aboutsummaryrefslogtreecommitdiffstats
path: root/manifests
diff options
context:
space:
mode:
Diffstat (limited to 'manifests')
-rw-r--r--manifests/certmonger/rabbitmq.pp79
-rw-r--r--manifests/haproxy.pp85
-rw-r--r--manifests/host/sriov/numvfs_persistence.pp2
-rw-r--r--manifests/network/contrail/analytics.pp331
-rw-r--r--manifests/network/contrail/analyticsdatabase.pp202
-rw-r--r--manifests/network/contrail/config.pp397
-rw-r--r--manifests/network/contrail/control.pp197
-rw-r--r--manifests/network/contrail/database.pp149
-rw-r--r--manifests/network/contrail/heat.pp80
-rw-r--r--manifests/network/contrail/neutron_plugin.pp203
-rw-r--r--manifests/network/contrail/provision.pp92
-rw-r--r--manifests/network/contrail/vrouter.pp302
-rw-r--r--manifests/network/contrail/webui.pp104
-rw-r--r--manifests/profile/base/aodh.pp80
-rw-r--r--manifests/profile/base/barbican/api.pp74
-rw-r--r--manifests/profile/base/ceilometer.pp78
-rw-r--r--manifests/profile/base/ceilometer/agent/polling.pp64
-rw-r--r--manifests/profile/base/cinder.pp84
-rw-r--r--manifests/profile/base/cinder/volume.pp29
-rw-r--r--manifests/profile/base/cinder/volume/dellps.pp (renamed from manifests/profile/base/cinder/volume/eqlx.pp)10
-rw-r--r--manifests/profile/base/cinder/volume/scaleio.pp56
-rw-r--r--manifests/profile/base/congress.pp64
-rw-r--r--manifests/profile/base/database/mysql.pp33
-rw-r--r--manifests/profile/base/database/mysql/client.pp93
-rw-r--r--manifests/profile/base/docker.pp68
-rw-r--r--manifests/profile/base/docker_registry.pp3
-rw-r--r--manifests/profile/base/gnocchi/metricd.pp2
-rw-r--r--manifests/profile/base/gnocchi/statsd.pp2
-rw-r--r--manifests/profile/base/heat.pp87
-rw-r--r--manifests/profile/base/heat/api.pp54
-rw-r--r--manifests/profile/base/heat/api_cfn.pp55
-rw-r--r--manifests/profile/base/heat/api_cloudwatch.pp55
-rw-r--r--manifests/profile/base/horizon.pp11
-rw-r--r--manifests/profile/base/ironic.pp50
-rw-r--r--manifests/profile/base/ironic_inspector.pp46
-rw-r--r--manifests/profile/base/keystone.pp102
-rw-r--r--manifests/profile/base/manila.pp80
-rw-r--r--manifests/profile/base/mistral.pp80
-rw-r--r--manifests/profile/base/neutron.pp108
-rw-r--r--manifests/profile/base/neutron/ovs.pp2
-rw-r--r--manifests/profile/base/nova.pp101
-rw-r--r--manifests/profile/base/nova/api.pp67
-rw-r--r--manifests/profile/base/nova/authtoken.pp56
-rw-r--r--manifests/profile/base/nova/compute.pp1
-rw-r--r--manifests/profile/base/nova/compute/libvirt.pp13
-rw-r--r--manifests/profile/base/nova/placement.pp3
-rw-r--r--manifests/profile/base/octavia.pp55
-rw-r--r--manifests/profile/base/octavia/health_manager.pp33
-rw-r--r--manifests/profile/base/octavia/housekeeping.pp34
-rw-r--r--manifests/profile/base/octavia/worker.pp34
-rw-r--r--manifests/profile/base/panko.pp18
-rw-r--r--manifests/profile/base/panko/api.pp18
-rw-r--r--manifests/profile/base/rabbitmq.pp92
-rw-r--r--manifests/profile/base/sahara.pp85
-rw-r--r--manifests/profile/base/swift/proxy.pp78
-rw-r--r--manifests/profile/base/tacker.pp60
-rw-r--r--manifests/profile/base/time/ntp.pp10
-rw-r--r--manifests/profile/base/vpp.pp32
-rw-r--r--manifests/profile/pacemaker/database/mysql.pp4
-rw-r--r--manifests/ui.pp133
60 files changed, 3897 insertions, 723 deletions
diff --git a/manifests/certmonger/rabbitmq.pp b/manifests/certmonger/rabbitmq.pp
new file mode 100644
index 0000000..344adef
--- /dev/null
+++ b/manifests/certmonger/rabbitmq.pp
@@ -0,0 +1,79 @@
+# Copyright 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::certmonger::rabbitmq
+#
+# Request a certificate for RabbitMQ and do the necessary setup.
+#
+# === Parameters
+#
+# [*hostname*]
+# The hostname of the node. this will be set in the CN of the certificate.
+#
+# [*service_certificate*]
+# The path to the certificate that will be used for TLS in this service.
+#
+# [*service_key*]
+# The path to the key that will be used for TLS in this service.
+#
+# [*certmonger_ca*]
+# (Optional) The CA that certmonger will use to generate the certificates.
+# Defaults to hiera('certmonger_ca', 'local').
+#
+# [*file_owner*]
+# (Optional) The user which the certificate and key files belong to.
+# Defaults to 'root'
+#
+# [*principal*]
+# (Optional) The service principal that is set for the service in kerberos.
+# Defaults to undef
+#
+class tripleo::certmonger::rabbitmq (
+ $hostname,
+ $service_certificate,
+ $service_key,
+ $certmonger_ca = hiera('certmonger_ca', 'local'),
+ $principal = undef,
+) {
+ include ::certmonger
+ include ::rabbitmq::params
+
+ $postsave_cmd = "systemctl restart ${::rabbitmq::params::service_name}"
+ certmonger_certificate { 'rabbitmq' :
+ ensure => 'present',
+ certfile => $service_certificate,
+ keyfile => $service_key,
+ hostname => $hostname,
+ dnsname => $hostname,
+ principal => $principal,
+ postsave_cmd => $postsave_cmd,
+ ca => $certmonger_ca,
+ wait => true,
+ require => Class['::certmonger'],
+ }
+
+ file { $service_certificate :
+ owner => $::rabbitmq::params::rabbitmq_user,
+ group => $::rabbitmq::params::rabbitmq_group,
+ require => Certmonger_certificate['rabbitmq'],
+ }
+ file { $service_key :
+ owner => $::rabbitmq::params::rabbitmq_user,
+ group => $::rabbitmq::params::rabbitmq_group,
+ require => Certmonger_certificate['rabbitmq'],
+ }
+
+ File[$service_certificate] ~> Service<| title == $::rabbitmq::params::service_name |>
+ File[$service_key] ~> Service<| title == $::rabbitmq::params::service_name |>
+}
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index f34c58f..517df4b 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -64,6 +64,26 @@
# Can be a string or an array.
# Defaults to undef
#
+# [*contrail_config_hosts*]
+# (optional) Specify the contrail config hosts ips.
+# Defaults to hiera('contrail_config_node_ips')
+#
+# [*contrail_config_hosts_names*]
+# (optional) Specify the contrail config hosts.
+# Defaults to hiera('contrail_config_node_ips')
+#
+# [*contrail_config*]
+# (optional) Switch to check that contrail config is enabled.
+# Defaults to hiera('contrail_config_enabled')
+#
+# [*contrail_webui*]
+# (optional) Switch to check that contrail config is enabled.
+# Defaults to hiera('contrail_webui_enabled')
+#
+# [*contrail_analytics*]
+# (optional) Switch to check that contrail config is enabled.
+# Defaults to hiera('contrail_analytics_enabled')
+#
# [*public_virtual_ip*]
# Public IP or group of IPs to bind the pools
# Can be a string or an array.
@@ -519,6 +539,11 @@ class tripleo::haproxy (
$haproxy_stats_password = undef,
$controller_hosts = hiera('controller_node_ips'),
$controller_hosts_names = hiera('controller_node_names', undef),
+ $contrail_config_hosts = hiera('contrail_config_node_ips', undef),
+ $contrail_config_hosts_names = hiera('contrail_config_node_names', undef),
+ $contrail_analytics = hiera('contrail_analytics_enabled', false),
+ $contrail_config = hiera('contrail_config_enabled', false),
+ $contrail_webui = hiera('contrail_webui_enabled', false),
$service_certificate = undef,
$use_internal_certificates = false,
$internal_certificates_specs = {},
@@ -616,6 +641,14 @@ class tripleo::haproxy (
cinder_api_ssl_port => 13776,
congress_api_port => 1789,
congress_api_ssl_port => 13789,
+ contrail_config_port => 8082,
+ contrail_config_ssl_port => 18082,
+ contrail_discovery_port => 5998,
+ contrail_discovery_ssl_port => 15998,
+ contrail_analytics_port => 8090,
+ contrail_analytics_ssl_port => 18090,
+ contrail_webui_http_port => 8080,
+ contrail_webui_https_port => 8143,
docker_registry_port => 8787,
docker_registry_ssl_port => 13787,
glance_api_port => 9292,
@@ -1011,7 +1044,7 @@ class tripleo::haproxy (
},
public_ssl_port => $ports[nova_api_ssl_port],
service_network => $nova_osapi_network,
- member_options => union($haproxy_member_options, $internal_tls_member_options),
+ #member_options => union($haproxy_member_options, $internal_tls_member_options),
}
}
@@ -1232,6 +1265,7 @@ class tripleo::haproxy (
listen_options => $heat_options,
public_ssl_port => $ports[heat_api_ssl_port],
service_network => $heat_api_network,
+ member_options => union($haproxy_member_options, $internal_tls_member_options),
}
}
@@ -1246,6 +1280,7 @@ class tripleo::haproxy (
listen_options => $heat_options,
public_ssl_port => $ports[heat_cw_ssl_port],
service_network => $heat_cloudwatch_network,
+ member_options => union($haproxy_member_options, $internal_tls_member_options),
}
}
@@ -1260,6 +1295,7 @@ class tripleo::haproxy (
listen_options => $heat_options,
public_ssl_port => $ports[heat_cfn_ssl_port],
service_network => $heat_cfn_network,
+ member_options => union($haproxy_member_options, $internal_tls_member_options),
}
}
@@ -1561,5 +1597,50 @@ class tripleo::haproxy (
public_ssl_port => $ports[ui_ssl_port],
}
}
-
+ if $contrail_config {
+ ::tripleo::haproxy::endpoint { 'contrail_config':
+ public_virtual_ip => $public_virtual_ip,
+ internal_ip => hiera('contrail_config_vip', $controller_virtual_ip),
+ service_port => $ports[contrail_config_port],
+ ip_addresses => hiera('contrail_config_node_ips'),
+ server_names => hiera('contrail_config_node_ips'),
+ public_ssl_port => $ports[contrail_config_ssl_port],
+ }
+ ::tripleo::haproxy::endpoint { 'contrail_discovery':
+ public_virtual_ip => $public_virtual_ip,
+ internal_ip => hiera('contrail_config_vip', $controller_virtual_ip),
+ service_port => $ports[contrail_discovery_port],
+ ip_addresses => hiera('contrail_config_node_ips'),
+ server_names => hiera('contrail_config_node_ips'),
+ public_ssl_port => $ports[contrail_discovery_ssl_port],
+ }
+ }
+ if $contrail_analytics {
+ ::tripleo::haproxy::endpoint { 'contrail_analytics':
+ public_virtual_ip => $public_virtual_ip,
+ internal_ip => hiera('contrail_analytics_vip', $controller_virtual_ip),
+ service_port => $ports[contrail_analytics_port],
+ ip_addresses => hiera('contrail_config_node_ips'),
+ server_names => hiera('contrail_config_node_ips'),
+ public_ssl_port => $ports[contrail_analytics_ssl_port],
+ }
+ }
+ if $contrail_webui {
+ ::tripleo::haproxy::endpoint { 'contrail_webui_http':
+ public_virtual_ip => $public_virtual_ip,
+ internal_ip => hiera('contrail_webui_vip', $controller_virtual_ip),
+ service_port => $ports[contrail_webui_http_port],
+ ip_addresses => hiera('contrail_config_node_ips'),
+ server_names => hiera('contrail_config_node_ips'),
+ public_ssl_port => $ports[contrail_webui_http_port],
+ }
+ ::tripleo::haproxy::endpoint { 'contrail_webui_https':
+ public_virtual_ip => $public_virtual_ip,
+ internal_ip => hiera('contrail_webui_vip', $controller_virtual_ip),
+ service_port => $ports[contrail_webui_https_port],
+ ip_addresses => hiera('contrail_config_node_ips'),
+ server_names => hiera('contrail_config_node_ips'),
+ public_ssl_port => $ports[contrail_webui_https_port],
+ }
+ }
}
diff --git a/manifests/host/sriov/numvfs_persistence.pp b/manifests/host/sriov/numvfs_persistence.pp
index ec8c875..4c6af83 100644
--- a/manifests/host/sriov/numvfs_persistence.pp
+++ b/manifests/host/sriov/numvfs_persistence.pp
@@ -4,7 +4,7 @@
# === Parameters:
#
# [*vf_defs*]
-# (required) Array of of <physical_interface>:<numvfs>.
+# (required) Array of <physical_interface>:<numvfs>.
# Example: ['eth1:10','eth2:8']
#
# [*content_string*]
diff --git a/manifests/network/contrail/analytics.pp b/manifests/network/contrail/analytics.pp
index 4359a43..e34c7e6 100644
--- a/manifests/network/contrail/analytics.pp
+++ b/manifests/network/contrail/analytics.pp
@@ -43,6 +43,21 @@
# String value.
# Defaults to hiera('contrail::admin_user')
#
+# [*api_server*]
+# (optional) IP address of api server
+# String value.
+# Defaults to hiera('contrail_config_vip')
+#
+# [*api_port*]
+# (optional) port of api server
+# String value.
+# Defaults to hiera('contrail::api_port')
+#
+# [*analytics_aaa_mode*]
+# (optional) analytics aaa mode parameter
+# String value.
+# Defaults to hiera('contrail::analytics_aaa_mode')
+#
# [*auth_host*]
# (optional) keystone server ip address
# String (IPv4) value.
@@ -53,11 +68,26 @@
# Integer value.
# Defaults to hiera('contrail::auth_port')
#
+# [*auth_port_ssl*]
+# (optional) keystone ssl port.
+# Integer value.
+# Defaults to hiera('contrail::auth_port_ssl')
+#
# [*auth_protocol*]
# (optional) authentication protocol.
# String value.
# Defaults to hiera('contrail::auth_protocol')
#
+# [*ca_file*]
+# (optional) ca file name
+# String value.
+# Defaults to hiera('contrail::service_certificate',false)
+#
+# [*cert_file*]
+# (optional) cert file name
+# String value.
+# Defaults to hiera('contrail::service_certificate',false)
+#
# [*cassandra_server_list*]
# (optional) List IPs+port of Cassandra servers
# Array of strings value.
@@ -76,7 +106,7 @@
# [*disc_server_ip*]
# (optional) IPv4 address of discovery server.
# String (IPv4) value.
-# Defaults to hiera('contrail::disc_server_ip')
+# Defaults to hiera('contrail_config_vip')
#
# [*disc_server_port*]
# (optional) port Discovery server listens on.
@@ -103,6 +133,31 @@
# String (IPv4) value + port
# Defaults to hiera('contrail::memcached_server')
#
+# [*public_vip*]
+# (optional) Public virtual IP address
+# String (IPv4) value
+# Defaults to hiera('public_virtual_ip')
+#
+# [*rabbit_server*]
+# (optional) IPv4 addresses of rabbit server.
+# Array of String (IPv4) value.
+# Defaults to hiera('rabbitmq_node_ips')
+#
+# [*rabbit_user*]
+# (optional) Rabbit user
+# String value.
+# Defaults to hiera('contrail::rabbit_user')
+#
+# [*rabbit_password*]
+# (optional) Rabbit password
+# String value.
+# Defaults to hiera('contrail::rabbit_password')
+#
+# [*rabbit_port*]
+# (optional) port of rabbit server
+# String value.
+# Defaults to hiera('contrail::rabbit_port')
+#
# [*redis_server*]
# (optional) IPv4 address of redis server.
# String (IPv4) value.
@@ -123,123 +178,209 @@
# Integer value.
# Defaults to 8081
#
+# [*step*]
+# (optional) Step stack is in
+# Integer value.
+# Defaults to hiera('step')
+#
# [*zk_server_ip*]
# (optional) List IPs+port of Zookeeper servers
# Array of strings value.
# Defaults to hiera('contrail::zk_server_ip')
#
class tripleo::network::contrail::analytics(
- $host_ip,
- $admin_password = hiera('contrail::admin_password'),
- $admin_tenant_name = hiera('contrail::admin_tenant_name'),
- $admin_token = hiera('contrail::admin_token'),
- $admin_user = hiera('contrail::admin_user'),
- $auth_host = hiera('contrail::auth_host'),
- $auth_port = hiera('contrail::auth_port'),
- $auth_protocol = hiera('contrail::auth_protocol'),
- $cassandra_server_list = hiera('contrail::cassandra_server_list'),
- $collector_http_server_port = 8089,
- $collector_sandesh_port = 8086,
- $disc_server_ip = hiera('contrail::disc_server_ip'),
- $disc_server_port = hiera('contrail::disc_server_port'),
- $http_server_port = 8090,
- $insecure = hiera('contrail::insecure'),
- $kafka_broker_list = hiera('contrail::kafka_broker_list'),
- $memcached_servers = hiera('contrail::memcached_server'),
- $redis_server = '127.0.0.1',
- $redis_server_port = 6379,
- $rest_api_ip = '0.0.0.0',
- $rest_api_port = 8081,
- $zk_server_ip = hiera('contrail::zk_server_ip'),
+ $step = hiera('step'),
+ $admin_password = hiera('contrail::admin_password'),
+ $admin_tenant_name = hiera('contrail::admin_tenant_name'),
+ $admin_token = hiera('contrail::admin_token'),
+ $admin_user = hiera('contrail::admin_user'),
+ $api_server = hiera('contrail_config_vip'),
+ $api_port = hiera('contrail::api_port'),
+ $auth_host = hiera('contrail::auth_host'),
+ $auth_port = hiera('contrail::auth_port'),
+ $auth_protocol = hiera('contrail::auth_protocol'),
+ $auth_port_ssl = hiera('contrail::auth_port_ssl'),
+ $analytics_aaa_mode = hiera('contrail::analytics_aaa_mode'),
+ $cassandra_server_list = hiera('contrail_analytics_database_node_ips'),
+ $ca_file = hiera('contrail::service_certificate',false),
+ $cert_file = hiera('contrail::service_certificate',false),
+ $collector_http_server_port = hiera('contrail::analytics::collector_http_server_port'),
+ $collector_sandesh_port = hiera('contrail::analytics::collector_sandesh_port'),
+ $disc_server_ip = hiera('contrail_config_vip'),
+ $disc_server_port = hiera('contrail::disc_server_port'),
+ $http_server_port = hiera('contrail::analytics::http_server_port'),
+ $host_ip = hiera('contrail::analytics::host_ip'),
+ $insecure = hiera('contrail::insecure'),
+ $kafka_broker_list = hiera('contrail_analytics_database_node_ips'),
+ $memcached_servers = hiera('contrail::memcached_server'),
+ $public_vip = hiera('public_virtual_ip'),
+ $rabbit_server = hiera('rabbitmq_node_ips'),
+ $rabbit_user = hiera('contrail::rabbit_user'),
+ $rabbit_password = hiera('contrail::rabbit_password'),
+ $rabbit_port = hiera('contrail::rabbit_port'),
+ $redis_server = hiera('contrail::analytics::redis_server'),
+ $redis_server_port = hiera('contrail::analytics::redis_server_port'),
+ $rest_api_ip = hiera('contrail::analytics::rest_api_ip'),
+ $rest_api_port = hiera('contrail::analytics::rest_api_port'),
+ $zk_server_ip = hiera('contrail_database_node_ips'),
)
{
- class {'::contrail::keystone':
- keystone_config => {
- 'KEYSTONE' => {
+ $cassandra_server_list_9042 = join([join($cassandra_server_list, ':9042 '),':9042'],'')
+ $kafka_broker_list_9092 = join([join($kafka_broker_list, ':9092 '),':9092'],'')
+ $rabbit_server_list_5672 = join([join($rabbit_server, ":${rabbit_port},"),":${rabbit_port}"],'')
+ $redis_config = "bind ${host_ip} 127.0.0.1"
+ $zk_server_ip_2181 = join([join($zk_server_ip, ':2181 '),':2181'],'')
+ $zk_server_ip_2181_comma = join([join($zk_server_ip, ':2181,'),':2181'],'')
+
+ if $auth_protocol == 'https' {
+ $keystone_config = {
'admin_password' => $admin_password,
'admin_tenant_name' => $admin_tenant_name,
- 'admin_token' => $admin_token,
'admin_user' => $admin_user,
'auth_host' => $auth_host,
- 'auth_port' => $auth_port,
+ 'auth_port' => $auth_port_ssl,
'auth_protocol' => $auth_protocol,
'insecure' => $insecure,
- 'memcached_servers' => $memcached_servers,
- },
- },
- } ->
- class {'::contrail::analytics':
- analytics_api_config => {
- 'DEFAULTS' => {
- 'cassandra_server_list' => $cassandra_server_list,
- 'host_ip' => $host_ip,
- 'http_server_port' => $http_server_port,
- 'redis_server' => $redis_server,
- 'rest_api_ip' => $rest_api_ip,
- 'rest_api_port' => $rest_api_port,
- },
- 'DISCOVERY' => {
- 'disc_server_ip' => $disc_server_ip,
- 'disc_server_port' => $disc_server_port,
- },
- 'REDIS' => {
- 'redis_server_port' => $redis_server_port,
- 'redis_query_port' => $redis_server_port,
- 'server' => $redis_server,
- },
- },
- collector_config => {
- 'DEFAULTS' => {
- 'cassandra_server_list' => $cassandra_server_list,
- 'disc_server_ip' => $disc_server_ip,
- 'hostip' => $host_ip,
- 'http_server_port' => $collector_http_server_port,
- 'kafka_broker_list' => $kafka_broker_list,
- 'zookeeper_server_list' => $zk_server_ip,
- },
- 'COLLECTOR' => {
- 'port' => $collector_sandesh_port,
+ 'certfile' => $cert_file,
+ 'cafile' => $ca_file,
+ }
+ $vnc_api_lib_config = {
+ 'auth' => {
+ 'AUTHN_SERVER' => $public_vip,
+ 'AUTHN_PORT' => $auth_port_ssl,
+ 'AUTHN_PROTOCOL' => $auth_protocol,
+ 'certfile' => $cert_file,
+ 'cafile' => $ca_file,
},
- 'DISCOVERY' => {
- 'port' => $disc_server_port,
- 'server' => $disc_server_ip,
+ }
+ } else {
+ $keystone_config = {
+ 'admin_password' => $admin_password,
+ 'admin_tenant_name' => $admin_tenant_name,
+ 'admin_user' => $admin_user,
+ 'auth_host' => $auth_host,
+ 'auth_port' => $auth_port,
+ 'auth_protocol' => $auth_protocol,
+ 'insecure' => $insecure,
+ }
+ $vnc_api_lib_config = {
+ 'auth' => {
+ 'AUTHN_SERVER' => $public_vip,
},
- 'REDIS' => {
- 'port' => $redis_server_port,
- 'server' => $redis_server,
+ }
+ }
+ if $step >= 3 {
+ class {'::contrail::analytics':
+ alarm_gen_config => {
+ 'DEFAULTS' => {
+ 'host_ip' => $host_ip,
+ 'kafka_broker_list' => $kafka_broker_list_9092,
+ 'rabbitmq_server_list' => $rabbit_server_list_5672,
+ 'rabbitmq_user' => $rabbit_user,
+ 'rabbitmq_password' => $rabbit_password,
+ 'zk_list' => $zk_server_ip_2181,
+ },
+ 'DISCOVERY' => {
+ 'disc_server_ip' => $disc_server_ip,
+ 'disc_server_port' => $disc_server_port,
+ },
},
- },
- query_engine_config => {
- 'DEFAULTS' => {
- 'cassandra_server_list' => $cassandra_server_list,
- 'hostip' => $host_ip,
+ analytics_nodemgr_config => {
+ 'DISCOVERY' => {
+ 'server' => $disc_server_ip,
+ 'port' => $disc_server_port,
+ },
},
- 'DISCOVERY' => {
- 'port' => $disc_server_port,
- 'server' => $disc_server_ip,
+ analytics_api_config => {
+ 'DEFAULTS' => {
+ 'api_server' => "${api_server}:${api_port}",
+ 'aaa_mode' => $analytics_aaa_mode,
+ 'cassandra_server_list' => $cassandra_server_list_9042,
+ 'host_ip' => $host_ip,
+ 'http_server_port' => $http_server_port,
+ 'rest_api_ip' => $rest_api_ip,
+ 'rest_api_port' => $rest_api_port,
+ },
+ 'DISCOVERY' => {
+ 'disc_server_ip' => $disc_server_ip,
+ 'disc_server_port' => $disc_server_port,
+ },
+ 'REDIS' => {
+ 'redis_server_port' => $redis_server_port,
+ 'redis_query_port' => $redis_server_port,
+ 'server' => $redis_server,
+ },
+ 'KEYSTONE' => $keystone_config,
},
- 'REDIS' => {
- 'port' => $redis_server_port,
- 'server' => $redis_server,
+ collector_config => {
+ 'DEFAULT' => {
+ 'cassandra_server_list' => $cassandra_server_list_9042,
+ 'hostip' => $host_ip,
+ 'http_server_port' => $collector_http_server_port,
+ 'kafka_broker_list' => $kafka_broker_list_9092,
+ 'zookeeper_server_list' => $zk_server_ip_2181_comma,
+ },
+ 'COLLECTOR' => {
+ 'port' => $collector_sandesh_port,
+ },
+ 'DISCOVERY' => {
+ 'port' => $disc_server_port,
+ 'server' => $disc_server_ip,
+ },
+ 'REDIS' => {
+ 'port' => $redis_server_port,
+ 'server' => $redis_server,
+ },
},
- },
- snmp_collector_config => {
- 'DEFAULTS' => {
- 'zk_server_ip' => $zk_server_ip,
+ query_engine_config => {
+ 'DEFAULT' => {
+ 'cassandra_server_list' => $cassandra_server_list_9042,
+ 'hostip' => $host_ip,
+ },
+ 'DISCOVERY' => {
+ 'port' => $disc_server_port,
+ 'server' => $disc_server_ip,
+ },
+ 'REDIS' => {
+ 'port' => $redis_server_port,
+ 'server' => $redis_server,
+ },
},
- 'DISCOVERY' => {
- 'disc_server_ip' => $disc_server_ip,
- 'disc_server_port' => $disc_server_port,
+ snmp_collector_config => {
+ 'DEFAULTS' => {
+ 'zookeeper' => $zk_server_ip_2181_comma,
+ },
+ 'DISCOVERY' => {
+ 'disc_server_ip' => $disc_server_ip,
+ 'disc_server_port' => $disc_server_port,
+ },
},
- },
- topology_config => {
- 'DEFAULTS' => {
- 'zk_server_ip' => $zk_server_ip,
+ redis_config => $redis_config,
+ topology_config => {
+ 'DEFAULTS' => {
+ 'zookeeper' => $zk_server_ip_2181_comma,
+ },
+ 'DISCOVERY' => {
+ 'disc_server_ip' => $disc_server_ip,
+ 'disc_server_port' => $disc_server_port,
+ },
},
- 'DISCOVERY' => {
- 'disc_server_ip' => $disc_server_ip,
- 'disc_server_port' => $disc_server_port,
+ vnc_api_lib_config => $vnc_api_lib_config,
+ keystone_config => {
+ 'KEYSTONE' => $keystone_config,
},
- },
+ }
+ }
+ if $step >= 5 {
+ class {'::contrail::analytics::provision_analytics':
+ api_address => $api_server,
+ api_port => $api_port,
+ analytics_node_address => $host_ip,
+ analytics_node_name => $::fqdn,
+ keystone_admin_user => $admin_user,
+ keystone_admin_password => $admin_password,
+ keystone_admin_tenant_name => $admin_tenant_name,
+ openstack_vip => $public_vip,
+ }
}
}
diff --git a/manifests/network/contrail/analyticsdatabase.pp b/manifests/network/contrail/analyticsdatabase.pp
new file mode 100644
index 0000000..88b0327
--- /dev/null
+++ b/manifests/network/contrail/analyticsdatabase.pp
@@ -0,0 +1,202 @@
+#
+# Copyright (C) 2015 Juniper Networks
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::network::contrail::analyticsdatabase
+#
+# Configure Contrail Analytics Database services
+#
+# == Parameters:
+#
+# [*auth_host*]
+# (optional) IPv4 VIP of Keystone
+# String (IPv4) value
+# Defaults to hiera('contrail::auth_host')
+#
+# [*auth_port_ssl*]
+# (optional) keystone ssl port.
