diff options
Diffstat (limited to 'manifests')
60 files changed, 3897 insertions, 723 deletions
diff --git a/manifests/certmonger/rabbitmq.pp b/manifests/certmonger/rabbitmq.pp new file mode 100644 index 0000000..344adef --- /dev/null +++ b/manifests/certmonger/rabbitmq.pp @@ -0,0 +1,79 @@ +# Copyright 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::certmonger::rabbitmq +# +# Request a certificate for RabbitMQ and do the necessary setup. +# +# === Parameters +# +# [*hostname*] +# The hostname of the node. this will be set in the CN of the certificate. +# +# [*service_certificate*] +# The path to the certificate that will be used for TLS in this service. +# +# [*service_key*] +# The path to the key that will be used for TLS in this service. +# +# [*certmonger_ca*] +# (Optional) The CA that certmonger will use to generate the certificates. +# Defaults to hiera('certmonger_ca', 'local'). +# +# [*file_owner*] +# (Optional) The user which the certificate and key files belong to. +# Defaults to 'root' +# +# [*principal*] +# (Optional) The service principal that is set for the service in kerberos. +# Defaults to undef +# +class tripleo::certmonger::rabbitmq ( + $hostname, + $service_certificate, + $service_key, + $certmonger_ca = hiera('certmonger_ca', 'local'), + $principal = undef, +) { + include ::certmonger + include ::rabbitmq::params + + $postsave_cmd = "systemctl restart ${::rabbitmq::params::service_name}" + certmonger_certificate { 'rabbitmq' : + ensure => 'present', + certfile => $service_certificate, + keyfile => $service_key, + hostname => $hostname, + dnsname => $hostname, + principal => $principal, + postsave_cmd => $postsave_cmd, + ca => $certmonger_ca, + wait => true, + require => Class['::certmonger'], + } + + file { $service_certificate : + owner => $::rabbitmq::params::rabbitmq_user, + group => $::rabbitmq::params::rabbitmq_group, + require => Certmonger_certificate['rabbitmq'], + } + file { $service_key : + owner => $::rabbitmq::params::rabbitmq_user, + group => $::rabbitmq::params::rabbitmq_group, + require => Certmonger_certificate['rabbitmq'], + } + + File[$service_certificate] ~> Service<| title == $::rabbitmq::params::service_name |> + File[$service_key] ~> Service<| title == $::rabbitmq::params::service_name |> +} diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index f34c58f..517df4b 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -64,6 +64,26 @@ # Can be a string or an array. # Defaults to undef # +# [*contrail_config_hosts*] +# (optional) Specify the contrail config hosts ips. +# Defaults to hiera('contrail_config_node_ips') +# +# [*contrail_config_hosts_names*] +# (optional) Specify the contrail config hosts. +# Defaults to hiera('contrail_config_node_ips') +# +# [*contrail_config*] +# (optional) Switch to check that contrail config is enabled. +# Defaults to hiera('contrail_config_enabled') +# +# [*contrail_webui*] +# (optional) Switch to check that contrail config is enabled. +# Defaults to hiera('contrail_webui_enabled') +# +# [*contrail_analytics*] +# (optional) Switch to check that contrail config is enabled. +# Defaults to hiera('contrail_analytics_enabled') +# # [*public_virtual_ip*] # Public IP or group of IPs to bind the pools # Can be a string or an array. @@ -519,6 +539,11 @@ class tripleo::haproxy ( $haproxy_stats_password = undef, $controller_hosts = hiera('controller_node_ips'), $controller_hosts_names = hiera('controller_node_names', undef), + $contrail_config_hosts = hiera('contrail_config_node_ips', undef), + $contrail_config_hosts_names = hiera('contrail_config_node_names', undef), + $contrail_analytics = hiera('contrail_analytics_enabled', false), + $contrail_config = hiera('contrail_config_enabled', false), + $contrail_webui = hiera('contrail_webui_enabled', false), $service_certificate = undef, $use_internal_certificates = false, $internal_certificates_specs = {}, @@ -616,6 +641,14 @@ class tripleo::haproxy ( cinder_api_ssl_port => 13776, congress_api_port => 1789, congress_api_ssl_port => 13789, + contrail_config_port => 8082, + contrail_config_ssl_port => 18082, + contrail_discovery_port => 5998, + contrail_discovery_ssl_port => 15998, + contrail_analytics_port => 8090, + contrail_analytics_ssl_port => 18090, + contrail_webui_http_port => 8080, + contrail_webui_https_port => 8143, docker_registry_port => 8787, docker_registry_ssl_port => 13787, glance_api_port => 9292, @@ -1011,7 +1044,7 @@ class tripleo::haproxy ( }, public_ssl_port => $ports[nova_api_ssl_port], service_network => $nova_osapi_network, - member_options => union($haproxy_member_options, $internal_tls_member_options), + #member_options => union($haproxy_member_options, $internal_tls_member_options), } } @@ -1232,6 +1265,7 @@ class tripleo::haproxy ( listen_options => $heat_options, public_ssl_port => $ports[heat_api_ssl_port], service_network => $heat_api_network, + member_options => union($haproxy_member_options, $internal_tls_member_options), } } @@ -1246,6 +1280,7 @@ class tripleo::haproxy ( listen_options => $heat_options, public_ssl_port => $ports[heat_cw_ssl_port], service_network => $heat_cloudwatch_network, + member_options => union($haproxy_member_options, $internal_tls_member_options), } } @@ -1260,6 +1295,7 @@ class tripleo::haproxy ( listen_options => $heat_options, public_ssl_port => $ports[heat_cfn_ssl_port], service_network => $heat_cfn_network, + member_options => union($haproxy_member_options, $internal_tls_member_options), } } @@ -1561,5 +1597,50 @@ class tripleo::haproxy ( public_ssl_port => $ports[ui_ssl_port], } } - + if $contrail_config { + ::tripleo::haproxy::endpoint { 'contrail_config': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_config_vip', $controller_virtual_ip), + service_port => $ports[contrail_config_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_config_ssl_port], + } + ::tripleo::haproxy::endpoint { 'contrail_discovery': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_config_vip', $controller_virtual_ip), + service_port => $ports[contrail_discovery_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_discovery_ssl_port], + } + } + if $contrail_analytics { + ::tripleo::haproxy::endpoint { 'contrail_analytics': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_analytics_vip', $controller_virtual_ip), + service_port => $ports[contrail_analytics_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_analytics_ssl_port], + } + } + if $contrail_webui { + ::tripleo::haproxy::endpoint { 'contrail_webui_http': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_webui_vip', $controller_virtual_ip), + service_port => $ports[contrail_webui_http_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_webui_http_port], + } + ::tripleo::haproxy::endpoint { 'contrail_webui_https': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_webui_vip', $controller_virtual_ip), + service_port => $ports[contrail_webui_https_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_webui_https_port], + } + } } diff --git a/manifests/host/sriov/numvfs_persistence.pp b/manifests/host/sriov/numvfs_persistence.pp index ec8c875..4c6af83 100644 --- a/manifests/host/sriov/numvfs_persistence.pp +++ b/manifests/host/sriov/numvfs_persistence.pp @@ -4,7 +4,7 @@ # === Parameters: # # [*vf_defs*] -# (required) Array of of <physical_interface>:<numvfs>. +# (required) Array of <physical_interface>:<numvfs>. # Example: ['eth1:10','eth2:8'] # # [*content_string*] diff --git a/manifests/network/contrail/analytics.pp b/manifests/network/contrail/analytics.pp index 4359a43..e34c7e6 100644 --- a/manifests/network/contrail/analytics.pp +++ b/manifests/network/contrail/analytics.pp @@ -43,6 +43,21 @@ # String value. # Defaults to hiera('contrail::admin_user') # +# [*api_server*] +# (optional) IP address of api server +# String value. +# Defaults to hiera('contrail_config_vip') +# +# [*api_port*] +# (optional) port of api server +# String value. +# Defaults to hiera('contrail::api_port') +# +# [*analytics_aaa_mode*] +# (optional) analytics aaa mode parameter +# String value. +# Defaults to hiera('contrail::analytics_aaa_mode') +# # [*auth_host*] # (optional) keystone server ip address # String (IPv4) value. @@ -53,11 +68,26 @@ # Integer value. # Defaults to hiera('contrail::auth_port') # +# [*auth_port_ssl*] +# (optional) keystone ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl') +# # [*auth_protocol*] # (optional) authentication protocol. # String value. # Defaults to hiera('contrail::auth_protocol') # +# [*ca_file*] +# (optional) ca file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*cert_file*] +# (optional) cert file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# # [*cassandra_server_list*] # (optional) List IPs+port of Cassandra servers # Array of strings value. @@ -76,7 +106,7 @@ # [*disc_server_ip*] # (optional) IPv4 address of discovery server. # String (IPv4) value. -# Defaults to hiera('contrail::disc_server_ip') +# Defaults to hiera('contrail_config_vip') # # [*disc_server_port*] # (optional) port Discovery server listens on. @@ -103,6 +133,31 @@ # String (IPv4) value + port # Defaults to hiera('contrail::memcached_server') # +# [*public_vip*] +# (optional) Public virtual IP address +# String (IPv4) value +# Defaults to hiera('public_virtual_ip') +# +# [*rabbit_server*] +# (optional) IPv4 addresses of rabbit server. +# Array of String (IPv4) value. +# Defaults to hiera('rabbitmq_node_ips') +# +# [*rabbit_user*] +# (optional) Rabbit user +# String value. +# Defaults to hiera('contrail::rabbit_user') +# +# [*rabbit_password*] +# (optional) Rabbit password +# String value. +# Defaults to hiera('contrail::rabbit_password') +# +# [*rabbit_port*] +# (optional) port of rabbit server +# String value. +# Defaults to hiera('contrail::rabbit_port') +# # [*redis_server*] # (optional) IPv4 address of redis server. # String (IPv4) value. @@ -123,123 +178,209 @@ # Integer value. # Defaults to 8081 # +# [*step*] +# (optional) Step stack is in +# Integer value. +# Defaults to hiera('step') +# # [*zk_server_ip*] # (optional) List IPs+port of Zookeeper servers # Array of strings value. # Defaults to hiera('contrail::zk_server_ip') # class tripleo::network::contrail::analytics( - $host_ip, - $admin_password = hiera('contrail::admin_password'), - $admin_tenant_name = hiera('contrail::admin_tenant_name'), - $admin_token = hiera('contrail::admin_token'), - $admin_user = hiera('contrail::admin_user'), - $auth_host = hiera('contrail::auth_host'), - $auth_port = hiera('contrail::auth_port'), - $auth_protocol = hiera('contrail::auth_protocol'), - $cassandra_server_list = hiera('contrail::cassandra_server_list'), - $collector_http_server_port = 8089, - $collector_sandesh_port = 8086, - $disc_server_ip = hiera('contrail::disc_server_ip'), - $disc_server_port = hiera('contrail::disc_server_port'), - $http_server_port = 8090, - $insecure = hiera('contrail::insecure'), - $kafka_broker_list = hiera('contrail::kafka_broker_list'), - $memcached_servers = hiera('contrail::memcached_server'), - $redis_server = '127.0.0.1', - $redis_server_port = 6379, - $rest_api_ip = '0.0.0.0', - $rest_api_port = 8081, - $zk_server_ip = hiera('contrail::zk_server_ip'), + $step = hiera('step'), + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $api_server = hiera('contrail_config_vip'), + $api_port = hiera('contrail::api_port'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_protocol = hiera('contrail::auth_protocol'), + $auth_port_ssl = hiera('contrail::auth_port_ssl'), + $analytics_aaa_mode = hiera('contrail::analytics_aaa_mode'), + $cassandra_server_list = hiera('contrail_analytics_database_node_ips'), + $ca_file = hiera('contrail::service_certificate',false), + $cert_file = hiera('contrail::service_certificate',false), + $collector_http_server_port = hiera('contrail::analytics::collector_http_server_port'), + $collector_sandesh_port = hiera('contrail::analytics::collector_sandesh_port'), + $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $http_server_port = hiera('contrail::analytics::http_server_port'), + $host_ip = hiera('contrail::analytics::host_ip'), + $insecure = hiera('contrail::insecure'), + $kafka_broker_list = hiera('contrail_analytics_database_node_ips'), + $memcached_servers = hiera('contrail::memcached_server'), + $public_vip = hiera('public_virtual_ip'), + $rabbit_server = hiera('rabbitmq_node_ips'), + $rabbit_user = hiera('contrail::rabbit_user'), + $rabbit_password = hiera('contrail::rabbit_password'), + $rabbit_port = hiera('contrail::rabbit_port'), + $redis_server = hiera('contrail::analytics::redis_server'), + $redis_server_port = hiera('contrail::analytics::redis_server_port'), + $rest_api_ip = hiera('contrail::analytics::rest_api_ip'), + $rest_api_port = hiera('contrail::analytics::rest_api_port'), + $zk_server_ip = hiera('contrail_database_node_ips'), ) { - class {'::contrail::keystone': - keystone_config => { - 'KEYSTONE' => { + $cassandra_server_list_9042 = join([join($cassandra_server_list, ':9042 '),':9042'],'') + $kafka_broker_list_9092 = join([join($kafka_broker_list, ':9092 '),':9092'],'') + $rabbit_server_list_5672 = join([join($rabbit_server, ":${rabbit_port},"),":${rabbit_port}"],'') + $redis_config = "bind ${host_ip} 127.0.0.1" + $zk_server_ip_2181 = join([join($zk_server_ip, ':2181 '),':2181'],'') + $zk_server_ip_2181_comma = join([join($zk_server_ip, ':2181,'),':2181'],'') + + if $auth_protocol == 'https' { + $keystone_config = { 'admin_password' => $admin_password, 'admin_tenant_name' => $admin_tenant_name, - 'admin_token' => $admin_token, 'admin_user' => $admin_user, 'auth_host' => $auth_host, - 'auth_port' => $auth_port, + 'auth_port' => $auth_port_ssl, 'auth_protocol' => $auth_protocol, 'insecure' => $insecure, - 'memcached_servers' => $memcached_servers, - }, - }, - } -> - class {'::contrail::analytics': - analytics_api_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'host_ip' => $host_ip, - 'http_server_port' => $http_server_port, - 'redis_server' => $redis_server, - 'rest_api_ip' => $rest_api_ip, - 'rest_api_port' => $rest_api_port, - }, - 'DISCOVERY' => { - 'disc_server_ip' => $disc_server_ip, - 'disc_server_port' => $disc_server_port, - }, - 'REDIS' => { - 'redis_server_port' => $redis_server_port, - 'redis_query_port' => $redis_server_port, - 'server' => $redis_server, - }, - }, - collector_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'disc_server_ip' => $disc_server_ip, - 'hostip' => $host_ip, - 'http_server_port' => $collector_http_server_port, - 'kafka_broker_list' => $kafka_broker_list, - 'zookeeper_server_list' => $zk_server_ip, - }, - 'COLLECTOR' => { - 'port' => $collector_sandesh_port, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, + 'AUTHN_PORT' => $auth_port_ssl, + 'AUTHN_PROTOCOL' => $auth_protocol, + 'certfile' => $cert_file, + 'cafile' => $ca_file, }, - 'DISCOVERY' => { - 'port' => $disc_server_port, - 'server' => $disc_server_ip, + } + } else { + $keystone_config = { + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_user' => $admin_user, + 'auth_host' => $auth_host, + 'auth_port' => $auth_port, + 'auth_protocol' => $auth_protocol, + 'insecure' => $insecure, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, }, - 'REDIS' => { - 'port' => $redis_server_port, - 'server' => $redis_server, + } + } + if $step >= 3 { + class {'::contrail::analytics': + alarm_gen_config => { + 'DEFAULTS' => { + 'host_ip' => $host_ip, + 'kafka_broker_list' => $kafka_broker_list_9092, + 'rabbitmq_server_list' => $rabbit_server_list_5672, + 'rabbitmq_user' => $rabbit_user, + 'rabbitmq_password' => $rabbit_password, + 'zk_list' => $zk_server_ip_2181, + }, + 'DISCOVERY' => { + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + }, }, - }, - query_engine_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'hostip' => $host_ip, + analytics_nodemgr_config => { + 'DISCOVERY' => { + 'server' => $disc_server_ip, + 'port' => $disc_server_port, + }, }, - 'DISCOVERY' => { - 'port' => $disc_server_port, - 'server' => $disc_server_ip, + analytics_api_config => { + 'DEFAULTS' => { + 'api_server' => "${api_server}:${api_port}", + 'aaa_mode' => $analytics_aaa_mode, + 'cassandra_server_list' => $cassandra_server_list_9042, + 'host_ip' => $host_ip, + 'http_server_port' => $http_server_port, + 'rest_api_ip' => $rest_api_ip, + 'rest_api_port' => $rest_api_port, + }, + 'DISCOVERY' => { + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + }, + 'REDIS' => { + 'redis_server_port' => $redis_server_port, + 'redis_query_port' => $redis_server_port, + 'server' => $redis_server, + }, + 'KEYSTONE' => $keystone_config, }, - 'REDIS' => { - 'port' => $redis_server_port, - 'server' => $redis_server, + collector_config => { + 'DEFAULT' => { + 'cassandra_server_list' => $cassandra_server_list_9042, + 'hostip' => $host_ip, + 'http_server_port' => $collector_http_server_port, + 'kafka_broker_list' => $kafka_broker_list_9092, + 'zookeeper_server_list' => $zk_server_ip_2181_comma, + }, + 'COLLECTOR' => { + 'port' => $collector_sandesh_port, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + 'REDIS' => { + 'port' => $redis_server_port, + 'server' => $redis_server, + }, }, - }, - snmp_collector_config => { - 'DEFAULTS' => { - 'zk_server_ip' => $zk_server_ip, + query_engine_config => { + 'DEFAULT' => { + 'cassandra_server_list' => $cassandra_server_list_9042, + 'hostip' => $host_ip, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + 'REDIS' => { + 'port' => $redis_server_port, + 'server' => $redis_server, + }, }, - 'DISCOVERY' => { - 'disc_server_ip' => $disc_server_ip, - 'disc_server_port' => $disc_server_port, + snmp_collector_config => { + 'DEFAULTS' => { + 'zookeeper' => $zk_server_ip_2181_comma, + }, + 'DISCOVERY' => { + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + }, }, - }, - topology_config => { - 'DEFAULTS' => { - 'zk_server_ip' => $zk_server_ip, + redis_config => $redis_config, + topology_config => { + 'DEFAULTS' => { + 'zookeeper' => $zk_server_ip_2181_comma, + }, + 'DISCOVERY' => { + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + }, }, - 'DISCOVERY' => { - 'disc_server_ip' => $disc_server_ip, - 'disc_server_port' => $disc_server_port, + vnc_api_lib_config => $vnc_api_lib_config, + keystone_config => { + 'KEYSTONE' => $keystone_config, }, - }, + } + } + if $step >= 5 { + class {'::contrail::analytics::provision_analytics': + api_address => $api_server, + api_port => $api_port, + analytics_node_address => $host_ip, + analytics_node_name => $::fqdn, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + openstack_vip => $public_vip, + } } } diff --git a/manifests/network/contrail/analyticsdatabase.pp b/manifests/network/contrail/analyticsdatabase.pp new file mode 100644 index 0000000..88b0327 --- /dev/null +++ b/manifests/network/contrail/analyticsdatabase.pp @@ -0,0 +1,202 @@ +# +# Copyright (C) 2015 Juniper Networks +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::network::contrail::analyticsdatabase +# +# Configure Contrail Analytics Database services +# +# == Parameters: +# +# [*auth_host*] +# (optional) IPv4 VIP of Keystone +# String (IPv4) value +# Defaults to hiera('contrail::auth_host') +# +# [*auth_port_ssl*] +# (optional) keystone ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl') +# +# [*auth_protocol*] +# (optional) authentication protocol. +# String value. +# Defaults to hiera('contrail::auth_protocol') +# +# [*api_server*] +# (optional) IPv4 VIP of Contrail Config API +# String (IPv4) value +# Defaults to hiera('contrail_config_vip') +# +# [*api_port*] +# (optional) Port of Contrail Config API +# String value +# Defaults to hiera('contrail::api_port') +# +# [*admin_password*] +# (optional) Keystone Admin password +# String value +# Defaults to hiera('contrail::admin_password') +# +# [*admin_tenant_name*] +# (optional) Keystone Admin tenant name +# String value +# Defaults to hiera('contrail::admin_tenant_name') +# +# [*admin_token*] +# (optional) Keystone Admin token +# String value +# Defaults to hiera('contrail::admin_token') +# +# [*admin_user*] +# (optional) Keystone Admin user +# String value +# Defaults to hiera('contrail::admin_user') +# +# [*ca_file*] +# (optional) ca file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*cert_file*] +# (optional) cert file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*cassandra_servers*] +# (optional) List of analytics cassandra servers +# List (IPv4) value +# Defaults to hiera('contrail_analytics_database_node_ips') +# +# [*disc_server_ip*] +# (optional) IPv4 VIP of Contrail Discovery +# String (IPv4) value +# Defaults to hiera('contrail_config_vip') +# +# [*disc_server_port*] +# (optional) port Discovery server listens on. +# Integer value. +# Defaults to hiera('contrail::disc_server_port') +# +# [*host_ip*] +# (optional) host IP address of Database node +# String (IPv4) value. +# Defaults to hiera('contrail::analytics::database::host_ip') +# +# [*host_name*] +# (optional) host name of database node +# String value +# Defaults to $::hostname +# +# [*kafka_hostnames*] +# (optional) list of kafka server hostnames +# List value +# Defaults to hiera('contrail_analytics_database_short_node_names', '') +# +# [*public_vip*] +# (optional) Public VIP +# String (IPv4) value +# Defaults to hiera('public_virtual_ip') +# +# [*step*] +# (optional) step in the stack +# String value +# Defaults to hiera('step') +# +# [*zookeeper_server_ips*] +# (optional) list of zookeeper server IPs +# List value +# Defaults to hiera('contrail_database_node_ips') +# +class tripleo::network::contrail::analyticsdatabase( + $step = hiera('step'), + $auth_host = hiera('contrail::auth_host'), + $api_server = hiera('contrail_config_vip'), + $api_port = hiera('contrail::api_port'), + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $auth_port_ssl = hiera('contrail::auth_port_ssl'), + $auth_protocol = hiera('contrail::auth_protocol'), + $cassandra_servers = hiera('contrail_analytics_database_node_ips'), + $ca_file = hiera('contrail::service_certificate',false), + $cert_file = hiera('contrail::service_certificate',false), + $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $host_ip = hiera('contrail::analytics::database::host_ip'), + $host_name = $::hostname, + $kafka_hostnames = hiera('contrail_analytics_database_short_node_names', ''), + $public_vip = hiera('public_virtual_ip'), + $zookeeper_server_ips = hiera('contrail_database_node_ips'), +) +{ + if $auth_protocol == 'https' { + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, + 