summaryrefslogtreecommitdiffstats
path: root/manifests
diff options
context:
space:
mode:
Diffstat (limited to 'manifests')
-rw-r--r--manifests/firewall/rule.pp19
-rw-r--r--manifests/haproxy.pp49
-rw-r--r--manifests/haproxy/endpoint.pp29
-rw-r--r--manifests/packages.pp4
-rw-r--r--manifests/profile/base/ceilometer/api.pp7
-rw-r--r--manifests/profile/base/cinder/volume.pp29
-rw-r--r--manifests/profile/base/cinder/volume/hpelefthand.pp71
-rw-r--r--manifests/profile/base/metrics/collectd.pp88
-rw-r--r--manifests/profile/base/metrics/collectd/plugin_helper.pp6
-rw-r--r--manifests/profile/base/neutron/agents/ovn.pp14
-rw-r--r--manifests/profile/base/neutron/opendaylight.pp19
-rw-r--r--manifests/profile/base/neutron/ovn_northd.pp40
-rw-r--r--manifests/profile/base/neutron/plugins/ml2.pp5
-rw-r--r--manifests/profile/base/neutron/plugins/ml2/ovn.pp25
-rw-r--r--manifests/profile/base/nova.pp46
-rw-r--r--manifests/profile/base/pacemaker.pp3
-rw-r--r--manifests/profile/base/swift/proxy.pp23
-rw-r--r--manifests/tls_proxy.pp60
-rw-r--r--manifests/vip_hosts.pp39
19 files changed, 467 insertions, 109 deletions
diff --git a/manifests/firewall/rule.pp b/manifests/firewall/rule.pp
index 6801dc4..816e6fe 100644
--- a/manifests/firewall/rule.pp
+++ b/manifests/firewall/rule.pp
@@ -77,8 +77,16 @@ define tripleo::firewall::rule (
$extras = {},
) {
+ if $port == 'all' {
+ warning("All ${proto} traffic will be open on this host.")
+ # undef so the IPtables rule won't have any port specified.
+ $port_real = undef
+ } else {
+ $port_real = $port
+ }
+
$basic = {
- 'port' => $port,
+ 'port' => $port_real,
'dport' => $dport,
'sport' => $sport,
'proto' => $proto,
@@ -100,6 +108,15 @@ define tripleo::firewall::rule (
$rule = merge($basic, $state_rule, $extras)
validate_hash($rule)
+ # This conditional will ensure that TCP and UDP firewall rules have
+ # a port specified in the configuration when using INPUT or OUTPUT chains.
+ # If not, the Puppet catalog will fail.
+ # If we don't do this sanity check, a user could create some TCP/UDP
+ # rules without port, and the result would be an iptables rule that allow any
+ # traffic on the host.
+ if ($proto in ['tcp', 'udp']) and (! ($port or $dport or $sport) and ($chain != 'FORWARD')) {
+ fail("${title} firewall rule cannot be created. TCP or UDP rules for INPUT or OUTPUT need port or sport or dport.")
+ }
create_resources('firewall', { "${title}" => $rule })
}
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index 515f49a..c57666d 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -276,6 +276,10 @@
# (optional) Enable or not OpenDaylight binding
# Defaults to hiera('opendaylight_api_enabled', false)
#
+# [*ovn_dbs*]
+# (optional) Enable or not OVN northd binding
+# Defaults to hiera('ovn_dbs_enabled', false)
+#
# [*zaqar_ws*]
# (optional) Enable or not Zaqar Websockets binding
# Defaults to false
@@ -380,6 +384,10 @@
# (optional) Specify the network panko is running on.
# Defaults to hiera('panko_api_network', undef)
#
+# [*ovn_dbs_network*]
+# (optional) Specify the network ovn_dbs is running on.
+# Defaults to hiera('ovn_dbs_network', undef)
