diff options
Diffstat (limited to 'manifests')
-rw-r--r-- | manifests/certmonger/rabbitmq.pp | 4 | ||||
-rw-r--r-- | manifests/haproxy.pp | 4 | ||||
-rw-r--r-- | manifests/haproxy/endpoint.pp | 2 | ||||
-rw-r--r-- | manifests/profile/base/etcd.pp | 7 | ||||
-rw-r--r-- | manifests/profile/base/neutron/agents/l2gw.pp | 35 | ||||
-rw-r--r-- | manifests/profile/base/neutron/sriov.pp | 2 | ||||
-rw-r--r-- | manifests/profile/base/nova.pp | 87 | ||||
-rw-r--r-- | manifests/profile/base/sshd.pp | 56 | ||||
-rw-r--r-- | manifests/ui.pp | 23 |
9 files changed, 156 insertions, 64 deletions
diff --git a/manifests/certmonger/rabbitmq.pp b/manifests/certmonger/rabbitmq.pp index 344adef..4a47938 100644 --- a/manifests/certmonger/rabbitmq.pp +++ b/manifests/certmonger/rabbitmq.pp @@ -31,10 +31,6 @@ # (Optional) The CA that certmonger will use to generate the certificates. # Defaults to hiera('certmonger_ca', 'local'). # -# [*file_owner*] -# (Optional) The user which the certificate and key files belong to. -# Defaults to 'root' -# # [*principal*] # (Optional) The service principal that is set for the service in kerberos. # Defaults to undef diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index 9d8190e..0b69245 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -1378,7 +1378,7 @@ class tripleo::haproxy ( server_names => hiera('mysql_node_names', $controller_hosts_names_real), options => $mysql_member_options_real, } - if hiera('manage_firewall', true) { + if hiera('tripleo::firewall::manage_firewall', true) { include ::tripleo::firewall $mysql_firewall_rules = { '100 mysql_haproxy' => { @@ -1463,7 +1463,7 @@ class tripleo::haproxy ( server_names => hiera('redis_node_names', $controller_hosts_names_real), options => $haproxy_member_options, } - if hiera('manage_firewall', true) { + if hiera('tripleo::firewall::manage_firewall', true) { include ::tripleo::firewall $redis_firewall_rules = { '100 redis_haproxy' => { diff --git a/manifests/haproxy/endpoint.pp b/manifests/haproxy/endpoint.pp index da2aba3..16e0bd1 100644 --- a/manifests/haproxy/endpoint.pp +++ b/manifests/haproxy/endpoint.pp @@ -147,7 +147,7 @@ define tripleo::haproxy::endpoint ( server_names => $server_names, options => $member_options, } - if hiera('manage_firewall', true) { + if hiera('tripleo::firewall::manage_firewall', true) { include ::tripleo::firewall # This block will construct firewall rules only when we specify # a port for the regular service and also the ssl port for the service. diff --git a/manifests/profile/base/etcd.pp b/manifests/profile/base/etcd.pp index 505e29f..fc4771f 100644 --- a/manifests/profile/base/etcd.pp +++ b/manifests/profile/base/etcd.pp @@ -47,19 +47,12 @@ class tripleo::profile::base::etcd ( $step = hiera('step'), ) { if $step >= 1 { - if count($nodes) > 1 { - $cluster_enabled = true - } else { - $cluster_enabled = false - } - class {'::etcd': listen_client_urls => "http://${bind_ip}:${client_port}", advertise_client_urls => "http://${bind_ip}:${client_port}", listen_peer_urls => "http://${bind_ip}:${peer_port}", initial_advertise_peer_urls => "http://${bind_ip}:${peer_port}", initial_cluster => regsubst($nodes, '.