summaryrefslogtreecommitdiffstats
path: root/puppet/manifests/overcloud_controller_pacemaker.pp
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/manifests/overcloud_controller_pacemaker.pp')
-rw-r--r--puppet/manifests/overcloud_controller_pacemaker.pp342
1 files changed, 68 insertions, 274 deletions
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index 4e0d1c37..30345694 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -24,7 +24,6 @@ Service <|
tag == 'cinder-service' or
tag == 'ceilometer-service' or
tag == 'gnocchi-service' or
- tag == 'heat-service' or
tag == 'neutron-service' or
tag == 'nova-service' or
tag == 'sahara-service'
@@ -66,18 +65,6 @@ if hiera('step') >= 1 {
include ::ntp
}
- $controller_node_ips = split(hiera('controller_node_ips'), ',')
- $controller_node_names = split(downcase(hiera('controller_node_names')), ',')
- if $enable_load_balancer {
- class { '::tripleo::loadbalancer' :
- controller_hosts => $controller_node_ips,
- controller_hosts_names => $controller_node_names,
- manage_vip => false,
- mysql_clustercheck => true,
- haproxy_service_manage => false,
- }
- }
-
$pacemaker_cluster_members = downcase(regsubst(hiera('controller_node_names'), ',', ' ', 'G'))
$corosync_ipv6 = str2bool(hiera('corosync_ipv6', false))
if $corosync_ipv6 {
@@ -114,35 +101,6 @@ if hiera('step') >= 1 {
op_params => 'start timeout=200s stop timeout=200s',
}
- # Only configure RabbitMQ in this step, don't start it yet to
- # avoid races where non-master nodes attempt to start without
- # config (eg. binding on 0.0.0.0)
- # The module ignores erlang_cookie if cluster_config is false
- $rabbit_ipv6 = str2bool(hiera('rabbit_ipv6', false))
- if $rabbit_ipv6 {
- $rabbit_env = merge(hiera('rabbitmq_environment'), {
- 'RABBITMQ_SERVER_START_ARGS' => '"-proto_dist inet6_tcp"'
- })
- } else {
- $rabbit_env = hiera('rabbitmq_environment')
- }
-
- class { '::rabbitmq':
- service_manage => false,
- tcp_keepalive => false,
- config_kernel_variables => hiera('rabbitmq_kernel_variables'),
- config_variables => hiera('rabbitmq_config_variables'),
- environment_variables => $rabbit_env,
- } ->
- file { '/var/lib/rabbitmq/.erlang.cookie':
- ensure => file,
- owner => 'rabbitmq',
- group => 'rabbitmq',
- mode => '0400',
- content => hiera('rabbitmq::erlang_cookie'),
- replace => true,
- }
-
if downcase(hiera('ceilometer_backend')) == 'mongodb' {
include ::mongodb::globals
include ::mongodb::client
@@ -151,11 +109,6 @@ if hiera('step') >= 1 {
}
}
- # Memcached
- class {'::memcached' :
- service_manage => false,
- }
-
# Redis
class { '::redis' :
service_manage => false,
@@ -239,77 +192,12 @@ if hiera('step') >= 2 {
if $pacemaker_master {
- if $enable_load_balancer {
-
- include ::pacemaker::resource_defaults
-
- # Create an openstack-core dummy resource. See RHBZ 1290121
- pacemaker::resource::ocf { 'openstack-core':
- ocf_agent_name => 'heartbeat:Dummy',
- clone_params => true,
- }
- # FIXME: we should not have to access tripleo::loadbalancer class
- # parameters here to configure pacemaker VIPs. The configuration
- # of pacemaker VIPs could move into puppet-tripleo or we should
- # make use of less specific hiera parameters here for the settings.
