diff options
Diffstat (limited to 'manifests')
-rw-r--r-- | manifests/certmonger/haproxy.pp | 11 | ||||
-rw-r--r-- | manifests/haproxy.pp | 42 | ||||
-rw-r--r-- | manifests/profile/base/database/mongodb.pp | 7 | ||||
-rw-r--r-- | manifests/profile/base/haproxy.pp | 3 | ||||
-rw-r--r-- | manifests/profile/base/swift/add_devices.pp | 5 | ||||
-rw-r--r-- | manifests/profile/base/validations.pp | 29 | ||||
-rw-r--r-- | manifests/profile/pacemaker/database/mysql.pp | 2 | ||||
-rw-r--r-- | manifests/profile/pacemaker/manila.pp | 170 |
8 files changed, 139 insertions, 130 deletions
diff --git a/manifests/certmonger/haproxy.pp b/manifests/certmonger/haproxy.pp index 2b738e6..504acf3 100644 --- a/manifests/certmonger/haproxy.pp +++ b/manifests/certmonger/haproxy.pp @@ -47,18 +47,21 @@ define tripleo::certmonger::haproxy ( $postsave_cmd, $principal = undef, ){ + include ::haproxy::params certmonger_certificate { "${title}-cert": hostname => $hostname, + dnsname => $hostname, certfile => $service_certificate, keyfile => $service_key, postsave_cmd => $postsave_cmd, principal => $principal, } concat { $service_pem : - ensure => present, - mode => '0640', - owner => 'haproxy', - group => 'haproxy', + ensure => present, + mode => '0640', + owner => 'haproxy', + group => 'haproxy', + require => Package[$::haproxy::params::package_name], } concat::fragment { "${title}-cert-fragment": target => $service_pem, diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index e1f5d50..6a81731 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -155,7 +155,7 @@ # # [*nova_novncproxy*] # (optional) Enable or not Nova novncproxy binding -# Defaults to hiera('nova_vncproxy_enabled', false) +# Defaults to hiera('nova_vnc_proxy_enabled', false) # # [*ceilometer*] # (optional) Enable or not Ceilometer API binding @@ -238,6 +238,10 @@ # (optional) Enable or not OpenDaylight binding # Defaults to hiera('opendaylight_api_enabled', false) # +# [*zaqar_ws*] +# (optional) Enable or not Zaqar Websockets binding +# Defaults to false +# # [*service_ports*] # (optional) Hash that contains the values to override from the service ports # The available keys to modify the services' ports are: @@ -287,6 +291,10 @@ # 'zaqar_api_ssl_port' (Defaults to 13888) # 'ceph_rgw_port' (Defaults to 8080) # 'ceph_rgw_ssl_port' (Defaults to 13808) +# 'zaqar_ws_port' (Defaults to 9000) +# 'zaqar_ws_ssl_port' (Defaults to 9000) +# * Note that for zaqar's websockets we don't support having a different +# port for SSL, because it ignores the handshake. # Defaults to {} # class tripleo::haproxy ( @@ -320,7 +328,7 @@ class tripleo::haproxy ( $glance_registry = hiera('glance_registry_enabled', false), $nova_osapi = hiera('nova_api_enabled', false), $nova_metadata = hiera('nova_api_enabled', false), - $nova_novncproxy = hiera('nova_vncproxy_enabled', false), + $nova_novncproxy = hiera('nova_vnc_proxy_enabled', false), $ceilometer = hiera('ceilometer_api_enabled', false), $aodh = hiera('aodh_api_enabled', false), $gnocchi = hiera('gnocchi_api_enabled', false), @@ -341,6 +349,7 @@ class tripleo::haproxy ( $zaqar_api = hiera('zaqar_api_enabled', false), $ceph_rgw = hiera('ceph_rgw_enabled', false), $opendaylight = hiera('opendaylight_api_enabled', false), + $zaqar_ws = hiera('zaqar_api_enabled', false), $service_ports = {} ) { $default_service_ports = { @@ -390,6 +399,8 @@ class tripleo::haproxy ( zaqar_api_ssl_port => 13888, ceph_rgw_port => 8080, ceph_rgw_ssl_port => 13808, + zaqar_ws_port => 9000, + zaqar_ws_ssl_port => 9000, } $ports = merge($default_service_ports, $service_ports) @@ -593,6 +604,11 @@ class tripleo::haproxy ( service_port => $ports[manila_api_port], ip_addresses => hiera('manila_api_node_ips', $controller_hosts_real), server_names => $controller_hosts_names_real, + listen_options => { + 'http-request' => [ + 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], + }, public_ssl_port => $ports[manila_api_ssl_port], } } @@ -977,4 +993,26 @@ class tripleo::haproxy ( options => ['check', 'inter 2000', 'rise 2', 'fall 5'], } } + + if $zaqar_ws { + ::tripleo::haproxy::endpoint { 'zaqar_ws': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('zaqar_ws_vip', $controller_virtual_ip), + service_port => $ports[zaqar_ws_port], + ip_addresses => hiera('zaqar_ws_node_ips', $controller_hosts_real), + server_names => $controller_hosts_names_real, + mode => 'http', + haproxy_listen_bind_param => [], # We don't use a transparent proxy here + listen_options => { + # NOTE(jaosorior): Websockets have more overhead in establishing + # connections than regular HTTP connections. Also, since it begins + # as an HTTP connection and then "upgrades" to a TCP connection, some + # timeouts get overriden by others at certain times of the connection. + # The following values were taken from the following site: + # http://blog.haproxy.com/2012/11/07/websockets-load-balancing-with-haproxy/ + 'timeout' => ['connect 5s', 'client 25s', 'server 25s', 'tunnel 3600s'], + }, + public_ssl_port => $ports[zaqar_ws_ssl_port], + } + } } diff --git a/manifests/profile/base/database/mongodb.pp b/manifests/profile/base/database/mongodb.pp index 1a19bb6..8967f5b 100644 --- a/manifests/profile/base/database/mongodb.pp +++ b/manifests/profile/base/database/mongodb.pp @@ -44,6 +44,13 @@ class tripleo::profile::base::database::mongodb ( include ::tripleo::profile::base::database::mongodbcommon if $bootstrap_node == $::hostname { + # make sure we can connect to all servers before forming the replset + tripleo::profile::pacemaker::database::mongodbvalidator { + $tripleo::profile::base::database::mongodbcommon::mongodb_node_ips : + port => $tripleo::profile::base::database::mongodbcommon::port, + require => Service['mongodb'], + before => Mongodb_replset[$mongodb_replset], + } mongodb_replset { $mongodb_replset : members => $tripleo::profile::base::database::mongodbcommon::mongo_node_ips_with_port_nobr, } diff --git a/manifests/profile/base/haproxy.pp b/manifests/profile/base/haproxy.pp index 68ff3e4..e018f36 100644 --- a/manifests/profile/base/haproxy.pp +++ b/manifests/profile/base/haproxy.pp @@ -79,6 +79,9 @@ class tripleo::profile::base::haproxy ( require => Class['::certmonger'], } create_resources('::tripleo::certmonger::haproxy', $certificates_specs) + # The haproxy fronends (or listen resources) depend on the certificate + # existing and need to be refreshed if it changed. + Tripleo::Certmonger::Haproxy<||> ~> Haproxy::Listen<||> } include ::tripleo::haproxy diff --git a/manifests/profile/base/swift/add_devices.pp b/manifests/profile/base/swift/add_devices.pp index bd4c91c..909ddd6 100644 --- a/manifests/profile/base/swift/add_devices.pp +++ b/manifests/profile/base/swift/add_devices.pp @@ -39,7 +39,10 @@ define tripleo::profile::base::swift::add_devices( $zone = (($server_num%$swift_zones) + 1) # add the rings - $base = regsubst($name,'^r1.*-(.*)$','\1') + $base_notnormal = regsubst($name,'^r1.*-(.*)$','\1') + $ip_notnormal = regsubst($base_notnormal, ':%PORT%.