aboutsummaryrefslogtreecommitdiffstats
path: root/manifests
diff options
context:
space:
mode:
Diffstat (limited to 'manifests')
-rw-r--r--manifests/certmonger/rabbitmq.pp4
-rw-r--r--manifests/haproxy.pp4
-rw-r--r--manifests/haproxy/endpoint.pp2
-rw-r--r--manifests/profile/base/etcd.pp7
-rw-r--r--manifests/profile/base/neutron/agents/l2gw.pp35
-rw-r--r--manifests/profile/base/neutron/sriov.pp2
-rw-r--r--manifests/profile/base/nova.pp87
-rw-r--r--manifests/profile/base/sshd.pp56
-rw-r--r--manifests/ui.pp23
9 files changed, 156 insertions, 64 deletions
diff --git a/manifests/certmonger/rabbitmq.pp b/manifests/certmonger/rabbitmq.pp
index 344adef..4a47938 100644
--- a/manifests/certmonger/rabbitmq.pp
+++ b/manifests/certmonger/rabbitmq.pp
@@ -31,10 +31,6 @@
# (Optional) The CA that certmonger will use to generate the certificates.
# Defaults to hiera('certmonger_ca', 'local').
#
-# [*file_owner*]
-# (Optional) The user which the certificate and key files belong to.
-# Defaults to 'root'
-#
# [*principal*]
# (Optional) The service principal that is set for the service in kerberos.
# Defaults to undef
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index 9d8190e..0b69245 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -1378,7 +1378,7 @@ class tripleo::haproxy (
server_names => hiera('mysql_node_names', $controller_hosts_names_real),
options => $mysql_member_options_real,
}
- if hiera('manage_firewall', true) {
+ if hiera('tripleo::firewall::manage_firewall', true) {
include ::tripleo::firewall
$mysql_firewall_rules = {
'100 mysql_haproxy' => {
@@ -1463,7 +1463,7 @@ class tripleo::haproxy (
server_names => hiera('redis_node_names', $controller_hosts_names_real),
options => $haproxy_member_options,
}
- if hiera('manage_firewall', true) {
+ if hiera('tripleo::firewall::manage_firewall', true) {
include ::tripleo::firewall
$redis_firewall_rules = {
'100 redis_haproxy' => {
diff --git a/manifests/haproxy/endpoint.pp b/manifests/haproxy/endpoint.pp
index da2aba3..16e0bd1 100644
--- a/manifests/haproxy/endpoint.pp
+++ b/manifests/haproxy/endpoint.pp
@@ -147,7 +147,7 @@ define tripleo::haproxy::endpoint (
server_names => $server_names,
options => $member_options,
}
- if hiera('manage_firewall', true) {
+ if hiera('tripleo::firewall::manage_firewall', true) {
include ::tripleo::firewall
# This block will construct firewall rules only when we specify
# a port for the regular service and also the ssl port for the service.
diff --git a/manifests/profile/base/etcd.pp b/manifests/profile/base/etcd.pp
index 505e29f..fc4771f 100644
--- a/manifests/profile/base/etcd.pp
+++ b/manifests/profile/base/etcd.pp
@@ -47,19 +47,12 @@ class tripleo::profile::base::etcd (
$step = hiera('step'),
) {
if $step >= 1 {
- if count($nodes) > 1 {
- $cluster_enabled = true
- } else {
- $cluster_enabled = false
- }
-
class {'::etcd':
listen_client_urls => "http://${bind_ip}:${client_port}",
advertise_client_urls => "http://${bind_ip}:${client_port}",
listen_peer_urls => "http://${bind_ip}:${peer_port}",
initial_advertise_peer_urls => "http://${bind_ip}:${peer_port}",
initial_cluster => regsubst($nodes, '.+', "\\0=http://\\0:${peer_port}"),
- cluster_enabled => $cluster_enabled,
proxy => 'off',
}
}
diff --git a/manifests/profile/base/neutron/agents/l2gw.pp b/manifests/profile/base/neutron/agents/l2gw.pp
new file mode 100644
index 0000000..10cd662
--- /dev/null
+++ b/manifests/profile/base/neutron/agents/l2gw.pp
@@ -0,0 +1,35 @@
+#
+# Copyright (C) 2017 Red Hat Inc.
