diff options
Diffstat (limited to 'manifests')
| -rw-r--r-- | manifests/haproxy.pp | 7 | ||||
| -rw-r--r-- | manifests/haproxy/endpoint.pp | 6 | ||||
| -rw-r--r-- | manifests/host/sriov.pp | 27 | ||||
| -rw-r--r-- | manifests/host/sriov/numvfs_persistence.pp | 55 | ||||
| -rw-r--r-- | manifests/profile/base/ceilometer/expirer.pp | 3 | ||||
| -rw-r--r-- | manifests/profile/base/ceph.pp | 34 | ||||
| -rw-r--r-- | manifests/profile/base/cinder/volume.pp | 8 | ||||
| -rw-r--r-- | manifests/profile/base/keystone.pp | 48 | ||||
| -rw-r--r-- | manifests/profile/base/neutron/agents/ovn.pp | 38 | ||||
| -rw-r--r-- | manifests/profile/base/neutron/plugins/ml2.pp | 3 | ||||
| -rw-r--r-- | manifests/profile/base/neutron/plugins/ml2/ovn.pp | 46 | ||||
| -rw-r--r-- | manifests/profile/base/neutron/sriov.pp | 1 | ||||
| -rw-r--r-- | manifests/profile/base/snmp.pp | 11 | ||||
| -rw-r--r-- | manifests/profile/pacemaker/database/mysql.pp | 17 |
14 files changed, 278 insertions, 26 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index 075433b..b2cc264 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -886,7 +886,12 @@ class tripleo::haproxy ( options => { 'balance' => 'first', 'option' => ['tcp-check',], - 'tcp-check' => union($redis_tcp_check_options, ['send PING\r\n','expect string +PONG','send info\ replication\r\n','expect string role:master','send QUIT\r\n','expect string +OK']), + 'tcp-check' => union($redis_tcp_check_options, ['send PING\r\n', + 'expect string +PONG', + 'send info\ replication\r\n', + 'expect string role:master', + 'send QUIT\r\n', + 'expect string +OK']), }, collect_exported => false, } diff --git a/manifests/haproxy/endpoint.pp b/manifests/haproxy/endpoint.pp index ac6cb6c..b7403a4 100644 --- a/manifests/haproxy/endpoint.pp +++ b/manifests/haproxy/endpoint.pp @@ -88,7 +88,8 @@ define tripleo::haproxy::endpoint ( # service exposed to the public network if $public_certificate { - $public_bind_opts = list_to_hash(suffix(any2array($public_virtual_ip), ":${public_ssl_port}"), union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate])) + $public_bind_opts = list_to_hash(suffix(any2array($public_virtual_ip), ":${public_ssl_port}"), + union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate])) } else { $public_bind_opts = list_to_hash(suffix(any2array($public_virtual_ip), ":${service_port}"), $haproxy_listen_bind_param) } @@ -98,7 +99,8 @@ define tripleo::haproxy::endpoint ( } if $internal_certificate { - $internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${service_port}"), union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate])) + $internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${service_port}"), + union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate])) } else { $internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${service_port}"), $haproxy_listen_bind_param) } diff --git a/manifests/host/sriov.pp b/manifests/host/sriov.pp new file mode 100644 index 0000000..a30db42 --- /dev/null +++ b/manifests/host/sriov.pp @@ -0,0 +1,27 @@ +# == Class: tripleo::host::sriov +# +# Configures host configuration for the SR-IOV interfaces +# +# === Parameters +# +# [*number_of_vfs*] +# (optional) List of <physical_network>:<number_of_vfs> specifying the number +# VFs to be exposed per physical interface. +# For example, to configure two interface with number of VFs, specify +# it as ['eth1:4','eth2:10'] +# Defaults to [] +# +class tripleo::host::sriov ( + $number_of_vfs = [], +) { + + if !empty($number_of_vfs) { + sriov_vf_config { $number_of_vfs: ensure => present } + + # the numvfs configuration needs to be persisted for every boot + tripleo::host::sriov::numvfs_persistence {'persistent_numvfs': + vf_defs => $number_of_vfs, + content_string => "#!