summaryrefslogtreecommitdiffstats
path: root/manifests
diff options
context:
space:
mode:
Diffstat (limited to 'manifests')
-rw-r--r--manifests/certmonger/haproxy.pp11
-rw-r--r--manifests/haproxy.pp42
-rw-r--r--manifests/profile/base/database/mongodb.pp7
-rw-r--r--manifests/profile/base/haproxy.pp3
-rw-r--r--manifests/profile/base/swift/add_devices.pp5
-rw-r--r--manifests/profile/base/validations.pp29
-rw-r--r--manifests/profile/pacemaker/database/mysql.pp2
-rw-r--r--manifests/profile/pacemaker/manila.pp170
8 files changed, 139 insertions, 130 deletions
diff --git a/manifests/certmonger/haproxy.pp b/manifests/certmonger/haproxy.pp
index 2b738e6..504acf3 100644
--- a/manifests/certmonger/haproxy.pp
+++ b/manifests/certmonger/haproxy.pp
@@ -47,18 +47,21 @@ define tripleo::certmonger::haproxy (
$postsave_cmd,
$principal = undef,
){
+ include ::haproxy::params
certmonger_certificate { "${title}-cert":
hostname => $hostname,
+ dnsname => $hostname,
certfile => $service_certificate,
keyfile => $service_key,
postsave_cmd => $postsave_cmd,
principal => $principal,
}
concat { $service_pem :
- ensure => present,
- mode => '0640',
- owner => 'haproxy',
- group => 'haproxy',
+ ensure => present,
+ mode => '0640',
+ owner => 'haproxy',
+ group => 'haproxy',
+ require => Package[$::haproxy::params::package_name],
}
concat::fragment { "${title}-cert-fragment":
target => $service_pem,
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index e1f5d50..6a81731 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -155,7 +155,7 @@
#
# [*nova_novncproxy*]
# (optional) Enable or not Nova novncproxy binding
-# Defaults to hiera('nova_vncproxy_enabled', false)
+# Defaults to hiera('nova_vnc_proxy_enabled', false)
#
# [*ceilometer*]
# (optional) Enable or not Ceilometer API binding
@@ -238,6 +238,10 @@
# (optional) Enable or not OpenDaylight binding
# Defaults to hiera('opendaylight_api_enabled', false)
#
+# [*zaqar_ws*]
+# (optional) Enable or not Zaqar Websockets binding
+# Defaults to false
+#
# [*service_ports*]
# (optional) Hash that contains the values to override from the service ports
# The available keys to modify the services' ports are:
@@ -287,6 +291,10 @@
# 'zaqar_api_ssl_port' (Defaults to 13888)
# 'ceph_rgw_port' (Defaults to 8080)
# 'ceph_rgw_ssl_port' (Defaults to 13808)
+# 'zaqar_ws_port' (Defaults to 9000)
+# 'zaqar_ws_ssl_port' (Defaults to 9000)
+# * Note that for zaqar's websockets we don't support having a different
+# port for SSL, because it ignores the handshake.
# Defaults to {}
#
class tripleo::haproxy (
@@ -320,7 +328,7 @@ class tripleo::haproxy (
$glance_registry = hiera('glance_registry_enabled', false),
$nova_osapi = hiera('nova_api_enabled', false),
$nova_metadata = hiera('nova_api_enabled', false),
- $nova_novncproxy = hiera('nova_vncproxy_enabled', false),
+ $nova_novncproxy = hiera('nova_vnc_proxy_enabled', false),
$ceilometer = hiera('ceilometer_api_enabled', false),
$aodh = hiera('aodh_api_enabled', false),
$gnocchi = hiera('gnocchi_api_enabled', false),
@@ -341,6 +349,7 @@ class tripleo::haproxy (
$zaqar_api = hiera('zaqar_api_enabled', false),
$ceph_rgw = hiera('ceph_rgw_enabled', false),
$opendaylight = hiera('opendaylight_api_enabled', false),
