diff --git a/docs/packstack.rst b/docs/packstack.rst index 6c9556865..629af5320 100644 --- a/docs/packstack.rst +++ b/docs/packstack.rst @@ -1070,32 +1070,12 @@ MONGODB Config parameters Redis Config parameters ----------------------- -**CONFIG_REDIS_MASTER_HOST** - IP address of the server on which to install the Redis master server. +**CONFIG_REDIS_HOST** + IP address of the server on which to install the Redis server. **CONFIG_REDIS_PORT** - Port on which the Redis server(s) listens. + Port on which the Redis server listens. -**CONFIG_REDIS_HA** - Specify 'y' to have Redis try to use HA. ['y', 'n'] - -**CONFIG_REDIS_SLAVE_HOSTS** - Hosts on which to install Redis slaves. - -**CONFIG_REDIS_SENTINEL_HOSTS** - Hosts on which to install Redis sentinel servers. - -**CONFIG_REDIS_SENTINEL_CONTACT_HOST** - Host to configure as the Redis coordination sentinel. - -**CONFIG_REDIS_SENTINEL_PORT** - Port on which Redis sentinel servers listen. - -**CONFIG_REDIS_SENTINEL_QUORUM** - Quorum value for Redis sentinel servers. - -**CONFIG_REDIS_MASTER_NAME** - Name of the master server watched by the Redis sentinel. ['[a-z]+'] Aodh Config parameters ---------------------- diff --git a/packstack/modules/ospluginutils.py b/packstack/modules/ospluginutils.py index dcaccda6e..cd8a33d36 100644 --- a/packstack/modules/ospluginutils.py +++ b/packstack/modules/ospluginutils.py @@ -33,7 +33,6 @@ class ManifestFiles(object): def __init__(self): self.filelist = [] self.data = {} - self.global_data = None # continuous manifest file that have the same marker can be # installed in parallel, if on different servers @@ -61,15 +60,12 @@ class ManifestFiles(object): Write out the manifest data to disk, this should only be called once write before the puppet manifests are copied to the various servers """ - if not self.global_data: - with open(os.path.join(PUPPET_TEMPLATE_DIR, "global.pp")) as gfp: - self.global_data = gfp.read() % controller.CONF os.mkdir(basedefs.PUPPET_MANIFEST_DIR, 0o700) for fname, data in self.data.items(): path = os.path.join(basedefs.PUPPET_MANIFEST_DIR, fname) fd = os.open(path, os.O_WRONLY | os.O_CREAT | os.O_EXCL, 0o600) with os.fdopen(fd, 'w') as fp: - fp.write(self.global_data + data) + fp.write(data) manifestfiles = ManifestFiles() @@ -84,10 +80,6 @@ def appendManifestFile(manifest_name, data, marker=''): manifestfiles.addFile(manifest_name, marker, data) -def prependManifestFile(manifest_name, data, marker=''): - manifestfiles.prependFile(manifest_name, marker, data) - - def generateHieraDataFile(): os.mkdir(basedefs.HIERADATA_DIR, 0o700) with open(HIERA_COMMON_YAML, 'w') as outfile: @@ -97,11 +89,6 @@ def generateHieraDataFile(): os.symlink(os.path.basename(HIERA_COMMON_YAML), HIERA_DEFAULTS_YAML) -def createFirewallResources(hiera_key, default_value='{}'): - hiera_function = "hiera('%s', %s)" % (hiera_key, default_value) - return "create_resources(packstack::firewall, %s)\n\n" % hiera_function - - def generate_ssl_cert(config, host, service, ssl_key_file, ssl_cert_file): """ Wrapper on top of openssl diff --git a/packstack/modules/shortcuts.py b/packstack/modules/shortcuts.py deleted file mode 100644 index 5a3796ef9..000000000 --- a/packstack/modules/shortcuts.py +++ /dev/null @@ -1,5 +0,0 @@ -# -*- coding: utf-8 -*- - - -def get_mq(config, plugin): - return plugin + "_%s.pp" % config.get('CONFIG_AMQP_BACKEND') diff --git a/packstack/plugins/amqp_002.py b/packstack/plugins/amqp_002.py index bc822100b..206687c90 100644 --- a/packstack/plugins/amqp_002.py +++ b/packstack/plugins/amqp_002.py @@ -23,9 +23,6 @@ from packstack.installer import utils from packstack.modules.common import filtered_hosts from packstack.modules.documentation import update_params_usage -from packstack.modules.ospluginutils import appendManifestFile -from packstack.modules.ospluginutils import createFirewallResources -from packstack.modules.ospluginutils import getManifestTemplate from packstack.modules.ospluginutils import generate_ssl_cert # ------------- AMQP Packstack Plugin Initialization -------------- @@ -155,7 +152,7 @@ def initConfig(controller): def initSequences(controller): amqpsteps = [ - {'title': 'Adding AMQP manifest entries', + {'title': 'Preparing AMQP entries', 'functions': [create_manifest]} ] controller.addSequence("Installing AMQP", [], [], amqpsteps) @@ -188,9 +185,6 @@ def create_manifest(config, messages): config['CONFIG_AMQP_AUTH_PASSWORD'] = 'guest' config['CONFIG_AMQP_AUTH_USER'] = 'guest' - manifestfile = "%s_amqp.pp" % config['CONFIG_AMQP_HOST'] - manifestdata = getManifestTemplate('amqp') - if config['CONFIG_IP_VERSION'] == 'ipv6': config['CONFIG_AMQP_HOST_URL'] = "[%s]" % config['CONFIG_AMQP_HOST'] else: @@ -207,6 +201,3 @@ def create_manifest(config, messages): fw_details[key]['ports'] = ['5671', '5672'] fw_details[key]['proto'] = "tcp" config['FIREWALL_AMQP_RULES'] = fw_details - - manifestdata += createFirewallResources('FIREWALL_AMQP_RULES') - appendManifestFile(manifestfile, manifestdata, 'pre') diff --git a/packstack/plugins/aodh_810.py b/packstack/plugins/aodh_810.py index 2ccd39c22..caa863368 100644 --- a/packstack/plugins/aodh_810.py +++ b/packstack/plugins/aodh_810.py @@ -22,10 +22,6 @@ from packstack.installer import validators from packstack.installer import processors from packstack.modules.documentation import update_params_usage -from packstack.modules.shortcuts import get_mq -from packstack.modules.ospluginutils import appendManifestFile -from packstack.modules.ospluginutils import createFirewallResources -from packstack.modules.ospluginutils import getManifestTemplate from packstack.modules.ospluginutils import generate_ssl_cert # ------------- Aodh Packstack Plugin Initialization -------------- @@ -76,10 +72,8 @@ def initSequences(controller): controller.CONF['CONFIG_CEILOMETER_INSTALL'] != 'y'): return - steps = [{'title': 'Adding Aodh manifest entries', - 'functions': [create_manifest]}, - {'title': 'Adding Aodh Keystone manifest entries', - 'functions': [create_keystone_manifest]}] + steps = [{'title': 'Preparing Aodh entries', + 'functions': [create_manifest]}] controller.addSequence("Installing OpenStack Aodh", [], [], steps) @@ -87,11 +81,6 @@ def initSequences(controller): # -------------------------- step functions -------------------------- def create_manifest(config, messages): - manifestfile = "%s_aodh.pp" % config['CONFIG_CONTROLLER_HOST'] - manifestdata = getManifestTemplate(get_mq(config, "aodh")) - manifestdata += getManifestTemplate("aodh") - manifestdata += getManifestTemplate("apache_ports") - if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_cert_file = config['CONFIG_AODH_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_aodh.crt' @@ -113,11 +102,3 @@ def create_manifest(config, messages): fw_details[key]['ports'] = ['8042'] fw_details[key]['proto'] = "tcp" config['FIREWALL_AODH_RULES'] = fw_details - manifestdata += createFirewallResources('FIREWALL_AODH_RULES') - appendManifestFile(manifestfile, manifestdata, 'aodh') - - -def create_keystone_manifest(config, messages): - manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST'] - manifestdata = getManifestTemplate("keystone_aodh") - appendManifestFile(manifestfile, manifestdata) diff --git a/packstack/plugins/apache_060.py b/packstack/plugins/apache_060.py deleted file mode 100644 index c50f95ebd..000000000 --- a/packstack/plugins/apache_060.py +++ /dev/null @@ -1,47 +0,0 @@ -# -*- coding: utf-8 -*- -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -""" -Installs and configures Apache for all services using it -""" - -from packstack.installer import utils - -from packstack.modules.ospluginutils import appendManifestFile -from packstack.modules.ospluginutils import getManifestTemplate - -# ------------- Aodh Packstack Plugin Initialization -------------- - -PLUGIN_NAME = "OS-Apache" -PLUGIN_NAME_COLORED = utils.color_text(PLUGIN_NAME, 'blue') - - -def initConfig(controller): - # No config needed - return - - -def initSequences(controller): - steps = [{'title': 'Adding Apache manifest entries', - 'functions': [create_manifest]}] - controller.addSequence("Setting up Apache", [], [], - steps) - -# ------------------------- step functions ------------------------- - - -def create_manifest(config, messages): - manifestfile = "%s_apache.pp" % config['CONFIG_CONTROLLER_HOST'] - manifestdata = getManifestTemplate("apache") - appendManifestFile(manifestfile, manifestdata, 'apache') diff --git a/packstack/plugins/ceilometer_800.py b/packstack/plugins/ceilometer_800.py index 3a89f0cf5..b8ed3d714 100644 --- a/packstack/plugins/ceilometer_800.py +++ b/packstack/plugins/ceilometer_800.py @@ -22,13 +22,8 @@ from packstack.installer import basedefs from packstack.installer import utils from packstack.installer import validators from packstack.installer import processors -from packstack.installer.utils import split_hosts from packstack.modules.documentation import update_params_usage -from packstack.modules.shortcuts import get_mq -from packstack.modules.ospluginutils import appendManifestFile -from packstack.modules.ospluginutils import createFirewallResources -from packstack.modules.ospluginutils import getManifestTemplate from packstack.modules.ospluginutils import generate_ssl_cert # ------------- Ceilometer Packstack Plugin Initialization -------------- @@ -114,18 +109,18 @@ def initConfig(controller): "CONDITION": False}, ], "REDIS": [ - {"CMD_OPTION": "redis-master-host", - "PROMPT": "Enter the host for the Redis master server", + {"CMD_OPTION": "redis-host", + "PROMPT": "Enter the host for the Redis server", "OPTION_LIST": [], "VALIDATORS": [validators.validate_ssh], "DEFAULT_VALUE": utils.get_localhost_ip(), "MASK_INPUT": False, "LOOSE_VALIDATION": False, - "CONF_NAME": "CONFIG_REDIS_MASTER_HOST", + "CONF_NAME": "CONFIG_REDIS_HOST", "USE_DEFAULT": False, "NEED_CONFIRM": False, "CONDITION": False, - "DEPRECATES": ["CONFIG_REDIS_HOST"]}, + "DEPRECATES": ["CONFIG_REDIS_MASTER_HOST"]}, {"CMD_OPTION": "redis-port", "PROMPT": "Enter the port of the redis server(s)", "OPTION_LIST": [], @@ -137,87 +132,6 @@ def initConfig(controller): "USE_DEFAULT": False, "NEED_CONFIRM": False, "CONDITION": False}, - {"CMD_OPTION": "redis-ha", - "PROMPT": "Should redis try to use HA?", - "OPTION_LIST": ["y", "n"], - "VALIDATORS": [validators.validate_options], - "DEFAULT_VALUE": "n", - "MASK_INPUT": False, - "LOOSE_VALIDATION": False, - "CONF_NAME": "CONFIG_REDIS_HA", - "USE_DEFAULT": False, - "NEED_CONFIRM": False, - "CONDITION": False}, - {"CMD_OPTION": "redis-slaves", - "PROMPT": "Enter the host for the redis slave servers", - "OPTION_LIST": [], - "VALIDATORS": [validators.validate_multi_ssh], - "DEFAULT_VALUE": "", - "MASK_INPUT": False, - "LOOSE_VALIDATION": False, - "CONF_NAME": "CONFIG_REDIS_SLAVE_HOSTS", - "USE_DEFAULT": False, - "NEED_CONFIRM": False, - "CONDITION": False}, - {"CMD_OPTION": "redis-sentinels", - "PROMPT": "Enter the host for the redis sentinel servers", - "OPTION_LIST": [], - "VALIDATORS": [validators.validate_multi_ssh], - "DEFAULT_VALUE": "", - "MASK_INPUT": False, - "LOOSE_VALIDATION": False, - "CONF_NAME": "CONFIG_REDIS_SENTINEL_HOSTS", - "USE_DEFAULT": False, - "NEED_CONFIRM": False, - "CONDITION": False}, - {"CMD_OPTION": "redis-sentinel-contact", - "PROMPT": - "Enter the IP address of the coordination redis sentinel", - "OPTION_LIST": [], - "VALIDATORS": [validators.validate_ssh], - "DEFAULT_VALUE": "", - "MASK_INPUT": False, - "LOOSE_VALIDATION": False, - "CONF_NAME": "CONFIG_REDIS_SENTINEL_CONTACT_HOST", - "USE_DEFAULT": False, - "NEED_CONFIRM": False, - "CONDITION": False}, - {"CMD_OPTION": "redis-sentinel-port", - "PROMPT": ("Enter the port on which the redis sentinel servers" - " listen"), - "OPTION_LIST": [], - "VALIDATORS": [validators.validate_port], - "DEFAULT_VALUE": 26379, - "MASK_INPUT": False, - "LOOSE_VALIDATION": False, - "CONF_NAME": "CONFIG_REDIS_SENTINEL_PORT", - "USE_DEFAULT": False, - "NEED_CONFIRM": False, - "CONDITION": False}, - {"CMD_OPTION": "redis-sentinel-quorum", - "PROMPT": ( - "Enter the quorum value for the redis sentinel servers"), - "OPTION_LIST": [], - "VALIDATORS": [validators.validate_integer], - "DEFAULT_VALUE": 2, - "MASK_INPUT": False, - "LOOSE_VALIDATION": False, - "CONF_NAME": "CONFIG_REDIS_SENTINEL_QUORUM", - "USE_DEFAULT": False, - "NEED_CONFIRM": False, - "CONDITION": False}, - {"CMD_OPTION": "redis-sentinel-master-name", - "PROMPT": ( - "Enter the logical name of the master server"), - "OPTION_LIST": [r'[a-z]+'], - "VALIDATORS": [validators.validate_regexp], - "DEFAULT_VALUE": 'mymaster', - "MASK_INPUT": False, - "LOOSE_VALIDATION": False, - "CONF_NAME": "CONFIG_REDIS_MASTER_NAME", - "USE_DEFAULT": False, - "NEED_CONFIRM": False, - "CONDITION": False}, ], } update_params_usage(basedefs.PACKSTACK_DOC, ceilometer_params) @@ -253,14 +167,12 @@ def initSequences(controller): if controller.CONF['CONFIG_CEILOMETER_INSTALL'] != 'y': return - steps = [{'title': 'Adding MongoDB manifest entries', + steps = [{'title': 'Preparing MongoDB entries', 'functions': [create_mongodb_manifest]}, - {'title': 'Adding Redis manifest entries', + {'title': 'Preparing Redis entries', 'functions': [create_redis_manifest]}, - {'title': 'Adding Ceilometer manifest entries', - 'functions': [create_manifest]}, - {'title': 'Adding Ceilometer Keystone manifest entries', - 'functions': [create_keystone_manifest]}] + {'title': 'Preparing Ceilometer entries', + 'functions': [create_manifest]}] controller.addSequence("Installing OpenStack Ceilometer", [], [], steps) @@ -268,38 +180,6 @@ def initSequences(controller): # -------------------------- step functions -------------------------- def create_manifest(config, messages): - manifestfile = "%s_ceilometer.pp" % config['CONFIG_CONTROLLER_HOST'] - manifestdata = getManifestTemplate(get_mq(config, "ceilometer")) - manifestdata += getManifestTemplate("ceilometer") - if config['CONFIG_CEILOMETER_SERVICE_NAME'] == 'httpd': - manifestdata += getManifestTemplate("apache_ports") - - if config['CONFIG_CEILOMETER_COORDINATION_BACKEND'] == 'redis': - # Determine if we need to configure multiple sentinel hosts as - # fallbacks for use in coordination url. - sentinel_hosts = split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS']) - sentinel_port = config['CONFIG_REDIS_SENTINEL_PORT'] - sentinel_host = config['CONFIG_REDIS_SENTINEL_CONTACT_HOST'] - if config['CONFIG_IP_VERSION'] == 'ipv6': - config['CONFIG_REDIS_SENTINEL_CONTACT_HOST_URL'] = "[%s]" % ( - sentinel_host) - else: - config['CONFIG_REDIS_SENTINEL_CONTACT_HOST_URL'] = sentinel_host - - sentinel_contact = config['CONFIG_REDIS_SENTINEL_CONTACT_HOST'] - if len(sentinel_hosts) > 1: - sentinel_format = 'sentinel_fallback=%s:%s' - if config['CONFIG_IP_VERSION'] == 'ipv6': - sentinel_format = 'sentinel_fallback=[%s]:%s' - - sentinel_fallbacks = '&'.join([sentinel_format % - (host, sentinel_port) - for host in sentinel_hosts - if host != sentinel_contact]) - else: - sentinel_fallbacks = '' - config['CONFIG_REDIS_SENTINEL_FALLBACKS'] = sentinel_fallbacks - if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_cert_file = config['CONFIG_CEILOMETER_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_ceilometer.crt' @@ -321,13 +201,6 @@ def create_manifest(config, messages): fw_details[key]['ports'] = ['8777'] fw_details[key]['proto'] = "tcp" config['FIREWALL_CEILOMETER_RULES'] = fw_details - manifestdata += createFirewallResources('FIREWALL_CEILOMETER_RULES') - - # Add a template that creates a group for nova because the ceilometer - # class needs it - if config['CONFIG_NOVA_INSTALL'] == 'n': - manifestdata += getManifestTemplate("ceilometer_nova_disabled") - appendManifestFile(manifestfile, manifestdata, 'ceilometer') def create_mongodb_manifest(config, messages): @@ -336,8 +209,6 @@ def create_mongodb_manifest(config, messages): config['CONFIG_MONGODB_HOST_URL'] = "[%s]" % host else: config['CONFIG_MONGODB_HOST_URL'] = host - manifestfile = "%s_mongodb.pp" % config['CONFIG_MONGODB_HOST'] - manifestdata = getManifestTemplate("mongodb") fw_details = dict() key = "mongodb_server" @@ -349,70 +220,20 @@ def create_mongodb_manifest(config, messages): fw_details[key]['proto'] = "tcp" config['FIREWALL_MONGODB_RULES'] = fw_details - manifestdata += createFirewallResources('FIREWALL_MONGODB_RULES') - appendManifestFile(manifestfile, manifestdata, 'pre') - def create_redis_manifest(config, messages): if config['CONFIG_CEILOMETER_COORDINATION_BACKEND'] == 'redis': - redis_master_host = config['CONFIG_REDIS_MASTER_HOST'] + redis_host = config['CONFIG_REDIS_HOST'] if config['CONFIG_IP_VERSION'] == 'ipv6': - config['CONFIG_REDIS_MASTER_HOST_URL'] = "[%s]" % redis_master_host + config['CONFIG_REDIS_HOST_URL'] = "[%s]" % redis_host else: - config['CONFIG_REDIS_MASTER_HOST_URL'] = redis_master_host + config['CONFIG_REDIS_HOST_URL'] = redis_host # master - manifestfile = "%s_redis.pp" % config['CONFIG_REDIS_MASTER_HOST'] - manifestdata = getManifestTemplate("redis.pp") - - master_clients = set([config['CONFIG_CONTROLLER_HOST']]).union( - split_hosts(config['CONFIG_REDIS_SLAVE_HOSTS'])).union( - split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS'])) + master_clients = set([config['CONFIG_CONTROLLER_HOST']]) config['FIREWALL_REDIS_RULES'] = _create_redis_firewall_rules( master_clients, config['CONFIG_REDIS_PORT']) - manifestdata += createFirewallResources('FIREWALL_REDIS_RULES') - appendManifestFile(manifestfile, manifestdata, 'pre') - - # slaves - if config['CONFIG_REDIS_HA'] == 'y': - for slave in split_hosts(config['CONFIG_REDIS_SLAVE_HOSTS']): - config['CONFIG_REDIS_HOST'] = slave - manifestfile = "%s_redis_slave.pp" % slave - manifestdata = getManifestTemplate("redis_slave.pp") - - slave_clients = set([config['CONFIG_CONTROLLER_HOST']]).union( - split_hosts(config['CONFIG_REDIS_SLAVE_HOSTS'])).union( - split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS'])) - config['FIREWALL_REDIS_SLAVE_RULES'] = ( - _create_redis_firewall_rules( - slave_clients, config['CONFIG_REDIS_PORT'])) - - manifestdata += createFirewallResources( - 'FIREWALL_REDIS_SLAVE_RULES') - appendManifestFile(manifestfile, manifestdata, 'pre') - - # sentinels - if config['CONFIG_REDIS_HA'] == 'y': - for sentinel in split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS']): - manifestfile = "%s_redis_sentinel.pp" % sentinel - manifestdata = getManifestTemplate("redis_sentinel.pp") - - config['FIREWALL_SENTINEL_RULES'] = ( - _create_redis_firewall_rules( - split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS']), - config['CONFIG_REDIS_SENTINEL_PORT'])) - - manifestdata += createFirewallResources( - 'FIREWALL_SENTINEL_RULES') - appendManifestFile(manifestfile, manifestdata, 'pre') - - -def create_keystone_manifest(config, messages): - manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST'] - manifestdata = getManifestTemplate("keystone_ceilometer") - appendManifestFile(manifestfile, manifestdata) - # ------------------------- helper functions ------------------------- diff --git a/packstack/plugins/cinder_250.py b/packstack/plugins/cinder_250.py index 8239d4aef..673e86ce1 100644 --- a/packstack/plugins/cinder_250.py +++ b/packstack/plugins/cinder_250.py @@ -27,10 +27,6 @@ from packstack.installer.utils import split_hosts from packstack.installer import utils from packstack.modules.documentation import update_params_usage -from packstack.modules.shortcuts import get_mq -from packstack.modules.ospluginutils import appendManifestFile -from packstack.modules.ospluginutils import createFirewallResources -from packstack.modules.ospluginutils import getManifestTemplate from packstack.modules.ospluginutils import generate_ssl_cert # ------------------ Cinder Packstack Plugin initialization ------------------ @@ -601,10 +597,7 @@ def initSequences(controller): if key in config: config[key] = [i.strip() for i in config[key].split(',') if i] - cinder_steps = [ - {'title': 'Adding Cinder Keystone manifest entries', - 'functions': [create_keystone_manifest]} - ] + cinder_steps = [] if 'lvm' in config['CONFIG_CINDER_BACKEND']: cinder_steps.append( @@ -612,7 +605,7 @@ def initSequences(controller): 'functions': [check_cinder_vg]}) cinder_steps.append( - {'title': 'Adding Cinder manifest entries', + {'title': 'Preparing Cinder entries', 'functions': [create_manifest]} ) controller.addSequence("Installing OpenStack Cinder", [], [], cinder_steps) @@ -719,12 +712,6 @@ def check_cinder_vg(config, messages): config['CONFIG_CINDER_VOLUMES_SIZE'] = '%sM' % cinders_volume_size -def create_keystone_manifest(config, messages): - manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST'] - manifestdata = getManifestTemplate("keystone_cinder") - appendManifestFile(manifestfile, manifestdata) - - def create_manifest(config, messages): if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_host = config['CONFIG_STORAGE_HOST'] @@ -738,18 +725,6 @@ def create_manifest(config, messages): generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) - manifestdata = getManifestTemplate(get_mq(config, "cinder")) - manifestfile = "%s_cinder.pp" % config['CONFIG_STORAGE_HOST'] - manifestdata += getManifestTemplate("cinder") - - for backend in config['CONFIG_CINDER_BACKEND']: - manifestdata += getManifestTemplate('cinder_%s' % backend) - - if config['CONFIG_CEILOMETER_INSTALL'] == 'y': - manifestdata += getManifestTemplate('cinder_ceilometer') - if config['CONFIG_SWIFT_INSTALL'] == 'y': - manifestdata += getManifestTemplate('cinder_backup') - fw_details = dict() for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']): if (config['CONFIG_NOVA_INSTALL'] == 'y' and @@ -768,7 +743,6 @@ def create_manifest(config, messages): fw_details[key]['proto'] = "tcp" config['FIREWALL_CINDER_RULES'] = fw_details - manifestdata += createFirewallResources('FIREWALL_CINDER_RULES') # cinder API should be open for everyone fw_details = dict() @@ -780,6 +754,3 @@ def create_manifest(config, messages): fw_details[key]['ports'] = ['8776'] fw_details[key]['proto'] = "tcp" config['FIREWALL_CINDER_API_RULES'] = fw_details - manifestdata += createFirewallResources('FIREWALL_CINDER_API_RULES') - - appendManifestFile(manifestfile, manifestdata) diff --git a/packstack/plugins/dashboard_500.py b/packstack/plugins/dashboard_500.py index 6cdcc7633..c85722ad4 100644 --- a/packstack/plugins/dashboard_500.py +++ b/packstack/plugins/dashboard_500.py @@ -25,8 +25,6 @@ from packstack.installer import utils from packstack.installer import validators from packstack.modules.documentation import update_params_usage -from packstack.modules.ospluginutils import appendManifestFile -from packstack.modules.ospluginutils import getManifestTemplate from packstack.modules.ospluginutils import generate_ssl_cert from packstack.modules.ospluginutils import deliver_ssl_file @@ -131,7 +129,7 @@ def initSequences(controller): return steps = [ - {'title': 'Adding Horizon manifest entries', + {'title': 'Preparing Horizon entries', 'functions': [create_manifest]} ] controller.addSequence("Installing OpenStack Horizon", [], [], steps) @@ -141,7 +139,6 @@ def initSequences(controller): def create_manifest(config, messages): horizon_host = config['CONFIG_CONTROLLER_HOST'] - manifestfile = "%s_horizon.pp" % horizon_host proto = "http" config["CONFIG_HORIZON_PORT"] = 80 @@ -207,10 +204,6 @@ def create_manifest(config, messages): if config["CONFIG_NEUTRON_VPNAAS"] == 'y': config["CONFIG_HORIZON_NEUTRON_VPN"] = True - manifestdata = getManifestTemplate("horizon") - manifestdata += getManifestTemplate("apache_ports") - appendManifestFile(manifestfile, manifestdata) - msg = ("To access the OpenStack Dashboard browse to %s://%s/dashboard .\n" "Please, find your login credentials stored in the keystonerc_admin" " in your home directory." diff --git a/packstack/plugins/glance_200.py b/packstack/plugins/glance_200.py index 95302fd10..2a9c69a05 100644 --- a/packstack/plugins/glance_200.py +++ b/packstack/plugins/glance_200.py @@ -22,10 +22,6 @@ from packstack.installer import processors from packstack.installer import utils from packstack.modules.documentation import update_params_usage -from packstack.modules.shortcuts import get_mq -from packstack.modules.ospluginutils import appendManifestFile -from packstack.modules.ospluginutils import createFirewallResources -from packstack.modules.ospluginutils import getManifestTemplate from packstack.modules.ospluginutils import generate_ssl_cert # ------------- Glance Packstack Plugin Initialization -------------- @@ -94,9 +90,7 @@ def initSequences(controller): return glancesteps = [ - {'title': 'Adding Glance Keystone manifest entries', - 'functions': [create_keystone_manifest]}, - {'title': 'Adding Glance manifest entries', + {'title': 'Preparing Glance entries', 'functions': [create_manifest]} ] controller.addSequence("Installing OpenStack Glance", [], [], glancesteps) @@ -112,12 +106,6 @@ def process_backend(value, param_name, config): # -------------------------- step functions -------------------------- -def create_keystone_manifest(config, messages): - manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST'] - manifestdata = getManifestTemplate("keystone_glance") - appendManifestFile(manifestfile, manifestdata) - - def create_manifest(config, messages): if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_host = config['CONFIG_STORAGE_HOST'] @@ -131,12 +119,6 @@ def create_manifest(config, messages): generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) - manifestfile = "%s_glance.pp" % config['CONFIG_STORAGE_HOST'] - manifestdata = getManifestTemplate("glance") - if config['CONFIG_CEILOMETER_INSTALL'] == 'y': - mq_template = get_mq(config, "glance_ceilometer") - manifestdata += getManifestTemplate(mq_template) - fw_details = dict() key = "glance_api" fw_details.setdefault(key, {}) @@ -146,10 +128,3 @@ def create_manifest(config, messages): fw_details[key]['ports'] = ['9292'] fw_details[key]['proto'] = "tcp" config['FIREWALL_GLANCE_RULES'] = fw_details - - # Set the backend - manifestdata += getManifestTemplate( - 'glance_%s.pp' % config['CONFIG_GLANCE_BACKEND']) - - manifestdata += createFirewallResources('FIREWALL_GLANCE_RULES') - appendManifestFile(manifestfile, manifestdata) diff --git a/packstack/plugins/gnocchi_790.py b/packstack/plugins/gnocchi_790.py index 201ebc97a..98c6f985f 100644 --- a/packstack/plugins/gnocchi_790.py +++ b/packstack/plugins/gnocchi_790.py @@ -22,9 +22,6 @@ from packstack.installer import validators from packstack.installer import processors from packstack.modules.documentation import update_params_usage -from packstack.modules.ospluginutils import appendManifestFile -from packstack.modules.ospluginutils import createFirewallResources -from packstack.modules.ospluginutils import getManifestTemplate # ------------- Gnocchi Packstack Plugin Initialization -------------- @@ -86,10 +83,8 @@ def initSequences(controller): controller.CONF['CONFIG_CEILOMETER_INSTALL'] != 'y'): return - steps = [{'title': 'Adding Gnocchi manifest entries', - 'functions': [create_manifest]}, - {'title': 'Adding Gnocchi Keystone manifest entries', - 'functions': [create_keystone_manifest]}] + steps = [{'title': 'Preparing Gnocchi entries', + 'functions': [create_manifest]}] controller.addSequence("Installing OpenStack Gnocchi", [], [], steps) @@ -97,10 +92,6 @@ def initSequences(controller): # -------------------------- step functions -------------------------- def create_manifest(config, messages): - manifestfile = "%s_gnocchi.pp" % config['CONFIG_CONTROLLER_HOST'] - manifestdata = getManifestTemplate("gnocchi") - manifestdata += getManifestTemplate("apache_ports") - fw_details = dict() key = "gnocchi_api" fw_details.setdefault(key, {}) @@ -110,11 +101,3 @@ def create_manifest(config, messages): fw_details[key]['ports'] = ['8041'] fw_details[key]['proto'] = "tcp" config['FIREWALL_GNOCCHI_RULES'] = fw_details - manifestdata += createFirewallResources('FIREWALL_GNOCCHI_RULES') - appendManifestFile(manifestfile, manifestdata, 'gnocchi') - - -def create_keystone_manifest(config, messages): - manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST'] - manifestdata = getManifestTemplate("keystone_gnocchi") - appendManifestFile(manifestfile, manifestdata) diff --git a/packstack/plugins/heat_650.py b/packstack/plugins/heat_650.py index cadfafa80..38990c2d8 100644 --- a/packstack/plugins/heat_650.py +++ b/packstack/plugins/heat_650.py @@ -24,10 +24,6 @@ from packstack.installer import validators from packstack.installer import processors from packstack.modules.documentation import update_params_usage -from packstack.modules.shortcuts import get_mq -from packstack.modules.ospluginutils import appendManifestFile -from packstack.modules.ospluginutils import createFirewallResources -from packstack.modules.ospluginutils import getManifestTemplate from packstack.modules.ospluginutils import generate_ssl_cert # ------------- Heat Packstack Plugin Initialization -------------- @@ -155,17 +151,17 @@ def initSequences(controller): if config['CONFIG_HEAT_INSTALL'] != 'y': return steps = [ - {'title': 'Adding Heat manifest entries', + {'title': 'Preparing Heat entries', 'functions': [create_manifest]}, ] if config.get('CONFIG_HEAT_CLOUDWATCH_INSTALL', 'n') == 'y': steps.append( - {'title': 'Adding Heat CloudWatch API manifest entries', + {'title': 'Preparing Heat CloudWatch API entries', 'functions': [create_cloudwatch_manifest]}) if config.get('CONFIG_HEAT_CFN_INSTALL', 'n') == 'y': steps.append( - {'title': 'Adding Heat CloudFormation API manifest entries', + {'title': 'Preparing Heat CloudFormation API entries', 'functions': [create_cfn_manifest]}) controller.addSequence("Installing Heat", [], [], steps) @@ -185,11 +181,6 @@ def create_manifest(config, messages): generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) - manifestfile = "%s_heat.pp" % config['CONFIG_CONTROLLER_HOST'] - manifestdata = getManifestTemplate(get_mq(config, "heat")) - manifestdata += getManifestTemplate("heat") - manifestdata += getManifestTemplate("keystone_heat") - fw_details = dict() key = "heat" fw_details.setdefault(key, {}) @@ -200,15 +191,8 @@ def create_manifest(config, messages): fw_details[key]['proto'] = "tcp" config['FIREWALL_HEAT_RULES'] = fw_details - manifestdata += createFirewallResources('FIREWALL_HEAT_RULES') - appendManifestFile(manifestfile, manifestdata, marker='heat') - def create_cloudwatch_manifest(config, messages): - manifestfile = "%s_heatcw.pp" % config['CONFIG_CONTROLLER_HOST'] - manifestdata = getManifestTemplate(get_mq(config, "heat")) - manifestdata += getManifestTemplate("heat_cloudwatch") - fw_details = dict() key = "heat_api_cloudwatch" fw_details.setdefault(key, {}) @@ -219,15 +203,8 @@ def create_cloudwatch_manifest(config, messages): fw_details[key]['proto'] = "tcp" config['FIREWALL_HEAT_CLOUDWATCH_RULES'] = fw_details - manifestdata += createFirewallResources('FIREWALL_HEAT_CLOUDWATCH_RULES') - appendManifestFile(manifestfile, manifestdata, marker='heat') - def create_cfn_manifest(config, messages): - manifestfile = "%s_heatcnf.pp" % config['CONFIG_CONTROLLER_HOST'] - manifestdata = getManifestTemplate(get_mq(config, "heat")) - manifestdata += getManifestTemplate("heat_cfn") - fw_details = dict() key = "heat_cfn" fw_details.setdefault(key, {}) @@ -237,6 +214,3 @@ def create_cfn_manifest(config, messages): fw_details[key]['ports'] = ['8000'] fw_details[key]['proto'] = "tcp" config['FIREWALL_HEAT_CFN_RULES'] = fw_details - - manifestdata += createFirewallResources('FIREWALL_HEAT_CFN_RULES') - appendManifestFile(manifestfile, manifestdata, marker='heat') diff --git a/packstack/plugins/ironic_275.py b/packstack/plugins/ironic_275.py index f8034f289..2d970e033 100644 --- a/packstack/plugins/ironic_275.py +++ b/packstack/plugins/ironic_275.py @@ -22,10 +22,6 @@ from packstack.installer import validators from packstack.installer import processors from packstack.modules.documentation import update_params_usage -from packstack.modules.shortcuts import get_mq -from packstack.modules.ospluginutils import appendManifestFile -from packstack.modules.ospluginutils import createFirewallResources -from packstack.modules.ospluginutils import getManifestTemplate from packstack.modules.ospluginutils import generate_ssl_cert # ------------------ Ironic Packstack Plugin initialization ------------------ @@ -78,9 +74,7 @@ def initSequences(controller): return steps = [ - {'title': 'Adding Ironic Keystone manifest entries', - 'functions': [create_keystone_manifest]}, - {'title': 'Adding Ironic manifest entries', + {'title': 'Preparing Ironic entries', 'functions': [create_manifest]}, ] @@ -103,10 +97,6 @@ def create_manifest(config, messages): generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) - manifestfile = "%s_ironic.pp" % config['CONFIG_CONTROLLER_HOST'] - manifestdata = getManifestTemplate(get_mq(config, "ironic")) - manifestdata += getManifestTemplate("ironic.pp") - fw_details = dict() key = "ironic-api" fw_details.setdefault(key, {}) @@ -116,15 +106,3 @@ def create_manifest(config, messages): fw_details[key]['ports'] = ['6385'] fw_details[key]['proto'] = "tcp" config['FIREWALL_IRONIC_API_RULES'] = fw_details - - manifestdata += createFirewallResources('FIREWALL_IRONIC_API_RULES') - appendManifestFile(manifestfile, manifestdata, 'pre') - - -def create_keystone_manifest(config, messages): - if config['CONFIG_UNSUPPORTED'] != 'y': - config['CONFIG_IRONIC_HOST'] = config['CONFIG_CONTROLLER_HOST'] - - manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST'] - manifestdata = getManifestTemplate("keystone_ironic.pp") - appendManifestFile(manifestfile, manifestdata) diff --git a/packstack/plugins/keystone_100.py b/packstack/plugins/keystone_100.py index 7ff18d683..30d603dcd 100644 --- a/packstack/plugins/keystone_100.py +++ b/packstack/plugins/keystone_100.py @@ -24,9 +24,6 @@ from packstack.installer import processors from packstack.installer import utils from packstack.modules.documentation import update_params_usage -from packstack.modules.ospluginutils import appendManifestFile -from packstack.modules.ospluginutils import createFirewallResources -from packstack.modules.ospluginutils import getManifestTemplate # ------------- Keystone Packstack Plugin Initialization -------------- @@ -718,7 +715,7 @@ def initSequences(controller): {'title': 'Fixing Keystone LDAP config parameters to be undef if empty', 'functions': [munge_ldap_config_params]}, - {'title': 'Adding Keystone manifest entries', + {'title': 'Preparing Keystone entries', 'functions': [create_manifest]}, ] controller.addSequence("Installing OpenStack Keystone", [], [], @@ -766,10 +763,6 @@ def munge_ldap_config_params(config, messages): def create_manifest(config, messages): - manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST'] - manifestdata = getManifestTemplate("keystone") - manifestdata += getManifestTemplate("apache_ports") - if config['CONFIG_IP_VERSION'] == 'ipv6': host = config['CONFIG_CONTROLLER_HOST'] config['CONFIG_KEYSTONE_HOST_URL'] = "[%s]" % host @@ -796,6 +789,3 @@ def create_manifest(config, messages): fw_details[key]['ports'] = ['5000', '35357'] fw_details[key]['proto'] = "tcp" config['FIREWALL_KEYSTONE_RULES'] = fw_details - - manifestdata += createFirewallResources('FIREWALL_KEYSTONE_RULES') - appendManifestFile(manifestfile, manifestdata) diff --git a/packstack/plugins/manila_355.py b/packstack/plugins/manila_355.py index 1fa4ded08..910f3a8d3 100644 --- a/packstack/plugins/manila_355.py +++ b/packstack/plugins/manila_355.py @@ -22,10 +22,6 @@ from packstack.installer import validators from packstack.installer import utils from packstack.modules.documentation import update_params_usage -from packstack.modules.shortcuts import get_mq -from packstack.modules.ospluginutils import getManifestTemplate -from packstack.modules.ospluginutils import appendManifestFile -from packstack.modules.ospluginutils import createFirewallResources from packstack.modules.ospluginutils import generate_ssl_cert # ------------- Manila Packstack Plugin Initialization -------------- @@ -554,9 +550,7 @@ def initSequences(controller): ) manila_steps = [ - {'title': 'Adding Manila Keystone manifest entries', - 'functions': [create_keystone_manifest]}, - {'title': 'Adding Manila manifest entries', + {'title': 'Preparing Manila entries', 'functions': [create_manifest]} ] @@ -604,15 +598,6 @@ def check_glusternfs_options(config): # -------------------------- step functions -------------------------- -def create_keystone_manifest(config, messages): - if config['CONFIG_UNSUPPORTED'] != 'y': - config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST'] - - manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST'] - manifestdata = getManifestTemplate("keystone_manila.pp") - appendManifestFile(manifestfile, manifestdata) - - def create_manifest(config, messages): if config['CONFIG_UNSUPPORTED'] != 'y': config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST'] @@ -639,15 +624,6 @@ def create_manifest(config, messages): elif config[key].lower() == "false": config[key] = False - manifestdata = getManifestTemplate(get_mq(config, "manila")) - manifestfile = "%s_manila.pp" % config['CONFIG_STORAGE_HOST'] - manifestdata += getManifestTemplate("manila.pp") - manifestdata += getManifestTemplate("manila_network.pp") - - backends = config['CONFIG_MANILA_BACKEND'] - for backend in backends: - manifestdata += getManifestTemplate('manila_%s.pp' % backend) - # manila API should be open for everyone fw_details = dict() key = "manila_api" @@ -658,6 +634,3 @@ def create_manifest(config, messages): fw_details[key]['ports'] = ['8786'] fw_details[key]['proto'] = "tcp" config['FIREWALL_MANILA_API_RULES'] = fw_details - manifestdata += createFirewallResources('FIREWALL_MANILA_API_RULES') - - appendManifestFile(manifestfile, manifestdata, marker='manila') diff --git a/packstack/plugins/mariadb_003.py b/packstack/plugins/mariadb_003.py index f681430e2..066d6584c 100644 --- a/packstack/plugins/mariadb_003.py +++ b/packstack/plugins/mariadb_003.py @@ -23,9 +23,6 @@ from packstack.installer import utils from packstack.modules.common import filtered_hosts from packstack.modules.documentation import update_params_usage -from packstack.modules.ospluginutils import appendManifestFile -from packstack.modules.ospluginutils import createFirewallResources -from packstack.modules.ospluginutils import getManifestTemplate # ------------- MariaDB Packstack Plugin Initialization -------------- @@ -89,7 +86,7 @@ def initConfig(controller): def initSequences(controller): mariadbsteps = [ - {'title': 'Adding MariaDB manifest entries', + {'title': 'Preparing MariaDB entries', 'functions': [create_manifest]} ] controller.addSequence("Installing MariaDB", [], [], mariadbsteps) @@ -99,10 +96,8 @@ def initSequences(controller): def create_manifest(config, messages): if config['CONFIG_MARIADB_INSTALL'] == 'y': - suffix = 'install' host = config['CONFIG_MARIADB_HOST'] else: - suffix = 'noinstall' host = config['CONFIG_CONTROLLER_HOST'] if config['CONFIG_IP_VERSION'] == 'ipv6': @@ -110,30 +105,8 @@ def create_manifest(config, messages): else: config['CONFIG_MARIADB_HOST_URL'] = host - manifestfile = "%s_mariadb.pp" % host - manifestdata = [getManifestTemplate('mariadb_%s' % suffix)] - - def append_for(module, suffix): - # Modules have to be appended to the existing mysql.pp - # otherwise pp will fail for some of them saying that - # Mysql::Config definition is missing. - template = "mariadb_%s_%s" % (module, suffix) - manifestdata.append(getManifestTemplate(template)) - - append_for("keystone", suffix) - for mod in ['nova', 'cinder', 'glance', 'neutron', 'heat', 'sahara', - 'trove', 'ironic', 'manila']: - if config['CONFIG_%s_INSTALL' % mod.upper()] == 'y': - append_for(mod, suffix) - - if (config['CONFIG_GNOCCHI_INSTALL'] == 'y' and - config['CONFIG_CEILOMETER_INSTALL'] == 'y'): - append_for('gnocchi', suffix) - - hosts = filtered_hosts(config, exclude=False, dbhost=True) - fw_details = dict() - for host in hosts: + for host in filtered_hosts(config, exclude=False, dbhost=True): key = "mariadb_%s" % host fw_details.setdefault(key, {}) fw_details[key]['host'] = "%s" % host @@ -142,6 +115,3 @@ def create_manifest(config, messages): fw_details[key]['ports'] = ['3306'] fw_details[key]['proto'] = "tcp" config['FIREWALL_MARIADB_RULES'] = fw_details - - manifestdata.append(createFirewallResources('FIREWALL_MARIADB_RULES')) - appendManifestFile(manifestfile, "\n".join(manifestdata), 'pre') diff --git a/packstack/plugins/nagios_910.py b/packstack/plugins/nagios_910.py index bac1fc654..d4cb774a5 100644 --- a/packstack/plugins/nagios_910.py +++ b/packstack/plugins/nagios_910.py @@ -23,9 +23,6 @@ from packstack.installer import utils from packstack.modules.documentation import update_params_usage from packstack.modules.common import filtered_hosts -from packstack.modules.ospluginutils import appendManifestFile -from packstack.modules.ospluginutils import createFirewallResources -from packstack.modules.ospluginutils import getManifestTemplate # ------------- Nagios Packstack Plugin Initialization -------------- @@ -63,9 +60,9 @@ def initSequences(controller): return nagiossteps = [ - {'title': 'Adding Nagios server manifest entries', + {'title': 'Preparing Nagios server entries', 'functions': [create_manifest]}, - {'title': 'Adding Nagios host manifest entries', + {'title': 'Preparing Nagios host entries', 'functions': [create_nrpe_manifests]} ] controller.addSequence("Installing Nagios", [], [], nagiossteps) @@ -92,17 +89,10 @@ def create_manifest(config, messages): config['CONFIG_NAGIOS_SERVICES'] = openstack_services - manifestfile = "%s_nagios.pp" % config['CONFIG_CONTROLLER_HOST'] - manifestdata = getManifestTemplate("nagios_server") - manifestdata += getManifestTemplate("apache_ports") - appendManifestFile(manifestfile, manifestdata) - def create_nrpe_manifests(config, messages): for hostname in filtered_hosts(config): config['CONFIG_NRPE_HOST'] = hostname - manifestfile = "%s_nagios_nrpe.pp" % hostname - manifestdata = getManifestTemplate("nagios_nrpe") # Only the Nagios host is allowed to talk to nrpe fw_details = dict() @@ -115,9 +105,6 @@ def create_nrpe_manifests(config, messages): fw_details[key]['proto'] = "tcp" config['FIREWALL_NAGIOS_NRPE_RULES'] = fw_details - manifestdata += createFirewallResources('FIREWALL_NAGIOS_NRPE_RULES') - appendManifestFile(manifestfile, manifestdata) - messages.append("To use Nagios, browse to " "http://%(CONFIG_CONTROLLER_HOST)s/nagios " "username: nagiosadmin, password: %(CONFIG_NAGIOS_PW)s" diff --git a/packstack/plugins/neutron_350.py b/packstack/plugins/neutron_350.py index 1e61a80d9..41125a712 100644 --- a/packstack/plugins/neutron_350.py +++ b/packstack/plugins/neutron_350.py @@ -25,10 +25,6 @@ from packstack.installer.utils import split_hosts from packstack.modules import common from packstack.modules.documentation import update_params_usage -from packstack.modules.shortcuts import get_mq -from packstack.modules.ospluginutils import appendManifestFile -from packstack.modules.ospluginutils import createFirewallResources -from packstack.modules.ospluginutils import getManifestTemplate from packstack.modules.ospluginutils import generate_ssl_cert # ------------- Neutron Packstack Plugin Initialization -------------- @@ -504,28 +500,18 @@ def initSequences(controller): config['CONFIG_NEUTRON_ML2_SRIOV_AGENT_REQUIRED'] = False neutron_steps = [ - {'title': 'Adding Neutron VPNaaS Agent manifest entries', - 'functions': [create_vpnaas_manifests]}, - {'title': 'Adding Neutron FWaaS Agent manifest entries', - 'functions': [create_fwaas_manifests]}, - {'title': 'Adding Neutron LBaaS Agent manifest entries', + {'title': 'Preparing Neutron LBaaS Agent entries', 'functions': [create_lbaas_manifests]}, - {'title': 'Adding Neutron API manifest entries', + {'title': 'Preparing Neutron API entries', 'functions': [create_manifests]}, - {'title': 'Adding Neutron Keystone manifest entries', - 'functions': [create_keystone_manifest]}, - {'title': 'Adding Neutron L3 manifest entries', + {'title': 'Preparing Neutron L3 entries', 'functions': [create_l3_manifests]}, - {'title': 'Adding Neutron L2 Agent manifest entries', + {'title': 'Preparing Neutron L2 Agent entries', 'functions': [create_l2_agent_manifests]}, - {'title': 'Adding Neutron DHCP Agent manifest entries', + {'title': 'Preparing Neutron DHCP Agent entries', 'functions': [create_dhcp_manifests]}, - {'title': 'Adding Neutron Metering Agent manifest entries', + {'title': 'Preparing Neutron Metering Agent entries', 'functions': [create_metering_agent_manifests]}, - {'title': 'Adding Neutron Metadata Agent manifest entries', - 'functions': [create_metadata_manifests]}, - {'title': 'Adding Neutron SR-IOV Switch Agent manifest entries', - 'functions': [create_sriovnicswitch_manifests]}, {'title': 'Checking if NetworkManager is enabled and running', 'functions': [check_nm_status]}, ] @@ -590,9 +576,8 @@ def get_values(val): return [x.strip() for x in val.split(',')] if val else [] -def tunnel_fw_details(config, host, src): +def tunnel_fw_details(config, host, src, fw_details): key = "neutron_tunnel_%s_%s" % (host, src) - fw_details = dict() fw_details.setdefault(key, {}) fw_details[key]['host'] = "%s" % src fw_details[key]['service_name'] = "neutron tunnel port" @@ -604,7 +589,6 @@ def tunnel_fw_details(config, host, src): fw_details[key]['proto'] = 'gre' tun_port = None fw_details[key]['ports'] = tun_port - return fw_details # -------------------------- step functions -------------------------- @@ -661,22 +645,7 @@ def create_manifests(config, messages): generate_ssl_cert(config, host, service, ssl_key_file, ssl_cert_file) - manifest_file = "%s_neutron.pp" % (host,) - manifest_data = getManifestTemplate("neutron") - manifest_data += getManifestTemplate(get_mq(config, "neutron")) - appendManifestFile(manifest_file, manifest_data, 'neutron') - if host in api_hosts: - manifest_file = "%s_neutron.pp" % (host,) - manifest_data = getManifestTemplate("neutron_api") - if config['CONFIG_NOVA_INSTALL'] == 'y': - template_name = "neutron_notifications" - manifest_data += getManifestTemplate(template_name) - - # Set up any l2 plugin configs we need only on neutron api nodes - # XXX I am not completely sure about this, but it seems necessary: - manifest_data += getManifestTemplate(plugin_manifest) - # Firewall fw_details = dict() key = "neutron_server_%s" % host @@ -688,33 +657,24 @@ def create_manifests(config, messages): fw_details[key]['proto'] = "tcp" config['FIREWALL_NEUTRON_SERVER_RULES'] = fw_details - manifest_data += createFirewallResources( - 'FIREWALL_NEUTRON_SERVER_RULES' - ) - appendManifestFile(manifest_file, manifest_data, 'neutron') - # We also need to open VXLAN/GRE port for agent - manifest_data = "" if use_openvswitch_vxlan(config) or use_openvswitch_gre(config): if config['CONFIG_IP_VERSION'] == 'ipv6': msg = output_messages.WARN_IPV6_OVS messages.append(utils.color_text(msg % host, 'red')) - + fw_details = dict() if (config['CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS']): tunnel_subnets = map( str.strip, config['CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS'].split(',') ) + cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s" % host) for subnet in tunnel_subnets: - cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s_%s" - % (host, subnet)) - config[cf_fw_nt_key] = tunnel_fw_details(config, - host, subnet) - manifest_data += createFirewallResources(cf_fw_nt_key) + tunnel_fw_details(config, host, subnet, fw_details) + config[cf_fw_nt_key] = fw_details else: + cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s" % host) for n_host in network_hosts | compute_hosts: - cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s_%s" - % (host, n_host)) if config['CONFIG_NEUTRON_OVS_TUNNEL_IF']: if config['CONFIG_USE_SUBNETS'] == 'y': iface = common.cidr_to_ifname( @@ -731,17 +691,8 @@ def create_manifests(config, messages): (iface, n_host)) else: src_host = n_host - config[cf_fw_nt_key] = tunnel_fw_details(config, - host, src_host) - manifest_data += createFirewallResources(cf_fw_nt_key) - - appendManifestFile(manifest_file, manifest_data, 'neutron') - - -def create_keystone_manifest(config, messages): - manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST'] - manifestdata = getManifestTemplate("keystone_neutron") - appendManifestFile(manifestfile, manifestdata) + tunnel_fw_details(config, host, src_host, fw_details) + config[cf_fw_nt_key] = fw_details def create_l3_manifests(config, messages): @@ -753,9 +704,6 @@ def create_l3_manifests(config, messages): for host in network_hosts: config['CONFIG_NEUTRON_L3_HOST'] = host config['CONFIG_NEUTRON_L3_INTERFACE_DRIVER'] = get_if_driver(config) - manifestdata = getManifestTemplate("neutron_l3") - manifestfile = "%s_neutron.pp" % (host,) - appendManifestFile(manifestfile, manifestdata + '\n') if config['CONFIG_NEUTRON_L2_AGENT'] == 'openvswitch': ext_bridge = config['CONFIG_NEUTRON_L3_EXT_BRIDGE'] @@ -764,8 +712,9 @@ def create_l3_manifests(config, messages): ext_bridge) if ext_bridge else None if (ext_bridge and not mapping): config['CONFIG_NEUTRON_OVS_BRIDGE'] = ext_bridge - manifestdata = getManifestTemplate('neutron_ovs_bridge') - appendManifestFile(manifestfile, manifestdata + '\n') + config['CONFIG_NEUTRON_OVS_BRIDGE_CREATE'] = 'y' + else: + config['CONFIG_NEUTRON_OVS_BRIDGE_CREATE'] = 'n' def create_dhcp_manifests(config, messages): @@ -774,11 +723,7 @@ def create_dhcp_manifests(config, messages): for host in network_hosts: config["CONFIG_NEUTRON_DHCP_HOST"] = host config['CONFIG_NEUTRON_DHCP_INTERFACE_DRIVER'] = get_if_driver(config) - if use_openvswitch_vxlan(config) or use_openvswitch_gre(config): - manifest_data = getManifestTemplate("neutron_dhcp_mtu") - else: - manifest_data = getManifestTemplate("neutron_dhcp") - manifest_file = "%s_neutron.pp" % (host,) + # Firewall Rules for dhcp in fw_details = dict() key = "neutron_dhcp_in_%s" % host @@ -789,9 +734,6 @@ def create_dhcp_manifests(config, messages): fw_details[key]['ports'] = ['67'] fw_details[key]['proto'] = "udp" config['FIREWALL_NEUTRON_DHCPIN_RULES'] = fw_details - manifest_data += createFirewallResources( - 'FIREWALL_NEUTRON_DHCPIN_RULES' - ) # Firewall Rules for dhcp out fw_details = dict() @@ -803,35 +745,6 @@ def create_dhcp_manifests(config, messages): fw_details[key]['ports'] = ['68'] fw_details[key]['proto'] = "udp" config['FIREWALL_NEUTRON_DHCPOUT_RULES'] = fw_details - manifest_data += createFirewallResources( - 'FIREWALL_NEUTRON_DHCPOUT_RULES' - ) - - appendManifestFile(manifest_file, manifest_data, 'neutron') - - -def create_fwaas_manifests(config, messages): - global network_hosts - - if not config['CONFIG_NEUTRON_FWAAS'] == 'y': - return - - for host in network_hosts: - manifestdata = getManifestTemplate("neutron_fwaas") - manifestfile = "%s_neutron.pp" % (host,) - appendManifestFile(manifestfile, manifestdata + "\n") - - -def create_vpnaas_manifests(config, messages): - global network_hosts - - if config['CONFIG_NEUTRON_VPNAAS'] != 'y': - return - - for host in network_hosts: - manifestdata = getManifestTemplate("neutron_vpnaas") - manifestfile = "%s_neutron.pp" % (host,) - appendManifestFile(manifestfile, manifestdata + "\n") def create_lbaas_manifests(config, messages): @@ -842,9 +755,6 @@ def create_lbaas_manifests(config, messages): for host in network_hosts: config['CONFIG_NEUTRON_LBAAS_INTERFACE_DRIVER'] = get_if_driver(config) - manifestdata = getManifestTemplate("neutron_lbaas") - manifestfile = "%s_neutron.pp" % (host,) - appendManifestFile(manifestfile, manifestdata + "\n") def create_metering_agent_manifests(config, messages): @@ -855,9 +765,6 @@ def create_metering_agent_manifests(config, messages): for host in network_hosts: config['CONFIG_NEUTRON_METERING_IFCE_DRIVER'] = get_if_driver(config) - manifestdata = getManifestTemplate("neutron_metering_agent") - manifestfile = "%s_neutron.pp" % (host,) - appendManifestFile(manifestfile, manifestdata + "\n") def create_l2_agent_manifests(config, messages): @@ -881,7 +788,6 @@ def create_l2_agent_manifests(config, messages): config["CONFIG_NEUTRON_OVS_TUNNELING"] = tunnel tunnel_types = set(ovs_type) & set(['gre', 'vxlan']) config["CONFIG_NEUTRON_OVS_TUNNEL_TYPES"] = list(tunnel_types) - template_name = "neutron_ovs_agent" bm_arr = get_values(config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"]) iface_arr = get_values(config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"]) @@ -910,7 +816,6 @@ def create_l2_agent_manifests(config, messages): elif agent == "linuxbridge": host_var = 'CONFIG_NEUTRON_LB_HOST' - template_name = 'neutron_lb_agent' else: raise KeyError("Unknown layer2 agent") @@ -918,8 +823,6 @@ def create_l2_agent_manifests(config, messages): no_tunnel_types = set(ovs_type) & set(['vlan', 'flat']) for host in network_hosts | compute_hosts: - manifestfile = "%s_neutron.pp" % (host,) - manifestdata = "$cfg_neutron_ovs_host = '%s'\n" % host # NICs connected to OVS bridges can be required in network nodes if # vlan, flat, vxlan or gre are enabled. For compute nodes, they are # only required if vlan or flat are enabled. @@ -937,40 +840,9 @@ def create_l2_agent_manifests(config, messages): ] config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES"] = iface_arr config["CONFIG_NEUTRON_OVS_BRIDGE_IFACES_COMPUTE"] = if_arr_cmp - manifestdata += "$create_bridges = true\n" + config['CREATE_BRIDGES'] = 'y' else: - manifestdata += "$create_bridges = false\n" - is_network_host = str(host in network_hosts).lower() - manifestdata += "$network_host = %s\n" % is_network_host - manifestdata += getManifestTemplate(template_name) - appendManifestFile(manifestfile, manifestdata + "\n") - # Additional configurations required for compute hosts and - # network hosts. - manifestdata = getManifestTemplate('neutron_bridge_module') - appendManifestFile(manifestfile, manifestdata + '\n') - - -def create_sriovnicswitch_manifests(config, messages): - global compute_hosts - - if not use_ml2_with_sriovnicswitch(config): - return - - for host in compute_hosts: - manifestdata = getManifestTemplate("neutron_sriov") - manifestfile = "%s_neutron.pp" % (host,) - appendManifestFile(manifestfile, manifestdata + "\n") - - -def create_metadata_manifests(config, messages): - global network_hosts - if config.get('CONFIG_NOVA_INSTALL') == 'n': - return - for host in network_hosts: - config['CONFIG_NEUTRON_METADATA_HOST'] = host - manifestdata = getManifestTemplate('neutron_metadata') - manifestfile = "%s_neutron.pp" % (host,) - appendManifestFile(manifestfile, manifestdata + "\n") + config['CREATE_BRIDGES'] = 'n' def check_nm_status(config, messages): diff --git a/packstack/plugins/nova_300.py b/packstack/plugins/nova_300.py index 47a8e678d..a1fafd351 100644 --- a/packstack/plugins/nova_300.py +++ b/packstack/plugins/nova_300.py @@ -27,15 +27,10 @@ from packstack.installer import utils from packstack.installer import validators from packstack.modules import common +from packstack.modules.common import filtered_hosts from packstack.modules.documentation import update_params_usage -from packstack.modules.shortcuts import get_mq -from packstack.modules.ospluginutils import appendManifestFile -from packstack.modules.ospluginutils import prependManifestFile -from packstack.modules.ospluginutils import createFirewallResources from packstack.modules.ospluginutils import deliver_ssl_file -from packstack.modules.ospluginutils import getManifestTemplate from packstack.modules.ospluginutils import generate_ssl_cert -from packstack.modules.ospluginutils import manifestfiles # ------------- Nova Packstack Plugin Initialization -------------- @@ -392,35 +387,29 @@ def initSequences(controller): return if controller.CONF['CONFIG_NEUTRON_INSTALL'] == 'y': - network_title = ('Adding OpenStack Network-related ' - 'Nova manifest entries') + network_title = ('Preparing OpenStack Network-related ' + 'Nova entries') network_function = create_neutron_manifest else: - network_title = 'Adding Nova Network manifest entries' + network_title = 'Preparing Nova Network entries' network_function = create_network_manifest novaapisteps = [ - {'title': 'Adding Nova API manifest entries', + {'title': 'Preparing Nova API entries', 'functions': [create_api_manifest]}, - {'title': 'Adding Nova Keystone manifest entries', - 'functions': [create_keystone_manifest]}, - {'title': 'Adding Nova Cert manifest entries', - 'functions': [create_cert_manifest]}, - {'title': 'Adding Nova Conductor manifest entries', - 'functions': [create_conductor_manifest]}, {'title': 'Creating ssh keys for Nova migration', 'functions': [create_ssh_keys]}, {'title': 'Gathering ssh host keys for Nova migration', 'functions': [gather_host_keys]}, - {'title': 'Adding Nova Compute manifest entries', + {'title': 'Preparing Nova Compute entries', 'functions': [create_compute_manifest]}, - {'title': 'Adding Nova Scheduler manifest entries', + {'title': 'Preparing Nova Scheduler entries', 'functions': [create_sched_manifest]}, - {'title': 'Adding Nova VNC Proxy manifest entries', + {'title': 'Preparing Nova VNC Proxy entries', 'functions': [create_vncproxy_manifest]}, {'title': network_title, 'functions': [network_function]}, - {'title': 'Adding Nova Common manifest entries', + {'title': 'Preparing Nova Common entries', 'functions': [create_common_manifest]}, ] @@ -540,8 +529,6 @@ def create_api_manifest(config, messages): config['CONFIG_NEUTRON_METADATA_PW_UNQUOTED'] = None else: config['CONFIG_NEUTRON_METADATA_PW_UNQUOTED'] = "%s" % config['CONFIG_NEUTRON_METADATA_PW'] - manifestfile = "%s_api_nova.pp" % config['CONFIG_CONTROLLER_HOST'] - manifestdata = getManifestTemplate("nova_api") fw_details = dict() key = "nova_api" @@ -552,27 +539,6 @@ def create_api_manifest(config, messages): fw_details[key]['ports'] = ['8773', '8774', '8775'] fw_details[key]['proto'] = "tcp" config['FIREWALL_NOVA_API_RULES'] = fw_details - manifestdata += createFirewallResources('FIREWALL_NOVA_API_RULES') - - appendManifestFile(manifestfile, manifestdata, 'novaapi') - - -def create_keystone_manifest(config, messages): - manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST'] - manifestdata = getManifestTemplate("keystone_nova") - appendManifestFile(manifestfile, manifestdata) - - -def create_cert_manifest(config, messages): - manifestfile = "%s_nova.pp" % config['CONFIG_CONTROLLER_HOST'] - manifestdata = getManifestTemplate("nova_cert") - appendManifestFile(manifestfile, manifestdata) - - -def create_conductor_manifest(config, messages): - manifestfile = "%s_nova.pp" % config['CONFIG_CONTROLLER_HOST'] - manifestdata = getManifestTemplate("nova_conductor") - appendManifestFile(manifestfile, manifestdata) def create_compute_manifest(config, messages): @@ -594,8 +560,6 @@ def create_compute_manifest(config, messages): 'qemu+tcp://nova@%s/system' ) - ssh_hostkeys = '' - ssh_keys_details = {} for host in compute_hosts: try: @@ -617,7 +581,6 @@ def create_compute_manifest(config, messages): ssh_keys_details[key]['type'] = host_key_type config['SSH_KEYS'] = ssh_keys_details - ssh_hostkeys += getManifestTemplate("sshkey") if config['CONFIG_VMWARE_BACKEND'] == 'y': vcenters = [i.strip() for i in @@ -637,14 +600,13 @@ def create_compute_manifest(config, messages): else: vcenters = len(compute_hosts) * [vcenters[0]] vmware_clusters = dict(zip(compute_hosts, vcenters)) + config['CONFIG_VCENTER_CLUSTERS'] = vmware_clusters for host in compute_hosts: if config['CONFIG_IRONIC_INSTALL'] == 'y': cm = 'ironic.nova.compute.manager.ClusteredComputeManager' config['CONFIG_NOVA_COMPUTE_MANAGER'] = cm - manifestdata = getManifestTemplate("nova_compute") - fw_details = dict() cf_fw_qemu_mig_key = "FIREWALL_NOVA_QEMU_MIG_RULES_%s" % host for c_host in compute_hosts: @@ -657,31 +619,8 @@ def create_compute_manifest(config, messages): fw_details[key]['proto'] = "tcp" config[cf_fw_qemu_mig_key] = fw_details - manifestdata += createFirewallResources(cf_fw_qemu_mig_key) - - if config['CONFIG_VMWARE_BACKEND'] == 'y': - manifestdata += ("\n$nova_vcenter_cluster_name = '%s'\n" % - vmware_clusters[host]) - manifestdata += getManifestTemplate("nova_compute_vmware.pp") - elif config['CONFIG_IRONIC_INSTALL'] == 'y': - manifestdata += getManifestTemplate("nova_compute_ironic.pp") - else: - manifestdata += getManifestTemplate("nova_compute_libvirt.pp") - - if (config['CONFIG_VMWARE_BACKEND'] != 'y' and - config['CONFIG_CINDER_INSTALL'] == 'y' and - 'gluster' in config['CONFIG_CINDER_BACKEND']): - manifestdata += getManifestTemplate("nova_gluster") - if (config['CONFIG_VMWARE_BACKEND'] != 'y' and - config['CONFIG_CINDER_INSTALL'] == 'y' and - 'nfs' in config['CONFIG_CINDER_BACKEND']): - manifestdata += getManifestTemplate("nova_nfs") - manifestfile = "%s_nova.pp" % host if config['CONFIG_NEUTRON_INSTALL'] != 'y': - if host not in network_hosts: - manifestdata += getManifestTemplate('nova_compute_flat') - key = 'CONFIG_NOVA_COMPUTE_PRIVIF' if not config[key].strip(): config[key] = dummy_interface(host) @@ -711,10 +650,6 @@ def create_compute_manifest(config, messages): generate_ssl_cert(config, host, service, ssl_key_file, ssl_cert_file) - mq_template = get_mq(config, "nova_ceilometer") - manifestdata += getManifestTemplate(mq_template) - manifestdata += getManifestTemplate("nova_ceilometer") - fw_details = dict() key = "nova_compute" fw_details.setdefault(key, {}) @@ -725,12 +660,6 @@ def create_compute_manifest(config, messages): fw_details[key]['proto'] = "tcp" config['FIREWALL_NOVA_COMPUTE_RULES'] = fw_details - manifestdata += "\n" + createFirewallResources( - 'FIREWALL_NOVA_COMPUTE_RULES' - ) - manifestdata += "\n" + ssh_hostkeys - appendManifestFile(manifestfile, manifestdata) - def create_network_manifest(config, messages): global compute_hosts, network_hosts @@ -768,28 +697,11 @@ def create_network_manifest(config, messages): net_size = 2 ** (32 - int(routing_prefix)) config['CONFIG_NOVA_NETWORK_FIXEDSIZE'] = str(net_size) - manifestfile = "%s_nova.pp" % host - manifestdata = getManifestTemplate("nova_network") - # Restart libvirt if we deploy nova network on compute - if host in compute_hosts: - manifestdata += getManifestTemplate("nova_network_libvirt") - - # in multihost mode each compute host runs nova-api-metadata - if multihost and host != api_host and host in compute_hosts: - manifestdata += getManifestTemplate("nova_metadata") - appendManifestFile(manifestfile, manifestdata) - def create_sched_manifest(config, messages): - manifestfile = "%s_nova.pp" % config['CONFIG_CONTROLLER_HOST'] if config['CONFIG_IRONIC_INSTALL'] == 'y': - manifestdata = getManifestTemplate("nova_sched_ironic.pp") ram_alloc = '1.0' config['CONFIG_NOVA_SCHED_RAM_ALLOC_RATIO'] = ram_alloc - manifestdata += getManifestTemplate("nova_sched.pp") - else: - manifestdata = getManifestTemplate("nova_sched.pp") - appendManifestFile(manifestfile, manifestdata) def create_vncproxy_manifest(config, messages): @@ -820,10 +732,6 @@ def create_vncproxy_manifest(config, messages): generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) - manifestfile = "%s_nova.pp" % config['CONFIG_CONTROLLER_HOST'] - manifestdata = getManifestTemplate("nova_vncproxy") - appendManifestFile(manifestfile, manifestdata) - def create_common_manifest(config, messages): global compute_hosts, network_hosts @@ -834,45 +742,34 @@ def create_common_manifest(config, messages): dbacces_hosts = set([config.get('CONFIG_CONTROLLER_HOST')]) dbacces_hosts |= network_hosts - for manifestfile, marker in manifestfiles.getFiles(): + for host in filtered_hosts(config): pw_in_sqlconn = False - if manifestfile.endswith("_nova.pp"): - host, manifest = manifestfile.split('_', 1) - host = host.strip() + host = host.strip() - if host in compute_hosts and host not in dbacces_hosts: - # we should omit password in case we are installing only - # nova-compute to the host - perms = "nova" - pw_in_sqlconn = False - else: - perms = "nova:%s" % config['CONFIG_NOVA_DB_PW'] - pw_in_sqlconn = True + if host in compute_hosts and host not in dbacces_hosts: + # we should omit password in case we are installing only + # nova-compute to the host + perms = "nova" + pw_in_sqlconn = False + else: + perms = "nova:%s" % config['CONFIG_NOVA_DB_PW'] + pw_in_sqlconn = True - mariadb_host_url = config['CONFIG_MARIADB_HOST_URL'] - sqlconn = "mysql+pymysql://%s@%s/nova" % (perms, mariadb_host_url) - if pw_in_sqlconn: - config['CONFIG_NOVA_SQL_CONN_PW'] = sqlconn - else: - config['CONFIG_NOVA_SQL_CONN_NOPW'] = sqlconn + mariadb_host_url = config['CONFIG_MARIADB_HOST_URL'] + sqlconn = "mysql+pymysql://%s@%s/nova" % (perms, mariadb_host_url) + if pw_in_sqlconn: + config['CONFIG_NOVA_SQL_CONN_PW'] = sqlconn + else: + config['CONFIG_NOVA_SQL_CONN_NOPW'] = sqlconn - # for nova-network in multihost mode each compute host is metadata - # host otherwise we use api host - if (network_type == 'nova' and network_multi and - host in compute_hosts): - metadata = host - else: - metadata = config['CONFIG_CONTROLLER_HOST'] - config['CONFIG_NOVA_METADATA_HOST'] = metadata - - data = getManifestTemplate(get_mq(config, "nova_common")) - if pw_in_sqlconn: - data += getManifestTemplate("nova_common_pw") - else: - data += getManifestTemplate("nova_common_nopw") - # We need to have class nova before class nova::api, so prepend - # instead of append - prependManifestFile(os.path.split(manifestfile)[1], data) + # for nova-network in multihost mode each compute host is metadata + # host otherwise we use api host + if (network_type == 'nova' and network_multi and + host in compute_hosts): + metadata = host + else: + metadata = config['CONFIG_CONTROLLER_HOST'] + config['CONFIG_NOVA_METADATA_HOST'] = metadata if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': nova_hosts = compute_hosts @@ -899,8 +796,3 @@ def create_neutron_manifest(config, messages): else: virt_driver = 'nova.virt.libvirt.vif.LibvirtGenericVIFDriver' config['CONFIG_NOVA_LIBVIRT_VIF_DRIVER'] = virt_driver - - for manifestfile, marker in manifestfiles.getFiles(): - if manifestfile.endswith("_nova.pp"): - data = getManifestTemplate("nova_neutron") - appendManifestFile(os.path.split(manifestfile)[1], data) diff --git a/packstack/plugins/openstack_client_400.py b/packstack/plugins/openstack_client_400.py index f3c966ca6..9795c61af 100644 --- a/packstack/plugins/openstack_client_400.py +++ b/packstack/plugins/openstack_client_400.py @@ -20,9 +20,6 @@ import os from packstack.installer import utils -from packstack.modules.ospluginutils import appendManifestFile -from packstack.modules.ospluginutils import getManifestTemplate - # ------------- OpenStack Client Packstack Plugin Initialization -------------- PLUGIN_NAME = "OS-Client" @@ -44,7 +41,7 @@ def initSequences(controller): return osclientsteps = [ - {'title': 'Adding OpenStack Client manifest entries', + {'title': 'Preparing OpenStack Client entries', 'functions': [create_manifest]} ] controller.addSequence("Installing OpenStack Client", [], [], @@ -55,7 +52,6 @@ def initSequences(controller): def create_manifest(config, messages): client_host = config['CONFIG_CONTROLLER_HOST'].strip() - manifestfile = "%s_osclient.pp" % client_host server = utils.ScriptRunner(client_host) server.append('echo $HOME') @@ -72,9 +68,6 @@ def create_manifest(config, messages): root_home != homedir) config['NO_ROOT_USER_ALLINONE'] = no_root_allinone and True or False - manifestdata = getManifestTemplate("openstack_client") - appendManifestFile(manifestfile, manifestdata) - msg = ("File %s/keystonerc_admin has been created on OpenStack client host" " %s. To use the command line tools you need to source the file.") messages.append(msg % (root_home, client_host)) diff --git a/packstack/plugins/prescript_000.py b/packstack/plugins/prescript_000.py index dcee4fd9f..44593a028 100644 --- a/packstack/plugins/prescript_000.py +++ b/packstack/plugins/prescript_000.py @@ -33,8 +33,6 @@ from packstack.installer import validators from packstack.modules.common import filtered_hosts from packstack.modules.common import is_all_in_one from packstack.modules.documentation import update_params_usage -from packstack.modules.ospluginutils import appendManifestFile -from packstack.modules.ospluginutils import getManifestTemplate # ------------- Prescript Packstack Plugin Initialization -------------- @@ -946,7 +944,7 @@ def initSequences(controller): 'functions': [server_prep]}, {'title': 'Pre installing Puppet and discovering hosts\' details', 'functions': [preinstall_and_discover]}, - {'title': 'Adding pre install manifest entries', + {'title': 'Preparing pre-install entries', 'functions': [create_manifest]}, ] @@ -1458,11 +1456,6 @@ def create_manifest(config, messages): else: config['CONFIG_STORAGE_HOST_URL'] = config['CONFIG_STORAGE_HOST'] - for hostname in filtered_hosts(config): - manifestfile = "%s_prescript.pp" % hostname - manifestdata = getManifestTemplate("prescript") - appendManifestFile(manifestfile, manifestdata) - def create_ntp_manifest(config, messages): srvlist = [i.strip() @@ -1472,23 +1465,3 @@ def create_ntp_manifest(config, messages): definiton = '\n'.join(['server %s' % i for i in srvlist]) config['CONFIG_NTP_SERVER_DEF'] = '%s\n' % definiton - - marker = uuid.uuid4().hex[:16] - - for hostname in filtered_hosts(config): - hostnfo = config['HOST_DETAILS'][hostname] - releaseos = hostnfo['operatingsystem'] - releasever = hostnfo['operatingsystemmajrelease'] - - # Configure chrony for Fedora or RHEL/CentOS 7 - if releaseos == 'Fedora' or releasever == '7': - manifestdata = getManifestTemplate('chrony') - appendManifestFile('%s_chrony.pp' % hostname, - manifestdata, - marker=marker) - # For previous versions, configure ntpd - else: - manifestdata = getManifestTemplate('ntpd') - appendManifestFile('%s_ntpd.pp' % hostname, - manifestdata, - marker=marker) diff --git a/packstack/plugins/provision_700.py b/packstack/plugins/provision_700.py index be56562db..b0ad018ab 100644 --- a/packstack/plugins/provision_700.py +++ b/packstack/plugins/provision_700.py @@ -22,8 +22,6 @@ from packstack.installer import validators from packstack.installer import processors from packstack.modules.documentation import update_params_usage -from packstack.modules.ospluginutils import appendManifestFile -from packstack.modules.ospluginutils import getManifestTemplate # ------------- Provision Packstack Plugin Initialization -------------- @@ -381,58 +379,3 @@ def initConfig(controller): def initSequences(controller): config = controller.CONF - - if (config['CONFIG_PROVISION_DEMO'] != "y" and - config['CONFIG_PROVISION_TEMPEST'] != "y"): - return - - provision_steps = [ - {'title': 'Adding Provisioning manifest entries', - 'functions': [create_provision_manifest]}, - {'title': 'Adding Provisioning Glance manifest entries', - 'functions': [create_storage_manifest]}, - ] - if (config['CONFIG_PROVISION_TEMPEST'] == "y" or - config['CONFIG_PROVISION_DEMO'] == "y"): - provision_steps.append( - {'title': 'Adding Provisioning Demo bridge manifest entries', - 'functions': [create_bridge_manifest]} - ) - if config['CONFIG_PROVISION_TEMPEST'] == "y": - provision_steps.append( - {'title': 'Adding Provisioning Tempest manifest entries', - 'functions': [create_tempest_manifest]} - ) - - controller.addSequence("Provisioning for Demo and Testing Usage", - [], [], provision_steps) - - -# -------------------------- step functions -------------------------- - -def create_provision_manifest(config, messages): - manifest_file = '%s_provision.pp' % config['CONFIG_CONTROLLER_HOST'] - manifest_data = getManifestTemplate("provision") - appendManifestFile(manifest_file, manifest_data, 'provision') - - -def create_bridge_manifest(config, messages): - for host in utils.split_hosts(config['CONFIG_NETWORK_HOSTS']): - manifest_file = '{}_provision_bridge.pp'.format(host) - manifest_data = getManifestTemplate("provision_bridge") - appendManifestFile(manifest_file, manifest_data, 'bridge') - - -def create_storage_manifest(config, messages): - if config['CONFIG_GLANCE_INSTALL'] == 'y': - template = "provision_glance" - manifest_file = '%s_provision_glance' % config['CONFIG_STORAGE_HOST'] - manifest_data = getManifestTemplate(template) - appendManifestFile(manifest_file, manifest_data, 'provision') - - -def create_tempest_manifest(config, messages): - manifest_file = ('%s_provision_tempest.pp' % - config['CONFIG_TEMPEST_HOST']) - manifest_data = getManifestTemplate("provision_tempest") - appendManifestFile(manifest_file, manifest_data, 'tempest') diff --git a/packstack/plugins/puppet_950.py b/packstack/plugins/puppet_950.py index 23962e1c8..fe54c18c2 100644 --- a/packstack/plugins/puppet_950.py +++ b/packstack/plugins/puppet_950.py @@ -25,9 +25,12 @@ from packstack.installer import utils from packstack.installer import basedefs from packstack.installer.exceptions import PuppetError from packstack.installer.exceptions import ScriptRuntimeError +from packstack.installer.utils import split_hosts from packstack.modules.common import filtered_hosts +from packstack.modules.ospluginutils import appendManifestFile from packstack.modules.ospluginutils import generateHieraDataFile +from packstack.modules.ospluginutils import getManifestTemplate from packstack.modules.ospluginutils import manifestfiles from packstack.modules.puppet import validate_logfile from packstack.modules.puppet import scan_logfile @@ -61,6 +64,8 @@ def initSequences(controller): controller.insertSequence("Clean Up", [], [], puppetpresteps, index=0) puppetsteps = [ + {'title': 'Preparing Puppet manifests', + 'functions': [prepare_puppet_modules]}, {'title': 'Copying Puppet modules and manifests', 'functions': [copy_puppet_modules]}, {'title': 'Applying Puppet manifests', @@ -237,10 +242,29 @@ def apply_puppet_manifest(config, messages): server.append(cmd) server.execute(log=logcmd) - # wait for outstanding puppet runs befor exiting + # wait for outstanding puppet runs before exiting wait_for_puppet(currently_running, messages) +def prepare_puppet_modules(config, messages): + network_hosts = split_hosts(config['CONFIG_NETWORK_HOSTS']) + compute_hosts = split_hosts(config['CONFIG_COMPUTE_HOSTS']) + + manifestdata = getManifestTemplate("controller") + manifestfile = "%s_controller.pp" % config['CONFIG_CONTROLLER_HOST'] + appendManifestFile(manifestfile, manifestdata, marker='controller') + + for host in network_hosts: + manifestdata = getManifestTemplate("network") + manifestfile = "%s_network.pp" % host + appendManifestFile(manifestfile, manifestdata, marker='network') + + for host in compute_hosts: + manifestdata = getManifestTemplate("compute") + manifestfile = "%s_compute.pp" % host + appendManifestFile(manifestfile, manifestdata, marker='compute') + + def finalize(config, messages): for hostname in filtered_hosts(config): server = utils.ScriptRunner(hostname) diff --git a/packstack/plugins/sahara_900.py b/packstack/plugins/sahara_900.py index aa1e1b4b1..6efc3dc2d 100644 --- a/packstack/plugins/sahara_900.py +++ b/packstack/plugins/sahara_900.py @@ -22,10 +22,6 @@ from packstack.installer import validators from packstack.installer import processors from packstack.modules.documentation import update_params_usage -from packstack.modules.shortcuts import get_mq -from packstack.modules.ospluginutils import appendManifestFile -from packstack.modules.ospluginutils import createFirewallResources -from packstack.modules.ospluginutils import getManifestTemplate from packstack.modules.ospluginutils import generate_ssl_cert # ------------------ Sahara installer initialization ------------------ @@ -78,25 +74,17 @@ def initSequences(controller): return saharasteps = [ - {"title": "Adding Sahara Keystone manifest entries", - "functions": [create_keystone_manifest]}, - {"title": "Adding Sahara manifest entries", + {"title": "Preparing Sahara entries", "functions": [create_manifest]}, ] controller.addSequence("Installing Sahara", [], [], saharasteps) + # -------------------------- step functions -------------------------- - - -def create_keystone_manifest(config, messages): +def create_manifest(config, messages): if config['CONFIG_UNSUPPORTED'] != 'y': config['CONFIG_SAHARA_HOST'] = config['CONFIG_CONTROLLER_HOST'] - manifestfile = "%s_keystone.pp" % config['CONFIG_SAHARA_HOST'] - manifestdata = getManifestTemplate("keystone_sahara") - appendManifestFile(manifestfile, manifestdata) - -def create_manifest(config, messages): if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_host = config['CONFIG_SAHARA_HOST'] ssl_cert_file = config['CONFIG_SAHARA_SSL_CERT'] = ( @@ -109,12 +97,6 @@ def create_manifest(config, messages): generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) - manifestfile = "%s_sahara.pp" % config['CONFIG_STORAGE_HOST'] - manifestdata = getManifestTemplate(get_mq(config, "sahara")) - manifestdata += getManifestTemplate("sahara.pp") - if config['CONFIG_CEILOMETER_INSTALL'] == 'y': - manifestdata += getManifestTemplate('sahara_ceilometer') - fw_details = dict() key = "sahara-api" fw_details.setdefault(key, {}) @@ -124,6 +106,3 @@ def create_manifest(config, messages): fw_details[key]["ports"] = ["8386"] fw_details[key]["proto"] = "tcp" config["FIREWALL_SAHARA_CFN_RULES"] = fw_details - - manifestdata += createFirewallResources("FIREWALL_SAHARA_CFN_RULES") - appendManifestFile(manifestfile, manifestdata, marker='sahara') diff --git a/packstack/plugins/ssl_001.py b/packstack/plugins/ssl_001.py index b79766617..d57f90d64 100644 --- a/packstack/plugins/ssl_001.py +++ b/packstack/plugins/ssl_001.py @@ -215,8 +215,9 @@ def create_self_signed_cert(config, messages): # for now hardcoded place for landing CACert file on servers config['CONFIG_SSL_CACERT'] = '/etc/pki/tls/certs/packstack_cacert.crt' - if (config['CONFIG_AMQP_ENABLE_SSL'] != 'y' and - config["CONFIG_HORIZON_SSL"] != 'y'): +# if (config['CONFIG_AMQP_ENABLE_SSL'] != 'y' and +# config["CONFIG_HORIZON_SSL"] != 'y'): + if config['CONFIG_AMQP_ENABLE_SSL'] != 'y': return config['CONFIG_SSL_CERT_DIR'] = os.path.expanduser( diff --git a/packstack/plugins/swift_600.py b/packstack/plugins/swift_600.py index 2e32c2f9a..8a756b355 100644 --- a/packstack/plugins/swift_600.py +++ b/packstack/plugins/swift_600.py @@ -16,7 +16,6 @@ Installs and configures Swift """ -import os import re import uuid import netaddr @@ -29,10 +28,6 @@ from packstack.installer import utils from packstack.installer.utils import split_hosts from packstack.modules.documentation import update_params_usage -from packstack.modules.ospluginutils import appendManifestFile -from packstack.modules.ospluginutils import createFirewallResources -from packstack.modules.ospluginutils import getManifestTemplate -from packstack.modules.ospluginutils import manifestfiles # ------------- Swift Packstack Plugin Initialization -------------- @@ -146,16 +141,12 @@ def initSequences(controller): return steps = [ - {'title': 'Adding Swift Keystone manifest entries', - 'functions': [create_keystone_manifest]}, - {'title': 'Adding Swift builder manifest entries', + {'title': 'Preparing Swift builder entries', 'functions': [create_builder_manifest]}, - {'title': 'Adding Swift storage manifest entries', - 'functions': [create_storage_manifest]}, - {'title': 'Adding Swift common manifest entries', - 'functions': [create_common_manifest]}, - {'title': 'Adding Swift proxy manifest entries', + {'title': 'Preparing Swift proxy entries', 'functions': [create_proxy_manifest]}, + {'title': 'Preparing Swift storage entries', + 'functions': [create_storage_manifest]}, ] controller.addSequence("Installing OpenStack Swift", [], [], steps) @@ -207,6 +198,9 @@ def parse_devices(config): if not devices: devices.append({'device': None, 'zone': 1, 'device_name': 'swiftloopback'}) + config['CONFIG_SWIFT_LOOPBACK'] = 'y' + else: + config['CONFIG_SWIFT_LOOPBACK'] = 'n' return devices @@ -245,17 +239,10 @@ def get_storage_size(config): # -------------------------- step functions -------------------------- -def create_keystone_manifest(config, messages): - # parse devices in first step - global devices - devices = parse_devices(config) - manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST'] - manifestdata = getManifestTemplate("keystone_swift") - appendManifestFile(manifestfile, manifestdata) - def create_builder_manifest(config, messages): global devices + devices = parse_devices(config) # The ring file should be built and distributed before the storage services # come up. Specifically the replicator crashes if the ring isn't present @@ -267,28 +254,28 @@ def create_builder_manifest(config, messages): ' weight => 10, }\n') return fmt % (dev_type, host, dev_port, devicename, zone) - manifestfile = "%s_ring_swift.pp" % config['CONFIG_STORAGE_HOST'] - manifestdata = getManifestTemplate("swift_builder") - # Add each device to the ring devicename = 0 - for device in devices: - host = config['CONFIG_STORAGE_HOST_URL'] - devicename = device['device_name'] - zone = device['zone'] - for dev_type, dev_port in [('ring_object_device', 6000), - ('ring_container_device', 6001), - ('ring_account_device', 6002)]: - manifestdata += device_def(dev_type, host, dev_port, devicename, - zone) - appendManifestFile(manifestfile, manifestdata, 'swiftbuilder') + for configkey, dev_type, dev_port in ( + [('SWIFT_RING_OBJECT_DEVICES', 'ring_object_device', 