+', "\\0=http://\\0:${peer_port}"), - cluster_enabled => $cluster_enabled, proxy => 'off', } } diff --git a/manifests/profile/base/neutron/agents/l2gw.pp b/manifests/profile/base/neutron/agents/l2gw.pp new file mode 100644 index 0000000..10cd662 --- /dev/null +++ b/manifests/profile/base/neutron/agents/l2gw.pp @@ -0,0 +1,35 @@ +# +# Copyright (C) 2017 Red Hat Inc. +# +# Author: Peng Liu <pliu@redhat.com> +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::neutron::agent::l2gw +# +# Neutron L2 Gateway agent profile for TripleO +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::neutron::agents::l2gw ( + $step = hiera('step'), +) { + if $step >= 4 { + include ::neutron::agents::l2gw + } +} diff --git a/manifests/profile/base/neutron/sriov.pp b/manifests/profile/base/neutron/sriov.pp index 00ecc21..24c7b63 100644 --- a/manifests/profile/base/neutron/sriov.pp +++ b/manifests/profile/base/neutron/sriov.pp @@ -33,6 +33,8 @@ class tripleo::profile::base::neutron::sriov( $mechanism_drivers = hiera('neutron::plugins::ml2::mechanism_drivers'), ) { + include ::tripleo::profile::base::neutron + if $step >= 4 { if 'sriovnicswitch' in $mechanism_drivers { include ::neutron::agents::ml2::sriov diff --git a/manifests/profile/base/nova.pp b/manifests/profile/base/nova.pp index 36425f6..ab9b615 100644 --- a/manifests/profile/base/nova.pp +++ b/manifests/profile/base/nova.pp @@ -82,6 +82,15 @@ # (Optional) The current step of the deployment # Defaults to hiera('step') # +# [*migration_ssh_key*] +# (Optional) SSH key pair for migration SSH tunnel. +# Expects a hash with keys 'private_key' and 'public_key'. +# Defaults to {} +# +# [*libvirt_tls*] +# (Optional) Whether or not libvird TLS service is enabled. +# Defaults to false + class tripleo::profile::base::nova ( $bootstrap_node = hiera('bootstrap_nodeid', undef), $libvirt_enabled = false, @@ -99,6 +108,8 @@ class tripleo::profile::base::nova ( $oslomsg_use_ssl = hiera('nova::rabbit_use_ssl', '0'), $nova_compute_enabled = false, $step = hiera('step'), + $migration_ssh_key = {}, + $libvirt_tls = false ) { if $::hostname == downcase($bootstrap_node) { $sync_db = true @@ -114,7 +125,62 @@ class tripleo::profile::base::nova ( if $step >= 4 or ($step >= 3 and $sync_db) { $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) - class { '::nova' : + include ::nova::config + class { '::nova::cache': + enabled => true, + backend => 'oslo_cache.memcache_pool', + memcache_servers => $memcache_servers, + } + include ::nova::placement + + if $step >= 4 and $manage_migration { + + # Libvirt setup (live-migration) + if $libvirt_tls { + class { '::nova::migration::libvirt': + transport => 'tls', + configure_libvirt => $libvirt_enabled, + configure_nova => $nova_compute_enabled, + } + } else { + # Reuse the cold-migration SSH tunnel when TLS is not enabled + class { '::nova::migration::libvirt': + transport => 'ssh', + configure_libvirt => $libvirt_enabled, + configure_nova => $nova_compute_enabled, + client_user => 'nova', + client_extraparams => {'keyfile' => '/var/lib/nova/.ssh/id_rsa'} + } + } + + if $migration_ssh_key != {} { + # Nova SSH tunnel setup (cold-migration) + + #TODO: Remove me when https://review.rdoproject.org/r/#/c/4008 lands + user { 'nova': + ensure => present, + shell => '/bin/bash', + } + + $private_key_parts = split($migration_ssh_key['public_key'], ' ') + $nova_public_key = { + type => $private_key_parts[0], + key => $private_key_parts[1] + } + $nova_private_key = { + type => $private_key_parts[0], + key => $migration_ssh_key['private_key'] + } + } else { + $nova_public_key = undef + $nova_private_key = undef + } + } else { + $nova_public_key = undef + $nova_private_key = undef + } + + class { '::nova': default_transport_url => os_transport_url({ 'transport' => $oslomsg_rpc_proto, 'hosts' => $oslomsg_rpc_hosts, @@ -131,23 +197,8 @@ class tripleo::profile::base::nova ( 'password' => $oslomsg_notify_password, 'ssl' => $oslomsg_use_ssl_real, }), + nova_public_key => $nova_public_key, + nova_private_key => $nova_private_key, } - include ::nova::config - class { '::nova::cache': - enabled => true, - backend => 'oslo_cache.memcache_pool', - memcache_servers => $memcache_servers, - } - include ::nova::placement } - - if $step >= 4 { - if $manage_migration { - class { '::nova::migration::libvirt': - configure_libvirt => $libvirt_enabled, - configure_nova => $nova_compute_enabled, - } - } - } - } diff --git a/manifests/profile/base/sshd.pp b/manifests/profile/base/sshd.pp index e7916c1..f43089c 100644 --- a/manifests/profile/base/sshd.pp +++ b/manifests/profile/base/sshd.pp @@ -15,47 +15,45 @@ # # == Class: tripleo::profile::base::sshd # -# SSH profile for tripleo +# SSH composable service for TripleO # # === Parameters # # [*bannertext*] -# The text used within SSH Banner +# The text used within /etc/issue and /etc/issue.net # Defaults to hiera('BannerText') # +# [*motd*] +# The text used within SSH Banner +# Defaults to hiera('MOTD') +# class tripleo::profile::base::sshd ( $bannertext = hiera('BannerText', undef), + $motd = hiera('MOTD', undef), ) { - if $bannertext { - $action = 'set' - } else { - $action = 'rm' - } - - package {'openssh-server': - ensure => installed, - } + include ::ssh - augeas { 'sshd_config_banner': - context => '/files/etc/ssh/sshd_config', - changes => [ "${action} Banner /etc/issue" ], - notify => Service['sshd'] - } - - file { '/etc/issue': - ensure => file, - backup => false, - content => $bannertext, - owner => 'root', - group => 'root', - mode => '0600' + if $bannertext { + $filelist = [ '/etc/issue', '/etc/issue.net', ] + file { $filelist: + ensure => file, + backup => false, + content => $bannertext, + owner => 'root', + group => 'root', + mode => '0644' + } } - service { 'sshd': - ensure => 'running', - enable => true, - hasstatus => false, - require => Package['openssh-server'], + if $motd { + file { '/etc/motd': + ensure => file, + backup => false, + content => $motd, + owner => 'root', + group => 'root', + mode => '0644' + } } } diff --git a/manifests/ui.pp b/manifests/ui.pp index d51ef2e..d810b5d 100644 --- a/manifests/ui.pp +++ b/manifests/ui.pp @@ -33,8 +33,17 @@ # # [*enabled_languages*] # Which languages to show in the UI. -# An array. -# Defaults to ['en-GB', 'en', 'de', 'ja', 'ko-KR', 'zh-CN', 'es'] +# A hash. +# Defaults to +# { +# 'de' => 'German', +# 'en' => 'English', +# 'en-GB' => 'British English', +# 'es' => 'Spanish', +# 'ja' => 'Japanese', +# 'ko-KR' => 'Korean', +# 'zh-CN' => 'Simplified Chinese' +# } # # [*endpoint_proxy_keystone*] # The keystone proxy endpoint url @@ -94,7 +103,15 @@ class tripleo::ui ( $bind_host = hiera('controller_host'), $ui_port = 3000, $zaqar_default_queue = 'tripleo', - $enabled_languages = ['en-GB', 'en', 'de', 'ja', 'ko-KR', 'zh-CN', 'es'], + $enabled_languages = { + 'de' => 'German', + 'en' => 'English', + 'en-GB' => 'British English', + 'es' => 'Spanish', + 'ja' => 'Japanese', + 'ko-KR' => 'Korean', + 'zh-CN' => 'Simplified Chinese' + }, $endpoint_proxy_zaqar = undef, $endpoint_proxy_keystone = undef, $endpoint_proxy_heat = undef, |