summaryrefslogtreecommitdiffstats
path: root/components/congress/puppet/manifests
diff options
context:
space:
mode:
authorblsaws <bryan.sullivan@att.com>2016-05-11 21:22:03 -0700
committerblsaws <bs3131@att.com>2016-05-11 21:27:35 -0700
commit2928ffc921af0ec26ccfda1b973f7eebbc64d88f (patch)
tree7b38060b2e1e19f48c3f3eb4c92465b3e71735e3 /components/congress/puppet/manifests
parent2f9c61889d640dce26a9d0350caa43bb2faae82e (diff)
Add baseline puppet module
JIRA: COPPER-2 Change-Id: Ieb773594917aeca48ceca4250de9b4aede9961a8 Signed-off-by: blsaws <bs3131@att.com>
Diffstat (limited to 'components/congress/puppet/manifests')
-rw-r--r--components/congress/puppet/manifests/client.pp27
-rw-r--r--components/congress/puppet/manifests/config.pp30
-rw-r--r--components/congress/puppet/manifests/db.pp97
-rw-r--r--components/congress/puppet/manifests/db/mysql.pp69
-rw-r--r--components/congress/puppet/manifests/db/postgresql.pp55
-rw-r--r--components/congress/puppet/manifests/db/sync.pp14
-rw-r--r--components/congress/puppet/manifests/init.pp410
-rw-r--r--components/congress/puppet/manifests/keystone/auth.pp93
-rw-r--r--components/congress/puppet/manifests/logging.pp251
-rw-r--r--components/congress/puppet/manifests/params.pp31
-rw-r--r--components/congress/puppet/manifests/policy.pp39
-rw-r--r--components/congress/puppet/manifests/service.pp55
12 files changed, 1171 insertions, 0 deletions
diff --git a/components/congress/puppet/manifests/client.pp b/components/congress/puppet/manifests/client.pp
new file mode 100644
index 0000000..bb016e4
--- /dev/null
+++ b/components/congress/puppet/manifests/client.pp
@@ -0,0 +1,27 @@
+# == Class: congress::client
+#
+# Installs congress client.
+#
+# === Parameters
+#
+# [*ensure*]
+# (optional) Ensure state of the package.
+# Defaults to 'present'.
+#
+class congress::client (
+ $ensure = 'present'
+) {
+
+ package { 'python-congressclient':
+ ensure => $ensure,
+ tag => 'openstack',
+ }
+
+ if $ensure == 'present' {
+ include '::openstacklib::openstackclient'
+ } else {
+ class { '::openstacklib::openstackclient':
+ package_ensure => $ensure,
+ }
+ }
+}
diff --git a/components/congress/puppet/manifests/config.pp b/components/congress/puppet/manifests/config.pp
new file mode 100644
index 0000000..0a59d07
--- /dev/null
+++ b/components/congress/puppet/manifests/config.pp
@@ -0,0 +1,30 @@
+# == Class: congress::config
+#
+# This class is used to manage arbitrary congress configurations.
+#
+# === Parameters
+#
+# [*congress_config*]
+# (optional) Allow configuration of arbitrary congress configurations.
+# The value is an hash of congress_config resources. Example:
+# { 'DEFAULT/foo' => { value => 'fooValue'},
+# 'DEFAULT/bar' => { value => 'barValue'}
+# }
+# In yaml format, Example:
+# congress_config:
+# DEFAULT/foo:
+# value: fooValue
+# DEFAULT/bar:
+# value: barValue
+#
+# NOTE: The configuration MUST NOT be already handled by this module
+# or Puppet catalog compilation will fail with duplicate resources.
+#
+class congress::config (
+ $congress_config = {},
+) {
+
+ validate_hash($congress_config)
+
+ create_resources('congress_config', $congress_config)
+}
diff --git a/components/congress/puppet/manifests/db.pp b/components/congress/puppet/manifests/db.pp
new file mode 100644
index 0000000..33dccc4
--- /dev/null
+++ b/components/congress/puppet/manifests/db.pp
@@ -0,0 +1,97 @@
+# == Class: congress::db
+#
+# Configure the congress database connection
+#
+# === Parameters
+#
+# [*database_connection*]
+# Url used to connect to database.
+# (Optional) Defaults to 'sqlite:////var/lib/congress/congress.sqlite'.
+#
+# [*database_idle_timeout*]
+# Timeout when db connections should be reaped.
+# (Optional) Defaults to 3600.
+#
+# [*database_max_retries*]
+# Maximum number of database connection retries during startup.
+# Setting -1 implies an infinite retry count.
+# (Optional) Defaults to 10.
+#
+# [*database_retry_interval*]
+# Interval between retries of opening a database connection.
+# (Optional) Defaults to 10.
+#
+# [*database_min_pool_size*]
+# Minimum number of SQL connections to keep open in a pool.
+# (Optional) Defaults to 1.
+#
+# [*database_max_pool_size*]
+# Maximum number of SQL connections to keep open in a pool.
+# (Optional) Defaults to 10.
+#
+# [*database_max_overflow*]
+# If set, use this value for max_overflow with sqlalchemy.
+# (Optional) Defaults to 20.
