summaryrefslogtreecommitdiffstats
path: root/manifests/profile
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/profile')
-rw-r--r--manifests/profile/base/ceilometer.pp19
-rw-r--r--manifests/profile/base/ceilometer/agent/notification.pp1
-rw-r--r--manifests/profile/base/ceilometer/agent/polling.pp5
-rw-r--r--manifests/profile/base/ceilometer/upgrade.pp49
-rw-r--r--manifests/profile/base/database/mysql.pp3
-rw-r--r--manifests/profile/base/docker.pp2
-rw-r--r--manifests/profile/base/keystone.pp6
-rw-r--r--manifests/profile/base/mistral/api.pp14
-rw-r--r--manifests/profile/base/neutron/lbaas.pp44
-rw-r--r--manifests/profile/pacemaker/haproxy_bundle.pp196
-rw-r--r--manifests/profile/pacemaker/neutron/lbaas.pp44
11 files changed, 352 insertions, 31 deletions
diff --git a/manifests/profile/base/ceilometer.pp b/manifests/profile/base/ceilometer.pp
index e6a2f11..a85be5d 100644
--- a/manifests/profile/base/ceilometer.pp
+++ b/manifests/profile/base/ceilometer.pp
@@ -18,10 +18,6 @@
#
# === Parameters
#
-# [*bootstrap_node*]
-# (Optional) The hostname of the node responsible for bootstrapping tasks
-# Defaults to hiera('bootstrap_nodeid')
-#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
@@ -72,7 +68,6 @@
# Defaults to hiera('ceilometer::rabbit_use_ssl', '0')
class tripleo::profile::base::ceilometer (
- $bootstrap_node = hiera('bootstrap_nodeid', undef),
$step = hiera('step'),
$oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
$oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
@@ -86,11 +81,6 @@ class tripleo::profile::base::ceilometer (
$oslomsg_notify_username = hiera('ceilometer::rabbit_userid', 'guest'),
$oslomsg_use_ssl = hiera('ceilometer::rabbit_use_ssl', '0'),
) {
- if $::hostname == downcase($bootstrap_node) {
- $sync_db = true
- } else {
- $sync_db = false
- }
if $step >= 3 {
$oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
@@ -114,13 +104,4 @@ class tripleo::profile::base::ceilometer (
}
include ::ceilometer::config
}
-
- # Run ceilometer-upgrade in step 5 so gnocchi resource types
- # are created safely.
- if $step >= 5 and $sync_db {
- exec {'ceilometer-db-upgrade':
- command => 'ceilometer-upgrade --skip-metering-database',
- path => ['/usr/bin', '/usr/sbin'],
- }
- }
}
diff --git a/manifests/profile/base/ceilometer/agent/notification.pp b/manifests/profile/base/ceilometer/agent/notification.pp
index 7fe8e81..3fa139a 100644
--- a/manifests/profile/base/ceilometer/agent/notification.pp
+++ b/manifests/profile/base/ceilometer/agent/notification.pp
@@ -27,6 +27,7 @@ class tripleo::profile::base::ceilometer::agent::notification (
$step = hiera('step'),
) {
include ::tripleo::profile::base::ceilometer
+ include ::tripleo::profile::base::ceilometer::upgrade
if $step >= 4 {
include ::ceilometer::agent::auth
diff --git a/manifests/profile/base/ceilometer/agent/polling.pp b/manifests/profile/base/ceilometer/agent/polling.pp
index 3706c2e..fedf035 100644
--- a/manifests/profile/base/ceilometer/agent/polling.pp
+++ b/manifests/profile/base/ceilometer/agent/polling.pp
@@ -51,6 +51,10 @@ class tripleo::profile::base::ceilometer::agent::polling (
) {
include ::tripleo::profile::base::ceilometer
+ if $central_namespace {
+ include ::tripleo::profile::base::ceilometer::upgrade
+ }
+
if $step >= 4 {
include ::ceilometer::agent::auth
class { '::ceilometer::agent::polling':
@@ -60,5 +64,4 @@ class tripleo::profile::base::ceilometer::agent::polling (
coordination_url => join(['redis://:', $ceilometer_redis_password, '@', normalize_ip_for_uri($redis_vip), ':6379/']),
}
}
-
}
diff --git a/manifests/profile/base/ceilometer/upgrade.pp b/manifests/profile/base/ceilometer/upgrade.pp
new file mode 100644
index 0000000..d0fc9be
--- /dev/null
+++ b/manifests/profile/base/ceilometer/upgrade.pp
@@ -0,0 +1,49 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::ceilometer::upgrade
+#
+# Ceilometer upgrade profile for tripleo
+#
+# === Parameters
+#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+
+class tripleo::profile::base::ceilometer::upgrade (
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $step = hiera('step'),
+) {
+ if $::hostname == downcase($bootstrap_node) {
+ $sync_db = true
+ } else {
+ $sync_db = false
+ }
+
+ # Run ceilometer-upgrade in step 5 so gnocchi resource types
+ # are created safely.