'AUTHN_PORT' => $auth_port_ssl, + 'AUTHN_PROTOCOL' => $auth_protocol, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + }, + } + } else { + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, + }, + } + } + if $step == 2 { + class {'::contrail::analyticsdatabase': + analyticsdatabase_params => { + 'auth_host' => $auth_host, + 'api_server' => $api_server, + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_user' => $admin_user, + 'cassandra_servers' => $cassandra_servers, + 'host_ip' => $host_ip, + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + 'kafka_hostnames' => $kafka_hostnames, + 'zookeeper_server_ips' => $zookeeper_server_ips, + database_nodemgr_config => { + 'DEFAULT' => { + 'hostip' => $host_ip, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + }, + vnc_api_lib_config => $vnc_api_lib_config, + } + } + } + if $step >= 5 { + class {'::contrail::database::provision_database': + api_address => $api_server, + api_port => $api_port, + database_node_address => $host_ip, + database_node_name => $host_name, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + openstack_vip => $public_vip, + } + } +} diff --git a/manifests/network/contrail/config.pp b/manifests/network/contrail/config.pp index 7b9c85f..d02ab44 100644 --- a/manifests/network/contrail/config.pp +++ b/manifests/network/contrail/config.pp @@ -19,21 +19,11 @@ # # == Parameters: # -# [*ifmap_password*] -# (required) ifmap password -# String value. -# -# [*ifmap_server_ip*] -# (required) ifmap server ip address. -# String value. # -# [*ifmap_username*] -# (required) ifmap username +# [*aaa_mode*] +# (optional) aaa mode parameter # String value. -# -# [*rabbit_server*] -# (required) IPv4 address of rabbit server. -# String (IPv4) value. +# Defaults to hiera('contrail::aaa_mode') # # [*admin_password*] # (optional) admin password @@ -55,6 +45,16 @@ # String value. # Defaults to hiera('contrail::admin_user') # +# [*api_server*] +# (optional) VIP of Config API +# String (IPv4) value. +# Defaults to hiera('contrail_config_vip') +# +# [*api_port*] +# (optional) Port of Config API +# String value. +# Defaults to hiera('contrail::api_port') +# # [*auth*] # (optional) Authentication method. # Defaults to hiera('contrail::auth') @@ -68,81 +68,232 @@ # (optional) keystone port. # Defaults to hiera('contrail::auth_port') # +# [*auth_port_ssl*] +# (optional) keystone ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl') +# # [*auth_protocol*] # (optional) authentication protocol. # Defaults to hiera('contrail::auth_protocol') # +# [*ca_file*] +# (optional) ca file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*cert_file*] +# (optional) cert file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# # [*cassandra_server_list*] # (optional) List IPs+port of Cassandra servers # Array of strings value. # Defaults to hiera('contrail::cassandra_server_list') # +# [*config_hostnames*] +# (optional) Config hostname list +# Array of string value. +# Defaults to hiera('contrail_config_short_node_names') +# +# [*control_server_list*] +# (optional) IPv4 addresses of control server. +# Array of string (IPv4) value. +# Defaults to hiera('contrail_control_node_ips') +# # [*disc_server_ip*] # (optional) IPv4 address of discovery server. # String (IPv4) value. -# Defaults to hiera('contrail::disc_server_ip') +# Defaults to hiera('contrail_config_vip'), +# +# [*disc_server_port*] +# (optional) port of discovery server +# String value. +# Defaults to hiera('contrail::disc_server_port') +# +# [*host_ip*] +# (optional) IPv4 address of Config server +# String (IPv4) value. +# Defaults to hiera('contrail::config::host_ip') +# +# [*ifmap_password*] +# (optional) ifmap password +# String value. +# Defaults to hiera('contrail::config::ifmap_password') +# +# [*ifmap_server_ip*] +# (optional) ifmap server ip address. +# String value. +# Defaults to hiera('contrail::config::host_ip') +# +# [*ifmap_username*] +# (optional) ifmap username +# String value. +# Defaults to hiera('contrail::config::ifmap_password') # # [*insecure*] # (optional) insecure mode. # Defaults to hiera('contrail::insecure') # +# [*ipfabric_service_port*] +# (optional) linklocal ip fabric port +# String value +# Defaults to 8775 +# # [*listen_ip_address*] # (optional) IP address to listen on. # String (IPv4) value. -# Defaults to '0.0.0.0' +# Defaults to hiera('contrail::config::listen_ip_address') # # [*listen_port*] # (optional) Listen port for config-api -# Defaults to 8082 +# Defaults to hiera('contrail::api_port') +# +# [*linklocal_service_name*] +# (optional) name of link local service +# String value +# Defaults to metadata +# +# [*linklocal_service_port*] +# (optional) port of link local service +# String value +# Defaults to 80 +# +# [*linklocal_service_name*] +# (optional) name of link local service +# String value +# Defaults to metadata +# +# [*linklocal_service_ip*] +# (optional) IPv4 address of link local service +# String (IPv4) value +# Defaults to 169.254.169.254 # # [*memcached_servers*] # (optional) IPv4 address of memcached servers # String (IPv4) value + port # Defaults to hiera('contrail::memcached_server') # -# [*multi_tenancy*] -# (optional) Defines if mutli-tenancy is enabled. -# Defaults to hiera('contrail::multi_tenancy') +# [*public_vip*] +# (optional) Public virtual ip +# String value. +# Defaults to hiera('public_virtual_ip') +# +# [*step*] +# (optional) Step stack is in +# Integer value. +# Defaults to hiera('step') +# +# [*rabbit_server*] +# (optional) rabbit server +# Array of string value. +# Defaults to hiera('rabbitmq_node_ips') +# +# [*rabbit_user*] +# (optional) rabbit user +# String value. +# Defaults to hiera('contrail::rabbit_user') +# +# [*rabbit_password*] +# (optional) rabbit password +# String value. +# Defaults to hiera('contrail::rabbit_password') +# +# [*rabbit_port*] +# (optional) rabbit server port +# String value. +# Defaults to hiera('contrail::rabbit_port') # # [*redis_server*] # (optional) IPv4 address of redis server. # String (IPv4) value. -# Defaults to '127.0.0.1' +# Defaults to hiera('contrail::config::redis_server') # # [*zk_server_ip*] # (optional) List IPs+port of Zookeeper servers # Array of strings value. -# Defaults to hiera('contrail::zk_server_ip') +# Defaults to hiera('contrail_database_node_ips') # class tripleo::network::contrail::config( - $ifmap_password, - $ifmap_server_ip, - $ifmap_username, - $rabbit_server, - $admin_password = hiera('contrail::admin_password'), - $admin_tenant_name = hiera('contrail::admin_tenant_name'), - $admin_token = hiera('contrail::admin_token'), - $admin_user = hiera('contrail::admin_user'), - $auth = hiera('contrail::auth'), - $auth_host = hiera('contrail::auth_host'), - $auth_port = hiera('contrail::auth_port'), - $auth_protocol = hiera('contrail::auth_protocol'), - $cassandra_server_list = hiera('contrail::cassandra_server_list'), - $disc_server_ip = hiera('contrail::disc_server_ip'), - $insecure = hiera('contrail::insecure'), - $listen_ip_address = '0.0.0.0', - $listen_port = 8082, - $memcached_servers = hiera('contrail::memcached_server'), - $multi_tenancy = hiera('contrail::multi_tenancy'), - $redis_server = '127.0.0.1', - $zk_server_ip = hiera('contrail::zk_server_ip'), + $step = hiera('step'), + $aaa_mode = hiera('contrail::aaa_mode'), + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $api_server = hiera('contrail_config_vip'), + $api_port = hiera('contrail::api_port'), + $auth = hiera('contrail::auth'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_port_ssl = hiera('contrail::auth_port_ssl'), + $auth_protocol = hiera('contrail::auth_protocol'), + $cassandra_server_list = hiera('contrail_database_node_ips'), + $ca_file = hiera('contrail::service_certificate',false), + $cert_file = hiera('contrail::service_certificate',false), + $config_hostnames = hiera('contrail_config_short_node_names'), + $control_server_list = hiera('contrail_control_node_ips'), + $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $host_ip = hiera('contrail::config::host_ip'), + $ifmap_password = hiera('contrail::config::ifmap_password'), + $ifmap_server_ip = hiera('contrail::config::host_ip'), + $ifmap_username = hiera('contrail::config::ifmap_username'), + $insecure = hiera('contrail::insecure'), + $ipfabric_service_port = 8775, + $listen_ip_address = hiera('contrail::config::listen_ip_address'), + $listen_port = hiera('contrail::api_port'), + $linklocal_service_port = 80, + $linklocal_service_name = 'metadata', + $linklocal_service_ip = '169.254.169.254', + $memcached_servers = hiera('contrail::memcached_server'), + $public_vip = hiera('public_virtual_ip'), + $rabbit_server = hiera('rabbitmq_node_ips'), + $rabbit_user = hiera('contrail::rabbit_user'), + $rabbit_password = hiera('contrail::rabbit_password'), + $rabbit_port = hiera('contrail::rabbit_port'), + $redis_server = hiera('contrail::config::redis_server'), + $zk_server_ip = hiera('contrail_database_node_ips'), ) { validate_ip_address($listen_ip_address) validate_ip_address($disc_server_ip) validate_ip_address($ifmap_server_ip) - class {'::contrail::keystone': - keystone_config => { + $basicauthusers_property_control = map($control_server_list) |$item| { "${item}.control:${item}.control" } + $basicauthusers_property_dns = $control_server_list.map |$item| { "${item}.dns:${item}.dns" } + $basicauthusers_property = concat($basicauthusers_property_control, $basicauthusers_property_dns) + $cassandra_server_list_9160 = join([join($cassandra_server_list, ':9160 '),':9160'],'') + $rabbit_server_list_5672 = join([join($rabbit_server, ':5672,'),':5672'],'') + $zk_server_ip_2181 = join([join($zk_server_ip, ':2181,'),':2181'],'') + + if $auth_protocol == 'https' { + $keystone_config = { + 'KEYSTONE' => { + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_user' => $admin_user, + 'auth_host' => $auth_host, + 'auth_port' => $auth_port_ssl, + 'auth_protocol' => $auth_protocol, + 'insecure' => $insecure, + 'memcached_servers' => $memcached_servers, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + }, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, + 'AUTHN_PORT' => $auth_port_ssl, + 'AUTHN_PROTOCOL' => $auth_protocol, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + }, + } + } else { + $keystone_config = { 'KEYSTONE' => { 'admin_password' => $admin_password, 'admin_tenant_name' => $admin_tenant_name, @@ -154,62 +305,116 @@ class tripleo::network::contrail::config( 'insecure' => $insecure, 'memcached_servers' => $memcached_servers, }, - }, - } -> - class {'::contrail::config': - api_config => { - 'DEFAULTS' => { - 'auth' => $auth, - 'cassandra_server_list' => $cassandra_server_list, - 'disc_server_ip' => $disc_server_ip, - 'ifmap_password' => $ifmap_password, - 'ifmap_server_ip' => $ifmap_server_ip, - 'ifmap_username' => $ifmap_username, - 'listen_ip_addr' => $listen_ip_address, - 'listen_port' => $listen_port, - 'multi_tenancy' => $multi_tenancy, - 'rabbit_server' => $rabbit_server, - 'redis_server' => $redis_server, - 'zk_server_ip' => $zk_server_ip, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, }, - }, - device_manager_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'disc_server_ip' => $disc_server_ip, - 'rabbit_server' => $rabbit_server, - 'redis_server' => $redis_server, - 'zk_server_ip' => $zk_server_ip, + } + } + if $step >= 3 { + class {'::contrail::config': + api_config => { + 'DEFAULTS' => { + 'aaa_mode' => $aaa_mode, + 'auth' => $auth, + 'cassandra_server_list' => $cassandra_server_list_9160, + 'disc_server_ip' => $disc_server_ip, + 'ifmap_password' => $ifmap_password, + 'ifmap_server_ip' => $ifmap_server_ip, + 'ifmap_username' => $ifmap_username, + 'listen_ip_addr' => $listen_ip_address, + 'listen_port' => $listen_port, + 'rabbit_server' => $rabbit_server_list_5672, + 'rabbit_user' => $rabbit_user, + 'rabbit_password' => $rabbit_password, + 'redis_server' => $redis_server, + 'zk_server_ip' => $zk_server_ip_2181, + }, }, - }, - schema_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'disc_server_ip' => $disc_server_ip, - 'ifmap_password' => $ifmap_password, - 'ifmap_server_ip' => $ifmap_server_ip, - 'ifmap_username' => $ifmap_username, - 'rabbit_server' => $rabbit_server, - 'redis_server' => $redis_server, - 'zk_server_ip' => $zk_server_ip, + basicauthusers_property => $basicauthusers_property, + config_nodemgr_config => { + 'DISCOVERY' => { + 'server' => $disc_server_ip, + 'port' => $disc_server_port, + }, }, - }, - discovery_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'zk_server_ip' => $zk_server_ip, + device_manager_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list_9160, + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + 'rabbit_server' => $rabbit_server_list_5672, + 'rabbit_user' => $rabbit_user, + 'rabbit_password' => $rabbit_password, + 'redis_server' => $redis_server, + 'zk_server_ip' => $zk_server_ip_2181, + }, }, - }, - svc_monitor_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'disc_server_ip' => $disc_server_ip, - 'ifmap_password' => $ifmap_password, - 'ifmap_server_ip' => $ifmap_server_ip, - 'ifmap_username' => $ifmap_username, - 'rabbit_server' => $rabbit_server, - 'redis_server' => $redis_server, + discovery_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list_9160, + 'zk_server_ip' => $zk_server_ip_2181, + }, }, - }, + keystone_config => $keystone_config, + schema_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list_9160, + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + 'ifmap_password' => $ifmap_password, + 'ifmap_server_ip' => $ifmap_server_ip, + 'ifmap_username' => $ifmap_username, + 'rabbit_server' => $rabbit_server_list_5672, + 'rabbit_user' => $rabbit_user, + 'rabbit_password' => $rabbit_password, + 'redis_server' => $redis_server, + 'zk_server_ip' => $zk_server_ip_2181, + }, + }, + svc_monitor_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list_9160, + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + 'ifmap_password' => $ifmap_password, + 'ifmap_server_ip' => $ifmap_server_ip, + 'ifmap_username' => $ifmap_username, + 'rabbit_server' => $rabbit_server_list_5672, + 'rabbit_user' => $rabbit_user, + 'rabbit_password' => $rabbit_password, + 'redis_server' => $redis_server, + 'zk_server_ip' => $zk_server_ip_2181, + }, + }, + vnc_api_lib_config => $vnc_api_lib_config, + } + } + if $step >= 5 { + class {'::contrail::config::provision_config': + api_address => $api_server, + api_port => $api_port, + config_node_address => $host_ip, + config_node_name => $::hostname, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + openstack_vip => $public_vip, + } + if $config_hostnames[0] == $::hostname { + class {'::contrail::config::provision_linklocal': + api_address => $api_server, + api_port => $api_port, + ipfabric_service_ip => $api_server, + ipfabric_service_port => $ipfabric_service_port, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + linklocal_service_name => $linklocal_service_name, + linklocal_service_ip => $linklocal_service_ip, + linklocal_service_port => $linklocal_service_port, + } + } } } diff --git a/manifests/network/contrail/control.pp b/manifests/network/contrail/control.pp index 2e50108..e9c7a9e 100644 --- a/manifests/network/contrail/control.pp +++ b/manifests/network/contrail/control.pp @@ -19,19 +19,6 @@ # # == Parameters: # -# [*host_ip*] -# (required) host IP address of Control -# String (IPv4) value. -# -# [*ifmap_password*] -# (required) ifmap password -# String value. -# -# [*ifmap_username*] -# (optional) ifmap username -# String value. -# Defaults to hiera('contrail::ifmap_username'), -# # [*admin_password*] # (optional) admin password # String value. @@ -42,16 +29,21 @@ # String value. # Defaults to hiera('contrail::admin_tenant_name'), # -# [*admin_token*] -# (optional) admin token -# String value. -# Defaults to hiera('contrail::admin_token'), -# # [*admin_user*] # (optional) admin user name. # String value. # Defaults to hiera('contrail::admin_user'), # +# [*api_server*] +# (optional) IP address of api server +# String value. +# Defaults to hiera('contrail_config_vip') +# +# [*api_port*] +# (optional) port of api server +# String value. +# Defaults to hiera('contrail::api_port') +# # [*auth_host*] # (optional) keystone server ip address # String (IPv4) value. @@ -68,13 +60,33 @@ # [*disc_server_ip*] # (optional) IPv4 address of discovery server. # String (IPv4) value. -# Defaults to hiera('contrail::disc_server_ip'), +# Defaults to hiera('contrail_config_vip') # # [*disc_server_port*] # (optional) port Discovery server listens on. # Integer value. # Defaults to hiera('contrail::disc_server_port'), # +# [*host_ip*] +# (optional) IP address of host +# String (IPv4) value. +# Defaults to hiera('contrail::control::host_ip') +# +# [*ibgp_auto_mesh*] +# (optional) iBPG auto mesh +# String value. +# Defaults to true +# +# [*ifmap_password*] +# (optional) ifmap password +# String value. +# Defaults to hiera('contrail::ifmap_password'), +# +# [*ifmap_username*] +# (optional) ifmap username +# String value. +# Defaults to hiera('contrail::ifmap_username'), +# # [*insecure*] # (optional) insecure mode. # Defaults to hiera('contrail::insecure'), @@ -84,70 +96,103 @@ # String (IPv4) value + port # Defaults to hiera('contrail::memcached_servers'), # +# [*public_vip*] +# (optional) Public Virtual IP address +# String (IPv4) value +# Defaults to hiera('public_virtual_ip') +# +# [*router_asn*] +# (optional) Autonomus System Number +# String value +# Defaults to hiera('contrail::control::asn') +# +# [*secret*] +# (optional) RNDC secret for named +# String value +# Defaults to hiera('contrail::control::rndc_secret') +# +# [*step*] +# (optional) Step stack is in +# Integer value. +# Defaults to hiera('step') +# class tripleo::network::contrail::control( - $host_ip, - $ifmap_password, - $ifmap_username, - $admin_password = hiera('contrail::admin_password'), + $step = hiera('step'), + $admin_password = hiera('contrail::admin_password'), $admin_tenant_name = hiera('contrail::admin_tenant_name'), - $admin_token = hiera('contrail::admin_token'), - $admin_user = hiera('contrail::admin_user'), - $auth_host = hiera('contrail::auth_host'), - $auth_port = hiera('contrail::auth_port'), - $auth_protocol = hiera('contrail::auth_protocol'), - $disc_server_ip = hiera('contrail::disc_server_ip'), - $disc_server_port = hiera('contrail::disc_server_port'), - $insecure = hiera('contrail::insecure'), + $admin_user = hiera('contrail::admin_user'), + $api_server = hiera('contrail_config_vip'), + $api_port = hiera('contrail::api_port'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_protocol = hiera('contrail::auth_protocol'), + $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $host_ip = hiera('contrail::control::host_ip'), + $ibgp_auto_mesh = true, + $ifmap_password = hiera('contrail::control::host_ip'), + $ifmap_username = hiera('contrail::control::host_ip'), + $insecure = hiera('contrail::insecure'), $memcached_servers = hiera('contrail::memcached_server'), + $public_vip = hiera('public_virtual_ip'), + $router_asn = hiera('contrail::control::asn'), + $secret = hiera('contrail::control::rndc_secret'), ) { - class {'::contrail::keystone': - keystone_config => { - 'KEYSTONE' => { - 'admin_tenant_name' => $admin_tenant_name, - 'admin_token' => $admin_token, - 'admin_password' => $admin_password, - 'admin_user' => $admin_user, - 'auth_host' => $auth_host, - 'auth_port' => $auth_port, - 'auth_protocol' => $auth_protocol, - 'insecure' => $insecure, - 'memcached_servers' => $memcached_servers, + $control_ifmap_user = "${ifmap_username}.control" + $control_ifmap_password = "${ifmap_username}.control" + $dns_ifmap_user = "${ifmap_username}.dns" + $dns_ifmap_password = "${ifmap_username}.dns" + + if $step >= 3 { + class {'::contrail::control': + secret => $secret, + control_config => { + 'DEFAULT' => { + 'hostip' => $host_ip, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + 'IFMAP' => { + 'password' => $control_ifmap_user, + 'user' => $control_ifmap_password, + }, }, - }, - } -> - class {'::contrail::control': - control_config => { - 'DEFAULTS' => { - 'hostip' => $host_ip, + dns_config => { + 'DEFAULT' => { + 'hostip' => $host_ip, + 'rndc_secret' => $secret, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + 'IFMAP' => { + 'password' => $dns_ifmap_user, + 'user' => $dns_ifmap_password, + } }, - 'DISCOVERY' => { - 'port' => $disc_server_port, - 'server' => $disc_server_ip, + control_nodemgr_config => { + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, }, - 'IFMAP' => { - 'password' => $ifmap_password, - 'user' => $ifmap_username, - }, - }, - dns_config => { - 'DEFAULTS' => { - 'hostip' => $host_ip, - }, - 'DISCOVERY' => { - 'port' => $disc_server_port, - 'server' => $disc_server_ip, - }, - 'IFMAP' => { - 'password' => $ifmap_password, - 'user' => $ifmap_username, - } - }, - control_nodemgr_config => { - 'DISCOVERY' => { - 'port' => $disc_server_port, - 'server' => $disc_server_ip, - }, - }, + } + } + if $step >= 5 { + class {'::contrail::control::provision_control': + api_address => $api_server, + api_port => $api_port, + control_node_address => $host_ip, + control_node_name => $::hostname, + ibgp_auto_mesh => $ibgp_auto_mesh, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + router_asn => $router_asn, + } } } diff --git a/manifests/network/contrail/database.pp b/manifests/network/contrail/database.pp index 58f2670..f74eb1c 100644 --- a/manifests/network/contrail/database.pp +++ b/manifests/network/contrail/database.pp @@ -13,41 +13,154 @@ # License for the specific language governing permissions and limitations # under the License. # -# == Class: tripleo::network::contrail::control +# == Class: tripleo::network::contrail::database # -# Configure Contrail Control services +# Configure Contrail Database services # # == Parameters: # -# [*host_ip*] -# (required) host IP address of Database node +# [*admin_password*] +# (optional) admin password +# String value. +# Defaults to hiera('contrail::admin_password') +# +# [*admin_tenant_name*] +# (optional) admin tenant name. +# String value. +# Defaults to hiera('contrail::admin_tenant_name') +# +# [*admin_token*] +# (optional) admin token +# String value. +# Defaults to hiera('contrail::admin_token') +# +# [*admin_user*] +# (optional) admin user name. +# String value. +# Defaults to hiera('contrail::admin_user') +# +# [*api_port*] +# (optional) Port of Config API +# String value. +# Defaults to hiera('contrail::api_port') +# +# [*api_server*] +# (optional) VIP