diff options
Diffstat (limited to 'manifests')
40 files changed, 1276 insertions, 234 deletions
diff --git a/manifests/certmonger/ca/local.pp b/manifests/certmonger/ca/local.pp index ea08dec..b7b7328 100644 --- a/manifests/certmonger/ca/local.pp +++ b/manifests/certmonger/ca/local.pp @@ -29,9 +29,11 @@ class tripleo::certmonger::ca::local( $extract_cmd = "openssl pkcs12 -in ${ca_pkcs12} -out ${ca_pem} -nokeys -nodes -passin pass:''" $trust_ca_cmd = 'update-ca-trust extract' exec { 'extract-and-trust-ca': - command => "${extract_cmd} && ${trust_ca_cmd}", - path => '/usr/bin', - creates => $ca_pem, - require => Package['certmonger'], + command => "${extract_cmd} && ${trust_ca_cmd}", + path => '/usr/bin', + creates => $ca_pem, + tries => 5, + try_sleep => 1, + require => Service['certmonger'], } } diff --git a/manifests/certmonger/haproxy.pp b/manifests/certmonger/haproxy.pp index 2b738e6..504acf3 100644 --- a/manifests/certmonger/haproxy.pp +++ b/manifests/certmonger/haproxy.pp @@ -47,18 +47,21 @@ define tripleo::certmonger::haproxy ( $postsave_cmd, $principal = undef, ){ + include ::haproxy::params certmonger_certificate { "${title}-cert": hostname => $hostname, + dnsname => $hostname, certfile => $service_certificate, keyfile => $service_key, postsave_cmd => $postsave_cmd, principal => $principal, } concat { $service_pem : - ensure => present, - mode => '0640', - owner => 'haproxy', - group => 'haproxy', + ensure => present, + mode => '0640', + owner => 'haproxy', + group => 'haproxy', + require => Package[$::haproxy::params::package_name], } concat::fragment { "${title}-cert-fragment": target => $service_pem, diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index e1f5d50..2cac604 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -155,7 +155,7 @@ # # [*nova_novncproxy*] # (optional) Enable or not Nova novncproxy binding -# Defaults to hiera('nova_vncproxy_enabled', false) +# Defaults to hiera('nova_vnc_proxy_enabled', false) # # [*ceilometer*] # (optional) Enable or not Ceilometer API binding @@ -238,6 +238,10 @@ # (optional) Enable or not OpenDaylight binding # Defaults to hiera('opendaylight_api_enabled', false) # +# [*zaqar_ws*] +# (optional) Enable or not Zaqar Websockets binding +# Defaults to false +# # [*service_ports*] # (optional) Hash that contains the values to override from the service ports # The available keys to modify the services' ports are: @@ -287,6 +291,10 @@ # 'zaqar_api_ssl_port' (Defaults to 13888) # 'ceph_rgw_port' (Defaults to 8080) # 'ceph_rgw_ssl_port' (Defaults to 13808) +# 'zaqar_ws_port' (Defaults to 9000) +# 'zaqar_ws_ssl_port' (Defaults to 9000) +# * Note that for zaqar's websockets we don't support having a different +# port for SSL, because it ignores the handshake. # Defaults to {} # class tripleo::haproxy ( @@ -320,7 +328,7 @@ class tripleo::haproxy ( $glance_registry = hiera('glance_registry_enabled', false), $nova_osapi = hiera('nova_api_enabled', false), $nova_metadata = hiera('nova_api_enabled', false), - $nova_novncproxy = hiera('nova_vncproxy_enabled', false), + $nova_novncproxy = hiera('nova_vnc_proxy_enabled', false), $ceilometer = hiera('ceilometer_api_enabled', false), $aodh = hiera('aodh_api_enabled', false), $gnocchi = hiera('gnocchi_api_enabled', false), @@ -341,6 +349,7 @@ class tripleo::haproxy ( $zaqar_api = hiera('zaqar_api_enabled', false), $ceph_rgw = hiera('ceph_rgw_enabled', false), $opendaylight = hiera('opendaylight_api_enabled', false), + $zaqar_ws = hiera('zaqar_api_enabled', false), $service_ports = {} ) { $default_service_ports = { @@ -390,6 +399,8 @@ class tripleo::haproxy ( zaqar_api_ssl_port => 13888, ceph_rgw_port => 8080, ceph_rgw_ssl_port => 13808, + zaqar_ws_port => 9000, + zaqar_ws_ssl_port => 9000, } $ports = merge($default_service_ports, $service_ports) @@ -428,11 +439,14 @@ class tripleo::haproxy ( "${public_virtual_ip}:443" => union($haproxy_listen_bind_param, ['ssl', 'crt', $service_certificate]), } $horizon_options = { - 'cookie' => 'SERVERID insert indirect nocache', - 'rsprep' => '^Location:\ http://(.*) Location:\ https://\1', + 'cookie' => 'SERVERID insert indirect nocache', + 'rsprep' => '^Location:\ http://(.*) Location:\ https://\1', # NOTE(jaosorior): We always redirect to https for the public_virtual_ip. - 'redirect' => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }", - 'option' => 'forwardfor', + 'redirect' => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }", + 'option' => 'forwardfor', + 'http-request' => [ + 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], } } else { $horizon_bind_opts = { @@ -593,6 +607,11 @@ class tripleo::haproxy ( service_port => $ports[manila_api_port], ip_addresses => hiera('manila_api_node_ips', $controller_hosts_real), server_names => $controller_hosts_names_real, + listen_options => { + 'http-request' => [ + 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], + }, public_ssl_port => $ports[manila_api_ssl_port], } } @@ -977,4 +996,26 @@ class tripleo::haproxy ( options => ['check', 'inter 2000', 'rise 2', 'fall 5'], } } + + if $zaqar_ws { + ::tripleo::haproxy::endpoint { 'zaqar_ws': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('zaqar_ws_vip', $controller_virtual_ip), + service_port => $ports[zaqar_ws_port], + ip_addresses => hiera('zaqar_ws_node_ips', $controller_hosts_real), + server_names => $controller_hosts_names_real, + mode => 'http', + haproxy_listen_bind_param => [], # We don't use a transparent proxy here + listen_options => { + # NOTE(jaosorior): Websockets have more overhead in establishing + # connections than regular HTTP connections. Also, since it begins + # as an HTTP connection and then "upgrades" to a TCP connection, some + # timeouts get overriden by others at certain times of the connection. + # The following values were taken from the following site: + # http://blog.haproxy.com/2012/11/07/websockets-load-balancing-with-haproxy/ + 'timeout' => ['connect 5s', 'client 25s', 'server 25s', 'tunnel 3600s'], + }, + public_ssl_port => $ports[zaqar_ws_ssl_port], + } + } } diff --git a/manifests/network/contrail/analytics.pp b/manifests/network/contrail/analytics.pp new file mode 100644 index 0000000..4359a43 --- /dev/null +++ b/manifests/network/contrail/analytics.pp @@ -0,0 +1,245 @@ +# +# Copyright (C) 2015 Juniper Networks +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::network::contrail::analytics +# +# Configure Contrail Analytics services +# +# == Parameters: +# +# [*host_ip*] +# (required) host IP address of Analytics +# String (IPv4) value. +# +# [*admin_password*] +# (optional) admin password +# String value. +# Defaults to hiera('contrail::admin_password') +# +# [*admin_tenant_name*] +# (optional) admin tenant name. +# String value. +# Defaults to hiera('contrail::admin_tenant_name') +# +# [*admin_token*] +# (optional) admin token +# String value. +# Defaults to hiera('contrail::admin_token') +# +# [*admin_user*] +# (optional) admin user name. +# String value. +# Defaults to hiera('contrail::admin_user') +# +# [*auth_host*] +# (optional) keystone server ip address +# String (IPv4) value. +# Defaults to hiera('contrail::auth_host') +# +# [*auth_port*] +# (optional) keystone port. +# Integer value. +# Defaults to hiera('contrail::auth_port') +# +# [*auth_protocol*] +# (optional) authentication protocol. +# String value. +# Defaults to hiera('contrail::auth_protocol') +# +# [*cassandra_server_list*] +# (optional) List IPs+port of Cassandra servers +# Array of strings