+ if $step >= 5 and $sync_db {
+ exec {'ceilometer-db-upgrade':
+ command => 'ceilometer-upgrade --skip-metering-database',
+ path => ['/usr/bin', '/usr/sbin'],
+ }
+ }
+}
diff --git a/manifests/profile/base/database/mysql.pp b/manifests/profile/base/database/mysql.pp
index b4ac8ac..2dac028 100644
--- a/manifests/profile/base/database/mysql.pp
+++ b/manifests/profile/base/database/mysql.pp
@@ -199,6 +199,9 @@ class tripleo::profile::base::database::mysql (
if hiera('nova_placement_enabled', false) {
include ::nova::db::mysql_placement
}
+ if hiera('octavia_api_enabled', false) {
+ include ::octavia::db::mysql
+ }
if hiera('sahara_api_enabled', false) {
include ::sahara::db::mysql
}
diff --git a/manifests/profile/base/docker.pp b/manifests/profile/base/docker.pp
index bc784b5..29f8b75 100644
--- a/manifests/profile/base/docker.pp
+++ b/manifests/profile/base/docker.pp
@@ -125,6 +125,8 @@ class tripleo::profile::base::docker (
lens => 'Shellvars.lns',
incl => '/etc/sysconfig/docker-storage',
changes => $storage_changes,
+ notify => Service['docker'],
+ require => Package['docker'],
}
}
diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp
index 72a7bc9..c7eea14 100644
--- a/manifests/profile/base/keystone.pp
+++ b/manifests/profile/base/keystone.pp
@@ -222,6 +222,12 @@ class tripleo::profile::base::keystone (
if $ldap_backend_enable {
validate_hash($ldap_backends_config)
+ if !str2bool($::selinux) {
+ selboolean { 'authlogin_nsswitch_use_ldap':
+ value => on,
+ persistent => true,
+ }
+ }
create_resources('::keystone::ldap_backend', $ldap_backends_config, {
create_domain_entry => $manage_domain,
})
diff --git a/manifests/profile/base/mistral/api.pp b/manifests/profile/base/mistral/api.pp
index 3e0eed7..4f81725 100644
--- a/manifests/profile/base/mistral/api.pp
+++ b/manifests/profile/base/mistral/api.pp
@@ -75,19 +75,11 @@ class tripleo::profile::base::mistral::api (
}
if $step >= 3 {
- # TODO: Cleanup when this passes t-h-t
- class { '::mistral::api':
- service_name => 'httpd',
- }
-
+ include ::mistral::api
include ::apache::mod::ssl
class { '::mistral::wsgi::apache':
- ssl_cert => $tls_certfile,
- ssl_key => $tls_keyfile,
- # The following are temporary and will be passed via t-h-t
- ssl => $enable_internal_tls,
- servername => hiera("fqdn_${mistral_api_network}"),
- bind_host => hiera('mistral::api::bind_host'),
+ ssl_cert => $tls_certfile,
+ ssl_key => $tls_keyfile,
}
}
}
diff --git a/manifests/profile/base/neutron/lbaas.pp b/manifests/profile/base/neutron/lbaas.pp
new file mode 100644
index 0000000..a6e42ee
--- /dev/null
+++ b/manifests/profile/base/neutron/lbaas.pp
@@ -0,0 +1,44 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::neutron::lbaas
+#
+# Neutron LBaaS Agent profile for tripleo
+#
+# === Parameters
+#
+# [*manage_haproxy_package*]
+# (Optional) Whether to manage the haproxy package.
