diff options
Diffstat (limited to 'manifests')
| -rw-r--r-- | manifests/pacemaker/haproxy_with_vip.pp | 18 | ||||
| -rw-r--r-- | manifests/profile/base/ceilometer.pp | 19 | ||||
| -rw-r--r-- | manifests/profile/base/ceilometer/agent/notification.pp | 1 | ||||
| -rw-r--r-- | manifests/profile/base/ceilometer/agent/polling.pp | 5 | ||||
| -rw-r--r-- | manifests/profile/base/ceilometer/upgrade.pp | 49 | ||||
| -rw-r--r-- | manifests/profile/base/database/mysql.pp | 3 | ||||
| -rw-r--r-- | manifests/profile/base/docker.pp | 2 | ||||
| -rw-r--r-- | manifests/profile/base/keystone.pp | 6 | ||||
| -rw-r--r-- | manifests/profile/base/mistral/api.pp | 14 | ||||
| -rw-r--r-- | manifests/profile/base/neutron/lbaas.pp | 44 | ||||
| -rw-r--r-- | manifests/profile/pacemaker/database/redis_bundle.pp | 178 | ||||
| -rw-r--r-- | manifests/profile/pacemaker/haproxy_bundle.pp | 196 | ||||
| -rw-r--r-- | manifests/profile/pacemaker/neutron/lbaas.pp | 44 | ||||
| -rw-r--r-- | manifests/profile/pacemaker/rabbitmq_bundle.pp | 194 |
14 files changed, 739 insertions, 34 deletions
diff --git a/manifests/pacemaker/haproxy_with_vip.pp b/manifests/pacemaker/haproxy_with_vip.pp index 1fc3ff7..606ac26 100644 --- a/manifests/pacemaker/haproxy_with_vip.pp +++ b/manifests/pacemaker/haproxy_with_vip.pp @@ -69,6 +69,12 @@ define tripleo::pacemaker::haproxy_with_vip( $ipv6_addrlabel = '' } + $haproxy_in_container = hiera('haproxy_docker', false) + $constraint_target_name = $haproxy_in_container ? { + true => 'haproxy-bundle', + default => 'haproxy-clone' + } + pacemaker::resource::ip { "${vip_name}_vip": ip_address => $ip_address, cidr_netmask => $netmask, @@ -77,9 +83,10 @@ define tripleo::pacemaker::haproxy_with_vip( location_rule => $location_rule, tries => $pcs_tries, } + pacemaker::constraint::order { "${vip_name}_vip-then-haproxy": first_resource => "ip-${ip_address}", - second_resource => 'haproxy-clone', + second_resource => $constraint_target_name, first_action => 'start', second_action => 'start', constraint_params => 'kind=Optional', @@ -87,13 +94,18 @@ define tripleo::pacemaker::haproxy_with_vip( } pacemaker::constraint::colocation { "${vip_name}_vip-with-haproxy": source => "ip-${ip_address}", - target => 'haproxy-clone', + target => $constraint_target_name, score => 'INFINITY', tries => $pcs_tries, } + $service_resource = $haproxy_in_container ? { + true => Pacemaker::Resource::Bundle['haproxy-bundle'], + default => Pacemaker::Resource::Service['haproxy'] + } + Pacemaker::Resource::Ip["${vip_name}_vip"] -> - Pacemaker::Resource::Service['haproxy'] -> + $service_resource -> Pacemaker::Constraint::Order["${vip_name}_vip-then-haproxy"] -> Pacemaker::Constraint::Colocation["${vip_name}_vip-with-haproxy"] } diff --git a/manifests/profile/base/ceilometer.pp b/manifests/profile/base/ceilometer.pp index e6a2f11..a85be5d 100644 --- a/manifests/profile/base/ceilometer.pp +++ b/manifests/profile/base/ceilometer.pp @@ -18,10 +18,6 @@ # # === Parameters # -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to hiera('bootstrap_nodeid') -# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. @@ -72,7 +68,6 @@ # Defaults to hiera('ceilometer::rabbit_use_ssl', '0') class tripleo::profile::base::ceilometer ( - $bootstrap_node = hiera('bootstrap_nodeid', undef), $step = hiera('step'), $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), @@ -86,11 +81,6 @@ class tripleo::profile::base::ceilometer ( $oslomsg_notify_username = hiera('ceilometer::rabbit_userid', 