diff options
Diffstat (limited to 'manifests')
-rw-r--r-- | manifests/certmonger/mysql.pp | 10 | ||||
-rw-r--r-- | manifests/haproxy.pp | 34 | ||||
-rw-r--r-- | manifests/profile/base/etcd.pp | 66 | ||||
-rw-r--r-- | manifests/profile/base/time/ntp.pp | 28 |
4 files changed, 127 insertions, 11 deletions
diff --git a/manifests/certmonger/mysql.pp b/manifests/certmonger/mysql.pp index 62aff9a..9cb6b13 100644 --- a/manifests/certmonger/mysql.pp +++ b/manifests/certmonger/mysql.pp @@ -31,11 +31,6 @@ # (Optional) The CA that certmonger will use to generate the certificates. # Defaults to hiera('certmonger_ca', 'local'). # -# [*mysql_network*] -# (Optional) The network name where the mysql endpoint is listening on. -# This is set by t-h-t. -# Defaults to hiera('mysql_network', undef) -# # [*principal*] # (Optional) The haproxy service principal that is set for MySQL in kerberos. # Defaults to undef @@ -45,16 +40,11 @@ class tripleo::certmonger::mysql ( $service_certificate, $service_key, $certmonger_ca = hiera('certmonger_ca', 'local'), - $mysql_network = hiera('mysql_network', undef), $principal = undef, ) { include ::certmonger include ::mysql::params - if !$mysql_network { - fail('mysql_network is not set in the hieradata.') - } - $postsave_cmd = "systemctl reload ${::mysql::params::service_name}" certmonger_certificate { 'mysql' : ensure => 'present', diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index cc21e37..2fa02c9 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -251,6 +251,10 @@ # (optional) Enable or not RabbitMQ binding # Defaults to false # +# [*etcd*] +# (optional) Enable or not Etcd binding +# Defaults to hiera('etcd_enabled', false) +# # [*docker_registry*] # (optional) Enable or not the Docker Registry API binding # Defaults to hiera('enable_docker_registry', false) @@ -380,6 +384,10 @@ # (optional) Specify the network nova_osapi is running on. # Defaults to hiera('nova_api_network', undef) # +# [*nova_placement_network*] +# (optional) Specify the network nova_placement is running on. +# Defaults to hiera('nova_placement_network', undef) +# # [*opendaylight_network*] # (optional) Specify the network opendaylight is running on. # Defaults to hiera('opendaylight_api_network', undef) @@ -526,6 +534,7 @@ class tripleo::haproxy ( $mysql_clustercheck = false, $mysql_member_options = undef, $rabbitmq = false, + $etcd = hiera('etcd_enabled', false), $docker_registry = hiera('enable_docker_registry', false), $redis = hiera('redis_enabled', false), $redis_password = undef, @@ -558,6 +567,7 @@ class tripleo::haproxy ( $nova_metadata_network = hiera('nova_api_network', undef), $nova_novncproxy_network = hiera('nova_vnc_proxy_network', undef), $nova_osapi_network = hiera('nova_api_network', undef), + $nova_placement_network = hiera('nova_placement_network', undef), $panko_network = hiera('panko_api_network', undef), $ovn_dbs_network = hiera('ovn_dbs_network', undef), $sahara_network = hiera('sahara_api_network', undef), @@ -713,6 +723,11 @@ class tripleo::haproxy ( "${redis_vip}:6379" => $haproxy_listen_bind_param, } + $etcd_vip = hiera('etcd_vip', $controller_virtual_ip) + $etcd_bind_opts = { + "${etcd_vip}:2379" => $haproxy_listen_bind_param, + } + class { '::haproxy': service_manage => $haproxy_service_manage, global_options => { @@ -952,7 +967,7 @@ class tripleo::haproxy ( 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], }, public_ssl_port => $ports[nova_placement_ssl_port], - service_network => $nova_osapi_network, + service_network => $nova_placement_network, member_options => union($haproxy_member_options, $internal_tls_member_options), } } @@ -1255,6 +1270,23 @@ class tripleo::haproxy ( } } + if $etcd { + haproxy::listen { 'etcd': + bind => $etcd_bind_opts, + options => { + 'balance' => 'source', + }, + collect_exported => false, + } + haproxy::balancermember { 'etcd': + listening_service => 'etcd', + ports => '2379', + ipaddresses => hiera('etcd_node_ips', $controller_hosts_real), + server_names => hiera('etcd_node_names', $controller_hosts_names_real), + options => $haproxy_member_options, + } + } + if $docker_registry { ::tripleo::haproxy::endpoint { 'docker-registry': public_virtual_ip => $public_virtual_ip, diff --git a/manifests/profile/base/etcd.pp b/manifests/profile/base/etcd.pp new file mode 100644 index 0000000..505e29f --- /dev/null +++ b/manifests/profile/base/etcd.pp @@ -0,0 +1,66 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::etcd +# +# etcd profile for tripleo +# +# === Parameters +# +# [*bind_ip*] +# (optional) IP to bind etcd service to. +# Defaults to '127.0.0.1'. +# +# [*client_port*] +# (optional) etcd client listening port. +# Defaults to '2379'. +# +# [*peer_port*] +# (optional) etcd peer listening port. +# Defaults to '2380'. +# +# [*nodes*] +# (Optional) Array of host(s) for etcd nodes. +# Defaults to hiera('etcd_node_ips', []). +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::etcd ( + $bind_ip = '127.0.0.1', + $client_port = '2379', + $peer_port = '2380', + $nodes = hiera('etcd_node_names', []), + $step = hiera('step'), +) { + if $step >= 1 { + if count($nodes) > 1 { + $cluster_enabled = true + } else { + $cluster_enabled = false + } + + class {'::etcd': + listen_client_urls => "http://${bind_ip}:${client_port}", + advertise_client_urls => "http://${bind_ip}:${client_port}", + listen_peer_urls => "http://${bind_ip}:${peer_port}", + initial_advertise_peer_urls => "http://${bind_ip}:${peer_port}", + initial_cluster => regsubst($nodes, '.+', "\\0=http://\\0:${peer_port}"), + cluster_enabled => $cluster_enabled, + proxy => 'off', + } + } +} diff --git a/manifests/profile/base/time/ntp.pp b/manifests/profile/base/time/ntp.pp new file mode 100644 index 0000000..c6ce309 --- /dev/null +++ b/manifests/profile/base/time/ntp.pp @@ -0,0 +1,28 @@ +# Copyright 2017 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::ntp +# +# Enable NTP via composable services. +# + +class tripleo::profile::base::time::ntp { + # if installed, we don't want chrony to conflict with ntp. + package { 'chrony': + ensure => 'purged', + before => Service['ntp'], + } + include ::ntp +} |