+# Defaults to hiera('manage_haproxy_package', false)
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::neutron::lbaas(
+ $manage_haproxy_package = hiera('manage_haproxy_package', false),
+ $step = hiera('step'),
+) {
+
+ include ::tripleo::profile::base::neutron
+
+ #LBaaS Driver needs to be run @ $step>=5 as the neutron service needs to already be active which is run @ $step==4
+ if $step >= 5 {
+ include ::neutron::services::lbaas
+ class {'::neutron::agents::lbaas':
+ manage_haproxy_package => $manage_haproxy_package
+ }
+ }
+}
diff --git a/manifests/profile/pacemaker/haproxy_bundle.pp b/manifests/profile/pacemaker/haproxy_bundle.pp
new file mode 100644
index 0000000..3e7b7dd
--- /dev/null
+++ b/manifests/profile/pacemaker/haproxy_bundle.pp
@@ -0,0 +1,196 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::pacemaker::haproxy
+#
+# HAproxy with Pacemaker HA profile for tripleo
+#
+# === Parameters
+#
+# [*haproxy_docker_image*]
+# (Optional) The docker image to use for creating the pacemaker bundle
+# Defaults to hiera('tripleo::profile::pacemaker::haproxy::haproxy_docker_image', undef)
+#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('haproxy_short_bootstrap_node_name')
+#
+# [*enable_load_balancer*]
+# (Optional) Whether load balancing is enabled for this cluster
+# Defaults to hiera('enable_load_balancer', true)
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+# [*pcs_tries*]
+# (Optional) The number of times pcs commands should be retried.
+# Defaults to hiera('pcs_tries', 20)
+#
+class tripleo::profile::pacemaker::haproxy_bundle (
+ $haproxy_docker_image = hiera('tripleo::profile::pacemaker::haproxy::haproxy_docker_image', undef),
+ $bootstrap_node = hiera('haproxy_short_bootstrap_node_name'),
+ $enable_load_balancer = hiera('enable_load_balancer', true),
+ $step = hiera('step'),
+ $pcs_tries = hiera('pcs_tries', 20),
+) {
+ include ::tripleo::profile::base::haproxy
+
+ if $::hostname == downcase($bootstrap_node) {
+ $pacemaker_master = true
+ } else {
+ $pacemaker_master = false
+ }
+
+ if $step >= 1 and $pacemaker_master and hiera('stack_action') == 'UPDATE' and $enable_load_balancer {
+ tripleo::pacemaker::resource_restart_flag { 'haproxy-clone':
+ subscribe => Concat['/etc/haproxy/haproxy.cfg'],
+ }
+ }
+
+ if $step >= 2 and $enable_load_balancer {
+ if $pacemaker_master {
+ $haproxy_short_node_names = hiera('haproxy_short_node_names')
+ $haproxy_short_node_names.each |String $node_name| {
+ pacemaker::property { "haproxy-role-${node_name}":
+ property => 'haproxy-role',
+ value => true,
+ tries => $pcs_tries,
+ node => $node_name,
+ before => Pacemaker::Resource::Bundle['haproxy-bundle'],
+ }
+ }
+ $haproxy_location_rule = {
+ resource_discovery => 'exclusive',
+ score => 0,
+ expression => ['haproxy-role eq true'],
+ }
+ # FIXME: we should not have to access tripleo::haproxy class
+ # parameters here to configure pacemaker VIPs. The configuration
+ # of pacemaker VIPs could move into puppet-tripleo or we should
+ # make use of less specific hiera parameters here for the settings.