/bin/bash\n" + } + } +} diff --git a/manifests/host/sriov/numvfs_persistence.pp b/manifests/host/sriov/numvfs_persistence.pp new file mode 100644 index 0000000..1ee402c --- /dev/null +++ b/manifests/host/sriov/numvfs_persistence.pp @@ -0,0 +1,55 @@ +# +# tripleo::host::sriov::numvfs_persistence used by tripleo::host::sriov +# +# === Parameters: +# +# [*vf_defs*] +# (required) Array of of <physical_interface>:<numvfs>. +# Example: ['eth1:10','eth2:8'] +# +# [*content_string*] +# (required) String which shall be written to the script file. +# +define tripleo::host::sriov::numvfs_persistence( + $vf_defs, + $content_string +){ + # Since reduce isn't available, we use recursion to iterate each entries of + # "physical_interface:vfs" and accumulate the content that needs to be + # written to the script file. + include ::stdlib + + if empty($vf_defs) { + file { '/etc/sysconfig/allocate_vfs': + ensure => file, + content => $content_string, + group => 'root', + mode => '0755', + owner => 'root', + } + + file { '/sbin/ifup-local': + group => 'root', + mode => '0755', + owner => 'root', + content => '#!/bin/bash', + replace => false + } + + file_line { 'call_ifup-local': + path => '/sbin/ifup-local', + line => '/etc/sysconfig/allocate_vfs $1', + require => File['/sbin/ifup-local'], + } + } else { + $vfspec = split($vf_defs[0], ':') + $interface = $vfspec[0] + $count = $vfspec[1] + $vfdef_str = "${content_string}[ \"${interface}\" == \"\$1\" ] && echo ${count} > /sys/class/net/${interface}/device/sriov_numvfs\n" + tripleo::host::sriov::numvfs_persistence{"mapped ${interface}": + vf_defs => delete_at($vf_defs, 0), + content_string => $vfdef_str + } + } +} + diff --git a/manifests/profile/base/ceilometer/expirer.pp b/manifests/profile/base/ceilometer/expirer.pp index 0830307..eaaaefc 100644 --- a/manifests/profile/base/ceilometer/expirer.pp +++ b/manifests/profile/base/ceilometer/expirer.pp @@ -30,7 +30,8 @@ class tripleo::profile::base::ceilometer::expirer ( if $step >= 4 { include ::ceilometer::expirer - Cron <| title == 'ceilometer-expirer' |> { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" } + Cron <| title == 'ceilometer-expirer' |> + { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" } } } diff --git a/manifests/profile/base/ceph.pp b/manifests/profile/base/ceph.pp index 94166ac..6ffd4ef 100644 --- a/manifests/profile/base/ceph.pp +++ b/manifests/profile/base/ceph.pp @@ -18,22 +18,13 @@ # # === Parameters # -# [*ceph_ipv6*] -# (Optional) Force daemons to bind on IPv6 addresses -# Defaults to false -# # [*ceph_mon_initial_members*] # (Optional) List of IP addresses to use as mon_initial_members -# Defaults to undef +# Defaults to hiera('ceph_mon_node_names') # # [*ceph_mon_host*] # (Optional) List of IP addresses to use as mon_host -# Deftauls to undef -# -# [*ceph_mon_host_v6*] -# (Optional) List of IPv6 addresses, surrounded by brackets, used as -# mon_host when ceph_ipv6 is true -# Defaults to undef +# Deftauls to hiera('ceph_mon_node_ips') # # [*enable_ceph_storage*] # (Optional) enable_ceph_storage @@ -45,22 +36,29 @@ # Defaults to hiera('step') # class tripleo::profile::base::ceph ( - $ceph_ipv6 = false, - $ceph_mon_initial_members = undef, - $ceph_mon_host = undef, - $ceph_mon_host_v6 = undef, + $ceph_mon_initial_members = hiera('ceph_mon_node_names', undef), + $ceph_mon_host = hiera('ceph_mon_node_ips', '127.0.0.1'), $enable_ceph_storage = false, $step = hiera('step'), ) { if $step >= 2 { if $ceph_mon_initial_members { - $mon_initial_members = downcase($ceph_mon_initial_members) + if is_array($ceph_mon_initial_members) { + $mon_initial_members = downcase(join($ceph_mon_initial_members, ',')) + } else { + $mon_initial_members = downcase($ceph_mon_initial_members) + } } else { $mon_initial_members = undef } - if $ceph_ipv6 { - $mon_host = $ceph_mon_host_v6 + + if is_array($ceph_mon_host) { + if is_ipv6_address($ceph_mon_host[0]) { + $mon_host = join(enclose_ipv6($ceph_mon_host), ',') + } else { + $mon_host = join($ceph_mon_host, ',') + } } else { $mon_host = $ceph_mon_host } diff --git a/manifests/profile/base/cinder/volume.pp b/manifests/profile/base/cinder/volume.pp index dfb034f..7d562ec 100644 --- a/manifests/profile/base/cinder/volume.pp +++ b/manifests/profile/base/cinder/volume.pp @@ -108,7 +108,13 @@ class tripleo::profile::base::cinder::volume ( $cinder_rbd_backend_name = undef } - $cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend_name, $cinder_rbd_backend_name, $cinder_eqlx_backend_name, $cinder_dellsc_backend_name, $cinder_netapp_backend_name, $cinder_nfs_backend_name, $cinder_user_enabled_backends]) + $cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend_name, + $cinder_rbd_backend_name, + $cinder_eqlx_backend_name, + $cinder_dellsc_backend_name, + $cinder_netapp_backend_name, + $cinder_nfs_backend_name, + $cinder_user_enabled_backends]) class { '::cinder::backends' : enabled_backends => $cinder_enabled_backends, } diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index ac97b66..354d24c 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -73,5 +73,53 @@ class tripleo::profile::base::keystone ( if $step >= 5 and $manage_db_purge { include ::keystone::cron::token_flush } + + if $step >= 5 and $manage_endpoint{ + if hiera('aodh_api_enabled', false) { + include ::aodh::keystone::auth + } + if hiera('ceilometer_api_enabled', false) { + include ::ceilometer::keystone::auth + } + if hiera('cinder_api_enabled', false) { + include ::cinder::keystone::auth + } + if hiera('glance_api_enabled', false) { + include ::glance::keystone::auth + } + if hiera('gnocchi_api_enabled', false) { + include ::gnocchi::keystone::auth + } + if hiera('heat_api_enabled', false) { + include ::heat::keystone::auth + } + if hiera('heat_api_cfn_enabled', false) { + include ::heat::keystone::auth_cfn + } + if hiera('ironic_api_enabled', false) { + include ::ironic::keystone::auth + } + if hiera('manila_api_enabled', false) { + include ::manila::keystone::auth + } + if hiera('mistral_api_enabled', false) { + include ::mistral::keystone::auth + } + if hiera('neutron_api_enabled', false) { + include ::neutron::keystone::auth + } + if hiera('nova_api_enabled', false) { + include ::nova::keystone::auth + } + if hiera('sahara_api_enabled', false) { + include ::sahara::keystone::auth + } + if hiera('swift_proxy_enabled', false) { + include ::swift::keystone::auth + } + if hiera('trove_api_enabled', false) { + include ::trove::keystone::auth + } + } } diff --git a/manifests/profile/base/neutron/agents/ovn.pp b/manifests/profile/base/neutron/agents/ovn.pp new file mode 100644 index 0000000..443b164 --- /dev/null +++ b/manifests/profile/base/neutron/agents/ovn.pp @@ -0,0 +1,38 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::neutron::agents::ovn +# +# OVN Neutron agent profile for tripleo +# +# [*ovn_db_host*] +# The IP-Address/Hostname where OVN DBs are deployed +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::neutron::agents::ovn ( + $ovn_db_host, + $step = hiera('step') +) { + if $step >= 4 { + $ovn_sbdb_port = hiera('ovn::southbound::port') + class { '::ovn::controller': + ovn_remote => "tcp:${ovn_db_host}:${ovn_sbdb_port}", + ovn_encap_type => hiera('ovn::southboud::encap_type') + } + } +} diff --git a/manifests/profile/base/neutron/plugins/ml2.pp b/manifests/profile/base/neutron/plugins/ml2.pp index 401e627..4f4de0b 100644 --- a/manifests/profile/base/neutron/plugins/ml2.pp +++ b/manifests/profile/base/neutron/plugins/ml2.pp @@ -68,5 +68,8 @@ class tripleo::profile::base::neutron::plugins::ml2 ( include ::tripleo::profile::base::neutron::plugins::ml2::opendaylight } + if 'ovn' in $mechanism_drivers { + include ::tripleo::profile::base::neutron::plugins::ml2::ovn + } } } diff --git a/manifests/profile/base/neutron/plugins/ml2/ovn.pp b/manifests/profile/base/neutron/plugins/ml2/ovn.pp new file mode 100644 index 0000000..46477a7 --- /dev/null +++ b/manifests/profile/base/neutron/plugins/ml2/ovn.pp @@ -0,0 +1,46 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::neutron::plugins::ml2::ovn +# +# OVN Neutron ML2 profile for tripleo +# +# [*ovn_db_host*] +# The IP-Address/Hostname where OVN DBs are deployed +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::neutron::plugins::ml2::ovn ( + $ovn_db_host, + $step = hiera('step') +) { + if $step >= 4 { + if $::hostname == $ovn_db_host { + # NOTE: we might split northd from plugin later, in the case of + # micro-services, where neutron-server & northd are not in the same + # containers + include ::ovn::northd + } + $ovn_nb_port = hiera('ovn::northbound::port') + $ovn_sb_port = hiera('ovn::southbound::port') + class { '::neutron::plugins::ml2::ovn': + ovn_nb_connection => "tcp:${ovn_db_host}:${ovn_nb_port}", + ovn_sb_connection => "tcp:${ovn_db_host}:${ovn_sb_port}", + } + } +} + diff --git a/manifests/profile/base/neutron/sriov.pp b/manifests/profile/base/neutron/sriov.pp index 9b5f34c..00ecc21 100644 --- a/manifests/profile/base/neutron/sriov.pp +++ b/manifests/profile/base/neutron/sriov.pp @@ -36,6 +36,7 @@ class tripleo::profile::base::neutron::sriov( if $step >= 4 { if 'sriovnicswitch' in $mechanism_drivers { include ::neutron::agents::ml2::sriov + include ::tripleo::host::sriov } } diff --git a/manifests/profile/base/snmp.pp b/manifests/profile/base/snmp.pp index 2ed6752..301ac9a 100644 --- a/manifests/profile/base/snmp.pp +++ b/manifests/profile/base/snmp.pp @@ -43,7 +43,16 @@ class tripleo::profile::base::snmp ( } class { '::snmp': agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['createUser ', $snmpd_user, ' MD5 "', $snmpd_password, '"']), join(['rouser ', $snmpd_user]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], + snmpd_config => [ join(['createUser ', $snmpd_user, ' MD5 "', $snmpd_password, '"']), + join(['rouser ', $snmpd_user]), + 'proc cron', + 'includeAllDisks 10%', + 'master agentx', + 'trapsink localhost public', + 'iquerySecName internalUser', + 'rouser internalUser', + 'defaultMonitors yes', + 'linkUpDownNotifications yes' ], } } } diff --git a/manifests/profile/pacemaker/database/mysql.pp b/manifests/profile/pacemaker/database/mysql.pp index 31d7d80..2715260 100644 --- a/manifests/profile/pacemaker/database/mysql.pp +++ b/manifests/profile/pacemaker/database/mysql.pp @@ -32,8 +32,17 @@ class tripleo::profile::pacemaker::database::mysql ( $pacemaker_master = false } $mysql_bind_host = hiera('mysql_bind_host') - $galera_nodes = downcase(hiera('galera_node_names', $::hostname)) + + # use only mysql_node_names when we land a patch in t-h-t that + # switches to autogenerating these values from composable services + $galera_node_names_lookup = hiera('mysql_node_names', hiera('galera_node_names', $::hostname)) + if is_array($galera_node_names_lookup) { + $galera_nodes = downcase(join($galera_node_names_lookup, ',')) + } else { + $galera_nodes = downcase($galera_node_names_lookup) + } $galera_nodes_count = count(split($galera_nodes, ',')) + $mysqld_options = { 'mysqld' => { 'skip-name-resolve' => '1', @@ -150,8 +159,12 @@ MYSQL_HOST=localhost\n", # with proper credentials. This step happens on every node because this sql # statement does not automatically replicate across nodes. $mysql_root_password = hiera('mysql::server::root_password') + $galera_set_pwd = "/bin/touch /root/.my.cnf && \ + /bin/echo \"UPDATE mysql.user SET Password = PASSWORD('${mysql_root_password}') WHERE user = 'root'; \ + flush privileges;\" | \ + /bin/mysql --defaults-extra-file=/root/.my.cnf -u root" exec { 'galera-set-root-password': - command => "/bin/touch /root/.my.cnf && /bin/echo \"UPDATE mysql.user SET Password = PASSWORD('${mysql_root_password}') WHERE user = 'root'; flush privileges;\" | /bin/mysql --defaults-extra-file=/root/.my.cnf -u root", + command => $galera_set_pwd, } file { '/root/.my.cnf' : ensure => file, |