'guest'), $oslomsg_use_ssl = hiera('ceilometer::rabbit_use_ssl', '0'), ) { - if $::hostname == downcase($bootstrap_node) { - $sync_db = true - } else { - $sync_db = false - } if $step >= 3 { $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) @@ -114,13 +104,4 @@ class tripleo::profile::base::ceilometer ( } include ::ceilometer::config } - - # Run ceilometer-upgrade in step 5 so gnocchi resource types - # are created safely. - if $step >= 5 and $sync_db { - exec {'ceilometer-db-upgrade': - command => 'ceilometer-upgrade --skip-metering-database', - path => ['/usr/bin', '/usr/sbin'], - } - } } diff --git a/manifests/profile/base/ceilometer/agent/notification.pp b/manifests/profile/base/ceilometer/agent/notification.pp index 7fe8e81..3fa139a 100644 --- a/manifests/profile/base/ceilometer/agent/notification.pp +++ b/manifests/profile/base/ceilometer/agent/notification.pp @@ -27,6 +27,7 @@ class tripleo::profile::base::ceilometer::agent::notification ( $step = hiera('step'), ) { include ::tripleo::profile::base::ceilometer + include ::tripleo::profile::base::ceilometer::upgrade if $step >= 4 { include ::ceilometer::agent::auth diff --git a/manifests/profile/base/ceilometer/agent/polling.pp b/manifests/profile/base/ceilometer/agent/polling.pp index 3706c2e..fedf035 100644 --- a/manifests/profile/base/ceilometer/agent/polling.pp +++ b/manifests/profile/base/ceilometer/agent/polling.pp @@ -51,6 +51,10 @@ class tripleo::profile::base::ceilometer::agent::polling ( ) { include ::tripleo::profile::base::ceilometer + if $central_namespace { + include ::tripleo::profile::base::ceilometer::upgrade + } + if $step >= 4 { include ::ceilometer::agent::auth class { '::ceilometer::agent::polling': @@ -60,5 +64,4 @@ class tripleo::profile::base::ceilometer::agent::polling ( coordination_url => join(['redis://:', $ceilometer_redis_password, '@', normalize_ip_for_uri($redis_vip), ':6379/']), } } - } diff --git a/manifests/profile/base/ceilometer/upgrade.pp b/manifests/profile/base/ceilometer/upgrade.pp new file mode 100644 index 0000000..d0fc9be --- /dev/null +++ b/manifests/profile/base/ceilometer/upgrade.pp @@ -0,0 +1,49 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::ceilometer::upgrade +# +# Ceilometer upgrade profile for tripleo +# +# === Parameters +# +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# + +class tripleo::profile::base::ceilometer::upgrade ( + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $step = hiera('step'), +) { + if $::hostname == downcase($bootstrap_node) { + $sync_db = true + } else { + $sync_db = false + } + + # Run ceilometer-upgrade in step 5 so gnocchi resource types + # are created safely. + if $step >= 5 and $sync_db { + exec {'ceilometer-db-upgrade': + command => 'ceilometer-upgrade --skip-metering-database', + path => ['/usr/bin', '/usr/sbin'], + } + } +} diff --git a/manifests/profile/base/database/mysql.pp b/manifests/profile/base/database/mysql.pp index b4ac8ac..2dac028 100644 --- a/manifests/profile/base/database/mysql.pp +++ b/manifests/profile/base/database/mysql.pp @@ -199,6 +199,9 @@ class tripleo::profile::base::database::mysql ( if hiera('nova_placement_enabled', false) { include ::nova::db::mysql_placement } + if hiera('octavia_api_enabled', false) { + include ::octavia::db::mysql + } if hiera('sahara_api_enabled', false) { include ::sahara::db::mysql } diff --git a/manifests/profile/base/docker.pp b/manifests/profile/base/docker.pp index bc784b5..29f8b75 100644 --- a/manifests/profile/base/docker.pp +++ b/manifests/profile/base/docker.pp @@ -125,6 +125,8 @@ class tripleo::profile::base::docker ( lens => 'Shellvars.lns', incl => '/etc/sysconfig/docker-storage', changes => $storage_changes, + notify => Service['docker'], + require => Package['docker'], } } diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index 72a7bc9..c7eea14 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -222,6 +222,12 @@ class tripleo::profile::base::keystone ( if $ldap_backend_enable { validate_hash($ldap_backends_config) + if !str2bool($::selinux) { + selboolean { 'authlogin_nsswitch_use_ldap': + value => on, + persistent => true, + } + } create_resources('::keystone::ldap_backend', $ldap_backends_config, { create_domain_entry => $manage_domain, }) diff --git a/manifests/profile/base/mistral/api.pp b/manifests/profile/base/mistral/api.pp index 3e0eed7..4f81725 100644 --- a/manifests/profile/base/mistral/api.pp +++ b/manifests/profile/base/mistral/api.pp @@ -75,19 +75,11 @@ class tripleo::profile::base::mistral::api ( } if $step >= 3 { - # TODO: Cleanup when this passes t-h-t - class { '::mistral::api': - service_name => 'httpd', - } - + include ::mistral::api include ::apache::mod::ssl class { '::mistral::wsgi::apache': - ssl_cert => $tls_certfile, - ssl_key => $tls_keyfile, - # The following are temporary and will be passed via t-h-t - ssl => $enable_internal_tls, - servername => hiera("fqdn_${mistral_api_network}"), - bind_host => hiera('mistral::api::bind_host'), + ssl_cert => $tls_certfile, + ssl_key => $tls_keyfile, } } } diff --git a/manifests/profile/base/neutron/lbaas.pp b/manifests/profile/base/neutron/lbaas.pp new file mode 100644 index 0000000..a6e42ee --- /dev/null +++ b/manifests/profile/base/neutron/lbaas.pp @@ -0,0 +1,44 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::neutron::lbaas +# +# Neutron LBaaS Agent profile for tripleo +# +# === Parameters +# +# [*manage_haproxy_package*] +# (Optional) Whether to manage the haproxy package. +# Defaults to hiera('manage_haproxy_package', false) +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::neutron::lbaas( + $manage_haproxy_package = hiera('manage_haproxy_package', false), + $step = hiera('step'), +) { + + include ::tripleo::profile::base::neutron + + #LBaaS Driver needs to be run @ $step>=5 as the neutron service needs to already be active which is run @ $step==4 + if $step >= 5 { + include ::neutron::services::lbaas + class {'::neutron::agents::lbaas': + manage_haproxy_package => $manage_haproxy_package + } + } +} diff --git a/manifests/profile/pacemaker/database/redis_bundle.pp b/manifests/profile/pacemaker/database/redis_bundle.pp new file mode 100644 index 0000000..167e54a --- /dev/null +++ b/manifests/profile/pacemaker/database/redis_bundle.pp @@ -0,0 +1,178 @@ +# Copyright 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::pacemaker::database::redis_bundle +# +# Containerized Redis Pacemaker HA profile for tripleo +# +# === Parameters +# +# [*redis_docker_image*] +# (Optional) The docker image to use for creating the pacemaker bundle +# Defaults to hiera('tripleo::profile::pacemaker::redis_bundle::redis_docker_image', undef) +# +# [*redis_docker_control_port*] +# (Optional) The bundle's pacemaker_remote control port on the host +# Defaults to hiera('tripleo::profile::pacemaker::redis_bundle::control_port', '3121') +# +# [*pcs_tries*] +# (Optional) The number of times pcs commands should be retried. +# Defaults to