- pacemaker::resource::service { 'haproxy':
- clone_params => true,
- }
-
- $control_vip = hiera('tripleo::loadbalancer::controller_virtual_ip')
- tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_control_vip':
- vip_name => 'control',
- ip_address => $control_vip,
- }
-
- $public_vip = hiera('tripleo::loadbalancer::public_virtual_ip')
- tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_public_vip':
- ensure => $public_vip and $public_vip != $control_vip,
- vip_name => 'public',
- ip_address => $public_vip,
- }
-
- $redis_vip = hiera('redis_vip')
- tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_redis_vip':
- ensure => $redis_vip and $redis_vip != $control_vip,
- vip_name => 'redis',
- ip_address => $redis_vip,
- }
-
-
- $internal_api_vip = hiera('tripleo::loadbalancer::internal_api_virtual_ip')
- tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_internal_api_vip':
- ensure => $internal_api_vip and $internal_api_vip != $control_vip,
- vip_name => 'internal_api',
- ip_address => $internal_api_vip,
- }
+ include ::pacemaker::resource_defaults
- $storage_vip = hiera('tripleo::loadbalancer::storage_virtual_ip')
- tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_storage_vip':
- ensure => $storage_vip and $storage_vip != $control_vip,
- vip_name => 'storage',
- ip_address => $storage_vip,
- }
-
- $storage_mgmt_vip = hiera('tripleo::loadbalancer::storage_mgmt_virtual_ip')
- tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_storage_mgmt_vip':
- ensure => $storage_mgmt_vip and $storage_mgmt_vip != $control_vip,
- vip_name => 'storage_mgmt',
- ip_address => $storage_mgmt_vip,
- }
- }
-
- pacemaker::resource::service { $::memcached::params::service_name :
- clone_params => 'interleave=true',
- require => Class['::memcached'],
- }
-
- pacemaker::resource::ocf { 'rabbitmq':
- ocf_agent_name => 'heartbeat:rabbitmq-cluster',
- resource_params => 'set_policy=\'ha-all ^(?!amq\.).* {"ha-mode":"all"}\'',
- clone_params => 'ordered=true interleave=true',
- meta_params => 'notify=true',
- require => Class['::rabbitmq'],
+ # Create an openstack-core dummy resource. See RHBZ 1290121
+ pacemaker::resource::ocf { 'openstack-core':
+ ocf_agent_name => 'heartbeat:Dummy',
+ clone_params => true,
}
if downcase(hiera('ceilometer_backend')) == 'mongodb' {
@@ -349,6 +237,16 @@ if hiera('step') >= 2 {
}
}
+ $mysql_root_password = hiera('mysql::server::root_password')
+ $mysql_clustercheck_password = hiera('mysql_clustercheck_password')
+ # This step is to create a sysconfig clustercheck file with the root user and empty password
+ # on the first install only (because later on the clustercheck db user will be used)
+ # We are using exec and not file in order to not have duplicate definition errors in puppet
+ # when we later set the the file to contain the clustercheck data
+ exec { 'create-root-sysconfig-clustercheck':
+ command => "/bin/echo 'MYSQL_USERNAME=root\nMYSQL_PASSWORD=\'\'\nMYSQL_HOST=localhost\n' > /etc/sysconfig/clustercheck",
+ unless => '/bin/test -e /etc/sysconfig/clustercheck && grep -q clustercheck /etc/sysconfig/clustercheck',
+ }
exec { 'galera-ready' :
command => '/usr/bin/clustercheck >/dev/null',
@@ -356,14 +254,7 @@ if hiera('step') >= 2 {
tries => 180,
try_sleep => 10,
environment => ['AVAILABLE_WHEN_READONLY=0'],
- require => File['/etc/sysconfig/clustercheck'],
- }
-
- file { '/etc/sysconfig/clustercheck' :