+ $zaqar_ws = hiera('zaqar_api_enabled', false),
$service_ports = {}
) {
$default_service_ports = {
@@ -390,6 +399,8 @@ class tripleo::haproxy (
zaqar_api_ssl_port => 13888,
ceph_rgw_port => 8080,
ceph_rgw_ssl_port => 13808,
+ zaqar_ws_port => 9000,
+ zaqar_ws_ssl_port => 9000,
}
$ports = merge($default_service_ports, $service_ports)
@@ -593,6 +604,11 @@ class tripleo::haproxy (
service_port => $ports[manila_api_port],
ip_addresses => hiera('manila_api_node_ips', $controller_hosts_real),
server_names => $controller_hosts_names_real,
+ listen_options => {
+ 'http-request' => [
+ 'set-header X-Forwarded-Proto https if { ssl_fc }',
+ 'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
+ },
public_ssl_port => $ports[manila_api_ssl_port],
}
}
@@ -977,4 +993,26 @@ class tripleo::haproxy (
options => ['check', 'inter 2000', 'rise 2', 'fall 5'],
}
}
+
+ if $zaqar_ws {
+ ::tripleo::haproxy::endpoint { 'zaqar_ws':
+ public_virtual_ip => $public_virtual_ip,
+ internal_ip => hiera('zaqar_ws_vip', $controller_virtual_ip),
+ service_port => $ports[zaqar_ws_port],
+ ip_addresses => hiera('zaqar_ws_node_ips', $controller_hosts_real),
+ server_names => $controller_hosts_names_real,
+ mode => 'http',
+ haproxy_listen_bind_param => [], # We don't use a transparent proxy here
+ listen_options => {
+ # NOTE(jaosorior): Websockets have more overhead in establishing
+ # connections than regular HTTP connections. Also, since it begins
+ # as an HTTP connection and then "upgrades" to a TCP connection, some
+ # timeouts get overriden by others at certain times of the connection.
+ # The following values were taken from the following site:
+ # http://blog.haproxy.com/2012/11/07/websockets-load-balancing-with-haproxy/
+ 'timeout' => ['connect 5s', 'client 25s', 'server 25s', 'tunnel 3600s'],
+ },
+ public_ssl_port => $ports[zaqar_ws_ssl_port],
+ }
+ }
}
diff --git a/manifests/profile/base/database/mongodb.pp b/manifests/profile/base/database/mongodb.pp
index 1a19bb6..8967f5b 100644
--- a/manifests/profile/base/database/mongodb.pp
+++ b/manifests/profile/base/database/mongodb.pp
@@ -44,6 +44,13 @@ class tripleo::profile::base::database::mongodb (
include ::tripleo::profile::base::database::mongodbcommon
if $bootstrap_node == $::hostname {
+ # make sure we can connect to all servers before forming the replset
+ tripleo::profile::pacemaker::database::mongodbvalidator {
+ $tripleo::profile::base::database::mongodbcommon::mongodb_node_ips :
+ port => $tripleo::profile::base::database::mongodbcommon::port,
+ require => Service['mongodb'],
+ before => Mongodb_replset[$mongodb_replset],
+ }
mongodb_replset { $mongodb_replset :
members => $tripleo::profile::base::database::mongodbcommon::mongo_node_ips_with_port_nobr,
}
diff --git a/manifests/profile/base/haproxy.pp b/manifests/profile/base/haproxy.pp
index 68ff3e4..e018f36 100644
--- a/manifests/profile/base/haproxy.pp
+++ b/manifests/profile/base/haproxy.pp
@@ -79,6 +79,9 @@ class tripleo::profile::base::haproxy (
require => Class['::certmonger'],
}
create_resources('::tripleo::certmonger::haproxy', $certificates_specs)
+ # The haproxy fronends (or listen resources) depend on the certificate
+ # existing and need to be refreshed if it changed.
