diff options
| author |   Dan Prince <dprince@redhat.com> | 2015-02-12 14:34:16 -0500 |
|---|---|---|
| committer | Dan Prince <dprince@redhat.com> | 2015-02-12 14:34:16 -0500 |
| commit | 6b5ac01d2e61af9efddd01b58bfc0f6cd1e8518f (patch) | |
| tree | a6008f4b374420f3fd7660f0211c5101d59058eb /puppet/manifests | |
| parent | 874e07dee16f75c1147da535a475c4435ed8ea9a (diff) | |
Move all puppet templates into puppet directory.
This cleans up the top level tree by moving all the puppet
related bits into the puppet directory. The only exception
is overcloud-resource-registry-puppet.yaml which is
the puppet environment file and is used externally.
Change-Id: Idb65a7143b0f29e5579d4e9d1642e4cda6f65d50
Diffstat (limited to 'puppet/manifests')
| -rw-r--r-- | puppet/manifests/loadbalancer.pp | 386 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_compute.pp | 83 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_controller.pp | 314 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_object.pp | 56 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_volume.pp | 44 | ||||
| -rw-r--r-- | puppet/manifests/ringbuilder.pp | 101 |
6 files changed, 984 insertions, 0 deletions
diff --git a/puppet/manifests/loadbalancer.pp b/puppet/manifests/loadbalancer.pp new file mode 100644 index 00000000..88e6bdd4 --- /dev/null +++ b/puppet/manifests/loadbalancer.pp @@ -0,0 +1,386 @@ +# Copyright 2014 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +if !str2bool(hiera('enable_package_install', 'false')) { + case $::osfamily { + 'RedHat': { + Package { provider => 'norpm' } # provided by tripleo-puppet + } + default: { + warning('enable_package_install option not supported.') + } + } +} + +class tripleo::loadbalancer ( + $keystone_admin = false, + $keystone_public = false, + $neutron = false, + $cinder = false, + $glance_api = false, + $glance_registry = false, + $nova_ec2 = false, + $nova_osapi = false, + $nova_metadata = false, + $nova_novncproxy = false, + $ceilometer = false, + $swift_proxy_server = false, + $heat_api = false, + $heat_cloudwatch = false, + $heat_cfn = false, + $horizon = false, + $mysql = false, + $rabbitmq = false, +) { + + case $::osfamily { + 'RedHat': { + $keepalived_name_is_process = false + $keepalived_vrrp_script = 'systemctl status haproxy.service' + } # RedHat + 'Debian': { + $keepalived_name_is_process = true + $keepalived_vrrp_script = undef + } + } + + class { 'keepalived': } + keepalived::vrrp_script { 'haproxy': + name_is_process => $keepalived_name_is_process, + script => $keepalived_vrrp_script, + } + + # KEEPALIVE INSTANCE CONTROL + keepalived::instance { '51': + interface => hiera('control_virtual_interface'), + virtual_ips => [join([hiera('controller_virtual_ip'), ' dev ', hiera('control_virtual_interface')])], + state => 'MASTER', + track_script => ['haproxy'], + priority => 101, + } + + # KEEPALIVE INSTANCE PUBLIC + keepalived::instance { '52': + interface => hiera('public_virtual_interface'), + virtual_ips => [join([hiera('public_virtual_ip'), ' dev ', hiera('public_virtual_interface')])], + state => 'MASTER', + track_script => ['haproxy'], + priority => 101, + } + + sysctl::value { 'net.ipv4.ip_nonlocal_bind': value => '1' } + + class { 'haproxy': + global_options => { + 'log' => '/dev/log local0', + 'pidfile' => '/var/run/haproxy.pid', + 'user' => 'haproxy', + 'group' => 'haproxy', + 'daemon' => '', + 'maxconn' => '4000', + }, + defaults_options => { + 'mode' => 'tcp', + 'log' => 'global', + 'retries' => '3', + 'maxconn' => '150', + 'option' => [ 'tcpka', 'tcplog' ], + 'timeout' => [ 'http-request 10s', 'queue 1m', 'connect 10s', 'client 1m', 'server 1m', 'check 10s' ], + }, + } + + haproxy::listen { 'haproxy.stats': + ipaddress => '*', + ports => '1993', + mode => 'http', + options => { + 'stats' => 'enable', + }, + collect_exported => false, + } + + if $keystone_admin { + haproxy::listen { 'keystone_admin': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 35357, + options => { 'option' => [ 'httpchk GET /' ] }, + collect_exported => false, + } + haproxy::balancermember { 'keystone_admin': + listening_service => 'keystone_admin', + ports => '35357', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $keystone_public { + haproxy::listen { 