+# Integer value.
+# Defaults to hiera('contrail::auth_port_ssl')
+#
+# [*auth_protocol*]
+# (optional) authentication protocol.
+# String value.
+# Defaults to hiera('contrail::auth_protocol')
+#
+# [*api_server*]
+# (optional) IPv4 VIP of Contrail Config API
+# String (IPv4) value
+# Defaults to hiera('contrail_config_vip')
+#
+# [*api_port*]
+# (optional) Port of Contrail Config API
+# String value
+# Defaults to hiera('contrail::api_port')
+#
+# [*admin_password*]
+# (optional) Keystone Admin password
+# String value
+# Defaults to hiera('contrail::admin_password')
+#
+# [*admin_tenant_name*]
+# (optional) Keystone Admin tenant name
+# String value
+# Defaults to hiera('contrail::admin_tenant_name')
+#
+# [*admin_token*]
+# (optional) Keystone Admin token
+# String value
+# Defaults to hiera('contrail::admin_token')
+#
+# [*admin_user*]
+# (optional) Keystone Admin user
+# String value
+# Defaults to hiera('contrail::admin_user')
+#
+# [*ca_file*]
+# (optional) ca file name
+# String value.
+# Defaults to hiera('contrail::service_certificate',false)
+#
+# [*cert_file*]
+# (optional) cert file name
+# String value.
+# Defaults to hiera('contrail::service_certificate',false)
+#
+# [*cassandra_servers*]
+# (optional) List of analytics cassandra servers
+# List (IPv4) value
+# Defaults to hiera('contrail_analytics_database_node_ips')
+#
+# [*disc_server_ip*]
+# (optional) IPv4 VIP of Contrail Discovery
+# String (IPv4) value
+# Defaults to hiera('contrail_config_vip')
+#
+# [*disc_server_port*]
+# (optional) port Discovery server listens on.
+# Integer value.
+# Defaults to hiera('contrail::disc_server_port')
+#
+# [*host_ip*]
+# (optional) host IP address of Database node
+# String (IPv4) value.
+# Defaults to hiera('contrail::analytics::database::host_ip')
+#
+# [*host_name*]
+# (optional) host name of database node
+# String value
+# Defaults to $::hostname
+#
+# [*kafka_hostnames*]
+# (optional) list of kafka server hostnames
+# List value
+# Defaults to hiera('contrail_analytics_database_short_node_names', '')
+#
+# [*public_vip*]
+# (optional) Public VIP
+# String (IPv4) value
+# Defaults to hiera('public_virtual_ip')
+#
+# [*step*]
+# (optional) step in the stack
+# String value
+# Defaults to hiera('step')
+#
+# [*zookeeper_server_ips*]
+# (optional) list of zookeeper server IPs
+# List value
+# Defaults to hiera('contrail_database_node_ips')
+#
+class tripleo::network::contrail::analyticsdatabase(
+ $step = hiera('step'),
+ $auth_host = hiera('contrail::auth_host'),
+ $api_server = hiera('contrail_config_vip'),
+ $api_port = hiera('contrail::api_port'),
+ $admin_password = hiera('contrail::admin_password'),
+ $admin_tenant_name = hiera('contrail::admin_tenant_name'),
+ $admin_token = hiera('contrail::admin_token'),
+ $admin_user = hiera('contrail::admin_user'),
+ $auth_port_ssl = hiera('contrail::auth_port_ssl'),
+ $auth_protocol = hiera('contrail::auth_protocol'),
+ $cassandra_servers = hiera('contrail_analytics_database_node_ips'),
+ $ca_file = hiera('contrail::service_certificate',false),
+ $cert_file = hiera('contrail::service_certificate',false),
+ $disc_server_ip = hiera('contrail_config_vip'),
+ $disc_server_port = hiera('contrail::disc_server_port'),
+ $host_ip = hiera('contrail::analytics::database::host_ip'),
+ $host_name = $::hostname,
+ $kafka_hostnames = hiera('contrail_analytics_database_short_node_names', ''),
+ $public_vip = hiera('public_virtual_ip'),
+ $zookeeper_server_ips = hiera('contrail_database_node_ips'),
+)
+{
+ if $auth_protocol == 'https' {
+ $vnc_api_lib_config = {
+ 'auth' => {
+ 'AUTHN_SERVER' => $public_vip,
+ 'AUTHN_PORT' => $auth_port_ssl,
+ 'AUTHN_PROTOCOL' => $auth_protocol,
+ 'certfile' => $cert_file,
+ 'cafile' => $ca_file,
+ },
+ }
+ } else {
+ $vnc_api_lib_config = {
+ 'auth' => {
+ 'AUTHN_SERVER' => $public_vip,
+ },
+ }
+ }
+ if $step == 2 {
+ class {'::contrail::analyticsdatabase':
+ analyticsdatabase_params => {
+ 'auth_host' => $auth_host,
+ 'api_server' => $api_server,
+ 'admin_password' => $admin_password,
+ 'admin_tenant_name' => $admin_tenant_name,
+ 'admin_token' => $admin_token,
+ 'admin_user' => $admin_user,
+ 'cassandra_servers' => $cassandra_servers,
+ 'host_ip' => $host_ip,
+ 'disc_server_ip' => $disc_server_ip,
+ 'disc_server_port' => $disc_server_port,
+ 'kafka_hostnames' => $kafka_hostnames,
+ 'zookeeper_server_ips' => $zookeeper_server_ips,
+ database_nodemgr_config => {
+ 'DEFAULT' => {
+ 'hostip' => $host_ip,
+ },
+ 'DISCOVERY' => {
+ 'port' => $disc_server_port,
+ 'server' => $disc_server_ip,
+ },
+ },
+ vnc_api_lib_config => $vnc_api_lib_config,
+ }
+ }
+ }
+ if $step >= 5 {
+ class {'::contrail::database::provision_database':
+ api_address => $api_server,
+ api_port => $api_port,
+ database_node_address => $host_ip,
+ database_node_name => $host_name,
+ keystone_admin_user => $admin_user,
+ keystone_admin_password => $admin_password,
+ keystone_admin_tenant_name => $admin_tenant_name,
+ openstack_vip => $public_vip,
+ }
+ }
+}
diff --git a/manifests/network/contrail/config.pp b/manifests/network/contrail/config.pp
index 7b9c85f..d02ab44 100644
--- a/manifests/network/contrail/config.pp
+++ b/manifests/network/contrail/config.pp
@@ -19,21 +19,11 @@
#
# == Parameters:
#
-# [*ifmap_password*]
-# (required) ifmap password
-# String value.
-#
-# [*ifmap_server_ip*]
-# (required) ifmap server ip address.
-# String value.
#
-# [*ifmap_username*]
-# (required) ifmap username
+# [*aaa_mode*]
+# (optional) aaa mode parameter
# String value.
-#
-# [*rabbit_server*]
-# (required) IPv4 address of rabbit server.
-# String (IPv4) value.
+# Defaults to hiera('contrail::aaa_mode')
#
# [*admin_password*]
# (optional) admin password
@@ -55,6 +45,16 @@
# String value.
# Defaults to hiera('contrail::admin_user')
#
+# [*api_server*]
+# (optional) VIP of Config API
+# String (IPv4) value.
+# Defaults to hiera('contrail_config_vip')
+#
+# [*api_port*]
+# (optional) Port of Config API
+# String value.
+# Defaults to hiera('contrail::api_port')
+#
# [*auth*]
# (optional) Authentication method.
# Defaults to hiera('contrail::auth')
@@ -68,81 +68,232 @@
# (optional) keystone port.
# Defaults to hiera('contrail::auth_port')
#
+# [*auth_port_ssl*]
+# (optional) keystone ssl port.
+# Integer value.
+# Defaults to hiera('contrail::auth_port_ssl')
+#
# [*auth_protocol*]
# (optional) authentication protocol.
# Defaults to hiera('contrail::auth_protocol')
#
+# [*ca_file*]
+# (optional) ca file name
+# String value.
+# Defaults to hiera('contrail::service_certificate',false)
+#
+# [*cert_file*]
+# (optional) cert file name
+# String value.
+# Defaults to hiera('contrail::service_certificate',false)
+#
# [*cassandra_server_list*]
# (optional) List IPs+port of Cassandra servers
# Array of strings value.
# Defaults to hiera('contrail::cassandra_server_list')
#
+# [*config_hostnames*]
+# (optional) Config hostname list
+# Array of string value.
+# Defaults to hiera('contrail_config_short_node_names')
+#
+# [*control_server_list*]
+# (optional) IPv4 addresses of control server.
+# Array of string (IPv4) value.
+# Defaults to hiera('contrail_control_node_ips')
+#
# [*disc_server_ip*]
# (optional) IPv4 address of discovery server.
# String (IPv4) value.
-# Defaults to hiera('contrail::disc_server_ip')
+# Defaults to hiera('contrail_config_vip'),
+#
+# [*disc_server_port*]
+# (optional) port of discovery server
+# String value.
+# Defaults to hiera('contrail::disc_server_port')
+#
+# [*host_ip*]
+# (optional) IPv4 address of Config server
+# String (IPv4) value.
+# Defaults to hiera('contrail::config::host_ip')
+#
+# [*ifmap_password*]
+# (optional) ifmap password
+# String value.
+# Defaults to hiera('contrail::config::ifmap_password')
+#
+# [*ifmap_server_ip*]
+# (optional) ifmap server ip address.
+# String value.
+# Defaults to hiera('contrail::config::host_ip')
+#
+# [*ifmap_username*]
+# (optional) ifmap username
+# String value.
+# Defaults to hiera('contrail::config::ifmap_password')
#
# [*insecure*]
# (optional) insecure mode.
# Defaults to hiera('contrail::insecure')
#
+# [*ipfabric_service_port*]
+# (optional) linklocal ip fabric port
+# String value
+# Defaults to 8775
+#
# [*listen_ip_address*]
# (optional) IP address to listen on.
# String (IPv4) value.
-# Defaults to '0.0.0.0'
+# Defaults to hiera('contrail::config::listen_ip_address')
#
# [*listen_port*]
# (optional) Listen port for config-api
-# Defaults to 8082
+# Defaults to hiera('contrail::api_port')
+#
+# [*linklocal_service_name*]
+# (optional) name of link local service
+# String value
+# Defaults to metadata
+#
+# [*linklocal_service_port*]
+# (optional) port of link local service
+# String value
+# Defaults to 80
+#
+# [*linklocal_service_name*]
+# (optional) name of link local service
+# String value
+# Defaults to metadata
+#
+# [*linklocal_service_ip*]
+# (optional) IPv4 address of link local service
+# String (IPv4) value
+# Defaults to 169.254.169.254
#
# [*memcached_servers*]
# (optional) IPv4 address of memcached servers
# String (IPv4) value + port
# Defaults to hiera('contrail::memcached_server')
#
-# [*multi_tenancy*]
-# (optional) Defines if mutli-tenancy is enabled.
-# Defaults to hiera('contrail::multi_tenancy')
+# [*public_vip*]
+# (optional) Public virtual ip
+# String value.
+# Defaults to hiera('public_virtual_ip')
+#
+# [*step*]
+# (optional) Step stack is in
+# Integer value.
+# Defaults to hiera('step')
+#
+# [*rabbit_server*]
+# (optional) rabbit server
+# Array of string value.
+# Defaults to hiera('rabbitmq_node_ips')
+#
+# [*rabbit_user*]
+# (optional) rabbit user
+# String value.
+# Defaults to hiera('contrail::rabbit_user')
+#
+# [*rabbit_password*]
+# (optional) rabbit password
+# String value.
+# Defaults to hiera('contrail::rabbit_password')
+#
+# [*rabbit_port*]
+# (optional) rabbit server port
+# String value.
+# Defaults to hiera('contrail::rabbit_port')
#
# [*redis_server*]
# (optional) IPv4 address of redis server.
# String (IPv4) value.
-# Defaults to '127.0.0.1'
+# Defaults to hiera('contrail::config::redis_server')
#
# [*zk_server_ip*]
# (optional) List IPs+port of Zookeeper servers
# Array of strings value.
-# Defaults to hiera('contrail::zk_server_ip')
+# Defaults to hiera('contrail_database_node_ips')
#
class tripleo::network::contrail::config(
- $ifmap_password,
- $ifmap_server_ip,
- $ifmap_username,
- $rabbit_server,
- $admin_password = hiera('contrail::admin_password'),
- $admin_tenant_name = hiera('contrail::admin_tenant_name'),
- $admin_token = hiera('contrail::admin_token'),
- $admin_user = hiera('contrail::admin_user'),
- $auth = hiera('contrail::auth'),
- $auth_host = hiera('contrail::auth_host'),
- $auth_port = hiera('contrail::auth_port'),
- $auth_protocol = hiera('contrail::auth_protocol'),
- $cassandra_server_list = hiera('contrail::cassandra_server_list'),
- $disc_server_ip = hiera('contrail::disc_server_ip'),
- $insecure = hiera('contrail::insecure'),
- $listen_ip_address = '0.0.0.0',
- $listen_port = 8082,
- $memcached_servers = hiera('contrail::memcached_server'),
- $multi_tenancy = hiera('contrail::multi_tenancy'),
- $redis_server = '127.0.0.1',
- $zk_server_ip = hiera('contrail::zk_server_ip'),
+ $step = hiera('step'),
+ $aaa_mode = hiera('contrail::aaa_mode'),
+ $admin_password = hiera('contrail::admin_password'),
+ $admin_tenant_name = hiera('contrail::admin_tenant_name'),
+ $admin_token = hiera('contrail::admin_token'),
+ $admin_user = hiera('contrail::admin_user'),
+ $api_server = hiera('contrail_config_vip'),
+ $api_port = hiera('contrail::api_port'),
+ $auth = hiera('contrail::auth'),
+ $auth_host = hiera('contrail::auth_host'),
+ $auth_port = hiera('contrail::auth_port'),
+ $auth_port_ssl = hiera('contrail::auth_port_ssl'),
+ $auth_protocol = hiera('contrail::auth_protocol'),
+ $cassandra_server_list = hiera('contrail_database_node_ips'),
+ $ca_file = hiera('contrail::service_certificate',false),
+ $cert_file = hiera('contrail::service_certificate',false),
+ $config_hostnames = hiera('contrail_config_short_node_names'),
+ $control_server_list = hiera('contrail_control_node_ips'),
+ $disc_server_ip = hiera('contrail_config_vip'),
+ $disc_server_port = hiera('contrail::disc_server_port'),
+ $host_ip = hiera('contrail::config::host_ip'),
+ $ifmap_password = hiera('contrail::config::ifmap_password'),
+ $ifmap_server_ip = hiera('contrail::config::host_ip'),
+ $ifmap_username = hiera('contrail::config::ifmap_username'),
+ $insecure = hiera('contrail::insecure'),
+ $ipfabric_service_port = 8775,
+ $listen_ip_address = hiera('contrail::config::listen_ip_address'),
+ $listen_port = hiera('contrail::api_port'),
+ $linklocal_service_port = 80,
+ $linklocal_service_name = 'metadata',
+ $linklocal_service_ip = '169.254.169.254',
+ $memcached_servers = hiera('contrail::memcached_server'),
+ $public_vip = hiera('public_virtual_ip'),
+ $rabbit_server = hiera('rabbitmq_node_ips'),
+ $rabbit_user = hiera('contrail::rabbit_user'),
+ $rabbit_password = hiera('contrail::rabbit_password'),
+ $rabbit_port = hiera('contrail::rabbit_port'),
+ $redis_server = hiera('contrail::config::redis_server'),
+ $zk_server_ip = hiera('contrail_database_node_ips'),
)
{
validate_ip_address($listen_ip_address)
validate_ip_address($disc_server_ip)
validate_ip_address($ifmap_server_ip)
- class {'::contrail::keystone':
- keystone_config => {
+ $basicauthusers_property_control = map($control_server_list) |$item| { "${item}.control:${item}.control" }
+ $basicauthusers_property_dns = $control_server_list.map |$item| { "${item}.dns:${item}.dns" }
+ $basicauthusers_property = concat($basicauthusers_property_control, $basicauthusers_property_dns)
+ $cassandra_server_list_9160 = join([join($cassandra_server_list, ':9160 '),':9160'],'')
+ $rabbit_server_list_5672 = join([join($rabbit_server, ':5672,'),':5672'],'')
+ $zk_server_ip_2181 = join([join($zk_server_ip, ':2181,'),':2181'],'')
+
+ if $auth_protocol == 'https' {
+ $keystone_config = {
+ 'KEYSTONE' => {
+ 'admin_password' => $admin_password,
+ 'admin_tenant_name' => $admin_tenant_name,
+ 'admin_token' => $admin_token,
+ 'admin_user' => $admin_user,
+ 'auth_host' => $auth_host,
+ 'auth_port' => $auth_port_ssl,
+ 'auth_protocol' => $auth_protocol,
+ 'insecure' => $insecure,
+ 'memcached_servers' => $memcached_servers,
+ 'certfile' => $cert_file,
+ 'cafile' => $ca_file,
+ },
+ }
+ $vnc_api_lib_config = {
+ 'auth' => {
+ 'AUTHN_SERVER' => $public_vip,
+ 'AUTHN_PORT' => $auth_port_ssl,
+ 'AUTHN_PROTOCOL' => $auth_protocol,
+ 'certfile' => $cert_file,
+ 'cafile' => $ca_file,
+ },
+ }
+ } else {
+ $keystone_config = {
'KEYSTONE' => {
'admin_password' => $admin_password,
'admin_tenant_name' => $admin_tenant_name,
@@ -154,62 +305,116 @@ class tripleo::network::contrail::config(
'insecure' => $insecure,
'memcached_servers' => $memcached_servers,
},
- },
- } ->
- class {'::contrail::config':
- api_config => {
- 'DEFAULTS' => {
- 'auth' => $auth,
- 'cassandra_server_list' => $cassandra_server_list,
- 'disc_server_ip' => $disc_server_ip,
- 'ifmap_password' => $ifmap_password,
- 'ifmap_server_ip' => $ifmap_server_ip,
- 'ifmap_username' => $ifmap_username,
- 'listen_ip_addr' => $listen_ip_address,
- 'listen_port' => $listen_port,
- 'multi_tenancy' => $multi_tenancy,
- 'rabbit_server' => $rabbit_server,
- 'redis_server' => $redis_server,
- 'zk_server_ip' => $zk_server_ip,
+ }
+ $vnc_api_lib_config = {
+ 'auth' => {
+ 'AUTHN_SERVER' => $public_vip,
},
- },
- device_manager_config => {
- 'DEFAULTS' => {
- 'cassandra_server_list' => $cassandra_server_list,
- 'disc_server_ip' => $disc_server_ip,
- 'rabbit_server' => $rabbit_server,
- 'redis_server' => $redis_server,
- 'zk_server_ip' => $zk_server_ip,
+ }
+ }
+ if $step >= 3 {
+ class {'::contrail::config':
+ api_config => {
+ 'DEFAULTS' => {
+ 'aaa_mode' => $aaa_mode,
+ 'auth' => $auth,
+ 'cassandra_server_list' => $cassandra_server_list_9160,
+ 'disc_server_ip' => $disc_server_ip,
+ 'ifmap_password' => $ifmap_password,
+ 'ifmap_server_ip' => $ifmap_server_ip,
+ 'ifmap_username' => $ifmap_username,
+ 'listen_ip_addr' => $listen_ip_address,
+ 'listen_port' => $listen_port,
+ 'rabbit_server' => $rabbit_server_list_5672,
+ 'rabbit_user' => $rabbit_user,
+ 'rabbit_password' => $rabbit_password,
+ 'redis_server' => $redis_server,
+ 'zk_server_ip' => $zk_server_ip_2181,
+ },
},
- },
- schema_config => {
- 'DEFAULTS' => {
- 'cassandra_server_list' => $cassandra_server_list,
- 'disc_server_ip' => $disc_server_ip,
- 'ifmap_password' => $ifmap_password,
- 'ifmap_server_ip' => $ifmap_server_ip,
- 'ifmap_username' => $ifmap_username,
- 'rabbit_server' => $rabbit_server,
- 'redis_server' => $redis_server,
- 'zk_server_ip' => $zk_server_ip,
+ basicauthusers_property => $basicauthusers_property,
+ config_nodemgr_config => {
+ 'DISCOVERY' => {
+ 'server' => $disc_server_ip,
+ 'port' => $disc_server_port,
+ },
},
- },
- discovery_config => {
- 'DEFAULTS' => {
- 'cassandra_server_list' => $cassandra_server_list,
- 'zk_server_ip' => $zk_server_ip,
+ device_manager_config => {
+ 'DEFAULTS' => {
+ 'cassandra_server_list' => $cassandra_server_list_9160,
+ 'disc_server_ip' => $disc_server_ip,
+ 'disc_server_port' => $disc_server_port,
+ 'rabbit_server' => $rabbit_server_list_5672,
+ 'rabbit_user' => $rabbit_user,
+ 'rabbit_password' => $rabbit_password,
+ 'redis_server' => $redis_server,
+ 'zk_server_ip' => $zk_server_ip_2181,
+ },
},
- },
- svc_monitor_config => {
- 'DEFAULTS' => {
- 'cassandra_server_list' => $cassandra_server_list,
- 'disc_server_ip' => $disc_server_ip,
- 'ifmap_password' => $ifmap_password,
- 'ifmap_server_ip' => $ifmap_server_ip,
- 'ifmap_username' => $ifmap_username,
- 'rabbit_server' => $rabbit_server,
- 'redis_server' => $redis_server,
+ discovery_config => {
+ 'DEFAULTS' => {
+ 'cassandra_server_list' => $cassandra_server_list_9160,
+ 'zk_server_ip' => $zk_server_ip_2181,
+ },
},
- },
+ keystone_config => $keystone_config,
+ schema_config => {
+ 'DEFAULTS' => {
+ 'cassandra_server_list' => $cassandra_server_list_9160,
+ 'disc_server_ip' => $disc_server_ip,
+ 'disc_server_port' => $disc_server_port,
+ 'ifmap_password' => $ifmap_password,
+ 'ifmap_server_ip' => $ifmap_server_ip,
+ 'ifmap_username' => $ifmap_username,
+ 'rabbit_server' => $rabbit_server_list_5672,
+ 'rabbit_user' => $rabbit_user,
+ 'rabbit_password' => $rabbit_password,
+ 'redis_server' => $redis_server,
+ 'zk_server_ip' => $zk_server_ip_2181,
+ },
+ },
+ svc_monitor_config => {
+ 'DEFAULTS' => {
+ 'cassandra_server_list' => $cassandra_server_list_9160,
+ 'disc_server_ip' => $disc_server_ip,
+ 'disc_server_port' => $disc_server_port,
+ 'ifmap_password' => $ifmap_password,
+ 'ifmap_server_ip' => $ifmap_server_ip,
+ 'ifmap_username' => $ifmap_username,
+ 'rabbit_server' => $rabbit_server_list_5672,
+ 'rabbit_user' => $rabbit_user,
+ 'rabbit_password' => $rabbit_password,
+ 'redis_server' => $redis_server,
+ 'zk_server_ip' => $zk_server_ip_2181,
+ },
+ },
+ vnc_api_lib_config => $vnc_api_lib_config,
+ }
+ }
+ if $step >= 5 {
+ class {'::contrail::config::provision_config':
+ api_address => $api_server,
+ api_port => $api_port,
+ config_node_address => $host_ip,
+ config_node_name => $::hostname,
+ keystone_admin_user => $admin_user,
+ keystone_admin_password => $admin_password,
+ keystone_admin_tenant_name => $admin_tenant_name,
+ openstack_vip => $public_vip,
+ }
+ if $config_hostnames[0] == $::hostname {
+ class {'::contrail::config::provision_linklocal':
+ api_address => $api_server,
+ api_port => $api_port,
+ ipfabric_service_ip => $api_server,
+ ipfabric_service_port => $ipfabric_service_port,
+ keystone_admin_user => $admin_user,
+ keystone_admin_password => $admin_password,
+ keystone_admin_tenant_name => $admin_tenant_name,
+ linklocal_service_name => $linklocal_service_name,
+ linklocal_service_ip => $linklocal_service_ip,
+ linklocal_service_port => $linklocal_service_port,
+ }
+ }
}
}
diff --git a/manifests/network/contrail/control.pp b/manifests/network/contrail/control.pp
index 2e50108..e9c7a9e 100644
--- a/manifests/network/contrail/control.pp
+++ b/manifests/network/contrail/control.pp
@@ -19,19 +19,6 @@
#
# == Parameters:
#
-# [*host_ip*]
-# (required) host IP address of Control
-# String (IPv4) value.
-#
-# [*ifmap_password*]
-# (required) ifmap password
-# String value.
-#
-# [*ifmap_username*]
-# (optional) ifmap username
-# String value.
-# Defaults to hiera('contrail::ifmap_username'),
-#
# [*admin_password*]
# (optional) admin password
# String value.
@@ -42,16 +29,21 @@
# String value.
# Defaults to hiera('contrail::admin_tenant_name'),
#
-# [*admin_token*]
-# (optional) admin token
-# String value.
-# Defaults to hiera('contrail::admin_token'),
-#
# [*admin_user*]
# (optional) admin user name.
# String value.
# Defaults to hiera('contrail::admin_user'),
#
+# [*api_server*]
+# (optional) IP address of api server
+# String value.
+# Defaults to hiera('contrail_config_vip')
+#
+# [*api_port*]
+# (optional) port of api server
+# String value.
+# Defaults to hiera('contrail::api_port')
+#
# [*auth_host*]
# (optional) keystone server ip address
# String (IPv4) value.
@@ -68,13 +60,33 @@
# [*disc_server_ip*]
# (optional) IPv4 address of discovery server.
# String (IPv4) value.
-# Defaults to hiera('contrail::disc_server_ip'),
+# Defaults to hiera('contrail_config_vip')
#
# [*disc_server_port*]
# (optional) port Discovery server listens on.
# Integer value.
# Defaults to hiera('contrail::disc_server_port'),
#
+# [*host_ip*]
+# (optional) IP address of host
+# String (IPv4) value.