- ensure => file,
- content => "MYSQL_USERNAME=root\n
-MYSQL_PASSWORD=''\n
-MYSQL_HOST=localhost\n",
+ require => Exec['create-root-sysconfig-clustercheck'],
}
xinetd::service { 'galera-monitor' :
@@ -376,7 +267,24 @@ MYSQL_HOST=localhost\n",
service_type => 'UNLISTED',
user => 'root',
group => 'root',
- require => File['/etc/sysconfig/clustercheck'],
+ require => Exec['create-root-sysconfig-clustercheck'],
+ }
+ # We add a clustercheck db user and we will switch /etc/sysconfig/clustercheck
+ # to it in a later step. We do this only on one node as it will replicate on
+ # the other members. We also make sure that the permissions are the minimum necessary
+ if $pacemaker_master {
+ mysql_user { 'clustercheck@localhost':
+ ensure => 'present',
+ password_hash => mysql_password($mysql_clustercheck_password),
+ require => Exec['galera-ready'],
+ }
+ mysql_grant { 'clustercheck@localhost/*.*':
+ ensure => 'present',
+ options => ['GRANT'],
+ privileges => ['PROCESS'],
+ table => '*.*',
+ user => 'clustercheck@localhost',
+ }
}
# Create all the database schemas
@@ -393,9 +301,6 @@ MYSQL_HOST=localhost\n",
class { '::cinder::db::mysql':
require => Exec['galera-ready'],
}
- class { '::heat::db::mysql':
- require => Exec['galera-ready'],
- }
if downcase(hiera('ceilometer_backend')) == 'mysql' {
class { '::ceilometer::db::mysql':
@@ -470,6 +375,17 @@ MYSQL_HOST=localhost\n",
} #END STEP 2
if hiera('step') >= 4 or ( hiera('step') >= 3 and $sync_db ) {
+ # At this stage we are guaranteed that the clustercheck db user exists
+ # so we switch the resource agent to use it.
+ file { '/etc/sysconfig/clustercheck' :
+ ensure => file,
+ mode => '0600',
+ owner => 'root',
+ group => 'root',
+ content => "MYSQL_USERNAME=clustercheck\n
+MYSQL_PASSWORD='${mysql_clustercheck_password}'\n
+MYSQL_HOST=localhost\n",
+ }
$nova_ipv6 = hiera('nova::use_ipv6', false)
if $nova_ipv6 {
@@ -626,7 +542,6 @@ if hiera('step') >= 4 or ( hiera('step') >= 3 and $sync_db ) {
include ::cinder
include ::cinder::config
- include ::tripleo::ssl::cinder_config
class { '::cinder::api':
sync_db => $sync_db,
manage_service => false,
@@ -867,29 +782,6 @@ if hiera('step') >= 4 or ( hiera('step') >= 3 and $sync_db ) {
Cron <| title == 'ceilometer-expirer' |> { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" }
- # Heat
- include ::heat::config
- class { '::heat' :
- sync_db => $sync_db,
- notification_driver => 'messaging',
- }
- class { '::heat::api' :
- manage_service => false,
- enabled => false,
- }
- class { '::heat::api_cfn' :
- manage_service => false,
- enabled => false,
- }
- class { '::heat::api_cloudwatch' :
- manage_service => false,
- enabled => false,
- }
- class { '::heat::engine' :
- manage_service => false,
- enabled => false,
- }
-
# httpd/apache and horizon
# NOTE(gfidente): server-status can be consumed by the pacemaker resource agent
class { '::apache' :
@@ -992,9 +884,31 @@ if hiera('step') >= 4 or ( hiera('step') >= 3 and $sync_db ) {
} #END STEP 4
if hiera('step') >= 5 {
+ # We now make sure that the root db password is set to a random one
+ # At first installation /root/.my.cnf will be empty and we connect without a root
+ # password. On second runs or updates /root/.my.cnf will already be populated
+ # with proper credentials. This step happens on every node because this sql
+ # statement does not automatically replicate across nodes.