of Config API +# String (IPv4) value. +# Defaults to hiera('contrail_config_vip') +# +# [*auth_host*] +# (optional) keystone server ip address # String (IPv4) value. +# Defaults to hiera('contrail::auth_host') +# +# [*cassandra_servers*] +# (optional) List IPs+port of Cassandra servers +# Array of strings value. +# Defaults to hiera('contrail_database_node_ips') # # [*disc_server_ip*] # (optional) IPv4 address of discovery server. # String (IPv4) value. -# Defaults to hiera('contrail::disc_server_ip') +# Defaults to hiera('contrail_config_vip'), # # [*disc_server_port*] # (optional) port Discovery server listens on. # Integer value. # Defaults to hiera('contrail::disc_server_port') # +# [*host_ip*] +# (required) host IP address of Database node +# String (IPv4) value. +# +# [*host_name*] +# (optional) host name of Database node +# String value. +# Defaults to $::hostname +# +# [*public_vip*] +# (optional) Public virtual ip +# String value. +# Defaults to hiera('public_virtual_ip') +# +# [*step*] +# (optional) Step stack is in +# Integer value. +# Defaults to hiera('step') +# +# [*zookeeper_client_ip*] +# (optional) Zookeeper listen address +# String (IPv4) value. +# Defaults to hiera('contrail::database::host_ip') +# +# [*zookeeper_hostnames*] +# (optional) Zookeeper hostname list +# Array of string value. +# Defaults to hiera('contrail_database_short_node_names') +# +# [*zookeeper_server_ips*] +# (optional) Zookeeper ip list +# Array of string (IPv4) values +# Defaults to hiera('contrail_database_node_ips') +# class tripleo::network::contrail::database( - $host_ip, - $disc_server_ip = hiera('contrail::disc_server_ip'), - $disc_server_port = hiera('contrail::disc_server_port'), + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $api_port = hiera('contrail::api_port'), + $api_server = hiera('contrail_config_vip'), + $auth_host = hiera('contrail::auth_host'), + $cassandra_servers = hiera('contrail_database_node_ips'), + $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $host_ip = hiera('contrail::database::host_ip'), + $host_name = $::hostname, + $public_vip = hiera('public_virtual_ip'), + $step = hiera('step'), + $zookeeper_client_ip = hiera('contrail::database::host_ip'), + $zookeeper_hostnames = hiera('contrail_database_short_node_names'), + $zookeeper_server_ips = hiera('contrail_database_node_ips'), ) { - class {'::contrail::database': - database_nodemgr_config => { - 'DEFAULTS' => { - 'hostip' => $host_ip, - }, - 'DISCOVERY' => { - 'port' => $disc_server_port, - 'server' => $disc_server_ip, - }, - }, + if $step == 2 { + class {'::contrail::database': + database_params => { + 'auth_host' => $auth_host, + 'api_server' => $api_server, + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_user' => $admin_user, + 'cassandra_servers' => $cassandra_servers, + 'host_ip' => $host_ip, + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + 'zookeeper_client_ip' => $zookeeper_client_ip, + 'zookeeper_hostnames' => $zookeeper_hostnames, + 'zookeeper_server_ips' => $zookeeper_server_ips, + database_nodemgr_config => { + 'DEFAULT' => { + 'hostip' => $host_ip, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + }, + } + } + } + if $step >= 5 { + class {'::contrail::database::provision_database': + api_address => $api_server, + api_port => $api_port, + database_node_address => $host_ip, + database_node_name => $host_name, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + openstack_vip => $public_vip, + } } } diff --git a/manifests/network/contrail/heat.pp b/manifests/network/contrail/heat.pp new file mode 100644 index 0000000..637fdda --- /dev/null +++ b/manifests/network/contrail/heat.pp @@ -0,0 +1,80 @@ +# +# Copyright (C) 2015 Juniper Networks +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::network::contrail::heat +# +# Configure Contrail Heat plugin +# +# == Parameters: +# +# [*admin_password*] +# (optional) admin password +# String value. +# Defaults to hiera('contrail::admin_password') +# +# [*admin_user*] +# (optional) admin user name. +# String value. +# Defaults to hiera('contrail::admin_user') +# +# [*api_port*] +# (optional) port of api server +# String value. +# Defaults to hiera('contrail::api_port') +# +# [*api_server*] +# (optional) IP address of api server +# String value. +# Defaults to hiera('contrail_config_vip') +# +# [*auth_host*] +# (optional) keystone server ip address +# String (IPv4) value. +# Defaults to hiera('contrail::auth_host') +# +# [*step*] +# (optional) Step stack is in +# Integer value. +# Defaults to hiera('step') +# +# [*use_ssl*] +# (optional) switch for ssl usage +# String value. +# Defaults to 'False' +# +class tripleo::network::contrail::heat( + $admin_password = hiera('contrail::admin_password'), + $admin_user = hiera('contrail::admin_user'), + $api_port = 8082, + $api_server = hiera('contrail_config_vip'), + $auth_host = hiera('contrail::auth_host'), + $step = hiera('step'), + $use_ssl = 'False', +) +{ + class {'::contrail::heat': + heat_config => { + 'clients_contrail' => { + 'api_base_url' => '/', + 'api_server' => $api_server, + 'api_port' => $api_port, + 'auth_host_ip' => $auth_host, + 'user' => $admin_user, + 'password' => $admin_password, + 'use_ssl' => $use_ssl, + }, + }, + } +} diff --git a/manifests/network/contrail/neutron_plugin.pp b/manifests/network/contrail/neutron_plugin.pp new file mode 100644 index 0000000..d9aa587 --- /dev/null +++ b/manifests/network/contrail/neutron_plugin.pp @@ -0,0 +1,203 @@ +# This class installs and configures Opencontrail Neutron Plugin. +# +# === Parameters +# +# [*admin_password*] +# (optional) admin password +# String value. +# Defaults to hiera('contrail::admin_password') +# +# [*admin_tenant_name*] +# (optional) admin tenant name. +# String value. +# Defaults to hiera('contrail::admin_tenant_name') +# +# [*admin_token*] +# (optional) admin token +# String value. +# Defaults to hiera('contrail::admin_token') +# +# [*admin_user*] +# (optional) admin user name. +# String value. +# Defaults to hiera('contrail::admin_user') +# +# [*api_port*] +# (optional) port of api server +# String value. +# Defaults to hiera('contrail::api_port') +# +# [*api_server*] +# (optional) IP address of api server +# String value. +# Defaults to hiera('contrail_config_vip') +# +# [*auth_host*] +# (optional) keystone server ip address +# String (IPv4) value. +# Defaults to hiera('contrail::auth_host') +# +# [*auth_port*] +# (optional) keystone port. +# Integer value. +# Defaults to hiera('contrail::auth_port') +# +# [*auth_port_ssl*] +# (optional) keystone ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl') +# +# [*auth_protocol*] +# (optional) authentication protocol. +# String value. +# Defaults to hiera('contrail::auth_protocol') +# +# [*ca_file*] +# (optional) ca file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*cert_file*] +# (optional) cert file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*contrail_extensions*] +# Array of OpenContrail extensions to be supported +# Defaults to $::os_service_default +# Example: +# +# class {'neutron::plugins::opencontrail' : +# contrail_extensions => ['ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam'] +# } +# +# [*package_ensure*] +# (optional) Ensure state for package. +# Defaults to 'present'. +# +# [*purge_config*] +# (optional) Whether to set only the specified config options +# in the opencontrail config. +# Defaults to false. +# +class tripleo::network::contrail::neutron_plugin ( + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $api_port = hiera('contrail::api_port'), + $api_server = hiera('contrail_config_vip'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_port_ssl = hiera('contrail::auth_port_ssl'), + $auth_protocol = hiera('contrail::auth_protocol'), + $ca_file = hiera('tripleo::haproxy::service_certificate',false), + $cert_file = hiera('tripleo::haproxy::service_certificate',false), + $contrail_extensions = hiera('contrail::vrouter::contrail_extensions'), + $package_ensure = 'present', + $purge_config = false, +) { + + include ::neutron::deps + include ::neutron::params + + validate_array($contrail_extensions) + + package { 'neutron-plugin-contrail': + ensure => $package_ensure, + name => $::neutron::params::opencontrail_plugin_package, + tag => ['neutron-package', 'openstack'], + } + package {'python-contrail': + ensure => installed, + } + + ensure_resource('file', '/etc/neutron/plugins/opencontrail', { + ensure => directory, + owner => 'root', + group => 'neutron', + mode => '0640'} + ) + + if $::osfamily == 'Debian' { + file_line { '/etc/default/neutron-server:NEUTRON_PLUGIN_CONFIG': + path => '/etc/default/neutron-server', + match => '^NEUTRON_PLUGIN_CONFIG=(.*)$', + line => "NEUTRON_PLUGIN_CONFIG=${::neutron::params::opencontrail_config_file}", + tag => 'neutron-file-line', + } + } + + if $::osfamily == 'Redhat' { + file { '/etc/neutron/plugin.ini': + ensure => link, + target => $::neutron::params::opencontrail_config_file, + require => Package[$::neutron::params::opencontrail_plugin_package], + tag => 'neutron-config-file', + } + $api_paste_config_file = '/usr/share/neutron/api-paste.ini' + } + ini_setting { 'filter:user_token': + ensure => present, + path => $api_paste_config_file, + section => 'filter:user_token', + setting => 'paste.filter_factory', + value => 'neutron_plugin_contrail.plugins.opencontrail.neutron_middleware:token_factory', + } + ini_setting { 'composite:neutronapi_v2_0': + ensure => present, + path => $api_paste_config_file, + section => 'composite:neutronapi_v2_0', + setting => 'keystone', + value => 'user_token cors http_proxy_to_wsgi request_id catch_errors authtoken keystonecontext extensions neutronapiapp_v2_0', + } + resources { 'neutron_plugin_opencontrail': + purge => $purge_config, + } + + exec { 'add neutron user to haproxy group': + command => '/usr/sbin/usermod -a -G haproxy neutron', + } + + if $auth_protocol == 'https' { + $auth_url = join([$auth_protocol,'://',$auth_host,':',$auth_port_ssl,'/v2.0']) + neutron_plugin_opencontrail { + 'APISERVER/api_server_ip': value => $api_server; + 'APISERVER/api_server_port': value => $api_port; + 'APISERVER/contrail_extensions': value => join($contrail_extensions, ','); + 'KEYSTONE/auth_url': value => $auth_url; + 'KEYSTONE/admin_user' : value => $admin_user; + 'KEYSTONE/admin_tenant_name': value => $admin_tenant_name; + 'KEYSTONE/admin_password': value => $admin_password, secret =>true; + 'KEYSTONE/admin_token': value => $admin_token, secret =>true; + 'KEYSTONE/cafile': value => $ca_file; + 'KEYSTONE/certfile': value => $cert_file; + 'keystone_authtoken/admin_user': value => $admin_user; + 'keystone_authtoken/admin_tenant': value => $admin_tenant_name; + 'keystone_authtoken/admin_password': value => $admin_password, secret =>true; + 'keystone_authtoken/auth_host': value => $auth_host; + 'keystone_authtoken/auth_protocol': value => $auth_protocol; + 'keystone_authtoken/auth_port': value => $auth_port_ssl; + 'keystone_authtoken/cafile': value => $ca_file; + 'keystone_authtoken/certfile': value => $cert_file; + } + } else { + $auth_url = join([$auth_protocol,'://',$auth_host,':',$auth_port,'/v2.0']) + neutron_plugin_opencontrail { + 'APISERVER/api_server_ip': value => $api_server; + 'APISERVER/api_server_port': value => $api_port; + 'APISERVER/contrail_extensions': value => join($contrail_extensions, ','); + 'KEYSTONE/auth_url': value => $auth_url; + 'KEYSTONE/admin_user' : value => $admin_user; + 'KEYSTONE/admin_tenant_name': value => $admin_tenant_name; + 'KEYSTONE/admin_password': value => $admin_password, secret =>true; + 'KEYSTONE/admin_token': value => $admin_token, secret =>true; + 'keystone_authtoken/admin_user': value => $admin_user; + 'keystone_authtoken/admin_tenant': value => $admin_tenant_name; + 'keystone_authtoken/admin_password': value => $admin_password, secret =>true; + 'keystone_authtoken/auth_host': value => $auth_host; + 'keystone_authtoken/auth_protocol': value => $auth_protocol; + 'keystone_authtoken/auth_port': value => $auth_port; + } + } +} diff --git a/manifests/network/contrail/provision.pp b/manifests/network/contrail/provision.pp new file mode 100644 index 0000000..3025737 --- /dev/null +++ b/manifests/network/contrail/provision.pp @@ -0,0 +1,92 @@ +# +# Copyright (C) 2015 Juniper Networks +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::network::contrail::provision +# +# Provisions Contrail Control and link local services +# +# == Parameters: +# +# [*admin_password*] +# (optional) admin password +# String value. +# Defaults to hiera('contrail::admin_password'), +# +# [*admin_tenant_name*] +# (optional) admin tenant name. +# String value. +# Defaults to hiera('contrail::admin_tenant_name'), +# +# [*admin_token*] +# (optional) admin token +# String value. +# Defaults to hiera('contrail::admin_token'), +# +# [*admin_user*] +# (optional) admin user name. +# String value. +# Defaults to hiera('contrail::admin_user'), +# +# [*api_server*] +# (optional) IP address of api server +# String value. +# Defaults to hiera('contrail_config_vip') +# +# [*auth_host*] +# (optional) keystone server ip address +# String (IPv4) value. +# Defaults to hiera('contrail::auth_host'), +# +# [*auth_port*] +# (optional) keystone port. +# Defaults to hiera('contrail::auth_port'), +# +# [*auth_protocol*] +# (optional) authentication protocol. +# Defaults to hiera('contrail::auth_protocol'), +# +# [*step*] +# (optional) Step stack is in +# Integer value. +# Defaults to hiera('step') +# +class tripleo::network::contrail::provision( + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $api_server = hiera('contrail_config_vip'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_protocol = hiera('contrail::auth_protocol'), + $step = hiera('step'), +) +{ + if $step >= 5 { + class {'::contrail::control::provision_control': + api_address => $api_server, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + } + class {'::contrail::control::provision_linklocal': + api_address => $api_server, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + ipfabric_service_ip => $api_server, + } + } +} diff --git a/manifests/network/contrail/vrouter.pp b/manifests/network/contrail/vrouter.pp new file mode 100644 index 0000000..2bccd1d --- /dev/null +++ b/manifests/network/contrail/vrouter.pp @@ -0,0 +1,302 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::neutron::opencontrail::vrouter +# +# Opencontrail profile to run the contrail vrouter +# +# === Parameters +# +# [*step*] +# (Optional) The current step of the deployment +# Defaults to hiera('step') +# +# [*admin_password*] +# (optional) admin password +# String value. +# Defaults to hiera('contrail::admin_password') +# +# [*admin_tenant_name*] +# (optional) admin tenant name. +# String value. +# Defaults to hiera('contrail::admin_tenant_name') +# +# [*admin_token*] +# (optional) admin token +# String value. +# Defaults to hiera('contrail::admin_token') +# +# [*admin_user*] +# (optional) admin user name. +# String value. +# Defaults to hiera('contrail::admin_user') +# +# [*api_server*] +# (optional) IP address of api server +# String value. +# Defaults to hiera('contrail_config_vip') +# +# [*api_port*] +# (optional) port of api server +# String value. +# Defaults to hiera('contrail::api_port') +# +# [*auth_host*] +# (optional) keystone server ip address +# String (IPv4) value. +# Defaults to hiera('contrail::auth_host') +# +# [*auth_port*] +# (optional) keystone port. +# Integer value. +# Defaults to hiera('contrail::auth_port') +# +# [*auth_port_ssl*] +# (optional) keystone ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl') +# +# [*auth_protocol*] +# (optional) authentication protocol. +# String value. +# Defaults to hiera('contrail::auth_protocol') +# +# [*ca_file*] +# (optional) ca file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*cert_file*] +# (optional) cert file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*control_server*] +# (optional) Contrail control server IP +# Array of String (IPv4) value. +# Defaults to hiera('contrail_control_node_ips') +# +# [*disc_server_ip*] +# (optional) IPv4 address of discovery server. +# String (IPv4) value. +# Defaults to hiera('contrail_config_vip'), +# +# [*disc_server_port*] +# (optional) port Discovery server listens on. +# Integer value. +# Defaults to hiera('contrail::disc_server_port') +# +# [*gateway*] +# (optional) Default GW for vrouter +# String (IPv4) value. +# Defaults to hiera('contrail::vrouter::gateway') +# +# [*host_ip*] +# (optional) host IP address of vrouter +# String (IPv4) value. +# Defaults to hiera('contrail::vrouter::host_ip') +# +# [*insecure*] +# (optional) insecure connections allowed +# String value. +# Defaults to hiera('contrail::insecure') +# +# [*memcached_servers*] +# (optional) memcached server ip +# String (IPv4) value. +# Defaults to hiera('contrail::memcached_server') +# +# [*metadata_secret*] +# (optional) secret for metadata +# String value. +# Defaults to hiera('contrail::vrouter::metadata_proxy_shared_secret') +# +# [*netmask*] +# (optional) netmask for vrouter interface +# String (IPv4) value. +# Defaults to hiera('contrail::vrouter::netmask') +# +# [*physical_interface*] +# (optional) vrouter interface +# String value. +# Defaults to hiera('contrail::vrouter::physical_interface') +# +# [*public_vip*] +# (optional) Public VIP to Keystone +# String (IPv4) value. +# Defaults to hiera('public_virtual_ip') +# +# [*is_tsn*] +# (optional) Turns vrouter into TSN +# String value. +# Defaults to hiera('contrail::vrouter::is_tsn',false) +# +class tripleo::network::contrail::vrouter ( + $step = hiera('step'), + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $api_port = hiera('contrail::api_port'), + $api_server = hiera('contrail_config_vip'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_port_ssl = hiera('contrail::auth_port_ssl'), + $auth_protocol = hiera('contrail::auth_protocol'), + $ca_file = hiera('contrail::service_certificate',false), + $cert_file = hiera('contrail::service_certificate',false), + $control_server = hiera('contrail_control_node_ips'), + $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $gateway = hiera('contrail::vrouter::gateway'), + $host_ip = hiera('contrail::vrouter::host_ip'), + $insecure = hiera('contrail::insecure'), + $memcached_servers = hiera('contrail::memcached_server'), + $metadata_secret = hiera('contrail::vrouter::metadata_proxy_shared_secret'), + $netmask = hiera('contrail::vrouter::netmask'), + $physical_interface = hiera('contrail::vrouter::physical_interface'), + $public_vip = hiera('public_virtual_ip'), + $is_tsn = hiera('contrail::vrouter::is_tsn',false), +) { + $cidr = netmask_to_cidr($netmask) + notify { 'cidr': + message => $cidr, + } + $macaddress = inline_template("<%= scope.lookupvar('::macaddress_${physical_interface}') -%>") + #include ::contrail::vrouter + # NOTE: it's not possible to use this class without a functional + # contrail controller up and running + $control_server_list = join($control_server, ' ') + if $auth_protocol == 'https' { + $keystone_config = { + 'KEYSTONE' => { + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_user' => $admin_user, + 'auth_host' => $auth_host, + 'auth_port' => $auth_port_ssl, + 'auth_protocol' => $auth_protocol, + 'insecure' => $insecure, + 'memcached_servers' => $memcached_servers, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + }, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, + 'AUTHN_PORT' => $auth_port_ssl, + 'AUTHN_PROTOCOL' => $auth_protocol, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + }, + } + } else { + $keystone_config = { + 'KEYSTONE' => { + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_user' => $admin_user, + 'auth_host' => $auth_host, + 'auth_port' => $auth_port, + 'auth_protocol' => $auth_protocol, + 'insecure' => $insecure, + 'memcached_servers' => $memcached_servers, + }, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, + }, + } + } + if $is_tsn { + $vrouter_agent_config = { + 'DEBUG' => { + 'agent_mode' => 'tsn', + }, + 'CONTROL-NODE' => { + 'server' => $control_server_list, + }, + 'VIRTUAL-HOST-INTERFACE' => { + 'compute_node_address' => $host_ip, + 'gateway' => $gateway, + 'ip' => "${host_ip}/${cidr}", + 'name' => 'vhost0', + 'physical_interface' => $physical_interface, + }, + 'METADATA' => { + 'metadata_proxy_secret' => $metadata_secret, + }, + 'DISCOVERY' => { + 'server' => $disc_server_ip, + 'port' => $disc_server_port, + }, + } + } else { + $vrouter_agent_config = { + 'CONTROL-NODE' => { + 'server' => $control_server_list, + }, + 'VIRTUAL-HOST-INTERFACE' => { + 'compute_node_address' => $host_ip, + 'gateway' => $gateway, + 'ip' => "${host_ip}/${cidr}", + 'name' => 'vhost0', + 'physical_interface' => $physical_interface, + }, + 'METADATA' => { + 'metadata_proxy_secret' => $metadata_secret, + }, + 'DISCOVERY' => { + 'server' => $disc_server_ip, + 'port' => $disc_server_port, + }, + } + } + class {'::contrail::vrouter': + discovery_ip => $disc_server_ip, + gateway => $gateway, + host_ip => $host_ip, + is_tsn => $is_tsn, + macaddr => $macaddress, + mask => $cidr, + netmask => $netmask, + physical_interface => $physical_interface, + vhost_ip => $host_ip, + keystone_config => $keystone_config, + vrouter_agent_config => $vrouter_agent_config, + vrouter_nodemgr_config => { + 'DISCOVERY' => { + 'server' => $disc_server_ip, + 'port' => $disc_server_port, + }, + }, + vnc_api_lib_config => $vnc_api_lib_config, + } + if $step >= 5 { + class {'::contrail::vrouter::provision_vrouter': + api_address => $api_server, + api_port => $api_port, + host_ip => $host_ip, + node_name => $::hostname, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + is_tsn => $is_tsn, + } + } +} diff --git a/manifests/network/contrail/webui.pp b/manifests/network/contrail/webui.pp index 0b308a4..b621811 100644 --- a/manifests/network/contrail/webui.pp +++ b/manifests/network/contrail/webui.pp @@ -19,18 +19,6 @@ # # == Parameters: # -# [*contrail_analytics_vip*] -# (required) VIP of Contrail Analytics -# String (IPv4) value. -# -# [*contrail_config_vip*] -# (required) VIP of Contrail Config -# String (IPv4) value. -# -# [*neutron_vip*] -# (required) VIP of Neutron -# String (IPv4) value. -# # [*admin_password*] # (optional) admin password # String value. @@ -56,11 +44,46 @@ # String (IPv4) value. # Defaults to hiera('contrail::auth_host') # +# [*auth_port_public*] +# (optional) keystone port. +# Integer value. +# Defaults to