6 files changed, 287 insertions, 30 deletions

diff --git a/manifests/firewall/rule.pp b/manifests/firewall/rule.pp
index 02afbc2..ca9c6d0 100644
--- a/manifests/firewall/rule.pp
+++ b/manifests/firewall/rule.pp
@@ -47,29 +47,35 @@
 #  (optional) The chain associated to the rule.
 #  Defaults to 'INPUT'
 #
-# [*extras*]
+# [*destination*]
+#  (optional) The destination cidr associated to the rule.
+#  Defaults to undef
+#
+#  [*extras*]
 #  (optional) Hash of any puppetlabs-firewall supported parameters.
 #  Defaults to {}
 #
 define tripleo::firewall::rule (
-  $port    = undef,
-  $proto   = 'tcp',
-  $action  = 'accept',
-  $state   = ['NEW'],
-  $source  = '0.0.0.0/0',
-  $iniface = undef,
-  $chain   = 'INPUT',
-  $extras  = {},
+  $port        = undef,
+  $proto       = 'tcp',
+  $action      = 'accept',
+  $state       = ['NEW'],
+  $source      = '0.0.0.0/0',
+  $iniface     = undef,
+  $chain       = 'INPUT',
+  $destination = undef,
+  $extras      = {},
 ) {
 
   $basic = {
-    'port'    => $port,
-    'proto'   => $proto,
-    'action'  => $action,
-    'state'   => $state,
-    'source'  => $source,
-    'iniface' => $iniface,
-    'chain'   => $chain,
+    'port'        => $port,
+    'proto'       => $proto,
+    'action'      => $action,
+    'state'       => $state,
+    'source'      => $source,
+    'iniface'     => $iniface,
+    'chain'       => $chain,
+    'destination' => $destination,
   }
 
   $rule = merge($basic, $extras)
diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp
index 70ccbc1..664590b 100644
--- a/manifests/loadbalancer.pp
+++ b/manifests/loadbalancer.pp
@@ -558,8 +558,6 @@ class tripleo::loadbalancer (
     "${redis_vip}:6379" => $haproxy_listen_bind_param,
   }
 
-  sysctl::value { 'net.ipv4.ip_nonlocal_bind': value => '1' }
-
   class { '::haproxy':
     service_manage   => $haproxy_service_manage,
     global_options   => {
diff --git a/manifests/loadbalancer/endpoint.pp b/manifests/loadbalancer/endpoint.pp
index e6bb185..f75f79a 100644
--- a/manifests/loadbalancer/endpoint.pp
+++ b/manifests/loadbalancer/endpoint.pp
@@ -88,13 +88,9 @@ define tripleo::loadbalancer::endpoint (
     # service exposed to the public network
 
     if $public_certificate {
-      $public_bind_opts = {
-        "${public_virtual_ip}:${public_ssl_port}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate]),
-      }
+      $public_bind_opts = list_to_hash(suffix(any2array($public_virtual_ip), ":${public_ssl_port}"), union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate]))
     } else {
-      $public_bind_opts = {
-        "${public_virtual_ip}:${service_port}" => $haproxy_listen_bind_param,
-      }
+      $public_bind_opts = list_to_hash(suffix(any2array($public_virtual_ip), ":${service_port}"), $haproxy_listen_bind_param)
     }
   } else {
     # internal service only
@@ -102,13 +98,9 @@ define tripleo::loadbalancer::endpoint (
   }
 
   if $internal_certificate {
-    $internal_bind_opts = {
-      "${internal_ip}:${service_port}" => union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate]),
-    }
+    $internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${service_port}"), union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate]))
   } else {
-    $internal_bind_opts = {
-      "${internal_ip}:${service_port}" => $haproxy_listen_bind_param,
-    }
+    $internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${service_port}"), $haproxy_listen_bind_param)
   }
   $bind_opts = merge($internal_bind_opts, $public_bind_opts)
 