+# Defaults to hiera('contrail::control::host_ip')
+#
+# [*ibgp_auto_mesh*]
+# (optional) iBPG auto mesh
+# String value.
+# Defaults to true
+#
+# [*ifmap_password*]
+# (optional) ifmap password
+# String value.
+# Defaults to hiera('contrail::ifmap_password'),
+#
+# [*ifmap_username*]
+# (optional) ifmap username
+# String value.
+# Defaults to hiera('contrail::ifmap_username'),
+#
# [*insecure*]
# (optional) insecure mode.
# Defaults to hiera('contrail::insecure'),
@@ -84,70 +96,103 @@
# String (IPv4) value + port
# Defaults to hiera('contrail::memcached_servers'),
#
+# [*public_vip*]
+# (optional) Public Virtual IP address
+# String (IPv4) value
+# Defaults to hiera('public_virtual_ip')
+#
+# [*router_asn*]
+# (optional) Autonomus System Number
+# String value
+# Defaults to hiera('contrail::control::asn')
+#
+# [*secret*]
+# (optional) RNDC secret for named
+# String value
+# Defaults to hiera('contrail::control::rndc_secret')
+#
+# [*step*]
+# (optional) Step stack is in
+# Integer value.
+# Defaults to hiera('step')
+#
class tripleo::network::contrail::control(
- $host_ip,
- $ifmap_password,
- $ifmap_username,
- $admin_password = hiera('contrail::admin_password'),
+ $step = hiera('step'),
+ $admin_password = hiera('contrail::admin_password'),
$admin_tenant_name = hiera('contrail::admin_tenant_name'),
- $admin_token = hiera('contrail::admin_token'),
- $admin_user = hiera('contrail::admin_user'),
- $auth_host = hiera('contrail::auth_host'),
- $auth_port = hiera('contrail::auth_port'),
- $auth_protocol = hiera('contrail::auth_protocol'),
- $disc_server_ip = hiera('contrail::disc_server_ip'),
- $disc_server_port = hiera('contrail::disc_server_port'),
- $insecure = hiera('contrail::insecure'),
+ $admin_user = hiera('contrail::admin_user'),
+ $api_server = hiera('contrail_config_vip'),
+ $api_port = hiera('contrail::api_port'),
+ $auth_host = hiera('contrail::auth_host'),
+ $auth_port = hiera('contrail::auth_port'),
+ $auth_protocol = hiera('contrail::auth_protocol'),
+ $disc_server_ip = hiera('contrail_config_vip'),
+ $disc_server_port = hiera('contrail::disc_server_port'),
+ $host_ip = hiera('contrail::control::host_ip'),
+ $ibgp_auto_mesh = true,
+ $ifmap_password = hiera('contrail::control::host_ip'),
+ $ifmap_username = hiera('contrail::control::host_ip'),
+ $insecure = hiera('contrail::insecure'),
$memcached_servers = hiera('contrail::memcached_server'),
+ $public_vip = hiera('public_virtual_ip'),
+ $router_asn = hiera('contrail::control::asn'),
+ $secret = hiera('contrail::control::rndc_secret'),
)
{
- class {'::contrail::keystone':
- keystone_config => {
- 'KEYSTONE' => {
- 'admin_tenant_name' => $admin_tenant_name,
- 'admin_token' => $admin_token,
- 'admin_password' => $admin_password,
- 'admin_user' => $admin_user,
- 'auth_host' => $auth_host,
- 'auth_port' => $auth_port,
- 'auth_protocol' => $auth_protocol,
- 'insecure' => $insecure,
- 'memcached_servers' => $memcached_servers,
+ $control_ifmap_user = "${ifmap_username}.control"
+ $control_ifmap_password = "${ifmap_username}.control"
+ $dns_ifmap_user = "${ifmap_username}.dns"
+ $dns_ifmap_password = "${ifmap_username}.dns"
+
+ if $step >= 3 {
+ class {'::contrail::control':
+ secret => $secret,
+ control_config => {
+ 'DEFAULT' => {
+ 'hostip' => $host_ip,
+ },
+ 'DISCOVERY' => {
+ 'port' => $disc_server_port,
+ 'server' => $disc_server_ip,
+ },
+ 'IFMAP' => {
+ 'password' => $control_ifmap_user,
+ 'user' => $control_ifmap_password,
+ },
},
- },
- } ->
- class {'::contrail::control':
- control_config => {
- 'DEFAULTS' => {
- 'hostip' => $host_ip,
+ dns_config => {
+ 'DEFAULT' => {
+ 'hostip' => $host_ip,
+ 'rndc_secret' => $secret,
+ },
+ 'DISCOVERY' => {
+ 'port' => $disc_server_port,
+ 'server' => $disc_server_ip,
+ },
+ 'IFMAP' => {
+ 'password' => $dns_ifmap_user,
+ 'user' => $dns_ifmap_password,
+ }
},
- 'DISCOVERY' => {
- 'port' => $disc_server_port,
- 'server' => $disc_server_ip,
+ control_nodemgr_config => {
+ 'DISCOVERY' => {
+ 'port' => $disc_server_port,
+ 'server' => $disc_server_ip,
+ },
},
- 'IFMAP' => {
- 'password' => $ifmap_password,
- 'user' => $ifmap_username,
- },
- },
- dns_config => {
- 'DEFAULTS' => {
- 'hostip' => $host_ip,
- },
- 'DISCOVERY' => {
- 'port' => $disc_server_port,
- 'server' => $disc_server_ip,
- },
- 'IFMAP' => {
- 'password' => $ifmap_password,
- 'user' => $ifmap_username,
- }
- },
- control_nodemgr_config => {
- 'DISCOVERY' => {
- 'port' => $disc_server_port,
- 'server' => $disc_server_ip,
- },
- },
+ }
+ }
+ if $step >= 5 {
+ class {'::contrail::control::provision_control':
+ api_address => $api_server,
+ api_port => $api_port,
+ control_node_address => $host_ip,
+ control_node_name => $::hostname,
+ ibgp_auto_mesh => $ibgp_auto_mesh,
+ keystone_admin_user => $admin_user,
+ keystone_admin_password => $admin_password,
+ keystone_admin_tenant_name => $admin_tenant_name,
+ router_asn => $router_asn,
+ }
}
}
diff --git a/manifests/network/contrail/database.pp b/manifests/network/contrail/database.pp
index 58f2670..f74eb1c 100644
--- a/manifests/network/contrail/database.pp
+++ b/manifests/network/contrail/database.pp
@@ -13,41 +13,154 @@
# License for the specific language governing permissions and limitations
# under the License.
#
-# == Class: tripleo::network::contrail::control
+# == Class: tripleo::network::contrail::database
#
-# Configure Contrail Control services
+# Configure Contrail Database services
#
# == Parameters:
#
-# [*host_ip*]
-# (required) host IP address of Database node
+# [*admin_password*]
+# (optional) admin password
+# String value.
+# Defaults to hiera('contrail::admin_password')
+#
+# [*admin_tenant_name*]
+# (optional) admin tenant name.
+# String value.
+# Defaults to hiera('contrail::admin_tenant_name')
+#
+# [*admin_token*]
+# (optional) admin token
+# String value.
+# Defaults to hiera('contrail::admin_token')
+#
+# [*admin_user*]
+# (optional) admin user name.
+# String value.
+# Defaults to hiera('contrail::admin_user')
+#
+# [*api_port*]
+# (optional) Port of Config API
+# String value.
+# Defaults to hiera('contrail::api_port')
+#
+# [*api_server*]
+# (optional) VIP of Config API
+# String (IPv4) value.
+# Defaults to hiera('contrail_config_vip')
+#
+# [*auth_host*]
+# (optional) keystone server ip address
# String (IPv4) value.
+# Defaults to hiera('contrail::auth_host')
+#
+# [*cassandra_servers*]
+# (optional) List IPs+port of Cassandra servers
+# Array of strings value.
+# Defaults to hiera('contrail_database_node_ips')
#
# [*disc_server_ip*]
# (optional) IPv4 address of discovery server.
# String (IPv4) value.
-# Defaults to hiera('contrail::disc_server_ip')
+# Defaults to hiera('contrail_config_vip'),
#
# [*disc_server_port*]
# (optional) port Discovery server listens on.
# Integer value.
# Defaults to hiera('contrail::disc_server_port')
#
+# [*host_ip*]
+# (required) host IP address of Database node
+# String (IPv4) value.
+#
+# [*host_name*]
+# (optional) host name of Database node
+# String value.
+# Defaults to $::hostname
+#
+# [*public_vip*]
+# (optional) Public virtual ip
+# String value.
+# Defaults to hiera('public_virtual_ip')
+#
+# [*step*]
+# (optional) Step stack is in
+# Integer value.
+# Defaults to hiera('step')
+#
+# [*zookeeper_client_ip*]
+# (optional) Zookeeper listen address
+# String (IPv4) value.
+# Defaults to hiera('contrail::database::host_ip')
+#
+# [*zookeeper_hostnames*]
+# (optional) Zookeeper hostname list
+# Array of string value.
+# Defaults to hiera('contrail_database_short_node_names')
+#
+# [*zookeeper_server_ips*]
+# (optional) Zookeeper ip list
+# Array of string (IPv4) values
+# Defaults to hiera('contrail_database_node_ips')
+#
class tripleo::network::contrail::database(
- $host_ip,
- $disc_server_ip = hiera('contrail::disc_server_ip'),
- $disc_server_port = hiera('contrail::disc_server_port'),
+ $admin_password = hiera('contrail::admin_password'),
+ $admin_tenant_name = hiera('contrail::admin_tenant_name'),
+ $admin_token = hiera('contrail::admin_token'),
+ $admin_user = hiera('contrail::admin_user'),
+ $api_port = hiera('contrail::api_port'),
+ $api_server = hiera('contrail_config_vip'),
+ $auth_host = hiera('contrail::auth_host'),
+ $cassandra_servers = hiera('contrail_database_node_ips'),
+ $disc_server_ip = hiera('contrail_config_vip'),
+ $disc_server_port = hiera('contrail::disc_server_port'),
+ $host_ip = hiera('contrail::database::host_ip'),
+ $host_name = $::hostname,
+ $public_vip = hiera('public_virtual_ip'),
+ $step = hiera('step'),
+ $zookeeper_client_ip = hiera('contrail::database::host_ip'),
+ $zookeeper_hostnames = hiera('contrail_database_short_node_names'),
+ $zookeeper_server_ips = hiera('contrail_database_node_ips'),
)
{
- class {'::contrail::database':
- database_nodemgr_config => {
- 'DEFAULTS' => {
- 'hostip' => $host_ip,
- },
- 'DISCOVERY' => {
- 'port' => $disc_server_port,
- 'server' => $disc_server_ip,
- },
- },
+ if $step == 2 {
+ class {'::contrail::database':
+ database_params => {
+ 'auth_host' => $auth_host,
+ 'api_server' => $api_server,
+ 'admin_password' => $admin_password,
+ 'admin_tenant_name' => $admin_tenant_name,
+ 'admin_token' => $admin_token,
+ 'admin_user' => $admin_user,
+ 'cassandra_servers' => $cassandra_servers,
+ 'host_ip' => $host_ip,
+ 'disc_server_ip' => $disc_server_ip,
+ 'disc_server_port' => $disc_server_port,
+ 'zookeeper_client_ip' => $zookeeper_client_ip,
+ 'zookeeper_hostnames' => $zookeeper_hostnames,
+ 'zookeeper_server_ips' => $zookeeper_server_ips,
+ database_nodemgr_config => {
+ 'DEFAULT' => {
+ 'hostip' => $host_ip,
+ },
+ 'DISCOVERY' => {
+ 'port' => $disc_server_port,
+ 'server' => $disc_server_ip,
+ },
+ },
+ }
+ }
+ }
+ if $step >= 5 {
+ class {'::contrail::database::provision_database':
+ api_address => $api_server,
+ api_port => $api_port,
+ database_node_address => $host_ip,
+ database_node_name => $host_name,
+ keystone_admin_user => $admin_user,
+ keystone_admin_password => $admin_password,
+ keystone_admin_tenant_name => $admin_tenant_name,
+ openstack_vip => $public_vip,
+ }
}
}
diff --git a/manifests/network/contrail/heat.pp b/manifests/network/contrail/heat.pp
new file mode 100644
index 0000000..637fdda
--- /dev/null
+++ b/manifests/network/contrail/heat.pp
@@ -0,0 +1,80 @@
+#
+# Copyright (C) 2015 Juniper Networks
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::network::contrail::heat
+#
+# Configure Contrail Heat plugin
+#
+# == Parameters:
+#
+# [*admin_password*]
+# (optional) admin password
+# String value.
+# Defaults to hiera('contrail::admin_password')
+#
+# [*admin_user*]
+# (optional) admin user name.
+# String value.
+# Defaults to hiera('contrail::admin_user')
+#
+# [*api_port*]
+# (optional) port of api server
+# String value.
+# Defaults to hiera('contrail::api_port')
+#
+# [*api_server*]
+# (optional) IP address of api server
+# String value.
+# Defaults to hiera('contrail_config_vip')
+#
+# [*auth_host*]
+# (optional) keystone server ip address
+# String (IPv4) value.
+# Defaults to hiera('contrail::auth_host')
+#
+# [*step*]
+# (optional) Step stack is in
+# Integer value.
+# Defaults to hiera('step')
+#
+# [*use_ssl*]
+# (optional) switch for ssl usage
+# String value.
+# Defaults to 'False'
+#
+class tripleo::network::contrail::heat(
+ $admin_password = hiera('contrail::admin_password'),
+ $admin_user = hiera('contrail::admin_user'),
+ $api_port = 8082,
+ $api_server = hiera('contrail_config_vip'),
+ $auth_host = hiera('contrail::auth_host'),
+ $step = hiera('step'),
+ $use_ssl = 'False',
+)
+{
+ class {'::contrail::heat':
+ heat_config => {
+ 'clients_contrail' => {
+ 'api_base_url' => '/',
+ 'api_server' => $api_server,
+ 'api_port' => $api_port,
+ 'auth_host_ip' => $auth_host,
+ 'user' => $admin_user,
+ 'password' => $admin_password,
+ 'use_ssl' => $use_ssl,
+ },
+ },
+ }
+}
diff --git a/manifests/network/contrail/neutron_plugin.pp b/manifests/network/contrail/neutron_plugin.pp
new file mode 100644
index 0000000..d9aa587
--- /dev/null
+++ b/manifests/network/contrail/neutron_plugin.pp
@@ -0,0 +1,203 @@
+# This class installs and configures Opencontrail Neutron Plugin.
+#
+# === Parameters
+#
+# [*admin_password*]
+# (optional) admin password
+# String value.
+# Defaults to hiera('contrail::admin_password')
+#
+# [*admin_tenant_name*]
+# (optional) admin tenant name.
+# String value.
+# Defaults to hiera('contrail::admin_tenant_name')
+#
+# [*admin_token*]
+# (optional) admin token
+# String value.
+# Defaults to hiera('contrail::admin_token')
+#
+# [*admin_user*]
+# (optional) admin user name.
+# String value.
+# Defaults to hiera('contrail::admin_user')
+#
+# [*api_port*]
+# (optional) port of api server
+# String value.
+# Defaults to hiera('contrail::api_port')
+#
+# [*api_server*]
+# (optional) IP address of api server
+# String value.
+# Defaults to hiera('contrail_config_vip')
+#
+# [*auth_host*]
+# (optional) keystone server ip address
+# String (IPv4) value.
+# Defaults to hiera('contrail::auth_host')
+#
+# [*auth_port*]
+# (optional) keystone port.
+# Integer value.
+# Defaults to hiera('contrail::auth_port')
+#
+# [*auth_port_ssl*]
+# (optional) keystone ssl port.
+# Integer value.
+# Defaults to hiera('contrail::auth_port_ssl')
+#
+# [*auth_protocol*]
+# (optional) authentication protocol.
+# String value.
+# Defaults to hiera('contrail::auth_protocol')
+#
+# [*ca_file*]
+# (optional) ca file name
+# String value.
+# Defaults to hiera('contrail::service_certificate',false)
+#
+# [*cert_file*]
+# (optional) cert file name
+# String value.
+# Defaults to hiera('contrail::service_certificate',false)
+#
+# [*contrail_extensions*]
+# Array of OpenContrail extensions to be supported
+# Defaults to $::os_service_default
+# Example:
+#
+# class {'neutron::plugins::opencontrail' :
+# contrail_extensions => ['ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam']
+# }
+#
+# [*package_ensure*]
+# (optional) Ensure state for package.
+# Defaults to 'present'.
+#
+# [*purge_config*]
+# (optional) Whether to set only the specified config options
+# in the opencontrail config.
+# Defaults to false.
+#
+class tripleo::network::contrail::neutron_plugin (
+ $admin_password = hiera('contrail::admin_password'),
+ $admin_tenant_name = hiera('contrail::admin_tenant_name'),
+ $admin_token = hiera('contrail::admin_token'),
+ $admin_user = hiera('contrail::admin_user'),
+ $api_port = hiera('contrail::api_port'),
+ $api_server = hiera('contrail_config_vip'),
+ $auth_host = hiera('contrail::auth_host'),
+ $auth_port = hiera('contrail::auth_port'),
+ $auth_port_ssl = hiera('contrail::auth_port_ssl'),
+ $auth_protocol = hiera('contrail::auth_protocol'),
+ $ca_file = hiera('tripleo::haproxy::service_certificate',false),
+ $cert_file = hiera('tripleo::haproxy::service_certificate',false),
+ $contrail_extensions = hiera('contrail::vrouter::contrail_extensions'),
+ $package_ensure = 'present',
+ $purge_config = false,
+) {
+
+ include ::neutron::deps
+ include ::neutron::params
+
+ validate_array($contrail_extensions)
+
+ package { 'neutron-plugin-contrail':
+ ensure => $package_ensure,
+ name => $::neutron::params::opencontrail_plugin_package,
+ tag => ['neutron-package', 'openstack'],
+ }
+ package {'python-contrail':
+ ensure => installed,
+ }
+
+ ensure_resource('file', '/etc/neutron/plugins/opencontrail', {
+ ensure => directory,
+ owner => 'root',
+ group => 'neutron',
+ mode => '0640'}
+ )
+
+ if $::osfamily == 'Debian' {
+ file_line { '/etc/default/neutron-server:NEUTRON_PLUGIN_CONFIG':
+ path => '/etc/default/neutron-server',
+ match => '^NEUTRON_PLUGIN_CONFIG=(.*)$',
+ line => "NEUTRON_PLUGIN_CONFIG=${::neutron::params::opencontrail_config_file}",
+ tag => 'neutron-file-line',
+ }
+ }
+
+ if $::osfamily == 'Redhat' {
+ file { '/etc/neutron/plugin.ini':
+ ensure => link,
+ target => $::neutron::params::opencontrail_config_file,
+ require => Package[$::neutron::params::opencontrail_plugin_package],
+ tag => 'neutron-config-file',
+ }
+ $api_paste_config_file = '/usr/share/neutron/api-paste.ini'
+ }
+ ini_setting { 'filter:user_token':
+ ensure => present,
+ path => $api_paste_config_file,
+ section => 'filter:user_token',
+ setting => 'paste.filter_factory',
+ value => 'neutron_plugin_contrail.plugins.opencontrail.neutron_middleware:token_factory',
+ }
+ ini_setting { 'composite:neutronapi_v2_0':
+ ensure => present,
+ path => $api_paste_config_file,
+ section => 'composite:neutronapi_v2_0',
+ setting => 'keystone',
+ value => 'user_token cors http_proxy_to_wsgi request_id catch_errors authtoken keystonecontext extensions neutronapiapp_v2_0',
+ }
+ resources { 'neutron_plugin_opencontrail':
+ purge => $purge_config,
+ }
+
+ exec { 'add neutron user to haproxy group':
+ command => '/usr/sbin/usermod -a -G haproxy neutron',
+ }
+
+ if $auth_protocol == 'https' {
+ $auth_url = join([$auth_protocol,'://',$auth_host,':',$auth_port_ssl,'/v2.0'])
+ neutron_plugin_opencontrail {
+ 'APISERVER/api_server_ip': value => $api_server;
+ 'APISERVER/api_server_port': value => $api_port;
+ 'APISERVER/contrail_extensions': value => join($contrail_extensions, ',');
+ 'KEYSTONE/auth_url': value => $auth_url;
+ 'KEYSTONE/admin_user' : value => $admin_user;
+ 'KEYSTONE/admin_tenant_name': value => $admin_tenant_name;
+ 'KEYSTONE/admin_password': value => $admin_password, secret =>true;
+ 'KEYSTONE/admin_token': value => $admin_token, secret =>true;
+ 'KEYSTONE/cafile': value => $ca_file;
+ 'KEYSTONE/certfile': value => $cert_file;
+ 'keystone_authtoken/admin_user': value => $admin_user;
+ 'keystone_authtoken/admin_tenant': value => $admin_tenant_name;
+ 'keystone_authtoken/admin_password': value => $admin_password, secret =>true;
+ 'keystone_authtoken/auth_host': value => $auth_host;
+ 'keystone_authtoken/auth_protocol': value => $auth_protocol;
+ 'keystone_authtoken/auth_port': value => $auth_port_ssl;
+ 'keystone_authtoken/cafile': value => $ca_file;
+ 'keystone_authtoken/certfile': value => $cert_file;
+ }
+ } else {
+ $auth_url = join([$auth_protocol,'://',$auth_host,':',$auth_port,'/v2.0'])
+ neutron_plugin_opencontrail {
+ 'APISERVER/api_server_ip': value => $api_server;
+ 'APISERVER/api_server_port': value => $api_port;
+ 'APISERVER/contrail_extensions': value => join($contrail_extensions, ',');
+ 'KEYSTONE/auth_url': value => $auth_url;
+ 'KEYSTONE/admin_user' : value => $admin_user;
+ 'KEYSTONE/admin_tenant_name': value => $admin_tenant_name;
+ 'KEYSTONE/admin_password': value => $admin_password, secret =>true;
+ 'KEYSTONE/admin_token': value => $admin_token, secret =>true;
+ 'keystone_authtoken/admin_user': value => $admin_user;
+ 'keystone_authtoken/admin_tenant': value => $admin_tenant_name;
+ 'keystone_authtoken/admin_password': value => $admin_password, secret =>true;
+ 'keystone_authtoken/auth_host': value => $auth_host;
+ 'keystone_authtoken/auth_protocol': value => $auth_protocol;
+ 'keystone_authtoken/auth_port': value => $auth_port;
+ }
+ }
+}
diff --git a/manifests/network/contrail/provision.pp b/manifests/network/contrail/provision.pp
new file mode 100644
index 0000000..3025737
--- /dev/null
+++ b/manifests/network/contrail/provision.pp
@@ -0,0 +1,92 @@
+#
+# Copyright (C) 2015 Juniper Networks
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::network::contrail::provision
+#
+# Provisions Contrail Control and link local services
+#
+# == Parameters:
+#
+# [*admin_password*]
+# (optional) admin password
+# String value.
+# Defaults to hiera('contrail::admin_password'),
+#
+# [*admin_tenant_name*]
+# (optional) admin tenant name.
+# String value.
+# Defaults to hiera('contrail::admin_tenant_name'),
+#
+# [*admin_token*]
+# (optional) admin token
+# String value.
+# Defaults to hiera('contrail::admin_token'),
+#
+# [*admin_user*]
+# (optional) admin user name.
+# String value.
+# Defaults to hiera('contrail::admin_user'),
+#
+# [*api_server*]
+# (optional) IP address of api server
+# String value.
+# Defaults to hiera('contrail_config_vip')
+#
+# [*auth_host*]
+# (optional) keystone server ip address
+# String (IPv4) value.
+# Defaults to hiera('contrail::auth_host'),
+#
+# [*auth_port*]
+# (optional) keystone port.
+# Defaults to hiera('contrail::auth_port'),
+#
+# [*auth_protocol*]
+# (optional) authentication protocol.
+# Defaults to hiera('contrail::auth_protocol'),
+#
+# [*step*]
+# (optional) Step stack is in
+# Integer value.
+# Defaults to hiera('step')
+#
+class tripleo::network::contrail::provision(
+ $admin_password = hiera('contrail::admin_password'),
+ $admin_tenant_name = hiera('contrail::admin_tenant_name'),
+ $admin_token = hiera('contrail::admin_token'),
+ $admin_user = hiera('contrail::admin_user'),
+ $api_server = hiera('contrail_config_vip'),
+ $auth_host = hiera('contrail::auth_host'),
+ $auth_port = hiera('contrail::auth_port'),
+ $auth_protocol = hiera('contrail::auth_protocol'),
+ $step = hiera('step'),
+)
+{
+ if $step >= 5 {
+ class {'::contrail::control::provision_control':
+ api_address => $api_server,
+ keystone_admin_user => $admin_user,
+ keystone_admin_password => $admin_password,
+ keystone_admin_tenant_name => $admin_tenant_name,
+ }
+ class {'::contrail::control::provision_linklocal':
+ api_address => $api_server,
+ keystone_admin_user => $admin_user,
+ keystone_admin_password => $admin_password,
+ keystone_admin_tenant_name => $admin_tenant_name,
+ ipfabric_service_ip => $api_server,
+ }
+ }
+}
diff --git a/manifests/network/contrail/vrouter.pp b/manifests/network/contrail/vrouter.pp
new file mode 100644
index 0000000..2bccd1d
--- /dev/null
+++ b/manifests/network/contrail/vrouter.pp
@@ -0,0 +1,302 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::neutron::opencontrail::vrouter
+#
+# Opencontrail profile to run the contrail vrouter
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) The current step of the deployment
+# Defaults to hiera('step')
+#
+# [*admin_password*]
+# (optional) admin password
+# String value.
+# Defaults to hiera('contrail::admin_password')
+#
+# [*admin_tenant_name*]
+# (optional) admin tenant name.
+# String value.
+# Defaults to hiera('contrail::admin_tenant_name')
+#
+# [*admin_token*]
+# (optional) admin token
+# String value.
+# Defaults to hiera('contrail::admin_token')
+#
+# [*admin_user*]
+# (optional) admin user name.
+# String value.
+# Defaults to hiera('contrail::admin_user')
+#
+# [*api_server*]
+# (optional) IP address of api server
+# String value.
+# Defaults to hiera('contrail_config_vip')
+#
+# [*api_port*]
+# (optional) port of api server
+# String value.
+# Defaults to hiera('contrail::api_port')
+#
+# [*auth_host*]
+# (optional) keystone server ip address
+# String (IPv4) value.
+# Defaults to hiera('contrail::auth_host')
+#
+# [*auth_port*]
+# (optional) keystone port.
+# Integer value.
+# Defaults to hiera('contrail::auth_port')
+#
+# [*auth_port_ssl*]
+# (optional) keystone ssl port.
+# Integer value.
+# Defaults to hiera('contrail::auth_port_ssl')
+#
+# [*auth_protocol*]
+# (optional) authentication protocol.
+# String value.
+# Defaults to hiera('contrail::auth_protocol')
+#
+# [*ca_file*]
+# (optional) ca file name
+# String value.
+# Defaults to hiera('contrail::service_certificate',false)
+#
+# [*cert_file*]
+# (optional) cert file name
+# String value.
+# Defaults to hiera('contrail::service_certificate',false)
+#
+# [*control_server*]
+# (optional) Contrail control server IP
+# Array of String (IPv4) value.
