summaryrefslogtreecommitdiffstats
path: root/manifests/profile/base
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/profile/base')
-rw-r--r--manifests/profile/base/aodh/api.pp12
-rw-r--r--manifests/profile/base/ceilometer/api.pp13
-rw-r--r--manifests/profile/base/ceilometer/upgrade.pp12
-rw-r--r--manifests/profile/base/cinder/volume.pp27
-rw-r--r--manifests/profile/base/cinder/volume/veritas_hyperscale.pp44
-rw-r--r--manifests/profile/base/database/mysql.pp10
-rw-r--r--manifests/profile/base/database/mysql/client.pp39
-rw-r--r--manifests/profile/base/docker.pp58
-rw-r--r--manifests/profile/base/glance/api.pp8
-rw-r--r--manifests/profile/base/heat/api.pp13
-rw-r--r--manifests/profile/base/heat/api_cfn.pp13
-rw-r--r--manifests/profile/base/heat/api_cloudwatch.pp13
-rw-r--r--manifests/profile/base/horizon.pp28
-rw-r--r--manifests/profile/base/iscsid.pp45
-rw-r--r--manifests/profile/base/keystone.pp3
-rw-r--r--manifests/profile/base/lvm.pp40
-rw-r--r--manifests/profile/base/mistral/api.pp6
-rw-r--r--manifests/profile/base/neutron/opendaylight.pp4
-rw-r--r--manifests/profile/base/neutron/opendaylight/create_cluster.pp4
-rw-r--r--manifests/profile/base/neutron/server.pp12
-rw-r--r--manifests/profile/base/nova.pp170
-rw-r--r--manifests/profile/base/nova/authtoken.pp28
-rw-r--r--manifests/profile/base/nova/compute.pp13
-rw-r--r--manifests/profile/base/nova/compute/libvirt.pp7
-rw-r--r--manifests/profile/base/nova/libvirt.pp1
-rw-r--r--manifests/profile/base/nova/migration.pp35
-rw-r--r--manifests/profile/base/nova/migration/client.pp100
-rw-r--r--manifests/profile/base/nova/migration/target.pp120
-rw-r--r--manifests/profile/base/nova/placement.pp6
-rw-r--r--manifests/profile/base/qdr.pp72
-rw-r--r--manifests/profile/base/rabbitmq.pp3
-rw-r--r--manifests/profile/base/swift/dispersion.pp33
-rw-r--r--manifests/profile/base/swift/proxy.pp16
-rw-r--r--manifests/profile/base/zaqar.pp66
34 files changed, 797 insertions, 277 deletions
diff --git a/manifests/profile/base/aodh/api.pp b/manifests/profile/base/aodh/api.pp
index 300c0ca..d6ec32b 100644
--- a/manifests/profile/base/aodh/api.pp
+++ b/manifests/profile/base/aodh/api.pp
@@ -23,6 +23,10 @@
# This is set by t-h-t.
# Defaults to hiera('aodh_api_network', undef)
#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
# [*certificates_specs*]
# (Optional) The specifications to give to certmonger for the certificate(s)
# it will create.
@@ -47,10 +51,16 @@
class tripleo::profile::base::aodh::api (
$aodh_network = hiera('aodh_api_network', undef),
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$step = Integer(hiera('step')),
) {
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
+ }
include ::tripleo::profile::base::aodh
@@ -66,7 +76,7 @@ class tripleo::profile::base::aodh::api (
}
- if $step >= 3 {
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::aodh::api
include ::apache::mod::ssl
class { '::aodh::wsgi::apache':
diff --git a/manifests/profile/base/ceilometer/api.pp b/manifests/profile/base/ceilometer/api.pp
index 6a30a40..11c1da3 100644
--- a/manifests/profile/base/ceilometer/api.pp
+++ b/manifests/profile/base/ceilometer/api.pp
@@ -23,6 +23,10 @@
# This is set by t-h-t.
# Defaults to hiera('ceilometer_api_network', undef)
#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
# [*certificates_specs*]
# (Optional) The specifications to give to certmonger for the certificate(s)
# it will create.
@@ -45,11 +49,18 @@
# Defaults to hiera('step')
#
class tripleo::profile::base::ceilometer::api (
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
$ceilometer_network = hiera('ceilometer_api_network', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$step = Integer(hiera('step')),
) {
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
+ }
+
include ::tripleo::profile::base::ceilometer
if $enable_internal_tls {
@@ -63,7 +74,7 @@ class tripleo::profile::base::ceilometer::api (
$tls_keyfile = undef
}
- if $step >= 3 {
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::ceilometer::api
include ::apache::mod::ssl
class { '::ceilometer::wsgi::apache':
diff --git a/manifests/profile/base/ceilometer/upgrade.pp b/manifests/profile/base/ceilometer/upgrade.pp
index f192b48..0031b79 100644
--- a/manifests/profile/base/ceilometer/upgrade.pp
+++ b/manifests/profile/base/ceilometer/upgrade.pp
@@ -42,8 +42,16 @@ class tripleo::profile::base::ceilometer::upgrade (
# are created safely.
if $step >= 5 and $sync_db {
exec {'ceilometer-db-upgrade':
- command => 'ceilometer-upgrade --skip-metering-database',
- path => ['/usr/bin', '/usr/sbin'],
+ command => 'ceilometer-upgrade --skip-metering-database',
+ path => ['/usr/bin', '/usr/sbin'],
+ # LP#1703444 - When this runs, it talks to gnocchi on all controllers
+ # which then reaches out to keystone via haproxy. Since the deployment
+ # may restart httpd on these other nodes it can result in an intermittent
+ # 503 which fails this command. We should retry the upgrade in case of
+ # error since we cannot ensure that there might not be some other deploy
+ # process running on the other nodes.
