summaryrefslogtreecommitdiffstats
path: root/manifests
diff options
context:
space:
mode:
Diffstat (limited to 'manifests')
-rw-r--r--manifests/certmonger/ca/crl.pp6
-rw-r--r--manifests/haproxy.pp2
-rw-r--r--manifests/profile/base/aodh/api.pp12
-rw-r--r--manifests/profile/base/ceilometer/api.pp13
-rw-r--r--manifests/profile/base/database/mysql.pp7
-rw-r--r--manifests/profile/base/docker.pp24
-rw-r--r--manifests/profile/base/heat/api.pp13
-rw-r--r--manifests/profile/base/heat/api_cfn.pp13
-rw-r--r--manifests/profile/base/heat/api_cloudwatch.pp13
-rw-r--r--manifests/profile/base/horizon.pp13
-rw-r--r--manifests/profile/base/ironic/api.pp58
-rw-r--r--manifests/profile/base/metrics/collectd.pp9
-rw-r--r--manifests/profile/base/mistral/api.pp6
-rw-r--r--manifests/profile/base/neutron/opendaylight/configure_cluster.pp45
-rw-r--r--manifests/profile/base/neutron/opendaylight/create_cluster.pp43
-rw-r--r--manifests/profile/base/neutron/server.pp12
-rw-r--r--manifests/profile/base/nova/compute/libvirt.pp6
-rw-r--r--manifests/profile/base/nova/placement.pp6
-rw-r--r--manifests/profile/base/swift/proxy.pp16
-rw-r--r--manifests/profile/base/ui.pp22
-rw-r--r--manifests/profile/base/zaqar.pp66
21 files changed, 330 insertions, 75 deletions
diff --git a/manifests/certmonger/ca/crl.pp b/manifests/certmonger/ca/crl.pp
index 59a3681..2454460 100644
--- a/manifests/certmonger/ca/crl.pp
+++ b/manifests/certmonger/ca/crl.pp
@@ -49,7 +49,7 @@
# (optional) Defaults to '0'.
#
# [*hour*]
-# (optional) Defaults to '1'.
+# (optional) Defaults to '*/2'.
#
# [*monthday*]
# (optional) Defaults to '*'.
@@ -78,10 +78,10 @@ class tripleo::certmonger::ca::crl (
$crl_preprocessed = '/etc/pki/CA/crl/overcloud-crl.bin',
$crl_preprocessed_format = 'DER',
$minute = '0',
- $hour = '1',
+ $hour = '*/2',
$monthday = '*',
$month = '*',
- $weekday = '6',
+ $weekday = '*',
$maxdelay = 0,
$reload_cmds = [],
) {
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index 2f29674..e12ae77 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -1048,7 +1048,7 @@ class tripleo::haproxy (
mode => 'http',
public_ssl_port => $ports[nova_api_ssl_port],
service_network => $nova_osapi_network,
- #member_options => union($haproxy_member_options, $internal_tls_member_options),
+ member_options => union($haproxy_member_options, $internal_tls_member_options),
}
}
diff --git a/manifests/profile/base/aodh/api.pp b/manifests/profile/base/aodh/api.pp
index 300c0ca..d6ec32b 100644
--- a/manifests/profile/base/aodh/api.pp
+++ b/manifests/profile/base/aodh/api.pp
@@ -23,6 +23,10 @@
# This is set by t-h-t.
# Defaults to hiera('aodh_api_network', undef)
#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
# [*certificates_specs*]
# (Optional) The specifications to give to certmonger for the certificate(s)
# it will create.
@@ -47,10 +51,16 @@
class tripleo::profile::base::aodh::api (
$aodh_network = hiera('aodh_api_network', undef),
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$step = Integer(hiera('step')),
) {
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
+ }
include ::tripleo::profile::base::aodh
@@ -66,7 +76,7 @@ class tripleo::profile::base::aodh::api (
}
- if $step >= 3 {
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::aodh::api
include ::apache::mod::ssl
class { '::aodh::wsgi::apache':
diff --git a/manifests/profile/base/ceilometer/api.pp b/manifests/profile/base/ceilometer/api.pp