*', '') + $ip = normalize_ip_for_uri($ip_notnormal) + $base = regsubst($base_notnormal, $ip_notnormal, $ip) $object = regsubst($base, '%PORT%', '6000') ring_object_device { $object: zone => '1', diff --git a/manifests/profile/base/validations.pp b/manifests/profile/base/validations.pp new file mode 100644 index 0000000..50a1a8a --- /dev/null +++ b/manifests/profile/base/validations.pp @@ -0,0 +1,29 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::validations +# +# Validations profile for tripleo +# +class tripleo::profile::base::validations { + package {'openstack-tripleo-validations': } + user {'validations': + ensure => present, + comment => 'TripleO validations', + managehome => true, + home => '/home/validations', + shell => '/sbin/nologin', + } +} + diff --git a/manifests/profile/pacemaker/database/mysql.pp b/manifests/profile/pacemaker/database/mysql.pp index 4dc3770..4c54309 100644 --- a/manifests/profile/pacemaker/database/mysql.pp +++ b/manifests/profile/pacemaker/database/mysql.pp @@ -70,7 +70,7 @@ class tripleo::profile::pacemaker::database::mysql ( 'wsrep_drupal_282555_workaround'=> '0', 'wsrep_causal_reads' => '0', 'wsrep_sst_method' => 'rsync', - 'wsrep_provider_options' => "gmcast.listen_addr=tcp://[${mysql_bind_host}]:4567;", + 'wsrep_provider_options' => "gmcast.listen_addr=tcp://${mysql_bind_host}:4567;", } } diff --git a/manifests/profile/pacemaker/manila.pp b/manifests/profile/pacemaker/manila.pp index a7f91fc..45373f6 100644 --- a/manifests/profile/pacemaker/manila.pp +++ b/manifests/profile/pacemaker/manila.pp @@ -22,119 +22,14 @@ # (Optional) The hostname of the node responsible for bootstrapping tasks # Defaults to hiera('bootstrap_nodeid') # -# [*cinder_volume_type*] -# (Optional) -# Defaults to hiera('manila::backend::generic::cinder_volume_type', '') -# -# [*driver_handles_share_servers*] -# (Optional) -# Defaults to hiera('manila::backend::generic::driver_handles_share_servers') -# -# [*manila_generic_enable*] -# (Optional) Enable the generic backend. -# Defaults to hiera('manila_generic_enable_backend', 'false') -# -# [*max_time_to_attach*] -# (Optional) -# Defaults to hiera('manila::backend::generic::max_time_to_attach') -# -# [*max_time_to_create_volume*] -# (Optional) -# Defaults to hiera('manila::backend::generic::max_time_to_create_volume') -# -# [*service_instance_flavor_id*] -# (Optional) -# Defaults to hiera('manila::service_instance::service_instance_flavor_id') -# -# [*service_instance_password*] -# (Optional) -# Defaults to hiera('manila::service_instance::service_instance_password') -# -# [*service_instance_smb_config_path*] -# (Optional) -# Defaults to downcase(hiera('manila::backend::generic::service_instance_smb_config_path')) -# -# [*service_instance_user*] -# (Optional) -# Defaults to hiera('manila::service_instance::service_instance_user') -# -# [*share_mount_path*] -# (Optional) -# Defaults to hiera('manila::backend::generic::share_mount_path') -# -# [*share_volume_fstype*] -# (Optional) -# Defaults to hiera('manila::backend::generic::share_volume_fstype') -# -# [*smb_template_config_path*] -# (Optional) -# Defaults to hiera('manila::backend::generic::smb_template_config_path') -# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') # -# [*volume_name_template*] -# (Optional) -# Defaults to hiera('manila::backend::generic::volume_name_template') -# -# [*volume_snapshot_name_template*] -# (Optional) -# Defaults to hiera('manila::backend::generic::volume_snapshot_name_template') -# -# [*manila_cephfsnative_enable*] -# (Optional) Enable the CephFS Native backend. -# Defaults to hiera('manila_cephfsnative_enable_backend', 'false') -# -# [*cephfs_handles_share_servers*] -# (Optional) -# Defaults to hiera('manila::backend::cephfsnative::driver_handles_share_servers', false) -# -# [*cephfs_backend_name*] -# (Optional) -# Defaults to hiera('manila::backend::cephfsnative::cephfs_backend_name') -# -# [*cephfs_conf_path*] -# (Optional) -# Defaults to hiera('manila::backend::cephfsnative::cephfs_conf_path') -# -# [*cephfs_auth_id*] -# (Optional) -# Defaults to hiera('manila::backend::cephfsnative::cephfs_auth_id') -# -# [*cephfs_cluster_name*] -# (Optional) -# Defaults to hiera('manila::backend::cephfsnative::cephfs_cluster_name') -# -# [*cephfs_enable_snapshots*] -# (Optional) -# Defaults