diff options
Diffstat (limited to 'manifests/profile/base')
24 files changed, 242 insertions, 116 deletions
diff --git a/manifests/profile/base/aodh.pp b/manifests/profile/base/aodh.pp index 281e069..6e70b50 100644 --- a/manifests/profile/base/aodh.pp +++ b/manifests/profile/base/aodh.pp @@ -28,8 +28,8 @@ # Defaults to hiera('bootstrap_nodeid') # # [*rabbit_hosts*] -# list of the rabbbit host IPs -# Defaults to hiera('rabbitmq_node_ips') +# list of the rabbbit host fqdns +# Defaults to hiera('rabbitmq_node_names') # # [*rabbit_port*] # IP port for rabbitmq service @@ -38,7 +38,7 @@ class tripleo::profile::base::aodh ( $step = hiera('step'), $bootstrap_node = hiera('bootstrap_nodeid', undef), - $rabbit_hosts = hiera('rabbitmq_node_ips', undef), + $rabbit_hosts = hiera('rabbitmq_node_names', undef), $rabbit_port = hiera('aodh::rabbit_port', 5672), ) { @@ -49,7 +49,7 @@ class tripleo::profile::base::aodh ( } if $step >= 4 or ($step >= 3 and $sync_db) { - $rabbit_endpoints = suffix(any2array(normalize_ip_for_uri($rabbit_hosts)), ":${rabbit_port}") + $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") class { '::aodh' : rabbit_hosts => $rabbit_endpoints, } diff --git a/manifests/profile/base/aodh/api.pp b/manifests/profile/base/aodh/api.pp index 06dcfe5..af4a5b3 100644 --- a/manifests/profile/base/aodh/api.pp +++ b/manifests/profile/base/aodh/api.pp @@ -52,10 +52,6 @@ # for more details. # Defaults to hiera('step') # -# [*enable_combination_alarms*] -# (optional) Setting to enable combination alarms -# Defaults to: false -# class tripleo::profile::base::aodh::api ( $aodh_network = hiera('aodh_api_network', undef), @@ -63,7 +59,6 @@ class tripleo::profile::base::aodh::api ( $enable_internal_tls = hiera('enable_internal_tls', false), $generate_service_certificates = hiera('generate_service_certificates', false), $step = hiera('step'), - $enable_combination_alarms = false, ) { include ::tripleo::profile::base::aodh @@ -90,12 +85,5 @@ class tripleo::profile::base::aodh::api ( ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, } - - #NOTE: Combination alarms are deprecated in newton and disabled by default. - # we need a way to override this setting for users still using this type - # of alarms. - aodh_config { - 'api/enable_combination_alarms' : value => $enable_combination_alarms; - } } } diff --git a/manifests/profile/base/ceilometer.pp b/manifests/profile/base/ceilometer.pp index 392d0c7..bbe7f27 100644 --- a/manifests/profile/base/ceilometer.pp +++ b/manifests/profile/base/ceilometer.pp @@ -24,8 +24,8 @@ # Defaults to hiera('step') # # [*rabbit_hosts*] -# list of the rabbbit host IPs -# Defaults to hiera('rabbitmq_node_ips') +# list of the rabbbit host fqdns +# Defaults to hiera('rabbitmq_node_names') # # [*rabbit_port*] # IP port for rabbitmq service @@ -33,12 +33,12 @@ class tripleo::profile::base::ceilometer ( $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_ips', undef), + $rabbit_hosts = hiera('rabbitmq_node_names', undef), $rabbit_port = hiera('ceilometer::rabbit_port', 5672), ) { if $step >= 3 { - $rabbit_endpoints = suffix(any2array(normalize_ip_for_uri($rabbit_hosts)), ":${rabbit_port}") + $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") class { '::ceilometer' : rabbit_hosts => $rabbit_endpoints, } diff --git a/manifests/profile/base/ceilometer/api.pp b/manifests/profile/base/ceilometer/api.pp index 6ef4748..2e7986b 100644 --- a/manifests/profile/base/ceilometer/api.pp +++ b/manifests/profile/base/ceilometer/api.pp @@ -18,6 +18,10 @@ # # === Parameters # +# [*enable_legacy_api*] +# (Optional) Enable legacy ceilometer api service. +# Defaults to hiera('enable_legacy_api', false) +# # [*ceilometer_network*] # (Optional) The network name where the ceilometer endpoint is listening on. # This is set by t-h-t. @@ -53,6 +57,7 @@ # Defaults to hiera('step') # class tripleo::profile::base::ceilometer::api ( + $enable_legacy_api = hiera('enable_legacy_ceilometer_api', false), $ceilometer_network = hiera('ceilometer_api_network', undef), $certificates_specs = hiera('apache_certificates_specs', {}), $enable_internal_tls = hiera('enable_internal_tls', false), @@ -76,7 +81,7 @@ class tripleo::profile::base::ceilometer::api ( $tls_keyfile = undef } - if $step >= 4 { + if $step >= 4 and $enable_legacy_api { include ::ceilometer::api class { '::ceilometer::wsgi::apache': ssl_cert => $tls_certfile, diff --git a/manifests/profile/base/ceilometer/collector.pp b/manifests/profile/base/ceilometer/collector.pp index 3c0a361..20eab54 100644 --- a/manifests/profile/base/ceilometer/collector.pp +++ b/manifests/profile/base/ceilometer/collector.pp @@ -68,19 +68,8 @@ class tripleo::profile::base::ceilometer::collector ( if !$mongodb_replset { fail('mongodb_replset is required when using mongodb') } - # NOTE(gfidente): We need to pass the list of IPv6 addresses *with* port - # and without the brackets as 'members' argument for the 'mongodb_replset' - # resource. - if str2bool($mongodb_ipv6) { - $mongo_node_ips_with_port_prefixed = prefix($mongodb_node_ips, '[') - $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017') - $mongo_node_ips_with_port_nobr = suffix($mongodb_node_ips, ':27017') - } else { - $mongo_node_ips_with_port = suffix($mongodb_node_ips, ':27017') - $mongo_node_ips_with_port_nobr = suffix($mongodb_node_ips, ':27017') - } - $mongo_node_string = join($mongo_node_ips_with_port, ',') - + $mongo_nodes = suffix(any2array(normalize_ip_for_uri($mongodb_node_ips)), ':27017') + $mongo_node_string = join($mongo_nodes, ',') $ceilometer_mongodb_conn_string = "mongodb://${mongo_node_string}/ceilometer?replicaSet=${mongodb_replset}" class { '::ceilometer::db' : diff --git a/manifests/profile/base/cinder.pp b/manifests/profile/base/cinder.pp index 8023fcc..6a821f3 100644 --- a/manifests/profile/base/cinder.pp +++ b/manifests/profile/base/cinder.pp @@ -31,8 +31,8 @@ # Defaults to hiera('step') # # [*rabbit_hosts*] -# list of the rabbbit host IPs -# Defaults to hiera('rabbitmq_node_ips') +# list of the rabbbit host fqdns +# Defaults to hiera('rabbitmq_node_names') # # [*rabbit_port*] # IP port for rabbitmq service @@ -42,7 +42,7 @@ class tripleo::profile::base::cinder ( $bootstrap_node = hiera('bootstrap_nodeid', undef), $cinder_enable_db_purge = true, $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_ips', undef), + $rabbit_hosts = hiera('rabbitmq_node_names', undef), $rabbit_port = hiera('cinder::rabbit_port', 5672), ) { if $::hostname == downcase($bootstrap_node) { @@ -52,7 +52,7 @@ class tripleo::profile::base::cinder ( } if $step >= 4 or ($step >= 3 and $sync_db) { - $rabbit_endpoints = suffix(any2array(normalize_ip_for_uri($rabbit_hosts)), ":${rabbit_port}") + $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") class { '::cinder' : rabbit_hosts => $rabbit_endpoints, } diff --git a/manifests/profile/base/cinder/volume.pp b/manifests/profile/base/cinder/volume.pp index 7d562ec..64927b6 100644 --- a/manifests/profile/base/cinder/volume.pp +++ b/manifests/profile/base/cinder/volume.pp @@ -108,13 +108,19 @@ class tripleo::profile::base::cinder::volume ( $cinder_rbd_backend_name = undef } - $cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend_name, - $cinder_rbd_backend_name, - $cinder_eqlx_backend_name, - $cinder_dellsc_backend_name, - $cinder_netapp_backend_name, - $cinder_nfs_backend_name, - $cinder_user_enabled_backends]) + $backends = delete_undef_values([$cinder_iscsi_backend_name, + $cinder_rbd_backend_name, + $cinder_eqlx_backend_name, + $cinder_dellsc_backend_name, + $cinder_netapp_backend_name, + $cinder_nfs_backend_name, + $cinder_user_enabled_backends]) + # NOTE(aschultz): during testing it was found that puppet 3 may incorrectly + # include a "" in the previous array which is not removed by the + # delete_undef_values function. So we need to make sure we don't have any + # "" strings in