diff options
Diffstat (limited to 'manifests')
-rw-r--r-- | manifests/database/mysql.pp | 367 | ||||
-rw-r--r-- | manifests/loadbalancer.pp | 12 | ||||
-rw-r--r-- | manifests/packages.pp | 54 |
3 files changed, 63 insertions, 370 deletions
diff --git a/manifests/database/mysql.pp b/manifests/database/mysql.pp deleted file mode 100644 index 1d621a5..0000000 --- a/manifests/database/mysql.pp +++ /dev/null @@ -1,367 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS <licensing@enovance.com> -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless optional by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::database::mysql -# -# Configure a MySQL for TripleO with or without HA. -# -# === Parameters -# -# [*bind_address*] -# (optional) IP to bind MySQL daemon. -# Defaults to undef -# -# [*mysql_root_password*] -# (optional) MySQL root password. -# Defaults to 'secrete' -# -# [*mysql_sys_maint_password*] -# (optional) The MySQL debian-sys-maint password. -# Debian only parameter. -# Defaults to 'sys-maint' -# -# [*galera_clustercheck_dbpassword*] -# (optional) The MySQL password for Galera cluster check -# Defaults to 'password' -# -# [*galera_clustercheck_dbuser*] -# (optional) The MySQL username for Galera cluster check (using monitoring database) -# Defaults to 'clustercheck' -# -# [*galera_clustercheck_ipaddress*] -# (optional) The name or ip address of host running monitoring database (clustercheck) -# Defaults to undef -# -# [*galera_gcache*] -# (optional) Size of the Galera gcache -# wsrep_provider_options, for master/slave mode -# Defaults to '1G' -# -# [*galera_master*] -# (optional) Hostname or IP of the Galera master node, databases and users -# resources are created on this node and propagated on the cluster. -# Defining to false means we disable MySQL HA and run a single node setup. -# Defaults to false -# -# [*controller_host*] -# (optional) Array of internal ip of the controller nodes. -# They need access to all OpenStack databases. -# Defaults to false -# -# [*database_host*] -# (optional) Array of internal ip of the database nodes. -# Used to boostrap Galera cluster. -# Defaults to false -# -# [*ceilometer_database_connection*] -# (optional) URL to connect at Ceilometer database. -# Example: 'mysql://user:password@host/database' -# Defaults to undef -# -# [*cinder_database_connection*] -# (optional) URL to connect at Cinder database. -# Example: 'mysql://user:password@host/database' -# Defaults to undef -# -# [*glance_database_connection*] -# (optional) URL to connect at Glance database. -# Example: 'mysql://user:password@host/database' -# Defaults to undef -# -# [*heat_database_connection*] -# (optional) URL to connect at Heat database. -# Example: 'mysql://user:password@host/database' -# Defaults to undef -# -# [*keystone_database_connection*] -# (optional) URL to connect at Keystone database. -# Example: 'mysql://user:password@host/database' -# Defaults to undef -# -# [*neutron_database_connection*] -# (optional) URL to connect at Neutron database. -# Example: 'mysql://user:password@host/database' -# Defaults to undef -# -# [*nova_database_connection*] -# (optional) URL to connect at Nova database. -# Example: 'mysql://user:password@host/database' -# Defaults to undef -# -class tripleo::database::mysql ( - $bind_address = undef, - $mysql_root_password = 'secrete', - $mysql_sys_maint_password = 'sys-maint', - $galera_clustercheck_dbpassword = 'secrete', - $galera_clustercheck_dbuser = 'clustercheck', - $galera_clustercheck_ipaddress = undef, - $galera_gcache = '1G', - $galera_master = false, - $controller_host = false, - $database_host = false, - $ceilometer_database_connection = undef, - $cinder_database_connection = undef, - $glance_database_connection = undef, - $heat_database_connection = undef, - $keystone_database_connection = undef, - $neutron_database_connection = undef, - $nova_database_connection = undef, -) { - - include ::xinetd - - $gcomm_definition = inline_template('<%= @database_host.join(",") + "?pc.wait_prim=no" -%>') - - # If HA enabled - if $galera_master { - # Specific to Galera master node - if $::hostname == $galera_master { - mysql_database { 'monitoring': - ensure => 'present', - charset => 'utf8', - collate => 'utf8_unicode_ci', - require => File['/root/.my.cnf'], - } - mysql_user { "${galera_clustercheck_dbuser}@localhost": - ensure => 'present', - password_hash => mysql_password($galera_clustercheck_dbpassword), - require => File['/root/.my.cnf'], - } - mysql_grant { "${galera_clustercheck_dbuser}@localhost/monitoring": - ensure => 'present', - options => ['GRANT'], - privileges => ['ALL'], - table => 'monitoring.