+ exec { 'galera-set-root-password':
+ command => "/bin/touch /root/.my.cnf && /bin/echo \"UPDATE mysql.user SET Password = PASSWORD('${mysql_root_password}') WHERE user = 'root'; flush privileges;\" | /bin/mysql --defaults-extra-file=/root/.my.cnf -u root",
+ }
+ file { '/root/.my.cnf' :
+ ensure => file,
+ mode => '0600',
+ owner => 'root',
+ group => 'root',
+ content => "[client]
+user=root
+password=\"${mysql_root_password}\"
+
+[mysql]
+user=root
+password=\"${mysql_root_password}\"",
+ require => Exec['galera-set-root-password'],
+ }
+
$nova_enable_db_purge = hiera('nova_enable_db_purge', true)
$cinder_enable_db_purge = hiera('cinder_enable_db_purge', true)
- $heat_enable_db_purge = hiera('heat_enable_db_purge', true)
if $nova_enable_db_purge {
include ::nova::cron::archive_deleted_rows
@@ -1002,9 +916,6 @@ if hiera('step') >= 5 {
if $cinder_enable_db_purge {
include ::cinder::cron::db_purge
}
- if $heat_enable_db_purge {
- include ::heat::cron::purge_deleted
- }
if $pacemaker_master {
@@ -1017,15 +928,6 @@ if hiera('step') >= 5 {
require => [Pacemaker::Resource::Service[$::apache::params::service_name],
Pacemaker::Resource::Ocf['openstack-core']],
}
- pacemaker::constraint::base { 'memcached-then-openstack-core-constraint':
- constraint_type => 'order',
- first_resource => 'memcached-clone',
- second_resource => 'openstack-core-clone',
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service['memcached'],
- Pacemaker::Resource::Ocf['openstack-core']],
- }
pacemaker::constraint::base { 'galera-then-openstack-core-constraint':
constraint_type => 'order',
first_resource => 'galera-master',
@@ -1324,11 +1226,6 @@ if hiera('step') >= 5 {
pacemaker::resource::service { $::ceilometer::params::agent_notification_service_name :
clone_params => 'interleave=true',
}
- pacemaker::resource::ocf { 'delay' :
- ocf_agent_name => 'heartbeat:Delay',
- clone_params => 'interleave=true',
- resource_params => 'startdelay=10',
- }
# Fedora doesn't know `require-all` parameter for constraints yet
if $::operatingsystem == 'Fedora' {
$redis_ceilometer_constraint_params = undef
@@ -1400,22 +1297,6 @@ if hiera('step') >= 5 {
require => [Pacemaker::Resource::Service[$::ceilometer::params::api_service_name],
Pacemaker::Resource::Service[$::ceilometer::params::collector_service_name]],
}
- pacemaker::constraint::base { 'ceilometer-api-then-ceilometer-delay-constraint':
- constraint_type => 'order',
- first_resource => "${::ceilometer::params::api_service_name}-clone",
- second_resource => 'delay-clone',
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::ceilometer::params::api_service_name],
- Pacemaker::Resource::Ocf['delay']],
- }
- pacemaker::constraint::colocation { 'ceilometer-delay-with-ceilometer-api-colocation':
- source => 'delay-clone',
- target => "${::ceilometer::params::api_service_name}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::ceilometer::params::api_service_name],
- Pacemaker::Resource::Ocf['delay']],
- }
# Aodh
pacemaker::resource::service { $::aodh::params::evaluator_service_name :
clone_params => 'interleave=true',
@@ -1426,22 +1307,6 @@ if hiera('step') >= 5 {
pacemaker::resource::service { $::aodh::params::listener_service_name :
clone_params => 'interleave=true',
}
- pacemaker::constraint::base { 'aodh-delay-then-aodh-evaluator-constraint':
- constraint_type => 'order',
- first_resource => 'delay-clone',
- second_resource => "${::aodh::params::evaluator_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name],
- Pacemaker::Resource::Ocf['delay']],
- }
- pacemaker::constraint::colocation { 'aodh-evaluator-with-aodh-delay-colocation':
- source => "${::aodh::params::evaluator_service_name}-clone",
- target => 'delay-clone',