our array. + $cinder_enabled_backends = delete($backends, '') + class { '::cinder::backends' : enabled_backends => $cinder_enabled_backends, } diff --git a/manifests/profile/base/database/mysql.pp b/manifests/profile/base/database/mysql.pp index 8bef7c4..a039439 100644 --- a/manifests/profile/base/database/mysql.pp +++ b/manifests/profile/base/database/mysql.pp @@ -26,6 +26,28 @@ # (Optional) The hostname of the node responsible for bootstrapping tasks # Defaults to hiera('bootstrap_nodeid') # +# [*certificate_specs*] +# (Optional) The specifications to give to certmonger for the certificate +# it will create. Note that the certificate nickname must be 'mysql' in +# the case of this service. +# Example with hiera: +# tripleo::profile::base::database::mysql::certificate_specs: +# hostname: <overcloud controller fqdn> +# service_certificate: <service certificate path> +# service_key: <service key path> +# principal: "mysql/<overcloud controller fqdn>" +# Defaults to {}. +# +# [*enable_internal_tls*] +# (Optional) Whether TLS in the internal network is enabled or not. +# Defaults to hiera('enable_internal_tls', false) +# +# [*generate_service_certificates*] +# (Optional) Whether or not certmonger will generate certificates for +# MySQL. This could be as many as specified by the $certificates_specs +# variable. +# Defaults to hiera('generate_service_certificate', false). +# # [*manage_resources*] # (Optional) Whether or not manage root user, root my.cnf, and service. # Defaults to true @@ -45,12 +67,15 @@ # Defaults to hiera('step') # class tripleo::profile::base::database::mysql ( - $bind_address = $::hostname, - $bootstrap_node = hiera('bootstrap_nodeid', undef), - $manage_resources = true, - $mysql_server_options = {}, - $remove_default_accounts = true, - $step = hiera('step'), + $bind_address = $::hostname, + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $certificate_specs = {}, + $enable_internal_tls = hiera('enable_internal_tls', false), + $generate_service_certificates = hiera('generate_service_certificates', false), + $manage_resources = true, + $mysql_server_options = {}, + $remove_default_accounts = true, + $step = hiera('step'), ) { if $::hostname == downcase($bootstrap_node) { @@ -60,6 +85,18 @@ class tripleo::profile::base::database::mysql ( } validate_hash($mysql_server_options) + validate_hash($certificate_specs) + + if $enable_internal_tls { + if $generate_service_certificates { + ensure_resource('class', 'tripleo::certmonger::mysql', $certificate_specs) + } + $tls_certfile = $certificate_specs['service_certificate'] + $tls_keyfile = $certificate_specs['service_key'] + } else { + $tls_certfile = undef + $tls_keyfile = undef + } # non-ha scenario if $manage_resources { @@ -84,6 +121,10 @@ class tripleo::profile::base::database::mysql ( 'bind-address' => $bind_address, 'max_connections' => hiera('mysql_max_connections'), 'open_files_limit' => '-1', + 'ssl' => $enable_internal_tls, + 'ssl-key' => $tls_keyfile, + 'ssl-cert' => $tls_certfile, + 'ssl-ca' => undef, } } $mysql_server_options_real = deep_merge($mysql_server_default, $mysql_server_options) @@ -109,7 +150,7 @@ class tripleo::profile::base::database::mysql ( if hiera('cinder_api_enabled', false) { include ::cinder::db::mysql } - if hiera('glance_registry_enabled', false) { + if hiera('glance_api_enabled', false) { include ::glance::db::mysql } if hiera('gnocchi_api_enabled', false) { diff --git a/manifests/profile/base/glance/api.pp b/manifests/profile/base/glance/api.pp index af3b0ac..5ba7a0b 100644 --- a/manifests/profile/base/glance/api.pp +++ b/manifests/profile/base/glance/api.pp @@ -32,8 +32,8 @@ # Defaults to hiera('step') # # [*rabbit_hosts*] -# list of the rabbbit host IPs -# Defaults to hiera('rabbitmq_node_ips') +# list of the rabbbit host fqdns +# Defaults to hiera('rabbitmq_node_names') # # [*rabbit_port*] # IP port for rabbitmq service @@ -43,7 +43,7 @@ class