hiera('pcs_tries', 20) +# +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('redis_short_bootstrap_node_name') +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +# +class tripleo::profile::pacemaker::database::redis_bundle ( + $bootstrap_node = hiera('redis_short_bootstrap_node_name'), + $redis_docker_image = hiera('tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image', undef), + $redis_docker_control_port = hiera('tripleo::profile::pacemaker::database::redis_bundle::control_port', '3124'), + $pcs_tries = hiera('pcs_tries', 20), + $step = hiera('step'), +) { + if $::hostname == downcase($bootstrap_node) { + $pacemaker_master = true + } else { + $pacemaker_master = false + } + + include ::tripleo::profile::base::database::redis + + if $step >= 2 { + if $pacemaker_master { + $redis_short_node_names = hiera('redis_short_node_names') + $redis_nodes_count = count($redis_short_node_names) + $redis_short_node_names.each |String $node_name| { + pacemaker::property { "redis-role-${node_name}": + property => 'redis-role', + value => true, + tries => $pcs_tries, + node => $node_name, + before => Pacemaker::Resource::Bundle['redis-bundle'], + } + } + + pacemaker::resource::bundle { 'redis-bundle': + image => $redis_docker_image, + replicas => $redis_nodes_count, + masters => 1, + container_options => 'network=host', + options => '--user=root --log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS', + run_command => '/bin/bash /usr/local/bin/kolla_start', + network => "control-port=${redis_docker_control_port}", + storage_maps => { + 'redis-cfg-files' => { + 'source-dir' => '/var/lib/kolla/config_files/redis.json', + 'target-dir' => '/var/lib/kolla/config_files/config.json', + 'options' => 'ro', + }, + 'redis-cfg-data-redis' => { + 'source-dir' => '/var/lib/config-data/redis/etc/redis', + 'target-dir' => '/etc/redis', + 'options' => 'ro', + }, + 'redis-cfg-data-redis-conf' => { + 'source-dir' => '/var/lib/config-data/redis/etc/redis.conf', + 'target-dir' => '/etc/redis.conf', + 'options' => 'ro', + }, + 'redis-cfg-data-redis-conf-puppet' => { + 'source-dir' => '/var/lib/config-data/redis/etc/redis.conf.puppet', + 'target-dir' => '/etc/redis.conf.puppet', + 'options' => 'ro', + }, + 'redis-cfg-data-redis-sentinel' => { + 'source-dir' => '/var/lib/config-data/redis/etc/redis-sentinel.conf', + 'target-dir' => '/etc/redis-sentinel.conf', + 'options' => 'ro', + }, + 'redis-hosts' => { + 'source-dir' => '/etc/hosts', + 'target-dir' => '/etc/hosts', + 'options' => 'ro', + }, + 'redis-localtime' => { + 'source-dir' => '/etc/localtime', + 'target-dir' => '/etc/localtime', + 'options' => 'ro', + }, + 'redis-lib' => { + 'source-dir' => '/var/lib/redis', + 'target-dir' => '/var/lib/redis', + 'options' => 'rw', + }, + 'redis-log' => { + 'source-dir' => '/var/log/redis', + 'target-dir' => '/var/log/redis', + 'options' => 'rw', + }, + 'redis-run' => { + 'source-dir' => '/var/run/redis', + 'target-dir' => '/var/run/redis', + 'options' => 'rw', + }, + 'redis-pki-extracted' => { + 'source-dir' => '/etc/pki/ca-trust/extracted', + 'target-dir' => '/etc/pki/ca-trust/extracted', + 'options' => 'ro', + }, + 'redis-pki-ca-bundle-crt' => { + 'source-dir' => '/etc/pki/tls/certs/ca-bundle.crt', + 'target-dir' => '/etc/pki/tls/certs/ca-bundle.crt', + 'options' => 'ro', + }, + 'redis-pki-ca-bundle-trust-crt' => { + 'source-dir' => '/etc/pki/tls/certs/ca-bundle.trust.crt', + 'target-dir' => '/etc/pki/tls/certs/ca-bundle.trust.crt', + 'options' => 