diff --git a/manifests/profile/base/glance/api.pp b/manifests/profile/base/glance/api.pp
new file mode 100644
index 0000000..22b4dc9
--- /dev/null
+++ b/manifests/profile/base/glance/api.pp
@@ -0,0 +1,68 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::glance::api
+#
+# Glance API profile for tripleo
+#
+# === Parameters
+#
+# [*manage_service*]
+#   (Optional) Whether to manage the glance service
+#   Defaults to undef
+#
+# [*enabled*]
+#   (Optional) Whether to enable the glance service
+#   Defaults to undef
+#
+# [*step*]
+#   (Optional) The current step in deployment. See tripleo-heat-templates
+#   for more details.
+#   Defaults to hiera('step')
+#
+# [*glance_backend*]
+#   (Optional) Glance backend(s) to use.
+#   Defaults to downcase(hiera('glance_backend', 'swift'))
+#
+class tripleo::profile::base::glance::api (
+  $manage_service = undef,
+  $enabled        = undef,
+  $step           = hiera('step'),
+  $glance_backend = downcase(hiera('glance_backend', 'swift')),
+) {
+
+  if $step >= 4 {
+    case $glance_backend {
+        'swift': { $backend_store = 'glance.store.swift.Store' }
+        'file': { $backend_store = 'glance.store.filesystem.Store' }
+        'rbd': { $backend_store = 'glance.store.rbd.Store' }
+        default: { fail('Unrecognized glance_backend parameter.') }
+    }
+    $http_store = ['glance.store.http.Store']
+    $glance_store = concat($http_store, $backend_store)
+
+    # TODO: notifications, scrubber, etc.
+    include ::glance
+    include ::glance::config
+    class { '::glance::api':
+      known_stores   => $glance_store,
+      manage_service => $manage_service,
+      enabled        => $enabled,
+    }
+    include ::glance::notify::rabbitmq
+    include join(['::glance::backend::', $glance_backend])
+  }
+
+}
+
diff --git a/manifests/profile/base/glance/registry.pp b/manifests/profile/base/glance/registry.pp
new file mode 100644
index 0000000..bed4a5e
--- /dev/null
+++ b/manifests/profile/base/glance/registry.pp
@@ -0,0 +1,64 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::glance::registry
+#
+# Glance Registry profile for tripleo
+#
+# === Parameters
+#
+# [*sync_db*]
+#   (Optional) Whether to run db sync
+#   Defaults to undef
+#
+# [*manage_service*]
+#   (Optional) Whether to manage the glance service
+#   Defaults to undef
+#
+# [*enabled*]
+#   (Optional) Whether to enable the glance service
+#   Defaults to undef
+#
+# [*step*]
+#   (Optional) The current step in deployment. See tripleo-heat-templates
+#   for more details.
+#   Defaults to hiera('step')
+#
+# [*glance_backend*]
+#   (Optional) Glance backend(s) to use.
+#   Defaults to downcase(hiera('glance_backend', 'swift'))
+#
+class tripleo::profile::base::glance::registry (
+  $sync_db        = undef,
+  $manage_service = undef,
+  $enabled        = undef,
+  $step           = hiera('step'),
+  $glance_backend = downcase(hiera('glance_backend', 'swift')),
+) {
+
+  if $step >= 4 {
+    # TODO: notifications, scrubber, etc.
+    include ::glance
+    include ::glance::config
+    class { '::glance::registry' :
+      sync_db        => $sync_db,
+      manage_service => $manage_service,
+      enabled        => $enabled,
+    }
+    include ::glance::notify::rabbitmq
+    include join(['::glance::backend::', $glance_backend])
+  }
+
+}
+
diff --git a/manifests/profile/pacemaker/glance.pp b/manifests/profile/pacemaker/glance.pp
new file mode 100644
index 0000000..5727622
--- /dev/null
+++ b/manifests/profile/pacemaker/glance.pp
@@ -0,0 +1,129 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::pacemaker::glance
+#
+# Glance Pacemaker HA profile for tripleo
+#
+# === Parameters
+#
+# [*bootstrap_node*]
+#   (Optional) The hostname of the node responsible for bootstrapping tasks
+#   Defaults to hiera('bootstrap_nodeid')
+#
+# [*step*]
+#   (Optional) The current step in deployment. See tripleo-heat-templates
+#   for more details.
+#   Defaults to hiera('step')
+#
+# [*glance_backend*]
+#   (Optional) Glance backend(s) to use.
+#   Defaults to downcase(hiera('glance_backend', 'swift'))