+#
+class congress::db (
+ $database_connection = 'sqlite:////var/lib/congress/congress.sqlite',
+ $database_idle_timeout = 3600,
+ $database_min_pool_size = 1,
+ $database_max_pool_size = 10,
+ $database_max_retries = 10,
+ $database_retry_interval = 10,
+ $database_max_overflow = 20,
+) {
+
+ # NOTE(spredzy): In order to keep backward compatibility we rely on the pick function
+ # to use congress::<myparam> if congress::db::<myparam> isn't specified.
+ $database_connection_real = pick($::congress::database_connection, $database_connection)
+ $database_idle_timeout_real = pick($::congress::database_idle_timeout, $database_idle_timeout)
+ $database_min_pool_size_real = pick($::congress::database_min_pool_size, $database_min_pool_size)
+ $database_max_pool_size_real = pick($::congress::database_max_pool_size, $database_max_pool_size)
+ $database_max_retries_real = pick($::congress::database_max_retries, $database_max_retries)
+ $database_retry_interval_real = pick($::congress::database_retry_interval, $database_retry_interval)
+ $database_max_overflow_real = pick($::congress::database_max_overflow, $database_max_overflow)
+
+ validate_re($database_connection_real,
+ '(sqlite|mysql|postgresql):\/\/(\S+:\S+@\S+\/\S+)?')
+
+ if $database_connection_real {
+ case $database_connection_real {
+ /^mysql:\/\//: {
+ $backend_package = false
+ require 'mysql::bindings'
+ require 'mysql::bindings::python'
+ }
+ /^postgresql:\/\//: {
+ $backend_package = false
+ require 'postgresql::lib::python'
+ }
+ /^sqlite:\/\//: {
+ $backend_package = $::congress::params::sqlite_package_name
+ }
+ default: {
+ fail('Unsupported backend configured')
+ }
+ }
+
+ if $backend_package and !defined(Package[$backend_package]) {
+ package {'congress-backend-package':
+ ensure => present,
+ name => $backend_package,
+ tag => 'openstack',
+ }
+ }
+
+ congress_config {
+ 'database/connection': value => $database_connection_real, secret => true;
+ 'database/idle_timeout': value => $database_idle_timeout_real;
+ 'database/min_pool_size': value => $database_min_pool_size_real;
+ 'database/max_retries': value => $database_max_retries_real;
+ 'database/retry_interval': value => $database_retry_interval_real;
+ 'database/max_pool_size': value => $database_max_pool_size_real;
+ 'database/max_overflow': value => $database_max_overflow_real;
+ }
+ }
+
+}
diff --git a/components/congress/puppet/manifests/db/mysql.pp b/components/congress/puppet/manifests/db/mysql.pp
new file mode 100644
index 0000000..456b812
--- /dev/null
+++ b/components/congress/puppet/manifests/db/mysql.pp
@@ -0,0 +1,69 @@
+# The congress::db::mysql class implements mysql backend for congress
+#
+# This class can be used to create tables, users and grant
+# privelege for a mysql congress database.
+#
+# == parameters
+#
+# [*password*]
+# (Mandatory) Password to connect to the database.
+# Defaults to 'false'.
+#
+# [*dbname*]
+# (Optional) Name of the database.
+# Defaults to 'congress'.
+#
+# [*user*]
+# (Optional) User to connect to the database.
+# Defaults to 'congress'.
+#
+# [*host*]
+# (Optional) The default source host user is allowed to connect from.
+# Defaults to '127.0.0.1'
+#
+# [*allowed_hosts*]
+# (Optional) Other hosts the user is allowed to connect from.
+# Defaults to 'undef'.
+#
+# [*charset*]
+# (Optional) The database charset.
+# Defaults to 'utf8'
+#
+# [*collate*]
+# (Optional) The database collate.
+# Only used with mysql modules >= 2.2.
+# Defaults to 'utf8_general_ci'
+#
+# == Dependencies
+# Class['mysql::server']
+#
+# == Examples
+#
+# == Authors
+#
+# == Copyright
+#
+class congress::db::mysql(
+ $password,
+ $dbname = 'congress',
+ $user = 'congress',
+ $host = '127.0.0.1',
+ $charset = 'utf8',
+ $collate = 'utf8_general_ci',
+ $allowed_hosts = undef
+) {
+
+ validate_string($password)
+
+ ::openstacklib::db::mysql { 'congress':
+ user => $user,
+ password_hash => mysql_password($password),
+ dbname => $dbname,
+ host => $host,
+ charset => $charset,
+ collate => $collate,
+ allowed_hosts => $allowed_hosts,
+ }
+
+ ::Openstacklib::Db::Mysql['congress'] ~> Exec<| title == 'congress-manage db_sync' |>
+}
diff --git a/components/congress/puppet/manifests/db/postgresql.pp b/components/congress/puppet/manifests/db/postgresql.pp
new file mode 100644
index 0000000..4766eca
--- /dev/null
+++ b/components/congress/puppet/manifests/db/postgresql.pp
@@ -0,0 +1,55 @@
+# == Class: congress::db::postgresql
+#
+# Class that configures postgresql for congress
+# Requires the Puppetlabs postgresql module.
+#
+# === Parameters
+#
+# [*password*]
+# (Required) Password to connect to the database.
+#
+# [*dbname*]
+# (Optional) Name of the database.
+# Defaults to 'congress'.
+#
+# [*user*]
+# (Optional) User to connect to the database.
+# Defaults to 'congress'.