+# Defaults to hiera('contrail_control_node_ips')
+#
+# [*disc_server_ip*]
+# (optional) IPv4 address of discovery server.
+# String (IPv4) value.
+# Defaults to hiera('contrail_config_vip'),
+#
+# [*disc_server_port*]
+# (optional) port Discovery server listens on.
+# Integer value.
+# Defaults to hiera('contrail::disc_server_port')
+#
+# [*gateway*]
+# (optional) Default GW for vrouter
+# String (IPv4) value.
+# Defaults to hiera('contrail::vrouter::gateway')
+#
+# [*host_ip*]
+# (optional) host IP address of vrouter
+# String (IPv4) value.
+# Defaults to hiera('contrail::vrouter::host_ip')
+#
+# [*insecure*]
+# (optional) insecure connections allowed
+# String value.
+# Defaults to hiera('contrail::insecure')
+#
+# [*memcached_servers*]
+# (optional) memcached server ip
+# String (IPv4) value.
+# Defaults to hiera('contrail::memcached_server')
+#
+# [*metadata_secret*]
+# (optional) secret for metadata
+# String value.
+# Defaults to hiera('contrail::vrouter::metadata_proxy_shared_secret')
+#
+# [*netmask*]
+# (optional) netmask for vrouter interface
+# String (IPv4) value.
+# Defaults to hiera('contrail::vrouter::netmask')
+#
+# [*physical_interface*]
+# (optional) vrouter interface
+# String value.
+# Defaults to hiera('contrail::vrouter::physical_interface')
+#
+# [*public_vip*]
+# (optional) Public VIP to Keystone
+# String (IPv4) value.
+# Defaults to hiera('public_virtual_ip')
+#
+# [*is_tsn*]
+# (optional) Turns vrouter into TSN
+# String value.
+# Defaults to hiera('contrail::vrouter::is_tsn',false)
+#
+class tripleo::network::contrail::vrouter (
+ $step = hiera('step'),
+ $admin_password = hiera('contrail::admin_password'),
+ $admin_tenant_name = hiera('contrail::admin_tenant_name'),
+ $admin_token = hiera('contrail::admin_token'),
+ $admin_user = hiera('contrail::admin_user'),
+ $api_port = hiera('contrail::api_port'),
+ $api_server = hiera('contrail_config_vip'),
+ $auth_host = hiera('contrail::auth_host'),
+ $auth_port = hiera('contrail::auth_port'),
+ $auth_port_ssl = hiera('contrail::auth_port_ssl'),
+ $auth_protocol = hiera('contrail::auth_protocol'),
+ $ca_file = hiera('contrail::service_certificate',false),
+ $cert_file = hiera('contrail::service_certificate',false),
+ $control_server = hiera('contrail_control_node_ips'),
+ $disc_server_ip = hiera('contrail_config_vip'),
+ $disc_server_port = hiera('contrail::disc_server_port'),
+ $gateway = hiera('contrail::vrouter::gateway'),
+ $host_ip = hiera('contrail::vrouter::host_ip'),
+ $insecure = hiera('contrail::insecure'),
+ $memcached_servers = hiera('contrail::memcached_server'),
+ $metadata_secret = hiera('contrail::vrouter::metadata_proxy_shared_secret'),
+ $netmask = hiera('contrail::vrouter::netmask'),
+ $physical_interface = hiera('contrail::vrouter::physical_interface'),
+ $public_vip = hiera('public_virtual_ip'),
+ $is_tsn = hiera('contrail::vrouter::is_tsn',false),
+) {
+ $cidr = netmask_to_cidr($netmask)
+ notify { 'cidr':
+ message => $cidr,
+ }
+ $macaddress = inline_template("<%= scope.lookupvar('::macaddress_${physical_interface}') -%>")
+ #include ::contrail::vrouter
+ # NOTE: it's not possible to use this class without a functional
+ # contrail controller up and running
+ $control_server_list = join($control_server, ' ')
+ if $auth_protocol == 'https' {
+ $keystone_config = {
+ 'KEYSTONE' => {
+ 'admin_password' => $admin_password,
+ 'admin_tenant_name' => $admin_tenant_name,
+ 'admin_token' => $admin_token,
+ 'admin_user' => $admin_user,
+ 'auth_host' => $auth_host,
+ 'auth_port' => $auth_port_ssl,
+ 'auth_protocol' => $auth_protocol,
+ 'insecure' => $insecure,
+ 'memcached_servers' => $memcached_servers,
+ 'certfile' => $cert_file,
+ 'cafile' => $ca_file,
+ },
+ }
+ $vnc_api_lib_config = {
+ 'auth' => {
+ 'AUTHN_SERVER' => $public_vip,
+ 'AUTHN_PORT' => $auth_port_ssl,
+ 'AUTHN_PROTOCOL' => $auth_protocol,
+ 'certfile' => $cert_file,
+ 'cafile' => $ca_file,
+ },
+ }
+ } else {
+ $keystone_config = {
+ 'KEYSTONE' => {
+ 'admin_password' => $admin_password,
+ 'admin_tenant_name' => $admin_tenant_name,
+ 'admin_token' => $admin_token,
+ 'admin_user' => $admin_user,
+ 'auth_host' => $auth_host,
+ 'auth_port' => $auth_port,
+ 'auth_protocol' => $auth_protocol,
+ 'insecure' => $insecure,
+ 'memcached_servers' => $memcached_servers,
+ },
+ }
+ $vnc_api_lib_config = {
+ 'auth' => {
+ 'AUTHN_SERVER' => $public_vip,
+ },
+ }
+ }
+ if $is_tsn {
+ $vrouter_agent_config = {
+ 'DEBUG' => {
+ 'agent_mode' => 'tsn',
+ },
+ 'CONTROL-NODE' => {
+ 'server' => $control_server_list,
+ },
+ 'VIRTUAL-HOST-INTERFACE' => {
+ 'compute_node_address' => $host_ip,
+ 'gateway' => $gateway,
+ 'ip' => "${host_ip}/${cidr}",
+ 'name' => 'vhost0',
+ 'physical_interface' => $physical_interface,
+ },
+ 'METADATA' => {
+ 'metadata_proxy_secret' => $metadata_secret,
+ },
+ 'DISCOVERY' => {
+ 'server' => $disc_server_ip,
+ 'port' => $disc_server_port,
+ },
+ }
+ } else {
+ $vrouter_agent_config = {
+ 'CONTROL-NODE' => {
+ 'server' => $control_server_list,
+ },
+ 'VIRTUAL-HOST-INTERFACE' => {
+ 'compute_node_address' => $host_ip,
+ 'gateway' => $gateway,
+ 'ip' => "${host_ip}/${cidr}",
+ 'name' => 'vhost0',
+ 'physical_interface' => $physical_interface,
+ },
+ 'METADATA' => {
+ 'metadata_proxy_secret' => $metadata_secret,
+ },
+ 'DISCOVERY' => {
+ 'server' => $disc_server_ip,
+ 'port' => $disc_server_port,
+ },
+ }
+ }
+ class {'::contrail::vrouter':
+ discovery_ip => $disc_server_ip,
+ gateway => $gateway,
+ host_ip => $host_ip,
+ is_tsn => $is_tsn,
+ macaddr => $macaddress,
+ mask => $cidr,
+ netmask => $netmask,
+ physical_interface => $physical_interface,
+ vhost_ip => $host_ip,
+ keystone_config => $keystone_config,
+ vrouter_agent_config => $vrouter_agent_config,
+ vrouter_nodemgr_config => {
+ 'DISCOVERY' => {
+ 'server' => $disc_server_ip,
+ 'port' => $disc_server_port,
+ },
+ },
+ vnc_api_lib_config => $vnc_api_lib_config,
+ }
+ if $step >= 5 {
+ class {'::contrail::vrouter::provision_vrouter':
+ api_address => $api_server,
+ api_port => $api_port,
+ host_ip => $host_ip,
+ node_name => $::hostname,
+ keystone_admin_user => $admin_user,
+ keystone_admin_password => $admin_password,
+ keystone_admin_tenant_name => $admin_tenant_name,
+ is_tsn => $is_tsn,
+ }
+ }
+}
diff --git a/manifests/network/contrail/webui.pp b/manifests/network/contrail/webui.pp
index 0b308a4..b621811 100644
--- a/manifests/network/contrail/webui.pp
+++ b/manifests/network/contrail/webui.pp
@@ -19,18 +19,6 @@
#
# == Parameters:
#
-# [*contrail_analytics_vip*]
-# (required) VIP of Contrail Analytics
-# String (IPv4) value.
-#
-# [*contrail_config_vip*]
-# (required) VIP of Contrail Config
-# String (IPv4) value.
-#
-# [*neutron_vip*]
-# (required) VIP of Neutron
-# String (IPv4) value.
-#
# [*admin_password*]
# (optional) admin password
# String value.
@@ -56,11 +44,46 @@
# String (IPv4) value.
# Defaults to hiera('contrail::auth_host')
#
+# [*auth_port_public*]
+# (optional) keystone port.
+# Integer value.
+# Defaults to hiera('contrail::auth_port_public')
+#
+# [*auth_port_ssl*]
+# (optional) keystone ssl port.
+# Integer value.
+# Defaults to hiera('contrail::auth_port_ssl')
+#
+# [*auth_port_ssl_public*]
+# (optional) keystone public ssl port.
+# Integer value.
+# Defaults to hiera('contrail::auth_port_ssl_public')
+#
+# [*auth_protocol*]
+# (optional) authentication protocol.
+# String value.
+# Defaults to hiera('contrail::auth_protocol')
+#
+# [*cert_file*]
+# (optional) cert file name
+# String value.
+# Defaults to hiera('contrail::service_certificate',false)
+#
# [*cassandra_server_list*]
# (optional) List IPs+port of Cassandra servers
# Array of strings value.
# Defaults to hiera('contrail::cassandra_server_list')
#
+# [*contrail_analytics_vip*]
+# (optional) VIP of Contrail Analytics
+# String (IPv4) value.
+# Defaults to hiera('contrail_analytics_vip')
+#
+# [*contrail_config_vip*]
+# (optional) VIP of Contrail Config
+# String (IPv4) value.
+# Defaults to hiera('contrail_config_vip')
+#
# [*contrail_webui_http_port*]
# (optional) Webui HTTP Port
# Integer value.
@@ -71,38 +94,55 @@
# Integer value.
# Defaults to 8143
#
+# [*neutron_vip*]
+# (optional) VIP of Neutron
+# String (IPv4) value.
+# Defaults to hiera('neutron_api_vip')
+#
# [*redis_ip*]
# (optional) IP of Redis
# String (IPv4) value.
# Defaults to '127.0.0.1'
#
class tripleo::network::contrail::webui(
- $contrail_analytics_vip,
- $contrail_config_vip,
- $neutron_vip,
- $admin_password = hiera('contrail::admin_password'),
- $admin_tenant_name = hiera('contrail::admin_tenant_name'),
- $admin_token = hiera('contrail::admin_token'),
- $admin_user = hiera('contrail::admin_user'),
- $auth_host = hiera('contrail::auth_host'),
- $cassandra_server_list = hiera('contrail::cassandra_server_list'),
- $contrail_webui_http_port = 8080,
- $contrail_webui_https_port = 8143,
- $redis_ip = '127.0.0.1',
+ $admin_password = hiera('contrail::admin_password'),
+ $admin_tenant_name = hiera('contrail::admin_tenant_name'),
+ $admin_token = hiera('contrail::admin_token'),
+ $admin_user = hiera('contrail::admin_user'),
+ $auth_host = hiera('contrail::auth_host'),
+ $auth_protocol = hiera('contrail::auth_protocol'),
+ $auth_port_public = hiera('contrail::auth_port_public'),
+ $auth_port_ssl_public = hiera('contrail::auth_port_ssl_public'),
+ $cassandra_server_list = hiera('contrail_database_node_ips'),
+ $cert_file = hiera('contrail::cert_file'),
+ $contrail_analytics_vip = hiera('contrail_analytics_vip'),
+ $contrail_config_vip = hiera('contrail_config_vip'),
+ $contrail_webui_http_port = hiera('contrail::webui::http_port'),
+ $contrail_webui_https_port = hiera('contrail::webui::https_port'),
+ $neutron_vip = hiera('neutron_api_vip'),
+ $redis_ip = hiera('contrail::webui::redis_ip'),
)
{
+ if $auth_protocol == 'https' {
+ $auth_port = $auth_port_ssl_public
+ } else {
+ $auth_port = $auth_port_public
+ }
class {'::contrail::webui':
- openstack_vip => $auth_host,
- contrail_config_vip => $contrail_config_vip,
- contrail_analytics_vip => $contrail_analytics_vip,
- neutron_vip => $neutron_vip,
- cassandra_ip => $cassandra_server_list,
- redis_ip => $redis_ip,
- contrail_webui_http_port => $contrail_webui_http_port,
- contrail_webui_https_port => $contrail_webui_https_port,
admin_user => $admin_user,
admin_password => $admin_password,
admin_token => $admin_token,
admin_tenant_name => $admin_tenant_name,
+ auth_port => $auth_port,
+ auth_protocol => $auth_protocol,
+ cassandra_ip => $cassandra_server_list,
+ cert_file => $cert_file,
+ contrail_config_vip => $contrail_config_vip,
+ contrail_analytics_vip => $contrail_analytics_vip,
+ contrail_webui_http_port => $contrail_webui_http_port,
+ contrail_webui_https_port => $contrail_webui_https_port,
+ neutron_vip => $neutron_vip,
+ openstack_vip => $auth_host,
+ redis_ip => $redis_ip,
}
}
diff --git a/manifests/profile/base/aodh.pp b/manifests/profile/base/aodh.pp
index 6e70b50..da8aaa6 100644
--- a/manifests/profile/base/aodh.pp
+++ b/manifests/profile/base/aodh.pp
@@ -27,19 +27,64 @@
# (Optional) The hostname of the node responsible for bootstrapping tasks
# Defaults to hiera('bootstrap_nodeid')
#
-# [*rabbit_hosts*]
-# list of the rabbbit host fqdns
+# [*oslomsg_rpc_proto*]
+# Protocol driver for the oslo messaging rpc service
+# Defaults to hiera('messaging_rpc_service_name', rabbit)
+#
+# [*oslomsg_rpc_hosts*]
+# list of the oslo messaging rpc host fqdns
# Defaults to hiera('rabbitmq_node_names')
#
-# [*rabbit_port*]
-# IP port for rabbitmq service
+# [*oslomsg_rpc_port*]
+# IP port for oslo messaging rpc service
# Defaults to hiera('aodh::rabbit_port', 5672)
+#
+# [*oslomsg_rpc_username*]
+# Username for oslo messaging rpc service
+# Defaults to hiera('aodh::rabbit_userid', 'guest')
+#
+# [*oslomsg_rpc_password*]
+# Password for oslo messaging rpc service
+# Defaults to hiera('aodh::rabbit_password')
+#
+# [*oslomsg_notify_proto*]
+# Protocol driver for the oslo messaging notify service
+# Defaults to hiera('messaging_notify_service_name', rabbit)
+#
+# [*oslomsg_notify_hosts*]
+# list of the oslo messaging notify host fqdns
+# Defaults to hiera('rabbitmq_node_names')
+#
+# [*oslomsg_notify_port*]
+# IP port for oslo messaging notify service
+# Defaults to hiera('aodh::rabbit_port', 5672)
+#
+# [*oslomsg_notify_username*]
+# Username for oslo messaging notify service
+# Defaults to hiera('aodh::rabbit_userid', 'guest')
+#
+# [*oslomsg_notify_password*]
+# Password for oslo messaging notify service
+# Defaults to hiera('aodh::rabbit_password')
+#
+# [*oslomsg_use_ssl*]
+# Enable ssl oslo messaging services
+# Defaults to hiera('aodh::rabbit_use_ssl', '0')
class tripleo::profile::base::aodh (
- $step = hiera('step'),
- $bootstrap_node = hiera('bootstrap_nodeid', undef),
- $rabbit_hosts = hiera('rabbitmq_node_names', undef),
- $rabbit_port = hiera('aodh::rabbit_port', 5672),
+ $step = hiera('step'),
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
+ $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_rpc_password = hiera('aodh::rabbit_password'),
+ $oslomsg_rpc_port = hiera('aodh::rabbit_port', '5672'),
+ $oslomsg_rpc_username = hiera('aodh::rabbit_userid', 'guest'),
+ $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'),
+ $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_notify_password = hiera('aodh::rabbit_password'),
+ $oslomsg_notify_port = hiera('aodh::rabbit_port', '5672'),
+ $oslomsg_notify_username = hiera('aodh::rabbit_userid', 'guest'),
+ $oslomsg_use_ssl = hiera('aodh::rabbit_use_ssl', '0'),
) {
if $::hostname == downcase($bootstrap_node) {
@@ -49,9 +94,24 @@ class tripleo::profile::base::aodh (
}
if $step >= 4 or ($step >= 3 and $sync_db) {
- $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}")
+ $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
class { '::aodh' :
- rabbit_hosts => $rabbit_endpoints,
+ default_transport_url => os_transport_url({
+ 'transport' => $oslomsg_rpc_proto,
+ 'hosts' => $oslomsg_rpc_hosts,
+ 'port' => $oslomsg_rpc_port,
+ 'username' => $oslomsg_rpc_username,
+ 'password' => $oslomsg_rpc_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
+ notification_transport_url => os_transport_url({
+ 'transport' => $oslomsg_notify_proto,
+ 'hosts' => $oslomsg_notify_hosts,
+ 'port' => $oslomsg_notify_port,
+ 'username' => $oslomsg_notify_username,
+ 'password' => $oslomsg_notify_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
}
include ::aodh::auth
include ::aodh::config
diff --git a/manifests/profile/base/barbican/api.pp b/manifests/profile/base/barbican/api.pp
index b464317..22984b1 100644
--- a/manifests/profile/base/barbican/api.pp
+++ b/manifests/profile/base/barbican/api.pp
@@ -56,6 +56,50 @@
# for more details.
# Defaults to hiera('step')
#
+# [*oslomsg_rpc_proto*]
+# Protocol driver for the oslo messaging rpc service
+# Defaults to hiera('messaging_rpc_service_name', rabbit)
+#
+# [*oslomsg_rpc_hosts*]
+# list of the oslo messaging rpc host fqdns
+# Defaults to hiera('rabbitmq_node_names')
+#
+# [*oslomsg_rpc_port*]
+# IP port for oslo messaging rpc service
+# Defaults to hiera('barbican::api::rabbit_port', 5672)
+#
+# [*oslomsg_rpc_username*]
+# Username for oslo messaging rpc service
+# Defaults to hiera('barbican::api::rabbit_userid', 'guest')
+#
+# [*oslomsg_rpc_password*]
+# Password for oslo messaging rpc service
+# Defaults to hiera('barbican::api::rabbit_password')
+#
+# [*oslomsg_notify_proto*]
+# Protocol driver for the oslo messaging notify service
+# Defaults to hiera('messaging_notify_service_name', rabbit)
+#
+# [*oslomsg_notify_hosts*]
+# list of the oslo messaging notify host fqdns
+# Defaults to hiera('rabbitmq_node_names')
+#
+# [*oslomsg_notify_port*]
+# IP port for oslo messaging notify service
+# Defaults to hiera('barbican::api::rabbit_port', 5672)
+#
+# [*oslomsg_notify_username*]
+# Username for oslo messaging notify service
+# Defaults to hiera('barbican::api::rabbit_userid', 'guest')
+#
+# [*oslomsg_notify_password*]
+# Password for oslo messaging notify service
+# Defaults to hiera('barbican::api::rabbit_password')
+#
+# [*oslomsg_use_ssl*]
+# Enable ssl oslo messaging services
+# Defaults to hiera('barbican::api::rabbit_use_ssl', '0')
+
class tripleo::profile::base::barbican::api (
$barbican_network = hiera('barbican_api_network', undef),
$bootstrap_node = hiera('bootstrap_nodeid', undef),
@@ -63,6 +107,17 @@ class tripleo::profile::base::barbican::api (
$enable_internal_tls = hiera('enable_internal_tls', false),
$generate_service_certificates = hiera('generate_service_certificates', false),
$step = hiera('step'),
+ $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
+ $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_rpc_password = hiera('barbican::api::rabbit_password'),
+ $oslomsg_rpc_port = hiera('barbican::api::rabbit_port', '5672'),
+ $oslomsg_rpc_username = hiera('barbican::api::rabbit_userid', 'guest'),
+ $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'),
+ $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_notify_password = hiera('barbican::api::rabbit_password'),
+ $oslomsg_notify_port = hiera('barbican::api::rabbit_port', '5672'),
+ $oslomsg_notify_username = hiera('barbican::api::rabbit_userid', 'guest'),
+ $oslomsg_use_ssl = hiera('barbican::api::rabbit_use_ssl', '0'),
) {
if $::hostname == downcase($bootstrap_node) {
$sync_db = true
@@ -92,8 +147,25 @@ class tripleo::profile::base::barbican::api (
}
if $step >= 4 or ( $step >= 3 and $sync_db ) {
+ $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
class { '::barbican::api':
- sync_db => $sync_db
+ sync_db => $sync_db,
+ default_transport_url => os_transport_url({
+ 'transport' => $oslomsg_rpc_proto,
+ 'hosts' => $oslomsg_rpc_hosts,
+ 'port' => $oslomsg_rpc_port,
+ 'username' => $oslomsg_rpc_username,
+ 'password' => $oslomsg_rpc_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
+ notification_transport_url => os_transport_url({
+ 'transport' => $oslomsg_notify_proto,
+ 'hosts' => $oslomsg_notify_hosts,
+ 'port' => $oslomsg_notify_port,
+ 'username' => $oslomsg_notify_username,
+ 'password' => $oslomsg_notify_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
}
include ::barbican::keystone::authtoken
include ::barbican::api::logging
diff --git a/manifests/profile/base/ceilometer.pp b/manifests/profile/base/ceilometer.pp
index bbe7f27..2855bd2 100644
--- a/manifests/profile/base/ceilometer.pp
+++ b/manifests/profile/base/ceilometer.pp
@@ -23,24 +23,84 @@
# for more details.
# Defaults to hiera('step')
#
-# [*rabbit_hosts*]
-# list of the rabbbit host fqdns
+# [*oslomsg_rpc_proto*]
+# Protocol driver for the oslo messaging rpc service
+# Defaults to hiera('messaging_rpc_service_name', rabbit)
+#
+# [*oslomsg_rpc_hosts*]
+# list of the oslo messaging rpc host fqdns
# Defaults to hiera('rabbitmq_node_names')
#
-# [*rabbit_port*]
-# IP port for rabbitmq service
+# [*oslomsg_rpc_port*]
+# IP port for oslo messaging rpc service
# Defaults to hiera('ceilometer::rabbit_port', 5672)
+#
+# [*oslomsg_rpc_username*]
+# Username for oslo messaging rpc service
+# Defaults to hiera('ceilometer::rabbit_userid', 'guest')
+#
+# [*oslomsg_rpc_password*]
+# Password for oslo messaging rpc service
+# Defaults to hiera('ceilometer::rabbit_password')
+#
+# [*oslomsg_notify_proto*]
+# Protocol driver for the oslo messaging notify service
+# Defaults to hiera('messaging_notify_service_name', rabbit)
+#
+# [*oslomsg_notify_hosts*]
+# list of the oslo messaging notify host fqdns
+# Defaults to hiera('rabbitmq_node_names')
+#
+# [*oslomsg_notify_port*]
+# IP port for oslo messaging notify service
+# Defaults to hiera('ceilometer::rabbit_port', 5672)
+#
+# [*oslomsg_notify_username*]
+# Username for oslo messaging notify service
+# Defaults to hiera('ceilometer::rabbit_userid', 'guest')
+#
+# [*oslomsg_notify_password*]
+# Password for oslo messaging notify service
+# Defaults to hiera('ceilometer::rabbit_password')
+#
+# [*oslomsg_use_ssl*]
+# Enable ssl oslo messaging services
+# Defaults to hiera('ceilometer::rabbit_use_ssl', '0')
class tripleo::profile::base::ceilometer (
- $step = hiera('step'),
- $rabbit_hosts = hiera('rabbitmq_node_names', undef),
- $rabbit_port = hiera('ceilometer::rabbit_port', 5672),
+ $step = hiera('step'),
+ $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
+ $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_rpc_password = hiera('ceilometer::rabbit_password'),
+ $oslomsg_rpc_port = hiera('ceilometer::rabbit_port', '5672'),
+ $oslomsg_rpc_username = hiera('ceilometer::rabbit_userid', 'guest'),
+ $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'),
+ $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_notify_password = hiera('ceilometer::rabbit_password'),
+ $oslomsg_notify_port = hiera('ceilometer::rabbit_port', '5672'),
+ $oslomsg_notify_username = hiera('ceilometer::rabbit_userid', 'guest'),
+ $oslomsg_use_ssl = hiera('ceilometer::rabbit_use_ssl', '0'),
) {
if $step >= 3 {
- $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}")
+ $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
class { '::ceilometer' :
- rabbit_hosts => $rabbit_endpoints,
+ default_transport_url => os_transport_url({
+ 'transport' => $oslomsg_rpc_proto,
+ 'hosts' => $oslomsg_rpc_hosts,
+ 'port' => $oslomsg_rpc_port,
+ 'username' => $oslomsg_rpc_username,
+ 'password' => $oslomsg_rpc_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
+ notification_transport_url => os_transport_url({
+ 'transport' => $oslomsg_notify_proto,
+ 'hosts' => $oslomsg_notify_hosts,
+ 'port' => $oslomsg_notify_port,
+ 'username' => $oslomsg_notify_username,
+ 'password' => $oslomsg_notify_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
}
include ::ceilometer::config
}
diff --git a/manifests/profile/base/ceilometer/agent/polling.pp b/manifests/profile/base/ceilometer/agent/polling.pp
new file mode 100644
index 0000000..3706c2e
--- /dev/null
+++ b/manifests/profile/base/ceilometer/agent/polling.pp
@@ -0,0 +1,64 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::ceilometer::agent::polling
+#
+# Ceilometer polling Agent profile for tripleo
+#
+# === Parameters
+#
+# [*central_namespace*]
+# (Optional) Use central namespace for polling agent.
+# Defaults to false.
+#
+# [*compute_namespace*]
+# (Optional) Use compute namespace for polling agent.
+# Defaults to false.
+#
+# [*ipmi_namespace*]
+# (Optional) Use ipmi namespace for polling agent.
+# Defaults to false.