'ro', + }, + 'redis-pki-cert' => { + 'source-dir' => '/etc/pki/tls/cert.pem', + 'target-dir' => '/etc/pki/tls/cert.pem', + 'options' => 'ro', + }, + 'redis-dev-log' => { + 'source-dir' => '/dev/log', + 'target-dir' => '/dev/log', + 'options' => 'rw', + }, + }, + } + + pacemaker::resource::ocf { 'redis': + ocf_agent_name => 'heartbeat:redis', + resource_params => 'wait_last_known_master=true', + master_params => '', + meta_params => 'notify=true ordered=true interleave=true', + op_params => 'start timeout=200s stop timeout=200s', + tries => $pcs_tries, + location_rule => { + resource_discovery => 'exclusive', + score => 0, + expression => ['redis-role eq true'], + }, + bundle => 'redis-bundle', + require => [Class['::redis'], + Pacemaker::Resource::Bundle['redis-bundle']], + } + + } + } +} diff --git a/manifests/profile/pacemaker/haproxy_bundle.pp b/manifests/profile/pacemaker/haproxy_bundle.pp new file mode 100644 index 0000000..3e7b7dd --- /dev/null +++ b/manifests/profile/pacemaker/haproxy_bundle.pp @@ -0,0 +1,196 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::pacemaker::haproxy +# +# HAproxy with Pacemaker HA profile for tripleo +# +# === Parameters +# +# [*haproxy_docker_image*] +# (Optional) The docker image to use for creating the pacemaker bundle +# Defaults to hiera('tripleo::profile::pacemaker::haproxy::haproxy_docker_image', undef) +# +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('haproxy_short_bootstrap_node_name') +# +# [*enable_load_balancer*] +# (Optional) Whether load balancing is enabled for this cluster +# Defaults to hiera('enable_load_balancer', true) +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +# [*pcs_tries*] +# (Optional) The number of times pcs commands should be retried. +# Defaults to hiera('pcs_tries', 20) +# +class tripleo::profile::pacemaker::haproxy_bundle ( + $haproxy_docker_image = hiera('tripleo::profile::pacemaker::haproxy::haproxy_docker_image', undef), + $bootstrap_node = hiera('haproxy_short_bootstrap_node_name'), + $enable_load_balancer = hiera('enable_load_balancer', true), + $step = hiera('step'), + $pcs_tries = hiera('pcs_tries', 20), +) { + include ::tripleo::profile::base::haproxy + + if $::hostname == downcase($bootstrap_node) { + $pacemaker_master = true + } else { + $pacemaker_master = false + } + + if $step >= 1 and $pacemaker_master and hiera('stack_action') == 'UPDATE' and $enable_load_balancer { + tripleo::pacemaker::resource_restart_flag { 'haproxy-clone': + subscribe => Concat['/etc/haproxy/haproxy.cfg'], + } + } + + if $step >= 2 and $enable_load_balancer { + if $pacemaker_master { + $haproxy_short_node_names = hiera('haproxy_short_node_names') + $haproxy_short_node_names.each |String $node_name| { + pacemaker::property { "haproxy-role-${node_name}": + property => 'haproxy-role', + value => true, + tries => $pcs_tries, + node => $node_name, + before => Pacemaker::Resource::Bundle['haproxy-bundle'], + } + } + $haproxy_location_rule = { + resource_discovery => 'exclusive', + score => 0, + expression => ['haproxy-role eq true'], + } + # FIXME: we should not have to access tripleo::haproxy class + # parameters here to configure pacemaker VIPs. The configuration + # of pacemaker VIPs could move into puppet-tripleo or we should + # make use of less specific hiera parameters here for the settings. + $haproxy_nodes = hiera('haproxy_short_node_names') + $haproxy_nodes_count = count($haproxy_nodes) + + pacemaker::resource::bundle { 'haproxy-bundle': + image => $haproxy_docker_image, + replicas => $haproxy_nodes_count, + container_options => 'network=host', + options => '--user=root --log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS', + run_command => '/bin/bash /usr/local/bin/kolla_start', + storage_maps => { + 'haproxy-cfg-files' => { + 'source-dir' => '/var/lib/kolla/config_files/haproxy.json', + 'target-dir' => '/var/lib/kolla/config_files/config.json', + 'options' => 'ro', + }, + 'haproxy-cfg-data' => { + 'source-dir' => '/var/lib/config-data/haproxy/etc', + 'target-dir' => '/etc', + 'options' => 'ro', + }, + 'haproxy-hosts' => { + 'source-dir' => '/etc/hosts', + 'target-dir' => '/etc/hosts', + 'options' => 'ro', + }, + 'haproxy-localtime' => { + 'source-dir' => '/etc/localtime', + 'target-dir' => '/etc/localtime', + 'options' => 'ro', + }, + 'haproxy-pki-extracted' => { + 'source-dir' => '/etc/pki/ca-trust/extracted', + 'target-dir' => '/etc/pki/ca-trust/extracted', + 'options' => 'ro', + }, + 'haproxy-pki-ca-bundle-crt' => { + 'source-dir' => '/etc/pki/tls/certs/ca-bundle.crt', + 'target-dir' => '/etc/pki/tls/certs/ca-bundle.crt', + 'options' => 'ro', + }, + 'haproxy-pki-ca-bundle-trust-crt' => { + 'source-dir' => '/etc/pki/tls/certs/ca-bundle.trust.crt', + 'target-dir' => '/etc/pki/tls/certs/ca-bundle.trust.crt', + 'options' => 'ro', + }, + 'haproxy-pki-cert' => { + 'source-dir' => '/etc/pki/tls/cert.pem', + 'target-dir' => '/etc/pki/tls/cert.pem', + 'options' => 'ro', + }, + 'haproxy-dev-log' => { + 'source-dir' => '/dev/log', + 'target-dir' => '/dev/log', + 'options' => 'rw', + }, + }, + } + $control_vip = hiera('controller_virtual_ip') + tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_control_vip': + vip_name => 'control', + ip_address => $control_vip, + location_rule => $haproxy_location_rule, + pcs_tries => $pcs_tries, + } + + $public_vip = hiera('public_virtual_ip') + tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_public_vip': + ensure => $public_vip and $public_vip != $control_vip, + vip_name => 'public', + ip_address => $public_vip, + location_rule => $haproxy_location_rule, + pcs_tries => $pcs_tries, + } + + $redis_vip = hiera('redis_vip') + tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_redis_vip': + ensure => $redis_vip and $redis_vip != $control_vip, + vip_name => 'redis', + ip_address => $redis_vip, + location_rule => $haproxy_location_rule, + pcs_tries => $pcs_tries, + } + + $internal_api_vip = hiera('internal_api_virtual_ip') + tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_internal_api_vip': + ensure => $internal_api_vip and $internal_api_vip != $control_vip, + vip_name => 'internal_api', + ip_address => $internal_api_vip, + location_rule => $haproxy_location_rule, + pcs_tries => $pcs_tries, + } + + $storage_vip = hiera('storage_virtual_ip') + tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_storage_vip': + ensure => $storage_vip and $storage_vip != $control_vip, + vip_name => 'storage', + ip_address => $storage_vip, + location_rule => $haproxy_location_rule, + pcs_tries => $pcs_tries, + } + + $storage_mgmt_vip = hiera('storage_mgmt_virtual_ip') + tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_storage_mgmt_vip': + ensure => $storage_mgmt_vip and $storage_mgmt_vip != $control_vip, + vip_name => 'storage_mgmt', + ip_address => $storage_mgmt_vip, + location_rule => $haproxy_location_rule, + pcs_tries => $pcs_tries, + } + } + } + +} diff --git a/manifests/profile/pacemaker/neutron/lbaas.pp