diff options
Diffstat (limited to 'manifests/profile/base')
45 files changed, 1892 insertions, 368 deletions
diff --git a/manifests/profile/base/aodh.pp b/manifests/profile/base/aodh.pp index 6e70b50..da8aaa6 100644 --- a/manifests/profile/base/aodh.pp +++ b/manifests/profile/base/aodh.pp @@ -27,19 +27,64 @@ # (Optional) The hostname of the node responsible for bootstrapping tasks # Defaults to hiera('bootstrap_nodeid') # -# [*rabbit_hosts*] -# list of the rabbbit host fqdns +# [*oslomsg_rpc_proto*] +# Protocol driver for the oslo messaging rpc service +# Defaults to hiera('messaging_rpc_service_name', rabbit) +# +# [*oslomsg_rpc_hosts*] +# list of the oslo messaging rpc host fqdns # Defaults to hiera('rabbitmq_node_names') # -# [*rabbit_port*] -# IP port for rabbitmq service +# [*oslomsg_rpc_port*] +# IP port for oslo messaging rpc service # Defaults to hiera('aodh::rabbit_port', 5672) +# +# [*oslomsg_rpc_username*] +# Username for oslo messaging rpc service +# Defaults to hiera('aodh::rabbit_userid', 'guest') +# +# [*oslomsg_rpc_password*] +# Password for oslo messaging rpc service +# Defaults to hiera('aodh::rabbit_password') +# +# [*oslomsg_notify_proto*] +# Protocol driver for the oslo messaging notify service +# Defaults to hiera('messaging_notify_service_name', rabbit) +# +# [*oslomsg_notify_hosts*] +# list of the oslo messaging notify host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*oslomsg_notify_port*] +# IP port for oslo messaging notify service +# Defaults to hiera('aodh::rabbit_port', 5672) +# +# [*oslomsg_notify_username*] +# Username for oslo messaging notify service +# Defaults to hiera('aodh::rabbit_userid', 'guest') +# +# [*oslomsg_notify_password*] +# Password for oslo messaging notify service +# Defaults to hiera('aodh::rabbit_password') +# +# [*oslomsg_use_ssl*] +# Enable ssl oslo messaging services +# Defaults to hiera('aodh::rabbit_use_ssl', '0') class tripleo::profile::base::aodh ( - $step = hiera('step'), - $bootstrap_node = hiera('bootstrap_nodeid', undef), - $rabbit_hosts = hiera('rabbitmq_node_names', undef), - $rabbit_port = hiera('aodh::rabbit_port', 5672), + $step = hiera('step'), + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), + $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_rpc_password = hiera('aodh::rabbit_password'), + $oslomsg_rpc_port = hiera('aodh::rabbit_port', '5672'), + $oslomsg_rpc_username = hiera('aodh::rabbit_userid', 'guest'), + $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'), + $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_notify_password = hiera('aodh::rabbit_password'), + $oslomsg_notify_port = hiera('aodh::rabbit_port', '5672'), + $oslomsg_notify_username = hiera('aodh::rabbit_userid', 'guest'), + $oslomsg_use_ssl = hiera('aodh::rabbit_use_ssl', '0'), ) { if $::hostname == downcase($bootstrap_node) { @@ -49,9 +94,24 @@ class tripleo::profile::base::aodh ( } if $step >= 4 or ($step >= 3 and $sync_db) { - $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") + $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) class { '::aodh' : - rabbit_hosts => $rabbit_endpoints, + default_transport_url => os_transport_url({ + 'transport' => $oslomsg_rpc_proto, + 'hosts' => $oslomsg_rpc_hosts, + 'port' => $oslomsg_rpc_port, + 'username' => $oslomsg_rpc_username, + 'password' => $oslomsg_rpc_password, + 'ssl' => $oslomsg_use_ssl_real, + }), + notification_transport_url => os_transport_url({ + 'transport' => $oslomsg_notify_proto, + 'hosts' => $oslomsg_notify_hosts, + 'port' => $oslomsg_notify_port, + 'username' => $oslomsg_notify_username, + 'password' => $oslomsg_notify_password, + 'ssl' => $oslomsg_use_ssl_real, + }), } include ::aodh::auth include ::aodh::config diff --git a/manifests/profile/base/barbican/api.pp b/manifests/profile/base/barbican/api.pp index b464317..22984b1 100644 --- a/manifests/profile/base/barbican/api.pp +++ b/manifests/profile/base/barbican/api.pp @@ -56,6 +56,50 @@ # for more details. # Defaults to hiera('step') # +# [*oslomsg_rpc_proto*] +# Protocol driver for the oslo messaging rpc service +# Defaults to hiera('messaging_rpc_service_name', rabbit) +# +# [*oslomsg_rpc_hosts*] +# list of the oslo messaging rpc host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*oslomsg_rpc_port*] +# IP port for oslo messaging rpc service +# Defaults to hiera('barbican::api::rabbit_port', 5672) +# +# [*oslomsg_rpc_username*] +# Username for oslo messaging rpc service +# Defaults to hiera('barbican::api::rabbit_userid', 'guest') +# +# [*oslomsg_rpc_password*] +# Password for oslo messaging rpc service +# Defaults to hiera('barbican::api::rabbit_password') +# +# [*oslomsg_notify_proto*] +# Protocol driver for the oslo messaging notify service +# Defaults to hiera('messaging_notify_service_name', rabbit) +# +# [*oslomsg_notify_hosts*] +# list of the oslo messaging notify host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*oslomsg_notify_port*] +# IP port for oslo messaging notify service +# Defaults to hiera('barbican::api::rabbit_port', 5672) +# +# [*oslomsg_notify_username*] +# Username for oslo messaging notify service +# Defaults to hiera('barbican::api::rabbit_userid', 'guest') +# +# [*oslomsg_notify_password*] +# Password for oslo messaging notify service +# Defaults to hiera('barbican::api::rabbit_password') +# +# [*oslomsg_use_ssl*] +# Enable ssl oslo messaging services +# Defaults to hiera('barbican::api::rabbit_use_ssl', '0') + class tripleo::profile::base::barbican::api ( $barbican_network = hiera('barbican_api_network', undef), $bootstrap_node = hiera('bootstrap_nodeid', undef), @@ -63,6 +107,17 @@ class tripleo::profile::base::barbican::api ( $enable_internal_tls = hiera('enable_internal_tls', false), $generate_service_certificates = hiera('generate_service_certificates', false), $step = hiera('step'), + $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), + $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_rpc_password = hiera('barbican::api::rabbit_password'), + $oslomsg_rpc_port = hiera('barbican::api::rabbit_port', '5672'), + $oslomsg_rpc_username = hiera('barbican::api::rabbit_userid', 'guest'), + $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'), + $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_notify_password = hiera('barbican::api::rabbit_password'), + $oslomsg_notify_port = hiera('barbican::api::rabbit_port', '5672'), + $oslomsg_notify_username = hiera('barbican::api::rabbit_userid', 'guest'), + $oslomsg_use_ssl = hiera('barbican::api::rabbit_use_ssl', '0'), ) { if $::hostname == downcase($bootstrap_node) { $sync_db = true @@ -92,8 +147,25 @@ class tripleo::profile::base::barbican::api ( } if $step >= 4 or ( $step >= 3 and $sync_db ) { + $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) class { '::barbican::api': - sync_db => $sync_db + sync_db => $sync_db, + default_transport_url => os_transport_url({ + 'transport' => $oslomsg_rpc_proto, + 'hosts' => $oslomsg_rpc_hosts, + 'port' => $oslomsg_rpc_port, + 'username' => $oslomsg_rpc_username, + 'password' => $oslomsg_rpc_password, + 'ssl' => $oslomsg_use_ssl_real, + }), + notification_transport_url => os_transport_url({ + 'transport' => $oslomsg_notify_proto, + 'hosts' => $oslomsg_notify_hosts, + 'port' => $oslomsg_notify_port, + 'username' => $oslomsg_notify_username, + 'password' => $oslomsg_notify_password, + 'ssl' => $oslomsg_use_ssl_real, + }), } include ::barbican::keystone::authtoken include ::barbican::api::logging diff --git a/manifests/profile/base/ceilometer.pp b/manifests/profile/base/ceilometer.pp index bbe7f27..2855bd2 100644 --- a/manifests/profile/base/ceilometer.pp +++ b/manifests/profile/base/ceilometer.pp @@ -23,24 +23,84 @@ # for more details. # Defaults to hiera('step') # -# [*rabbit_hosts*] -# list of the rabbbit host fqdns +# [*oslomsg_rpc_proto*] +# Protocol driver for the oslo messaging rpc service +# Defaults to hiera('messaging_rpc_service_name', rabbit) +# +# [*oslomsg_rpc_hosts*] +# list of the oslo messaging rpc host fqdns # Defaults to hiera('rabbitmq_node_names') # -# [*rabbit_port*] -# IP port for rabbitmq service +# [*oslomsg_rpc_port*] +# IP port for oslo messaging rpc service # Defaults to hiera('ceilometer::rabbit_port', 5672) +# +# [*oslomsg_rpc_username*] +# Username for oslo messaging rpc service +# Defaults to hiera('ceilometer::rabbit_userid', 'guest') +# +# [*oslomsg_rpc_password*] +# Password for oslo messaging rpc service +# Defaults to hiera('ceilometer::rabbit_password') +# +# [*oslomsg_notify_proto*] +# Protocol driver for the oslo messaging notify service +# Defaults to hiera('messaging_notify_service_name', rabbit) +# +# [*oslomsg_notify_hosts*] +# list of the oslo messaging notify host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*oslomsg_notify_port*] +# IP port for oslo messaging notify service +# Defaults to hiera('ceilometer::rabbit_port', 5672) +# +# [*oslomsg_notify_username*] +# Username for oslo messaging notify service +# Defaults to hiera('ceilometer::rabbit_userid', 'guest') +# +# [*oslomsg_notify_password*] +# Password for oslo messaging notify service +# Defaults to hiera('ceilometer::rabbit_password') +# +# [*oslomsg_use_ssl*] +# Enable ssl oslo messaging services +# Defaults to hiera('ceilometer::rabbit_use_ssl', '0') class tripleo::profile::base::ceilometer ( - $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_names', undef), - $rabbit_port = hiera('ceilometer::rabbit_port', 5672), + $step = hiera('step'), + $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), + $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_rpc_password = hiera('ceilometer::rabbit_password'), + $oslomsg_rpc_port = hiera('ceilometer::rabbit_port', '5672'), + $oslomsg_rpc_username = hiera('ceilometer::rabbit_userid', 'guest'), + $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'), + $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_notify_password = hiera('ceilometer::rabbit_password'), + $oslomsg_notify_port = hiera('ceilometer::rabbit_port', '5672'), + $oslomsg_notify_username = hiera('ceilometer::rabbit_userid', 'guest'), + $oslomsg_use_ssl = hiera('ceilometer::rabbit_use_ssl', '0'), ) { if $step >= 3 { - $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") + $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) class { '::ceilometer' : - rabbit_hosts => $rabbit_endpoints, + default_transport_url => os_transport_url({ + 'transport' => $oslomsg_rpc_proto, + 'hosts' => $oslomsg_rpc_hosts, + 'port' => $oslomsg_rpc_port, + 'username' => $oslomsg_rpc_username, + 'password' => $oslomsg_rpc_password, + 'ssl' => $oslomsg_use_ssl_real, + }), + notification_transport_url => os_transport_url({ + 'transport' => $oslomsg_notify_proto, + 'hosts' => $oslomsg_notify_hosts, + 'port' => $oslomsg_notify_port, + 'username' => $oslomsg_notify_username, + 'password' => $oslomsg_notify_password, + 'ssl' => $oslomsg_use_ssl_real, + }), } include ::ceilometer::config } diff --git a/manifests/profile/base/ceilometer/agent/polling.pp b/manifests/profile/base/ceilometer/agent/polling.pp new file mode 100644 index 0000000..3706c2e --- /dev/null +++ b/manifests/profile/base/ceilometer/agent/polling.pp @@ -0,0 +1,64 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::ceilometer::agent::polling +# +# Ceilometer polling Agent profile for tripleo +# +# === Parameters +# +# [*central_namespace*] +# (Optional) Use central namespace for polling agent. +# Defaults to false. +# +# [*compute_namespace*] +# (Optional) Use compute namespace for polling agent. +# Defaults to false. +# +# [*ipmi_namespace*] +# (Optional) Use ipmi namespace for polling agent. +# Defaults to false. +# +# [*ceilometer_redis_password*] +# (Optional) redis password to configure coordination url +# +# [*redis_vip*] +# (Optional) redis vip to configure coordination url +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::ceilometer::agent::polling ( + $central_namespace = hiera('central_namespace', false), + $compute_namespace = hiera('compute_namespace', false), + $ipmi_namespace = hiera('ipmi_namespace', false), + $ceilometer_redis_password = hiera('ceilometer_redis_password', undef), + $redis_vip = hiera('redis_vip', undef), + $step = hiera('step'), +) { + include ::tripleo::profile::base::ceilometer + + if $step >= 4 { + include ::ceilometer::agent::auth + class { '::ceilometer::agent::polling': + central_namespace => $central_namespace, + compute_namespace => $compute_namespace, + ipmi_namespace => $ipmi_namespace, + coordination_url => join(['redis://:', $ceilometer_redis_password, '@', normalize_ip_for_uri($redis_vip), ':6379/']), + } + } + +} diff --git a/manifests/profile/base/cinder.pp b/manifests/profile/base/cinder.pp index 6e8fbb2..fc3c659 100644 --- a/manifests/profile/base/cinder.pp +++ b/manifests/profile/base/cinder.pp @@ -30,20 +30,65 @@ # (Optional) The current step of the deployment # Defaults