+ try_sleep => 5,
+ tries => 10
}
}
}
diff --git a/manifests/profile/base/cinder/volume.pp b/manifests/profile/base/cinder/volume.pp
index 3581540..bdfdd17 100644
--- a/manifests/profile/base/cinder/volume.pp
+++ b/manifests/profile/base/cinder/volume.pp
@@ -20,11 +20,11 @@
#
# [*cinder_enable_pure_backend*]
# (Optional) Whether to enable the pure backend
-# Defaults to true
+# Defaults to false
#
# [*cinder_enable_dellsc_backend*]
# (Optional) Whether to enable the delsc backend
-# Defaults to true
+# Defaults to false
#
# [*cinder_enable_hpelefthand_backend*]
# (Optional) Whether to enable the hpelefthand backend
@@ -32,7 +32,7 @@
#
# [*cinder_enable_dellps_backend*]
# (Optional) Whether to enable the dellps backend
-# Defaults to true
+# Defaults to false
#
# [*cinder_enable_iscsi_backend*]
# (Optional) Whether to enable the iscsi backend
@@ -40,19 +40,23 @@
#
# [*cinder_enable_netapp_backend*]
# (Optional) Whether to enable the netapp backend
-# Defaults to true
+# Defaults to false
#
# [*cinder_enable_nfs_backend*]
# (Optional) Whether to enable the nfs backend
-# Defaults to true
+# Defaults to false
#
# [*cinder_enable_rbd_backend*]
# (Optional) Whether to enable the rbd backend
-# Defaults to true
+# Defaults to false
#
# [*cinder_enable_scaleio_backend*]
# (Optional) Whether to enable the scaleio backend
-# Defaults to true
+# Defaults to false
+#
+#[*cinder_enable_vrts_hs_backend*]
+# (Optional) Whether to enable the Veritas HyperScale backend
+# Defaults to false
#
# [*cinder_user_enabled_backends*]
# (Optional) List of additional backend stanzas to activate
@@ -73,6 +77,7 @@ class tripleo::profile::base::cinder::volume (
$cinder_enable_nfs_backend = false,
$cinder_enable_rbd_backend = false,
$cinder_enable_scaleio_backend = false,
+ $cinder_enable_vrts_hs_backend = false,
$cinder_user_enabled_backends = hiera('cinder_user_enabled_backends', undef),
$step = Integer(hiera('step')),
) {
@@ -144,6 +149,13 @@ class tripleo::profile::base::cinder::volume (
$cinder_scaleio_backend_name = undef
}
+ if $cinder_enable_vrts_hs_backend {
+ include ::tripleo::profile::base::cinder::volume::veritas_hyperscale
+ $cinder_veritas_hyperscale_backend_name = 'Veritas_HyperScale'
+ } else {
+ $cinder_veritas_hyperscale_backend_name = undef
+ }
+
$backends = delete_undef_values([$cinder_iscsi_backend_name,
$cinder_rbd_backend_name,
$cinder_pure_backend_name,
@@ -153,6 +165,7 @@ class tripleo::profile::base::cinder::volume (
$cinder_netapp_backend_name,
$cinder_nfs_backend_name,
$cinder_scaleio_backend_name,
+ $cinder_veritas_hyperscale_backend_name,
$cinder_user_enabled_backends])
# NOTE(aschultz): during testing it was found that puppet 3 may incorrectly
# include a "" in the previous array which is not removed by the
diff --git a/manifests/profile/base/cinder/volume/veritas_hyperscale.pp b/manifests/profile/base/cinder/volume/veritas_hyperscale.pp
new file mode 100644
index 0000000..4516d01
--- /dev/null
+++ b/manifests/profile/base/cinder/volume/veritas_hyperscale.pp
@@ -0,0 +1,44 @@
+# Copyright (c) 2017 Veritas Technologies LLC.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::cinder::volume::veritas_hyperscale
+#
+# Cinder Volume Veritas HyperScale profile for tripleo
+#
+# === Parameters
+#
+# [*backend_name*]
+# (Optional) The name of Veritas HyperScale cinder backend.
+# Currently the backend name is hard-coded in the driver, and it won't
+# function if other value is set in hiera.
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::cinder::volume::veritas_hyperscale (
+ # Note: Currently the backend name is hard-coded in the driver, and it won't
+ # function if other value is set in hiera.
+ $backend_name = hiera('cinder::backend::veritas_hyperscale::volume_backend_name', 'Veritas_HyperScale'),
+ $step = Integer(hiera('step')),
+) {
+ include ::tripleo::profile::base::cinder::volume
+
+ if $step >= 4 {
+ cinder::backend::veritas_hyperscale { $backend_name :
+ }
+ }
+
+}
diff --git a/manifests/profile/base/database/mysql.pp b/manifests/profile/base/database/mysql.pp
index 8eb6079..3bf41cf 100644
--- a/manifests/profile/base/database/mysql.pp
+++ b/manifests/profile/base/database/mysql.pp
@@ -95,6 +95,9 @@ class tripleo::profile::base::database::mysql (
if $enable_internal_tls {
$tls_certfile = $certificate_specs['service_certificate']
$tls_keyfile = $certificate_specs['service_key']
+
+ # Force users/grants created to use TLS connections
+ Openstacklib::Db::Mysql <||> { tls_options => ['SSL'] }
} else {
$tls_certfile = undef
$tls_keyfile = undef
@@ -217,6 +220,13 @@ class tripleo::profile::base::database::mysql (
if hiera('ec2_api_enabled', false) {
include ::ec2api::db::mysql
}
+ if hiera('zaqar_enabled', false) and hiera('zaqar::db::mysql::user', '') == 'zaqar' {
+ # NOTE: by default zaqar uses mongodb
+ include ::zaqar::db::mysql
+ }
+ if hiera('veritas_hyperscale_controller_enabled', false) {
+ include ::veritas_hyperscale::db::mysql
+ }
}
}
diff --git a/manifests/profile/base/database/mysql/client.pp b/manifests/profile/base/database/mysql/client.pp
index 1e55f05..68d524b 100644
--- a/manifests/profile/base/database/mysql/client.pp
+++ b/manifests/profile/base/database/mysql/client.pp
@@ -53,13 +53,6 @@ class tripleo::profile::base::database::mysql::client (
$step = Integer(hiera('step')),
) {
if $step >= 1 {
- # If the folder /etc/my.cnf.d does not exist (e.g. if mariadb is not
- # present in the base image but installed as a package afterwards),
- # create it. We do not want to touch the permissions in case it already
- # exists due to the mariadb server package being pre-installed
- # Note: We use exec instead of file in the case that the mysql class is
- # included on this node as well (we'd get duplicate declaration in such a
- # situation when using file)
if $mysql_client_bind_address {
$client_bind_changes = [
"set ${mysql_read_default_group}/bind-address '${mysql_client_bind_address}'"
@@ -85,15 +78,37 @@ class tripleo::profile::base::database::mysql::client (
$conf_changes = union($client_bind_changes, $changes_ssl)
# Create /etc/my.cnf.d/tripleo.cnf
- exec { 'directory-create-etc-my.cnf.d':
- command => 'mkdir -p /etc/my.cnf.d',
- unless => 'test -d /etc/my.cnf.d',
- path => ['/usr/bin', '/usr/sbin', '/bin', '/sbin'],
- } ->
+ # If the folder /etc/my.cnf.d does not exist (e.g. if mariadb is not
+ # present in the base image but installed as a package afterwards),
+ # create it. We do not want to touch the permissions in case it already
+ # exists due to the mariadb server package being pre-installed
+ if $::uuid == 'docker' {
+ # When generating configuration with docker-puppet, services do
+ # not include any profile that would ensure creation of /etc/my.cnf.d,
+ # so we enforce the check here.
+ file {'/etc/my.cnf.d':
+ ensure => 'directory'
+ }
+ } else {
+ # Otherwise, depending on the role, puppet may run this profile
+ # concurrently with the mysql profile, so we use an exec resource
+ # in order to avoid getting duplicate declaration errors
+ exec { 'directory-create-etc-my.cnf.d':
+ command => 'mkdir -p /etc/my.cnf.d',
+ unless => 'test -d /etc/my.cnf.d',
+ path => ['/usr/bin', '/usr/sbin', '/bin', '/sbin'],
+ before => Augeas['tripleo-mysql-client-conf']
+ }
+ }
+
augeas { 'tripleo-mysql-client-conf':
incl => $mysql_read_default_file,
lens => 'Puppet.lns',
changes => $conf_changes,
}
+
+ # If a profile created a file resource for the parent directory,
+ # ensure it is being run before the config file generation
+ File<| title == '/etc/my.cnf.d' |> -> Augeas['tripleo-mysql-client-conf']
}
}
diff --git a/manifests/profile/base/docker.pp b/manifests/profile/base/docker.pp
index 28a2764..2c9824a 100644
--- a/manifests/profile/base/docker.pp
+++ b/manifests/profile/base/docker.pp
@@ -19,14 +19,10 @@
#
# === Parameters
#
-# [*docker_namespace*]
-# The namespace to be used when setting INSECURE_REGISTRY
-# this will be split on "/" to derive the docker registry
-# (defaults to undef)
-#
-# [*insecure_registry*]
-# Set docker_namespace to INSECURE_REGISTRY, used when a local registry
-# is enabled (defaults to false)
+# [*insecure_registry_address*]
+# The host/port combiniation of the insecure registry. This is used to configure
+# /etc/sysconfig/docker so that a local (insecure) registry can be accessed.
