diff options
Diffstat (limited to 'manifests')
38 files changed, 840 insertions, 131 deletions
diff --git a/manifests/firewall.pp b/manifests/firewall.pp index 7698881..edcb5e7 100644 --- a/manifests/firewall.pp +++ b/manifests/firewall.pp @@ -86,6 +86,24 @@ class tripleo::firewall( 'stage' => 'runtime', 'firewall_settings' => $firewall_post_extras, }) + + # Allow composable services to load their own custom + # example with Hiera. + # NOTE(dprince): In the future when we have a better hiera + # heat hook we might refactor this to use hiera's merging + # capabilities instead. Until then rolling up the flat service + # keys and dynamically creating firewall rules for each service + # will allow us to compose and should work fine. + # + # Each service can load its rules by using this form: + # + # tripleo.<service name with underscores>.firewall_rules: + # '300 allow custom application 1': + # dport: 999 + # proto: udp + # action: accept + $service_names = reject(hiera('service_names', []), '^$') + tripleo::firewall::service_rules { $service_names: } } } diff --git a/manifests/firewall/service_rules.pp b/manifests/firewall/service_rules.pp new file mode 100644 index 0000000..4739f16 --- /dev/null +++ b/manifests/firewall/service_rules.pp @@ -0,0 +1,38 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Define: tripleo::firewall::service_rules +# +# Define used to create firewall rules for composable services. +# +# === Parameters: +# +# [*service_name*] +# (optional) The service_name to load firewall rules for. +# Defaults to $title +# +define tripleo::firewall::service_rules ($service_name = $title) { + + $underscore_name = regsubst($service_name, '-', '_') + + # This allows each composable service to load its own custom rules by + # creating its own flat hiera key named: + # tripleo.<service name with underscores>.firewall_rules + $service_firewall_rules = hiera("tripleo.${underscore_name}.firewall_rules", {}) + + if !empty($service_firewall_rules) { + create_resources('tripleo::firewall::rule', $service_firewall_rules) + } + +} diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index 407fbb7..0a53353 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -226,6 +226,10 @@ # (optional) Enable or not MidoNet API binding # Defaults to false # +# [*zaqar_api*] +# (optional) Enable or not Zaqar Api binding +# Defaults to false +# # [*service_ports*] # (optional) Hash that contains the values to override from the service ports # The available keys to modify the services' ports are: @@ -271,6 +275,8 @@ # 'swift_proxy_ssl_port' (Defaults to 13808) # 'trove_api_port' (Defaults to 8779) # 'trove_api_ssl_port' (Defaults to 13779) +# 'zaqar_api_port' (Defaults to 8888) +# 'zaqar_api_ssl_port' (Defaults to 13888) # Defaults to {} # class tripleo::haproxy ( @@ -322,6 +328,7 @@ class tripleo::haproxy ( $redis = false, $redis_password = undef, $midonet_api = false, + $zaqar_api = false, $service_ports = {} ) { $default_service_ports = { @@ -367,6 +374,8 @@ class tripleo::haproxy ( swift_proxy_ssl_port => 13808, trove_api_port => 8779, trove_api_ssl_port => 13779, + zaqar_api_port => 8888, + zaqar_api_ssl_port => 13888, } $ports = merge($default_service_ports, $service_ports) @@ -593,6 +602,12 @@ class tripleo::haproxy ( ip_addresses => hiera('glance_api_node_ips', $controller_hosts_real), server_names => $controller_hosts_names_real, public_ssl_port => $ports[glance_api_ssl_port], + mode => 'http', + listen_options => { + 'http-request' => [ + 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], + }, } } @@ -887,4 +902,15 @@ class tripleo::haproxy ( options => $haproxy_member_options, } } + if $zaqar_api { + ::tripleo::haproxy::endpoint { 'zaqar_api': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('zaqar_api_vip', $controller_virtual_ip), + service_port => $ports[zaqar_api_port], + ip_addresses => hiera('zaqar_api_node_ips', $controller_hosts_real), + server_names => $controller_hosts_names_real, + mode => 'http', + public_ssl_port => $ports[zaqar_api_ssl_port], + } + } } diff --git a/manifests/network/os_net_config.pp b/manifests/network/os_net_config.pp new file mode 100644 index 0000000..7e07f6c --- /dev/null +++ b/manifests/network/os_net_config.pp @@ -0,0 +1,35 @@ +# Copyright 2016 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# == Class: tripleo::network::os_net_config +# +# Configure os-net-config for TripleO. +# +class tripleo::network::os_net_config { + + include ::vswitch::ovs + ensure_packages('os-net-config', { ensure => present }) + + exec { 'os-net-config': + command => '/bin/os-net-config -c /etc/os-net-config/config.json -v --detailed-exit-codes', + returns => [0, 2], + require => [ + Package['os-net-config'], + Package['openvswitch'], + Service['openvswitch'], + ], + } + +} diff --git a/manifests/profile/base/aodh.pp b/manifests/profile/base/aodh.pp new file mode 100644 index 0000000..28156a0 --- /dev/null +++ b/manifests/profile/base/aodh.pp @@ -0,0 +1,53 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::aodh +# +# aodh profile for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# +class tripleo::profile::base::aodh ( + $step = hiera('step'), + $bootstrap_node = hiera('bootstrap_nodeid', undef), +) { + + if $::hostname == downcase($bootstrap_node) { + $sync_db = true + } else { + $sync_db = false + } + + if $step >= 3 and $sync_db { + include ::aodh::db::mysql + } + + if $step >= 4 and $sync_db { + include ::aodh + include ::aodh::auth + include ::aodh::config + include ::aodh::client + include ::aodh::db::sync + } + +} diff --git a/manifests/profile/base/aodh/api.pp b/manifests/profile/base/aodh/api.pp new file mode 100644 index 0000000..3aa436d --- /dev/null +++ b/manifests/profile/base/aodh/api.pp @@ -0,0 +1,47 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::aodh::api +# +# aodh API profile for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# +class tripleo::profile::base::aodh::api ( + $step = hiera('step'), + $bootstrap_node = hiera('bootstrap_nodeid', undef), +) { + + if $::hostname == downcase($bootstrap_node) { + $sync_db = true + } else { + $sync_db = false + } + + include ::tripleo::profile::base::aodh + + if $step >= 4 and $sync_db { + include ::aodh::api + include ::aodh::wsgi::apache + } +} diff --git a/manifests/profile/base/aodh/evaluator.pp b/manifests/profile/base/aodh/evaluator.pp new file mode 100644 index 0000000..46d1d14 --- /dev/null +++ b/manifests/profile/base/aodh/evaluator.pp @@ -0,0 +1,48 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::aodh::evaluator +# +# aodh evaluator profile for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# +class tripleo::profile::base::aodh::evaluator ( + $step = hiera('step'), + $bootstrap_node = hiera('bootstrap_nodeid', undef), +) { + + if $::hostname == downcase($bootstrap_node) { + $sync_db = true + } else { + $sync_db = false + } + + include ::tripleo::profile::base::aodh + + if $step >= 4 and $sync_db { + include ::aodh::evaluator + } + +} + diff --git a/manifests/profile/base/aodh/listener.pp b/manifests/profile/base/aodh/listener.pp new file mode 100644 index 0000000..93f37fa --- /dev/null +++ b/manifests/profile/base/aodh/listener.pp @@ -0,0 +1,48 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::aodh::listener +# +# aodh listener profile for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# +class tripleo::profile::base::aodh::listener ( + $step = hiera('step'), + $bootstrap_node = hiera('bootstrap_nodeid', undef), +) { + + if $::hostname == downcase($bootstrap_node) { + $sync_db = true + } else { + $sync_db = false + } + + include ::tripleo::profile::base::aodh + + if $step >= 4 and $sync_db { + include ::aodh::listener + } + +} + diff --git a/manifests/profile/base/aodh/notifier.pp b/manifests/profile/base/aodh/notifier.pp new file mode 100644 index 0000000..0686012 --- /dev/null +++ b/manifests/profile/base/aodh/notifier.pp @@ -0,0 +1,48 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::aodh::notifier +# +# aodh notifier profile for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# +class tripleo::profile::base::aodh::notifier ( + $step = hiera('step'), + $bootstrap_node = hiera('bootstrap_nodeid', undef), +) { + + if $::hostname == downcase($bootstrap_node) { + $sync_db = true + } else { + $sync_db = false + } + + include ::tripleo::profile::base::aodh + + if $step >= 4 and $sync_db { + include ::aodh::notifier + } + +} + diff --git a/manifests/profile/base/ceph/osd.pp b/manifests/profile/base/ceph/osd.pp index a9224d3..9736656 100644 --- a/manifests/profile/base/ceph/osd.pp +++ b/manifests/profile/base/ceph/osd.pp @@ -34,7 +34,7 @@ class tripleo::profile::base::ceph::osd ( include ::tripleo::profile::base::ceph - if $step >= 2 { + if $step >= 3 { if $ceph_osd_selinux_permissive { exec { 'set selinux to permissive on boot': command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config", diff --git a/manifests/profile/base/haproxy.pp b/manifests/profile/base/haproxy.pp index 8e73ce3..7951941 100644 --- a/manifests/profile/base/haproxy.pp +++ b/manifests/profile/base/haproxy.pp @@ -68,7 +68,9 @@ class