+ Tripleo::Certmonger::Haproxy<||> ~> Haproxy::Listen<||>
}
include ::tripleo::haproxy
diff --git a/manifests/profile/base/swift/add_devices.pp b/manifests/profile/base/swift/add_devices.pp
index bd4c91c..909ddd6 100644
--- a/manifests/profile/base/swift/add_devices.pp
+++ b/manifests/profile/base/swift/add_devices.pp
@@ -39,7 +39,10 @@ define tripleo::profile::base::swift::add_devices(
$zone = (($server_num%$swift_zones) + 1)
# add the rings
- $base = regsubst($name,'^r1.*-(.*)$','\1')
+ $base_notnormal = regsubst($name,'^r1.*-(.*)$','\1')
+ $ip_notnormal = regsubst($base_notnormal, ':%PORT%.*', '')
+ $ip = normalize_ip_for_uri($ip_notnormal)
+ $base = regsubst($base_notnormal, $ip_notnormal, $ip)
$object = regsubst($base, '%PORT%', '6000')
ring_object_device { $object:
zone => '1',
diff --git a/manifests/profile/base/validations.pp b/manifests/profile/base/validations.pp
new file mode 100644
index 0000000..50a1a8a
--- /dev/null
+++ b/manifests/profile/base/validations.pp
@@ -0,0 +1,29 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::validations
+#
+# Validations profile for tripleo
+#
+class tripleo::profile::base::validations {
+ package {'openstack-tripleo-validations': }
+ user {'validations':
+ ensure => present,
+ comment => 'TripleO validations',
+ managehome => true,
+ home => '/home/validations',
+ shell => '/sbin/nologin',
+ }
+}
+
diff --git a/manifests/profile/pacemaker/database/mysql.pp b/manifests/profile/pacemaker/database/mysql.pp
index 4dc3770..4c54309 100644
--- a/manifests/profile/pacemaker/database/mysql.pp
+++ b/manifests/profile/pacemaker/database/mysql.pp
@@ -70,7 +70,7 @@ class tripleo::profile::pacemaker::database::mysql (
'wsrep_drupal_282555_workaround'=> '0',
'wsrep_causal_reads' => '0',
'wsrep_sst_method' => 'rsync',
- 'wsrep_provider_options' => "gmcast.listen_addr=tcp://[${mysql_bind_host}]:4567;",
+ 'wsrep_provider_options' => "gmcast.listen_addr=tcp://${mysql_bind_host}:4567;",
}
}
diff --git a/manifests/profile/pacemaker/manila.pp b/manifests/profile/pacemaker/manila.pp
index a7f91fc..45373f6 100644
--- a/manifests/profile/pacemaker/manila.pp
+++ b/manifests/profile/pacemaker/manila.pp
@@ -22,119 +22,14 @@
# (Optional) The hostname of the node responsible for bootstrapping tasks
# Defaults to hiera('bootstrap_nodeid')
#
-# [*cinder_volume_type*]
-# (Optional)
-# Defaults to hiera('manila::backend::generic::cinder_volume_type', '')
-#
-# [*driver_handles_share_servers*]
-# (Optional)
-# Defaults to hiera('manila::backend::generic::driver_handles_share_servers')
-#
-# [*manila_generic_enable*]
-# (Optional) Enable the generic backend.
-# Defaults to hiera('manila_generic_enable_backend', 'false')
-#
-# [*max_time_to_attach*]
-# (Optional)
-# Defaults to hiera('manila::backend::generic::max_time_to_attach')
-#
-# [*max_time_to_create_volume*]
-# (Optional)
-# Defaults to hiera('manila::backend::generic::max_time_to_create_volume')
-#
-# [*service_instance_flavor_id*]
-# (Optional)
-# Defaults to hiera('manila::service_instance::service_instance_flavor_id')
-#
-# [*service_instance_password*]
-# (Optional)
-# Defaults to hiera('manila::service_instance::service_instance_password')
-#
-# [*service_instance_smb_config_path*]
-# (Optional)
-# Defaults to downcase(hiera('manila::backend::generic::service_instance_smb_config_path'))
-#
-# [*service_instance_user*]
-# (Optional)
-# Defaults to hiera('manila::service_instance::service_instance_user')
-#
-# [*share_mount_path*]
-# (Optional)
-# Defaults to hiera('manila::backend::generic::share_mount_path')
-#
-# [*share_volume_fstype*]
-# (Optional)
-# Defaults to hiera('manila::backend::generic::share_volume_fstype')
-#
-# [*smb_template_config_path*]
-# (Optional)
-# Defaults to hiera('manila::backend::generic::smb_template_config_path')
-#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to hiera('step')
#
-# [*volume_name_template*]
-# (Optional)
-# Defaults to hiera('manila::backend::generic::volume_name_template')
-#
-# [*volume_snapshot_name_template*]
-# (Optional)
-# Defaults to hiera('manila::backend::generic::volume_snapshot_name_template')
-#
-# [*manila_cephfsnative_enable*]
-# (Optional) Enable the CephFS Native backend.