tripleo::profile::base::glance::api ( $glance_backend = downcase(hiera('glance_backend', 'swift')), $glance_nfs_enabled = false, $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_ips', undef), + $rabbit_hosts = hiera('rabbitmq_node_names', undef), $rabbit_port = hiera('glance::notify::rabbitmq::rabbit_port', 5672), ) { @@ -67,7 +67,7 @@ class tripleo::profile::base::glance::api ( class { '::glance::api': stores => $glance_store, } - $rabbit_endpoints = suffix(any2array(normalize_ip_for_uri($rabbit_hosts)), ":${rabbit_port}") + $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") class { '::glance::notify::rabbitmq' : rabbit_hosts => $rabbit_endpoints, } diff --git a/manifests/profile/base/heat.pp b/manifests/profile/base/heat.pp index 00a9809..c743ce0 100644 --- a/manifests/profile/base/heat.pp +++ b/manifests/profile/base/heat.pp @@ -36,8 +36,8 @@ # Defaults to hiera('step') # # [*rabbit_hosts*] -# list of the rabbbit host IPs -# Defaults to hiera('rabbitmq_node_ips') +# list of the rabbbit host fqdns +# Defaults to hiera('rabbitmq_node_names') # # [*rabbit_port*] # IP port for rabbitmq service @@ -48,7 +48,7 @@ class tripleo::profile::base::heat ( $manage_db_purge = hiera('heat_enable_db_purge', true), $notification_driver = 'messaging', $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_ips', undef), + $rabbit_hosts = hiera('rabbitmq_node_names', undef), $rabbit_port = hiera('heat::rabbit_port', 5672), ) { # Domain resources will be created at step5 on the node running keystone.pp @@ -62,7 +62,7 @@ class tripleo::profile::base::heat ( } if $step >= 4 { - $rabbit_endpoints = suffix(any2array(normalize_ip_for_uri($rabbit_hosts)), ":${rabbit_port}") + $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") class { '::heat' : notification_driver => $notification_driver, rabbit_hosts => $rabbit_endpoints, diff --git a/manifests/profile/base/ironic.pp b/manifests/profile/base/ironic.pp index 7b44421..5db1e1f 100644 --- a/manifests/profile/base/ironic.pp +++ b/manifests/profile/base/ironic.pp @@ -27,8 +27,8 @@ # Defaults to hiera('step') # # [*rabbit_hosts*] -# list of the rabbbit host IPs -# Defaults to hiera('rabbitmq_node_ips') +# list of the rabbbit host fqdns +# Defaults to hiera('rabbitmq_node_names') # # [*rabbit_port*] # IP port for rabbitmq service @@ -37,7 +37,7 @@ class tripleo::profile::base::ironic ( $bootstrap_node = hiera('bootstrap_nodeid', undef), $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_ips', undef), + $rabbit_hosts = hiera('rabbitmq_node_names', undef), $rabbit_port = hiera('ironic::rabbit_port', 5672), ) { # Database is accessed by both API and conductor, hence it's here. @@ -48,7 +48,7 @@ class tripleo::profile::base::ironic ( } if $step >= 4 or ($step >= 3 and $sync_db) { - $rabbit_endpoints = suffix(any2array(normalize_ip_for_uri($rabbit_hosts)), ":${rabbit_port}") + $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") class { '::ironic': sync_db => $sync_db, rabbit_hosts => $rabbit_endpoints, diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index ff8d790..26e7b1f 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -78,8 +78,8 @@ # # # [*rabbit_hosts*] -# list of the rabbbit host IPs -# Defaults to hiera('rabbitmq_node_ips') +# list of the rabbbit host fqdns +# Defaults to hiera('rabbitmq_node_names') # # [*rabbit_port*] # IP port for rabbitmq service @@ -102,7 +102,7 @@ class tripleo::profile::base::keystone ( $heat_admin_user = undef, $manage_db_purge = hiera('keystone_enable_db_purge', true), $public_endpoint_network = hiera('keystone_public_api_network', undef), - $rabbit_hosts = hiera('rabbitmq_node_ips', undef), + $rabbit_hosts = hiera('rabbitmq_node_names', undef), $rabbit_port = hiera('keystone::rabbit_port', 5672), $step = hiera('step'), ) { @@ -142,7 +142,7 @@ class tripleo::profile::base::keystone ( } if $step >= 4 or ( $step >= 3 and $sync_db ) { - $rabbit_endpoints = suffix(any2array(normalize_ip_for_uri($rabbit_hosts)), ":${rabbit_port}") + $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") class { '::keystone': sync_db => $sync_db, enable_bootstrap => $sync_db, diff --git a/manifests/profile/base/manila.pp b/manifests/profile/base/manila.pp index 3e16dff..f021f64 100644 --- a/manifests/profile/base/manila.pp +++ b/manifests/profile/base/manila.pp @@ -27,8 +27,8 @@ # Defaults to hiera('step') # # [*rabbit_hosts*] -# list of the rabbbit host IPs -# Defaults to hiera('rabbitmq_node_ips') +# list of the rabbbit host fqdns +# Defaults to hiera('rabbitmq_node_names') # # [*rabbit_port*] # IP port for rabbitmq service @@ -37,7 +37,7 @@ class tripleo::profile::base::manila ( $bootstrap_node = hiera('bootstrap_nodeid', undef), $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_ips', undef), + $rabbit_hosts = hiera('rabbitmq_node_names', undef), $rabbit_port = hiera('manila::rabbit_port', 5672), ) { if $::hostname == downcase($bootstrap_node) { @@ -47,7 +47,7 @@ class tripleo::profile::base::manila ( } if $step >= 4 or ($step >= 3 and $sync_db) { - $rabbit_endpoints = suffix(any2array(normalize_ip_for_uri($rabbit_hosts)), ":${rabbit_port}") + $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") class { '::manila' : rabbit_hosts => $rabbit_endpoints, } diff --git a/manifests/profile/base/mistral.pp b/manifests/profile/base/mistral.pp index 3da754c..d8e1330 100644 --- a/manifests/profile/base/mistral.pp +++ b/manifests/profile/base/mistral.pp @@ -28,8 +28,8 @@ # Defaults to hiera('step') # # [*rabbit_hosts*] -# list of the rabbbit host IPs -# Defaults to hiera('rabbitmq_node_ips') +# list of the rabbbit host fqdns +# Defaults to hiera('rabbitmq_node_names') # # [*rabbit_port*] # IP port for rabbitmq service @@ -38,7 +38,7 @@ class tripleo::profile::base::mistral ( $bootstrap_node = hiera('bootstrap_nodeid', undef), $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_ips', undef), + $rabbit_hosts = hiera('rabbitmq_node_names', undef), $rabbit_port = hiera('mistral::rabbit_port', 5672), ) { if $::hostname == downcase($bootstrap_node) { @@ -48,7 +48,7 @@ class tripleo::profile::base::mistral ( } if $step >= 4 or ($step >= 3 and $sync_db) { - $rabbit_endpoints = suffix(any2array(normalize_ip_for_uri($rabbit_hosts)), ":${rabbit_port}") + $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") class { '::mistral': rabbit_hosts => $rabbit_endpoints, } diff --git a/manifests/profile/base/neutron.pp b/manifests/profile/base/neutron.pp index 64f5f32..e6a32db 100644 --- a/manifests/profile/base/neutron.pp +++ b/manifests/profile/base/neutron.pp @@ -23,8 +23,8 @@ # Defaults to hiera('step') # # [*rabbit_hosts*] -# list of the rabbbit host IPs -# Defaults to hiera('rabbitmq_node_ips') +# list of the rabbbit host fqdns +# Defaults to hiera('rabbitmq_node_names') # # [*rabbit_port*] # IP port for rabbitmq service @@ -32,11 +32,11 @@ class tripleo::profile::base::neutron ( $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_ips', undef), + $rabbit_hosts = hiera('rabbitmq_node_names', undef), $rabbit_port = hiera('neutron::rabbit_port', 5672), ) { if $step >= 3 { - $rabbit_endpoints = suffix(any2array(normalize_ip_for_uri($rabbit_hosts)), ":${rabbit_port}") + $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") class { '::neutron' : rabbit_hosts => $rabbit_endpoints, } diff --git a/manifests/profile/base/neutron/opendaylight.pp b/manifests/profile/base/neutron/opendaylight.pp index a3f46ec..556fe63 100644 --- a/manifests/profile/base/neutron/opendaylight.pp +++ b/manifests/profile/base/neutron/opendaylight.pp @@ -22,24 +22,19 @@ # (Optional) The current step of the deployment # Defaults to hiera('step') # -# [*primary_controller*] -# (Optional) The hostname of the first controller +# [*primary_node*] +# (Optional) The hostname of the first node of this role type # Defaults to hiera('bootstrap_nodeid', undef) # class tripleo::profile::base::neutron::opendaylight ( - $step = hiera('step'), - $primary_controller = hiera('bootstrap_nodeid', undef), + $step = hiera('step'), + $primary_node = hiera('bootstrap_nodeid', undef), ) { - include ::tripleo::profile::base::neutron - - if ! str2bool(hiera('opendaylight::enable_l3')) { - include ::tripleo::profile::base::neutron::l3 - } - if $step >= 1 { - # Configure ODL only on first controller - if $primary_controller == downcase($::hostname) { + # Configure ODL only on first node of the role where this service is + # applied + if $primary_node == downcase($::hostname) { include ::opendaylight } } diff --git a/manifests/profile/base/neutron/plugins/ml2.pp b/manifests/profile/base/neutron/plugins/ml2.pp index 4f4de0b..c046850 100644 --- a/manifests/profile/base/neutron/plugins/ml2.pp +++ b/manifests/profile/base/neutron/plugins/ml2.pp @@ -71,5 +71,10 @@ class tripleo::profile::base::neutron::plugins::ml2 ( if 'ovn' in $mechanism_drivers { include ::tripleo::profile::base::neutron::plugins::ml2::ovn } + + if 'fujitsu_cfab' in $mechanism_drivers { + include ::neutron::plugins::ml2::fujitsu + include ::neutron::plugins::ml2::fujitsu::cfab + } } } diff --git a/manifests/profile/base/neutron/server.pp b/manifests/profile/base/neutron/server.pp index 82c2d5f..4667ae2 100644 --- a/manifests/profile/base/neutron/server.pp +++ b/manifests/profile/base/neutron/server.pp @@ -27,9 +27,30 @@ # for more details. # Defaults to hiera('step') # +# [*l3_ha_override*] +# (Optional) Override the calculated value for neutron::server::l3_ha +# by default this is calculated to enable when DVR is not enabled +# and the number of nodes running neutron api is more than one. +# Defaults to '' which aligns with the t-h-t default, and means use +# the calculated value. Other possible values are 'true' or 'false' +# +# [*l3_nodes*] +# (Optional) List of nodes running the l3 agent, used when no override +# is passed to l3_ha_override to calculate enabling l3 HA. +# Defaults to hiera('neutron_l3_short_node_names') or [] +# (we need to default neutron_l3_short_node_names to an empty list +# because some neutron backends disable the l3 agent) +# +# [*dvr_enabled*] +# (Optional) Is dvr enabled, used when no override is passed to +# l3_ha_override to calculate enabling l3 HA. +# Defaults to hiera('neutron::server::router_distributed') or false class tripleo::profile::base::neutron::server ( $bootstrap_node = hiera('bootstrap_nodeid', undef), $step = hiera('step'), + $l3_ha_override = '', + $l3_nodes = hiera('neutron_l3_short_node_names', []), + $dvr_enabled = hiera('neutron::server::router_distributed', false) ) { if $::hostname == downcase($bootstrap_node) { $sync_db = true @@ -39,6 +60,16 @@ class tripleo::profile::base::neutron::server ( include ::tripleo::profile::base::neutron + # Calculate neutron::server::l3_ha based on the number of API nodes + # combined with if DVR is enabled. + if $l3_ha_override != '' { + $l3_ha = str2bool($l3_ha_override) + } elsif ! str2bool($dvr_enabled) { + $l3_ha = size($l3_nodes) > 1 + } else { + $l3_ha = false + } + # We start neutron-server on the bootstrap node first, because # it will try to populate tables and we need to make sure this happens # before it starts on other nodes @@ -48,12 +79,14 @@ class tripleo::profile::base::neutron::server ( # to true class { '::neutron::server': sync_db => $sync_db, + l3_ha => $l3_ha, } } if $step >= 5 and !