ovndb_servers_resource_name}"] } } diff --git a/spec/classes/tripleo_profile_base_database_redis_spec.rb b/spec/classes/tripleo_profile_base_database_redis_spec.rb new file mode 100644 index 0000000..8f94cc9 --- /dev/null +++ b/spec/classes/tripleo_profile_base_database_redis_spec.rb @@ -0,0 +1,106 @@ +# +# Copyright (C) 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::database::redis' do + shared_examples_for 'tripleo::profile::base::database::redis' do + + context 'with step less than 2' do + let(:params) { { + :step => 1, + :bootstrap_nodeid => 'node.example.com', + :redis_node_ips => [] + } } + + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::database::redis') + is_expected.to_not contain_class('redis') + is_expected.to_not contain_class('redis::sentinel') + is_expected.to_not contain_class('tripleo::redis_notification') + end + end + + context 'with step 2 on bootstrap node' do + let(:params) { { + :step => 2, + :bootstrap_nodeid => 'node.example.com', + :redis_node_ips => ['10.0.0.1'] + } } + + it 'should configure redis' do + is_expected.to contain_class('tripleo::profile::base::database::redis') + is_expected.to contain_class('redis') + is_expected.to_not contain_class('redis::sentinel') + is_expected.to_not contain_class('tripleo::redis_notification') + end + end + + context 'with step 2 on bootstrap node with capital letters' do + let(:params) { { + :step => 2, + :bootstrap_nodeid => 'NODE.example.com', + :redis_node_ips => ['10.0.0.1'] + } } + + it 'should configure redis' do + is_expected.to contain_class('tripleo::profile::base::database::redis') + is_expected.to contain_class('redis').with(:slaveof => nil) + end + end + + context 'with step 2 not on bootstrap node' do + let(:params) { { + :step => 2, + :bootstrap_nodeid => 'othernode.example.com', + :redis_node_ips => ['10.0.0.1'] + } } + + it 'should configure redis' do + is_expected.to contain_class('tripleo::profile::base::database::redis') + is_expected.to contain_class('redis').with(:slaveof => "#{params[:bootstrap_nodeid]} 6379") + is_expected.to_not contain_class('redis::sentinel') + is_expected.to_not contain_class('tripleo::redis_notification') + end + end + + context 'with step 2 with multiple nodes' do + let(:params) { { + :step => 2, + :bootstrap_nodeid => 'othernode.example.com', + :redis_node_ips => ['10.0.0.1', '10.0.0.2'] + } } + + it 'should configure redis' do + is_expected.to contain_class('tripleo::profile::base::database::redis') + is_expected.to contain_class('redis').with(:slaveof => "#{params[:bootstrap_nodeid]} 6379") + is_expected.to contain_class('redis::sentinel') + is_expected.to contain_class('tripleo::redis_notification') + end + end + + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::database::redis' + end + end +end diff --git a/spec/classes/tripleo_profile_base_gnocchi_api_spec.rb b/spec/classes/tripleo_profile_base_gnocchi_api_spec.rb index 6c04e9d..90bdea0 100644 --- a/spec/classes/tripleo_profile_base_gnocchi_api_spec.rb +++ b/spec/classes/tripleo_profile_base_gnocchi_api_spec.rb @@ -36,9 +36,9 @@ describe 'tripleo::profile::base::gnocchi::api' do } end - context 'with step 3 on bootstrap' do + context 'with step 4 on bootstrap' do let(:params) { { - :step => 3, + :step => 4, :bootstrap_node => 'node.example.com', :gnocchi_redis_password => 'gnocchi', :redis_vip => '127.0.0.1' @@ -51,20 +51,6 @@ describe 'tripleo::profile::base::gnocchi::api' do } end - context 'with step 3' do - let(:params) { { - :step => 3, - :gnocchi_redis_password => 'gnocchi', - :redis_vip => '127.0.0.1' - } } - - it { - is_expected.to_not contain_class('gnocchi::db::sync') - is_expected.to contain_class('gnocchi::api') - is_expected.to contain_class('gnocchi::wsgi::apache') - } - end - context 'with step 4' do let(:params) { { :step => 4, @@ -129,10 +115,6 @@ describe 'tripleo::profile::base::gnocchi::api' do it { is_expected.to contain_class('gnocchi::api') is_expected.to contain_class('gnocchi::wsgi::apache') - is_expected.to contain_exec('run gnocchi upgrade with storage').with( - :command => 'gnocchi-upgrade --config-file=/etc/gnocchi/gnocchi.conf', - :path => ['/usr/bin', '/usr/sbin'] - ) } end end diff --git a/spec/fixtures/hieradata/default.yaml b/spec/fixtures/hieradata/default.yaml index ad2da39..5d978cc 100644 --- a/spec/fixtures/hieradata/default.yaml +++ b/spec/fixtures/hieradata/default.yaml @@ -6,6 +6,7 @@ not_hash: string aodh::rabbit_password: 'password' aodh_redis_password: 'password' redis_vip: '127.0.0.1' +redis::bind: '10.0.0.1' aodh::auth::auth_password: 'password' aodh::db::mysql::password: 'password' aodh::keystone::authtoken::password: 'password' |