to hiera('step') # -# [*rabbit_hosts*] -# list of the rabbbit host fqdns +# [*oslomsg_rpc_proto*] +# Protocol driver for the oslo messaging rpc service +# Defaults to hiera('messaging_rpc_service_name', rabbit) +# +# [*oslomsg_rpc_hosts*] +# list of the oslo messaging rpc host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*oslomsg_rpc_port*] +# IP port for oslo messaging rpc service +# Defaults to hiera('cinder::rabbit_port', 5672) +# +# [*oslomsg_rpc_username*] +# Username for oslo messaging rpc service +# Defaults to hiera('cinder::rabbit_userid', 'guest') +# +# [*oslomsg_rpc_password*] +# Password for oslo messaging rpc service +# Defaults to hiera('cinder::rabbit_password') +# +# [*oslomsg_notify_proto*] +# Protocol driver for the oslo messaging notify service +# Defaults to hiera('messaging_notify_service_name', rabbit) +# +# [*oslomsg_notify_hosts*] +# list of the oslo messaging notify host fqdns # Defaults to hiera('rabbitmq_node_names') # -# [*rabbit_port*] -# IP port for rabbitmq service +# [*oslomsg_notify_port*] +# IP port for oslo messaging notify service # Defaults to hiera('cinder::rabbit_port', 5672) +# +# [*oslomsg_notify_username*] +# Username for oslo messaging notify service +# Defaults to hiera('cinder::rabbit_userid', 'guest') +# +# [*oslomsg_notify_password*] +# Password for oslo messaging notify service +# Defaults to hiera('cinder::rabbit_password') +# +# [*oslomsg_use_ssl*] +# Enable ssl oslo messaging services +# Defaults to hiera('cinder::rabbit_use_ssl', '0') class tripleo::profile::base::cinder ( - $bootstrap_node = hiera('bootstrap_nodeid', undef), - $cinder_enable_db_purge = true, - $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_names', undef), - $rabbit_port = hiera('cinder::rabbit_port', 5672), + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $cinder_enable_db_purge = true, + $step = hiera('step'), + $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), + $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_rpc_password = hiera('cinder::rabbit_password'), + $oslomsg_rpc_port = hiera('cinder::rabbit_port', '5672'), + $oslomsg_rpc_username = hiera('cinder::rabbit_userid', 'guest'), + $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'), + $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_notify_password = hiera('cinder::rabbit_password'), + $oslomsg_notify_port = hiera('cinder::rabbit_port', '5672'), + $oslomsg_notify_username = hiera('cinder::rabbit_userid', 'guest'), + $oslomsg_use_ssl = hiera('cinder::rabbit_use_ssl', '0'), ) { if $::hostname == downcase($bootstrap_node) { $sync_db = true @@ -52,9 +97,26 @@ class tripleo::profile::base::cinder ( } if $step >= 4 or ($step >= 3 and $sync_db) { - $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") + $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) class { '::cinder' : - rabbit_hosts => $rabbit_endpoints, + default_transport_url => os_transport_url({ + 'transport' => $oslomsg_rpc_proto, + 'hosts' => $oslomsg_rpc_hosts, + 'port' => $oslomsg_rpc_port, + 'username' => $oslomsg_rpc_username, + 'password' => $oslomsg_rpc_password, + 'ssl' => $oslomsg_use_ssl_real, + }), + } + class { '::cinder::ceilometer' : + notification_transport_url => os_transport_url({ + 'transport' => $oslomsg_notify_proto, + 'hosts' => $oslomsg_notify_hosts, + 'port' => $oslomsg_notify_port, + 'username' => $oslomsg_notify_username, + 'password' => $oslomsg_notify_password, + 'ssl' => $oslomsg_use_ssl_real, + }), } include ::cinder::config include ::cinder::glance diff --git a/manifests/profile/base/cinder/volume.pp b/manifests/profile/base/cinder/volume.pp index 7663b6f..9fb1594 100644 --- a/manifests/profile/base/cinder/volume.pp +++ b/manifests/profile/base/cinder/volume.pp @@ -26,8 +26,8 @@ # (Optional) Whether to enable the hpelefthand backend # Defaults to false # -# [*cinder_enable_eqlx_backend*] -# (Optional) Whether to enable the eqlx backend +# [*cinder_enable_dellps_backend*] +# (Optional) Whether to enable the dellps backend # Defaults to true # # [*cinder_enable_iscsi_backend*] @@ -46,6 +46,10 @@ # (Optional) Whether to enable the rbd backend # Defaults to true # +# [*cinder_enable_scaleio_backend*] +# (Optional) Whether to enable the scaleio backend +# Defaults to true +# # [*cinder_user_enabled_backends*] # (Optional) List of additional backend stanzas to activate # Defaults to hiera('cinder_user_enabled_backends') @@ -58,11 +62,12 @@ class tripleo::profile::base::cinder::volume ( $cinder_enable_dellsc_backend = false, $cinder_enable_hpelefthand_backend = false, - $cinder_enable_eqlx_backend = false, + $cinder_enable_dellps_backend = false, $cinder_enable_iscsi_backend = true, $cinder_enable_netapp_backend = false, $cinder_enable_nfs_backend = false, $cinder_enable_rbd_backend = false, + $cinder_enable_scaleio_backend = false, $cinder_user_enabled_backends = hiera('cinder_user_enabled_backends', undef), $step = hiera('step'), ) { @@ -85,11 +90,11 @@ class tripleo::profile::base::cinder::volume ( $cinder_hpelefthand_backend_name = undef } - if $cinder_enable_eqlx_backend { - include ::tripleo::profile::base::cinder::volume::eqlx - $cinder_eqlx_backend_name = hiera('cinder::backend::eqlx::volume_backend_name', 'tripleo_eqlx') + if $cinder_enable_dellps_backend { + include ::tripleo::profile::base::cinder::volume::dellps + $cinder_dellps_backend_name = hiera('cinder::backend::dellps::volume_backend_name', 'tripleo_dellps') } else { - $cinder_eqlx_backend_name = undef + $cinder_dellps_backend_name = undef } if $cinder_enable_iscsi_backend { @@ -120,13 +125,21 @@ class tripleo::profile::base::cinder::volume ( $cinder_rbd_backend_name = undef } + if $cinder_enable_scaleio_backend { + include ::tripleo::profile::base::cinder::volume::scaleio + $cinder_scaleio_backend_name = hiera('cinder::backend::scaleio::volume_backend_name', 'tripleo_scaleio') + } else { + $cinder_scaleio_backend_name = undef + } + $backends = delete_undef_values([$cinder_iscsi_backend_name, $cinder_rbd_backend_name, - $cinder_eqlx_backend_name, + $cinder_dellps_backend_name, $cinder_dellsc_backend_name, $cinder_hpelefthand_backend_name, $cinder_netapp_backend_name, $cinder_nfs_backend_name, + $cinder_scaleio_backend_name, $cinder_user_enabled_backends]) # NOTE(aschultz): during testing it was found that puppet 3 may incorrectly # include a "" in the previous array which is not removed by the diff --git a/manifests/profile/base/cinder/volume/eqlx.pp b/manifests/profile/base/cinder/volume/dellps.pp index fe24f4b..1338240 100644 --- a/manifests/profile/base/cinder/volume/eqlx.pp +++ b/manifests/profile/base/cinder/volume/dellps.pp @@ -12,23 +12,23 @@ # License for the specific language governing permissions and limitations # under the License. # -# == Class: tripleo::profile::base::cinder::volume::eqlx +# == Class: tripleo::profile::base::cinder::volume::dellps # -# Cinder Volume eqlx profile for tripleo +# Cinder Volume for dellps profile tripleo # # === Parameters # # [*backend_name*] # (Optional) Name given to the Cinder backend stanza -# Defaults to 'tripleo_eqlx' +# Defaults to 'tripleo_dellps' # # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') # -class tripleo::profile::base::cinder::volume::eqlx ( - $backend_name = hiera('cinder::backend::eqlx::volume_backend_name', 'tripleo_eqlx'), +class tripleo::profile::base::cinder::volume::dellps ( + $backend_name = hiera('cinder::backend::eqlx::volume_backend_name', 'tripleo_dellps'), $step = hiera('step'), ) { include ::tripleo::profile::base::cinder::volume diff --git a/manifests/profile/base/cinder/volume/scaleio.pp b/manifests/profile/base/cinder/volume/scaleio.pp new file mode 100644 index 0000000..a30cffa --- /dev/null +++ b/manifests/profile/base/cinder/volume/scaleio.pp @@ -0,0 +1,56 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::cinder::volume::scaleio +# +# Cinder Volume scaleio profile for tripleo +# +# === Parameters +# +# [*backend_name*] +# (Optional) Name given to the Cinder backend stanza +# Defaults to 'tripleo_scaleio' +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::cinder::volume::scaleio ( + $backend_name = hiera('cinder::backend::scaleio::volume_backend_name', 'tripleo_scaleio'), + $step = hiera('step'), +) { + include ::tripleo::profile::base::cinder::volume + + if $step >= 4 { + cinder::backend::scaleio { $backend_name : + sio_login => hiera('cinder::backend::scaleio::sio_login', undef), + sio_password => hiera('cinder::backend::scaleio::sio_password', undef), + sio_server_hostname => hiera('cinder::backend::scaleio::sio_server_hostname', undef), + sio_server_port => hiera('cinder::backend::scaleio::sio_server_port', undef), + sio_verify_server_certificate => hiera('cinder::backend::scaleio::sio_verify_server_certificate', undef), + sio_server_certificate_path => hiera('cinder::backend::scaleio::sio_server_certificate_path', undef), + sio_protection_domain_name => hiera('cinder::backend::scaleio::sio_protection_domain_name', undef), + sio_protection_domain_id => hiera('cinder::backend::scaleio::sio_protection_domain_id', undef), + sio_storage_pool_id => hiera('cinder::backend::scaleio::sio_storage_pool_id', undef), + sio_storage_pool_name => hiera('cinder::backend::scaleio::sio_storage_pool_name', undef), + sio_storage_pools => hiera('cinder::backend::scaleio::sio_storage_pools', undef), + sio_round_volume_capacity => hiera('cinder::backend::scaleio::sio_round_volume_capacity', undef), + sio_unmap_volume_before_deletion => hiera('cinder::backend::scaleio::sio_unmap_volume_before_deletion', undef), + sio_max_over_subscription_ratio => hiera('cinder::backend::scaleio::sio_max_over_subscription_ratio', undef), + sio_thin_provision => hiera('cinder::backend::scaleio::sio_thin_provision', undef), + } + } + +} diff --git a/manifests/profile/base/congress.pp b/manifests/profile/base/congress.pp index 1731e81..3d1a693 100644 --- a/manifests/profile/base/congress.pp +++ b/manifests/profile/base/congress.pp @@ -22,43 +22,43 @@ # (Optional) The hostname of the node responsible for bootstrapping tasks # Defaults to hiera('bootstrap_nodeid') # -# [*messaging_driver*] -# Driver for messaging service. -# Defaults to hiera('messaging_service_name', 'rabbit') +# [*step*] +# (Optional) The current step of the deployment +# Defaults to hiera('step') # -# [*messaging_hosts*] -# list of the messaging host fqdns -# Defaults to hiera('rabbitmq_node_names') +# [*oslomsg_rpc_proto*] +# Protocol driver for the oslo messaging rpc service +# Defaults to hiera('messaging_rpc_service_name', rabbit) # -# [*messaging_password*] -# Password for messaging congress queue -# Defaults to hiera('congress::rabbit_password') +# [*oslomsg_rpc_hosts*] +# list of the oslo messaging rpc host fqdns +# Defaults to hiera('rabbitmq_node_names') # -# [*messaging_port*] -# IP port for messaging service +# [*oslomsg_rpc_port*] +# IP port for oslo messaging rpc service # Defaults to hiera('congress::rabbit_port', 5672) # -# [*messaging_username*] -# Username for messaging congress queue +# [*oslomsg_rpc_username*] +# Username for oslo messaging rpc service # Defaults to hiera('congress::rabbit_userid', 'guest') # -# [*messaging_use_ssl*] -# Flag indicating ssl usage. -# Defaults to hiera('congress::rabbit_use_ssl', '0') +# [*oslomsg_rpc_password*] +# Password for oslo messaging rpc service +# Defaults to hiera('congress::rabbit_password') # -# [*step*] -# (Optional) The current step of the deployment -# Defaults to hiera('step') +# [*oslomsg_use_ssl*] +# Enable ssl oslo messaging services +# Defaults to hiera('congress::rabbit_use_ssl', '0') class tripleo::profile::base::congress ( $bootstrap_node = hiera('bootstrap_nodeid', undef), - $messaging_driver = hiera('messaging_service_name', 'rabbit'), - $messaging_hosts = any2array(hiera('rabbitmq_node_names', undef)), - $messaging_password = hiera('congress::rabbit_password'), - $messaging_port = hiera('congress::rabbit_port', '5672'), - $messaging_username = hiera('congress::rabbit_userid', 'guest'), - $messaging_use_ssl = hiera('congress::rabbit_use_ssl', '0'), $step = hiera('step'), + $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), + $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_rpc_password = hiera('congress::rabbit_password'), + $oslomsg_rpc_port = hiera('congress::rabbit_port', '5672'), + $oslomsg_rpc_username = hiera('congress::rabbit_userid', 'guest'), + $oslomsg_use_ssl = hiera('congress::rabbit_use_ssl', '0'), ) { if $::hostname == downcase($bootstrap_node) { $sync_db = true @@ -67,16 +67,16 @@ class tripleo::profile::base::congress ( } if $step >= 4 or ($step >= 3 and $sync_db){ - $messaging_use_ssl_real = sprintf('%s', bool2num(str2bool($messaging_use_ssl))) + $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) class { '::congress': sync_db => $sync_db, default_transport_url => os_transport_url({ - 'transport' => $messaging_driver, - 