+#
+# [*ceilometer_redis_password*]
+# (Optional) redis password to configure coordination url
+#
+# [*redis_vip*]
+# (Optional) redis vip to configure coordination url
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::ceilometer::agent::polling (
+ $central_namespace = hiera('central_namespace', false),
+ $compute_namespace = hiera('compute_namespace', false),
+ $ipmi_namespace = hiera('ipmi_namespace', false),
+ $ceilometer_redis_password = hiera('ceilometer_redis_password', undef),
+ $redis_vip = hiera('redis_vip', undef),
+ $step = hiera('step'),
+) {
+ include ::tripleo::profile::base::ceilometer
+
+ if $step >= 4 {
+ include ::ceilometer::agent::auth
+ class { '::ceilometer::agent::polling':
+ central_namespace => $central_namespace,
+ compute_namespace => $compute_namespace,
+ ipmi_namespace => $ipmi_namespace,
+ coordination_url => join(['redis://:', $ceilometer_redis_password, '@', normalize_ip_for_uri($redis_vip), ':6379/']),
+ }
+ }
+
+}
diff --git a/manifests/profile/base/cinder.pp b/manifests/profile/base/cinder.pp
index 6e8fbb2..fc3c659 100644
--- a/manifests/profile/base/cinder.pp
+++ b/manifests/profile/base/cinder.pp
@@ -30,20 +30,65 @@
# (Optional) The current step of the deployment
# Defaults to hiera('step')
#
-# [*rabbit_hosts*]
-# list of the rabbbit host fqdns
+# [*oslomsg_rpc_proto*]
+# Protocol driver for the oslo messaging rpc service
+# Defaults to hiera('messaging_rpc_service_name', rabbit)
+#
+# [*oslomsg_rpc_hosts*]
+# list of the oslo messaging rpc host fqdns
+# Defaults to hiera('rabbitmq_node_names')
+#
+# [*oslomsg_rpc_port*]
+# IP port for oslo messaging rpc service
+# Defaults to hiera('cinder::rabbit_port', 5672)
+#
+# [*oslomsg_rpc_username*]
+# Username for oslo messaging rpc service
+# Defaults to hiera('cinder::rabbit_userid', 'guest')
+#
+# [*oslomsg_rpc_password*]
+# Password for oslo messaging rpc service
+# Defaults to hiera('cinder::rabbit_password')
+#
+# [*oslomsg_notify_proto*]
+# Protocol driver for the oslo messaging notify service
+# Defaults to hiera('messaging_notify_service_name', rabbit)
+#
+# [*oslomsg_notify_hosts*]
+# list of the oslo messaging notify host fqdns
# Defaults to hiera('rabbitmq_node_names')
#
-# [*rabbit_port*]
-# IP port for rabbitmq service
+# [*oslomsg_notify_port*]
+# IP port for oslo messaging notify service
# Defaults to hiera('cinder::rabbit_port', 5672)
+#
+# [*oslomsg_notify_username*]
+# Username for oslo messaging notify service
+# Defaults to hiera('cinder::rabbit_userid', 'guest')
+#
+# [*oslomsg_notify_password*]
+# Password for oslo messaging notify service
+# Defaults to hiera('cinder::rabbit_password')
+#
+# [*oslomsg_use_ssl*]
+# Enable ssl oslo messaging services
+# Defaults to hiera('cinder::rabbit_use_ssl', '0')
class tripleo::profile::base::cinder (
- $bootstrap_node = hiera('bootstrap_nodeid', undef),
- $cinder_enable_db_purge = true,
- $step = hiera('step'),
- $rabbit_hosts = hiera('rabbitmq_node_names', undef),
- $rabbit_port = hiera('cinder::rabbit_port', 5672),
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $cinder_enable_db_purge = true,
+ $step = hiera('step'),
+ $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
+ $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_rpc_password = hiera('cinder::rabbit_password'),
+ $oslomsg_rpc_port = hiera('cinder::rabbit_port', '5672'),
+ $oslomsg_rpc_username = hiera('cinder::rabbit_userid', 'guest'),
+ $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'),
+ $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_notify_password = hiera('cinder::rabbit_password'),
+ $oslomsg_notify_port = hiera('cinder::rabbit_port', '5672'),
+ $oslomsg_notify_username = hiera('cinder::rabbit_userid', 'guest'),
+ $oslomsg_use_ssl = hiera('cinder::rabbit_use_ssl', '0'),
) {
if $::hostname == downcase($bootstrap_node) {
$sync_db = true
@@ -52,9 +97,26 @@ class tripleo::profile::base::cinder (
}
if $step >= 4 or ($step >= 3 and $sync_db) {
- $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}")
+ $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
class { '::cinder' :
- rabbit_hosts => $rabbit_endpoints,
+ default_transport_url => os_transport_url({
+ 'transport' => $oslomsg_rpc_proto,
+ 'hosts' => $oslomsg_rpc_hosts,
+ 'port' => $oslomsg_rpc_port,
+ 'username' => $oslomsg_rpc_username,
+ 'password' => $oslomsg_rpc_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
+ }
+ class { '::cinder::ceilometer' :
+ notification_transport_url => os_transport_url({
+ 'transport' => $oslomsg_notify_proto,
+ 'hosts' => $oslomsg_notify_hosts,
+ 'port' => $oslomsg_notify_port,
+ 'username' => $oslomsg_notify_username,
+ 'password' => $oslomsg_notify_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
}
include ::cinder::config
include ::cinder::glance
diff --git a/manifests/profile/base/cinder/volume.pp b/manifests/profile/base/cinder/volume.pp
index 7663b6f..9fb1594 100644
--- a/manifests/profile/base/cinder/volume.pp
+++ b/manifests/profile/base/cinder/volume.pp
@@ -26,8 +26,8 @@
# (Optional) Whether to enable the hpelefthand backend
# Defaults to false
#
-# [*cinder_enable_eqlx_backend*]
-# (Optional) Whether to enable the eqlx backend
+# [*cinder_enable_dellps_backend*]
+# (Optional) Whether to enable the dellps backend
# Defaults to true
#
# [*cinder_enable_iscsi_backend*]
@@ -46,6 +46,10 @@
# (Optional) Whether to enable the rbd backend
# Defaults to true
#
+# [*cinder_enable_scaleio_backend*]
+# (Optional) Whether to enable the scaleio backend
+# Defaults to true
+#
# [*cinder_user_enabled_backends*]
# (Optional) List of additional backend stanzas to activate
# Defaults to hiera('cinder_user_enabled_backends')
@@ -58,11 +62,12 @@
class tripleo::profile::base::cinder::volume (
$cinder_enable_dellsc_backend = false,
$cinder_enable_hpelefthand_backend = false,
- $cinder_enable_eqlx_backend = false,
+ $cinder_enable_dellps_backend = false,
$cinder_enable_iscsi_backend = true,
$cinder_enable_netapp_backend = false,
$cinder_enable_nfs_backend = false,
$cinder_enable_rbd_backend = false,
+ $cinder_enable_scaleio_backend = false,
$cinder_user_enabled_backends = hiera('cinder_user_enabled_backends', undef),
$step = hiera('step'),
) {
@@ -85,11 +90,11 @@ class tripleo::profile::base::cinder::volume (
$cinder_hpelefthand_backend_name = undef
}
- if $cinder_enable_eqlx_backend {
- include ::tripleo::profile::base::cinder::volume::eqlx
- $cinder_eqlx_backend_name = hiera('cinder::backend::eqlx::volume_backend_name', 'tripleo_eqlx')
+ if $cinder_enable_dellps_backend {
+ include ::tripleo::profile::base::cinder::volume::dellps
+ $cinder_dellps_backend_name = hiera('cinder::backend::dellps::volume_backend_name', 'tripleo_dellps')
} else {
- $cinder_eqlx_backend_name = undef
+ $cinder_dellps_backend_name = undef
}
if $cinder_enable_iscsi_backend {
@@ -120,13 +125,21 @@ class tripleo::profile::base::cinder::volume (
$cinder_rbd_backend_name = undef
}
+ if $cinder_enable_scaleio_backend {
+ include ::tripleo::profile::base::cinder::volume::scaleio
+ $cinder_scaleio_backend_name = hiera('cinder::backend::scaleio::volume_backend_name', 'tripleo_scaleio')
+ } else {
+ $cinder_scaleio_backend_name = undef
+ }
+
$backends = delete_undef_values([$cinder_iscsi_backend_name,
$cinder_rbd_backend_name,
- $cinder_eqlx_backend_name,
+ $cinder_dellps_backend_name,
$cinder_dellsc_backend_name,
$cinder_hpelefthand_backend_name,
$cinder_netapp_backend_name,
$cinder_nfs_backend_name,
+ $cinder_scaleio_backend_name,
$cinder_user_enabled_backends])
# NOTE(aschultz): during testing it was found that puppet 3 may incorrectly
# include a "" in the previous array which is not removed by the
diff --git a/manifests/profile/base/cinder/volume/eqlx.pp b/manifests/profile/base/cinder/volume/dellps.pp
index fe24f4b..1338240 100644
--- a/manifests/profile/base/cinder/volume/eqlx.pp
+++ b/manifests/profile/base/cinder/volume/dellps.pp
@@ -12,23 +12,23 @@
# License for the specific language governing permissions and limitations
# under the License.
#
-# == Class: tripleo::profile::base::cinder::volume::eqlx
+# == Class: tripleo::profile::base::cinder::volume::dellps
#
-# Cinder Volume eqlx profile for tripleo
+# Cinder Volume for dellps profile tripleo
#
# === Parameters
#
# [*backend_name*]
# (Optional) Name given to the Cinder backend stanza
-# Defaults to 'tripleo_eqlx'
+# Defaults to 'tripleo_dellps'
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to hiera('step')
#
-class tripleo::profile::base::cinder::volume::eqlx (
- $backend_name = hiera('cinder::backend::eqlx::volume_backend_name', 'tripleo_eqlx'),
+class tripleo::profile::base::cinder::volume::dellps (
+ $backend_name = hiera('cinder::backend::eqlx::volume_backend_name', 'tripleo_dellps'),
$step = hiera('step'),
) {
include ::tripleo::profile::base::cinder::volume
diff --git a/manifests/profile/base/cinder/volume/scaleio.pp b/manifests/profile/base/cinder/volume/scaleio.pp
new file mode 100644
index 0000000..a30cffa
--- /dev/null
+++ b/manifests/profile/base/cinder/volume/scaleio.pp
@@ -0,0 +1,56 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::cinder::volume::scaleio
+#
+# Cinder Volume scaleio profile for tripleo
+#
+# === Parameters
+#
+# [*backend_name*]
+# (Optional) Name given to the Cinder backend stanza
+# Defaults to 'tripleo_scaleio'
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::cinder::volume::scaleio (
+ $backend_name = hiera('cinder::backend::scaleio::volume_backend_name', 'tripleo_scaleio'),
+ $step = hiera('step'),
+) {
+ include ::tripleo::profile::base::cinder::volume
+
+ if $step >= 4 {
+ cinder::backend::scaleio { $backend_name :
+ sio_login => hiera('cinder::backend::scaleio::sio_login', undef),
+ sio_password => hiera('cinder::backend::scaleio::sio_password', undef),
+ sio_server_hostname => hiera('cinder::backend::scaleio::sio_server_hostname', undef),
+ sio_server_port => hiera('cinder::backend::scaleio::sio_server_port', undef),
+ sio_verify_server_certificate => hiera('cinder::backend::scaleio::sio_verify_server_certificate', undef),
+ sio_server_certificate_path => hiera('cinder::backend::scaleio::sio_server_certificate_path', undef),
+ sio_protection_domain_name => hiera('cinder::backend::scaleio::sio_protection_domain_name', undef),
+ sio_protection_domain_id => hiera('cinder::backend::scaleio::sio_protection_domain_id', undef),
+ sio_storage_pool_id => hiera('cinder::backend::scaleio::sio_storage_pool_id', undef),
+ sio_storage_pool_name => hiera('cinder::backend::scaleio::sio_storage_pool_name', undef),
+ sio_storage_pools => hiera('cinder::backend::scaleio::sio_storage_pools', undef),
+ sio_round_volume_capacity => hiera('cinder::backend::scaleio::sio_round_volume_capacity', undef),
+ sio_unmap_volume_before_deletion => hiera('cinder::backend::scaleio::sio_unmap_volume_before_deletion', undef),
+ sio_max_over_subscription_ratio => hiera('cinder::backend::scaleio::sio_max_over_subscription_ratio', undef),
+ sio_thin_provision => hiera('cinder::backend::scaleio::sio_thin_provision', undef),
+ }
+ }
+
+}
diff --git a/manifests/profile/base/congress.pp b/manifests/profile/base/congress.pp
index 1731e81..3d1a693 100644
--- a/manifests/profile/base/congress.pp
+++ b/manifests/profile/base/congress.pp
@@ -22,43 +22,43 @@
# (Optional) The hostname of the node responsible for bootstrapping tasks
# Defaults to hiera('bootstrap_nodeid')
#
-# [*messaging_driver*]
-# Driver for messaging service.
-# Defaults to hiera('messaging_service_name', 'rabbit')
+# [*step*]
+# (Optional) The current step of the deployment
+# Defaults to hiera('step')
#
-# [*messaging_hosts*]
-# list of the messaging host fqdns
-# Defaults to hiera('rabbitmq_node_names')
+# [*oslomsg_rpc_proto*]
+# Protocol driver for the oslo messaging rpc service
+# Defaults to hiera('messaging_rpc_service_name', rabbit)
#
-# [*messaging_password*]
-# Password for messaging congress queue
-# Defaults to hiera('congress::rabbit_password')
+# [*oslomsg_rpc_hosts*]
+# list of the oslo messaging rpc host fqdns
+# Defaults to hiera('rabbitmq_node_names')
#
-# [*messaging_port*]
-# IP port for messaging service
+# [*oslomsg_rpc_port*]
+# IP port for oslo messaging rpc service
# Defaults to hiera('congress::rabbit_port', 5672)
#
-# [*messaging_username*]
-# Username for messaging congress queue
+# [*oslomsg_rpc_username*]
+# Username for oslo messaging rpc service
# Defaults to hiera('congress::rabbit_userid', 'guest')
#
-# [*messaging_use_ssl*]
-# Flag indicating ssl usage.
-# Defaults to hiera('congress::rabbit_use_ssl', '0')
+# [*oslomsg_rpc_password*]
+# Password for oslo messaging rpc service
+# Defaults to hiera('congress::rabbit_password')
#
-# [*step*]
-# (Optional) The current step of the deployment
-# Defaults to hiera('step')
+# [*oslomsg_use_ssl*]
+# Enable ssl oslo messaging services
+# Defaults to hiera('congress::rabbit_use_ssl', '0')
class tripleo::profile::base::congress (
$bootstrap_node = hiera('bootstrap_nodeid', undef),
- $messaging_driver = hiera('messaging_service_name', 'rabbit'),
- $messaging_hosts = any2array(hiera('rabbitmq_node_names', undef)),
- $messaging_password = hiera('congress::rabbit_password'),
- $messaging_port = hiera('congress::rabbit_port', '5672'),
- $messaging_username = hiera('congress::rabbit_userid', 'guest'),
- $messaging_use_ssl = hiera('congress::rabbit_use_ssl', '0'),
$step = hiera('step'),
+ $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
+ $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_rpc_password = hiera('congress::rabbit_password'),
+ $oslomsg_rpc_port = hiera('congress::rabbit_port', '5672'),
+ $oslomsg_rpc_username = hiera('congress::rabbit_userid', 'guest'),
+ $oslomsg_use_ssl = hiera('congress::rabbit_use_ssl', '0'),
) {
if $::hostname == downcase($bootstrap_node) {
$sync_db = true
@@ -67,16 +67,16 @@ class tripleo::profile::base::congress (
}
if $step >= 4 or ($step >= 3 and $sync_db){
- $messaging_use_ssl_real = sprintf('%s', bool2num(str2bool($messaging_use_ssl)))
+ $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
class { '::congress':
sync_db => $sync_db,
default_transport_url => os_transport_url({
- 'transport' => $messaging_driver,
- 'hosts' => $messaging_hosts,
- 'port' => sprintf('%s', $messaging_port),
- 'username' => $messaging_username,
- 'password' => $messaging_password,
- 'ssl' => $messaging_use_ssl_real,
+ 'transport' => $oslomsg_rpc_proto,
+ 'hosts' => $oslomsg_rpc_hosts,
+ 'port' => sprintf('%s', $oslomsg_rpc_port),
+ 'username' => $oslomsg_rpc_username,
+ 'password' => $oslomsg_rpc_password,
+ 'ssl' => $oslomsg_use_ssl_real,
}),
}
diff --git a/manifests/profile/base/database/mysql.pp b/manifests/profile/base/database/mysql.pp
index 4ccfabc..a0193cf 100644
--- a/manifests/profile/base/database/mysql.pp
+++ b/manifests/profile/base/database/mysql.pp
@@ -42,6 +42,11 @@
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to hiera('enable_internal_tls', false)
#
+# [*generate_dropin_file_limit*]
+# (Optional) Generate a systemd drop-in file to raise the file descriptor
+# limit for the mysql service.
+# Defaults to false
+#
# [*generate_service_certificates*]
# (Optional) Whether or not certmonger will generate certificates for
# MySQL. This could be as many as specified by the $certificates_specs
@@ -72,6 +77,7 @@ class tripleo::profile::base::database::mysql (
$bootstrap_node = hiera('bootstrap_nodeid', undef),
$certificate_specs = {},
$enable_internal_tls = hiera('enable_internal_tls', false),
+ $generate_dropin_file_limit = false,
$generate_service_certificates = hiera('generate_service_certificates', false),
$manage_resources = true,
$mysql_server_options = {},
@@ -119,13 +125,14 @@ class tripleo::profile::base::database::mysql (
# MysqlNetwork and ControllerHostnameResolveNetwork in ServiceNetMap
$mysql_server_default = {
'mysqld' => {
- 'bind-address' => $bind_address,
- 'max_connections' => hiera('mysql_max_connections'),
- 'open_files_limit' => '-1',
- 'ssl' => $enable_internal_tls,
- 'ssl-key' => $tls_keyfile,
- 'ssl-cert' => $tls_certfile,
- 'ssl-ca' => undef,
+ 'bind-address' => $bind_address,
+ 'max_connections' => hiera('mysql_max_connections'),
+ 'open_files_limit' => '-1',
+ 'innodb_file_per_table' => 'ON',
+ 'ssl' => $enable_internal_tls,
+ 'ssl-key' => $tls_keyfile,
+ 'ssl-cert' => $tls_certfile,
+ 'ssl-ca' => undef,
}
}
$mysql_server_options_real = deep_merge($mysql_server_default, $mysql_server_options)
@@ -138,6 +145,15 @@ class tripleo::profile::base::database::mysql (
service_enabled => $manage_resources,
remove_default_accounts => $remove_default_accounts,
}
+
+ if $generate_dropin_file_limit {
+ # Raise the mysql file limit
+ ::systemd::service_limits { 'mariadb.service':
+ limits => {
+ LimitNOFILE => 16384
+ }
+ }
+ }
}
if $step >= 2 and $sync_db {
@@ -166,6 +182,9 @@ class tripleo::profile::base::database::mysql (
if hiera('ironic_api_enabled', false) {
include ::ironic::db::mysql
}
+ if hiera('ironic_inspector_enabled', false) {
+ include ::ironic::inspector::db::mysql
+ }
if hiera('keystone_enabled', false) {
include ::keystone::db::mysql
}
diff --git a/manifests/profile/base/database/mysql/client.pp b/manifests/profile/base/database/mysql/client.pp
new file mode 100644
index 0000000..22384a9
--- /dev/null
+++ b/manifests/profile/base/database/mysql/client.pp
@@ -0,0 +1,93 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::haproxy
+#
+# Loadbalancer profile for tripleo
+#
+# === Parameters
+#
+# [*enable_ssl*]
+# (Optional) Whether SSL should be used for the connection to the server or
+# not.
+# Defaults to false
+#
+# [*mysql_read_default_file*]
+# (Optional) Name of the file that will be passed to pymysql connection strings
+# Defaults to '/etc/my.cnf.d/tripleo.cnf'
+#
+# [*mysql_read_default_group*]
+# (Optional) Name of the ini section to be passed to pymysql connection strings
+# Defaults to 'tripleo'
+#
+# [*mysql_client_bind_address*]
+# (Optional) Client IP address of the host that will be written in the mysql_read_default_file
+# Defaults to undef
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::database::mysql::client (
+ $enable_ssl = false,
+ $mysql_read_default_file = '/etc/my.cnf.d/tripleo.cnf',
+ $mysql_read_default_group = 'tripleo',
+ $mysql_client_bind_address = undef,
+ $step = hiera('step'),
+) {
+ if $step >= 1 {
+ # If the folder /etc/my.cnf.d does not exist (e.g. if mariadb is not
+ # present in the base image but installed as a package afterwards),
+ # create it. We do not want to touch the permissions in case it already
+ # exists due to the mariadb server package being pre-installed
+ # Note: We use exec instead of file in the case that the mysql class is
+ # included on this node as well (we'd get duplicate declaration in such a
+ # situation when using file)
+ if $mysql_client_bind_address {
+ $client_bind_changes = [
+ "set ${mysql_read_default_group}/bind-address '${mysql_client_bind_address}'"
+ ]
+ } else {
+ $client_bind_changes = [
+ "rm ${mysql_read_default_group}/bind-address"
+ ]
+ }
+
+ if $enable_ssl {
+ $changes_ssl = [
+ "set ${mysql_read_default_group}/ssl '1'",
+ "set ${mysql_read_default_group}/ssl-ca '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt'"
+ ]
+ } else {
+ $changes_ssl = [
+ "rm ${mysql_read_default_group}/ssl",
+ "rm ${mysql_read_default_group}/ssl-ca"
+ ]
+ }
+
+ $conf_changes = union($client_bind_changes, $changes_ssl)
+
+ # Create /etc/my.cnf.d/tripleo.cnf
+ exec { 'directory-create-etc-my.cnf.d':
+ command => 'mkdir -p /etc/my.cnf.d',
+ path => ['/usr/bin', '/usr/sbin', '/bin', '/sbin'],
+ } ->
+ augeas { 'tripleo-mysql-client-conf':
+ incl => $mysql_read_default_file,
+ lens => 'Puppet.lns',
+ changes => $conf_changes,
+ }
+ }
+}
diff --git a/manifests/profile/base/docker.pp b/manifests/profile/base/docker.pp
new file mode 100644
index 0000000..5e18a85
--- /dev/null
+++ b/manifests/profile/base/docker.pp
@@ -0,0 +1,68 @@
+# Copyright 2017 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::docker
+#
+# docker profile for tripleo
+#
+# === Parameters
+#
+# [*docker_namespace*]
+# The namespace to be used when setting INSECURE_REGISTRY
+# this will be split on "/" to derive the docker registry
+# (defaults to undef)
+#
+# [*insecure_registry*]
+# Set docker_namespace to INSECURE_REGISTRY, used when a local registry
+# is enabled (defaults to false)
+#
+# [*step*]
+# step defaults to hiera('step')
+#
+class tripleo::profile::base::docker (
+ $docker_namespace = undef,
+ $insecure_registry = false,
+ $step = hiera('step'),
+) {
+ if $step >= 1 {
+ package {'docker':
+ ensure => installed,
+ }
+
+ service { 'docker':
+ ensure => 'running',
+ enable => true,
+ require => Package['docker'],
+ }
+
+ if $insecure_registry {
+ if $docker_namespace == undef {
+ fail('You must provide a $docker_namespace in order to configure insecure registry')
+ }
+ $namespace = strip($docker_namespace.split('/')[0])
+ $changes = [ "set INSECURE_REGISTRY '\"--insecure-registry ${namespace}\"'", ]
+ } else {
+ $changes = [ 'rm INSECURE_REGISTRY', ]
+ }
+
+ augeas { 'docker-sysconfig':
+ lens => 'Shellvars.lns',
+ incl => '/etc/sysconfig/docker',
+ changes => $changes,
+ subscribe => Package['docker'],
+ notify => Service['docker'],
+ }
+ }
+}
diff --git a/manifests/profile/base/docker_registry.pp b/manifests/profile/base/docker_registry.pp
index ebe84bf..0452575 100644
--- a/manifests/profile/base/docker_registry.pp
+++ b/manifests/profile/base/docker_registry.pp
@@ -38,7 +38,8 @@ class tripleo::profile::base::docker_registry (
) {
# We want a v2 registry
package{'docker-registry':
- ensure => absent,
+ ensure => absent,
+ allow_virtual => false,
}
package{'docker-distribution': }
package{'docker': }
diff --git a/manifests/profile/base/gnocchi/metricd.pp b/manifests/profile/base/gnocchi/metricd.pp
index e69bbd5..f6f80cd 100644
--- a/manifests/profile/base/gnocchi/metricd.pp
+++ b/manifests/profile/base/gnocchi/metricd.pp
@@ -30,7 +30,5 @@ class tripleo::profile::base::gnocchi::metricd (
if $step >= 5 {
include ::gnocchi::metricd
- Keystone_endpoint<||> -> Service['gnocchi-metricd']
- Keystone_user_role<||> -> Service['gnocchi-metricd']
}
}
diff --git a/manifests/profile/base/gnocchi/statsd.pp b/manifests/profile/base/gnocchi/statsd.pp
index 1fe4067..7c98a0a 100644
--- a/manifests/profile/base/gnocchi/statsd.pp
+++ b/manifests/profile/base/gnocchi/statsd.pp
@@ -30,7 +30,5 @@ class tripleo::profile::base::gnocchi::statsd (
if $step >= 5 {
include ::gnocchi::statsd
- Keystone_endpoint<||> -> Service['gnocchi-statsd']
- Keystone_user_role<||> -> Service['gnocchi-statsd']
}
}
diff --git a/manifests/profile/base/heat.pp b/manifests/profile/base/heat.pp
index 6e7e5f6..4ff5b41 100644
--- a/manifests/profile/base/heat.pp
+++ b/manifests/profile/base/heat.pp
@@ -35,21 +35,66 @@
# for more details.
# Defaults to hiera('step')
#
-# [*rabbit_hosts*]
-# list of the rabbbit host fqdns
+# [*oslomsg_rpc_proto*]
+# Protocol driver for the oslo messaging rpc service
+# Defaults to hiera('messaging_rpc_service_name', rabbit)
+#
+# [*oslomsg_rpc_hosts*]
+# list of the oslo messaging rpc host fqdns
+# Defaults to hiera('rabbitmq_node_names')
+#
+# [*oslomsg_rpc_port*]
+# IP port for oslo messaging rpc service
+# Defaults to hiera('heat::rabbit_port', 5672)
+#
+# [*oslomsg_rpc_username*]
+# Username for oslo messaging rpc service
+# Defaults to hiera('heat::rabbit_userid', 'guest')
+#
+# [*oslomsg_rpc_password*]
+# Password for oslo messaging rpc service
+# Defaults to hiera('heat::rabbit_password')
+#
+# [*oslomsg_notify_proto*]
+# Protocol driver for the oslo messaging notify service
+# Defaults to hiera('messaging_notify_service_name', rabbit)
+#
+# [*oslomsg_notify_hosts*]
+# list of the oslo messaging notify host fqdns
# Defaults to hiera('rabbitmq_node_names')
#
-# [*rabbit_port*]
-# IP port for rabbitmq service
+# [*oslomsg_notify_port*]
+# IP port for oslo messaging notify service
# Defaults to hiera('heat::rabbit_port', 5672)
+#
+# [*oslomsg_notify_username*]
+# Username for oslo messaging notify service
+# Defaults to hiera('heat::rabbit_userid', 'guest')
+#
+# [*oslomsg_notify_password*]
+# Password for oslo messaging notify service
+# Defaults to hiera('heat::rabbit_password')
+#
+# [*oslomsg_use_ssl*]
+# Enable ssl oslo messaging services
+# Defaults to hiera('heat::rabbit_use_ssl', '0')
class tripleo::profile::base::heat (
- $bootstrap_node = downcase(hiera('bootstrap_nodeid')),
- $manage_db_purge = hiera('heat_enable_db_purge', true),
- $notification_driver = 'messaging',
- $step = hiera('step'),
- $rabbit_hosts = hiera('rabbitmq_node_names', undef),
- $rabbit_port = hiera('heat::rabbit_port', 5672),
+ $bootstrap_node = downcase(hiera('bootstrap_nodeid')),
+ $manage_db_purge = hiera('heat_enable_db_purge', true),
+ $notification_driver = 'messaging',
+ $step = hiera('step'),
+ $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
+ $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_rpc_password = hiera('heat::rabbit_password'),
+ $oslomsg_rpc_port = hiera('heat::rabbit_port', '5672'),
+ $oslomsg_rpc_username = hiera('heat::rabbit_userid', 'guest'),
+ $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'),
+ $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_notify_password = hiera('heat::rabbit_password'),
+ $oslomsg_notify_port = hiera('heat::rabbit_port', '5672'),
+ $oslomsg_notify_username = hiera('heat::rabbit_userid', 'guest'),
+ $oslomsg_use_ssl = hiera('heat::rabbit_use_ssl', '0'),
) {
# Domain resources will be created at step5 on the node running keystone.pp
# configure heat.conf at step3 and 4 but actually create the domain later.
@@ -60,10 +105,26 @@ class tripleo::profile::base::heat (
manage_role => false,
}
- $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}")
+ $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
+
class { '::heat' :
- notification_driver => $notification_driver,
- rabbit_hosts => $rabbit_endpoints,
+ notification_driver => $notification_driver,
+ default_transport_url => os_transport_url({
+ 'transport' => $oslomsg_rpc_proto,
+ 'hosts' => $oslomsg_rpc_hosts,
+ 'port' => $oslomsg_rpc_port,
+ 'username' => $oslomsg_rpc_username,
+ 'password' => $oslomsg_rpc_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
+ notification_transport_url => os_transport_url({
+ 'transport' => $oslomsg_notify_proto,
+ 'hosts' => $oslomsg_notify_hosts,
+ 'port' => $oslomsg_notify_port,
+ 'username' => $oslomsg_notify_username,
+ 'password' => $oslomsg_notify_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
}
include ::heat::config
include ::heat::cors
diff --git a/manifests/profile/base/heat/api.pp b/manifests/profile/base/heat/api.pp
index 7166298..9ffba9c 100644
--- a/manifests/profile/base/heat/api.pp
+++ b/manifests/profile/base/heat/api.pp
@@ -18,18 +18,70 @@
#
# === Parameters
#
+# [*certificates_specs*]
+# (Optional) The specifications to give to certmonger for the certificate(s)
+# it will create.
