aboutsummaryrefslogtreecommitdiffstats
path: root/puppet/manifests/overcloud_controller_pacemaker.pp
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/manifests/overcloud_controller_pacemaker.pp')
-rw-r--r--puppet/manifests/overcloud_controller_pacemaker.pp449
1 files changed, 34 insertions, 415 deletions
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index 0bee6b00..cfa693be 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -21,10 +21,7 @@ Pcmk_resource <| |> {
# TODO(jistr): use pcs resource provider instead of just no-ops
Service <|
tag == 'aodh-service' or
- tag == 'ceilometer-service' or
- tag == 'gnocchi-service' or
- tag == 'neutron-service' or
- tag == 'nova-service'
+ tag == 'gnocchi-service'
|> {
hasrestart => true,
restart => '/bin/true',
@@ -53,12 +50,6 @@ $non_pcmk_start = hiera('step') >= 5
if hiera('step') >= 1 {
- create_resources(kmod::load, hiera('kernel_modules'), {})
- create_resources(sysctl::value, hiera('sysctl_settings'), {})
- Exec <| tag == 'kmod::load' |> -> Sysctl <| |>
-
- include ::timezone
-
$pacemaker_cluster_members = downcase(regsubst(hiera('controller_node_names'), ',', ' ', 'G'))
$corosync_ipv6 = str2bool(hiera('corosync_ipv6', false))
if $corosync_ipv6 {
@@ -95,10 +86,6 @@ if hiera('step') >= 1 {
op_params => 'start timeout=200s stop timeout=200s',
}
- if downcase(hiera('ceilometer_backend')) == 'mongodb' {
- include ::mongodb::params
- }
-
# Galera
if str2bool(hiera('enable_galera', true)) {
$mysql_config_file = '/etc/my.cnf.d/galera.cnf'
@@ -194,48 +181,25 @@ if hiera('step') >= 2 {
require => Class['::mysql::server'],
before => Exec['galera-ready'],
}
- }
- $mysql_root_password = hiera('mysql::server::root_password')
- $mysql_clustercheck_password = hiera('mysql_clustercheck_password')
- # This step is to create a sysconfig clustercheck file with the root user and empty password
- # on the first install only (because later on the clustercheck db user will be used)
- # We are using exec and not file in order to not have duplicate definition errors in puppet
- # when we later set the the file to contain the clustercheck data
- exec { 'create-root-sysconfig-clustercheck':
- command => "/bin/echo 'MYSQL_USERNAME=root\nMYSQL_PASSWORD=\'\'\nMYSQL_HOST=localhost\n' > /etc/sysconfig/clustercheck",
- unless => '/bin/test -e /etc/sysconfig/clustercheck && grep -q clustercheck /etc/sysconfig/clustercheck',
- }
- exec { 'galera-ready' :
- command => '/usr/bin/clustercheck >/dev/null',
- timeout => 30,
- tries => 180,
- try_sleep => 10,
- environment => ['AVAILABLE_WHEN_READONLY=0'],
- require => Exec['create-root-sysconfig-clustercheck'],
- }
+ exec { 'galera-ready' :
+ command => '/usr/bin/clustercheck >/dev/null',
+ timeout => 30,
+ tries => 180,
+ try_sleep => 10,
+ environment => ['AVAILABLE_WHEN_READONLY=0'],
+ require => Exec['create-root-sysconfig-clustercheck'],
+ }
- xinetd::service { 'galera-monitor' :
- port => '9200',
- server => '/usr/bin/clustercheck',
- per_source => 'UNLIMITED',
- log_on_success => '',
- log_on_failure => 'HOST',
- flags => 'REUSE',
- service_type => 'UNLISTED',
- user => 'root',
- group => 'root',
- require => Exec['create-root-sysconfig-clustercheck'],
- }
- # We add a clustercheck db user and we will switch /etc/sysconfig/clustercheck