'hosts' => $messaging_hosts, - 'port' => sprintf('%s', $messaging_port), - 'username' => $messaging_username, - 'password' => $messaging_password, - 'ssl' => $messaging_use_ssl_real, + 'transport' => $oslomsg_rpc_proto, + 'hosts' => $oslomsg_rpc_hosts, + 'port' => sprintf('%s', $oslomsg_rpc_port), + 'username' => $oslomsg_rpc_username, + 'password' => $oslomsg_rpc_password, + 'ssl' => $oslomsg_use_ssl_real, }), } diff --git a/manifests/profile/base/database/mysql.pp b/manifests/profile/base/database/mysql.pp index 4ccfabc..a0193cf 100644 --- a/manifests/profile/base/database/mysql.pp +++ b/manifests/profile/base/database/mysql.pp @@ -42,6 +42,11 @@ # (Optional) Whether TLS in the internal network is enabled or not. # Defaults to hiera('enable_internal_tls', false) # +# [*generate_dropin_file_limit*] +# (Optional) Generate a systemd drop-in file to raise the file descriptor +# limit for the mysql service. +# Defaults to false +# # [*generate_service_certificates*] # (Optional) Whether or not certmonger will generate certificates for # MySQL. This could be as many as specified by the $certificates_specs @@ -72,6 +77,7 @@ class tripleo::profile::base::database::mysql ( $bootstrap_node = hiera('bootstrap_nodeid', undef), $certificate_specs = {}, $enable_internal_tls = hiera('enable_internal_tls', false), + $generate_dropin_file_limit = false, $generate_service_certificates = hiera('generate_service_certificates', false), $manage_resources = true, $mysql_server_options = {}, @@ -119,13 +125,14 @@ class tripleo::profile::base::database::mysql ( # MysqlNetwork and ControllerHostnameResolveNetwork in ServiceNetMap $mysql_server_default = { 'mysqld' => { - 'bind-address' => $bind_address, - 'max_connections' => hiera('mysql_max_connections'), - 'open_files_limit' => '-1', - 'ssl' => $enable_internal_tls, - 'ssl-key' => $tls_keyfile, - 'ssl-cert' => $tls_certfile, - 'ssl-ca' => undef, + 'bind-address' => $bind_address, + 'max_connections' => hiera('mysql_max_connections'), + 'open_files_limit' => '-1', + 'innodb_file_per_table' => 'ON', + 'ssl' => $enable_internal_tls, + 'ssl-key' => $tls_keyfile, + 'ssl-cert' => $tls_certfile, + 'ssl-ca' => undef, } } $mysql_server_options_real = deep_merge($mysql_server_default, $mysql_server_options) @@ -138,6 +145,15 @@ class tripleo::profile::base::database::mysql ( service_enabled => $manage_resources, remove_default_accounts => $remove_default_accounts, } + + if $generate_dropin_file_limit { + # Raise the mysql file limit + ::systemd::service_limits { 'mariadb.service': + limits => { + LimitNOFILE => 16384 + } + } + } } if $step >= 2 and $sync_db { @@ -166,6 +182,9 @@ class tripleo::profile::base::database::mysql ( if hiera('ironic_api_enabled', false) { include ::ironic::db::mysql } + if hiera('ironic_inspector_enabled', false) { + include ::ironic::inspector::db::mysql + } if hiera('keystone_enabled', false) { include ::keystone::db::mysql } diff --git a/manifests/profile/base/database/mysql/client.pp b/manifests/profile/base/database/mysql/client.pp new file mode 100644 index 0000000..22384a9 --- /dev/null +++ b/manifests/profile/base/database/mysql/client.pp @@ -0,0 +1,93 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::haproxy +# +# Loadbalancer profile for tripleo +# +# === Parameters +# +# [*enable_ssl*] +# (Optional) Whether SSL should be used for the connection to the server or +# not. +# Defaults to false +# +# [*mysql_read_default_file*] +# (Optional) Name of the file that will be passed to pymysql connection strings +# Defaults to '/etc/my.cnf.d/tripleo.cnf' +# +# [*mysql_read_default_group*] +# (Optional) Name of the ini section to be passed to pymysql connection strings +# Defaults to 'tripleo' +# +# [*mysql_client_bind_address*] +# (Optional) Client IP address of the host that will be written in the mysql_read_default_file +# Defaults to undef +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::database::mysql::client ( + $enable_ssl = false, + $mysql_read_default_file = '/etc/my.cnf.d/tripleo.cnf', + $mysql_read_default_group = 'tripleo', + $mysql_client_bind_address = undef, + $step = hiera('step'), +) { + if $step >= 1 { + # If the folder /etc/my.cnf.d does not exist (e.g. if mariadb is not + # present in the base image but installed as a package afterwards), + # create it. We do not want to touch the permissions in case it already + # exists due to the mariadb server package being pre-installed + # Note: We use exec instead of file in the case that the mysql class is + # included on this node as well (we'd get duplicate declaration in such a + # situation when using file) + if $mysql_client_bind_address { + $client_bind_changes = [ + "set ${mysql_read_default_group}/bind-address '${mysql_client_bind_address}'" + ] + } else { + $client_bind_changes = [ + "rm ${mysql_read_default_group}/bind-address" + ] + } + + if $enable_ssl { + $changes_ssl = [ + "set ${mysql_read_default_group}/ssl '1'", + "set ${mysql_read_default_group}/ssl-ca '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt'" + ] + } else { + $changes_ssl = [ + "rm ${mysql_read_default_group}/ssl", + "rm ${mysql_read_default_group}/ssl-ca" + ] + } + + $conf_changes = union($client_bind_changes, $changes_ssl) + + # Create /etc/my.cnf.d/tripleo.cnf + exec { 'directory-create-etc-my.cnf.d': + command => 'mkdir -p /etc/my.cnf.d', + path => ['/usr/bin', '/usr/sbin', '/bin', '/sbin'], + } -> + augeas { 'tripleo-mysql-client-conf': + incl => $mysql_read_default_file, + lens => 'Puppet.lns', + changes => $conf_changes, + } + } +} diff --git a/manifests/profile/base/docker.pp b/manifests/profile/base/docker.pp new file mode 100644 index 0000000..5e18a85 --- /dev/null +++ b/manifests/profile/base/docker.pp @@ -0,0 +1,68 @@ +# Copyright 2017 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::docker +# +# docker profile for tripleo +# +# === Parameters +# +# [*docker_namespace*] +# The namespace to be used when setting INSECURE_REGISTRY +# this will be split on "/" to derive the docker registry +# (defaults to undef) +# +# [*insecure_registry*] +# Set docker_namespace to INSECURE_REGISTRY, used when a local registry +# is enabled (defaults to false) +# +# [*step*] +# step defaults to hiera('step') +# +class tripleo::profile::base::docker ( + $docker_namespace = undef, + $insecure_registry = false, + $step = hiera('step'), +) { + if $step >= 1 { + package {'docker': + ensure => installed, + } + + service { 'docker': + ensure => 'running', + enable => true, + require => Package['docker'], + } + + if $insecure_registry { + if $docker_namespace == undef { + fail('You must provide a $docker_namespace in order to configure insecure registry') + } + $namespace = strip($docker_namespace.split('/')[0]) + $changes = [ "set INSECURE_REGISTRY '\"--insecure-registry ${namespace}\"'", ] + } else { + $changes = [ 'rm INSECURE_REGISTRY', ] + } + + augeas { 'docker-sysconfig': + lens => 'Shellvars.lns', + incl => '/etc/sysconfig/docker', + changes => $changes, + subscribe => Package['docker'], + notify => Service['docker'], + } + } +} diff --git a/manifests/profile/base/docker_registry.pp b/manifests/profile/base/docker_registry.pp index ebe84bf..0452575 100644 --- a/manifests/profile/base/docker_registry.pp +++ b/manifests/profile/base/docker_registry.pp @@ -38,7 +38,8 @@ class tripleo::profile::base::docker_registry ( ) { # We want a v2 registry package{'docker-registry': - ensure => absent, + ensure => absent, + allow_virtual => false, } package{'docker-distribution': } package{'docker': } diff --git a/manifests/profile/base/gnocchi/metricd.pp b/manifests/profile/base/gnocchi/metricd.pp index e69bbd5..f6f80cd 100644 --- a/manifests/profile/base/gnocchi/metricd.pp +++ b/manifests/profile/base/gnocchi/metricd.pp @@ -30,7 +30,5 @@ class tripleo::profile::base::gnocchi::metricd ( if $step >= 5 { include ::gnocchi::metricd - Keystone_endpoint<||> -> Service['gnocchi-metricd'] - Keystone_user_role<||> -> Service['gnocchi-metricd'] } } diff --git a/manifests/profile/base/gnocchi/statsd.pp b/manifests/profile/base/gnocchi/statsd.pp index 1fe4067..7c98a0a 100644 --- a/manifests/profile/base/gnocchi/statsd.pp +++ b/manifests/profile/base/gnocchi/statsd.pp @@ -30,7 +30,5 @@ class tripleo::profile::base::gnocchi::statsd ( if $step >= 5 { include ::gnocchi::statsd - Keystone_endpoint<||> -> Service['gnocchi-statsd'] - Keystone_user_role<||> -> Service['gnocchi-statsd'] } } diff --git a/manifests/profile/base/heat.pp b/manifests/profile/base/heat.pp index 6e7e5f6..4ff5b41 100644 --- a/manifests/profile/base/heat.pp +++ b/manifests/profile/base/heat.pp @@ -35,21 +35,66 @@ # for more details. # Defaults to hiera('step') # -# [*rabbit_hosts*] -# list of the rabbbit host fqdns +# [*oslomsg_rpc_proto*] +# Protocol driver for the oslo messaging rpc service +# Defaults to hiera('messaging_rpc_service_name', rabbit) +# +# [*oslomsg_rpc_hosts*] +# list of the oslo messaging rpc host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*oslomsg_rpc_port*] +# IP port for oslo messaging rpc service +# Defaults to hiera('heat::rabbit_port', 5672) +# +# [*oslomsg_rpc_username*] +# Username for oslo messaging rpc service +# Defaults to hiera('heat::rabbit_userid', 'guest') +# +# [*oslomsg_rpc_password*] +# Password for oslo messaging rpc service +# Defaults to hiera('heat::rabbit_password') +# +# [*oslomsg_notify_proto*] +# Protocol driver for the oslo messaging notify service +# Defaults to hiera('messaging_notify_service_name', rabbit) +# +# [*oslomsg_notify_hosts*] +# list of the oslo messaging notify host fqdns # Defaults to hiera('rabbitmq_node_names') # -# [*rabbit_port*] -# IP port for rabbitmq service +# [*oslomsg_notify_port*] +# IP port for oslo messaging notify service # Defaults to hiera('heat::rabbit_port', 5672) +# +# [*oslomsg_notify_username*] +# Username for oslo messaging notify service +# Defaults to hiera('heat::rabbit_userid', 'guest') +# +# [*oslomsg_notify_password*] +# Password for oslo messaging notify service +# Defaults to hiera('heat::rabbit_password') +# +# [*oslomsg_use_ssl*] +# Enable ssl oslo messaging services +# Defaults to hiera('heat::rabbit_use_ssl', '0') class tripleo::profile::base::heat ( - $bootstrap_node = downcase(hiera('bootstrap_nodeid')), - $manage_db_purge = hiera('heat_enable_db_purge', true), - $notification_driver = 'messaging', - $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_names', undef), - $rabbit_port = hiera('heat::rabbit_port', 5672), + $bootstrap_node = downcase(hiera('bootstrap_nodeid')), + $manage_db_purge = hiera('heat_enable_db_purge', true), + $notification_driver = 'messaging', + $step = hiera('step'), + $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), + $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_rpc_password = hiera('heat::rabbit_password'), + $oslomsg_rpc_port = hiera('heat::rabbit_port', '5672'), + $oslomsg_rpc_username = hiera('heat::rabbit_userid', 'guest'), + $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'), + $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_notify_password = hiera('heat::rabbit_password'), + $oslomsg_notify_port = hiera('heat::rabbit_port', '5672'), + $oslomsg_notify_username = hiera('heat::rabbit_userid', 'guest'), + $oslomsg_use_ssl = hiera('heat::rabbit_use_ssl', '0'), ) { # Domain resources will be created at step5 on the node running keystone.pp # configure heat.conf at step3 and 4 but actually create the domain later. @@ -60,10 +105,26 @@ class tripleo::profile::base::heat ( manage_role => false, } - $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") + $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) + class { '::heat' : - notification_driver => $notification_driver, - rabbit_hosts => $rabbit_endpoints, + notification_driver => $notification_driver, + default_transport_url => os_transport_url({ + 'transport' => $oslomsg_rpc_proto, + 'hosts' => $oslomsg_rpc_hosts, + 'port' => $oslomsg_rpc_port, + 'username' => $oslomsg_rpc_username, + 'password' => $oslomsg_rpc_password, + 'ssl' => $oslomsg_use_ssl_real, + }), + notification_transport_url => os_transport_url({ + 'transport' => $oslomsg_notify_proto, + 'hosts' => $oslomsg_notify_hosts, + 'port' => $oslomsg_notify_port, + 'username' => $oslomsg_notify_username, + 'password' => $oslomsg_notify_password, + 'ssl' => $oslomsg_use_ssl_real, + }), } include ::heat::config include ::heat::cors diff --git a/manifests/profile/base/heat/api.pp b/manifests/profile/base/heat/api.pp index 7166298..9ffba9c 100644 --- a/manifests/profile/base/heat/api.pp +++ b/manifests/profile/base/heat/api.pp @@ -18,18 +18,70 @@ # # === Parameters # +# [*certificates_specs*] +# (Optional) The specifications to give to certmonger for the certificate(s) +# it will create. +# Example with hiera: +# apache_certificates_specs: +# httpd-internal_api: +# hostname: <overcloud controller fqdn> +# service_certificate: <service certificate path> +# service_key: <service key path> +# principal: "haproxy/<overcloud controller fqdn>" +# Defaults to hiera('apache_certificate_specs', {}). +# +# [*enable_internal_tls*] +# (Optional) Whether TLS in the internal network is enabled or not. +# Defaults to hiera('enable_internal_tls', false) +# +# [*generate_service_certificates*] +# (Optional) Whether or not certmonger will generate certificates for +# HAProxy. This could be as many as specified by the $certificates_specs +# variable. +# Note that this doesn't configure the certificates in haproxy, it merely +# creates the certificates. +# Defaults to hiera('generate_service_certificate', false). +# +# [*heat_api_network*] +# (Optional) The network name where the heat API endpoint is listening on. +# This is set by t-h-t. +# Defaults to hiera('heat_api_network', undef) +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') # class tripleo::profile::base::heat::api ( - $step = hiera('step'), + $certificates_specs = hiera('apache_certificates_specs', {}), + $enable_internal_tls = hiera('enable_internal_tls', false), + $generate_service_certificates = hiera('generate_service_certificates', false), + $heat_api_network = hiera('heat_api_network', undef), + $step = hiera('step'), ) { include ::tripleo::profile::base::heat + if $enable_internal_tls { + if $generate_service_certificates { + ensure_resources('tripleo::certmonger::httpd', $certificates_specs) + } + + if !