index 6a30a40..11c1da3 100644
--- a/manifests/profile/base/ceilometer/api.pp
+++ b/manifests/profile/base/ceilometer/api.pp
@@ -23,6 +23,10 @@
# This is set by t-h-t.
# Defaults to hiera('ceilometer_api_network', undef)
#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
# [*certificates_specs*]
# (Optional) The specifications to give to certmonger for the certificate(s)
# it will create.
@@ -45,11 +49,18 @@
# Defaults to hiera('step')
#
class tripleo::profile::base::ceilometer::api (
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
$ceilometer_network = hiera('ceilometer_api_network', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$step = Integer(hiera('step')),
) {
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
+ }
+
include ::tripleo::profile::base::ceilometer
if $enable_internal_tls {
@@ -63,7 +74,7 @@ class tripleo::profile::base::ceilometer::api (
$tls_keyfile = undef
}
- if $step >= 3 {
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::ceilometer::api
include ::apache::mod::ssl
class { '::ceilometer::wsgi::apache':
diff --git a/manifests/profile/base/database/mysql.pp b/manifests/profile/base/database/mysql.pp
index 8eb6079..fbb8b11 100644
--- a/manifests/profile/base/database/mysql.pp
+++ b/manifests/profile/base/database/mysql.pp
@@ -95,6 +95,9 @@ class tripleo::profile::base::database::mysql (
if $enable_internal_tls {
$tls_certfile = $certificate_specs['service_certificate']
$tls_keyfile = $certificate_specs['service_key']
+
+ # Force users/grants created to use TLS connections
+ Openstacklib::Db::Mysql <||> { tls_options => ['SSL'] }
} else {
$tls_certfile = undef
$tls_keyfile = undef
@@ -217,6 +220,10 @@ class tripleo::profile::base::database::mysql (
if hiera('ec2_api_enabled', false) {
include ::ec2api::db::mysql
}
+ if hiera('zaqar_enabled', false) and hiera('zaqar::db::mysql::user', '') == 'zaqar' {
+ # NOTE: by default zaqar uses mongodb
+ include ::zaqar::db::mysql
+ }
}
}
diff --git a/manifests/profile/base/docker.pp b/manifests/profile/base/docker.pp
index 28a2764..cf3a914 100644
--- a/manifests/profile/base/docker.pp
+++ b/manifests/profile/base/docker.pp
@@ -89,22 +89,34 @@ class tripleo::profile::base::docker (
require => Package['docker'],
}
+ if $docker_options {
+ $options_changes = [ "set OPTIONS '\"${docker_options}\"'" ]
+ } else {
+ $options_changes = [ 'rm OPTIONS' ]
+ }
+
+ augeas { 'docker-sysconfig-options':
+ lens => 'Shellvars.lns',
+ incl => '/etc/sysconfig/docker',
+ changes => $options_changes,
+ subscribe => Package['docker'],
+ notify => Service['docker'],
+ }
+
if $insecure_registry {
if $docker_namespace == undef {
fail('You must provide a $docker_namespace in order to configure insecure registry')
}
$namespace = strip($docker_namespace.split('/')[0])
- $changes = [ "set INSECURE_REGISTRY '\"--insecure-registry ${namespace}\"'",
- "set OPTIONS '\"${docker_options}\"'" ]
+ $registry_changes = [ "set INSECURE_REGISTRY '\"--insecure-registry ${namespace}\"'" ]
} else {
- $changes = [ 'rm INSECURE_REGISTRY',
- "set OPTIONS '\"${docker_options}\"'" ]
+ $registry_changes = [ 'rm INSECURE_REGISTRY' ]
}
- augeas { 'docker-sysconfig':
+ augeas { 'docker-sysconfig-registry':
lens => 'Shellvars.lns',
incl => '/etc/sysconfig/docker',
- changes => $changes,
+ changes => $registry_changes,
subscribe => Package['docker'],
notify => Service['docker'],
}
diff --git a/manifests/profile/base/heat/api.pp b/manifests/profile/base/heat/api.pp