+# Example with hiera:
+# apache_certificates_specs:
+# httpd-internal_api:
+# hostname: <overcloud controller fqdn>
+# service_certificate: <service certificate path>
+# service_key: <service key path>
+# principal: "haproxy/<overcloud controller fqdn>"
+# Defaults to hiera('apache_certificate_specs', {}).
+#
+# [*enable_internal_tls*]
+# (Optional) Whether TLS in the internal network is enabled or not.
+# Defaults to hiera('enable_internal_tls', false)
+#
+# [*generate_service_certificates*]
+# (Optional) Whether or not certmonger will generate certificates for
+# HAProxy. This could be as many as specified by the $certificates_specs
+# variable.
+# Note that this doesn't configure the certificates in haproxy, it merely
+# creates the certificates.
+# Defaults to hiera('generate_service_certificate', false).
+#
+# [*heat_api_network*]
+# (Optional) The network name where the heat API endpoint is listening on.
+# This is set by t-h-t.
+# Defaults to hiera('heat_api_network', undef)
+#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to hiera('step')
#
class tripleo::profile::base::heat::api (
- $step = hiera('step'),
+ $certificates_specs = hiera('apache_certificates_specs', {}),
+ $enable_internal_tls = hiera('enable_internal_tls', false),
+ $generate_service_certificates = hiera('generate_service_certificates', false),
+ $heat_api_network = hiera('heat_api_network', undef),
+ $step = hiera('step'),
) {
include ::tripleo::profile::base::heat
+ if $enable_internal_tls {
+ if $generate_service_certificates {
+ ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
+ }
+
+ if !$heat_api_network {
+ fail('heat_api_network is not set in the hieradata.')
+ }
+ $tls_certfile = $certificates_specs["httpd-${heat_api_network}"]['service_certificate']
+ $tls_keyfile = $certificates_specs["httpd-${heat_api_network}"]['service_key']
+ } else {
+ $tls_certfile = undef
+ $tls_keyfile = undef
+ }
+
if $step >= 4 {
include ::heat::api
+ class { '::heat::wsgi::apache_api':
+ ssl_cert => $tls_certfile,
+ ssl_key => $tls_keyfile,
+ }
}
}
diff --git a/manifests/profile/base/heat/api_cfn.pp b/manifests/profile/base/heat/api_cfn.pp
index c1adae6..987d3b2 100644
--- a/manifests/profile/base/heat/api_cfn.pp
+++ b/manifests/profile/base/heat/api_cfn.pp
@@ -18,18 +18,71 @@
#
# === Parameters
#
+# [*certificates_specs*]
+# (Optional) The specifications to give to certmonger for the certificate(s)
+# it will create.
+# Example with hiera:
+# apache_certificates_specs:
+# httpd-internal_api:
+# hostname: <overcloud controller fqdn>
+# service_certificate: <service certificate path>
+# service_key: <service key path>
+# principal: "haproxy/<overcloud controller fqdn>"
+# Defaults to hiera('apache_certificate_specs', {}).
+#
+# [*enable_internal_tls*]
+# (Optional) Whether TLS in the internal network is enabled or not.
+# Defaults to hiera('enable_internal_tls', false)
+#
+# [*generate_service_certificates*]
+# (Optional) Whether or not certmonger will generate certificates for
+# HAProxy. This could be as many as specified by the $certificates_specs
+# variable.
+# Note that this doesn't configure the certificates in haproxy, it merely
+# creates the certificates.
+# Defaults to hiera('generate_service_certificate', false).
+#
+# [*heat_api_cfn_network*]
+# (Optional) The network name where the heat cfn endpoint is listening on.
+# This is set by t-h-t.
+# Defaults to hiera('heat_api_cfn_network', undef)
+#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to hiera('step')
#
class tripleo::profile::base::heat::api_cfn (
- $step = hiera('step'),
+ $certificates_specs = hiera('apache_certificates_specs', {}),
+ $enable_internal_tls = hiera('enable_internal_tls', false),
+ $generate_service_certificates = hiera('generate_service_certificates', false),
+ $heat_api_cfn_network = hiera('heat_api_cfn_network', undef),
+ $step = hiera('step'),
) {
include ::tripleo::profile::base::heat
+ if $enable_internal_tls {
+ if $generate_service_certificates {
+ ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
+ }
+
+ if !$heat_api_cfn_network {
+ fail('heat_api_cfn_network is not set in the hieradata.')
+ }
+ $tls_certfile = $certificates_specs["httpd-${heat_api_cfn_network}"]['service_certificate']
+ $tls_keyfile = $certificates_specs["httpd-${heat_api_cfn_network}"]['service_key']
+ } else {
+ $tls_certfile = undef
+ $tls_keyfile = undef
+ }
+
if $step >= 4 {
include ::heat::api_cfn
+
+ class { '::heat::wsgi::apache_api_cfn':
+ ssl_cert => $tls_certfile,
+ ssl_key => $tls_keyfile,
+ }
}
}
diff --git a/manifests/profile/base/heat/api_cloudwatch.pp b/manifests/profile/base/heat/api_cloudwatch.pp
index 3004db9..4dd2607 100644
--- a/manifests/profile/base/heat/api_cloudwatch.pp
+++ b/manifests/profile/base/heat/api_cloudwatch.pp
@@ -18,18 +18,71 @@
#
# === Parameters
#
+# [*certificates_specs*]
+# (Optional) The specifications to give to certmonger for the certificate(s)
+# it will create.
+# Example with hiera:
+# apache_certificates_specs:
+# httpd-internal_api:
+# hostname: <overcloud controller fqdn>
+# service_certificate: <service certificate path>
+# service_key: <service key path>
+# principal: "haproxy/<overcloud controller fqdn>"
+# Defaults to hiera('apache_certificate_specs', {}).
+#
+# [*enable_internal_tls*]
+# (Optional) Whether TLS in the internal network is enabled or not.
+# Defaults to hiera('enable_internal_tls', false)
+#
+# [*generate_service_certificates*]
+# (Optional) Whether or not certmonger will generate certificates for
+# HAProxy. This could be as many as specified by the $certificates_specs
+# variable.
+# Note that this doesn't configure the certificates in haproxy, it merely
+# creates the certificates.
+# Defaults to hiera('generate_service_certificate', false).
+#
+# [*heat_api_cloudwatch_network*]
+# (Optional) The network name where the heat cloudwatch endpoint is listening
+# on. This is set by t-h-t.
+# Defaults to hiera('heat_api_cloudwatch_network', undef)
+#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to hiera('step')
#
class tripleo::profile::base::heat::api_cloudwatch (
- $step = hiera('step'),
+ $certificates_specs = hiera('apache_certificates_specs', {}),
+ $enable_internal_tls = hiera('enable_internal_tls', false),
+ $generate_service_certificates = hiera('generate_service_certificates', false),
+ $heat_api_cloudwatch_network = hiera('heat_api_cloudwatch_network', undef),
+ $step = hiera('step'),
) {
include ::tripleo::profile::base::heat
+ if $enable_internal_tls {
+ if $generate_service_certificates {
+ ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
+ }
+
+ if !$heat_api_cloudwatch_network {
+ fail('heat_api_cloudwatch_network is not set in the hieradata.')
+ }
+ $tls_certfile = $certificates_specs["httpd-${heat_api_cloudwatch_network}"]['service_certificate']
+ $tls_keyfile = $certificates_specs["httpd-${heat_api_cloudwatch_network}"]['service_key']
+ } else {
+ $tls_certfile = undef
+ $tls_keyfile = undef
+ }
+
if $step >= 4 {
include ::heat::api_cloudwatch
+
+ class { '::heat::wsgi::apache_api_cloudwatch':
+ ssl_cert => $tls_certfile,
+ ssl_key => $tls_keyfile,
+ }
}
}
diff --git a/manifests/profile/base/horizon.pp b/manifests/profile/base/horizon.pp
index bd28ab0..278c25c 100644
--- a/manifests/profile/base/horizon.pp
+++ b/manifests/profile/base/horizon.pp
@@ -23,8 +23,13 @@
# for more details.
# Defaults to hiera('step')
#
+# [*neutron_options*]
+# (Optional) A hash of parameters to enable features specific to Neutron
+# Defaults to hiera('horizon::neutron_options', {})
+#
class tripleo::profile::base::horizon (
- $step = hiera('step'),
+ $step = hiera('step'),
+ $neutron_options = hiera('horizon::neutron_options', {}),
) {
if $step >= 4 {
# Horizon
@@ -35,7 +40,7 @@ class tripleo::profile::base::horizon (
} else {
$_profile_support = 'None'
}
- $neutron_options = {'profile_support' => $_profile_support }
+ $neutron_options_real = merge({'profile_support' => $_profile_support }, $neutron_options)
$memcached_ipv6 = hiera('memcached_ipv6', false)
if $memcached_ipv6 {
$horizon_memcached_servers = hiera('memcached_node_ips_v6', '[::1]')
@@ -44,7 +49,7 @@ class tripleo::profile::base::horizon (
}
class { '::horizon':
cache_server_ip => $horizon_memcached_servers,
- neutron_options => $neutron_options,
+ neutron_options => $neutron_options_real,
}
}
}
diff --git a/manifests/profile/base/ironic.pp b/manifests/profile/base/ironic.pp
index 5db1e1f..7ba629f 100644
--- a/manifests/profile/base/ironic.pp
+++ b/manifests/profile/base/ironic.pp
@@ -26,19 +26,39 @@
# (Optional) The current step of the deployment
# Defaults to hiera('step')
#
-# [*rabbit_hosts*]
-# list of the rabbbit host fqdns
+# [*oslomsg_rpc_proto*]
+# Protocol driver for the oslo messaging rpc service
+# Defaults to hiera('messaging_rpc_service_name', rabbit)
+#
+# [*oslomsg_rpc_hosts*]
+# list of the oslo messaging rpc host fqdns
# Defaults to hiera('rabbitmq_node_names')
#
-# [*rabbit_port*]
-# IP port for rabbitmq service
+# [*oslomsg_rpc_port*]
+# IP port for oslo messaging rpc service
# Defaults to hiera('ironic::rabbit_port', 5672)
+#
+# [*oslomsg_rpc_username*]
+# Username for oslo messaging rpc service
+# Defaults to hiera('ironic::rabbit_userid', 'guest')
+#
+# [*oslomsg_rpc_password*]
+# Password for oslo messaging rpc service
+# Defaults to hiera('ironic::rabbit_password')
+#
+# [*oslomsg_use_ssl*]
+# Enable ssl oslo messaging services
+# Defaults to hiera('ironic::rabbit_use_ssl', '0')
class tripleo::profile::base::ironic (
- $bootstrap_node = hiera('bootstrap_nodeid', undef),
- $step = hiera('step'),
- $rabbit_hosts = hiera('rabbitmq_node_names', undef),
- $rabbit_port = hiera('ironic::rabbit_port', 5672),
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $step = hiera('step'),
+ $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
+ $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_rpc_password = hiera('ironic::rabbit_password'),
+ $oslomsg_rpc_port = hiera('ironic::rabbit_port', '5672'),
+ $oslomsg_rpc_username = hiera('ironic::rabbit_userid', 'guest'),
+ $oslomsg_use_ssl = hiera('ironic::rabbit_use_ssl', '0'),
) {
# Database is accessed by both API and conductor, hence it's here.
if $::hostname == downcase($bootstrap_node) {
@@ -48,12 +68,20 @@ class tripleo::profile::base::ironic (
}
if $step >= 4 or ($step >= 3 and $sync_db) {
- $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}")
+ $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
class { '::ironic':
- sync_db => $sync_db,
- rabbit_hosts => $rabbit_endpoints,
+ sync_db => $sync_db,
+ default_transport_url => os_transport_url({
+ 'transport' => $oslomsg_rpc_proto,
+ 'hosts' => $oslomsg_rpc_hosts,
+ 'port' => sprintf('%s', $oslomsg_rpc_port),
+ 'username' => $oslomsg_rpc_username,
+ 'password' => $oslomsg_rpc_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
}
+ include ::ironic::config
include ::ironic::cors
}
}
diff --git a/manifests/profile/base/ironic_inspector.pp b/manifests/profile/base/ironic_inspector.pp
new file mode 100644
index 0000000..b4276c6
--- /dev/null
+++ b/manifests/profile/base/ironic_inspector.pp
@@ -0,0 +1,46 @@
+# Copyright 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::ironic_inspector
+#
+# Ironic inspector profile for TripleO
+#
+# === Parameters
+#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
+# [*step*]
+# (Optional) The current step of the deployment
+# Defaults to hiera('step')
+
+class tripleo::profile::base::ironic_inspector (
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $step = hiera('step'),
+) {
+
+ if $::hostname == downcase($bootstrap_node) {
+ $sync_db = true
+ } else {
+ $sync_db = false
+ }
+
+ if $step >= 4 or ($step >= 3 and $sync_db) {
+ class { '::ironic::inspector':
+ sync_db => $sync_db,
+ }
+ }
+
+}
diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp
index 72049e3..9b2fc51 100644
--- a/manifests/profile/base/keystone.pp
+++ b/manifests/profile/base/keystone.pp
@@ -76,15 +76,50 @@
# This is set by t-h-t.
# Defaults to hiera('keystone_public_api_network', undef)
#
+# [*oslomsg_rpc_proto*]
+# Protocol driver for the oslo messaging rpc service
+# Defaults to hiera('messaging_rpc_service_name', rabbit)
#
-# [*rabbit_hosts*]
-# list of the rabbbit host fqdns
+# [*oslomsg_rpc_hosts*]
+# list of the oslo messaging rpc host fqdns
# Defaults to hiera('rabbitmq_node_names')
#
-# [*rabbit_port*]
-# IP port for rabbitmq service
+# [*oslomsg_rpc_port*]
+# IP port for oslo messaging rpc service
# Defaults to hiera('keystone::rabbit_port', 5672)
#
+# [*oslomsg_rpc_username*]
+# Username for oslo messaging rpc service
+# Defaults to hiera('keystone::rabbit_userid', 'guest')
+#
+# [*oslomsg_rpc_password*]
+# Password for oslo messaging rpc service
+# Defaults to hiera('keystone::rabbit_password')
+#
+# [*oslomsg_notify_proto*]
+# Protocol driver for the oslo messaging notify service
+# Defaults to hiera('messaging_notify_service_name', rabbit)
+#
+# [*oslomsg_notify_hosts*]
+# list of the oslo messaging notify host fqdns
+# Defaults to hiera('rabbitmq_node_names')
+#
+# [*oslomsg_notify_port*]
+# IP port for oslo messaging notify service
+# Defaults to hiera('keystone::rabbit_port', 5672)
+#
+# [*oslomsg_notify_username*]
+# Username for oslo messaging notify service
+# Defaults to hiera('keystone::rabbit_userid', 'guest')
+#
+# [*oslomsg_notify_password*]
+# Password for oslo messaging notify service
+# Defaults to hiera('keystone::rabbit_password')
+#
+# [*oslomsg_use_ssl*]
+# Enable ssl oslo messaging services
+# Defaults to hiera('keystone::rabbit_use_ssl', '0')
+#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
@@ -102,8 +137,17 @@ class tripleo::profile::base::keystone (
$heat_admin_user = undef,
$manage_db_purge = hiera('keystone_enable_db_purge', true),
$public_endpoint_network = hiera('keystone_public_api_network', undef),
- $rabbit_hosts = hiera('rabbitmq_node_names', undef),
- $rabbit_port = hiera('keystone::rabbit_port', 5672),
+ $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
+ $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_rpc_password = hiera('keystone::rabbit_password'),
+ $oslomsg_rpc_port = hiera('keystone::rabbit_port', '5672'),
+ $oslomsg_rpc_username = hiera('keystone::rabbit_userid', 'guest'),
+ $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'),
+ $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_notify_password = hiera('keystone::rabbit_password'),
+ $oslomsg_notify_port = hiera('keystone::rabbit_port', '5672'),
+ $oslomsg_notify_username = hiera('keystone::rabbit_userid', 'guest'),
+ $oslomsg_use_ssl = hiera('keystone::rabbit_use_ssl', '0'),
$step = hiera('step'),
) {
if $::hostname == downcase($bootstrap_node) {
@@ -142,11 +186,26 @@ class tripleo::profile::base::keystone (
}
if $step >= 4 or ( $step >= 3 and $sync_db ) {
- $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}")
+ $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
class { '::keystone':
- sync_db => $sync_db,
- enable_bootstrap => $sync_db,
- rabbit_hosts => $rabbit_endpoints,
+ sync_db => $sync_db,
+ enable_bootstrap => $sync_db,
+ default_transport_url => os_transport_url({
+ 'transport' => $oslomsg_rpc_proto,
+ 'hosts' => $oslomsg_rpc_hosts,
+ 'port' => $oslomsg_rpc_port,
+ 'username' => $oslomsg_rpc_username,
+ 'password' => $oslomsg_rpc_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
+ notification_transport_url => os_transport_url({
+ 'transport' => $oslomsg_notify_proto,
+ 'hosts' => $oslomsg_notify_hosts,
+ 'port' => $oslomsg_notify_port,
+ 'username' => $oslomsg_notify_username,
+ 'password' => $oslomsg_notify_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
}
include ::keystone::config
@@ -157,22 +216,13 @@ class tripleo::profile::base::keystone (
ssl_key_admin => $tls_keyfile_admin,
}
include ::keystone::cors
-
- if $manage_roles {
- include ::keystone::roles::admin
- }
-
- if $manage_endpoint {
- include ::keystone::endpoint
- }
-
}
- if $step >= 5 and $manage_db_purge {
+ if $step >= 4 and $manage_db_purge {
include ::keystone::cron::token_flush
}
- if $step >= 5 and $manage_domain {
+ if $step == 3 and $manage_domain {
if hiera('heat_engine_enabled', false) {
# create these seperate and don't use ::heat::keystone::domain since
# that class writes out the configs
@@ -193,7 +243,12 @@ class tripleo::profile::base::keystone (
}
}
- if $step >= 5 and $manage_endpoint{
+ if $step == 3 and $manage_roles {
+ include ::keystone::roles::admin
+ }
+
+ if $step == 3 and $manage_endpoint {
+ include ::keystone::endpoint
if hiera('aodh_api_enabled', false) {
include ::aodh::keystone::auth
}
@@ -227,6 +282,9 @@ class tripleo::profile::base::keystone (
if hiera('ironic_api_enabled', false) {
include ::ironic::keystone::auth
}
+ if hiera('ironic_inspector_enabled', false) {
+ include ::ironic::keystone::auth_inspector
+ }
if hiera('manila_api_enabled', false) {
include ::manila::keystone::auth
}
diff --git a/manifests/profile/base/manila.pp b/manifests/profile/base/manila.pp
index f021f64..cad2cdf 100644
--- a/manifests/profile/base/manila.pp
+++ b/manifests/profile/base/manila.pp
@@ -26,19 +26,64 @@
# (Optional) The current step of the deployment
# Defaults to hiera('step')
#
-# [*rabbit_hosts*]
-# list of the rabbbit host fqdns
+# [*oslomsg_rpc_proto*]
+# Protocol driver for the oslo messaging rpc service
+# Defaults to hiera('messaging_rpc_service_name', rabbit)
+#
+# [*oslomsg_rpc_hosts*]
+# list of the oslo messaging rpc host fqdns
# Defaults to hiera('rabbitmq_node_names')
#
-# [*rabbit_port*]
-# IP port for rabbitmq service
+# [*oslomsg_rpc_port*]
+# IP port for oslo messaging rpc service
# Defaults to hiera('manila::rabbit_port', 5672)
+#
+# [*oslomsg_rpc_username*]
+# Username for oslo messaging rpc service
+# Defaults to hiera('manila::rabbit_userid', 'guest')
+#
+# [*oslomsg_rpc_password*]
+# Password for oslo messaging rpc service
+# Defaults to hiera('manila::rabbit_password')
+#
+# [*oslomsg_notify_proto*]
+# Protocol driver for the oslo messaging notify service
+# Defaults to hiera('messaging_notify_service_name', rabbit)
+#
+# [*oslomsg_notify_hosts*]
+# list of the oslo messaging notify host fqdns
+# Defaults to hiera('rabbitmq_node_names')
+#
+# [*oslomsg_notify_port*]
+# IP port for oslo messaging notify service
+# Defaults to hiera('manila::rabbit_port', 5672)
+#
+# [*oslomsg_notify_username*]
+# Username for oslo messaging notify service
+# Defaults to hiera('manila::rabbit_userid', 'guest')
+#
+# [*oslomsg_notify_password*]
+# Password for oslo messaging notify service
+# Defaults to hiera('manila::rabbit_password')
+#
+# [*oslomsg_use_ssl*]
+# Enable ssl oslo messaging services
+# Defaults to hiera('manila::rabbit_use_ssl', '0')
class tripleo::profile::base::manila (
- $bootstrap_node = hiera('bootstrap_nodeid', undef),
- $step = hiera('step'),
- $rabbit_hosts = hiera('rabbitmq_node_names', undef),
- $rabbit_port = hiera('manila::rabbit_port', 5672),
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $step = hiera('step'),
+ $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
+ $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_rpc_password = hiera('manila::rabbit_password'),
+ $oslomsg_rpc_port = hiera('manila::rabbit_port', '5672'),
+ $oslomsg_rpc_username = hiera('manila::rabbit_userid', 'guest'),
+ $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'),
+ $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_notify_password = hiera('manila::rabbit_password'),
+ $oslomsg_notify_port = hiera('manila::rabbit_port', '5672'),
+ $oslomsg_notify_username = hiera('manila::rabbit_userid', 'guest'),
+ $oslomsg_use_ssl = hiera('manila::rabbit_use_ssl', '0'),
) {
if $::hostname == downcase($bootstrap_node) {
$sync_db = true
@@ -47,9 +92,24 @@ class tripleo::profile::base::manila (
}
if $step >= 4 or ($step >= 3 and $sync_db) {
- $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}")
+ $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
class { '::manila' :
- rabbit_hosts => $rabbit_endpoints,
+ default_transport_url => os_transport_url({
+ 'transport' => $oslomsg_rpc_proto,
+ 'hosts' => $oslomsg_rpc_hosts,
+ 'port' => $oslomsg_rpc_port,
+ 'username' => $oslomsg_rpc_username,
+ 'password' => $oslomsg_rpc_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
+ notification_transport_url => os_transport_url({
+ 'transport' => $oslomsg_notify_proto,
+ 'hosts' => $oslomsg_notify_hosts,
+ 'port' => $oslomsg_notify_port,
+ 'username' => $oslomsg_notify_username,
+ 'password' => $oslomsg_notify_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
}
include ::manila::config
}
diff --git a/manifests/profile/base/mistral.pp b/manifests/profile/base/mistral.pp
index d8e1330..0eb849d 100644
--- a/manifests/profile/base/mistral.pp
+++ b/manifests/profile/base/mistral.pp
@@ -27,19 +27,64 @@
# for more details.
# Defaults to hiera('step')
#
-# [*rabbit_hosts*]
-# list of the rabbbit host fqdns
+# [*oslomsg_rpc_proto*]
+# Protocol driver for the oslo messaging rpc service
+# Defaults to hiera('messaging_rpc_service_name', rabbit)
+#
+# [*oslomsg_rpc_hosts*]
+# list of the oslo messaging rpc host fqdns
# Defaults to hiera('rabbitmq_node_names')
#
-# [*rabbit_port*]
-# IP port for rabbitmq service
+# [*oslomsg_rpc_port*]
+# IP port for oslo messaging rpc service
# Defaults to hiera('mistral::rabbit_port', 5672)
+#
+# [*oslomsg_rpc_username*]
+# Username for oslo messaging rpc service
+# Defaults to hiera('mistral::rabbit_userid', 'guest')
+#
+# [*oslomsg_rpc_password*]
+# Password for oslo messaging rpc service
+# Defaults to hiera('mistral::rabbit_password')
+#
+# [*oslomsg_notify_proto*]
+# Protocol driver for the oslo messaging notify service
+# Defaults to hiera('messaging_notify_service_name', rabbit)
+#
+# [*oslomsg_notify_hosts*]
+# list of the oslo messaging notify host fqdns
+# Defaults to hiera('rabbitmq_node_names')
+#
+# [*oslomsg_notify_port*]
+# IP port for oslo messaging notify service
+# Defaults to hiera('mistral::rabbit_port', 5672)
+#
+# [*oslomsg_notify_username*]
+# Username for oslo messaging notify service
+# Defaults to hiera('mistral::rabbit_userid', 'guest')
+#
+# [*oslomsg_notify_password*]
+# Password for oslo messaging notify service
+# Defaults to hiera('mistral::rabbit_password')
+#
+# [*oslomsg_use_ssl*]
+# Enable ssl oslo messaging services
+# Defaults to hiera('mistral::rabbit_use_ssl', '0')
class tripleo::profile::base::mistral (
- $bootstrap_node = hiera('bootstrap_nodeid', undef),
- $step = hiera('step'),
- $rabbit_hosts = hiera('rabbitmq_node_names', undef),
- $rabbit_port = hiera('mistral::rabbit_port', 5672),
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $step = hiera('step'),
+ $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
+ $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_rpc_password = hiera('mistral::rabbit_password'),
+ $oslomsg_rpc_port = hiera('mistral::rabbit_port', '5672'),
+ $oslomsg_rpc_username = hiera('mistral::rabbit_userid', 'guest'),
+ $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'),
+ $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_notify_password = hiera('mistral::rabbit_password'),
+ $oslomsg_notify_port = hiera('mistral::rabbit_port', '5672'),
+ $oslomsg_notify_username = hiera('mistral::rabbit_userid', 'guest'),
+ $oslomsg_use_ssl = hiera('mistral::rabbit_use_ssl', '0'),
) {
if $::hostname == downcase($bootstrap_node) {
$sync_db = true
@@ -48,9 +93,24 @@ class tripleo::profile::base::mistral (
}
if $step >= 4 or ($step >= 3 and $sync_db) {
- $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}")
+ $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
class { '::mistral':
- rabbit_hosts => $rabbit_endpoints,
+ default_transport_url => os_transport_url({
+ 'transport' => $oslomsg_rpc_proto,
+ 'hosts' => $oslomsg_rpc_hosts,
+ 'port' => $oslomsg_rpc_port,
+ 'username' => $oslomsg_rpc_username,
+ 'password' => $oslomsg_rpc_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
+ notification_transport_url => os_transport_url({
+ 'transport' => $oslomsg_notify_proto,
+ 'hosts' => $oslomsg_notify_hosts,
+ 'port' => $oslomsg_notify_port,
+ 'username' => $oslomsg_notify_username,
+ 'password' => $oslomsg_notify_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
}
include ::mistral::config
include ::mistral::client
diff --git a/manifests/profile/base/neutron.pp b/manifests/profile/base/neutron.pp
index e6a32db..2f01b75 100644
--- a/manifests/profile/base/neutron.pp
+++ b/manifests/profile/base/neutron.pp
@@ -22,23 +22,111 @@
# (Optional) The current step of the deployment
# Defaults to hiera('step')
#
-# [*rabbit_hosts*]
-# list of the rabbbit host fqdns
+# [*oslomsg_rpc_proto*]
+# Protocol driver for the oslo messaging rpc service
+# Defaults to hiera('messaging_rpc_service_name', rabbit)
+#
+# [*oslomsg_rpc_hosts*]
+# list of the oslo messaging rpc host fqdns
+# Defaults to hiera('rabbitmq_node_names')
+#
+# [*oslomsg_rpc_port*]
+# IP port for oslo messaging rpc service
+# Defaults to hiera('neutron::rabbit_port', 5672)
+#
+# [*oslomsg_rpc_username*]
+# Username for oslo messaging rpc service
+# Defaults to hiera('neutron::rabbit_userid', 'guest')
+#
+# [*oslomsg_rpc_password*]
+# Password for oslo messaging rpc service
+# Defaults to hiera('neutron::rabbit_password')
+#
+# [*oslomsg_notify_proto*]
+# Protocol driver for the oslo messaging notify service
+# Defaults to hiera('messaging_notify_service_name', rabbit)
+#
+# [*oslomsg_notify_hosts*]
+# list of the oslo messaging notify host fqdns
# Defaults to hiera('rabbitmq_node_names')
#
-# [*rabbit_port*]
-# IP port for rabbitmq service
-# Defaults to hiera('neutron::rabbit_port', 5672
+# [*oslomsg_notify_port*]
+# IP port for oslo messaging notify service
+# Defaults to hiera('neutron::rabbit_port', 5672)
+#
+# [*oslomsg_notify_username*]
+# Username for oslo messaging notify service
+# Defaults to hiera('neutron::rabbit_userid', 'guest')
+#
+# [*oslomsg_notify_password*]
+# Password for oslo messaging notify service
+# Defaults to hiera('neutron::rabbit_password')
+#
+# [*oslomsg_use_ssl*]
+# Enable ssl oslo messaging services
+# Defaults to hiera('neutron::rabbit_use_ssl', '0')
+#
+# [*dhcp_agents_per_network*]
+# (Optional) TripleO configured number of DHCP agents
+# to use per network. If left to the default value, neutron will be
+# configured with the number of DHCP agents being deployed.