*', - user => "${galera_clustercheck_dbuser}@localhost", - } - Database_user<<| |>> - } else { - # NOTE(sileht): Only the master must create the password - # into the database, slave nodes must just use the password. - # The one in the database have been retrieved via galera. - file { "${::root_home}/.my.cnf": - content => "[client]\nuser=root\nhost=localhost\npassword=${mysql_root_password}\n", - owner => 'root', - mode => '0600', - } - } - - # Specific to Red Hat or Debian systems - case $::osfamily { - 'RedHat': { - $mysql_server_package_name = 'mariadb-galera-server' - $mysql_client_package_name = 'mariadb' - $wsrep_provider = '/usr/lib64/galera/libgalera_smm.so' - $mysql_server_config_file = '/etc/my.cnf' - $mysql_init_file = '/usr/lib/systemd/system/mysql-bootstrap.service' - - if $::hostname == $galera_master { - $mysql_service_name = 'mysql-bootstrap' - } else { - $mysql_service_name = 'mariadb' - } - - # In Red Hat, the package does not perform the mysql db installation. - # We need to do this manually. - # Note: in MariaDB repository, package perform this action in post-install, - # but MariaDB is not packaged for Red Hat / CentOS 7 in MariaDB repository. - exec { 'bootstrap-mysql': - command => '/usr/bin/mysql_install_db --rpm --user=mysql', - unless => 'test -d /var/lib/mysql/mysql', - before => Service['mysqld'], - require => [Package[$mysql_server_package_name], File[$mysql_server_config_file]], - } - - } - 'Debian': { - $mysql_server_package_name = 'mariadb-galera-server' - $mysql_client_package_name = 'mariadb-client' - $wsrep_provider = '/usr/lib/galera/libgalera_smm.so' - $mysql_server_config_file = '/etc/mysql/my.cnf' - $mysql_init_file = '/etc/init.d/mysql-bootstrap' - - if $::hostname == $galera_master { - $mysql_service_name = 'mysql-bootstrap' - } else { - $mysql_service_name = 'mysql' - } - - mysql_user { 'debian-sys-maint@localhost': - ensure => 'present', - password_hash => mysql_password($mysql_sys_maint_password), - require => File['/root/.my.cnf'], - } - - file{'/etc/mysql/debian.cnf': - ensure => file, - content => template('tripleo/database/debian.cnf.erb'), - owner => 'root', - group => 'root', - mode => '0600', - require => Exec['clean-mysql-binlog'], - } - } - default: { - err "${::osfamily} not supported yet" - } - } - - file { $mysql_init_file : - content => template("tripleo/database/etc_initd_mysql_${::osfamily}"), - owner => 'root', - mode => '0755', - group => 'root', - notify => Service['mysqld'], - before => Package[$mysql_server_package_name], - } - - class { '::mysql::server': - manage_config_file => false, - config_file => $mysql_server_config_file, - package_name => $mysql_server_package_name, - service_name => $mysql_service_name, - override_options => { - 'mysqld' => { - 'bind-address' => $bind_address, - }, - }, - root_password => $mysql_root_password, - notify => Service['xinetd'], - } - - file { $mysql_server_config_file: - content => template('tripleo/database/mysql.conf.erb'), - mode => '0644', - owner => 'root', - group => 'root', - notify => [Service['mysqld'],Exec['clean-mysql-binlog']], - require => Package[$mysql_server_package_name], - } - - class { '::mysql::client': - package_name => $mysql_client_package_name, - } - - # Haproxy http monitoring - augeas { 'mysqlchk': - context => '/files/etc/services', - changes => [ - 'ins service-name after service-name[last()]', - 'set service-name[last()] "mysqlchk"', - 'set service-name[. = "mysqlchk"]/port 9200', - 'set service-name[. = "mysqlchk"]/protocol tcp', - ], - onlyif => 'match service-name[. = "mysqlchk"] size == 0', - notify => [ Service['xinetd'], Exec['reload_xinetd'] ], - } - file { - '/etc/xinetd.d/mysqlchk': - content => template('tripleo/database/mysqlchk.erb'), - owner => 'root', - group => 'root', - mode => '0755', - require => File['/usr/bin/clustercheck'], - notify => [ Service['xinetd'], Exec['reload_xinetd'] ]; - '/usr/bin/clustercheck': - ensure => present, - content => template('tripleo/database/clustercheck.erb'), - mode => '0755', - owner => 'root', - group => 'root'; - } - - exec{'clean-mysql-binlog': - # first sync take a long time - command => "/bin/bash -c '/usr/bin/mysqladmin --defaults-file=/root/.my.cnf shutdown ; /bin/rm ${::mysql::params::datadir}/ib_logfile*'", - path => '/usr/bin', - notify => Service['mysqld'], - refreshonly => true, - onlyif => "stat ${::mysql::params::datadir}/ib_logfile0 && test `du -sh ${::mysql::params::datadir}/ib_logfile0 | cut -f1` != '256M'", - } - } else { - # When HA is disabled - class { '::mysql::server': - override_options => { - 'mysqld' => { - 'bind-address' => $bind_address, - }, - }, - root_password => $mysql_root_password, - } - } - - # On master node (when using Galera) or single node (when no HA) - if $galera_master == $::hostname or ! $galera_master { - # Create all the database schemas - $allowed_hosts = ['%',$controller_host] - $keystone_dsn = split($keystone_database_connection, '[@:/?]') - class { '::keystone::db::mysql': - user => $keystone_dsn[3], - password => $keystone_dsn[4], - host => $keystone_dsn[5], - dbname => $keystone_dsn[6], - allowed_hosts => $allowed_hosts, - } - $glance_dsn = split($glance_database_connection, '[@:/?]') - class { '::glance::db::mysql': - user => $glance_dsn[3], - password => $glance_dsn[4], - host => $glance_dsn[5], - dbname => $glance_dsn[6], - allowed_hosts => $allowed_hosts, - } - $nova_dsn = split($nova_database_connection, '[@:/?]') - class { '::nova::db::mysql': - user => $nova_dsn[3], - password => $nova_dsn[4], - host => $nova_dsn[5], - dbname => $nova_dsn[6], - allowed_hosts => $allowed_hosts, - } - $neutron_dsn = split($neutron_database_connection, '[@:/?]') - class { '::neutron::db::mysql': - user => $neutron_dsn[3], - password => $neutron_dsn[4], - host => $neutron_dsn[5], - dbname => $neutron_dsn[6], - allowed_hosts => $allowed_hosts, - } - $cinder_dsn = split($cinder_database_connection, '[@:/?]') - class { '::cinder::db::mysql': - user => $cinder_dsn[3], - password => $cinder_dsn[4], - host => $cinder_dsn[5], - dbname => $cinder_dsn[6], - allowed_hosts => $allowed_hosts, - } - $heat_dsn = split($heat_database_connection, '[@:/?]') - class { '::heat::db::mysql': - user => $heat_dsn[3], - password => $heat_dsn[4], - host => $heat_dsn[5], - dbname => $heat_dsn[6], - allowed_hosts => $allowed_hosts, - } - $ceilometer_dsn = split($ceilometer_database_connection, '[@:/?]') - class { '::ceilometer::db::mysql': - user => $ceilometer_dsn[3], - password => $ceilometer_dsn[4], - host => $ceilometer_dsn[5], - dbname => $ceilometer_dsn[6], - allowed_hosts => $allowed_hosts, - } - } - -} diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp index f7a4ff8..f9877a6 100644 --- a/manifests/loadbalancer.pp +++ b/manifests/loadbalancer.pp @@ -538,6 +538,10 @@ class tripleo::loadbalancer ( "${heat_api_vip}:8004" => [], "${public_virtual_ip}:13004" => ['ssl', 'crt', $heat_bind_certificate], } + $heat_options = { + 'option' => [ 'httpchk GET /' ], + 'rsprep' => "^Location:\\ http://${public_virtual_ip}(.*) Location:\\ https://${public_virtual_ip}\\1", + } $heat_cw_bind_opts = { "${heat_api_vip}:8003" => [], "${public_virtual_ip}:13003" => ['ssl', 'crt', $heat_bind_certificate], @@ -551,6 +555,9 @@ class tripleo::loadbalancer ( "${heat_api_vip}:8004" => [], "${public_virtual_ip}:8004" => [], } + $heat_options = { + 'option' => [ 'httpchk GET /' ], + } $heat_cw_bind_opts = { "${heat_api_vip}:8003" => [], "${public_virtual_ip}:8003" => [], @@ -824,10 +831,9 @@ class tripleo::loadbalancer ( if $heat_api { haproxy::listen { 'heat_api': bind => $heat_bind_opts, - options => { - 'option' => [ 'httpchk GET /' ], - }, + options => $heat_options, collect_exported => false, + mode => 'http', } haproxy::balancermember { 'heat_api': listening_service => 'heat_api', diff --git a/manifests/packages.pp b/manifests/packages.pp new file mode 100644 index 0000000..6a5813a --- /dev/null +++ b/manifests/packages.pp @@ -0,0 +1,54 @@ +# Copyright 2015 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# == Class: tripleo::packages +# +# Configure package installation/upgrade defaults. +# +# === Parameters: +# +# [*enable_install*] +# Whether to enable package installation via Puppet. +# Defaults to false +# +# [*enable_upgrade*] +# Upgrades all puppet managed packages to latest. +# Defaults to false +# +class tripleo::packages ( + $enable_install = false, + $enable_upgrade = false, +) { + + if !$enable_install { + case $::osfamily { + 'RedHat': { + Package <| |> { provider => 'norpm' } + } + default: { + warning('enable_install option not supported for this distro.') + } + } + } + + if $enable_upgrade { + if !$enable_install { + fail('Package upgrades require that enable_install be set to true') + } + Package <| |> { ensure => 'latest' } + } + +} + |