$heat_api_network { + fail('heat_api_network is not set in the hieradata.') + } + $tls_certfile = $certificates_specs["httpd-${heat_api_network}"]['service_certificate'] + $tls_keyfile = $certificates_specs["httpd-${heat_api_network}"]['service_key'] + } else { + $tls_certfile = undef + $tls_keyfile = undef + } + if $step >= 4 { include ::heat::api + class { '::heat::wsgi::apache_api': + ssl_cert => $tls_certfile, + ssl_key => $tls_keyfile, + } } } diff --git a/manifests/profile/base/heat/api_cfn.pp b/manifests/profile/base/heat/api_cfn.pp index c1adae6..987d3b2 100644 --- a/manifests/profile/base/heat/api_cfn.pp +++ b/manifests/profile/base/heat/api_cfn.pp @@ -18,18 +18,71 @@ # # === Parameters # +# [*certificates_specs*] +# (Optional) The specifications to give to certmonger for the certificate(s) +# it will create. +# Example with hiera: +# apache_certificates_specs: +# httpd-internal_api: +# hostname: <overcloud controller fqdn> +# service_certificate: <service certificate path> +# service_key: <service key path> +# principal: "haproxy/<overcloud controller fqdn>" +# Defaults to hiera('apache_certificate_specs', {}). +# +# [*enable_internal_tls*] +# (Optional) Whether TLS in the internal network is enabled or not. +# Defaults to hiera('enable_internal_tls', false) +# +# [*generate_service_certificates*] +# (Optional) Whether or not certmonger will generate certificates for +# HAProxy. This could be as many as specified by the $certificates_specs +# variable. +# Note that this doesn't configure the certificates in haproxy, it merely +# creates the certificates. +# Defaults to hiera('generate_service_certificate', false). +# +# [*heat_api_cfn_network*] +# (Optional) The network name where the heat cfn endpoint is listening on. +# This is set by t-h-t. +# Defaults to hiera('heat_api_cfn_network', undef) +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') # class tripleo::profile::base::heat::api_cfn ( - $step = hiera('step'), + $certificates_specs = hiera('apache_certificates_specs', {}), + $enable_internal_tls = hiera('enable_internal_tls', false), + $generate_service_certificates = hiera('generate_service_certificates', false), + $heat_api_cfn_network = hiera('heat_api_cfn_network', undef), + $step = hiera('step'), ) { include ::tripleo::profile::base::heat + if $enable_internal_tls { + if $generate_service_certificates { + ensure_resources('tripleo::certmonger::httpd', $certificates_specs) + } + + if !$heat_api_cfn_network { + fail('heat_api_cfn_network is not set in the hieradata.') + } + $tls_certfile = $certificates_specs["httpd-${heat_api_cfn_network}"]['service_certificate'] + $tls_keyfile = $certificates_specs["httpd-${heat_api_cfn_network}"]['service_key'] + } else { + $tls_certfile = undef + $tls_keyfile = undef + } + if $step >= 4 { include ::heat::api_cfn + + class { '::heat::wsgi::apache_api_cfn': + ssl_cert => $tls_certfile, + ssl_key => $tls_keyfile, + } } } diff --git a/manifests/profile/base/heat/api_cloudwatch.pp b/manifests/profile/base/heat/api_cloudwatch.pp index 3004db9..4dd2607 100644 --- a/manifests/profile/base/heat/api_cloudwatch.pp +++ b/manifests/profile/base/heat/api_cloudwatch.pp @@ -18,18 +18,71 @@ # # === Parameters # +# [*certificates_specs*] +# (Optional) The specifications to give to certmonger for the certificate(s) +# it will create. +# Example with hiera: +# apache_certificates_specs: +# httpd-internal_api: +# hostname: <overcloud controller fqdn> +# service_certificate: <service certificate path> +# service_key: <service key path> +# principal: "haproxy/<overcloud controller fqdn>" +# Defaults to hiera('apache_certificate_specs', {}). +# +# [*enable_internal_tls*] +# (Optional) Whether TLS in the internal network is enabled or not. +# Defaults to hiera('enable_internal_tls', false) +# +# [*generate_service_certificates*] +# (Optional) Whether or not certmonger will generate certificates for +# HAProxy. This could be as many as specified by the $certificates_specs +# variable. +# Note that this doesn't configure the certificates in haproxy, it merely +# creates the certificates. +# Defaults to hiera('generate_service_certificate', false). +# +# [*heat_api_cloudwatch_network*] +# (Optional) The network name where the heat cloudwatch endpoint is listening +# on. This is set by t-h-t. +# Defaults to hiera('heat_api_cloudwatch_network', undef) +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') # class tripleo::profile::base::heat::api_cloudwatch ( - $step = hiera('step'), + $certificates_specs = hiera('apache_certificates_specs', {}), + $enable_internal_tls = hiera('enable_internal_tls', false), + $generate_service_certificates = hiera('generate_service_certificates', false), + $heat_api_cloudwatch_network = hiera('heat_api_cloudwatch_network', undef), + $step = hiera('step'), ) { include ::tripleo::profile::base::heat + if $enable_internal_tls { + if $generate_service_certificates { + ensure_resources('tripleo::certmonger::httpd', $certificates_specs) + } + + if !$heat_api_cloudwatch_network { + fail('heat_api_cloudwatch_network is not set in the hieradata.') + } + $tls_certfile = $certificates_specs["httpd-${heat_api_cloudwatch_network}"]['service_certificate'] + $tls_keyfile = $certificates_specs["httpd-${heat_api_cloudwatch_network}"]['service_key'] + } else { + $tls_certfile = undef + $tls_keyfile = undef + } + if $step >= 4 { include ::heat::api_cloudwatch + + class { '::heat::wsgi::apache_api_cloudwatch': + ssl_cert => $tls_certfile, + ssl_key => $tls_keyfile, + } } } diff --git a/manifests/profile/base/horizon.pp b/manifests/profile/base/horizon.pp index bd28ab0..278c25c 100644 --- a/manifests/profile/base/horizon.pp +++ b/manifests/profile/base/horizon.pp @@ -23,8 +23,13 @@ # for more details. # Defaults to hiera('step') # +# [*neutron_options*] +# (Optional) A hash of parameters to enable features specific to Neutron +# Defaults to hiera('horizon::neutron_options', {}) +# class tripleo::profile::base::horizon ( - $step = hiera('step'), + $step = hiera('step'), + $neutron_options = hiera('horizon::neutron_options', {}), ) { if $step >= 4 { # Horizon @@ -35,7 +40,7 @@ class tripleo::profile::base::horizon ( } else { $_profile_support = 'None' } - $neutron_options = {'profile_support' => $_profile_support } + $neutron_options_real = merge({'profile_support' => $_profile_support }, $neutron_options) $memcached_ipv6 = hiera('memcached_ipv6', false) if $memcached_ipv6 { $horizon_memcached_servers = hiera('memcached_node_ips_v6', '[::1]') @@ -44,7 +49,7 @@ class tripleo::profile::base::horizon ( } class { '::horizon': cache_server_ip => $horizon_memcached_servers, - neutron_options => $neutron_options, + neutron_options => $neutron_options_real, } } } diff --git a/manifests/profile/base/ironic.pp b/manifests/profile/base/ironic.pp index 5db1e1f..7ba629f 100644 --- a/manifests/profile/base/ironic.pp +++ b/manifests/profile/base/ironic.pp @@ -26,19 +26,39 @@ # (Optional) The current step of the deployment # Defaults to hiera('step') # -# [*rabbit_hosts*] -# list of the rabbbit host fqdns +# [*oslomsg_rpc_proto*] +# Protocol driver for the oslo messaging rpc service +# Defaults to hiera('messaging_rpc_service_name', rabbit) +# +# [*oslomsg_rpc_hosts*] +# list of the oslo messaging rpc host fqdns # Defaults to hiera('rabbitmq_node_names') # -# [*rabbit_port*] -# IP port for rabbitmq service +# [*oslomsg_rpc_port*] +# IP port for oslo messaging rpc service # Defaults to hiera('ironic::rabbit_port', 5672) +# +# [*oslomsg_rpc_username*] +# Username for oslo messaging rpc service +# Defaults to hiera('ironic::rabbit_userid', 'guest') +# +# [*oslomsg_rpc_password*] +# Password for oslo messaging rpc service +# Defaults to hiera('ironic::rabbit_password') +# +# [*oslomsg_use_ssl*] +# Enable ssl oslo messaging services +# Defaults to hiera('ironic::rabbit_use_ssl', '0') class tripleo::profile::base::ironic ( - $bootstrap_node = hiera('bootstrap_nodeid', undef), - $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_names', undef), - $rabbit_port = hiera('ironic::rabbit_port', 5672), + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $step = hiera('step'), + $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), + $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_rpc_password = hiera('ironic::rabbit_password'), + $oslomsg_rpc_port = hiera('ironic::rabbit_port', '5672'), + $oslomsg_rpc_username = hiera('ironic::rabbit_userid', 'guest'), + $oslomsg_use_ssl = hiera('ironic::rabbit_use_ssl', '0'), ) { # Database is accessed by both API and conductor, hence it's here. if $::hostname == downcase($bootstrap_node) { @@ -48,12 +68,20 @@ class tripleo::profile::base::ironic ( } if $step >= 4 or ($step >= 3 and $sync_db) { - $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") + $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) class { '::ironic': - sync_db => $sync_db, - rabbit_hosts => $rabbit_endpoints, + sync_db => $sync_db, + default_transport_url => os_transport_url({ + 'transport' => $oslomsg_rpc_proto, + 'hosts' => $oslomsg_rpc_hosts, + 'port' => sprintf('%s', $oslomsg_rpc_port), + 'username' => $oslomsg_rpc_username, + 'password' => $oslomsg_rpc_password, + 'ssl' => $oslomsg_use_ssl_real, + }), } + include ::ironic::config include ::ironic::cors } } diff --git a/manifests/profile/base/ironic_inspector.pp b/manifests/profile/base/ironic_inspector.pp new file mode 100644 index 0000000..b4276c6 --- /dev/null +++ b/manifests/profile/base/ironic_inspector.pp @@ -0,0 +1,46 @@ +# Copyright 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::ironic_inspector +# +# Ironic inspector profile for TripleO +# +# === Parameters +# +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# +# [*step*] +# (Optional) The current step of the deployment +# Defaults to hiera('step') + +class tripleo::profile::base::ironic_inspector ( + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $step = hiera('step'), +) { + + if $::hostname == downcase($bootstrap_node) { + $sync_db = true + } else { + $sync_db = false + } + + if $step >= 4 or ($step >= 3 and $sync_db) { + class { '::ironic::inspector': + sync_db => $sync_db, + } + } + +} diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index 72049e3..9b2fc51 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -76,15 +76,50 @@ # This is set by t-h-t. # Defaults to hiera('keystone_public_api_network', undef) # +# [*oslomsg_rpc_proto*] +# Protocol driver for the oslo messaging rpc service +# Defaults to hiera('messaging_rpc_service_name', rabbit) # -# [*rabbit_hosts*] -# list of the rabbbit host fqdns +# [*oslomsg_rpc_hosts*] +# list of the oslo messaging rpc host fqdns # Defaults to hiera('rabbitmq_node_names') # -# [*rabbit_port*] -# IP port for rabbitmq service +# [*oslomsg_rpc_port*] +# IP port for oslo messaging rpc service # Defaults to hiera('keystone::rabbit_port', 5672) # +# [*oslomsg_rpc_username*] +# Username for oslo messaging rpc service +# Defaults to hiera('keystone::rabbit_userid', 'guest') +# +# [*oslomsg_rpc_password*] +# Password for oslo messaging rpc service +# Defaults to hiera('keystone::rabbit_password') +# +# [*oslomsg_notify_proto*] +# Protocol driver for the oslo messaging notify service +# Defaults to hiera('messaging_notify_service_name', rabbit) +# +# [*oslomsg_notify_hosts*] +# list of the oslo messaging notify