+#
# [*sahara_network*]
# (optional) Specify the network sahara is running on.
# Defaults to hiera('sahara_api_network', undef)
@@ -441,6 +449,8 @@
# 'nova_novnc_ssl_port' (Defaults to 13080)
# 'panko_api_port' (Defaults to 8779)
# 'panko_api_ssl_port' (Defaults to 13779)
+# 'ovn_nbdb_port' (Defaults to 6641)
+# 'ovn_sbdb_port' (Defaults to 6642)
# 'sahara_api_port' (Defaults to 8386)
# 'sahara_api_ssl_port' (Defaults to 13386)
# 'swift_proxy_port' (Defaults to 8080)
@@ -515,6 +525,7 @@ class tripleo::haproxy (
$zaqar_api = hiera('zaqar_api_enabled', false),
$ceph_rgw = hiera('ceph_rgw_enabled', false),
$opendaylight = hiera('opendaylight_api_enabled', false),
+ $ovn_dbs = hiera('ovn_dbs_enabled', false),
$zaqar_ws = hiera('zaqar_api_enabled', false),
$ui = hiera('enable_ui', false),
$aodh_network = hiera('aodh_api_network', undef),
@@ -540,6 +551,7 @@ class tripleo::haproxy (
$nova_novncproxy_network = hiera('nova_vnc_proxy_network', undef),
$nova_osapi_network = hiera('nova_api_network', undef),
$panko_network = hiera('panko_api_network', undef),
+ $ovn_dbs_network = hiera('ovn_dbs_network', undef),
$sahara_network = hiera('sahara_api_network', undef),
$swift_proxy_server_network = hiera('swift_proxy_network', undef),
$trove_network = hiera('trove_api_network', undef),
@@ -590,6 +602,8 @@ class tripleo::haproxy (
nova_novnc_ssl_port => 13080,
panko_api_port => 8779,
panko_api_ssl_port => 13779,
+ ovn_nbdb_port => 6641,
+ ovn_sbdb_port => 6642,
sahara_api_port => 8386,
sahara_api_ssl_port => 13386,
swift_proxy_port => 8080,
@@ -1318,6 +1332,39 @@ class tripleo::haproxy (
}
}
+
+ if $ovn_dbs {
+ # FIXME: is this config enough to ensure we only hit the first node in
+ # ovn_northd_node_ips ?
+ $ovn_db_listen_options = {
+ 'option' => [ 'tcpka' ],
+ 'timeout client' => '90m',
+ 'timeout server' => '90m',
+ 'stick-table' => 'type ip size 1000',
+ 'stick' => 'on dst',
+ }
+ ::tripleo::haproxy::endpoint { 'ovn_nbdb':
+ public_virtual_ip => $public_virtual_ip,
+ internal_ip => hiera('ovn_dbs_vip', $controller_virtual_ip),
+ service_port => $ports[ovn_nbdb_port],
+ ip_addresses => hiera('ovn_dbs_node_ips', $controller_hosts_real),
+ server_names => hiera('ovn_dbs_node_names', $controller_hosts_names_real),
+ service_network => $ovn_dbs_network,
+ listen_options => $ovn_db_listen_options,
+ mode => 'tcp'
+ }
+ ::tripleo::haproxy::endpoint { 'ovn_sbdb':
+ public_virtual_ip => $public_virtual_ip,
+ internal_ip => hiera('ovn_dbs_vip', $controller_virtual_ip),
+ service_port => $ports[ovn_sbdb_port],
+ ip_addresses => hiera('ovn_dbs_node_ips', $controller_hosts_real),
+ server_names => hiera('ovn_dbs_node_names', $controller_hosts_names_real),
+ service_network => $ovn_dbs_network,
+ listen_options => $ovn_db_listen_options,
+ mode => 'tcp'
+ }
+ }
+
if $zaqar_ws {
::tripleo::haproxy::endpoint { 'zaqar_ws':
public_virtual_ip => $public_virtual_ip,
@@ -1331,7 +1378,7 @@ class tripleo::haproxy (
# NOTE(jaosorior): Websockets have more overhead in establishing
# connections than regular HTTP connections. Also, since it begins
# as an HTTP connection and then "upgrades" to a TCP connection, some
- # timeouts get overriden by others at certain times of the connection.
+ # timeouts get overridden by others at certain times of the connection.
# The following values were taken from the following site:
# http://blog.haproxy.com/2012/11/07/websockets-load-balancing-with-haproxy/
'timeout' => ['connect 5s', 'client 25s', 'server 25s', 'tunnel 3600s'],
diff --git a/manifests/haproxy/endpoint.pp b/manifests/haproxy/endpoint.pp
index 4311049..0bba245 100644
--- a/manifests/haproxy/endpoint.pp
+++ b/manifests/haproxy/endpoint.pp
@@ -149,14 +149,27 @@ define tripleo::haproxy::endpoint (
}
if hiera('manage_firewall', true) {
include ::tripleo::firewall
- $firewall_rules = {
- "100 ${name}_haproxy" => {
- 'dport' => $service_port,
- },
- "100 ${name}_haproxy_ssl" => {
- 'dport' => $public_ssl_port,
- },
+ # This block will construct firewall rules only when we specify
+ # a port for the regular service and also the ssl port for the service.