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name],
- Pacemaker::Resource::Ocf['delay']],
- }
pacemaker::constraint::base { 'aodh-evaluator-then-aodh-notifier-constraint':
constraint_type => 'order',
first_resource => "${::aodh::params::evaluator_service_name}-clone",
@@ -1510,77 +1375,6 @@ if hiera('step') >= 5 {
Pacemaker::Resource::Service[$::gnocchi::params::statsd_service_name]],
}
- # Heat
- pacemaker::resource::service { $::heat::params::api_service_name :
- clone_params => 'interleave=true',
- }
- pacemaker::resource::service { $::heat::params::api_cloudwatch_service_name :
- clone_params => 'interleave=true',
- }
- pacemaker::resource::service { $::heat::params::api_cfn_service_name :
- clone_params => 'interleave=true',
- }
- pacemaker::resource::service { $::heat::params::engine_service_name :
- clone_params => 'interleave=true',
- }
- pacemaker::constraint::base { 'heat-api-then-heat-api-cfn-constraint':
- constraint_type => 'order',
- first_resource => "${::heat::params::api_service_name}-clone",
- second_resource => "${::heat::params::api_cfn_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::heat::params::api_service_name],
- Pacemaker::Resource::Service[$::heat::params::api_cfn_service_name]],
- }
- pacemaker::constraint::colocation { 'heat-api-cfn-with-heat-api-colocation':
- source => "${::heat::params::api_cfn_service_name}-clone",
- target => "${::heat::params::api_service_name}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::heat::params::api_cfn_service_name],
- Pacemaker::Resource::Service[$::heat::params::api_service_name]],
- }
- pacemaker::constraint::base { 'heat-api-cfn-then-heat-api-cloudwatch-constraint':
- constraint_type => 'order',
- first_resource => "${::heat::params::api_cfn_service_name}-clone",
- second_resource => "${::heat::params::api_cloudwatch_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::heat::params::api_cloudwatch_service_name],
- Pacemaker::Resource::Service[$::heat::params::api_cfn_service_name]],
- }
- pacemaker::constraint::colocation { 'heat-api-cloudwatch-with-heat-api-cfn-colocation':
- source => "${::heat::params::api_cloudwatch_service_name}-clone",
- target => "${::heat::params::api_cfn_service_name}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::heat::params::api_cfn_service_name],
- Pacemaker::Resource::Service[$::heat::params::api_cloudwatch_service_name]],
- }
- pacemaker::constraint::base { 'heat-api-cloudwatch-then-heat-engine-constraint':
- constraint_type => 'order',
- first_resource => "${::heat::params::api_cloudwatch_service_name}-clone",
- second_resource => "${::heat::params::engine_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::heat::params::api_cloudwatch_service_name],
- Pacemaker::Resource::Service[$::heat::params::engine_service_name]],
- }
- pacemaker::constraint::colocation { 'heat-engine-with-heat-api-cloudwatch-colocation':
- source => "${::heat::params::engine_service_name}-clone",
- target => "${::heat::params::api_cloudwatch_service_name}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::heat::params::api_cloudwatch_service_name],
- Pacemaker::Resource::Service[$::heat::params::engine_service_name]],
- }
- pacemaker::constraint::base { 'ceilometer-notification-then-heat-api-constraint':
- constraint_type => 'order',
- first_resource => "${::ceilometer::params::agent_notification_service_name}-clone",
- second_resource => "${::heat::params::api_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::heat::params::api_service_name],
- Pacemaker::Resource::Service[$::ceilometer::params::agent_notification_service_name]],
- }
-
# Horizon and Keystone
pacemaker::resource::service { $::apache::params::service_name:
clone_params => 'interleave=true',