+ $haproxy_nodes = hiera('haproxy_short_node_names')
+ $haproxy_nodes_count = count($haproxy_nodes)
+
+ pacemaker::resource::bundle { 'haproxy-bundle':
+ image => $haproxy_docker_image,
+ replicas => $haproxy_nodes_count,
+ container_options => 'network=host',
+ options => '--user=root --log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS',
+ run_command => '/bin/bash /usr/local/bin/kolla_start',
+ storage_maps => {
+ 'haproxy-cfg-files' => {
+ 'source-dir' => '/var/lib/kolla/config_files/haproxy.json',
+ 'target-dir' => '/var/lib/kolla/config_files/config.json',
+ 'options' => 'ro',
+ },
+ 'haproxy-cfg-data' => {
+ 'source-dir' => '/var/lib/config-data/haproxy/etc',
+ 'target-dir' => '/etc',
+ 'options' => 'ro',
+ },
+ 'haproxy-hosts' => {
+ 'source-dir' => '/etc/hosts',
+ 'target-dir' => '/etc/hosts',
+ 'options' => 'ro',
+ },
+ 'haproxy-localtime' => {
+ 'source-dir' => '/etc/localtime',
+ 'target-dir' => '/etc/localtime',
+ 'options' => 'ro',
+ },
+ 'haproxy-pki-extracted' => {
+ 'source-dir' => '/etc/pki/ca-trust/extracted',
+ 'target-dir' => '/etc/pki/ca-trust/extracted',
+ 'options' => 'ro',
+ },
+ 'haproxy-pki-ca-bundle-crt' => {
+ 'source-dir' => '/etc/pki/tls/certs/ca-bundle.crt',
+ 'target-dir' => '/etc/pki/tls/certs/ca-bundle.crt',
+ 'options' => 'ro',
+ },
+ 'haproxy-pki-ca-bundle-trust-crt' => {
+ 'source-dir' => '/etc/pki/tls/certs/ca-bundle.trust.crt',
+ 'target-dir' => '/etc/pki/tls/certs/ca-bundle.trust.crt',
+ 'options' => 'ro',
+ },
+ 'haproxy-pki-cert' => {
+ 'source-dir' => '/etc/pki/tls/cert.pem',
+ 'target-dir' => '/etc/pki/tls/cert.pem',
+ 'options' => 'ro',
+ },
+ 'haproxy-dev-log' => {
+ 'source-dir' => '/dev/log',
+ 'target-dir' => '/dev/log',
+ 'options' => 'rw',
+ },
+ },
+ }
+ $control_vip = hiera('controller_virtual_ip')
+ tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_control_vip':
+ vip_name => 'control',
+ ip_address => $control_vip,
+ location_rule => $haproxy_location_rule,
+ pcs_tries => $pcs_tries,
+ }
+
+ $public_vip = hiera('public_virtual_ip')
+ tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_public_vip':
+ ensure => $public_vip and $public_vip != $control_vip,
+ vip_name => 'public',
+ ip_address => $public_vip,
+ location_rule => $haproxy_location_rule,
+ pcs_tries => $pcs_tries,
+ }
+
+ $redis_vip = hiera('redis_vip')
+ tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_redis_vip':
+ ensure => $redis_vip and $redis_vip != $control_vip,
+ vip_name => 'redis',
+ ip_address => $redis_vip,
+ location_rule => $haproxy_location_rule,
+ pcs_tries => $pcs_tries,
+ }
+
+ $internal_api_vip = hiera('internal_api_virtual_ip')
+ tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_internal_api_vip':
+ ensure => $internal_api_vip and $internal_api_vip != $control_vip,
+ vip_name => 'internal_api',
+ ip_address => $internal_api_vip,
+ location_rule => $haproxy_location_rule,
+ pcs_tries => $pcs_tries,
+ }
+
+ $storage_vip = hiera('storage_virtual_ip')
+ tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_storage_vip':
+ ensure => $storage_vip and $storage_vip != $control_vip,
+ vip_name => 'storage',
+ ip_address => $storage_vip,
+ location_rule => $haproxy_location_rule,
+ pcs_tries => $pcs_tries,
+ }
+
+ $storage_mgmt_vip = hiera('storage_mgmt_virtual_ip')
+ tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_storage_mgmt_vip':
+ ensure => $storage_mgmt_vip and $storage_mgmt_vip != $control_vip,
+ vip_name => 'storage_mgmt',
+ ip_address => $storage_mgmt_vip,
+ location_rule => $haproxy_location_rule,
+ pcs_tries => $pcs_tries,
+ }
+ }
+ }
+
+}
diff --git a/manifests/profile/pacemaker/neutron/lbaas.pp b/manifests/profile/pacemaker/neutron/lbaas.pp
new file mode 100644
index 0000000..96712d4
--- /dev/null
+++ b/manifests/profile/pacemaker/neutron/lbaas.pp
@@ -0,0 +1,44 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::pacemaker::neutron::lbaas
+#
+# Neutron LBaaS Agent Pacemaker HA profile for tripleo
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+# [*pacemaker_master*]
+# (Optional) The hostname of the pacemaker master
+# Defaults to hiera('bootstrap_nodeid')
+#
+class tripleo::profile::pacemaker::neutron::lbaas (
+ $step = hiera('step'),
+ $pacemaker_master = hiera('bootstrap_nodeid'),
+) {
+
+ include ::neutron::params
+ include ::tripleo::profile::pacemaker::neutron
+ include ::tripleo::profile::base::neutron::lbaas
+
+ if $step >= 5 and downcase($::hostname) == $pacemaker_master {
+ pacemaker::resource::service { $::neutron::params::lbaasv2_agent_service:
+ clone_params => 'interleave=true',
+ }
+ }
+}