hiera('contrail::auth_port_public') +# +# [*auth_port_ssl*] +# (optional) keystone ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl') +# +# [*auth_port_ssl_public*] +# (optional) keystone public ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl_public') +# +# [*auth_protocol*] +# (optional) authentication protocol. +# String value. +# Defaults to hiera('contrail::auth_protocol') +# +# [*cert_file*] +# (optional) cert file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# # [*cassandra_server_list*] # (optional) List IPs+port of Cassandra servers # Array of strings value. # Defaults to hiera('contrail::cassandra_server_list') # +# [*contrail_analytics_vip*] +# (optional) VIP of Contrail Analytics +# String (IPv4) value. +# Defaults to hiera('contrail_analytics_vip') +# +# [*contrail_config_vip*] +# (optional) VIP of Contrail Config +# String (IPv4) value. +# Defaults to hiera('contrail_config_vip') +# # [*contrail_webui_http_port*] # (optional) Webui HTTP Port # Integer value. @@ -71,38 +94,55 @@ # Integer value. # Defaults to 8143 # +# [*neutron_vip*] +# (optional) VIP of Neutron +# String (IPv4) value. +# Defaults to hiera('neutron_api_vip') +# # [*redis_ip*] # (optional) IP of Redis # String (IPv4) value. # Defaults to '127.0.0.1' # class tripleo::network::contrail::webui( - $contrail_analytics_vip, - $contrail_config_vip, - $neutron_vip, - $admin_password = hiera('contrail::admin_password'), - $admin_tenant_name = hiera('contrail::admin_tenant_name'), - $admin_token = hiera('contrail::admin_token'), - $admin_user = hiera('contrail::admin_user'), - $auth_host = hiera('contrail::auth_host'), - $cassandra_server_list = hiera('contrail::cassandra_server_list'), - $contrail_webui_http_port = 8080, - $contrail_webui_https_port = 8143, - $redis_ip = '127.0.0.1', + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $auth_host = hiera('contrail::auth_host'), + $auth_protocol = hiera('contrail::auth_protocol'), + $auth_port_public = hiera('contrail::auth_port_public'), + $auth_port_ssl_public = hiera('contrail::auth_port_ssl_public'), + $cassandra_server_list = hiera('contrail_database_node_ips'), + $cert_file = hiera('contrail::cert_file'), + $contrail_analytics_vip = hiera('contrail_analytics_vip'), + $contrail_config_vip = hiera('contrail_config_vip'), + $contrail_webui_http_port = hiera('contrail::webui::http_port'), + $contrail_webui_https_port = hiera('contrail::webui::https_port'), + $neutron_vip = hiera('neutron_api_vip'), + $redis_ip = hiera('contrail::webui::redis_ip'), ) { + if $auth_protocol == 'https' { + $auth_port = $auth_port_ssl_public + } else { + $auth_port = $auth_port_public + } class {'::contrail::webui': - openstack_vip => $auth_host, - contrail_config_vip => $contrail_config_vip, - contrail_analytics_vip => $contrail_analytics_vip, - neutron_vip => $neutron_vip, - cassandra_ip => $cassandra_server_list, - redis_ip => $redis_ip, - contrail_webui_http_port => $contrail_webui_http_port, - contrail_webui_https_port => $contrail_webui_https_port, admin_user => $admin_user, admin_password => $admin_password, admin_token => $admin_token, admin_tenant_name => $admin_tenant_name, + auth_port => $auth_port, + auth_protocol => $auth_protocol, + cassandra_ip => $cassandra_server_list, + cert_file => $cert_file, + contrail_config_vip => $contrail_config_vip, + contrail_analytics_vip => $contrail_analytics_vip, + contrail_webui_http_port => $contrail_webui_http_port, + contrail_webui_https_port => $contrail_webui_https_port, + neutron_vip => $neutron_vip, + openstack_vip => $auth_host, + redis_ip => $redis_ip, } } diff --git a/manifests/profile/base/aodh.pp b/manifests/profile/base/aodh.pp index 6e70b50..da8aaa6 100644 --- a/manifests/profile/base/aodh.pp +++ b/manifests/profile/base/aodh.pp @@ -27,19 +27,64 @@ # (Optional) The hostname of the node responsible for bootstrapping tasks # Defaults to hiera('bootstrap_nodeid') # -# [*rabbit_hosts*] -# list of the rabbbit host fqdns +# [*oslomsg_rpc_proto*] +# Protocol driver for the oslo messaging rpc service +# Defaults to hiera('messaging_rpc_service_name', rabbit) +# +# [*oslomsg_rpc_hosts*] +# list of the oslo messaging rpc host fqdns # Defaults to hiera('rabbitmq_node_names') # -# [*rabbit_port*] -# IP port for rabbitmq service +# [*oslomsg_rpc_port*] +# IP port for oslo messaging rpc service # Defaults to hiera('aodh::rabbit_port', 5672) +# +# [*oslomsg_rpc_username*] +# Username for oslo messaging rpc service +# Defaults to hiera('aodh::rabbit_userid', 'guest') +# +# [*oslomsg_rpc_password*] +# Password for oslo messaging rpc service +# Defaults to hiera('aodh::rabbit_password') +# +# [*oslomsg_notify_proto*] +# Protocol driver for the oslo messaging notify service +# Defaults to hiera('messaging_notify_service_name', rabbit) +# +# [*oslomsg_notify_hosts*] +# list of the oslo messaging notify host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*oslomsg_notify_port*] +# IP port for oslo messaging notify service +# Defaults to hiera('aodh::rabbit_port', 5672) +# +# [*oslomsg_notify_username*] +# Username for oslo messaging notify service +# Defaults to hiera('aodh::rabbit_userid', 'guest') +# +# [*oslomsg_notify_password*] +# Password for oslo messaging notify service +# Defaults to hiera('aodh::rabbit_password') +# +# [*oslomsg_use_ssl*] +# Enable ssl oslo messaging services +# Defaults to hiera('aodh::rabbit_use_ssl', '0') class tripleo::profile::base::aodh ( - $step = hiera('step'), - $bootstrap_node = hiera('bootstrap_nodeid', undef), - $rabbit_hosts = hiera('rabbitmq_node_names', undef), - $rabbit_port = hiera('aodh::rabbit_port', 5672), + $step = hiera('step'), + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), + $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_rpc_password = hiera('aodh::rabbit_password'), + $oslomsg_rpc_port = hiera('aodh::rabbit_port', '5672'), + $oslomsg_rpc_username = hiera('aodh::rabbit_userid', 'guest'), + $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'), + $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_notify_password = hiera('aodh::rabbit_password'), + $oslomsg_notify_port = hiera('aodh::rabbit_port', '5672'), + $oslomsg_notify_username = hiera('aodh::rabbit_userid', 'guest'), + $oslomsg_use_ssl = hiera('aodh::rabbit_use_ssl', '0'), ) { if $::hostname == downcase($bootstrap_node) { @@ -49,9 +94,24 @@ class tripleo::profile::base::aodh ( } if $step >= 4 or ($step >= 3 and $sync_db) { - $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") + $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) class { '::aodh' : - rabbit_hosts => $rabbit_endpoints, + default_transport_url => os_transport_url({ + 'transport' => $oslomsg_rpc_proto, + 'hosts' => $oslomsg_rpc_hosts, + 'port' => $oslomsg_rpc_port, + 'username' => $oslomsg_rpc_username, + 'password' => $oslomsg_rpc_password, + 'ssl' => $oslomsg_use_ssl_real, + }), + notification_transport_url => os_transport_url({ + 'transport' => $oslomsg_notify_proto, + 'hosts' => $oslomsg_notify_hosts, + 'port' => $oslomsg_notify_port, + 'username' => $oslomsg_notify_username, + 'password' => $oslomsg_notify_password, + 'ssl' => $oslomsg_use_ssl_real, + }), } include ::aodh::auth include ::aodh::config diff --git a/manifests/profile/base/barbican/api.pp b/manifests/profile/base/barbican/api.pp index b464317..22984b1 100644 --- a/manifests/profile/base/barbican/api.pp +++ b/manifests/profile/base/barbican/api.pp @@ -56,6 +56,50 @@ # for more details. # Defaults to hiera('step') # +# [*oslomsg_rpc_proto*] +# Protocol driver for the oslo messaging rpc service +# Defaults to hiera('messaging_rpc_service_name', rabbit) +# +# [*oslomsg_rpc_hosts*] +# list of the oslo messaging rpc host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*oslomsg_rpc_port*] +# IP port for oslo messaging rpc service +# Defaults to hiera('barbican::api::rabbit_port', 5672) +# +# [*oslomsg_rpc_username*] +# Username for oslo messaging rpc service +# Defaults to hiera('barbican::api::rabbit_userid', 'guest') +# +# [*oslomsg_rpc_password*] +# Password for oslo messaging rpc service +# Defaults to hiera('barbican::api::rabbit_password') +# +# [*oslomsg_notify_proto*] +# Protocol driver for the oslo messaging notify service +# Defaults to hiera('messaging_notify_service_name', rabbit) +# +# [*oslomsg_notify_hosts*] +# list of the oslo messaging notify host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*oslomsg_notify_port*] +# IP port for oslo messaging notify service +# Defaults to hiera('barbican::api::rabbit_port', 5672) +# +# [*oslomsg_notify_username*] +# Username for oslo messaging notify service +# Defaults to hiera('barbican::api::rabbit_userid', 'guest') +# +# [*oslomsg_notify_password*] +# Password for oslo messaging notify service +# Defaults to hiera('barbican::api::rabbit_password') +# +# [*oslomsg_use_ssl*] +# Enable ssl oslo messaging services +# Defaults to hiera('barbican::api::rabbit_use_ssl', '0') + class tripleo::profile::base::barbican::api ( $barbican_network = hiera('barbican_api_network', undef), $bootstrap_node = hiera('bootstrap_nodeid', undef), @@ -63,6 +107,17 @@ class tripleo::profile::base::barbican::api ( $enable_internal_tls = hiera('enable_internal_tls', false), $generate_service_certificates = hiera('generate_service_certificates', false), $step = hiera('step'), + $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), + $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_rpc_password = hiera('barbican::api::rabbit_password'), + $oslomsg_rpc_port = hiera('barbican::api::rabbit_port', '5672'), + $oslomsg_rpc_username = hiera('barbican::api::rabbit_userid', 'guest'), + $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'), + $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_notify_password = hiera('barbican::api::rabbit_password'), + $oslomsg_notify_port = hiera('barbican::api::rabbit_port', '5672'), + $oslomsg_notify_username = hiera('barbican::api::rabbit_userid', 'guest'), + $oslomsg_use_ssl = hiera('barbican::api::rabbit_use_ssl', '0'), ) { if $::hostname == downcase($bootstrap_node) { $sync_db = true @@ -92,8 +147,25 @@ class tripleo::profile::base::barbican::api ( } if $step >= 4 or ( $step >= 3 and $sync_db ) { + $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) class { '::barbican::api': - sync_db => $sync_db + sync_db => $sync_db, + default_transport_url => os_transport_url({ + 'transport' => $oslomsg_rpc_proto, + 'hosts' => $oslomsg_rpc_hosts, + 'port' => $oslomsg_rpc_port, + 'username' => $oslomsg_rpc_username, + 'password' => $oslomsg_rpc_password, + 'ssl' => $oslomsg_use_ssl_real, + }), + notification_transport_url => os_transport_url({ + 'transport' => $oslomsg_notify_proto, + 'hosts' => $oslomsg_notify_hosts, + 'port' => $oslomsg_notify_port, + 'username' => $oslomsg_notify_username, + 'password' => $oslomsg_notify_password, + 'ssl' => $oslomsg_use_ssl_real, + }), } include ::barbican::keystone::authtoken include ::barbican::api::logging diff --git a/manifests/profile/base/ceilometer.pp b/manifests/profile/base/ceilometer.pp index bbe7f27..2855bd2 100644 --- a/manifests/profile/base/ceilometer.pp +++ b/manifests/profile/base/ceilometer.pp @@ -23,24 +23,84 @@ # for more details. # Defaults to hiera('step') # -# [*rabbit_hosts*] -# list of the rabbbit host fqdns +# [*oslomsg_rpc_proto*] +# Protocol driver for the oslo messaging rpc service +# Defaults to hiera('messaging_rpc_service_name', rabbit) +# +# [*oslomsg_rpc_hosts*] +# list of the oslo messaging rpc host fqdns # Defaults to hiera('rabbitmq_node_names') # -# [*rabbit_port*] -# IP port for rabbitmq service +# [*oslomsg_rpc_port*] +# IP port for oslo messaging rpc service # Defaults to hiera('ceilometer::rabbit_port', 5672) +# +# [*oslomsg_rpc_username*] +# Username for oslo messaging rpc service +# Defaults to hiera('ceilometer::rabbit_userid', 'guest') +# +# [*oslomsg_rpc_password*] +# Password for oslo messaging rpc service +# Defaults to hiera('ceilometer::rabbit_password') +# +# [*oslomsg_notify_proto*] +# Protocol driver for the oslo messaging notify service +# Defaults to hiera('messaging_notify_service_name', rabbit) +# +# [*oslomsg_notify_hosts*] +# list of the oslo messaging notify host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*oslomsg_notify_port*] +# IP port for oslo messaging notify service +# Defaults to hiera('ceilometer::rabbit_port', 5672) +# +# [*oslomsg_notify_username*] +# Username for oslo messaging notify service +# Defaults to hiera('ceilometer::rabbit_userid', 'guest') +# +# [*oslomsg_notify_password*] +# Password for oslo messaging notify service +# Defaults to hiera('ceilometer::rabbit_password') +# +# [*oslomsg_use_ssl*] +# Enable ssl oslo messaging services +# Defaults to hiera('ceilometer::rabbit_use_ssl', '0') class tripleo::profile::base::ceilometer ( - $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_names', undef), - $rabbit_port = hiera('ceilometer::rabbit_port', 5672), + $step = hiera('step'), + $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), + $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_rpc_password = hiera('ceilometer::rabbit_password'), + $oslomsg_rpc_port = hiera('ceilometer::rabbit_port', '5672'), + $oslomsg_rpc_username = hiera('ceilometer::rabbit_userid', 'guest'), + $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'), + $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_notify_password = hiera('ceilometer::rabbit_password'), + $oslomsg_notify_port = hiera('ceilometer::rabbit_port', '5672'), + $oslomsg_notify_username = hiera('ceilometer::rabbit_userid', 'guest'), + $oslomsg_use_ssl = hiera('ceilometer::rabbit_use_ssl', '0'), ) { if $step >= 3 { - $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") + $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) class { '::ceilometer' : - rabbit_hosts => $rabbit_endpoints, + default_transport_url => os_transport_url({ + 'transport' => $oslomsg_rpc_proto, + 'hosts' => $oslomsg_rpc_hosts, + 'port' => $oslomsg_rpc_port, + 'username' => $oslomsg_rpc_username, + 'password' => $oslomsg_rpc_password, + 'ssl' => $oslomsg_use_ssl_real, + }), + notification_transport_url => os_transport_url({ + 'transport' => $oslomsg_notify_proto, + 'hosts' => $oslomsg_notify_hosts, + 'port' => $oslomsg_notify_port, + 'username' => $oslomsg_notify_username, + 'password' => $oslomsg_notify_password, + 'ssl' => $oslomsg_use_ssl_real, + }), } include ::ceilometer::config } diff --git a/manifests/profile/base/ceilometer/agent/polling.pp b/manifests/profile/base/ceilometer/agent/polling.pp new file mode 100644 index 0000000..3706c2e --- /dev/null +++ b/manifests/profile/base/ceilometer/agent/polling.pp @@ -0,0 +1,64 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::ceilometer::agent::polling +# +# Ceilometer polling Agent profile for tripleo +# +# === Parameters +# +# [*central_namespace*] +# (Optional) Use central namespace for polling agent. +# Defaults to false. +# +# [*compute_namespace*] +# (Optional) Use compute namespace for polling agent. +# Defaults to false. +# +# [*ipmi_namespace*] +# (Optional) Use ipmi namespace for polling agent. +# Defaults to false. +# +# [*ceilometer_redis_password*] +# (Optional) redis password to configure coordination url +# +# [*redis_vip*] +# (Optional) redis vip to configure coordination url +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::ceilometer::agent::polling ( + $central_namespace = hiera('central_namespace', false), + $compute_namespace = hiera('compute_namespace', false), + $ipmi_namespace = hiera('ipmi_namespace', false), + $ceilometer_redis_password = hiera('ceilometer_redis_password', undef), + $redis_vip = hiera('redis_vip', undef), + $step = hiera('step'), +) { + include ::tripleo::profile::base::ceilometer + + if $step >= 4 { + include ::ceilometer::agent::auth + class { '::ceilometer::agent::polling': + central_namespace => $central_namespace, + compute_namespace => $compute_namespace, + ipmi_namespace => $ipmi_namespace, + coordination_url => join(['redis://:', $ceilometer_redis_password, '@', normalize_ip_for_uri($redis_vip), ':6379/']), + } + } + +} diff --git a/manifests/profile/base/cinder.pp b/manifests/profile/base/cinder.pp index 6e8fbb2..fc3c659 100644 --- a/manifests/profile/base/cinder.pp +++ b/manifests/profile/base/cinder.pp @@ -30,20 +30,65 @@ # (Optional) The current step of the deployment # Defaults to hiera('step') # -# [*rabbit_hosts*] -# list of the rabbbit host fqdns +# [*oslomsg_rpc_proto*] +# Protocol driver for the oslo messaging rpc service +# Defaults to hiera('messaging_rpc_service_name', rabbit) +# +# [*oslomsg_rpc_hosts*] +# list of the oslo messaging rpc host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*oslomsg_rpc_port*] +# IP port for oslo messaging rpc service +# Defaults to hiera('cinder::rabbit_port', 5672) +# +# [*oslomsg_rpc_username*] +# Username for oslo messaging rpc service +# Defaults to hiera('cinder::rabbit_userid', 'guest') +# +# [*oslomsg_rpc_password*] +# Password for oslo messaging rpc service +# Defaults to hiera('cinder::rabbit_password') +# +# [*oslomsg_notify_proto*] +# Protocol driver for the oslo messaging notify service +# Defaults to hiera('messaging_notify_service_name', rabbit) +# +# [*oslomsg_notify_hosts*] +# list of the oslo messaging notify host fqdns # Defaults to hiera('rabbitmq_node_names') # -# [*rabbit_port*] -# IP port for rabbitmq service +# [*oslomsg_notify_port*] +# IP port for oslo messaging notify service # Defaults to hiera('cinder::rabbit_port', 5672) +# +# [*oslomsg_notify_username*] +# Username for oslo messaging notify service +# Defaults to hiera('cinder::rabbit_userid', 'guest') +# +# [*oslomsg_notify_password*] +# Password for oslo messaging notify service +# Defaults to hiera('cinder::rabbit_password') +# +# [*oslomsg_use_ssl*] +# Enable ssl oslo messaging services +# Defaults to hiera('cinder::rabbit_use_ssl', '0') class tripleo::profile::base::cinder ( - $bootstrap_node = hiera('bootstrap_nodeid', undef), - $cinder_enable_db_purge = true, - $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_names', undef), - $rabbit_port = hiera('cinder::rabbit_port', 5672), + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $cinder_enable_db_purge = true, + $step = hiera('step'), + $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), + $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_rpc_password = hiera('cinder::rabbit_password'), + $oslomsg_rpc_port = hiera('cinder::rabbit_port', '5672'), + $oslomsg_rpc_username = hiera('cinder::rabbit_userid', 'guest'), + $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'), + $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_notify_password = hiera('cinder::rabbit_password'), + $oslomsg_notify_port = hiera('cinder::rabbit_port', '5672'), + $oslomsg_notify_username = hiera('cinder::rabbit_userid', 'guest'), + $oslomsg_use_ssl = hiera('cinder::rabbit_use_ssl', '0'), ) { if $::hostname == downcase($bootstrap_node) { $sync_db = true @@ -52,9 +97,26 @@ class tripleo::profile::base::cinder ( } if $step >= 4 or ($step >= 3 and $sync_db) { - $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") + $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) class { '::cinder' : - rabbit_hosts => $rabbit_endpoints, + default_transport_url => os_transport_url({ + 'transport' => $oslomsg_rpc_proto, + 'hosts' => $oslomsg_rpc_hosts, + 'port' => $oslomsg_rpc_port, + 'username' => $oslomsg_rpc_username, + 'password' => $oslomsg_rpc_password, + 'ssl' => $oslomsg_use_ssl_real, + }), + } + class { '::cinder::ceilometer' : + notification_transport_url => os_transport_url({ + 'transport' => $oslomsg_notify_proto, + 'hosts' => $oslomsg_notify_hosts, + 'port' => $oslomsg_notify_port, + 'username' => $oslomsg_notify_username, + 'password' => $oslomsg_notify_password, + 'ssl' => $oslomsg_use_ssl_real, + }), } include ::cinder::config include ::cinder::glance diff --git a/manifests/profile/base/cinder/volume.pp b/manifests/profile/base/cinder/volume.pp index 7663b6f..9fb1594 100644 --- a/manifests/profile/base/cinder/volume.pp +++ b/manifests/profile/base/cinder/volume.pp @@ -26,8 +26,8 @@ # (Optional) Whether to enable the hpelefthand backend # Defaults to false # -# [*cinder_enable_eqlx_backend*] -# (Optional) Whether to enable the eqlx backend +# [*cinder_enable_dellps_backend*] +# (Optional) Whether to enable the dellps backend # Defaults to true # # [*cinder_enable_iscsi_backend*] @@ -46,6 +46,10 @@ # (Optional) Whether to enable the rbd backend # Defaults to true # +# [*cinder_enable_scaleio_backend*] +# (Optional) Whether to enable the scaleio backend +# Defaults to true +# # [*cinder_user_enabled_backends*] # (Optional) List of additional backend stanzas to activate # Defaults to hiera('cinder_user_enabled_backends') @@ -58,11 +62,12 @@ class tripleo::profile::base::cinder::volume ( $cinder_enable_dellsc_backend = false, $cinder_enable_hpelefthand_backend = false, - $cinder_enable_eqlx_backend = false, + $cinder_enable_dellps_backend = false, $cinder_enable_iscsi_backend = true, $cinder_enable_netapp_backend = false, $cinder_enable_nfs_backend = false, $cinder_enable_rbd_backend = false, + $cinder_enable_scaleio_backend = false, $cinder_user_enabled_backends = hiera('cinder_user_enabled_backends', undef), $step = hiera('step'), ) { @@ -85,11 +90,11 @@ class tripleo::profile::base::cinder::volume ( $cinder_hpelefthand_backend_name = undef } - if $cinder_enable_eqlx_backend { - include ::tripleo::profile::base::cinder::volume::eqlx - $cinder_eqlx_backend_name = hiera('cinder::backend::eqlx::volume_backend_name', 'tripleo_eqlx') + if $cinder_enable_dellps_backend { + include ::tripleo::profile::base::cinder::volume::dellps + $cinder_dellps_backend_name = hiera('cinder::backend::dellps::volume_backend_name', 'tripleo_dellps') } else { - $cinder_eqlx_backend_name = undef + $cinder_dellps_backend_name = undef } if $cinder_enable_iscsi_backend { @@ -120,13 +125,21 @@ class tripleo::profile::base::cinder::volume ( $cinder_rbd_backend_name = undef } + if $cinder_enable_scaleio_backend { + include ::tripleo::profile::base::cinder::volume::scaleio + $cinder_scaleio_backend_name = hiera('cinder::backend::scaleio::volume_backend_name', 'tripleo_scaleio') + } else { + $cinder_scaleio_backend_name = undef + } + $backends = delete_undef_values([$cinder_iscsi_backend_name, $cinder_rbd_backend_name, - $cinder_eqlx_backend_name, + $cinder_dellps_backend_name, $cinder_dellsc_backend_name, $cinder_hpelefthand_backend_name, $cinder_netapp_backend_name, $cinder_nfs_backend_name, + $cinder_scaleio_backend_name, $cinder_user_enabled_backends]) # NOTE(aschultz): during