Keystone DB sync - update puppet manifest for dcdbsync service

This commit adds dcorch dbsync sysinv puppet plugin. It also updates controller manifest to deploy and configure the service, and sm manifest to manage the service. With this commit, dbsync service will be deployed, configured, and started after config_controller. Story: 2002842 Task: 22787 Depends-On: https://review.openstack.org/#/c/642125 Depends-On: https://review.openstack.org/#/c/641779 Change-Id: I5e24a7d5c7126a691fe0a8ff46b0c14ab3185660 Signed-off-by: Andy Ning <andy.ning@windriver.com>
2018-12-20 11:22:14 -05:00 · 2018-12-20 11:22:14 -05:00 · 047eda8ea5
commit 047eda8ea5
parent 05ffbecdb2
9 changed files with 189 additions and 8 deletions
--- a/puppet-manifests/centos/build_srpm.data
+++ b/puppet-manifests/centos/build_srpm.data
@ -1,2 +1,2 @@
 SRC_DIR="src"
-TIS_PATCH_VER=80
+TIS_PATCH_VER=81
--- a/puppet-manifests/centos/puppet-manifests.spec
+++ b/puppet-manifests/centos/puppet-manifests.spec
@ -22,6 +22,7 @@ Requires: puppet-sysinv
 Requires: puppet-sshd
 Requires: puppet-smapi
 Requires: puppet-fm
+Requires: puppet-dcdbsync

 # Openstack puppet modules
 Requires: puppet-aodh
--- a/puppet-manifests/src/hieradata/controller.yaml
+++ b/puppet-manifests/src/hieradata/controller.yaml
@ -536,6 +536,11 @@ dcmanager::use_syslog: true
 dcmanager::log_facility: 'local2'
 dcmanager::debug: false

+# Dcdbsync
+dbsync::use_syslog: true
+dbsync::log_facility: 'local2'
+dbsync::debug: false
+
 # FM
 fm::use_syslog: true
 fm::log_facility: 'local2'
--- a/puppet-manifests/src/manifests/controller.pp
+++ b/puppet-manifests/src/manifests/controller.pp
@ -133,6 +133,9 @@ include ::platform::dcmanager::api

 include ::platform::dcorch::snmp

+include ::platform::dcdbsync
+include ::platform::dcdbsync::api
+
 include ::platform::smapi

 include ::openstack::swift
--- a/puppet-manifests/src/modules/openstack/templates/keystone-policy.json.erb
+++ b/puppet-manifests/src/modules/openstack/templates/keystone-policy.json.erb
@ -27,7 +27,8 @@
                           ["'murano':%(target.user.name)s"],
                           ["'panko':%(target.user.name)s"],
                           ["'gnocchi':%(target.user.name)s"],
-                           ["'fm':%(target.user.name)s"]],
+                           ["'fm':%(target.user.name)s"],
+                           ["'dcdbsync':%(target.user.name)s"]],

    "identity:delete_service": "rule:admin_required and not rule:protected_services",

--- a/puppet-manifests/src/modules/platform/manifests/dcdbsync.pp
+++ b/puppet-manifests/src/modules/platform/manifests/dcdbsync.pp
@ -0,0 +1,44 @@
+class platform::dcdbsync::params (
+  $api_port = 8219,
+  $region_name = undef,
+  $service_create = false,
+  $service_enabled = false,
+  $default_endpoint_type = 'internalURL',
+) {
+  include ::platform::params
+}
+
+class platform::dcdbsync
+  inherits ::platform::dcdbsync::params {
+  if ($::platform::params::distributed_cloud_role == 'systemcontroller' or
+      $::platform::params::distributed_cloud_role == 'subcloud') {
+    if $service_create {
+      if $::platform::params::init_keystone {
+        include ::dcdbsync::keystone::auth
+      }
+
+      class { '::dcdbsync': }
+    }
+  }
+}
+
+class platform::dcdbsync::api
+  inherits ::platform::dcdbsync::params {
+  if ($::platform::params::distributed_cloud_role == 'systemcontroller' or
+      $::platform::params::distributed_cloud_role == 'subcloud') {
+    if $service_create {
+      include ::platform::network::mgmt::params
+
+      $api_host = $::platform::network::mgmt::params::controller_address
+      $api_fqdn = $::platform::params::controller_hostname
+      $url_host = "http://${api_fqdn}:${api_port}"
+
+      class { '::dcdbsync::api':
+        bind_host => $api_host,
+        bind_port => $api_port,
+        enabled   => $service_enabled,
+      }
+    }
+  }
+}
+
--- a/puppet-manifests/src/modules/platform/manifests/sm.pp
+++ b/puppet-manifests/src/modules/platform/manifests/sm.pp
@ -572,6 +572,22 @@ class platform::sm
    if $::platform::params::distributed_cloud_role =='subcloud' {
      $configure_keystone = true