6000), + ('SWIFT_RING_CONTAINER_DEVICES', 'ring_container_device', 6001), + ('SWIFT_RING_ACCOUNT_DEVICES', 'ring_account_device', 6002)]): + swift_dev_details = dict() + host = utils.force_ip(config['CONFIG_STORAGE_HOST_URL']) + fstype = config["CONFIG_SWIFT_STORAGE_FSTYPE"] + for device in devices: + devicename = device['device_name'] + key = "dev_%s_%s" % (host, devicename) + swift_dev_details.setdefault(key, {}) + zone = device['zone'] + swift_dev_details[key]['name'] = "%s:%s/%s" % (host, dev_port, + devicename) + swift_dev_details[key]['weight'] = "%s" % 10 + swift_dev_details[key]['zone'] = "%s" % zone + config[configkey] = swift_dev_details def create_proxy_manifest(config, messages): - manifestfile = "%s_swift.pp" % config['CONFIG_STORAGE_HOST'] - manifestdata = getManifestTemplate("swift_proxy") - if config['CONFIG_CEILOMETER_INSTALL'] == 'y': - manifestdata += getManifestTemplate("swift_ceilometer_rabbitmq") fw_details = dict() key = "swift_proxy" fw_details.setdefault(key, {}) @@ -299,31 +286,28 @@ def create_proxy_manifest(config, messages): fw_details[key]['proto'] = "tcp" config['FIREWALL_SWIFT_PROXY_RULES'] = fw_details - manifestdata += createFirewallResources('FIREWALL_SWIFT_PROXY_RULES') - appendManifestFile(manifestfile, manifestdata) - def create_storage_manifest(config, messages): global devices - manifestfile = "%s_swift.pp" % config['CONFIG_STORAGE_HOST'] - manifestdata = getManifestTemplate("swift_storage") + devicename = 0 + swift_dev_details = dict() + host = utils.force_ip(config['CONFIG_STORAGE_HOST_URL']) + fstype = config["CONFIG_SWIFT_STORAGE_FSTYPE"] # this need to happen once per storage device for device in devices: - host = config['CONFIG_STORAGE_HOST'] - devicename = device['device_name'] - device = device['device'] - fstype = config["CONFIG_SWIFT_STORAGE_FSTYPE"] - if device: - check_device(host, device) - manifestdata += ('\nswift::storage::%s { "%s":\n' - ' device => "%s",\n}\n' - % (fstype, devicename, device)) - else: - # create loopback device if none was specified + if device['device'] is None: config['CONFIG_SWIFT_STORAGE_SEEK'] = get_storage_size(config) - manifestdata += "\n" + getManifestTemplate("swift_loopback") + else: + devicename = device['device_name'] + devicedev = device['device'] + key = "dev_%s_%s" % (host, devicename) + swift_dev_details.setdefault(key, {}) + swift_dev_details[key]['device'] = "%s" % devicename + swift_dev_details[key]['dev'] = "%s" % devicedev + swift_dev_details[key]['fstype'] = "%s" % fstype + config['CONFIG_SWIFT_STORAGE_DEVICES'] = swift_dev_details # set allowed hosts for firewall hosts = set([config['CONFIG_STORAGE_HOST']]) @@ -340,13 +324,3 @@ def create_storage_manifest(config, messages): fw_details[key]['ports'] = ['6000', '6001', '6002', '873'] fw_details[key]['proto'] = "tcp" config['FIREWALL_SWIFT_STORAGE_RULES'] = fw_details - - manifestdata += createFirewallResources('FIREWALL_SWIFT_STORAGE_RULES') - appendManifestFile(manifestfile, manifestdata) - - -def create_common_manifest(config, messages): - for manifestfile, marker in manifestfiles.getFiles(): - if manifestfile.endswith("_swift.pp"): - data = getManifestTemplate("swift_common") - appendManifestFile(os.path.split(manifestfile)[1], data) diff --git a/packstack/plugins/trove_850.py b/packstack/plugins/trove_850.py index 209adc8a4..e27598b98 100644 --- a/packstack/plugins/trove_850.py +++ b/packstack/plugins/trove_850.py @@ -22,10 +22,6 @@ from packstack.installer import validators from packstack.installer import processors from packstack.modules.documentation import update_params_usage -from packstack.modules.shortcuts import get_mq -from packstack.modules.ospluginutils import appendManifestFile -from packstack.modules.ospluginutils import createFirewallResources -from packstack.modules.ospluginutils import getManifestTemplate from packstack.modules.ospluginutils import generate_ssl_cert # ------------------ Trove Packstack Plugin initialization ------------------ @@ -126,23 +122,14 @@ def initSequences(controller): return steps = [ - {'title': 'Adding Trove Keystone manifest entries', - 'functions': [create_keystone_manifest]}, - {'title': 'Adding Trove manifest entries', - 'functions': [create_manifest]}, + {'title': 'Preparing Trove entries', + 'functions': [create_manifest]} ] controller.addSequence("Installing Trove", [], [], steps) + # ------------------------ step functions -------------------------- - - -def create_keystone_manifest(config, messages): - manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST'] - manifestdata = getManifestTemplate("keystone_trove.pp") - appendManifestFile(manifestfile, manifestdata) - - def create_manifest(config, messages): if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_cert_file = config['CONFIG_TROVE_SSL_CERT'] = ( @@ -160,10 +147,6 @@ def create_manifest(config, messages): config['CONFIG_TROVE_NOVA_PW'] == ''): config['CONFIG_TROVE_NOVA_PW'] = config['CONFIG_TROVE_KS_PW'] - manifestfile = "%s_trove.pp" % config["CONFIG_CONTROLLER_HOST"] - manifestdata = getManifestTemplate(get_mq(config, "trove")) - manifestdata += getManifestTemplate('trove.pp') - fw_details = dict() key = "trove" fw_details.setdefault(key, {}) @@ -173,6 +156,3 @@ def create_manifest(config, messages): fw_details[key]['ports'] = ['8779'] fw_details[key]['proto'] = "tcp" config['FIREWALL_TROVE_API_RULES'] = fw_details - - manifestdata += createFirewallResources('FIREWALL_TROVE_API_RULES') - appendManifestFile(manifestfile, manifestdata, marker='trove') diff --git a/packstack/puppet/templates/amqp.pp b/packstack/puppet/modules/packstack/manifests/amqp.pp similarity index 62% rename from packstack/puppet/templates/amqp.pp rename to packstack/puppet/modules/packstack/manifests/amqp.pp index defa36138..f8987b7bb 100644 --- a/packstack/puppet/templates/amqp.pp +++ b/packstack/puppet/modules/packstack/manifests/amqp.pp @@ -1,17 +1,8 @@ -$amqp = hiera('CONFIG_AMQP_BACKEND') -$amqp_enable_ssl = hiera('CONFIG_AMQP_SSL_ENABLED') - -case $amqp { - 'rabbitmq': { - enable_rabbitmq { 'rabbitmq': } - } - default: {} -} - - define enable_rabbitmq { + create_resources(packstack::firewall, hiera('FIREWALL_AMQP_RULES', {})) + $amqp_enable_ssl = hiera('CONFIG_AMQP_SSL_ENABLED') - if $::amqp_enable_ssl { + if $amqp_enable_ssl { $kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', undef) $kombu_ssl_keyfile = '/etc/pki/tls/private/ssl_amqp.key' $kombu_ssl_certfile = '/etc/pki/tls/certs/ssl_amqp.crt' @@ -28,7 +19,7 @@ define enable_rabbitmq { port => undef, ssl_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), ssl_only => true, - ssl => $::amqp_enable_ssl, + ssl => true, ssl_cacert => $kombu_ssl_ca_certs, ssl_cert => $kombu_ssl_certfile, ssl_key => $kombu_ssl_keyfile, @@ -40,22 +31,22 @@ define enable_rabbitmq { # FIXME: it's ugly to not to require client certs ssl_fail_if_no_peer_cert => true, config_variables => { - 'tcp_listen_options' => '[binary,{packet, raw},{reuseaddr, true},{backlog, 128},{nodelay, true},{exit_on_close, false},{keepalive, true}]', - 'loopback_users' => '[]', + 'tcp_listen_options' => '[binary,{packet, raw},{reuseaddr, true},{backlog, 128},{nodelay, true},{exit_on_close, false},{keepalive, true}]', + 'loopback_users' => '[]', }, } } else { class { '::rabbitmq': port => hiera('CONFIG_AMQP_CLIENTS_PORT'), - ssl => $::amqp_enable_ssl, + ssl => false, default_user => hiera('CONFIG_AMQP_AUTH_USER'), default_pass => hiera('CONFIG_AMQP_AUTH_PASSWORD'), package_provider => 'yum', repos_ensure => false, admin_enable => false, config_variables => { - 'tcp_listen_options' => '[binary,{packet, raw},{reuseaddr, true},{backlog, 128},{nodelay, true},{exit_on_close, false},{keepalive, true}]', - 'loopback_users' => '[]', + 'tcp_listen_options' => '[binary,{packet, raw},{reuseaddr, true},{backlog, 128},{nodelay, true},{exit_on_close, false},{keepalive, true}]', + 'loopback_users' => '[]', }, } } @@ -68,5 +59,31 @@ define enable_rabbitmq { group => 'rabbitmq', mode => '0640', } - +} + +class packstack::amqp () +{ + $amqp = hiera('CONFIG_AMQP_BACKEND') + + case $amqp { + 'rabbitmq': { + enable_rabbitmq { 'rabbitmq': } + + # The following kernel parameters help alleviate some RabbitMQ + # connection issues + + sysctl::value { 'net.ipv4.tcp_keepalive_intvl': + value => '1', + } + + sysctl::value { 'net.ipv4.tcp_keepalive_probes': + value => '5', + } + + sysctl::value { 'net.ipv4.tcp_keepalive_time': + value => '5', + } + } + default: {} + } } diff --git a/packstack/puppet/modules/packstack/manifests/aodh.pp b/packstack/puppet/modules/packstack/manifests/aodh.pp new file mode 100644 index 000000000..342c8f944 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/aodh.pp @@ -0,0 +1,36 @@ +class packstack::aodh () +{ + create_resources(packstack::firewall, hiera('FIREWALL_AODH_RULES', {})) + + $config_aodh_coordination_backend = hiera('CONFIG_CEILOMETER_COORDINATION_BACKEND') + + if $config_aodh_coordination_backend == 'redis' { + $redis_host = hiera('CONFIG_REDIS_HOST_URL') + $redis_port = hiera('CONFIG_REDIS_PORT') + $coordination_url = "redis://${redis_host}:${redis_port}" + } else { + $coordination_url = '' + } + + class { '::aodh::api': + enabled => true, + keystone_password => hiera('CONFIG_AODH_KS_PW'), + keystone_identity_uri => hiera('CONFIG_KEYSTONE_ADMIN_URL'), + service_name => 'httpd', + } + + class { '::aodh::wsgi::apache': + workers => hiera('CONFIG_SERVICE_WORKERS'), + ssl => false + } + + class { '::aodh::auth': + auth_password => hiera('CONFIG_AODH_KS_PW'), + } + class { '::aodh::evaluator': + coordination_url => $coordination_url, + } + class { '::aodh::notifier': } + class { '::aodh::listener': } + class { '::aodh::client': } +} diff --git a/packstack/puppet/modules/packstack/manifests/aodh/rabbitmq.pp b/packstack/puppet/modules/packstack/manifests/aodh/rabbitmq.pp new file mode 100644 index 000000000..b93769fee --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/aodh/rabbitmq.pp @@ -0,0 +1,32 @@ +class packstack::aodh::rabbitmq () +{ + $kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', undef) + $kombu_ssl_keyfile = hiera('CONFIG_AODH_SSL_KEY', undef) + $kombu_ssl_certfile = hiera('CONFIG_AODH_SSL_CERT', undef) + + if $kombu_ssl_keyfile { + $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] + file { $files_to_set_owner: + owner => 'aodh', + group => 'aodh', + require => Package['openstack-aodh-common'], + } + File[$files_to_set_owner] ~> Service<| tag == 'aodh-service' |> + } + + $config_mongodb_host = hiera('CONFIG_MONGODB_HOST_URL') + + class { '::aodh': + verbose => true, + debug => hiera('CONFIG_DEBUG_MODE'), + rabbit_host => hiera('CONFIG_AMQP_HOST_URL'), + rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), + rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'), + rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'), + rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), + kombu_ssl_ca_certs => $kombu_ssl_ca_certs, + kombu_ssl_keyfile => $kombu_ssl_keyfile, + kombu_ssl_certfile => $kombu_ssl_certfile, + database_connection => "mongodb://${config_mongodb_host}:27017/aodh", + } +} diff --git a/packstack/puppet/modules/packstack/manifests/apache.pp b/packstack/puppet/modules/packstack/manifests/apache.pp new file mode 100644 index 000000000..14dd989ff --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/apache.pp @@ -0,0 +1,33 @@ +class packstack::apache () +{ + include ::apache + + if hiera('CONFIG_HORIZON_SSL') == 'y' { + ensure_packages(['mod_ssl'], {'ensure' => 'present'}) + Package['mod_ssl'] -> Class['::apache'] + apache::listen { '443': } + } + + # Keystone port + apache::listen { '5000': } + # Keystone admin port + apache::listen { '35357': } + + if hiera('CONFIG_CEILOMETER_INSTALL') == 'y' { + if hiera('CONFIG_CEILOMETER_SERVICE_NAME') == 'httpd' { + # Ceilometer port + apache::listen { '8777': } + } + } + + if hiera('CONFIG_AODH_INSTALL') == 'y' { + # Aodh port + apache::listen { '8042': } + } + + if hiera('CONFIG_GNOCCHI_INSTALL') == 'y' { + # Gnocchi port + apache::listen { '8041': } + } +} + diff --git a/packstack/puppet/modules/packstack/manifests/ceilometer.pp b/packstack/puppet/modules/packstack/manifests/ceilometer.pp new file mode 100644 index 000000000..5463f4ff4 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/ceilometer.pp @@ -0,0 +1,80 @@ +class packstack::ceilometer () +{ + create_resources(packstack::firewall, hiera('FIREWALL_CEILOMETER_RULES', {})) + + $config_mongodb_host = hiera('CONFIG_MONGODB_HOST_URL') + + $config_ceilometer_coordination_backend = hiera('CONFIG_CEILOMETER_COORDINATION_BACKEND') + + $config_ceilometer_metering_backend = hiera('CONFIG_CEILOMETER_METERING_BACKEND') + + $config_gnocchi_host = hiera('CONFIG_KEYSTONE_HOST_URL') + + if $config_ceilometer_coordination_backend == 'redis' { + $redis_host = hiera('CONFIG_REDIS_HOST_URL') + $redis_port = hiera('CONFIG_REDIS_PORT') + $coordination_url = "redis://${redis_host}:${redis_port}" + + ensure_packages(['python-redis'], {'ensure' => 'present'}) + } else { + $coordination_url = '' + } + + if hiera('CONFIG_CEILOMETER_SERVICE_NAME') == 'ceilometer' { + $ceilometer_service_name = 'openstack-ceilometer-api' + } else { + $ceilometer_service_name = 'httpd' + } + + + class { '::ceilometer::db': + database_connection => "mongodb://${config_mongodb_host}:27017/ceilometer", + } + + class { '::ceilometer::collector': + meter_dispatcher => $config_ceilometer_metering_backend, + } + + if $config_ceilometer_metering_backend == 'gnocchi' { + + include ::gnocchi::client + class { '::ceilometer::dispatcher::gnocchi': + filter_service_activity => false, + url => "http://${config_gnocchi_host}:8041", + archive_policy => 'high', + resources_definition_file => 'gnocchi_resources.yaml', + } + } + + class { '::ceilometer::agent::notification': } + + class { '::ceilometer::agent::auth': + auth_url => hiera('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), + auth_password => hiera('CONFIG_CEILOMETER_KS_PW'), + auth_region => hiera('CONFIG_KEYSTONE_REGION'), + } + + class { '::ceilometer::agent::central': + coordination_url => $coordination_url, + } + + $bind_host = hiera('CONFIG_IP_VERSION') ? { + 'ipv6' => '::0', + default => '0.0.0.0', + # TO-DO(mmagr): Add IPv6 support when hostnames are used + } + class { '::ceilometer::api': + host => $bind_host, + keystone_auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), + keystone_identity_uri => hiera('CONFIG_KEYSTONE_ADMIN_URL'), + keystone_password => hiera('CONFIG_CEILOMETER_KS_PW'), + api_workers => hiera('CONFIG_SERVICE_WORKERS'), + service_name => $ceilometer_service_name, + } + + if $ceilometer_service_name == 'httpd' { + class { '::ceilometer::wsgi::apache': + ssl => false, + } + } +} diff --git a/packstack/puppet/modules/packstack/manifests/ceilometer/nova_disabled.pp b/packstack/puppet/modules/packstack/manifests/ceilometer/nova_disabled.pp new file mode 100644 index 000000000..5f4214e43 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/ceilometer/nova_disabled.pp @@ -0,0 +1,8 @@ +class packstack::ceilometer::nova_disabled () +{ + group { 'nova': + ensure => present, + } + + Group['nova'] -> Class['ceilometer'] +} diff --git a/packstack/puppet/modules/packstack/manifests/ceilometer/rabbitmq.pp b/packstack/puppet/modules/packstack/manifests/ceilometer/rabbitmq.pp new file mode 100644 index 000000000..2e1585088 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/ceilometer/rabbitmq.pp @@ -0,0 +1,30 @@ +class packstack::ceilometer::rabbitmq () +{ + $kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', undef) + $kombu_ssl_keyfile = hiera('CONFIG_CEILOMETER_SSL_KEY', undef) + $kombu_ssl_certfile = hiera('CONFIG_CEILOMETER_SSL_CERT', undef) + + if $kombu_ssl_keyfile { + $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] + file { $files_to_set_owner: + owner => 'ceilometer', + group => 'ceilometer', + require => Package['openstack-ceilometer-common'], + } + File[$files_to_set_owner] ~> Service<| tag == 'ceilometer-service' |> + } + + class { '::ceilometer': + metering_secret => hiera('CONFIG_CEILOMETER_SECRET'), + verbose => true, + debug => hiera('CONFIG_DEBUG_MODE'), + rabbit_host => hiera('CONFIG_AMQP_HOST_URL'), + rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), + rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'), + rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'), + rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), + kombu_ssl_ca_certs => $kombu_ssl_ca_certs, + kombu_ssl_keyfile => $kombu_ssl_keyfile, + kombu_ssl_certfile => $kombu_ssl_certfile, + } +} diff --git a/packstack/puppet/modules/packstack/manifests/chrony.pp b/packstack/puppet/modules/packstack/manifests/chrony.pp new file mode 100644 index 000000000..ec7d68329 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/chrony.pp @@ -0,0 +1,101 @@ +class packstack::chrony () +{ + $cfg_ntp_server_def = hiera('CONFIG_NTP_SERVER_DEF') + $cfg_ntp_servers = hiera('CONFIG_NTP_SERVERS') + + $config_content = " + # Use public servers from the pool.ntp.org project. + # Please consider joining the pool (http://www.pool.ntp.org/join.html). + ${cfg_ntp_server_def} + + # Ignore stratum in source selection. + stratumweight 0 + + # Record the rate at which the system clock gains/losses time. + driftfile /var/lib/chrony/drift + + # Enable kernel RTC synchronization. + rtcsync + + # In first three updates step the system clock instead of slew + # if the adjustment is larger than 10 seconds. + makestep 10 3 + + # Allow NTP client access from local network. + #allow 192.168/16 + + # Listen for commands only on localhost. + bindcmdaddress 127.0.0.1 + bindcmdaddress ::1 + + # Serve time even if not synchronized to any NTP server. + #local stratum 10 + + keyfile /etc/chrony.keys + + # Specify the key used as password for chronyc. + commandkey 1 + + # Generate command key if missing. + generatecommandkey + + # Disable logging of client accesses. + noclientlog + + # Send a message to syslog if a clock adjustment is larger than 0.5 seconds. + logchange 0.5 + + logdir /var/log/chrony + #log measurements statistics tracking + " + + package { 'chrony': + ensure => 'installed', + name => 'chrony', + } + + package { 'ntpdate': + ensure => 'installed', + name => 'ntpdate', + } + + file { 'chrony_conf': + ensure => file, + path => '/etc/chrony.conf', + mode => '0644', + content => $config_content, + } + + exec { 'stop-chronyd': + path => '/bin:/usr/bin:/sbin:/usr/sbin', + command => 'systemctl stop chronyd.service', + onlyif => 'systemctl status chronyd.service' + } + + # for cases where ntpd is running instead of default chronyd + service { 'ntpd': + ensure => stopped, + enable => false, + } + + exec { 'ntpdate': + command => "/usr/sbin/ntpdate ${cfg_ntp_servers}", + tries => 3, + } + + service { 'chronyd': + ensure => running, + enable => true, + name => 'chronyd', + hasstatus => true, + hasrestart => true, + } + + Package['chrony'] -> + Package['ntpdate'] -> + File['chrony_conf'] -> + Exec['stop-chronyd'] -> + Service['ntpd'] -> + Exec['ntpdate'] -> + Service['chronyd'] +} diff --git a/packstack/puppet/modules/packstack/manifests/cinder.pp b/packstack/puppet/modules/packstack/manifests/cinder.pp new file mode 100644 index 000000000..3ac33b438 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/cinder.pp @@ -0,0 +1,61 @@ +class packstack::cinder () +{ + create_resources(packstack::firewall, hiera('FIREWALL_CINDER_RULES', {})) + create_resources(packstack::firewall, hiera('FIREWALL_CINDER_API_RULES', {})) + + cinder_config { + 'DEFAULT/glance_host': value => hiera('CONFIG_STORAGE_HOST_URL'); + } + + $bind_host = hiera('CONFIG_IP_VERSION') ? { + 'ipv6' => '::0', + default => '0.0.0.0', + # TO-DO(mmagr): Add IPv6 support when hostnames are used + } + + $cinder_keystone_url = regsubst(regsubst(hiera('CONFIG_KEYSTONE_PUBLIC_URL'),'/v2.0',''),'/v3','') + + class { '::cinder::api': + bind_host => $bind_host, + keystone_password => hiera('CONFIG_CINDER_KS_PW'), + keystone_tenant => 'services', + keystone_user => 'cinder', + auth_uri => $cinder_keystone_url, + identity_uri => hiera('CONFIG_KEYSTONE_ADMIN_URL'), + nova_catalog_info => 'compute:nova:publicURL', + nova_catalog_admin_info => 'compute:nova:adminURL', + service_workers => hiera('CONFIG_SERVICE_WORKERS'), + } + + class { '::cinder::scheduler': } + + class { '::cinder::volume': } + + class { '::cinder::client': } + + $cinder_keystone_admin_username = hiera('CONFIG_KEYSTONE_ADMIN_USERNAME') + $cinder_keystone_admin_password = hiera('CONFIG_KEYSTONE_ADMIN_PW') + $cinder_keystone_auth_url = hiera('CONFIG_KEYSTONE_PUBLIC_URL') + $cinder_keystone_api = hiera('CONFIG_KEYSTONE_API_VERSION') + + # Cinder::Type requires keystone credentials + Cinder::Type { + os_password => hiera('CONFIG_CINDER_KS_PW'), + os_tenant_name => 'services', + os_username => 'cinder', + os_auth_url => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), + } + + class { '::cinder::backends': + enabled_backends => hiera_array('CONFIG_CINDER_BACKEND'), + } + + $db_purge = hiera('CONFIG_CINDER_DB_PURGE_ENABLE') + if $db_purge { + class { '::cinder::cron::db_purge': + hour => '*/24', + destination => '/dev/null', + age => 1 + } + } +} diff --git a/packstack/puppet/modules/packstack/manifests/cinder/backend/gluster.pp b/packstack/puppet/modules/packstack/manifests/cinder/backend/gluster.pp new file mode 100644 index 000000000..1e2b1dee7 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/cinder/backend/gluster.pp @@ -0,0 +1,16 @@ +class packstack::cinder::backend::gluster () +{ + ensure_packages(['glusterfs-fuse'], {'ensure' => 'present'}) + + cinder::backend::glusterfs { 'gluster': + glusterfs_shares => hiera_array('CONFIG_CINDER_GLUSTER_MOUNTS'), + require => Package['glusterfs-fuse'], + glusterfs_shares_config => '/etc/cinder/glusterfs_shares.conf', + } + + cinder::type { 'glusterfs': + set_key => 'volume_backend_name', + set_value => 'gluster', + require => Class['cinder::api'], + } +} diff --git a/packstack/puppet/modules/packstack/manifests/cinder/backend/lvm.pp b/packstack/puppet/modules/packstack/manifests/cinder/backend/lvm.pp new file mode 100644 index 000000000..1b2533bd1 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/cinder/backend/lvm.pp @@ -0,0 +1,96 @@ +class packstack::cinder::backend::lvm () +{ + $create_cinder_volume = hiera('CONFIG_CINDER_VOLUMES_CREATE') + + if $create_cinder_volume == 'y' { + # Find an available loop device + $loop_dev = chomp(generate('/usr/sbin/losetup', '-f')) + + class { '::cinder::setup_test_volume': + size => hiera('CONFIG_CINDER_VOLUMES_SIZE'), + loopback_device => $loop_dev, + volume_path => '/var/lib/cinder', + volume_name => 'cinder-volumes', + } + + # Add loop device on boot + $el_releases = ['RedHat', 'CentOS', 'Scientific'] + if $::operatingsystem in $el_releases and (versioncmp($::operatingsystemmajrelease, '7') < 0) { + + file_line{ 'rc.local_losetup_cinder_volume': + path => '/etc/rc.d/rc.local', + match => '^.*/var/lib/cinder/cinder-volumes.*$', + line => 'losetup -f /var/lib/cinder/cinder-volumes && service openstack-cinder-volume restart', + } + + file { '/etc/rc.d/rc.local': + mode => '0755', + } + + } else { + + file { 'openstack-losetup': + path => '/usr/lib/systemd/system/openstack-losetup.service', + before => Service['openstack-losetup'], + notify => Exec['reload systemd files for cinder-volume'], + content => '[Unit] + Description=Setup cinder-volume loop device + DefaultDependencies=false + Before=openstack-cinder-volume.service + After=local-fs.target + + [Service] + Type=oneshot + ExecStart=/usr/bin/sh -c \'/usr/sbin/losetup -j /var/lib/cinder/cinder-volumes | /usr/bin/grep /var/lib/cinder/cinder-volumes || /usr/sbin/losetup -f /var/lib/cinder/cinder-volumes\' + ExecStop=/usr/bin/sh -c \'/usr/sbin/losetup -j /var/lib/cinder/cinder-volumes | /usr/bin/cut -d : -f 1 | /usr/bin/xargs /usr/sbin/losetup -d\' + TimeoutSec=60 + RemainAfterExit=yes + + [Install] + RequiredBy=openstack-cinder-volume.service', + } + + exec { 'reload systemd files for cinder-volume': + command => '/usr/bin/systemctl daemon-reload', + refreshonly => true, + before => Service['openstack-losetup'], + } + + service { 'openstack-losetup': + ensure => running, + enable => true, + require => Class['cinder::setup_test_volume'], + } + + } + } + else { + ensure_packages(['lvm2'], {'ensure' => 'present'}) + } + + + file_line { 'snapshot_autoextend_threshold': + path => '/etc/lvm/lvm.conf', + match => '^\s*snapshot_autoextend_threshold +=.*', + line => ' snapshot_autoextend_threshold = 80', + require => Package['lvm2'], + } + + file_line { 'snapshot_autoextend_percent': + path => '/etc/lvm/lvm.conf', + match => '^\s*snapshot_autoextend_percent +=.*', + line => ' snapshot_autoextend_percent = 20', + require => Package['lvm2'], + } + + cinder::backend::iscsi { 'lvm': + iscsi_ip_address => hiera('CONFIG_STORAGE_HOST_URL'), + require => Package['lvm2'], + } + + cinder::type { 'iscsi': + set_key => 'volume_backend_name', + set_value => 'lvm', + require => Class['cinder::api'], + } +} diff --git a/packstack/puppet/modules/packstack/manifests/cinder/backend/netapp.pp b/packstack/puppet/modules/packstack/manifests/cinder/backend/netapp.pp new file mode 100644 index 000000000..1f23bbf50 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/cinder/backend/netapp.pp @@ -0,0 +1,133 @@ +# Copyright (c) – 2014, Ryan Hefner. All rights reserved. +class packstack::cinder::backend::netapp () +{ + $netapp_storage_family = hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY') + $netapp_storage_protocol = hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL') + $netapp_backend_name = 'netapp' + + if $netapp_storage_family == 'ontap_cluster' { + if $netapp_storage_protocol == 'nfs' { + cinder::backend::netapp { $netapp_backend_name: + netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'), + netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'), + netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'), + netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'), + netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'), + netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'), + netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'), + netapp_vserver => hiera('CONFIG_CINDER_NETAPP_VSERVER'), + expiry_thres_minutes => hiera('CONFIG_CINDER_NETAPP_EXPIRY_THRES_MINUTES'), + thres_avl_size_perc_start => hiera('CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_START'), + thres_avl_size_perc_stop => hiera('CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_STOP'), + nfs_shares => hiera_array('CONFIG_CINDER_NETAPP_NFS_SHARES'), + nfs_shares_config => hiera('CONFIG_CINDER_NETAPP_NFS_SHARES_CONFIG'), + } + ensure_packages(['nfs-utils'], {'ensure' => 'present'}) + } + elsif $netapp_storage_protocol == 'iscsi' { + cinder::backend::netapp { $netapp_backend_name: + netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'), + netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'), + netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'), + netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'), + netapp_size_multiplier => hiera('CONFIG_CINDER_NETAPP_SIZE_MULTIPLIER'), + netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'), + netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'), + netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'), + netapp_vserver => hiera('CONFIG_CINDER_NETAPP_VSERVER'), + } + + ensure_packages(['iscsi-initiator-utils'], {'ensure' => 'present'}) + } + + elsif $netapp_storage_protocol == 'fc' { + cinder::backend::netapp { $netapp_backend_name: + netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'), + netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'), + netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'), + netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'), + netapp_size_multiplier => hiera('CONFIG_CINDER_NETAPP_SIZE_MULTIPLIER'), + netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'), + netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'), + netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'), + netapp_vserver => hiera('CONFIG_CINDER_NETAPP_VSERVER'), + } + } + } + elsif $netapp_storage_family == 'ontap_7mode' { + if $netapp_storage_protocol == 'nfs' { + cinder::backend::netapp { $netapp_backend_name: + netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'), + netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'), + netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'), + netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'), + netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'), + netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'), + netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'), + expiry_thres_minutes => hiera('CONFIG_CINDER_NETAPP_EXPIRY_THRES_MINUTES'), + thres_avl_size_perc_start => hiera('CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_START'), + thres_avl_size_perc_stop => hiera('CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_STOP'), + nfs_shares => hiera_array('CONFIG_CINDER_NETAPP_NFS_SHARES'), + nfs_shares_config => hiera('CONFIG_CINDER_NETAPP_NFS_SHARES_CONFIG'), + } + + ensure_packages(['nfs-utils'], {'ensure' => 'present'}) + } + elsif $netapp_storage_protocol == 'iscsi' { + cinder::backend::netapp { $netapp_backend_name: + netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'), + netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'), + netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'), + netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'), + netapp_size_multiplier => hiera('CONFIG_CINDER_NETAPP_SIZE_MULTIPLIER'), + netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'), + netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'), + netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'), + netapp_vfiler => hiera('CONFIG_CINDER_NETAPP_VFILER'), + netapp_volume_list => hiera('CONFIG_CINDER_NETAPP_VOLUME_LIST'), + } + + ensure_packages(['iscsi-initiator-utils'], {'ensure' => 'present'}) + } + + elsif $netapp_storage_protocol == 'fc' { + cinder::backend::netapp { $netapp_backend_name: + netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'), + netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'), + netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'), + netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'), + netapp_size_multiplier => hiera('CONFIG_CINDER_NETAPP_SIZE_MULTIPLIER'), + netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'), + netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'), + netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'), + netapp_vfiler => hiera('CONFIG_CINDER_NETAPP_VFILER'), + netapp_partner_backend_name => hiera('CONFIG_CINDER_NETAPP_PARTNER_BACKEND_NAME'), + netapp_volume_list => hiera('CONFIG_CINDER_NETAPP_VOLUME_LIST'), + } + } + } + elsif $netapp_storage_family == 'eseries' { + cinder::backend::netapp { $netapp_backend_name: + netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'), + netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'), + netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'), + netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'), + netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'), + netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'), + netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'), + netapp_controller_ips => hiera('CONFIG_CINDER_NETAPP_CONTROLLER_IPS'), + netapp_sa_password => hiera('CONFIG_CINDER_NETAPP_SA_PASSWORD'), + netapp_storage_pools => hiera('CONFIG_CINDER_NETAPP_STORAGE_POOLS'), + netapp_eseries_host_type => hiera('CONFIG_CINDER_NETAPP_ESERIES_HOST_TYPE'), + netapp_webservice_path => hiera('CONFIG_CINDER_NETAPP_WEBSERVICE_PATH'), + } + + ensure_packages(['iscsi-initiator-utils'], {'ensure' => 'present'}) + } + + cinder::type { $netapp_backend_name: + set_key => 'volume_backend_name', + set_value => $netapp_backend_name, + require => Class['cinder::api'], + } +} diff --git a/packstack/puppet/modules/packstack/manifests/cinder/backend/nfs.pp b/packstack/puppet/modules/packstack/manifests/cinder/backend/nfs.pp new file mode 100644 index 000000000..c0d374071 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/cinder/backend/nfs.pp @@ -0,0 +1,16 @@ +class packstack::cinder::backend::nfs () +{ + ensure_packages(['nfs-utils'], {'ensure' => 'present'}) + + cinder::backend::nfs { 'nfs': + nfs_servers => hiera_array('CONFIG_CINDER_NFS_MOUNTS'), + require => Package['nfs-utils'], + nfs_shares_config => '/etc/cinder/nfs_shares.conf', + } + + cinder::type { 'nfs': + set_key => 'volume_backend_name', + set_value => 'nfs', + require => Class['cinder::api'], + } +} diff --git a/packstack/puppet/modules/packstack/manifests/cinder/backend/solidfire.pp b/packstack/puppet/modules/packstack/manifests/cinder/backend/solidfire.pp new file mode 100644 index 000000000..3ea2e5d20 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/cinder/backend/solidfire.pp @@ -0,0 +1,20 @@ +# Copyright (c) – 2016, Edward Balduf. All rights reserved. +class packstack::cinder::backend::solidfire () +{ + $solidfire_backend_name = 'solidfire' + + cinder::backend::solidfire { $solidfire_backend_name : + san_ip => hiera('CONFIG_CINDER_SOLIDFIRE_LOGIN'), + san_login => hiera('CONFIG_CINDER_SOLIDFIRE_PASSWORD'), + san_password => hiera('CONFIG_CINDER_SOLIDFIRE_HOSTNAME'), + volume_backend_name => $solidfire_backend_name, + } + + ensure_packages(['iscsi-initiator-utils'], {'ensure' => 'present'}) + + cinder::type { $solidfire_backend_name: + set_key => 'volume_backend_name', + set_value => $solidfire_backend_name, + require => Class['cinder::api'], + } +} diff --git a/packstack/puppet/modules/packstack/manifests/cinder/backend/vmdk.pp b/packstack/puppet/modules/packstack/manifests/cinder/backend/vmdk.pp new file mode 100644 index 000000000..4513a200b --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/cinder/backend/vmdk.pp @@ -0,0 +1,14 @@ +class packstack::cinder::backend::vmdk () +{ + cinder::backend::vmdk { 'vmdk': + host_ip => hiera('CONFIG_VCENTER_HOST'), + host_username => hiera('CONFIG_VCENTER_USER'), + host_password => hiera('CONFIG_VCENTER_PASSWORD'), + } + + cinder::type { 'vmdk': + set_key => 'volume_backend_name', + set_value => 'vmdk', + require => Class['cinder::api'], + } +} diff --git a/packstack/puppet/modules/packstack/manifests/cinder/backup.pp b/packstack/puppet/modules/packstack/manifests/cinder/backup.pp new file mode 100644 index 000000000..4d4478aaa --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/cinder/backup.pp @@ -0,0 +1,12 @@ +class packstack::cinder::backup () +{ + class { '::cinder::backup': } + + $cinder_backup_conf_ctrl_host = hiera('CONFIG_KEYSTONE_HOST_URL') + + class { '::cinder::backup::swift': + backup_swift_url => "http://${cinder_backup_conf_ctrl_host}:8080/v1/AUTH_", + } + + Class['cinder::api'] ~> Service['cinder-backup'] +} diff --git a/packstack/puppet/modules/packstack/manifests/cinder/ceilometer.pp b/packstack/puppet/modules/packstack/manifests/cinder/ceilometer.pp new file mode 100644 index 000000000..a33e79117 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/cinder/ceilometer.pp @@ -0,0 +1,4 @@ +class packstack::cinder::ceilometer () +{ + class { '::cinder::ceilometer': } +} diff --git a/packstack/puppet/modules/packstack/manifests/cinder/rabbitmq.pp b/packstack/puppet/modules/packstack/manifests/cinder/rabbitmq.pp new file mode 100644 index 000000000..504f7b395 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/cinder/rabbitmq.pp @@ -0,0 +1,33 @@ +class packstack::cinder::rabbitmq () +{ + $cinder_rab_cfg_cinder_db_pw = hiera('CONFIG_CINDER_DB_PW') + $cinder_rab_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST_URL') + + $kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', undef) + $kombu_ssl_keyfile = hiera('CONFIG_CINDER_SSL_KEY', undef) + $kombu_ssl_certfile = hiera('CONFIG_CINDER_SSL_CERT', undef) + + if $kombu_ssl_keyfile { + $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] + file { $files_to_set_owner: + owner => 'cinder', + group => 'cinder', + require => Class['cinder'], + notify => Service['cinder-api'], + } + } + + class { '::cinder': + rabbit_host => hiera('CONFIG_AMQP_HOST_URL'), + rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), + rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'), + rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'), + rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), + database_connection => "mysql+pymysql://cinder:${cinder_rab_cfg_cinder_db_pw}@${cinder_rab_cfg_mariadb_host}/cinder", + verbose => true, + debug => hiera('CONFIG_DEBUG_MODE'), + kombu_ssl_ca_certs => $kombu_ssl_ca_certs, + kombu_ssl_keyfile => $kombu_ssl_keyfile, + kombu_ssl_certfile => $kombu_ssl_certfile, + } +} diff --git a/packstack/puppet/modules/packstack/manifests/glance.pp b/packstack/puppet/modules/packstack/manifests/glance.pp new file mode 100644 index 000000000..18262216d --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/glance.pp @@ -0,0 +1,51 @@ +class packstack::glance () +{ + create_resources(packstack::firewall, hiera('FIREWALL_GLANCE_RULES', {})) + + $glance_ks_pw = hiera('CONFIG_GLANCE_DB_PW') + $glance_mariadb_host = hiera('CONFIG_MARIADB_HOST_URL') + $glance_cfg_ctrl_host = hiera('CONFIG_KEYSTONE_HOST_URL') + + # glance option bind_host requires address without brackets + $bind_host = hiera('CONFIG_IP_VERSION') ? { + 'ipv6' => '::0', + default => '0.0.0.0', + # TO-DO(mmagr): Add IPv6 support when hostnames are used + } + # magical hack for magical config - glance option registry_host requires brackets + $registry_host = hiera('CONFIG_IP_VERSION') ? { + 'ipv6' => '[::0]', + default => '0.0.0.0', + # TO-DO(mmagr): Add IPv6 support when hostnames are used + } + + class { '::glance::api': + bind_host => $bind_host, + registry_host => $registry_host, + auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), + identity_uri => hiera('CONFIG_KEYSTONE_ADMIN_URL'), + keystone_tenant => 'services', + keystone_user => 'glance', + keystone_password => hiera('CONFIG_GLANCE_KS_PW'), + pipeline => 'keystone', + database_connection => "mysql+pymysql://glance:${glance_ks_pw}@${glance_mariadb_host}/glance", + verbose => true, + debug => hiera('CONFIG_DEBUG_MODE'), + os_region_name => hiera('CONFIG_KEYSTONE_REGION'), + workers => hiera('CONFIG_SERVICE_WORKERS'), + known_stores => ['file', 'http', 'swift'] + } + + class { '::glance::registry': + auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), + identity_uri => hiera('CONFIG_KEYSTONE_ADMIN_URL'), + bind_host => $bind_host, + keystone_tenant => 'services', + keystone_user => 'glance', + keystone_password => hiera('CONFIG_GLANCE_KS_PW'), + database_connection => "mysql+pymysql://glance:${glance_ks_pw}@${glance_mariadb_host}/glance", + verbose => true, + debug => hiera('CONFIG_DEBUG_MODE'), + workers => hiera('CONFIG_SERVICE_WORKERS'), + } +} diff --git a/packstack/puppet/modules/packstack/manifests/glance/backend/file.pp b/packstack/puppet/modules/packstack/manifests/glance/backend/file.pp new file mode 100644 index 000000000..224dac6ec --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/glance/backend/file.pp @@ -0,0 +1,7 @@ +class packstack::glance::backend::file () +{ + # TO-DO: Make this configurable + class { '::glance::backend::file': + filesystem_store_datadir => '/var/lib/glance/images/', + } +} diff --git a/packstack/puppet/modules/packstack/manifests/glance/backend/swift.pp b/packstack/puppet/modules/packstack/manifests/glance/backend/swift.pp new file mode 100644 index 000000000..5a30b47e7 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/glance/backend/swift.pp @@ -0,0 +1,12 @@ +class packstack::glance::backend::swift () +{ + class { '::glance::backend::swift': + swift_store_user => 'services:glance', + swift_store_key => hiera('CONFIG_GLANCE_KS_PW'), + swift_store_auth_address => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), + swift_store_container => 'glance', + swift_store_auth_version => '2', + swift_store_large_object_size => '5120', + swift_store_create_container_on_put => true, + } +} diff --git a/packstack/puppet/modules/packstack/manifests/glance/ceilometer.pp b/packstack/puppet/modules/packstack/manifests/glance/ceilometer.pp new file mode 100644 index 000000000..eb06526fd --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/glance/ceilometer.pp @@ -0,0 +1,29 @@ +class packstack::glance::ceilometer () +{ + $kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', undef) + $kombu_ssl_keyfile = hiera('CONFIG_GLANCE_SSL_KEY', undef) + $kombu_ssl_certfile = hiera('CONFIG_GLANCE_SSL_CERT', undef) + + if $kombu_ssl_keyfile { + $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] + file { $files_to_set_owner: + owner => 'glance', + group => 'glance', + require => Class['::glance::notify::rabbitmq'], + notify => Service['glance-api'], + } + } + class { '::glance::notify::rabbitmq': + rabbit_host => hiera('CONFIG_AMQP_HOST_URL'), + rabbit_notification_exchange => 'glance', + rabbit_notification_topic => 'notifications', + rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), + rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'), + rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'), + rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), + kombu_ssl_ca_certs => $kombu_ssl_ca_certs, + kombu_ssl_keyfile => $kombu_ssl_keyfile, + kombu_ssl_certfile => $kombu_ssl_certfile, + notification_driver => 'messagingv2', + } +} diff --git a/packstack/puppet/modules/packstack/manifests/gnocchi.pp b/packstack/puppet/modules/packstack/manifests/gnocchi.pp new file mode 100644 index 000000000..34ed556d5 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/gnocchi.pp @@ -0,0 +1,50 @@ +class packstack::gnocchi () +{ + create_resources(packstack::firewall, hiera('FIREWALL_GNOCCHI_RULES', {})) + + $gnocchi_cfg_db_pw = hiera('CONFIG_GNOCCHI_DB_PW') + $gnocchi_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST_URL') + + class { '::gnocchi::wsgi::apache': + workers => hiera('CONFIG_SERVICE_WORKERS'), + ssl => false + } + + class { '::gnocchi': + database_connection => "mysql+pymysql://gnocchi:${gnocchi_cfg_db_pw}@${gnocchi_cfg_mariadb_host}/gnocchi?charset=utf8", + } + + $bind_host = hiera('CONFIG_IP_VERSION') ? { + 'ipv6' => '::0', + default => '0.0.0.0', + } + + class { '::gnocchi::api': + host => $bind_host, + keystone_identity_uri => hiera('CONFIG_KEYSTONE_ADMIN_URL'), + keystone_password => hiera('CONFIG_GNOCCHI_KS_PW'), + keystone_auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), + service_name => 'httpd', + } + + # TO-DO: Remove this workaround as soon as module support is implemented (see rhbz#1300662) + gnocchi_config { + 'keystone_authtoken/auth_version': value => hiera('CONFIG_KEYSTONE_API_VERSION'); + } + + class { '::gnocchi::db::sync': } + class { '::gnocchi::storage': } + class { '::gnocchi::storage::file': } + + class {'::gnocchi::metricd': } + + class {'::gnocchi::statsd': + resource_id => '5e3fcbe2-7aab-475d-b42c-a440aa42e5ad', + user_id => 'e0ca4711-1128-422c-abd6-62db246c32e7', + project_id => 'af0c88e8-90d8-4795-9efe-57f965e67318', + archive_policy_name => 'high', + flush_delay => '10', + } + + include ::gnocchi::client +} diff --git a/packstack/puppet/modules/packstack/manifests/heat.pp b/packstack/puppet/modules/packstack/manifests/heat.pp new file mode 100644 index 000000000..27cb8b314 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/heat.pp @@ -0,0 +1,22 @@ +class packstack::heat () +{ + create_resources(packstack::firewall, hiera('FIREWALL_HEAT_RULES', {})) + + class { '::heat::api': } + + $keystone_admin = hiera('CONFIG_KEYSTONE_ADMIN_USERNAME') + $heat_cfg_ctrl_host = hiera('CONFIG_KEYSTONE_HOST_URL') + + class { '::heat::engine': + heat_metadata_server_url => "http://${heat_cfg_ctrl_host}:8000", + heat_waitcondition_server_url => "http://${heat_cfg_ctrl_host}:8000/v1/waitcondition", + heat_watch_server_url => "http://${heat_cfg_ctrl_host}:8003", + auth_encryption_key => hiera('CONFIG_HEAT_AUTH_ENC_KEY'), + } + + class { '::heat::keystone::domain': + domain_name => hiera('CONFIG_HEAT_DOMAIN'), + domain_admin => hiera('CONFIG_HEAT_DOMAIN_ADMIN'), + domain_password => hiera('CONFIG_HEAT_DOMAIN_PASSWORD'), + } +} diff --git a/packstack/puppet/modules/packstack/manifests/heat/cfn.pp b/packstack/puppet/modules/packstack/manifests/heat/cfn.pp new file mode 100644 index 000000000..3ca21ccdc --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/heat/cfn.pp @@ -0,0 +1,17 @@ +class packstack::heat::cfn () +{ + create_resources(packstack::firewall, hiera('FIREWALL_HEAT_CFN_RULES', {})) + + class { '::heat::api_cfn': + workers => hiera('CONFIG_SERVICE_WORKERS'), + } + + $heat_cfn_cfg_ctrl_host = hiera('CONFIG_KEYSTONE_HOST_URL') + + class { '::heat::keystone::auth_cfn': + admin_url => "http://$heat_cfn_cfg_ctrl_host:8000/v1", + public_url => "http://$heat_cfn_cfg_ctrl_host:8000/v1", + internal_url => "http://$heat_cfn_cfg_ctrl_host:8000/v1", + password => hiera('CONFIG_HEAT_KS_PW'), + } +} diff --git a/packstack/puppet/modules/packstack/manifests/heat/cloudwatch.pp b/packstack/puppet/modules/packstack/manifests/heat/cloudwatch.pp new file mode 100644 index 000000000..bc6d7b02a --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/heat/cloudwatch.pp @@ -0,0 +1,8 @@ +class packstack::heat::cloudwatch () +{ + create_resources(packstack::firewall, hiera('FIREWALL_HEAT_CLOUDWATCH_RULES', {})) + + class { '::heat::api_cloudwatch': + workers => hiera('CONFIG_SERVICE_WORKERS'), + } +} diff --git a/packstack/puppet/modules/packstack/manifests/heat/rabbitmq.pp b/packstack/puppet/modules/packstack/manifests/heat/rabbitmq.pp new file mode 100644 index 000000000..13a79ef75 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/heat/rabbitmq.pp @@ -0,0 +1,45 @@ +class packstack::heat::rabbitmq () +{ + $heat_rabbitmq_cfg_heat_db_pw = hiera('CONFIG_HEAT_DB_PW') + $heat_rabbitmq_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST_URL') + + $kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', $::os_service_default) + $kombu_ssl_keyfile = hiera('CONFIG_HEAT_SSL_KEY', $::os_service_default) + $kombu_ssl_certfile = hiera('CONFIG_HEAT_SSL_CERT', $::os_service_default) + + if ! is_service_default($kombu_ssl_keyfile) { + $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] + file { $files_to_set_owner: + owner => 'heat', + group => 'heat', + require => Package['heat-common'], + } + File[$files_to_set_owner] ~> Service<| tag == 'heat-service' |> + } + + if hiera('CONFIG_CEILOMETER_INSTALL') == 'y' { + $heat_notification_driver = 'messagingv2' + } else { + $heat_notification_driver = $::os_service_default + } + + class { '::heat': + keystone_password => hiera('CONFIG_HEAT_KS_PW'), + auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), + identity_uri => hiera('CONFIG_KEYSTONE_ADMIN_URL'), + keystone_ec2_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), + rpc_backend => 'rabbit', + rabbit_host => hiera('CONFIG_AMQP_HOST_URL'), + rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), + rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'), + rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'), + rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), + verbose => true, + debug => hiera('CONFIG_DEBUG_MODE'), + database_connection => "mysql+pymysql://heat:${heat_rabbitmq_cfg_heat_db_pw}@${heat_rabbitmq_cfg_mariadb_host}/heat", + kombu_ssl_ca_certs => $kombu_ssl_ca_certs, + kombu_ssl_keyfile => $kombu_ssl_keyfile, + kombu_ssl_certfile => $kombu_ssl_certfile, + notification_driver => $heat_notification_driver, + } +} diff --git a/packstack/puppet/modules/packstack/manifests/horizon.pp b/packstack/puppet/modules/packstack/manifests/horizon.pp new file mode 100644 index 000000000..c3664b8d3 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/horizon.pp @@ -0,0 +1,59 @@ +class packstack::horizon () +{ + $is_django_debug = hiera('CONFIG_DEBUG_MODE') ? { + true => 'True', + false => 'False', + } + + $bind_host = hiera('CONFIG_IP_VERSION') ? { + 'ipv6' => '::0', + default => '0.0.0.0', + # TO-DO(mmagr): Add IPv6 support when hostnames are used + } + + $horizon_ssl = hiera('CONFIG_HORIZON_SSL') ? { + 'y' => true, + 'n' => false, + } + + class {'::horizon': + secret_key => hiera('CONFIG_HORIZON_SECRET_KEY'), + keystone_url => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), + keystone_default_role => '_member_', + server_aliases => [hiera('CONFIG_CONTROLLER_HOST'), $::fqdn, 'localhost'], + allowed_hosts => '*', + hypervisor_options => {'can_set_mount_point' => false, }, + django_debug => $is_django_debug, + django_session_engine => 'django.contrib.sessions.backends.cache', + cache_backend => 'django.core.cache.backends.memcached.MemcachedCache', + cache_server_ip => '127.0.0.1', + cache_server_port => '11211', + file_upload_temp_dir => '/var/tmp', + listen_ssl => $horizon_ssl, + horizon_cert => hiera('CONFIG_HORIZON_SSL_CERT', undef), + horizon_key => hiera('CONFIG_HORIZON_SSL_KEY', undef), + horizon_ca => hiera('CONFIG_HORIZON_SSL_CACERT', undef), + neutron_options => { + 'enable_lb' => hiera('CONFIG_HORIZON_NEUTRON_LB'), + 'enable_firewall' => hiera('CONFIG_HORIZON_NEUTRON_FW'), + 'enable_vpn' => hiera('CONFIG_HORIZON_NEUTRON_VPN'), + }, + } + + include '::packstack::memcached' + + $firewall_port = hiera('CONFIG_HORIZON_PORT') + + firewall { "001 horizon ${firewall_port} incoming": + proto => 'tcp', + dport => [$firewall_port], + action => 'accept', + } + + if str2bool($::selinux) { + selboolean{ 'httpd_can_network_connect': + value => on, + persistent => true, + } + } +} diff --git a/packstack/puppet/modules/packstack/manifests/ironic.pp b/packstack/puppet/modules/packstack/manifests/ironic.pp new file mode 100644 index 000000000..979ab84d6 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/ironic.pp @@ -0,0 +1,17 @@ +class packstack::ironic () +{ + create_resources(packstack::firewall, hiera('FIREWALL_IRONIC_API_RULES', {})) + + ironic_config { + 'glance/glance_host': value => hiera('CONFIG_STORAGE_HOST_URL'); + } + + class { '::ironic::api': + auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), + admin_password => hiera('CONFIG_IRONIC_KS_PW'), + } + + class { '::ironic::client': } + + class { '::ironic::conductor': } +} diff --git a/packstack/puppet/modules/packstack/manifests/ironic/rabbitmq.pp b/packstack/puppet/modules/packstack/manifests/ironic/rabbitmq.pp new file mode 100644 index 000000000..e8d5747a8 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/ironic/rabbitmq.pp @@ -0,0 +1,34 @@ +class packstack::ironic::rabbitmq () +{ + $ironic_rabbitmq_cfg_ironic_db_pw = hiera('CONFIG_IRONIC_DB_PW') + $ironic_rabbitmq_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST_URL') + + $kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', undef) + $kombu_ssl_keyfile = hiera('CONFIG_IRONIC_SSL_KEY', undef) + $kombu_ssl_certfile = hiera('CONFIG_IRONIC_SSL_CERT', undef) + + if $kombu_ssl_keyfile { + $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] + file { $files_to_set_owner: + owner => 'ironic', + group => 'ironic', + require => Package['ironic-common'], + } + File[$files_to_set_owner] ~> Service<| tag == 'ironic-service' |> + } + + class { '::ironic': + rpc_backend => 'rabbit', + rabbit_host => hiera('CONFIG_AMQP_HOST_URL'), + rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), + rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'), + rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'), + rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), + database_connection => "mysql+pymysql://ironic:${ironic_rabbitmq_cfg_ironic_db_pw}@${ironic_rabbitmq_cfg_mariadb_host}/ironic", + debug => true, + verbose => true, + kombu_ssl_ca_certs => $kombu_ssl_ca_certs, + kombu_ssl_keyfile => $kombu_ssl_keyfile, + kombu_ssl_certfile => $kombu_ssl_certfile, + } +} diff --git a/packstack/puppet/modules/packstack/manifests/keystone.pp b/packstack/puppet/modules/packstack/manifests/keystone.pp new file mode 100644 index 000000000..7a958ae68 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/keystone.pp @@ -0,0 +1,135 @@ +class packstack::keystone () +{ + create_resources(packstack::firewall, hiera('FIREWALL_KEYSTONE_RULES', {})) + + $keystone_use_ssl = false + $keystone_cfg_ks_db_pw = hiera('CONFIG_KEYSTONE_DB_PW') + $keystone_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST_URL') + $keystone_token_provider_str = downcase(hiera('CONFIG_KEYSTONE_TOKEN_FORMAT')) + $keystone_url = regsubst(regsubst(hiera('CONFIG_KEYSTONE_PUBLIC_URL'),'/v2.0',''),'/v3','') + $keystone_admin_url = hiera('CONFIG_KEYSTONE_ADMIN_URL') + + $bind_host = hiera('CONFIG_IP_VERSION') ? { + 'ipv6' => '::0', + default => '0.0.0.0', + # TO-DO(mmagr): Add IPv6 support when hostnames are used + } + + class { '::keystone::client': } + + if hiera('CONFIG_KEYSTONE_DB_PURGE_ENABLE',false) { + class { '::keystone::cron::token_flush': + minute => '*/1', + require => Service['crond'], + destination => '/dev/null', + } + service { 'crond': + ensure => 'running', + enable => true, + } + } + + class { '::keystone': + admin_token => hiera('CONFIG_KEYSTONE_ADMIN_TOKEN'), + database_connection => "mysql+pymysql://keystone_admin:${keystone_cfg_ks_db_pw}@${keystone_cfg_mariadb_host}/keystone", + token_provider => "keystone.token.providers.${keystone_token_provider_str}.Provider", + verbose => true, + debug => hiera('CONFIG_DEBUG_MODE'), + service_name => 'httpd', + enable_ssl => $keystone_use_ssl, + public_bind_host => $bind_host, + admin_bind_host => $bind_host, + default_domain => 'Default', + } + + class { '::keystone::wsgi::apache': + workers => hiera('CONFIG_SERVICE_WORKERS'), + ssl => $keystone_use_ssl + } + + if hiera('CONFIG_HEAT_INSTALL') == 'y' { + $keystone_admin_roles = ['admin', '_member_', 'heat_stack_owner'] + } else { + $keystone_admin_roles = ['admin'] + } + + # Ensure the default _member_ role is present + keystone_role { '_member_': + ensure => present, + } -> + class { '::keystone::roles::admin': + email => hiera('CONFIG_KEYSTONE_ADMIN_EMAIL'), + admin => hiera('CONFIG_KEYSTONE_ADMIN_USERNAME'), + password => hiera('CONFIG_KEYSTONE_ADMIN_PW'), + admin_tenant => 'admin', + admin_roles => $keystone_admin_roles, + } + + class { '::keystone::endpoint': + default_domain => 'Default', + public_url => $keystone_url, + internal_url => $keystone_url, + admin_url => $keystone_admin_url, + region => hiera('CONFIG_KEYSTONE_REGION'), + # so far enforce v2 as default endpoint + version => 'v2.0', + } + + # default assignment driver is SQL + $assignment_driver = 'keystone.assignment.backends.sql.Assignment' + + if hiera('CONFIG_KEYSTONE_IDENTITY_BACKEND') == 'ldap' { + + if hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ENABLED_EMULATION_DN', undef) { + $user_enabled_emulation = true + } else { + $user_enabled_emulation = false + } + + class { '::keystone::ldap': + url => hiera_undef('CONFIG_KEYSTONE_LDAP_URL', undef), + user => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_DN', undef), + password => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_PASSWORD', undef), + suffix => hiera_undef('CONFIG_KEYSTONE_LDAP_SUFFIX', undef), + query_scope => hiera_undef('CONFIG_KEYSTONE_LDAP_QUERY_SCOPE', undef), + page_size => hiera_undef('CONFIG_KEYSTONE_LDAP_PAGE_SIZE', undef), + user_tree_dn => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_SUBTREE', undef), + user_filter => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_FILTER', undef), + user_objectclass => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_OBJECTCLASS', undef), + user_id_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ID_ATTRIBUTE', undef), + user_name_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_NAME_ATTRIBUTE', undef), + user_mail_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_MAIL_ATTRIBUTE', undef), + user_enabled_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ENABLED_ATTRIBUTE', undef), + user_enabled_mask => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ENABLED_MASK', undef), + user_enabled_default => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ENABLED_DEFAULT', undef), + user_enabled_invert => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ENABLED_INVERT', undef), + user_attribute_ignore => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ATTRIBUTE_IGNORE', undef), + user_default_project_id_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_DEFAULT_PROJECT_ID_ATTRIBUTE', undef), + user_allow_create => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ALLOW_CREATE', undef), + user_allow_update => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ALLOW_UPDATE', undef), + user_allow_delete => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ALLOW_DELETE', undef), + user_pass_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_PASS_ATTRIBUTE', undef), + user_enabled_emulation => $user_enabled_emulation, + user_enabled_emulation_dn => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ENABLED_EMULATION_DN', undef), + user_additional_attribute_mapping => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ADDITIONAL_ATTRIBUTE_MAPPING', undef), + group_tree_dn => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_SUBTREE', undef), + group_filter => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_FILTER', undef), + group_objectclass => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_OBJECTCLASS', undef), + group_id_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ID_ATTRIBUTE', undef), + group_name_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_NAME_ATTRIBUTE', undef), + group_member_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_MEMBER_ATTRIBUTE', undef), + group_desc_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_DESC_ATTRIBUTE', undef), + group_attribute_ignore => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ATTRIBUTE_IGNORE', undef), + group_allow_create => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_CREATE', undef), + group_allow_update => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_UPDATE', undef), + group_allow_delete => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_DELETE', undef), + group_additional_attribute_mapping => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ADDITIONAL_ATTRIBUTE_MAPPING', undef), + use_tls => hiera_undef('CONFIG_KEYSTONE_LDAP_USE_TLS', undef), + tls_cacertdir => hiera_undef('CONFIG_KEYSTONE_LDAP_TLS_CACERTDIR', undef), + tls_cacertfile => hiera_undef('CONFIG_KEYSTONE_LDAP_TLS_CACERTFILE', undef), + tls_req_cert => hiera_undef('CONFIG_KEYSTONE_LDAP_TLS_REQ_CERT', undef), + identity_driver => 'keystone.identity.backends.ldap.Identity', + assignment_driver => $assignment_driver, + } + } +} diff --git a/packstack/puppet/modules/packstack/manifests/keystone/aodh.pp b/packstack/puppet/modules/packstack/manifests/keystone/aodh.pp new file mode 100644 index 000000000..ee6a1bd70 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/keystone/aodh.pp @@ -0,0 +1,12 @@ +class packstack::keystone::aodh () +{ + $keystone_host_url = hiera('CONFIG_KEYSTONE_HOST_URL') + + class { '::aodh::keystone::auth': + region => hiera('CONFIG_KEYSTONE_REGION'), + password => hiera('CONFIG_AODH_KS_PW'), + public_url => "http://${keystone_host_url}:8042", + admin_url => "http://${keystone_host_url}:8042", + internal_url => "http://${keystone_host_url}:8042", + } +} diff --git a/packstack/puppet/modules/packstack/manifests/keystone/ceilometer.pp b/packstack/puppet/modules/packstack/manifests/keystone/ceilometer.pp new file mode 100644 index 000000000..47c0754d4 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/keystone/ceilometer.pp @@ -0,0 +1,15 @@ +class packstack::keystone::ceilometer () +{ + $ceilometer_protocol = 'http' + $ceilometer_port = '8777' + $ceilometer_api_host = hiera('CONFIG_KEYSTONE_HOST_URL') + $ceilometer_url = "${ceilometer_protocol}://${ceilometer_api_host}:${ceilometer_port}" + + class { '::ceilometer::keystone::auth': + region => hiera('CONFIG_KEYSTONE_REGION'), + password => hiera('CONFIG_CEILOMETER_KS_PW'), + public_url => $ceilometer_url, + admin_url => $ceilometer_url, + internal_url => $ceilometer_url, + } +} diff --git a/packstack/puppet/modules/packstack/manifests/keystone/cinder.pp b/packstack/puppet/modules/packstack/manifests/keystone/cinder.pp new file mode 100644 index 000000000..0f3297659 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/keystone/cinder.pp @@ -0,0 +1,21 @@ +class packstack::keystone::cinder () +{ + $cinder_protocol = 'http' + $cinder_host = hiera('CONFIG_STORAGE_HOST_URL') + $cinder_port = '8776' + $cinder_url = "${cinder_protocol}://${cinder_host}:$cinder_port" + + class { '::cinder::keystone::auth': + region => hiera('CONFIG_KEYSTONE_REGION'), + password => hiera('CONFIG_CINDER_KS_PW'), + public_url => "${cinder_url}/v1/%(tenant_id)s", + internal_url => "${cinder_url}/v1/%(tenant_id)s", + admin_url => "${cinder_url}/v1/%(tenant_id)s", + public_url_v2 => "${cinder_url}/v2/%(tenant_id)s", + internal_url_v2 => "${cinder_url}/v2/%(tenant_id)s", + admin_url_v2 => "${cinder_url}/v2/%(tenant_id)s", + public_url_v3 => "${cinder_url}/v3/%(tenant_id)s", + internal_url_v3 => "${cinder_url}/v3/%(tenant_id)s", + admin_url_v3 => "${cinder_url}/v3/%(tenant_id)s", + } +} diff --git a/packstack/puppet/modules/packstack/manifests/keystone/glance.pp b/packstack/puppet/modules/packstack/manifests/keystone/glance.pp new file mode 100644 index 000000000..227c5282f --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/keystone/glance.pp @@ -0,0 +1,15 @@ +class packstack::keystone::glance () +{ + $glance_protocol = 'http' + $glance_port = '9292' + $glance_api_host = hiera('CONFIG_STORAGE_HOST_URL') + $glance_url = "${glance_protocol}://${glance_api_host}:${glance_port}" + + class { '::glance::keystone::auth': + region => hiera('CONFIG_KEYSTONE_REGION'), + password => hiera('CONFIG_GLANCE_KS_PW'), + public_url => $glance_url, + admin_url => $glance_url, + internal_url => $glance_url, + } +} diff --git a/packstack/puppet/modules/packstack/manifests/keystone/gnocchi.pp b/packstack/puppet/modules/packstack/manifests/keystone/gnocchi.pp new file mode 100644 index 000000000..ea59ce198 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/keystone/gnocchi.pp @@ -0,0 +1,12 @@ +class packstack::keystone::gnocchi () +{ + $gnocchi_keystone_host_url = hiera('CONFIG_KEYSTONE_HOST_URL') + + class { '::gnocchi::keystone::auth': + region => hiera('CONFIG_KEYSTONE_REGION'), + password => hiera('CONFIG_GNOCCHI_KS_PW'), + public_url => "http://${gnocchi_keystone_host_url}:8041", + admin_url => "http://${gnocchi_keystone_host_url}:8041", + internal_url => "http://${gnocchi_keystone_host_url}:8041", + } +} diff --git a/packstack/puppet/modules/packstack/manifests/keystone/heat.pp b/packstack/puppet/modules/packstack/manifests/keystone/heat.pp new file mode 100644 index 000000000..ba833d9b9 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/keystone/heat.pp @@ -0,0 +1,17 @@ +class packstack::keystone::heat () +{ + $heat_protocol = 'http' + $heat_port = '8004' + $heat_api_host = hiera('CONFIG_KEYSTONE_HOST_URL') + $heat_url = "${heat_protocol}://${heat_api_host}:${heat_port}/v1/%(tenant_id)s" + + # heat::keystone::auth + class { '::heat::keystone::auth': + region => hiera('CONFIG_KEYSTONE_REGION'), + password => hiera('CONFIG_HEAT_KS_PW'), + public_url => $heat_url, + admin_url => $heat_url, + internal_url => $heat_url, + configure_delegated_roles => true, + } +} diff --git a/packstack/puppet/modules/packstack/manifests/keystone/ironic.pp b/packstack/puppet/modules/packstack/manifests/keystone/ironic.pp new file mode 100644 index 000000000..8183281e3 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/keystone/ironic.pp @@ -0,0 +1,15 @@ +class packstack::keystone::ironic () +{ + $ironic_protocol = 'http' + $ironic_host = hiera('CONFIG_KEYSTONE_HOST_URL') + $ironic_port = '6385' + $ironic_url = "${ironic_protocol}://${ironic_host}:$ironic_port" + + class { '::ironic::keystone::auth': + region => hiera('CONFIG_KEYSTONE_REGION'), + password => hiera('CONFIG_IRONIC_KS_PW'), + public_url => $ironic_url, + admin_url => $ironic_url, + internal_url => $ironic_url, + } +} diff --git a/packstack/puppet/modules/packstack/manifests/keystone/manila.pp b/packstack/puppet/modules/packstack/manifests/keystone/manila.pp new file mode 100644 index 000000000..1a11f73f2 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/keystone/manila.pp @@ -0,0 +1,18 @@ +class packstack::keystone::manila () +{ + $manila_protocol = 'http' + $manila_host = hiera('CONFIG_STORAGE_HOST_URL') + $manila_port = '8786' + $manila_url = "${manila_protocol}://${manila_host}:$manila_port/v1/%(tenant_id)s" + $manila_url_v2 = "${manila_protocol}://${manila_host}:$manila_port/v2/%(tenant_id)s" + + class { '::manila::keystone::auth': + password => hiera('CONFIG_MANILA_KS_PW'), + public_url => $manila_url, + admin_url => $manila_url, + internal_url => $manila_url, + public_url_v2 => $manila_url_v2, + admin_url_v2 => $manila_url_v2, + internal_url_v2 => $manila_url_v2, + } +} diff --git a/packstack/puppet/modules/packstack/manifests/keystone/neutron.pp b/packstack/puppet/modules/packstack/manifests/keystone/neutron.pp new file mode 100644 index 000000000..168eab4d5 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/keystone/neutron.pp @@ -0,0 +1,15 @@ +class packstack::keystone::neutron () +{ + $neutron_protocol = 'http' + $neutron_host = hiera('CONFIG_KEYSTONE_HOST_URL') + $neutron_port = '9696' + $neutron_url = "${neutron_protocol}://${neutron_host}:$neutron_port" + + class { '::neutron::keystone::auth': + region => hiera('CONFIG_KEYSTONE_REGION'), + password => hiera('CONFIG_NEUTRON_KS_PW'), + public_url => $neutron_url, + admin_url => $neutron_url, + internal_url => $neutron_url, + } +} diff --git a/packstack/puppet/modules/packstack/manifests/keystone/nova.pp b/packstack/puppet/modules/packstack/manifests/keystone/nova.pp new file mode 100644 index 000000000..5a4b0bd2e --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/keystone/nova.pp @@ -0,0 +1,19 @@ +class packstack::keystone::nova () +{ + $nova_protocol = 'http' + $nova_host = hiera('CONFIG_KEYSTONE_HOST_URL') + $nova_port = '8774' + $nova_url = "${nova_protocol}://${nova_host}:$nova_port/v2/%(tenant_id)s" + $nova_v3_url = "${nova_protocol}://${nova_host}:$nova_port/v3" + + class { '::nova::keystone::auth': + region => hiera('CONFIG_KEYSTONE_REGION'), + password => hiera('CONFIG_NOVA_KS_PW'), + public_url => $nova_url, + admin_url => $nova_url, + internal_url => $nova_url, + public_url_v3 => $nova_v3_url, + admin_url_v3 => $nova_v3_url, + internal_url_v3 => $nova_v3_url, + } +} diff --git a/packstack/puppet/modules/packstack/manifests/keystone/sahara.pp b/packstack/puppet/modules/packstack/manifests/keystone/sahara.pp new file mode 100644 index 000000000..1018dbd77 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/keystone/sahara.pp @@ -0,0 +1,14 @@ +class packstack::keystone::sahara () +{ + $sahara_protocol = 'http' + $sahara_host = hiera('CONFIG_KEYSTONE_HOST_URL') + $sahara_port = '8386' + $sahara_url = "${sahara_protocol}://${sahara_host}:$sahara_port/v1.1/%(tenant_id)s" + + class { '::sahara::keystone::auth': + password => hiera('CONFIG_SAHARA_KS_PW'), + public_url => $sahara_url, + admin_url => $sahara_url, + internal_url => $sahara_url, + } +} diff --git a/packstack/puppet/modules/packstack/manifests/keystone/swift.pp b/packstack/puppet/modules/packstack/manifests/keystone/swift.pp new file mode 100644 index 000000000..b6daeaf33 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/keystone/swift.pp @@ -0,0 +1,17 @@ +class packstack::keystone::swift () +{ + $swift_protocol = 'http' + $swift_host = hiera('CONFIG_STORAGE_HOST_URL') + $swift_port = '8080' + $swift_url = "${swift_protocol}://${swift_host}:$swift_port/v1/AUTH_%(tenant_id)s" + + class { '::swift::keystone::auth': + region => hiera('CONFIG_KEYSTONE_REGION'), + password => hiera('CONFIG_SWIFT_KS_PW'), + operator_roles => ['admin', 'SwiftOperator', 'ResellerAdmin'], + public_url => $swift_url, + internal_url => $swift_url, + admin_url => $swift_url, + configure_s3_endpoint => false, + } +} diff --git a/packstack/puppet/modules/packstack/manifests/keystone/trove.pp b/packstack/puppet/modules/packstack/manifests/keystone/trove.pp new file mode 100644 index 000000000..27c78e957 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/keystone/trove.pp @@ -0,0 +1,15 @@ +class packstack::keystone::trove () +{ + $trove_protocol = 'http' + $trove_host = hiera('CONFIG_KEYSTONE_HOST_URL') + $trove_port = '8779' + $trove_url = "${trove_protocol}://${trove_host}:$trove_port/v1.0/%(tenant_id)s" + + class { '::trove::keystone::auth': + region => hiera('CONFIG_KEYSTONE_REGION'), + password => hiera('CONFIG_TROVE_KS_PW'), + public_url => $trove_url, + admin_url => $trove_url, + internal_url => $trove_url, + } +} diff --git a/packstack/puppet/modules/packstack/manifests/manila.pp b/packstack/puppet/modules/packstack/manifests/manila.pp new file mode 100644 index 000000000..9c88dc58d --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/manila.pp @@ -0,0 +1,32 @@ +class packstack::manila () +{ + create_resources(packstack::firewall, hiera('FIREWALL_MANILA_API_RULES', {})) + + manila_config { + 'DEFAULT/glance_host': value => hiera('CONFIG_STORAGE_HOST_URL'); + } + + $bind_host = hiera('CONFIG_IP_VERSION') ? { + 'ipv6' => '::0', + default => '0.0.0.0', + # TO-DO(mmagr): Add IPv6 support when hostnames are used + } + + class { '::manila::api': + bind_host => $bind_host, + keystone_password => hiera('CONFIG_MANILA_KS_PW'), + keystone_tenant => 'services', + keystone_user => 'manila', + keystone_auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), + } + + class { '::manila::scheduler': + } + + class { '::manila::share': + } + + class { '::manila::backends': + enabled_share_backends => hiera('CONFIG_MANILA_BACKEND'), + } +} diff --git a/packstack/puppet/modules/packstack/manifests/manila/backend/generic.pp b/packstack/puppet/modules/packstack/manifests/manila/backend/generic.pp new file mode 100644 index 000000000..357efc8d5 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/manila/backend/generic.pp @@ -0,0 +1,50 @@ +class packstack::manila::backend::generic () +{ + ensure_packages(['nfs-utils'], {'ensure' => 'present'}) + + manila::backend::generic{ 'generic': + driver_handles_share_servers => hiera('CONFIG_MANILA_GENERIC_DRV_HANDLES_SHARE_SERVERS'), + volume_name_template => hiera('CONFIG_MANILA_GENERIC_VOLUME_NAME_TEMPLATE'), + share_mount_path => hiera('CONFIG_MANILA_GENERIC_SHARE_MOUNT_PATH'), + } + + packstack::manila::network{ 'generic': } + + if ($::manila_network_type == 'neutron'){ + $service_instance_network_helper_type = 'neutron' + } + elsif ($::manila_network_type == 'nova-network'){ + $service_instance_network_helper_type = 'nova' + } + + $admin_username = hiera('CONFIG_KEYSTONE_ADMIN_USERNAME') + $admin_password = hiera('CONFIG_KEYSTONE_ADMIN_PW') + $admin_tenant = 'admin' + $keystone_url = hiera('CONFIG_KEYSTONE_PUBLIC_URL') + + nova_flavor { 'm1.manila': + ensure => present, + id => '66', + ram => '512', + disk => '0', + vcpus => '1', + require => [ Class['::nova::api'], Class['::nova::keystone::auth'] ], + } -> + manila::service_instance{ 'generic': + service_image_location => hiera('CONFIG_MANILA_SERVICE_IMAGE_LOCATION'), + service_instance_user => hiera('CONFIG_MANILA_SERVICE_INSTANCE_USER'), + service_instance_password => hiera('CONFIG_MANILA_SERVICE_INSTANCE_PASSWORD'), + service_instance_network_helper_type => $service_instance_network_helper_type, + service_instance_flavor_id => 66, + } + + class { '::manila::compute::nova': + nova_admin_password => hiera('CONFIG_NOVA_KS_PW'), + nova_admin_tenant_name => 'services', + } + + class { '::manila::volume::cinder': + cinder_admin_password => hiera('CONFIG_CINDER_KS_PW'), + cinder_admin_tenant_name => 'services', + } +} diff --git a/packstack/puppet/modules/packstack/manifests/manila/backend/glusternative.pp b/packstack/puppet/modules/packstack/manifests/manila/backend/glusternative.pp new file mode 100644 index 000000000..c385d31b5 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/manila/backend/glusternative.pp @@ -0,0 +1,10 @@ +class packstack::manila::backend::glusternative () +{ + manila::backend::glusternative{ 'glusternative': + glusterfs_servers => hiera('CONFIG_MANILA_GLUSTERFS_SERVERS'), + glusterfs_native_path_to_private_key => hiera('CONFIG_MANILA_GLUSTERFS_NATIVE_PATH_TO_PRIVATE_KEY'), + glusterfs_volume_pattern => hiera('CONFIG_MANILA_GLUSTERFS_VOLUME_PATTERN'), + } + + packstack::manila::network{ 'glusternative': } +} diff --git a/packstack/puppet/modules/packstack/manifests/manila/backend/glusternfs.pp b/packstack/puppet/modules/packstack/manifests/manila/backend/glusternfs.pp new file mode 100644 index 000000000..e63024bc5 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/manila/backend/glusternfs.pp @@ -0,0 +1,14 @@ +class packstack::manila::backend::glusternfs () +{ + manila::backend::glusternfs{ 'glusternfs': + glusterfs_target => hiera('CONFIG_MANILA_GLUSTERFS_TARGET'), + glusterfs_mount_point_base => hiera('CONFIG_MANILA_GLUSTERFS_MOUNT_POINT_BASE'), + glusterfs_nfs_server_type => hiera('CONFIG_MANILA_GLUSTERFS_NFS_SERVER_TYPE'), + glusterfs_path_to_private_key => hiera('CONFIG_MANILA_GLUSTERFS_PATH_TO_PRIVATE_KEY'), + glusterfs_ganesha_server_ip => hiera('CONFIG_MANILA_GLUSTERFS_GANESHA_SERVER_IP'), + } + + packstack::manila::network{ 'glusternfs': } + + include '::manila::ganesha' +} diff --git a/packstack/puppet/modules/packstack/manifests/manila/backend/netapp.pp b/packstack/puppet/modules/packstack/manifests/manila/backend/netapp.pp new file mode 100644 index 000000000..f8f2f10ff --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/manila/backend/netapp.pp @@ -0,0 +1,18 @@ +class packstack::manila::backend::netapp () +{ + manila::backend::netapp{ 'netapp': + driver_handles_share_servers => hiera('CONFIG_MANILA_NETAPP_DRV_HANDLES_SHARE_SERVERS'), + netapp_transport_type => hiera('CONFIG_MANILA_NETAPP_TRANSPORT_TYPE'), + netapp_login => hiera('CONFIG_MANILA_NETAPP_LOGIN'), + netapp_password => hiera('CONFIG_MANILA_NETAPP_PASSWORD'), + netapp_server_hostname => hiera('CONFIG_MANILA_NETAPP_SERVER_HOSTNAME'), + netapp_storage_family => hiera('CONFIG_MANILA_NETAPP_STORAGE_FAMILY'), + netapp_server_port => hiera('CONFIG_MANILA_NETAPP_SERVER_PORT'), + netapp_vserver => hiera('CONFIG_MANILA_NETAPP_VSERVER', undef), + netapp_aggregate_name_search_pattern => hiera('CONFIG_MANILA_NETAPP_AGGREGATE_NAME_SEARCH_PATTERN'), + netapp_root_volume_aggregate => hiera('CONFIG_MANILA_NETAPP_ROOT_VOLUME_AGGREGATE', undef), + netapp_root_volume_name => hiera('CONFIG_MANILA_NETAPP_ROOT_VOLUME_NAME', undef), + } + + packstack::manila::network{ 'netapp': } +} diff --git a/packstack/puppet/templates/manila_network.pp b/packstack/puppet/modules/packstack/manifests/manila/network.pp similarity index 74% rename from packstack/puppet/templates/manila_network.pp rename to packstack/puppet/modules/packstack/manifests/manila/network.pp index a4f2f777d..3d9e1f2d5 100644 --- a/packstack/puppet/templates/manila_network.pp +++ b/packstack/puppet/modules/packstack/manifests/manila/network.pp @@ -1,17 +1,17 @@ -$manila_network_type = hiera('CONFIG_MANILA_NETWORK_TYPE') define packstack::manila::network ($backend_name = $name) { + $manila_network_type = hiera('CONFIG_MANILA_NETWORK_TYPE') - if ($::manila_network_type == 'neutron'){ + if ($manila_network_type == 'neutron'){ class { '::manila::network::neutron': neutron_admin_password => hiera('CONFIG_NEUTRON_KS_PW'), neutron_admin_tenant_name => 'services', } } - elsif ($::manila_network_type == 'nova-network'){ + elsif ($manila_network_type == 'nova-network'){ manila::network::nova_network{ $backend_name: } } - elsif ($::manila_network_type == 'standalone'){ + elsif ($manila_network_type == 'standalone'){ manila::network::standalone{ $backend_name: standalone_network_plugin_gateway => hiera('CONFIG_MANILA_NETWORK_STANDALONE_GATEWAY'), standalone_network_plugin_mask => hiera('CONFIG_MANILA_NETWORK_STANDALONE_NETMASK'), @@ -21,6 +21,7 @@ define packstack::manila::network ($backend_name = $name) { } } else { - fail("The value ${::manila_network_type} is not a valid value for the Manila network type.") + fail("The value ${manila_network_type} is not a valid value for the Manila network type.") } } + diff --git a/packstack/puppet/modules/packstack/manifests/manila/rabbitmq.pp b/packstack/puppet/modules/packstack/manifests/manila/rabbitmq.pp new file mode 100644 index 000000000..7fa6a4b6a --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/manila/rabbitmq.pp @@ -0,0 +1,31 @@ +class packstack::manila::rabbitmq () +{ + $kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', undef) + $kombu_ssl_keyfile = hiera('CONFIG_MANILA_SSL_KEY', undef) + $kombu_ssl_certfile = hiera('CONFIG_MANILA_SSL_CERT', undef) + + if $kombu_ssl_keyfile { + $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] + file { $files_to_set_owner: + owner => 'manila', + group => 'manila', + # manila user on RH/Fedora is provided by python-manila + require => Package['manila'], + } + File[$files_to_set_owner] ~> Service<| tag == 'manila-service' |> + } + + $db_pw = hiera('CONFIG_MANILA_DB_PW') + $mariadb_host = hiera('CONFIG_MARIADB_HOST_URL') + + class { '::manila': + rabbit_host => hiera('CONFIG_AMQP_HOST_URL'), + rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), + rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'), + rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'), + rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), + sql_connection => "mysql+pymysql://manila:${db_pw}@${mariadb_host}/manila", + verbose => true, + debug => hiera('CONFIG_DEBUG_MODE'), + } +} diff --git a/packstack/puppet/modules/packstack/manifests/mariadb.pp b/packstack/puppet/modules/packstack/manifests/mariadb.pp new file mode 100644 index 000000000..599234307 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/mariadb.pp @@ -0,0 +1,69 @@ +class packstack::mariadb () +{ + if hiera('CONFIG_MARIADB_INSTALL') == 'y' { + create_resources(packstack::firewall, hiera('FIREWALL_MARIADB_RULES', {})) + $max_connections = hiera('CONFIG_SERVICE_WORKERS') * 128 + + if ($::mariadb_provides_galera == 'true') { + # Since mariadb 10.1 galera is included in main mariadb + $mariadb_package_name = 'mariadb-server-galera' + $mariadb_present = 'present' + } else { + # Package mariadb-server conflicts with mariadb-galera-server + $mariadb_package_name = 'mariadb-galera-server' + $mariadb_present = 'absent' + } + ensure_packages(['mariadb-server'], {'ensure' => $mariadb_present}) + + $bind_address = hiera('CONFIG_IP_VERSION') ? { + 'ipv6' => '::0', + default => '0.0.0.0', + # TO-DO(mmagr): Add IPv6 support when hostnames are used + } + + $mysql_root_password = hiera('CONFIG_MARIADB_PW') + + class { '::mysql::server': + package_name => $mariadb_package_name, + restart => true, + root_password => $mysql_root_password, + require => Package['mariadb-server'], + override_options => { + 'mysqld' => { + 'bind_address' => $bind_address, + 'default_storage_engine' => 'InnoDB', + 'max_connections' => $max_connections, + 'open_files_limit' => '-1', + # galera options + 'wsrep_provider' => 'none', + 'wsrep_cluster_name' => 'galera_cluster', + 'wsrep_sst_method' => 'rsync', + 'wsrep_sst_auth' => "root:${mysql_root_password}", + }, + }, + } + + # deleting database users for security + # this is done in mysql::server::account_security but has problems + # when there is no fqdn, so we're defining a slightly different one here + mysql_user { [ 'root@127.0.0.1', 'root@::1', '@localhost', '@%' ]: + ensure => 'absent', + require => Class['mysql::server'], + } + + if ($::fqdn != '' and $::fqdn != 'localhost') { + mysql_user { [ "root@${::fqdn}", "@${::fqdn}"]: + ensure => 'absent', + require => Class['mysql::server'], + } + } + if ($::fqdn != $::hostname and $::hostname != 'localhost') { + mysql_user { ["root@${::hostname}", "@${::hostname}"]: + ensure => 'absent', + require => Class['mysql::server'], + } + } + } else { + class { '::remote::db': } + } +} diff --git a/packstack/puppet/modules/packstack/manifests/mariadb/services.pp b/packstack/puppet/modules/packstack/manifests/mariadb/services.pp new file mode 100644 index 000000000..dda177882 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/mariadb/services.pp @@ -0,0 +1,106 @@ +class packstack::mariadb::services () +{ + class { '::keystone::db::mysql': + user => 'keystone_admin', + password => hiera('CONFIG_KEYSTONE_DB_PW'), + allowed_hosts => '%', + charset => 'utf8', + } + + if hiera('CONFIG_CINDER_INSTALL') == 'y' { + class { '::cinder::db::mysql': + password => hiera('CONFIG_CINDER_DB_PW'), + host => '%', + allowed_hosts => '%', + charset => 'utf8', + } + } + + if hiera('CONFIG_GLANCE_INSTALL') == 'y' { + class { '::glance::db::mysql': + password => hiera('CONFIG_GLANCE_DB_PW'), + host => '%', + allowed_hosts => '%', + charset => 'utf8', + } + } + + if hiera('CONFIG_GNOCCHI_INSTALL') == 'y' and + hiera('CONFIG_CEILOMETER_INSTALL') == 'y' { + class { '::gnocchi::db::mysql': + password => hiera('CONFIG_GNOCCHI_DB_PW'), + host => '%', + allowed_hosts => '%', + } + } + + if hiera('CONFIG_HEAT_INSTALL') == 'y' { + class { '::heat::db::mysql': + password => hiera('CONFIG_HEAT_DB_PW'), + host => '%', + allowed_hosts => '%', + charset => 'utf8', + } + } + + if hiera('CONFIG_IRONIC_INSTALL') == 'y' { + class { '::ironic::db::mysql': + password => hiera('CONFIG_IRONIC_DB_PW'), + host => '%', + allowed_hosts => '%', + charset => 'utf8', + } + } + + if hiera('CONFIG_MANILA_INSTALL') == 'y' { + class { '::manila::db::mysql': + password => hiera('CONFIG_MANILA_DB_PW'), + allowed_hosts => '%', + charset => 'utf8', + } + } + + if hiera('CONFIG_NEUTRON_INSTALL') == 'y' { + class { '::neutron::db::mysql': + password => hiera('CONFIG_NEUTRON_DB_PW'), + host => '%', + allowed_hosts => '%', + dbname => hiera('CONFIG_NEUTRON_L2_DBNAME'), + charset => 'utf8', + } + } + + if hiera('CONFIG_NOVA_INSTALL') == 'y' { + class { '::nova::db::mysql': + password => hiera('CONFIG_NOVA_DB_PW'), + host => '%', + allowed_hosts => '%', + charset => 'utf8', + } + class { '::nova::db::mysql_api': + password => hiera('CONFIG_NOVA_DB_PW'), + host => '%', + allowed_hosts => '%', + charset => 'utf8', + } + } + + if hiera('CONFIG_SAHARA_INSTALL') == 'y' { + class { '::sahara::db::mysql': + password => hiera('CONFIG_SAHARA_DB_PW'), + host => '%', + allowed_hosts => '%', + } + + } + + if hiera('CONFIG_TROVE_INSTALL') == 'y' { + class { '::trove::db::mysql': + password => hiera('CONFIG_TROVE_DB_PW'), + host => '%', + allowed_hosts => '%', + charset => 'utf8', + } + } + +} diff --git a/packstack/puppet/modules/packstack/manifests/mariadb/services_remote.pp b/packstack/puppet/modules/packstack/manifests/mariadb/services_remote.pp new file mode 100644 index 000000000..08de32ad2 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/mariadb/services_remote.pp @@ -0,0 +1,342 @@ +class packstack::mariadb::services_remote () { + remote_database { 'keystone': + ensure => 'present', + charset => 'utf8', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + } + + $mariadb_keystone_noinstall_db_pw = hiera('CONFIG_KEYSTONE_DB_PW') + + remote_database_user { 'keystone_admin@%': + password_hash => mysql_password($mariadb_keystone_noinstall_db_pw), + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database['keystone'], + } + + remote_database_grant { 'keystone_admin@%/keystone': + privileges => 'all', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database_user['keystone_admin@%'], + } + + if hiera('CONFIG_CINDER_INSTALL') == 'y' { + remote_database { 'cinder': + ensure => 'present', + charset => 'utf8', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + } + + $mariadb_cinder_noinstall_db_pw = hiera('CONFIG_CINDER_DB_PW') + + remote_database_user { 'cinder@%': + password_hash => mysql_password($mariadb_cinder_noinstall_db_pw), + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database['cinder'], + } + + remote_database_grant { 'cinder@%/cinder': + privileges => 'all', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database_user['cinder@%'], + } + } + + if hiera('CONFIG_GLANCE_INSTALL') == 'y' { + remote_database { 'glance': + ensure => 'present', + charset => 'utf8', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + } + + $mariadb_glance_noinstall_db_pw = hiera('CONFIG_GLANCE_DB_PW') + + remote_database_user { 'glance@%': + password_hash => mysql_password($mariadb_glance_noinstall_db_pw), + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database['glance'], + } + + remote_database_grant { 'glance@%/glance': + privileges => 'all', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database_user['glance@%'], + } + } + + if hiera('CONFIG_GNOCCHI_INSTALL') == 'y' and + remote_database { 'gnocchi': + ensure => 'present', + charset => 'utf8', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + } + + $gnocchi_cfg_db_pw = hiera('CONFIG_GNOCCHI_DB_PW') + + remote_database_user { 'gnocchi@%': + password_hash => mysql_password($gnocchi_cfg_db_pw), + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database['gnocchi'], + } + + remote_database_grant { 'gnocchi@%/gnocchi': + privileges => 'all', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database_user['gnocchi@%'], + } + } + + if hiera('CONFIG_HEAT_INSTALL') == 'y' { + remote_database { 'heat': + ensure => 'present', + charset => 'utf8', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + } + + $mariadb_heat_noinstall_db_pw = hiera('CONFIG_HEAT_DB_PW') + + remote_database_user { 'heat@%': + password_hash => mysql_password($mariadb_heat_noinstall_db_pw), + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database['heat'], + } + + remote_database_grant { 'heat@%/heat': + privileges => 'all', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database_user['heat@%'], + } + } + + if hiera('CONFIG_IRONIC_INSTALL') == 'y' { + remote_database { 'ironic': + ensure => 'present', + charset => 'utf8', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + } + + $mariadb_ironic_noinstall_db_pw = hiera('CONFIG_IRONIC_DB_PW') + + remote_database_user { 'ironic@%': + password_hash => mysql_password($mariadb_ironic_noinstall_db_pw), + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database['ironic'], + } + + remote_database_grant { 'ironic@%/ironic': + privileges => 'all', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database_user['ironic@%'], + } + } + + if hiera('CONFIG_MANILA_INSTALL') == 'y' { + remote_database { 'manila': + ensure => 'present', + charset => 'utf8', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + } + + $mariadb_manila_noinstall_db_pw = hiera('CONFIG_MANILA_DB_PW') + + remote_database_user { 'manila@%': + password_hash => mysql_password($mariadb_manila_noinstall_db_pw), + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database['manila'], + } + + remote_database_grant { 'manila@%/manila': + privileges => 'all', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database_user['manila@%'], + } + } + + if hiera('CONFIG_NEUTRON_INSTALL') == 'y' { + $mariadb_neutron_noinstall_db_pw = hiera('CONFIG_NEUTRON_DB_PW') + $mariadb_neutron_noinstall_l2_dbname = hiera('CONFIG_NEUTRON_L2_DBNAME') + + remote_database { $mariadb_neutron_noinstall_l2_dbname: + ensure => present, + charset => 'utf8', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + } + + remote_database_user { 'neutron@%': + password_hash => mysql_password($mariadb_neutron_noinstall_db_pw), + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database[$mariadb_neutron_noinstall_l2_dbname], + } + + remote_database_grant { "neutron@%/${mariadb_neutron_noinstall_l2_dbname}": + privileges => 'all', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database_user['neutron@%'], + } + } + + if hiera('CONFIG_NOVA_INSTALL') == 'y' { + remote_database { 'nova': + ensure => 'present', + charset => 'utf8', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + } + + $mariadb_nova_noinstall_db_pw = hiera('CONFIG_NOVA_DB_PW') + + remote_database_user { 'nova@%': + password_hash => mysql_password($mariadb_nova_noinstall_db_pw), + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database['nova'], + } + + remote_database_grant { 'nova@%/nova': + privileges => 'all', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database_user['nova@%'], + } + } + + if hiera('CONFIG_SAHARA_INSTALL') == 'y' { + remote_database { 'sahara': + ensure => 'present', + charset => 'utf8', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + } + + $sahara_cfg_sahara_db_pw = hiera('CONFIG_SAHARA_DB_PW') + + remote_database_user { 'sahara@%': + password_hash => mysql_password($sahara_cfg_sahara_db_pw), + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database['sahara'], + } + + remote_database_grant { 'sahara@%/sahara': + privileges => 'all', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database_user['sahara@%'], + } + } + + if hiera('CONFIG_TROVE_INSTALL') == 'y' { + remote_database { 'trove': + ensure => 'present', + charset => 'utf8', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + } + + $trove_cfg_trove_db_pw = hiera('CONFIG_TROVE_DB_PW') + + remote_database_user { 'trove@%': + password_hash => mysql_password($trove_cfg_trove_db_pw), + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database['trove'], + } + + remote_database_grant { 'trove@%/trove': + privileges => 'all', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database_user['trove@%'], + } + } + +} diff --git a/packstack/puppet/modules/packstack/manifests/memcached.pp b/packstack/puppet/modules/packstack/manifests/memcached.pp new file mode 100644 index 000000000..1a7ff43fa --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/memcached.pp @@ -0,0 +1,15 @@ +class packstack::memcached () +{ + # hack for memcached, for now we bind to localhost on ipv6 + # https://bugzilla.redhat.com/show_bug.cgi?id=1210658 + $memcached_bind_host = hiera('CONFIG_IP_VERSION') ? { + 'ipv6' => 'localhost6', + default => '0.0.0.0', + # TO-DO(mmagr): Add IPv6 support when hostnames are used + } + + class { '::memcached': + listen_ip => $memcached_bind_host, + max_memory => '10%', + } +} diff --git a/packstack/puppet/modules/packstack/manifests/mongodb.pp b/packstack/puppet/modules/packstack/manifests/mongodb.pp new file mode 100644 index 000000000..8f59d8f52 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/mongodb.pp @@ -0,0 +1,26 @@ +class packstack::mongodb () +{ + create_resources(packstack::firewall, hiera('FIREWALL_MONGODB_RULES', {})) + $mongodb_host = hiera('CONFIG_MONGODB_HOST') + + # The MongoDB config files differ between versions + if (($::operatingsystem == 'fedora' and versioncmp($::operatingsystemrelease, '22') >= 0) + or + ($::operatingsystem != 'fedora' and versioncmp($::operatingsystemrelease, '7.0') >= 0) + ){ + $config_file = '/etc/mongod.conf' + } else { + $config_file = '/etc/mongodb.conf' + } + + class { '::mongodb::server': + ipv6 => hiera('CONFIG_IP_VERSION') ? { + 'ipv6' => true, + default => false, + # TO-DO(mmagr): Add IPv6 support when hostnames are used + }, + smallfiles => true, + bind_ip => force_ip($mongodb_host), + config => $config_file, + } +} diff --git a/packstack/puppet/modules/packstack/manifests/nagios/nrpe.pp b/packstack/puppet/modules/packstack/manifests/nagios/nrpe.pp new file mode 100644 index 000000000..238f3c19b --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/nagios/nrpe.pp @@ -0,0 +1,40 @@ +class packstack::nagios::nrpe () +{ + create_resources(packstack::firewall, hiera('FIREWALL_NAGIOS_NRPE_RULES', {})) + $nagios_configs_cfg_ctrl_host = hiera('CONFIG_CONTROLLER_HOST') + package{ 'nrpe': + ensure => present, + } -> + file{ '/etc/nagios/nrpe.cfg': + ensure => file, + mode => '0644', + owner => 'nagios', + group => 'nagios', + require => Package['nrpe'], + } -> + file_line{'allowed_hosts': + path => '/etc/nagios/nrpe.cfg', + match => 'allowed_hosts=', + line => "allowed_hosts=${nagios_configs_cfg_ctrl_host}", + } -> + + # 5 minute load average + file_line{'load5': + path => '/etc/nagios/nrpe.cfg', + match => 'command\[load5\]=', + line => 'command[load5]=cut /proc/loadavg -f 1 -d " "', + } -> + + # disk used on /var + file_line{'df_var': + path => '/etc/nagios/nrpe.cfg', + match => "command\[df_var\]=", + line => "command[df_var]=df /var/ | sed -re 's/.* ([0-9]+)%.*/\\1/' | grep -E '^[0-9]'", + } -> + + service{'nrpe': + ensure => running, + enable => true, + hasstatus => true, + } +} diff --git a/packstack/puppet/modules/packstack/manifests/nagios/server.pp b/packstack/puppet/modules/packstack/manifests/nagios/server.pp new file mode 100644 index 000000000..2043a92ce --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/nagios/server.pp @@ -0,0 +1,80 @@ +class packstack::nagios::server () +{ + $nagios_cfg_ks_adm_pw = hiera('CONFIG_KEYSTONE_ADMIN_PW') + $nagios_cfg_keystone_url = hiera('CONFIG_KEYSTONE_ADMIN_URL') + $keystone_admin_username = hiera('CONFIG_KEYSTONE_ADMIN_USERNAME') + + package { ['nagios', 'nagios-plugins-nrpe']: + ensure => present, + } -> + class { 'packstack::nagios_config_wrapper': + nagios_hosts => hiera('CONFIG_NAGIOS_NODES'), + nagios_openstack_services => hiera('CONFIG_NAGIOS_SERVICES'), + controller_host => hiera('CONFIG_CONTROLLER_HOST'), + require => Package['nagios'], + notify => [Service['nagios'], Service['httpd']], + } -> + # We need to preferably install nagios-plugins-ping + exec { 'nagios-plugins-ping': + path => '/usr/bin', + command => 'yum install -y -d 0 -e 0 monitoring-plugins-ping', + onlyif => 'yum install -y -d 0 -e 0 nagios-plugins-ping &> /dev/null && exit 1 || exit 0', + } -> + + file { ['/etc/nagios/nagios_command.cfg', '/etc/nagios/nagios_host.cfg', '/etc/nagios/nagios_service.cfg']: + ensure => file, + mode => '0644', + owner => 'nagios', + group => 'nagios', + } -> + # Remove the entry for localhost, it contains services we're not + # monitoring + file { ['/etc/nagios/objects/localhost.cfg']: + ensure => file, + content => '', + } -> + file_line { 'nagios_host': + path => '/etc/nagios/nagios.cfg', + line => 'cfg_file=/etc/nagios/nagios_host.cfg', + } -> + file_line { 'nagios_command': + path => '/etc/nagios/nagios.cfg', + line => 'cfg_file=/etc/nagios/nagios_command.cfg', + } -> + file_line { 'nagios_service': + path => '/etc/nagios/nagios.cfg', + line => 'cfg_file=/etc/nagios/nagios_service.cfg', + } -> + + file { '/etc/nagios/keystonerc_admin': + ensure => file, + owner => 'nagios', + mode => '0600', + content => "export OS_USERNAME=${keystone_admin_username} +export OS_TENANT_NAME=admin +export OS_PASSWORD=${nagios_cfg_ks_adm_pw} +export OS_AUTH_URL=${nagios_cfg_keystone_url}", + } + + $cfg_nagios_pw = hiera('CONFIG_NAGIOS_PW') + + exec { 'nagiospasswd': + command => "/usr/bin/htpasswd -b /etc/nagios/passwd nagiosadmin ${cfg_nagios_pw}", + require => Package['nagios'], + before => Service['nagios'], + } + + class { '::apache::mod::php': } + + service { ['nagios']: + ensure => running, + enable => true, + hasstatus => true, + } + + firewall { '001 nagios incoming': + proto => 'tcp', + dport => ['80'], + action => 'accept', + } +} diff --git a/packstack/puppet/modules/packstack/manifests/neutron.pp b/packstack/puppet/modules/packstack/manifests/neutron.pp new file mode 100644 index 000000000..3070baf82 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/neutron.pp @@ -0,0 +1,9 @@ +class packstack::neutron () +{ + $neutron_db_host = hiera('CONFIG_MARIADB_HOST_URL') + $neutron_db_name = hiera('CONFIG_NEUTRON_L2_DBNAME') + $neutron_db_user = 'neutron' + $neutron_db_password = hiera('CONFIG_NEUTRON_DB_PW') + $neutron_sql_connection = "mysql+pymysql://${neutron_db_user}:${neutron_db_password}@${neutron_db_host}/${neutron_db_name}" + $neutron_user_password = hiera('CONFIG_NEUTRON_KS_PW') +} diff --git a/packstack/puppet/modules/packstack/manifests/neutron/api.pp b/packstack/puppet/modules/packstack/manifests/neutron/api.pp new file mode 100644 index 000000000..b87ceb930 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/neutron/api.pp @@ -0,0 +1,53 @@ +class packstack::neutron::api () +{ + create_resources(packstack::firewall, hiera('FIREWALL_NEUTRON_SERVER_RULES', {})) + + $neutron_db_host = hiera('CONFIG_MARIADB_HOST_URL') + $neutron_db_name = hiera('CONFIG_NEUTRON_L2_DBNAME') + $neutron_db_user = 'neutron' + $neutron_db_password = hiera('CONFIG_NEUTRON_DB_PW') + $neutron_sql_connection = "mysql+pymysql://${neutron_db_user}:${neutron_db_password}@${neutron_db_host}/${neutron_db_name}" + $neutron_user_password = hiera('CONFIG_NEUTRON_KS_PW') + + class { '::neutron::server': + database_connection => $neutron_sql_connection, + auth_password => $neutron_user_password, + auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), + identity_uri => hiera('CONFIG_KEYSTONE_ADMIN_URL'), + sync_db => true, + enabled => true, + api_workers => hiera('CONFIG_SERVICE_WORKERS'), + rpc_workers => hiera('CONFIG_SERVICE_WORKERS'), + service_providers => hiera_array('SERVICE_PROVIDERS'), + } + + # TODO: FIXME: remove this hack after upstream resolves https://bugs.launchpad.net/puppet-neutron/+bug/1474961 + if hiera('CONFIG_NEUTRON_VPNAAS') == 'y' { + ensure_resource( 'package', 'neutron-vpnaas-agent', { + name => 'openstack-neutron-vpnaas', + tag => ['openstack', 'neutron-package'], + }) + Package['neutron-vpnaas-agent'] ~> Service<| tag == 'neutron-service' |> + } + if hiera('CONFIG_NEUTRON_FWAAS') == 'y' { + ensure_resource( 'package', 'neutron-fwaas', { + 'name' => 'openstack-neutron-fwaas', + 'tag' => 'openstack' + }) + Package['neutron-fwaas'] ~> Service<| tag == 'neutron-service' |> + } + if hiera('CONFIG_LBAAS_INSTALL') == 'y' { + ensure_resource( 'package', 'neutron-lbaas-agent', { + name => 'openstack-neutron-lbaas', + tag => ['openstack', 'neutron-package'], + }) + Package['neutron-lbaas-agent'] ~> Service<| tag == 'neutron-service' |> + } + + file { '/etc/neutron/api-paste.ini': + ensure => file, + mode => '0640', + } + + Class['::neutron::server'] -> File['/etc/neutron/api-paste.ini'] +} diff --git a/packstack/puppet/modules/packstack/manifests/neutron/dhcp.pp b/packstack/puppet/modules/packstack/manifests/neutron/dhcp.pp new file mode 100644 index 000000000..a23e52190 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/neutron/dhcp.pp @@ -0,0 +1,10 @@ +class packstack::neutron::dhcp () +{ + create_resources(packstack::firewall, hiera('FIREWALL_NEUTRON_DHCPIN_RULES', {})) + create_resources(packstack::firewall, hiera('FIREWALL_NEUTRON_DHCPOUT_RULES', {})) + + class { '::neutron::agents::dhcp': + interface_driver => hiera('CONFIG_NEUTRON_DHCP_INTERFACE_DRIVER'), + debug => hiera('CONFIG_DEBUG_MODE'), + } +} diff --git a/packstack/puppet/modules/packstack/manifests/neutron/fwaas.pp b/packstack/puppet/modules/packstack/manifests/neutron/fwaas.pp new file mode 100644 index 000000000..09bb3cd88 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/neutron/fwaas.pp @@ -0,0 +1,7 @@ +class packstack::neutron::fwaas () +{ + class { '::neutron::services::fwaas': + enabled => true, + driver => 'neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver', + } +} diff --git a/packstack/puppet/modules/packstack/manifests/neutron/l3.pp b/packstack/puppet/modules/packstack/manifests/neutron/l3.pp new file mode 100644 index 000000000..03ccb9aeb --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/neutron/l3.pp @@ -0,0 +1,23 @@ +class packstack::neutron::l3 () +{ + $start_l3_agent = hiera('CONFIG_NEUTRON_VPNAAS') ? { + 'y' => false, + default => true + } + + class { '::neutron::agents::l3': + interface_driver => hiera('CONFIG_NEUTRON_L3_INTERFACE_DRIVER'), + external_network_bridge => hiera('CONFIG_NEUTRON_L3_EXT_BRIDGE'), + manage_service => $start_l3_agent, + enabled => $start_l3_agent, + debug => hiera('CONFIG_DEBUG_MODE'), + } + + if defined(Class['neutron::services::fwaas']) { + Class['neutron::services::fwaas'] -> Class['neutron::agents::l3'] + } + + sysctl::value { 'net.ipv4.ip_forward': + value => '1', + } +} diff --git a/packstack/puppet/modules/packstack/manifests/neutron/lb_agent.pp b/packstack/puppet/modules/packstack/manifests/neutron/lb_agent.pp new file mode 100644 index 000000000..d22414fa9 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/neutron/lb_agent.pp @@ -0,0 +1,14 @@ +class packstack::neutron::lb_agent () +{ + $neutron_lb_interface_mappings = hiera_array('CONFIG_NEUTRON_LB_INTERFACE_MAPPINGS') + + $use_subnets_value = hiera('CONFIG_USE_SUBNETS') + $use_subnets = $use_subnets_value ? { + 'y' => true, + default => false, + } + + class { '::neutron::agents::ml2::linuxbridge': + physical_interface_mappings => force_interface($neutron_lb_interface_mappings, $use_subnets), + } +} diff --git a/packstack/puppet/modules/packstack/manifests/neutron/lbaas.pp b/packstack/puppet/modules/packstack/manifests/neutron/lbaas.pp new file mode 100644 index 000000000..686e39cdf --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/neutron/lbaas.pp @@ -0,0 +1,13 @@ +class packstack::neutron::lbaas () +{ + class { '::neutron::agents::lbaas': + interface_driver => hiera('CONFIG_NEUTRON_LBAAS_INTERFACE_DRIVER'), + device_driver => 'neutron.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver', + user_group => 'haproxy', + debug => hiera('CONFIG_DEBUG_MODE'), + } + + class {'::neutron::services::lbaas': + service_providers => 'LOADBALANCER:Haproxy:neutron_lbaas.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default', + } +} diff --git a/packstack/puppet/modules/packstack/manifests/neutron/metadata.pp b/packstack/puppet/modules/packstack/manifests/neutron/metadata.pp new file mode 100644 index 000000000..8928e4cf8 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/neutron/metadata.pp @@ -0,0 +1,9 @@ +class packstack::neutron::metadata () +{ + class { '::neutron::agents::metadata': + shared_secret => hiera('CONFIG_NEUTRON_METADATA_PW'), + metadata_ip => force_ip(hiera('CONFIG_KEYSTONE_HOST_URL')), + debug => hiera('CONFIG_DEBUG_MODE'), + metadata_workers => hiera('CONFIG_SERVICE_WORKERS'), + } +} diff --git a/packstack/puppet/modules/packstack/manifests/neutron/metering.pp b/packstack/puppet/modules/packstack/manifests/neutron/metering.pp new file mode 100644 index 000000000..359ae7c14 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/neutron/metering.pp @@ -0,0 +1,7 @@ +class packstack::neutron::metering () +{ + class { '::neutron::agents::metering': + interface_driver => hiera('CONFIG_NEUTRON_METERING_IFCE_DRIVER'), + debug => hiera('CONFIG_DEBUG_MODE'), + } +} diff --git a/packstack/puppet/modules/packstack/manifests/neutron/ml2.pp b/packstack/puppet/modules/packstack/manifests/neutron/ml2.pp new file mode 100644 index 000000000..5339878b8 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/neutron/ml2.pp @@ -0,0 +1,31 @@ +class packstack::neutron::ml2 () +{ + if hiera('CONFIG_NEUTRON_ML2_VXLAN_GROUP') == '' { + $vxlan_group_value = undef + } else { + $vxlan_group_value = hiera('CONFIG_NEUTRON_ML2_VXLAN_GROUP') + } + + class { '::neutron::plugins::ml2': + type_drivers => hiera_array('CONFIG_NEUTRON_ML2_TYPE_DRIVERS'), + tenant_network_types => hiera_array('CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES'), + mechanism_drivers => hiera_array('CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS'), + flat_networks => hiera_array('CONFIG_NEUTRON_ML2_FLAT_NETWORKS'), + network_vlan_ranges => hiera_array('CONFIG_NEUTRON_ML2_VLAN_RANGES'), + tunnel_id_ranges => hiera_array('CONFIG_NEUTRON_ML2_TUNNEL_ID_RANGES'), + vxlan_group => $vxlan_group_value, + vni_ranges => hiera_array('CONFIG_NEUTRON_ML2_VNI_RANGES'), + enable_security_group => true, + firewall_driver => hiera('FIREWALL_DRIVER'), + supported_pci_vendor_devs => hiera_array('CONFIG_NEUTRON_ML2_SUPPORTED_PCI_VENDOR_DEVS'), + sriov_agent_required => hiera('CONFIG_NEUTRON_ML2_SRIOV_AGENT_REQUIRED'), + } + + # For cases where "neutron-db-manage upgrade" command is called + # we need to fill config file first + if defined(Exec['neutron-db-manage upgrade']) { + Neutron_plugin_ml2<||> -> + File['/etc/neutron/plugin.ini'] -> + Exec['neutron-db-manage upgrade'] + } +} diff --git a/packstack/puppet/modules/packstack/manifests/neutron/notifications.pp b/packstack/puppet/modules/packstack/manifests/neutron/notifications.pp new file mode 100644 index 000000000..792d6124a --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/neutron/notifications.pp @@ -0,0 +1,14 @@ +class packstack::neutron::notifications () +{ + $neutron_notif_cfg_ctrl_host = hiera('CONFIG_KEYSTONE_HOST_URL') + + # Configure nova notifications system + class { '::neutron::server::notifications': + username => 'nova', + password => hiera('CONFIG_NOVA_KS_PW'), + tenant_name => 'services', + nova_url => "http://${neutron_notif_cfg_ctrl_host}:8774/v2", + auth_url => hiera('CONFIG_KEYSTONE_ADMIN_URL'), + region_name => hiera('CONFIG_KEYSTONE_REGION'), + } +} diff --git a/packstack/puppet/modules/packstack/manifests/neutron/ovs_agent.pp b/packstack/puppet/modules/packstack/manifests/neutron/ovs_agent.pp new file mode 100644 index 000000000..cddb41d2a --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/neutron/ovs_agent.pp @@ -0,0 +1,55 @@ +class packstack::neutron::ovs_agent () +{ + $my_ip = choose_my_ip(hiera('HOST_LIST')) + $neutron_tunnel_rule_name = "FIREWALL_NEUTRON_TUNNEL_RULES_${my_ip}" + create_resources(packstack::firewall, hiera($neutron_tunnel_rule_name, {})) + + $neutron_ovs_tunnel_if = hiera('CONFIG_NEUTRON_OVS_TUNNEL_IF', undef) + + $use_subnets_value = hiera('CONFIG_USE_SUBNETS') + $use_subnets = $use_subnets_value ? { + 'y' => true, + default => false, + } + + if $neutron_ovs_tunnel_if { + $ovs_agent_vxlan_cfg_neut_ovs_tun_if = force_interface($neutron_ovs_tunnel_if, $use_subnets) + } else { + $ovs_agent_vxlan_cfg_neut_ovs_tun_if = undef + } + + if $ovs_agent_vxlan_cfg_neut_ovs_tun_if != '' { + $iface = regsubst($ovs_agent_vxlan_cfg_neut_ovs_tun_if, '[\.\-\:]', '_', 'G') + $localip = inline_template("<%= scope.lookupvar('::ipaddress_${iface}') %>") + } else { + $localip = choose_my_ip(hiera('HOST_LIST')) + } + + $network_hosts = split(hiera('CONFIG_NETWORK_HOSTS'),',') + if member($network_hosts, choose_my_ip(hiera('HOST_LIST'))) { + $bridge_ifaces_param = 'CONFIG_NEUTRON_OVS_BRIDGE_IFACES' + $bridge_mappings_param = 'CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS' + } else { + $bridge_ifaces_param = 'CONFIG_NEUTRON_OVS_BRIDGE_IFACES_COMPUTE' + $bridge_mappings_param = 'CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS_COMPUTE' + } + + if hiera('CREATE_BRIDGES') == 'y' { + $bridge_uplinks = hiera_array($bridge_ifaces_param) + $bridge_mappings = hiera_array($bridge_mappings_param) + } else { + $bridge_uplinks = [] + $bridge_mappings = [] + } + + class { '::neutron::agents::ml2::ovs': + bridge_uplinks => $bridge_uplinks, + bridge_mappings => $bridge_mappings, + enable_tunneling => hiera('CONFIG_NEUTRON_OVS_TUNNELING'), + tunnel_types => hiera_array('CONFIG_NEUTRON_OVS_TUNNEL_TYPES'), + local_ip => force_ip($localip), + vxlan_udp_port => hiera('CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT',undef), + l2_population => hiera('CONFIG_NEUTRON_USE_L2POPULATION'), + firewall_driver => hiera('FIREWALL_DRIVER'), + } +} diff --git a/packstack/puppet/modules/packstack/manifests/neutron/ovs_bridge.pp b/packstack/puppet/modules/packstack/manifests/neutron/ovs_bridge.pp new file mode 100644 index 000000000..c00297732 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/neutron/ovs_bridge.pp @@ -0,0 +1,11 @@ +class packstack::neutron::ovs_bridge () +{ + $agent_service = 'neutron-ovs-agent-service' + + $config_neutron_ovs_bridge = hiera('CONFIG_NEUTRON_OVS_BRIDGE') + + vs_bridge { $config_neutron_ovs_bridge: + ensure => present, + require => Service[$agent_service], + } +} diff --git a/packstack/puppet/modules/packstack/manifests/neutron/rabbitmq.pp b/packstack/puppet/modules/packstack/manifests/neutron/rabbitmq.pp new file mode 100644 index 000000000..ba37c4ed2 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/neutron/rabbitmq.pp @@ -0,0 +1,40 @@ +class packstack::neutron::rabbitmq () +{ + $bind_host = hiera('CONFIG_IP_VERSION') ? { + 'ipv6' => '::0', + default => '0.0.0.0', + # TO-DO(mmagr): Add IPv6 support when hostnames are used + } + + $kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', undef) + $kombu_ssl_keyfile = hiera('CONFIG_NEUTRON_SSL_KEY', undef) + $kombu_ssl_certfile = hiera('CONFIG_NEUTRON_SSL_CERT', undef) + + if $kombu_ssl_keyfile { + $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] + file { $files_to_set_owner: + owner => 'neutron', + group => 'neutron', + require => Package['openstack-neutron'], + } + File[$files_to_set_owner] ~> Service<| tag == 'neutron-service' |> + } + + + class { '::neutron': + bind_host => $bind_host, + rabbit_host => hiera('CONFIG_AMQP_HOST_URL'), + rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), + rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'), + rabbit_user => hiera('CONFIG_AMQP_AUTH_USER'), + rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), + core_plugin => hiera('CONFIG_NEUTRON_CORE_PLUGIN'), + allow_overlapping_ips => true, + service_plugins => hiera_array('SERVICE_PLUGINS'), + verbose => true, + debug => hiera('CONFIG_DEBUG_MODE'), + kombu_ssl_ca_certs => $kombu_ssl_ca_certs, + kombu_ssl_keyfile => $kombu_ssl_keyfile, + kombu_ssl_certfile => $kombu_ssl_certfile, + } +} diff --git a/packstack/puppet/modules/packstack/manifests/neutron/sriov.pp b/packstack/puppet/modules/packstack/manifests/neutron/sriov.pp new file mode 100644 index 000000000..05f82fe6f --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/neutron/sriov.pp @@ -0,0 +1,6 @@ +class packstack::neutron::sriov () +{ + class { 'neutron::agents::ml2::sriov' : + physical_device_mappings => hiera_array('CONFIG_NEUTRON_ML2_SRIOV_INTERFACE_MAPPINGS'), + } +} diff --git a/packstack/puppet/modules/packstack/manifests/neutron/vpnaas.pp b/packstack/puppet/modules/packstack/manifests/neutron/vpnaas.pp new file mode 100644 index 000000000..4300b50b2 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/neutron/vpnaas.pp @@ -0,0 +1,11 @@ +class packstack::neutron::vpnaas () +{ + class { '::neutron::agents::vpnaas': + enabled => true, + vpn_device_driver => 'neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver', + } -> + class { '::neutron::services::vpnaas': + service_providers => 'VPN:libreswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default', + notify => Service['neutron-server'], + } +} diff --git a/packstack/puppet/modules/packstack/manifests/nova.pp b/packstack/puppet/modules/packstack/manifests/nova.pp new file mode 100644 index 000000000..045965883 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/nova.pp @@ -0,0 +1,58 @@ +class packstack::nova () +{ + $nova_db_pw = hiera('CONFIG_NOVA_DB_PW') + $nova_mariadb_host = hiera('CONFIG_MARIADB_HOST_URL') + + $private_key = { + 'type' => hiera('NOVA_MIGRATION_KEY_TYPE'), + key => hiera('NOVA_MIGRATION_KEY_SECRET'), + } + $public_key = { + 'type' => hiera('NOVA_MIGRATION_KEY_TYPE'), + key => hiera('NOVA_MIGRATION_KEY_PUBLIC'), + } + + + $kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', undef) + $kombu_ssl_keyfile = hiera('CONFIG_NOVA_SSL_KEY', undef) + $kombu_ssl_certfile = hiera('CONFIG_NOVA_SSL_CERT', undef) + + if $kombu_ssl_keyfile { + $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] + file { $files_to_set_owner: + owner => 'nova', + group => 'nova', + require => Package['nova-common'], + } + File[$files_to_set_owner] ~> Service<| tag == 'nova-service' |> + } + + $nova_common_rabbitmq_cfg_storage_host = hiera('CONFIG_STORAGE_HOST_URL') + if hiera('CONFIG_CEILOMETER_INSTALL') == 'y' { + $nova_common_notification_driver = 'messagingv2' + $notify_on_state_change = 'vm_and_task_state' + } else { + $nova_common_notification_driver = undef + $notify_on_state_change = undef + } + + class { '::nova': + glance_api_servers => "${nova_common_rabbitmq_cfg_storage_host}:9292", + rabbit_host => hiera('CONFIG_AMQP_HOST_URL'), + rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), + rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'), + rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'), + rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), + verbose => true, + debug => hiera('CONFIG_DEBUG_MODE'), + nova_public_key => $public_key, + nova_private_key => $private_key, + kombu_ssl_ca_certs => $kombu_ssl_ca_certs, + kombu_ssl_keyfile => $kombu_ssl_keyfile, + kombu_ssl_certfile => $kombu_ssl_certfile, + notification_driver => $nova_common_notification_driver, + notify_on_state_change => $notify_on_state_change, + database_connection => "mysql+pymysql://nova:${nova_db_pw}@${nova_mariadb_host}/nova", + api_database_connection => "mysql+pymysql://nova_api:${nova_db_pw}@${nova_mariadb_host}/nova_api", + } +} diff --git a/packstack/puppet/modules/packstack/manifests/nova/api.pp b/packstack/puppet/modules/packstack/manifests/nova/api.pp new file mode 100644 index 000000000..851271a17 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/nova/api.pp @@ -0,0 +1,97 @@ +class packstack::nova::api () +{ + create_resources(packstack::firewall, hiera('FIREWALL_NOVA_API_RULES', {})) + + require 'keystone::python' + $bind_host = hiera('CONFIG_IP_VERSION') ? { + 'ipv6' => '::0', + default => '0.0.0.0', + # TO-DO(mmagr): Add IPv6 support when hostnames are used + } + + $config_use_neutron = hiera('CONFIG_NEUTRON_INSTALL') + if $config_use_neutron == 'y' { + $default_floating_pool = 'public' + } else { + $default_floating_pool = 'nova' + } + + $auth_uri = hiera('CONFIG_KEYSTONE_PUBLIC_URL') + $admin_password = hiera('CONFIG_NOVA_KS_PW') + + class { '::nova::api': + api_bind_address => $bind_host, + metadata_listen => $bind_host, + enabled => true, + auth_uri => $auth_uri, + identity_uri => hiera('CONFIG_KEYSTONE_ADMIN_URL'), + admin_password => $admin_password, + neutron_metadata_proxy_shared_secret => hiera('CONFIG_NEUTRON_METADATA_PW_UNQUOTED', undef), + default_floating_pool => $default_floating_pool, + pci_alias => hiera('CONFIG_NOVA_PCI_ALIAS'), + sync_db_api => true, + osapi_compute_workers => hiera('CONFIG_SERVICE_WORKERS'), + metadata_workers => hiera('CONFIG_SERVICE_WORKERS'), + } + + Package<| title == 'nova-common' |> -> Class['nova::api'] + + $db_purge = hiera('CONFIG_NOVA_DB_PURGE_ENABLE') + if $db_purge { + class { '::nova::cron::archive_deleted_rows': + hour => '*/12', + destination => '/dev/null', + } + } + + $manage_flavors = str2bool(hiera('CONFIG_NOVA_MANAGE_FLAVORS')) + if $manage_flavors { + Class['::nova::api'] -> Nova_flavor<||> + Class['::keystone'] -> Nova_flavor<||> + + nova_flavor { 'm1.tiny': + ensure => present, + id => '1', + ram => '512', + disk => '1', + vcpus => '1', + require => [ Class['::nova::api'], Class['::nova::keystone::auth'] ], + } + + nova_flavor { 'm1.small': + ensure => present, + id => '2', + ram => '2048', + disk => '20', + vcpus => '1', + require => [ Class['::nova::api'], Class['::nova::keystone::auth'] ], + } + + nova_flavor { 'm1.medium': + ensure => present, + id => '3', + ram => '4096', + disk => '40', + vcpus => '2', + require => [ Class['::nova::api'], Class['::nova::keystone::auth'] ], + } + + nova_flavor { 'm1.large': + ensure => present, + id => '4', + ram => '8192', + disk => '80', + vcpus => '4', + require => [ Class['::nova::api'], Class['::nova::keystone::auth'] ], + } + + nova_flavor { 'm1.xlarge': + ensure => present, + id => '5', + ram => '16384', + disk => '160', + vcpus => '8', + require => [ Class['::nova::api'], Class['::nova::keystone::auth'] ], + } + } +} diff --git a/packstack/puppet/modules/packstack/manifests/nova/ceilometer.pp b/packstack/puppet/modules/packstack/manifests/nova/ceilometer.pp new file mode 100644 index 000000000..dc704d278 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/nova/ceilometer.pp @@ -0,0 +1,10 @@ +class packstack::nova::ceilometer () +{ + class { '::ceilometer::agent::auth': + auth_url => hiera('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), + auth_password => hiera('CONFIG_CEILOMETER_KS_PW'), + auth_region => hiera('CONFIG_KEYSTONE_REGION'), + } + + class { '::ceilometer::agent::compute': } +} diff --git a/packstack/puppet/modules/packstack/manifests/nova/ceilometer/rabbitmq.pp b/packstack/puppet/modules/packstack/manifests/nova/ceilometer/rabbitmq.pp new file mode 100644 index 000000000..4d0724cf5 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/nova/ceilometer/rabbitmq.pp @@ -0,0 +1,32 @@ +class packstack::nova::ceilometer::rabbitmq () +{ + $ceilometer_kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', undef) + $ceilometer_kombu_ssl_keyfile = hiera('CONFIG_CEILOMETER_SSL_KEY', undef) + $ceilometer_kombu_ssl_certfile = hiera('CONFIG_CEILOMETER_SSL_CERT', undef) + + if $ceilometer_kombu_ssl_keyfile { + $ceilometer_files_to_set_owner = [ $ceilometer_kombu_ssl_keyfile, $ceilometer_kombu_ssl_certfile ] + file { $ceilometer_files_to_set_owner: + owner => 'ceilometer', + group => 'ceilometer', + require => Package['nova-common'], + } + File[$ceilometer_files_to_set_owner] ~> Service<| tag == 'ceilometer-service' |> + } + + class { '::ceilometer': + metering_secret => hiera('CONFIG_CEILOMETER_SECRET'), + rabbit_host => hiera('CONFIG_AMQP_HOST_URL'), + rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), + rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'), + rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'), + rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), + verbose => true, + debug => hiera('CONFIG_DEBUG_MODE'), + # for some strange reason ceilometer needs to be in nova group + require => Package['nova-common'], + kombu_ssl_ca_certs => $ceilometer_kombu_ssl_ca_certs, + kombu_ssl_keyfile => $ceilometer_kombu_ssl_keyfile, + kombu_ssl_certfile => $ceilometer_kombu_ssl_certfile, + } +} diff --git a/packstack/puppet/modules/packstack/manifests/nova/cert.pp b/packstack/puppet/modules/packstack/manifests/nova/cert.pp new file mode 100644 index 000000000..191d62f02 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/nova/cert.pp @@ -0,0 +1,6 @@ +class packstack::nova::cert () +{ + class { '::nova::cert': + enabled => true, + } +} diff --git a/packstack/puppet/modules/packstack/manifests/nova/common.pp b/packstack/puppet/modules/packstack/manifests/nova/common.pp new file mode 100644 index 000000000..1e9d5ee80 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/nova/common.pp @@ -0,0 +1,11 @@ +class packstack::nova::common () +{ + # Ensure Firewall changes happen before nova services start + # preventing a clash with rules being set by nova-compute and nova-network + Firewall <| |> -> Class['nova'] + + nova_config{ + # metadata_host has to be IP + 'DEFAULT/metadata_host': value => force_ip(hiera('CONFIG_CONTROLLER_HOST')); + } +} diff --git a/packstack/puppet/modules/packstack/manifests/nova/compute.pp b/packstack/puppet/modules/packstack/manifests/nova/compute.pp new file mode 100644 index 000000000..b6d36d871 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/nova/compute.pp @@ -0,0 +1,78 @@ +class packstack::nova::compute () +{ + $my_ip = choose_my_ip(hiera('HOST_LIST')) + $qemu_rule_name = "FIREWALL_NOVA_QEMU_MIG_RULES_${my_ip}" + create_resources(packstack::firewall, hiera($qemu_rule_name, {})) + create_resources(packstack::firewall, hiera('FIREWALL_NOVA_COMPUTE_RULES', {})) + + ensure_packages(['python-cinderclient'], {'ensure' => 'present'}) + Package['python-cinderclient'] -> Class['nova'] + + # Install the private key to be used for live migration. This needs to be + # configured into libvirt/live_migration_uri in nova.conf. + file { '/etc/nova/ssh': + ensure => directory, + owner => root, + group => root, + mode => '0700', + require => Package['nova-common'], + } + + file { '/etc/nova/ssh/nova_migration_key': + content => hiera('NOVA_MIGRATION_KEY_SECRET'), + mode => '0600', + owner => root, + group => root, + require => File['/etc/nova/ssh'], + } + + nova_config{ + 'DEFAULT/volume_api_class': + value => 'nova.volume.cinder.API'; + 'libvirt/live_migration_uri': + value => hiera('CONFIG_NOVA_COMPUTE_MIGRATE_URL'); + } + + if ($::fqdn == '' or $::fqdn =~ /localhost/) { + # For cases where FQDNs have not been correctly set + $vncproxy_server = choose_my_ip(hiera('HOST_LIST')) + } else { + $vncproxy_server = $::fqdn + } + + if hiera('CONFIG_CEILOMETER_INSTALL') == 'y' { + $instance_usage_audit = true + $instance_usage_audit_period = 'hour' + } else { + $instance_usage_audit = false + $instance_usage_audit_period = 'month' + } + + class { '::nova::compute': + enabled => true, + vncproxy_host => hiera('CONFIG_KEYSTONE_HOST_URL'), + vncproxy_protocol => hiera('CONFIG_VNCPROXY_PROTOCOL'), + vncserver_proxyclient_address => $vncproxy_server, + compute_manager => hiera('CONFIG_NOVA_COMPUTE_MANAGER'), + pci_passthrough => hiera('CONFIG_NOVA_PCI_PASSTHROUGH_WHITELIST'), + instance_usage_audit => $instance_usage_audit, + instance_usage_audit_period => $instance_usage_audit_period, + } + + # Tune the host with a virtual hosts profile + ensure_packages(['tuned'], {'ensure' => 'present'}) + + service { 'tuned': + ensure => running, + require => Package['tuned'], + } + + # tries/try_sleep to try and circumvent rhbz1320744 + exec { 'tuned-virtual-host': + unless => '/usr/sbin/tuned-adm active | /bin/grep virtual-host', + command => '/usr/sbin/tuned-adm profile virtual-host', + require => Service['tuned'], + tries => 3, + try_sleep => 5 + } +} diff --git a/packstack/puppet/modules/packstack/manifests/nova/compute/flat.pp b/packstack/puppet/modules/packstack/manifests/nova/compute/flat.pp new file mode 100644 index 000000000..90f924d63 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/nova/compute/flat.pp @@ -0,0 +1,14 @@ +class packstack::nova::compute::flat () +{ + $nova_compute_privif = hiera('CONFIG_NOVA_COMPUTE_PRIVIF') + + $use_subnets_value = hiera('CONFIG_USE_SUBNETS') + $use_subnets = $use_subnets_value ? { + 'y' => true, + default => false, + } + + nova_config { + 'DEFAULT/flat_interface': value => force_interface($nova_compute_privif, $use_subnets); + } +} diff --git a/packstack/puppet/modules/packstack/manifests/nova/compute/ironic.pp b/packstack/puppet/modules/packstack/manifests/nova/compute/ironic.pp new file mode 100644 index 000000000..327c38156 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/nova/compute/ironic.pp @@ -0,0 +1,14 @@ +class packstack::nova::compute::ironic () +{ + $ironic_config_controller_host = hiera('CONFIG_KEYSTONE_HOST_URL') + $ironic_config_keystone_admin = hiera('CONFIG_KEYSTONE_ADMIN_URL') + $ironic_config_keystone_version = hiera('CONFIG_KEYSTONE_API_VERSION') + + class { '::nova::compute::ironic': + admin_user => 'ironic', + admin_passwd => hiera('CONFIG_IRONIC_KS_PW'), + admin_url => "${ironic_config_keystone_admin}/${ironic_config_keystone_version}", + admin_tenant_name => 'services', + api_endpoint => "http://${ironic_config_controller_host}:6385/v1", + } +} diff --git a/packstack/puppet/modules/packstack/manifests/nova/compute/libvirt.pp b/packstack/puppet/modules/packstack/manifests/nova/compute/libvirt.pp new file mode 100644 index 000000000..891e6d989 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/nova/compute/libvirt.pp @@ -0,0 +1,83 @@ +class packstack::nova::compute::libvirt () +{ + Firewall <| |> -> Class['::nova::compute::libvirt'] + + # Ensure Firewall changes happen before libvirt service start + # preventing a clash with rules being set by libvirt + + if str2bool($::is_virtual) { + $libvirt_virt_type = 'qemu' + $libvirt_cpu_mode = 'none' + } else { + $libvirt_virt_type = 'kvm' + } + + # We need to preferably install qemu-kvm-rhev + exec { 'qemu-kvm': + path => '/usr/bin', + command => 'yum install -y -d 0 -e 0 qemu-kvm', + onlyif => 'yum install -y -d 0 -e 0 qemu-kvm-rhev &> /dev/null && exit 1 || exit 0', + before => Class['::nova::compute::libvirt'], + } -> + # chmod is workaround for https://bugzilla.redhat.com/show_bug.cgi?id=950436 + file { '/dev/kvm': + owner => 'root', + group => 'kvm', + mode => '666', + before => Class['::nova::compute::libvirt'], + } + + $libvirt_vnc_bind_host = hiera('CONFIG_IP_VERSION') ? { + 'ipv6' => '::0', + default => '0.0.0.0', + # TO-DO(mmagr): Add IPv6 support when hostnames are used + } + + class { '::nova::compute::libvirt': + libvirt_virt_type => $libvirt_virt_type, + libvirt_cpu_mode => $libvirt_cpu_mode, + vncserver_listen => $libvirt_vnc_bind_host, + migration_support => true, + libvirt_inject_partition => '-1', + } + + file_line { 'libvirt-guests': + path => '/etc/sysconfig/libvirt-guests', + line => 'ON_BOOT=ignore', + match => '^[\s#]*ON_BOOT=.