index ff90590..2221b37 100644
--- a/manifests/profile/base/heat/api.pp
+++ b/manifests/profile/base/heat/api.pp
@@ -18,6 +18,10 @@
#
# === Parameters
#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
# [*certificates_specs*]
# (Optional) The specifications to give to certmonger for the certificate(s)
# it will create.
@@ -45,11 +49,18 @@
# Defaults to hiera('step')
#
class tripleo::profile::base::heat::api (
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$heat_api_network = hiera('heat_api_network', undef),
$step = Integer(hiera('step')),
) {
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
+ }
+
include ::tripleo::profile::base::heat
if $enable_internal_tls {
@@ -63,7 +74,7 @@ class tripleo::profile::base::heat::api (
$tls_keyfile = undef
}
- if $step >= 3 {
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::heat::api
include ::apache::mod::ssl
class { '::heat::wsgi::apache_api':
diff --git a/manifests/profile/base/heat/api_cfn.pp b/manifests/profile/base/heat/api_cfn.pp
index e14760a..1014b04 100644
--- a/manifests/profile/base/heat/api_cfn.pp
+++ b/manifests/profile/base/heat/api_cfn.pp
@@ -18,6 +18,10 @@
#
# === Parameters
#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
# [*certificates_specs*]
# (Optional) The specifications to give to certmonger for the certificate(s)
# it will create.
@@ -45,11 +49,18 @@
# Defaults to hiera('step')
#
class tripleo::profile::base::heat::api_cfn (
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$heat_api_cfn_network = hiera('heat_api_cfn_network', undef),
$step = Integer(hiera('step')),
) {
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
+ }
+
include ::tripleo::profile::base::heat
if $enable_internal_tls {
@@ -63,7 +74,7 @@ class tripleo::profile::base::heat::api_cfn (
$tls_keyfile = undef
}
- if $step >= 3 {
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::heat::api_cfn
include ::apache::mod::ssl
diff --git a/manifests/profile/base/heat/api_cloudwatch.pp b/manifests/profile/base/heat/api_cloudwatch.pp
index 83d5307..4caac9d 100644
--- a/manifests/profile/base/heat/api_cloudwatch.pp
+++ b/manifests/profile/base/heat/api_cloudwatch.pp
@@ -18,6 +18,10 @@
#
# === Parameters
#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
# [*certificates_specs*]
# (Optional) The specifications to give to certmonger for the certificate(s)
# it will create.
@@ -45,11 +49,18 @@
# Defaults to hiera('step')
#
class tripleo::profile::base::heat::api_cloudwatch (
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$heat_api_cloudwatch_network = hiera('heat_api_cloudwatch_network', undef),
$step = Integer(hiera('step')),
) {
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
+ }
+
include ::tripleo::profile::base::heat
if $enable_internal_tls {
@@ -63,7 +74,7 @@ class tripleo::profile::base::heat::api_cloudwatch (
$tls_keyfile = undef
}
- if $step >= 3 {
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::heat::api_cloudwatch
include ::apache::mod::ssl
diff --git a/manifests/profile/base/horizon.pp b/manifests/profile/base/horizon.pp
index 12482b6..26ea20f 100644
--- a/manifests/profile/base/horizon.pp
+++ b/manifests/profile/base/horizon.pp
@@ -23,15 +23,26 @@
# for more details.
# Defaults to hiera('step')
#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
# [*neutron_options*]
# (Optional) A hash of parameters to enable features specific to Neutron
# Defaults to hiera('horizon::neutron_options', {})
#
class tripleo::profile::base::horizon (
$step = Integer(hiera('step')),
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
$neutron_options = hiera('horizon::neutron_options', {}),
) {
- if $step >= 3 {
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
+ }
+
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
# Horizon
include ::apache::mod::remoteip
include ::apache::mod::status
diff --git a/manifests/profile/base/ironic/api.pp b/manifests/profile/base/ironic/api.pp
index 94b7efe..bbc91f5 100644
--- a/manifests/profile/base/ironic/api.pp
+++ b/manifests/profile/base/ironic/api.pp
@@ -18,16 +18,68 @@
#
# === Parameters
#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
+# [*certificates_specs*]
+# (Optional) The specifications to give to certmonger for the certificate(s)
+# it will create.