+# Example: 127.0.0.1:8787 (defaults to unset)
#
# [*registry_mirror*]
# Configure a registry-mirror in the /etc/docker/daemon.json file.
@@ -59,9 +55,19 @@
# List of TripleO services enabled on the role.
# Defaults to hiera('services_names')
#
+# DEPRECATED PARAMETERS
+#
+# [*docker_namespace*]
+# DEPRECATED: The namespace to be used when setting INSECURE_REGISTRY
+# this will be split on "/" to derive the docker registry
+# (defaults to undef)
+#
+# [*insecure_registry*]
+# DEPRECATED: Set docker_namespace to INSECURE_REGISTRY, used when a local registry
+# is enabled (defaults to false)
+#
class tripleo::profile::base::docker (
- $docker_namespace = undef,
- $insecure_registry = false,
+ $insecure_registry_address = undef,
$registry_mirror = false,
$docker_options = '--log-driver=journald --signature-verification=false',
$configure_storage = true,
@@ -69,7 +75,10 @@ class tripleo::profile::base::docker (
$step = Integer(hiera('step')),
$configure_libvirt_polkit = undef,
$docker_nova_uid = 42436,
- $services_enabled = hiera('service_names', [])
+ $services_enabled = hiera('service_names', []),
+ # DEPRECATED PARAMETERS
+ $docker_namespace = undef,
+ $insecure_registry = false,
) {
if $configure_libvirt_polkit == undef {
@@ -89,22 +98,37 @@ class tripleo::profile::base::docker (
require => Package['docker'],
}
+ if $docker_options {
+ $options_changes = [ "set OPTIONS '\"${docker_options}\"'" ]
+ } else {
+ $options_changes = [ 'rm OPTIONS' ]
+ }
+
+ augeas { 'docker-sysconfig-options':
+ lens => 'Shellvars.lns',
+ incl => '/etc/sysconfig/docker',
+ changes => $options_changes,
+ subscribe => Package['docker'],
+ notify => Service['docker'],
+ }
+
if $insecure_registry {
+ warning('The $insecure_registry and $docker_namespace are deprecated. Use $insecure_registry_address instead.')
if $docker_namespace == undef {
fail('You must provide a $docker_namespace in order to configure insecure registry')
}
$namespace = strip($docker_namespace.split('/')[0])
- $changes = [ "set INSECURE_REGISTRY '\"--insecure-registry ${namespace}\"'",
- "set OPTIONS '\"${docker_options}\"'" ]
+ $registry_changes = [ "set INSECURE_REGISTRY '\"--insecure-registry ${namespace}\"'" ]
+ } elsif $insecure_registry_address {
+ $registry_changes = [ "set INSECURE_REGISTRY '\"--insecure-registry ${insecure_registry_address}\"'" ]
} else {
- $changes = [ 'rm INSECURE_REGISTRY',
- "set OPTIONS '\"${docker_options}\"'" ]
+ $registry_changes = [ 'rm INSECURE_REGISTRY' ]
}
- augeas { 'docker-sysconfig':
+ augeas { 'docker-sysconfig-registry':
lens => 'Shellvars.lns',
incl => '/etc/sysconfig/docker',
- changes => $changes,
+ changes => $registry_changes,
subscribe => Package['docker'],
notify => Service['docker'],
}
diff --git a/manifests/profile/base/glance/api.pp b/manifests/profile/base/glance/api.pp
index 2896185..d9c89d5 100644
--- a/manifests/profile/base/glance/api.pp
+++ b/manifests/profile/base/glance/api.pp
@@ -127,12 +127,12 @@ class tripleo::profile::base::glance::api (
}
}
case $glance_backend {
- 'swift': { $backend_store = 'glance.store.swift.Store' }
- 'file': { $backend_store = 'glance.store.filesystem.Store' }
- 'rbd': { $backend_store = 'glance.store.rbd.Store' }
+ 'swift': { $backend_store = 'swift' }
+ 'file': { $backend_store = 'file' }
+ 'rbd': { $backend_store = 'rbd' }
default: { fail('Unrecognized glance_backend parameter.') }
}
- $http_store = ['glance.store.http.Store']
+ $http_store = ['http']
$glance_store = concat($http_store, $backend_store)
# TODO: notifications, scrubber, etc.
diff --git a/manifests/profile/base/heat/api.pp b/manifests/profile/base/heat/api.pp
index ff90590..2221b37 100644
--- a/manifests/profile/base/heat/api.pp
+++ b/manifests/profile/base/heat/api.pp
@@ -18,6 +18,10 @@
#
# === Parameters
#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
# [*certificates_specs*]
# (Optional) The specifications to give to certmonger for the certificate(s)
# it will create.
@@ -45,11 +49,18 @@
# Defaults to hiera('step')
#
class tripleo::profile::base::heat::api (
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$heat_api_network = hiera('heat_api_network', undef),
$step = Integer(hiera('step')),
) {
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
+ }
+
include ::tripleo::profile::base::heat
if $enable_internal_tls {
@@ -63,7 +74,7 @@ class tripleo::profile::base::heat::api (
$tls_keyfile = undef
}
- if $step >= 3 {
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::heat::api
include ::apache::mod::ssl
class { '::heat::wsgi::apache_api':
diff --git a/manifests/profile/base/heat/api_cfn.pp b/manifests/profile/base/heat/api_cfn.pp
index e14760a..1014b04 100644
--- a/manifests/profile/base/heat/api_cfn.pp
+++ b/manifests/profile/base/heat/api_cfn.pp
@@ -18,6 +18,10 @@
#
# === Parameters
#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
# [*certificates_specs*]
# (Optional) The specifications to give to certmonger for the certificate(s)
# it will create.
@@ -45,11 +49,18 @@
# Defaults to hiera('step')
#
class tripleo::profile::base::heat::api_cfn (
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$heat_api_cfn_network = hiera('heat_api_cfn_network', undef),
$step = Integer(hiera('step')),
) {
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
+ }
+
include ::tripleo::profile::base::heat
if $enable_internal_tls {
@@ -63,7 +74,7 @@ class tripleo::profile::base::heat::api_cfn (
$tls_keyfile = undef
}
- if $step >= 3 {
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::heat::api_cfn
include ::apache::mod::ssl
diff --git a/manifests/profile/base/heat/api_cloudwatch.pp b/manifests/profile/base/heat/api_cloudwatch.pp
index 83d5307..4caac9d 100644
--- a/manifests/profile/base/heat/api_cloudwatch.pp
+++ b/manifests/profile/base/heat/api_cloudwatch.pp
@@ -18,6 +18,10 @@
#
# === Parameters
#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
# [*certificates_specs*]
# (Optional) The specifications to give to certmonger for the certificate(s)
# it will create.
@@ -45,11 +49,18 @@
# Defaults to hiera('step')
#
class tripleo::profile::base::heat::api_cloudwatch (
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$heat_api_cloudwatch_network = hiera('heat_api_cloudwatch_network', undef),
$step = Integer(hiera('step')),
) {
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
+ }
+
include ::tripleo::profile::base::heat
if $enable_internal_tls {
@@ -63,7 +74,7 @@ class tripleo::profile::base::heat::api_cloudwatch (
$tls_keyfile = undef
}
- if $step >= 3 {
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::heat::api_cloudwatch
include ::apache::mod::ssl
diff --git a/manifests/profile/base/horizon.pp b/manifests/profile/base/horizon.pp
index 12482b6..3f01d01 100644
--- a/manifests/profile/base/horizon.pp
+++ b/manifests/profile/base/horizon.pp
@@ -23,15 +23,31 @@
# for more details.
# Defaults to hiera('step')
#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
# [*neutron_options*]
# (Optional) A hash of parameters to enable features specific to Neutron
# Defaults to hiera('horizon::neutron_options', {})
#
+# [*memcached_ips*]
+# (Optional) Array of ipv4 or ipv6 addresses for memcache.