to hiera('manila::backend::cephfsnative::cephfs_enable_snapshots') -# class tripleo::profile::pacemaker::manila ( $bootstrap_node = hiera('bootstrap_nodeid'), - $cinder_volume_type = hiera('manila::backend::generic::cinder_volume_type', ''), - $driver_handles_share_servers = hiera('manila::backend::generic::driver_handles_share_servers'), - $manila_generic_enable = hiera('manila_generic_enable_backend', false), - $max_time_to_attach = hiera('manila::backend::generic::max_time_to_attach'), - $max_time_to_create_volume = hiera('manila::backend::generic::max_time_to_create_volume'), - $service_instance_flavor_id = hiera('manila::service_instance::service_instance_flavor_id'), - $service_instance_password = hiera('manila::service_instance::service_instance_password'), - $service_instance_smb_config_path = hiera('manila::backend::generic::service_instance_smb_config_path'), - $service_instance_user = hiera('manila::service_instance::service_instance_user'), - $share_mount_path = hiera('manila::backend::generic::share_mount_path'), - $share_volume_fstype = hiera('manila::backend::generic::share_volume_fstype'), - $smb_template_config_path = hiera('manila::backend::generic::smb_template_config_path'), $step = hiera('step'), - $volume_name_template = hiera('manila::backend::generic::volume_name_template'), - $volume_snapshot_name_template = hiera('manila::backend::generic::volume_snapshot_name_template'), - $manila_cephfsnative_enable = hiera('manila::backend::cephfsnative::enable_backend', false), - $cephfs_handles_share_servers = hiera('manila::backend::cephfsnative::driver_handles_share_servers'), - $cephfs_backend_name = hiera('manila::backend::cephfsnative::cephfs_backend_name'), - $cephfs_conf_path = hiera('manila::backend::cephfsnative::cephfs_conf_path'), - $cephfs_auth_id = hiera('manila::backend::cephfsnative::cephfs_auth_id'), - $cephfs_cluster_name = hiera('manila::backend::cephfsnative::cephfs_cluster_name'), - $cephfs_enable_snapshots = hiera('manila::backend::cephfsnative::cephfs_enable_snapshots'), ) { if $::hostname == downcase($bootstrap_node) { $pacemaker_master = true @@ -156,21 +51,26 @@ class tripleo::profile::pacemaker::manila ( include ::tripleo::profile::base::manila::scheduler include ::tripleo::profile::base::manila::share + # manila generic: + $manila_generic_enable = hiera('manila_generic_enable_backend', false) if $manila_generic_enable { $manila_generic_backend = hiera('manila::backend::generic::title') manila::backend::generic { $manila_generic_backend : - driver_handles_share_servers => $driver_handles_share_servers, - smb_template_config_path => $smb_template_config_path, - volume_name_template => $volume_name_template , - volume_snapshot_name_template => $volume_snapshot_name_template, - share_mount_path => $share_mount_path, - max_time_to_create_volume => $max_time_to_create_volume, - max_time_to_attach => $max_time_to_attach, - service_instance_smb_config_path => $service_instance_smb_config_path, - share_volume_fstype => $share_volume_fstype, - cinder_volume_type => $cinder_volume_type, + driver_handles_share_servers => hiera('manila::backend::generic::driver_handles_share_servers', true), + max_time_to_attach => hiera('manila::backend::generic::max_time_to_attach'), + max_time_to_create_volume => hiera('manila::backend::generic::max_time_to_create_volume'), + service_instance_smb_config_path => hiera('manila::backend::generic::service_instance_smb_config_path'), + share_mount_path => hiera('manila::backend::generic::share_mount_path'), + share_volume_fstype => hiera('manila::backend::generic::share_volume_fstype'), + smb_template_config_path => hiera('manila::backend::generic::smb_template_config_path'), + volume_name_template => hiera('manila::backend::generic::volume_name_template'), + volume_snapshot_name_template => hiera('manila::backend::generic::volume_snapshot_name_template'), + cinder_volume_type => hiera('manila::backend::generic::cinder_volume_type'), } + $service_instance_user = hiera('manila::service_instance::service_instance_user') + $service_instance_password = hiera('manila::service_instance::service_instance_password') + $service_instance_flavor_id = hiera('manila::service_instance::service_instance_flavor_id') manila_config { "${manila_generic_backend}/service_instance_user": value => $service_instance_user; "${manila_generic_backend}/service_instance_password": value => $service_instance_password; @@ -181,22 +81,48 @@ class tripleo::profile::pacemaker::manila ( } # manila cephfsnative: + $manila_cephfsnative_enable = hiera('manila::backend::cephfsnative::enable_backend', false) if $manila_cephfsnative_enable { $manila_cephfsnative_backend = hiera('manila::backend::cephfsnative::title') manila::backend::cephfsnative { $manila_cephfsnative_backend : - driver_handles_share_servers => $cephfs_handles_share_servers, - cephfs_backend_name => $cephfs_backend_name, - cephfs_conf_path => $cephfs_conf_path, - cephfs_auth_id => $cephfs_auth_id, - cephfs_cluster_name => $cephfs_cluster_name, - cephfs_enable_snapshots => $cephfs_enable_snapshots, + driver_handles_share_servers => hiera('manila::backend::cephfsnative::driver_handles_share_servers', false), + share_backend_name => hiera('manila::backend::cephfsnative::share_backend_name'), + cephfs_conf_path => hiera('manila::backend::cephfsnative::cephfs_conf_path'), + cephfs_auth_id => hiera('manila::backend::cephfsnative::cephfs_auth_id'), + cephfs_cluster_name => hiera('manila::backend::cephfsnative::cephfs_cluster_name'), + cephfs_enable_snapshots => hiera('manila::backend::cephfsnative::cephfs_enable_snapshots'), + } + } + + # manila netapp: + $manila_netapp_enable = hiera('manila_netapp_enable_backend', false) + if $manila_netapp_enable { + $manila_netapp_backend = hiera('manila::backend::netapp::title') + manila::backend::netapp { $manila_netapp_backend : + driver_handles_share_servers => hiera('manila::backend::netapp::driver_handles_share_servers', true), + netapp_login => hiera('manila::backend::netapp::netapp_login'), + netapp_password => hiera('manila::backend::netapp::netapp_password'), + netapp_server_hostname => hiera('manila::backend::netapp::netapp_server_hostname'), + netapp_transport_type => hiera('manila::backend::netapp::netapp_transport_type'), + netapp_storage_family => hiera('manila::backend::netapp::netapp_storage_family'), + netapp_server_port => hiera('manila::backend::netapp::netapp_server_port'), + netapp_volume_name_template => hiera('manila::backend::netapp::netapp_volume_name_template'), + netapp_vserver => hiera('manila::backend::netapp::netapp_vserver'), + netapp_vserver_name_template => hiera('manila::backend::netapp::netapp_vserver_name_template'), + netapp_lif_name_template => hiera('manila::backend::netapp::netapp_lif_name_template'), + netapp_aggregate_name_search_pattern => hiera('manila::backend::netapp::netapp_aggregate_name_search_pattern'), + netapp_root_volume_aggregate => hiera('manila::backend::netapp::netapp_root_volume_aggregate'), + netapp_root_volume_name => hiera('manila::backend::netapp::netapp_root_volume'), + netapp_port_name_search_pattern => hiera('manila::backend::netapp::netapp_port_name_search_pattern'), + netapp_trace_flags => hiera('manila::backend::netapp::netapp_trace_flags'), } } $manila_enabled_backends = delete_undef_values( [ $manila_generic_backend, - $manila_cephfsnative_backend + $manila_cephfsnative_backend, + $manila_netapp_backend ] ) class { '::manila::backends' : |