'keystone_public': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 5000, + options => { 'option' => [ 'httpchk GET /' ] }, + collect_exported => false, + } + haproxy::balancermember { 'keystone_public': + listening_service => 'keystone_public', + ports => '5000', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $neutron { + haproxy::listen { 'neutron': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 9696, + options => { 'option' => [ 'httpchk GET /' ] }, + collect_exported => false, + } + haproxy::balancermember { 'neutron': + listening_service => 'neutron', + ports => '9696', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $cinder { + haproxy::listen { 'cinder': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 8776, + options => { 'option' => [ 'httpchk GET /' ] }, + collect_exported => false, + } + haproxy::balancermember { 'cinder': + listening_service => 'cinder', + ports => '8776', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $glance_api { + haproxy::listen { 'glance_api': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 9292, + options => { 'option' => [ 'httpchk GET /' ] }, + collect_exported => false, + } + haproxy::balancermember { 'glance_api': + listening_service => 'glance_api', + ports => '9292', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + + if $glance_registry { + haproxy::listen { 'glance_registry': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 9191, + options => { 'option' => [ 'httpchk GET /' ] }, + collect_exported => false, + } + haproxy::balancermember { 'glance_registry': + listening_service => 'glance_registry', + ports => '9191', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $nova_ec2 { + haproxy::listen { 'nova_ec2': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 8773, + options => { 'option' => [ 'httpchk GET /' ] }, + collect_exported => false, + } + haproxy::balancermember { 'nova_ec2': + listening_service => 'nova_ec2', + ports => '8773', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $nova_osapi { + haproxy::listen { 'nova_osapi': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 8774, + options => { 'option' => [ 'httpchk GET /' ] }, + collect_exported => false, + } + haproxy::balancermember { 'nova_osapi': + listening_service => 'nova_osapi', + ports => '8774', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $nova_metadata { + haproxy::listen { 'nova_metadata': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 8775, + options => { 'option' => [ 'httpchk GET /' ] }, + collect_exported => false, + } + haproxy::balancermember { 'nova_metadata': + listening_service => 'nova_metadata', + ports => '8775', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $nova_novncproxy { + haproxy::listen { 'nova_novncproxy': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 6080, + options => { 'option' => [ 'httpchk GET /' ] }, + collect_exported => false, + } + haproxy::balancermember { 'nova_novncproxy': + listening_service => 'nova_novncproxy', + ports => '6080', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $ceilometer { + haproxy::listen { 'ceilometer': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 8777, + collect_exported => false, + } + haproxy::balancermember { 'ceilometer': + listening_service => 'ceilometer', + ports => '8777', + ipaddresses => hiera('controller_host'), + options => [], + } + } + + if $swift_proxy_server { + haproxy::listen { 'swift_proxy_server': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 8080, + options => { 'option' => [ 'httpchk GET /info' ] }, + collect_exported => false, + } + haproxy::balancermember { 'swift_proxy_server': + listening_service => 'swift_proxy_server', + ports => '8080', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $heat_api { + haproxy::listen { 'heat_api': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 8004, + options => { 'option' => [ 'httpchk GET /' ] }, + collect_exported => false, + } + haproxy::balancermember { 'heat_api': + listening_service => 'heat_api', + ports => '8004', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $heat_cloudwatch { + haproxy::listen { 'heat_cloudwatch': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 8003, + options => { 'option' => [ 'httpchk GET /' ] }, + collect_exported => false, + } + haproxy::balancermember { 'heat_cloudwatch': + listening_service => 'heat_cloudwatch', + ports => '8003', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $heat_cfn { + haproxy::listen { 'heat_cfn': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 8000, + options => { 'option' => [ 'httpchk GET /' ] }, + collect_exported => false, + } + haproxy::balancermember { 'heat_cfn': + listening_service => 'heat_cfn', + ports => '8000', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $horizon { + haproxy::listen { 'horizon': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 80, + options => { 'option' => [ 'httpchk GET /' ] }, + collect_exported => false, + } + haproxy::balancermember { 'horizon': + listening_service => 'horizon', + ports => '80', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $mysql { + haproxy::listen { 'mysql': + ipaddress => [hiera('controller_virtual_ip')], + ports => 3306, + options => { 'timeout' => [ 'client 0', 'server 0' ] }, + collect_exported => false, + } + haproxy::balancermember { 'mysql': + listening_service => 'mysql', + ports => '3306', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + + if $rabbitmq { + haproxy::listen { 'rabbitmq': + ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], + ports => 5672, + options => { 'timeout' => [ 'client 0', 'server 0' ] }, + collect_exported => false, + } + haproxy::balancermember { 'rabbitmq': + listening_service => 'rabbitmq', + ports => '5672', + ipaddresses => hiera('controller_host'), + options => ['check', 'inter 2000', 'rise 2', 'fall 5'], + } + } + +} + +include ::tripleo::loadbalancer diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp new file mode 100644 index 00000000..0d2790b2 --- /dev/null +++ b/puppet/manifests/overcloud_compute.pp @@ -0,0 +1,83 @@ +# Copyright 2014 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +if !str2bool(hiera('enable_package_install', 'false')) { + case $::osfamily { + 'RedHat': { + Package { provider => 'norpm' } # provided by tripleo-puppet + } + default: { + warning('enable_package_install option not supported.') + } + } +} + +if count(hiera('ntp::servers')) > 0 { + include ::ntp +} + +class { 'nova': + glance_api_servers => join([hiera('glance_protocol'), '://', hiera('glance_host'), ':', hiera('glance_port')]), +} + +file { ['/etc/libvirt/qemu/networks/autostart/default.xml', + '/etc/libvirt/qemu/networks/default.xml']: + ensure => absent, + before => Service['libvirt'] +} + +include ::nova::compute + +nova_config { + 'DEFAULT/my_ip': value => $ipaddress; + 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver'; +} + +include ::nova::compute::libvirt + +class { 'nova::network::neutron': + neutron_admin_auth_url => join(['http://', hiera('neutron_host'), ':35357/v2.0']), + neutron_url => join(['http://', hiera('neutron_host'), ':9696']), +} + +include ::neutron + +class { 'neutron::plugins::ml2': + flat_networks => split(hiera('neutron_flat_networks'), ','), + tenant_network_types => [hiera('neutron_tenant_network_type')], + type_drivers => [hiera('neutron_tenant_network_type')], +} + +class { 'neutron::agents::ml2::ovs': + bridge_mappings => split(hiera('neutron_bridge_mappings'), ','), + tunnel_types => split(hiera('neutron_tunnel_types'), ','), +} + +include ::ceilometer +include ::ceilometer::agent::compute + +class { 'ceilometer::agent::auth': + auth_url => join(['http://', hiera('keystone_host'), ':5000/v2.0']), +} + +$snmpd_user = hiera('snmpd_readonly_user_name') +snmp::snmpv3_user { $snmpd_user: + authtype => 'MD5', + authpass => hiera('snmpd_readonly_user_password'), +} +class { 'snmp': + agentaddress => ['udp:161','udp6:[::1]:161'], + snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], +} diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp new file mode 100644 index 00000000..4801107b --- /dev/null +++ b/puppet/manifests/overcloud_controller.pp @@ -0,0 +1,314 @@ +# Copyright 2014 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +if !str2bool(hiera('enable_package_install', 'false')) { + case $::osfamily { + 'RedHat': { + Package { provider => 'norpm' } # provided by tripleo-puppet + } + default: { + warning('enable_package_install option not supported.') + } + } +} + +if hiera('step') >= 1 { + + if count(hiera('ntp::servers')) > 