$sync_db { include ::neutron::server::notifications class { '::neutron::server': sync_db => $sync_db, + l3_ha => $l3_ha, } } } diff --git a/manifests/profile/base/nova.pp b/manifests/profile/base/nova.pp index 4626465..7f1c862 100644 --- a/manifests/profile/base/nova.pp +++ b/manifests/profile/base/nova.pp @@ -39,8 +39,8 @@ # Defaults to hiera('step') # # [*rabbit_hosts*] -# list of the rabbbit host IPs -# Defaults to hiera('rabbitmq_node_ips') +# list of the rabbbit host fqdns +# Defaults to hiera('rabbitmq_node_names') # # [*rabbit_port*] # IP port for rabbitmq service @@ -52,7 +52,7 @@ class tripleo::profile::base::nova ( $manage_migration = false, $nova_compute_enabled = false, $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_ips', undef), + $rabbit_hosts = hiera('rabbitmq_node_names', undef), $rabbit_port = hiera('nova::rabbit_port', 5672), ) { if $::hostname == downcase($bootstrap_node) { @@ -68,7 +68,7 @@ class tripleo::profile::base::nova ( } if hiera('step') >= 4 or (hiera('step') >= 3 and $sync_db) { - $rabbit_endpoints = suffix(any2array(normalize_ip_for_uri($rabbit_hosts)), ":${rabbit_port}") + $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") class { '::nova' : rabbit_hosts => $rabbit_endpoints, } diff --git a/manifests/profile/base/pacemaker.pp b/manifests/profile/base/pacemaker.pp index cc5fd8a..19eb52b 100644 --- a/manifests/profile/base/pacemaker.pp +++ b/manifests/profile/base/pacemaker.pp @@ -40,7 +40,8 @@ class tripleo::profile::base::pacemaker ( $enable_fencing = str2bool(hiera('enable_fencing', false)) and $step >= 5 if $step >= 1 { - $pacemaker_cluster_members = downcase(regsubst(hiera('controller_node_names'), ',', ' ', 'G')) + $pacemaker_short_node_names = join(hiera('pacemaker_short_node_names'), ',') + $pacemaker_cluster_members = downcase(regsubst($pacemaker_short_node_names, ',', ' ', 'G')) $corosync_ipv6 = str2bool(hiera('corosync_ipv6', false)) if $corosync_ipv6 { $cluster_setup_extras = { '--token' => hiera('corosync_token_timeout', 1000), '--ipv6' => '' } diff --git a/manifests/profile/base/panko/api.pp b/manifests/profile/base/panko/api.pp index 32dfc38..45ee0c0 100644 --- a/manifests/profile/base/panko/api.pp +++ b/manifests/profile/base/panko/api.pp @@ -18,18 +18,69 @@ # # === Parameters # +# [*certificates_specs*] +# (Optional) The specifications to give to certmonger for the certificate(s) +# it will create. +# Example with hiera: +# apache_certificates_specs: +# httpd-internal_api: +# hostname: <overcloud controller fqdn> +# service_certificate: <service certificate path> +# service_key: <service key path> +# principal: "haproxy/<overcloud controller fqdn>" +# Defaults to hiera('apache_certificate_specs', {}). +# +# [*enable_internal_tls*] +# (Optional) Whether TLS in the internal network is enabled or not. +# Defaults to hiera('enable_internal_tls', false) +# +# [*generate_service_certificates*] +# (Optional) Whether or not certmonger will generate certificates for +# HAProxy. This could be as many as specified by the $certificates_specs +# variable. +# Note that this doesn't configure the certificates in haproxy, it merely +# creates the certificates. +# Defaults to hiera('generate_service_certificate', false). +# +# [*panko_network*] +# (Optional) The network name where the panko endpoint is listening on. +# This is set by t-h-t. +# Defaults to hiera('panko_api_network', undef) +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') # class tripleo::profile::base::panko::api ( - $step = hiera('step'), + $certificates_specs = hiera('apache_certificates_specs', {}), + $enable_internal_tls = hiera('enable_internal_tls', false), + $generate_service_certificates = hiera('generate_service_certificates', false), + $panko_network = hiera('panko_api_network', undef), + $step = hiera('step'), ) { include ::tripleo::profile::base::panko + if $enable_internal_tls { + if $generate_service_certificates { + ensure_resources('tripleo::certmonger::httpd', $certificates_specs) + } + + if !