- # to it in a later step. We do this only on one node as it will replicate on
- # the other members. We also make sure that the permissions are the minimum necessary
- if $pacemaker_master {
+ # We add a clustercheck db user and we will switch /etc/sysconfig/clustercheck
+ # to it in a later step. We do this only on one node as it will replicate on
+ # the other members. We also make sure that the permissions are the minimum necessary
mysql_user { 'clustercheck@localhost':
ensure => 'present',
- password_hash => mysql_password($mysql_clustercheck_password),
+ password_hash => mysql_password(hiera('mysql_clustercheck_password')),
require => Exec['galera-ready'],
}
+
mysql_grant { 'clustercheck@localhost/*.*':
ensure => 'present',
options => ['GRANT'],
@@ -243,15 +207,6 @@ if hiera('step') >= 2 {
table => '*.*',
user => 'clustercheck@localhost',
}
- }
-
- # Create all the database schemas
- if $sync_db {
- if downcase(hiera('ceilometer_backend')) == 'mysql' {
- class { '::ceilometer::db::mysql':
- require => Exec['galera-ready'],
- }
- }
if downcase(hiera('gnocchi_indexer_backend')) == 'mysql' {
class { '::gnocchi::db::mysql':
@@ -261,65 +216,36 @@ if hiera('step') >= 2 {
class { '::aodh::db::mysql':
require => Exec['galera-ready'],
- }
- }
-
- # Ceph
- $enable_ceph = hiera('ceph_storage_count', 0) > 0 or hiera('enable_ceph_storage', false)
-
- if $enable_ceph {
- $mon_initial_members = downcase(hiera('ceph_mon_initial_members'))
- if str2bool(hiera('ceph_ipv6', false)) {
- $mon_host = hiera('ceph_mon_host_v6')
- } else {
- $mon_host = hiera('ceph_mon_host')
- }
- class { '::ceph::profile::params':
- mon_initial_members => $mon_initial_members,
- mon_host => $mon_host,
}
- include ::ceph::conf
- include ::ceph::profile::mon
}
-
- if str2bool(hiera('enable_ceph_storage', false)) {
- if str2bool(hiera('ceph_osd_selinux_permissive', true)) {
- exec { 'set selinux to permissive on boot':
- command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config",
- onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config",
- path => ['/usr/bin', '/usr/sbin'],
- }
-
- exec { 'set selinux to permissive':
- command => 'setenforce 0',
- onlyif => "which setenforce && getenforce | grep -i 'enforcing'",
- path => ['/usr/bin', '/usr/sbin'],
- } -> Class['ceph::profile::osd']
- }
-
- include ::ceph::conf
- include ::ceph::profile::osd
+ # This step is to create a sysconfig clustercheck file with the root user and empty password
+ # on the first install only (because later on the clustercheck db user will be used)
+ # We are using exec and not file in order to not have duplicate definition errors in puppet
+ # when we later set the the file to contain the clustercheck data
+ exec { 'create-root-sysconfig-clustercheck':
+ command => "/bin/echo 'MYSQL_USERNAME=root\nMYSQL_PASSWORD=\'\'\nMYSQL_HOST=localhost\n' > /etc/sysconfig/clustercheck",
+ unless => '/bin/test -e /etc/sysconfig/clustercheck && grep -q clustercheck /etc/sysconfig/clustercheck',
}
- if str2bool(hiera('enable_external_ceph', false)) {
- if str2bool(hiera('ceph_ipv6', false)) {
- $mon_host = hiera('ceph_mon_host_v6')
- } else {
- $mon_host = hiera('ceph_mon_host')
- }
- class { '::ceph::profile::params':
- mon_host => $mon_host,
- }
- include ::ceph::conf
- include ::ceph::profile::client
+ xinetd::service { 'galera-monitor' :