+#
+# [*encoding*]
+# (Optional) The charset to use for the database.
+# Default to undef.
+#
+# [*privileges*]
+# (Optional) Privileges given to the database user.
+# Default to 'ALL'
+#
+# == Dependencies
+#
+# == Examples
+#
+# == Authors
+#
+# == Copyright
+#
+class congress::db::postgresql(
+ $password,
+ $dbname = 'congress',
+ $user = 'congress',
+ $encoding = undef,
+ $privileges = 'ALL',
+) {
+
+ Class['congress::db::postgresql'] -> Service<| title == 'congress' |>
+
+ ::openstacklib::db::postgresql { 'congress':
+ password_hash => postgresql_password($user, $password),
+ dbname => $dbname,
+ user => $user,
+ encoding => $encoding,
+ privileges => $privileges,
+ }
+
+ ::Openstacklib::Db::Postgresql['congress'] ~> Exec<| title == 'congress-manage db_sync' |>
+
+}
diff --git a/components/congress/puppet/manifests/db/sync.pp b/components/congress/puppet/manifests/db/sync.pp
new file mode 100644
index 0000000..bb07f7e
--- /dev/null
+++ b/components/congress/puppet/manifests/db/sync.pp
@@ -0,0 +1,14 @@
+#
+# Class to execute "congress-manage db_sync
+#
+class congress::db::sync {
+ exec { 'congress-manage db_sync':
+ path => '/usr/bin',
+ user => 'congress',
+ refreshonly => true,
+ subscribe => [Package['congress'], congress_config['database/connection']],
+ require => User['congress'],
+ }
+
+ Exec['congress-manage db_sync'] ~> Service<| title == 'congress' |>
+}
diff --git a/components/congress/puppet/manifests/init.pp b/components/congress/puppet/manifests/init.pp
new file mode 100644
index 0000000..a1367c3
--- /dev/null
+++ b/components/congress/puppet/manifests/init.pp
@@ -0,0 +1,410 @@
+# == Class: congress
+#
+# Module for managing congress config
+#
+# === Parameters
+#
+# [*keystone_password*]
+# (required) Password used to authentication.
+#
+# [*package_ensure*]
+# (optional) Desired ensure state of packages.
+# accepts latest or specific versions.
+# Defaults to present.
+#
+# [*client_package_ensure*]
+# (optional) Desired ensure state of the client package.
+# accepts latest or specific versions.
+# Defaults to present.
+#
+# [*bind_host*]
+# (optional) The IP address that congress binds to.
+# Default to '0.0.0.0'.
+#
+# [*bind_port*]
+# (optional) Port that congress binds to.
+# Defaults to '1789'
+#
+# [*verbose*]
+# (optional) Rather congress should log at verbose level.
+# Defaults to undef.
+#
+# [*debug*]
+# (optional) Rather congress should log at debug level.
+# Defaults to undef.
+#
+# [*auth_type*]
+# (optional) Type is authorization being used.
+# Defaults to 'keystone'
+#
+# [*auth_uri*]
+# (optional) Complete public Identity API endpoint.
+# Defaults to false.
+#
+# [*identity_uri*]
+# (optional) Complete admin Identity API endpoint.
+# Defaults to: false
+#
+# [*keystone_tenant*]
+# (optional) Tenant to authenticate to.
+# Defaults to services.
+#
+# [*keystone_user*]
+# (optional) User to authenticate as with keystone.
+# Defaults to 'congress'.
+#
+# [*manage_service*]
+# (Optional) If Puppet should manage service startup / shutdown.
+# Defaults to true.
+#
+# [*enabled*]
+# (optional) If the congress services should be enabled.
+# Default to true.
+#
+# [*database_connection*]
+# (optional) Url used to connect to database.
+# Defaults to undef.
+#
+# [*database_idle_timeout*]
+# (optional) Timeout when db connections should be reaped.
+# Defaults to undef.
+#
+# [*database_max_retries*]
+# (optional) Maximum number of database connection retries during startup.
+# Setting -1 implies an infinite retry count.
+# (Defaults to undef)
+#
+# [*database_retry_interval*]
+# (optional) Interval between retries of opening a database connection.
+# (Defaults to undef)
+#
+# [*database_min_pool_size*]
+# (optional) Minimum number of SQL connections to keep open in a pool.
+# Defaults to: undef
+#
+# [*database_max_pool_size*]
+# (optional) Maximum number of SQL connections to keep open in a pool.
+# Defaults to: undef
+#
+# [*database_max_overflow*]
+# (optional) If set, use this value for max_overflow with sqlalchemy.
+# Defaults to: undef
+#
+# [*rpc_backend*]
+# (Optional) Use these options to configure the RabbitMQ message system.
+# Defaults to 'rabbit'
+#
+# [*control_exchange*]
+# (Optional)
+# Defaults to 'openstack'.
+#
+# [*rabbit_host*]
+# (Optional) IP or hostname of the rabbit server.
+# Defaults to '127.0.0.1'
+#
+# [*rabbit_port*]
+# (Optional) Port of the rabbit server.
+# Defaults to 5672.
+#
+# [*rabbit_hosts*]
+# (Optional) Array of host:port (used with HA queues).
+# If defined, will remove rabbit_host & rabbit_port parameters from config
+# Defaults to undef.