+# Defaults to undef
+#
+# [*dhcp_nodes*]
+# (Optional) List of nodes running the DHCP agent. Used to
+# set neutron's dhcp_agents_per_network value to the number
+# of available agents.
+# Defaults to hiera('neutron_dhcp_short_node_names') or []
+#
class tripleo::profile::base::neutron (
- $step = hiera('step'),
- $rabbit_hosts = hiera('rabbitmq_node_names', undef),
- $rabbit_port = hiera('neutron::rabbit_port', 5672),
+ $step = hiera('step'),
+ $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
+ $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_rpc_password = hiera('neutron::rabbit_password'),
+ $oslomsg_rpc_port = hiera('neutron::rabbit_port', '5672'),
+ $oslomsg_rpc_username = hiera('neutron::rabbit_userid', 'guest'),
+ $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'),
+ $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_notify_password = hiera('neutron::rabbit_password'),
+ $oslomsg_notify_port = hiera('neutron::rabbit_port', '5672'),
+ $oslomsg_notify_username = hiera('neutron::rabbit_userid', 'guest'),
+ $oslomsg_use_ssl = hiera('neutron::rabbit_use_ssl', '0'),
+ $dhcp_agents_per_network = undef,
+ $dhcp_nodes = hiera('neutron_dhcp_short_node_names', []),
) {
if $step >= 3 {
- $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}")
+ $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
+
+ $dhcp_agent_count = size($dhcp_nodes)
+ if $dhcp_agents_per_network {
+ $dhcp_agents_per_net = $dhcp_agents_per_network
+ if ($dhcp_agents_per_net > $dhcp_agent_count) {
+ warning("dhcp_agents_per_network (${dhcp_agents_per_net}) is greater\
+ than the number of deployed dhcp agents (${dhcp_agent_count})")
+ }
+ }
+ elsif $dhcp_agent_count > 0 {
+ $dhcp_agents_per_net = $dhcp_agent_count
+ }
class { '::neutron' :
- rabbit_hosts => $rabbit_endpoints,
+ default_transport_url => os_transport_url({
+ 'transport' => $oslomsg_rpc_proto,
+ 'hosts' => $oslomsg_rpc_hosts,
+ 'port' => $oslomsg_rpc_port,
+ 'username' => $oslomsg_rpc_username,
+ 'password' => $oslomsg_rpc_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
+ notification_transport_url => os_transport_url({
+ 'transport' => $oslomsg_notify_proto,
+ 'hosts' => $oslomsg_notify_hosts,
+ 'port' => $oslomsg_notify_port,
+ 'username' => $oslomsg_notify_username,
+ 'password' => $oslomsg_notify_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
+ dhcp_agents_per_network => $dhcp_agents_per_net,
}
include ::neutron::config
}
diff --git a/manifests/profile/base/neutron/ovs.pp b/manifests/profile/base/neutron/ovs.pp
index a4e0cd3..bec7e96 100644
--- a/manifests/profile/base/neutron/ovs.pp
+++ b/manifests/profile/base/neutron/ovs.pp
@@ -28,7 +28,7 @@ class tripleo::profile::base::neutron::ovs(
) {
include ::tripleo::profile::base::neutron
- if $step >= 4 {
+ if $step >= 5 {
include ::neutron::agents::ml2::ovs
# Optional since manage_service may be false and neutron server may not be colocated.
diff --git a/manifests/profile/base/nova.pp b/manifests/profile/base/nova.pp
index fe1e6a6..36425f6 100644
--- a/manifests/profile/base/nova.pp
+++ b/manifests/profile/base/nova.pp
@@ -30,28 +30,48 @@
# (Optional) Whether or not manage Nova Live migration
# Defaults to false
#
-# [*messaging_driver*]
-# Driver for messaging service.
-# Defaults to hiera('messaging_service_name', 'rabbit')
+# [*oslomsg_rpc_proto*]
+# Protocol driver for the oslo messaging rpc service
+# Defaults to hiera('messaging_rpc_service_name', rabbit)
#
-# [*messaging_hosts*]
-# list of the messaging host fqdns
+# [*oslomsg_rpc_hosts*]
+# list of the oslo messaging rpc host fqdns
# Defaults to hiera('rabbitmq_node_names')
#
-# [*messaging_password*]
-# Password for messaging nova queue
+# [*oslomsg_rpc_port*]
+# IP port for oslo messaging rpc service
+# Defaults to hiera('nova::rabbit_port', 5672)
+#
+# [*oslomsg_rpc_username*]
+# Username for oslo messaging rpc service
+# Defaults to hiera('nova::rabbit_userid', 'guest')
+#
+# [*oslomsg_rpc_password*]
+# Password for oslo messaging rpc service
# Defaults to hiera('nova::rabbit_password')
#
-# [*messaging_port*]
-# IP port for messaging service
+# [*oslomsg_notify_proto*]
+# Protocol driver for the oslo messaging notify service
+# Defaults to hiera('messaging_notify_service_name', rabbit)
+#
+# [*oslomsg_notify_hosts*]
+# list of the oslo messaging notify host fqdns
+# Defaults to hiera('rabbitmq_node_names')
+#
+# [*oslomsg_notify_port*]
+# IP port for oslo messaging notify service
# Defaults to hiera('nova::rabbit_port', 5672)
#
-# [*messaging_username*]
-# Username for messaging nova queue
+# [*oslomsg_notify_username*]
+# Username for oslo messaging notify service
# Defaults to hiera('nova::rabbit_userid', 'guest')
#
-# [*messaging_use_ssl*]
-# Flag indicating ssl usage.
+# [*oslomsg_notify_password*]
+# Password for oslo messaging notify service
+# Defaults to hiera('nova::rabbit_password')
+#
+# [*oslomsg_use_ssl*]
+# Enable ssl oslo messaging services
# Defaults to hiera('nova::rabbit_use_ssl', '0')
#
# [*nova_compute_enabled*]
@@ -63,17 +83,22 @@
# Defaults to hiera('step')
#
class tripleo::profile::base::nova (
- $bootstrap_node = hiera('bootstrap_nodeid', undef),
- $libvirt_enabled = false,
- $manage_migration = false,
- $messaging_driver = hiera('messaging_service_name', 'rabbit'),
- $messaging_hosts = any2array(hiera('rabbitmq_node_names', undef)),
- $messaging_password = hiera('nova::rabbit_password'),
- $messaging_port = hiera('nova::rabbit_port', '5672'),
- $messaging_username = hiera('nova::rabbit_userid', 'guest'),
- $messaging_use_ssl = hiera('nova::rabbit_use_ssl', '0'),
- $nova_compute_enabled = false,
- $step = hiera('step'),
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $libvirt_enabled = false,
+ $manage_migration = false,
+ $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
+ $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_rpc_password = hiera('nova::rabbit_password'),
+ $oslomsg_rpc_port = hiera('nova::rabbit_port', '5672'),
+ $oslomsg_rpc_username = hiera('nova::rabbit_userid', 'guest'),
+ $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'),
+ $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_notify_password = hiera('nova::rabbit_password'),
+ $oslomsg_notify_port = hiera('nova::rabbit_port', '5672'),
+ $oslomsg_notify_username = hiera('nova::rabbit_userid', 'guest'),
+ $oslomsg_use_ssl = hiera('nova::rabbit_use_ssl', '0'),
+ $nova_compute_enabled = false,
+ $step = hiera('step'),
) {
if $::hostname == downcase($bootstrap_node) {
$sync_db = true
@@ -88,17 +113,23 @@ class tripleo::profile::base::nova (
}
if $step >= 4 or ($step >= 3 and $sync_db) {
- $messaging_use_ssl_real = sprintf('%s', bool2num(str2bool($messaging_use_ssl)))
- # TODO(ccamacho): remove sprintf once we properly type the port, needs
- # to be a string for the os_transport_url function.
+ $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
class { '::nova' :
- default_transport_url => os_transport_url({
- 'transport' => $messaging_driver,
- 'hosts' => $messaging_hosts,
- 'port' => sprintf('%s', $messaging_port),
- 'username' => $messaging_username,
- 'password' => $messaging_password,
- 'ssl' => $messaging_use_ssl_real,
+ default_transport_url => os_transport_url({
+ 'transport' => $oslomsg_rpc_proto,
+ 'hosts' => $oslomsg_rpc_hosts,
+ 'port' => $oslomsg_rpc_port,
+ 'username' => $oslomsg_rpc_username,
+ 'password' => $oslomsg_rpc_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
+ notification_transport_url => os_transport_url({
+ 'transport' => $oslomsg_notify_proto,
+ 'hosts' => $oslomsg_notify_hosts,
+ 'port' => $oslomsg_notify_port,
+ 'username' => $oslomsg_notify_username,
+ 'password' => $oslomsg_notify_password,
+ 'ssl' => $oslomsg_use_ssl_real,
}),
}
include ::nova::config
@@ -107,10 +138,10 @@ class tripleo::profile::base::nova (
backend => 'oslo_cache.memcache_pool',
memcache_servers => $memcache_servers,
}
+ include ::nova::placement
}
if $step >= 4 {
- include ::nova::placement
if $manage_migration {
class { '::nova::migration::libvirt':
configure_libvirt => $libvirt_enabled,
diff --git a/manifests/profile/base/nova/api.pp b/manifests/profile/base/nova/api.pp
index 83baae2..cda2b66 100644
--- a/manifests/profile/base/nova/api.pp
+++ b/manifests/profile/base/nova/api.pp
@@ -49,6 +49,11 @@
# This is set by t-h-t.
# Defaults to hiera('nova_api_network', undef)
#
+# [*nova_api_wsgi_enabled*]
+# (Optional) Whether or not deploy Nova API in WSGI with Apache.
+# Nova Team discourages it.
+# Defaults to hiera('nova_wsgi_enabled', false)
+#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
@@ -60,6 +65,7 @@ class tripleo::profile::base::nova::api (
$enable_internal_tls = hiera('enable_internal_tls', false),
$generate_service_certificates = hiera('generate_service_certificates', false),
$nova_api_network = hiera('nova_api_network', undef),
+ $nova_api_wsgi_enabled = hiera('nova_wsgi_enabled', false),
$step = hiera('step'),
) {
if $::hostname == downcase($bootstrap_node) {
@@ -69,21 +75,7 @@ class tripleo::profile::base::nova::api (
}
include ::tripleo::profile::base::nova
-
- if $enable_internal_tls {
- if $generate_service_certificates {
- ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
- }
-
- if !$nova_api_network {
- fail('nova_api_network is not set in the hieradata.')
- }
- $tls_certfile = $certificates_specs["httpd-${nova_api_network}"]['service_certificate']
- $tls_keyfile = $certificates_specs["httpd-${nova_api_network}"]['service_key']
- } else {
- $tls_certfile = undef
- $tls_keyfile = undef
- }
+ include ::tripleo::profile::base::nova::authtoken
if $step >= 3 and $sync_db {
include ::nova::cell_v2::simple_setup
@@ -91,31 +83,48 @@ class tripleo::profile::base::nova::api (
if $step >= 4 or ($step >= 3 and $sync_db) {
- if hiera('nova::use_ipv6', false) {
- $memcache_servers = suffix(any2array(normalize_ip_for_uri(hiera('memcached_node_ips_v6'))), ':11211')
- } else {
- $memcache_servers = suffix(any2array(normalize_ip_for_uri(hiera('memcached_node_ips'))), ':11211')
- }
-
- class { '::nova::keystone::authtoken':
- memcached_servers => $memcache_servers
- }
-
class { '::nova::api':
sync_db => $sync_db,
sync_db_api => $sync_db,
}
- class { '::nova::wsgi::apache_api':
- ssl_cert => $tls_certfile,
- ssl_key => $tls_keyfile,
- }
include ::nova::network::neutron
}
+ # Temporarily disable Nova API deployed in WSGI
+ # https://bugs.launchpad.net/nova/+bug/1661360
+ if $nova_api_wsgi_enabled {
+ if $enable_internal_tls {
+ if $generate_service_certificates {
+ ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
+ }
+
+ if !$nova_api_network {
+ fail('nova_api_network is not set in the hieradata.')
+ }
+ $tls_certfile = $certificates_specs["httpd-${nova_api_network}"]['service_certificate']
+ $tls_keyfile = $certificates_specs["httpd-${nova_api_network}"]['service_key']
+ } else {
+ $tls_certfile = undef
+ $tls_keyfile = undef
+ }
+ if $step >= 4 or ($step >= 3 and $sync_db) {
+ class { '::nova::wsgi::apache_api':
+ ssl_cert => $tls_certfile,
+ ssl_key => $tls_keyfile,
+ }
+ }
+ }
if $step >= 5 {
if hiera('nova_enable_db_purge', true) {
include ::nova::cron::archive_deleted_rows
}
+ # At step 5, we consider all nova-compute services started and registred to nova-conductor
+ # So we want to update Nova Cells database to be aware of these hosts by executing the
+ # nova-cell_v2-discover_hosts command again.
+ # Doing it on a single nova-api node to avoid race condition.
+ if $sync_db {
+ Exec<| title == 'nova-cell_v2-discover_hosts' |> { refreshonly => false }
+ }
}
}
diff --git a/manifests/profile/base/nova/authtoken.pp b/manifests/profile/base/nova/authtoken.pp
new file mode 100644
index 0000000..ee6c331
--- /dev/null
+++ b/manifests/profile/base/nova/authtoken.pp
@@ -0,0 +1,56 @@
+# Copyright 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::nova::authtoken
+#
+# Nova authtoken profile for TripleO
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+# [*use_ipv6*]
+# (Optional) Flag indicating if ipv6 should be used for caching
+# Defaults to hiera('nova::use_ipv6', false)
+#
+# [*memcache_nodes_ipv6*]
+# (Optional) Array of ipv6 addresses for memcache. Used if use_ipv6 is true.
+# Defaults to hiera('memcached_node_ipvs_v6', ['::1'])
+#
+# [*memcache_nodes_ipv4*]
+# (Optional) Array of ipv4 addresses for memcache. Used by default unless
+# use_ipv6 is set to true.
+# Defaults to hiera('memcached_node_ips', ['127.0.0.1'])
+#
+class tripleo::profile::base::nova::authtoken (
+ $step = hiera('step'),
+ $use_ipv6 = hiera('nova::use_ipv6', false),
+ $memcache_nodes_ipv6 = hiera('memcached_node_ips_v6', ['::1']),
+ $memcache_nodes_ipv4 = hiera('memcached_node_ips', ['127.0.0.1']),
+) {
+
+ if $step >= 3 {
+ $memcached_ips = $use_ipv6 ? {
+ true => $memcache_nodes_ipv6,
+ default => $memcache_nodes_ipv4
+ }
+
+ $memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211')
+
+ class { '::nova::keystone::authtoken':
+ memcached_servers => $memcache_servers
+ }
+ }
+}
diff --git a/manifests/profile/base/nova/compute.pp b/manifests/profile/base/nova/compute.pp
index 076996a..0eb2ed7 100644
--- a/manifests/profile/base/nova/compute.pp
+++ b/manifests/profile/base/nova/compute.pp
@@ -42,6 +42,7 @@ class tripleo::profile::base::nova::compute (
# before nova-compute.
Service<| title == 'nova-conductor' |> -> Service['nova-compute']
+
# deploy bits to connect nova compute to neutron
include ::nova::network::neutron
diff --git a/manifests/profile/base/nova/compute/libvirt.pp b/manifests/profile/base/nova/compute/libvirt.pp
index 6767f6b..cc9beb6 100644
--- a/manifests/profile/base/nova/compute/libvirt.pp
+++ b/manifests/profile/base/nova/compute/libvirt.pp
@@ -40,24 +40,13 @@ class tripleo::profile::base::nova::compute::libvirt (
}
}
- # TODO(emilien): Some work needs to be done in puppet-nova to separate nova-compute config
- # when running libvirt and libvirt itself, so we allow micro-services deployments.
- if str2bool(hiera('nova::use_ipv6', false)) {
- $vncserver_listen = '::0'
- } else {
- $vncserver_listen = '0.0.0.0'
- }
-
if $rbd_ephemeral_storage {
class { '::nova::compute::libvirt':
libvirt_disk_cachemodes => ['network=writeback'],
libvirt_hw_disk_discard => 'unmap',
- vncserver_listen => $vncserver_listen,
}
} else {
- class { '::nova::compute::libvirt' :
- vncserver_listen => $vncserver_listen,
- }
+ include ::nova::compute::libvirt
}
include ::nova::compute::libvirt::qemu
diff --git a/manifests/profile/base/nova/placement.pp b/manifests/profile/base/nova/placement.pp
index aa8c3c7..46658b8 100644
--- a/manifests/profile/base/nova/placement.pp
+++ b/manifests/profile/base/nova/placement.pp
@@ -69,6 +69,7 @@ class tripleo::profile::base::nova::placement (
}
include ::tripleo::profile::base::nova
+ include ::tripleo::profile::base::nova::authtoken
if $enable_internal_tls {
if $generate_service_certificates {
@@ -85,7 +86,7 @@ class tripleo::profile::base::nova::placement (
$tls_keyfile = undef
}
- if $step >= 4 {
+ if $step >= 3 {
class { '::nova::wsgi::apache_placement':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/octavia.pp b/manifests/profile/base/octavia.pp
index 46ca009..e8310d8 100644
--- a/manifests/profile/base/octavia.pp
+++ b/manifests/profile/base/octavia.pp
@@ -22,35 +22,50 @@
# (Optional) The current step of the deployment
# Defaults to hiera('step')
#
-# [*rabbit_user*]
-# [*rabbit_password*]
-# (Optional) RabbitMQ user details
-# Defaults to undef
+# [*oslomsg_rpc_proto*]
+# Protocol driver for the oslo messaging rpc service
+# Defaults to hiera('messaging_rpc_service_name', rabbit)
#
-# [*rabbit_hosts*]
-# list of the rabbbit host fqdns
+# [*oslomsg_rpc_hosts*]
+# list of the oslo messaging rpc host fqdns
# Defaults to hiera('rabbitmq_node_names')
#
-# [*rabbit_port*]
-# IP port for rabbitmq service
-# Defaults to 5672.
+# [*oslomsg_rpc_port*]
+# IP port for oslo messaging rpc service
+# Defaults to hiera('octavia::rabbit_port', 5672)
#
+# [*oslomsg_rpc_username*]
+# Username for oslo messaging rpc service
+# Defaults to hiera('octavia::rabbit_userid', 'guest')
+#
+# [*oslomsg_rpc_password*]
+# Password for oslo messaging rpc service
+# Defaults to hiera('octavia::rabbit_password')
+#
+# [*oslomsg_use_ssl*]
+# Enable ssl oslo messaging services
+# Defaults to hiera('octavia::rabbit_use_ssl', '0')
+
class tripleo::profile::base::octavia (
- $step = hiera('step'),
- $rabbit_user = undef,
- $rabbit_password = undef,
- $rabbit_hosts = hiera('rabbitmq_node_names', undef),
- $rabbit_port = '5672'
+ $step = hiera('step'),
+ $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
+ $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_rpc_password = hiera('octavia::rabbit_password'),
+ $oslomsg_rpc_port = hiera('octavia::rabbit_port', '5672'),
+ $oslomsg_rpc_username = hiera('octavia::rabbit_userid', 'guest'),
+ $oslomsg_use_ssl = hiera('octavia::rabbit_use_ssl', '0'),
) {
if $step >= 3 {
+ $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
class { '::octavia' :
default_transport_url => os_transport_url({
- 'transport' => 'rabbit',
- 'hosts' => $rabbit_hosts,
- 'port' => sprintf('%s', $rabbit_port),
- 'username' => $rabbit_user,
- 'password' => $rabbit_password
- })
+ 'transport' => $oslomsg_rpc_proto,
+ 'hosts' => $oslomsg_rpc_hosts,
+ 'port' => sprintf('%s', $oslomsg_rpc_port),
+ 'username' => $oslomsg_rpc_username,
+ 'password' => $oslomsg_rpc_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
}
include ::octavia::config
}
diff --git a/manifests/profile/base/octavia/health_manager.pp b/manifests/profile/base/octavia/health_manager.pp
new file mode 100644
index 0000000..bac5f65
--- /dev/null
+++ b/manifests/profile/base/octavia/health_manager.pp
@@ -0,0 +1,33 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::octavia::health_manager
+#
+# Octavia Health Manager server for tripleo
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::octavia::health_manager (
+ $step = hiera('step'),
+) {
+ include ::tripleo::profile::base::octavia
+ if $step >= 5 {
+ include ::octavia::health_manager
+ }
+}
diff --git a/manifests/profile/base/octavia/housekeeping.pp b/manifests/profile/base/octavia/housekeeping.pp
new file mode 100644
index 0000000..0dcd5cf
--- /dev/null
+++ b/manifests/profile/base/octavia/housekeeping.pp
@@ -0,0 +1,34 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::octavia::housekeeping
+#
+# Octavia Housekeeping profile for tripleo
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::octavia::housekeeping (
+ $step = hiera('step'),
+) {
+ include ::tripleo::profile::base::octavia
+
+ if $step >= 5 {
+ include ::octavia::housekeeping
+ }
+}
diff --git a/manifests/profile/base/octavia/worker.pp b/manifests/profile/base/octavia/worker.pp
new file mode 100644
index 0000000..7df324d
--- /dev/null
+++ b/manifests/profile/base/octavia/worker.pp
@@ -0,0 +1,34 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::octavia::worker
+#
+# Octavia Worker profile for tripleo
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::octavia::worker (
+ $step = hiera('step'),
+) {
+ include ::tripleo::profile::base::octavia
+
+ if $step >= 5 {
+ include ::octavia::worker
+ }
+}
diff --git a/manifests/profile/base/panko.pp b/manifests/profile/base/panko.pp
index 880cf7d..286e4ac 100644
--- a/manifests/profile/base/panko.pp
+++ b/manifests/profile/base/panko.pp
@@ -23,26 +23,12 @@
# for more details.
# Defaults to hiera('step')
#
-# [*bootstrap_node*]
-# (Optional) The hostname of the node responsible for bootstrapping tasks
-# Defaults to hiera('bootstrap_nodeid')
class tripleo::profile::base::panko (
- $step = hiera('step'),
- $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $step = hiera('step'),
) {
-
- if $::hostname == downcase($bootstrap_node) {
- $sync_db = true
- } else {
- $sync_db = false
- }
-
- if $step >= 4 or ($step >= 3 and $sync_db) {
+ if $step >= 3 {
include ::panko
- include ::panko::db
include ::panko::config
- include ::panko::db::sync
}
-
}
diff --git a/manifests/profile/base/panko/api.pp b/manifests/profile/base/panko/api.pp
index 45ee0c0..a6643ce 100644
--- a/manifests/profile/base/panko/api.pp
+++ b/manifests/profile/base/panko/api.pp
@@ -18,6 +18,10 @@
#
# === Parameters
#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
# [*certificates_specs*]
# (Optional) The specifications to give to certmonger for the certificate(s)
# it will create.
@@ -53,12 +57,19 @@
# Defaults to hiera('step')
#
class tripleo::profile::base::panko::api (
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$generate_service_certificates = hiera('generate_service_certificates', false),
$panko_network = hiera('panko_api_network', undef),
$step = hiera('step'),
) {
+ if $::hostname == downcase($bootstrap_node) {
+ $sync_db = true
+ } else {
+ $sync_db = false
+ }
+
include ::tripleo::profile::base::panko
if $enable_internal_tls {
@@ -76,8 +87,11 @@ class tripleo::profile::base::panko::api (
$tls_keyfile = undef
}
- if $step >= 4 {
- include ::panko::api
+ if $step >= 4 or ( $step >= 3 and $sync_db ) {
+ include ::panko::db
+ class { '::panko::api':
+ sync_db => $sync_db,
+ }
class { '::panko::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/rabbitmq.pp b/manifests/profile/base/rabbitmq.pp
index fd8de8f..b04d721 100644
--- a/manifests/profile/base/rabbitmq.pp
+++ b/manifests/profile/base/rabbitmq.pp
@@ -18,14 +18,41 @@
#
# === Parameters
#
+# [*certificate_specs*]
+# (Optional) The specifications to give to certmonger for the certificate
+# it will create. Note that the certificate nickname must be 'mysql' in
+# the case of this service.
