diff options
Diffstat (limited to 'manifests')
| -rw-r--r-- | manifests/haproxy.pp | 112 | ||||
| -rw-r--r-- | manifests/profile/base/aodh.pp | 4 | ||||
| -rw-r--r-- | manifests/profile/base/barbican/api.pp | 4 | ||||
| -rw-r--r-- | manifests/profile/base/ceilometer.pp | 4 | ||||
| -rw-r--r-- | manifests/profile/base/ceilometer/agent/polling.pp | 64 | ||||
| -rw-r--r-- | manifests/profile/base/cinder.pp | 4 | ||||
| -rw-r--r-- | manifests/profile/base/docker_registry.pp | 3 | ||||
| -rw-r--r-- | manifests/profile/base/heat.pp | 6 | ||||
| -rw-r--r-- | manifests/profile/base/horizon.pp | 4 | ||||
| -rw-r--r-- | manifests/profile/base/keystone.pp | 4 | ||||
| -rw-r--r-- | manifests/profile/base/manila.pp | 4 | ||||
| -rw-r--r-- | manifests/profile/base/mistral.pp | 4 | ||||
| -rw-r--r-- | manifests/profile/base/neutron.pp | 4 | ||||
| -rw-r--r-- | manifests/profile/base/nova.pp | 6 | ||||
| -rw-r--r-- | manifests/profile/base/nova/api.pp | 11 | ||||
| -rw-r--r-- | manifests/profile/base/nova/authtoken.pp | 56 | ||||
| -rw-r--r-- | manifests/profile/base/nova/placement.pp | 1 | ||||
| -rw-r--r-- | manifests/profile/base/sahara.pp | 4 | ||||
| -rw-r--r-- | manifests/profile/base/vpp.pp | 32 |
19 files changed, 205 insertions, 126 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index 13d4ba5..2ed9449 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -750,7 +750,7 @@ class tripleo::haproxy ( 'rsprep' => '^Location:\ http://(.*) Location:\ https://\1', # NOTE(jaosorior): We always redirect to https for the public_virtual_ip. 'redirect' => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }", - 'option' => 'forwardfor', + 'option' => [ 'forwardfor', 'httpchk' ], 'http-request' => [ 'set-header X-Forwarded-Proto https if { ssl_fc }', 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], @@ -762,7 +762,7 @@ class tripleo::haproxy ( } $horizon_options = { 'cookie' => 'SERVERID insert indirect nocache', - 'option' => 'forwardfor', + 'option' => [ 'forwardfor', 'httpchk' ], } } @@ -821,12 +821,20 @@ class tripleo::haproxy ( }, } + + $default_listen_options = { + 'option' => [ 'httpchk', ], + 'http-request' => [ + 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], + } Tripleo::Haproxy::Endpoint { haproxy_listen_bind_param => $haproxy_listen_bind_param, member_options => $haproxy_member_options, public_certificate => $service_certificate, use_internal_certificates => $use_internal_certificates, internal_certificates_specs => $internal_certificates_specs, + listen_options => $default_listen_options, } $stats_base = ['enable', 'uri /'] @@ -852,11 +860,7 @@ class tripleo::haproxy ( ip_addresses => hiera('keystone_admin_api_node_ips', $controller_hosts_real), server_names => hiera('keystone_admin_api_node_names', $controller_hosts_names_real), mode => 'http', - listen_options => { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], - }, + listen_options => merge($default_listen_options, { 'option' => [ 'httpchk GET /v3' ] }), public_ssl_port => $ports[keystone_admin_api_ssl_port], service_network => $keystone_admin_network, member_options => union($haproxy_member_options, $internal_tls_member_options), @@ -864,11 +868,6 @@ class tripleo::haproxy ( } if $keystone_public { - $keystone_listen_opts = { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], - } if $service_certificate { $keystone_public_tls_listen_opts = { 'rsprep' => '^Location:\ http://(.