+# Defaults to hiera('memcached_node_ips')
+#
class tripleo::profile::base::horizon (
$step = Integer(hiera('step')),
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
$neutron_options = hiera('horizon::neutron_options', {}),
+ $memcached_ips = hiera('memcached_node_ips')
) {
- if $step >= 3 {
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
+ }
+
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
# Horizon
include ::apache::mod::remoteip
include ::apache::mod::status
@@ -41,12 +57,14 @@ class tripleo::profile::base::horizon (
$_profile_support = 'None'
}
$neutron_options_real = merge({'profile_support' => $_profile_support }, $neutron_options)
- $memcached_ipv6 = hiera('memcached_ipv6', false)
- if $memcached_ipv6 {
- $horizon_memcached_servers = hiera('memcached_node_ips_v6', '[::1]')
+
+ if is_ipv6_address($memcached_ips[0]) {
+ $horizon_memcached_servers = prefix(any2array(normalize_ip_for_uri($memcached_ips)), 'inet6:')
+
} else {
- $horizon_memcached_servers = hiera('memcached_node_ips', '127.0.0.1')
+ $horizon_memcached_servers = any2array(normalize_ip_for_uri($memcached_ips))
}
+
class { '::horizon':
cache_server_ip => $horizon_memcached_servers,
neutron_options => $neutron_options_real,
diff --git a/manifests/profile/base/iscsid.pp b/manifests/profile/base/iscsid.pp
new file mode 100644
index 0000000..3637097
--- /dev/null
+++ b/manifests/profile/base/iscsid.pp
@@ -0,0 +1,45 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::iscsid
+#
+# Nova Compute profile for tripleo
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::iscsid (
+ $step = Integer(hiera('step')),
+) {
+
+ if $step >= 2 {
+ # When utilising images for deployment, we need to reset the iSCSI initiator name to make it unique
+ # https://bugzilla.redhat.com/show_bug.cgi?id=1244328
+ ensure_resource('package', 'iscsi-initiator-utils', { ensure => 'present' })
+ exec { 'reset-iscsi-initiator-name':
+ command => '/bin/echo InitiatorName=$(/usr/sbin/iscsi-iname) > /etc/iscsi/initiatorname.iscsi',
+ onlyif => '/usr/bin/test ! -f /etc/iscsi/.initiator_reset',
+ before => File['/etc/iscsi/.initiator_reset'],
+ require => Package['iscsi-initiator-utils'],
+ tag => 'iscsid_config'
+ }
+ file { '/etc/iscsi/.initiator_reset':
+ ensure => present,
+ }
+ }
+}
diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp
index 91a660c..47b5276 100644
--- a/manifests/profile/base/keystone.pp
+++ b/manifests/profile/base/keystone.pp
@@ -347,5 +347,8 @@ class tripleo::profile::base::keystone (
if hiera('novajoin_enabled', false) {
include ::nova::metadata::novajoin::auth
}
+ if hiera('veritas_hyperscale_controller_enabled', false) {
+ include ::veritas_hyperscale::hs_keystone
+ }
}
}
diff --git a/manifests/profile/base/lvm.pp b/manifests/profile/base/lvm.pp
new file mode 100644
index 0000000..91810ce
--- /dev/null
+++ b/manifests/profile/base/lvm.pp
@@ -0,0 +1,40 @@
+# Copyright 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::lvm
+#
+# LVM profile for tripleo
+#
+# === Parameters
+#
+# [*enable_udev*]
+# (Optional) Whether to enable udev usage by LVM.
+# Defaults to true
+#
+class tripleo::profile::base::lvm (
+ $enable_udev = true,
+) {
+
+ if $enable_udev {
+ $udev_options_value = 1
+ } else {
+ $udev_options_value = 0
+ }
+ augeas {'udev options in lvm.conf':
+ context => '/files/etc/lvm/lvm.conf/activation/dict/',
+ changes => ["set udev_sync/int ${udev_options_value}",
+ "set udev_rules/int ${udev_options_value}"],
+ }
+
+}
diff --git a/manifests/profile/base/mistral/api.pp b/manifests/profile/base/mistral/api.pp
index 2ea5c9a..b5ca85e 100644
--- a/manifests/profile/base/mistral/api.pp
+++ b/manifests/profile/base/mistral/api.pp
@@ -56,9 +56,9 @@ class tripleo::profile::base::mistral::api (
$step = Integer(hiera('step')),
) {
if $::hostname == downcase($bootstrap_node) {
- $sync_db = true
+ $is_bootstrap = true
} else {
- $sync_db = false
+ $is_bootstrap = false
}
include ::tripleo::profile::base::mistral
@@ -74,7 +74,7 @@ class tripleo::profile::base::mistral::api (
$tls_keyfile = undef
}
- if $step >= 3 {
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::mistral::api
include ::apache::mod::ssl
class { '::mistral::wsgi::apache':
diff --git a/manifests/profile/base/neutron/opendaylight.pp b/manifests/profile/base/neutron/opendaylight.pp
index 5d25ae2..7a35b6b 100644
--- a/manifests/profile/base/neutron/opendaylight.pp
+++ b/manifests/profile/base/neutron/opendaylight.pp
@@ -28,12 +28,12 @@
#
# [*node_name*]
# (Optional) The short hostname of node
-# Defaults to hiera('bootstack_nodeid')
+# Defaults to hiera('bootstrap_nodeid')
#
class tripleo::profile::base::neutron::opendaylight (
$step = Integer(hiera('step')),
$odl_api_ips = hiera('opendaylight_api_node_ips'),
- $node_name = hiera('bootstack_nodeid')
+ $node_name = hiera('bootstrap_nodeid')
) {
if $step >= 1 {
diff --git a/manifests/profile/base/neutron/opendaylight/create_cluster.pp b/manifests/profile/base/neutron/opendaylight/create_cluster.pp
index c3e4f7f..94cd898 100644
--- a/manifests/profile/base/neutron/opendaylight/create_cluster.pp
+++ b/manifests/profile/base/neutron/opendaylight/create_cluster.pp
@@ -28,11 +28,11 @@
#
# [*node_name*]
# (Optional) The short hostname of node
-# Defaults to hiera('bootstack_nodeid')
+# Defaults to hiera('bootstrap_nodeid')
#
class tripleo::profile::base::neutron::opendaylight::create_cluster (
$odl_api_ips = hiera('opendaylight_api_node_ips'),
- $node_name = hiera('bootstack_nodeid')
+ $node_name = hiera('bootstrap_nodeid')
) {
tripleo::profile::base::neutron::opendaylight::configure_cluster {'ODL cluster':
diff --git a/manifests/profile/base/neutron/server.pp b/manifests/profile/base/neutron/server.pp
index 0dee53e..60ef443 100644
--- a/manifests/profile/base/neutron/server.pp
+++ b/manifests/profile/base/neutron/server.pp
@@ -113,10 +113,7 @@ class tripleo::profile::base::neutron::server (
$l3_ha = false
}
- # We start neutron-server on the bootstrap node first, because
- # it will try to populate tables and we need to make sure this happens
- # before it starts on other nodes
- if $step >= 4 and $sync_db or $step >= 5 and !$sync_db {
+ if $step >= 4 or ($step >= 3 and $sync_db) {
if $enable_internal_tls {
if !$neutron_network {
fail('neutron_api_network is not set in the hieradata.')