+ port => '9200',
+ server => '/usr/bin/clustercheck',
+ per_source => 'UNLIMITED',
+ log_on_success => '',
+ log_on_failure => 'HOST',
+ flags => 'REUSE',
+ service_type => 'UNLISTED',
+ user => 'root',
+ group => 'root',
+ require => Exec['create-root-sysconfig-clustercheck'],
}
-
} #END STEP 2
if hiera('step') >= 4 or ( hiera('step') >= 3 and $sync_db ) {
# At this stage we are guaranteed that the clustercheck db user exists
# so we switch the resource agent to use it.
+ $mysql_clustercheck_password = hiera('mysql_clustercheck_password')
file { '/etc/sysconfig/clustercheck' :
ensure => file,
mode => '0600',
@@ -343,170 +269,6 @@ MYSQL_HOST=localhost\n",
include ::nova::config
- if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' {
-
- # TODO(devvesa) provide non-controller ips for these services
- $zookeeper_node_ips = hiera('neutron_api_node_ips')
- $cassandra_node_ips = hiera('neutron_api_node_ips')
-
- # Run zookeeper in the controller if configured
- if hiera('enable_zookeeper_on_controller') {
- class {'::tripleo::cluster::zookeeper':
- zookeeper_server_ips => $zookeeper_node_ips,
- # TODO: create a 'bind' hiera key for zookeeper
- zookeeper_client_ip => hiera('neutron::bind_host'),
- zookeeper_hostnames => split(hiera('controller_node_names'), ',')
- }
- }
-
- # Run cassandra in the controller if configured
- if hiera('enable_cassandra_on_controller') {
- class {'::tripleo::cluster::cassandra':
- cassandra_servers => $cassandra_node_ips,
- # TODO: create a 'bind' hiera key for cassandra
- cassandra_ip => hiera('neutron::bind_host'),
- }
- }
-
- class {'::tripleo::network::midonet::agent':
- zookeeper_servers => $zookeeper_node_ips,
- cassandra_seeds => $cassandra_node_ips
- }
-
- class {'::tripleo::network::midonet::api':
- zookeeper_servers => $zookeeper_node_ips,
- vip => hiera('public_virtual_ip'),
- keystone_ip => hiera('public_virtual_ip'),
- keystone_admin_token => hiera('keystone::admin_token'),
- # TODO: create a 'bind' hiera key for api
- bind_address => hiera('neutron::bind_host'),
- admin_password => hiera('admin_password')
- }
-
- # Configure Neutron
- # TODO: when doing the composable midonet plugin, don't forget to
- # set service_plugins to an empty array in Hiera.
- class {'::neutron':
- service_plugins => []
- }
-
- }
-
- if hiera('neutron::core_plugin') == 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2' {
- include ::neutron::plugins::opencontrail
- }
- if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' {
- class {'::neutron::plugins::midonet':
- midonet_api_ip => hiera('public_virtual_ip'),
- keystone_tenant => hiera('neutron::server::auth_tenant'),
- keystone_password => hiera('neutron::server::password')
- }
- }
-
- if $enable_ceph {
- $ceph_pools = hiera('ceph_pools')
- ceph::pool { $ceph_pools :
- pg_num => hiera('ceph::profile::params::osd_pool_default_pg_num'),
- pgp_num => hiera('ceph::profile::params::osd_pool_default_pgp_num'),
- size => hiera('ceph::profile::params::osd_pool_default_size'),
- }
- }
-
- # swift storage
- if str2bool(hiera('enable_swift_storage', true)) {
- class {'::swift::storage::all':
- mount_check => str2bool(hiera('swift_mount_check')),
- }
- class {'::swift::storage::account':
- manage_service => $non_pcmk_start,
- enabled => $non_pcmk_start,
- }
- class {'::swift::storage::container':
- manage_service => $non_pcmk_start,
- enabled => $non_pcmk_start,
- }
- class {'::swift::storage::object':
- manage_service => $non_pcmk_start,
- enabled => $non_pcmk_start,
- }
- if(!defined(File['/srv/node'])) {
- file { '/srv/node':
- ensure => directory,
- owner => 'swift',
- group => 'swift',
- require => Package['openstack-swift'],
- }
- }
- $swift_components = ['account', 'container', 'object']
- swift::storage::filter::recon { $swift_components : }
- swift::storage::filter::healthcheck { $swift_components : }
- }
-
- # Ceilometer
- case downcase(hiera('ceilometer_backend')) {
- /mysql/: {
- $ceilometer_database_connection = hiera('ceilometer_mysql_conn_string')
- }
- default: {
- $mongo_node_string = join($mongo_node_ips_with_port, ',')
- $ceilometer_database_connection = "mongodb://${mongo_node_string}/ceilometer?replicaSet=${mongodb_replset}"
- }
- }
- include ::ceilometer
- include ::ceilometer::config
- class { '::ceilometer::api' :
- manage_service => false,
- enabled => false,
- }
- class { '::ceilometer::agent::notification' :
- manage_service => false,
- enabled => false,
- }
- class { '::ceilometer::agent::central' :
- manage_service => false,
- enabled => false,
- }
- class { '::ceilometer::collector' :
- manage_service => false,
- enabled => false,
- }
- include ::ceilometer::expirer
- class { '::ceilometer::db' :
- database_connection => $ceilometer_database_connection,
- sync_db => $sync_db,
- }
- include ::ceilometer::agent::auth
- include ::ceilometer::dispatcher::gnocchi
-
- Cron <| title == 'ceilometer-expirer' |> { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" }
-
- # httpd/apache and horizon
- # NOTE(gfidente): server-status can be consumed by the pacemaker resource agent
- class { '::apache' :
- service_enable => false,
- # service_manage => false, # <-- not supported with horizon&apache mod_wsgi?
