diff options
Diffstat (limited to 'manifests')
-rw-r--r-- | manifests/haproxy.pp | 47 | ||||
-rw-r--r-- | manifests/profile/base/cinder/volume.pp | 29 | ||||
-rw-r--r-- | manifests/profile/base/cinder/volume/hpelefthand.pp | 71 | ||||
-rw-r--r-- | manifests/profile/base/neutron/agents/ovn.pp | 14 | ||||
-rw-r--r-- | manifests/profile/base/neutron/ovn_northd.pp | 40 | ||||
-rw-r--r-- | manifests/profile/base/neutron/plugins/ml2/ovn.pp | 25 | ||||
-rw-r--r-- | manifests/tls_proxy.pp | 60 |
7 files changed, 262 insertions, 24 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index 58b73e0..c57666d 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -276,6 +276,10 @@ # (optional) Enable or not OpenDaylight binding # Defaults to hiera('opendaylight_api_enabled', false) # +# [*ovn_dbs*] +# (optional) Enable or not OVN northd binding +# Defaults to hiera('ovn_dbs_enabled', false) +# # [*zaqar_ws*] # (optional) Enable or not Zaqar Websockets binding # Defaults to false @@ -380,6 +384,10 @@ # (optional) Specify the network panko is running on. # Defaults to hiera('panko_api_network', undef) # +# [*ovn_dbs_network*] +# (optional) Specify the network ovn_dbs is running on. +# Defaults to hiera('ovn_dbs_network', undef) +# # [*sahara_network*] # (optional) Specify the network sahara is running on. # Defaults to hiera('sahara_api_network', undef) @@ -441,6 +449,8 @@ # 'nova_novnc_ssl_port' (Defaults to 13080) # 'panko_api_port' (Defaults to 8779) # 'panko_api_ssl_port' (Defaults to 13779) +# 'ovn_nbdb_port' (Defaults to 6641) +# 'ovn_sbdb_port' (Defaults to 6642) # 'sahara_api_port' (Defaults to 8386) # 'sahara_api_ssl_port' (Defaults to 13386) # 'swift_proxy_port' (Defaults to 8080) @@ -515,6 +525,7 @@ class tripleo::haproxy ( $zaqar_api = hiera('zaqar_api_enabled', false), $ceph_rgw = hiera('ceph_rgw_enabled', false), $opendaylight = hiera('opendaylight_api_enabled', false), + $ovn_dbs = hiera('ovn_dbs_enabled', false), $zaqar_ws = hiera('zaqar_api_enabled', false), $ui = hiera('enable_ui', false), $aodh_network = hiera('aodh_api_network', undef), @@ -540,6 +551,7 @@ class tripleo::haproxy ( $nova_novncproxy_network = hiera('nova_vnc_proxy_network', undef), $nova_osapi_network = hiera('nova_api_network', undef), $panko_network = hiera('panko_api_network', undef), + $ovn_dbs_network = hiera('ovn_dbs_network', undef), $sahara_network = hiera('sahara_api_network', undef), $swift_proxy_server_network = hiera('swift_proxy_network', undef), $trove_network = hiera('trove_api_network', undef), @@ -590,6 +602,8 @@ class tripleo::haproxy ( nova_novnc_ssl_port => 13080, panko_api_port => 8779, panko_api_ssl_port => 13779, + ovn_nbdb_port => 6641, + ovn_sbdb_port => 6642, sahara_api_port => 8386, sahara_api_ssl_port => 13386, swift_proxy_port => 8080, @@ -1318,6 +1332,39 @@ class tripleo::haproxy ( } } + + if $ovn_dbs { + # FIXME: is this config enough to ensure we only hit the first node in + # ovn_northd_node_ips ? + $ovn_db_listen_options = { + 'option' => [ 'tcpka' ], + 'timeout client' => '90m', + 'timeout server' => '90m', + 'stick-table' => 'type ip size 1000', + 'stick' => 'on dst', + } + ::tripleo::haproxy::endpoint { 'ovn_nbdb': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('ovn_dbs_vip', $controller_virtual_ip), + service_port => $ports[ovn_nbdb_port], + ip_addresses => hiera('ovn_dbs_node_ips', $controller_hosts_real), + server_names => hiera('ovn_dbs_node_names', $controller_hosts_names_real), + service_network => $ovn_dbs_network, + listen_options => $ovn_db_listen_options, + mode => 'tcp' + } + ::tripleo::haproxy::endpoint { 'ovn_sbdb': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('ovn_dbs_vip', $controller_virtual_ip), + service_port => $ports[ovn_sbdb_port], + ip_addresses => hiera('ovn_dbs_node_ips', $controller_hosts_real), + server_names => hiera('ovn_dbs_node_names', $controller_hosts_names_real), + service_network => $ovn_dbs_network, + listen_options => $ovn_db_listen_options, + mode => 'tcp' + } + } + if $zaqar_ws { ::tripleo::haproxy::endpoint { 'zaqar_ws': public_virtual_ip => $public_virtual_ip, diff --git a/manifests/profile/base/cinder/volume.pp b/manifests/profile/base/cinder/volume.pp index 64927b6..7663b6f 100644 --- a/manifests/profile/base/cinder/volume.pp +++ b/manifests/profile/base/cinder/volume.pp @@ -22,6 +22,10 @@ # (Optional) Whether to enable the delsc backend # Defaults to true # +# [*cinder_enable_hpelefthand_backend*] +# (Optional) Whether to enable the hpelefthand backend +# Defaults to false +# # [*cinder_enable_eqlx_backend*] # (Optional) Whether to enable the eqlx backend # Defaults to true @@ -52,14 +56,15 @@ # Defaults to hiera('step') # class tripleo::profile::base::cinder::volume ( - $cinder_enable_dellsc_backend = false, - $cinder_enable_eqlx_backend = false, - $cinder_enable_iscsi_backend = true, - $cinder_enable_netapp_backend = false, - $cinder_enable_nfs_backend = false, - $cinder_enable_rbd_backend = false, - $cinder_user_enabled_backends = hiera('cinder_user_enabled_backends', undef), - $step = hiera('step'), + $cinder_enable_dellsc_backend = false, + $cinder_enable_hpelefthand_backend = false, + $cinder_enable_eqlx_backend = false, + $cinder_enable_iscsi_backend = true, + $cinder_enable_netapp_backend = false, + $cinder_enable_nfs_backend = false, + $cinder_enable_rbd_backend = false, + $cinder_user_enabled_backends = hiera('cinder_user_enabled_backends', undef), + $step = hiera('step'), ) { include ::tripleo::profile::base::cinder @@ -73,6 +78,13 @@ class tripleo::profile::base::cinder::volume ( $cinder_dellsc_backend_name = undef } + if $cinder_enable_hpelefthand_backend { + include ::tripleo::profile::base::cinder::volume::hpelefthand + $cinder_hpelefthand_backend_name = hiera('cinder::backend::hpelefthand_iscsi::volume_backend_name', 'tripleo_hpelefthand') + } else { + $cinder_hpelefthand_backend_name = undef + } + if $cinder_enable_eqlx_backend { include ::tripleo::profile::base::cinder::volume::eqlx $cinder_eqlx_backend_name = hiera('cinder::backend::eqlx::volume_backend_name', 'tripleo_eqlx') @@ -112,6 +124,7 @@ class tripleo::profile::base::cinder::volume ( $cinder_rbd_backend_name, $cinder_eqlx_backend_name, $cinder_dellsc_backend_name, + $cinder_hpelefthand_backend_name, $cinder_netapp_backend_name, $cinder_nfs_backend_name, $cinder_user_enabled_backends]) diff --git a/manifests/profile/base/cinder/volume/hpelefthand.pp b/manifests/profile/base/cinder/volume/hpelefthand.pp new file mode 100644 index 0000000..32f0976 --- /dev/null +++ b/manifests/profile/base/cinder/volume/hpelefthand.pp @@ -0,0 +1,71 @@ +# Copyright 2016 Hewlett-Packard Enterprise. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::cinder::volume::hpelefthand +# +# Cinder Volume hpelefthand profile for tripleo +# +# === Parameters +# +# [*backend_name*] +# (Optional) Name given to the Cinder backend stanza +# Defaults to 'tripleo_hpelefthand' +# +# [*cinder_hpelefthand_api_url*] +# (required) url for api access to lefthand - example https://10.x.x.x:8080/api/v1 +# +# [*cinder_hpelefthand_username*] +# (required) Username for HPElefthand admin user +# +# [*cinder_hpelefthand_password*] +# (required) Password for hpelefthand_username +# +# [*cinder_hpelefthand_iscsi_chap_enabled*] +# (required) setting to false by default +# +# [*cinder_hpelefthand_clustername*] +# (required) clustername of hpelefthand +# +# [*cinder_hpelefthand_debug*] +# (required) setting to false by default +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::cinder::volume::hpelefthand ( + $backend_name = hiera('cinder::backend::hpelefthand_iscsi::volume_backend_name', 'tripleo_hpelefthand'), + $cinder_hpelefthand_username = hiera('cinder::backend::hpelefthand_iscsi::hpelefthand_username', undef), + $cinder_hpelefthand_password = hiera('cinder::backend::hpelefthand_iscsi::hpelefthand_password', undef), + $cinder_hpelefthand_clustername = hiera('cinder::backend::hpelefthand_iscsi::hpelefthand_clustername', undef), + $cinder_hpelefthand_api_url = hiera('cinder::backend::hpelefthand_iscsi::hpelefthand_api_url', undef), + $cinder_hpelefthand_iscsi_chap_enabled = hiera('cinder::backend::hpelefthand_iscsi::hpelefthand_iscsi_chap_enabled', undef), + $cinder_hpelefthand_debug = hiera('cinder::backend::hpelefthand_iscsi::hpelefthand_debug', undef), + $step = hiera('step'), +) { + include ::tripleo::profile::base::cinder::volume + + if $step >= 4 { + cinder::backend::hpelefthand_iscsi { $backend_name : + hpelefthand_username => $cinder_hpelefthand_username, + hpelefthand_password => $cinder_hpelefthand_password, + hpelefthand_clustername => $cinder_hpelefthand_clustername, + hpelefthand_api_url => $cinder_hpelefthand_api_url, + hpelefthand_iscsi_chap_enabled => $cinder_hpelefthand_iscsi_chap_enabled, + hpelefthand_debug => $cinder_hpelefthand_debug, + } + } + +} diff --git a/manifests/profile/base/neutron/agents/ovn.pp b/manifests/profile/base/neutron/agents/ovn.pp index 443b164..a593092 100644 --- a/manifests/profile/base/neutron/agents/ovn.pp +++ b/manifests/profile/base/neutron/agents/ovn.pp @@ -17,7 +17,12 @@ # OVN Neutron agent profile for tripleo # # [*ovn_db_host*] -# The IP-Address/Hostname where OVN DBs are deployed +# (Optional) The IP-Address where OVN DBs are listening. +# Defaults to hiera('ovn_dbs_vip') +# +# [*ovn_sbdb_port*] +# (Optional) Port number on which southbound database is listening +# Defaults to hiera('ovn::southbound::port') # # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates @@ -25,14 +30,13 @@ # Defaults to hiera('step') # class tripleo::profile::base::neutron::agents::ovn ( - $ovn_db_host, - $step = hiera('step') + $ovn_db_host = hiera('ovn_dbs_vip'), + $ovn_sbdb_port = hiera('ovn::southbound::port'), + $step = hiera('step') ) { if $step >= 4 { - $ovn_sbdb_port = hiera('ovn::southbound::port') class { '::ovn::controller': ovn_remote => "tcp:${ovn_db_host}:${ovn_sbdb_port}", - ovn_encap_type => hiera('ovn::southboud::encap_type') } } } diff --git a/manifests/profile/base/neutron/ovn_northd.pp b/manifests/profile/base/neutron/ovn_northd.pp new file mode 100644 index 0000000..0b46d5c --- /dev/null +++ b/manifests/profile/base/neutron/ovn_northd.pp @@ -0,0 +1,40 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::neutron::plugins::ml2::ovn +# +# OVN Neutron northd profile for tripleo +# +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::neutron::ovn_northd ( + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $step = hiera('step'), +) { + if $step >= 4 { + # Note this only runs on the first node in the cluster when + # deployed on a role where multiple nodes exist. + if $::hostname == downcase($bootstrap_node) { + include ::ovn::northd + } + } +} + diff --git a/manifests/profile/base/neutron/plugins/ml2/ovn.pp b/manifests/profile/base/neutron/plugins/ml2/ovn.pp index 46477a7..b5b7a0a 100644 --- a/manifests/profile/base/neutron/plugins/ml2/ovn.pp +++ b/manifests/profile/base/neutron/plugins/ml2/ovn.pp @@ -17,7 +17,16 @@ # OVN Neutron ML2 profile for tripleo # # [*ovn_db_host*] -# The IP-Address/Hostname where OVN DBs are deployed +# The IP-Address where OVN DBs are listening. +# Defaults to hiera('ovn_dbs_vip') +# +# [*ovn_nb_port*] +# (Optional) Port number on which northbound database is listening +# Defaults to hiera('ovn::northbound::port') +# +# [*ovn_sb_port*] +# (Optional) Port number on which southbound database is listening +# Defaults to hiera('ovn::southbound::port') # # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates @@ -25,18 +34,12 @@ # Defaults to hiera('step') # class tripleo::profile::base::neutron::plugins::ml2::ovn ( - $ovn_db_host, - $step = hiera('step') + $ovn_db_host = hiera('ovn_dbs_vip'), + $ovn_nb_port = hiera('ovn::northbound::port'), + $ovn_sb_port = hiera('ovn::southbound::port'), + $step = hiera('step') ) { if $step >= 4 { - if $::hostname == $ovn_db_host { - # NOTE: we might split northd from plugin later, in the case of - # micro-services, where neutron-server & northd are not in the same - # containers - include ::ovn::northd - } - $ovn_nb_port = hiera('ovn::northbound::port') - $ovn_sb_port = hiera('ovn::southbound::port') class { '::neutron::plugins::ml2::ovn': ovn_nb_connection => "tcp:${ovn_db_host}:${ovn_nb_port}", ovn_sb_connection => "tcp:${ovn_db_host}:${ovn_sb_port}", diff --git a/manifests/tls_proxy.pp b/manifests/tls_proxy.pp new file mode 100644 index 0000000..36d6b6d --- /dev/null +++ b/manifests/tls_proxy.pp @@ -0,0 +1,60 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::tls_proxy +# +# Sets up a TLS proxy using mod_proxy that redirects towards localhost. +# +# === Parameters +# +# [*ip*] +# The IP address that the proxy will be listening on. +# +# [*port*] +# The port that the proxy will be listening on. +# +# [*servername*] +# The vhost servername that contains the FQDN to identify the virtual host. +# +# [*tls_cert*] +# The path to the TLS certificate that the proxy will be serving. +# +# [*tls_key*] +# The path to the key used for the specified certificate. +# +define tripleo::tls_proxy( + $ip, + $port, + $servername, + $tls_cert, + $tls_key, +) { + ::apache::vhost { "${title}-proxy": + ensure => 'present', + docroot => undef, # This is required by the manifest + manage_docroot => false, + servername => $servername, + ip => $ip, + port => $port, + ssl => true, + ssl_cert => $tls_cert, + ssl_key => $tls_key, + request_headers => ['set X-Forwarded-Proto "https"'], + proxy_pass => { + path => '/', + url => "http://localhost:${port}/", + params => {retry => '10'}, + } + } +} |