host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*oslomsg_notify_port*] +# IP port for oslo messaging notify service +# Defaults to hiera('keystone::rabbit_port', 5672) +# +# [*oslomsg_notify_username*] +# Username for oslo messaging notify service +# Defaults to hiera('keystone::rabbit_userid', 'guest') +# +# [*oslomsg_notify_password*] +# Password for oslo messaging notify service +# Defaults to hiera('keystone::rabbit_password') +# +# [*oslomsg_use_ssl*] +# Enable ssl oslo messaging services +# Defaults to hiera('keystone::rabbit_use_ssl', '0') +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. @@ -102,8 +137,17 @@ class tripleo::profile::base::keystone ( $heat_admin_user = undef, $manage_db_purge = hiera('keystone_enable_db_purge', true), $public_endpoint_network = hiera('keystone_public_api_network', undef), - $rabbit_hosts = hiera('rabbitmq_node_names', undef), - $rabbit_port = hiera('keystone::rabbit_port', 5672), + $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), + $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_rpc_password = hiera('keystone::rabbit_password'), + $oslomsg_rpc_port = hiera('keystone::rabbit_port', '5672'), + $oslomsg_rpc_username = hiera('keystone::rabbit_userid', 'guest'), + $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'), + $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_notify_password = hiera('keystone::rabbit_password'), + $oslomsg_notify_port = hiera('keystone::rabbit_port', '5672'), + $oslomsg_notify_username = hiera('keystone::rabbit_userid', 'guest'), + $oslomsg_use_ssl = hiera('keystone::rabbit_use_ssl', '0'), $step = hiera('step'), ) { if $::hostname == downcase($bootstrap_node) { @@ -142,11 +186,26 @@ class tripleo::profile::base::keystone ( } if $step >= 4 or ( $step >= 3 and $sync_db ) { - $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") + $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) class { '::keystone': - sync_db => $sync_db, - enable_bootstrap => $sync_db, - rabbit_hosts => $rabbit_endpoints, + sync_db => $sync_db, + enable_bootstrap => $sync_db, + default_transport_url => os_transport_url({ + 'transport' => $oslomsg_rpc_proto, + 'hosts' => $oslomsg_rpc_hosts, + 'port' => $oslomsg_rpc_port, + 'username' => $oslomsg_rpc_username, + 'password' => $oslomsg_rpc_password, + 'ssl' => $oslomsg_use_ssl_real, + }), + notification_transport_url => os_transport_url({ + 'transport' => $oslomsg_notify_proto, + 'hosts' => $oslomsg_notify_hosts, + 'port' => $oslomsg_notify_port, + 'username' => $oslomsg_notify_username, + 'password' => $oslomsg_notify_password, + 'ssl' => $oslomsg_use_ssl_real, + }), } include ::keystone::config @@ -157,22 +216,13 @@ class tripleo::profile::base::keystone ( ssl_key_admin => $tls_keyfile_admin, } include ::keystone::cors - - if $manage_roles { - include ::keystone::roles::admin - } - - if $manage_endpoint { - include ::keystone::endpoint - } - } - if $step >= 5 and $manage_db_purge { + if $step >= 4 and $manage_db_purge { include ::keystone::cron::token_flush } - if $step >= 5 and $manage_domain { + if $step == 3 and $manage_domain { if hiera('heat_engine_enabled', false) { # create these seperate and don't use ::heat::keystone::domain since # that class writes out the configs @@ -193,7 +243,12 @@ class tripleo::profile::base::keystone ( } } - if $step >= 5 and $manage_endpoint{ + if $step == 3 and $manage_roles { + include ::keystone::roles::admin + } + + if $step == 3 and $manage_endpoint { + include ::keystone::endpoint if hiera('aodh_api_enabled', false) { include ::aodh::keystone::auth } @@ -227,6 +282,9 @@ class tripleo::profile::base::keystone ( if hiera('ironic_api_enabled', false) { include ::ironic::keystone::auth } + if hiera('ironic_inspector_enabled', false) { + include ::ironic::keystone::auth_inspector + } if hiera('manila_api_enabled', false) { include ::manila::keystone::auth } diff --git a/manifests/profile/base/manila.pp b/manifests/profile/base/manila.pp index f021f64..cad2cdf 100644 --- a/manifests/profile/base/manila.pp +++ b/manifests/profile/base/manila.pp @@ -26,19 +26,64 @@ # (Optional) The current step of the deployment # Defaults to hiera('step') # -# [*rabbit_hosts*] -# list of the rabbbit host fqdns +# [*oslomsg_rpc_proto*] +# Protocol driver for the oslo messaging rpc service +# Defaults to hiera('messaging_rpc_service_name', rabbit) +# +# [*oslomsg_rpc_hosts*] +# list of the oslo messaging rpc host fqdns # Defaults to hiera('rabbitmq_node_names') # -# [*rabbit_port*] -# IP port for rabbitmq service +# [*oslomsg_rpc_port*] +# IP port for oslo messaging rpc service # Defaults to hiera('manila::rabbit_port', 5672) +# +# [*oslomsg_rpc_username*] +# Username for oslo messaging rpc service +# Defaults to hiera('manila::rabbit_userid', 'guest') +# +# [*oslomsg_rpc_password*] +# Password for oslo messaging rpc service +# Defaults to hiera('manila::rabbit_password') +# +# [*oslomsg_notify_proto*] +# Protocol driver for the oslo messaging notify service +# Defaults to hiera('messaging_notify_service_name', rabbit) +# +# [*oslomsg_notify_hosts*] +# list of the oslo messaging notify host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*oslomsg_notify_port*] +# IP port for oslo messaging notify service +# Defaults to hiera('manila::rabbit_port', 5672) +# +# [*oslomsg_notify_username*] +# Username for oslo messaging notify service +# Defaults to hiera('manila::rabbit_userid', 'guest') +# +# [*oslomsg_notify_password*] +# Password for oslo messaging notify service +# Defaults to hiera('manila::rabbit_password') +# +# [*oslomsg_use_ssl*] +# Enable ssl oslo messaging services +# Defaults to hiera('manila::rabbit_use_ssl', '0') class tripleo::profile::base::manila ( - $bootstrap_node = hiera('bootstrap_nodeid', undef), - $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_names', undef), - $rabbit_port = hiera('manila::rabbit_port', 5672), + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $step = hiera('step'), + $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), + $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_rpc_password = hiera('manila::rabbit_password'), + $oslomsg_rpc_port = hiera('manila::rabbit_port', '5672'), + $oslomsg_rpc_username = hiera('manila::rabbit_userid', 'guest'), + $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'), + $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_notify_password = hiera('manila::rabbit_password'), + $oslomsg_notify_port = hiera('manila::rabbit_port', '5672'), + $oslomsg_notify_username = hiera('manila::rabbit_userid', 'guest'), + $oslomsg_use_ssl = hiera('manila::rabbit_use_ssl', '0'), ) { if $::hostname == downcase($bootstrap_node) { $sync_db = true @@ -47,9 +92,24 @@ class tripleo::profile::base::manila ( } if $step >= 4 or ($step >= 3 and $sync_db) { - $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") + $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) class { '::manila' : - rabbit_hosts => $rabbit_endpoints, + default_transport_url => os_transport_url({ + 'transport' => $oslomsg_rpc_proto, + 'hosts' => $oslomsg_rpc_hosts, + 'port' => $oslomsg_rpc_port, + 'username' => $oslomsg_rpc_username, + 'password' => $oslomsg_rpc_password, + 'ssl' => $oslomsg_use_ssl_real, + }), + notification_transport_url => os_transport_url({ + 'transport' => $oslomsg_notify_proto, + 'hosts' => $oslomsg_notify_hosts, + 'port' => $oslomsg_notify_port, + 'username' => $oslomsg_notify_username, + 'password' => $oslomsg_notify_password, + 'ssl' => $oslomsg_use_ssl_real, + }), } include ::manila::config } diff --git a/manifests/profile/base/mistral.pp b/manifests/profile/base/mistral.pp index d8e1330..0eb849d 100644 --- a/manifests/profile/base/mistral.pp +++ b/manifests/profile/base/mistral.pp @@ -27,19 +27,64 @@ # for more details. # Defaults to hiera('step') # -# [*rabbit_hosts*] -# list of the rabbbit host fqdns +# [*oslomsg_rpc_proto*] +# Protocol driver for the oslo messaging rpc service +# Defaults to hiera('messaging_rpc_service_name', rabbit) +# +# [*oslomsg_rpc_hosts*] +# list of the oslo messaging rpc host fqdns # Defaults to hiera('rabbitmq_node_names') # -# [*rabbit_port*] -# IP port for rabbitmq service +# [*oslomsg_rpc_port*] +# IP port for oslo messaging rpc service # Defaults to hiera('mistral::rabbit_port', 5672) +# +# [*oslomsg_rpc_username*] +# Username for oslo messaging rpc service +# Defaults to hiera('mistral::rabbit_userid', 'guest') +# +# [*oslomsg_rpc_password*] +# Password for oslo messaging rpc service +# Defaults to hiera('mistral::rabbit_password') +# +# [*oslomsg_notify_proto*] +# Protocol driver for the oslo messaging notify service +# Defaults to hiera('messaging_notify_service_name', rabbit) +# +# [*oslomsg_notify_hosts*] +# list of the oslo messaging notify host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*oslomsg_notify_port*] +# IP port for oslo messaging notify service +# Defaults to hiera('mistral::rabbit_port', 5672) +# +# [*oslomsg_notify_username*] +# Username for oslo messaging notify service +# Defaults to hiera('mistral::rabbit_userid', 'guest') +# +# [*oslomsg_notify_password*] +# Password for oslo messaging notify service +# Defaults to hiera('mistral::rabbit_password') +# +# [*oslomsg_use_ssl*] +# Enable ssl oslo messaging services +# Defaults to hiera('mistral::rabbit_use_ssl', '0') class tripleo::profile::base::mistral ( - $bootstrap_node = hiera('bootstrap_nodeid', undef), - $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_names', undef), - $rabbit_port = hiera('mistral::rabbit_port', 5672), + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $step = hiera('step'), + $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), + $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_rpc_password = hiera('mistral::rabbit_password'), + $oslomsg_rpc_port = hiera('mistral::rabbit_port', '5672'), + $oslomsg_rpc_username = hiera('mistral::rabbit_userid', 'guest'), + $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'), + $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_notify_password = hiera('mistral::rabbit_password'), + $oslomsg_notify_port = hiera('mistral::rabbit_port', '5672'), + $oslomsg_notify_username = hiera('mistral::rabbit_userid', 'guest'), + $oslomsg_use_ssl = hiera('mistral::rabbit_use_ssl', '0'), ) { if $::hostname == downcase($bootstrap_node) { $sync_db = true @@ -48,9 +93,24 @@ class tripleo::profile::base::mistral ( } if $step >= 4 or ($step >= 3 and $sync_db) { - $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") + $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) class { '::mistral': - rabbit_hosts => $rabbit_endpoints, + default_transport_url => os_transport_url({ + 'transport' => $oslomsg_rpc_proto, + 'hosts' => $oslomsg_rpc_hosts, + 'port' => $oslomsg_rpc_port, + 'username' => $oslomsg_rpc_username, + 'password' => $oslomsg_rpc_password, + 'ssl' => $oslomsg_use_ssl_real, + }), + notification_transport_url => os_transport_url({ + 'transport' => $oslomsg_notify_proto, + 'hosts' => $oslomsg_notify_hosts, + 'port' => $oslomsg_notify_port, + 'username' => $oslomsg_notify_username, + 'password' => $oslomsg_notify_password, + 'ssl' => $oslomsg_use_ssl_real, + }), } include ::mistral::config include ::mistral::client diff --git a/manifests/profile/base/neutron.pp b/manifests/profile/base/neutron.pp index e6a32db..2f01b75 100644 --- a/manifests/profile/base/neutron.pp +++ b/manifests/profile/base/neutron.pp @@ -22,23 +22,111 @@ # (Optional) The current step of the deployment # Defaults to hiera('step') # -# [*rabbit_hosts*] -# list of the rabbbit host fqdns +# [*oslomsg_rpc_proto*] +# Protocol driver for the oslo messaging rpc service +# Defaults to hiera('messaging_rpc_service_name', rabbit) +# +# [*oslomsg_rpc_hosts*] +# list of the oslo messaging rpc host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*oslomsg_rpc_port*] +# IP port for oslo messaging rpc service +# Defaults to hiera('neutron::rabbit_port', 5672) +# +# [*oslomsg_rpc_username*] +# Username for oslo messaging rpc service +# Defaults to hiera('neutron::rabbit_userid', 'guest') +# +# [*oslomsg_rpc_password*] +# Password for oslo messaging rpc service +# Defaults to hiera('neutron::rabbit_password') +# +# [*oslomsg_notify_proto*] +# Protocol driver for the oslo messaging notify service +# Defaults to hiera('messaging_notify_service_name', rabbit) +# +# [*oslomsg_notify_hosts*] +# list of the oslo messaging notify host fqdns # Defaults to hiera('rabbitmq_node_names') # -# [*rabbit_port*] -# IP port for rabbitmq service -# Defaults to hiera('neutron::rabbit_port', 5672 +# [*oslomsg_notify_port*] +# IP port for oslo messaging notify service +# Defaults to hiera('neutron::rabbit_port', 5672) +# +# [*oslomsg_notify_username*] +# Username for oslo messaging notify service +# Defaults to hiera('neutron::rabbit_userid', 'guest') +# +# [*oslomsg_notify_password*] +# Password for oslo messaging notify service +# Defaults to hiera('neutron::rabbit_password') +# +# [*oslomsg_use_ssl*] +# Enable ssl oslo messaging services +# Defaults to hiera('neutron::rabbit_use_ssl', '0') +# +# [*dhcp_agents_per_network*] +# (Optional) TripleO configured number of DHCP agents +# to use per network. If left to the default value, neutron will be +# configured with the number of DHCP agents being deployed. +# Defaults to undef +# +# [*dhcp_nodes*] +# (Optional) List of nodes running the DHCP agent. Used to +# set neutron's dhcp_agents_per_network value to the number +# of available agents. +# Defaults to hiera('neutron_dhcp_short_node_names') or [] +# class tripleo::profile::base::neutron ( - $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_names', undef), - $rabbit_port = hiera('neutron::rabbit_port', 5672), + $step = hiera('step'), + $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), + $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_rpc_password = hiera('neutron::rabbit_password'), + $oslomsg_rpc_port = hiera('neutron::rabbit_port', '5672'), + $oslomsg_rpc_username = hiera('neutron::rabbit_userid', 'guest'), + $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'), + $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_notify_password = hiera('neutron::rabbit_password'), + $oslomsg_notify_port = hiera('neutron::rabbit_port', '5672'), + $oslomsg_notify_username = hiera('neutron::rabbit_userid', 'guest'), + $oslomsg_use_ssl = hiera('neutron::rabbit_use_ssl', '0'), + $dhcp_agents_per_network = undef, + $dhcp_nodes = hiera('neutron_dhcp_short_node_names', []), ) { if $step >= 3 { - $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") + $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) + + $dhcp_agent_count = size($dhcp_nodes) + if $dhcp_agents_per_network { + $dhcp_agents_per_net = $dhcp_agents_per_network + if ($dhcp_agents_per_net > $dhcp_agent_count) { + warning("dhcp_agents_per_network (${dhcp_agents_per_net}) is greater\ + than the number of deployed dhcp agents (${dhcp_agent_count})") + } + } + elsif $dhcp_agent_count > 0 { + $dhcp_agents_per_net = $dhcp_agent_count + } class { '::neutron' : - rabbit_hosts => $rabbit_endpoints, + default_transport_url => os_transport_url({ + 'transport' => $oslomsg_rpc_proto, + 'hosts' => $oslomsg_rpc_hosts, + 'port' => $oslomsg_rpc_port, + 'username' => $oslomsg_rpc_username, + 'password' => $oslomsg_rpc_password, + 'ssl' => $oslomsg_use_ssl_real, + }), + notification_transport_url => os_transport_url({ + 'transport' => $oslomsg_notify_proto, + 'hosts' => $oslomsg_notify_hosts, + 'port' => $oslomsg_notify_port, + 'username' => $oslomsg_notify_username, + 'password' => $oslomsg_notify_password, + 'ssl' => $oslomsg_use_ssl_real, + }), + dhcp_agents_per_network => $dhcp_agents_per_net, } include ::neutron::config } diff --git a/manifests/profile/base/neutron/ovs.pp b/manifests/profile/base/neutron/ovs.pp index a4e0cd3..bec7e96 100644 --- a/manifests/profile/base/neutron/ovs.pp +++ b/manifests/profile/base/neutron/ovs.pp @@ -28,7 +28,7 @@ class tripleo::profile::base::neutron::ovs( ) { include ::tripleo::profile::base::neutron - if $step >= 4 { + if $step >= 5 { include ::neutron::agents::ml2::ovs # Optional since manage_service may be false and neutron server may not be colocated. diff --git a/manifests/profile/base/nova.pp b/manifests/profile/base/nova.pp index fe1e6a6..36425f6 100644 --- a/manifests/profile/base/nova.pp +++ b/manifests/profile/base/nova.pp @@ -30,28 +30,48 @@ # (Optional) Whether or not manage Nova Live migration # Defaults to false # -# [*messaging_driver*] -# Driver for messaging service. -# Defaults to hiera('messaging_service_name', 'rabbit') +# [*oslomsg_rpc_proto*] +# Protocol driver for the oslo messaging rpc service +# Defaults to hiera('messaging_rpc_service_name', rabbit) # -# [*messaging_hosts*] -# list of the messaging host fqdns +# [*oslomsg_rpc_hosts*] +# list of the oslo messaging rpc host fqdns # Defaults to hiera('rabbitmq_node_names') # -# [*messaging_password*] -# Password for messaging nova queue +# [*oslomsg_rpc_port*] +# IP port for oslo messaging rpc service +# Defaults to hiera('nova::rabbit_port', 5672) +# +# [*oslomsg_rpc_username*] +# Username for oslo messaging rpc service +# Defaults to hiera('nova::rabbit_userid', 'guest') +# +# [*oslomsg_rpc_password*] +# Password for oslo messaging rpc service # Defaults to hiera('nova::rabbit_password') # -# [*messaging_port*] -# IP port for messaging service +# [*oslomsg_notify_proto*] +# Protocol driver for the oslo messaging notify service +# Defaults to hiera('messaging_notify_service_name', rabbit) +# +# [*oslomsg_notify_hosts*] +# list of the oslo messaging notify host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*oslomsg_notify_port*] +# IP port for oslo messaging notify service # Defaults to hiera('nova::rabbit_port', 5672) # -# [*messaging_username*] -# Username for messaging nova queue +# [*oslomsg_notify_username*] +# Username for oslo messaging notify service # Defaults to hiera('nova::rabbit_userid', 'guest') # -# [*messaging_use_ssl*] -# Flag indicating ssl usage. +# [*oslomsg_notify_password*] +# Password for oslo messaging notify service +# Defaults to hiera('nova::rabbit_password') +# +# [*oslomsg_use_ssl*] +# Enable ssl oslo messaging services # Defaults to hiera('nova::rabbit_use_ssl', '0') # # [*nova_compute_enabled*] @@ -63,17 +83,22 @@ # Defaults to hiera('step') # class tripleo::profile::base::nova ( - $bootstrap_node = hiera('bootstrap_nodeid', undef), - $libvirt_enabled = false, - $manage_migration = false, - $messaging_driver = hiera('messaging_service_name', 'rabbit'), - $messaging_hosts = any2array(hiera('rabbitmq_node_names', undef)), - $messaging_password = hiera('nova::rabbit_password'), - $messaging_port = hiera('nova::rabbit_port', '5672'), - $messaging_username = hiera('nova::rabbit_userid', 'guest'), - $messaging_use_ssl = hiera('nova::rabbit_use_ssl', '0'), - $nova_compute_enabled = false, - $step = hiera('step'), + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $libvirt_enabled = false, + $manage_migration = false, + $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), + $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_rpc_password = hiera('nova::rabbit_password'), + $oslomsg_rpc_port = hiera('nova::rabbit_port', '5672'), + $oslomsg_rpc_username = hiera('nova::rabbit_userid', 'guest'), + $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'), + $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_notify_password = hiera('nova::rabbit_password'), + $oslomsg_notify_port = hiera('nova::rabbit_port', '5672'), + $oslomsg_notify_username = hiera('nova::rabbit_userid', 'guest'), + $oslomsg_use_ssl = hiera('nova::rabbit_use_ssl', '0'), + $nova_compute_enabled = false, + $step = hiera('step'), ) { if $::hostname == downcase($bootstrap_node) { $sync_db = true @@ -88,17 +113,23 @@ class tripleo::profile::base::nova ( } if $step >= 4 or ($step >= 3 and $sync_db) { - $messaging_use_ssl_real = sprintf('%s', bool2num(str2bool($messaging_use_ssl))) - # TODO(ccamacho): remove sprintf once we properly type the port, needs - # to be a string for the os_transport_url function. + $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) class { '::nova' : - default_transport_url => os_transport_url({ - 'transport' => $messaging_driver, - 'hosts' => $messaging_hosts, - 'port' => sprintf('%s', $messaging_port), - 'username' => $messaging_username, - 'password' => $messaging_password, - 'ssl' => $messaging_use_ssl_real, + default_transport_url => os_transport_url({ + 'transport' => $oslomsg_rpc_proto, + 'hosts' => $oslomsg_rpc_hosts, + 'port' => $oslomsg_rpc_port, + 'username' => $oslomsg_rpc_username, + 'password' => $oslomsg_rpc_password, + 'ssl' => $oslomsg_use_ssl_real, + }), + notification_transport_url => os_transport_url({ + 'transport' => $oslomsg_notify_proto, + 'hosts' => $oslomsg_notify_hosts, + 'port' => $oslomsg_notify_port, + 'username' => $oslomsg_notify_username, + 'password' => $oslomsg_notify_password, + 'ssl' => $oslomsg_use_ssl_real, }), } include ::nova::config @@ -107,10 +138,10 @@ class tripleo::profile::base::nova ( backend => 'oslo_cache.memcache_pool', memcache_servers => $memcache_servers, } + include ::nova::placement } if $step >= 4 { - include ::nova::placement if $manage_migration { class { '::nova::migration::libvirt': configure_libvirt => $libvirt_enabled, diff --git a/manifests/profile/base/nova/api.pp b/manifests/profile/base/nova/api.pp index 83baae2..cda2b66 100644 --- a/manifests/profile/base/nova/api.pp +++ b/manifests/profile/base/nova/api.pp @@ -49,6 +49,11 @@ # This is set by t-h-t. # Defaults to hiera('nova_api_network', undef) # +# [*nova_api_wsgi_enabled*] +# (Optional) Whether or not deploy Nova API in WSGI with Apache. +# Nova Team discourages it. +# Defaults to hiera('nova_wsgi_enabled', false) +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. @@ -60,6 +65,7 @@ class tripleo::profile::base::nova::api ( $enable_internal_tls = hiera('enable_internal_tls', false), $generate_service_certificates = hiera('generate_service_certificates', false), $nova_api_network = hiera('nova_api_network', undef), + $nova_api_wsgi_enabled = hiera('nova_wsgi_enabled', false), $step = hiera('step'), ) { if $::hostname == downcase($bootstrap_node) { @@ -69,21 +75,7 @@ class tripleo::profile::base::nova::api ( } include ::tripleo::profile::base::nova - - if $enable_internal_tls { - if $generate_service_certificates { - ensure_resources('tripleo::certmonger::httpd', $certificates_specs) - } - - if !$nova_api_network { - fail('nova_api_network is not set in the hieradata.') - } - $tls_certfile = $certificates_specs["httpd-${nova_api_network}"]['service_certificate'] - $tls_keyfile = $certificates_specs["httpd-${nova_api_network}"]['service_key'] - } else { - $tls_certfile = undef - $tls_keyfile = undef - } + include ::tripleo::profile::base::nova::authtoken if $step >= 3 and $sync_db { include ::nova::cell_v2::simple_setup @@ -91,31 +83,48 @@ class tripleo::profile::base::nova::api ( if $step >= 4 or ($step >= 3 and $sync_db) { - if hiera('nova::use_ipv6', false) { - $memcache_servers = suffix(any2array(normalize_ip_for_uri(hiera('memcached_node_ips_v6'))), ':11211') - } else { - $memcache_servers = suffix(any2array(normalize_ip_for_uri(hiera('memcached_node_ips'))), ':11211') - } - - class { '::nova::keystone::authtoken': - memcached_servers => $memcache_servers - } - class { '::nova::api': sync_db => $sync_db, sync_db_api => $sync_db, } - class { '::nova::wsgi::apache_api': - ssl_cert => $tls_certfile, - ssl_key => $tls_keyfile, - } include ::nova::network::neutron } + # Temporarily disable Nova API deployed in WSGI + # https://bugs.launchpad.net/nova/+bug/1661360 + if $nova_api_wsgi_enabled { + if $enable_internal_tls { + if $generate_service_certificates { + ensure_resources('tripleo::certmonger::httpd', $certificates_specs) + } + + if !