-# Defaults to hiera('manila_cephfsnative_enable_backend', 'false')
-#
-# [*cephfs_handles_share_servers*]
-# (Optional)
-# Defaults to hiera('manila::backend::cephfsnative::driver_handles_share_servers', false)
-#
-# [*cephfs_backend_name*]
-# (Optional)
-# Defaults to hiera('manila::backend::cephfsnative::cephfs_backend_name')
-#
-# [*cephfs_conf_path*]
-# (Optional)
-# Defaults to hiera('manila::backend::cephfsnative::cephfs_conf_path')
-#
-# [*cephfs_auth_id*]
-# (Optional)
-# Defaults to hiera('manila::backend::cephfsnative::cephfs_auth_id')
-#
-# [*cephfs_cluster_name*]
-# (Optional)
-# Defaults to hiera('manila::backend::cephfsnative::cephfs_cluster_name')
-#
-# [*cephfs_enable_snapshots*]
-# (Optional)
-# Defaults to hiera('manila::backend::cephfsnative::cephfs_enable_snapshots')
-#
class tripleo::profile::pacemaker::manila (
$bootstrap_node = hiera('bootstrap_nodeid'),
- $cinder_volume_type = hiera('manila::backend::generic::cinder_volume_type', ''),
- $driver_handles_share_servers = hiera('manila::backend::generic::driver_handles_share_servers'),
- $manila_generic_enable = hiera('manila_generic_enable_backend', false),
- $max_time_to_attach = hiera('manila::backend::generic::max_time_to_attach'),
- $max_time_to_create_volume = hiera('manila::backend::generic::max_time_to_create_volume'),
- $service_instance_flavor_id = hiera('manila::service_instance::service_instance_flavor_id'),
- $service_instance_password = hiera('manila::service_instance::service_instance_password'),
- $service_instance_smb_config_path = hiera('manila::backend::generic::service_instance_smb_config_path'),
- $service_instance_user = hiera('manila::service_instance::service_instance_user'),
- $share_mount_path = hiera('manila::backend::generic::share_mount_path'),
- $share_volume_fstype = hiera('manila::backend::generic::share_volume_fstype'),
- $smb_template_config_path = hiera('manila::backend::generic::smb_template_config_path'),
$step = hiera('step'),
- $volume_name_template = hiera('manila::backend::generic::volume_name_template'),
- $volume_snapshot_name_template = hiera('manila::backend::generic::volume_snapshot_name_template'),
- $manila_cephfsnative_enable = hiera('manila::backend::cephfsnative::enable_backend', false),
- $cephfs_handles_share_servers = hiera('manila::backend::cephfsnative::driver_handles_share_servers'),
- $cephfs_backend_name = hiera('manila::backend::cephfsnative::cephfs_backend_name'),
- $cephfs_conf_path = hiera('manila::backend::cephfsnative::cephfs_conf_path'),
- $cephfs_auth_id = hiera('manila::backend::cephfsnative::cephfs_auth_id'),
- $cephfs_cluster_name = hiera('manila::backend::cephfsnative::cephfs_cluster_name'),
- $cephfs_enable_snapshots = hiera('manila::backend::cephfsnative::cephfs_enable_snapshots'),
) {
if $::hostname == downcase($bootstrap_node) {
$pacemaker_master = true
@@ -156,21 +51,26 @@ class tripleo::profile::pacemaker::manila (
include ::tripleo::profile::base::manila::scheduler
include ::tripleo::profile::base::manila::share
+ # manila generic:
+ $manila_generic_enable = hiera('manila_generic_enable_backend', false)
if $manila_generic_enable {
$manila_generic_backend = hiera('manila::backend::generic::title')
manila::backend::generic { $manila_generic_backend :
- driver_handles_share_servers => $driver_handles_share_servers,
- smb_template_config_path => $smb_template_config_path,
- volume_name_template => $volume_name_template ,
- volume_snapshot_name_template => $volume_snapshot_name_template,
- share_mount_path => $share_mount_path,
- max_time_to_create_volume => $max_time_to_create_volume,
- max_time_to_attach => $max_time_to_attach,
- service_instance_smb_config_path => $service_instance_smb_config_path,
- share_volume_fstype => $share_volume_fstype,
- cinder_volume_type => $cinder_volume_type,
+ driver_handles_share_servers => hiera('manila::backend::generic::driver_handles_share_servers', true),
+ max_time_to_attach => hiera('manila::backend::generic::max_time_to_attach'),
+ max_time_to_create_volume => hiera('manila::backend::generic::max_time_to_create_volume'),