value. +# Defaults to hiera('contrail::cassandra_server_list') +# +# [*collector_http_server_port*] +# (optional) Collector http port +# Integer value. +# Defaults to 8089 +# +# [*collector_sandesh_port*] +# (optional) Collector sandesh port +# Integer value. +# Defaults to 8086 +# +# [*disc_server_ip*] +# (optional) IPv4 address of discovery server. +# String (IPv4) value. +# Defaults to hiera('contrail::disc_server_ip') +# +# [*disc_server_port*] +# (optional) port Discovery server listens on. +# Integer value. +# Defaults to hiera('contrail::disc_server_port') +# +# [*http_server_port*] +# (optional) Analytics http port +# Integer value. +# Defaults to 8090 +# +# [*insecure*] +# (optional) insecure mode. +# Boolean value. +# Defaults to falsehiera('contrail::insecure') +# +# [*kafka_broker_list*] +# (optional) List IPs+port of kafka servers +# Array of strings value. +# Defaults to hiera('contrail::kafka_broker_list') +# +# [*memcached_servers*] +# (optional) IPv4 address of memcached servers +# String (IPv4) value + port +# Defaults to hiera('contrail::memcached_server') +# +# [*redis_server*] +# (optional) IPv4 address of redis server. +# String (IPv4) value. +# Defaults to '127.0.0.1'. +# +# [*redis_server_port*] +# (optional) port Redis server listens on. +# Integer value. +# Defaults to 6379 +# +# [*rest_api_ip*] +# (optional) IP address Analytics rest interface listens on +# String (IPv4) value. +# Defaults to '0.0.0.0' +# +# [*rest_api_port*] +# (optional) Analytics rest port +# Integer value. +# Defaults to 8081 +# +# [*zk_server_ip*] +# (optional) List IPs+port of Zookeeper servers +# Array of strings value. +# Defaults to hiera('contrail::zk_server_ip') +# +class tripleo::network::contrail::analytics( + $host_ip, + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_protocol = hiera('contrail::auth_protocol'), + $cassandra_server_list = hiera('contrail::cassandra_server_list'), + $collector_http_server_port = 8089, + $collector_sandesh_port = 8086, + $disc_server_ip = hiera('contrail::disc_server_ip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $http_server_port = 8090, + $insecure = hiera('contrail::insecure'), + $kafka_broker_list = hiera('contrail::kafka_broker_list'), + $memcached_servers = hiera('contrail::memcached_server'), + $redis_server = '127.0.0.1', + $redis_server_port = 6379, + $rest_api_ip = '0.0.0.0', + $rest_api_port = 8081, + $zk_server_ip = hiera('contrail::zk_server_ip'), +) +{ + class {'::contrail::keystone': + keystone_config => { + 'KEYSTONE' => { + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_user' => $admin_user, + 'auth_host' => $auth_host, + 'auth_port' => $auth_port, + 'auth_protocol' => $auth_protocol, + 'insecure' => $insecure, + 'memcached_servers' => $memcached_servers, + }, + }, + } -> + class {'::contrail::analytics': + analytics_api_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list, + 'host_ip' => $host_ip, + 'http_server_port' => $http_server_port, + 'redis_server' => $redis_server, + 'rest_api_ip' => $rest_api_ip, + 'rest_api_port' => $rest_api_port, + }, + 'DISCOVERY' => { + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + }, + 'REDIS' => { + 'redis_server_port' => $redis_server_port, + 'redis_query_port' => $redis_server_port, + 'server' => $redis_server, + }, + }, + collector_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list, + 'disc_server_ip' => $disc_server_ip, + 'hostip' => $host_ip, + 'http_server_port' => $collector_http_server_port, + 'kafka_broker_list' => $kafka_broker_list, + 'zookeeper_server_list' => $zk_server_ip, + }, + 'COLLECTOR' => { + 'port' => $collector_sandesh_port, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + 'REDIS' => { + 'port' => $redis_server_port, + 'server' => $redis_server, + }, + }, + query_engine_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list, + 'hostip' => $host_ip, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + 'REDIS' => { + 'port' => $redis_server_port, + 'server' => $redis_server, + }, + }, + snmp_collector_config => { + 'DEFAULTS' => { + 'zk_server_ip' => $zk_server_ip, + }, + 'DISCOVERY' => { + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + }, + }, + topology_config => { + 'DEFAULTS' => { + 'zk_server_ip' => $zk_server_ip, + }, + 'DISCOVERY' => { + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + }, + }, + } +} diff --git a/manifests/network/contrail/config.pp b/manifests/network/contrail/config.pp new file mode 100644 index 0000000..7b9c85f --- /dev/null +++ b/manifests/network/contrail/config.pp @@ -0,0 +1,215 @@ +# +# Copyright (C) 2015 Juniper Networks +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::network::contrail::config +# +# Configure Contrail Config services +# +# == Parameters: +# +# [*ifmap_password*] +# (required) ifmap password +# String value. +# +# [*ifmap_server_ip*] +# (required) ifmap server ip address. +# String value. +# +# [*ifmap_username*] +# (required) ifmap username +# String value. +# +# [*rabbit_server*] +# (required) IPv4 address of rabbit server. +# String (IPv4) value. +# +# [*admin_password*] +# (optional) admin password +# String value. +# Defaults to hiera('contrail::admin_password') +# +# [*admin_tenant_name*] +# (optional) admin tenant name. +# String value. +# Defaults to hiera('contrail::admin_tenant_name') +# +# [*admin_token*] +# (optional) admin token +# String value. +# Defaults to hiera('contrail::admin_token') +# +# [*admin_user*] +# (optional) admin user name. +# String value. +# Defaults to hiera('contrail::admin_user') +# +# [*auth*] +# (optional) Authentication method. +# Defaults to hiera('contrail::auth') +# +# [*auth_host*] +# (optional) keystone server ip address +# String (IPv4) value. +# Defaults to hiera('contrail::auth_host') +# +# [*auth_port*] +# (optional) keystone port. +# Defaults to hiera('contrail::auth_port') +# +# [*auth_protocol*] +# (optional) authentication protocol. +# Defaults to hiera('contrail::auth_protocol') +# +# [*cassandra_server_list*] +# (optional) List IPs+port of Cassandra servers +# Array of strings value. +# Defaults to hiera('contrail::cassandra_server_list') +# +# [*disc_server_ip*] +# (optional) IPv4 address of discovery server. +# String (IPv4) value. +# Defaults to hiera('contrail::disc_server_ip') +# +# [*insecure*] +# (optional) insecure mode. +# Defaults to hiera('contrail::insecure') +# +# [*listen_ip_address*] +# (optional) IP address to listen on. +# String (IPv4) value. +# Defaults to '0.0.0.0' +# +# [*listen_port*] +# (optional) Listen port for config-api +# Defaults to 8082 +# +# [*memcached_servers*] +# (optional) IPv4 address of memcached servers +# String (IPv4) value + port +# Defaults to hiera('contrail::memcached_server') +# +# [*multi_tenancy*] +# (optional) Defines if mutli-tenancy is enabled. +# Defaults to hiera('contrail::multi_tenancy') +# +# [*redis_server*] +# (optional) IPv4 address of redis server. +# String (IPv4) value. +# Defaults to '127.0.0.1' +# +# [*zk_server_ip*] +# (optional) List IPs+port of Zookeeper servers +# Array of strings value. +# Defaults to hiera('contrail::zk_server_ip') +# +class tripleo::network::contrail::config( + $ifmap_password, + $ifmap_server_ip, + $ifmap_username, + $rabbit_server, + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $auth = hiera('contrail::auth'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_protocol = hiera('contrail::auth_protocol'), + $cassandra_server_list = hiera('contrail::cassandra_server_list'), + $disc_server_ip = hiera('contrail::disc_server_ip'), + $insecure = hiera('contrail::insecure'), + $listen_ip_address = '0.0.0.0', + $listen_port = 8082, + $memcached_servers = hiera('contrail::memcached_server'), + $multi_tenancy = hiera('contrail::multi_tenancy'), + $redis_server = '127.0.0.1', + $zk_server_ip = hiera('contrail::zk_server_ip'), +) +{ + validate_ip_address($listen_ip_address) + validate_ip_address($disc_server_ip) + validate_ip_address($ifmap_server_ip) + class {'::contrail::keystone': + keystone_config => { + 'KEYSTONE' => { + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_user' => $admin_user, + 'auth_host' => $auth_host, + 'auth_port' => $auth_port, + 'auth_protocol' => $auth_protocol, + 'insecure' => $insecure, + 'memcached_servers' => $memcached_servers, + }, + }, + } -> + class {'::contrail::config': + api_config => { + 'DEFAULTS' => { + 'auth' => $auth, + 'cassandra_server_list' => $cassandra_server_list, + 'disc_server_ip' => $disc_server_ip, + 'ifmap_password' => $ifmap_password, + 'ifmap_server_ip' => $ifmap_server_ip, + 'ifmap_username' => $ifmap_username, + 'listen_ip_addr' => $listen_ip_address, + 'listen_port' => $listen_port, + 'multi_tenancy' => $multi_tenancy, + 'rabbit_server' => $rabbit_server, + 'redis_server' => $redis_server, + 'zk_server_ip' => $zk_server_ip, + }, + }, + device_manager_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list, + 'disc_server_ip' => $disc_server_ip, + 'rabbit_server' => $rabbit_server, + 'redis_server' => $redis_server, + 'zk_server_ip' => $zk_server_ip, + }, + }, + schema_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list, + 'disc_server_ip' => $disc_server_ip, + 'ifmap_password' => $ifmap_password, + 'ifmap_server_ip' => $ifmap_server_ip, + 'ifmap_username' => $ifmap_username, + 'rabbit_server' => $rabbit_server, + 'redis_server' => $redis_server, + 'zk_server_ip' => $zk_server_ip, + }, + }, + discovery_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list, + 'zk_server_ip' => $zk_server_ip, + }, + }, + svc_monitor_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list, + 'disc_server_ip' => $disc_server_ip, + 'ifmap_password' => $ifmap_password, + 'ifmap_server_ip' => $ifmap_server_ip, + 'ifmap_username' => $ifmap_username, + 'rabbit_server' => $rabbit_server, + 'redis_server' => $redis_server, + }, + }, + } +} diff --git a/manifests/network/contrail/control.pp b/manifests/network/contrail/control.pp new file mode 100644 index 0000000..2e50108 --- /dev/null +++ b/manifests/network/contrail/control.pp @@ -0,0 +1,153 @@ +# +# Copyright (C) 2015 Juniper Networks +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::network::contrail::control +# +# Configure Contrail Control services +# +# == Parameters: +# +# [*host_ip*] +# (required) host IP address of Control +# String (IPv4) value. +# +# [*ifmap_password*] +# (required) ifmap password +# String value. +# +# [*ifmap_username*] +# (optional) ifmap username +# String value. +# Defaults to hiera('contrail::ifmap_username'), +# +# [*admin_password*] +# (optional) admin password +# String value. +# Defaults to hiera('contrail::admin_password'), +# +# [*admin_tenant_name*] +# (optional) admin tenant name. +# String value. +# Defaults to hiera('contrail::admin_tenant_name'), +# +# [*admin_token*] +# (optional) admin token +# String value. +# Defaults to hiera('contrail::admin_token'), +# +# [*admin_user*] +# (optional) admin user name. +# String value. +# Defaults to hiera('contrail::admin_user'), +# +# [*auth_host*] +# (optional) keystone server ip address +# String (IPv4) value. +# Defaults to hiera('contrail::auth_host'), +# +# [*auth_port*] +# (optional) keystone port. +# Defaults to hiera('contrail::auth_port'), +# +# [*auth_protocol*] +# (optional) authentication protocol. +# Defaults to hiera('contrail::auth_protocol'), +# +# [*disc_server_ip*] +# (optional) IPv4 address of discovery server. +# String (IPv4) value. +# Defaults to hiera('contrail::disc_server_ip'), +# +# [*disc_server_port*] +# (optional) port Discovery server listens on. +# Integer value. +# Defaults to hiera('contrail::disc_server_port'), +# +# [*insecure*] +# (optional) insecure mode. +# Defaults to hiera('contrail::insecure'), +# +# [*memcached_servers*] +# (optional) IPv4 address of memcached servers +# String (IPv4) value + port +# Defaults to hiera('contrail::memcached_servers'), +# +class tripleo::network::contrail::control( + $host_ip, + $ifmap_password, + $ifmap_username, + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_protocol = hiera('contrail::auth_protocol'), + $disc_server_ip = hiera('contrail::disc_server_ip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $insecure = hiera('contrail::insecure'), + $memcached_servers = hiera('contrail::memcached_server'), +) +{ + class {'::contrail::keystone': + keystone_config => { + 'KEYSTONE' => { + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_password' => $admin_password, + 'admin_user' => $admin_user, + 'auth_host' => $auth_host, + 'auth_port' => $auth_port, + 'auth_protocol' => $auth_protocol, + 'insecure' => $insecure, + 'memcached_servers' => $memcached_servers, + }, + }, + } -> + class {'::contrail::control': + control_config => { + 'DEFAULTS' => { + 'hostip' => $host_ip, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + 'IFMAP' => { + 'password' => $ifmap_password, + 'user' => $ifmap_username, + }, + }, + dns_config => { + 'DEFAULTS' => { + 'hostip' => $host_ip, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + 'IFMAP' => { + 'password' => $ifmap_password, + 'user' => $ifmap_username, + } + }, + control_nodemgr_config => { + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + }, + } +} diff --git a/manifests/network/contrail/database.pp b/manifests/network/contrail/database.pp new file mode 100644 index 0000000..58f2670 --- /dev/null +++ b/manifests/network/contrail/database.pp @@ -0,0 +1,53 @@ +# +# Copyright (C) 2015 Juniper Networks +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::network::contrail::control +# +# Configure Contrail Control services +# +# == Parameters: +# +# [*host_ip*] +# (required) host IP address of Database node +# String (IPv4) value. +# +# [*disc_server_ip*] +# (optional) IPv4 address of discovery server. +# String (IPv4) value. +# Defaults to hiera('contrail::disc_server_ip') +# +# [*disc_server_port*] +# (optional) port Discovery server listens on. +# Integer value. +# Defaults to hiera('contrail::disc_server_port') +# +class tripleo::network::contrail::database( + $host_ip, + $disc_server_ip = hiera('contrail::disc_server_ip'), + $disc_server_port = hiera('contrail::disc_server_port'), +) +{ + class {'::contrail::database': + database_nodemgr_config => { + 'DEFAULTS' => { + 'hostip' => $host_ip, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + }, + } +} diff --git a/manifests/network/contrail/webui.pp b/manifests/network/contrail/webui.pp new file mode 100644 index 0000000..0b308a4 --- /dev/null +++ b/manifests/network/contrail/webui.pp @@ -0,0 +1,108 @@ +# +# Copyright (C) 2015 Juniper Networks +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::network::contrail::webui +# +# Configure Contrail Webui services +# +# == Parameters: +# +# [*contrail_analytics_vip*] +# (required) VIP of Contrail Analytics +# String (IPv4) value. +# +# [*contrail_config_vip*] +# (required) VIP of Contrail Config +# String (IPv4) value. +# +# [*neutron_vip*] +# (required) VIP of Neutron +# String (IPv4) value. +# +# [*admin_password*] +# (optional) admin