+ # It makes sure we're not trying to create TCP iptables rules where no port
+ # is specified.
+ if $service_port {
+ $haproxy_firewall_rules = {
+ "100 ${name}_haproxy" => {
+ 'dport' => $service_port,
+ },
+ }
+ }
+ if $public_ssl_port {
+ $haproxy_ssl_firewall_rules = {
+ "100 ${name}_haproxy_ssl" => {
+ 'dport' => $public_ssl_port,
+ },
+ }
+ }
+ $firewall_rules = merge($haproxy_firewall_rules, $haproxy_ssl_firewall_rules)
+ if $service_port or $public_ssl_port {
+ create_resources('tripleo::firewall::rule', $firewall_rules)
}
- create_resources('tripleo::firewall::rule', $firewall_rules)
}
}
diff --git a/manifests/packages.pp b/manifests/packages.pp
index ec2635a..147c76a 100644
--- a/manifests/packages.pp
+++ b/manifests/packages.pp
@@ -35,7 +35,7 @@ class tripleo::packages (
# required for stages
include ::stdlib
- if !$enable_install and !$enable_upgrade {
+ if !str2bool($enable_install) and !str2bool($enable_upgrade) {
case $::osfamily {
'RedHat': {
Package <| |> { provider => 'norpm' }
@@ -46,7 +46,7 @@ class tripleo::packages (
}
}
- if $enable_upgrade {
+ if str2bool($enable_upgrade) {
Package <| |> { ensure => 'latest' }
# Running the package upgrade before managing Services in the main stage.
# So we're sure that services will be able to restart with the new version
diff --git a/manifests/profile/base/ceilometer/api.pp b/manifests/profile/base/ceilometer/api.pp
index 6ef4748..2e7986b 100644
--- a/manifests/profile/base/ceilometer/api.pp
+++ b/manifests/profile/base/ceilometer/api.pp
@@ -18,6 +18,10 @@
#
# === Parameters
#
+# [*enable_legacy_api*]
+# (Optional) Enable legacy ceilometer api service.
+# Defaults to hiera('enable_legacy_api', false)
+#
# [*ceilometer_network*]
# (Optional) The network name where the ceilometer endpoint is listening on.
# This is set by t-h-t.
@@ -53,6 +57,7 @@
# Defaults to hiera('step')
#
class tripleo::profile::base::ceilometer::api (
+ $enable_legacy_api = hiera('enable_legacy_ceilometer_api', false),
$ceilometer_network = hiera('ceilometer_api_network', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
@@ -76,7 +81,7 @@ class tripleo::profile::base::ceilometer::api (
$tls_keyfile = undef
}
- if $step >= 4 {
+ if $step >= 4 and $enable_legacy_api {
include ::ceilometer::api
class { '::ceilometer::wsgi::apache':
ssl_cert => $tls_certfile,
diff --git a/manifests/profile/base/cinder/volume.pp b/manifests/profile/base/cinder/volume.pp
index 64927b6..7663b6f 100644
--- a/manifests/profile/base/cinder/volume.pp
+++ b/manifests/profile/base/cinder/volume.pp
@@ -22,6 +22,10 @@
# (Optional) Whether to enable the delsc backend
# Defaults to true
#
+# [*cinder_enable_hpelefthand_backend*]
+# (Optional) Whether to enable the hpelefthand backend
+# Defaults to false
+#
# [*cinder_enable_eqlx_backend*]
# (Optional) Whether to enable the eqlx backend
# Defaults to true
@@ -52,14 +56,15 @@
# Defaults to hiera('step')
#
class tripleo::profile::base::cinder::volume (
- $cinder_enable_dellsc_backend = false,
- $cinder_enable_eqlx_backend = false,
- $cinder_enable_iscsi_backend = true,
- $cinder_enable_netapp_backend = false,
- $cinder_enable_nfs_backend = false,
- $cinder_enable_rbd_backend = false,
- $cinder_user_enabled_backends = hiera('cinder_user_enabled_backends', undef),
- $step = hiera('step'),
+ $cinder_enable_dellsc_backend = false,
+ $cinder_enable_hpelefthand_backend = false,
+ $cinder_enable_eqlx_backend = false,
+ $cinder_enable_iscsi_backend = true,
+ $cinder_enable_netapp_backend = false,
+ $cinder_enable_nfs_backend = false,
+ $cinder_enable_rbd_backend = false,
+ $cinder_user_enabled_backends = hiera('cinder_user_enabled_backends', undef),
+ $step = hiera('step'),
) {
include ::tripleo::profile::base::cinder
@@ -73,6 +78,13 @@ class tripleo::profile::base::cinder::volume (