0 { + include ::ntp + } + + # TODO Galara + class { 'mysql::server': + override_options => { + 'mysqld' => { + 'bind-address' => hiera('controller_host') + } + } + } + + # FIXME: this should only occur on the bootstrap host (ditto for db syncs) + # Create all the database schemas + # Example DSN format: mysql://user:password@host/dbname + $allowed_hosts = ['%',hiera('controller_host')] + $keystone_dsn = split(hiera('keystone::database_connection'), '[@:/?]') + class { 'keystone::db::mysql': + user => $keystone_dsn[3], + password => $keystone_dsn[4], + host => $keystone_dsn[5], + dbname => $keystone_dsn[6], + allowed_hosts => $allowed_hosts, + } + $glance_dsn = split(hiera('glance::api::database_connection'), '[@:/?]') + class { 'glance::db::mysql': + user => $glance_dsn[3], + password => $glance_dsn[4], + host => $glance_dsn[5], + dbname => $glance_dsn[6], + allowed_hosts => $allowed_hosts, + } + $nova_dsn = split(hiera('nova::database_connection'), '[@:/?]') + class { 'nova::db::mysql': + user => $nova_dsn[3], + password => $nova_dsn[4], + host => $nova_dsn[5], + dbname => $nova_dsn[6], + allowed_hosts => $allowed_hosts, + } + $neutron_dsn = split(hiera('neutron::server::database_connection'), '[@:/?]') + class { 'neutron::db::mysql': + user => $neutron_dsn[3], + password => $neutron_dsn[4], + host => $neutron_dsn[5], + dbname => $neutron_dsn[6], + allowed_hosts => $allowed_hosts, + } + $cinder_dsn = split(hiera('cinder::database_connection'), '[@:/?]') + class { 'cinder::db::mysql': + user => $cinder_dsn[3], + password => $cinder_dsn[4], + host => $cinder_dsn[5], + dbname => $cinder_dsn[6], + allowed_hosts => $allowed_hosts, + } + $heat_dsn = split(hiera('heat::database_connection'), '[@:/?]') + class { 'heat::db::mysql': + user => $heat_dsn[3], + password => $heat_dsn[4], + host => $heat_dsn[5], + dbname => $heat_dsn[6], + allowed_hosts => $allowed_hosts, + } + $ceilometer_dsn = split(hiera('ceilometer::db::database_connection'), '[@:/?]') + class { 'ceilometer::db::mysql': + user => $ceilometer_dsn[3], + password => $ceilometer_dsn[4], + host => $ceilometer_dsn[5], + dbname => $ceilometer_dsn[6], + allowed_hosts => $allowed_hosts, + } + + if $::osfamily == 'RedHat' { + $rabbit_provider = 'yum' + } else { + $rabbit_provider = undef + } + + Class['rabbitmq'] -> Rabbitmq_vhost <| |> + Class['rabbitmq'] -> Rabbitmq_user <| |> + Class['rabbitmq'] -> Rabbitmq_user_permissions <| |> + + # TODO Rabbit HA + class { 'rabbitmq': + package_provider => $rabbit_provider, + config_cluster => false, + node_ip_address => hiera('controller_host'), + } + + rabbitmq_vhost { '/': + provider => 'rabbitmqctl', + } + rabbitmq_user { ['nova','glance','neutron','cinder','ceilometer','heat']: + admin => true, + password => hiera('rabbit_password'), + provider => 'rabbitmqctl', + } + + rabbitmq_user_permissions {[ + 'nova@/', + 'glance@/', + 'neutron@/', + 'cinder@/', + 'ceilometer@/', + 'heat@/', + ]: + configure_permission => '.*', + write_permission => '.*', + read_permission => '.*', + provider => 'rabbitmqctl', + } + + # pre-install swift here so we can build rings + include ::swift + +} #END STEP 1 + +if hiera('step') >= 2 { + + include ::keystone + + #TODO: need a cleanup-keystone-tokens.sh solution here + keystone_config { + 'ec2/driver': value => 'keystone.contrib.ec2.backends.sql.Ec2'; + } + file { [ '/etc/keystone/ssl', '/etc/keystone/ssl/certs', '/etc/keystone/ssl/private' ]: + ensure => 'directory', + owner => 'keystone', + group => 'keystone', + require => Package['keystone'], + } + file { '/etc/keystone/ssl/certs/signing_cert.pem': + content => hiera('keystone_signing_certificate'), + owner => 'keystone', + group => 'keystone', + notify => Service['keystone'], + require => File['/etc/keystone/ssl/certs'], + } + file { '/etc/keystone/ssl/private/signing_key.pem': + content => hiera('keystone_signing_key'), + owner => 'keystone', + group => 'keystone', + notify => Service['keystone'], + require => File['/etc/keystone/ssl/private'], + } + file { '/etc/keystone/ssl/certs/ca.pem': + content => hiera('keystone_ca_certificate'), + owner => 'keystone', + group => 'keystone', + notify => Service['keystone'], + require => File['/etc/keystone/ssl/certs'], + } + + # TODO: notifications, scrubber, etc. + include ::glance::api + include ::glance::registry + #class { 'glance::backend::swift': + #swift_store_auth_address => join(['http://', hiera('controller_virtual_ip'), ':5000/v2.0']), + #} + + class { 'nova': + rabbit_hosts => [hiera('controller_virtual_ip')], + glance_api_servers => join([hiera('glance_protocol'), '://', hiera('controller_virtual_ip'), ':', hiera('glance_port')]), + } + + include ::nova::api + include ::nova::cert + include ::nova::conductor + include ::nova::consoleauth + include ::nova::vncproxy + include ::nova::scheduler + + class {'neutron': + rabbit_hosts => [hiera('controller_virtual_ip')], + } + + include ::neutron::server + include ::neutron::agents::dhcp + include ::neutron::agents::l3 + + file { '/etc/neutron/dnsmasq-neutron.conf': + content => hiera('neutron_dnsmasq_options'), + owner => 'neutron', + group => 'neutron', + notify => Service['neutron-dhcp-service'], + require => Package['neutron'], + } + + class { 'neutron::plugins::ml2': + flat_networks => split(hiera('neutron_flat_networks'), ','), + tenant_network_types => [hiera('neutron_tenant_network_type')], + type_drivers => [hiera('neutron_tenant_network_type')], + } + + class { 'neutron::agents::ml2::ovs': + bridge_mappings => split(hiera('neutron_bridge_mappings'), ','), + tunnel_types => split(hiera('neutron_tunnel_types'), ','), + } + + class { 'neutron::agents::metadata': + auth_url => join(['http://', hiera('controller_virtual_ip'), ':35357/v2.0']), + } + + class {'cinder': + rabbit_hosts => [hiera('controller_virtual_ip')], + } + + include ::cinder::api + include ::cinder::scheduler + include ::cinder::volume + include ::cinder::volume::iscsi + class {'cinder::setup_test_volume': + size => join([hiera('cinder_lvm_loop_device_size'), 'M']), + } + + # swift proxy + include ::memcached + #include ::swift::proxy + #include ::swift::proxy::proxy_logging + #include ::swift::proxy::healthcheck + #include ::swift::proxy::cache + #include ::swift::proxy::keystone + #include ::swift::proxy::authtoken + #include ::swift::proxy::staticweb + #include ::swift::proxy::ceilometer + #include ::swift::proxy::ratelimit + #include ::swift::proxy::catch_errors + #include ::swift::proxy::tempurl + #include ::swift::proxy::formpost + + # swift storage + class {'swift::storage::all': + mount_check => str2bool(hiera('swift_mount_check')) + } + if(!defined(File['/srv/node'])) { + file { '/srv/node': + ensure => directory, + owner => 'swift', + group => 'swift', + require => Package['openstack-swift'], + } + } + $swift_components = ['account', 'container', 'object'] + swift::storage::filter::recon { $swift_components : } + swift::storage::filter::healthcheck { $swift_components : } + + # Ceilometer + include ::ceilometer + include ::ceilometer::api + include ::ceilometer::db + include ::ceilometer::agent::notification + include ::ceilometer::agent::central + include ::ceilometer::alarm::notifier + include ::ceilometer::alarm::evaluator + include ::ceilometer::expirer + include ::ceilometer::collector + class { 'ceilometer::agent::auth': + auth_url => join(['http://', hiera('controller_virtual_ip'), ':5000/v2.0']), + } + + Cron <| title == 'ceilometer-expirer' |> { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" } + + # Heat + include ::heat + include ::heat::api + include ::heat::api_cfn + include ::heat::api_cloudwatch + include ::heat::engine + + heat_config { + 'DEFAULT/instance_user': value => 'heat-admin'; + } + + $snmpd_user = hiera('snmpd_readonly_user_name') + snmp::snmpv3_user { $snmpd_user: + authtype => 'MD5', + authpass => hiera('snmpd_readonly_user_password'), + } + class { 'snmp': + agentaddress => ['udp:161','udp6:[::1]:161'], + snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], + } + +} #END STEP 2 diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp new file mode 100644 index 00000000..8d0ad783 --- /dev/null +++ b/puppet/manifests/overcloud_object.pp @@ -0,0 +1,56 @@ +# Copyright 2015 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +if !str2bool(hiera('enable_package_install', 'false')) { + case $::osfamily { + 'RedHat': { + Package { provider => 'norpm' } # provided by tripleo-puppet + } + default: { + warning('enable_package_install option not supported.') + } + } +} + +if