+ service_instance_smb_config_path => hiera('manila::backend::generic::service_instance_smb_config_path'),
+ share_mount_path => hiera('manila::backend::generic::share_mount_path'),
+ share_volume_fstype => hiera('manila::backend::generic::share_volume_fstype'),
+ smb_template_config_path => hiera('manila::backend::generic::smb_template_config_path'),
+ volume_name_template => hiera('manila::backend::generic::volume_name_template'),
+ volume_snapshot_name_template => hiera('manila::backend::generic::volume_snapshot_name_template'),
+ cinder_volume_type => hiera('manila::backend::generic::cinder_volume_type'),
}
+ $service_instance_user = hiera('manila::service_instance::service_instance_user')
+ $service_instance_password = hiera('manila::service_instance::service_instance_password')
+ $service_instance_flavor_id = hiera('manila::service_instance::service_instance_flavor_id')
manila_config {
"${manila_generic_backend}/service_instance_user": value => $service_instance_user;
"${manila_generic_backend}/service_instance_password": value => $service_instance_password;
@@ -181,22 +81,48 @@ class tripleo::profile::pacemaker::manila (
}
# manila cephfsnative:
+ $manila_cephfsnative_enable = hiera('manila::backend::cephfsnative::enable_backend', false)
if $manila_cephfsnative_enable {
$manila_cephfsnative_backend = hiera('manila::backend::cephfsnative::title')
manila::backend::cephfsnative { $manila_cephfsnative_backend :
- driver_handles_share_servers => $cephfs_handles_share_servers,
- cephfs_backend_name => $cephfs_backend_name,
- cephfs_conf_path => $cephfs_conf_path,
- cephfs_auth_id => $cephfs_auth_id,
- cephfs_cluster_name => $cephfs_cluster_name,
- cephfs_enable_snapshots => $cephfs_enable_snapshots,
+ driver_handles_share_servers => hiera('manila::backend::cephfsnative::driver_handles_share_servers', false),
+ share_backend_name => hiera('manila::backend::cephfsnative::share_backend_name'),
+ cephfs_conf_path => hiera('manila::backend::cephfsnative::cephfs_conf_path'),
+ cephfs_auth_id => hiera('manila::backend::cephfsnative::cephfs_auth_id'),
+ cephfs_cluster_name => hiera('manila::backend::cephfsnative::cephfs_cluster_name'),
+ cephfs_enable_snapshots => hiera('manila::backend::cephfsnative::cephfs_enable_snapshots'),
+ }
+ }
+
+ # manila netapp:
+ $manila_netapp_enable = hiera('manila_netapp_enable_backend', false)
+ if $manila_netapp_enable {
+ $manila_netapp_backend = hiera('manila::backend::netapp::title')
+ manila::backend::netapp { $manila_netapp_backend :
+ driver_handles_share_servers => hiera('manila::backend::netapp::driver_handles_share_servers', true),
+ netapp_login => hiera('manila::backend::netapp::netapp_login'),
+ netapp_password => hiera('manila::backend::netapp::netapp_password'),
+ netapp_server_hostname => hiera('manila::backend::netapp::netapp_server_hostname'),
+ netapp_transport_type => hiera('manila::backend::netapp::netapp_transport_type'),
+ netapp_storage_family => hiera('manila::backend::netapp::netapp_storage_family'),
+ netapp_server_port => hiera('manila::backend::netapp::netapp_server_port'),
+ netapp_volume_name_template => hiera('manila::backend::netapp::netapp_volume_name_template'),
+ netapp_vserver => hiera('manila::backend::netapp::netapp_vserver'),
+ netapp_vserver_name_template => hiera('manila::backend::netapp::netapp_vserver_name_template'),
+ netapp_lif_name_template => hiera('manila::backend::netapp::netapp_lif_name_template'),
+ netapp_aggregate_name_search_pattern => hiera('manila::backend::netapp::netapp_aggregate_name_search_pattern'),
+ netapp_root_volume_aggregate => hiera('manila::backend::netapp::netapp_root_volume_aggregate'),
+ netapp_root_volume_name => hiera('manila::backend::netapp::netapp_root_volume'),
+ netapp_port_name_search_pattern => hiera('manila::backend::netapp::netapp_port_name_search_pattern'),
+ netapp_trace_flags => hiera('manila::backend::netapp::netapp_trace_flags'),
}
}
$manila_enabled_backends = delete_undef_values(
[
$manila_generic_backend,
- $manila_cephfsnative_backend
+ $manila_cephfsnative_backend,
+ $manila_netapp_backend
]
)
class { '::manila::backends' :