+# Example with hiera:
+# apache_certificates_specs:
+# httpd-internal_api:
+# hostname: <overcloud controller fqdn>
+# service_certificate: <service certificate path>
+# service_key: <service key path>
+# principal: "haproxy/<overcloud controller fqdn>"
+# Defaults to hiera('apache_certificate_specs', {}).
+#
+# [*ironic_api_network*]
+# (Optional) The network name where the ironic API endpoint is listening on.
+# This is set by t-h-t.
+# Defaults to hiera('ironic_api_network', undef)
+#
+# [*enable_internal_tls*]
+# (Optional) Whether TLS in the internal network is enabled or not.
+# Defaults to hiera('enable_internal_tls', false)
+#
# [*step*]
# (Optional) The current step of the deployment
# Defaults to hiera('step')
#
class tripleo::profile::base::ironic::api (
- $step = Integer(hiera('step')),
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $certificates_specs = hiera('apache_certificates_specs', {}),
+ $ironic_api_network = hiera('ironic_api_network', undef),
+ $enable_internal_tls = hiera('enable_internal_tls', false),
+ $step = Integer(hiera('step')),
) {
include ::tripleo::profile::base::ironic
- if $step >= 4 {
- include ::ironic::api
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
}
+
+ if $enable_internal_tls {
+ if !$ironic_api_network {
+ fail('ironic_api_network is not set in the hieradata.')
+ }
+ $tls_certfile = $certificates_specs["httpd-${ironic_api_network}"]['service_certificate']
+ $tls_keyfile = $certificates_specs["httpd-${ironic_api_network}"]['service_key']
+ } else {
+ $tls_certfile = undef
+ $tls_keyfile = undef
+ }
+
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
+ include ::ironic::api
+ include ::apache::mod::ssl
+ class { '::ironic::wsgi::apache':
+ ssl_cert => $tls_certfile,
+ ssl_key => $tls_keyfile,
+ }
+ }
+
}
diff --git a/manifests/profile/base/metrics/collectd.pp b/manifests/profile/base/metrics/collectd.pp
index 098f795..088e6e2 100644
--- a/manifests/profile/base/metrics/collectd.pp
+++ b/manifests/profile/base/metrics/collectd.pp
@@ -23,6 +23,11 @@
# for more details.
# Defaults to hiera('step')
#
+# [*enable_file_logging*]
+# (Optional) Boolean. Whether to enable logfile plugin.
+# which we should send metrics.
+# Defaults to false
+#
# [*collectd_server*]
# (Optional) String. The name or address of a collectd server to
# which we should send metrics.
@@ -49,6 +54,7 @@
class tripleo::profile::base::metrics::collectd (
$step = Integer(hiera('step')),
+ $enable_file_logging = false,
$collectd_server = undef,
$collectd_port = undef,
$collectd_username = undef,
@@ -58,6 +64,9 @@ class tripleo::profile::base::metrics::collectd (
) {
if $step >= 3 {
include ::collectd
+ if $enable_file_logging {
+ include ::collectd::plugin::logfile
+ }
if ! ($collectd_securitylevel in [undef, 'None', 'Sign', 'Encrypt']) {
fail('collectd_securitylevel must be one of (None, Sign, Encrypt).')