+# Example with hiera:
+# tripleo::profile::base::database::mysql::certificate_specs:
+# hostname: <overcloud controller fqdn>
+# service_certificate: <service certificate path>
+# service_key: <service key path>
+# principal: "mysql/<overcloud controller fqdn>"
+# Defaults to {}.
+#
# [*config_variables*]
# (Optional) RabbitMQ environment.
# Defaults to hiera('rabbitmq_config_variables').
#
+# [*enable_internal_tls*]
+# (Optional) Whether TLS in the internal network is enabled or not.
+# Defaults to undef
+#
# [*environment*]
# (Optional) RabbitMQ environment.
# Defaults to hiera('rabbitmq_environment').
#
+# [*generate_service_certificates*]
+# (Optional) Whether or not certmonger will generate certificates for
+# MySQL. This could be as many as specified by the $certificates_specs
+# variable.
+# Defaults to hiera('generate_service_certificate', false).
+#
+# [*inet_dist_interface*]
+# (Optional) Address to bind the inter-cluster interface
+# to. It is the inet_dist_use_interface option in the kernel variables
+# Defaults to hiera('rabbitmq::interface', undef).
+#
# [*ipv6*]
# (Optional) Whether to deploy RabbitMQ on IPv6 network.
# Defaults to str2bool(hiera('rabbit_ipv6', false)).
@@ -34,29 +61,53 @@
# (Optional) RabbitMQ environment.
# Defaults to hiera('rabbitmq_environment').
#
-# [*inet_dist_interface*]
-# (Optional) Address to bind the inter-cluster interface
-# to. It is the inet_dist_use_interface option in the kernel variables
-# Defaults to hiera('rabbitmq::interface', undef).
-#
# [*nodes*]
# (Optional) Array of host(s) for RabbitMQ nodes.
# Defaults to hiera('rabbitmq_node_names', []).
#
+# [*rabbitmq_pass*]
+# (Optional) RabbitMQ Default Password.
+# Defaults to hiera('rabbitmq::default_pass')
+#
+# [*rabbitmq_user*]
+# (Optional) RabbitMQ Default User.
+# Defaults to hiera('rabbitmq::default_user')
+#
+# [*stack_action*]
+# (Optional) Action of the stack deployment.
+# Defaults to hiera('stack_action')
+#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to hiera('step')
#
class tripleo::profile::base::rabbitmq (
- $config_variables = hiera('rabbitmq_config_variables'),
- $environment = hiera('rabbitmq_environment'),
- $ipv6 = str2bool(hiera('rabbit_ipv6', false)),
- $kernel_variables = hiera('rabbitmq_kernel_variables'),
- $inet_dist_interface = hiera('rabbitmq::interface', undef),
- $nodes = hiera('rabbitmq_node_names', []),
- $step = hiera('step'),
+ $certificate_specs = {},
+ $config_variables = hiera('rabbitmq_config_variables'),
+ $enable_internal_tls = undef, # TODO(jaosorior): pass this via t-h-t
+ $environment = hiera('rabbitmq_environment'),
+ $generate_service_certificates = hiera('generate_service_certificates', false),
+ $inet_dist_interface = hiera('rabbitmq::interface', undef),
+ $ipv6 = str2bool(hiera('rabbit_ipv6', false)),
+ $kernel_variables = hiera('rabbitmq_kernel_variables'),
+ $nodes = hiera('rabbitmq_node_names', []),
+ $rabbitmq_pass = hiera('rabbitmq::default_pass'),
+ $rabbitmq_user = hiera('rabbitmq::default_user'),
+ $stack_action = hiera('stack_action'),
+ $step = hiera('step'),
) {
+ if $enable_internal_tls {
+ if $generate_service_certificates {
+ ensure_resource('class', 'tripleo::certmonger::rabbitmq', $certificate_specs)
+ }
+ $tls_certfile = $certificate_specs['service_certificate']
+ $tls_keyfile = $certificate_specs['service_key']
+ } else {
+ $tls_certfile = undef
+ $tls_keyfile = undef
+ }
+
# IPv6 environment, necessary for RabbitMQ.
if $ipv6 {
$rabbit_env = merge($environment, {
@@ -85,6 +136,9 @@ class tripleo::profile::base::rabbitmq (
config_kernel_variables => $real_kernel_variables,
config_variables => $config_variables,
environment_variables => $rabbit_env,
+ # TLS options
+ ssl_cert => $tls_certfile,
+ ssl_key => $tls_keyfile,
}
# when running multi-nodes without Pacemaker
if $manage_service {
@@ -101,6 +155,20 @@ class tripleo::profile::base::rabbitmq (
config_kernel_variables => $kernel_variables,
config_variables => $config_variables,
environment_variables => $rabbit_env,
+ # TLS options
+ ssl_cert => $tls_certfile,
+ ssl_key => $tls_keyfile,
+ }
+ }
+ # In case of HA, starting of rabbitmq-server is managed by pacemaker, because of which, a dependency
+ # to Service['rabbitmq-server'] will not work. Sticking with UPDATE action.
+ if $stack_action == 'UPDATE' {
+ # Required for changing password on update scenario. Password will be changed only when
+ # called explicity, if the rabbitmq service is already running.
+ rabbitmq_user { $rabbitmq_user :
+ password => $rabbitmq_pass,
+ provider => 'rabbitmqctl',
+ admin => true,
}
}
}
diff --git a/manifests/profile/base/sahara.pp b/manifests/profile/base/sahara.pp
index 8db071b..7f4ecbe 100644
--- a/manifests/profile/base/sahara.pp
+++ b/manifests/profile/base/sahara.pp
@@ -26,19 +26,64 @@
# (Optional) The current step of the deployment
# Defaults to hiera('step')
#
-# [*rabbit_hosts*]
-# list of the rabbbit host fqdns
+# [*oslomsg_rpc_proto*]
+# Protocol driver for the oslo messaging rpc service
+# Defaults to hiera('messaging_rpc_service_name', rabbit)
+#
+# [*oslomsg_rpc_hosts*]
+# list of the oslo messaging rpc host fqdns
+# Defaults to hiera('rabbitmq_node_names')
+#
+# [*oslomsg_rpc_port*]
+# IP port for oslo messaging rpc service
+# Defaults to hiera('sahara::rabbit_port', 5672)
+#
+# [*oslomsg_rpc_username*]
+# Username for oslo messaging rpc service
+# Defaults to hiera('sahara::rabbit_userid', 'guest')
+#
+# [*oslomsg_rpc_password*]
+# Password for oslo messaging rpc service
+# Defaults to hiera('sahara::rabbit_password')
+#
+# [*oslomsg_notify_proto*]
+# Protocol driver for the oslo messaging notify service
+# Defaults to hiera('messaging_notify_service_name', rabbit)
+#
+# [*oslomsg_notify_hosts*]
+# list of the oslo messaging notify host fqdns
# Defaults to hiera('rabbitmq_node_names')
#
-# [*rabbit_port*]
-# IP port for rabbitmq service
+# [*oslomsg_notify_port*]
+# IP port for oslo messaging notify service
# Defaults to hiera('sahara::rabbit_port', 5672)
+#
+# [*oslomsg_notify_username*]
+# Username for oslo messaging notify service
+# Defaults to hiera('sahara::rabbit_userid', 'guest')
+#
+# [*oslomsg_notify_password*]
+# Password for oslo messaging notify service
+# Defaults to hiera('sahara::rabbit_password')
+#
+# [*oslomsg_use_ssl*]
+# Enable ssl oslo messaging services
+# Defaults to hiera('sahara::rabbit_use_ssl', '0')
class tripleo::profile::base::sahara (
- $bootstrap_node = hiera('bootstrap_nodeid', undef),
- $step = hiera('step'),
- $rabbit_hosts = hiera('rabbitmq_node_names', undef),
- $rabbit_port = hiera('sahara::rabbit_port', 5672),
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $step = hiera('step'),
+ $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
+ $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_rpc_password = hiera('sahara::rabbit_password'),
+ $oslomsg_rpc_port = hiera('sahara::rabbit_port', '5672'),
+ $oslomsg_rpc_username = hiera('sahara::rabbit_userid', 'guest'),
+ $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'),
+ $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_notify_password = hiera('sahara::rabbit_password'),
+ $oslomsg_notify_port = hiera('sahara::rabbit_port', '5672'),
+ $oslomsg_notify_username = hiera('sahara::rabbit_userid', 'guest'),
+ $oslomsg_use_ssl = hiera('sahara::rabbit_use_ssl', '0'),
) {
if $::hostname == downcase($bootstrap_node) {
$sync_db = true
@@ -47,10 +92,28 @@ class tripleo::profile::base::sahara (
}
if $step >= 4 or ($step >= 3 and $sync_db){
- $rabbit_endpoints = suffix(any2array($rabbit_hosts), ":${rabbit_port}")
+ $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
class { '::sahara':
- sync_db => $sync_db,
- rabbit_hosts => $rabbit_endpoints,
+ sync_db => $sync_db,
+ default_transport_url => os_transport_url({
+ 'transport' => $oslomsg_rpc_proto,
+ 'hosts' => $oslomsg_rpc_hosts,
+ 'port' => $oslomsg_rpc_port,
+ 'username' => $oslomsg_rpc_username,
+ 'password' => $oslomsg_rpc_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
+ }
+ class { '::sahara::notify':
+ notification_transport_url => os_transport_url({
+ 'transport' => $oslomsg_notify_proto,
+ 'hosts' => $oslomsg_notify_hosts,
+ 'port' => $oslomsg_notify_port,
+ 'username' => $oslomsg_notify_username,
+ 'password' => $oslomsg_notify_password,
+ 'ssl' => $oslomsg_use_ssl_real,
+ }),
}
+ include ::sahara::keystone::authtoken
}
}
diff --git a/manifests/profile/base/swift/proxy.pp b/manifests/profile/base/swift/proxy.pp
index 5bd75bd..0d9ba68 100644
--- a/manifests/profile/base/swift/proxy.pp
+++ b/manifests/profile/base/swift/proxy.pp
@@ -18,38 +18,58 @@
#
# === Parameters
#
-# [*step*]
-# (Optional) The current step in deployment. See tripleo-heat-templates
-# for more details.
-# Defaults to hiera('step')
+# [*ceilometer_enabled*]
+# Whether the ceilometer pipeline is enabled.
+# Defaults to true
#
-# [*memcache_servers*]
-# (Optional) List of memcache servers
-# Defaults to hiera('memcached_node_ips')
+# [*ceilometer_messaging_driver*]
+# Driver for messaging service.
+# Defaults to hiera('messaging_notify_service_name', 'rabbit')
+#
+# [*ceilometer_messaging_hosts*]
+# list of the messaging host fqdns
+# Defaults to hiera('rabbitmq_node_names')
+#
+# [*ceilometer_messaging_password*]
+# Password for messaging nova queue
+# Defaults to hiera('swift::proxy::ceilometer::rabbit_password', undef)
+#
+# [*ceilometer_messaging_port*]
+# IP port for messaging service
+# Defaults to hiera('tripleo::profile::base::swift::proxy::rabbit_port', 5672)
+#
+# [*ceilometer_messaging_use_ssl*]
+# Flag indicating ssl usage.
+# Defaults to '0'
+#
+# [*ceilometer_messaging_username*]
+# Username for messaging nova queue
+# Defaults to hiera('swift::proxy::ceilometer::rabbit_user', 'guest')
#
# [*memcache_port*]
# (Optional) memcache port
# Defaults to 11211
#
-# [*rabbit_hosts*]
-# list of the rabbbit host fqdns
-# Defaults to hiera('rabbitmq_node_names')
-#
-# [*rabbit_port*]
-# IP port for rabbitmq service
-# Defaults to 5672
+# [*memcache_servers*]
+# (Optional) List of memcache servers
+# Defaults to hiera('memcached_node_ips')
#
-# [*ceilometer_enabled*]
-# Whether the ceilometer pipeline is enabled.
-# Defaults to true
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
#
class tripleo::profile::base::swift::proxy (
- $step = hiera('step'),
- $memcache_servers = hiera('memcached_node_ips'),
- $memcache_port = 11211,
- $rabbit_hosts = hiera('rabbitmq_node_names', undef),
- $rabbit_port = 5672,
- $ceilometer_enabled = true,
+ $ceilometer_enabled = true,
+ $ceilometer_messaging_driver = hiera('messaging_notify_service_name', 'rabbit'),
+ $ceilometer_messaging_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $ceilometer_messaging_password = hiera('swift::proxy::ceilometer::rabbit_password', undef),
+ $ceilometer_messaging_port = hiera('tripleo::profile::base::swift::proxy::rabbit_port', '5672'),
+ $ceilometer_messaging_use_ssl = '0',
+ $ceilometer_messaging_username = hiera('swift::proxy::ceilometer::rabbit_user', 'guest'),
+ $memcache_port = 11211,
+ $memcache_servers = hiera('memcached_node_ips'),
+ $step = hiera('step'),
) {
if $step >= 4 {
$swift_memcache_servers = suffix(any2array(normalize_ip_for_uri($memcache_servers)), ":${memcache_port}")
@@ -68,10 +88,17 @@ class tripleo::profile::base::swift::proxy (
include ::swift::proxy::tempurl
include ::swift::proxy::formpost
include ::swift::proxy::bulk
- $swift_rabbit_hosts = suffix(any2array($rabbit_hosts), ":${rabbit_port}")
+ $ceilometer_messaging_use_ssl_real = sprintf('%s', bool2num(str2bool($ceilometer_messaging_use_ssl)))
if $ceilometer_enabled {
class { '::swift::proxy::ceilometer':
- rabbit_hosts => $swift_rabbit_hosts,
+ default_transport_url => os_transport_url({
+ 'transport' => $ceilometer_messaging_driver,
+ 'hosts' => $ceilometer_messaging_hosts,
+ 'port' => sprintf('%s', $ceilometer_messaging_port),
+ 'username' => $ceilometer_messaging_username,
+ 'password' => $ceilometer_messaging_password,
+ 'ssl' => $ceilometer_messaging_use_ssl_real,
+ }),
}
}
include ::swift::proxy::versioned_writes
@@ -82,6 +109,7 @@ class tripleo::profile::base::swift::proxy (
include ::swift::proxy::account_quotas
class { '::swift::objectexpirer':
+ pipeline => ['catch_errors', 'cache', 'proxy-server'],
memcache_servers => $swift_memcache_servers
}
}
diff --git a/manifests/profile/base/tacker.pp b/manifests/profile/base/tacker.pp
index e9f6b77..fa85ec1 100644
--- a/manifests/profile/base/tacker.pp
+++ b/manifests/profile/base/tacker.pp
@@ -22,29 +22,29 @@
# (Optional) The hostname of the node responsible for bootstrapping tasks
# Defaults to hiera('bootstrap_nodeid')
#
-# [*messaging_driver*]
-# Driver for messaging service.
-# Defaults to hiera('messaging_service_name', 'rabbit')
+# [*oslomsg_rpc_proto*]
+# Protocol driver for the oslo messaging rpc service
+# Defaults to hiera('messaging_rpc_service_name', rabbit)
#
-# [*messaging_hosts*]
-# list of the messaging host fqdns
+# [*oslomsg_rpc_hosts*]
+# list of the oslo messaging rpc host fqdns
# Defaults to hiera('rabbitmq_node_names')
#
-# [*messaging_password*]
-# Password for messaging nova queue
-# Defaults to hiera('nova::rabbit_password')
+# [*oslomsg_rpc_port*]
+# IP port for oslo messaging rpc service
+# Defaults to hiera('tacker::rabbit_port', 5672)
#
-# [*messaging_port*]
-# IP port for messaging service
-# Defaults to hiera('nova::rabbit_port', 5672)
+# [*oslomsg_rpc_username*]
+# Username for oslo messaging rpc service
+# Defaults to hiera('tacker::rabbit_userid', 'guest')
#
-# [*messaging_username*]
-# Username for messaging nova queue
-# Defaults to hiera('nova::rabbit_userid', 'guest')
+# [*oslomsg_rpc_password*]
+# Password for oslo messaging rpc service
+# Defaults to hiera('tacker::rabbit_password')
#
-# [*messaging_use_ssl*]
-# Flag indicating ssl usage.
-# Defaults to hiera('nova::rabbit_use_ssl', '0')
+# [*oslomsg_use_ssl*]
+# Enable ssl oslo messaging services
+# Defaults to hiera('tacker::rabbit_use_ssl', '0')
#
# [*step*]
# (Optional) The current step of the deployment
@@ -52,12 +52,12 @@
class tripleo::profile::base::tacker (
$bootstrap_node = hiera('bootstrap_nodeid', undef),
- $messaging_driver = hiera('messaging_service_name', 'rabbit'),
- $messaging_hosts = any2array(hiera('rabbitmq_node_names', undef)),
- $messaging_password = hiera('tacker::rabbit_password'),
- $messaging_port = hiera('tacker::rabbit_port', '5672'),
- $messaging_username = hiera('tacker::rabbit_userid', 'guest'),
- $messaging_use_ssl = hiera('tacker::rabbit_use_ssl', '0'),
+ $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
+ $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_rpc_password = hiera('tacker::rabbit_password'),
+ $oslomsg_rpc_port = hiera('tacker::rabbit_port', '5672'),
+ $oslomsg_rpc_username = hiera('tacker::rabbit_userid', 'guest'),
+ $oslomsg_use_ssl = hiera('tacker::rabbit_use_ssl', '0'),
$step = hiera('step'),
) {
if $::hostname == downcase($bootstrap_node) {
@@ -67,16 +67,16 @@ class tripleo::profile::base::tacker (
}
if $step >= 4 or ($step >= 3 and $sync_db){
- $messaging_use_ssl_real = sprintf('%s', bool2num(str2bool($messaging_use_ssl)))
+ $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
class { '::tacker':
sync_db => $sync_db,
default_transport_url => os_transport_url({
- 'transport' => $messaging_driver,
- 'hosts' => $messaging_hosts,
- 'port' => sprintf('%s', $messaging_port),
- 'username' => $messaging_username,
- 'password' => $messaging_password,
- 'ssl' => $messaging_use_ssl_real,
+ 'transport' => $oslomsg_rpc_proto,
+ 'hosts' => $oslomsg_rpc_hosts,
+ 'port' => sprintf('%s', $oslomsg_rpc_port),
+ 'username' => $oslomsg_rpc_username,
+ 'password' => $oslomsg_rpc_password,
+ 'ssl' => $oslomsg_use_ssl_real,
}),
}
diff --git a/manifests/profile/base/time/ntp.pp b/manifests/profile/base/time/ntp.pp
index c6ce309..06a3048 100644
--- a/manifests/profile/base/time/ntp.pp
+++ b/manifests/profile/base/time/ntp.pp
@@ -19,10 +19,12 @@
#
class tripleo::profile::base::time::ntp {
- # if installed, we don't want chrony to conflict with ntp.
- package { 'chrony':
- ensure => 'purged',
- before => Service['ntp'],
+ # If installed, we don't want chrony to conflict with ntp. LP#1665426
+ # It should be noted that this work even if the package is not installed
+ service { 'chronyd':
+ ensure => stopped,
+ enable => false,
+ before => Class['ntp']
}
include ::ntp
}
diff --git a/manifests/profile/base/vpp.pp b/manifests/profile/base/vpp.pp
new file mode 100644
index 0000000..05f52f9
--- /dev/null
+++ b/manifests/profile/base/vpp.pp
@@ -0,0 +1,32 @@
+# Copyright 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::vpp
+#
+# vpp profile for tripleo
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::vpp (
+ $step = hiera('step'),
+) {
+ if $step >= 1 {
+ include ::fdio
+ }
+}
diff --git a/manifests/profile/pacemaker/database/mysql.pp b/manifests/profile/pacemaker/database/mysql.pp
index 6a83f10..bc5e644 100644
--- a/manifests/profile/pacemaker/database/mysql.pp
+++ b/manifests/profile/pacemaker/database/mysql.pp
@@ -75,6 +75,7 @@ class tripleo::profile::pacemaker::database::mysql (
'default-storage-engine' => 'innodb',
'innodb_autoinc_lock_mode' => '2',
'innodb_locks_unsafe_for_binlog'=> '1',
+ 'innodb_file_per_table' => 'ON',
'query_cache_size' => '0',
'query_cache_type' => '0',
'bind-address' => $bind_address,
@@ -179,12 +180,13 @@ class tripleo::profile::pacemaker::database::mysql (
# This step is to create a sysconfig clustercheck file with the root user and empty password
# on the first install only (because later on the clustercheck db user will be used)
# We are using exec and not file in order to not have duplicate definition errors in puppet
- # when we later set the the file to contain the clustercheck data
+ # when we later set the file to contain the clustercheck data
exec { 'create-root-sysconfig-clustercheck':
command => "/bin/echo 'MYSQL_USERNAME=root\nMYSQL_PASSWORD=\'\'\nMYSQL_HOST=localhost\n' > /etc/sysconfig/clustercheck",
unless => '/bin/test -e /etc/sysconfig/clustercheck && grep -q clustercheck /etc/sysconfig/clustercheck',
}
xinetd::service { 'galera-monitor' :
+ bind => hiera('mysql_bind_host'),
port => '9200',
server => '/usr/bin/clustercheck',
per_source => 'UNLIMITED',
diff --git a/manifests/ui.pp b/manifests/ui.pp
index 27e3e50..d51ef2e 100644
--- a/manifests/ui.pp
+++ b/manifests/ui.pp
@@ -31,37 +31,58 @@
# The port on which the UI is listening.
# Defaults to 3000
#
-# [*keystone_url*]
-# The keystone service url
-# Defaults to hiera('keystone::endpoint::public_url')
+# [*enabled_languages*]
+# Which languages to show in the UI.
+# An array.
+# Defaults to ['en-GB', 'en', 'de', 'ja', 'ko-KR', 'zh-CN', 'es']
#
-# [*heat_url*]
-# The heat service url
-# Defaults to hiera('heat::keystone::auth::public_url')
+# [*endpoint_proxy_keystone*]
+# The keystone proxy endpoint url
+# Defaults to undef
#
-# [*heat_url*]
-# The heat service url
-# Defaults to hiera('heat::keystone::auth::public_url')
+# [*endpoint_config_keystone*]
+# The keystone config endpoint url
+# Defaults to undef
#
-# [*heat_url*]
-# The heat service url
-# Defaults to hiera('heat::keystone::auth::public_url')
+# [*endpoint_proxy_heat*]
+# The heat proxy endpoint url
+# Defaults to undef
#
-# [*ironic_url*]
-# The ironic service url
-# Defaults to hiera('ironic::keystone::auth::public_url')
+# [*endpoint_config_heat*]
+# The heat config endpoint url
+# Defaults to undef
#
-# [*mistral_url*]
-# The mistral service url
-# Defaults to hiera('mistral::keystone::auth::public_url')
+# [*endpoint_proxy_ironic*]
+# The ironic proxy endpoint url
+# Defaults to undef
#
-# [*swift_url*]
-# The swift service url
-# Defaults to hiera('swift::keystone::auth::public_url')
+# [*endpoint_config_ironic*]
+# The ironic config endpoint url
+# Defaults to undef
#
-# [*zaqar_websocket_url*]
-# The zaqar websocket url
-# Defaults to hiera('zaquar::keystone::auth_websocket::public_url')
+# [*endpoint_proxy_mistral*]
+# The mistral proxy endpoint url
+# Defaults to undef
+#
+# [*endpoint_config_mistral*]
+# The mistral config endpoint url
+# Defaults to undef
+#
+# [*endpoint_proxy_swift*]
+# The swift proxy endpoint url
+# Defaults to undef
+#
+# [*endpoint_config_swift*]
+# The swift config endpoint url
+# Defaults to undef
+#
+# [*endpoint_proxy_zaqar*]
+# The zaqar proxy endpoint url
+# Defaults to undef
+#
+# [*endpoint_config_zaqar*]
+# The zaqar config endpoint url
+# Defaults to undf
#
# [*zaqar_default_queue*]
# The zaqar default queue
@@ -69,18 +90,30 @@
# Defaults to 'tripleo'
#
class tripleo::ui (
- $servername = $::fqdn,
- $bind_host = hiera('controller_host'),
- $ui_port = 3000,
- $keystone_url = hiera('keystone_auth_uri_v2'),
- $heat_url = hiera('heat::keystone::auth::public_url', undef),
- $ironic_url = hiera('ironic::keystone::auth::public_url', undef),
- $mistral_url = hiera('mistral::keystone::auth::public_url', undef),
- $swift_url = hiera('swift::keystone::auth::public_url', undef),
- $zaqar_websocket_url = hiera('zaqar::keystone::auth_websocket::public_url', undef),
- $zaqar_default_queue = 'tripleo'
+ $servername = $::fqdn,
+ $bind_host = hiera('controller_host'),
+ $ui_port = 3000,
+ $zaqar_default_queue = 'tripleo',
+ $enabled_languages = ['en-GB', 'en', 'de', 'ja', 'ko-KR', 'zh-CN', 'es'],
+ $endpoint_proxy_zaqar = undef,
+ $endpoint_proxy_keystone = undef,
+ $endpoint_proxy_heat = undef,
+ $endpoint_proxy_ironic = undef,
+ $endpoint_proxy_mistral = undef,
+ $endpoint_proxy_swift = undef,
+ $endpoint_config_zaqar = undef,
+ $endpoint_config_keystone = undef,
+ $endpoint_config_heat = undef,
+ $endpoint_config_ironic = undef,
+ $endpoint_config_mistral = undef,
+ $endpoint_config_swift = undef,
+
) {
+ include ::apache::mod::proxy
+ include ::apache::mod::proxy_http
+ include ::apache::mod::proxy_wstunnel
+
::apache::vhost { 'tripleo-ui':
ensure => 'present',
servername => $servername,
@@ -89,6 +122,38 @@ class tripleo::ui (
docroot => '/var/www/openstack-tripleo-ui/dist',
options => ['Indexes', 'FollowSymLinks'],
fallbackresource => '/index.html',
+ proxy_pass => [
+ {
+ 'path' => '/zaqar',
+ 'url' => $endpoint_proxy_zaqar
+ },
+ {
+ 'path' => '/keystone',
+ 'url' => $endpoint_proxy_keystone,
+ 'reverse_urls' => $endpoint_proxy_keystone
+ },
+ {
+ 'path' => '/heat',
+ 'url' => $endpoint_proxy_heat,
+ 'reverse_urls' => $endpoint_proxy_heat
+ },
+ {
+ 'path' => '/ironic',
+ 'url' => $endpoint_proxy_ironic,
+ 'reverse_urls' => $endpoint_proxy_ironic
+ },
+ {
+ 'path' => '/mistral',
+ 'url' => $endpoint_proxy_mistral,
+ 'reverse_urls' => $endpoint_proxy_mistral
+ },
+ {
+ 'path' => '/swift',
+ 'url' => $endpoint_proxy_swift,
+ 'reverse_urls' => $endpoint_proxy_swift
+ },
+ ],
+
}
# We already use apache::vhost to generate our own