diff options
Diffstat (limited to 'manifests')
| -rw-r--r-- | manifests/certmonger/mysql.pp | 10 | ||||
| -rw-r--r-- | manifests/fencing.pp | 3 | ||||
| -rw-r--r-- | manifests/haproxy.pp | 52 | ||||
| -rw-r--r-- | manifests/haproxy/endpoint.pp | 2 | ||||
| -rw-r--r-- | manifests/profile/base/ceilometer/api.pp | 7 | ||||
| -rw-r--r-- | manifests/profile/base/cinder.pp | 1 | ||||
| -rw-r--r-- | manifests/profile/base/cinder/api.pp | 1 | ||||
| -rw-r--r-- | manifests/profile/base/etcd.pp | 66 | ||||
| -rw-r--r-- | manifests/profile/base/nova.pp | 1 | ||||
| -rw-r--r-- | manifests/profile/base/nova/placement.pp | 2 | ||||
| -rw-r--r-- | manifests/profile/base/octavia.pp | 57 | ||||
| -rw-r--r-- | manifests/profile/base/octavia/api.pp | 54 | ||||
| -rw-r--r-- | manifests/profile/base/time/ntp.pp | 28 |
13 files changed, 263 insertions, 21 deletions
diff --git a/manifests/certmonger/mysql.pp b/manifests/certmonger/mysql.pp index 62aff9a..9cb6b13 100644 --- a/manifests/certmonger/mysql.pp +++ b/manifests/certmonger/mysql.pp @@ -31,11 +31,6 @@ # (Optional) The CA that certmonger will use to generate the certificates. # Defaults to hiera('certmonger_ca', 'local'). # -# [*mysql_network*] -# (Optional) The network name where the mysql endpoint is listening on. -# This is set by t-h-t. -# Defaults to hiera('mysql_network', undef) -# # [*principal*] # (Optional) The haproxy service principal that is set for MySQL in kerberos. # Defaults to undef @@ -45,16 +40,11 @@ class tripleo::certmonger::mysql ( $service_certificate, $service_key, $certmonger_ca = hiera('certmonger_ca', 'local'), - $mysql_network = hiera('mysql_network', undef), $principal = undef, ) { include ::certmonger include ::mysql::params - if !$mysql_network { - fail('mysql_network is not set in the hieradata.') - } - $postsave_cmd = "systemctl reload ${::mysql::params::service_name}" certmonger_certificate { 'mysql' : ensure => 'present', diff --git a/manifests/fencing.pp b/manifests/fencing.pp index 55280a9..fa8c2e5 100644 --- a/manifests/fencing.pp +++ b/manifests/fencing.pp @@ -59,4 +59,7 @@ class tripleo::fencing( $ipmilan_devices = local_fence_devices('fence_ipmilan', $all_devices) create_resources('pacemaker::stonith::fence_ipmilan', $ipmilan_devices, $common_params) + + $ironic_devices = local_fence_devices('fence_ironic', $all_devices) + create_resources('pacemaker::stonith::fence_ironic', $ironic_devices, $common_params) } diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index cc21e37..043e01e 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -251,6 +251,10 @@ # (optional) Enable or not RabbitMQ binding # Defaults to false # +# [*etcd*] +# (optional) Enable or not Etcd binding +# Defaults to hiera('etcd_enabled', false) +# # [*docker_registry*] # (optional) Enable or not the Docker Registry API binding # Defaults to hiera('enable_docker_registry', false) @@ -380,6 +384,10 @@ # (optional) Specify the network nova_osapi is running on. # Defaults to hiera('nova_api_network', undef) # +# [*nova_placement_network*] +# (optional) Specify the network nova_placement is running on. +# Defaults to hiera('nova_placement_network', undef) +# # [*opendaylight_network*] # (optional) Specify the network opendaylight is running on. # Defaults to hiera('opendaylight_api_network', undef) @@ -526,6 +534,7 @@ class tripleo::haproxy ( $mysql_clustercheck = false, $mysql_member_options = undef, $rabbitmq = false, + $etcd = hiera('etcd_enabled', false), $docker_registry = hiera('enable_docker_registry', false), $redis = hiera('redis_enabled', false), $redis_password = undef, @@ -558,6 +567,7 @@ class tripleo::haproxy ( $nova_metadata_network = hiera('nova_api_network', undef), $nova_novncproxy_network = hiera('nova_vnc_proxy_network', undef), $nova_osapi_network = hiera('nova_api_network', undef), + $nova_placement_network = hiera('nova_placement_network', undef), $panko_network = hiera('panko_api_network', undef), $ovn_dbs_network = hiera('ovn_dbs_network', undef), $sahara_network = hiera('sahara_api_network', undef), @@ -713,6 +723,11 @@ class tripleo::haproxy ( "${redis_vip}:6379" => $haproxy_listen_bind_param, } + $etcd_vip = hiera('etcd_vip', $controller_virtual_ip) + $etcd_bind_opts = { + "${etcd_vip}:2379" => $haproxy_listen_bind_param, + } + class { '::haproxy': service_manage => $haproxy_service_manage, global_options => { @@ -952,7 +967,7 @@ class tripleo::haproxy ( 