diff --git a/manifests/profile/base/mistral/api.pp b/manifests/profile/base/mistral/api.pp
index 2ea5c9a..b5ca85e 100644
--- a/manifests/profile/base/mistral/api.pp
+++ b/manifests/profile/base/mistral/api.pp
@@ -56,9 +56,9 @@ class tripleo::profile::base::mistral::api (
$step = Integer(hiera('step')),
) {
if $::hostname == downcase($bootstrap_node) {
- $sync_db = true
+ $is_bootstrap = true
} else {
- $sync_db = false
+ $is_bootstrap = false
}
include ::tripleo::profile::base::mistral
@@ -74,7 +74,7 @@ class tripleo::profile::base::mistral::api (
$tls_keyfile = undef
}
- if $step >= 3 {
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::mistral::api
include ::apache::mod::ssl
class { '::mistral::wsgi::apache':
diff --git a/manifests/profile/base/neutron/opendaylight/configure_cluster.pp b/manifests/profile/base/neutron/opendaylight/configure_cluster.pp
new file mode 100644
index 0000000..022e8ae
--- /dev/null
+++ b/manifests/profile/base/neutron/opendaylight/configure_cluster.pp
@@ -0,0 +1,45 @@
+# Copyright 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# Configures an OpenDaylight cluster.
+# It creates the akka configuration file for ODL to cluster correctly
+# It will not configure clustering if less than 3 nodes
+#
+# == Function: tripleo::profile::base::neutron::opendaylight::configure_cluster
+#
+# == Parameters
+#
+# [*node_name*]
+# The short hostname of node
+#
+# [*odl_api_ips*] Array of IPs per ODL node
+# Defaults to empty array
+#
+define tripleo::profile::base::neutron::opendaylight::configure_cluster(
+ $node_name,
+ $odl_api_ips = [],
+) {
+ validate_array($odl_api_ips)
+ if size($odl_api_ips) > 2 {
+ $node_string = split($node_name, '-')
+ $ha_node_index = $node_string[-1] + 1
+ $ha_node_ip_str = join($odl_api_ips, ' ')
+ exec { 'Configure ODL Clustering':
+ command => "configure_cluster.sh ${ha_node_index} ${ha_node_ip_str}",
+ path => '/opt/opendaylight/bin/:/usr/sbin:/usr/bin:/sbin:/bin',
+ creates => '/opt/opendaylight/configuration/initial/akka.conf'
+ }
+ }
+}
+
diff --git a/manifests/profile/base/neutron/opendaylight/create_cluster.pp b/manifests/profile/base/neutron/opendaylight/create_cluster.pp
new file mode 100644
index 0000000..c3e4f7f
--- /dev/null
+++ b/manifests/profile/base/neutron/opendaylight/create_cluster.pp
@@ -0,0 +1,43 @@
+# Copyright 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# Configures an OpenDaylight cluster.
+# It creates the akka configuration file for ODL to cluster correctly
+# It will not configure clustering if less than 3 nodes
+#
+# == Class: tripleo::profile::base::neutron::opendaylight::create_cluster
+#
+# OpenDaylight class only used for creating clusters with container deployments
+#
+# === Parameters
+#
+# [*odl_api_ips*]
+# (Optional) List of OpenStack Controller IPs for ODL API
+# Defaults to hiera('opendaylight_api_node_ips')
+#
+# [*node_name*]
+# (Optional) The short hostname of node
+# Defaults to hiera('bootstack_nodeid')
+#
+class tripleo::profile::base::neutron::opendaylight::create_cluster (
+ $odl_api_ips = hiera('opendaylight_api_node_ips'),
+ $node_name = hiera('bootstack_nodeid')
+) {
+
+ tripleo::profile::base::neutron::opendaylight::configure_cluster {'ODL cluster':
+ node_name => $node_name,
+ odl_api_ips => $odl_api_ips,
+ }
+
+}
diff --git a/manifests/profile/base/neutron/server.pp b/manifests/profile/base/neutron/server.pp
index 0dee53e..60ef443 100644
--- a/manifests/profile/base/neutron/server.pp
+++ b/manifests/profile/base/neutron/server.pp
@@ -113,10 +113,7 @@ class tripleo::profile::base::neutron::server (
$l3_ha = false
}
- # We start neutron-server on the bootstrap node first, because
- # it will try to populate tables and we need to make sure this happens
- # before it starts on other nodes
- if $step >= 4 and $sync_db or $step >= 5 and !$sync_db {
+ if $step >= 4 or ($step >= 3 and $sync_db) {
if $enable_internal_tls {
if !$neutron_network {
fail('neutron_api_network is not set in the hieradata.')