+#
+# [*rabbit_userid*]
+# (Optional) User to connect to the rabbit server.
+# Defaults to 'guest'
+#
+# [*rabbit_password*]
+# (Required) Password to connect to the rabbit_server.
+# Defaults to empty. Required if using the Rabbit (kombu)
+# backend.
+#
+# [*rabbit_virtual_host*]
+# (Optional) Virtual_host to use.
+# Defaults to '/'
+#
+# [*rabbit_heartbeat_timeout_threshold*]
+# (optional) Number of seconds after which the RabbitMQ broker is considered
+# down if the heartbeat keepalive fails. Any value >0 enables heartbeats.
+# Heartbeating helps to ensure the TCP connection to RabbitMQ isn't silently
+# closed, resulting in missed or lost messages from the queue.
+# (Requires kombu >= 3.0.7 and amqp >= 1.4.0)
+# Defaults to 0
+#
+# [*rabbit_heartbeat_rate*]
+# (optional) How often during the rabbit_heartbeat_timeout_threshold period to
+# check the heartbeat on RabbitMQ connection. (i.e. rabbit_heartbeat_rate=2
+# when rabbit_heartbeat_timeout_threshold=60, the heartbeat will be checked
+# every 30 seconds.
+# Defaults to 2
+#
+# [*rabbit_use_ssl*]
+# (optional) Connect over SSL for RabbitMQ
+# Defaults to false
+#
+# [*kombu_ssl_ca_certs*]
+# (optional) SSL certification authority file (valid only if SSL enabled).
+# Defaults to $::os_service_default
+#
+# [*kombu_ssl_certfile*]
+# (optional) SSL cert file (valid only if SSL enabled).
+# Defaults to $::os_service_default
+#
+# [*kombu_ssl_keyfile*]
+# (optional) SSL key file (valid only if SSL enabled).
+# Defaults to $::os_service_default
+#
+# [*kombu_ssl_version*]
+# (optional) SSL version to use (valid only if SSL enabled).
+# Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be
+# available on some distributions.
+# Defaults to $::os_service_default
+#
+# [*kombu_reconnect_delay*]
+# (optional) How long to wait before reconnecting in response to an AMQP
+# consumer cancel notification.
+# Defaults to $::os_service_default
+#
+# [*amqp_durable_queues*]
+# Use durable queues in amqp.
+# (Optional) Defaults to false.
+#
+# [*service_provider*]
+# (optional) Provider, that can be used for congress service.
+# Default value defined in congress::params for given operation system.
+# If you use Pacemaker or another Cluster Resource Manager, you can make
+# custom service provider for changing start/stop/status behavior of service,
+# and set it here.
+#
+# [*service_name*]
+# (optional) Name of the service that will be providing the
+# server functionality of congress.
+# Defaults to '$::congress::params::service_name'
+#
+# [*sync_db*]
+# (Optional) Run db sync on the node.
+# Defaults to true
+#
+# == Dependencies
+# None
+#
+# == Examples
+#
+# class { 'congress':
+# keystone_password => 'congress',
+# keystone_tenant => 'service',
+# auth_uri => 'http://192.168.122.6:5000/',
+# identity_uri => 'http://192.168.122.6:35357/',
+# database_connection => 'mysql://congress:password@192.168.122.6/congress',
+# rabbit_host => '192.168.122.6',
+# rabbit_password => 'guest',
+# }
+#
+# class { 'congress::db::mysql':
+# password => 'password',
+# host => '192.168.122.6',
+# }
+#
+# class { 'congress::keystone::auth':
+# password => 'congress',
+# tenant => 'service',
+# admin_url => 'http://192.168.122.6:1789',
+# internal_url => 'http://192.168.122.6:1789',
+# public_url => 'http://192.168.122.6:1789',
+# region => 'regionOne',
+# }
+#
+# == Authors
+#
+# Dan Radez <dradez@redhat.com>
+#
+# == Copyright
+#
+# Copyright 2015 Red Hat Inc, unless otherwise noted.