+      # Provision and configure dcorch dbsync when running as a subcloud
+      exec { 'Provision distributed-cloud-services (service-domain-member distributed-cloud-services)':
+        command => 'sm-provision service-domain-member controller distributed-cloud-services',
+      }
+      -> exec { 'Provision distributed-cloud-services (service-group distributed-cloud-services)':
+        command => 'sm-provision service-group distributed-cloud-services',
+      }
+      -> exec { 'Provision DCDBsync-RestApi (service-group-member dcdbsync-api)':
+        command => 'sm-provision service-group-member distributed-cloud-services dcdbsync-api',
+      }
+      -> exec { 'Provision DCDBsync-RestApi in SM (service dcdbsync-api)':
+        command => 'sm-provision service dcdbsync-api',
+      }
+      -> exec { 'Configure OpenStack - DCDBsync-API':
+        command => "sm-configure service_instance dcdbsync-api dcdbsync-api \"\"",
+      }
      # Deprovision Horizon when running as a subcloud
      exec { 'Deprovision OpenStack - Horizon (service-group-member)':
        command => 'sm-deprovision service-group-member web-services horizon',
@ -1698,6 +1714,12 @@ class platform::sm
    -> exec { 'Provision DCOrch-Patch-Api-Proxy in SM (service dcorch-patch-api-proxy)':
      command => 'sm-provision service dcorch-patch-api-proxy',
    }
+    -> exec { 'Provision DCDBsync-RestApi (service-group-member dcdbsync-api)':
+      command => 'sm-provision service-group-member distributed-cloud-services dcdbsync-api',
+    }
+    -> exec { 'Provision DCDBsync-RestApi in SM (service dcdbsync-api)':
+      command => 'sm-provision service dcdbsync-api',
+    }
    -> exec { 'Configure Platform - DCManager-Manager':
      command => "sm-configure service_instance dcmanager-manager dcmanager-manager \"\"",
    }
@ -1725,6 +1747,9 @@ class platform::sm
    -> exec { 'Configure OpenStack - DCOrch-patch-api-proxy':
      command => "sm-configure service_instance dcorch-patch-api-proxy dcorch-patch-api-proxy \"\"",
    }
+    -> exec { 'Configure OpenStack - DCDBsync-API':
+      command => "sm-configure service_instance dcdbsync-api dcdbsync-api \"\"",
+    }
    if $cinder_service_enabled {
      notice('Enable cinder-api-proxy')
      exec { 'Provision DCOrch-Cinder-Api-Proxy (service-group-member dcorch-cinder-api-proxy)':
--- a/sysinv/sysinv/sysinv/setup.cfg
+++ b/sysinv/sysinv/sysinv/setup.cfg
@ -66,12 +66,13 @@ systemconfig.puppet_plugins =
    026_panko = sysinv.puppet.panko:PankoPuppet
    027_dcmanager = sysinv.puppet.dcmanager:DCManagerPuppet
    028_dcorch = sysinv.puppet.dcorch:DCOrchPuppet
-    029_kubernetes = sysinv.puppet.kubernetes:KubernetesPuppet
-    030_smapi = sysinv.puppet.smapi:SmPuppet
-    031_fm = sysinv.puppet.fm:FmPuppet
-    032_swift = sysinv.puppet.swift:SwiftPuppet
-    033_service_parameter = sysinv.puppet.service_parameter:ServiceParamPuppet
-    034_barbican = sysinv.puppet.barbican:BarbicanPuppet
+    029_dcdbsync = sysinv.puppet.dcdbsync:DCDBsyncPuppet
+    030_kubernetes = sysinv.puppet.kubernetes:KubernetesPuppet
+    031_smapi = sysinv.puppet.smapi:SmPuppet
+    032_fm = sysinv.puppet.fm:FmPuppet
+    033_swift = sysinv.puppet.swift:SwiftPuppet
+    034_service_parameter = sysinv.puppet.service_parameter:ServiceParamPuppet
+    035_barbican = sysinv.puppet.barbican:BarbicanPuppet