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], }, public_ssl_port => $ports[nova_placement_ssl_port], - service_network => $nova_osapi_network, + service_network => $nova_placement_network, member_options => union($haproxy_member_options, $internal_tls_member_options), } } @@ -1235,6 +1250,15 @@ class tripleo::haproxy ( server_names => hiera('mysql_node_names', $controller_hosts_names_real), options => $mysql_member_options_real, } + if hiera('manage_firewall', true) { + include ::tripleo::firewall + $mysql_firewall_rules = { + '100 mysql_haproxy' => { + 'dport' => 3306, + } + } + create_resources('tripleo::firewall::rule', $mysql_firewall_rules) + } } if $rabbitmq { @@ -1255,6 +1279,23 @@ class tripleo::haproxy ( } } + if $etcd { + haproxy::listen { 'etcd': + bind => $etcd_bind_opts, + options => { + 'balance' => 'source', + }, + collect_exported => false, + } + haproxy::balancermember { 'etcd': + listening_service => 'etcd', + ports => '2379', + ipaddresses => hiera('etcd_node_ips', $controller_hosts_real), + server_names => hiera('etcd_node_names', $controller_hosts_names_real), + options => $haproxy_member_options, + } + } + if $docker_registry { ::tripleo::haproxy::endpoint { 'docker-registry': public_virtual_ip => $public_virtual_ip, @@ -1294,6 +1335,15 @@ class tripleo::haproxy ( server_names => hiera('redis_node_names', $controller_hosts_names_real), options => $haproxy_member_options, } + if hiera('manage_firewall', true) { + include ::tripleo::firewall + $redis_firewall_rules = { + '100 redis_haproxy' => { + 'dport' => 6379, + } + } + create_resources('tripleo::firewall::rule', $redis_firewall_rules) + } } $midonet_cluster_vip = hiera('midonet_cluster_vip', $controller_virtual_ip) diff --git a/manifests/haproxy/endpoint.pp b/manifests/haproxy/endpoint.pp index 2f60b24..da2aba3 100644 --- a/manifests/haproxy/endpoint.pp +++ b/manifests/haproxy/endpoint.pp @@ -36,7 +36,7 @@ # # [*public_virtual_ip*] # Address in which the proxy endpoint will be listening in the public network. -# If this service is internal only this should be ommited. +# If this service is internal only this should be ommitted. # Defaults to undef. # # [*mode*] diff --git a/manifests/profile/base/ceilometer/api.pp b/manifests/profile/base/ceilometer/api.pp index 2e7986b..6ef4748 100644 --- a/manifests/profile/base/ceilometer/api.pp +++ b/manifests/profile/base/ceilometer/api.pp @@ -18,10 +18,6 @@ # # === Parameters # -# [*enable_legacy_api*] -# (Optional) Enable legacy ceilometer api service. -# Defaults to hiera('enable_legacy_api', false) -# # [*ceilometer_network*] # (Optional) The network name where the ceilometer endpoint is listening on. # This is set by t-h-t. @@ -57,7 +53,6 @@ # Defaults to hiera('step') # class tripleo::profile::base::ceilometer::api ( - $enable_legacy_api = hiera('enable_legacy_ceilometer_api', false), $ceilometer_network = hiera('ceilometer_api_network', undef), $certificates_specs = hiera('apache_certificates_specs', {}), $enable_internal_tls = hiera('enable_internal_tls', false), @@ -81,7 +76,7 @@ class tripleo::profile::base::ceilometer::api ( $tls_keyfile = undef } - if $step >= 4 and $enable_legacy_api { + if $step >= 4 { include ::ceilometer::api class { '::ceilometer::wsgi::apache': ssl_cert => $tls_certfile, diff --git a/manifests/profile/base/cinder.pp b/manifests/profile/base/cinder.pp index 6a821f3..6e8fbb2 100644 --- a/manifests/profile/base/cinder.pp +++ b/manifests/profile/base/cinder.pp @@ -57,6 +57,7 @@ class tripleo::profile::base::cinder ( rabbit_hosts => $rabbit_endpoints, } include ::cinder::config + include ::cinder::glance } if $step >= 5 { diff --git a/manifests/profile/base/cinder/api.pp b/manifests/profile/base/cinder/api.pp index 5ea2058..450a8e6 100644 --- a/manifests/profile/base/cinder/api.pp +++ b/manifests/profile/base/cinder/api.pp @@ -94,7 +94,6 @@ class tripleo::profile::base::cinder::api ( ssl_key => $tls_keyfile, } include ::cinder::ceilometer - include ::cinder::glance } } diff --git a/manifests/profile/base/etcd.pp b/manifests/profile/base/etcd.pp new file mode 100644 index 0000000..505e29f --- /dev/null +++ b/manifests/profile/base/etcd.pp @@ -0,0 +1,66 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::etcd +# +# etcd profile for tripleo +# +# === Parameters +# +# [*bind_ip*] +# (optional) IP to bind etcd service to. +# Defaults to '127.0.0.1'. +# +# [*client_port*] +# (optional) etcd client listening port. +# Defaults