+#
+
+class congress(
+ $keystone_password,
+ $package_ensure = 'present',
+ $client_package_ensure = 'present',
+ $bind_host = '0.0.0.0',
+ $bind_port = '1789',
+ $verbose = undef,
+ $debug = undef,
+ $auth_type = 'keystone',
+ $auth_uri = false,
+ $identity_uri = false,
+ $keystone_tenant = 'services',
+ $keystone_user = 'congress',
+ $manage_service = true,
+ $enabled = true,
+ $database_connection = undef,
+ $database_idle_timeout = undef,
+ $database_max_retries = undef,
+ $database_retry_interval = undef,
+ $database_min_pool_size = undef,
+ $database_max_pool_size = undef,
+ $database_max_overflow = undef,
+ $rpc_backend = 'rabbit',
+ $control_exchange = 'congress',
+ $rabbit_host = '127.0.0.1',
+ $rabbit_port = 5672,
+ $rabbit_hosts = false,
+ $rabbit_virtual_host = '/',
+ $rabbit_heartbeat_timeout_threshold = 0,
+ $rabbit_heartbeat_rate = 2,
+ $rabbit_userid = 'guest',
+ $rabbit_password = false,
+ $rabbit_use_ssl = false,
+ $kombu_ssl_ca_certs = $::os_service_default,
+ $kombu_ssl_certfile = $::os_service_default,
+ $kombu_ssl_keyfile = $::os_service_default,
+ $kombu_ssl_version = $::os_service_default,
+ $kombu_reconnect_delay = $::os_service_default,
+ $amqp_durable_queues = false,
+ $service_provider = $::congress::params::service_provider,
+ $service_name = $::congress::params::service_name,
+) inherits congress::params {
+ congress_config {
+ 'DEFAULT/drivers' : value => 'congress.datasources.neutronv2_driver.NeutronV2Driver,congress.datasources.glancev2_driver.GlanceV2Driver,congress.datasources.nova_driver.NovaDriver,congress.datasources. keystone_driver.KeystoneDriver,congress.datasources.ceilometer_driver.CeilometerDriver,congress.datasources.cinder_driver.CinderDriver';
+ }
+
+ if $identity_uri {
+ congress_config { 'keystone_authtoken/identity_uri': value => $identity_uri; }
+ congress_config { 'keystone_authtoken/auth_url' : value => $identity_uri; }
+ } else {
+ congress_config { 'keystone_authtoken/identity_uri': ensure => absent; }
+ }
+
+ if $auth_uri {
+ congress_config { 'keystone_authtoken/auth_uri': value => $auth_uri; }
+ } else {
+ congress_config { 'keystone_authtoken/auth_uri': ensure => absent; }
+ }
+
+ if $auth_type == 'keystone' {
+ congress_config {
+ 'keystone_authtoken/project_name' : value => $keystone_tenant;
+ 'keystone_authtoken/username' : value => $keystone_user;
+ 'keystone_authtoken/password' : value => $keystone_password, secret => true;
+ }
+ }
+
+ congress_config<||> ~> Service[$service_name]
+ congress_config<||> ~> Exec<| title == 'congress-manage db_sync'|>
+
+ include ::congress::db
+ include ::congress::params
+
+ if $sync_db {
+ include ::congress::db::sync
+ Class['::congress::db::sync'] ~> Service[$service_name]
+ }
+ if $rpc_backend == 'rabbit' {
+
+ if ! $rabbit_password {
+ fail('Please specify a rabbit_password parameter.')
+ }
+
+ congress_config {
+ 'DEFAULT/rabbit_password': value => $rabbit_password, secret => true;
+ 'DEFAULT/rabbit_userid': value => $rabbit_userid;
+ 'DEFAULT/rabbit_virtual_host': value => $rabbit_virtual_host;
+ 'DEFAULT/control_exchange': value => $control_exchange;
+ #'DEFAULT/rabbit_use_ssl': value => $rabbit_use_ssl;
+ #'DEFAULT/kombu_reconnect_delay': value => $kombu_reconnect_delay;
+ #'DEFAULT/heartbeat_timeout_threshold': value => $rabbit_heartbeat_timeout_threshold;
+ #'DEFAULT/heartbeat_rate': value => $rabbit_heartbeat_rate;
+ #'DEFAULT/amqp_durable_queues': value => $amqp_durable_queues;
+ }
+
+ if $rabbit_use_ssl {
+ congress_config {
+ 'DEFAULT/kombu_ssl_version' : value => $kombu_ssl_version;
+ 'DEFAULT/kombu_ssl_ca_certs' : value => $kombu_ssl_ca_certs;
+ 'DEFAULT/kombu_ssl_certfile' : value => $kombu_ssl_certfile;
+ 'DEFAULT/kombu_ssl_keyfile' : value => $kombu_ssl_keyfile;
+ }
+ }
+
+ if $rabbit_hosts {
+ congress_config { 'DEFAULT/rabbit_hosts': value => join($rabbit_hosts, ',') }
+ congress_config { 'DEFAULT/rabbit_ha_queues': value => true }
+ congress_config { 'DEFAULT/rabbit_host': ensure => absent }
+ congress_config { 'DEFAULT/rabbit_port': ensure => absent }
+ } else {
+ congress_config { 'DEFAULT/rabbit_host': value => $rabbit_host }
+ congress_config { 'DEFAULT/rabbit_port': value => $rabbit_port }
+ congress_config { 'DEFAULT/rabbit_hosts': value => "${rabbit_host}:${rabbit_port}" }
+ congress_config { 'DEFAULT/rabbit_ha_queues': value => false }
+ }
+
+ }
+
+ package { 'congress':
+ ensure => $package_ensure,
+ name => $::congress::params::package_name,
+ tag => ['openstack', 'congress-package'],
+ }
+ if $client_package_ensure == 'present' {
+ include '::congress::client'
+ } else {
+ class { '::congress::client':
+ ensure => $client_package_ensure,
+ }
+ }
+
+ group { 'congress':
+ ensure => present,
+ system => true,
+ require => Package['congress'],
+ }
+
+ user { 'congress':
+ ensure => 'present',
+ gid => 'congress',
+ system => true,
+ require => Package['congress'],
+ }
+
+ file { ['/etc/congress', '/var/log/congress', '/var/lib/congress']:
+ ensure => directory,
+ mode => '0750',
+ owner => 'congress',
+ group => 'congress',
+ require => Package['congress'],
+ notify => Service[$service_name],
+ }
+
+ file { '/etc/congress/congress.conf':
+ ensure => present,
+ mode => '0600',
+ owner => 'congress',
+ group => 'congress',
+ require => Package['congress'],
+ notify => Service[$service_name],
+ }
+
+ congress_config {
+ 'DEFAULT/bind_host': value => $bind_host;
+ 'DEFAULT/bind_port': value => $bind_port;
+ }
+
+ if $manage_service {
+ if $enabled {
+ $service_ensure = 'running'
+ } else {
+ $service_ensure = 'stopped'
+ }
+ }
+
+ class { '::congress::service':
+ ensure => $service_ensure,
+ service_name => $service_name,
+ enable => $enabled,
+ hasstatus => true,
+ hasrestart => true,
+ provider => $service_provider,
+ }
+}
diff --git a/components/congress/puppet/manifests/keystone/auth.pp b/components/congress/puppet/manifests/keystone/auth.pp
new file mode 100644
index 0000000..13be1f0
--- /dev/null
+++ b/components/congress/puppet/manifests/keystone/auth.pp
@@ -0,0 +1,93 @@
+# == Class: congress::keystone::auth
+#
+# Configures congress user, service and endpoint in Keystone.