*) Location:\ https://\1', @@ -877,7 +876,9 @@ class tripleo::haproxy ( 'option' => 'forwardfor', } } else { - $keystone_public_tls_listen_opts = {} + $keystone_public_tls_listen_opts = { + 'option' => [ 'httpchk GET /v3', ], + } } ::tripleo::haproxy::endpoint { 'keystone_public': public_virtual_ip => $public_virtual_ip, @@ -886,7 +887,7 @@ class tripleo::haproxy ( ip_addresses => hiera('keystone_public_api_node_ips', $controller_hosts_real), server_names => hiera('keystone_public_api_node_names', $controller_hosts_names_real), mode => 'http', - listen_options => merge($keystone_listen_opts, $keystone_public_tls_listen_opts), + listen_options => merge($default_listen_options, $keystone_public_tls_listen_opts), public_ssl_port => $ports[keystone_public_api_ssl_port], service_network => $keystone_public_network, member_options => union($haproxy_member_options, $internal_tls_member_options), @@ -901,11 +902,6 @@ class tripleo::haproxy ( ip_addresses => hiera('neutron_api_node_ips', $controller_hosts_real), server_names => hiera('neutron_api_node_names', $controller_hosts_names_real), mode => 'http', - listen_options => { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], - }, public_ssl_port => $ports[neutron_api_ssl_port], service_network => $neutron_network, member_options => union($haproxy_member_options, $internal_tls_member_options), @@ -920,11 +916,6 @@ class tripleo::haproxy ( ip_addresses => hiera('cinder_api_node_ips', $controller_hosts_real), server_names => hiera('cinder_api_node_names', $controller_hosts_names_real), mode => 'http', - listen_options => { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], - }, public_ssl_port => $ports[cinder_api_ssl_port], service_network => $cinder_network, member_options => union($haproxy_member_options, $internal_tls_member_options), @@ -939,11 +930,6 @@ class tripleo::haproxy ( ip_addresses => hiera('congress_node_ips', $controller_hosts_real), server_names => hiera('congress_api_node_names', $controller_hosts_names_real), mode => 'http', - listen_options => { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], - }, public_ssl_port => $ports[congress_api_ssl_port], service_network => $congress_network, } @@ -957,11 +943,6 @@ class tripleo::haproxy ( ip_addresses => hiera('manila_api_node_ips', $controller_hosts_real), server_names => hiera('manila_api_node_names', $controller_hosts_names_real), mode => 'http', - listen_options => { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], - }, public_ssl_port => $ports[manila_api_ssl_port], service_network => $manila_network, } @@ -987,11 +968,6 @@ class tripleo::haproxy ( ip_addresses => hiera('tacker_node_ips', $controller_hosts_real), server_names => hiera('tacker_api_node_names', $controller_hosts_names_real), mode => 'http', - listen_options => { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], - }, public_ssl_port => $ports[tacker_api_ssl_port], service_network => $tacker_network, } @@ -1018,11 +994,7 @@ class tripleo::haproxy ( server_names => hiera('glance_api_node_names', $controller_hosts_names_real), public_ssl_port => $ports[glance_api_ssl_port], mode => 'http', - listen_options => { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], - }, + listen_options => merge($default_listen_options, { 'option' => [ 'httpchk GET /healthcheck', ]}), service_network => $glance_api_network, member_options => union($haproxy_member_options, $internal_tls_member_options), } @@ -1037,11 +1009,6 @@ class tripleo::haproxy ( ip_addresses => hiera('nova_api_node_ips', $controller_hosts_real), server_names => hiera('nova_api_node_names', $controller_hosts_names_real), mode => 