@@ -130,9 +127,14 @@ class tripleo::profile::base::neutron::server (
port => $tls_proxy_port,
tls_cert => $tls_certfile,
tls_key => $tls_keyfile,
- notify => Class['::neutron::server'],
}
+ Tripleo::Tls_proxy['neutron-api'] ~> Anchor<| title == 'neutron::service::begin' |>
}
+ }
+ # We start neutron-server on the bootstrap node first, because
+ # it will try to populate tables and we need to make sure this happens
+ # before it starts on other nodes
+ if $step >= 4 and $sync_db or $step >= 5 and !$sync_db {
include ::neutron::server::notifications
# We need to override the hiera value neutron::server::sync_db which is set
diff --git a/manifests/profile/base/nova.pp b/manifests/profile/base/nova.pp
index 65e8ebc..eb6856f 100644
--- a/manifests/profile/base/nova.pp
+++ b/manifests/profile/base/nova.pp
@@ -22,14 +22,6 @@
# (Optional) The hostname of the node responsible for bootstrapping tasks
# Defaults to hiera('bootstrap_nodeid')
#
-# [*libvirt_enabled*]
-# (Optional) Whether or not Libvirt is enabled.
-# Defaults to false
-#
-# [*manage_migration*]
-# (Optional) Whether or not manage Nova Live migration
-# Defaults to false
-#
# [*oslomsg_rpc_proto*]
# Protocol driver for the oslo messaging rpc service
# Defaults to hiera('messaging_rpc_service_name', rabbit)
@@ -74,65 +66,43 @@
# Enable ssl oslo messaging services
# Defaults to hiera('nova::rabbit_use_ssl', '0')
#
-# [*nova_compute_enabled*]
-# (Optional) Whether or not nova-compute is enabled.
-# Defaults to false
-#
# [*step*]
# (Optional) The current step of the deployment
# Defaults to hiera('step')
#
-# [*migration_ssh_key*]
-# (Optional) SSH key pair for migration SSH tunnel.
-# Expects a hash with keys 'private_key' and 'public_key'.
-# Defaults to {}
-#
-# [*migration_ssh_localaddrs*]
-# (Optional) Restrict ssh migration to clients connecting via this list of
-# IPs.
-# Defaults to [] (no restriction)
-#
-# [*libvirt_tls*]
-# (Optional) Whether or not libvird TLS service is enabled.
-# Defaults to false
+# [*memcached_ips*]
+# (Optional) Array of ipv4 or ipv6 addresses for memcache.
+# Defaults to hiera('memcached_node_ips')
class tripleo::profile::base::nova (
- $bootstrap_node = hiera('bootstrap_nodeid', undef),
- $libvirt_enabled = false,
- $manage_migration = false,
- $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
- $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
- $oslomsg_rpc_password = hiera('nova::rabbit_password'),
- $oslomsg_rpc_port = hiera('nova::rabbit_port', '5672'),
- $oslomsg_rpc_username = hiera('nova::rabbit_userid', 'guest'),
- $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'),
- $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)),
- $oslomsg_notify_password = hiera('nova::rabbit_password'),
- $oslomsg_notify_port = hiera('nova::rabbit_port', '5672'),
- $oslomsg_notify_username = hiera('nova::rabbit_userid', 'guest'),
- $oslomsg_use_ssl = hiera('nova::rabbit_use_ssl', '0'),
- $nova_compute_enabled = false,
- $step = Integer(hiera('step')),
- $migration_ssh_key = {},
- $migration_ssh_localaddrs = [],
- $libvirt_tls = false
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
+ $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_rpc_password = hiera('nova::rabbit_password'),
+ $oslomsg_rpc_port = hiera('nova::rabbit_port', '5672'),
+ $oslomsg_rpc_username = hiera('nova::rabbit_userid', 'guest'),
+ $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'),
+ $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_notify_password = hiera('nova::rabbit_password'),
+ $oslomsg_notify_port = hiera('nova::rabbit_port', '5672'),
+ $oslomsg_notify_username = hiera('nova::rabbit_userid', 'guest'),
+ $oslomsg_use_ssl = hiera('nova::rabbit_use_ssl', '0'),
+ $step = Integer(hiera('step')),
+ $memcached_ips = hiera('memcached_node_ips'),
) {
+
if $::hostname == downcase($bootstrap_node) {
$sync_db = true
} else {
$sync_db = false
}
- if hiera('nova::use_ipv6', false) {
- $memcache_servers = suffix(hiera('memcached_node_ips_v6'), ':11211')
+ if is_ipv6_address($memcached_ips[0]) {
+ $memcache_servers = prefix(suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211'), 'inet6:')
} else {
- $memcache_servers = suffix(hiera('memcached_node_ips'), ':11211')
+ $memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211')
}
- validate_array($migration_ssh_localaddrs)
- $migration_ssh_localaddrs.each |$x| { validate_ip_address($x) }
- $migration_ssh_localaddrs_real = unique($migration_ssh_localaddrs)
-
if $step >= 4 or ($step >= 3 and $sync_db) {
$oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
include ::nova::config
@@ -161,102 +131,4 @@ class tripleo::profile::base::nova (
}
include ::nova::placement
}
-
- if $step >= 4 {
- if $manage_migration {
- # Libvirt setup (live-migration)
- if $libvirt_tls {
- class { '::nova::migration::libvirt':
- transport => 'tls',
- configure_libvirt => $libvirt_enabled,
- configure_nova => $nova_compute_enabled,
- }
- } else {
- # Reuse the cold-migration SSH tunnel when TLS is not enabled
- class { '::nova::migration::libvirt':
- transport => 'ssh',
- configure_libvirt => $libvirt_enabled,
- configure_nova => $nova_compute_enabled,
- client_user => 'nova_migration',
- client_extraparams => {'keyfile' => '/etc/nova/migration/identity'}
- }
- }
-
- $services_enabled = hiera('service_names', [])
- if !empty($migration_ssh_key) and 'sshd' in $services_enabled {
- # Nova SSH tunnel setup (cold-migration)
-
- # Server side
- if !empty($migration_ssh_localaddrs_real) {
- $allow_type = sprintf('LocalAddress %s User', join($migration_ssh_localaddrs_real,','))
- $deny_type = 'LocalAddress'
- $deny_name = sprintf('!%s', join($migration_ssh_localaddrs_real,',!'))
-
- ssh::server::match_block { 'nova_migration deny':
- name => $deny_name,
- type => $deny_type,
- order => 2,
- options => {
- 'DenyUsers' => 'nova_migration'
- },
- notify => Service['sshd']
- }
- }
- else {
- $allow_type = 'User'
- }
- $allow_name = 'nova_migration'
-
- ssh::server::match_block { 'nova_migration allow':
- name => $allow_name,
- type => $allow_type,
- order => 1,
- options => {
- 'ForceCommand' => '/bin/nova-migration-wrapper',
- 'PasswordAuthentication' => 'no',
- 'AllowTcpForwarding' => 'no',
- 'X11Forwarding' => 'no',
- 'AuthorizedKeysFile' => '/etc/nova/migration/authorized_keys'
- },
- notify => Service['sshd']
- }
-
- $migration_authorized_keys = $migration_ssh_key['public_key']
- $migration_identity = $migration_ssh_key['private_key']
- $migration_user_shell = '/bin/bash'
- }
- else {
- # Remove the keys and prevent login when migration over SSH is not enabled
- $migration_authorized_keys = '# Migration over SSH disabled by TripleO'
- $migration_identity = '# Migration over SSH disabled by TripleO'
- $migration_user_shell = '/sbin/nologin'
- }
-
- package { 'openstack-nova-migration':
- ensure => present,
- tag => ['openstack', 'nova-package'],
- }
-
- file { '/etc/nova/migration/authorized_keys':
- content => $migration_authorized_keys,
- mode => '0640',
- owner => 'root',
- group => 'nova_migration',
- require => Package['openstack-nova-migration']
- }
-
- file { '/etc/nova/migration/identity':
- content => $migration_identity,
- mode => '0600',
- owner => 'nova',
- group => 'nova',
- require => Package['openstack-nova-migration']
- }
-
- user {'nova_migration':
- shell => $migration_user_shell,
- require => Package['openstack-nova-migration']
- }
- }
- }
}
diff --git a/manifests/profile/base/nova/authtoken.pp b/manifests/profile/base/nova/authtoken.pp
index d8285ba..7eb37bc 100644
--- a/manifests/profile/base/nova/authtoken.pp
+++ b/manifests/profile/base/nova/authtoken.pp
@@ -21,34 +21,22 @@
# for more details.
# Defaults to hiera('step')
#
-# [*use_ipv6*]
-# (Optional) Flag indicating if ipv6 should be used for caching
-# Defaults to hiera('nova::use_ipv6', false)
-#
-# [*memcache_nodes_ipv6*]
-# (Optional) Array of ipv6 addresses for memcache. Used if use_ipv6 is true.