+#
+# === Parameters
+#
+# [*password*]
+# (required) Password for congress user.
+#
+# [*auth_name*]
+# Username for congress service. Defaults to 'congress'.
+#
+# [*email*]
+# Email for congress user. Defaults to 'congress@localhost'.
+#
+# [*tenant*]
+# Tenant for congress user. Defaults to 'services'.
+#
+# [*configure_endpoint*]
+# Should congress endpoint be configured? Defaults to 'true'.
+#
+# [*configure_user*]
+# (Optional) Should the service user be configured?
+# Defaults to 'true'.
+#
+# [*configure_user_role*]
+# (Optional) Should the admin role be configured for the service user?
+# Defaults to 'true'.
+#
+# [*service_type*]
+# Type of service. Defaults to 'NFV'.
+#
+# [*admin_url*]
+# (optional) The endpoint's admin url. (Defaults to 'http://127.0.0.1:1789')
+# This url should *not* contain any version or trailing '/'.
+#
+# [*internal_url*]
+# (optional) The endpoint's internal url. (Defaults to 'http://127.0.0.1:1789')
+# This url should *not* contain any version or trailing '/'.
+#
+# [*public_url*]
+# (optional) The endpoint's public url. (Defaults to 'http://127.0.0.1:1789')
+# This url should *not* contain any version or trailing '/'.
+#
+# [*region*]
+# Region for endpoint. Defaults to 'RegionOne'.
+#
+# [*service_name*]
+# (optional) Name of the service.
+# Defaults to the value of auth_name.
+#
+#
+class congress::keystone::auth (
+ $password,
+ $auth_name = 'congress',
+ $email = 'congress@localhost',
+ $tenant = 'services',
+ $configure_endpoint = true,
+ $configure_user = true,
+ $configure_user_role = true,
+ $service_name = undef,
+ $service_type = 'servicevm',
+ $admin_url = 'http://127.0.0.1:1789',
+ $internal_url = 'http://127.0.0.1:1789',
+ $public_url = 'http://127.0.0.1:1789',
+ $region = 'RegionOne'
+) {
+
+ $real_service_name = pick($service_name, $auth_name)
+
+ if $configure_user_role {
+ Keystone_user_role["${auth_name}@${tenant}"] ~> Service <| name == 'congress-server' |>
+ }
+ Keystone_endpoint["${region}/${real_service_name}"] ~> Service <| name == 'congress-server' |>
+
+ keystone::resource::service_identity { 'congress':
+ configure_user => $configure_user,
+ configure_user_role => $configure_user_role,
+ configure_endpoint => $configure_endpoint,
+ service_name => $real_service_name,
+ service_type => $service_type,
+ service_description => 'congress VNF Manager service',
+ region => $region,
+ auth_name => $auth_name,
+ password => $password,
+ email => $email,
+ tenant => $tenant,
+ admin_url => "${admin_url}/",
+ internal_url => "${internal_url}/",
+ public_url => "${public_url}/",
+ }
+
+}
diff --git a/components/congress/puppet/manifests/logging.pp b/components/congress/puppet/manifests/logging.pp
new file mode 100644
index 0000000..7bcdc00
--- /dev/null
+++ b/components/congress/puppet/manifests/logging.pp
@@ -0,0 +1,251 @@
+# Class congress::logging
+#
+# congress logging configuration
+#
+# == parameters
+#
+# [*verbose*]
+# (Optional) Should the daemons log verbose messages
+# Defaults to false.
+#
+# [*debug*]
+# (Optional) Should the daemons log debug messages
+# Defaults to false.
+#
+# [*use_syslog*]
+# (Optional) Use syslog for logging.
+# Defaults to false.
+#
+# [*use_stderr*]
+# (optional) Use stderr for logging
+# Defaults to true.
+#
+# [*log_facility*]
+# (Optional) Syslog facility to receive log lines.
+# Defaults to 'LOG_USER'.
+#
+# [*log_dir*]
+# (optional) Directory where logs should be stored.
+# If set to boolean false, it will not log to any directory.
+# Defaults to '/var/log/congress'.
+#
+# [*logging_context_format_string*]
+# (optional) Format string to use for log messages with context.
+# Defaults to undef.