@@ -130,9 +127,14 @@ class tripleo::profile::base::neutron::server (
port => $tls_proxy_port,
tls_cert => $tls_certfile,
tls_key => $tls_keyfile,
- notify => Class['::neutron::server'],
}
+ Tripleo::Tls_proxy['neutron-api'] ~> Anchor<| title == 'neutron::service::begin' |>
}
+ }
+ # We start neutron-server on the bootstrap node first, because
+ # it will try to populate tables and we need to make sure this happens
+ # before it starts on other nodes
+ if $step >= 4 and $sync_db or $step >= 5 and !$sync_db {
include ::neutron::server::notifications
# We need to override the hiera value neutron::server::sync_db which is set
diff --git a/manifests/profile/base/nova/compute/libvirt.pp b/manifests/profile/base/nova/compute/libvirt.pp
index ec592cb..4097be3 100644
--- a/manifests/profile/base/nova/compute/libvirt.pp
+++ b/manifests/profile/base/nova/compute/libvirt.pp
@@ -33,11 +33,7 @@ class tripleo::profile::base::nova::compute::libvirt (
$rbd_ephemeral_storage = hiera('nova::compute::rbd::ephemeral_storage', false)
$rbd_persistent_storage = hiera('rbd_persistent_storage', false)
if $rbd_ephemeral_storage or $rbd_persistent_storage {
- $client_keys = hiera('ceph::profile::params::client_keys')
- $client_user = join(['client.', hiera('nova::compute::rbd::libvirt_rbd_user')])
- class { '::nova::compute::rbd':
- libvirt_rbd_secret_key => $client_keys[$client_user]['secret'],
- }
+ include ::nova::compute::rbd
}
if $rbd_ephemeral_storage {
diff --git a/manifests/profile/base/nova/placement.pp b/manifests/profile/base/nova/placement.pp
index ac78287..48af39a 100644
--- a/manifests/profile/base/nova/placement.pp
+++ b/manifests/profile/base/nova/placement.pp
@@ -54,9 +54,9 @@ class tripleo::profile::base::nova::placement (
$step = Integer(hiera('step')),
) {
if $::hostname == downcase($bootstrap_node) {
- $sync_db = true
+ $is_bootstrap = true
} else {
- $sync_db = false
+ $is_bootstrap = false
}
include ::tripleo::profile::base::nova
@@ -73,7 +73,7 @@ class tripleo::profile::base::nova::placement (
$tls_keyfile = undef
}
- if $step >= 3 {
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::apache::mod::ssl
class { '::nova::wsgi::apache_placement':
ssl_cert => $tls_certfile,
diff --git a/manifests/profile/base/swift/proxy.pp b/manifests/profile/base/swift/proxy.pp
index b047c36..afb5fa6 100644
--- a/manifests/profile/base/swift/proxy.pp
+++ b/manifests/profile/base/swift/proxy.pp
@@ -18,6 +18,10 @@
#
# === Parameters
#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
# [*ceilometer_enabled*]
# Whether the ceilometer pipeline is enabled.
# Defaults to true
@@ -96,6 +100,7 @@
# defaults to 8080
#
class tripleo::profile::base::swift::proxy (
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
$ceilometer_enabled = true,
$ceilometer_messaging_driver = hiera('messaging_notify_service_name', 'rabbit'),
$ceilometer_messaging_hosts = any2array(hiera('rabbitmq_node_names', undef)),
@@ -113,7 +118,12 @@ class tripleo::profile::base::swift::proxy (
$tls_proxy_fqdn = undef,
$tls_proxy_port = 8080,
) {
- if $step >= 4 {
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
+ }
+ if $step >= 4 or ($step >= 3 and $is_bootstrap) {
if $enable_internal_tls {
if !$swift_proxy_network {
fail('swift_proxy_network is not set in the hieradata.')