+#
+# Author: Peng Liu <pliu@redhat.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::neutron::agent::l2gw
+#
+# Neutron L2 Gateway agent profile for TripleO
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::neutron::agents::l2gw (
+ $step = hiera('step'),
+) {
+ if $step >= 4 {
+ include ::neutron::agents::l2gw
+ }
+}
diff --git a/manifests/profile/base/neutron/sriov.pp b/manifests/profile/base/neutron/sriov.pp
index 00ecc21..24c7b63 100644
--- a/manifests/profile/base/neutron/sriov.pp
+++ b/manifests/profile/base/neutron/sriov.pp
@@ -33,6 +33,8 @@ class tripleo::profile::base::neutron::sriov(
$mechanism_drivers = hiera('neutron::plugins::ml2::mechanism_drivers'),
) {
+ include ::tripleo::profile::base::neutron
+
if $step >= 4 {
if 'sriovnicswitch' in $mechanism_drivers {
include ::neutron::agents::ml2::sriov
diff --git a/manifests/profile/base/nova.pp b/manifests/profile/base/nova.pp
index 36425f6..ab9b615 100644
--- a/manifests/profile/base/nova.pp
+++ b/manifests/profile/base/nova.pp
@@ -82,6 +82,15 @@
# (Optional) The current step of the deployment
# Defaults to hiera('step')
#
+# [*migration_ssh_key*]
+# (Optional) SSH key pair for migration SSH tunnel.
+# Expects a hash with keys 'private_key' and 'public_key'.
+# Defaults to {}
+#
+# [*libvirt_tls*]
+# (Optional) Whether or not libvird TLS service is enabled.
+# Defaults to false
+
class tripleo::profile::base::nova (
$bootstrap_node = hiera('bootstrap_nodeid', undef),
$libvirt_enabled = false,
@@ -99,6 +108,8 @@ class tripleo::profile::base::nova (
$oslomsg_use_ssl = hiera('nova::rabbit_use_ssl', '0'),
$nova_compute_enabled = false,
$step = hiera('step'),
+ $migration_ssh_key = {},
+ $libvirt_tls = false
) {
if $::hostname == downcase($bootstrap_node) {
$sync_db = true
@@ -114,7 +125,62 @@ class tripleo::profile::base::nova (
if $step >= 4 or ($step >= 3 and $sync_db) {
$oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
- class { '::nova' :
+ include ::nova::config
+ class { '::nova::cache':
+ enabled => true,
+ backend => 'oslo_cache.memcache_pool',
+ memcache_servers => $memcache_servers,
+ }
+ include ::nova::placement
+
+ if $step >= 4 and $manage_migration {
+
+ # Libvirt setup (live-migration)
+ if $libvirt_tls {
+ class { '::nova::migration::libvirt':
+ transport => 'tls',
+ configure_libvirt => $libvirt_enabled,
+ configure_nova => $nova_compute_enabled,
+ }
+ } else {
+ # Reuse the cold-migration SSH tunnel when TLS is not enabled
+ class { '::nova::migration::libvirt':
+ transport => 'ssh',
+ configure_libvirt => $libvirt_enabled,
+ configure_nova => $nova_compute_enabled,
+ client_user => 'nova',
+ client_extraparams => {'keyfile' => '/var/lib/nova/.ssh/id_rsa'}
+ }
+ }
+
+ if $migration_ssh_key != {} {
+ # Nova SSH tunnel setup (cold-migration)
+
+ #TODO: Remove me when https://review.rdoproject.org/r/#/c/4008 lands
+ user { 'nova':
+ ensure => present,
+ shell => '/bin/bash',
+ }
+
+ $private_key_parts = split($migration_ssh_key['public_key'], ' ')
+ $nova_public_key = {
+ type => $private_key_parts[0],
+ key => $private_key_parts[1]
+ }
+ $nova_private_key = {
+ type => $private_key_parts[0],
+ key => $migration_ssh_key['private_key']
+ }
+ } else {
+ $nova_public_key = undef
+ $nova_private_key = undef
+ }
+ } else {
+ $nova_public_key = undef
+ $nova_private_key = undef
+ }
+
+ class { '::nova':