+# Example: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s\
+# [%(request_id)s %(user_identity)s] %(instance)s%(message)s'
+#
+# [*logging_default_format_string*]
+# (optional) Format string to use for log messages without context.
+# Defaults to undef.
+# Example: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s\
+# [-] %(instance)s%(message)s'
+#
+# [*logging_debug_format_suffix*]
+# (optional) Formatted data to append to log format when level is DEBUG.
+# Defaults to undef.
+# Example: '%(funcName)s %(pathname)s:%(lineno)d'
+#
+# [*logging_exception_prefix*]
+# (optional) Prefix each line of exception output with this format.
+# Defaults to undef.
+# Example: '%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s'
+#
+# [*log_config_append*]
+# The name of an additional logging configuration file.
+# Defaults to undef.
+# See https://docs.python.org/2/howto/logging.html
+#
+# [*default_log_levels*]
+# (optional) Hash of logger (keys) and level (values) pairs.
+# Defaults to undef.
+# Example:
+# { 'amqp' => 'WARN', 'amqplib' => 'WARN', 'boto' => 'WARN',
+# 'qpid' => 'WARN', 'sqlalchemy' => 'WARN', 'suds' => 'INFO',
+# 'oslo.messaging' => 'INFO', 'iso8601' => 'WARN',
+# 'requests.packages.urllib3.connectionpool' => 'WARN',
+# 'urllib3.connectionpool' => 'WARN',
+# 'websocket' => 'WARN', 'congressmiddleware' => 'WARN',
+# 'routes.middleware' => 'WARN', stevedore => 'WARN' }
+#
+# [*publish_errors*]
+# (optional) Publish error events (boolean value).
+# Defaults to undef (false if unconfigured).
+#
+# [*fatal_deprecations*]
+# (optional) Make deprecations fatal (boolean value)
+# Defaults to undef (false if unconfigured).
+#
+# [*instance_format*]
+# (optional) If an instance is passed with the log message, format it
+# like this (string value).
+# Defaults to undef.
+# Example: '[instance: %(uuid)s] '
+#
+# [*instance_uuid_format*]
+# (optional) If an instance UUID is passed with the log message, format
+# it like this (string value).
+# Defaults to undef.
+# Example: instance_uuid_format='[instance: %(uuid)s] '
+#
+# [*log_date_format*]
+# (optional) Format string for %%(asctime)s in log records.
+# Defaults to undef.
+# Example: 'Y-%m-%d %H:%M:%S'
+
+class congress::logging(
+ $use_syslog = false,
+ $use_stderr = true,
+ $log_facility = 'LOG_USER',
+ $log_dir = '/var/log/congress',
+ $verbose = false,
+ $debug = false,
+ $logging_context_format_string = undef,
+ $logging_default_format_string = undef,
+ $logging_debug_format_suffix = undef,
+ $logging_exception_prefix = undef,
+ $log_config_append = undef,
+ $default_log_levels = undef,
+ $publish_errors = undef,
+ $fatal_deprecations = undef,
+ $instance_format = undef,
+ $instance_uuid_format = undef,
+ $log_date_format = undef,
+) {
+
+ congress_config {
+ 'DEFAULT/use_syslog' : value => $use_syslog;
+ 'DEFAULT/use_stderr' : value => $use_stderr;
+ 'DEFAULT/log_dir' : value => $log_dir;
+ 'DEFAULT/verbose' : value => $verbose;
+ 'DEFAULT/debug' : value => $debug;
+ 'DEFAULT/syslog_log_facility' : value => $log_facility;
+ }
+
+ if $logging_context_format_string {
+ congress_config {
+ 'DEFAULT/logging_context_format_string' :
+ value => $logging_context_format_string;
+ }
+ }
+ else {
+ congress_config {
+ 'DEFAULT/logging_context_format_string' : ensure => absent;
+ }
+ }
+
+ if $logging_default_format_string {
+ congress_config {
+ 'DEFAULT/logging_default_format_string' :
+ value => $logging_default_format_string;
+ }
+ }
+ else {
+ congress_config {
+ 'DEFAULT/logging_default_format_string' : ensure => absent;
+ }
+ }
+
+ if $logging_debug_format_suffix {
+ congress_config {
+ 'DEFAULT/logging_debug_format_suffix' :
+ value => $logging_debug_format_suffix;
+ }
+ }
+ else {
+ congress_config {
+ 'DEFAULT/logging_debug_format_suffix' : ensure => absent;
+ }
+ }
+
+ if $logging_exception_prefix {
+ congress_config {
+ 'DEFAULT/logging_exception_prefix' : value => $logging_exception_prefix;
+ }
+ }
+ else {
+ congress_config {
+ 'DEFAULT/logging_exception_prefix' : ensure => absent;
+ }
+ }
+
+ if $log_config_append {
+ congress_config {
+ 'DEFAULT/log_config_append' : value => $log_config_append;
+ }
+ }
+ else {
+ congress_config {
+ 'DEFAULT/log_config_append' : ensure => absent;
+ }
+ }
+
+ if $default_log_levels {
+ congress_config {
+ 'DEFAULT/default_log_levels' :
+ value => join(sort(join_keys_to_values($default_log_levels, '=')), ',');
+ }
+ }
+ else {
+ congress_config {
+ 'DEFAULT/default_log_levels' : ensure => absent;
+ }
+ }
+
+ if $publish_errors {