$cinder_dellsc_backend_name = undef
}
+ if $cinder_enable_hpelefthand_backend {
+ include ::tripleo::profile::base::cinder::volume::hpelefthand
+ $cinder_hpelefthand_backend_name = hiera('cinder::backend::hpelefthand_iscsi::volume_backend_name', 'tripleo_hpelefthand')
+ } else {
+ $cinder_hpelefthand_backend_name = undef
+ }
+
if $cinder_enable_eqlx_backend {
include ::tripleo::profile::base::cinder::volume::eqlx
$cinder_eqlx_backend_name = hiera('cinder::backend::eqlx::volume_backend_name', 'tripleo_eqlx')
@@ -112,6 +124,7 @@ class tripleo::profile::base::cinder::volume (
$cinder_rbd_backend_name,
$cinder_eqlx_backend_name,
$cinder_dellsc_backend_name,
+ $cinder_hpelefthand_backend_name,
$cinder_netapp_backend_name,
$cinder_nfs_backend_name,
$cinder_user_enabled_backends])
diff --git a/manifests/profile/base/cinder/volume/hpelefthand.pp b/manifests/profile/base/cinder/volume/hpelefthand.pp
new file mode 100644
index 0000000..32f0976
--- /dev/null
+++ b/manifests/profile/base/cinder/volume/hpelefthand.pp
@@ -0,0 +1,71 @@
+# Copyright 2016 Hewlett-Packard Enterprise.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::cinder::volume::hpelefthand
+#
+# Cinder Volume hpelefthand profile for tripleo
+#
+# === Parameters
+#
+# [*backend_name*]
+# (Optional) Name given to the Cinder backend stanza
+# Defaults to 'tripleo_hpelefthand'
+#
+# [*cinder_hpelefthand_api_url*]
+# (required) url for api access to lefthand - example https://10.x.x.x:8080/api/v1
+#
+# [*cinder_hpelefthand_username*]
+# (required) Username for HPElefthand admin user
+#
+# [*cinder_hpelefthand_password*]
+# (required) Password for hpelefthand_username
+#
+# [*cinder_hpelefthand_iscsi_chap_enabled*]
+# (required) setting to false by default
+#
+# [*cinder_hpelefthand_clustername*]
+# (required) clustername of hpelefthand
+#
+# [*cinder_hpelefthand_debug*]
+# (required) setting to false by default
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::cinder::volume::hpelefthand (
+ $backend_name = hiera('cinder::backend::hpelefthand_iscsi::volume_backend_name', 'tripleo_hpelefthand'),
+ $cinder_hpelefthand_username = hiera('cinder::backend::hpelefthand_iscsi::hpelefthand_username', undef),
+ $cinder_hpelefthand_password = hiera('cinder::backend::hpelefthand_iscsi::hpelefthand_password', undef),
+ $cinder_hpelefthand_clustername = hiera('cinder::backend::hpelefthand_iscsi::hpelefthand_clustername', undef),
+ $cinder_hpelefthand_api_url = hiera('cinder::backend::hpelefthand_iscsi::hpelefthand_api_url', undef),
+ $cinder_hpelefthand_iscsi_chap_enabled = hiera('cinder::backend::hpelefthand_iscsi::hpelefthand_iscsi_chap_enabled', undef),
+ $cinder_hpelefthand_debug = hiera('cinder::backend::hpelefthand_iscsi::hpelefthand_debug', undef),
+ $step = hiera('step'),
+) {
+ include ::tripleo::profile::base::cinder::volume
+
+ if $step >= 4 {
+ cinder::backend::hpelefthand_iscsi { $backend_name :
+ hpelefthand_username => $cinder_hpelefthand_username,
+ hpelefthand_password => $cinder_hpelefthand_password,
+ hpelefthand_clustername => $cinder_hpelefthand_clustername,
+ hpelefthand_api_url => $cinder_hpelefthand_api_url,
+ hpelefthand_iscsi_chap_enabled => $cinder_hpelefthand_iscsi_chap_enabled,
+ hpelefthand_debug => $cinder_hpelefthand_debug,
+ }
+ }
+
+}
diff --git a/manifests/profile/base/metrics/collectd.pp b/manifests/profile/base/metrics/collectd.pp
new file mode 100644
index 0000000..0f738d1
--- /dev/null
+++ b/manifests/profile/base/metrics/collectd.pp
@@ -0,0 +1,88 @@
+# == Class: tripleo::profile::base::metrics::collectd
+#
+# Collectd configuration for TripleO
+#
+# === Parameters
+#
+# [*collectd_plugins*]
+# (Optional) List. A list of collectd plugins to configure (the
+# corresponding collectd::plugin::NAME class must exist in the
+# collectd package).