count(hiera('ntp::servers')) > 0 { + include ::ntp +} + +include ::swift +class {'swift::storage::all': + mount_check => str2bool(hiera('swift_mount_check')) +} +if(!defined(File['/srv/node'])) { + file { '/srv/node': + ensure => directory, + owner => 'swift', + group => 'swift', + require => Package['openstack-swift'], + } +} + +$swift_components = ['account', 'container', 'object'] +swift::storage::filter::recon { $swift_components : } +swift::storage::filter::healthcheck { $swift_components : } + +$snmpd_user = hiera('snmpd_readonly_user_name') +snmp::snmpv3_user { $snmpd_user: + authtype => 'MD5', + authpass => hiera('snmpd_readonly_user_password'), +} +class { 'snmp': + agentaddress => ['udp:161','udp6:[::1]:161'], + snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], +} diff --git a/puppet/manifests/overcloud_volume.pp b/puppet/manifests/overcloud_volume.pp new file mode 100644 index 00000000..b433321a --- /dev/null +++ b/puppet/manifests/overcloud_volume.pp @@ -0,0 +1,44 @@ +# Copyright 2015 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +if str2bool(hiera('disable_package_install', 'false')) { + case $::osfamily { + 'RedHat': { + Package { provider => 'norpm' } # provided by tripleo-puppet + } + default: { + warning('disable_package_install option not supported.') + } + } +} + +if count(hiera('ntp::servers')) > 0 { + include ::ntp +} + +include ::cinder +include ::cinder::volume +include ::cinder::volume::iscsi +include ::cinder::setup_test_volume + +$snmpd_user = hiera('snmpd_readonly_user_name') +snmp::snmpv3_user { $snmpd_user: + authtype => 'MD5', + authpass => hiera('snmpd_readonly_user_password'), +} +class { 'snmp': + agentaddress => ['udp:161','udp6:[::1]:161'], + snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], +} diff --git a/puppet/manifests/ringbuilder.pp b/puppet/manifests/ringbuilder.pp new file mode 100644 index 00000000..531706d2 --- /dev/null +++ b/puppet/manifests/ringbuilder.pp @@ -0,0 +1,101 @@ +# Copyright 2015 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +if str2bool(hiera('disable_package_install', 'false')) { + case $::osfamily { + 'RedHat': { + Package { provider => 'norpm' } # provided by tripleo-puppet + } + default: { + warning('disable_package_install option not supported.') + } + } +} + +define add_devices( + $swift_zones = '1' +){ + + # NOTE(dprince): Swift zones is not yet properly wired into the Heat + # templates. See: https://review.openstack.org/#/c/97758/3 + # For now our regex supports the r1z1-192.0.2.6:%PORT%/d1 syntax or the + # newer r1z%<controller or SwiftStorage><N>%-192.0.2.6:%PORT%/d1 syntax. + $server_num_or_device = regsubst($name,'^r1z%+[A-Za-z]*([0-9]+)%+-(.*)$','\1') + if (is_integer($server_num_or_device)) { + $server_num = $server_num_or_device + } else { + $server_num = '1' + } + # Function to place server in its zone. Zone is calculated by + # server number in heat template modulo the number of zones + 1. + $zone = (($server_num%$swift_zones) + 1) + + # add the rings + $base = regsubst($name,'^r1.*-(.*)$','\1') + $object = regsubst($base, '%PORT%', '6000') + ring_object_device { $object: + zone => '1', + weight => 100, + } + $container = regsubst($base, '%PORT%', '6001') + ring_container_device { $container: + zone => '1', + weight => 100, + } + $account = regsubst($base, '%PORT%', '6002') + ring_account_device { $account: + zone => '1', + weight => 100, + } +} + +class tripleo::ringbuilder ( + $swift_zones = '1', + $devices = '', + $build_ring = 'True', + $part_power, + $replicas, + $min_part_hours, +) { + + if str2bool(downcase("$build_ring")) { + + $device_array = strip(split(rstrip($devices), ',')) + + # create local rings + swift::ringbuilder::create{ ['object', 'account', 'container']: + part_power => $part_power, + replicas => $replicas, + min_part_hours => $min_part_hours, + } -> + + # add all other devices + add_devices {$device_array: + swift_zones => $swift_zones + } -> + + # rebalance + swift::ringbuilder::rebalance{ ['object', 'account', 'container']: + seed => 999, + } + + Ring_object_device<| |> ~> Exec['rebalance_object'] + Ring_object_device<| |> ~> Exec['rebalance_account'] + Ring_object_device<| |> ~> Exec['rebalance_container'] + + } +} + +include ::tripleo::ringbuilder |