testing it was found that puppet 3 may incorrectly # include a "" in the previous array which is not removed by the diff --git a/manifests/profile/base/cinder/volume/eqlx.pp b/manifests/profile/base/cinder/volume/dellps.pp index fe24f4b..1338240 100644 --- a/manifests/profile/base/cinder/volume/eqlx.pp +++ b/manifests/profile/base/cinder/volume/dellps.pp @@ -12,23 +12,23 @@ # License for the specific language governing permissions and limitations # under the License. # -# == Class: tripleo::profile::base::cinder::volume::eqlx +# == Class: tripleo::profile::base::cinder::volume::dellps # -# Cinder Volume eqlx profile for tripleo +# Cinder Volume for dellps profile tripleo # # === Parameters # # [*backend_name*] # (Optional) Name given to the Cinder backend stanza -# Defaults to 'tripleo_eqlx' +# Defaults to 'tripleo_dellps' # # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') # -class tripleo::profile::base::cinder::volume::eqlx ( - $backend_name = hiera('cinder::backend::eqlx::volume_backend_name', 'tripleo_eqlx'), +class tripleo::profile::base::cinder::volume::dellps ( + $backend_name = hiera('cinder::backend::eqlx::volume_backend_name', 'tripleo_dellps'), $step = hiera('step'), ) { include ::tripleo::profile::base::cinder::volume diff --git a/manifests/profile/base/cinder/volume/scaleio.pp b/manifests/profile/base/cinder/volume/scaleio.pp new file mode 100644 index 0000000..a30cffa --- /dev/null +++ b/manifests/profile/base/cinder/volume/scaleio.pp @@ -0,0 +1,56 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::cinder::volume::scaleio +# +# Cinder Volume scaleio profile for tripleo +# +# === Parameters +# +# [*backend_name*] +# (Optional) Name given to the Cinder backend stanza +# Defaults to 'tripleo_scaleio' +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::cinder::volume::scaleio ( + $backend_name = hiera('cinder::backend::scaleio::volume_backend_name', 'tripleo_scaleio'), + $step = hiera('step'), +) { + include ::tripleo::profile::base::cinder::volume + + if $step >= 4 { + cinder::backend::scaleio { $backend_name : + sio_login => hiera('cinder::backend::scaleio::sio_login', undef), + sio_password => hiera('cinder::backend::scaleio::sio_password', undef), + sio_server_hostname => hiera('cinder::backend::scaleio::sio_server_hostname', undef), + sio_server_port => hiera('cinder::backend::scaleio::sio_server_port', undef), + sio_verify_server_certificate => hiera('cinder::backend::scaleio::sio_verify_server_certificate', undef), + sio_server_certificate_path => hiera('cinder::backend::scaleio::sio_server_certificate_path', undef), + sio_protection_domain_name => hiera('cinder::backend::scaleio::sio_protection_domain_name', undef), + sio_protection_domain_id => hiera('cinder::backend::scaleio::sio_protection_domain_id', undef), + sio_storage_pool_id => hiera('cinder::backend::scaleio::sio_storage_pool_id', undef), + sio_storage_pool_name => hiera('cinder::backend::scaleio::sio_storage_pool_name', undef), + sio_storage_pools => hiera('cinder::backend::scaleio::sio_storage_pools', undef), + sio_round_volume_capacity => hiera('cinder::backend::scaleio::sio_round_volume_capacity', undef), + sio_unmap_volume_before_deletion => hiera('cinder::backend::scaleio::sio_unmap_volume_before_deletion', undef), + sio_max_over_subscription_ratio => hiera('cinder::backend::scaleio::sio_max_over_subscription_ratio', undef), + sio_thin_provision => hiera('cinder::backend::scaleio::sio_thin_provision', undef), + } + } + +} diff --git a/manifests/profile/base/congress.pp b/manifests/profile/base/congress.pp index 1731e81..3d1a693 100644 --- a/manifests/profile/base/congress.pp +++ b/manifests/profile/base/congress.pp @@ -22,43 +22,43 @@ # (Optional) The hostname of the node responsible for bootstrapping tasks # Defaults to hiera('bootstrap_nodeid') # -# [*messaging_driver*] -# Driver for messaging service. -# Defaults to hiera('messaging_service_name', 'rabbit') +# [*step*] +# (Optional) The current step of the deployment +# Defaults to hiera('step') # -# [*messaging_hosts*] -# list of the messaging host fqdns -# Defaults to hiera('rabbitmq_node_names') +# [*oslomsg_rpc_proto*] +# Protocol driver for the oslo messaging rpc service +# Defaults to hiera('messaging_rpc_service_name', rabbit) # -# [*messaging_password*] -# Password for messaging congress queue -# Defaults to hiera('congress::rabbit_password') +# [*oslomsg_rpc_hosts*] +# list of the oslo messaging rpc host fqdns +# Defaults to hiera('rabbitmq_node_names') # -# [*messaging_port*] -# IP port for messaging service +# [*oslomsg_rpc_port*] +# IP port for oslo messaging rpc service # Defaults to hiera('congress::rabbit_port', 5672) # -# [*messaging_username*] -# Username for messaging congress queue +# [*oslomsg_rpc_username*] +# Username for oslo messaging rpc service # Defaults to hiera('congress::rabbit_userid', 'guest') # -# [*messaging_use_ssl*] -# Flag indicating ssl usage. -# Defaults to hiera('congress::rabbit_use_ssl', '0') +# [*oslomsg_rpc_password*] +# Password for oslo messaging rpc service +# Defaults to hiera('congress::rabbit_password') # -# [*step*] -# (Optional) The current step of the deployment -# Defaults to hiera('step') +# [*oslomsg_use_ssl*] +# Enable ssl oslo messaging services +# Defaults to hiera('congress::rabbit_use_ssl', '0') class tripleo::profile::base::congress ( $bootstrap_node = hiera('bootstrap_nodeid', undef), - $messaging_driver = hiera('messaging_service_name', 'rabbit'), - $messaging_hosts = any2array(hiera('rabbitmq_node_names', undef)), - $messaging_password = hiera('congress::rabbit_password'), - $messaging_port = hiera('congress::rabbit_port', '5672'), - $messaging_username = hiera('congress::rabbit_userid', 'guest'), - $messaging_use_ssl = hiera('congress::rabbit_use_ssl', '0'), $step = hiera('step'), + $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), + $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_rpc_password = hiera('congress::rabbit_password'), + $oslomsg_rpc_port = hiera('congress::rabbit_port', '5672'), + $oslomsg_rpc_username = hiera('congress::rabbit_userid', 'guest'), + $oslomsg_use_ssl = hiera('congress::rabbit_use_ssl', '0'), ) { if $::hostname == downcase($bootstrap_node) { $sync_db = true @@ -67,16 +67,16 @@ class tripleo::profile::base::congress ( } if $step >= 4 or ($step >= 3 and $sync_db){ - $messaging_use_ssl_real = sprintf('%s', bool2num(str2bool($messaging_use_ssl))) + $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) class { '::congress': sync_db => $sync_db, default_transport_url => os_transport_url({ - 'transport' => $messaging_driver, - 'hosts' => $messaging_hosts, - 'port' => sprintf('%s', $messaging_port), - 'username' => $messaging_username, - 'password' => $messaging_password, - 'ssl' => $messaging_use_ssl_real, + 'transport' => $oslomsg_rpc_proto, + 'hosts' => $oslomsg_rpc_hosts, + 'port' => sprintf('%s', $oslomsg_rpc_port), + 'username' => $oslomsg_rpc_username, + 'password' => $oslomsg_rpc_password, + 'ssl' => $oslomsg_use_ssl_real, }), } diff --git a/manifests/profile/base/database/mysql.pp b/manifests/profile/base/database/mysql.pp index 4ccfabc..a0193cf 100644 --- a/manifests/profile/base/database/mysql.pp +++ b/manifests/profile/base/database/mysql.pp @@ -42,6 +42,11 @@ # (Optional) Whether TLS in the internal network is enabled or not. # Defaults to hiera('enable_internal_tls', false) # +# [*generate_dropin_file_limit*] +# (Optional) Generate a systemd drop-in file to raise the file descriptor +# limit for the mysql service. +# Defaults to false +# # [*generate_service_certificates*] # (Optional) Whether or not certmonger will generate certificates for # MySQL. This could be as many as specified by the $certificates_specs @@ -72,6 +77,7 @@ class tripleo::profile::base::database::mysql ( $bootstrap_node = hiera('bootstrap_nodeid', undef), $certificate_specs = {}, $enable_internal_tls = hiera('enable_internal_tls', false), + $generate_dropin_file_limit = false, $generate_service_certificates = hiera('generate_service_certificates', false), $manage_resources = true, $mysql_server_options = {}, @@ -119,13 +125,14 @@ class tripleo::profile::base::database::mysql ( # MysqlNetwork and ControllerHostnameResolveNetwork in ServiceNetMap $mysql_server_default = { 'mysqld' => { - 'bind-address' => $bind_address, - 'max_connections' => hiera('mysql_max_connections'), - 'open_files_limit' => '-1', - 'ssl' => $enable_internal_tls, - 'ssl-key' => $tls_keyfile, - 'ssl-cert' => $tls_certfile, - 'ssl-ca' => undef, + 'bind-address' => $bind_address, + 'max_connections' => hiera('mysql_max_connections'), + 'open_files_limit' => '-1', + 'innodb_file_per_table' => 'ON', + 'ssl' => $enable_internal_tls, + 'ssl-key' => $tls_keyfile, + 'ssl-cert' => $tls_certfile, + 'ssl-ca' => undef, } } $mysql_server_options_real = deep_merge($mysql_server_default, $mysql_server_options) @@ -138,6 +145,15 @@ class tripleo::profile::base::database::mysql ( service_enabled => $manage_resources, remove_default_accounts => $remove_default_accounts, } + + if $generate_dropin_file_limit { + # Raise the mysql file limit + ::systemd::service_limits { 'mariadb.service': + limits => { + LimitNOFILE => 16384 + } + } + } } if $step >= 2 and $sync_db { @@ -166,6 +182,9 @@ class tripleo::profile::base::database::mysql ( if hiera('ironic_api_enabled', false) { include ::ironic::db::mysql } + if hiera('ironic_inspector_enabled', false) { + include ::ironic::inspector::db::mysql + } if hiera('keystone_enabled', false) { include ::keystone::db::mysql } diff --git a/manifests/profile/base/database/mysql/client.pp b/manifests/profile/base/database/mysql/client.pp new file mode 100644 index 0000000..22384a9 --- /dev/null +++ b/manifests/profile/base/database/mysql/client.pp @@ -0,0 +1,93 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::haproxy +# +# Loadbalancer profile for tripleo +# +# === Parameters +# +# [*enable_ssl*] +# (Optional) Whether SSL should be used for the connection to the server or +# not. +# Defaults to false +# +# [*mysql_read_default_file*] +# (Optional) Name of the file that will be passed to pymysql connection strings +# Defaults to '/etc/my.cnf.d/tripleo.cnf' +# +# [*mysql_read_default_group*] +# (Optional) Name of the ini section to be passed to pymysql connection strings +# Defaults to 'tripleo' +# +# [*mysql_client_bind_address*] +# (Optional) Client IP address of the host that will be written in the mysql_read_default_file +# Defaults to undef +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::database::mysql::client ( + $enable_ssl = false, + $mysql_read_default_file = '/etc/my.cnf.d/tripleo.cnf', + $mysql_read_default_group = 'tripleo', + $mysql_client_bind_address = undef, + $step = hiera('step'), +) { + if $step >= 1 { + # If the folder /etc/my.cnf.d does not exist (e.g. if mariadb is not + # present in the base image but installed as a package afterwards), + # create it. We do not want to touch the permissions in case it already + # exists due to the mariadb server package being pre-installed + # Note: We use exec instead of file in the case that the mysql class is + # included on this node as well (we'd get duplicate declaration in such a + # situation when using file) + if $mysql_client_bind_address { + $client_bind_changes = [ + "set ${mysql_read_default_group}/bind-address '${mysql_client_bind_address}'" + ] + } else { + $client_bind_changes = [ + "rm ${mysql_read_default_group}/bind-address" + ] + } + + if $enable_ssl { + $changes_ssl = [ + "set ${mysql_read_default_group}/ssl '1'", + "set ${mysql_read_default_group}/ssl-ca '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt'" + ] + } else { + $changes_ssl = [ + "rm ${mysql_read_default_group}/ssl", + "rm ${mysql_read_default_group}/ssl-ca" + ] + } + + $conf_changes = union($client_bind_changes, $changes_ssl) + + # Create /etc/my.cnf.d/tripleo.cnf + exec { 'directory-create-etc-my.cnf.d': + command => 'mkdir -p /etc/my.cnf.d', + path => ['/usr/bin', '/usr/sbin', '/bin', '/sbin'], + } -> + augeas { 'tripleo-mysql-client-conf': + incl => $mysql_read_default_file, + lens => 'Puppet.lns', + changes => $conf_changes, + } + } +} diff --git a/manifests/profile/base/docker.pp b/manifests/profile/base/docker.pp new file mode 100644 index 0000000..5e18a85 --- /dev/null +++ b/manifests/profile/base/docker.pp @@ -0,0 +1,68 @@ +# Copyright 2017 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::docker +# +# docker profile for tripleo +# +# === Parameters +# +# [*docker_namespace*] +# The namespace to be used when setting INSECURE_REGISTRY +# this will be split on "/" to derive the docker registry +# (defaults to undef) +# +# [*insecure_registry*] +# Set docker_namespace to INSECURE_REGISTRY, used when a local registry +# is enabled (defaults to false) +# +# [*step*] +# step defaults to hiera('step') +# +class tripleo::profile::base::docker ( + $docker_namespace = undef, + $insecure_registry = false, + $step = hiera('step'), +) { + if $step >= 1 { + package {'docker': + ensure => installed, + } + + service { 'docker': + ensure => 'running', + enable => true, + require => Package['docker'], + } + + if $insecure_registry { + if $docker_namespace == undef { + fail('You must provide a $docker_namespace in order to configure insecure registry') + } + $namespace = strip($docker_namespace.split('/')[0]) + $changes = [ "set INSECURE_REGISTRY '\"--insecure-registry ${namespace}\"'", ] + } else { + $changes = [ 'rm INSECURE_REGISTRY', ] + } + + augeas { 'docker-sysconfig': + lens => 'Shellvars.lns', + incl => '/etc/sysconfig/docker', + changes => $changes, + subscribe => Package['docker'], + notify => Service['docker'], + } + } +} diff --git a/manifests/profile/base/docker_registry.pp b/manifests/profile/base/docker_registry.pp index ebe84bf..0452575 100644 --- a/manifests/profile/base/docker_registry.pp +++ b/manifests/profile/base/docker_registry.pp @@ -38,7 +38,8 @@ class tripleo::profile::base::docker_registry ( ) { # We want a v2 registry package{'docker-registry': - ensure => absent, + ensure => absent, + allow_virtual => false, } package{'docker-distribution': } package{'docker': } diff --git a/manifests/profile/base/gnocchi/metricd.pp b/manifests/profile/base/gnocchi/metricd.pp index e69bbd5..f6f80cd 100644 --- a/manifests/profile/base/gnocchi/metricd.pp +++ b/manifests/profile/base/gnocchi/metricd.pp @@ -30,7 +30,5 @@ class tripleo::profile::base::gnocchi::metricd ( if $step >= 5 { include ::gnocchi::metricd - Keystone_endpoint<||> -> Service['gnocchi-metricd'] - Keystone_user_role<||> -> Service['gnocchi-metricd'] } } diff --git a/manifests/profile/base/gnocchi/statsd.pp b/manifests/profile/base/gnocchi/statsd.pp index 1fe4067..7c98a0a 100644 --- a/manifests/profile/base/gnocchi/statsd.pp +++ b/manifests/profile/base/gnocchi/statsd.pp @@ -30,7 +30,5 @@ class tripleo::profile::base::gnocchi::statsd ( if $step >= 5 { include ::gnocchi::statsd - Keystone_endpoint<||> -> Service['gnocchi-statsd'] - Keystone_user_role<||> -> Service['gnocchi-statsd'] } } diff --git a/manifests/profile/base/heat.pp b/manifests/profile/base/heat.pp index 6e7e5f6..4ff5b41 100644 --- a/manifests/profile/base/heat.pp +++ b/manifests/profile/base/heat.pp @@ -35,21 +35,66 @@ # for more details. # Defaults to hiera('step') # -# [*rabbit_hosts*] -# list of the rabbbit host fqdns +# [*oslomsg_rpc_proto*] +# Protocol driver for the oslo messaging rpc service +# Defaults to hiera('messaging_rpc_service_name', rabbit) +# +# [*oslomsg_rpc_hosts*] +# list of the oslo messaging rpc host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*oslomsg_rpc_port*] +# IP port for oslo messaging rpc service +# Defaults to hiera('heat::rabbit_port', 5672) +# +# [*oslomsg_rpc_username*] +# Username for oslo messaging rpc service +# Defaults to hiera('heat::rabbit_userid', 'guest') +# +# [*oslomsg_rpc_password*] +# Password for oslo messaging rpc service +# Defaults to hiera('heat::rabbit_password') +# +# [*oslomsg_notify_proto*] +# Protocol driver for the oslo messaging notify service +# Defaults to hiera('messaging_notify_service_name', rabbit) +# +# [*oslomsg_notify_hosts*] +# list of the oslo messaging notify host fqdns # Defaults to hiera('rabbitmq_node_names') # -# [*rabbit_port*] -# IP port for rabbitmq service +# [*oslomsg_notify_port*] +# IP port for oslo messaging notify service # Defaults to hiera('heat::rabbit_port', 5672) +# +# [*oslomsg_notify_username*] +# Username for oslo messaging notify service +# Defaults to hiera('heat::rabbit_userid', 'guest') +# +# [*oslomsg_notify_password*] +# Password for oslo messaging notify service +# Defaults to hiera('heat::rabbit_password') +# +# [*oslomsg_use_ssl*] +# Enable ssl oslo messaging services +# Defaults to hiera('heat::rabbit_use_ssl', '0') class tripleo::profile::base::heat ( - $bootstrap_node = downcase(hiera('bootstrap_nodeid')), - $manage_db_purge = hiera('heat_enable_db_purge', true), - $notification_driver = 'messaging', - $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_names', undef), - $rabbit_port = hiera('heat::rabbit_port', 5672), + $bootstrap_node = downcase(hiera('bootstrap_nodeid')), + $manage_db_purge = hiera('heat_enable_db_purge', true), + $notification_driver = 'messaging', + $step = hiera('step'), + $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), + $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_rpc_password = hiera('heat::rabbit_password'), + $oslomsg_rpc_port = hiera('heat::rabbit_port', '5672'), + $oslomsg_rpc_username = hiera('heat::rabbit_userid', 'guest'), + $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'), + $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_notify_password = hiera('heat::rabbit_password'), + $oslomsg_notify_port = hiera('heat::rabbit_port', '5672'), + $oslomsg_notify_username = hiera('heat::rabbit_userid', 'guest'), + $oslomsg_use_ssl = hiera('heat::rabbit_use_ssl', '0'), ) { # Domain resources will be created at step5 on the node running keystone.pp # configure heat.conf at step3 and 4 but actually create the domain later. @@ -60,10 +105,26 @@ class tripleo::profile::base::heat ( manage_role => false, } - $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") + $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) + class { '::heat' : - notification_driver => $notification_driver, - rabbit_hosts => $rabbit_endpoints, + notification_driver => $notification_driver, + default_transport_url => os_transport_url({ + 'transport' => $oslomsg_rpc_proto, + 'hosts' => $oslomsg_rpc_hosts, + 'port' => $oslomsg_rpc_port, + 'username' => $oslomsg_rpc_username, + 'password' => $oslomsg_rpc_password, + 'ssl' => $oslomsg_use_ssl_real, + }), + notification_transport_url => os_transport_url({ + 'transport' => $oslomsg_notify_proto, + 'hosts' => $oslomsg_notify_hosts, + 'port' => $oslomsg_notify_port, + 'username' => $oslomsg_notify_username, + 'password' => $oslomsg_notify_password, + 'ssl' => $oslomsg_use_ssl_real, + }), } include ::heat::config include ::heat::cors diff --git a/manifests/profile/base/heat/api.pp b/manifests/profile/base/heat/api.pp index 7166298..9ffba9c 100644 --- a/manifests/profile/base/heat/api.pp +++ b/manifests/profile/base/heat/api.pp @@ -18,18 +18,70 @@ # # === Parameters # +# [*certificates_specs*] +# (Optional) The specifications to give to certmonger for the certificate(s) +# it will create. +# Example with hiera: +# apache_certificates_specs: +# httpd-internal_api: +# hostname: <overcloud controller fqdn> +# service_certificate: <service certificate path> +# service_key: <service key path> +# principal: "haproxy/<overcloud controller fqdn>" +# Defaults to hiera('apache_certificate_specs', {}). +# +# [*enable_internal_tls*] +# (Optional) Whether TLS in the internal network is enabled or not. +# Defaults to hiera('enable_internal_tls', false) +# +# [*generate_service_certificates*] +# (Optional) Whether or not certmonger will generate certificates for +# HAProxy. This could be as many as specified by the $certificates_specs +# variable. +# Note that this doesn't configure the certificates in haproxy, it merely +# creates the certificates. +# Defaults to hiera('generate_service_certificate', false). +# +# [*heat_api_network*] +# (Optional) The network name where the heat API endpoint is listening on. +# This is set by t-h-t. +# Defaults to hiera('heat_api_network', undef) +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') # class tripleo::profile::base::heat::api ( - $step = hiera('step'), + $certificates_specs = hiera('apache_certificates_specs', {}), + $enable_internal_tls = hiera('enable_internal_tls', false), + $generate_service_certificates = hiera('generate_service_certificates', false), + $heat_api_network = hiera('heat_api_network', undef), + $step = hiera('step'), ) { include ::tripleo::profile::base::heat + if $enable_internal_tls { + if $generate_service_certificates { + ensure_resources('tripleo::certmonger::httpd', $certificates_specs) + } + + if !$heat_api_network { + fail('heat_api_network is not set in the hieradata.') + } + $tls_certfile = $certificates_specs["httpd-${heat_api_network}"]['service_certificate'] + $tls_keyfile = $certificates_specs["httpd-${heat_api_network}"]['service_key'] + } else { + $tls_certfile = undef + $tls_keyfile = undef + } + if $step >= 4 { include ::heat::api + class { '::heat::wsgi::apache_api': + ssl_cert => $tls_certfile, + ssl_key => $tls_keyfile, + } } } diff --git a/manifests/profile/base/heat/api_cfn.pp b/manifests/profile/base/heat/api_cfn.pp index c1adae6..987d3b2 100644 --- a/manifests/profile/base/heat/api_cfn.pp +++ b/manifests/profile/base/heat/api_cfn.pp @@ -18,18 +18,71 @@ # # === Parameters # +# [*certificates_specs*] +# (Optional) The specifications to give to certmonger for the certificate(s) +# it will create. +# Example with hiera: +# apache_certificates_specs: +# httpd-internal_api: +# hostname: <overcloud controller fqdn> +# service_certificate: <service certificate path> +# service_key: <service key path> +# principal: "haproxy/<overcloud controller fqdn>" +# Defaults to hiera('apache_certificate_specs', {}). +# +# [*enable_internal_tls*] +# (Optional) Whether TLS in the internal network is enabled or not. +# Defaults to hiera('enable_internal_tls', false) +# +# [*generate_service_certificates*] +# (Optional) Whether or not certmonger will generate certificates for +# HAProxy. This could be as many as specified by the $certificates_specs +# variable. +# Note that this doesn't configure the certificates in haproxy, it merely +# creates the certificates. +# Defaults to hiera('generate_service_certificate', false). +# +# [*heat_api_cfn_network*] +# (Optional) The network name where the heat cfn endpoint is listening on. +# This is set by t-h-t. +# Defaults to hiera('heat_api_cfn_network', undef) +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') # class tripleo::profile::base::heat::api_cfn ( - $step = hiera('step'), + $certificates_specs = hiera('apache_certificates_specs', {}), + $enable_internal_tls = hiera('enable_internal_tls', false), + $generate_service_certificates = hiera('generate_service_certificates', false), + $heat_api_cfn_network = hiera('heat_api_cfn_network', undef), + $step = hiera('step'), ) { include ::tripleo::profile::base::heat + if $enable_internal_tls { + if $generate_service_certificates { + ensure_resources('tripleo::certmonger::httpd', $certificates_specs) + } + + if !