+#
+# [*collectd_server*]
+# (Optional) String. The name or address of a collectd server to
+# which we should send metrics.
+#
+# [*collectd_port*]
+# (Optional) Integer. The port to which we will connect on the
+# collectd server.
+#
+# [*collectd_username*]
+# (Optional) String. Username for authenticating to the remote
+# collectd server.
+#
+# [*collectd_password*]
+# (Optional) String. Password for authenticating to the remote
+# collectd server.
+#
+# [*collectd_securitylevel*]
+# (Optional) String.
+#
+# [*collectd_interface*]
+# (Optional) String. Name of a network interface.
+#
+# [*collectd_graphite_server*]
+# (Optional) String. The name or address of a graphite server to
+# which we should send metrics.
+#
+# [*collectd_graphite_port*]
+# (Optional) Integer. This is the port to which we will connect on
+# the graphite server. Defaults to 2004.
+#
+# [*collectd_graphite_prefix*]
+# (Optional) String. Prefix to add to metric names. Defaults to
+# 'overcloud.'.
+#
+# [*collectd_graphite_protocol*]
+# (Optional) String. One of 'udp' or 'tcp'.
+#
+class tripleo::profile::base::metrics::collectd (
+ $collectd_plugins = [],
+
+ $collectd_server = undef,
+ $collectd_port = 25826,
+ $collectd_username = undef,
+ $collectd_password = undef,
+ $collectd_securitylevel = undef,
+
+ $collectd_graphite_server = undef,
+ $collectd_graphite_port = 2004,
+ $collectd_graphite_prefix = undef,
+ $collectd_graphite_protocol = 'udp'
+) {
+ include ::collectd
+ ::tripleo::profile::base::metrics::collectd::plugin_helper { $collectd_plugins: }
+
+ if ! ($collectd_graphite_protocol in ['udp', 'tcp']) {
+ fail("collectd_graphite_protocol must be one of 'udp' or 'tcp'")
+ }
+
+ if $collectd_server {
+ ::collectd::plugin::network::server { $collectd_server:
+ username => $collectd_username,
+ password => $collectd_password,
+ port => $collectd_port,
+ securitylevel => $collectd_securitylevel,
+ }
+ }
+
+ if $collectd_graphite_server {
+ ::collectd::plugin::write_graphite::carbon { 'openstack_graphite':
+ graphitehost => $collectd_graphite_server,
+ graphiteport => $collectd_graphite_port,
+ graphiteprefix => $collectd_graphite_prefix,
+ protocol => $collectd_graphite_protocol,
+ }
+ }
+}
+
diff --git a/manifests/profile/base/metrics/collectd/plugin_helper.pp b/manifests/profile/base/metrics/collectd/plugin_helper.pp
new file mode 100644
index 0000000..b624ee1
--- /dev/null
+++ b/manifests/profile/base/metrics/collectd/plugin_helper.pp
@@ -0,0 +1,6 @@
+# We use this to transform a list of unqualified plugin names
+# (like ['disk', 'ntpd']) into the correct collectd plugin classes.
+define tripleo::profile::base::metrics::collectd::plugin_helper (
+) {
+ include "collectd::plugin::${title}"
+}
diff --git a/manifests/profile/base/neutron/agents/ovn.pp b/manifests/profile/base/neutron/agents/ovn.pp
index 443b164..a593092 100644
--- a/manifests/profile/base/neutron/agents/ovn.pp
+++ b/manifests/profile/base/neutron/agents/ovn.pp
@@ -17,7 +17,12 @@
# OVN Neutron agent profile for tripleo
#
# [*ovn_db_host*]
-# The IP-Address/Hostname where OVN DBs are deployed
+# (Optional) The IP-Address where OVN DBs are listening.