 systemconfig.helm_plugins =
    aodh = sysinv.helm.aodh:AodhHelm
--- a/sysinv/sysinv/sysinv/sysinv/puppet/dcdbsync.py
+++ b/sysinv/sysinv/sysinv/sysinv/puppet/dcdbsync.py
@ -0,0 +1,101 @@
+#
+# Copyright (c) 2019 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+from sysinv.common import constants
+from sysinv.puppet import openstack
+
+
+class DCDBsyncPuppet(openstack.OpenstackBasePuppet):
+    """Class to encapsulate puppet operations for dcdbsync
+     configuration"""
+
+    SERVICE_NAME = 'dcdbsync'
+    SERVICE_PORT = 8219
+    SERVICE_PATH = 'v1.0'
+    IDENTITY_SERVICE_NAME = 'keystone'
+    IDENTITY_SERVICE_DB = 'keystone'
+
+    def get_static_config(self):
+        dbuser = self._get_database_username(self.IDENTITY_SERVICE_NAME)
+
+        return {
+            'dcdbsync::db::postgresql::user': dbuser,
+        }
+
+    def get_secure_static_config(self):
+        dbpass = self._get_database_password(self.IDENTITY_SERVICE_NAME)
+        kspass = self._get_service_password(self.SERVICE_NAME)
+
+        # initial bootstrap is bound to localhost
+        dburl = self._format_database_connection(self.IDENTITY_SERVICE_NAME,
+                                                 constants.LOCALHOST_HOSTNAME,
+                                                 database=self.IDENTITY_SERVICE_DB)
+        return {
+            'dcdbsync::database_connection': dburl,
+            'dcdbsync::db::postgresql::password': dbpass,
+            'dcdbsync::keystone::auth::password': kspass,
+            'dcdbsync::api::keystone_password': kspass,
+        }
+
+    def get_system_config(self):
+        ksuser = self._get_service_user_name(self.SERVICE_NAME)
+
+        return {
+            # The region in which the identity server can be found
+            'dcdbsync::region_name': self._keystone_region_name(),
+
+            'dcdbsync::keystone::auth::public_url': self.get_public_url(),
+            'dcdbsync::keystone::auth::internal_url': self.get_internal_url(),
+            'dcdbsync::keystone::auth::admin_url': self.get_admin_url(),
+            'dcdbsync::keystone::auth::region': self._region_name(),
+            'dcdbsync::keystone::auth::auth_name': ksuser,
+            'dcdbsync::keystone::auth::auth_domain':
+                self._get_service_user_domain_name(),
+            'dcdbsync::keystone::auth::service_name': self.SERVICE_NAME,
+            'dcdbsync::keystone::auth::tenant': self._get_service_tenant_name(),
+            'dcdbsync::api::bind_host': self._get_management_address(),
+            'dcdbsync::api::keystone_auth_uri': self._keystone_auth_uri(),
+            'dcdbsync::api::keystone_identity_uri':
+                self._keystone_identity_uri(),
+            'dcdbsync::api::keystone_tenant': self._get_service_project_name(),
+            'dcdbsync::api::keystone_user_domain':
+                self._get_service_user_domain_name(),
+            'dcdbsync::api::keystone_project_domain':
+                self._get_service_project_domain_name(),
+            'dcdbsync::api::keystone_user': ksuser,
+            'platform::dcdbsync::params::region_name': self.get_region_name(),
+            'platform::dcdbsync::params::service_create':
+                self._to_create_services(),
+        }
+
+    def get_secure_system_config(self):
+        dbpass = self._get_database_password(self.IDENTITY_SERVICE_NAME)
+        kspass = self._get_service_password(self.SERVICE_NAME)
+
+        return {
+            'dcdbsync::database_connection':
+                self._format_database_connection(
+                    self.IDENTITY_SERVICE_NAME,
+                    database=self.IDENTITY_SERVICE_DB),
+            'dcdbsync::db::postgresql::password': dbpass,
+            'dcdbsync::keystone::auth::password': kspass,
+            'dcdbsync::api::keystone_password': kspass,
+        }
+
+    def get_public_url(self):
+        return self._format_public_endpoint(self.SERVICE_PORT,
+                                            path=self.SERVICE_PATH)
+
+    def get_internal_url(self):
+        return self._format_private_endpoint(self.SERVICE_PORT,
+                                             path=self.SERVICE_PATH)
+
+    def get_admin_url(self):
+        return self._format_private_endpoint(self.SERVICE_PORT,
+                                             path=self.SERVICE_PATH)
+
+    def get_region_name(self):
+        return self._get_service_region_name(self.SERVICE_NAME)