-# Defaults to hiera('memcached_node_ipvs_v6', ['::1'])
-#
-# [*memcache_nodes_ipv4*]
-# (Optional) Array of ipv4 addresses for memcache. Used by default unless
-# use_ipv6 is set to true.
-# Defaults to hiera('memcached_node_ips', ['127.0.0.1'])
+# [*memcached_ips*]
+# (Optional) Array of ipv4 or ipv6 addresses for memcache.
+# Defaults to hiera('memcached_node_ips')
#
class tripleo::profile::base::nova::authtoken (
$step = Integer(hiera('step')),
- $use_ipv6 = hiera('nova::use_ipv6', false),
- $memcache_nodes_ipv6 = hiera('memcached_node_ips_v6', ['::1']),
- $memcache_nodes_ipv4 = hiera('memcached_node_ips', ['127.0.0.1']),
+ $memcached_ips = hiera('memcached_node_ips'),
) {
if $step >= 3 {
- $memcached_ips = $use_ipv6 ? {
- true => $memcache_nodes_ipv6,
- default => $memcache_nodes_ipv4
+ if is_ipv6_address($memcached_ips[0]) {
+ $memcache_servers = prefix(suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211'), 'inet6:')
+ } else {
+ $memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211')
}
- $memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211')
-
class { '::nova::keystone::authtoken':
memcached_servers => $memcache_servers
}
diff --git a/manifests/profile/base/nova/compute.pp b/manifests/profile/base/nova/compute.pp
index bd50204..3eae880 100644
--- a/manifests/profile/base/nova/compute.pp
+++ b/manifests/profile/base/nova/compute.pp
@@ -45,19 +45,6 @@ class tripleo::profile::base::nova::compute (
# deploy bits to connect nova compute to neutron
include ::nova::network::neutron
-
- # When utilising images for deployment, we need to reset the iSCSI initiator name to make it unique
- # https://bugzilla.redhat.com/show_bug.cgi?id=1244328
- ensure_resource('package', 'iscsi-initiator-utils', { ensure => 'present' })
- exec { 'reset-iscsi-initiator-name':
- command => '/bin/echo InitiatorName=$(/usr/sbin/iscsi-iname) > /etc/iscsi/initiatorname.iscsi',
- onlyif => '/usr/bin/test ! -f /etc/iscsi/.initiator_reset',
- before => File['/etc/iscsi/.initiator_reset'],
- require => Package['iscsi-initiator-utils'],
- }
- file { '/etc/iscsi/.initiator_reset':
- ensure => present,
- }
}
# If NFS is used as a Cinder backend
diff --git a/manifests/profile/base/nova/compute/libvirt.pp b/manifests/profile/base/nova/compute/libvirt.pp
index ec592cb..8a7c4d6 100644
--- a/manifests/profile/base/nova/compute/libvirt.pp
+++ b/manifests/profile/base/nova/compute/libvirt.pp
@@ -28,16 +28,13 @@ class tripleo::profile::base::nova::compute::libvirt (
) {
if $step >= 4 {
include ::tripleo::profile::base::nova::compute
+ include ::tripleo::profile::base::nova::migration::client
# Ceph + Libvirt
$rbd_ephemeral_storage = hiera('nova::compute::rbd::ephemeral_storage', false)
$rbd_persistent_storage = hiera('rbd_persistent_storage', false)
if $rbd_ephemeral_storage or $rbd_persistent_storage {
- $client_keys = hiera('ceph::profile::params::client_keys')
- $client_user = join(['client.', hiera('nova::compute::rbd::libvirt_rbd_user')])
- class { '::nova::compute::rbd':
- libvirt_rbd_secret_key => $client_keys[$client_user]['secret'],
- }
+ include ::nova::compute::rbd
}
if $rbd_ephemeral_storage {
diff --git a/manifests/profile/base/nova/libvirt.pp b/manifests/profile/base/nova/libvirt.pp
index b639858..06baa39 100644
--- a/manifests/profile/base/nova/libvirt.pp
+++ b/manifests/profile/base/nova/libvirt.pp
@@ -28,6 +28,7 @@ class tripleo::profile::base::nova::libvirt (
) {
if $step >= 4 {
include ::tripleo::profile::base::nova
+ include ::tripleo::profile::base::nova::migration::client
include ::nova::compute::libvirt::services
file { ['/etc/libvirt/qemu/networks/autostart/default.xml',
diff --git a/manifests/profile/base/nova/migration.pp b/manifests/profile/base/nova/migration.pp
new file mode 100644
index 0000000..0c4c844
--- /dev/null
+++ b/manifests/profile/base/nova/migration.pp
@@ -0,0 +1,35 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::nova::migration
+#
+# Nova migration profile for tripleo, common to both client and target.
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) The current step of the deployment
+# Defaults to hiera('step')
+#
+
+class tripleo::profile::base::nova::migration (
+ $step = Integer(hiera('step')),
+) {
+ if $step >= 3 {
+ package { 'openstack-nova-migration':
+ ensure => present,
+ tag => ['openstack', 'nova-package'],
+ }
+ }
+}
diff --git a/manifests/profile/base/nova/migration/client.pp b/manifests/profile/base/nova/migration/client.pp
new file mode 100644
index 0000000..12b83dc
--- /dev/null
+++ b/manifests/profile/base/nova/migration/client.pp
@@ -0,0 +1,100 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::nova::migration
+#
+# Nova migration client profile for tripleo
+#
+# === Parameters
+#
+# [*libvirt_enabled*]
+# (Optional) Whether or not Libvirt is enabled.
+# Defaults to false
+#
+# [*nova_compute_enabled*]
+# (Optional) Whether or not nova-compute is enabled.
+# Defaults to false
+#
+# [*step*]
+# (Optional) The current step of the deployment
+# Defaults to hiera('step')
+#
+# [*ssh_private_key*]
+# (Optional) SSH private_key for migration SSH tunnel.
+# Defaults to ''
+#
+# [*ssh_port*]
+# (Optional) Port that SSH target services is listening on.
+# Defaults to 22
+#
+# [*libvirt_tls*]
+# (Optional) Whether or not libvird TLS service is enabled.