@@ -127,9 +137,11 @@ class tripleo::profile::base::swift::proxy (
port => $tls_proxy_port,
tls_cert => $tls_certfile,
tls_key => $tls_keyfile,
- notify => Class['::swift::proxy'],
}
+ Tripleo::Tls_proxy['swift-proxy-api'] ~> Anchor<| title == 'swift::service::begin' |>
}
+ }
+ if $step >= 4 {
$swift_memcache_servers = suffix(any2array(normalize_ip_for_uri($memcache_servers)), ":${memcache_port}")
include ::swift::config
include ::swift::proxy
diff --git a/manifests/profile/base/ui.pp b/manifests/profile/base/ui.pp
deleted file mode 100644
index 710c210..0000000
--- a/manifests/profile/base/ui.pp
+++ /dev/null
@@ -1,22 +0,0 @@
-# Copyright 2016 Red Hat, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-#
-# == Class: tripleo::profile::base::ui
-#
-# UI profile for tripleo
-#
-class tripleo::profile::base::ui () {
- include ::tripleo::ui
-}
-
diff --git a/manifests/profile/base/zaqar.pp b/manifests/profile/base/zaqar.pp
index b9171b0..cd84d04 100644
--- a/manifests/profile/base/zaqar.pp
+++ b/manifests/profile/base/zaqar.pp
@@ -18,9 +18,17 @@
#
# === Parameters
#
-# [*sync_db*]
-# (Optional) Whether to run db sync
-# Defaults to true
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
+# [*management_store*]
+# (Optional) The management store for Zaqar.
+# Defaults to 'mongodb'
+#
+# [*messaging_store*]
+# (Optional) The messaging store for Zaqar.
+# Defaults to 'mongodb'
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
@@ -28,27 +36,53 @@
# Defaults to hiera('step')
#
class tripleo::profile::base::zaqar (
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $management_store = 'mongodb',
+ $messaging_store = 'mongodb',
$step = Integer(hiera('step')),
) {
- if $step >= 4 {
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
+ }
+
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::zaqar
- if str2bool(hiera('mongodb::server::ipv6', false)) {
- $mongo_node_ips_with_port_prefixed = prefix(hiera('mongodb_node_ips'), '[')
- $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017')
- } else {
- $mongo_node_ips_with_port = suffix(hiera('mongodb_node_ips'), ':27017')
+ if $messaging_store == 'mongodb' or $management_store == 'mongodb' {
+ if str2bool(hiera('mongodb::server::ipv6', false)) {
+ $mongo_node_ips_with_port_prefixed = prefix(hiera('mongodb_node_ips'), '[')
+ $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017')
+ } else {
+ $mongo_node_ips_with_port = suffix(hiera('mongodb_node_ips'), ':27017')
+ }
+ $mongodb_replset = hiera('mongodb::server::replset')
+ $mongo_node_string = join($mongo_node_ips_with_port, ',')
+ $mongo_database_connection = "mongodb://${mongo_node_string}/zaqar?replicaSet=${mongodb_replset}"
}
- $mongodb_replset = hiera('mongodb::server::replset')
- $mongo_node_string = join($mongo_node_ips_with_port, ',')
- $database_connection = "mongodb://${mongo_node_string}/zaqar?replicaSet=${mongodb_replset}"
- class { '::zaqar::management::mongodb':
- uri => $database_connection,
+
+ if $messaging_store == 'swift' {
+ include ::zaqar::messaging::swift
+ } elsif $messaging_store == 'mongodb' {
+ class {'::zaqar::messaging::mongodb':
+ uri => $mongo_database_connection,
+ }
+ } else {
+ fail("unsupported Zaqar messaging_store set: ${messaging_store}")
}
- class {'::zaqar::messaging::mongodb':
- uri => $database_connection,
+
+ if $management_store == 'sqlalchemy' {
+ include ::zaqar::management::sqlalchemy
+ } elsif $management_store == 'mongodb' {
+ class { '::zaqar::management::mongodb':
+ uri => $mongo_database_connection,
+ }
+ } else {
+ fail("unsupported Zaqar management_store set: ${management_store}")
}
+
include ::zaqar::transport::websocket
include ::apache::mod::ssl
include ::zaqar::transport::wsgi