+#
+# [*glance_file_pcmk_manage*]
+#   (Optional) Whether or not manage glance_file_pcmk.
+#   Defaults to hiera('glance_file_pcmk_manage', false)
+#
+# [*glance_file_pcmk_device*]
+#   (Optional) Device to mount glance file backend.
+#   Defaults to hiera('glance_file_pcmk_device', '')
+#
+# [*glance_file_pcmk_directory*]
+#   (Optional) Directory to mount glance file backend.
+#   Defaults to hiera('glance_file_pcmk_directory', '')
+#
+# [*glance_file_pcmk_fstype*]
+#   (Optional) Filesystem type to mount glance file backend.
+#   Defaults to hiera('glance_file_pcmk_fstype', '')
+#
+# [*glance_file_pcmk_options*]
+#   (Optional) pcmk options to mount Glance file backend..
+#   Defaults to hiera('glance_file_pcmk_options', '')
+#
+class tripleo::profile::pacemaker::glance (
+  $bootstrap_node             = hiera('bootstrap_nodeid'),
+  $step                       = hiera('step'),
+  $glance_backend             = downcase(hiera('glance_backend', 'swift')),
+  $glance_file_pcmk_manage    = hiera('glance_file_pcmk_manage', false),
+  $glance_file_pcmk_device    = hiera('glance_file_pcmk_device', ''),
+  $glance_file_pcmk_directory = hiera('glance_file_pcmk_directory', ''),
+  $glance_file_pcmk_fstype    = hiera('glance_file_pcmk_fstype', ''),
+  $glance_file_pcmk_options   = hiera('glance_file_pcmk_options', ''),
+) {
+
+  if $::hostname == downcase($bootstrap_node) {
+    $pacemaker_master = true
+  } else {
+    $pacemaker_master = false
+  }
+
+  if $step >= 4 {
+    class { '::tripleo::profile::base::glance::api':
+      manage_service => false,
+      enabled        => false,
+    }
+    class { '::tripleo::profile::base::glance::registry':
+      sync_db        => $pacemaker_master,
+      manage_service => false,
+      enabled        => false,
+    }
+    if $glance_backend == 'file' and $glance_file_pcmk_manage {
+      $secontext = 'context="system_u:object_r:glance_var_lib_t:s0"'
+      pacemaker::resource::filesystem { 'glance-fs':
+        device       => $glance_file_pcmk_device,
+        directory    => $glance_file_pcmk_directory,
+        fstype       => $glance_file_pcmk_fstype,
+        fsoptions    => join([$secontext, $glance_file_pcmk_options],','),
+        clone_params => '',
+      }
+    }
+  }
+
+  if $step >= 5 and $pacemaker_master {
+    pacemaker::resource::service { $::glance::params::registry_service_name :
+      clone_params => 'interleave=true',
+      require      => Pacemaker::Resource::Ocf['openstack-core'],
+    }
+    pacemaker::resource::service { $::glance::params::api_service_name :
+      clone_params => 'interleave=true',
+    }
+
+    pacemaker::constraint::base { 'keystone-then-glance-registry-constraint':
+      constraint_type => 'order',
+      first_resource  => 'openstack-core-clone',
+      second_resource => "${::glance::params::registry_service_name}-clone",
+      first_action    => 'start',
+      second_action   => 'start',
+      require         => [Pacemaker::Resource::Service[$::glance::params::registry_service_name],
+                          Pacemaker::Resource::Ocf['openstack-core']],
+    }
+    pacemaker::constraint::base { 'glance-registry-then-glance-api-constraint':
+      constraint_type => 'order',
+      first_resource  => "${::glance::params::registry_service_name}-clone",
+      second_resource => "${::glance::params::api_service_name}-clone",
+      first_action    => 'start',
+      second_action   => 'start',
+      require         => [Pacemaker::Resource::Service[$::glance::params::registry_service_name],
+                          Pacemaker::Resource::Service[$::glance::params::api_service_name]],
+    }
+    pacemaker::constraint::colocation { 'glance-api-with-glance-registry-colocation':
+      source  => "${::glance::params::api_service_name}-clone",
+      target  => "${::glance::params::registry_service_name}-clone",
+      score   => 'INFINITY',
+      require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name],
+                  Pacemaker::Resource::Service[$::glance::params::api_service_name]],
+    }
+  }
+
+}