'http', - listen_options => { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], - }, public_ssl_port => $ports[nova_api_ssl_port], service_network => $nova_osapi_network, #member_options => union($haproxy_member_options, $internal_tls_member_options), @@ -1057,11 +1024,6 @@ class tripleo::haproxy ( ip_addresses => hiera('nova_placement_node_ips', $controller_hosts_real), server_names => hiera('nova_placement_node_names', $controller_hosts_names_real), mode => 'http', - listen_options => { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], - }, public_ssl_port => $ports[nova_placement_ssl_port], service_network => $nova_placement_network, member_options => union($haproxy_member_options, $internal_tls_member_options), @@ -1074,6 +1036,9 @@ class tripleo::haproxy ( service_port => $ports[nova_metadata_port], ip_addresses => hiera('nova_metadata_node_ips', $controller_hosts_real), server_names => hiera('nova_metadata_node_names', $controller_hosts_names_real), + listen_options => { + 'option' => [ 'httpchk', ], + }, service_network => $nova_metadata_network, } } @@ -1085,10 +1050,11 @@ class tripleo::haproxy ( service_port => $ports[nova_novnc_port], ip_addresses => hiera('nova_api_node_ips', $controller_hosts_real), server_names => hiera('nova_api_node_names', $controller_hosts_names_real), - listen_options => { + listen_options => merge($default_listen_options, { + 'option' => [ 'tcpka' ], 'balance' => 'source', 'timeout' => [ 'tunnel 1h' ], - }, + }), public_ssl_port => $ports[nova_novnc_ssl_port], service_network => $nova_novncproxy_network, } @@ -1102,11 +1068,6 @@ class tripleo::haproxy ( ip_addresses => hiera('ec2_api_node_ips', $controller_hosts_real), server_names => hiera('ec2_api_node_names', $controller_hosts_names_real), mode => 'http', - listen_options => { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], - }, public_ssl_port => $ports[ec2_api_ssl_port], service_network => $ec2_api_network, } @@ -1130,11 +1091,6 @@ class tripleo::haproxy ( ip_addresses => hiera('ceilometer_api_node_ips', $controller_hosts_real), server_names => hiera('ceilometer_api_node_names', $controller_hosts_names_real), mode => 'http', - listen_options => { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], - }, public_ssl_port => $ports[ceilometer_api_ssl_port], service_network => $ceilometer_network, member_options => union($haproxy_member_options, $internal_tls_member_options), @@ -1149,11 +1105,6 @@ class tripleo::haproxy ( ip_addresses => hiera('aodh_api_node_ips', $controller_hosts_real), server_names => hiera('aodh_api_node_names', $controller_hosts_names_real), mode => 'http', - listen_options => { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], - }, public_ssl_port => $ports[aodh_api_ssl_port], service_network => $aodh_network, member_options => union($haproxy_member_options, $internal_tls_member_options), @@ -1167,11 +1118,6 @@ class tripleo::haproxy ( service_port => $ports[panko_api_port], ip_addresses => hiera('panko_api_node_ips', $controller_hosts_real), server_names => hiera('panko_api_node_names', $controller_hosts_names_real), - listen_options => { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], - }, public_ssl_port => $ports[panko_api_ssl_port], service_network => $panko_network, member_options => union($haproxy_member_options, $internal_tls_member_options), @@ -1199,11 +1145,6 @@ class tripleo::haproxy ( ip_addresses => hiera('gnocchi_api_node_ips', $controller_hosts_real), server_names => hiera('gnocchi_api_node_names', $controller_hosts_names_real), mode => 'http', - listen_options => { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], - }, public_ssl_port => $ports[gnocchi_api_ssl_port], service_network => $gnocchi_network, member_options => union($haproxy_member_options, $internal_tls_member_options), @@ -1224,6 +1165,7 @@ class tripleo::haproxy ( if $swift_proxy_server { $swift_proxy_server_listen_options = { + 'option' => [ 'httpchk GET /healthcheck', ], 'timeout client' => '2m', 'timeout server' => '2m', } @@ -1241,17 +1183,13 @@ class tripleo::haproxy ( $heat_api_vip = hiera('heat_api_vip', $controller_virtual_ip) $heat_ip_addresses = hiera('heat_api_node_ips', $controller_hosts_real) - $heat_base_options = { - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }']} if $service_certificate { $heat_ssl_options = { 'rsprep' => "^Location:\\ http://${public_virtual_ip}(.*) Location:\\ https://${public_virtual_ip}\\1", } - $heat_options = merge($heat_base_options, $heat_ssl_options) + $heat_options = merge($default_listen_options, $heat_ssl_options) } else { - $heat_options = $heat_base_options + $heat_options = $default_listen_options } if $heat_api { diff --git a/manifests/profile/base/aodh.pp b/manifests/profile/base/aodh.pp index d6561a2..da8aaa6 100644 --- a/manifests/profile/base/aodh.pp +++ b/manifests/profile/base/aodh.pp @@ -99,7 +99,7 @@ class tripleo::profile::base::aodh ( default_transport_url => os_transport_url({ 'transport' => $oslomsg_rpc_proto, 'hosts' => $oslomsg_rpc_hosts, - 'port' => sprintf('%s', $oslomsg_rpc_port), + 'port' => $oslomsg_rpc_port, 'username' => $oslomsg_rpc_username, 'password' => $oslomsg_rpc_password, 'ssl' => $oslomsg_use_ssl_real, @@ -107,7 +107,7 @@ class tripleo::profile::base::aodh ( notification_transport_url => os_transport_url({ 'transport' => $oslomsg_notify_proto, 'hosts' => $oslomsg_notify_hosts, - 'port' => sprintf('%s', $oslomsg_notify_port), + 'port' => $oslomsg_notify_port, 'username' => $oslomsg_notify_username, 'password' => $oslomsg_notify_password, 'ssl' => $oslomsg_use_ssl_real, diff --git a/manifests/profile/base/barbican/api.pp b/manifests/profile/base/barbican/api.pp index 64c2b62..22984b1 100644 --- a/manifests/profile/base/barbican/api.pp +++ b/manifests/profile/base/barbican/api.pp @@ -153,7 +153,7 @@ class tripleo::profile::base::barbican::api ( default_transport_url => os_transport_url({ 'transport' => $oslomsg_rpc_proto, 'hosts' => $oslomsg_rpc_hosts, - 'port' => sprintf('%s', $oslomsg_rpc_port), + 'port' => $oslomsg_rpc_port, 'username' => $oslomsg_rpc_username, 'password' => $oslomsg_rpc_password, 'ssl' => $oslomsg_use_ssl_real, @@ -161,7 +161,7 @@ class tripleo::profile::base::barbican::api ( notification_transport_url => os_transport_url({ 'transport' => $oslomsg_notify_proto, 'hosts' => $oslomsg_notify_hosts, - 'port' => sprintf('%s', $oslomsg_notify_port), + 'port' => $oslomsg_notify_port, 'username' => $oslomsg_notify_username, 'password' => $oslomsg_notify_password, 'ssl' => $oslomsg_use_ssl_real, diff --git a/manifests/profile/base/ceilometer.pp b/manifests/profile/base/ceilometer.pp index 61575d1..2855bd2 100644 --- a/manifests/profile/base/ceilometer.pp +++ b/manifests/profile/base/ceilometer.pp @@ -88,7 +88,7 @@ class tripleo::profile::base::ceilometer ( default_transport_url => os_transport_url({ 'transport' => $oslomsg_rpc_proto, 'hosts' => $oslomsg_rpc_hosts, - 'port' => sprintf('%s', $oslomsg_rpc_port), + 'port' => $oslomsg_rpc_port, 'username' => $oslomsg_rpc_username, 'password' => $oslomsg_rpc_password, 