+# Defaults to hiera('ovn_dbs_vip')
+#
+# [*ovn_sbdb_port*]
+# (Optional) Port number on which southbound database is listening
+# Defaults to hiera('ovn::southbound::port')
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
@@ -25,14 +30,13 @@
# Defaults to hiera('step')
#
class tripleo::profile::base::neutron::agents::ovn (
- $ovn_db_host,
- $step = hiera('step')
+ $ovn_db_host = hiera('ovn_dbs_vip'),
+ $ovn_sbdb_port = hiera('ovn::southbound::port'),
+ $step = hiera('step')
) {
if $step >= 4 {
- $ovn_sbdb_port = hiera('ovn::southbound::port')
class { '::ovn::controller':
ovn_remote => "tcp:${ovn_db_host}:${ovn_sbdb_port}",
- ovn_encap_type => hiera('ovn::southboud::encap_type')
}
}
}
diff --git a/manifests/profile/base/neutron/opendaylight.pp b/manifests/profile/base/neutron/opendaylight.pp
index a3f46ec..556fe63 100644
--- a/manifests/profile/base/neutron/opendaylight.pp
+++ b/manifests/profile/base/neutron/opendaylight.pp
@@ -22,24 +22,19 @@
# (Optional) The current step of the deployment
# Defaults to hiera('step')
#
-# [*primary_controller*]
-# (Optional) The hostname of the first controller
+# [*primary_node*]
+# (Optional) The hostname of the first node of this role type
# Defaults to hiera('bootstrap_nodeid', undef)
#
class tripleo::profile::base::neutron::opendaylight (
- $step = hiera('step'),
- $primary_controller = hiera('bootstrap_nodeid', undef),
+ $step = hiera('step'),
+ $primary_node = hiera('bootstrap_nodeid', undef),
) {
- include ::tripleo::profile::base::neutron
-
- if ! str2bool(hiera('opendaylight::enable_l3')) {
- include ::tripleo::profile::base::neutron::l3
- }
-
if $step >= 1 {
- # Configure ODL only on first controller
- if $primary_controller == downcase($::hostname) {
+ # Configure ODL only on first node of the role where this service is
+ # applied
+ if $primary_node == downcase($::hostname) {
include ::opendaylight
}
}
diff --git a/manifests/profile/base/neutron/ovn_northd.pp b/manifests/profile/base/neutron/ovn_northd.pp
new file mode 100644
index 0000000..0b46d5c
--- /dev/null
+++ b/manifests/profile/base/neutron/ovn_northd.pp
@@ -0,0 +1,40 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::neutron::plugins::ml2::ovn
+#
+# OVN Neutron northd profile for tripleo
+#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::neutron::ovn_northd (
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $step = hiera('step'),
+) {
+ if $step >= 4 {
+ # Note this only runs on the first node in the cluster when
+ # deployed on a role where multiple nodes exist.
+ if $::hostname == downcase($bootstrap_node) {
+ include ::ovn::northd
+ }
+ }
+}
+
diff --git a/manifests/profile/base/neutron/plugins/ml2.pp b/manifests/profile/base/neutron/plugins/ml2.pp
index 4f4de0b..c046850 100644
--- a/manifests/profile/base/neutron/plugins/ml2.pp
+++ b/manifests/profile/base/neutron/plugins/ml2.pp
@@ -71,5 +71,10 @@ class tripleo::profile::base::neutron::plugins::ml2 (
if 'ovn' in $mechanism_drivers {
include ::tripleo::profile::base::neutron::plugins::ml2::ovn
}
+
+ if 'fujitsu_cfab' in $mechanism_drivers {
+ include ::neutron::plugins::ml2::fujitsu
+ include ::neutron::plugins::ml2::fujitsu::cfab
+ }
}
}
diff --git a/manifests/profile/base/neutron/plugins/ml2/ovn.pp b/manifests/profile/base/neutron/plugins/ml2/ovn.pp
index 46477a7..b5b7a0a 100644
--- a/manifests/profile/base/neutron/plugins/ml2/ovn.pp
+++ b/manifests/profile/base/neutron/plugins/ml2/ovn.pp
@@ -17,7 +17,16 @@
# OVN Neutron ML2 profile for tripleo
#
# [*ovn_db_host*]
-# The IP-Address/Hostname where OVN DBs are deployed
+# The IP-Address where OVN DBs are listening.