+ congress_config {
+ 'DEFAULT/publish_errors' : value => $publish_errors;
+ }
+ }
+ else {
+ congress_config {
+ 'DEFAULT/publish_errors' : ensure => absent;
+ }
+ }
+
+ if $fatal_deprecations {
+ congress_config {
+ 'DEFAULT/fatal_deprecations' : value => $fatal_deprecations;
+ }
+ }
+ else {
+ congress_config {
+ 'DEFAULT/fatal_deprecations' : ensure => absent;
+ }
+ }
+
+ if $instance_format {
+ congress_config {
+ 'DEFAULT/instance_format' : value => $instance_format;
+ }
+ }
+ else {
+ congress_config {
+ 'DEFAULT/instance_format' : ensure => absent;
+ }
+ }
+
+ if $instance_uuid_format {
+ congress_config {
+ 'DEFAULT/instance_uuid_format' : value => $instance_uuid_format;
+ }
+ }
+ else {
+ congress_config {
+ 'DEFAULT/instance_uuid_format' : ensure => absent;
+ }
+ }
+
+ if $log_date_format {
+ congress_config {
+ 'DEFAULT/log_date_format' : value => $log_date_format;
+ }
+ }
+ else {
+ congress_config {
+ 'DEFAULT/log_date_format' : ensure => absent;
+ }
+ }
+
+
+}
diff --git a/components/congress/puppet/manifests/params.pp b/components/congress/puppet/manifests/params.pp
new file mode 100644
index 0000000..f2ceed0
--- /dev/null
+++ b/components/congress/puppet/manifests/params.pp
@@ -0,0 +1,31 @@
+#
+# This class contains the platform differences for congress
+#
+class congress::params {
+ $client_package_name = 'python-congressclient'
+
+ case $::osfamily {
+ 'Debian': {
+ $package_name = 'congress'
+ $service_name = 'congress'
+ $python_memcache_package_name = 'python-memcache'
+ $sqlite_package_name = 'python-pysqlite2'
+ $paste_config = undef
+ case $::operatingsystem {
+ 'Debian': {
+ $service_provider = undef
+ }
+ default: {
+ $service_provider = 'upstart'
+ }
+ }
+ }
+ 'RedHat': {
+ $package_name = 'openstack-congress'
+ $service_name = 'openstack-congress'
+ $python_memcache_package_name = 'python-memcached'
+ $sqlite_package_name = undef
+ $service_provider = undef
+ }
+ }
+}
diff --git a/components/congress/puppet/manifests/policy.pp b/components/congress/puppet/manifests/policy.pp
new file mode 100644
index 0000000..cdca472
--- /dev/null
+++ b/components/congress/puppet/manifests/policy.pp
@@ -0,0 +1,39 @@
+# == Class: congress::policy
+#
+# Configure the congress policies
+#
+# === Parameters
+#
+# [*policies*]
+# (optional) Set of policies to configure for congress
+# Example :
+# {
+# 'congress-context_is_admin' => {
+# 'key' => 'context_is_admin',
+# 'value' => 'true'
+# },
+# 'congress-default' => {
+# 'key' => 'default',
+# 'value' => 'rule:admin_or_owner'
+# }
+# }
+# Defaults to empty hash.
+#
+# [*policy_path*]
+# (optional) Path to the nova policy.json file
+# Defaults to /etc/congress/policy.json
+#
+class congress::policy (
+ $policies = {},
+ $policy_path = '/etc/congress/policy.json',
+) {
+
+ validate_hash($policies)
+
+ Openstacklib::Policy::Base {
+ file_path => $policy_path,
+ }
+
+ create_resources('openstacklib::policy::base', $policies)
+
+}
diff --git a/components/congress/puppet/manifests/service.pp b/components/congress/puppet/manifests/service.pp
new file mode 100644
index 0000000..f802e9a
--- /dev/null
+++ b/components/congress/puppet/manifests/service.pp
@@ -0,0 +1,55 @@
+# == Class congress::service
+#
+# Encapsulates the congress service to a class.
+# This allows resources that require congress to
+# require this class, which can optionally
+# validate that the service can actually accept
+# connections.
+#
+# === Parameters
+#
+# [*ensure*]
+# (optional) The desired state of the congress service
+# Defaults to undef
+#
+# [*service_name*]
+# (optional) The name of the congress service
+# Defaults to $::congress::params::service_name
+#
+# [*enable*]
+# (optional) Whether to enable the congress service
+# Defaults to true
+#
+# [*hasstatus*]
+# (optional) Whether the congress service has status
+# Defaults to true
+#
+# [*hasrestart*]
+# (optional) Whether the congress service has restart
+# Defaults to true
+#
+# [*provider*]
+# (optional) Provider for congress service
+# Defaults to $::congress::params::service_provider
+#
+class congress::service(
+ $ensure = undef,
+ $service_name = $::congress::params::service_name,
+ $enable = true,
+ $hasstatus = true,
+ $hasrestart = true,
+ $provider = $::congress::params::service_provider,
+) {
+ include ::congress::params
+
+ service { 'congress':
+ ensure => $ensure,
+ name => $service_name,
+ enable => $enable,
+ hasstatus => $hasstatus,
+ hasrestart => $hasrestart,
+ provider => $provider,
+ tag => 'congress-service',
+ }
+
+}