to '2379'. +# +# [*peer_port*] +# (optional) etcd peer listening port. +# Defaults to '2380'. +# +# [*nodes*] +# (Optional) Array of host(s) for etcd nodes. +# Defaults to hiera('etcd_node_ips', []). +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::etcd ( + $bind_ip = '127.0.0.1', + $client_port = '2379', + $peer_port = '2380', + $nodes = hiera('etcd_node_names', []), + $step = hiera('step'), +) { + if $step >= 1 { + if count($nodes) > 1 { + $cluster_enabled = true + } else { + $cluster_enabled = false + } + + class {'::etcd': + listen_client_urls => "http://${bind_ip}:${client_port}", + advertise_client_urls => "http://${bind_ip}:${client_port}", + listen_peer_urls => "http://${bind_ip}:${peer_port}", + initial_advertise_peer_urls => "http://${bind_ip}:${peer_port}", + initial_cluster => regsubst($nodes, '.+', "\\0=http://\\0:${peer_port}"), + cluster_enabled => $cluster_enabled, + proxy => 'off', + } + } +} diff --git a/manifests/profile/base/nova.pp b/manifests/profile/base/nova.pp index dae627c..fe1e6a6 100644 --- a/manifests/profile/base/nova.pp +++ b/manifests/profile/base/nova.pp @@ -110,6 +110,7 @@ class tripleo::profile::base::nova ( } if $step >= 4 { + include ::nova::placement if $manage_migration { class { '::nova::migration::libvirt': configure_libvirt => $libvirt_enabled, diff --git a/manifests/profile/base/nova/placement.pp b/manifests/profile/base/nova/placement.pp index 7edd4e8..aa8c3c7 100644 --- a/manifests/profile/base/nova/placement.pp +++ b/manifests/profile/base/nova/placement.pp @@ -86,8 +86,6 @@ class tripleo::profile::base::nova::placement ( } if $step >= 4 { - include ::nova::placement - class { '::nova::wsgi::apache_placement': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/octavia.pp b/manifests/profile/base/octavia.pp new file mode 100644 index 0000000..46ca009 --- /dev/null +++ b/manifests/profile/base/octavia.pp @@ -0,0 +1,57 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::octavia +# +# Octavia server profile for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step of the deployment +# Defaults to hiera('step') +# +# [*rabbit_user*] +# [*rabbit_password*] +# (Optional) RabbitMQ user details +# Defaults to undef +# +# [*rabbit_hosts*] +# list of the rabbbit host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*rabbit_port*] +# IP port for rabbitmq service +# Defaults to 5672. +# +class tripleo::profile::base::octavia ( + $step = hiera('step'), + $rabbit_user = undef, + $rabbit_password = undef, + $rabbit_hosts = hiera('rabbitmq_node_names', undef), + $rabbit_port = '5672' +) { + if $step >= 3 { + class { '::octavia' : + default_transport_url => os_transport_url({ + 'transport' => 'rabbit', + 'hosts' => $rabbit_hosts, + 'port' => sprintf('%s', $rabbit_port), + 'username' => $rabbit_user, + 'password' => $rabbit_password + }) + } + include ::octavia::config + } +} diff --git a/manifests/profile/base/octavia/api.pp b/manifests/profile/base/octavia/api.pp new file mode 100644 index 0000000..d457478 --- /dev/null +++ b/manifests/profile/base/octavia/api.pp @@ -0,0 +1,54 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::octavia::api +# +# Octavia API server profile for tripleo +# +# === Parameters +# +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::octavia::api ( + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $step = hiera('step'), +) { + if $::hostname == downcase($bootstrap_node) { + $sync_db = true + } else { + $sync_db = false + } + + include ::tripleo::profile::base::octavia + + if $step >= 3 and $sync_db { + include ::octavia::db::mysql + } + + # We start the Octavia API server on the bootstrap node first, because + # it will try to populate tables and we need to make sure this happens + # before it starts on other nodes + if ($step >= 4 and $sync_db) or ($step >= 5 and !$sync_db) { + class { '::octavia::api': + sync_db => $sync_db, + } + } +} diff --git a/manifests/profile/base/time/ntp.pp b/manifests/profile/base/time/ntp.pp new file mode 100644 index 0000000..c6ce309 --- /dev/null +++ b/manifests/profile/base/time/ntp.pp @@ -0,0 +1,28 @@ +# Copyright 2017 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::ntp +# +# Enable NTP via composable services. +# + +class tripleo::profile::base::time::ntp { + # if installed, we don't want chrony to conflict with ntp. + package { 'chrony': + ensure => 'purged', + before => Service['ntp'], + } + include ::ntp +} |