+# Defaults to false
+
+class tripleo::profile::base::nova::migration::client (
+ $libvirt_enabled = false,
+ $nova_compute_enabled = false,
+ $step = Integer(hiera('step')),
+ $ssh_private_key = '',
+ $ssh_port = 22,
+ $libvirt_tls = false,
+) {
+
+ include ::tripleo::profile::base::nova::migration
+
+ if $step >= 4 {
+
+ # Libvirt setup (live-migration)
+ if $libvirt_tls {
+ class { '::nova::migration::libvirt':
+ transport => 'tls',
+ configure_libvirt => $libvirt_enabled,
+ configure_nova => $nova_compute_enabled,
+ }
+ } else {
+ # Reuse the cold-migration SSH tunnel when TLS is not enabled
+ class { '::nova::migration::libvirt':
+ transport => 'ssh',
+ configure_libvirt => $libvirt_enabled,
+ configure_nova => $nova_compute_enabled,
+ client_user => 'nova_migration',
+ client_extraparams => {'keyfile' => '/etc/nova/migration/identity'},
+ client_port => $ssh_port
+ }
+ }
+
+ if !empty($ssh_private_key) {
+ # Nova SSH tunnel setup (cold-migration)
+ $migration_identity = $ssh_private_key
+ }
+ else {
+ $migration_identity = '# Migration over SSH disabled by TripleO'
+ }
+
+ file { '/etc/nova/migration/identity':
+ content => $migration_identity,
+ mode => '0600',
+ owner => 'nova',
+ group => 'nova',
+ require => Package['openstack-nova-migration']
+ }
+
+ file_line { 'nova_ssh_port':
+ ensure => present,
+ path => '/var/lib/nova/.ssh/config',
+ after => '^Host \*$',
+ line => " Port ${ssh_port}",
+ }
+ }
+}
diff --git a/manifests/profile/base/nova/migration/target.pp b/manifests/profile/base/nova/migration/target.pp
new file mode 100644
index 0000000..7c21028
--- /dev/null
+++ b/manifests/profile/base/nova/migration/target.pp
@@ -0,0 +1,120 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::nova::migration::target
+#
+# Nova migration target profile for tripleo
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) The current step of the deployment
+# Defaults to hiera('step')
+#
+# [*ssh_authorized_keys*]
+# (Optional) List of SSH public keys authorized for migration.
+# If no keys are provided then migration over ssh will be disabled.
+# Defaults to []
+#
+# [*ssh_localaddrs*]
+# (Optional) Restrict ssh migration to clients connecting via this list of
+# IPs.
+# Defaults to [] (no restriction)
+#
+# [*services_enabled*]
+# (Optional) List of services enabled on the current role.
+# If the nova_migration_target service is not enabled then migration over
+# ssh will be disabled.
+# Defaults to hiera('service_names', [])
+
+class tripleo::profile::base::nova::migration::target (
+ $step = Integer(hiera('step')),
+ $ssh_authorized_keys = [],
+ $ssh_localaddrs = [],
+ $services_enabled = hiera('service_names', []),
+) {
+
+ include ::tripleo::profile::base::nova::migration
+
+ validate_array($ssh_localaddrs)
+ $ssh_localaddrs.each |$x| { validate_ip_address($x) }
+ $ssh_localaddrs_real = unique($ssh_localaddrs)
+ validate_array($ssh_authorized_keys)
+ $ssh_authorized_keys_real = join($ssh_authorized_keys, '\n')
+
+ if $step >= 4 {
+ if !empty($ssh_authorized_keys_real) {
+ if ('nova_migration_target' in $services_enabled) {
+ if !empty($ssh_localaddrs_real) {
+ $allow_type = sprintf('LocalAddress %s User', join($ssh_localaddrs_real,','))
+ $deny_type = 'LocalAddress'
+ $deny_name = sprintf('!%s', join($ssh_localaddrs_real,',!'))
+
+ ssh::server::match_block { 'nova_migration deny':
+ name => $deny_name,
+ type => $deny_type,
+ order => 2,
+ options => {
+ 'DenyUsers' => 'nova_migration'
+ },
+ notify => Service['sshd']
+ }
+ }
+ else {
+ $allow_type = 'User'
+ }
+ $allow_name = 'nova_migration'
+
+ ssh::server::match_block { 'nova_migration allow':
+ name => $allow_name,
+ type => $allow_type,
+ order => 1,
+ options => {
+ 'ForceCommand' => '/bin/nova-migration-wrapper',
+ 'PasswordAuthentication' => 'no',
+ 'AllowTcpForwarding' => 'no',
+ 'X11Forwarding' => 'no',
+ 'AuthorizedKeysFile' => '/etc/nova/migration/authorized_keys'
+ },
+ notify => Service['sshd']
+ }
+ $migration_authorized_keys = $ssh_authorized_keys_real
+ $migration_user_shell = '/bin/bash'
+ }
+ else {
+ # Remove the keys and prevent login when migration over SSH is not enabled
+ $migration_authorized_keys = '# Migration over SSH disabled by TripleO'
+ $migration_user_shell = '/sbin/nologin'
+ }
+ }
+ else {
+ # Remove the keys and prevent login when migration over SSH is not enabled
+ $migration_authorized_keys = '# Migration over SSH disabled by TripleO'
+ $migration_user_shell = '/sbin/nologin'
+ }
+
+ file { '/etc/nova/migration/authorized_keys':
+ content => $migration_authorized_keys,
+ mode => '0640',
+ owner => 'root',
+ group => 'nova_migration',
+ require => Package['openstack-nova-migration']
+ }
+
+ user {'nova_migration':
+ shell => $migration_user_shell,
+ require => Package['openstack-nova-migration']
+ }
+ }
+}
diff --git a/manifests/profile/base/nova/placement.pp b/manifests/profile/base/nova/placement.pp
index ac78287..48af39a 100644
--- a/manifests/profile/base/nova/placement.pp
+++ b/manifests/profile/base/nova/placement.pp
@@ -54,9 +54,9 @@ class tripleo::profile::base::nova::placement (
$step = Integer(hiera('step')),
) {
if $::hostname == downcase($bootstrap_node) {
- $sync_db = true
+ $is_bootstrap = true
} else {
- $sync_db = false
+ $is_bootstrap = false
}
include ::tripleo::profile::base::nova
@@ -73,7 +73,7 @@ class tripleo::profile::base::nova::placement (
$tls_keyfile = undef
}
- if $step >= 3 {
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::apache::mod::ssl
class { '::nova::wsgi::apache_placement':
ssl_cert => $tls_certfile,
diff --git a/manifests/profile/base/qdr.pp b/manifests/profile/base/qdr.pp
index 37cf9e5..577f3d5 100644
--- a/manifests/profile/base/qdr.pp
+++ b/manifests/profile/base/qdr.pp
@@ -19,18 +19,22 @@
# === Parameters
#
# [*qdr_username*]
-# Username for the qrouter daemon
+# Username for the qdrouter daemon
# Defaults to undef
#
# [*qdr_password*]
-# Password for the qrouter daemon
+# Password for the qdrouter daemon
# Defaults to undef
#
# [*qdr_listener_port*]
-# Port for the listener (not that we do not use qdr::listener_port
+# Port for the listener (note that we do not use qdr::listener_port
# directly because it requires a string and we have a number.
# Defaults to hiera('tripleo::profile::base::qdr::qdr_listener_port', 5672)
#
+# [*qdr_node_names*]
+# Set of nodes for qdr mesh deployment setup
+# Defaults to hiera('rabbitmq_node_names')
+#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
@@ -41,11 +45,69 @@ class tripleo::profile::base::qdr (
$qdr_password = undef,
$qdr_listener_port = hiera('tripleo::profile::base::qdr::qdr_listener_port', 5672),
$step = Integer(hiera('step')),
+ $qdr_node_names = pick(hiera('qdr_node_names',undef),hiera('rabbitmq_node_names')),
) {
if $step >= 1 {
+ # For multi-node deployments of the dispatch router, a mesh of
+ # inter-router links is created. Bi-directional links must
+ # not be configured.