+# Defaults to hiera('ovn_dbs_vip')
+#
+# [*ovn_nb_port*]
+# (Optional) Port number on which northbound database is listening
+# Defaults to hiera('ovn::northbound::port')
+#
+# [*ovn_sb_port*]
+# (Optional) Port number on which southbound database is listening
+# Defaults to hiera('ovn::southbound::port')
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
@@ -25,18 +34,12 @@
# Defaults to hiera('step')
#
class tripleo::profile::base::neutron::plugins::ml2::ovn (
- $ovn_db_host,
- $step = hiera('step')
+ $ovn_db_host = hiera('ovn_dbs_vip'),
+ $ovn_nb_port = hiera('ovn::northbound::port'),
+ $ovn_sb_port = hiera('ovn::southbound::port'),
+ $step = hiera('step')
) {
if $step >= 4 {
- if $::hostname == $ovn_db_host {
- # NOTE: we might split northd from plugin later, in the case of
- # micro-services, where neutron-server & northd are not in the same
- # containers
- include ::ovn::northd
- }
- $ovn_nb_port = hiera('ovn::northbound::port')
- $ovn_sb_port = hiera('ovn::southbound::port')
class { '::neutron::plugins::ml2::ovn':
ovn_nb_connection => "tcp:${ovn_db_host}:${ovn_nb_port}",
ovn_sb_connection => "tcp:${ovn_db_host}:${ovn_sb_port}",
diff --git a/manifests/profile/base/nova.pp b/manifests/profile/base/nova.pp
index 7f1c862..ab9700f 100644
--- a/manifests/profile/base/nova.pp
+++ b/manifests/profile/base/nova.pp
@@ -30,6 +30,26 @@
# (Optional) Whether or not manage Nova Live migration
# Defaults to false
#
+# [*messaging_driver*]
+# Driver for messaging service.
+# Defaults to hiera('messaging_service_name', 'rabbit')
+#
+# [*messaging_hosts*]
+# list of the messaging host fqdns
+# Defaults to hiera('rabbitmq_node_names')
+#
+# [*messaging_password*]
+# Password for messaging nova queue
+# Defaults to hiera('nova::rabbit_password')
+#
+# [*messaging_port*]
+# IP port for messaging service
+# Defaults to hiera('nova::rabbit_port', 5672)
+#
+# [*messaging_username*]
+# Username for messaging nova queue
+# Defaults to hiera('nova::rabbit_userid', 'guest')
+#
# [*nova_compute_enabled*]
# (Optional) Whether or not nova-compute is enabled.
# Defaults to false
@@ -38,22 +58,17 @@
# (Optional) The current step of the deployment
# Defaults to hiera('step')
#
-# [*rabbit_hosts*]
-# list of the rabbbit host fqdns
-# Defaults to hiera('rabbitmq_node_names')
-#
-# [*rabbit_port*]
-# IP port for rabbitmq service
-# Defaults to hiera('nova::rabbit_port', 5672)
-
class tripleo::profile::base::nova (
$bootstrap_node = hiera('bootstrap_nodeid', undef),
$libvirt_enabled = false,
$manage_migration = false,
+ $messaging_driver = hiera('messaging_service_name', 'rabbit'),
+ $messaging_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $messaging_password = hiera('nova::rabbit_password'),
+ $messaging_port = hiera('nova::rabbit_port', '5672'),
+ $messaging_username = hiera('nova::rabbit_userid', 'guest'),
$nova_compute_enabled = false,
$step = hiera('step'),
- $rabbit_hosts = hiera('rabbitmq_node_names', undef),
- $rabbit_port = hiera('nova::rabbit_port', 5672),
) {
if $::hostname == downcase($bootstrap_node) {
$sync_db = true
@@ -68,9 +83,16 @@ class tripleo::profile::base::nova (
}
if hiera('step') >= 4 or (hiera('step') >= 3 and $sync_db) {
- $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}")
+ # TODO(ccamacho): remove sprintf once we properly type the port, needs
+ # to be a string for the os_transport_url function.
class { '::nova' :
- rabbit_hosts => $rabbit_endpoints,
+ default_transport_url => os_transport_url({
+ 'transport' => $messaging_driver,
+ 'hosts' => $messaging_hosts,
+ 'port' => sprintf('%s', $messaging_port),
+ 'username' => $messaging_username,
+ 'password' => $messaging_password,
+ }),
}
include ::nova::config
class { '::nova::cache':
diff --git a/manifests/profile/base/pacemaker.pp b/manifests/profile/base/pacemaker.pp
index cc5fd8a..19eb52b 100644
--- a/manifests/profile/base/pacemaker.pp
+++ b/manifests/profile/base/pacemaker.pp
@@ -40,7 +40,8 @@ class tripleo::profile::base::pacemaker (
$enable_fencing = str2bool(hiera('enable_fencing', false)) and $step >= 5
if $step >= 1 {
- $pacemaker_cluster_members = downcase(regsubst(hiera('controller_node_names'), ',', ' ', 'G'))
+ $pacemaker_short_node_names = join(hiera('pacemaker_short_node_names'), ',')
+ $pacemaker_cluster_members = downcase(regsubst($pacemaker_short_node_names, ',', ' ', 'G'))
$corosync_ipv6 = str2bool(hiera('corosync_ipv6', false))
if $corosync_ipv6 {
$cluster_setup_extras = { '--token' => hiera('corosync_token_timeout', 1000), '--ipv6' => '' }
diff --git a/manifests/profile/base/swift/proxy.pp b/manifests/profile/base/swift/proxy.pp
index 974a725..7bbef1e 100644
--- a/manifests/profile/base/swift/proxy.pp
+++ b/manifests/profile/base/swift/proxy.pp
@@ -37,14 +37,19 @@
#
# [*rabbit_port*]
# IP port for rabbitmq service
-# Defaults to hiera('swift::proxy::ceilometer::rabbit_port', 5672)
+# Defaults to 5672
+#
+# [*ceilometer_enabled*]
+# Whether the ceilometer pipeline is enabled.