'ssl' => $oslomsg_use_ssl_real, @@ -96,7 +96,7 @@ class tripleo::profile::base::ceilometer ( notification_transport_url => os_transport_url({ 'transport' => $oslomsg_notify_proto, 'hosts' => $oslomsg_notify_hosts, - 'port' => sprintf('%s', $oslomsg_notify_port), + 'port' => $oslomsg_notify_port, 'username' => $oslomsg_notify_username, 'password' => $oslomsg_notify_password, 'ssl' => $oslomsg_use_ssl_real, diff --git a/manifests/profile/base/ceilometer/agent/polling.pp b/manifests/profile/base/ceilometer/agent/polling.pp new file mode 100644 index 0000000..3706c2e --- /dev/null +++ b/manifests/profile/base/ceilometer/agent/polling.pp @@ -0,0 +1,64 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::ceilometer::agent::polling +# +# Ceilometer polling Agent profile for tripleo +# +# === Parameters +# +# [*central_namespace*] +# (Optional) Use central namespace for polling agent. +# Defaults to false. +# +# [*compute_namespace*] +# (Optional) Use compute namespace for polling agent. +# Defaults to false. +# +# [*ipmi_namespace*] +# (Optional) Use ipmi namespace for polling agent. +# Defaults to false. +# +# [*ceilometer_redis_password*] +# (Optional) redis password to configure coordination url +# +# [*redis_vip*] +# (Optional) redis vip to configure coordination url +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::ceilometer::agent::polling ( + $central_namespace = hiera('central_namespace', false), + $compute_namespace = hiera('compute_namespace', false), + $ipmi_namespace = hiera('ipmi_namespace', false), + $ceilometer_redis_password = hiera('ceilometer_redis_password', undef), + $redis_vip = hiera('redis_vip', undef), + $step = hiera('step'), +) { + include ::tripleo::profile::base::ceilometer + + if $step >= 4 { + include ::ceilometer::agent::auth + class { '::ceilometer::agent::polling': + central_namespace => $central_namespace, + compute_namespace => $compute_namespace, + ipmi_namespace => $ipmi_namespace, + coordination_url => join(['redis://:', $ceilometer_redis_password, '@', normalize_ip_for_uri($redis_vip), ':6379/']), + } + } + +} diff --git a/manifests/profile/base/cinder.pp b/manifests/profile/base/cinder.pp index d6fad03..fc3c659 100644 --- a/manifests/profile/base/cinder.pp +++ b/manifests/profile/base/cinder.pp @@ -102,7 +102,7 @@ class tripleo::profile::base::cinder ( default_transport_url => os_transport_url({ 'transport' => $oslomsg_rpc_proto, 'hosts' => $oslomsg_rpc_hosts, - 'port' => sprintf('%s', $oslomsg_rpc_port), + 'port' => $oslomsg_rpc_port, 'username' => $oslomsg_rpc_username, 'password' => $oslomsg_rpc_password, 'ssl' => $oslomsg_use_ssl_real, @@ -112,7 +112,7 @@ class tripleo::profile::base::cinder ( notification_transport_url => os_transport_url({ 'transport' => $oslomsg_notify_proto, 'hosts' => $oslomsg_notify_hosts, - 'port' => sprintf('%s', $oslomsg_notify_port), + 'port' => $oslomsg_notify_port, 'username' => $oslomsg_notify_username, 'password' => $oslomsg_notify_password, 'ssl' => $oslomsg_use_ssl_real, diff --git a/manifests/profile/base/docker_registry.pp b/manifests/profile/base/docker_registry.pp index ebe84bf..0452575 100644 --- a/manifests/profile/base/docker_registry.pp +++ b/manifests/profile/base/docker_registry.pp @@ -38,7 +38,8 @@ class tripleo::profile::base::docker_registry ( ) { # We want a v2 registry package{'docker-registry': - ensure => absent, + ensure => absent, + allow_virtual => false, } package{'docker-distribution': } package{'docker': } diff --git a/manifests/profile/base/heat.pp b/manifests/profile/base/heat.pp index 