5 files changed, 201 insertions, 0 deletions
diff --git a/manifests/firewall.pp b/manifests/firewall.pp
index 7698881..edcb5e7 100644
--- a/manifests/firewall.pp
+++ b/manifests/firewall.pp
@@ -86,6 +86,24 @@ class tripleo::firewall(
       'stage'             => 'runtime',
       'firewall_settings' => $firewall_post_extras,
     })
+
+    # Allow composable services to load their own custom
+    # example with Hiera.
+    # NOTE(dprince): In the future when we have a better hiera
+    # heat hook we might refactor this to use hiera's merging
+    # capabilities instead. Until then rolling up the flat service
+    # keys and dynamically creating firewall rules for each service
+    # will allow us to compose and should work fine.
+    #
+    # Each service can load its rules by using this form:
+    #
+    # tripleo.<service name with underscores>.firewall_rules:
+    #   '300 allow custom application 1':
+    #     dport: 999
+    #     proto: udp
+    #     action: accept
+    $service_names = reject(hiera('service_names', []), '^$')
+    tripleo::firewall::service_rules { $service_names: }
   }
 
 }
diff --git a/manifests/firewall/service_rules.pp b/manifests/firewall/service_rules.pp
new file mode 100644
index 0000000..4739f16
--- /dev/null
+++ b/manifests/firewall/service_rules.pp
@@ -0,0 +1,38 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Define: tripleo::firewall::service_rules
+#
+# Define used to create firewall rules for composable services.
+#
+# === Parameters:
+#
+# [*service_name*]
+#  (optional) The service_name to load firewall rules for.
+#  Defaults to $title
+#
+define tripleo::firewall::service_rules ($service_name = $title) {
+
+  $underscore_name = regsubst($service_name, '-', '_')
+
+  # This allows each composable service to load its own custom rules by
+  # creating its own flat hiera key named:
+  #   tripleo.<service name with underscores>.firewall_rules
+  $service_firewall_rules = hiera("tripleo.${underscore_name}.firewall_rules", {})
+
+  if !empty($service_firewall_rules) {
+    create_resources('tripleo::firewall::rule', $service_firewall_rules)
+  }
+
+}
diff --git a/manifests/profile/base/swift/add_devices.pp b/manifests/profile/base/swift/add_devices.pp
new file mode 100644
index 0000000..f61f418
--- /dev/null
+++ b/manifests/profile/base/swift/add_devices.pp
@@ -0,0 +1,59 @@
+# Copyright 2015 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+# == Function: tripleo::profile::base::swift::add_devices
+#
+# Swift add_devices helper function
+#
+# === Parameters
+#
+# [*swift_zones*]
+#   (Optional) The number of swift zones.
+
+define tripleo::profile::base::swift::add_devices(
+  $swift_zones = '1'
+){
+
+  # NOTE(dprince): Swift zones is not yet properly wired into the Heat
+  # templates. See: https://review.openstack.org/#/c/97758/3
+  # For now our regex supports the r1z1-192.0.2.6:%PORT%/d1 syntax or the
+  # newer r1z%<controller or SwiftStorage><N>%-192.0.2.6:%PORT%/d1 syntax.
+  $server_num_or_device = regsubst($name,'^r1z%+[A-Za-z]*([0-9]+)%+-(.*)$','\1')
+  if (is_integer($server_num_or_device)) {
+    $server_num = $server_num_or_device
+  } else {
+    $server_num = '1'
+  }
+  # Function to place server in its zone.  Zone is calculated by
+  # server number in heat template modulo the number of zones + 1.
+  $zone = (($server_num%$swift_zones) + 1)
+
+  # add the rings
+  $base = regsubst($name,'^r1.*-(.*)$','\1')
+  $object = regsubst($base, '%PORT%', '6000')
+  ring_object_device { $object:
+    zone   => '1',
+    weight => 100,
+  }
+  $container = regsubst($base, '%PORT%', '6001')
+  ring_container_device { $container:
+    zone   => '1',
+    weight => 100,
+  }
+  $account = regsubst($base, '%PORT%', '6002')
+  ring_account_device { $account:
+    zone   => '1',
+    weight => 100,
+  }
+}
diff --git a/manifests/profile/base/swift/ringbuilder.pp b/manifests/profile/base/swift/ringbuilder.pp
new file mode 100644
index 0000000..d94c6be
--- /dev/null
+++ b/manifests/profile/base/swift/ringbuilder.pp
@@ -0,0 +1,77 @@
+# Copyright 2015 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+# == Class: tripleo::profile::base::swift::ringbuilder
+#
+# Swift ringbuilder profile for tripleo
+#
+# === Parameters
+#
+# [*step*]
+#   (Optional) The current step in deployment. See tripleo-heat-templates
+#   for more details.
+#   Defaults to hiera('step')
+#  [*swift_zones*]
+#   (Optional) The swift zones
+#   Defaults to 1
+#  [*devices*]
+#   (Optional) The swift devices
+#   Defaults to ''
+#  [*build_ring*]      = true,
+#   (Optional) Whether to build the ring
+#   Defaults to true
+#  [*replicas*]
+#    replicas
+
+class tripleo::profile::base::swift::ringbuilder (
+  $step = hiera('step'),
+  $swift_zones     = '1',
+  $devices         = '',
+  $build_ring      = true,
+  $replicas,
+) {
+
+  if $step >= 2 {
+    # pre-install swift here so we can build rings
+    include ::swift
+  }
+
+  if $step >= 3 {
+    validate_bool($build_ring)
+
+    if $build_ring {
+
+      $device_array = strip(split(rstrip($devices), ','))
+
+      # create local rings
+      swift::ringbuilder::create{ ['object', 'account', 'container']:
+        replicas       => min(count($device_array), $replicas),
+      } ->
+
+      # add all other devices
+      tripleo::profile::base::swift::add_devices {$device_array:
+        swift_zones => $swift_zones,
+      } ->
+
+      # rebalance
+      swift::ringbuilder::rebalance{ ['object', 'account', 'container']:
+        seed => 999,
+      }
+
+      Ring_object_device<| |> ~> Exec['rebalance_object']
+      Ring_object_device<| |> ~> Exec['rebalance_account']
+      Ring_object_device<| |> ~> Exec['rebalance_container']
+    }
+  }
+}
diff --git a/manifests/profile/pacemaker/gnocchi.pp b/manifests/profile/pacemaker/gnocchi.pp
index edc1728..c8630ce 100644
--- a/manifests/profile/pacemaker/gnocchi.pp
+++ b/manifests/profile/pacemaker/gnocchi.pp
@@ -70,6 +70,15 @@ class tripleo::profile::pacemaker::gnocchi (
 
   if $step >= 5 and $pacemaker_master {
 
+    pacemaker::constraint::base { 'keystone-then-gnocchi-metricd-constraint':
+      constraint_type => 'order',
+      first_resource  => 'openstack-core-clone',
+      second_resource => "${::gnocchi::params::metricd_service_name}-clone",
+      first_action    => 'start',
+      second_action   => 'start',
+      require         => [Pacemaker::Resource::Service[$::gnocchi::params::metricd_service_name],
+                          Pacemaker::Resource::Ocf['openstack-core']],
+    }
     pacemaker::constraint::base { 'gnocchi-metricd-then-gnocchi-statsd-constraint':
       constraint_type => 'order',
       first_resource  => "${::gnocchi::params::metricd_service_name}-clone",