From 49904b60df19b070ea5bb4da2d5d901599f23c31 Mon Sep 17 00:00:00 2001
From: Michael Chapman <woppin@gmail.com>
Date: Tue, 15 Mar 2016 16:38:35 +1100
Subject: Add keystone and db sync profiles

Implements: blueprint refactor-puppet-manifests

Add keystone profiles for both pacemaker and non-ha.
Add db sync profiles for pacemaker and non-ha.

HA profiles are designed such that they include the base
profiles, disabling features as needed, while the base
profile can be used independently.

Change-Id: I2faf5a78db802549053ec41678bf83bf28108189
---
 manifests/profile/base/database/schemas.pp | 101 ++++++++++++++++++++++++
 manifests/profile/base/keystone.pp         | 118 +++++++++++++++++++++++++++++
 2 files changed, 219 insertions(+)
 create mode 100644 manifests/profile/base/database/schemas.pp
 create mode 100644 manifests/profile/base/keystone.pp

(limited to 'manifests/profile/base')

diff --git a/manifests/profile/base/database/schemas.pp b/manifests/profile/base/database/schemas.pp
new file mode 100644
index 0000000..0821ae8
--- /dev/null
+++ b/manifests/profile/base/database/schemas.pp
@@ -0,0 +1,101 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::database::schemas
+#
+# OpenStack Database Schema profile for tripleo
+#
+# === Parameters
+#
+# [*ceilometer_backend*]
+#   (Optional) Name of the backend for ceilometer storage
+#   Defaults to hiera('ceilometer_backend')
+#
+# [*enable_ceilometer*]
+#   (Optional) Whether to create schemas for Ceilometer
+#   Defaults to true
+#
+# [*enable_cinder*]
+#   (Optional) Whether to create schemas for Cinder
+#   Defaults to true
+#
+# [*enable_heat*]
+#   (Optional) Whether to create schemas for Heat
+#   Defaults to true
+#
+# [*enable_keystone*]
+#   (Optional) Whether to create schemas for Keystone
+#   Defaults to true
+#
+# [*enable_glance*]
+#   (Optional) Whether to create schemas for Glance
+#   Defaults to true
+#
+# [*enable_nova*]
+#   (Optional) Whether to create schemas for Nova
+#   Defaults to true
+#
+# [*enable_neutron*]
+#   (Optional) Whether to create schemas for Neutron
+#   Defaults to true
+#
+# [*enable_sahara*]
+#   (Optional) Whether to create schemas for Sahara
+#   Defaults to true
+#
+class tripleo::profile::base::database::schemas (
+  $ceilometer_backend = hiera('ceilometer_backend'),
+  $enable_ceilometer  = true,
+  $enable_cinder      = true,
+  $enable_heat        = true,
+  $enable_keystone    = true,
+  $enable_glance      = true,
+  $enable_nova        = true,
+  $enable_neutron     = true,
+  $enable_sahara      = true
+) {
+  if $enable_ceilometer and downcase($ceilometer_backend) == 'mysql' {
+    include ::ceilometer::db::mysql
+  }
+
+  if $enable_cinder {
+    include ::cinder::db::mysql
+  }
+
+  if $enable_keystone {
+    include ::keystone::db::mysql
+  }
+
+  if $enable_glance {
+    include ::glance::db::mysql
+  }
+
+  if $enable_nova {
+    include ::nova::db::mysql
+    include ::nova::db::mysql_api
+  }
+
+  if $enable_neutron {
+    include ::neutron::db::mysql
+  }
+
+  if $enable_heat {
+    include ::heat::db::mysql
+  }
+
+  if $enable_sahara {
+    include ::sahara::db::mysql
+  }
+
+}
diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp
new file mode 100644
index 0000000..f17bf30
--- /dev/null
+++ b/manifests/profile/base/keystone.pp
@@ -0,0 +1,118 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::keystone
+#
+# Keystone profile for tripleo
+#
+# === Parameters
+#
+# [*sync_db*]
+#   (Optional) Whether to run db sync
+#   Defaults to undef
+#
+# [*manage_service*]
+#   (Optional) Whether to manage the keystone service
+#   Defaults to undef
+#
+# [*enabled*]
+#   (Optional) Whether to enable the keystone service
+#   Defaults to undef
+#
+# [*bootstrap_master*]
+#   (Optional) The hostname of the node responsible for bootstrapping
+#   Defaults to hiera('bootstrap_nodeid')
+#
+# [*manage_roles*]
+#   (Optional) whether to create keystone admin role
+#   Defaults to true
+#
+# [*manage_endpoint*]
+#   (Optional) Whether to create keystone endpoints
+#   Defaults to true
+#
+# [*manage_db_purge*]
+#   (Optional) Whether keystone token flushing should be enabled
+#   Defaults to hiera('keystone_enable_db_purge', true)
+#
+# [*step*]
+#   (Optional) The current step in deployment. See tripleo-heat-templates
+#   for more details.
+#   Defaults to hiera('step')
+#
+class tripleo::profile::base::keystone (
+  $sync_db          = undef,
+  $manage_service   = undef,
+  $enabled          = undef,
+  $bootstrap_master = undef,
+  $manage_roles     = true,
+  $manage_endpoint  = true,
+  $manage_db_purge  = hiera('keystone_enable_db_purge', true),
+  $step             = hiera('step'),
+) {
+
+  if $step >= 4 {
+    class { '::keystone':
+      sync_db          => $sync_db,
+      manage_service   => $manage_service,
+      enabled          => $enabled,
+      enable_bootstrap => $bootstrap_master,
+    }
+
+    include ::keystone::config
+    include ::keystone::wsgi::apache
+
+    if $manage_roles {
+      include ::keystone::roles::admin
+    }
+
+    if $manage_endpoint {
+      include ::keystone::endpoint
+    }
+
+    #TODO: need a cleanup-keystone-tokens.sh solution here
+    file { [ '/etc/keystone/ssl', '/etc/keystone/ssl/certs', '/etc/keystone/ssl/private' ]:
+      ensure  => 'directory',
+      owner   => 'keystone',
+      group   => 'keystone',
+      require => Package['keystone'],
+    }
+    file { '/etc/keystone/ssl/certs/signing_cert.pem':
+      content => hiera('keystone_signing_certificate'),
+      owner   => 'keystone',
+      group   => 'keystone',
+      notify  => Service['keystone'],
+      require => File['/etc/keystone/ssl/certs'],
+    }
+    file { '/etc/keystone/ssl/private/signing_key.pem':
+      content => hiera('keystone_signing_key'),
+      owner   => 'keystone',
+      group   => 'keystone',
+      notify  => Service['keystone'],
+      require => File['/etc/keystone/ssl/private'],
+    }
+    file { '/etc/keystone/ssl/certs/ca.pem':
+      content => hiera('keystone_ca_certificate'),
+      owner   => 'keystone',
+      group   => 'keystone',
+      notify  => Service['keystone'],
+      require => File['/etc/keystone/ssl/certs'],
+    }
+  }
+
+  if $step >= 5 and $manage_db_purge {
+    include ::keystone::cron::token_flush
+  }
+}
+
-- 
cgit 1.2.3-korg