- }
- include ::apache::mod::remoteip
- include ::apache::mod::status
- if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') {
- $_profile_support = 'cisco'
- } else {
- $_profile_support = 'None'
- }
- $neutron_options = {'profile_support' => $_profile_support }
-
- $memcached_ipv6 = hiera('memcached_ipv6', false)
- if $memcached_ipv6 {
- $horizon_memcached_servers = hiera('memcache_node_ips_v6', '[::1]')
- } else {
- $horizon_memcached_servers = hiera('memcache_node_ips', '127.0.0.1')
- }
-
- class { '::horizon':
- cache_server_ip => $horizon_memcached_servers,
- neutron_options => $neutron_options,
- }
-
# Aodh
class { '::aodh' :
database_connection => hiera('aodh_mysql_conn_string'),
@@ -567,16 +329,6 @@ MYSQL_HOST=localhost\n",
enabled => false,
}
- $snmpd_user = hiera('snmpd_readonly_user_name')
- snmp::snmpv3_user { $snmpd_user:
- authtype => 'MD5',
- authpass => hiera('snmpd_readonly_user_password'),
- }
- class { '::snmp':
- agentaddress => ['udp:161','udp6:[::1]:161'],
- snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
- }
-
hiera_include('controller_classes')
} #END STEP 4
@@ -587,6 +339,7 @@ if hiera('step') >= 5 {
# password. On second runs or updates /root/.my.cnf will already be populated
# with proper credentials. This step happens on every node because this sql
# statement does not automatically replicate across nodes.
+ $mysql_root_password = hiera('mysql::server::root_password')
exec { 'galera-set-root-password':
command => "/bin/touch /root/.my.cnf && /bin/echo \"UPDATE mysql.user SET Password = PASSWORD('${mysql_root_password}') WHERE user = 'root'; flush privileges;\" | /bin/mysql --defaults-extra-file=/root/.my.cnf -u root",
}
@@ -632,49 +385,6 @@ password=\"${mysql_root_password}\"",
Pacemaker::Resource::Ocf['openstack-core']],
}
- if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' {
- pacemaker::resource::service {'tomcat':
- clone_params => 'interleave=true',
- }
- }
- if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' {
- #midonet-chain chain keystone-->neutron-server-->dhcp-->metadata->tomcat
- pacemaker::constraint::base { 'neutron-server-to-dhcp-agent-constraint':
- constraint_type => 'order',
- first_resource => "${::neutron::params::server_service}-clone",
- second_resource => "${::neutron::params::dhcp_agent_service}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::neutron::params::server_service],
- Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]],
- }
- pacemaker::constraint::base { 'neutron-dhcp-agent-to-metadata-agent-constraint':
- constraint_type => 'order',
- first_resource => "${::neutron::params::dhcp_agent_service}-clone",
- second_resource => "${::neutron::params::metadata_agent_service}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service],
- Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service]],
- }
- pacemaker::constraint::base { 'neutron-metadata-agent-to-tomcat-constraint':
- constraint_type => 'order',
- first_resource => "${::neutron::params::metadata_agent_service}-clone",
- second_resource => 'tomcat-clone',
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service],
- Pacemaker::Resource::Service['tomcat']],
- }
- pacemaker::constraint::colocation { 'neutron-dhcp-agent-to-metadata-agent-colocation':
- source => "${::neutron::params::metadata_agent_service}-clone",
- target => "${::neutron::params::dhcp_agent_service}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service],
- Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service]],
- }
- }
-
# Nova
pacemaker::constraint::base { 'keystone-then-nova-consoleauth-constraint':
constraint_type => 'order',
@@ -757,49 +467,12 @@ password=\"${mysql_root_password}\"",
Pacemaker::Resource::Service[$::nova::params::conductor_service_name]],
}
- # Ceilometer and Aodh
- case downcase(hiera('ceilometer_backend')) {
- /mysql/: {
- pacemaker::resource::service { $::ceilometer::params::agent_central_service_name:
- clone_params => 'interleave=true',
- require => Pacemaker::Resource::Ocf['openstack-core'],
- }
- }
- default: {
- pacemaker::resource::service { $::ceilometer::params::agent_central_service_name:
- clone_params => 'interleave=true',
- require => [Pacemaker::Resource::Ocf['openstack-core'],