password +# String value. +# Defaults to hiera('contrail::admin_password') +# +# [*admin_tenant_name*] +# (optional) admin tenant name. +# String value. +# Defaults to hiera('contrail::admin_tenant_name') +# +# [*admin_token*] +# (optional) admin token +# String value. +# Defaults to hiera('contrail::admin_token') +# +# [*admin_user*] +# (optional) admin user name. +# String value. +# Defaults to hiera('contrail::admin_user') +# +# [*auth_host*] +# (optional) keystone server ip address +# String (IPv4) value. +# Defaults to hiera('contrail::auth_host') +# +# [*cassandra_server_list*] +# (optional) List IPs+port of Cassandra servers +# Array of strings value. +# Defaults to hiera('contrail::cassandra_server_list') +# +# [*contrail_webui_http_port*] +# (optional) Webui HTTP Port +# Integer value. +# Defaults to 8080 +# +# [*contrail_webui_https_port*] +# (optional) Webui HTTPS Port +# Integer value. +# Defaults to 8143 +# +# [*redis_ip*] +# (optional) IP of Redis +# String (IPv4) value. +# Defaults to '127.0.0.1' +# +class tripleo::network::contrail::webui( + $contrail_analytics_vip, + $contrail_config_vip, + $neutron_vip, + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $auth_host = hiera('contrail::auth_host'), + $cassandra_server_list = hiera('contrail::cassandra_server_list'), + $contrail_webui_http_port = 8080, + $contrail_webui_https_port = 8143, + $redis_ip = '127.0.0.1', +) +{ + class {'::contrail::webui': + openstack_vip => $auth_host, + contrail_config_vip => $contrail_config_vip, + contrail_analytics_vip => $contrail_analytics_vip, + neutron_vip => $neutron_vip, + cassandra_ip => $cassandra_server_list, + redis_ip => $redis_ip, + contrail_webui_http_port => $contrail_webui_http_port, + contrail_webui_https_port => $contrail_webui_https_port, + admin_user => $admin_user, + admin_password => $admin_password, + admin_token => $admin_token, + admin_tenant_name => $admin_tenant_name, + } +} diff --git a/manifests/profile/base/aodh.pp b/manifests/profile/base/aodh.pp index 2fad5b3..49a543a 100644 --- a/manifests/profile/base/aodh.pp +++ b/manifests/profile/base/aodh.pp @@ -44,10 +44,6 @@ class tripleo::profile::base::aodh ( $sync_db = false } - if $step >= 3 and $sync_db { - include ::aodh::db::mysql - } - if $step >= 4 or ($step >= 3 and $sync_db) { class { '::aodh' : rabbit_hosts => $rabbit_hosts, diff --git a/manifests/profile/base/aodh/evaluator.pp b/manifests/profile/base/aodh/evaluator.pp index 610d5a8..d9b48b3 100644 --- a/manifests/profile/base/aodh/evaluator.pp +++ b/manifests/profile/base/aodh/evaluator.pp @@ -30,7 +30,9 @@ class tripleo::profile::base::aodh::evaluator ( include ::tripleo::profile::base::aodh if $step >= 4 { - include ::aodh::evaluator + class { '::aodh::evaluator': + coordination_url => join(['redis://:', hiera('aodh_redis_password'), '@', normalize_ip_for_uri(hiera('redis_vip')), ':6379/']), + } } } diff --git a/manifests/profile/base/ceilometer/agent/central.pp b/manifests/profile/base/ceilometer/agent/central.pp index c91e610..033d34c 100644 --- a/manifests/profile/base/ceilometer/agent/central.pp +++ b/manifests/profile/base/ceilometer/agent/central.pp @@ -30,7 +30,9 @@ class tripleo::profile::base::ceilometer::agent::central ( if $step >= 4 { include ::ceilometer::agent::auth - include ::ceilometer::agent::central + class { '::ceilometer::agent::central': + coordination_url => join(['redis://:', hiera('ceilometer_redis_password'), '@', normalize_ip_for_uri(hiera('redis_vip')), ':6379/']), + } } } diff --git a/manifests/profile/base/ceilometer/collector.pp b/manifests/profile/base/ceilometer/collector.pp index baaf4c8..e892478 100644 --- a/manifests/profile/base/ceilometer/collector.pp +++ b/manifests/profile/base/ceilometer/collector.pp @@ -59,10 +59,6 @@ class tripleo::profile::base::ceilometer::collector ( include ::tripleo::profile::base::ceilometer - if $step >= 2 and $sync_db and $ceilometer_backend == 'mysql' { - include ::ceilometer::db::mysql - } - if $step >= 3 and $sync_db { include ::ceilometer::db::sync } diff --git a/manifests/profile/base/ceph/rgw.pp b/manifests/profile/base/ceph/rgw.pp new file mode 100644 index 0000000..7cd2b6a --- /dev/null +++ b/manifests/profile/base/ceph/rgw.pp @@ -0,0 +1,63 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::ceph::rgw +# +# Ceph RadosGW profile for tripleo +# +# === Parameters +# +# [*keystone_admin_token*] +# The keystone admin token +# +# [*keystone_url*] +# The internal or admin url for keystone +# +# [*rgw_key*] +# The cephx key for the RGW client service +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::ceph::rgw ( + $keystone_admin_token, + $keystone_url, + $rgw_key, + $step = hiera('step'), +) { + + include ::tripleo::profile::base::ceph + + if $step >= 3 { + include ::ceph::profile::rgw + $rgw_name = hiera('ceph::profile::params::rgw_name', 'radosgw.gateway') + ceph::key { "client.${rgw_name}": + secret => $rgw_key, + cap_mon => 'allow *', + cap_osd => 'allow *', + inject => true, + } + } + + if $step >= 4 { + ceph::rgw::keystone { $rgw_name: + rgw_keystone_accepted_roles => ['admin', '_member_', 'Member'], + use_pki => false, + rgw_keystone_admin_token => $keystone_admin_token, + rgw_keystone_url => $keystone_url, + } + } +} diff --git a/manifests/profile/base/cinder/api.pp b/manifests/profile/base/cinder/api.pp index 370b402..31635eb 100644 --- a/manifests/profile/base/cinder/api.pp +++ b/manifests/profile/base/cinder/api.pp @@ -39,10 +39,6 @@ class tripleo::profile::base::cinder::api ( include ::tripleo::profile::base::cinder - if $step >= 3 and $sync_db { - include ::cinder::db::mysql - } - if $step >= 4 or ($step >= 3 and $sync_db) { include ::cinder::api include ::cinder::ceilometer diff --git a/manifests/profile/base/database/mongodb.pp b/manifests/profile/base/database/mongodb.pp index 1a19bb6..8967f5b 100644 --- a/manifests/profile/base/database/mongodb.pp +++ b/manifests/profile/base/database/mongodb.pp @@ -44,6 +44,13 @@ class tripleo::profile::base::database::mongodb ( include ::tripleo::profile::base::database::mongodbcommon if $bootstrap_node == $::hostname { + # make sure we can connect to all servers before forming the replset + tripleo::profile::pacemaker::database::mongodbvalidator { + $tripleo::profile::base::database::mongodbcommon::mongodb_node_ips : + port => $tripleo::profile::base::database::mongodbcommon::port, + require => Service['mongodb'], + before => Mongodb_replset[$mongodb_replset], + } mongodb_replset { $mongodb_replset : members => $tripleo::profile::base::database::mongodbcommon::mongo_node_ips_with_port_nobr, } diff --git a/manifests/profile/base/database/mysql.pp b/manifests/profile/base/database/mysql.pp index 49c9df3..9da1456 100644 --- a/manifests/profile/base/database/mysql.pp +++ b/manifests/profile/base/database/mysql.pp @@ -18,6 +18,14 @@ # # === Parameters # +# [*bind_address*] +# (Optional) The address that the local mysql instance should bind to. +# Defaults to $::hostname +# +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# # [*manage_resources*] # (Optional) Whether or not manage root user, root my.cnf, and service. # Defaults to true @@ -37,13 +45,20 @@ # Defaults to hiera('step') # class tripleo::profile::base::database::mysql ( + $bind_address = $::hostname, + $bootstrap_node = hiera('bootstrap_nodeid', undef), $manage_resources = true, $mysql_server_options = {}, $remove_default_accounts = true, $step = hiera('step'), - ) { + if $::hostname == downcase($bootstrap_node) { + $sync_db = true + } else { + $sync_db = false + } + validate_hash($mysql_server_options) # non-ha scenario @@ -59,14 +74,14 @@ class tripleo::profile::base::database::mysql ( } else { $mysql_config_file = '/etc/my.cnf.d/server.cnf' } - # TODO Galara + # TODO Galera # FIXME: due to https://bugzilla.redhat.com/show_bug.cgi?id=1298671 we # set bind-address to a hostname instead of an ip address; to move Mysql # from internal_api on another network we'll have to customize both # MysqlNetwork and ControllerHostnameResolveNetwork in ServiceNetMap $mysql_server_default = { 'mysqld' => { - 'bind-address' => $::hostname, + 'bind-address' => $bind_address, 'max_connections' => hiera('mysql_max_connections'), 'open_files_limit' => '-1', } @@ -83,4 +98,51 @@ class tripleo::profile::base::database::mysql ( } } + if $step >= 2 and $sync_db { + Class['::mysql::server'] -> Mysql_database<||> + if hiera('aodh_api_enabled', false) { + include ::aodh::db::mysql + } + if hiera('ceilometer_collector_enabled', false) { + include ::ceilometer::db::mysql + } + if hiera('cinder_api_enabled', false) { + include ::cinder::db::mysql + } + if hiera('glance_registry_enabled', false) { + include ::glance::db::mysql + } + if hiera('gnocchi_api_enabled', false) { + include ::gnocchi::db::mysql + } + if hiera('heat_engine_enabled', false) { + include ::heat::db::mysql + } + if hiera('ironic_api_enabled', false) { + include ::ironic::db::mysql + } + if hiera('keystone_enabled', false) { + include ::keystone::db::mysql + } + if hiera('manila_api_enabled', false) { + include ::manila::db::mysql + } + if hiera('mistral_api_enabled', false) { + include ::mistral::db::mysql + } + if hiera('neutron_api_enabled', false) { + include ::neutron::db::mysql + } + if hiera('nova_api_enabled', false) { + include ::nova::db::mysql + include ::nova::db::mysql_api + } + if hiera('sahara_api_enabled', false) { + include ::sahara::db::mysql + } + if hiera('trove_api_enabled', false) { + include ::trove::db::mysql + } + } + } diff --git a/manifests/profile/base/glance/registry.pp b/manifests/profile/base/glance/registry.pp index ac6796a..9e2be9d 100644 --- a/manifests/profile/base/glance/registry.pp +++ b/manifests/profile/base/glance/registry.pp @@ -42,10 +42,6 @@ class tripleo::profile::base::glance::registry ( $sync_db = false } - if $step >= 3 and $sync_db { - include ::glance::db::mysql - } - if $step >= 4 or ( $step >= 3 and $sync_db ) { # TODO: notifications, scrubber, etc. include ::glance diff --git a/manifests/profile/base/gnocchi/api.pp b/manifests/profile/base/gnocchi/api.pp index 5e7e215..9a08551 100644 --- a/manifests/profile/base/gnocchi/api.pp +++ b/manifests/profile/base/gnocchi/api.pp @@ -45,14 +45,16 @@ class tripleo::profile::base::gnocchi::api ( include ::tripleo::profile::base::gnocchi if $step >= 3 and $sync_db { - include ::gnocchi::db::mysql include ::gnocchi::db::sync } if $step >= 4 { include ::gnocchi::api include ::gnocchi::wsgi::apache - include ::gnocchi::storage + + class { '::gnocchi::storage': + coordination_url => join(['redis://:', hiera('gnocchi_redis_password'), '@', normalize_ip_for_uri(hiera('redis_vip')), ':6379/']), + } case $gnocchi_backend { 'swift': { include ::gnocchi::storage::swift } 'file': { include ::gnocchi::storage::file } diff --git a/manifests/profile/base/haproxy.pp b/manifests/profile/base/haproxy.pp index 68ff3e4..e018f36 100644 --- a/manifests/profile/base/haproxy.pp +++ b/manifests/profile/base/haproxy.pp @@ -79,6 +79,9 @@ class tripleo::profile::base::haproxy ( require => Class['::certmonger'], } create_resources('::tripleo::certmonger::haproxy', $certificates_specs) + # The haproxy fronends (or listen resources) depend on the certificate + # existing and need to be refreshed if it changed. + Tripleo::Certmonger::Haproxy<||> ~> Haproxy::Listen<||> } include ::tripleo::haproxy diff --git a/manifests/profile/base/heat/engine.pp b/manifests/profile/base/heat/engine.pp index 112fad8..479e1c6 100644 --- a/manifests/profile/base/heat/engine.pp +++ b/manifests/profile/base/heat/engine.pp @@ -39,10 +39,6 @@ class tripleo::profile::base::heat::engine ( include ::tripleo::profile::base::heat - if $step >= 3 and $sync_db { - include ::heat::db::mysql - } - if $step >= 4 or ( $step >= 3 and $sync_db ) { include ::heat::engine } diff --git a/manifests/profile/base/ironic.pp b/manifests/profile/base/ironic.pp index 6c0769a..c4e525a 100644 --- a/manifests/profile/base/ironic.pp +++ b/manifests/profile/base/ironic.pp @@ -42,10 +42,6 @@ class tripleo::profile::base::ironic ( $sync_db = false } - if $step >= 3 and $sync_db { - include ::ironic::db::mysql - } - if $step >= 4 or ($step >= 3 and $sync_db) { class { '::ironic': sync_db => $sync_db, diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index fd38869..d515f8f 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -51,10 +51,6 @@ class tripleo::profile::base::keystone ( $manage_endpoint = false } - if $step >= 3 and $sync_db { - include ::keystone::db::mysql - } - if $step >= 4 or ( $step >= 3 and $sync_db ) { class { '::keystone': sync_db => $sync_db, diff --git a/manifests/profile/base/manila.pp b/manifests/profile/base/manila.pp new file mode 100644 index 0000000..5210284 --- /dev/null +++ b/manifests/profile/base/manila.pp @@ -0,0 +1,50 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::manila +# +# Manila common profile for tripleo +# +# === Parameters +# +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# +# [*step*] +# (Optional) The current step of the deployment +# Defaults to hiera('step') +# +# [*rabbit_hosts*] +# list of the rabbbit host IPs +# Defaults to hiera('rabbitmq_node_ips') + +class tripleo::profile::base::manila ( + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $step = hiera('step'), + $rabbit_hosts = hiera('rabbitmq_node_ips', undef), +) { + if $::hostname == downcase($bootstrap_node) { + $sync_db = true + } else { + $sync_db = false + } + + if $step >= 4 or ($step >= 3 and $sync_db) { + class { '::manila' : + rabbit_hosts => $rabbit_hosts, + } + include ::manila::config + } +} diff --git a/manifests/profile/base/manila/api.pp b/manifests/profile/base/manila/api.pp index 89ff810..1f78ab3 100644 --- a/manifests/profile/base/manila/api.pp +++ b/manifests/profile/base/manila/api.pp @@ -18,24 +18,28 @@ # # === Parameters # +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') -# -# [*rabbit_hosts*] -# list of the rabbbit host IPs -# Defaults to hiera('rabbitmq_node_ips') class tripleo::profile::base::manila::api ( - $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_ips', undef), + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $step = hiera('step'), ) { - if $step >= 4 { - class { '::manila' : - rabbit_hosts => $rabbit_hosts, - } + if $::hostname == downcase($bootstrap_node) { + $sync_db = true + } else { + $sync_db = false + } + + include ::tripleo::profile::base::manila + + if $step >= 4 or ($step >= 3 and $sync_db) { include ::manila::api } } - diff --git a/manifests/profile/base/manila/scheduler.pp b/manifests/profile/base/manila/scheduler.pp index 8581187..07ea676 100644 --- a/manifests/profile/base/manila/scheduler.pp +++ b/manifests/profile/base/manila/scheduler.pp @@ -18,34 +18,19 @@ # # === Parameters # -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to hiera('bootstrap_nodeid') -# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') # class tripleo::profile::base::manila::scheduler ( - $bootstrap_node = hiera('bootstrap_nodeid', undef), - $step = hiera('step'), + $step = hiera('step'), ) { - if $::hostname == downcase($bootstrap_node) { - $sync_db = true - } else { - $sync_db = false - } - - if $step >= 3 and $sync_db { - include ::manila::db::mysql - } + include ::tripleo::profile::base::manila if $step >= 4 { include ::manila::compute::nova include ::manila::network::neutron include ::manila::scheduler } - } - diff --git a/manifests/profile/base/manila/share.pp b/manifests/profile/base/manila/share.pp index ed64b29..d39c55c 100644 --- a/manifests/profile/base/manila/share.pp +++ b/manifests/profile/base/manila/share.pp @@ -26,8 +26,9 @@ class tripleo::profile::base::manila::share ( $step = hiera('step'), ) { + include ::tripleo::profile::base::manila + if $step >= 4 { include ::manila::share } } - diff --git a/manifests/profile/base/mistral.pp b/manifests/profile/base/mistral.pp index cffb03e..9986d22 100644 --- a/manifests/profile/base/mistral.pp +++ b/manifests/profile/base/mistral.pp @@ -27,9 +27,14 @@ # for more details. # Defaults to hiera('step') # +# [*rabbit_hosts*] +# list of the rabbbit host IPs +# Defaults to hiera('rabbitmq_node_ips') + class tripleo::profile::base::mistral ( $bootstrap_node = hiera('bootstrap_nodeid', undef), $step = hiera('step'), + $rabbit_hosts = hiera('rabbitmq_node_ips', undef), ) { if $::hostname == downcase($bootstrap_node) { $sync_db = true @@ -37,12 +42,10 @@ class tripleo::profile::base::mistral ( $sync_db = false } - if $step >= 3 and $sync_db { - include ::mistral::db::mysql - } - if $step >= 4 or ($step >= 3 and $sync_db) { - include ::mistral + class { '::mistral': + rabbit_hosts => $rabbit_hosts, + } include ::mistral::config include ::mistral::client include ::mistral::db::sync diff --git a/manifests/profile/base/neutron/server.pp b/manifests/profile/base/neutron/server.pp index 5a1b377..82c2d5f 100644 --- a/manifests/profile/base/neutron/server.pp +++ b/manifests/profile/base/neutron/server.pp @@ -39,10 +39,6 @@ class tripleo::profile::base::neutron::server ( include ::tripleo::profile::base::neutron - if $step >= 3 and $sync_db { - include ::neutron::db::mysql - } - # We start neutron-server on the bootstrap node first, because # it will try to populate tables and we need to make sure this happens # before it starts on other nodes diff --git a/manifests/profile/base/nova/api.pp b/manifests/profile/base/nova/api.pp index 285e0b7..3c472c5 100644 --- a/manifests/profile/base/nova/api.pp +++ b/manifests/profile/base/nova/api.pp @@ -37,11 +37,6 @@ class tripleo::profile::base::nova::api ( include ::tripleo::profile::base::nova - if $step >= 3 and $sync_db { - include ::nova::db::mysql - include ::nova::db::mysql_api - } - if $step >= 4 or ($step >= 3 and $sync_db) { class { '::nova::api': sync_db => $sync_db, diff --git a/manifests/profile/base/sahara/engine.pp b/manifests/profile/base/sahara/engine.pp index 4dbaa85..e2da0e7 100644 --- a/manifests/profile/base/sahara/engine.pp +++ b/manifests/profile/base/sahara/engine.pp @@ -39,10 +39,6 @@ class tripleo::profile::base::sahara::engine ( include ::tripleo::profile::base::sahara - if $step >= 3 and $sync_db { - include ::sahara::db::mysql - } - if $step >= 4 or ($step >= 3 and $sync_db) { include ::sahara::service::engine } diff --git a/manifests/profile/base/swift/add_devices.pp b/manifests/profile/base/swift/add_devices.pp index bd4c91c..909ddd6 100644 --- a/manifests/profile/base/swift/add_devices.pp +++ b/manifests/profile/base/swift/add_devices.pp @@ -39,7 +39,10 @@ define tripleo::profile::base::swift::add_devices( $zone = (($server_num%$swift_zones) + 1) # add the rings - $base = regsubst($name,'^r1.*-(.*)$','\1') + $base_notnormal = regsubst($name,'^r1.*-(.*)$','\1') + $ip_notnormal = regsubst($base_notnormal, ':%PORT%.*', '') + $ip = normalize_ip_for_uri($ip_notnormal) + $base = regsubst($base_notnormal, $ip_notnormal, $ip) $object = regsubst($base, '%PORT%', '6000') ring_object_device { $object: zone => '1', diff --git a/manifests/profile/base/swift/proxy.pp b/manifests/profile/base/swift/proxy.pp index a95d05f..9d50462 100644 --- a/manifests/profile/base/swift/proxy.pp +++ b/manifests/profile/base/swift/proxy.pp @@ -37,7 +37,7 @@ class tripleo::profile::base::swift::proxy ( $memcache_port = 11211, ) { if $step >= 4 { - $swift_memcache_servers = suffix($memcache_servers, ":${memcache_port}") + $swift_memcache_servers = suffix(any2array(normalize_ip_for_uri($memcache_servers)), ":${memcache_port}") include ::swift::proxy include ::swift::proxy::proxy_logging include ::swift::proxy::healthcheck diff --git a/manifests/profile/base/swift/ringbuilder.pp b/manifests/profile/base/swift/ringbuilder.pp index 98a09a0..c77d744 100644 --- a/manifests/profile/base/swift/ringbuilder.pp +++ b/manifests/profile/base/swift/ringbuilder.pp @@ -91,7 +91,7 @@ class tripleo::profile::base::swift::ringbuilder ( # rebalance swift::ringbuilder::rebalance{ ['object', 'account', 'container']: - seed => 999, + seed => '999', } Ring_object_device<| |> ~> Exec['rebalance_object'] diff --git a/manifests/profile/base/swift/storage.pp b/manifests/profile/base/swift/storage.pp index 0b09ea6..d1660de 100644 --- a/manifests/profile/base/swift/storage.pp +++ b/manifests/profile/base/swift/storage.pp @@ -41,7 +41,7 @@ class tripleo::profile::base::swift::storage ( ensure => directory, owner => 'swift', group => 'swift', - require => Package['openstack-swift'], + require => Package['swift'], } } $swift_components = ['account', 'container', 'object'] diff --git a/manifests/profile/base/trove/api.pp b/manifests/profile/base/trove/api.pp index 7a78171..bc16e6e 100644 --- a/manifests/profile/base/trove/api.pp +++ b/manifests/profile/base/trove/api.pp @@ -37,10 +37,6 @@ class tripleo::profile::base::trove::api ( $sync_db = false } - if $step >= 3 and $sync_db { - include ::trove::db::mysql - } - if $step >= 4 or ($step >= 3 and $sync_db) { include ::trove include ::trove::config diff --git a/manifests/profile/base/ui.pp b/manifests/profile/base/ui.pp index 22371d1..681496a 100644 --- a/manifests/profile/base/ui.pp +++ b/manifests/profile/base/ui.pp @@ -20,5 +20,7 @@ class tripleo::profile::base::ui () { package {'openstack-tripleo-ui': } include ::apache + + include ::tripleo::ui } diff --git a/manifests/profile/base/validations.pp b/manifests/profile/base/validations.pp new file mode 100644 index 0000000..50a1a8a --- /dev/null +++ b/manifests/profile/base/validations.pp @@ -0,0 +1,29 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::validations +# +# Validations profile for tripleo +# +class tripleo::profile::base::validations { + package {'openstack-tripleo-validations': } + user {'validations': + ensure => present, + comment => 'TripleO validations', + managehome => true, + home => '/home/validations', + shell => '/sbin/nologin', + } +} + diff --git a/manifests/profile/pacemaker/database/mysql.pp b/manifests/profile/pacemaker/database/mysql.pp index 4dc3770..0169e16 100644 --- a/manifests/profile/pacemaker/database/mysql.pp +++ b/manifests/profile/pacemaker/database/mysql.pp @@ -18,20 +18,30 @@ # # === Parameters # +# [*bind_address*] +# (Optional) The address that the local mysql instance should bind to. +# Defaults to $::hostname +# +# [*gmcast_listen_addr*] +# (Optional) This variable defines the address on which the node listens to +# connections from other nodes in the cluster. +# Defaults to hiera('mysql_bind_host') +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') # class tripleo::profile::pacemaker::database::mysql ( - $step = hiera('step'), + $bind_address = $::hostname, + $gmcast_listen_addr = hiera('mysql_bind_host'), + $step = hiera('step'), ) { if $::hostname == downcase(hiera('bootstrap_nodeid')) { $pacemaker_master = true } else { $pacemaker_master = false } - $mysql_bind_host = hiera('mysql_bind_host') # use only mysql_node_names when we land a patch in t-h-t that # switches to autogenerating these values from composable services @@ -52,7 +62,7 @@ class tripleo::profile::pacemaker::database::mysql ( 'innodb_locks_unsafe_for_binlog'=> '1', 'query_cache_size' => '0', 'query_cache_type' => '0', - 'bind-address' => $::hostname, + 'bind-address' => $bind_address, 'max_connections' => hiera('mysql_max_connections'), 'open_files_limit' => '-1', 'wsrep_on' => 'ON', @@ -70,7 +80,7 @@ class tripleo::profile::pacemaker::database::mysql ( 'wsrep_drupal_282555_workaround'=> '0', 'wsrep_causal_reads' => '0', 'wsrep_sst_method' => 'rsync', - 'wsrep_provider_options' => "gmcast.listen_addr=tcp://[${mysql_bind_host}]:4567;", + 'wsrep_provider_options' => "gmcast.listen_addr=tcp://${gmcast_listen_addr}:4567;", } } @@ -120,6 +130,11 @@ class tripleo::profile::pacemaker::database::mysql ( table => '*.*', user => 'clustercheck@localhost', } + + # We create databases for services at step 2 as well. This ensures + # Galara is up before those get created + Exec['galera-ready'] -> Mysql_database<||> + } # This step is to create a sysconfig clustercheck file with the root user and empty password # on the first install only (because later on the clustercheck db user will be used) diff --git a/manifests/profile/pacemaker/manila.pp b/manifests/profile/pacemaker/manila.pp index a7f91fc..a1ff5ca 100644 --- a/manifests/profile/pacemaker/manila.pp +++ b/manifests/profile/pacemaker/manila.pp @@ -22,119 +22,14 @@ # (Optional) The hostname of the node responsible for bootstrapping tasks # Defaults to hiera('bootstrap_nodeid') # -# [*cinder_volume_type*] -# (Optional) -# Defaults to hiera('manila::backend::generic::cinder_volume_type', '') -# -# [*driver_handles_share_servers*] -# (Optional) -# Defaults to hiera('manila::backend::generic::driver_handles_share_servers') -# -# [*manila_generic_enable*] -# (Optional) Enable the generic backend. -# Defaults to hiera('manila_generic_enable_backend', 'false') -# -# [*max_time_to_attach*] -# (Optional) -# Defaults to hiera('manila::backend::generic::max_time_to_attach') -# -# [*max_time_to_create_volume*] -# (Optional) -# Defaults to hiera('manila::backend::generic::max_time_to_create_volume') -# -# [*service_instance_flavor_id*] -# (Optional) -# Defaults to hiera('manila::service_instance::service_instance_flavor_id') -# -# [*service_instance_password*] -# (Optional) -# Defaults to hiera('manila::service_instance::service_instance_password') -# -# [*service_instance_smb_config_path*] -# (Optional) -# Defaults to downcase(hiera('manila::backend::generic::service_instance_smb_config_path')) -# -# [*service_instance_user*] -# (Optional) -# Defaults to hiera('manila::service_instance::service_instance_user') -# -# [*share_mount_path*] -# (Optional) -# Defaults to hiera('manila::backend::generic::share_mount_path') -# -# [*share_volume_fstype*] -# (Optional) -# Defaults to hiera('manila::backend::generic::share_volume_fstype') -# -# [*smb_template_config_path*] -# (Optional) -# Defaults to hiera('manila::backend::generic::smb_template_config_path') -# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') # -# [*volume_name_template*] -# (Optional) -# Defaults to hiera('manila::backend::generic::volume_name_template') -# -# [*volume_snapshot_name_template*] -# (Optional) -# Defaults to hiera('manila::backend::generic::volume_snapshot_name_template') -# -# [*manila_cephfsnative_enable*] -# (Optional) Enable the CephFS Native backend. -# Defaults to hiera('manila_cephfsnative_enable_backend', 'false') -# -# [*cephfs_handles_share_servers*] -# (Optional) -# Defaults to hiera('manila::backend::cephfsnative::driver_handles_share_servers', false) -# -# [*cephfs_backend_name*] -# (Optional) -# Defaults to hiera('manila::backend::cephfsnative::cephfs_backend_name') -# -# [*cephfs_conf_path*] -# (Optional) -# Defaults to hiera('manila::backend::cephfsnative::cephfs_conf_path') -# -# [*cephfs_auth_id*] -# (Optional) -# Defaults to hiera('manila::backend::cephfsnative::cephfs_auth_id') -# -# [*cephfs_cluster_name*] -# (Optional) -# Defaults to hiera('manila::backend::cephfsnative::cephfs_cluster_name') -# -# [*cephfs_enable_snapshots*] -# (Optional) -# Defaults to hiera('manila::backend::cephfsnative::cephfs_enable_snapshots') -# class tripleo::profile::pacemaker::manila ( $bootstrap_node = hiera('bootstrap_nodeid'), - $cinder_volume_type = hiera('manila::backend::generic::cinder_volume_type', ''), - $driver_handles_share_servers = hiera('manila::backend::generic::driver_handles_share_servers'), - $manila_generic_enable = hiera('manila_generic_enable_backend', false), - $max_time_to_attach = hiera('manila::backend::generic::max_time_to_attach'), - $max_time_to_create_volume = hiera('manila::backend::generic::max_time_to_create_volume'), - $service_instance_flavor_id = hiera('manila::service_instance::service_instance_flavor_id'), - $service_instance_password = hiera('manila::service_instance::service_instance_password'), - $service_instance_smb_config_path = hiera('manila::backend::generic::service_instance_smb_config_path'), - $service_instance_user = hiera('manila::service_instance::service_instance_user'), - $share_mount_path = hiera('manila::backend::generic::share_mount_path'), - $share_volume_fstype = hiera('manila::backend::generic::share_volume_fstype'), - $smb_template_config_path = hiera('manila::backend::generic::smb_template_config_path'), $step = hiera('step'), - $volume_name_template = hiera('manila::backend::generic::volume_name_template'), - $volume_snapshot_name_template = hiera('manila::backend::generic::volume_snapshot_name_template'), - $manila_cephfsnative_enable = hiera('manila::backend::cephfsnative::enable_backend', false), - $cephfs_handles_share_servers = hiera('manila::backend::cephfsnative::driver_handles_share_servers'), - $cephfs_backend_name = hiera('manila::backend::cephfsnative::cephfs_backend_name'), - $cephfs_conf_path = hiera('manila::backend::cephfsnative::cephfs_conf_path'), - $cephfs_auth_id = hiera('manila::backend::cephfsnative::cephfs_auth_id'), - $cephfs_cluster_name = hiera('manila::backend::cephfsnative::cephfs_cluster_name'), - $cephfs_enable_snapshots = hiera('manila::backend::cephfsnative::cephfs_enable_snapshots'), ) { if $::hostname == downcase($bootstrap_node) { $pacemaker_master = true @@ -151,26 +46,31 @@ class tripleo::profile::pacemaker::manila ( stop => '/bin/true', } - if $step >= 4 { - include ::tripleo::profile::base::manila::api - include ::tripleo::profile::base::manila::scheduler - include ::tripleo::profile::base::manila::share + include ::tripleo::profile::base::manila::api + include ::tripleo::profile::base::manila::scheduler + include ::tripleo::profile::base::manila::share + if $step >= 4 { + # manila generic: + $manila_generic_enable = hiera('manila_generic_enable_backend', false) if $manila_generic_enable { $manila_generic_backend = hiera('manila::backend::generic::title') manila::backend::generic { $manila_generic_backend : - driver_handles_share_servers => $driver_handles_share_servers, - smb_template_config_path => $smb_template_config_path, - volume_name_template => $volume_name_template , - volume_snapshot_name_template => $volume_snapshot_name_template, - share_mount_path => $share_mount_path, - max_time_to_create_volume => $max_time_to_create_volume, - max_time_to_attach => $max_time_to_attach, - service_instance_smb_config_path => $service_instance_smb_config_path, - share_volume_fstype => $share_volume_fstype, - cinder_volume_type => $cinder_volume_type, + driver_handles_share_servers => hiera('manila::backend::generic::driver_handles_share_servers', true), + max_time_to_attach => hiera('manila::backend::generic::max_time_to_attach'), + max_time_to_create_volume => hiera('manila::backend::generic::max_time_to_create_volume'), + service_instance_smb_config_path => hiera('manila::backend::generic::service_instance_smb_config_path'), + share_mount_path => hiera('manila::backend::generic::share_mount_path'), + share_volume_fstype => hiera('manila::backend::generic::share_volume_fstype'), + smb_template_config_path => hiera('manila::backend::generic::smb_template_config_path'), + volume_name_template => hiera('manila::backend::generic::volume_name_template'), + volume_snapshot_name_template => hiera('manila::backend::generic::volume_snapshot_name_template'), + cinder_volume_type => hiera('manila::backend::generic::cinder_volume_type'), } + $service_instance_user = hiera('manila::service_instance::service_instance_user') + $service_instance_password = hiera('manila::service_instance::service_instance_password') + $service_instance_flavor_id = hiera('manila::service_instance::service_instance_flavor_id') manila_config { "${manila_generic_backend}/service_instance_user": value => $service_instance_user; "${manila_generic_backend}/service_instance_password": value => $service_instance_password; @@ -181,22 +81,48 @@ class tripleo::profile::pacemaker::manila ( } # manila cephfsnative: + $manila_cephfsnative_enable = hiera('manila::backend::cephfsnative::enable_backend', false) if $manila_cephfsnative_enable { $manila_cephfsnative_backend = hiera('manila::backend::cephfsnative::title') manila::backend::cephfsnative { $manila_cephfsnative_backend : - driver_handles_share_servers => $cephfs_handles_share_servers, - cephfs_backend_name => $cephfs_backend_name, - cephfs_conf_path => $cephfs_conf_path, - cephfs_auth_id => $cephfs_auth_id, - cephfs_cluster_name => $cephfs_cluster_name, - cephfs_enable_snapshots => $cephfs_enable_snapshots, + driver_handles_share_servers => hiera('manila::backend::cephfsnative::driver_handles_share_servers', false), + share_backend_name => hiera('manila::backend::cephfsnative::share_backend_name'), + cephfs_conf_path => hiera('manila::backend::cephfsnative::cephfs_conf_path'), + cephfs_auth_id => hiera('manila::backend::cephfsnative::cephfs_auth_id'), + cephfs_cluster_name => hiera('manila::backend::cephfsnative::cephfs_cluster_name'), + cephfs_enable_snapshots => hiera('manila::backend::cephfsnative::cephfs_enable_snapshots'), + } + } + + # manila netapp: + $manila_netapp_enable = hiera('manila_netapp_enable_backend', false) + if $manila_netapp_enable { + $manila_netapp_backend = hiera('manila::backend::netapp::title') + manila::backend::netapp { $manila_netapp_backend : + driver_handles_share_servers => hiera('manila::backend::netapp::driver_handles_share_servers', true), + netapp_login => hiera('manila::backend::netapp::netapp_login'), + netapp_password => hiera('manila::backend::netapp::netapp_password'), + netapp_server_hostname => hiera('manila::backend::netapp::netapp_server_hostname'), + netapp_transport_type => hiera('manila::backend::netapp::netapp_transport_type'), + netapp_storage_family => hiera('manila::backend::netapp::netapp_storage_family'), + netapp_server_port => hiera('manila::backend::netapp::netapp_server_port'), + netapp_volume_name_template => hiera('manila::backend::netapp::netapp_volume_name_template'), + netapp_vserver => hiera('manila::backend::netapp::netapp_vserver'), + netapp_vserver_name_template => hiera('manila::backend::netapp::netapp_vserver_name_template'), + netapp_lif_name_template => hiera('manila::backend::netapp::netapp_lif_name_template'), + netapp_aggregate_name_search_pattern => hiera('manila::backend::netapp::netapp_aggregate_name_search_pattern'), + netapp_root_volume_aggregate => hiera('manila::backend::netapp::netapp_root_volume_aggregate'), + netapp_root_volume_name => hiera('manila::backend::netapp::netapp_root_volume'), + netapp_port_name_search_pattern => hiera('manila::backend::netapp::netapp_port_name_search_pattern'), + netapp_trace_flags => hiera('manila::backend::netapp::netapp_trace_flags'), } } $manila_enabled_backends = delete_undef_values( [ $manila_generic_backend, - $manila_cephfsnative_backend + $manila_cephfsnative_backend, + $manila_netapp_backend ] ) class { '::manila::backends' : diff --git a/manifests/ui.pp b/manifests/ui.pp new file mode 100644 index 0000000..0a12af0 --- /dev/null +++ b/manifests/ui.pp @@ -0,0 +1,108 @@ +# Copyright 2016 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# == Class: tripleo::ui +# +# Configure TripleO UI. +# +# === Parameters: +# +# [*servername*] +# The servername for the virtualhost. +# Optional. Defaults to $::fqdn +# +# [*bind_host*] +# The host/ip address Apache will listen on. +# Optional. Defaults to undef (listen on all ip addresses). +# +# [*ui_port*] +# The port on which the UI is listening. +# Defaults to 3000 +# +# [*keystone_url*] +# The keystone service url +# Defaults to hiera('keystone::endpoint::public_url') +# +# [*heat_url*] +# The heat service url +# Defaults to hiera('heat::keystone::auth::public_url') +# +# [*heat_url*] +# The heat service url +# Defaults to hiera('heat::keystone::auth::public_url') +# +# [*heat_url*] +# The heat service url +# Defaults to hiera('heat::keystone::auth::public_url') +# +# [*ironic_url*] +# The ironic service url +# Defaults to hiera('ironic::keystone::auth::public_url') +# +# [*mistral_url*] +# The mistral service url +# Defaults to hiera('mistral::keystone::auth::public_url') +# +# [*swift_url*] +# The swift service url +# Defaults to hiera('swift::keystone::auth::public_url') +# +# [*zaqar_websocket_url*] +# The zaqar websocket url +# Defaults to hiera('zaquar::keystone::auth_websocket::public_url') +# +# [*zaqar_default_queue*] +# The zaqar default queue +# A string. +# Defaults to 'tripleo' +# +class tripleo::ui ( + $servername = $::fqdn, + $bind_host = undef, + $ui_port = 3000, + $keystone_url = hiera('keystone::endpoint::public_url'), + $heat_url = hiera('heat::keystone::auth::public_url', undef), + $ironic_url = hiera('ironic::keystone::auth::public_url', undef), + $mistral_url = hiera('mistral::keystone::auth::public_url', undef), + $swift_url = hiera('swift::keystone::auth::public_url', undef), + $zaqar_websocket_url = hiera('zaqar::keystone::auth_websocket::public_url', undef), + $zaqar_default_queue = 'tripleo' +) { + + ::apache::vhost { 'tripleo-ui': + ensure => 'present', + servername => $servername, + ip => $bind_host, + port => $ui_port, + docroot => '/var/www/openstack-tripleo-ui/dist', + options => ['Indexes', 'FollowSymLinks'], + rewrites => [ + { + comment => 'Redirect 404 to index', + rewrite_cond => ['%{REQUEST_FILENAME} !-f', '%{REQUEST_FILENAME} !-d'], + rewrite_rule => ['(.*) index.html'], + }, + ], + } + + file { '/var/www/openstack-tripleo-ui/dist/tripleo_ui_config.js' : + ensure => file, + content => template('tripleo/ui/tripleo_ui_config.js.erb'), + owner => 'root', + group => 'root', + mode => '0644', + } + +} |