$heat_api_cfn_network { + fail('heat_api_cfn_network is not set in the hieradata.') + } + $tls_certfile = $certificates_specs["httpd-${heat_api_cfn_network}"]['service_certificate'] + $tls_keyfile = $certificates_specs["httpd-${heat_api_cfn_network}"]['service_key'] + } else { + $tls_certfile = undef + $tls_keyfile = undef + } + if $step >= 4 { include ::heat::api_cfn + + class { '::heat::wsgi::apache_api_cfn': + ssl_cert => $tls_certfile, + ssl_key => $tls_keyfile, + } } } diff --git a/manifests/profile/base/heat/api_cloudwatch.pp b/manifests/profile/base/heat/api_cloudwatch.pp index 3004db9..4dd2607 100644 --- a/manifests/profile/base/heat/api_cloudwatch.pp +++ b/manifests/profile/base/heat/api_cloudwatch.pp @@ -18,18 +18,71 @@ # # === Parameters # +# [*certificates_specs*] +# (Optional) The specifications to give to certmonger for the certificate(s) +# it will create. +# Example with hiera: +# apache_certificates_specs: +# httpd-internal_api: +# hostname: <overcloud controller fqdn> +# service_certificate: <service certificate path> +# service_key: <service key path> +# principal: "haproxy/<overcloud controller fqdn>" +# Defaults to hiera('apache_certificate_specs', {}). +# +# [*enable_internal_tls*] +# (Optional) Whether TLS in the internal network is enabled or not. +# Defaults to hiera('enable_internal_tls', false) +# +# [*generate_service_certificates*] +# (Optional) Whether or not certmonger will generate certificates for +# HAProxy. This could be as many as specified by the $certificates_specs +# variable. +# Note that this doesn't configure the certificates in haproxy, it merely +# creates the certificates. +# Defaults to hiera('generate_service_certificate', false). +# +# [*heat_api_cloudwatch_network*] +# (Optional) The network name where the heat cloudwatch endpoint is listening +# on. This is set by t-h-t. +# Defaults to hiera('heat_api_cloudwatch_network', undef) +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') # class tripleo::profile::base::heat::api_cloudwatch ( - $step = hiera('step'), + $certificates_specs = hiera('apache_certificates_specs', {}), + $enable_internal_tls = hiera('enable_internal_tls', false), + $generate_service_certificates = hiera('generate_service_certificates', false), + $heat_api_cloudwatch_network = hiera('heat_api_cloudwatch_network', undef), + $step = hiera('step'), ) { include ::tripleo::profile::base::heat + if $enable_internal_tls { + if $generate_service_certificates { + ensure_resources('tripleo::certmonger::httpd', $certificates_specs) + } + + if !$heat_api_cloudwatch_network { + fail('heat_api_cloudwatch_network is not set in the hieradata.') + } + $tls_certfile = $certificates_specs["httpd-${heat_api_cloudwatch_network}"]['service_certificate'] + $tls_keyfile = $certificates_specs["httpd-${heat_api_cloudwatch_network}"]['service_key'] + } else { + $tls_certfile = undef + $tls_keyfile = undef + } + if $step >= 4 { include ::heat::api_cloudwatch + + class { '::heat::wsgi::apache_api_cloudwatch': + ssl_cert => $tls_certfile, + ssl_key => $tls_keyfile, + } } } diff --git a/manifests/profile/base/horizon.pp b/manifests/profile/base/horizon.pp index bd28ab0..278c25c 100644 --- a/manifests/profile/base/horizon.pp +++ b/manifests/profile/base/horizon.pp @@ -23,8 +23,13 @@ # for more details. # Defaults to hiera('step') # +# [*neutron_options*] +# (Optional) A hash of parameters to enable features specific to Neutron +# Defaults to hiera('horizon::neutron_options', {}) +# class tripleo::profile::base::horizon ( - $step = hiera('step'), + $step = hiera('step'), + $neutron_options = hiera('horizon::neutron_options', {}), ) { if $step >= 4 { # Horizon @@ -35,7 +40,7 @@ class tripleo::profile::base::horizon ( } else { $_profile_support = 'None' } - $neutron_options = {'profile_support' => $_profile_support } + $neutron_options_real = merge({'profile_support' => $_profile_support }, $neutron_options) $memcached_ipv6 = hiera('memcached_ipv6', false) if $memcached_ipv6 { $horizon_memcached_servers = hiera('memcached_node_ips_v6', '[::1]') @@ -44,7 +49,7 @@ class tripleo::profile::base::horizon ( } class { '::horizon': cache_server_ip => $horizon_memcached_servers, - neutron_options => $neutron_options, + neutron_options => $neutron_options_real, } } } diff --git a/manifests/profile/base/ironic.pp b/manifests/profile/base/ironic.pp index 5db1e1f..7ba629f 100644 --- a/manifests/profile/base/ironic.pp +++ b/manifests/profile/base/ironic.pp @@ -26,19 +26,39 @@ # (Optional) The current step of the deployment # Defaults to hiera('step') # -# [*rabbit_hosts*] -# list of the rabbbit host fqdns +# [*oslomsg_rpc_proto*] +# Protocol driver for the oslo messaging rpc service +# Defaults to hiera('messaging_rpc_service_name', rabbit) +# +# [*oslomsg_rpc_hosts*] +# list of the oslo messaging rpc host fqdns # Defaults to hiera('rabbitmq_node_names') # -# [*rabbit_port*] -# IP port for rabbitmq service +# [*oslomsg_rpc_port*] +# IP port for oslo messaging rpc service # Defaults to hiera('ironic::rabbit_port', 5672) +# +# [*oslomsg_rpc_username*] +# Username for oslo messaging rpc service +# Defaults to hiera('ironic::rabbit_userid', 'guest') +# +# [*oslomsg_rpc_password*] +# Password for oslo messaging rpc service +# Defaults to hiera('ironic::rabbit_password') +# +# [*oslomsg_use_ssl*] +# Enable ssl oslo messaging services +# Defaults to hiera('ironic::rabbit_use_ssl', '0') class tripleo::profile::base::ironic ( - $bootstrap_node = hiera('bootstrap_nodeid', undef), - $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_names', undef), - $rabbit_port = hiera('ironic::rabbit_port', 5672), + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $step = hiera('step'), + $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), + $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_rpc_password = hiera('ironic::rabbit_password'), + $oslomsg_rpc_port = hiera('ironic::rabbit_port', '5672'), + $oslomsg_rpc_username = hiera('ironic::rabbit_userid', 'guest'), + $oslomsg_use_ssl = hiera('ironic::rabbit_use_ssl', '0'), ) { # Database is accessed by both API and conductor, hence it's here. if $::hostname == downcase($bootstrap_node) { @@ -48,12 +68,20 @@ class tripleo::profile::base::ironic ( } if $step >= 4 or ($step >= 3 and $sync_db) { - $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") + $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) class { '::ironic': - sync_db => $sync_db, - rabbit_hosts => $rabbit_endpoints, + sync_db => $sync_db, + default_transport_url => os_transport_url({ + 'transport' => $oslomsg_rpc_proto, + 'hosts' => $oslomsg_rpc_hosts, + 'port' => sprintf('%s', $oslomsg_rpc_port), + 'username' => $oslomsg_rpc_username, + 'password' => $oslomsg_rpc_password, + 'ssl' => $oslomsg_use_ssl_real, + }), } + include ::ironic::config include ::ironic::cors } } diff --git a/manifests/profile/base/ironic_inspector.pp b/manifests/profile/base/ironic_inspector.pp new file mode 100644 index 0000000..b4276c6 --- /dev/null +++ b/manifests/profile/base/ironic_inspector.pp @@ -0,0 +1,46 @@ +# Copyright 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::ironic_inspector +# +# Ironic inspector profile for TripleO +# +# === Parameters +# +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# +# [*step*] +# (Optional) The current step of the deployment +# Defaults to hiera('step') + +class tripleo::profile::base::ironic_inspector ( + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $step = hiera('step'), +) { + + if $::hostname == downcase($bootstrap_node) { + $sync_db = true + } else { + $sync_db = false + } + + if $step >= 4 or ($step >= 3 and $sync_db) { + class { '::ironic::inspector': + sync_db => $sync_db, + } + } + +} diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index 72049e3..9b2fc51 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -76,15 +76,50 @@ # This is set by t-h-t. # Defaults to hiera('keystone_public_api_network', undef) # +# [*oslomsg_rpc_proto*] +# Protocol driver for the oslo messaging rpc service +# Defaults to hiera('messaging_rpc_service_name', rabbit) # -# [*rabbit_hosts*] -# list of the rabbbit host fqdns +# [*oslomsg_rpc_hosts*] +# list of the oslo messaging rpc host fqdns # Defaults to hiera('rabbitmq_node_names') # -# [*rabbit_port*] -# IP port for rabbitmq service +# [*oslomsg_rpc_port*] +# IP port for oslo messaging rpc service # Defaults to hiera('keystone::rabbit_port', 5672) # +# [*oslomsg_rpc_username*] +# Username for oslo messaging rpc service +# Defaults to hiera('keystone::rabbit_userid', 'guest') +# +# [*oslomsg_rpc_password*] +# Password for oslo messaging rpc service +# Defaults to hiera('keystone::rabbit_password') +# +# [*oslomsg_notify_proto*] +# Protocol driver for the oslo messaging notify service +# Defaults to hiera('messaging_notify_service_name', rabbit) +# +# [*oslomsg_notify_hosts*] +# list of the oslo messaging notify host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*oslomsg_notify_port*] +# IP port for oslo messaging notify service +# Defaults to hiera('keystone::rabbit_port', 5672) +# +# [*oslomsg_notify_username*] +# Username for oslo messaging notify service +# Defaults to hiera('keystone::rabbit_userid', 'guest') +# +# [*oslomsg_notify_password*] +# Password for oslo messaging notify service +# Defaults to hiera('keystone::rabbit_password') +# +# [*oslomsg_use_ssl*] +# Enable ssl oslo messaging services +# Defaults to hiera('keystone::rabbit_use_ssl', '0') +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. @@ -102,8 +137,17 @@ class tripleo::profile::base::keystone ( $heat_admin_user = undef, $manage_db_purge = hiera('keystone_enable_db_purge', true), $public_endpoint_network = hiera('keystone_public_api_network', undef), - $rabbit_hosts = hiera('rabbitmq_node_names', undef), - $rabbit_port = hiera('keystone::rabbit_port', 5672), + $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), + $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_rpc_password = hiera('keystone::rabbit_password'), + $oslomsg_rpc_port = hiera('keystone::rabbit_port', '5672'), + $oslomsg_rpc_username = hiera('keystone::rabbit_userid', 'guest'), + $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'), + $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_notify_password = hiera('keystone::rabbit_password'), + $oslomsg_notify_port = hiera('keystone::rabbit_port', '5672'), + $oslomsg_notify_username = hiera('keystone::rabbit_userid', 'guest'), + $oslomsg_use_ssl = hiera('keystone::rabbit_use_ssl', '0'), $step = hiera('step'), ) { if $::hostname == downcase($bootstrap_node) { @@ -142,11 +186,26 @@ class tripleo::profile::base::keystone ( } if $step >= 4 or ( $step >= 3 and $sync_db ) { - $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") + $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) class { '::keystone': - sync_db => $sync_db, - enable_bootstrap => $sync_db, - rabbit_hosts => $rabbit_endpoints, + sync_db => $sync_db, + enable_bootstrap => $sync_db, + default_transport_url => os_transport_url({ + 'transport' => $oslomsg_rpc_proto, + 'hosts' => $oslomsg_rpc_hosts, + 'port' => $oslomsg_rpc_port, + 'username' => $oslomsg_rpc_username, + 'password' => $oslomsg_rpc_password, + 'ssl' => $oslomsg_use_ssl_real, + }), + notification_transport_url => os_transport_url({ + 'transport' => $oslomsg_notify_proto, + 'hosts' => $oslomsg_notify_hosts, + 'port' => $oslomsg_notify_port, + 'username' => $oslomsg_notify_username, + 'password' => $oslomsg_notify_password, + 'ssl' => $oslomsg_use_ssl_real, + }), } include ::keystone::config @@ -157,22 +216,13 @@ class tripleo::profile::base::keystone ( ssl_key_admin => $tls_keyfile_admin, } include ::keystone::cors - - if $manage_roles { - include ::keystone::roles::admin - } - - if $manage_endpoint { - include ::keystone::endpoint - } - } - if $step >= 5 and $manage_db_purge { + if $step >= 4 and $manage_db_purge { include ::keystone::cron::token_flush } - if $step >= 5 and $manage_domain { + if $step == 3 and $manage_domain { if hiera('heat_engine_enabled', false) { # create these seperate and don't use ::heat::keystone::domain since # that class writes out the configs @@ -193,7 +243,12 @@ class tripleo::profile::base::keystone ( } } - if $step >= 5 and $manage_endpoint{ + if $step == 3 and $manage_roles { + include ::keystone::roles::admin + } + + if $step == 3 and $manage_endpoint { + include ::keystone::endpoint if hiera('aodh_api_enabled', false) { include ::aodh::keystone::auth } @@ -227,6 +282,9 @@ class tripleo::profile::base::keystone ( if hiera('ironic_api_enabled', false) { include ::ironic::keystone::auth } + if hiera('ironic_inspector_enabled', false) { + include ::ironic::keystone::auth_inspector + } if hiera('manila_api_enabled', false) { include ::manila::keystone::auth } diff --git a/manifests/profile/base/manila.pp b/manifests/profile/base/manila.pp index f021f64..cad2cdf 100644 --- a/manifests/profile/base/manila.pp +++ b/manifests/profile/base/manila.pp @@ -26,19 +26,64 @@ # (Optional) The current step of the deployment # Defaults to hiera('step') # -# [*rabbit_hosts*] -# list of the rabbbit host fqdns +# [*oslomsg_rpc_proto*] +# Protocol driver for the oslo messaging rpc service +# Defaults to hiera('messaging_rpc_service_name', rabbit) +# +# [*oslomsg_rpc_hosts*] +# list of the oslo messaging rpc host fqdns # Defaults to hiera('rabbitmq_node_names') # -# [*rabbit_port*] -# IP port for rabbitmq service +# [*oslomsg_rpc_port*] +# IP port for oslo messaging rpc service # Defaults to hiera('manila::rabbit_port', 5672) +# +# [*oslomsg_rpc_username*] +# Username for oslo messaging rpc service +# Defaults to hiera('manila::rabbit_userid', 'guest') +# +# [*oslomsg_rpc_password*] +# Password for oslo messaging rpc service +# Defaults to hiera('manila::rabbit_password') +# +# [*oslomsg_notify_proto*] +# Protocol driver for the oslo messaging notify service +# Defaults to hiera('messaging_notify_service_name', rabbit) +# +# [*oslomsg_notify_hosts*] +# list of the oslo messaging notify host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*oslomsg_notify_port*] +# IP port for oslo messaging notify service +# Defaults to hiera('manila::rabbit_port', 5672) +# +# [*oslomsg_notify_username*] +# Username for oslo messaging notify service +# Defaults to hiera('manila::rabbit_userid', 'guest') +# +# [*oslomsg_notify_password*] +# Password for oslo messaging notify service +# Defaults to hiera('manila::rabbit_password') +# +# [*oslomsg_use_ssl*] +# Enable ssl oslo messaging services +# Defaults to hiera('manila::rabbit_use_ssl', '0') class tripleo::profile::base::manila ( - $bootstrap_node = hiera('bootstrap_nodeid', undef), - $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_names', undef), - $rabbit_port = hiera('manila::rabbit_port', 5672), + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $step = hiera('step'), + $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), + $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_rpc_password = hiera('manila::rabbit_password'), + $oslomsg_rpc_port = hiera('manila::rabbit_port', '5672'), + $oslomsg_rpc_username = hiera('manila::rabbit_userid', 'guest'), + $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'), + $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_notify_password = hiera('manila::rabbit_password'), + $oslomsg_notify_port = hiera('manila::rabbit_port', '5672'), + $oslomsg_notify_username = hiera('manila::rabbit_userid', 'guest'), + $oslomsg_use_ssl = hiera('manila::rabbit_use_ssl', '0'), ) { if $::hostname == downcase($bootstrap_node) { $sync_db = true @@ -47,9 +92,24 @@ class tripleo::profile::base::manila ( } if $step >= 4 or ($step >= 3 and $sync_db) { - $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") + $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) class { '::manila' : - rabbit_hosts => $rabbit_endpoints, + default_transport_url => os_transport_url({ + 'transport' => $oslomsg_rpc_proto, + 'hosts' => $oslomsg_rpc_hosts, + 'port' => $oslomsg_rpc_port, + 'username' => $oslomsg_rpc_username, + 'password' => $oslomsg_rpc_password, + 'ssl' => $oslomsg_use_ssl_real, + }), + notification_transport_url => os_transport_url({ + 'transport' => $oslomsg_notify_proto, + 'hosts' => $oslomsg_notify_hosts, + 'port' => $oslomsg_notify_port, + 'username' => $oslomsg_notify_username, + 'password' => $oslomsg_notify_password, + 'ssl' => $oslomsg_use_ssl_real, + }), } include ::manila::config } diff --git a/manifests/profile/base/mistral.pp b/manifests/profile/base/mistral.pp index d8e1330..0eb849d 100644 --- a/manifests/profile/base/mistral.pp +++ b/manifests/profile/base/mistral.pp @@ -27,19 +27,64 @@ # for more details. # Defaults to hiera('step') # -# [*rabbit_hosts*] -# list of the rabbbit host fqdns +# [*oslomsg_rpc_proto*] +# Protocol driver for the oslo messaging rpc service +# Defaults to hiera('messaging_rpc_service_name', rabbit) +# +# [*oslomsg_rpc_hosts*] +# list of the oslo messaging rpc host fqdns # Defaults to hiera('rabbitmq_node_names') # -# [*rabbit_port*] -# IP port for rabbitmq service +# [*oslomsg_rpc_port*] +# IP port for oslo messaging rpc service # Defaults to hiera('mistral::rabbit_port', 5672) +# +# [*oslomsg_rpc_username*] +# Username for oslo messaging rpc service +# Defaults to hiera('mistral::rabbit_userid', 'guest') +# +# [*oslomsg_rpc_password*] +# Password for oslo messaging rpc service +# Defaults to hiera('mistral::rabbit_password') +# +# [*oslomsg_notify_proto*] +# Protocol driver for the oslo messaging notify service +# Defaults to hiera('messaging_notify_service_name', rabbit) +# +# [*oslomsg_notify_hosts*] +# list of the oslo messaging notify host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*oslomsg_notify_port*] +# IP port for oslo messaging notify service +# Defaults to hiera('mistral::rabbit_port', 5672) +# +# [*oslomsg_notify_username*] +# Username for oslo messaging notify service +# Defaults to hiera('mistral::rabbit_userid', 'guest') +# +# [*oslomsg_notify_password*] +# Password for oslo messaging notify service +# Defaults to hiera('mistral::rabbit_password') +# +# [*oslomsg_use_ssl*] +# Enable ssl oslo messaging services +# Defaults to hiera('mistral::rabbit_use_ssl', '0') class tripleo::profile::base::mistral ( - $bootstrap_node = hiera('bootstrap_nodeid', undef), - $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_names', undef), - $rabbit_port = hiera('mistral::rabbit_port', 5672), + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $step = hiera('step'), + $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), + $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_rpc_password = hiera('mistral::rabbit_password'), + $oslomsg_rpc_port = hiera('mistral::rabbit_port', '5672'), + $oslomsg_rpc_username = hiera('mistral::rabbit_userid', 'guest'), + $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'), + $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_notify_password = hiera('mistral::rabbit_password'), + $oslomsg_notify_port = hiera('mistral::rabbit_port', '5672'), + $oslomsg_notify_username = hiera('mistral::rabbit_userid', 'guest'), + $oslomsg_use_ssl = hiera('mistral::rabbit_use_ssl', '0'), ) { if $::hostname == downcase($bootstrap_node) { $sync_db = true @@ -48,9 +93,24 @@ class tripleo::profile::base::mistral ( } if $step >= 4 or ($step >= 3 and $sync_db) { - $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") + $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) class { '::mistral': - rabbit_hosts => $rabbit_endpoints, + default_transport_url => os_transport_url({ + 'transport' => $oslomsg_rpc_proto, + 'hosts' => $oslomsg_rpc_hosts, + 'port' => $oslomsg_rpc_port, + 'username' => $oslomsg_rpc_username, + 'password' => $oslomsg_rpc_password, + 'ssl' => $oslomsg_use_ssl_real, + }), + notification_transport_url => os_transport_url({ + 'transport' => $oslomsg_notify_proto, + 'hosts' => $oslomsg_notify_hosts, + 'port' => $oslomsg_notify_port, + 'username' => $oslomsg_notify_username, + 'password' => $oslomsg_notify_password, + 'ssl' => $oslomsg_use_ssl_real, + }), } include ::mistral::config include ::mistral::client diff --git a/manifests/profile/base/neutron.pp b/manifests/profile/base/neutron.pp index e6a32db..2f01b75 100644 --- a/manifests/profile/base/neutron.pp +++ b/manifests/profile/base/neutron.pp @@ -22,23 +22,111 @@ # (Optional) The current step of the deployment # Defaults to hiera('step') # -# [*rabbit_hosts*] -# list of the rabbbit host fqdns +# [*oslomsg_rpc_proto*] +# Protocol driver for the oslo messaging rpc service +# Defaults to hiera('messaging_rpc_service_name', rabbit) +# +# [*oslomsg_rpc_hosts*] +# list of the oslo messaging rpc host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*oslomsg_rpc_port*] +# IP port for oslo messaging rpc service +# Defaults to hiera('neutron::rabbit_port', 5672) +# +# [*oslomsg_rpc_username*] +# Username for oslo messaging rpc service +# Defaults to hiera('neutron::rabbit_userid', 'guest') +# +# [*oslomsg_rpc_password*] +# Password for oslo messaging rpc service +# Defaults to hiera('neutron::rabbit_password') +# +# [*oslomsg_notify_proto*] +# Protocol driver for the oslo messaging notify service +# Defaults to hiera('messaging_notify_service_name', rabbit) +# +# [*oslomsg_notify_hosts*] +# list of the oslo messaging notify host fqdns # Defaults to hiera('rabbitmq_node_names') # -# [*rabbit_port*] -# IP port for rabbitmq service -# Defaults to hiera('neutron::rabbit_port', 5672 +# [*oslomsg_notify_port*] +# IP port for oslo messaging notify service +# Defaults to hiera('neutron::rabbit_port', 5672) +# +# [*oslomsg_notify_username*] +# Username for oslo messaging notify service +# Defaults to hiera('neutron::rabbit_userid', 'guest') +# +# [*oslomsg_notify_password*] +# Password for oslo messaging notify service +# Defaults to hiera('neutron::rabbit_password') +# +# [*oslomsg_use_ssl*] +# Enable ssl oslo messaging services +# Defaults to hiera('neutron::rabbit_use_ssl', '0') +# +# [*dhcp_agents_per_network*] +# (Optional) TripleO configured number of DHCP agents +# to use per network. If left to the default value, neutron will be +# configured with the number of DHCP agents being deployed. +# Defaults to undef +# +# [*dhcp_nodes*] +# (Optional) List of nodes running the DHCP agent. Used to +# set neutron's dhcp_agents_per_network value to the number +# of available agents. +# Defaults to hiera('neutron_dhcp_short_node_names') or [] +# class tripleo::profile::base::neutron ( - $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_names', undef), - $rabbit_port = hiera('neutron::rabbit_port', 5672), + $step = hiera('step'), + $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), + $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_rpc_password = hiera('neutron::rabbit_password'), + $oslomsg_rpc_port = hiera('neutron::rabbit_port', '5672'), + $oslomsg_rpc_username = hiera('neutron::rabbit_userid', 'guest'), + $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'), + $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_notify_password = hiera('neutron::rabbit_password'), + $oslomsg_notify_port = hiera('neutron::rabbit_port', '5672'), + $oslomsg_notify_username = hiera('neutron::rabbit_userid', 'guest'), + $oslomsg_use_ssl = hiera('neutron::rabbit_use_ssl', '0'), + $dhcp_agents_per_network = undef, + $dhcp_nodes = hiera('neutron_dhcp_short_node_names', []), ) { if $step >= 3 { - $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") + $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) + + $dhcp_agent_count = size($dhcp_nodes) + if $dhcp_agents_per_network { + $dhcp_agents_per_net = $dhcp_agents_per_network + if ($dhcp_agents_per_net > $dhcp_agent_count) { + warning("dhcp_agents_per_network (${dhcp_agents_per_net}) is greater\ + than the number of deployed dhcp agents (${dhcp_agent_count})") + } + } + elsif $dhcp_agent_count > 0 { + $dhcp_agents_per_net = $dhcp_agent_count + } class { '::neutron' : - rabbit_hosts => $rabbit_endpoints, + default_transport_url => os_transport_url({ + 'transport' => $oslomsg_rpc_proto, + 'hosts' => $oslomsg_rpc_hosts, + 'port' => $oslomsg_rpc_port, + 'username' => $oslomsg_rpc_username, + 'password' => $oslomsg_rpc_password, + 'ssl' => $oslomsg_use_ssl_real, + }), + notification_transport_url => os_transport_url({ + 'transport' => $oslomsg_notify_proto, + 'hosts' => $oslomsg_notify_hosts, + 'port' => $oslomsg_notify_port, + 'username' => $oslomsg_notify_username, + 'password' => $oslomsg_notify_password, + 'ssl' => $oslomsg_use_ssl_real, + }), + dhcp_agents_per_network => $dhcp_agents_per_net, } include ::neutron::config } diff --git a/manifests/profile/base/neutron/ovs.pp b/manifests/profile/base/neutron/ovs.pp index a4e0cd3..bec7e96 100644 --- a/manifests/profile/base/neutron/ovs.pp +++ b/manifests/profile/base/neutron/ovs.pp @@ -28,7 +28,7 @@ class tripleo::profile::base::neutron::ovs( ) { include ::tripleo::profile::base::neutron - if $step >= 4 { + if $step >= 5 { include ::neutron::agents::ml2::ovs # Optional since manage_service may be false and neutron server may not be colocated. diff --git a/manifests/profile/base/nova.pp b/manifests/profile/base/nova.pp index fe1e6a6..36425f6 100644 --- a/manifests/profile/base/nova.pp +++ b/manifests/profile/base/nova.pp @@ -30,28 +30,48 @@ # (Optional) Whether or not manage Nova Live migration # Defaults to false # -# [*messaging_driver*] -# Driver for messaging service. -# Defaults to hiera('messaging_service_name', 'rabbit') +# [*oslomsg_rpc_proto*] +# Protocol driver for the oslo messaging rpc service +# Defaults to hiera('messaging_rpc_service_name', rabbit) # -# [*messaging_hosts*] -# list of the messaging host fqdns +# [*oslomsg_rpc_hosts*] +# list of the oslo messaging rpc host fqdns # Defaults to hiera('rabbitmq_node_names') # -# [*messaging_password*] -# Password for messaging nova queue +# [*oslomsg_rpc_port*] +# IP port for oslo messaging rpc service +# Defaults to hiera('nova::rabbit_port', 5672) +# +# [*oslomsg_rpc_username*] +# Username for oslo messaging rpc service +# Defaults to hiera('nova::rabbit_userid', 'guest') +# +# [*oslomsg_rpc_password*] +# Password for oslo messaging rpc service # Defaults to hiera('nova::rabbit_password') # -# [*messaging_port*] -# IP port for messaging service +# [*oslomsg_notify_proto*] +# Protocol driver for the oslo messaging notify service +# Defaults to hiera('messaging_notify_service_name', rabbit) +# +# [*oslomsg_notify_hosts*] +# list of the oslo messaging notify host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*oslomsg_notify_port*] +# IP port for oslo messaging notify service # Defaults to hiera('nova::rabbit_port', 5672) # -# [*messaging_username*] -# Username for messaging nova queue +# [*oslomsg_notify_username*] +# Username for oslo messaging notify service # Defaults to hiera('nova::rabbit_userid', 'guest') # -# [*messaging_use_ssl*] -# Flag indicating ssl usage. +# [*oslomsg_notify_password*] +# Password for oslo messaging notify service +# Defaults to hiera('nova::rabbit_password') +# +# [*oslomsg_use_ssl*] +# Enable ssl oslo messaging services # Defaults to hiera('nova::rabbit_use_ssl', '0') # # [*nova_compute_enabled*] @@ -63,17 +83,22 @@ # Defaults to hiera('step') # class tripleo::profile::base::nova ( - $bootstrap_node = hiera('bootstrap_nodeid', undef), - $libvirt_enabled = false, - $manage_migration = false, - $messaging_driver = hiera('messaging_service_name', 'rabbit'), - $messaging_hosts = any2array(hiera('rabbitmq_node_names', undef)), - $messaging_password = hiera('nova::rabbit_password'), - $messaging_port = hiera('nova::rabbit_port', '5672'), - $messaging_username = hiera('nova::rabbit_userid', 'guest'), - $messaging_use_ssl = hiera('nova::rabbit_use_ssl', '0'), - $nova_compute_enabled = false, - $step = hiera('step'), + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $libvirt_enabled = false, + $manage_migration = false, + $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), + $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_rpc_password = hiera('nova::rabbit_password'), + $oslomsg_rpc_port = hiera('nova::rabbit_port', '5672'), + $oslomsg_rpc_username = hiera('nova::rabbit_userid', 'guest'), + $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'), + $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_notify_password = hiera('nova::rabbit_password'), + $oslomsg_notify_port = hiera('nova::rabbit_port', '5672'), + $oslomsg_notify_username = hiera('nova::rabbit_userid', 'guest'), + $oslomsg_use_ssl = hiera('nova::rabbit_use_ssl', '0'), + $nova_compute_enabled = false, + $step = hiera('step'), ) { if $::hostname == downcase($bootstrap_node) { $sync_db = true @@ -88,17 +113,23 @@ class tripleo::profile::base::nova ( } if $step >= 4 or ($step >= 3 and $sync_db) { - $messaging_use_ssl_real = sprintf('%s', bool2num(str2bool($messaging_use_ssl))) - # TODO(ccamacho): remove sprintf once we properly type the port, needs - # to be a string for the os_transport_url function. + $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) class { '::nova' : - default_transport_url => os_transport_url({ - 'transport' => $messaging_driver, - 'hosts' => $messaging_hosts, - 'port' => sprintf('%s', $messaging_port), - 'username' => $messaging_username, - 'password' => $messaging_password, - 'ssl' => $messaging_use_ssl_real, + default_transport_url => os_transport_url({ + 'transport' => $oslomsg_rpc_proto, + 'hosts' => $oslomsg_rpc_hosts, + 'port' => $oslomsg_rpc_port, + 'username' => $oslomsg_rpc_username, + 'password' => $oslomsg_rpc_password, + 'ssl' => $oslomsg_use_ssl_real, + }), + notification_transport_url => os_transport_url({ + 'transport' => $oslomsg_notify_proto, + 'hosts' => $oslomsg_notify_hosts, + 'port' => $oslomsg_notify_port, + 'username' => $oslomsg_notify_username, + 'password' => $oslomsg_notify_password, + 'ssl' => $oslomsg_use_ssl_real, }), } include ::nova::config @@ -107,10 +138,10 @@ class tripleo::profile::base::nova ( backend => 'oslo_cache.memcache_pool', memcache_servers => $memcache_servers, } + include ::nova::placement } if $step >= 4 { - include ::nova::placement if $manage_migration { class { '::nova::migration::libvirt': configure_libvirt => $libvirt_enabled, diff --git a/manifests/profile/base/nova/api.pp b/manifests/profile/base/nova/api.pp index 83baae2..cda2b66 100644 --- a/manifests/profile/base/nova/api.pp +++ b/manifests/profile/base/nova/api.pp @@ -49,6 +49,11 @@ # This is set by t-h-t. # Defaults to hiera('nova_api_network', undef) # +# [*nova_api_wsgi_enabled*] +# (Optional) Whether or not deploy Nova API in WSGI with Apache. +# Nova Team discourages it. +# Defaults to hiera('nova_wsgi_enabled', false) +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. @@ -60,6 +65,7 @@ class tripleo::profile::base::nova::api ( $enable_internal_tls = hiera('enable_internal_tls', false), $generate_service_certificates = hiera('generate_service_certificates', false), $nova_api_network = hiera('nova_api_network', undef), + $nova_api_wsgi_enabled = hiera('nova_wsgi_enabled', false), $step = hiera('step'), ) { if $::hostname == downcase($bootstrap_node) { @@ -69,21 +75,7 @@ class tripleo::profile::base::nova::api ( } include ::tripleo::profile::base::nova - - if $enable_internal_tls { - if $generate_service_certificates { - ensure_resources('tripleo::certmonger::httpd', $certificates_specs) - } - - if !$nova_api_network { - fail('nova_api_network is not set in the hieradata.') - } - $tls_certfile = $certificates_specs["httpd-${nova_api_network}"]['service_certificate'] - $tls_keyfile = $certificates_specs["httpd-${nova_api_network}"]['service_key'] - } else { - $tls_certfile = undef - $tls_keyfile = undef - } + include ::tripleo::profile::base::nova::authtoken if $step >= 3 and $sync_db { include ::nova::cell_v2::simple_setup @@ -91,31 +83,48 @@ class tripleo::profile::base::nova::api ( if $step >= 4 or ($step >= 3 and $sync_db) { - if hiera('nova::use_ipv6', false) { - $memcache_servers = suffix(any2array(normalize_ip_for_uri(hiera('memcached_node_ips_v6'))), ':11211') - } else { - $memcache_servers = suffix(any2array(normalize_ip_for_uri(hiera('memcached_node_ips'))), ':11211') - } - - class { '::nova::keystone::authtoken': - memcached_servers => $memcache_servers - } - class { '::nova::api': sync_db => $sync_db, sync_db_api => $sync_db, } - class { '::nova::wsgi::apache_api': - ssl_cert => $tls_certfile, - ssl_key => $tls_keyfile, - } include ::nova::network::neutron } + # Temporarily disable Nova API deployed in WSGI + # https://bugs.launchpad.net/nova/+bug/1661360 + if $nova_api_wsgi_enabled { + if $enable_internal_tls { + if $generate_service_certificates { + ensure_resources('tripleo::certmonger::httpd', $certificates_specs) + } + + if !$nova_api_network { + fail('nova_api_network is not set in the hieradata.') + } + $tls_certfile = $certificates_specs["httpd-${nova_api_network}"]['service_certificate'] + $tls_keyfile = $certificates_specs["httpd-${nova_api_network}"]['service_key'] + } else { + $tls_certfile = undef + $tls_keyfile = undef + } + if $step >= 4 or ($step >= 3 and $sync_db) { + class { '::nova::wsgi::apache_api': + ssl_cert => $tls_certfile, + ssl_key => $tls_keyfile, + } + } + } if $step >= 5 { if hiera('nova_enable_db_purge', true) { include ::nova::cron::archive_deleted_rows } + # At step 5, we consider all nova-compute services started and registred to nova-conductor + # So we want to update Nova Cells database to be aware of these hosts by executing the + # nova-cell_v2-discover_hosts command again. + # Doing it on a single nova-api node to avoid race condition. + if $sync_db { + Exec<| title == 'nova-cell_v2-discover_hosts' |> { refreshonly => false } + } } } diff --git a/manifests/profile/base/nova/authtoken.pp b/manifests/profile/base/nova/authtoken.pp new file mode 100644 index 0000000..ee6c331 --- /dev/null +++ b/manifests/profile/base/nova/authtoken.pp @@ -0,0 +1,56 @@ +# Copyright 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::nova::authtoken +# +# Nova authtoken profile for TripleO +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +# [*use_ipv6*] +# (Optional) Flag indicating if ipv6 should be used for caching +# Defaults to hiera('nova::use_ipv6', false) +# +# [*memcache_nodes_ipv6*] +# (Optional) Array of ipv6 addresses for memcache. Used if use_ipv6 is true. +# Defaults to hiera('memcached_node_ipvs_v6', ['::1']) +# +# [*memcache_nodes_ipv4*] +# (Optional) Array of ipv4 addresses for memcache. Used by default unless +# use_ipv6 is set to true. +# Defaults to hiera('memcached_node_ips', ['127.0.0.1']) +# +class tripleo::profile::base::nova::authtoken ( + $step = hiera('step'), + $use_ipv6 = hiera('nova::use_ipv6', false), + $memcache_nodes_ipv6 = hiera('memcached_node_ips_v6', ['::1']), + $memcache_nodes_ipv4 = hiera('memcached_node_ips', ['127.0.0.1']), +) { + + if $step >= 3 { + $memcached_ips = $use_ipv6 ? { + true => $memcache_nodes_ipv6, + default => $memcache_nodes_ipv4 + } + + $memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211') + + class { '::nova::keystone::authtoken': + memcached_servers => $memcache_servers + } + } +} diff --git a/manifests/profile/base/nova/compute.pp b/manifests/profile/base/nova/compute.pp index 076996a..0eb2ed7 100644 --- a/manifests/profile/base/nova/compute.pp +++ b/manifests/profile/base/nova/compute.pp @@ -42,6 +42,7 @@ class tripleo::profile::base::nova::compute ( # before nova-compute. Service<| title == 'nova-conductor' |> -> Service['nova-compute'] + # deploy bits to connect nova compute to neutron include ::nova::network::neutron diff --git a/manifests/profile/base/nova/compute/libvirt.pp b/manifests/profile/base/nova/compute/libvirt.pp index 6767f6b..cc9beb6 100644 --- a/manifests/profile/base/nova/compute/libvirt.pp +++ b/manifests/profile/base/nova/compute/libvirt.pp @@ -40,24 +40,13 @@ class tripleo::profile::base::nova::compute::libvirt ( } } - # TODO(emilien): Some work needs to be done in puppet-nova to separate nova-compute config - # when running libvirt and libvirt itself, so we allow micro-services deployments. - if str2bool(hiera('nova::use_ipv6', false)) { - $vncserver_listen = '::0' - } else { - $vncserver_listen = '0.0.0.0' - } - if $rbd_ephemeral_storage { class { '::nova::compute::libvirt': libvirt_disk_cachemodes => ['network=writeback'], libvirt_hw_disk_discard => 'unmap', - vncserver_listen => $vncserver_listen, } } else { - class { '::nova::compute::libvirt' : - vncserver_listen => $vncserver_listen, - } + include ::nova::compute::libvirt } include ::nova::compute::libvirt::qemu diff --git a/manifests/profile/base/nova/placement.pp b/manifests/profile/base/nova/placement.pp index aa8c3c7..46658b8 100644 --- a/manifests/profile/base/nova/placement.pp +++ b/manifests/profile/base/nova/placement.pp @@ -69,6 +69,7 @@ class tripleo::profile::base::nova::placement ( } include ::tripleo::profile::base::nova + include ::tripleo::profile::base::nova::authtoken if $enable_internal_tls { if $generate_service_certificates { @@ -85,7 +86,7 @@ class tripleo::profile::base::nova::placement ( $tls_keyfile = undef } - if $step >= 4 { + if $step >= 3 { class { '::nova::wsgi::apache_placement': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/octavia.pp b/manifests/profile/base/octavia.pp index 46ca009..e8310d8 100644 --- a/manifests/profile/base/octavia.pp +++ b/manifests/profile/base/octavia.pp @@ -22,35 +22,50 @@ # (Optional) The current step of the deployment # Defaults to hiera('step') # -# [*rabbit_user*] -# [*rabbit_password*] -# (Optional) RabbitMQ user details -# Defaults to undef +# [*oslomsg_rpc_proto*] +# Protocol driver for the oslo messaging rpc service +# Defaults to hiera('messaging_rpc_service_name', rabbit) # -# [*rabbit_hosts*] -# list of the rabbbit host fqdns +# [*oslomsg_rpc_hosts*] +# list of the oslo messaging rpc host fqdns # Defaults to hiera('rabbitmq_node_names') # -# [*rabbit_port*] -# IP port for rabbitmq service -# Defaults to 5672. +# [*oslomsg_rpc_port*] +# IP port for oslo messaging rpc service +# Defaults to hiera('octavia::rabbit_port', 5672) # +# [*oslomsg_rpc_username*] +# Username for oslo messaging rpc service +# Defaults to hiera('octavia::rabbit_userid', 'guest') +# +# [*oslomsg_rpc_password*] +# Password for oslo messaging rpc service +# Defaults to hiera('octavia::rabbit_password') +# +# [*oslomsg_use_ssl*] +# Enable ssl oslo messaging services +# Defaults to hiera('octavia::rabbit_use_ssl', '0') + class tripleo::profile::base::octavia ( - $step = hiera('step'), - $rabbit_user = undef, - $rabbit_password = undef, - $rabbit_hosts = hiera('rabbitmq_node_names', undef), - $rabbit_port = '5672' + $step = hiera('step'), + $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), + $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_rpc_password = hiera('octavia::rabbit_password'), + $oslomsg_rpc_port = hiera('octavia::rabbit_port', '5672'), + $oslomsg_rpc_username = hiera('octavia::rabbit_userid', 'guest'), + $oslomsg_use_ssl = hiera('octavia::rabbit_use_ssl', '0'), ) { if $step >= 3 { + $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) class { '::octavia' : default_transport_url => os_transport_url({ - 'transport' => 'rabbit', - 'hosts' => $rabbit_hosts, - 'port' => sprintf('%s', $rabbit_port), - 'username' => $rabbit_user, - 'password' => $rabbit_password - }) + 'transport' => $oslomsg_rpc_proto, + 'hosts' => $oslomsg_rpc_hosts, + 'port' => sprintf('%s', $oslomsg_rpc_port), + 'username' => $oslomsg_rpc_username, + 'password' => $oslomsg_rpc_password, + 'ssl' => $oslomsg_use_ssl_real, + }), } include ::octavia::config } diff --git a/manifests/profile/base/octavia/health_manager.pp b/manifests/profile/base/octavia/health_manager.pp new file mode 100644 index 0000000..bac5f65 --- /dev/null +++ b/manifests/profile/base/octavia/health_manager.pp @@ -0,0 +1,33 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::octavia::health_manager +# +# Octavia Health Manager server for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::octavia::health_manager ( + $step = hiera('step'), +) { + include ::tripleo::profile::base::octavia + if $step >= 5 { + include ::octavia::health_manager + } +} diff --git a/manifests/profile/base/octavia/housekeeping.pp b/manifests/profile/base/octavia/housekeeping.pp new file mode 100644 index 0000000..0dcd5cf --- /dev/null +++ b/manifests/profile/base/octavia/housekeeping.pp @@ -0,0 +1,34 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::octavia::housekeeping +# +# Octavia Housekeeping profile for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::octavia::housekeeping ( + $step = hiera('step'), +) { + include ::tripleo::profile::base::octavia + + if $step >= 5 { + include ::octavia::housekeeping + } +} diff --git a/manifests/profile/base/octavia/worker.pp b/manifests/profile/base/octavia/worker.pp new file mode 100644 index 0000000..7df324d --- /dev/null +++ b/manifests/profile/base/octavia/worker.pp @@ -0,0 +1,34 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::octavia::worker +# +# Octavia Worker profile for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::octavia::worker ( + $step = hiera('step'), +) { + include ::tripleo::profile::base::octavia + + if $step >= 5 { + include ::octavia::worker + } +} diff --git a/manifests/profile/base/panko.pp b/manifests/profile/base/panko.pp index 880cf7d..286e4ac 100644 --- a/manifests/profile/base/panko.pp +++ b/manifests/profile/base/panko.pp @@ -23,26 +23,12 @@ # for more details. # Defaults to hiera('step') # -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to hiera('bootstrap_nodeid') class tripleo::profile::base::panko ( - $step = hiera('step'), - $bootstrap_node = hiera('bootstrap_nodeid', undef), + $step = hiera('step'), ) { - - if $::hostname == downcase($bootstrap_node) { - $sync_db = true - } else { - $sync_db = false - } - - if $step >= 4 or ($step >= 3 and $sync_db) { + if $step >= 3 { include ::panko - include ::panko::db include ::panko::config - include ::panko::db::sync } - } diff --git a/manifests/profile/base/panko/api.pp b/manifests/profile/base/panko/api.pp index 45ee0c0..a6643ce 100644 --- a/manifests/profile/base/panko/api.pp +++ b/manifests/profile/base/panko/api.pp @@ -18,6 +18,10 @@ # # === Parameters # +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# # [*certificates_specs*] # (Optional) The specifications to give to certmonger for the certificate(s) # it will create. @@ -53,12 +57,19 @@ # Defaults to hiera('step') # class tripleo::profile::base::panko::api ( + $bootstrap_node = hiera('bootstrap_nodeid', undef), $certificates_specs = hiera('apache_certificates_specs', {}), $enable_internal_tls = hiera('enable_internal_tls', false), $generate_service_certificates = hiera('generate_service_certificates', false), $panko_network = hiera('panko_api_network', undef), $step = hiera('step'), ) { + if $::hostname == downcase($bootstrap_node) { + $sync_db = true + } else { + $sync_db = false + } + include ::tripleo::profile::base::panko if $enable_internal_tls { @@ -76,8 +87,11 @@ class tripleo::profile::base::panko::api ( $tls_keyfile = undef } - if $step >= 4 { - include ::panko::api + if $step >= 4 or ( $step >= 3 and $sync_db ) { + include ::panko::db + class { '::panko::api': + sync_db => $sync_db, + } class { '::panko::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/rabbitmq.pp b/manifests/profile/base/rabbitmq.pp index fd8de8f..b04d721 100644 --- a/manifests/profile/base/rabbitmq.pp +++ b/manifests/profile/base/rabbitmq.pp @@ -18,14 +18,41 @@ # # === Parameters # +# [*certificate_specs*] +# (Optional) The specifications to give to certmonger for the certificate +# it will create. Note that the certificate nickname must be 'mysql' in +# the case of this service. +# Example with hiera: +# tripleo::profile::base::database::mysql::certificate_specs: +# hostname: <overcloud controller fqdn> +# service_certificate: <service certificate path> +# service_key: <service key path> +# principal: "mysql/<overcloud controller fqdn>" +# Defaults to {}. +# # [*config_variables*] # (Optional) RabbitMQ environment. # Defaults to hiera('rabbitmq_config_variables'). # +# [*enable_internal_tls*] +# (Optional) Whether TLS in the internal network is enabled or not. +# Defaults to undef +# # [*environment*] # (Optional) RabbitMQ environment. # Defaults to hiera('rabbitmq_environment'). # +# [*generate_service_certificates*] +# (Optional) Whether or not certmonger will generate certificates for +# MySQL. This could be as many as specified by the $certificates_specs +# variable. +# Defaults to hiera('generate_service_certificate', false). +# +# [*inet_dist_interface*] +# (Optional) Address to bind the inter-cluster interface +# to. It is the inet_dist_use_interface option in the kernel variables +# Defaults to hiera('rabbitmq::interface', undef). +# # [*ipv6*] # (Optional) Whether to deploy RabbitMQ on IPv6 network. # Defaults to str2bool(hiera('rabbit_ipv6', false)). @@ -34,29 +61,53 @@ # (Optional) RabbitMQ environment. # Defaults to hiera('rabbitmq_environment'). # -# [*inet_dist_interface*] -# (Optional) Address to bind the inter-cluster interface -# to. It is the inet_dist_use_interface option in the kernel variables -# Defaults to hiera('rabbitmq::interface', undef). -# # [*nodes*] # (Optional) Array of host(s) for RabbitMQ nodes. # Defaults to hiera('rabbitmq_node_names', []). # +# [*rabbitmq_pass*] +# (Optional) RabbitMQ Default Password. +# Defaults to hiera('rabbitmq::default_pass') +# +# [*rabbitmq_user*] +# (Optional) RabbitMQ Default User. +# Defaults to hiera('rabbitmq::default_user') +# +# [*stack_action*] +# (Optional) Action of the stack deployment. +# Defaults to hiera('stack_action') +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') # class tripleo::profile::base::rabbitmq ( - $config_variables = hiera('rabbitmq_config_variables'), - $environment = hiera('rabbitmq_environment'), - $ipv6 = str2bool(hiera('rabbit_ipv6', false)), - $kernel_variables = hiera('rabbitmq_kernel_variables'), - $inet_dist_interface = hiera('rabbitmq::interface', undef), - $nodes = hiera('rabbitmq_node_names', []), - $step = hiera('step'), + $certificate_specs = {}, + $config_variables = hiera('rabbitmq_config_variables'), + $enable_internal_tls = undef, # TODO(jaosorior): pass this via t-h-t + $environment = hiera('rabbitmq_environment'), + $generate_service_certificates = hiera('generate_service_certificates', false), + $inet_dist_interface = hiera('rabbitmq::interface', undef), + $ipv6 = str2bool(hiera('rabbit_ipv6', false)), + $kernel_variables = hiera('rabbitmq_kernel_variables'), + $nodes = hiera('rabbitmq_node_names', []), + $rabbitmq_pass = hiera('rabbitmq::default_pass'), + $rabbitmq_user = hiera('rabbitmq::default_user'), + $stack_action = hiera('stack_action'), + $step = hiera('step'), ) { + if $enable_internal_tls { + if $generate_service_certificates { + ensure_resource('class', 'tripleo::certmonger::rabbitmq', $certificate_specs) + } + $tls_certfile = $certificate_specs['service_certificate'] + $tls_keyfile = $certificate_specs['service_key'] + } else { + $tls_certfile = undef + $tls_keyfile = undef + } + # IPv6 environment, necessary for RabbitMQ. if $ipv6 { $rabbit_env = merge($environment, { @@ -85,6 +136,9 @@ class tripleo::profile::base::rabbitmq ( config_kernel_variables => $real_kernel_variables, config_variables => $config_variables, environment_variables => $rabbit_env, + # TLS options + ssl_cert => $tls_certfile, + ssl_key => $tls_keyfile, } # when running multi-nodes without Pacemaker if $manage_service { @@ -101,6 +155,20 @@ class tripleo::profile::base::rabbitmq ( config_kernel_variables => $kernel_variables, config_variables => $config_variables, environment_variables => $rabbit_env, + # TLS options + ssl_cert => $tls_certfile, + ssl_key => $tls_keyfile, + } + } + # In case of HA, starting of rabbitmq-server is managed by pacemaker, because of which, a dependency + # to Service['rabbitmq-server'] will not work. Sticking with UPDATE action. + if $stack_action == 'UPDATE' { + # Required for changing password on update scenario. Password will be changed only when + # called explicity, if the rabbitmq service is already running. + rabbitmq_user { $rabbitmq_user : + password => $rabbitmq_pass, + provider => 'rabbitmqctl', + admin => true, } } } diff --git a/manifests/profile/base/sahara.pp b/manifests/profile/base/sahara.pp index 8db071b..7f4ecbe 100644 --- a/manifests/profile/base/sahara.pp +++ b/manifests/profile/base/sahara.pp @@ -26,19 +26,64 @@ # (Optional) The current step of the deployment # Defaults to hiera('step') # -# [*rabbit_hosts*] -# list of the rabbbit host fqdns +# [*oslomsg_rpc_proto*] +# Protocol driver for the oslo messaging rpc service +# Defaults to hiera('messaging_rpc_service_name', rabbit) +# +# [*oslomsg_rpc_hosts*] +# list of the oslo messaging rpc host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*oslomsg_rpc_port*] +# IP port for oslo messaging rpc service +# Defaults to hiera('sahara::rabbit_port', 5672) +# +# [*oslomsg_rpc_username*] +# Username for oslo messaging rpc service +# Defaults to hiera('sahara::rabbit_userid', 'guest') +# +# [*oslomsg_rpc_password*] +# Password for oslo messaging rpc service +# Defaults to hiera('sahara::rabbit_password') +# +# [*oslomsg_notify_proto*] +# Protocol driver for the oslo messaging notify service +# Defaults to hiera('messaging_notify_service_name', rabbit) +# +# [*oslomsg_notify_hosts*] +# list of the oslo messaging notify host fqdns # Defaults to hiera('rabbitmq_node_names') # -# [*rabbit_port*] -# IP port for rabbitmq service +# [*oslomsg_notify_port*] +# IP port for oslo messaging notify service # Defaults to hiera('sahara::rabbit_port', 5672) +# +# [*oslomsg_notify_username*] +# Username for oslo messaging notify service +# Defaults to hiera('sahara::rabbit_userid', 'guest') +# +# [*oslomsg_notify_password*] +# Password for oslo messaging notify service +# Defaults to hiera('sahara::rabbit_password') +# +# [*oslomsg_use_ssl*] +# Enable ssl oslo messaging services +# Defaults to hiera('sahara::rabbit_use_ssl', '0') class tripleo::profile::base::sahara ( - $bootstrap_node = hiera('bootstrap_nodeid', undef), - $step = hiera('step'), - $rabbit_hosts = hiera('rabbitmq_node_names', undef), - $rabbit_port = hiera('sahara::rabbit_port', 5672), + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $step = hiera('step'), + $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), + $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_rpc_password = hiera('sahara::rabbit_password'), + $oslomsg_rpc_port = hiera('sahara::rabbit_port', '5672'), + $oslomsg_rpc_username = hiera('sahara::rabbit_userid', 'guest'), + $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'), + $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_notify_password = hiera('sahara::rabbit_password'), + $oslomsg_notify_port = hiera('sahara::rabbit_port', '5672'), + $oslomsg_notify_username = hiera('sahara::rabbit_userid', 'guest'), + $oslomsg_use_ssl = hiera('sahara::rabbit_use_ssl', '0'), ) { if $::hostname == downcase($bootstrap_node) { $sync_db = true @@ -47,10 +92,28 @@ class tripleo::profile::base::sahara ( } if $step >= 4 or ($step >= 3 and $sync_db){ - $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}") + $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) class { '::sahara': - sync_db => $sync_db, - rabbit_hosts => $rabbit_endpoints, + sync_db => $sync_db, + default_transport_url => os_transport_url({ + 'transport' => $oslomsg_rpc_proto, + 'hosts' => $oslomsg_rpc_hosts, + 'port' => $oslomsg_rpc_port, + 'username' => $oslomsg_rpc_username, + 'password' => $oslomsg_rpc_password, + 'ssl' => $oslomsg_use_ssl_real, + }), + } + class { '::sahara::notify': + notification_transport_url => os_transport_url({ + 'transport' => $oslomsg_notify_proto, + 'hosts' => $oslomsg_notify_hosts, + 'port' => $oslomsg_notify_port, + 'username' => $oslomsg_notify_username, + 'password' => $oslomsg_notify_password, + 'ssl' => $oslomsg_use_ssl_real, + }), } + include ::sahara::keystone::authtoken } } diff --git a/manifests/profile/base/swift/proxy.pp b/manifests/profile/base/swift/proxy.pp index 5bd75bd..0d9ba68 100644 --- a/manifests/profile/base/swift/proxy.pp +++ b/manifests/profile/base/swift/proxy.pp @@ -18,38 +18,58 @@ # # === Parameters # -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') +# [*ceilometer_enabled*] +# Whether the ceilometer pipeline is enabled. +# Defaults to true # -# [*memcache_servers*] -# (Optional) List of memcache servers -# Defaults to hiera('memcached_node_ips') +# [*ceilometer_messaging_driver*] +# Driver for messaging service. +# Defaults to hiera('messaging_notify_service_name', 'rabbit') +# +# [*ceilometer_messaging_hosts*] +# list of the messaging host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*ceilometer_messaging_password*] +# Password for messaging nova queue +# Defaults to hiera('swift::proxy::ceilometer::rabbit_password', undef) +# +# [*ceilometer_messaging_port*] +# IP port for messaging service +# Defaults to hiera('tripleo::profile::base::swift::proxy::rabbit_port', 5672) +# +# [*ceilometer_messaging_use_ssl*] +# Flag indicating ssl usage. +# Defaults to '0' +# +# [*ceilometer_messaging_username*] +# Username for messaging nova queue +# Defaults to hiera('swift::proxy::ceilometer::rabbit_user', 'guest') # # [*memcache_port*] # (Optional) memcache port # Defaults to 11211 # -# [*rabbit_hosts*] -# list of the rabbbit host fqdns -# Defaults to hiera('rabbitmq_node_names') -# -# [*rabbit_port*] -# IP port for rabbitmq service -# Defaults to 5672 +# [*memcache_servers*] +# (Optional) List of memcache servers +# Defaults to hiera('memcached_node_ips') # -# [*ceilometer_enabled*] -# Whether the ceilometer pipeline is enabled. -# Defaults to true +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') # class tripleo::profile::base::swift::proxy ( - $step = hiera('step'), - $memcache_servers = hiera('memcached_node_ips'), - $memcache_port = 11211, - $rabbit_hosts = hiera('rabbitmq_node_names', undef), - $rabbit_port = 5672, - $ceilometer_enabled = true, + $ceilometer_enabled = true, + $ceilometer_messaging_driver = hiera('messaging_notify_service_name', 'rabbit'), + $ceilometer_messaging_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $ceilometer_messaging_password = hiera('swift::proxy::ceilometer::rabbit_password', undef), + $ceilometer_messaging_port = hiera('tripleo::profile::base::swift::proxy::rabbit_port', '5672'), + $ceilometer_messaging_use_ssl = '0', + $ceilometer_messaging_username = hiera('swift::proxy::ceilometer::rabbit_user', 'guest'), + $memcache_port = 11211, + $memcache_servers = hiera('memcached_node_ips'), + $step = hiera('step'), ) { if $step >= 4 { $swift_memcache_servers = suffix(any2array(normalize_ip_for_uri($memcache_servers)), ":${memcache_port}") @@ -68,10 +88,17 @@ class tripleo::profile::base::swift::proxy ( include ::swift::proxy::tempurl include ::swift::proxy::formpost include ::swift::proxy::bulk - $swift_rabbit_hosts = suffix(any2array($rabbit_hosts), ":${rabbit_port}") + $ceilometer_messaging_use_ssl_real = sprintf('%s', bool2num(str2bool($ceilometer_messaging_use_ssl))) if $ceilometer_enabled { class { '::swift::proxy::ceilometer': - rabbit_hosts => $swift_rabbit_hosts, + default_transport_url => os_transport_url({ + 'transport' => $ceilometer_messaging_driver, + 'hosts' => $ceilometer_messaging_hosts, + 'port' => sprintf('%s', $ceilometer_messaging_port), + 'username' => $ceilometer_messaging_username, + 'password' => $ceilometer_messaging_password, + 'ssl' => $ceilometer_messaging_use_ssl_real, + }), } } include ::swift::proxy::versioned_writes @@ -82,6 +109,7 @@ class tripleo::profile::base::swift::proxy ( include ::swift::proxy::account_quotas class { '::swift::objectexpirer': + pipeline => ['catch_errors', 'cache', 'proxy-server'], memcache_servers => $swift_memcache_servers } } diff --git a/manifests/profile/base/tacker.pp b/manifests/profile/base/tacker.pp index e9f6b77..fa85ec1 100644 --- a/manifests/profile/base/tacker.pp +++ b/manifests/profile/base/tacker.pp @@ -22,29 +22,29 @@ # (Optional) The hostname of the node responsible for bootstrapping tasks # Defaults to hiera('bootstrap_nodeid') # -# [*messaging_driver*] -# Driver for messaging service. -# Defaults to hiera('messaging_service_name', 'rabbit') +# [*oslomsg_rpc_proto*] +# Protocol driver for the oslo messaging rpc service +# Defaults to hiera('messaging_rpc_service_name', rabbit) # -# [*messaging_hosts*] -# list of the messaging host fqdns +# [*oslomsg_rpc_hosts*] +# list of the oslo messaging rpc host fqdns # Defaults to hiera('rabbitmq_node_names') # -# [*messaging_password*] -# Password for messaging nova queue -# Defaults to hiera('nova::rabbit_password') +# [*oslomsg_rpc_port*] +# IP port for oslo messaging rpc service +# Defaults to hiera('tacker::rabbit_port', 5672) # -# [*messaging_port*] -# IP port for messaging service -# Defaults to hiera('nova::rabbit_port', 5672) +# [*oslomsg_rpc_username*] +# Username for oslo messaging rpc service +# Defaults to hiera('tacker::rabbit_userid', 'guest') # -# [*messaging_username*] -# Username for messaging nova queue -# Defaults to hiera('nova::rabbit_userid', 'guest') +# [*oslomsg_rpc_password*] +# Password for oslo messaging rpc service +# Defaults to hiera('tacker::rabbit_password') # -# [*messaging_use_ssl*] -# Flag indicating ssl usage. -# Defaults to hiera('nova::rabbit_use_ssl', '0') +# [*oslomsg_use_ssl*] +# Enable ssl oslo messaging services +# Defaults to hiera('tacker::rabbit_use_ssl', '0') # # [*step*] # (Optional) The current step of the deployment @@ -52,12 +52,12 @@ class tripleo::profile::base::tacker ( $bootstrap_node = hiera('bootstrap_nodeid', undef), - $messaging_driver = hiera('messaging_service_name', 'rabbit'), - $messaging_hosts = any2array(hiera('rabbitmq_node_names', undef)), - $messaging_password = hiera('tacker::rabbit_password'), - $messaging_port = hiera('tacker::rabbit_port', '5672'), - $messaging_username = hiera('tacker::rabbit_userid', 'guest'), - $messaging_use_ssl = hiera('tacker::rabbit_use_ssl', '0'), + $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), + $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $oslomsg_rpc_password = hiera('tacker::rabbit_password'), + $oslomsg_rpc_port = hiera('tacker::rabbit_port', '5672'), + $oslomsg_rpc_username = hiera('tacker::rabbit_userid', 'guest'), + $oslomsg_use_ssl = hiera('tacker::rabbit_use_ssl', '0'), $step = hiera('step'), ) { if $::hostname == downcase($bootstrap_node) { @@ -67,16 +67,16 @@ class tripleo::profile::base::tacker ( } if $step >= 4 or ($step >= 3 and $sync_db){ - $messaging_use_ssl_real = sprintf('%s', bool2num(str2bool($messaging_use_ssl))) + $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) class { '::tacker': sync_db => $sync_db, default_transport_url => os_transport_url({ - 'transport' => $messaging_driver, - 'hosts' => $messaging_hosts, - 'port' => sprintf('%s', $messaging_port), - 'username' => $messaging_username, - 'password' => $messaging_password, - 'ssl' => $messaging_use_ssl_real, + 'transport' => $oslomsg_rpc_proto, + 'hosts' => $oslomsg_rpc_hosts, + 'port' => sprintf('%s', $oslomsg_rpc_port), + 'username' => $oslomsg_rpc_username, + 'password' => $oslomsg_rpc_password, + 'ssl' => $oslomsg_use_ssl_real, }), } diff --git a/manifests/profile/base/time/ntp.pp b/manifests/profile/base/time/ntp.pp index c6ce309..06a3048 100644 --- a/manifests/profile/base/time/ntp.pp +++ b/manifests/profile/base/time/ntp.pp @@ -19,10 +19,12 @@ # class tripleo::profile::base::time::ntp { - # if installed, we don't want chrony to conflict with ntp. - package { 'chrony': - ensure => 'purged', - before => Service['ntp'], + # If installed, we don't want chrony to conflict with ntp. LP#1665426 + # It should be noted that this work even if the package is not installed + service { 'chronyd': + ensure => stopped, + enable => false, + before => Class['ntp'] } include ::ntp } diff --git a/manifests/profile/base/vpp.pp b/manifests/profile/base/vpp.pp new file mode 100644 index 0000000..05f52f9 --- /dev/null +++ b/manifests/profile/base/vpp.pp @@ -0,0 +1,32 @@ +# Copyright 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::vpp +# +# vpp profile for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::vpp ( + $step = hiera('step'), +) { + if $step >= 1 { + include ::fdio + } +} diff --git a/manifests/profile/pacemaker/database/mysql.pp b/manifests/profile/pacemaker/database/mysql.pp index 6a83f10..bc5e644 100644 --- a/manifests/profile/pacemaker/database/mysql.pp +++ b/manifests/profile/pacemaker/database/mysql.pp @@ -75,6 +75,7 @@ class tripleo::profile::pacemaker::database::mysql ( 'default-storage-engine' => 'innodb', 'innodb_autoinc_lock_mode' => '2', 'innodb_locks_unsafe_for_binlog'=> '1', + 'innodb_file_per_table' => 'ON', 'query_cache_size' => '0', 'query_cache_type' => '0', 'bind-address' => $bind_address, @@ -179,12 +180,13 @@ class tripleo::profile::pacemaker::database::mysql ( # This step is to create a sysconfig clustercheck file with the root user and empty password # on the first install only (because later on the clustercheck db user will be used) # We are using exec and not file in order to not have duplicate definition errors in puppet - # when we later set the the file to contain the clustercheck data + # when we later set the file to contain the clustercheck data exec { 'create-root-sysconfig-clustercheck': command => "/bin/echo 'MYSQL_USERNAME=root\nMYSQL_PASSWORD=\'\'\nMYSQL_HOST=localhost\n' > /etc/sysconfig/clustercheck", unless => '/bin/test -e /etc/sysconfig/clustercheck && grep -q clustercheck /etc/sysconfig/clustercheck', } xinetd::service { 'galera-monitor' : + bind => hiera('mysql_bind_host'), port => '9200', server => '/usr/bin/clustercheck', per_source => 'UNLIMITED', diff --git a/manifests/ui.pp b/manifests/ui.pp index 27e3e50..d51ef2e 100644 --- a/manifests/ui.pp +++ b/manifests/ui.pp @@ -31,37 +31,58 @@ # The port on which the UI is listening. # Defaults to 3000 # -# [*keystone_url*] -# The keystone service url -# Defaults to hiera('keystone::endpoint::public_url') +# [*enabled_languages*] +# Which languages to show in the UI. +# An array. +# Defaults to ['en-GB', 'en', 'de', 'ja', 'ko-KR', 'zh-CN', 'es'] # -# [*heat_url*] -# The heat service url -# Defaults to hiera('heat::keystone::auth::public_url') +# [*endpoint_proxy_keystone*] +# The keystone proxy endpoint url +# Defaults to undef # -# [*heat_url*] -# The heat service url -# Defaults to hiera('heat::keystone::auth::public_url') +# [*endpoint_config_keystone*] +# The keystone config endpoint url +# Defaults to undef # -# [*heat_url*] -# The heat service url -# Defaults to hiera('heat::keystone::auth::public_url') +# [*endpoint_proxy_heat*] +# The heat proxy endpoint url +# Defaults to undef # -# [*ironic_url*] -# The ironic service url -# Defaults to hiera('ironic::keystone::auth::public_url') +# [*endpoint_config_heat*] +# The heat config endpoint url +# Defaults to undef # -# [*mistral_url*] -# The mistral service url -# Defaults to hiera('mistral::keystone::auth::public_url') +# [*endpoint_proxy_ironic*] +# The ironic proxy endpoint url +# Defaults to undef # -# [*swift_url*] -# The swift service url -# Defaults to hiera('swift::keystone::auth::public_url') +# [*endpoint_config_ironic*] +# The ironic config endpoint url +# Defaults to undef # -# [*zaqar_websocket_url*] -# The zaqar websocket url -# Defaults to hiera('zaquar::keystone::auth_websocket::public_url') +# [*endpoint_proxy_mistral*] +# The mistral proxy endpoint url +# Defaults to undef +# +# [*endpoint_config_mistral*] +# The mistral config endpoint url +# Defaults to undef +# +# [*endpoint_proxy_swift*] +# The swift proxy endpoint url +# Defaults to undef +# +# [*endpoint_config_swift*] +# The swift config endpoint url +# Defaults to undef +# +# [*endpoint_proxy_zaqar*] +# The zaqar proxy endpoint url +# Defaults to undef +# +# [*endpoint_config_zaqar*] +# The zaqar config endpoint url +# Defaults to undf # # [*zaqar_default_queue*] # The zaqar default queue @@ -69,18 +90,30 @@ # Defaults to 'tripleo' # class tripleo::ui ( - $servername = $::fqdn, - $bind_host = hiera('controller_host'), - $ui_port = 3000, - $keystone_url = hiera('keystone_auth_uri_v2'), - $heat_url = hiera('heat::keystone::auth::public_url', undef), - $ironic_url = hiera('ironic::keystone::auth::public_url', undef), - $mistral_url = hiera('mistral::keystone::auth::public_url', undef), - $swift_url = hiera('swift::keystone::auth::public_url', undef), - $zaqar_websocket_url = hiera('zaqar::keystone::auth_websocket::public_url', undef), - $zaqar_default_queue = 'tripleo' + $servername = $::fqdn, + $bind_host = hiera('controller_host'), + $ui_port = 3000, + $zaqar_default_queue = 'tripleo', + $enabled_languages = ['en-GB', 'en', 'de', 'ja', 'ko-KR', 'zh-CN', 'es'], + $endpoint_proxy_zaqar = undef, + $endpoint_proxy_keystone = undef, + $endpoint_proxy_heat = undef, + $endpoint_proxy_ironic = undef, + $endpoint_proxy_mistral = undef, + $endpoint_proxy_swift = undef, + $endpoint_config_zaqar = undef, + $endpoint_config_keystone = undef, + $endpoint_config_heat = undef, + $endpoint_config_ironic = undef, + $endpoint_config_mistral = undef, + $endpoint_config_swift = undef, + ) { + include ::apache::mod::proxy + include ::apache::mod::proxy_http + include ::apache::mod::proxy_wstunnel + ::apache::vhost { 'tripleo-ui': ensure => 'present', servername => $servername, @@ -89,6 +122,38 @@ class tripleo::ui ( docroot => '/var/www/openstack-tripleo-ui/dist', options => ['Indexes', 'FollowSymLinks'], fallbackresource => '/index.html', + proxy_pass => [ + { + 'path' => '/zaqar', + 'url' => $endpoint_proxy_zaqar + }, + { + 'path' => '/keystone', + 'url' => $endpoint_proxy_keystone, + 'reverse_urls' => $endpoint_proxy_keystone + }, + { + 'path' => '/heat', + 'url' => $endpoint_proxy_heat, + 'reverse_urls' => $endpoint_proxy_heat + }, + { + 'path' => '/ironic', + 'url' => $endpoint_proxy_ironic, + 'reverse_urls' => $endpoint_proxy_ironic + }, + { + 'path' => '/mistral', + 'url' => $endpoint_proxy_mistral, + 'reverse_urls' => $endpoint_proxy_mistral + }, + { + 'path' => '/swift', + 'url' => $endpoint_proxy_swift, + 'reverse_urls' => $endpoint_proxy_swift + }, + ], + } # We already use apache::vhost to generate our own |