- Pacemaker::Resource::Service[$::mongodb::params::service_name]],
- }
- }
- }
- pacemaker::resource::service { $::ceilometer::params::collector_service_name :
- clone_params => 'interleave=true',
- }
- pacemaker::resource::service { $::ceilometer::params::api_service_name :
- clone_params => 'interleave=true',
- }
- pacemaker::resource::service { $::ceilometer::params::agent_notification_service_name :
- clone_params => 'interleave=true',
- }
# Fedora doesn't know `require-all` parameter for constraints yet
if $::operatingsystem == 'Fedora' {
- $redis_ceilometer_constraint_params = undef
$redis_aodh_constraint_params = undef
} else {
- $redis_ceilometer_constraint_params = 'require-all=false'
$redis_aodh_constraint_params = 'require-all=false'
}
- pacemaker::constraint::base { 'redis-then-ceilometer-central-constraint':
- constraint_type => 'order',
- first_resource => 'redis-master',
- second_resource => "${::ceilometer::params::agent_central_service_name}-clone",
- first_action => 'promote',
- second_action => 'start',
- constraint_params => $redis_ceilometer_constraint_params,
- require => [Pacemaker::Resource::Ocf['redis'],
- Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name]],
- }
pacemaker::constraint::base { 'redis-then-aodh-evaluator-constraint':
constraint_type => 'order',
first_resource => 'redis-master',
@@ -810,49 +483,6 @@ password=\"${mysql_root_password}\"",
require => [Pacemaker::Resource::Ocf['redis'],
Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name]],
}
- pacemaker::constraint::base { 'keystone-then-ceilometer-central-constraint':
- constraint_type => 'order',
- first_resource => 'openstack-core-clone',
- second_resource => "${::ceilometer::params::agent_central_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name],
- Pacemaker::Resource::Ocf['openstack-core']],
- }
- pacemaker::constraint::base { 'keystone-then-ceilometer-notification-constraint':
- constraint_type => 'order',
- first_resource => 'openstack-core-clone',
- second_resource => "${::ceilometer::params::agent_notification_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name],
- Pacemaker::Resource::Ocf['openstack-core']],
- }
- pacemaker::constraint::base { 'ceilometer-central-then-ceilometer-collector-constraint':
- constraint_type => 'order',
- first_resource => "${::ceilometer::params::agent_central_service_name}-clone",
- second_resource => "${::ceilometer::params::collector_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name],
- Pacemaker::Resource::Service[$::ceilometer::params::collector_service_name]],
- }
- pacemaker::constraint::base { 'ceilometer-collector-then-ceilometer-api-constraint':
- constraint_type => 'order',
- first_resource => "${::ceilometer::params::collector_service_name}-clone",
- second_resource => "${::ceilometer::params::api_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::ceilometer::params::collector_service_name],
- Pacemaker::Resource::Service[$::ceilometer::params::api_service_name]],
- }
- pacemaker::constraint::colocation { 'ceilometer-api-with-ceilometer-collector-colocation':
- source => "${::ceilometer::params::api_service_name}-clone",
- target => "${::ceilometer::params::collector_service_name}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::ceilometer::params::api_service_name],
- Pacemaker::Resource::Service[$::ceilometer::params::collector_service_name]],
- }
# Aodh
pacemaker::resource::service { $::aodh::params::evaluator_service_name :
clone_params => 'interleave=true',
@@ -895,17 +525,6 @@ password=\"${mysql_root_password}\"",
require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name],
Pacemaker::Resource::Service[$::aodh::params::listener_service_name]],
}
- if downcase(hiera('ceilometer_backend')) == 'mongodb' {
- pacemaker::constraint::base { 'mongodb-then-ceilometer-central-constraint':
- constraint_type => 'order',
- first_resource => "${::mongodb::params::service_name}-clone",
- second_resource => "${::ceilometer::params::agent_central_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name],
- Pacemaker::Resource::Service[$::mongodb::params::service_name]],
- }
- }
# gnocchi
pacemaker::resource::service { $::gnocchi::params::metricd_service_name :