$nova_api_network { + fail('nova_api_network is not set in the hieradata.') + } + $tls_certfile = $certificates_specs["httpd-${nova_api_network}"]['service_certificate'] + $tls_keyfile = $certificates_specs["httpd-${nova_api_network}"]['service_key'] + } else { + $tls_certfile = undef + $tls_keyfile = undef + } + if $step >= 4 or ($step >= 3 and $sync_db) { + class { '::nova::wsgi::apache_api': + ssl_cert => $tls_certfile, + ssl_key => $tls_keyfile, + } + } + } if $step >= 5 { if hiera('nova_enable_db_purge', true) { include ::nova::cron::archive_deleted_rows } + # At step 5, we consider all nova-compute services started and registred to nova-conductor + # So we want to update Nova Cells database to be aware of these hosts by executing the + # nova-cell_v2-discover_hosts command again. + # Doing it on a single nova-api node to avoid race condition. + if $sync_db { + Exec<| title == 'nova-cell_v2-discover_hosts' |> { refreshonly => false } + } } } diff --git a/manifests/profile/base/nova/authtoken.pp b/manifests/profile/base/nova/authtoken.pp new file mode 100644 index 0000000..ee6c331 --- /dev/null +++ b/manifests/profile/base/nova/authtoken.pp @@ -0,0 +1,56 @@ +# Copyright 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::nova::authtoken +# +# Nova authtoken profile for TripleO +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +# [*use_ipv6*] +# (Optional) Flag indicating if ipv6 should be used for caching +# Defaults to hiera('nova::use_ipv6', false) +# +# [*memcache_nodes_ipv6*] +# (Optional) Array of ipv6 addresses for memcache. Used if use_ipv6 is true. +# Defaults to hiera('memcached_node_ipvs_v6', ['::1']) +# +# [*memcache_nodes_ipv4*] +# (Optional) Array of ipv4 addresses for memcache. Used by default unless +# use_ipv6 is set to true. +# Defaults to hiera('memcached_node_ips', ['127.0.0.1']) +# +class tripleo::profile::base::nova::authtoken ( + $step = hiera('step'), + $use_ipv6 = hiera('nova::use_ipv6', false), + $memcache_nodes_ipv6 = hiera('memcached_node_ips_v6', ['::1']), + $memcache_nodes_ipv4 = hiera('memcached_node_ips', ['127.0.0.1']), +) { + + if $step >= 3 { + $memcached_ips = $use_ipv6 ? { + true => $memcache_nodes_ipv6, + default => $memcache_nodes_ipv4 + } + + $memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211') + + class { '::nova::keystone::authtoken': + memcached_servers => $memcache_servers + } + } +} diff --git a/manifests/profile/base/nova/compute.pp b/manifests/profile/base/nova/compute.pp index 076996a..0eb2ed7 100644 --- a/manifests/profile/base/nova/compute.pp +++ b/manifests/profile/base/nova/compute.pp @@ -42,6 +42,7 @@ class tripleo::profile::base::nova::compute ( # before nova-compute. Service<| title == 'nova-conductor' |> -> Service['nova-compute'] + # deploy bits to connect nova compute to neutron include ::nova::network::neutron diff --git a/manifests/profile/base/nova/compute/libvirt.pp b/manifests/profile/base/nova/compute/libvirt.pp index 6767f6b..cc9beb6 100644 --- a/manifests/profile/base/nova/compute/libvirt.pp +++ b/manifests/profile/base/nova/compute/libvirt.pp @@ -40,24 +40,13 @@ class tripleo::profile::base::nova::compute::libvirt ( } } - # TODO(emilien): Some work needs to be done in puppet-nova to separate nova-compute config - # when running libvirt and libvirt itself, so we allow micro-services deployments. - if str2bool(hiera('nova::use_ipv6', false)) { - $vncserver_listen = '::0' - } else { - $vncserver_listen = '0.0.0.0' - } - if $rbd_ephemeral_storage { class { '::nova::compute::libvirt': libvirt_disk_cachemodes => ['network=writeback'], libvirt_hw_disk_discard => 'unmap', - vncserver_listen => $vncserver_listen, } } else { - class { '::nova::compute::libvirt' : - vncserver_listen => $vncserver_listen, - } + include ::nova::compute::libvirt } include ::nova::compute::libvirt::qemu diff --git a/manifests/profile/base/nova/placement.pp b/manifests/profile/base/nova/placement.pp index aa8c3c7..46658b8 100644 --- a/manifests/profile/base/nova/placement.pp +++ b/manifests/profile/base/nova/placement.pp @@ -69,6 +69,7 @@ class tripleo::profile::base::nova::placement ( } include ::tripleo::profile::base::nova + include ::tripleo::profile::base::nova::authtoken if $enable_internal_tls { if $generate_service_certificates { @@ -85,7 +86,7 @@ class tripleo::profile::base::nova::placement ( $tls_keyfile = undef } - if $step >= 4 { + if $step >= 3 { class { '::nova::wsgi::apache_placement': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/octavia.pp b/manifests/profile/base/octavia.pp index 46ca009..e8310d8 100644 --- a/manifests/profile/base/octavia.pp +++ b/manifests/profile/base/octavia.pp @@ -22,35 +22,50 @@ # (Optional) The current step of the deployment # Defaults to hiera('step') # -# [*rabbit_user*] -# [*rabbit_password*] -# (Optional) RabbitMQ user details -# Defaults to undef +# [*oslomsg_rpc_proto*] +# Protocol driver for the oslo messaging rpc service +# Defaults to hiera('messaging_rpc_service_name', rabbit) # -# [*rabbit_hosts*] -# list of the rabbbit host fqdns +# [*oslomsg_rpc_hosts*] +# list of the oslo messaging rpc host fqdns # Defaults to hiera('rabbitmq_node_names') # -# [*rabbit_port*] -# IP port for rabbitmq service -# Defaults to 5672. +# [*oslomsg_rpc_port*] +# IP port for oslo messaging rpc service +# Defaults to hiera('octavia::rabbit_port', 5672) # +# [*oslomsg_rpc_username*] +# Username for oslo messaging rpc service +# Defaults to hiera('octavia::rabbit_userid', 'guest') +# +# [*oslomsg_rpc_password*] +# Password for oslo messaging rpc service +# Defaults to hiera('octavia::rabbit_password') +# +# [*oslomsg_use_ssl*] +# Enable ssl oslo messaging services +# Defaults to hiera('octavia::rabbit_use_ssl', '0') + class tripleo::profile::base::octavia ( - $step = hiera('step'), - $rabbit_user = undef, - $rabbit_password = undef, - $rabbit_hosts = hiera('rabbitmq_node_names', undef), - $rabbit_port = '5672' + $step = hiera('step'), + $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), + $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_rpc_password = hiera('octavia::rabbit_password'), + $oslomsg_rpc_port = hiera('octavia::rabbit_port', '5672'), + $oslomsg_rpc_username = hiera('octavia::rabbit_userid', 'guest'), + $oslomsg_use_ssl = hiera('octavia::rabbit_use_ssl', '0'), ) { if $step >= 3 { + $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) class { '::octavia' : default_transport_url => os_transport_url({ - 'transport' => 'rabbit', - 'hosts' => $rabbit_hosts, - 'port' => sprintf('%s', $rabbit_port), - 'username' => $rabbit_user, - 'password' => $rabbit_password - }) + 'transport' => $oslomsg_rpc_proto, + 'hosts' => $oslomsg_rpc_hosts, + 'port' => sprintf('%s', $oslomsg_rpc_port), + 'username' => $oslomsg_rpc_username, + 'password' => $oslomsg_rpc_password, + 'ssl' => $oslomsg_use_ssl_real, + }), } include ::octavia::config } diff --git a/manifests/profile/base/octavia/health_manager.pp b/manifests/profile/base/octavia/health_manager.pp new file mode 100644 index 0000000..bac5f65 --- /dev/null +++ b/manifests/profile/base/octavia/health_manager.pp @@ -0,0 +1,33 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::octavia::health_manager +# +# Octavia Health Manager server for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::octavia::health_manager ( + $step = hiera('step'), +) { + include ::tripleo::profile::base::octavia + if $step >= 5 { + include ::octavia::health_manager + } +} diff --git a/manifests/profile/base/octavia/housekeeping.pp b/manifests/profile/base/octavia/housekeeping.pp new file mode 100644 index 0000000..0dcd5cf --- /dev/null +++ b/manifests/profile/base/octavia/housekeeping.pp @@ -0,0 +1,34 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::octavia::housekeeping +# +# Octavia Housekeeping profile for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::octavia::housekeeping ( + $step = hiera('step'), +) { + include ::tripleo::profile::base::octavia + + if $step >= 5 { + include ::octavia::housekeeping + } +} diff --git a/manifests/profile/base/octavia/worker.pp b/manifests/profile/base/octavia/worker.pp new file mode 100644 index 0000000..7df324d --- /dev/null +++ b/manifests/profile/base/octavia/worker.pp @@ -0,0 +1,34 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::octavia::worker +# +# Octavia Worker profile for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::octavia::worker ( + $step = hiera('step'), +) { + include ::tripleo::profile::base::octavia + + if $step >= 5 { + include ::octavia::worker + } +} diff --git a/manifests/profile/base/panko.pp b/manifests/profile/base/panko.pp index 880cf7d..286e4ac 100644 --- a/manifests/profile/base/panko.pp +++ b/manifests/profile/base/panko.pp @@ -23,26 +23,12 @@ # for more details. # Defaults to hiera('step') # -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to hiera('bootstrap_nodeid') class tripleo::profile::base::panko ( - $step = hiera('step'), - $bootstrap_node = hiera('bootstrap_nodeid', undef), + $step = hiera('step'), ) { - - if $::hostname == downcase($bootstrap_node) { - $sync_db = true - } else { - $sync_db = false - } - - if $step >= 4 or ($step >= 3 and $sync_db) { + if $step >= 3 { include ::panko - include ::panko::db include ::panko::config - include ::panko::db::sync } - } diff --git a/manifests/profile/base/panko/api.pp b/manifests/profile/base/panko/api.pp index 45ee0c0..a6643ce 100644 --- a/manifests/profile/base/panko/api.pp +++ b/manifests/profile/base/panko/api.pp @@ -18,6 +18,10 @@ # # === Parameters # +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# # [*certificates_specs*] # (Optional) The specifications to give to certmonger for the certificate(s) # it will create. @@ -53,12 +57,19 @@ # Defaults to hiera('step') # class tripleo::profile::base::panko::api ( + $bootstrap_node = hiera('bootstrap_nodeid', undef), $certificates_specs = hiera('apache_certificates_specs', {}), $enable_internal_tls = hiera('enable_internal_tls', false), $generate_service_certificates = hiera('generate_service_certificates', false), $panko_network = hiera('panko_api_network', undef), $step = hiera('step'), ) { + if $::hostname == downcase($bootstrap_node) { + $sync_db = true + } else { + $sync_db = false + } + include ::tripleo::profile::base::panko if $enable_internal_tls { @@ -76,8 +87,11 @@ class tripleo::profile::base::panko::api ( $tls_keyfile = undef } - if $step >= 4 { - include ::panko::api + if $step >= 4 or ( $step >= 3 and $sync_db ) { + include ::panko::db + class { '::panko::api': + sync_db => $sync_db, + } class { '::panko::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/rabbitmq.pp b/manifests/profile/base/rabbitmq.pp index fd8de8f..b04d721 100644 --- a/manifests/profile/base/rabbitmq.pp +++ b/manifests/profile/base/rabbitmq.pp @@ -18,14 +18,41 @@ # # === Parameters # +# [*certificate_specs*] +# (Optional) The specifications to give to certmonger for the certificate +# it will create. Note that the certificate nickname must be 'mysql' in +# the case of this service. +# Example with hiera: +# tripleo::profile::base::database::mysql::certificate_specs: +# hostname: <overcloud controller fqdn> +# service_certificate: <service certificate path> +# service_key: <service key path> +# principal: "mysql/<overcloud controller fqdn>" +# Defaults to {}. +# # [*config_variables*] # (Optional) RabbitMQ environment. # Defaults to hiera('rabbitmq_config_variables'). # +# [*enable_internal_tls*] +# (Optional) Whether TLS in the internal network is enabled or not. +# Defaults to undef +# # [*environment*] # (Optional) RabbitMQ environment. # Defaults to hiera('rabbitmq_environment'). # +# [*generate_service_certificates*] +# (Optional) Whether or not certmonger will generate certificates for +# MySQL. This could be as many as specified by the $certificates_specs +# variable. +# Defaults to hiera('generate_service_certificate', false). +# +# [*inet_dist_interface*] +# (Optional) Address to bind the inter-cluster interface +# to. It is the inet_dist_use_interface option in the kernel variables +# Defaults to hiera('rabbitmq::interface', undef). +# # [*ipv6*] # (Optional) Whether to deploy RabbitMQ on IPv6 network. # Defaults to str2bool(hiera('rabbit_ipv6', false)). @@ -34,29 +61,53 @@ # (Optional) RabbitMQ environment. # Defaults to hiera('rabbitmq_environment'). # -# [*inet_dist_interface*] -# (Optional) Address to bind the inter-cluster interface -# to. It is the inet_dist_use_interface option in the kernel variables -# Defaults to hiera('rabbitmq::interface', undef). -# # [*nodes*] # (Optional) Array of host(s) for RabbitMQ nodes. # Defaults to hiera('rabbitmq_node_names', []). # +# [*rabbitmq_pass*] +# (Optional) RabbitMQ Default Password. +# Defaults to hiera('rabbitmq::default_pass') +# +# [*rabbitmq_user*] +# (Optional) RabbitMQ Default User. +# Defaults to hiera('rabbitmq::default_user') +# +# [*stack_action*] +# (Optional) Action of the stack deployment. +# Defaults to hiera('stack_action') +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') # class tripleo::profile::base::rabbitmq ( - $config_variables = hiera('rabbitmq_config_variables'), - $environment = hiera('rabbitmq_environment'), - $ipv6 = str2bool(hiera('rabbit_ipv6', false)), - $kernel_variables = hiera('rabbitmq_kernel_variables'), - $inet_dist_interface = hiera('rabbitmq::interface', undef), - $nodes = hiera('rabbitmq_node_names', []), - $step = hiera('step'), + $certificate_specs = {}, + $config_variables = hiera('rabbitmq_config_variables'), + $enable_internal_tls = undef, # TODO(jaosorior): pass this via t-h-t + $environment = hiera('rabbitmq_environment'), + $generate_service_certificates = hiera('generate_service_certificates', false), + $inet_dist_interface = hiera('rabbitmq::interface', undef), + $ipv6 = str2bool(hiera('rabbit_ipv6', false)), + $kernel_variables = hiera('rabbitmq_kernel_variables'), + $nodes = hiera('rabbitmq_node_names', []), + $rabbitmq_pass = hiera('rabbitmq::default_pass'), + $rabbitmq_user = hiera('rabbitmq::default_user'), + $stack_action = hiera('stack_action'), + $step = hiera('step'), ) { + if $enable_internal_tls { + if $generate_service_certificates { + ensure_resource('class', 'tripleo::certmonger::rabbitmq', $certificate_specs) + } + $tls_certfile = $certificate_specs['service_certificate'] + $tls_keyfile = $certificate_specs['service_key'] + } else { + $tls_certfile = undef + $tls_keyfile = undef + } + # IPv6 environment, necessary for RabbitMQ. if $ipv6 { $rabbit_env = merge($environment, { @@ -85,6 +136,9 @@ class tripleo::profile::base::rabbitmq ( config_kernel_variables => $real_kernel_variables, config_variables => $config_variables, environment_variables => $rabbit_env, + # TLS options + ssl_cert => $tls_certfile, + ssl_key => $tls_keyfile, } # when running multi-nodes without