+# Defaults to true
#
class tripleo::profile::base::swift::proxy (
- $step = hiera('step'),
- $memcache_servers = hiera('memcached_node_ips'),
- $memcache_port = 11211,
- $rabbit_hosts = hiera('rabbitmq_node_names', undef),
- $rabbit_port = hiera('swift::proxy::ceilometer::rabbit_port', 5672),
+ $step = hiera('step'),
+ $memcache_servers = hiera('memcached_node_ips'),
+ $memcache_port = 11211,
+ $rabbit_hosts = hiera('rabbitmq_node_names', undef),
+ $rabbit_port = 5672,
+ $ceilometer_enabled = true,
) {
if $step >= 4 {
$swift_memcache_servers = suffix(any2array(normalize_ip_for_uri($memcache_servers)), ":${memcache_port}")
@@ -64,8 +69,10 @@ class tripleo::profile::base::swift::proxy (
include ::swift::proxy::formpost
include ::swift::proxy::bulk
$swift_rabbit_hosts = suffix(any2array($rabbit_hosts), ":${rabbit_port}")
- class { '::swift::proxy::ceilometer':
- rabbit_hosts => $swift_rabbit_hosts,
+ if $ceilometer_enabled {
+ class { '::swift::proxy::ceilometer':
+ rabbit_hosts => $swift_rabbit_hosts,
+ }
}
include ::swift::proxy::versioned_writes
include ::swift::proxy::slo
diff --git a/manifests/tls_proxy.pp b/manifests/tls_proxy.pp
new file mode 100644
index 0000000..36d6b6d
--- /dev/null
+++ b/manifests/tls_proxy.pp
@@ -0,0 +1,60 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::tls_proxy
+#
+# Sets up a TLS proxy using mod_proxy that redirects towards localhost.
+#
+# === Parameters
+#
+# [*ip*]
+# The IP address that the proxy will be listening on.
+#
+# [*port*]
+# The port that the proxy will be listening on.
+#
+# [*servername*]
+# The vhost servername that contains the FQDN to identify the virtual host.
+#
+# [*tls_cert*]
+# The path to the TLS certificate that the proxy will be serving.
+#
+# [*tls_key*]
+# The path to the key used for the specified certificate.
+#
+define tripleo::tls_proxy(
+ $ip,
+ $port,
+ $servername,
+ $tls_cert,
+ $tls_key,
+) {
+ ::apache::vhost { "${title}-proxy":
+ ensure => 'present',
+ docroot => undef, # This is required by the manifest
+ manage_docroot => false,
+ servername => $servername,
+ ip => $ip,
+ port => $port,
+ ssl => true,
+ ssl_cert => $tls_cert,
+ ssl_key => $tls_key,
+ request_headers => ['set X-Forwarded-Proto "https"'],
+ proxy_pass => {
+ path => '/',
+ url => "http://localhost:${port}/",
+ params => {retry => '10'},
+ }
+ }
+}
diff --git a/manifests/vip_hosts.pp b/manifests/vip_hosts.pp
deleted file mode 100644
index 7b260fd..0000000
--- a/manifests/vip_hosts.pp
+++ /dev/null
@@ -1,39 +0,0 @@
-# Copyright 2016 Red Hat, Inc.
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-#
-# == Class: tripleo::vip_hosts
-#
-# Write the overcloud VIPs into /etc/hosts
-#
-# === Parameters
-#
-# [*hosts_spec*]
-# The specification of the hosts that will be added to the /etc/hosts file.
-# These come in the form of a hash that will be consumed by create_resources.
-# e.g.:
-# tripleo::hosts_spec:
-# host-1:
-# name: host1.domain
-# ip: 127.0.0.1
-# host-2:
-# name: host2.domain
-# ip: 127.0.0.2
-#
-class tripleo::vip_hosts (
- $hosts_spec
-) {
- create_resources('host', $hosts_spec)
-}
-