tripleo::profile::base::haproxy ( # This is only needed for certmonger's local CA. For any other CA this # operation (trusting the CA) should be done by the deployer. if $certmonger_ca == 'local' { - include ::tripleo::certmonger::ca::local + class { '::tripleo::certmonger::ca::local': + notify => Class['::tripleo::haproxy'] + } } Certmonger_certificate { diff --git a/manifests/profile/base/ironic.pp b/manifests/profile/base/ironic.pp index dd30dd7..ca4f366 100644 --- a/manifests/profile/base/ironic.pp +++ b/manifests/profile/base/ironic.pp @@ -30,19 +30,20 @@ class tripleo::profile::base::ironic ( $bootstrap_node = hiera('bootstrap_nodeid', undef), $step = hiera('step'), ) { + # Database is accessed by both API and conductor, hence it's here. if $::hostname == downcase($bootstrap_node) { $sync_db = true } else { $sync_db = false } - if $step >= 3 { - include ::ironic + if $step >= 3 and $sync_db { + include ::ironic::db::mysql + } - # Database is accessed by both API and conductor, hence it's here. - if $sync_db { - include ::ironic::db::mysql - include ::ironic::db::sync + if $step >= 4 or ($step >= 3 and $sync_db) { + class { '::ironic': + sync_db => $sync_db, } } } diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index 9617c11..bba98f8 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -67,34 +67,6 @@ class tripleo::profile::base::keystone ( include ::keystone::endpoint } - #TODO: need a cleanup-keystone-tokens.sh solution here - file { [ '/etc/keystone/ssl', '/etc/keystone/ssl/certs', '/etc/keystone/ssl/private' ]: - ensure => 'directory', - owner => 'keystone', - group => 'keystone', - require => Package['keystone'], - } - file { '/etc/keystone/ssl/certs/signing_cert.pem': - content => hiera('keystone_signing_certificate'), - owner => 'keystone', - group => 'keystone', - notify => Service[$::apache::params::service_name], - require => File['/etc/keystone/ssl/certs'], - } - file { '/etc/keystone/ssl/private/signing_key.pem': - content => hiera('keystone_signing_key'), - owner => 'keystone', - group => 'keystone', - notify => Service[$::apache::params::service_name], - require => File['/etc/keystone/ssl/private'], - } - file { '/etc/keystone/ssl/certs/ca.pem': - content => hiera('keystone_ca_certificate'), - owner => 'keystone', - group => 'keystone', - notify => Service[$::apache::params::service_name], - require => File['/etc/keystone/ssl/certs'], - } } if $step >= 5 and $manage_db_purge { diff --git a/manifests/profile/base/mistral.pp b/manifests/profile/base/mistral.pp index 42507b9..c0b0538 100644 --- a/manifests/profile/base/mistral.pp +++ b/manifests/profile/base/mistral.pp @@ -18,22 +18,34 @@ # # === Parameters # -# [*sync_db*] -# (Optional) Whether to run db sync -# Defaults to true -# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') # +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# class tripleo::profile::base::mistral ( - $sync_db = true, - $step = hiera('step'), + $step = hiera('step'), + $bootstrap_node = hiera('bootstrap_nodeid', undef), ) { - if $step >= 3 { + if $::hostname == downcase($bootstrap_node) { + $sync_db = true + } else { + $sync_db = false + } + + if $step >= 3 and $sync_db { + include ::mistral::db::mysql + } + + if $step >= 4 and $sync_db { include ::mistral include ::mistral::config + include ::mistral::client + include ::mistral::db::sync } } diff --git a/manifests/profile/base/mistral/api.pp b/manifests/profile/base/mistral/api.pp index b955c8d..38e1e61 100644 --- a/manifests/profile/base/mistral/api.pp +++ b/manifests/profile/base/mistral/api.pp @@ -23,13 +23,24 @@ # for more details. # Defaults to hiera('step') # +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# class tripleo::profile::base::mistral::api ( $step = hiera('step'), + $bootstrap_node = hiera('bootstrap_nodeid', undef), ) { + if $::hostname == downcase($bootstrap_node) { + $sync_db = true + } else { + $sync_db = false + } + include ::tripleo::profile::base::mistral - if $step >= 4 { + if $step >= 4 and $sync_db { include ::mistral::api } } diff --git a/manifests/profile/base/mistral/engine.pp b/manifests/profile/base/mistral/engine.pp index 141cbad..dfcbc2c 100644 --- a/manifests/profile/base/mistral/engine.pp +++ b/manifests/profile/base/mistral/engine.pp @@ -18,28 +18,29 @@ # # === Parameters # -# [*sync_db*] -# (Optional) Whether to run db sync -# Defaults to undef -# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') # +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# class tripleo::profile::base::mistral::engine ( - $sync_db = true, $step = hiera('step'), + $bootstrap_node = hiera('bootstrap_nodeid', undef), ) { - include ::tripleo::profile::base::mistral - - if $step >= 3 and $sync_db { - include ::mistral::db::mysql - include ::mistral::db::sync + if $::hostname == downcase($bootstrap_node) { + $sync_db = true + } else { + $sync_db = false } - if $step >= 4 { + include ::tripleo::profile::base::mistral + + if $step >= 4 and $sync_db { include ::mistral::engine } diff --git a/manifests/profile/base/mistral/executor.pp b/manifests/profile/base/mistral/executor.pp index d7b5776..6f101c8 100644 --- a/manifests/profile/base/mistral/executor.pp +++ b/manifests/profile/base/mistral/executor.pp @@ -23,13 +23,25 @@ # for more details. # Defaults to hiera('step') # +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# class tripleo::profile::base::mistral::executor ( $step = hiera('step'), + $bootstrap_node = hiera('bootstrap_nodeid', undef), + ) { + if $::hostname == downcase($bootstrap_node) { + $sync_db = true + } else { + $sync_db = false + } + include ::tripleo::profile::base::mistral - if $step >= 4 { + if $step >= 4 and $sync_db { include ::mistral::executor } diff --git a/manifests/profile/base/monitoring/fluentd.pp b/manifests/profile/base/monitoring/fluentd.pp new file mode 100644 index 0000000..1ea7d39 --- /dev/null +++ b/manifests/profile/base/monitoring/fluentd.pp @@ -0,0 +1,40 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::monitoring::fluentd +# +# FluentD configuration for TripleO +# +# === Parameters +# +# [*step*] +# (Optional) String. The current step of the deployment +# Defaults to hiera('step') +# +class tripleo::profile::base::monitoring::fluentd ( + $step = hiera('step', undef) +) { + + if $step == undef or $step >= 3 { + include ::fluentd + + ::fluentd::plugin { 'rubygem-fluent-plugin-add': + plugin_provider => 'yum', + } + + ::fluentd::plugin { 'rubygem-fluent-plugin-elasticsearch': + plugin_provider => 'yum', + } + } +} diff --git a/manifests/profile/base/monitoring/rabbitmq.pp b/manifests/profile/base/monitoring/rabbitmq.pp new file mode 100644 index 0000000..4c5ad41 --- /dev/null +++ b/manifests/profile/base/monitoring/rabbitmq.pp @@ -0,0 +1,54 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::sensu::rabbitmq +# +# RabbitMQ configuration for Sensu stack for TripleO +# +# === Parameters +# +# [*vhost*] +# (Optional) String. RabbitMQ vhost to be used by Sensu +# Defaults to '/sensu' +# +# [*user*] +# (Optional) String. Username to connect to RabbitMQ server +# Defaults to hiera('rabbit_username', 'sensu') +# +# [*password*] +# (Optional) String. Password to connect to RabbitMQ server +# Defaults to hiera('rabbit_password', undef) +# +class tripleo::profile::base::monitoring::rabbitmq ( + $vhost = hiera('monitoring_rabbitmq_vhost', '/sensu'), + $user = hiera('monitoring_rabbitmq_username', 'sensu'), + $password = hiera('monitoring_rabbitmq_password', undef), +) { + rabbitmq_vhost { 'sensu-rabbit-vhost': + ensure => present, + name => $vhost + } + + rabbitmq_user { 'sensu-rabbit-user': + name => $user, + password => $password, + tags => ['monitoring'] + } + + rabbitmq_user_permissions { "${user}@${vhost}": + configure_permission => '.*', + read_permission => '.*', + write_permission => '.*', + } +} diff --git a/manifests/certmonger.pp b/manifests/profile/base/monitoring/sensu.pp index e5f5e04..af09059 100644 --- a/manifests/certmonger.pp +++ b/manifests/profile/base/monitoring/sensu.pp @@ -12,26 +12,25 @@ # License for the specific language governing permissions and limitations # under the License. # -# == Class: tripleo::certmonger +# == Class: tripleo::profile::base::monitoring::sensu # -# Sets some default defaults necessary for the global certmonger setup. +# Sensu configuration for TripleO # # === Parameters # -# [*global_ca*] -# The certmonger nickname for the CA that will be used. +# [*step*] +# (Optional) String. The current step of the deployment +# Defaults to hiera('step') # -class tripleo::certmonger ( - $global_ca -){ - include ::certmonger +class tripleo::profile::base::monitoring::sensu ( + $step = hiera('step', undef), +) { - Certmonger_certificate { - ca => $global_ca, - ensure => 'present', - certbackend => 'FILE', - keybackend => 'FILE', - wait => true, - require => Class['::certmonger'], + if $step == undef or $step >= 3 { + include ::sensu + + package { 'osops-tools-monitoring-oschecks': + ensure => 'present' + } } } diff --git a/manifests/profile/base/monitoring/uchiwa.pp b/manifests/profile/base/monitoring/uchiwa.pp new file mode 100644 index 0000000..7c61f3e --- /dev/null +++ b/manifests/profile/base/monitoring/uchiwa.pp @@ -0,0 +1,32 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::monitoring::uchiwa +# +# Monitoring dashboards for TripleO +# +# === Parameters +# +# [*step*] +# (Optional) String. The current step of the deployment +# Defaults to hiera('step') +# +class tripleo::profile::base::monitoring::uchiwa ( + $step = hiera('step', undef), +) { + + if $step == undef or $step >= 3 { + include ::uchiwa + } +} diff --git a/manifests/profile/base/nova.pp b/manifests/profile/base/nova.pp index 52a4c73..877184d 100644 --- a/manifests/profile/base/nova.pp +++ b/manifests/profile/base/nova.pp @@ -18,6 +18,10 @@ # # === Parameters # +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# # [*step*] # (Optional) The current step of the deployment # Defaults to hiera('step') @@ -35,26 +39,32 @@ # Defaults to false # class tripleo::profile::base::nova ( + $bootstrap_node = hiera('bootstrap_nodeid', undef), $step = hiera('step'), $manage_migration = false, $libvirt_enabled = false, $nova_compute_enabled = false, ) { + if $::hostname == downcase($bootstrap_node) { + $sync_db = true + } else { + $sync_db = false + } if hiera('nova::use_ipv6', false) { - $memcached_servers = suffix(hiera('memcache_node_ips_v6'), ':11211') + $memcache_servers = suffix(hiera('memcache_node_ips_v6'), ':11211') } else { - $memcached_servers = suffix(hiera('memcache_node_ips'), ':11211') + $memcache_servers = suffix(hiera('memcache_node_ips'), ':11211') } - if $step >= 3 { + + if hiera('step') >= 4 or (hiera('step') >= 3 and $sync_db) { include ::nova - # TODO(emilien): once we merge https://review.openstack.org/#/c/325983/ - # let's override the value this way. - warning('Overriding memcached_servers from puppet-tripleo until 325983 lands.') - Nova { - memcached_servers => $memcached_servers, - } include ::nova::config + class { '::nova::cache': + enabled => true, + backend => 'oslo_cache.memcache_pool', + memcache_servers => $memcache_servers, + } } if $step >= 4 { diff --git a/manifests/profile/base/nova/compute/ironic.pp b/manifests/profile/base/nova/compute/ironic.pp new file mode 100644 index 0000000..a01e90f --- /dev/null +++ b/manifests/profile/base/nova/compute/ironic.pp @@ -0,0 +1,36 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::nova::compute::ironic +# +# Nova Compute Ironic profile for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::nova::compute::ironic ( + $step = hiera('step'), +) { + + if $step >= 4 { + include ::tripleo::profile::base::nova::compute + include ::nova::compute::ironic + include ::nova::network::neutron + } + +} diff --git a/manifests/profile/base/pacemaker.pp b/manifests/profile/base/pacemaker.pp index 1785656..de3de3c 100644 --- a/manifests/profile/base/pacemaker.pp +++ b/manifests/profile/base/pacemaker.pp @@ -81,12 +81,6 @@ class tripleo::profile::base::pacemaker ( if $step >= 2 { if $pacemaker_master { include ::pacemaker::resource_defaults - - # Create an openstack-core dummy resource. See RHBZ 1290121 - pacemaker::resource::ocf { 'openstack-core': - ocf_agent_name => 'heartbeat:Dummy', - clone_params => 'interleave=true', - } } } diff --git a/manifests/profile/pacemaker/apache.pp b/manifests/profile/pacemaker/apache.pp index f23d3e7..4b0b16e 100644 --- a/manifests/profile/pacemaker/apache.pp +++ b/manifests/profile/pacemaker/apache.pp @@ -44,5 +44,15 @@ class tripleo::profile::pacemaker::apache ( clone_params => 'interleave=true', verify_on_create => true, } + pacemaker::constraint::base { 'openstack-core-then-httpd-constraint': + constraint_type => 'order', + first_resource => 'openstack-core-clone', + second_resource => "${::apache::params::service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::apache::params::service_name], + Pacemaker::Resource::Ocf['openstack-core']], + } } + } diff --git a/manifests/profile/pacemaker/cinder/scheduler.pp b/manifests/profile/pacemaker/cinder/scheduler.pp index 9b79903..00b0696 100644 --- a/manifests/profile/pacemaker/cinder/scheduler.pp +++ b/manifests/profile/pacemaker/cinder/scheduler.pp @@ -67,6 +67,22 @@ class tripleo::profile::pacemaker::cinder::scheduler ( require => [Pacemaker::Resource::Service[$::cinder::params::api_service], Pacemaker::Resource::Service[$::cinder::params::scheduler_service]], } + pacemaker::constraint::base { 'cinder-scheduler-then-cinder-volume-constraint': + constraint_type => 'order', + first_resource => "${::cinder::params::scheduler_service}-clone", + second_resource => $::cinder::params::volume_service, + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::cinder::params::scheduler_service], + Pacemaker::Resource::Service[$::cinder::params::volume_service]], + } + pacemaker::constraint::colocation { 'cinder-volume-with-cinder-scheduler-colocation': + source => $::cinder::params::volume_service, + target => "${::cinder::params::scheduler_service}-clone", + score => 'INFINITY', + require => [Pacemaker::Resource::Service[$::cinder::params::scheduler_service], + Pacemaker::Resource::Service[$::cinder::params::volume_service]], + } } } diff --git a/manifests/profile/pacemaker/cinder/volume.pp b/manifests/profile/pacemaker/cinder/volume.pp index a4f251e..d909831 100644 --- a/manifests/profile/pacemaker/cinder/volume.pp +++ b/manifests/profile/pacemaker/cinder/volume.pp @@ -32,7 +32,7 @@ class tripleo::profile::pacemaker::cinder::volume ( $step = hiera('step'), ) { - Service <| tag == 'cinder-service' |> { + Service <| tag == 'cinder::volume' |> { hasrestart => true, restart => '/bin/true', start => '/bin/true', @@ -49,22 +49,6 @@ class tripleo::profile::pacemaker::cinder::volume ( if $step >= 5 and $pacemaker_master { pacemaker::resource::service { $::cinder::params::volume_service : } - pacemaker::constraint::base { 'cinder-scheduler-then-cinder-volume-constraint': - constraint_type => 'order', - first_resource => "${::cinder::params::scheduler_service}-clone", - second_resource => $::cinder::params::volume_service, - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::cinder::params::scheduler_service], - Pacemaker::Resource::Service[$::cinder::params::volume_service]], - } - pacemaker::constraint::colocation { 'cinder-volume-with-cinder-scheduler-colocation': - source => $::cinder::params::volume_service, - target => "${::cinder::params::scheduler_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::cinder::params::scheduler_service], - Pacemaker::Resource::Service[$::cinder::params::volume_service]], - } } } diff --git a/manifests/profile/pacemaker/core.pp b/manifests/profile/pacemaker/core.pp new file mode 100644 index 0000000..b8b0781 --- /dev/null +++ b/manifests/profile/pacemaker/core.pp @@ -0,0 +1,59 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::pacemaker::core +# +# Core Pacemaker HA profile for tripleo +# +# === Parameters +# +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::pacemaker::core ( + $bootstrap_node = hiera('bootstrap_nodeid'), + $step = hiera('step'), +) { + + if $::hostname == downcase($bootstrap_node) { + $pacemaker_master = true + } else { + $pacemaker_master = false + } + + if $step >= 2 and $pacemaker_master { + pacemaker::resource::ocf { 'openstack-core': + ocf_agent_name => 'heartbeat:Dummy', + clone_params => 'interleave=true', + } + } + + if $step >= 5 and $pacemaker_master { + pacemaker::constraint::base { 'galera-then-openstack-core-constraint': + constraint_type => 'order', + first_resource => 'galera-master', + second_resource => 'openstack-core-clone', + first_action => 'promote', + second_action => 'start', + require => [Pacemaker::Resource::Ocf['galera'], + Pacemaker::Resource::Ocf['openstack-core']], + } + } +} diff --git a/manifests/profile/pacemaker/database/mysql.pp b/manifests/profile/pacemaker/database/mysql.pp index 80015d0..cc95092 100644 --- a/manifests/profile/pacemaker/database/mysql.pp +++ b/manifests/profile/pacemaker/database/mysql.pp @@ -168,17 +168,6 @@ MYSQL_HOST=localhost\n", password=\"${mysql_root_password}\"", require => Exec['galera-set-root-password'], } - if $pacemaker_master { - pacemaker::constraint::base { 'galera-then-openstack-core-constraint': - constraint_type => 'order', - first_resource => 'galera-master', - second_resource => 'openstack-core-clone', - first_action => 'promote', - second_action => 'start', - require => [Pacemaker::Resource::Ocf['galera'], - Pacemaker::Resource::Ocf['openstack-core']], - } - } } } diff --git a/manifests/profile/pacemaker/gnocchi.pp b/manifests/profile/pacemaker/gnocchi.pp index edc1728..c8630ce 100644 --- a/manifests/profile/pacemaker/gnocchi.pp +++ b/manifests/profile/pacemaker/gnocchi.pp @@ -70,6 +70,15 @@ class tripleo::profile::pacemaker::gnocchi ( if $step >= 5 and $pacemaker_master { + pacemaker::constraint::base { 'keystone-then-gnocchi-metricd-constraint': + constraint_type => 'order', + first_resource => 'openstack-core-clone', + second_resource => "${::gnocchi::params::metricd_service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::gnocchi::params::metricd_service_name], + Pacemaker::Resource::Ocf['openstack-core']], + } pacemaker::constraint::base { 