+ #
+ # Example: For nodes A, B, C
+ # Node Inter-Router Link
+ # A: []
+ # B: [A]
+ # C: [A,B]
+ #
+ # NB: puppet 4.8 introduces break(), which would be favord to
+ # the following
+ $connectors = $qdr_node_names.reduce([]) |$memo, $node| {
+ if $::hostname in $node {
+ $memo + true
+ } else {
+ if true in $memo {
+ $memo
+ } else {
+ $memo + [{'host' => $node,
+ 'role' => 'inter-router',
+ 'port' => '25672'}]
+ }
+ }
+ } - true
+
+ $router_mode = size($qdr_node_names) ? {
+ 1 => 'standalone',
+ default => 'interior',
+ }
+
+ $extra_listeners = size($qdr_node_names) ? {
+ 1 => [],
+ default => [{'host' => '0.0.0.0',
+ 'port' => '25672',
+ 'role' => 'inter-router'}],
+ }
+
+ $extra_addresses = [{'prefix' => 'openstack.org/om/rpc/multicast',
+ 'distribution' => 'multicast'},
+ {'prefix' => 'openstack.org/om/rpc/unicast',
+ 'distribution' => 'closest'},
+ {'prefix' => 'openstack.org/om/rpc/anycast',
+ 'distribution' => 'balanced'},
+ {'prefix' => 'openstack.org/om/notify/multicast',
+ 'distribution' => 'multicast'},
+ {'prefix' => 'openstack.org/om/notify/unicast',
+ 'distribution' => 'closest'},
+ {'prefix' => 'openstack.org/om/notify/anycast',
+ 'distribution' => 'balanced'}]
+
class { '::qdr':
- listener_port => "${qdr_listener_port}",
- } ->
+ listener_addr => '0.0.0.0',
+ listener_port => "${qdr_listener_port}",
+ router_mode => $router_mode,
+ connectors => $connectors,
+ extra_listeners => $extra_listeners,
+ extra_addresses => $extra_addresses,
+ }
+
qdr_user { $qdr_username:
ensure => present,
password => $qdr_password,
diff --git a/manifests/profile/base/rabbitmq.pp b/manifests/profile/base/rabbitmq.pp
index 8ab6049..d0b4a05 100644
--- a/manifests/profile/base/rabbitmq.pp
+++ b/manifests/profile/base/rabbitmq.pp
@@ -166,4 +166,7 @@ class tripleo::profile::base::rabbitmq (
}
}
+ if $step >= 1 and hiera('veritas_hyperscale_controller_enabled', false) {
+ include ::veritas_hyperscale::hs_rabbitmq
+ }
}
diff --git a/manifests/profile/base/swift/dispersion.pp b/manifests/profile/base/swift/dispersion.pp
new file mode 100644
index 0000000..44af463
--- /dev/null
+++ b/manifests/profile/base/swift/dispersion.pp
@@ -0,0 +1,33 @@
+# Copyright 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::swift::dispersion
+#
+# Swift dispersion profile for tripleo
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::swift::dispersion (
+ $step = Integer(hiera('step')),
+) {
+ if $step >= 5 {
+ include ::swift::client
+ include ::swift::dispersion
+ }
+}
diff --git a/manifests/profile/base/swift/proxy.pp b/manifests/profile/base/swift/proxy.pp
index b047c36..afb5fa6 100644
--- a/manifests/profile/base/swift/proxy.pp
+++ b/manifests/profile/base/swift/proxy.pp
@@ -18,6 +18,10 @@
#
# === Parameters
#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
# [*ceilometer_enabled*]
# Whether the ceilometer pipeline is enabled.
# Defaults to true
@@ -96,6 +100,7 @@
# defaults to 8080
#
class tripleo::profile::base::swift::proxy (
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
$ceilometer_enabled = true,
$ceilometer_messaging_driver = hiera('messaging_notify_service_name', 'rabbit'),
$ceilometer_messaging_hosts = any2array(hiera('rabbitmq_node_names', undef)),
@@ -113,7 +118,12 @@ class tripleo::profile::base::swift::proxy (
$tls_proxy_fqdn = undef,
$tls_proxy_port = 8080,
) {
- if $step >= 4 {
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
+ }
+ if $step >= 4 or ($step >= 3 and $is_bootstrap) {
if $enable_internal_tls {
if !$swift_proxy_network {
fail('swift_proxy_network is not set in the hieradata.')
@@ -127,9 +137,11 @@ class tripleo::profile::base::swift::proxy (
port => $tls_proxy_port,
tls_cert => $tls_certfile,
tls_key => $tls_keyfile,
- notify => Class['::swift::proxy'],
}
+ Tripleo::Tls_proxy['swift-proxy-api'] ~> Anchor<| title == 'swift::service::begin' |>
}
+ }
+ if $step >= 4 {
$swift_memcache_servers = suffix(any2array(normalize_ip_for_uri($memcache_servers)), ":${memcache_port}")
include ::swift::config
include ::swift::proxy
diff --git a/manifests/profile/base/zaqar.pp b/manifests/profile/base/zaqar.pp
index b9171b0..cd84d04 100644
--- a/manifests/profile/base/zaqar.pp
+++ b/manifests/profile/base/zaqar.pp
@@ -18,9 +18,17 @@
#
# === Parameters
#
-# [*sync_db*]
-# (Optional) Whether to run db sync
-# Defaults to true
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
+# [*management_store*]
+# (Optional) The management store for Zaqar.
+# Defaults to 'mongodb'
+#
+# [*messaging_store*]
+# (Optional) The messaging store for Zaqar.
+# Defaults to 'mongodb'
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
@@ -28,27 +36,53 @@
# Defaults to hiera('step')
#
class tripleo::profile::base::zaqar (
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $management_store = 'mongodb',
+ $messaging_store = 'mongodb',
$step = Integer(hiera('step')),
) {
- if $step >= 4 {
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
+ }
+
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::zaqar
- if str2bool(hiera('mongodb::server::ipv6', false)) {
- $mongo_node_ips_with_port_prefixed = prefix(hiera('mongodb_node_ips'), '[')
- $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017')
- } else {
- $mongo_node_ips_with_port = suffix(hiera('mongodb_node_ips'), ':27017')
+ if $messaging_store == 'mongodb' or $management_store == 'mongodb' {
+ if str2bool(hiera('mongodb::server::ipv6', false)) {
+ $mongo_node_ips_with_port_prefixed = prefix(hiera('mongodb_node_ips'), '[')
+ $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017')
+ } else {
+ $mongo_node_ips_with_port = suffix(hiera('mongodb_node_ips'), ':27017')
+ }
+ $mongodb_replset = hiera('mongodb::server::replset')
+ $mongo_node_string = join($mongo_node_ips_with_port, ',')
+ $mongo_database_connection = "mongodb://${mongo_node_string}/zaqar?replicaSet=${mongodb_replset}"
}
- $mongodb_replset = hiera('mongodb::server::replset')
- $mongo_node_string = join($mongo_node_ips_with_port, ',')
- $database_connection = "mongodb://${mongo_node_string}/zaqar?replicaSet=${mongodb_replset}"
- class { '::zaqar::management::mongodb':
- uri => $database_connection,
+
+ if $messaging_store == 'swift' {
+ include ::zaqar::messaging::swift
+ } elsif $messaging_store == 'mongodb' {
+ class {'::zaqar::messaging::mongodb':
+ uri => $mongo_database_connection,
+ }
+ } else {
+ fail("unsupported Zaqar messaging_store set: ${messaging_store}")
}
- class {'::zaqar::messaging::mongodb':
- uri => $database_connection,
+
+ if $management_store == 'sqlalchemy' {
+ include ::zaqar::management::sqlalchemy
+ } elsif $management_store == 'mongodb' {
+ class { '::zaqar::management::mongodb':
+ uri => $mongo_database_connection,
+ }
+ } else {
+ fail("unsupported Zaqar management_store set: ${management_store}")
}
+
include ::zaqar::transport::websocket
include ::apache::mod::ssl
include ::zaqar::transport::wsgi