$panko_network { + fail('panko_api_network is not set in the hieradata.') + } + $tls_certfile = $certificates_specs["httpd-${panko_network}"]['service_certificate'] + $tls_keyfile = $certificates_specs["httpd-${panko_network}"]['service_key'] + } else { + $tls_certfile = undef + $tls_keyfile = undef + } + if $step >= 4 { include ::panko::api - include ::panko::wsgi::apache + class { '::panko::wsgi::apache': + ssl_cert => $tls_certfile, + ssl_key => $tls_keyfile, + } } } diff --git a/manifests/profile/base/rabbitmq.pp b/manifests/profile/base/rabbitmq.pp index d90805a..15bab44 100644 --- a/manifests/profile/base/rabbitmq.pp +++ b/manifests/profile/base/rabbitmq.pp @@ -36,7 +36,7 @@ # # [*nodes*] # (Optional) Array of host(s) for RabbitMQ nodes. -# Defaults to hiera('rabbitmq_node_ips', []). +# Defaults to hiera('rabbitmq_node_names', []). # # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates @@ -48,7 +48,7 @@ class tripleo::profile::base::rabbitmq ( $environment = hiera('rabbitmq_environment'), $ipv6 = str2bool(hiera('rabbit_ipv6', false)), $kernel_variables = hiera('rabbitmq_kernel_variables'), - $nodes = hiera('rabbitmq_node_ips', []), + $nodes = hiera('rabbitmq_node_names', []), $step = hiera('step'), ) { # IPv6 environment, necessary for RabbitMQ. diff --git a/manifests/profile/base/sahara.pp b/manifests/profile/base/sahara.pp index f509225..8db071b 100644 --- a/manifests/profile/base/sahara.pp +++ b/manifests/profile/base/sahara.pp @@ -27,8 +27,8 @@ # Defaults to hiera('step') # # [*rabbit_hosts*] -# list of the rabbbit host IPs -# Defaults to hiera('rabbitmq_node_ips') +# list of the rabbbit host fqdns +# Defaults to hiera('rabbitmq_node_names') # # [*rabbit_port*] # IP port for rabbitmq service @@ -37,7 +37,7 @@ class tripleo::profile::base::sahara ( $bootstrap_node = hiera('bootstrap_nodeid', undef), $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_ips', undef), + $rabbit_hosts = hiera('rabbitmq_node_names', undef), $rabbit_port = hiera('sahara::rabbit_port', 5672), ) { if $::hostname == downcase($bootstrap_node) { @@ -47,7 +47,7 @@ class tripleo::profile::base::sahara ( } if $step >= 4 or ($step >= 3 and $sync_db){ - $rabbit_endpoints = suffix(any2array(normalize_ip_for_uri($rabbit_hosts)), ":${rabbit_port}") + $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") class { '::sahara': sync_db => $sync_db, rabbit_hosts => $rabbit_endpoints, diff --git a/manifests/profile/base/swift/proxy.pp b/manifests/profile/base/swift/proxy.pp index 15b4686..7bbef1e 100644 --- a/manifests/profile/base/swift/proxy.pp +++ b/manifests/profile/base/swift/proxy.pp @@ -32,19 +32,24 @@ # Defaults to 11211 # # [*rabbit_hosts*] -# list of the rabbbit host IPs -# Defaults to hiera('rabbitmq_node_ips') +# list of the rabbbit host fqdns +# Defaults to hiera('rabbitmq_node_names') # # [*rabbit_port*] # IP port for rabbitmq service -# Defaults to hiera('swift::proxy::ceilometer::rabbit_port', 5672) +# Defaults to 5672 +# +# [*ceilometer_enabled*] +# Whether the ceilometer pipeline is enabled. +# Defaults to true # class tripleo::profile::base::swift::proxy ( - $step = hiera('step'), - $memcache_servers = hiera('memcached_node_ips'), - $memcache_port = 11211, - $rabbit_hosts = hiera('rabbitmq_node_ips', undef), - $rabbit_port = hiera('swift::proxy::ceilometer::rabbit_port', 5672), + $step = hiera('step'), + $memcache_servers = hiera('memcached_node_ips'), + $memcache_port = 11211, + $rabbit_hosts = hiera('rabbitmq_node_names', undef), + $rabbit_port = 5672, + $ceilometer_enabled = true, ) { if $step >= 4 { $swift_memcache_servers = suffix(any2array(normalize_ip_for_uri($memcache_servers)), ":${memcache_port}") @@ -63,10 +68,17 @@ class tripleo::profile::base::swift::proxy ( include ::swift::proxy::tempurl include ::swift::proxy::formpost include ::swift::proxy::bulk - $swift_rabbit_hosts = suffix(any2array(normalize_ip_for_uri($rabbit_hosts)), ":${rabbit_port}") - class { '::swift::proxy::ceilometer': - rabbit_hosts => $swift_rabbit_hosts, + $swift_rabbit_hosts = suffix(any2array($rabbit_hosts), ":${rabbit_port}") + if $ceilometer_enabled { + class { '::swift::proxy::ceilometer': + rabbit_hosts => $swift_rabbit_hosts, + } } include ::swift::proxy::versioned_writes + include ::swift::proxy::slo + include ::swift::proxy::dlo + include ::swift::proxy::copy + include ::swift::proxy::container_quotas + include ::swift::proxy::account_quotas } } |