Pacemaker if $manage_service { @@ -101,6 +155,20 @@ class tripleo::profile::base::rabbitmq ( config_kernel_variables => $kernel_variables, config_variables => $config_variables, environment_variables => $rabbit_env, + # TLS options + ssl_cert => $tls_certfile, + ssl_key => $tls_keyfile, + } + } + # In case of HA, starting of rabbitmq-server is managed by pacemaker, because of which, a dependency + # to Service['rabbitmq-server'] will not work. Sticking with UPDATE action. + if $stack_action == 'UPDATE' { + # Required for changing password on update scenario. Password will be changed only when + # called explicity, if the rabbitmq service is already running. + rabbitmq_user { $rabbitmq_user : + password => $rabbitmq_pass, + provider => 'rabbitmqctl', + admin => true, } } } diff --git a/manifests/profile/base/sahara.pp b/manifests/profile/base/sahara.pp index 8db071b..7f4ecbe 100644 --- a/manifests/profile/base/sahara.pp +++ b/manifests/profile/base/sahara.pp @@ -26,19 +26,64 @@ # (Optional) The current step of the deployment # Defaults to hiera('step') # -# [*rabbit_hosts*] -# list of the rabbbit host fqdns +# [*oslomsg_rpc_proto*] +# Protocol driver for the oslo messaging rpc service +# Defaults to hiera('messaging_rpc_service_name', rabbit) +# +# [*oslomsg_rpc_hosts*] +# list of the oslo messaging rpc host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*oslomsg_rpc_port*] +# IP port for oslo messaging rpc service +# Defaults to hiera('sahara::rabbit_port', 5672) +# +# [*oslomsg_rpc_username*] +# Username for oslo messaging rpc service +# Defaults to hiera('sahara::rabbit_userid', 'guest') +# +# [*oslomsg_rpc_password*] +# Password for oslo messaging rpc service +# Defaults to hiera('sahara::rabbit_password') +# +# [*oslomsg_notify_proto*] +# Protocol driver for the oslo messaging notify service +# Defaults to hiera('messaging_notify_service_name', rabbit) +# +# [*oslomsg_notify_hosts*] +# list of the oslo messaging notify host fqdns # Defaults to hiera('rabbitmq_node_names') # -# [*rabbit_port*] -# IP port for rabbitmq service +# [*oslomsg_notify_port*] +# IP port for oslo messaging notify service # Defaults to hiera('sahara::rabbit_port', 5672) +# +# [*oslomsg_notify_username*] +# Username for oslo messaging notify service +# Defaults to hiera('sahara::rabbit_userid', 'guest') +# +# [*oslomsg_notify_password*] +# Password for oslo messaging notify service +# Defaults to hiera('sahara::rabbit_password') +# +# [*oslomsg_use_ssl*] +# Enable ssl oslo messaging services +# Defaults to hiera('sahara::rabbit_use_ssl', '0') class tripleo::profile::base::sahara ( - $bootstrap_node = hiera('bootstrap_nodeid', undef), - $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_names', undef), - $rabbit_port = hiera('sahara::rabbit_port', 5672), + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $step = hiera('step'), + $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), + $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_rpc_password = hiera('sahara::rabbit_password'), + $oslomsg_rpc_port = hiera('sahara::rabbit_port', '5672'), + $oslomsg_rpc_username = hiera('sahara::rabbit_userid', 'guest'), + $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'), + $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_notify_password = hiera('sahara::rabbit_password'), + $oslomsg_notify_port = hiera('sahara::rabbit_port', '5672'), + $oslomsg_notify_username = hiera('sahara::rabbit_userid', 'guest'), + $oslomsg_use_ssl = hiera('sahara::rabbit_use_ssl', '0'), ) { if $::hostname == downcase($bootstrap_node) { $sync_db = true @@ -47,10 +92,28 @@ class tripleo::profile::base::sahara ( } if $step >= 4 or ($step >= 3 and $sync_db){ - $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") + $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) class { '::sahara': - sync_db => $sync_db, - rabbit_hosts => $rabbit_endpoints, + sync_db => $sync_db, + default_transport_url => os_transport_url({ + 'transport' => $oslomsg_rpc_proto, + 'hosts' => $oslomsg_rpc_hosts, + 'port' => $oslomsg_rpc_port, + 'username' => $oslomsg_rpc_username, + 'password' => $oslomsg_rpc_password, + 'ssl' => $oslomsg_use_ssl_real, + }), + } + class { '::sahara::notify': + notification_transport_url => os_transport_url({ + 'transport' => $oslomsg_notify_proto, + 'hosts' => $oslomsg_notify_hosts, + 'port' => $oslomsg_notify_port, + 'username' => $oslomsg_notify_username, + 'password' => $oslomsg_notify_password, + 'ssl' => $oslomsg_use_ssl_real, + }), } + include ::sahara::keystone::authtoken } } diff --git a/manifests/profile/base/swift/proxy.pp b/manifests/profile/base/swift/proxy.pp index 5bd75bd..0d9ba68 100644 --- a/manifests/profile/base/swift/proxy.pp +++ b/manifests/profile/base/swift/proxy.pp @@ -18,38 +18,58 @@ # # === Parameters # -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') +# [*ceilometer_enabled*] +# Whether the ceilometer pipeline is enabled. +# Defaults to true # -# [*memcache_servers*] -# (Optional) List of memcache servers -# Defaults to hiera('memcached_node_ips') +# [*ceilometer_messaging_driver*] +# Driver for messaging service. +# Defaults to hiera('messaging_notify_service_name', 'rabbit') +# +# [*ceilometer_messaging_hosts*] +# list of the messaging host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*ceilometer_messaging_password*] +# Password for messaging nova queue +# Defaults to hiera('swift::proxy::ceilometer::rabbit_password', undef) +# +# [*ceilometer_messaging_port*] +# IP port for messaging service +# Defaults to hiera('tripleo::profile::base::swift::proxy::rabbit_port', 5672) +# +# [*ceilometer_messaging_use_ssl*] +# Flag indicating ssl usage. +# Defaults to '0' +# +# [*ceilometer_messaging_username*] +# Username for messaging nova queue +# Defaults to hiera('swift::proxy::ceilometer::rabbit_user', 'guest') # # [*memcache_port*] # (Optional) memcache port # Defaults to 11211 # -# [*rabbit_hosts*] -# list of the rabbbit host fqdns -# Defaults to hiera('rabbitmq_node_names') -# -# [*rabbit_port*] -# IP port for rabbitmq service -# Defaults to 5672 +# [*memcache_servers*] +# (Optional) List of memcache servers +# Defaults to hiera('memcached_node_ips') # -# [*ceilometer_enabled*] -# Whether the ceilometer pipeline is enabled. -# Defaults to true +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') # class tripleo::profile::base::swift::proxy ( - $step = hiera('step'), - $memcache_servers = hiera('memcached_node_ips'), - $memcache_port = 11211, - $rabbit_hosts = hiera('rabbitmq_node_names', undef), - $rabbit_port = 5672, - $ceilometer_enabled = true, + $ceilometer_enabled = true, + $ceilometer_messaging_driver = hiera('messaging_notify_service_name', 'rabbit'), + $ceilometer_messaging_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $ceilometer_messaging_password = hiera('swift::proxy::ceilometer::rabbit_password', undef), + $ceilometer_messaging_port = hiera('tripleo::profile::base::swift::proxy::rabbit_port', '5672'), + $ceilometer_messaging_use_ssl = '0', + $ceilometer_messaging_username = hiera('swift::proxy::ceilometer::rabbit_user', 'guest'), + $memcache_port = 11211, + $memcache_servers = hiera('memcached_node_ips'), + $step = hiera('step'), ) { if $step >= 4 { $swift_memcache_servers = suffix(any2array(normalize_ip_for_uri($memcache_servers)), ":${memcache_port}") @@ -68,10 +88,17 @@ class tripleo::profile::base::swift::proxy ( include ::swift::proxy::tempurl include ::swift::proxy::formpost include ::swift::proxy::bulk - $swift_rabbit_hosts = suffix(any2array($rabbit_hosts), ":${rabbit_port}") + $ceilometer_messaging_use_ssl_real = sprintf('%s', bool2num(str2bool($ceilometer_messaging_use_ssl))) if $ceilometer_enabled { class { '::swift::proxy::ceilometer': - rabbit_hosts => $swift_rabbit_hosts, + default_transport_url => os_transport_url({ + 'transport' => $ceilometer_messaging_driver, + 'hosts' => $ceilometer_messaging_hosts, + 'port' => sprintf('%s', $ceilometer_messaging_port), + 'username' => $ceilometer_messaging_username, + 'password' => $ceilometer_messaging_password, + 'ssl' => $ceilometer_messaging_use_ssl_real, + }), } } include ::swift::proxy::versioned_writes @@ -82,6 +109,7 @@ class tripleo::profile::base::swift::proxy ( include ::swift::proxy::account_quotas class { '::swift::objectexpirer': + pipeline => ['catch_errors', 'cache', 'proxy-server'], memcache_servers => $swift_memcache_servers } } diff --git a/manifests/profile/base/tacker.pp b/manifests/profile/base/tacker.pp index e9f6b77..fa85ec1 100644 --- a/manifests/profile/base/tacker.pp +++ b/manifests/profile/base/tacker.pp @@ -22,29 +22,29 @@ # (Optional) The hostname of the node responsible for bootstrapping tasks # Defaults to hiera('bootstrap_nodeid') # -# [*messaging_driver*] -# Driver for messaging service. -# Defaults to hiera('messaging_service_name', 'rabbit') +# [*oslomsg_rpc_proto*] +# Protocol driver for the oslo messaging rpc service +# Defaults to hiera('messaging_rpc_service_name', rabbit) # -# [*messaging_hosts*] -# list of the messaging host fqdns +# [*oslomsg_rpc_hosts*] +# list of the oslo messaging rpc host fqdns # Defaults to hiera('rabbitmq_node_names') # -# [*messaging_password*] -# Password for messaging nova queue -# Defaults to hiera('nova::rabbit_password') +# [*oslomsg_rpc_port*] +# IP port for oslo messaging rpc service +# Defaults to hiera('tacker::rabbit_port', 5672) # -# [*messaging_port*] -# IP port for messaging service -# Defaults to hiera('nova::rabbit_port', 5672) +# [*oslomsg_rpc_username*] +# Username for oslo messaging rpc service +# Defaults to hiera('tacker::rabbit_userid', 'guest') # -# [*messaging_username*] -# Username for messaging nova queue -# Defaults to hiera('nova::rabbit_userid', 'guest') +# [*oslomsg_rpc_password*] +# Password for oslo messaging rpc service +# Defaults to hiera('tacker::rabbit_password') # -# [*messaging_use_ssl*] -# Flag indicating ssl usage. -# Defaults to hiera('nova::rabbit_use_ssl', '0') +# [*oslomsg_use_ssl*] +# Enable ssl oslo messaging services +# Defaults to hiera('tacker::rabbit_use_ssl', '0') # # [*step*] # (Optional) The current step of the deployment @@ -52,12 +52,12 @@ class tripleo::profile::base::tacker ( $bootstrap_node = hiera('bootstrap_nodeid', undef), - $messaging_driver = hiera('messaging_service_name', 'rabbit'), - $messaging_hosts = any2array(hiera('rabbitmq_node_names', undef)), - $messaging_password = hiera('tacker::rabbit_password'), - $messaging_port = hiera('tacker::rabbit_port', '5672'), - $messaging_username = hiera('tacker::rabbit_userid', 'guest'), - $messaging_use_ssl = hiera('tacker::rabbit_use_ssl', '0'), + $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), + $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_rpc_password = hiera('tacker::rabbit_password'), + $oslomsg_rpc_port = hiera('tacker::rabbit_port', '5672'), + $oslomsg_rpc_username = hiera('tacker::rabbit_userid', 'guest'), + $oslomsg_use_ssl = hiera('tacker::rabbit_use_ssl', '0'), $step = hiera('step'), ) { if $::hostname == downcase($bootstrap_node) { @@ -67,16 +67,16 @@ class tripleo::profile::base::tacker ( } if $step >= 4 or ($step >= 3 and $sync_db){ - $messaging_use_ssl_real = sprintf('%s', bool2num(str2bool($messaging_use_ssl))) + $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) class { '::tacker': sync_db => $sync_db, default_transport_url => os_transport_url({ - 'transport' => $messaging_driver, - 'hosts' => $messaging_hosts, - 'port' => sprintf('%s', $messaging_port), - 'username' => $messaging_username, - 'password' => $messaging_password, - 'ssl' => $messaging_use_ssl_real, + 'transport' => $oslomsg_rpc_proto, + 'hosts' => $oslomsg_rpc_hosts, + 'port' => sprintf('%s', $oslomsg_rpc_port), + 'username' => $oslomsg_rpc_username, + 'password' => $oslomsg_rpc_password, + 'ssl' => $oslomsg_use_ssl_real, }), } diff --git a/manifests/profile/base/time/ntp.pp b/manifests/profile/base/time/ntp.pp index c6ce309..06a3048 100644 --- a/manifests/profile/base/time/ntp.pp +++ b/manifests/profile/base/time/ntp.pp @@ -19,10 +19,12 @@ # class tripleo::profile::base::time::ntp { - # if installed, we don't want chrony to conflict with ntp. - package { 'chrony': - ensure => 'purged', - before => Service['ntp'], + # If installed, we don't want chrony to conflict with ntp. LP#1665426 + # It should be noted that this work even if the package is not installed + service { 'chronyd': + ensure => stopped, + enable => false, + before => Class['ntp'] } include ::ntp } diff --git a/manifests/profile/base/vpp.pp b/manifests/profile/base/vpp.pp new file mode 100644 index 0000000..05f52f9 --- /dev/null +++ b/manifests/profile/base/vpp.pp @@ -0,0 +1,32 @@ +# Copyright 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::vpp +# +# vpp profile for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::vpp ( + $step = hiera('step'), +) { + if $step >= 1 { + include ::fdio + } +} |