'gnocchi-metricd-then-gnocchi-statsd-constraint': constraint_type => 'order', first_resource => "${::gnocchi::params::metricd_service_name}-clone", diff --git a/manifests/profile/pacemaker/keystone.pp b/manifests/profile/pacemaker/keystone.pp index 1cd5178..f48193a 100644 --- a/manifests/profile/pacemaker/keystone.pp +++ b/manifests/profile/pacemaker/keystone.pp @@ -77,9 +77,6 @@ class tripleo::profile::pacemaker::keystone ( require => [Pacemaker::Resource::Ocf['rabbitmq'], Pacemaker::Resource::Ocf['openstack-core']], } - File['/etc/keystone/ssl/certs/ca.pem'] -> Pacemaker::Resource::Service[$::apache::params::service_name] - File['/etc/keystone/ssl/private/signing_key.pem'] -> Pacemaker::Resource::Service[$::apache::params::service_name] - File['/etc/keystone/ssl/certs/signing_cert.pem'] -> Pacemaker::Resource::Service[$::apache::params::service_name] } } diff --git a/manifests/profile/pacemaker/manila.pp b/manifests/profile/pacemaker/manila.pp index 37cab9f..f3666c2 100644 --- a/manifests/profile/pacemaker/manila.pp +++ b/manifests/profile/pacemaker/manila.pp @@ -122,7 +122,6 @@ class tripleo::profile::pacemaker::manila ( include ::tripleo::profile::base::manila::scheduler include ::tripleo::profile::base::manila::share - $manila_generic_enable = hiera('manila_generic_enable_backend', false) if $manila_generic_enable { $manila_generic_backend = hiera('manila::backend::generic::title') manila::backend::generic { $manila_generic_backend : diff --git a/manifests/profile/pacemaker/neutron.pp b/manifests/profile/pacemaker/neutron.pp index 75a75b3..0298298 100644 --- a/manifests/profile/pacemaker/neutron.pp +++ b/manifests/profile/pacemaker/neutron.pp @@ -181,5 +181,31 @@ class tripleo::profile::pacemaker::neutron ( Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service]] } } + + #VSM + if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { + pacemaker::resource::ocf { 'vsm-p' : + ocf_agent_name => 'heartbeat:VirtualDomain', + resource_params => 'force_stop=true config=/var/spool/cisco/vsm/vsm_primary_deploy.xml', + require => Class['n1k_vsm'], + meta_params => 'resource-stickiness=INFINITY', + } + if str2bool(hiera('n1k_vsm::pacemaker_control', true)) { + pacemaker::resource::ocf { 'vsm-s' : + ocf_agent_name => 'heartbeat:VirtualDomain', + resource_params => 'force_stop=true config=/var/spool/cisco/vsm/vsm_secondary_deploy.xml', + require => Class['n1k_vsm'], + meta_params => 'resource-stickiness=INFINITY', + } + pacemaker::constraint::colocation { 'vsm-colocation-contraint': + source => 'vsm-p', + target => 'vsm-s', + score => '-INFINITY', + require => [Pacemaker::Resource::Ocf['vsm-p'], + Pacemaker::Resource::Ocf['vsm-s']], + } + } + } + } } diff --git a/manifests/profile/pacemaker/nova.pp b/manifests/profile/pacemaker/nova.pp index 13c6128..62a8042 100644 --- a/manifests/profile/pacemaker/nova.pp +++ b/manifests/profile/pacemaker/nova.pp @@ -26,6 +26,13 @@ class tripleo::profile::pacemaker::nova ( $step = hiera('step'), ) { - include ::tripleo::profile::base::nova + Service <| + tag == 'nova-service' + |> { + hasrestart => true, + restart => '/bin/true', + start => '/bin/true', + stop => '/bin/true', + } } diff --git a/manifests/profile/pacemaker/nova/api.pp b/manifests/profile/pacemaker/nova/api.pp index 8a6dc8d..5e8f15f 100644 --- a/manifests/profile/pacemaker/nova/api.pp +++ b/manifests/profile/pacemaker/nova/api.pp @@ -48,6 +48,40 @@ class tripleo::profile::pacemaker::nova::api ( pacemaker::resource::service { $::nova::params::api_service_name: clone_params => 'interleave=true', } + + pacemaker::constraint::base { 'nova-vncproxy-then-nova-api-constraint': + constraint_type => 'order', + first_resource => "${::nova::params::vncproxy_service_name}-clone", + second_resource => "${::nova::params::api_service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name], + Pacemaker::Resource::Service[$::nova::params::api_service_name]], + } + pacemaker::constraint::colocation { 'nova-api-with-nova-vncproxy-colocation': + source => "${::nova::params::api_service_name}-clone", + target => "${::nova::params::vncproxy_service_name}-clone", + score => 'INFINITY', + require => [Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name], + Pacemaker::Resource::Service[$::nova::params::api_service_name]], + } + pacemaker::constraint::base { 'nova-api-then-nova-scheduler-constraint': + constraint_type => 'order', + first_resource => "${::nova::params::api_service_name}-clone", + second_resource => "${::nova::params::scheduler_service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::nova::params::api_service_name], + Pacemaker::Resource::Service[$::nova::params::scheduler_service_name]], + } + pacemaker::constraint::colocation { 'nova-scheduler-with-nova-api-colocation': + source => "${::nova::params::scheduler_service_name}-clone", + target => "${::nova::params::api_service_name}-clone", + score => 'INFINITY', + require => [Pacemaker::Resource::Service[$::nova::params::api_service_name], + Pacemaker::Resource::Service[$::nova::params::scheduler_service_name]], + } + } } diff --git a/manifests/profile/pacemaker/nova/conductor.pp b/manifests/profile/pacemaker/nova/conductor.pp index 3d5e41e..3e390e0 100644 --- a/manifests/profile/pacemaker/nova/conductor.pp +++ b/manifests/profile/pacemaker/nova/conductor.pp @@ -47,6 +47,25 @@ class tripleo::profile::pacemaker::nova::conductor ( pacemaker::resource::service { $::nova::params::conductor_service_name: clone_params => 'interleave=true', } + + pacemaker::constraint::base { 'nova-scheduler-then-nova-conductor-constraint': + constraint_type => 'order', + first_resource => "${::nova::params::scheduler_service_name}-clone", + second_resource => "${::nova::params::conductor_service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::nova::params::scheduler_service_name], + Pacemaker::Resource::Service[$::nova::params::conductor_service_name]], + } + pacemaker::constraint::colocation { 'nova-conductor-with-nova-scheduler-colocation': + source => "${::nova::params::conductor_service_name}-clone", + target => "${::nova::params::scheduler_service_name}-clone", + score => 'INFINITY', + require => [Pacemaker::Resource::Service[$::nova::params::scheduler_service_name], + Pacemaker::Resource::Service[$::nova::params::conductor_service_name]], + } + + # If Service['nova-compute'] is in catalog, make sure we start it after # nova-conductor pcmk resource. # Also make sure to restart nova-compute if nova-conductor pcmk resource changed diff --git a/manifests/profile/pacemaker/nova/consoleauth.pp b/manifests/profile/pacemaker/nova/consoleauth.pp index fb9428a..ad538c4 100644 --- a/manifests/profile/pacemaker/nova/consoleauth.pp +++ b/manifests/profile/pacemaker/nova/consoleauth.pp @@ -47,6 +47,40 @@ class tripleo::profile::pacemaker::nova::consoleauth ( pacemaker::resource::service { $::nova::params::consoleauth_service_name: clone_params => 'interleave=true', } + + pacemaker::constraint::base { 'keystone-then-nova-consoleauth-constraint': + constraint_type => 'order', + first_resource => 'openstack-core-clone', + second_resource => "${::nova::params::consoleauth_service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name], + Pacemaker::Resource::Ocf['openstack-core']], + } + pacemaker::constraint::colocation { 'nova-consoleauth-with-openstack-core': + source => "${::nova::params::consoleauth_service_name}-clone", + target => 'openstack-core-clone', + score => 'INFINITY', + require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name], + Pacemaker::Resource::Ocf['openstack-core']], + } + pacemaker::constraint::base { 'nova-consoleauth-then-nova-vncproxy-constraint': + constraint_type => 'order', + first_resource => "${::nova::params::consoleauth_service_name}-clone", + second_resource => "${::nova::params::vncproxy_service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name], + Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name]], + } + pacemaker::constraint::colocation { 'nova-vncproxy-with-nova-consoleauth-colocation': + source => "${::nova::params::vncproxy_service_name}-clone", + target => "${::nova::params::consoleauth_service_name}-clone", + score => 'INFINITY', + require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name], + Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name]], + } + } } diff --git a/manifests/profile/pacemaker/sahara.pp b/manifests/profile/pacemaker/sahara.pp index e6e5117..0627017 100644 --- a/manifests/profile/pacemaker/sahara.pp +++ b/manifests/profile/pacemaker/sahara.pp @@ -18,18 +18,13 @@ # # === Parameters # -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to hiera('bootstrap_nodeid') -# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') # class tripleo::profile::pacemaker::sahara ( - $bootstrap_node = hiera('bootstrap_nodeid'), - $step = hiera('step'), + $step = hiera('step'), ) { Service <| tag == 'sahara-service' |> { @@ -39,11 +34,5 @@ class tripleo::profile::pacemaker::sahara ( stop => '/bin/true', } - if $::hostname == downcase($bootstrap_node) { - $pacemaker_master = true - } else { - $pacemaker_master = false - } - include ::tripleo::profile::base::sahara } |