b/manifests/profile/pacemaker/neutron/lbaas.pp new file mode 100644 index 0000000..96712d4 --- /dev/null +++ b/manifests/profile/pacemaker/neutron/lbaas.pp @@ -0,0 +1,44 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::pacemaker::neutron::lbaas +# +# Neutron LBaaS Agent Pacemaker HA profile for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +# [*pacemaker_master*] +# (Optional) The hostname of the pacemaker master +# Defaults to hiera('bootstrap_nodeid') +# +class tripleo::profile::pacemaker::neutron::lbaas ( + $step = hiera('step'), + $pacemaker_master = hiera('bootstrap_nodeid'), +) { + + include ::neutron::params + include ::tripleo::profile::pacemaker::neutron + include ::tripleo::profile::base::neutron::lbaas + + if $step >= 5 and downcase($::hostname) == $pacemaker_master { + pacemaker::resource::service { $::neutron::params::lbaasv2_agent_service: + clone_params => 'interleave=true', + } + } +} diff --git a/manifests/profile/pacemaker/rabbitmq_bundle.pp b/manifests/profile/pacemaker/rabbitmq_bundle.pp new file mode 100644 index 0000000..b05b0b1 --- /dev/null +++ b/manifests/profile/pacemaker/rabbitmq_bundle.pp @@ -0,0 +1,194 @@ +# Copyright 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::pacemaker::rabbitmq_bundle +# +# Containerized RabbitMQ Pacemaker HA profile for tripleo +# +# === Parameters +# +# [*rabbitmq_docker_image*] +# (Optional) The docker image to use for creating the pacemaker bundle +# Defaults to hiera('tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image', undef) +# +# [*rabbitmq_docker_control_port*] +# (Optional) The bundle's pacemaker_remote control port on the host +# Defaults to hiera('tripleo::profile::pacemaker::rabbitmq_bundle::control_port', '3121') +# +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('rabbitmq_short_bootstrap_node_name') +# +# [*erlang_cookie*] +# (Optional) Content of erlang cookie. +# Defaults to hiera('rabbitmq::erlang_cookie'). +# +# [*user_ha_queues*] +# (Optional) The number of HA queues in to be configured in rabbitmq +# Defaults to hiera('rabbitmq::nr_ha_queues'), which is usually 0 meaning +# that the queues number will be CEIL(N/2) where N is the number of rabbitmq +# nodes. +# +# [*rabbit_nodes*] +# (Optional) The list of rabbitmq nodes names +# Defaults to hiera('rabbitmq_node_names') +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +# [*pcs_tries*] +# (Optional) The number of times pcs commands should be retried. +# Defaults to hiera('pcs_tries', 20) +# +class tripleo::profile::pacemaker::rabbitmq_bundle ( + $rabbitmq_docker_image = hiera('tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image', undef), + $rabbitmq_docker_control_port = hiera('tripleo::profile::pacemaker::rabbitmq_bundle::control_port', '3121'), + $bootstrap_node = hiera('rabbitmq_short_bootstrap_node_name'), + $erlang_cookie = hiera('rabbitmq::erlang_cookie'), + $user_ha_queues = hiera('rabbitmq::nr_ha_queues', 0), + $rabbit_nodes = hiera('rabbitmq_node_names'), + $pcs_tries = hiera('pcs_tries', 20), + $step = hiera('step'), +) { + if $::hostname == downcase($bootstrap_node) { + $pacemaker_master = true + } else { + $pacemaker_master = false + } + + include ::tripleo::profile::base::rabbitmq + + file { '/var/lib/rabbitmq/.erlang.cookie': + ensure => file, + owner => 'rabbitmq', + group => 'rabbitmq', + mode => '0400', + content => $erlang_cookie, + replace => true, + require => Class['::rabbitmq'], + } + + if $step >= 1 and $pacemaker_master and