default_transport_url => os_transport_url({
'transport' => $oslomsg_rpc_proto,
'hosts' => $oslomsg_rpc_hosts,
@@ -131,23 +197,8 @@ class tripleo::profile::base::nova (
'password' => $oslomsg_notify_password,
'ssl' => $oslomsg_use_ssl_real,
}),
+ nova_public_key => $nova_public_key,
+ nova_private_key => $nova_private_key,
}
- include ::nova::config
- class { '::nova::cache':
- enabled => true,
- backend => 'oslo_cache.memcache_pool',
- memcache_servers => $memcache_servers,
- }
- include ::nova::placement
}
-
- if $step >= 4 {
- if $manage_migration {
- class { '::nova::migration::libvirt':
- configure_libvirt => $libvirt_enabled,
- configure_nova => $nova_compute_enabled,
- }
- }
- }
-
}
diff --git a/manifests/profile/base/sshd.pp b/manifests/profile/base/sshd.pp
index e7916c1..f43089c 100644
--- a/manifests/profile/base/sshd.pp
+++ b/manifests/profile/base/sshd.pp
@@ -15,47 +15,45 @@
#
# == Class: tripleo::profile::base::sshd
#
-# SSH profile for tripleo
+# SSH composable service for TripleO
#
# === Parameters
#
# [*bannertext*]
-# The text used within SSH Banner
+# The text used within /etc/issue and /etc/issue.net
# Defaults to hiera('BannerText')
#
+# [*motd*]
+# The text used within SSH Banner
+# Defaults to hiera('MOTD')
+#
class tripleo::profile::base::sshd (
$bannertext = hiera('BannerText', undef),
+ $motd = hiera('MOTD', undef),
) {
- if $bannertext {
- $action = 'set'
- } else {
- $action = 'rm'
- }
-
- package {'openssh-server':
- ensure => installed,
- }
+ include ::ssh
- augeas { 'sshd_config_banner':
- context => '/files/etc/ssh/sshd_config',
- changes => [ "${action} Banner /etc/issue" ],
- notify => Service['sshd']
- }
-
- file { '/etc/issue':
- ensure => file,
- backup => false,
- content => $bannertext,
- owner => 'root',
- group => 'root',
- mode => '0600'
+ if $bannertext {
+ $filelist = [ '/etc/issue', '/etc/issue.net', ]
+ file { $filelist:
+ ensure => file,
+ backup => false,
+ content => $bannertext,
+ owner => 'root',
+ group => 'root',
+ mode => '0644'
+ }
}
- service { 'sshd':
- ensure => 'running',
- enable => true,
- hasstatus => false,
- require => Package['openssh-server'],
+ if $motd {
+ file { '/etc/motd':
+ ensure => file,
+ backup => false,
+ content => $motd,
+ owner => 'root',
+ group => 'root',
+ mode => '0644'
+ }
}
}
diff --git a/manifests/ui.pp b/manifests/ui.pp
index d51ef2e..d810b5d 100644
--- a/manifests/ui.pp
+++ b/manifests/ui.pp
@@ -33,8 +33,17 @@
#
# [*enabled_languages*]
# Which languages to show in the UI.
-# An array.
-# Defaults to ['en-GB', 'en', 'de', 'ja', 'ko-KR', 'zh-CN', 'es']
+# A hash.
+# Defaults to
+# {
+# 'de' => 'German',
+# 'en' => 'English',
+# 'en-GB' => 'British English',
+# 'es' => 'Spanish',
+# 'ja' => 'Japanese',
+# 'ko-KR' => 'Korean',
+# 'zh-CN' => 'Simplified Chinese'
+# }
#
# [*endpoint_proxy_keystone*]
# The keystone proxy endpoint url
@@ -94,7 +103,15 @@ class tripleo::ui (
$bind_host = hiera('controller_host'),
$ui_port = 3000,
$zaqar_default_queue = 'tripleo',
- $enabled_languages = ['en-GB', 'en', 'de', 'ja', 'ko-KR', 'zh-CN', 'es'],
+ $enabled_languages = {
+ 'de' => 'German',
+ 'en' => 'English',
+ 'en-GB' => 'British English',
+ 'es' => 'Spanish',
+ 'ja' => 'Japanese',
+ 'ko-KR' => 'Korean',
+ 'zh-CN' => 'Simplified Chinese'
+ },
$endpoint_proxy_zaqar = undef,
$endpoint_proxy_keystone = undef,
$endpoint_proxy_heat = undef,