171f51b..4ff5b41 100644 --- a/manifests/profile/base/heat.pp +++ b/manifests/profile/base/heat.pp @@ -107,14 +107,12 @@ class tripleo::profile::base::heat ( $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) - # TODO(ccamacho): remove sprintf once we properly type the port, needs - # to be a string for the os_transport_url function. class { '::heat' : notification_driver => $notification_driver, default_transport_url => os_transport_url({ 'transport' => $oslomsg_rpc_proto, 'hosts' => $oslomsg_rpc_hosts, - 'port' => sprintf('%s', $oslomsg_rpc_port), + 'port' => $oslomsg_rpc_port, 'username' => $oslomsg_rpc_username, 'password' => $oslomsg_rpc_password, 'ssl' => $oslomsg_use_ssl_real, @@ -122,7 +120,7 @@ class tripleo::profile::base::heat ( notification_transport_url => os_transport_url({ 'transport' => $oslomsg_notify_proto, 'hosts' => $oslomsg_notify_hosts, - 'port' => sprintf('%s', $oslomsg_notify_port), + 'port' => $oslomsg_notify_port, 'username' => $oslomsg_notify_username, 'password' => $oslomsg_notify_password, 'ssl' => $oslomsg_use_ssl_real, diff --git a/manifests/profile/base/horizon.pp b/manifests/profile/base/horizon.pp index 1849435..278c25c 100644 --- a/manifests/profile/base/horizon.pp +++ b/manifests/profile/base/horizon.pp @@ -25,11 +25,11 @@ # # [*neutron_options*] # (Optional) A hash of parameters to enable features specific to Neutron -# Defaults to hiera('horizon::neutron_options', undef) +# Defaults to hiera('horizon::neutron_options', {}) # class tripleo::profile::base::horizon ( $step = hiera('step'), - $neutron_options = hiera('horizon::neutron_options', undef), + $neutron_options = hiera('horizon::neutron_options', {}), ) { if $step >= 4 { # Horizon diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index 6933c09..9b2fc51 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -193,7 +193,7 @@ class tripleo::profile::base::keystone ( default_transport_url => os_transport_url({ 'transport' => $oslomsg_rpc_proto, 'hosts' => $oslomsg_rpc_hosts, - 'port' => sprintf('%s', $oslomsg_rpc_port), + 'port' => $oslomsg_rpc_port, 'username' => $oslomsg_rpc_username, 'password' => $oslomsg_rpc_password, 'ssl' => $oslomsg_use_ssl_real, @@ -201,7 +201,7 @@ class tripleo::profile::base::keystone ( notification_transport_url => os_transport_url({ 'transport' => $oslomsg_notify_proto, 'hosts' => $oslomsg_notify_hosts, - 'port' => sprintf('%s', $oslomsg_notify_port), + 'port' => $oslomsg_notify_port, 'username' => $oslomsg_notify_username, 'password' => $oslomsg_notify_password, 'ssl' => $oslomsg_use_ssl_real, diff --git a/manifests/profile/base/manila.pp b/manifests/profile/base/manila.pp index 87179ab..cad2cdf 100644 --- a/manifests/profile/base/manila.pp +++ b/manifests/profile/base/manila.pp @@ -97,7 +97,7 @@ class tripleo::profile::base::manila ( default_transport_url => os_transport_url({ 'transport' => $oslomsg_rpc_proto, 'hosts' => $oslomsg_rpc_hosts, - 'port' => sprintf('%s', $oslomsg_rpc_port), + 'port' => $oslomsg_rpc_port, 'username' => $oslomsg_rpc_username, 'password' => $oslomsg_rpc_password, 'ssl' => $oslomsg_use_ssl_real, @@ -105,7 +105,7 @@ class tripleo::profile::base::manila ( notification_transport_url => os_transport_url({ 'transport' => $oslomsg_notify_proto, 'hosts' => $oslomsg_notify_hosts, - 'port' => sprintf('%s', $oslomsg_notify_port), + 'port' => $oslomsg_notify_port, 'username' => $oslomsg_notify_username, 'password' => $oslomsg_notify_password, 'ssl' => $oslomsg_use_ssl_real, diff --git a/manifests/profile/base/mistral.pp