hiera('stack_action') == 'UPDATE' { + tripleo::pacemaker::resource_restart_flag { 'rabbitmq-clone': + subscribe => Class['rabbitmq::service'], + } + } + + + if $step >= 2 { + if $pacemaker_master { + $rabbitmq_short_node_names = hiera('rabbitmq_short_node_names') + $rabbitmq_nodes_count = count($rabbitmq_short_node_names) + $rabbitmq_short_node_names.each |String $node_name| { + pacemaker::property { "rabbitmq-role-${node_name}": + property => 'rabbitmq-role', + value => true, + tries => $pcs_tries, + node => $node_name, + before => Pacemaker::Resource::Bundle['rabbitmq-bundle'], + } + } + + pacemaker::resource::bundle { 'rabbitmq-bundle': + image => $rabbitmq_docker_image, + replicas => $rabbitmq_nodes_count, + container_options => 'network=host', + options => '--user=root --log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS', + run_command => '/bin/bash /usr/local/bin/kolla_start', + network => "control-port=${rabbitmq_docker_control_port}", + storage_maps => { + 'rabbitmq-cfg-files' => { + 'source-dir' => '/var/lib/kolla/config_files/rabbitmq.json', + 'target-dir' => '/var/lib/kolla/config_files/config.json', + 'options' => 'ro', + }, + 'rabbitmq-cfg-data' => { + 'source-dir' => '/var/lib/config-data/rabbitmq/etc/rabbitmq', + 'target-dir' => '/etc/rabbitmq', + 'options' => 'ro', + }, + 'rabbitmq-hosts' => { + 'source-dir' => '/etc/hosts', + 'target-dir' => '/etc/hosts', + 'options' => 'ro', + }, + 'rabbitmq-localtime' => { + 'source-dir' => '/etc/localtime', + 'target-dir' => '/etc/localtime', + 'options' => 'ro', + }, + 'rabbitmq-lib' => { + 'source-dir' => '/var/lib/rabbitmq', + 'target-dir' => '/var/lib/rabbitmq', + 'options' => 'rw', + }, + 'rabbitmq-pki-extracted' => { + 'source-dir' => '/etc/pki/ca-trust/extracted', + 'target-dir' => '/etc/pki/ca-trust/extracted', + 'options' => 'ro', + }, + 'rabbitmq-pki-ca-bundle-crt' => { + 'source-dir' => '/etc/pki/tls/certs/ca-bundle.crt', + 'target-dir' => '/etc/pki/tls/certs/ca-bundle.crt', + 'options' => 'ro', + }, + 'rabbitmq-pki-ca-bundle-trust-crt' => { + 'source-dir' => '/etc/pki/tls/certs/ca-bundle.trust.crt', + 'target-dir' => '/etc/pki/tls/certs/ca-bundle.trust.crt', + 'options' => 'ro', + }, + 'rabbitmq-pki-cert' => { + 'source-dir' => '/etc/pki/tls/cert.pem', + 'target-dir' => '/etc/pki/tls/cert.pem', + 'options' => 'ro', + }, + 'rabbitmq-dev-log' => { + 'source-dir' => '/dev/log', + 'target-dir' => '/dev/log', + 'options' => 'rw', + }, + }, + } + + # The default nr of ha queues is ceiling(N/2) + if $user_ha_queues == 0 { + $nr_rabbit_nodes = size($rabbit_nodes) + $nr_ha_queues = $nr_rabbit_nodes / 2 + ($nr_rabbit_nodes % 2) + $params = "set_policy='ha-all ^(?!amq\\.).* {\"ha-mode\":\"exactly\",\"ha-params\":${nr_ha_queues}}'" + } elsif $user_ha_queues == -1 { + $params = 'set_policy=\'ha-all ^(?!amq\.).* {"ha-mode":"all"}\'' + } else { + $nr_ha_queues = $user_ha_queues + $params = "set_policy='ha-all ^(?!amq\\.).* {\"ha-mode\":\"exactly\",\"ha-params\":${nr_ha_queues}}'" + } + pacemaker::resource::ocf { 'rabbitmq': + ocf_agent_name => 'heartbeat:rabbitmq-cluster', + resource_params => $params, + meta_params => 'notify=true', + op_params => 'start timeout=200s stop timeout=200s', + tries => $pcs_tries, + location_rule => { + resource_discovery => 'exclusive', + score => 0, + expression => ['rabbitmq-role eq true'], + }, + bundle => 'rabbitmq-bundle', + require => [Class['::rabbitmq'], + Pacemaker::Resource::Bundle['rabbitmq-bundle']], + } + } + } +} |