b/manifests/profile/base/mistral.pp index 05773ac..0eb849d 100644 --- a/manifests/profile/base/mistral.pp +++ b/manifests/profile/base/mistral.pp @@ -98,7 +98,7 @@ class tripleo::profile::base::mistral ( default_transport_url => os_transport_url({ 'transport' => $oslomsg_rpc_proto, 'hosts' => $oslomsg_rpc_hosts, - 'port' => sprintf('%s', $oslomsg_rpc_port), + 'port' => $oslomsg_rpc_port, 'username' => $oslomsg_rpc_username, 'password' => $oslomsg_rpc_password, 'ssl' => $oslomsg_use_ssl_real, @@ -106,7 +106,7 @@ class tripleo::profile::base::mistral ( notification_transport_url => os_transport_url({ 'transport' => $oslomsg_notify_proto, 'hosts' => $oslomsg_notify_hosts, - 'port' => sprintf('%s', $oslomsg_notify_port), + 'port' => $oslomsg_notify_port, 'username' => $oslomsg_notify_username, 'password' => $oslomsg_notify_password, 'ssl' => $oslomsg_use_ssl_real, diff --git a/manifests/profile/base/neutron.pp b/manifests/profile/base/neutron.pp index 271003e..0d647f8 100644 --- a/manifests/profile/base/neutron.pp +++ b/manifests/profile/base/neutron.pp @@ -86,7 +86,7 @@ class tripleo::profile::base::neutron ( default_transport_url => os_transport_url({ 'transport' => $oslomsg_rpc_proto, 'hosts' => $oslomsg_rpc_hosts, - 'port' => sprintf('%s', $oslomsg_rpc_port), + 'port' => $oslomsg_rpc_port, 'username' => $oslomsg_rpc_username, 'password' => $oslomsg_rpc_password, 'ssl' => $oslomsg_use_ssl_real, @@ -94,7 +94,7 @@ class tripleo::profile::base::neutron ( notification_transport_url => os_transport_url({ 'transport' => $oslomsg_notify_proto, 'hosts' => $oslomsg_notify_hosts, - 'port' => sprintf('%s', $oslomsg_notify_port), + 'port' => $oslomsg_notify_port, 'username' => $oslomsg_notify_username, 'password' => $oslomsg_notify_password, 'ssl' => $oslomsg_use_ssl_real, diff --git a/manifests/profile/base/nova.pp b/manifests/profile/base/nova.pp index 7daed83..36425f6 100644 --- a/manifests/profile/base/nova.pp +++ b/manifests/profile/base/nova.pp @@ -114,13 +114,11 @@ class tripleo::profile::base::nova ( if $step >= 4 or ($step >= 3 and $sync_db) { $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) - # TODO(ccamacho): remove sprintf once we properly type the port, needs - # to be a string for the os_transport_url function. class { '::nova' : default_transport_url => os_transport_url({ 'transport' => $oslomsg_rpc_proto, 'hosts' => $oslomsg_rpc_hosts, - 'port' => sprintf('%s', $oslomsg_rpc_port), + 'port' => $oslomsg_rpc_port, 'username' => $oslomsg_rpc_username, 'password' => $oslomsg_rpc_password, 'ssl' => $oslomsg_use_ssl_real, @@ -128,7 +126,7 @@ class tripleo::profile::base::nova ( notification_transport_url => os_transport_url({ 'transport' => $oslomsg_notify_proto, 'hosts' => $oslomsg_notify_hosts, - 'port' => sprintf('%s', $oslomsg_notify_port), + 'port' => $oslomsg_notify_port, 'username' => $oslomsg_notify_username, 'password' => $oslomsg_notify_password, 'ssl' => $oslomsg_use_ssl_real, diff --git a/manifests/profile/base/nova/api.pp b/manifests/profile/base/nova/api.pp index 287d14c..cda2b66 100644 --- a/manifests/profile/base/nova/api.pp +++ b/manifests/profile/base/nova/api.pp @@ -75,6 +75,7 @@ class tripleo::profile::base::nova::api ( } include ::tripleo::profile::base::nova + include ::tripleo::profile::base::nova::authtoken if $step >= 3 and $sync_db { include ::nova::cell_v2::simple_setup @@ -82,16 +83,6 @@ class tripleo::profile::base::nova::api ( if $step >= 4 or ($step >= 3 and $sync_db) { - if hiera('nova::use_ipv6', false) { - $memcache_servers = suffix(any2array(normalize_ip_for_uri(hiera('memcached_node_ips_v6'))), ':11211') - } else { - $memcache_servers = suffix(any2array(normalize_ip_for_uri(hiera('memcached_node_ips'))), ':11211') - } - - class { '::nova::keystone::authtoken': - memcached_servers => $memcache_servers - } - class { '::nova::api': sync_db => $sync_db, sync_db_api => $sync_db, diff --git a/manifests/profile/base/nova/authtoken.pp b/manifests/profile/base/nova/authtoken.pp new file mode 100644 index 0000000..ee6c331 --- /dev/null +++ b/manifests/profile/base/nova/authtoken.pp @@ -0,0 +1,56 @@ +# Copyright 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::nova::authtoken +# +# Nova authtoken profile for TripleO +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +# [*use_ipv6*] +# (Optional) Flag indicating if ipv6 should be used for caching +# Defaults to hiera('nova::use_ipv6', false) +# +# [*memcache_nodes_ipv6*] +# (Optional) Array of ipv6 addresses for memcache. Used if use_ipv6 is true. +# Defaults to hiera('memcached_node_ipvs_v6', ['::1']) +# +# [*memcache_nodes_ipv4*] +# (Optional) Array of ipv4 addresses for memcache. Used by default unless +# use_ipv6 is set to true. +# Defaults to hiera('memcached_node_ips', ['127.0.0.1']) +# +class tripleo::profile::base::nova::authtoken ( + $step = hiera('step'), + $use_ipv6 = hiera('nova::use_ipv6', false), + $memcache_nodes_ipv6 = hiera('memcached_node_ips_v6', ['::1']), + $memcache_nodes_ipv4 = hiera('memcached_node_ips', ['127.0.0.1']), +) { + + if $step >= 3 { + $memcached_ips = $use_ipv6 ? { + true => $memcache_nodes_ipv6, + default => $memcache_nodes_ipv4 + } + + $memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211') + + class { '::nova::keystone::authtoken': + memcached_servers => $memcache_servers + } + } +} diff --git a/manifests/profile/base/nova/placement.pp b/manifests/profile/base/nova/placement.pp index c429373..46658b8 100644 --- a/manifests/profile/base/nova/placement.pp +++ b/manifests/profile/base/nova/placement.pp @@ -69,6 +69,7 @@ class tripleo::profile::base::nova::placement ( } include ::tripleo::profile::base::nova + include ::tripleo::profile::base::nova::authtoken if $enable_internal_tls { if $generate_service_certificates { diff --git a/manifests/profile/base/sahara.pp b/manifests/profile/base/sahara.pp index 9633dc3..c9c656d 100644 --- a/manifests/profile/base/sahara.pp +++ b/manifests/profile/base/sahara.pp @@ -98,7 +98,7 @@ class tripleo::profile::base::sahara ( default_transport_url => os_transport_url({ 'transport' => $oslomsg_rpc_proto, 'hosts' => $oslomsg_rpc_hosts, - 'port' => sprintf('%s', $oslomsg_rpc_port), + 'port' => $oslomsg_rpc_port, 'username' => $oslomsg_rpc_username, 'password' => $oslomsg_rpc_password, 'ssl' => $oslomsg_use_ssl_real, @@ -108,7 +108,7 @@ class tripleo::profile::base::sahara ( notification_transport_url => os_transport_url({ 'transport' => $oslomsg_notify_proto, 'hosts' => $oslomsg_notify_hosts, - 'port' => sprintf('%s', $oslomsg_notify_port), + 'port' => $oslomsg_notify_port, 'username' => $oslomsg_notify_username, 'password' => $oslomsg_notify_password, 'ssl' => $oslomsg_use_ssl_real, diff --git a/manifests/profile/base/vpp.pp b/manifests/profile/base/vpp.pp new file mode 100644 index 0000000..05f52f9 --- /dev/null +++ b/manifests/profile/base/vpp.pp @@ -0,0 +1,32 @@ +# Copyright 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::vpp +# +# vpp profile for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::vpp ( + $step = hiera('step'), +) { + if $step >= 1 { + include ::fdio + } +} |