*', + require => Class['::nova::compute::libvirt'], + } + + # Remove libvirt's default network (usually virbr0) as it's unnecessary and + # can be confusing + exec {'virsh-net-destroy-default': + onlyif => '/usr/bin/virsh net-list | grep default', + command => '/usr/bin/virsh net-destroy default', + require => Service['libvirt'], + } + + exec {'virsh-net-undefine-default': + onlyif => '/usr/bin/virsh net-list --inactive | grep default', + command => '/usr/bin/virsh net-undefine default', + require => Exec['virsh-net-destroy-default'], + } + + $libvirt_debug = hiera('CONFIG_DEBUG_MODE') + if $libvirt_debug { + + file_line { '/etc/libvirt/libvirt.conf log_filters': + path => '/etc/libvirt/libvirtd.conf', + line => 'log_filters = "1:libvirt 1:qemu 1:conf 1:security 3:event 3:json 3:file 1:util"', + match => 'log_filters =', + notify => Service['libvirt'], + } + + file_line { '/etc/libvirt/libvirt.conf log_outputs': + path => '/etc/libvirt/libvirtd.conf', + line => 'log_outputs = "1:file:/var/log/libvirt/libvirtd.log"', + match => 'log_outputs =', + notify => Service['libvirt'], + } + + } +} diff --git a/packstack/puppet/modules/packstack/manifests/nova/compute/vmware.pp b/packstack/puppet/modules/packstack/manifests/nova/compute/vmware.pp new file mode 100644 index 000000000..62a58716f --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/nova/compute/vmware.pp @@ -0,0 +1,13 @@ +class packstack::nova::compute::vmware () +{ + $cluster_list = hiera('CONFIG_VCENTER_CLUSTERS') + $my_ip = choose_my_ip(hiera('HOST_LIST')) + $nova_vcenter_cluster_name = $cluster_list[$my_ip] + + class { '::nova::compute::vmware': + host_ip => hiera('CONFIG_VCENTER_HOST'), + host_username => hiera('CONFIG_VCENTER_USER'), + host_password => hiera('CONFIG_VCENTER_PASSWORD'), + cluster_name => $nova_vcenter_cluster_name, + } +} diff --git a/packstack/puppet/modules/packstack/manifests/nova/conductor.pp b/packstack/puppet/modules/packstack/manifests/nova/conductor.pp new file mode 100644 index 000000000..6c7d54e2a --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/nova/conductor.pp @@ -0,0 +1,6 @@ +class packstack::nova::conductor () +{ + class { '::nova::conductor': + enabled => true, + } +} diff --git a/packstack/puppet/modules/packstack/manifests/nova/gluster.pp b/packstack/puppet/modules/packstack/manifests/nova/gluster.pp new file mode 100644 index 000000000..7f243254c --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/nova/gluster.pp @@ -0,0 +1,4 @@ +class packstack::nova::gluster () +{ + ensure_packages(['glusterfs-fuse'], {'ensure' => 'present'}) +} diff --git a/packstack/puppet/modules/packstack/manifests/nova/metadata.pp b/packstack/puppet/modules/packstack/manifests/nova/metadata.pp new file mode 100644 index 000000000..16e4a2c1a --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/nova/metadata.pp @@ -0,0 +1,9 @@ +class packstack::nova::metadata () +{ + nova::generic_service { 'metadata-api': + enabled => true, + ensure_package => 'present', + package_name => 'openstack-nova-api', + service_name => 'openstack-nova-metadata-api', + } +} diff --git a/packstack/puppet/modules/packstack/manifests/nova/network.pp b/packstack/puppet/modules/packstack/manifests/nova/network.pp new file mode 100644 index 000000000..8c8d141a1 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/nova/network.pp @@ -0,0 +1,57 @@ +class packstack::nova::network () +{ + $multihost = hiera('CONFIG_NOVA_NETWORK_MULTIHOST') + if $multihost { + nova_config { + 'DEFAULT/send_arp_for_ha': value => true; + } + } + + $manager = hiera('CONFIG_NOVA_NETWORK_MANAGER') + + $nova_net_manager_list = [ + 'nova.network.manager.VlanManager', + 'nova.network.manager.FlatDHCPManager', + ] + + $overrides = {} + + $use_subnets_value = hiera('CONFIG_USE_SUBNETS') + $use_subnets = $use_subnets_value ? { + 'y' => true, + default => false, + } + + if $manager in $nova_net_manager_list { + $overrides['force_dhcp_release'] = false + } + + if $manager == 'nova.network.manager.VlanManager' { + $overrides['vlan_start'] = hiera('CONFIG_NOVA_NETWORK_VLAN_START') + $net_size = hiera('CONFIG_NOVA_NETWORK_SIZE') + $net_num = hiera('CONFIG_NOVA_NETWORK_NUMBER') + } else { + $net_size = hiera('CONFIG_NOVA_NETWORK_FIXEDSIZE') + $net_num = 1 + } + + $nova_network_privif = hiera('CONFIG_NOVA_NETWORK_PRIVIF') + $nova_network_pubif = hiera('CONFIG_NOVA_NETWORK_PUBIF') + + Class['::keystone'] -> Nova::Manage::Network<||> + + class { '::nova::network': + enabled => true, + network_manager => $manager, + num_networks => $net_num , + network_size => $net_size, + private_interface => force_interface($nova_network_privif, $use_subnets), + public_interface => force_interface($nova_network_pubif, $use_subnets), + fixed_range => hiera('CONFIG_NOVA_NETWORK_FIXEDRANGE'), + floating_range => hiera('CONFIG_NOVA_NETWORK_FLOATRANGE'), + config_overrides => $overrides, + auto_assign_floating_ip => hiera('CONFIG_NOVA_NETWORK_AUTOASSIGNFLOATINGIP'), + multi_host => $multihost + } + ensure_packages(['dnsmasq'], {'ensure' => 'present'}) +} diff --git a/packstack/puppet/modules/packstack/manifests/nova/network/libvirt.pp b/packstack/puppet/modules/packstack/manifests/nova/network/libvirt.pp new file mode 100644 index 000000000..f0e7ec247 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/nova/network/libvirt.pp @@ -0,0 +1,13 @@ +class packstack::nova::network::libvirt () +{ + $vmware_backend = hiera('CONFIG_VMWARE_BACKEND') + + if $vmware_backend == 'n' { + exec { 'libvirtd_reload': + path => ['/usr/sbin/', '/sbin', '/usr/bin/'], + command => 'systemctl restart libvirtd', + logoutput => 'on_failure', + require => Class['::packstack::nova::compute::libvirt'], + } + } +} diff --git a/packstack/puppet/modules/packstack/manifests/nova/neutron.pp b/packstack/puppet/modules/packstack/manifests/nova/neutron.pp new file mode 100644 index 000000000..663037871 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/nova/neutron.pp @@ -0,0 +1,18 @@ +class packstack::nova::neutron () +{ + $nova_neutron_cfg_ctrl_host = hiera('CONFIG_KEYSTONE_HOST_URL') + $neutron_auth_url = hiera('CONFIG_KEYSTONE_ADMIN_URL') + + class { '::nova::network::neutron': + neutron_password => hiera('CONFIG_NEUTRON_KS_PW'), + neutron_auth_plugin => 'v3password', + neutron_url => "http://${nova_neutron_cfg_ctrl_host}:9696", + neutron_project_name => 'services', + neutron_auth_url => "${neutron_auth_url}/v3", + neutron_region_name => hiera('CONFIG_KEYSTONE_REGION'), + } + + class { '::nova::compute::neutron': + libvirt_vif_driver => hiera('CONFIG_NOVA_LIBVIRT_VIF_DRIVER'), + } +} diff --git a/packstack/puppet/modules/packstack/manifests/nova/nfs.pp b/packstack/puppet/modules/packstack/manifests/nova/nfs.pp new file mode 100644 index 000000000..bdc703266 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/nova/nfs.pp @@ -0,0 +1,4 @@ +class packstack::nova::nfs () +{ + ensure_packages(['nfs-utils'], {'ensure' => 'present'}) +} diff --git a/packstack/puppet/modules/packstack/manifests/nova/sched.pp b/packstack/puppet/modules/packstack/manifests/nova/sched.pp new file mode 100644 index 000000000..50f2c3388 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/nova/sched.pp @@ -0,0 +1,17 @@ +class packstack::nova::sched () +{ + class {'::nova::scheduler::filter': + # OpenStack doesn't include the CoreFilter (= CPU Filter) by default + scheduler_default_filters => ['RetryFilter', 'AvailabilityZoneFilter', + 'RamFilter', 'DiskFilter' , 'ComputeFilter', + 'ComputeCapabilitiesFilter', 'ImagePropertiesFilter', + 'ServerGroupAntiAffinityFilter', + 'ServerGroupAffinityFilter', 'CoreFilter'], + cpu_allocation_ratio => hiera('CONFIG_NOVA_SCHED_CPU_ALLOC_RATIO'), + ram_allocation_ratio => hiera('CONFIG_NOVA_SCHED_RAM_ALLOC_RATIO'), + } + + class { '::nova::scheduler': + enabled => true, + } +} diff --git a/packstack/puppet/modules/packstack/manifests/nova/sched/ironic.pp b/packstack/puppet/modules/packstack/manifests/nova/sched/ironic.pp new file mode 100644 index 000000000..f3a74ec96 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/nova/sched/ironic.pp @@ -0,0 +1,7 @@ +class packstack::nova::sched::ironic () +{ + nova_config { + 'DEFAULT/scheduler_host_manager': + value => 'nova.scheduler.ironic_host_manager.IronicHostManager'; + } +} diff --git a/packstack/puppet/modules/packstack/manifests/nova/vncproxy.pp b/packstack/puppet/modules/packstack/manifests/nova/vncproxy.pp new file mode 100644 index 000000000..68af3362a --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/nova/vncproxy.pp @@ -0,0 +1,31 @@ +class packstack::nova::vncproxy () +{ + if hiera('CONFIG_HORIZON_SSL') == 'y' { + nova_config { + 'DEFAULT/ssl_only': value => true; + 'DEFAULT/cert': value => hiera('CONFIG_VNC_SSL_CERT'); + 'DEFAULT/key': value => hiera('CONFIG_VNC_SSL_KEY'); + } + } + + $vnc_bind_host = hiera('CONFIG_IP_VERSION') ? { + 'ipv6' => '::0', + default => '0.0.0.0', + # TO-DO(mmagr): Add IPv6 support when hostnames are used + } + + class { '::nova::vncproxy': + enabled => true, + host => $vnc_bind_host, + } + + class { '::nova::consoleauth': + enabled => true, + } + + firewall { '001 novncproxy incoming': + proto => 'tcp', + dport => ['6080'], + action => 'accept', + } +} diff --git a/packstack/puppet/modules/packstack/manifests/openstackclient.pp b/packstack/puppet/modules/packstack/manifests/openstackclient.pp new file mode 100644 index 000000000..8d2949726 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/openstackclient.pp @@ -0,0 +1,94 @@ +class packstack::openstackclient () +{ + $clientlibs = ['python-novaclient', + 'python-glanceclient', + 'python-cinderclient', 'python-openstackclient'] + + ensure_packages($clientlibs, {'ensure' => 'present'}) + + if hiera('CONFIG_MANILA_INSTALL') == 'y' { + ensure_packages(['python-manilaclient'], {'ensure' => 'present'}) + } + + $ost_cl_keystone_admin_username = hiera('CONFIG_KEYSTONE_ADMIN_USERNAME') + $ost_cl_keystone_admin_pw = hiera('CONFIG_KEYSTONE_ADMIN_PW') + $ost_cl_ctrl_keystone_url = hiera('CONFIG_KEYSTONE_PUBLIC_URL') + $ost_cl_keystone_region = hiera('CONFIG_KEYSTONE_REGION') + $ost_cl_keystone_demo_pw = hiera('CONFIG_KEYSTONE_DEMO_PW') + + $config_keystone_api_version = hiera('CONFIG_KEYSTONE_API_VERSION') + if $config_keystone_api_version =~ /^v(\d+).*$/ { + # we need to force integer here + $int_api_version = 0 + $1 + } else { + fail("${config_keystone_api_version} is an incorrect Keystone API Version!") + } + + $rcadmin_common_content = "unset OS_SERVICE_TOKEN + export OS_USERNAME=${ost_cl_keystone_admin_username} + export OS_PASSWORD=${ost_cl_keystone_admin_pw} + export OS_AUTH_URL=${ost_cl_ctrl_keystone_url} + export PS1='[\\u@\\h \\W(keystone_admin)]\\$ ' + " + + if $int_api_version < 3 { + $rcadmin_content = "${rcadmin_common_content} +export OS_TENANT_NAME=admin +export OS_REGION_NAME=${ost_cl_keystone_region} + " + } + else { + $rcadmin_content = "${rcadmin_common_content} +export OS_PROJECT_NAME=admin +export OS_USER_DOMAIN_NAME=Default +export OS_PROJECT_DOMAIN_NAME=Default +export OS_IDENTITY_API_VERSION=${int_api_version} + " + } + + file { "${::home_dir}/keystonerc_admin": + ensure => file, + mode => '0600', + content => $rcadmin_content, + } + + if hiera('CONFIG_PROVISION_DEMO') == 'y' { + $demo_common_content = "unset OS_SERVICE_TOKEN +export OS_USERNAME=demo +export OS_PASSWORD=${ost_cl_keystone_demo_pw} +export PS1='[\\u@\\h \\W(keystone_demo)]\\$ ' +export OS_AUTH_URL=${ost_cl_ctrl_keystone_url} + " + + if $int_api_version < 3 { + $demo_content = "${demo_common_content} +export OS_TENANT_NAME=demo +export OS_IDENTITY_API_VERSION=${int_api_version}.0 + " + } else { + $demo_content = "${demo_common_content} +export OS_PROJECT_NAME=demo +export OS_USER_DOMAIN_NAME=Default +export OS_PROJECT_DOMAIN_NAME=Default +export OS_IDENTITY_API_VERSION=${int_api_version} + " + } + + file { "${::home_dir}/keystonerc_demo": + ensure => file, + mode => '0600', + content => $demo_content, + } + } + + if hiera('NO_ROOT_USER_ALLINONE') == true { + $ost_cl_home_dir = hiera('HOME_DIR') + file { "${ost_cl_home_dir}/keystonerc_admin": + ensure => file, + owner => hiera('NO_ROOT_USER'), + group => hiera('NO_ROOT_GROUP'), + mode => '0600', + content => $rcadmin_content, + } + } +} diff --git a/packstack/puppet/modules/packstack/manifests/prereqs.pp b/packstack/puppet/modules/packstack/manifests/prereqs.pp new file mode 100644 index 000000000..b0e3046f1 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/prereqs.pp @@ -0,0 +1,23 @@ +class packstack::prereqs () +{ + include ::firewall + + # We don't have openstack-selinux package for Fedora + if $::operatingsystem != 'Fedora' { + package{ 'openstack-selinux': + ensure => present, + } + } + + package { 'sos': + ensure => present, + } + + package { 'audit': + ensure => present, + } -> + service { 'auditd': + ensure => running, + enable => true, + } +} diff --git a/packstack/puppet/modules/packstack/manifests/provision.pp b/packstack/puppet/modules/packstack/manifests/provision.pp new file mode 100644 index 000000000..0ed9f19d0 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/provision.pp @@ -0,0 +1,99 @@ +class packstack::provision () +{ + $provision_demo = str2bool(hiera('CONFIG_PROVISION_DEMO')) + $provision_tempest = str2bool(hiera('CONFIG_PROVISION_TEMPEST')) + $provision_neutron = str2bool(hiera('CONFIG_NEUTRON_INSTALL')) + $heat_available = str2bool(hiera('CONFIG_HEAT_INSTALL')) + + if $provision_demo { + $username = 'demo' + $password = hiera('CONFIG_KEYSTONE_DEMO_PW') + $tenant_name = 'demo' + $floating_range = hiera('CONFIG_PROVISION_DEMO_FLOATRANGE') + } elsif $provision_tempest { + $username = hiera('CONFIG_PROVISION_TEMPEST_USER') + $password = hiera('CONFIG_PROVISION_TEMPEST_USER_PW') + $tenant_name = 'tempest' + $floating_range = hiera('CONFIG_PROVISION_TEMPEST_FLOATRANGE') + if (empty($tempest_user) or empty($tempest_password)) { + fail("Both CONFIG_PROVISION_TEMPEST_USER and + CONFIG_PROVISION_TEMPEST_USER_PW need to be configured.") + } + } + + if $provision_demo or $provision_tempest { + + # Keystone + $admin_tenant_name = 'admin' + keystone_tenant { $tenant_name: + ensure => present, + enabled => true, + description => 'default tenant', + } + + keystone_user { $username: + ensure => present, + enabled => true, + password => $password, + } + + if $heat_available { + keystone_user_role { "${username}@${tenant_name}": + ensure => present, + roles => ['_member_', 'heat_stack_owner'], + } + } else { + keystone_user_role { "${username}@${tenant_name}": + ensure => present, + roles => ['_member_'], + } + } + + ## Neutron + if $provision_neutron { + $public_network_name = 'public' + $public_subnet_name = 'public_subnet' + $private_network_name = 'private' + $private_subnet_name = 'private_subnet' + $fixed_range = '10.0.0.0/24' + $router_name = 'router1' + + $neutron_deps = [Neutron_network[$public_network_name]] + + neutron_network { $public_network_name: + ensure => present, + router_external => true, + tenant_name => $admin_tenant_name, + } + neutron_subnet { $public_subnet_name: + ensure => 'present', + cidr => $floating_range, + enable_dhcp => false, + network_name => $public_network_name, + tenant_name => $admin_tenant_name, + } + neutron_network { $private_network_name: + ensure => present, + tenant_name => $tenant_name, + } + neutron_subnet { $private_subnet_name: + ensure => present, + cidr => $fixed_range, + network_name => $private_network_name, + tenant_name => $tenant_name, + } + # Tenant-owned router - assumes network namespace isolation + neutron_router { $router_name: + ensure => present, + tenant_name => $tenant_name, + gateway_network_name => $public_network_name, + # A neutron_router resource must explicitly declare a dependency on + # the first subnet of the gateway network. + require => Neutron_subnet[$public_subnet_name], + } + neutron_router_interface { "${router_name}:${private_subnet_name}": + ensure => present, + } + } + } +} diff --git a/packstack/puppet/modules/packstack/manifests/provision/bridge.pp b/packstack/puppet/modules/packstack/manifests/provision/bridge.pp new file mode 100644 index 000000000..f1cd86f88 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/provision/bridge.pp @@ -0,0 +1,54 @@ +class packstack::provision::bridge () +{ + $provision_neutron_br = str2bool(hiera('CONFIG_NEUTRON_INSTALL')) + $setup_ovs_bridge = str2bool(hiera('CONFIG_PROVISION_OVS_BRIDGE')) + $public_bridge_name = hiera('CONFIG_NEUTRON_L3_EXT_BRIDGE', 'br-ex') + $provision_tempest_br = str2bool(hiera('CONFIG_PROVISION_TEMPEST')) + $provision_demo_br = str2bool(hiera('CONFIG_PROVISION_DEMO')) + + if $provision_demo_br { + $floating_range_br = hiera('CONFIG_PROVISION_DEMO_FLOATRANGE') + } elsif $provision_tempest_br { + $floating_range_br = hiera('CONFIG_PROVISION_TEMPEST_FLOATRANGE') + } + + neutron_config { + 'keystone_authtoken/identity_uri': value => hiera('CONFIG_KEYSTONE_ADMIN_URL'); + 'keystone_authtoken/auth_uri': value => hiera('CONFIG_KEYSTONE_PUBLIC_URL'); + 'keystone_authtoken/admin_tenant_name': value => 'services'; + 'keystone_authtoken/admin_user': value => 'neutron'; + 'keystone_authtoken/admin_password': value => hiera('CONFIG_NEUTRON_KS_PW'); + } + + if $provision_neutron_br and $setup_ovs_bridge { + Neutron_config<||> -> Neutron_l3_ovs_bridge['demo_bridge'] + neutron_l3_ovs_bridge { 'demo_bridge': + name => $public_bridge_name, + ensure => present, + subnet_name => 'public_subnet', + } + + firewall { '000 nat': + chain => 'POSTROUTING', + jump => 'MASQUERADE', + source => $floating_range_br, + outiface => $::gateway_device, + table => 'nat', + proto => 'all', + } + + firewall { '000 forward out': + chain => 'FORWARD', + action => 'accept', + outiface => $public_bridge_name, + proto => 'all', + } + + firewall { '000 forward in': + chain => 'FORWARD', + action => 'accept', + iniface => $public_bridge_name, + proto => 'all', + } + } +} diff --git a/packstack/puppet/modules/packstack/manifests/provision/glance.pp b/packstack/puppet/modules/packstack/manifests/provision/glance.pp new file mode 100644 index 000000000..6238654a2 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/provision/glance.pp @@ -0,0 +1,61 @@ +class packstack::provision::glance () +{ + $image_name = hiera('CONFIG_PROVISION_IMAGE_NAME') + $image_source = hiera('CONFIG_PROVISION_IMAGE_URL') + $image_format = hiera('CONFIG_PROVISION_IMAGE_FORMAT') + $uec_image_name = hiera('CONFIG_PROVISION_UEC_IMAGE_NAME') + $uec_image_source_kernel = hiera('CONFIG_PROVISION_UEC_IMAGE_KERNEL_URL') + $uec_image_source_ramdisk = hiera('CONFIG_PROVISION_UEC_IMAGE_RAMDISK_URL') + $uec_image_source_disk = hiera('CONFIG_PROVISION_UEC_IMAGE_DISK_URL') + + glance_image { $image_name: + ensure => present, + is_public => 'yes', + container_format => 'bare', + disk_format => $image_format, + source => $image_source, + } + + if str2bool(hiera('CONFIG_PROVISION_TEMPEST')) { + $image_name_alt = "${uec_image_name}_alt" + + glance_image{"${uec_image_name}-kernel": + ensure => present, + is_public => 'yes', + container_format => 'aki', + disk_format => 'aki', + source => $uec_image_source_kernel, + id => '146d4a6b-ad1e-4d9f-8b08-98eae3c3dab4' + } + + glance_image{"${uec_image_name}-ramdisk": + ensure => present, + is_public => 'yes', + container_format => 'ari', + disk_format => 'ari', + source => $uec_image_source_ramdisk, + id => '0b50e2e5-1440-4654-b568-4e120ddf28c1' + } + + glance_image{$uec_image_name: + ensure => present, + is_public => 'yes', + container_format => 'ami', + disk_format => 'ami', + source => $uec_image_source_disk, + properties => { 'kernel_id' => '146d4a6b-ad1e-4d9f-8b08-98eae3c3dab4', 'ramdisk_id' => '0b50e2e5-1440-4654-b568-4e120ddf28c1' }, + require => [ Glance_image["${uec_image_name}-kernel"], Glance_image["${uec_image_name}-ramdisk"] ] + } + + glance_image{$image_name_alt: + ensure => present, + is_public => 'yes', + container_format => 'ami', + disk_format => 'ami', + source => $uec_image_source_disk, + properties => { 'kernel_id' => '146d4a6b-ad1e-4d9f-8b08-98eae3c3dab4', 'ramdisk_id' => '0b50e2e5-1440-4654-b568-4e120ddf28c1' }, + require => [ Glance_image["${uec_image_name}-kernel"], Glance_image["${uec_image_name}-ramdisk"] ] + } + + } +} diff --git a/packstack/puppet/modules/packstack/manifests/provision/tempest.pp b/packstack/puppet/modules/packstack/manifests/provision/tempest.pp new file mode 100644 index 000000000..c7a4489eb --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/provision/tempest.pp @@ -0,0 +1,142 @@ +class packstack::provision::tempest () +{ + $provision_demo = str2bool(hiera('CONFIG_PROVISION_DEMO')) + if $provision_demo { + $username = 'demo' + $password = hiera('CONFIG_KEYSTONE_DEMO_PW') + $tenant_name = 'demo' + $floating_range = hiera('CONFIG_PROVISION_DEMO_FLOATRANGE') + } else { + $username = hiera('CONFIG_PROVISION_TEMPEST_USER') + $password = hiera('CONFIG_PROVISION_TEMPEST_USER_PW') + $tenant_name = 'tempest' + $floating_range = hiera('CONFIG_PROVISION_TEMPEST_FLOATRANGE') + } + + # Authentication/Keystone + $identity_uri = hiera('CONFIG_KEYSTONE_PUBLIC_URL') + $identity_uri_v3 = regsubst($identity_uri, 'v2.0', 'v3') + $auth_version = regsubst(hiera('CONFIG_KEYSTONE_API_VERSION'), '.0', '') + $admin_username = hiera('CONFIG_KEYSTONE_ADMIN_USERNAME') + $admin_password = hiera('CONFIG_KEYSTONE_ADMIN_PW') + $admin_tenant_name = 'admin' + $admin_domain_name = 'Default' + + # get image and network id + $configure_images = true + $configure_networks = true + + # Image + $uec_image_name = hiera('CONFIG_PROVISION_UEC_IMAGE_NAME') + $image_ssh_user = hiera('CONFIG_PROVISION_IMAGE_SSH_USER') + $image_name_alt = "${uec_image_name}_alt" + $image_alt_ssh_user = hiera('CONFIG_PROVISION_IMAGE_SSH_USER') + $image_source = hiera('CONFIG_PROVISION_IMAGE_URL') + $image_format = hiera('CONFIG_PROVISION_IMAGE_FORMAT') + + # network name + $public_network_name = 'public' + + # nova should be able to resize with packstack setup + $resize_available = true + + $change_password_available = undef + $allow_tenant_isolation = true + $dir_log = hiera('DIR_LOG') + $log_file = "${dir_log}/tempest.log" + $use_stderr = false + $debug = true + $public_router_id = undef + + # Tempest + $tempest_repo_uri = hiera('CONFIG_PROVISION_TEMPEST_REPO_URI') + $tempest_repo_revision = hiera('CONFIG_PROVISION_TEMPEST_REPO_REVISION') + $tempest_clone_path = '/var/lib/tempest' + $tempest_clone_owner = 'root' + $tempest_user = hiera('CONFIG_PROVISION_TEMPEST_USER') + $tempest_password = hiera('CONFIG_PROVISION_TEMPEST_USER_PW') + + # Nano and Micro flavors are used, otherwise flavors used by default too much resources for nothing + $tempest_flavor_ref = "42" + $tempest_flavor_ref_alt = "84" + + nova_flavor { 'm1.nano': + ensure => present, + id => $tempest_flavor_ref, + ram => '128', + disk => '0', + vcpus => '1', + require => [ Class['::nova::api'], Class['::nova::keystone::auth'] ], + } + nova_flavor { 'm1.micro': + ensure => present, + id => $tempest_flavor_ref_alt, + ram => '128', + disk => '0', + vcpus => '1', + require => [ Class['::nova::api'], Class['::nova::keystone::auth'] ], + } + + # Service availability for testing based on configuration + $cinder_available = str2bool(hiera('CONFIG_CINDER_INSTALL')) + $glance_available = str2bool(hiera('CONFIG_GLANCE_INSTALL')) + $horizon_available = str2bool(hiera('CONFIG_HORIZON_INSTALL')) + $nova_available = str2bool(hiera('CONFIG_NOVA_INSTALL')) + $neutron_available = str2bool(hiera('CONFIG_NEUTRON_INSTALL')) + $ceilometer_available = str2bool(hiera('CONFIG_CEILOMETER_INSTALL')) + $aodh_available = str2bool(hiera('CONFIG_AODH_INSTALL')) + $trove_available = str2bool(hiera('CONFIG_TROVE_INSTALL')) + $sahara_available = str2bool(hiera('CONFIG_SAHARA_INSTALL')) + $heat_available = str2bool(hiera('CONFIG_HEAT_INSTALL')) + $swift_available = str2bool(hiera('CONFIG_SWIFT_INSTALL')) + $configure_tempest = str2bool(hiera('CONFIG_PROVISION_TEMPEST')) + + class { '::tempest': + admin_domain_name => $admin_domain_name, + admin_password => $admin_password, + admin_tenant_name => $admin_tenant_name, + admin_username => $admin_username, + allow_tenant_isolation => $allow_tenant_isolation, + aodh_available => $aodh_available, + auth_version => $auth_version, + ceilometer_available => $ceilometer_available, + cinder_available => $cinder_available, + change_password_available => $change_password_available, + configure_images => $configure_images, + configure_networks => $configure_networks, + debug => $debug, + flavor_ref => $tempest_flavor_ref, + flavor_ref_alt => $tempest_flavor_ref_alt, + glance_available => $glance_available, + heat_available => $heat_available, + horizon_available => $horizon_available, + identity_uri => $identity_uri, + identity_uri_v3 => $identity_uri_v3, + image_alt_ssh_user => $image_alt_ssh_user, + image_name_alt => $image_name_alt, + image_name => $uec_image_name, + image_ssh_user => $image_ssh_user, + log_file => $log_file, + neutron_available => $neutron_available, + nova_available => $nova_available, + password => $password, + public_network_name => $public_network_name, + public_router_id => $public_router_id, + resize_available => $resize_available, + sahara_available => $sahara_available, + swift_available => $swift_available, + tempest_clone_owner => $tempest_clone_owner, + tempest_clone_path => $tempest_clone_path, + tempest_repo_revision => $tempest_repo_revision, + tempest_repo_uri => $tempest_repo_uri, + tenant_name => $tenant_name, + trove_available => $trove_available, + username => $username, + use_stderr => $use_stderr, + } + + tempest_config { 'object-storage/operator_role': + value => 'SwiftOperator', + path => "${tempest_clone_path}/etc/tempest.conf", + } +} diff --git a/packstack/puppet/modules/packstack/manifests/redis.pp b/packstack/puppet/modules/packstack/manifests/redis.pp new file mode 100644 index 000000000..065ec4040 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/redis.pp @@ -0,0 +1,14 @@ +class packstack::redis () +{ + create_resources(packstack::firewall, hiera('FIREWALL_REDIS_RULES', {})) + + $redis_port = hiera('CONFIG_REDIS_PORT') + $redis_host = hiera('CONFIG_REDIS_HOST') + + class { '::redis': + bind => $redis_host, + port => $redis_port, + appendonly => true, + daemonize => false, + } +} diff --git a/packstack/puppet/modules/packstack/manifests/sahara.pp b/packstack/puppet/modules/packstack/manifests/sahara.pp new file mode 100644 index 000000000..b9df008e7 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/sahara.pp @@ -0,0 +1,10 @@ +class packstack::sahara () +{ + create_resources(packstack::firewall, hiera('FIREWALL_SAHARA_CFN_RULES', {})) + + class { '::sahara::service::api': + api_workers => hiera('CONFIG_SERVICE_WORKERS') + } + + class { '::sahara::service::engine': } +} diff --git a/packstack/puppet/modules/packstack/manifests/sahara/ceilometer.pp b/packstack/puppet/modules/packstack/manifests/sahara/ceilometer.pp new file mode 100644 index 000000000..28efe4666 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/sahara/ceilometer.pp @@ -0,0 +1,7 @@ +class packstack::sahara::ceilometer () +{ + class { '::sahara::notify': + enable_notifications => true, + notification_driver => 'messagingv2', + } +} diff --git a/packstack/puppet/modules/packstack/manifests/sahara/rabbitmq.pp b/packstack/puppet/modules/packstack/manifests/sahara/rabbitmq.pp new file mode 100644 index 000000000..a46ad09cb --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/sahara/rabbitmq.pp @@ -0,0 +1,43 @@ +class packstack::sahara::rabbitmq () +{ + $sahara_cfg_sahara_db_pw = hiera('CONFIG_SAHARA_DB_PW') + $sahara_cfg_sahara_mariadb_host = hiera('CONFIG_MARIADB_HOST_URL') + $sahara_cfg_config_neutron_install = hiera('CONFIG_NEUTRON_INSTALL') + + $kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', $::os_service_default) + $kombu_ssl_keyfile = hiera('CONFIG_SAHARA_SSL_KEY', $::os_service_default) + $kombu_ssl_certfile = hiera('CONFIG_SAHARA_SSL_CERT', $::os_service_default) + + if ! is_service_default($kombu_ssl_keyfile) { + $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] + file { $files_to_set_owner: + owner => 'sahara', + group => 'sahara', + require => Package['sahara-common'], + } + File[$files_to_set_owner] ~> Service<| tag == 'sahara-service' |> + } + + class { '::sahara': + database_connection => + "mysql+pymysql://sahara:${sahara_cfg_sahara_db_pw}@${sahara_cfg_sahara_mariadb_host}/sahara", + verbose => true, + debug => hiera('CONFIG_DEBUG_MODE'), + admin_user => 'sahara', + admin_password => hiera('CONFIG_SAHARA_KS_PW'), + admin_tenant_name => 'services', + auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), + identity_uri => hiera('CONFIG_KEYSTONE_ADMIN_URL'), + use_neutron => ($sahara_cfg_config_neutron_install == 'y'), + host => hiera('CONFIG_SAHARA_HOST'), + rpc_backend => 'rabbit', + rabbit_host => hiera('CONFIG_AMQP_HOST_URL'), + rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), + rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'), + rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'), + rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), + kombu_ssl_ca_certs => $kombu_ssl_ca_certs, + kombu_ssl_keyfile => $kombu_ssl_keyfile, + kombu_ssl_certfile => $kombu_ssl_certfile, + } +} diff --git a/packstack/puppet/modules/packstack/manifests/swift.pp b/packstack/puppet/modules/packstack/manifests/swift.pp new file mode 100644 index 000000000..81b763e7e --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/swift.pp @@ -0,0 +1,10 @@ +class packstack::swift () +{ + # Class['swift'] -> Service <| |> + + class { '::swift': + # not sure how I want to deal with this shared secret + swift_hash_path_suffix => hiera('CONFIG_SWIFT_HASH'), + package_ensure => latest, + } +} diff --git a/packstack/puppet/modules/packstack/manifests/swift/ceilometer.pp b/packstack/puppet/modules/packstack/manifests/swift/ceilometer.pp new file mode 100644 index 000000000..ce4269afc --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/swift/ceilometer.pp @@ -0,0 +1,12 @@ +class packstack::swift::ceilometer () +{ + class { '::swift::proxy::ceilometer': + rabbit_user => hiera('CONFIG_AMQP_AUTH_USER'), + rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), + rabbit_host => hiera('CONFIG_AMQP_HOST_URL'), + rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), + topic => 'notifications', + control_exchange => 'swift', + driver => 'messaging', + } +} diff --git a/packstack/puppet/modules/packstack/manifests/swift/fs.pp b/packstack/puppet/modules/packstack/manifests/swift/fs.pp new file mode 100644 index 000000000..e6e37939f --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/swift/fs.pp @@ -0,0 +1,12 @@ +define packstack::swift::fs ( + $device, + $dev, + $fstype +) +{ + case $fstype { + 'xfs': { swift::storage::xfs {$device: device => $dev } } + 'ext4': { swift::storage::ext4 {$device: device => $dev } } + default: { fail('Unsupported fs for Swift storage') } + } +} diff --git a/packstack/puppet/modules/packstack/manifests/swift/proxy.pp b/packstack/puppet/modules/packstack/manifests/swift/proxy.pp new file mode 100644 index 000000000..bd9689aed --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/swift/proxy.pp @@ -0,0 +1,104 @@ +class packstack::swift::proxy () +{ + create_resources(packstack::firewall, hiera('FIREWALL_SWIFT_PROXY_RULES', {})) + ensure_packages(['curl'], {'ensure' => 'present'}) + + $bind_host = hiera('CONFIG_IP_VERSION') ? { + 'ipv6' => '::0', + default => '0.0.0.0', + # TO-DO(mmagr): Add IPv6 support when hostnames are used + } + + include '::packstack::memcached' + + if hiera('CONFIG_CEILOMETER_INSTALL') == 'y' { + $swift_pipeline = [ + 'catch_errors', + 'bulk', + 'healthcheck', + 'cache', + 'crossdomain', + 'ratelimit', + 'authtoken', + 'keystone', + 'staticweb', + 'tempurl', + 'slo', + 'formpost', + 'account_quotas', + 'container_quotas', + 'ceilometer', + 'proxy-server', + ] + } else { + $swift_pipeline = [ + 'catch_errors', + 'bulk', + 'healthcheck', + 'cache', + 'crossdomain', + 'ratelimit', + 'authtoken', + 'keystone', + 'staticweb', + 'tempurl', + 'slo', + 'formpost', + 'account_quotas', + 'container_quotas', + 'proxy-server', + ] + } + + class { '::swift::proxy': + # swift seems to require ipv6 address without brackets + proxy_local_net_ip => hiera('CONFIG_STORAGE_HOST'), + pipeline => $swift_pipeline, + account_autocreate => true, + workers => hiera('CONFIG_SERVICE_WORKERS'), + } + + # configure all of the middlewares + class { [ + '::swift::proxy::catch_errors', + '::swift::proxy::healthcheck', + '::swift::proxy::cache', + '::swift::proxy::crossdomain', + '::swift::proxy::staticweb', + '::swift::proxy::tempurl', + '::swift::proxy::account_quotas', + '::swift::proxy::formpost', + '::swift::proxy::slo', + '::swift::proxy::container_quotas', + ]: } + + class { '::swift::proxy::bulk': + max_containers_per_extraction => 10000, + max_failed_extractions => 1000, + max_deletes_per_request => 10000, + yield_frequency => 60, + } + + class { '::swift::proxy::ratelimit': + clock_accuracy => 1000, + max_sleep_time_seconds => 60, + log_sleep_time_seconds => 0, + rate_buffer_seconds => 5, + account_ratelimit => 0, + } + + class { '::swift::proxy::keystone': + operator_roles => ['admin', 'SwiftOperator', '_member_'], + } + + class { '::swift::proxy::authtoken': + admin_user => 'swift', + admin_tenant_name => 'services', + admin_password => hiera('CONFIG_SWIFT_KS_PW'), + # assume that the controller host is the swift api server + auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), + identity_uri => hiera('CONFIG_KEYSTONE_ADMIN_URL'), + } + + class { '::swift::objectexpirer': } +} diff --git a/packstack/puppet/modules/packstack/manifests/swift/ringbuilder.pp b/packstack/puppet/modules/packstack/manifests/swift/ringbuilder.pp new file mode 100644 index 000000000..83eb649de --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/swift/ringbuilder.pp @@ -0,0 +1,25 @@ +class packstack::swift::ringbuilder () +{ + class { '::swift::ringbuilder': + part_power => '18', + replicas => hiera('CONFIG_SWIFT_STORAGE_REPLICAS'), + min_part_hours => 1, + require => Class['swift'], + } + + # sets up an rsync db that can be used to sync the ring DB + class { '::swift::ringserver': + local_net_ip => hiera('CONFIG_STORAGE_HOST_URL'), + } + + if str2bool($::selinux) { + selboolean { 'rsync_export_all_ro': + value => on, + persistent => true, + } + } + + create_resources(ring_account_device, hiera('SWIFT_RING_ACCOUNT_DEVICES', {})) + create_resources(ring_object_device, hiera('SWIFT_RING_OBJECT_DEVICES', {})) + create_resources(ring_container_device, hiera('SWIFT_RING_CONTAINER_DEVICES', {})) +} diff --git a/packstack/puppet/modules/packstack/manifests/swift/storage.pp b/packstack/puppet/modules/packstack/manifests/swift/storage.pp new file mode 100644 index 000000000..5df5146e7 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/swift/storage.pp @@ -0,0 +1,40 @@ +class packstack::swift::storage () +{ + create_resources(packstack::firewall, hiera('FIREWALL_SWIFT_STORAGE_RULES', {})) + + # install all swift storage servers together + class { '::swift::storage::all': + # looks like ipv6 address without brackets is required here + storage_local_net_ip => hiera('CONFIG_STORAGE_HOST'), + allow_versions => true, + require => Class['swift'], + } + + if (!defined(File['/srv/node'])) { + file { '/srv/node': + ensure => directory, + owner => 'swift', + group => 'swift', + require => Package['swift'], + } + } + + swift::ringsync{ ['account', 'container', 'object']: + ring_server => hiera('CONFIG_STORAGE_HOST_URL'), + before => Class['swift::storage::all'], + require => Class['swift'], + } + + if hiera('CONFIG_SWIFT_LOOPBACK') == 'y' { + swift::storage::loopback { 'swiftloopback': + base_dir => '/srv/loopback-device', + mnt_base_dir => '/srv/node', + require => Class['swift'], + fstype => hiera('CONFIG_SWIFT_STORAGE_FSTYPE'), + seek => hiera('CONFIG_SWIFT_STORAGE_SEEK'), + } + } + else { + create_resources(packstack::swift::fs, hiera('CONFIG_SWIFT_STORAGE_DEVICES', {})) + } +} diff --git a/packstack/puppet/modules/packstack/manifests/trove.pp b/packstack/puppet/modules/packstack/manifests/trove.pp new file mode 100644 index 000000000..9c965da1d --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/trove.pp @@ -0,0 +1,35 @@ +class packstack::trove () +{ + create_resources(packstack::firewall, hiera('FIREWALL_TROVE_API_RULES', {})) + + $bind_host = hiera('CONFIG_IP_VERSION') ? { + 'ipv6' => '::0', + default => '0.0.0.0', + # TO-DO(mmagr): Add IPv6 support when hostnames are used + } + + class { '::trove::api': + bind_host => $bind_host, + enabled => true, + keystone_password => hiera('CONFIG_TROVE_KS_PW'), + auth_url => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), + cert_file => false, + key_file => false, + ca_file => false, + verbose => true, + debug => hiera('CONFIG_DEBUG_MODE'), + workers => hiera('CONFIG_SERVICE_WORKERS'), + } + + class { '::trove::conductor': + auth_url => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), + verbose => true, + debug => hiera('CONFIG_DEBUG_MODE'), + } + + class { '::trove::taskmanager': + auth_url => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), + verbose => true, + debug => hiera('CONFIG_DEBUG_MODE'), + } +} diff --git a/packstack/puppet/modules/packstack/manifests/trove/rabbitmq.pp b/packstack/puppet/modules/packstack/manifests/trove/rabbitmq.pp new file mode 100644 index 000000000..71ad34cf1 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/trove/rabbitmq.pp @@ -0,0 +1,41 @@ +class packstack::trove::rabbitmq () +{ + $trove_rabmq_cfg_trove_db_pw = hiera('CONFIG_TROVE_DB_PW') + $trove_rabmq_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST_URL') + $trove_rabmq_cfg_controller_host = hiera('CONFIG_KEYSTONE_HOST_URL') + + $kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', undef) + $kombu_ssl_keyfile = hiera('CONFIG_TROVE_SSL_KEY', undef) + $kombu_ssl_certfile = hiera('CONFIG_TROVE_SSL_CERT', undef) + + if $kombu_ssl_keyfile { + $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] + file { $files_to_set_owner: + owner => 'trove', + group => 'trove', + } + Package<|tag=='trove'|> -> File[$files_to_set_owner] + File[$files_to_set_owner] ~> Service<| tag == 'trove-service' |> + } + + + class { '::trove': + rpc_backend => 'rabbit', + rabbit_host => hiera('CONFIG_AMQP_HOST_URL'), + rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'), + rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), + rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'), + rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), + database_connection => "mysql+pymysql://trove:${trove_rabmq_cfg_trove_db_pw}@${trove_rabmq_cfg_mariadb_host}/trove", + nova_proxy_admin_user => hiera('CONFIG_TROVE_NOVA_USER'), + nova_proxy_admin_tenant_name => hiera('CONFIG_TROVE_NOVA_TENANT'), + nova_proxy_admin_pass => hiera('CONFIG_TROVE_NOVA_PW'), + nova_compute_url => "http://${trove_rabmq_cfg_controller_host}:8774/v2", + cinder_url => "http://${trove_rabmq_cfg_controller_host}:8776/v1", + swift_url => "http://${trove_rabmq_cfg_controller_host}:8080/v1/AUTH_", + use_neutron => hiera('CONFIG_NEUTRON_INSTALL'), + kombu_ssl_ca_certs => $kombu_ssl_ca_certs, + kombu_ssl_keyfile => $kombu_ssl_keyfile, + kombu_ssl_certfile => $kombu_ssl_certfile, + } +} diff --git a/packstack/puppet/templates/aodh.pp b/packstack/puppet/templates/aodh.pp deleted file mode 100644 index aa9e213e5..000000000 --- a/packstack/puppet/templates/aodh.pp +++ /dev/null @@ -1,52 +0,0 @@ -$config_aodh_coordination_backend = hiera('CONFIG_CEILOMETER_COORDINATION_BACKEND') - -if $config_aodh_coordination_backend == 'redis' { - $redis_ha = hiera('CONFIG_REDIS_HA') - $redis_host = hiera('CONFIG_REDIS_MASTER_HOST_URL') - $redis_port = hiera('CONFIG_REDIS_PORT') - $sentinel_host = hiera('CONFIG_REDIS_SENTINEL_CONTACT_HOST') - $sentinel_host_url = hiera('CONFIG_REDIS_SENTINEL_CONTACT_HOST_URL') - $sentinel_fallbacks = hiera('CONFIG_REDIS_SENTINEL_FALLBACKS') - if ($sentinel_host != '' and $redis_ha == 'y') { - $master_name = hiera('CONFIG_REDIS_MASTER_NAME') - $sentinel_port = hiera('CONFIG_REDIS_SENTINEL_PORT') - $base_coordination_url = "redis://${sentinel_host_url}:${sentinel_port}?sentinel=${master_name}" - if $sentinel_fallbacks != '' { - $coordination_url = "${base_coordination_url}&${sentinel_fallbacks}" - } else { - $coordination_url = $base_coordination_url - } - } else { - $coordination_url = "redis://${redis_host}:${redis_port}" - } -} else { - $coordination_url = '' -} - -class { '::aodh::api': - enabled => true, - keystone_password => hiera('CONFIG_AODH_KS_PW'), - keystone_identity_uri => hiera('CONFIG_KEYSTONE_ADMIN_URL'), - service_name => 'httpd', -} - -class { '::apache': - purge_configs => false, -} - -class { '::aodh::wsgi::apache': - workers => $service_workers, - ssl => false -} - -class { '::aodh::auth': - auth_password => hiera('CONFIG_AODH_KS_PW'), -} -class { '::aodh::evaluator': - coordination_url => $coordination_url, -} -class { '::aodh::notifier': } -class { '::aodh::listener': } -class { '::aodh::client': } - - diff --git a/packstack/puppet/templates/aodh_rabbitmq.pp b/packstack/puppet/templates/aodh_rabbitmq.pp deleted file mode 100644 index de5289760..000000000 --- a/packstack/puppet/templates/aodh_rabbitmq.pp +++ /dev/null @@ -1,29 +0,0 @@ -$kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', undef) -$kombu_ssl_keyfile = hiera('CONFIG_AODH_SSL_KEY', undef) -$kombu_ssl_certfile = hiera('CONFIG_AODH_SSL_CERT', undef) - -if $kombu_ssl_keyfile { - $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] - file { $files_to_set_owner: - owner => 'aodh', - group => 'aodh', - require => Package['openstack-aodh-common'], - } - File[$files_to_set_owner] ~> Service<||> -} - -$config_mongodb_host = hiera('CONFIG_MONGODB_HOST_URL') - -class { '::aodh': - verbose => true, - debug => hiera('CONFIG_DEBUG_MODE'), - rabbit_host => hiera('CONFIG_AMQP_HOST_URL'), - rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), - rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'), - rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'), - rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), - kombu_ssl_ca_certs => $kombu_ssl_ca_certs, - kombu_ssl_keyfile => $kombu_ssl_keyfile, - kombu_ssl_certfile => $kombu_ssl_certfile, - database_connection => "mongodb://${config_mongodb_host}:27017/aodh", -} diff --git a/packstack/puppet/templates/apache.pp b/packstack/puppet/templates/apache.pp deleted file mode 100644 index 85b3bd3fd..000000000 --- a/packstack/puppet/templates/apache.pp +++ /dev/null @@ -1,9 +0,0 @@ -include ::apache - -if hiera('CONFIG_HORIZON_SSL') == 'y' { - package { 'mod_ssl': - ensure => installed, - } - - Package['mod_ssl'] -> Class['::apache'] -} diff --git a/packstack/puppet/templates/apache_ports.pp b/packstack/puppet/templates/apache_ports.pp deleted file mode 100644 index 0c0128b75..000000000 --- a/packstack/puppet/templates/apache_ports.pp +++ /dev/null @@ -1,21 +0,0 @@ -if hiera('CONFIG_HORIZON_SSL') == 'y' { - apache::listen { '443': } -} - -apache::listen { '5000': } -apache::listen { '35357': } - -if hiera('CONFIG_CEILOMETER_INSTALL') == 'y' { - if hiera('CONFIG_CEILOMETER_SERVICE_NAME') == 'httpd' { - apache::listen { '8777': } - } -} - -if hiera('CONFIG_AODH_INSTALL') == 'y' { - apache::listen { '8042': } -} - -if hiera('CONFIG_GNOCCHI_INSTALL') == 'y' { - apache::listen { '8041': } -} - diff --git a/packstack/puppet/templates/ceilometer.pp b/packstack/puppet/templates/ceilometer.pp deleted file mode 100644 index a638f3a8a..000000000 --- a/packstack/puppet/templates/ceilometer.pp +++ /dev/null @@ -1,95 +0,0 @@ - -$config_mongodb_host = hiera('CONFIG_MONGODB_HOST_URL') - -$config_ceilometer_coordination_backend = hiera('CONFIG_CEILOMETER_COORDINATION_BACKEND') - -$config_ceilometer_metering_backend = hiera('CONFIG_CEILOMETER_METERING_BACKEND') - -$config_gnocchi_host = hiera('CONFIG_KEYSTONE_HOST_URL') - -if $config_ceilometer_coordination_backend == 'redis' { - $redis_ha = hiera('CONFIG_REDIS_HA') - $redis_host = hiera('CONFIG_REDIS_MASTER_HOST_URL') - $redis_port = hiera('CONFIG_REDIS_PORT') - $sentinel_host = hiera('CONFIG_REDIS_SENTINEL_CONTACT_HOST') - $sentinel_host_url = hiera('CONFIG_REDIS_SENTINEL_CONTACT_HOST_URL') - $sentinel_fallbacks = hiera('CONFIG_REDIS_SENTINEL_FALLBACKS') - if ($sentinel_host != '' and $redis_ha == 'y') { - $master_name = hiera('CONFIG_REDIS_MASTER_NAME') - $sentinel_port = hiera('CONFIG_REDIS_SENTINEL_PORT') - $base_coordination_url = "redis://${sentinel_host_url}:${sentinel_port}?sentinel=${master_name}" - if $sentinel_fallbacks != '' { - $coordination_url = "${base_coordination_url}&${sentinel_fallbacks}" - } else { - $coordination_url = $base_coordination_url - } - } else { - $coordination_url = "redis://${redis_host}:${redis_port}" - } - - package { 'python-redis': ensure => present } -} else { - $coordination_url = '' -} - -if hiera('CONFIG_CEILOMETER_SERVICE_NAME') == 'ceilometer' { - $ceilometer_service_name = 'openstack-ceilometer-api' -} else { - $ceilometer_service_name = 'httpd' -} - - -class { '::ceilometer::db': - database_connection => "mongodb://${config_mongodb_host}:27017/ceilometer", -} - -class { '::ceilometer::collector': - meter_dispatcher => $config_ceilometer_metering_backend, -} - -if $config_ceilometer_metering_backend == 'gnocchi' { - - include ::gnocchi::client - class { '::ceilometer::dispatcher::gnocchi': - filter_service_activity => false, - url => "http://${config_gnocchi_host}:8041", - archive_policy => 'high', - resources_definition_file => 'gnocchi_resources.yaml', - } -} - -class { '::ceilometer::agent::notification': } - -class { '::ceilometer::agent::auth': - auth_url => hiera('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), - auth_password => hiera('CONFIG_CEILOMETER_KS_PW'), - auth_region => hiera('CONFIG_KEYSTONE_REGION'), -} - -class { '::ceilometer::agent::central': - coordination_url => $coordination_url, -} - -$bind_host = hiera('CONFIG_IP_VERSION') ? { - 'ipv6' => '::0', - default => '0.0.0.0', - # TO-DO(mmagr): Add IPv6 support when hostnames are used -} -class { '::ceilometer::api': - host => $bind_host, - keystone_auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), - keystone_identity_uri => hiera('CONFIG_KEYSTONE_ADMIN_URL'), - keystone_password => hiera('CONFIG_CEILOMETER_KS_PW'), - api_workers => $service_workers, - service_name => $ceilometer_service_name, -} - -if $ceilometer_service_name == 'httpd' { - class { '::apache': - purge_configs => false, - } - - class { '::ceilometer::wsgi::apache': - ssl => false, - } -} diff --git a/packstack/puppet/templates/ceilometer_nova_disabled.pp b/packstack/puppet/templates/ceilometer_nova_disabled.pp deleted file mode 100644 index 9bf319b21..000000000 --- a/packstack/puppet/templates/ceilometer_nova_disabled.pp +++ /dev/null @@ -1,6 +0,0 @@ -group { 'nova': - ensure => present, -} - -Group['nova'] -> Class['ceilometer'] - diff --git a/packstack/puppet/templates/ceilometer_rabbitmq.pp b/packstack/puppet/templates/ceilometer_rabbitmq.pp deleted file mode 100644 index 7d10c2fda..000000000 --- a/packstack/puppet/templates/ceilometer_rabbitmq.pp +++ /dev/null @@ -1,27 +0,0 @@ -$kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', undef) -$kombu_ssl_keyfile = hiera('CONFIG_CEILOMETER_SSL_KEY', undef) -$kombu_ssl_certfile = hiera('CONFIG_CEILOMETER_SSL_CERT', undef) - -if $kombu_ssl_keyfile { - $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] - file { $files_to_set_owner: - owner => 'ceilometer', - group => 'ceilometer', - require => Package['openstack-ceilometer-common'], - } - File[$files_to_set_owner] ~> Service<||> -} - -class { '::ceilometer': - metering_secret => hiera('CONFIG_CEILOMETER_SECRET'), - verbose => true, - debug => hiera('CONFIG_DEBUG_MODE'), - rabbit_host => hiera('CONFIG_AMQP_HOST_URL'), - rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), - rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'), - rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'), - rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), - kombu_ssl_ca_certs => $kombu_ssl_ca_certs, - kombu_ssl_keyfile => $kombu_ssl_keyfile, - kombu_ssl_certfile => $kombu_ssl_certfile, -} diff --git a/packstack/puppet/templates/chrony.pp b/packstack/puppet/templates/chrony.pp deleted file mode 100644 index 73ea58ab6..000000000 --- a/packstack/puppet/templates/chrony.pp +++ /dev/null @@ -1,98 +0,0 @@ -$cfg_ntp_server_def = hiera('CONFIG_NTP_SERVER_DEF') -$cfg_ntp_servers = hiera('CONFIG_NTP_SERVERS') - -$config_content = " -# Use public servers from the pool.ntp.org project. -# Please consider joining the pool (http://www.pool.ntp.org/join.html). -${cfg_ntp_server_def} - -# Ignore stratum in source selection. -stratumweight 0 - -# Record the rate at which the system clock gains/losses time. -driftfile /var/lib/chrony/drift - -# Enable kernel RTC synchronization. -rtcsync - -# In first three updates step the system clock instead of slew -# if the adjustment is larger than 10 seconds. -makestep 10 3 - -# Allow NTP client access from local network. -#allow 192.168/16 - -# Listen for commands only on localhost. -bindcmdaddress 127.0.0.1 -bindcmdaddress ::1 - -# Serve time even if not synchronized to any NTP server. -#local stratum 10 - -keyfile /etc/chrony.keys - -# Specify the key used as password for chronyc. -commandkey 1 - -# Generate command key if missing. -generatecommandkey - -# Disable logging of client accesses. -noclientlog - -# Send a message to syslog if a clock adjustment is larger than 0.5 seconds. -logchange 0.5 - -logdir /var/log/chrony -#log measurements statistics tracking -" - -package { 'chrony': - ensure => 'installed', - name => 'chrony', -} - -package { 'ntpdate': - ensure => 'installed', - name => 'ntpdate', -} - -file { 'chrony_conf': - ensure => file, - path => '/etc/chrony.conf', - mode => '0644', - content => $config_content, -} - -exec { 'stop-chronyd': - path => '/bin:/usr/bin:/sbin:/usr/sbin', - command => 'systemctl stop chronyd.service', - onlyif => 'systemctl status chronyd.service' -} - -# for cases where ntpd is running instead of default chronyd -service { 'ntpd': - ensure => stopped, - enable => false, -} - -exec { 'ntpdate': - command => "/usr/sbin/ntpdate ${cfg_ntp_servers}", - tries => 3, -} - -service { 'chronyd': - ensure => running, - enable => true, - name => 'chronyd', - hasstatus => true, - hasrestart => true, -} - -Package['chrony'] -> -Package['ntpdate'] -> -File['chrony_conf'] -> -Exec['stop-chronyd'] -> -Service['ntpd'] -> -Exec['ntpdate'] -> -Service['chronyd'] diff --git a/packstack/puppet/templates/cinder.pp b/packstack/puppet/templates/cinder.pp deleted file mode 100644 index 316fce7f9..000000000 --- a/packstack/puppet/templates/cinder.pp +++ /dev/null @@ -1,42 +0,0 @@ -cinder_config { - 'DEFAULT/glance_host': value => hiera('CONFIG_STORAGE_HOST_URL'); -} - -$bind_host = hiera('CONFIG_IP_VERSION') ? { - 'ipv6' => '::0', - default => '0.0.0.0', - # TO-DO(mmagr): Add IPv6 support when hostnames are used -} - -$cinder_keystone_url = regsubst(regsubst(hiera('CONFIG_KEYSTONE_PUBLIC_URL'),'/v2.0',''),'/v3','') - -class { '::cinder::api': - bind_host => $bind_host, - keystone_password => hiera('CONFIG_CINDER_KS_PW'), - keystone_tenant => 'services', - keystone_user => 'cinder', - auth_uri => $cinder_keystone_url, - identity_uri => hiera('CONFIG_KEYSTONE_ADMIN_URL'), - nova_catalog_info => 'compute:nova:publicURL', - nova_catalog_admin_info => 'compute:nova:adminURL', - service_workers => $service_workers -} - -class { '::cinder::scheduler': } - -class { '::cinder::volume': } - -class { '::cinder::client': } - -class { '::cinder::backends': - enabled_backends => hiera_array('CONFIG_CINDER_BACKEND'), -} - -$db_purge = hiera('CONFIG_CINDER_DB_PURGE_ENABLE') -if $db_purge { - class { '::cinder::cron::db_purge': - hour => '*/24', - destination => '/dev/null', - age => 1 - } -} diff --git a/packstack/puppet/templates/cinder_backup.pp b/packstack/puppet/templates/cinder_backup.pp deleted file mode 100644 index dfd667a13..000000000 --- a/packstack/puppet/templates/cinder_backup.pp +++ /dev/null @@ -1,11 +0,0 @@ -class { '::cinder::backup': } - -$cinder_backup_conf_ctrl_host = hiera('CONFIG_KEYSTONE_HOST_URL') - -class { '::cinder::backup::swift': - backup_swift_url => "http://${cinder_backup_conf_ctrl_host}:8080/v1/AUTH_", -} - -Class['cinder::api'] ~> Service['cinder-backup'] - - diff --git a/packstack/puppet/templates/cinder_ceilometer.pp b/packstack/puppet/templates/cinder_ceilometer.pp deleted file mode 100644 index 181508641..000000000 --- a/packstack/puppet/templates/cinder_ceilometer.pp +++ /dev/null @@ -1,2 +0,0 @@ - -class { '::cinder::ceilometer': } diff --git a/packstack/puppet/templates/cinder_gluster.pp b/packstack/puppet/templates/cinder_gluster.pp deleted file mode 100644 index 4ed6d7cac..000000000 --- a/packstack/puppet/templates/cinder_gluster.pp +++ /dev/null @@ -1,15 +0,0 @@ -package { 'glusterfs-fuse': - ensure => present, -} - -cinder::backend::glusterfs { 'gluster': - glusterfs_shares => hiera_array('CONFIG_CINDER_GLUSTER_MOUNTS'), - require => Package['glusterfs-fuse'], - glusterfs_shares_config => '/etc/cinder/glusterfs_shares.conf', -} - -cinder::type { 'glusterfs': - set_key => 'volume_backend_name', - set_value => 'gluster', - require => Class['cinder::api'], -} diff --git a/packstack/puppet/templates/cinder_lvm.pp b/packstack/puppet/templates/cinder_lvm.pp deleted file mode 100644 index 653b17c18..000000000 --- a/packstack/puppet/templates/cinder_lvm.pp +++ /dev/null @@ -1,94 +0,0 @@ -$create_cinder_volume = hiera('CONFIG_CINDER_VOLUMES_CREATE') - -if $create_cinder_volume == 'y' { - # Find an available loop device - $loop_dev = chomp(generate('/usr/sbin/losetup', '-f')) - - class { '::cinder::setup_test_volume': - size => hiera('CONFIG_CINDER_VOLUMES_SIZE'), - loopback_device => $loop_dev, - volume_path => '/var/lib/cinder', - volume_name => 'cinder-volumes', - } - - # Add loop device on boot - $el_releases = ['RedHat', 'CentOS', 'Scientific'] - if $::operatingsystem in $el_releases and (versioncmp($::operatingsystemmajrelease, '7') < 0) { - - file_line{ 'rc.local_losetup_cinder_volume': - path => '/etc/rc.d/rc.local', - match => '^.*/var/lib/cinder/cinder-volumes.*$', - line => 'losetup -f /var/lib/cinder/cinder-volumes && service openstack-cinder-volume restart', - } - - file { '/etc/rc.d/rc.local': - mode => '0755', - } - - } else { - - file { 'openstack-losetup': - path => '/usr/lib/systemd/system/openstack-losetup.service', - before => Service['openstack-losetup'], - notify => Exec['/usr/bin/systemctl daemon-reload'], - content => '[Unit] -Description=Setup cinder-volume loop device -DefaultDependencies=false -Before=openstack-cinder-volume.service -After=local-fs.target - -[Service] -Type=oneshot -ExecStart=/usr/bin/sh -c \'/usr/sbin/losetup -j /var/lib/cinder/cinder-volumes | /usr/bin/grep /var/lib/cinder/cinder-volumes || /usr/sbin/losetup -f /var/lib/cinder/cinder-volumes\' -ExecStop=/usr/bin/sh -c \'/usr/sbin/losetup -j /var/lib/cinder/cinder-volumes | /usr/bin/cut -d : -f 1 | /usr/bin/xargs /usr/sbin/losetup -d\' -TimeoutSec=60 -RemainAfterExit=yes - -[Install] -RequiredBy=openstack-cinder-volume.service', - } - - exec { '/usr/bin/systemctl daemon-reload': - refreshonly => true, - before => Service['openstack-losetup'], - } - - service { 'openstack-losetup': - ensure => running, - enable => true, - require => Class['cinder::setup_test_volume'], - } - - } -} -else { - package {'lvm2': - ensure => 'present', - } -} - - -file_line { 'snapshot_autoextend_threshold': - path => '/etc/lvm/lvm.conf', - match => '^\s*snapshot_autoextend_threshold +=.*', - line => ' snapshot_autoextend_threshold = 80', - require => Package['lvm2'], -} - -file_line { 'snapshot_autoextend_percent': - path => '/etc/lvm/lvm.conf', - match => '^\s*snapshot_autoextend_percent +=.*', - line => ' snapshot_autoextend_percent = 20', - require => Package['lvm2'], -} - -cinder::backend::iscsi { 'lvm': - iscsi_ip_address => hiera('CONFIG_STORAGE_HOST_URL'), - require => Package['lvm2'], -} - -cinder::type { 'iscsi': - set_key => 'volume_backend_name', - set_value => 'lvm', - require => Class['cinder::api'], -} diff --git a/packstack/puppet/templates/cinder_netapp.pp b/packstack/puppet/templates/cinder_netapp.pp deleted file mode 100644 index 20ebf844f..000000000 --- a/packstack/puppet/templates/cinder_netapp.pp +++ /dev/null @@ -1,132 +0,0 @@ -# Copyright (c) – 2014, Ryan Hefner. All rights reserved. - -$netapp_storage_family = hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY') -$netapp_storage_protocol = hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL') -$netapp_backend_name = 'netapp' - -if $netapp_storage_family == 'ontap_cluster' { - if $netapp_storage_protocol == 'nfs' { - cinder::backend::netapp { $netapp_backend_name: - netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'), - netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'), - netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'), - netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'), - netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'), - netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'), - netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'), - netapp_vserver => hiera('CONFIG_CINDER_NETAPP_VSERVER'), - expiry_thres_minutes => hiera('CONFIG_CINDER_NETAPP_EXPIRY_THRES_MINUTES'), - thres_avl_size_perc_start => hiera('CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_START'), - thres_avl_size_perc_stop => hiera('CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_STOP'), - nfs_shares => hiera_array('CONFIG_CINDER_NETAPP_NFS_SHARES'), - nfs_shares_config => hiera('CONFIG_CINDER_NETAPP_NFS_SHARES_CONFIG'), - } - - package { 'nfs-utils': ensure => present } - } - elsif $netapp_storage_protocol == 'iscsi' { - cinder::backend::netapp { $netapp_backend_name: - netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'), - netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'), - netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'), - netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'), - netapp_size_multiplier => hiera('CONFIG_CINDER_NETAPP_SIZE_MULTIPLIER'), - netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'), - netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'), - netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'), - netapp_vserver => hiera('CONFIG_CINDER_NETAPP_VSERVER'), - } - - package { 'iscsi-initiator-utils': ensure => present } - } - - elsif $netapp_storage_protocol == 'fc' { - cinder::backend::netapp { $netapp_backend_name: - netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'), - netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'), - netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'), - netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'), - netapp_size_multiplier => hiera('CONFIG_CINDER_NETAPP_SIZE_MULTIPLIER'), - netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'), - netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'), - netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'), - netapp_vserver => hiera('CONFIG_CINDER_NETAPP_VSERVER'), - } - } -} -elsif $netapp_storage_family == 'ontap_7mode' { - if $netapp_storage_protocol == 'nfs' { - cinder::backend::netapp { $netapp_backend_name: - netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'), - netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'), - netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'), - netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'), - netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'), - netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'), - netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'), - expiry_thres_minutes => hiera('CONFIG_CINDER_NETAPP_EXPIRY_THRES_MINUTES'), - thres_avl_size_perc_start => hiera('CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_START'), - thres_avl_size_perc_stop => hiera('CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_STOP'), - nfs_shares => hiera_array('CONFIG_CINDER_NETAPP_NFS_SHARES'), - nfs_shares_config => hiera('CONFIG_CINDER_NETAPP_NFS_SHARES_CONFIG'), - } - - package { 'nfs-utils': ensure => present } - } - elsif $netapp_storage_protocol == 'iscsi' { - cinder::backend::netapp { $netapp_backend_name: - netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'), - netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'), - netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'), - netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'), - netapp_size_multiplier => hiera('CONFIG_CINDER_NETAPP_SIZE_MULTIPLIER'), - netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'), - netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'), - netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'), - netapp_vfiler => hiera('CONFIG_CINDER_NETAPP_VFILER'), - netapp_volume_list => hiera('CONFIG_CINDER_NETAPP_VOLUME_LIST'), - } - - package { 'iscsi-initiator-utils': ensure => present } - } - - elsif $netapp_storage_protocol == 'fc' { - cinder::backend::netapp { $netapp_backend_name: - netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'), - netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'), - netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'), - netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'), - netapp_size_multiplier => hiera('CONFIG_CINDER_NETAPP_SIZE_MULTIPLIER'), - netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'), - netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'), - netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'), - netapp_vfiler => hiera('CONFIG_CINDER_NETAPP_VFILER'), - netapp_partner_backend_name => hiera('CONFIG_CINDER_NETAPP_PARTNER_BACKEND_NAME'), - netapp_volume_list => hiera('CONFIG_CINDER_NETAPP_VOLUME_LIST'), - } - } -} -elsif $netapp_storage_family == 'eseries' { - cinder::backend::netapp { $netapp_backend_name: - netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'), - netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'), - netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'), - netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'), - netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'), - netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'), - netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'), - netapp_controller_ips => hiera('CONFIG_CINDER_NETAPP_CONTROLLER_IPS'), - netapp_sa_password => hiera('CONFIG_CINDER_NETAPP_SA_PASSWORD'), - netapp_storage_pools => hiera('CONFIG_CINDER_NETAPP_STORAGE_POOLS'), - netapp_eseries_host_type => hiera('CONFIG_CINDER_NETAPP_ESERIES_HOST_TYPE'), - netapp_webservice_path => hiera('CONFIG_CINDER_NETAPP_WEBSERVICE_PATH'), - } - - package { 'iscsi-initiator-utils': ensure => present } -} - -cinder::type { $netapp_backend_name: - set_key => 'volume_backend_name', - set_value => $netapp_backend_name, - require => Class['cinder::api'], -} diff --git a/packstack/puppet/templates/cinder_nfs.pp b/packstack/puppet/templates/cinder_nfs.pp deleted file mode 100644 index 7d6a6b0c0..000000000 --- a/packstack/puppet/templates/cinder_nfs.pp +++ /dev/null @@ -1,13 +0,0 @@ -package { 'nfs-utils': ensure => present } - -cinder::backend::nfs { 'nfs': - nfs_servers => hiera_array('CONFIG_CINDER_NFS_MOUNTS'), - require => Package['nfs-utils'], - nfs_shares_config => '/etc/cinder/nfs_shares.conf', -} - -cinder::type { 'nfs': - set_key => 'volume_backend_name', - set_value => 'nfs', - require => Class['cinder::api'], -} diff --git a/packstack/puppet/templates/cinder_rabbitmq.pp b/packstack/puppet/templates/cinder_rabbitmq.pp deleted file mode 100644 index 3538e4ffe..000000000 --- a/packstack/puppet/templates/cinder_rabbitmq.pp +++ /dev/null @@ -1,30 +0,0 @@ -$cinder_rab_cfg_cinder_db_pw = hiera('CONFIG_CINDER_DB_PW') -$cinder_rab_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST_URL') - -$kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', undef) -$kombu_ssl_keyfile = hiera('CONFIG_CINDER_SSL_KEY', undef) -$kombu_ssl_certfile = hiera('CONFIG_CINDER_SSL_CERT', undef) - -if $kombu_ssl_keyfile { - $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] - file { $files_to_set_owner: - owner => 'cinder', - group => 'cinder', - require => Class['cinder'], - notify => Service['cinder-api'], - } -} - -class { '::cinder': - rabbit_host => hiera('CONFIG_AMQP_HOST_URL'), - rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), - rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'), - rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'), - rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), - database_connection => "mysql+pymysql://cinder:${cinder_rab_cfg_cinder_db_pw}@${cinder_rab_cfg_mariadb_host}/cinder", - verbose => true, - debug => hiera('CONFIG_DEBUG_MODE'), - kombu_ssl_ca_certs => $kombu_ssl_ca_certs, - kombu_ssl_keyfile => $kombu_ssl_keyfile, - kombu_ssl_certfile => $kombu_ssl_certfile, -} diff --git a/packstack/puppet/templates/cinder_solidfire.pp b/packstack/puppet/templates/cinder_solidfire.pp deleted file mode 100644 index a8adbf586..000000000 --- a/packstack/puppet/templates/cinder_solidfire.pp +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright (c) – 2016, Edward Balduf. All rights reserved. - -$solidfire_backend_name = 'solidfire' - -cinder::backend::solidfire { $solidfire_backend_name : - san_ip => hiera('CONFIG_CINDER_SOLIDFIRE_LOGIN'), - san_login => hiera('CONFIG_CINDER_SOLIDFIRE_PASSWORD'), - san_password => hiera('CONFIG_CINDER_SOLIDFIRE_HOSTNAME'), - volume_backend_name => $solidfire_backend_name, -} - -package { 'iscsi-initiator-utils': ensure => present } - -cinder::type { $solidfire_backend_name: - set_key => 'volume_backend_name', - set_value => $solidfire_backend_name, - require => Class['cinder::api'], -} diff --git a/packstack/puppet/templates/cinder_vmdk.pp b/packstack/puppet/templates/cinder_vmdk.pp deleted file mode 100644 index 7d9405fba..000000000 --- a/packstack/puppet/templates/cinder_vmdk.pp +++ /dev/null @@ -1,11 +0,0 @@ -cinder::backend::vmdk { 'vmdk': - host_ip => hiera('CONFIG_VCENTER_HOST'), - host_username => hiera('CONFIG_VCENTER_USER'), - host_password => hiera('CONFIG_VCENTER_PASSWORD'), -} - -cinder::type { 'vmdk': - set_key => 'volume_backend_name', - set_value => 'vmdk', - require => Class['cinder::api'], -} diff --git a/packstack/puppet/templates/compute.pp b/packstack/puppet/templates/compute.pp new file mode 100644 index 000000000..ac12b7fbf --- /dev/null +++ b/packstack/puppet/templates/compute.pp @@ -0,0 +1,73 @@ +stage { "init": before => Stage["main"] } + +Exec { timeout => hiera('DEFAULT_EXEC_TIMEOUT') } + +class {'::packstack::prereqs': + stage => init, +} + +create_resources(sshkey, hiera('SSH_KEYS', {})) + +if hiera('CONFIG_NTP_SERVERS', undef) != undef { + include '::packstack::chrony' +} + +if hiera('CONFIG_CEILOMETER_INSTALL') == 'y' { + include '::packstack::nova::ceilometer::rabbitmq' + include '::packstack::nova::ceilometer' +} + +include '::packstack::nova' +include '::packstack::nova::common' +include '::packstack::nova::compute' + +if hiera('CONFIG_VMWARE_BACKEND') == 'y' { + include '::packstack::nova::compute::vmware' +} elsif hiera('CONFIG_IRONIC_INSTALL') == 'y' { + include '::packstack::nova::compute::ironic' +} else { + include '::packstack::nova::compute::libvirt' +} + +if hiera('CONFIG_VMWARE_BACKEND') == 'y' and + hiera('CONFIG_CINDER_INSTALL') == 'y' { + if 'gluster' in hiera_array('CONFIG_CINDER_BACKEND') { + include '::packstack::nova::gluster' + } + if 'nfs' in hiera_array('CONFIG_CINDER_BACKEND') { + include '::packstack::nova::nfs' + } +} + +if hiera('CONFIG_NEUTRON_INSTALL') == 'y' { + include '::packstack::nova::neutron' + include '::packstack::neutron::rabbitmq' + case hiera('CONFIG_NEUTRON_L2_AGENT') { + 'openvswitch': { include '::packstack::neutron::ovs_agent' } + '': { include '::packstack::neutron::lb_agent' } + default: { include '::packstack::neutron::ovs_agent' } + } + include '::packstack::neutron::bridge' + + if 'sriovnicswitch' in hiera_array('CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS') and + hiera ('CONFIG_NEUTRON_L2_AGENT') == 'openvswitch' { + include '::packstack::neutron::sriov' + } +} else { + include '::packstack::nova::network::libvirt' + + $multihost = hiera('CONFIG_NOVA_NETWORK_MULTIHOST') + $network_hosts = split(hiera('CONFIG_NETWORK_HOSTS'),',') + if $multihost { + if ! member($network_hosts, choose_my_ip(hiera('HOST_LIST'))) { + include '::packstack::nova::metadata' + } + } + if ! member($network_hosts, choose_my_ip(hiera('HOST_LIST'))) { + include '::packstack::nova::compute::flat' + } +} + +if hiera('CONFIG_NAGIOS_INSTALL') == 'y' { + include '::packstack::nagios::nrpe' +} diff --git a/packstack/puppet/templates/controller.pp b/packstack/puppet/templates/controller.pp new file mode 100644 index 000000000..8c80deb29 --- /dev/null +++ b/packstack/puppet/templates/controller.pp @@ -0,0 +1,199 @@ +stage { "init": before => Stage["main"] } + +Exec { timeout => hiera('DEFAULT_EXEC_TIMEOUT') } + +class {'::packstack::prereqs': + stage => init, +} + +if hiera('CONFIG_NTP_SERVERS', undef) != undef { + include '::packstack::chrony' +} + +include '::packstack::amqp' +include '::packstack::mariadb' + +if hiera('CONFIG_MARIADB_INSTALL') == 'y' { + include 'packstack::mariadb::services' +} else { + include 'packstack::mariadb::services_remote' +} + +include '::packstack::apache' +include '::packstack::keystone' + +if hiera('CONFIG_GLANCE_INSTALL') == 'y' { + include '::packstack::keystone::glance' + include '::packstack::glance' + if hiera('CONFIG_CEILOMETER_INSTALL') == 'y' { + include '::packstack::glance::ceilometer' + } + if hiera('CONFIG_GLANCE_BACKEND') == 'swift' { + include '::packstack::glance::backend::swift' + } else { + include '::packstack::glance::backend::file' + } +} + +if hiera('CONFIG_CINDER_INSTALL') == 'y' { + include '::packstack::keystone::cinder' + include '::packstack::cinder' + include '::packstack::cinder::rabbitmq' + if hiera('CONFIG_CEILOMETER_INSTALL') == 'y' { + include '::packstack::cinder::ceilometer' + } + if hiera('CONFIG_SWIFT_INSTALL') == 'y' { + include '::packstack::cinder::backup' + } + + case hiera('CONFIG_CINDER_BACKEND') { + 'lvm': { include '::packstack::cinder::backend::lvm' } + 'gluster': { include '::packstack::cinder::backend::gluster' } + 'nfs': { include '::packstack::cinder::backend::nfs' } + 'vmdk': { include '::packstack::cinder::backend::vmdk' } + 'netapp': { include '::packstack::cinder::backend::netapp' } + 'solidfire': { include '::packstack::cinder::backend::solidfire' } + default: { include '::packstack::cinder::backend::lvm' } + } +} + +if hiera('CONFIG_IRONIC_INSTALL') == 'y' { + include '::packstack::keystone::ironic' + include '::packstack::ironic' + include '::packstack::ironic::rabbitmq' +} + +if hiera('CONFIG_NOVA_INSTALL') == 'y' { + include '::packstack::keystone::nova' + include '::packstack::nova' + include '::packstack::nova::common' + include '::packstack::nova::api' + + include '::packstack::nova::cert' + include '::packstack::nova::conductor' + if hiera('CONFIG_IRONIC_INSTALL') == 'y' { + include '::packstack::nova::sched::ironic' + } + include '::packstack::nova::sched' + include '::packstack::nova::vncproxy' + if hiera('CONFIG_NEUTRON_INSTALL') == 'y' { + include '::packstack::nova::neutron' + } else { + include '::packstack::nova::network' + } +} + +if hiera('CONFIG_NEUTRON_INSTALL') == 'y' { + include '::packstack::keystone::neutron' + include '::packstack::neutron::rabbitmq' + include '::packstack::neutron::api' + if hiera('CONFIG_NOVA_INSTALL') == 'y' { + include '::packstack::neutron::notifications' + } + include '::packstack::neutron::ml2' +} + +if hiera('CONFIG_MANILA_INSTALL') == 'y' { + include '::packstack::keystone::manila' + include '::packstack::manila' + include '::packstack::manila::rabbitmq' + if 'generic' in hiera_array('CONFIG_MANILA_BACKEND') { + include '::packstack::manila::backend::generic' + } + if 'netapp' in hiera_array('CONFIG_MANILA_BACKEND') { + include '::packstack::manila::backend::netapp' + } + if 'glusternative' in hiera_array('CONFIG_MANILA_BACKEND') { + include '::packstack::manila::backend::glusternative' + } + if 'glusternfs' in hiera_array('CONFIG_MANILA_BACKEND') { + include '::packstack::manila::backend::glusternfs' + } +} + +include '::packstack::openstackclient' + +if hiera('CONFIG_HORIZON_INSTALL') == 'y' { + include '::packstack::horizon' +} + +if hiera('CONFIG_SWIFT_INSTALL') == 'y' { + include '::packstack::keystone::swift' + include '::packstack::swift' + include '::packstack::swift::ringbuilder' + include '::packstack::swift::proxy' + include '::packstack::swift::storage' + if hiera('CONFIG_CEILOMETER_INSTALL') == 'y' { + include '::packstack::swift::ceilometer' + } +} + +if hiera('CONFIG_HEAT_INSTALL') == 'y' { + include '::packstack::keystone::heat' + include '::packstack::heat::rabbitmq' + include '::packstack::heat' + if hiera('CONFIG_HEAT_CLOUDWATCH_INSTALL') == 'y' { + include '::packstack::heat::cloudwatch' + } + if hiera('CONFIG_HEAT_CFN_INSTALL') == 'y' { + include '::packstack::heat::cfn' + } +} + +if hiera('CONFIG_PROVISION_DEMO') == 'y' or hiera('CONFIG_PROVISION_TEMPEST') == 'y' { + include '::packstack::provision' + if hiera('CONFIG_GLANCE_INSTALL') == 'y' { + include '::packstack::provision::glance' + } +} + +if hiera('CONFIG_PROVISION_TEMPEST') == 'y' { + include '::packstack::provision::tempest' +} + + +if hiera('CONFIG_PROVISION_TEMPEST') == 'y' { + include '::packstack::provision::tempest' +} + +if hiera('CONFIG_CEILOMETER_INSTALL') == 'y' and hiera('CONFIG_GNOCCHI_INSTALL') == 'y' { + include '::packstack::keystone::gnocchi' + include '::packstack::gnocchi' +} + +if hiera('CONFIG_CEILOMETER_INSTALL') == 'y' { + include '::packstack::mongodb' + include '::packstack::keystone::ceilometer' + include '::packstack::ceilometer::rabbitmq' + include '::packstack::ceilometer' + if hiera('CONFIG_NOVA_INSTALL') == 'n' { + include '::packstack::ceilometer::nova_disabled' + } + include '::packstack::redis' +} + +if hiera('CONFIG_CEILOMETER_INSTALL') == 'y' and hiera('CONFIG_AODH_INSTALL') == 'y' { + include '::packstack::keystone::aodh' + include '::packstack::aodh::rabbitmq' + include '::packstack::aodh' +} + +if hiera('CONFIG_TROVE_INSTALL') == 'y' { + include '::packstack::keystone::trove' + include '::packstack::trove::rabbitmq' + include '::packstack::trove' +} + +if hiera('CONFIG_SAHARA_INSTALL') == 'y' { + include '::packstack::keystone::sahara' + include '::packstack::sahara::rabbitmq' + include '::packstack::sahara' + if hiera('CONFIG_CEILOMETER_INSTALL') == 'y' { + include '::packstack::sahara::ceilometer' + } +} + +if hiera('CONFIG_NAGIOS_INSTALL') == 'y' { + include '::packstack::nagios::server' + include '::packstack::nagios::nrpe' +} diff --git a/packstack/puppet/templates/glance.pp b/packstack/puppet/templates/glance.pp deleted file mode 100644 index d83880908..000000000 --- a/packstack/puppet/templates/glance.pp +++ /dev/null @@ -1,46 +0,0 @@ -$glance_ks_pw = hiera('CONFIG_GLANCE_DB_PW') -$glance_mariadb_host = hiera('CONFIG_MARIADB_HOST_URL') -$glance_cfg_ctrl_host = hiera('CONFIG_KEYSTONE_HOST_URL') - -# glance option bind_host requires address without brackets -$bind_host = hiera('CONFIG_IP_VERSION') ? { - 'ipv6' => '::0', - default => '0.0.0.0', - # TO-DO(mmagr): Add IPv6 support when hostnames are used -} -# magical hack for magical config - glance option registry_host requires brackets -$registry_host = hiera('CONFIG_IP_VERSION') ? { - 'ipv6' => '[::0]', - default => '0.0.0.0', - # TO-DO(mmagr): Add IPv6 support when hostnames are used -} - -class { '::glance::api': - bind_host => $bind_host, - registry_host => $registry_host, - auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), - identity_uri => hiera('CONFIG_KEYSTONE_ADMIN_URL'), - keystone_tenant => 'services', - keystone_user => 'glance', - keystone_password => hiera('CONFIG_GLANCE_KS_PW'), - pipeline => 'keystone', - database_connection => "mysql+pymysql://glance:${glance_ks_pw}@${glance_mariadb_host}/glance", - verbose => true, - debug => hiera('CONFIG_DEBUG_MODE'), - os_region_name => hiera('CONFIG_KEYSTONE_REGION'), - workers => $service_workers, - known_stores => ['file', 'http', 'swift'] -} - -class { '::glance::registry': - auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), - identity_uri => hiera('CONFIG_KEYSTONE_ADMIN_URL'), - bind_host => $bind_host, - keystone_tenant => 'services', - keystone_user => 'glance', - keystone_password => hiera('CONFIG_GLANCE_KS_PW'), - database_connection => "mysql+pymysql://glance:${glance_ks_pw}@${glance_mariadb_host}/glance", - verbose => true, - debug => hiera('CONFIG_DEBUG_MODE'), - workers => $service_workers -} diff --git a/packstack/puppet/templates/glance_ceilometer_rabbitmq.pp b/packstack/puppet/templates/glance_ceilometer_rabbitmq.pp deleted file mode 100644 index 45c8cfbb7..000000000 --- a/packstack/puppet/templates/glance_ceilometer_rabbitmq.pp +++ /dev/null @@ -1,26 +0,0 @@ -$kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', undef) -$kombu_ssl_keyfile = hiera('CONFIG_GLANCE_SSL_KEY', undef) -$kombu_ssl_certfile = hiera('CONFIG_GLANCE_SSL_CERT', undef) - -if $kombu_ssl_keyfile { - $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] - file { $files_to_set_owner: - owner => 'glance', - group => 'glance', - require => Class['::glance::notify::rabbitmq'], - notify => Service['glance-api'], - } -} -class { '::glance::notify::rabbitmq': - rabbit_host => hiera('CONFIG_AMQP_HOST_URL'), - rabbit_notification_exchange => 'glance', - rabbit_notification_topic => 'notifications', - rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), - rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'), - rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'), - rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), - kombu_ssl_ca_certs => $kombu_ssl_ca_certs, - kombu_ssl_keyfile => $kombu_ssl_keyfile, - kombu_ssl_certfile => $kombu_ssl_certfile, - notification_driver => 'messagingv2', -} diff --git a/packstack/puppet/templates/glance_file.pp b/packstack/puppet/templates/glance_file.pp deleted file mode 100644 index 2ceb47588..000000000 --- a/packstack/puppet/templates/glance_file.pp +++ /dev/null @@ -1,5 +0,0 @@ - -# TO-DO: Make this configurable -class { '::glance::backend::file': - filesystem_store_datadir => '/var/lib/glance/images/', -} diff --git a/packstack/puppet/templates/glance_swift.pp b/packstack/puppet/templates/glance_swift.pp deleted file mode 100644 index 6df40af1f..000000000 --- a/packstack/puppet/templates/glance_swift.pp +++ /dev/null @@ -1,9 +0,0 @@ -class { '::glance::backend::swift': - swift_store_user => 'services:glance', - swift_store_key => hiera('CONFIG_GLANCE_KS_PW'), - swift_store_auth_address => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), - swift_store_container => 'glance', - swift_store_auth_version => '2', - swift_store_large_object_size => '5120', - swift_store_create_container_on_put => true, -} diff --git a/packstack/puppet/templates/global.pp b/packstack/puppet/templates/global.pp deleted file mode 100644 index fea892641..000000000 --- a/packstack/puppet/templates/global.pp +++ /dev/null @@ -1,10 +0,0 @@ - -$use_subnets_value = hiera('CONFIG_USE_SUBNETS') -$use_subnets = $use_subnets_value ? { - 'y' => true, - default => false, -} - -$service_workers = hiera('CONFIG_SERVICE_WORKERS') - -Exec { timeout => hiera('DEFAULT_EXEC_TIMEOUT') } diff --git a/packstack/puppet/templates/gnocchi.pp b/packstack/puppet/templates/gnocchi.pp deleted file mode 100644 index a492e184a..000000000 --- a/packstack/puppet/templates/gnocchi.pp +++ /dev/null @@ -1,49 +0,0 @@ -$gnocchi_cfg_db_pw = hiera('CONFIG_GNOCCHI_DB_PW') -$gnocchi_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST_URL') - -class { '::apache': - purge_configs => false, -} - -class { '::gnocchi::wsgi::apache': - workers => $service_workers, - ssl => false -} - -class { '::gnocchi': - database_connection => "mysql+pymysql://gnocchi:${gnocchi_cfg_db_pw}@${gnocchi_cfg_mariadb_host}/gnocchi?charset=utf8", -} - -$bind_host = hiera('CONFIG_IP_VERSION') ? { - 'ipv6' => '::0', - default => '0.0.0.0', -} - -class { '::gnocchi::api': - host => $bind_host, - keystone_identity_uri => hiera('CONFIG_KEYSTONE_ADMIN_URL'), - keystone_password => hiera('CONFIG_GNOCCHI_KS_PW'), - keystone_auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), - service_name => 'httpd', -} - -# TO-DO: Remove this workaround as soon as module support is implemented (see rhbz#1300662) -gnocchi_config { - 'keystone_authtoken/auth_version': value => hiera('CONFIG_KEYSTONE_API_VERSION'); -} - -class { '::gnocchi::db::sync': } -class { '::gnocchi::storage': } -class { '::gnocchi::storage::file': } - -class {'::gnocchi::metricd': } - -class {'::gnocchi::statsd': - resource_id => '5e3fcbe2-7aab-475d-b42c-a440aa42e5ad', - user_id => 'e0ca4711-1128-422c-abd6-62db246c32e7', - project_id => 'af0c88e8-90d8-4795-9efe-57f965e67318', - archive_policy_name => 'high', - flush_delay => '10', -} - -include ::gnocchi::client diff --git a/packstack/puppet/templates/heat.pp b/packstack/puppet/templates/heat.pp deleted file mode 100644 index 5fce8d066..000000000 --- a/packstack/puppet/templates/heat.pp +++ /dev/null @@ -1,25 +0,0 @@ - -class { '::heat::api': } - -$keystone_admin = hiera('CONFIG_KEYSTONE_ADMIN_USERNAME') -$heat_cfg_ctrl_host = hiera('CONFIG_KEYSTONE_HOST_URL') - -class { '::heat::engine': - heat_metadata_server_url => "http://${heat_cfg_ctrl_host}:8000", - heat_waitcondition_server_url => "http://${heat_cfg_ctrl_host}:8000/v1/waitcondition", - heat_watch_server_url => "http://${heat_cfg_ctrl_host}:8003", - auth_encryption_key => hiera('CONFIG_HEAT_AUTH_ENC_KEY'), -} - -keystone_user_role { "${keystone_admin}@admin": - ensure => present, - roles => ['admin', '_member_', 'heat_stack_owner'], - require => Class['heat::engine'], -} - -class { '::heat::keystone::domain': - domain_name => hiera('CONFIG_HEAT_DOMAIN'), - domain_admin => hiera('CONFIG_HEAT_DOMAIN_ADMIN'), - domain_password => hiera('CONFIG_HEAT_DOMAIN_PASSWORD'), -} - diff --git a/packstack/puppet/templates/heat_cfn.pp b/packstack/puppet/templates/heat_cfn.pp deleted file mode 100644 index ed9c24dc0..000000000 --- a/packstack/puppet/templates/heat_cfn.pp +++ /dev/null @@ -1,13 +0,0 @@ - -class { '::heat::api_cfn': - workers => $service_workers -} - -$heat_cfn_cfg_ctrl_host = hiera('CONFIG_KEYSTONE_HOST_URL') - -class { '::heat::keystone::auth_cfn': - admin_url => "http://$heat_cfn_cfg_ctrl_host:8000/v1", - public_url => "http://$heat_cfn_cfg_ctrl_host:8000/v1", - internal_url => "http://$heat_cfn_cfg_ctrl_host:8000/v1", - password => hiera('CONFIG_HEAT_KS_PW'), -} diff --git a/packstack/puppet/templates/heat_cloudwatch.pp b/packstack/puppet/templates/heat_cloudwatch.pp deleted file mode 100644 index 3cf7e0696..000000000 --- a/packstack/puppet/templates/heat_cloudwatch.pp +++ /dev/null @@ -1,5 +0,0 @@ - -class { '::heat::api_cloudwatch': - workers => $service_workers -} - diff --git a/packstack/puppet/templates/heat_rabbitmq.pp b/packstack/puppet/templates/heat_rabbitmq.pp deleted file mode 100644 index c155eab64..000000000 --- a/packstack/puppet/templates/heat_rabbitmq.pp +++ /dev/null @@ -1,43 +0,0 @@ -$heat_rabbitmq_cfg_heat_db_pw = hiera('CONFIG_HEAT_DB_PW') -$heat_rabbitmq_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST_URL') - -$kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', $::os_service_default) -$kombu_ssl_keyfile = hiera('CONFIG_HEAT_SSL_KEY', $::os_service_default) -$kombu_ssl_certfile = hiera('CONFIG_HEAT_SSL_CERT', $::os_service_default) - -if ! is_service_default($kombu_ssl_keyfile) { - $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] - file { $files_to_set_owner: - owner => 'heat', - group => 'heat', - require => Package['heat-common'], - } - File[$files_to_set_owner] ~> Service<||> -} - - -if hiera('CONFIG_CEILOMETER_INSTALL') == 'y' { - $heat_notification_driver = 'messagingv2' -} else { - $heat_notification_driver = $::os_service_default -} - -class { '::heat': - keystone_password => hiera('CONFIG_HEAT_KS_PW'), - auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), - identity_uri => hiera('CONFIG_KEYSTONE_ADMIN_URL'), - keystone_ec2_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), - rpc_backend => 'rabbit', - rabbit_host => hiera('CONFIG_AMQP_HOST_URL'), - rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), - rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'), - rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'), - rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), - verbose => true, - debug => hiera('CONFIG_DEBUG_MODE'), - database_connection => "mysql+pymysql://heat:${heat_rabbitmq_cfg_heat_db_pw}@${heat_rabbitmq_cfg_mariadb_host}/heat", - kombu_ssl_ca_certs => $kombu_ssl_ca_certs, - kombu_ssl_keyfile => $kombu_ssl_keyfile, - kombu_ssl_certfile => $kombu_ssl_certfile, - notification_driver => $heat_notification_driver, -} diff --git a/packstack/puppet/templates/horizon.pp b/packstack/puppet/templates/horizon.pp deleted file mode 100644 index f1077b045..000000000 --- a/packstack/puppet/templates/horizon.pp +++ /dev/null @@ -1,78 +0,0 @@ -$horizon_packages = ['python-netaddr'] - -package { $horizon_packages: - ensure => present, - notify => Class['horizon'], -} - -$is_django_debug = hiera('CONFIG_DEBUG_MODE') ? { - true => 'True', - false => 'False', -} - -$bind_host = hiera('CONFIG_IP_VERSION') ? { - 'ipv6' => '::0', - default => '0.0.0.0', - # TO-DO(mmagr): Add IPv6 support when hostnames are used -} - -$horizon_ssl = hiera('CONFIG_HORIZON_SSL') ? { - 'y' => true, - 'n' => false, -} - -class { '::apache': - purge_configs => false, -} - -class {'::horizon': - secret_key => hiera('CONFIG_HORIZON_SECRET_KEY'), - keystone_url => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), - keystone_default_role => '_member_', - server_aliases => [hiera('CONFIG_CONTROLLER_HOST'), $::fqdn, 'localhost'], - allowed_hosts => '*', - hypervisor_options => {'can_set_mount_point' => false, }, - django_debug => $is_django_debug, - django_session_engine => 'django.contrib.sessions.backends.cache', - cache_backend => 'django.core.cache.backends.memcached.MemcachedCache', - cache_server_ip => '127.0.0.1', - cache_server_port => '11211', - file_upload_temp_dir => '/var/tmp', - listen_ssl => $horizon_ssl, - horizon_cert => hiera('CONFIG_HORIZON_SSL_CERT', undef), - horizon_key => hiera('CONFIG_HORIZON_SSL_KEY', undef), - horizon_ca => hiera('CONFIG_HORIZON_SSL_CACERT', undef), - neutron_options => { - 'enable_lb' => hiera('CONFIG_HORIZON_NEUTRON_LB'), - 'enable_firewall' => hiera('CONFIG_HORIZON_NEUTRON_FW'), - 'enable_vpn' => hiera('CONFIG_HORIZON_NEUTRON_VPN'), - }, -} - -# hack for memcached, for now we bind to localhost on ipv6 -# https://bugzilla.redhat.com/show_bug.cgi?id=1210658 -$memcached_bind_host = hiera('CONFIG_IP_VERSION') ? { - 'ipv6' => 'localhost6', - default => '0.0.0.0', - # TO-DO(mmagr): Add IPv6 support when hostnames are used -} - -class { '::memcached': - listen_ip => $memcached_bind_host, - max_memory => '10%%', -} - -$firewall_port = hiera('CONFIG_HORIZON_PORT') - -firewall { "001 horizon ${firewall_port} incoming": - proto => 'tcp', - dport => [$firewall_port], - action => 'accept', -} - -if str2bool($::selinux) { - selboolean{ 'httpd_can_network_connect': - value => on, - persistent => true, - } -} diff --git a/packstack/puppet/templates/ironic.pp b/packstack/puppet/templates/ironic.pp deleted file mode 100644 index d87316c0b..000000000 --- a/packstack/puppet/templates/ironic.pp +++ /dev/null @@ -1,12 +0,0 @@ -ironic_config { - 'glance/glance_host': value => hiera('CONFIG_STORAGE_HOST_URL'); -} - -class { '::ironic::api': - auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), - admin_password => hiera('CONFIG_IRONIC_KS_PW'), -} - -class { '::ironic::client': } - -class { '::ironic::conductor': } diff --git a/packstack/puppet/templates/ironic_rabbitmq.pp b/packstack/puppet/templates/ironic_rabbitmq.pp deleted file mode 100644 index 6322b3211..000000000 --- a/packstack/puppet/templates/ironic_rabbitmq.pp +++ /dev/null @@ -1,31 +0,0 @@ -$ironic_rabbitmq_cfg_ironic_db_pw = hiera('CONFIG_IRONIC_DB_PW') -$ironic_rabbitmq_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST_URL') - -$kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', undef) -$kombu_ssl_keyfile = hiera('CONFIG_IRONIC_SSL_KEY', undef) -$kombu_ssl_certfile = hiera('CONFIG_IRONIC_SSL_CERT', undef) - -if $kombu_ssl_keyfile { - $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] - file { $files_to_set_owner: - owner => 'ironic', - group => 'ironic', - require => Package['ironic-common'], - } - File[$files_to_set_owner] ~> Service<||> -} - -class { '::ironic': - rpc_backend => 'rabbit', - rabbit_host => hiera('CONFIG_AMQP_HOST_URL'), - rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), - rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'), - rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'), - rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), - database_connection => "mysql+pymysql://ironic:${ironic_rabbitmq_cfg_ironic_db_pw}@${ironic_rabbitmq_cfg_mariadb_host}/ironic", - debug => true, - verbose => true, - kombu_ssl_ca_certs => $kombu_ssl_ca_certs, - kombu_ssl_keyfile => $kombu_ssl_keyfile, - kombu_ssl_certfile => $kombu_ssl_certfile, -} diff --git a/packstack/puppet/templates/keystone.pp b/packstack/puppet/templates/keystone.pp deleted file mode 100644 index 9bd5c93b3..000000000 --- a/packstack/puppet/templates/keystone.pp +++ /dev/null @@ -1,129 +0,0 @@ -$keystone_use_ssl = false -$keystone_cfg_ks_db_pw = hiera('CONFIG_KEYSTONE_DB_PW') -$keystone_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST_URL') -$keystone_token_provider_str = downcase(hiera('CONFIG_KEYSTONE_TOKEN_FORMAT')) -$keystone_url = regsubst(regsubst(hiera('CONFIG_KEYSTONE_PUBLIC_URL'),'/v2.0',''),'/v3','') -$keystone_admin_url = hiera('CONFIG_KEYSTONE_ADMIN_URL') - -$bind_host = hiera('CONFIG_IP_VERSION') ? { - 'ipv6' => '::0', - default => '0.0.0.0', - # TO-DO(mmagr): Add IPv6 support when hostnames are used -} - -class { '::keystone::client': } - -if hiera('CONFIG_KEYSTONE_DB_PURGE_ENABLE',false) { - class { '::keystone::cron::token_flush': - minute => '*/1', - require => Service['crond'], - destination => '/dev/null', - } - service { 'crond': - ensure => 'running', - enable => true, - } -} - -class { '::keystone': - admin_token => hiera('CONFIG_KEYSTONE_ADMIN_TOKEN'), - database_connection => "mysql+pymysql://keystone_admin:${keystone_cfg_ks_db_pw}@${keystone_cfg_mariadb_host}/keystone", - token_provider => "keystone.token.providers.${keystone_token_provider_str}.Provider", - verbose => true, - debug => hiera('CONFIG_DEBUG_MODE'), - service_name => 'httpd', - enable_ssl => $keystone_use_ssl, - public_bind_host => $bind_host, - admin_bind_host => $bind_host, - default_domain => 'Default', -} - -class { '::apache': - purge_configs => false, -} - - -class { '::keystone::wsgi::apache': - workers => $service_workers, - ssl => $keystone_use_ssl -} - -class { '::keystone::roles::admin': - email => hiera('CONFIG_KEYSTONE_ADMIN_EMAIL'), - admin => hiera('CONFIG_KEYSTONE_ADMIN_USERNAME'), - password => hiera('CONFIG_KEYSTONE_ADMIN_PW'), - admin_tenant => 'admin', -} - -# Ensure the default _member_ role is present -keystone_role { '_member_': - ensure => present, -} - -class { '::keystone::endpoint': - default_domain => 'Default', - public_url => $keystone_url, - internal_url => $keystone_url, - admin_url => $keystone_admin_url, - region => hiera('CONFIG_KEYSTONE_REGION'), - # so far enforce v2 as default endpoint - version => 'v2.0', -} - -# default assignment driver is SQL -$assignment_driver = 'keystone.assignment.backends.sql.Assignment' - -if hiera('CONFIG_KEYSTONE_IDENTITY_BACKEND') == 'ldap' { - - if hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ENABLED_EMULATION_DN', undef) { - $user_enabled_emulation = true - } else { - $user_enabled_emulation = false - } - - class { '::keystone::ldap': - url => hiera_undef('CONFIG_KEYSTONE_LDAP_URL', undef), - user => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_DN', undef), - password => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_PASSWORD', undef), - suffix => hiera_undef('CONFIG_KEYSTONE_LDAP_SUFFIX', undef), - query_scope => hiera_undef('CONFIG_KEYSTONE_LDAP_QUERY_SCOPE', undef), - page_size => hiera_undef('CONFIG_KEYSTONE_LDAP_PAGE_SIZE', undef), - user_tree_dn => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_SUBTREE', undef), - user_filter => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_FILTER', undef), - user_objectclass => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_OBJECTCLASS', undef), - user_id_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ID_ATTRIBUTE', undef), - user_name_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_NAME_ATTRIBUTE', undef), - user_mail_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_MAIL_ATTRIBUTE', undef), - user_enabled_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ENABLED_ATTRIBUTE', undef), - user_enabled_mask => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ENABLED_MASK', undef), - user_enabled_default => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ENABLED_DEFAULT', undef), - user_enabled_invert => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ENABLED_INVERT', undef), - user_attribute_ignore => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ATTRIBUTE_IGNORE', undef), - user_default_project_id_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_DEFAULT_PROJECT_ID_ATTRIBUTE', undef), - user_allow_create => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ALLOW_CREATE', undef), - user_allow_update => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ALLOW_UPDATE', undef), - user_allow_delete => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ALLOW_DELETE', undef), - user_pass_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_PASS_ATTRIBUTE', undef), - user_enabled_emulation => $user_enabled_emulation, - user_enabled_emulation_dn => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ENABLED_EMULATION_DN', undef), - user_additional_attribute_mapping => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ADDITIONAL_ATTRIBUTE_MAPPING', undef), - group_tree_dn => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_SUBTREE', undef), - group_filter => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_FILTER', undef), - group_objectclass => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_OBJECTCLASS', undef), - group_id_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ID_ATTRIBUTE', undef), - group_name_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_NAME_ATTRIBUTE', undef), - group_member_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_MEMBER_ATTRIBUTE', undef), - group_desc_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_DESC_ATTRIBUTE', undef), - group_attribute_ignore => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ATTRIBUTE_IGNORE', undef), - group_allow_create => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_CREATE', undef), - group_allow_update => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_UPDATE', undef), - group_allow_delete => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_DELETE', undef), - group_additional_attribute_mapping => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ADDITIONAL_ATTRIBUTE_MAPPING', undef), - use_tls => hiera_undef('CONFIG_KEYSTONE_LDAP_USE_TLS', undef), - tls_cacertdir => hiera_undef('CONFIG_KEYSTONE_LDAP_TLS_CACERTDIR', undef), - tls_cacertfile => hiera_undef('CONFIG_KEYSTONE_LDAP_TLS_CACERTFILE', undef), - tls_req_cert => hiera_undef('CONFIG_KEYSTONE_LDAP_TLS_REQ_CERT', undef), - identity_driver => 'keystone.identity.backends.ldap.Identity', - assignment_driver => $assignment_driver, - } -} diff --git a/packstack/puppet/templates/keystone_aodh.pp b/packstack/puppet/templates/keystone_aodh.pp deleted file mode 100644 index ebea8a5fb..000000000 --- a/packstack/puppet/templates/keystone_aodh.pp +++ /dev/null @@ -1,9 +0,0 @@ -$keystone_host_url = hiera('CONFIG_KEYSTONE_HOST_URL') - -class { '::aodh::keystone::auth': - region => hiera('CONFIG_KEYSTONE_REGION'), - password => hiera('CONFIG_AODH_KS_PW'), - public_url => "http://${keystone_host_url}:8042", - admin_url => "http://${keystone_host_url}:8042", - internal_url => "http://${keystone_host_url}:8042", -} diff --git a/packstack/puppet/templates/keystone_ceilometer.pp b/packstack/puppet/templates/keystone_ceilometer.pp deleted file mode 100644 index 03ef22e47..000000000 --- a/packstack/puppet/templates/keystone_ceilometer.pp +++ /dev/null @@ -1,12 +0,0 @@ -$ceilometer_protocol = 'http' -$ceilometer_port = '8777' -$ceilometer_api_host = hiera('CONFIG_KEYSTONE_HOST_URL') -$ceilometer_url = "${ceilometer_protocol}://${ceilometer_api_host}:${ceilometer_port}" - -class { '::ceilometer::keystone::auth': - region => hiera('CONFIG_KEYSTONE_REGION'), - password => hiera('CONFIG_CEILOMETER_KS_PW'), - public_url => $ceilometer_url, - admin_url => $ceilometer_url, - internal_url => $ceilometer_url, -} diff --git a/packstack/puppet/templates/keystone_cinder.pp b/packstack/puppet/templates/keystone_cinder.pp deleted file mode 100644 index eb7095c04..000000000 --- a/packstack/puppet/templates/keystone_cinder.pp +++ /dev/null @@ -1,16 +0,0 @@ -$cinder_protocol = 'http' -$cinder_host = hiera('CONFIG_STORAGE_HOST_URL') -$cinder_port = '8776' -$cinder_url = "${cinder_protocol}://${cinder_host}:$cinder_port" - -class { '::cinder::keystone::auth': - region => hiera('CONFIG_KEYSTONE_REGION'), - password => hiera('CONFIG_CINDER_KS_PW'), - public_url => "${cinder_url}/v1/%%(tenant_id)s", - internal_url => "${cinder_url}/v1/%%(tenant_id)s", - admin_url => "${cinder_url}/v1/%%(tenant_id)s", - public_url_v2 => "${cinder_url}/v2/%%(tenant_id)s", - internal_url_v2 => "${cinder_url}/v2/%%(tenant_id)s", - admin_url_v2 => "${cinder_url}/v2/%%(tenant_id)s", -} - diff --git a/packstack/puppet/templates/keystone_glance.pp b/packstack/puppet/templates/keystone_glance.pp deleted file mode 100644 index 51724fc6e..000000000 --- a/packstack/puppet/templates/keystone_glance.pp +++ /dev/null @@ -1,12 +0,0 @@ -$glance_protocol = 'http' -$glance_port = '9292' -$glance_api_host = hiera('CONFIG_STORAGE_HOST_URL') -$glance_url = "${glance_protocol}://${glance_api_host}:${glance_port}" - -class { '::glance::keystone::auth': - region => hiera('CONFIG_KEYSTONE_REGION'), - password => hiera('CONFIG_GLANCE_KS_PW'), - public_url => $glance_url, - admin_url => $glance_url, - internal_url => $glance_url, -} diff --git a/packstack/puppet/templates/keystone_gnocchi.pp b/packstack/puppet/templates/keystone_gnocchi.pp deleted file mode 100644 index fe56e8c6c..000000000 --- a/packstack/puppet/templates/keystone_gnocchi.pp +++ /dev/null @@ -1,9 +0,0 @@ -$gnocchi_keystone_host_url = hiera('CONFIG_KEYSTONE_HOST_URL') - -class { '::gnocchi::keystone::auth': - region => hiera('CONFIG_KEYSTONE_REGION'), - password => hiera('CONFIG_GNOCCHI_KS_PW'), - public_url => "http://${gnocchi_keystone_host_url}:8041", - admin_url => "http://${gnocchi_keystone_host_url}:8041", - internal_url => "http://${gnocchi_keystone_host_url}:8041", -} diff --git a/packstack/puppet/templates/keystone_heat.pp b/packstack/puppet/templates/keystone_heat.pp deleted file mode 100644 index d942d6871..000000000 --- a/packstack/puppet/templates/keystone_heat.pp +++ /dev/null @@ -1,31 +0,0 @@ -$heat_protocol = 'http' -$heat_port = '8004' -$heat_api_host = hiera('CONFIG_KEYSTONE_HOST_URL') -$heat_url = "${heat_protocol}://${heat_api_host}:${heat_port}/v1/%%(tenant_id)s" - -# heat::keystone::auth -class { '::heat::keystone::auth': - region => hiera('CONFIG_KEYSTONE_REGION'), - password => hiera('CONFIG_HEAT_KS_PW'), - public_url => $heat_url, - admin_url => $heat_url, - internal_url => $heat_url, - configure_delegated_roles => true, -} - -$is_heat_cfn_install = hiera('CONFIG_HEAT_CFN_INSTALL') - -if $is_heat_cfn_install == 'y' { - $heat_cfn_protocol = 'http' - $heat_cfn_port = '8000' - $heat_cfn_api_host = hiera('CONFIG_KEYSTONE_HOST_URL') - $heat_cfn_url = "${heat_cfn_protocol}://${heat_cfn_api_host}:${heat_cfn_port}/v1/%%(tenant_id)s" - - # heat::keystone::cfn - class { '::heat::keystone::auth_cfn': - password => hiera('CONFIG_HEAT_KS_PW'), - public_url => $heat_cfn_url, - admin_url => $heat_cfn_url, - internal_url => $heat_cfn_url, - } -} diff --git a/packstack/puppet/templates/keystone_ironic.pp b/packstack/puppet/templates/keystone_ironic.pp deleted file mode 100644 index 6a43e306c..000000000 --- a/packstack/puppet/templates/keystone_ironic.pp +++ /dev/null @@ -1,13 +0,0 @@ -$ironic_protocol = 'http' -$ironic_host = hiera('CONFIG_KEYSTONE_HOST_URL') -$ironic_port = '6385' -$ironic_url = "${ironic_protocol}://${ironic_host}:$ironic_port" - -class { '::ironic::keystone::auth': - region => hiera('CONFIG_KEYSTONE_REGION'), - password => hiera('CONFIG_IRONIC_KS_PW'), - public_url => $ironic_url, - admin_url => $ironic_url, - internal_url => $ironic_url, -} - diff --git a/packstack/puppet/templates/keystone_manila.pp b/packstack/puppet/templates/keystone_manila.pp deleted file mode 100644 index 8dec95d54..000000000 --- a/packstack/puppet/templates/keystone_manila.pp +++ /dev/null @@ -1,11 +0,0 @@ -$manila_protocol = 'http' -$manila_host = hiera('CONFIG_STORAGE_HOST_URL') -$manila_port = '8786' -$manila_url = "${manila_protocol}://${manila_host}:$manila_port/v1/%%(tenant_id)s" - -class { '::manila::keystone::auth': - password => hiera('CONFIG_MANILA_KS_PW'), - public_url => $manila_url, - admin_url => $manila_url, - internal_url => $manila_url, -} diff --git a/packstack/puppet/templates/keystone_neutron.pp b/packstack/puppet/templates/keystone_neutron.pp deleted file mode 100644 index f9f4931cb..000000000 --- a/packstack/puppet/templates/keystone_neutron.pp +++ /dev/null @@ -1,12 +0,0 @@ -$neutron_protocol = 'http' -$neutron_host = hiera('CONFIG_KEYSTONE_HOST_URL') -$neutron_port = '9696' -$neutron_url = "${neutron_protocol}://${neutron_host}:$neutron_port" - -class { '::neutron::keystone::auth': - region => hiera('CONFIG_KEYSTONE_REGION'), - password => hiera('CONFIG_NEUTRON_KS_PW'), - public_url => $neutron_url, - admin_url => $neutron_url, - internal_url => $neutron_url, -} diff --git a/packstack/puppet/templates/keystone_nova.pp b/packstack/puppet/templates/keystone_nova.pp deleted file mode 100644 index 2ed340adf..000000000 --- a/packstack/puppet/templates/keystone_nova.pp +++ /dev/null @@ -1,16 +0,0 @@ -$nova_protocol = 'http' -$nova_host = hiera('CONFIG_KEYSTONE_HOST_URL') -$nova_port = '8774' -$nova_url = "${nova_protocol}://${nova_host}:$nova_port/v2/%%(tenant_id)s" -$nova_v3_url = "${nova_protocol}://${nova_host}:$nova_port/v3" - -class { '::nova::keystone::auth': - region => hiera('CONFIG_KEYSTONE_REGION'), - password => hiera('CONFIG_NOVA_KS_PW'), - public_url => $nova_url, - admin_url => $nova_url, - internal_url => $nova_url, - public_url_v3 => $nova_v3_url, - admin_url_v3 => $nova_v3_url, - internal_url_v3 => $nova_v3_url, -} diff --git a/packstack/puppet/templates/keystone_sahara.pp b/packstack/puppet/templates/keystone_sahara.pp deleted file mode 100644 index 31ff3676a..000000000 --- a/packstack/puppet/templates/keystone_sahara.pp +++ /dev/null @@ -1,11 +0,0 @@ -$sahara_protocol = 'http' -$sahara_host = hiera('CONFIG_KEYSTONE_HOST_URL') -$sahara_port = '8386' -$sahara_url = "${sahara_protocol}://${sahara_host}:$sahara_port/v1.1/%%(tenant_id)s" - -class { '::sahara::keystone::auth': - password => hiera('CONFIG_SAHARA_KS_PW'), - public_url => $sahara_url, - admin_url => $sahara_url, - internal_url => $sahara_url, -} diff --git a/packstack/puppet/templates/keystone_swift.pp b/packstack/puppet/templates/keystone_swift.pp deleted file mode 100644 index 87ce47f14..000000000 --- a/packstack/puppet/templates/keystone_swift.pp +++ /dev/null @@ -1,14 +0,0 @@ -$swift_protocol = 'http' -$swift_host = hiera('CONFIG_STORAGE_HOST_URL') -$swift_port = '8080' -$swift_url = "${swift_protocol}://${swift_host}:$swift_port/v1/AUTH_%%(tenant_id)s" - -class { '::swift::keystone::auth': - region => hiera('CONFIG_KEYSTONE_REGION'), - password => hiera('CONFIG_SWIFT_KS_PW'), - operator_roles => ['admin', 'SwiftOperator', 'ResellerAdmin'], - public_url => $swift_url, - internal_url => $swift_url, - admin_url => $swift_url, - configure_s3_endpoint => false, -} diff --git a/packstack/puppet/templates/keystone_trove.pp b/packstack/puppet/templates/keystone_trove.pp deleted file mode 100644 index 5e263ddb7..000000000 --- a/packstack/puppet/templates/keystone_trove.pp +++ /dev/null @@ -1,12 +0,0 @@ -$trove_protocol = 'http' -$trove_host = hiera('CONFIG_KEYSTONE_HOST_URL') -$trove_port = '8779' -$trove_url = "${trove_protocol}://${trove_host}:$trove_port/v1.0/%%(tenant_id)s" - -class { '::trove::keystone::auth': - region => hiera('CONFIG_KEYSTONE_REGION'), - password => hiera('CONFIG_TROVE_KS_PW'), - public_url => $trove_url, - admin_url => $trove_url, - internal_url => $trove_url, -} diff --git a/packstack/puppet/templates/manila.pp b/packstack/puppet/templates/manila.pp deleted file mode 100644 index c9af631f0..000000000 --- a/packstack/puppet/templates/manila.pp +++ /dev/null @@ -1,27 +0,0 @@ -manila_config { - 'DEFAULT/glance_host': value => hiera('CONFIG_STORAGE_HOST_URL'); -} - -$bind_host = hiera('CONFIG_IP_VERSION') ? { - 'ipv6' => '::0', - default => '0.0.0.0', - # TO-DO(mmagr): Add IPv6 support when hostnames are used -} - -class { '::manila::api': - bind_host => $bind_host, - keystone_password => hiera('CONFIG_MANILA_KS_PW'), - keystone_tenant => 'services', - keystone_user => 'manila', - keystone_auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), -} - -class { '::manila::scheduler': -} - -class { '::manila::share': -} - -class { '::manila::backends': - enabled_share_backends => hiera('CONFIG_MANILA_BACKEND'), -} diff --git a/packstack/puppet/templates/manila_generic.pp b/packstack/puppet/templates/manila_generic.pp deleted file mode 100644 index 755e1183d..000000000 --- a/packstack/puppet/templates/manila_generic.pp +++ /dev/null @@ -1,48 +0,0 @@ - -package { 'nfs-utils': ensure => present } - -manila::backend::generic{ 'generic': - driver_handles_share_servers => hiera('CONFIG_MANILA_GENERIC_DRV_HANDLES_SHARE_SERVERS'), - volume_name_template => hiera('CONFIG_MANILA_GENERIC_VOLUME_NAME_TEMPLATE'), - share_mount_path => hiera('CONFIG_MANILA_GENERIC_SHARE_MOUNT_PATH'), -} - -packstack::manila::network{ 'generic': } - -if ($::manila_network_type == 'neutron'){ - $service_instance_network_helper_type = 'neutron' -} -elsif ($::manila_network_type == 'nova-network'){ - $service_instance_network_helper_type = 'nova' -} - -$admin_username = hiera('CONFIG_KEYSTONE_ADMIN_USERNAME') -$admin_password = hiera('CONFIG_KEYSTONE_ADMIN_PW') -$admin_tenant = 'admin' -$keystone_url = hiera('CONFIG_KEYSTONE_PUBLIC_URL') - - -nova_flavor { 'm1.manila': - ensure => present, - id => '66', - ram => '512', - disk => '0', - vcpus => '1', -} -> -manila::service_instance{ 'generic': - service_image_location => hiera('CONFIG_MANILA_SERVICE_IMAGE_LOCATION'), - service_instance_user => hiera('CONFIG_MANILA_SERVICE_INSTANCE_USER'), - service_instance_password => hiera('CONFIG_MANILA_SERVICE_INSTANCE_PASSWORD'), - service_instance_network_helper_type => $service_instance_network_helper_type, - service_instance_flavor_id => 66, -} - -class { '::manila::compute::nova': - nova_admin_password => hiera('CONFIG_NOVA_KS_PW'), - nova_admin_tenant_name => 'services', -} - -class { '::manila::volume::cinder': - cinder_admin_password => hiera('CONFIG_CINDER_KS_PW'), - cinder_admin_tenant_name => 'services', -} diff --git a/packstack/puppet/templates/manila_glusternative.pp b/packstack/puppet/templates/manila_glusternative.pp deleted file mode 100644 index 47e144bf1..000000000 --- a/packstack/puppet/templates/manila_glusternative.pp +++ /dev/null @@ -1,8 +0,0 @@ - -manila::backend::glusternative{ 'glusternative': - glusterfs_servers => hiera('CONFIG_MANILA_GLUSTERFS_SERVERS'), - glusterfs_native_path_to_private_key => hiera('CONFIG_MANILA_GLUSTERFS_NATIVE_PATH_TO_PRIVATE_KEY'), - glusterfs_volume_pattern => hiera('CONFIG_MANILA_GLUSTERFS_VOLUME_PATTERN'), -} - -packstack::manila::network{ 'glusternative': } diff --git a/packstack/puppet/templates/manila_glusternfs.pp b/packstack/puppet/templates/manila_glusternfs.pp deleted file mode 100644 index 0341a39e0..000000000 --- a/packstack/puppet/templates/manila_glusternfs.pp +++ /dev/null @@ -1,13 +0,0 @@ - -manila::backend::glusternfs{ 'glusternfs': - glusterfs_target => hiera('CONFIG_MANILA_GLUSTERFS_TARGET'), - glusterfs_mount_point_base => hiera('CONFIG_MANILA_GLUSTERFS_MOUNT_POINT_BASE'), - glusterfs_nfs_server_type => hiera('CONFIG_MANILA_GLUSTERFS_NFS_SERVER_TYPE'), - glusterfs_path_to_private_key => hiera('CONFIG_MANILA_GLUSTERFS_PATH_TO_PRIVATE_KEY'), - glusterfs_ganesha_server_ip => hiera('CONFIG_MANILA_GLUSTERFS_GANESHA_SERVER_IP'), -} - -packstack::manila::network{ 'glusternfs': } - -class { '::manila::ganesha': -} diff --git a/packstack/puppet/templates/manila_netapp.pp b/packstack/puppet/templates/manila_netapp.pp deleted file mode 100644 index 86614e5f7..000000000 --- a/packstack/puppet/templates/manila_netapp.pp +++ /dev/null @@ -1,16 +0,0 @@ - -manila::backend::netapp{ 'netapp': - driver_handles_share_servers => hiera('CONFIG_MANILA_NETAPP_DRV_HANDLES_SHARE_SERVERS'), - netapp_transport_type => hiera('CONFIG_MANILA_NETAPP_TRANSPORT_TYPE'), - netapp_login => hiera('CONFIG_MANILA_NETAPP_LOGIN'), - netapp_password => hiera('CONFIG_MANILA_NETAPP_PASSWORD'), - netapp_server_hostname => hiera('CONFIG_MANILA_NETAPP_SERVER_HOSTNAME'), - netapp_storage_family => hiera('CONFIG_MANILA_NETAPP_STORAGE_FAMILY'), - netapp_server_port => hiera('CONFIG_MANILA_NETAPP_SERVER_PORT'), - netapp_vserver => hiera('CONFIG_MANILA_NETAPP_VSERVER', undef), - netapp_aggregate_name_search_pattern => hiera('CONFIG_MANILA_NETAPP_AGGREGATE_NAME_SEARCH_PATTERN'), - netapp_root_volume_aggregate => hiera('CONFIG_MANILA_NETAPP_ROOT_VOLUME_AGGREGATE', undef), - netapp_root_volume_name => hiera('CONFIG_MANILA_NETAPP_ROOT_VOLUME_NAME', undef), -} - -packstack::manila::network{ 'netapp': } diff --git a/packstack/puppet/templates/manila_rabbitmq.pp b/packstack/puppet/templates/manila_rabbitmq.pp deleted file mode 100644 index 4b47bbc12..000000000 --- a/packstack/puppet/templates/manila_rabbitmq.pp +++ /dev/null @@ -1,28 +0,0 @@ -$kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', undef) -$kombu_ssl_keyfile = hiera('CONFIG_MANILA_SSL_KEY', undef) -$kombu_ssl_certfile = hiera('CONFIG_MANILA_SSL_CERT', undef) - -if $kombu_ssl_keyfile { - $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] - file { $files_to_set_owner: - owner => 'manila', - group => 'manila', - # manila user on RH/Fedora is provided by python-manila - require => Package['manila'], - } - File[$files_to_set_owner] ~> Service<||> -} - -$db_pw = hiera('CONFIG_MANILA_DB_PW') -$mariadb_host = hiera('CONFIG_MARIADB_HOST_URL') - -class { '::manila': - rabbit_host => hiera('CONFIG_AMQP_HOST_URL'), - rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), - rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'), - rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'), - rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), - sql_connection => "mysql+pymysql://manila:${db_pw}@${mariadb_host}/manila", - verbose => true, - debug => hiera('CONFIG_DEBUG_MODE'), -} diff --git a/packstack/puppet/templates/mariadb_cinder_install.pp b/packstack/puppet/templates/mariadb_cinder_install.pp deleted file mode 100644 index dcbbfc8aa..000000000 --- a/packstack/puppet/templates/mariadb_cinder_install.pp +++ /dev/null @@ -1,6 +0,0 @@ -class { '::cinder::db::mysql': - password => hiera('CONFIG_CINDER_DB_PW'), - host => '%%', - allowed_hosts => '%%', - charset => 'utf8', -} diff --git a/packstack/puppet/templates/mariadb_cinder_noinstall.pp b/packstack/puppet/templates/mariadb_cinder_noinstall.pp deleted file mode 100644 index 8e02eb808..000000000 --- a/packstack/puppet/templates/mariadb_cinder_noinstall.pp +++ /dev/null @@ -1,29 +0,0 @@ - -remote_database { 'cinder': - ensure => 'present', - charset => 'utf8', - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', -} - -$mariadb_cinder_noinstall_db_pw = hiera('CONFIG_CINDER_DB_PW') - -remote_database_user { 'cinder@%%': - password_hash => mysql_password($mariadb_cinder_noinstall_db_pw), - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', - require => Remote_database['cinder'], -} - -remote_database_grant { 'cinder@%%/cinder': - privileges => 'all', - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', - require => Remote_database_user['cinder@%%'], -} diff --git a/packstack/puppet/templates/mariadb_glance_install.pp b/packstack/puppet/templates/mariadb_glance_install.pp deleted file mode 100644 index d5d8435fd..000000000 --- a/packstack/puppet/templates/mariadb_glance_install.pp +++ /dev/null @@ -1,6 +0,0 @@ -class { '::glance::db::mysql': - password => hiera('CONFIG_GLANCE_DB_PW'), - host => '%%', - allowed_hosts => '%%', - charset => 'utf8', -} diff --git a/packstack/puppet/templates/mariadb_glance_noinstall.pp b/packstack/puppet/templates/mariadb_glance_noinstall.pp deleted file mode 100644 index 510f04213..000000000 --- a/packstack/puppet/templates/mariadb_glance_noinstall.pp +++ /dev/null @@ -1,29 +0,0 @@ - -remote_database { 'glance': - ensure => 'present', - charset => 'utf8', - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', -} - -$mariadb_glance_noinstall_db_pw = hiera('CONFIG_GLANCE_DB_PW') - -remote_database_user { 'glance@%%': - password_hash => mysql_password($mariadb_glance_noinstall_db_pw), - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', - require => Remote_database['glance'], -} - -remote_database_grant { 'glance@%%/glance': - privileges => 'all', - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', - require => Remote_database_user['glance@%%'], -} diff --git a/packstack/puppet/templates/mariadb_gnocchi_install.pp b/packstack/puppet/templates/mariadb_gnocchi_install.pp deleted file mode 100644 index 88444256d..000000000 --- a/packstack/puppet/templates/mariadb_gnocchi_install.pp +++ /dev/null @@ -1,5 +0,0 @@ -class { '::gnocchi::db::mysql': - password => hiera('CONFIG_GNOCCHI_DB_PW'), - host => '%%', - allowed_hosts => '%%', -} diff --git a/packstack/puppet/templates/mariadb_gnocchi_noinstall.pp b/packstack/puppet/templates/mariadb_gnocchi_noinstall.pp deleted file mode 100644 index f51eea354..000000000 --- a/packstack/puppet/templates/mariadb_gnocchi_noinstall.pp +++ /dev/null @@ -1,29 +0,0 @@ - -remote_database { 'gnocchi': - ensure => 'present', - charset => 'utf8', - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', -} - -$gnocchi_cfg_db_pw = hiera('CONFIG_GNOCCHI_DB_PW') - -remote_database_user { 'gnocchi@%%': - password_hash => mysql_password($gnocchi_cfg_db_pw), - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', - require => Remote_database['gnocchi'], -} - -remote_database_grant { 'gnocchi@%%/gnocchi': - privileges => 'all', - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', - require => Remote_database_user['gnocchi@%%'], -} diff --git a/packstack/puppet/templates/mariadb_heat_install.pp b/packstack/puppet/templates/mariadb_heat_install.pp deleted file mode 100644 index 8d65fe9b4..000000000 --- a/packstack/puppet/templates/mariadb_heat_install.pp +++ /dev/null @@ -1,6 +0,0 @@ -class { '::heat::db::mysql': - password => hiera('CONFIG_HEAT_DB_PW'), - host => '%%', - allowed_hosts => '%%', - charset => 'utf8', -} diff --git a/packstack/puppet/templates/mariadb_heat_noinstall.pp b/packstack/puppet/templates/mariadb_heat_noinstall.pp deleted file mode 100644 index d59242fe9..000000000 --- a/packstack/puppet/templates/mariadb_heat_noinstall.pp +++ /dev/null @@ -1,29 +0,0 @@ - -remote_database { 'heat': - ensure => 'present', - charset => 'utf8', - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', -} - -$mariadb_heat_noinstall_db_pw = hiera('CONFIG_HEAT_DB_PW') - -remote_database_user { 'heat@%%': - password_hash => mysql_password($mariadb_heat_noinstall_db_pw), - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', - require => Remote_database['heat'], -} - -remote_database_grant { 'heat@%%/heat': - privileges => 'all', - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', - require => Remote_database_user['heat@%%'], -} diff --git a/packstack/puppet/templates/mariadb_install.pp b/packstack/puppet/templates/mariadb_install.pp deleted file mode 100644 index 8d5fd20a0..000000000 --- a/packstack/puppet/templates/mariadb_install.pp +++ /dev/null @@ -1,66 +0,0 @@ - -$max_connections = $service_workers * 128 - - -if ($::mariadb_provides_galera == 'true') { - # Since mariadb 10.1 galera is included in main mariadb - $mariadb_package_name = 'mariadb-server-galera' - $mariadb_present = 'present' -} else { - # Package mariadb-server conflicts with mariadb-galera-server - $mariadb_package_name = 'mariadb-galera-server' - $mariadb_present = 'absent' -} - -package { 'mariadb-server': - ensure => $mariadb_present, -} - -$bind_address = hiera('CONFIG_IP_VERSION') ? { - 'ipv6' => '::0', - default => '0.0.0.0', - # TO-DO(mmagr): Add IPv6 support when hostnames are used -} - -$mysql_root_password = hiera('CONFIG_MARIADB_PW') - -class { '::mysql::server': - package_name => $mariadb_package_name, - restart => true, - root_password => $mysql_root_password, - require => Package['mariadb-server'], - override_options => { - 'mysqld' => { - 'bind_address' => $bind_address, - 'default_storage_engine' => 'InnoDB', - 'max_connections' => $max_connections, - 'open_files_limit' => '-1', - # galera options - 'wsrep_provider' => 'none', - 'wsrep_cluster_name' => 'galera_cluster', - 'wsrep_sst_method' => 'rsync', - 'wsrep_sst_auth' => "root:${mysql_root_password}", - }, - }, -} - -# deleting database users for security -# this is done in mysql::server::account_security but has problems -# when there is no fqdn, so we're defining a slightly different one here -mysql_user { [ 'root@127.0.0.1', 'root@::1', '@localhost', '@%%' ]: - ensure => 'absent', - require => Class['mysql::server'], -} - -if ($::fqdn != '' and $::fqdn != 'localhost') { - mysql_user { [ "root@${::fqdn}", "@${::fqdn}"]: - ensure => 'absent', - require => Class['mysql::server'], - } -} -if ($::fqdn != $::hostname and $::hostname != 'localhost') { - mysql_user { ["root@${::hostname}", "@${::hostname}"]: - ensure => 'absent', - require => Class['mysql::server'], - } -} diff --git a/packstack/puppet/templates/mariadb_ironic_install.pp b/packstack/puppet/templates/mariadb_ironic_install.pp deleted file mode 100644 index d9c18e5b4..000000000 --- a/packstack/puppet/templates/mariadb_ironic_install.pp +++ /dev/null @@ -1,6 +0,0 @@ -class { '::ironic::db::mysql': - password => hiera('CONFIG_IRONIC_DB_PW'), - host => '%%', - allowed_hosts => '%%', - charset => 'utf8', -} diff --git a/packstack/puppet/templates/mariadb_ironic_noinstall.pp b/packstack/puppet/templates/mariadb_ironic_noinstall.pp deleted file mode 100644 index 19e1fff86..000000000 --- a/packstack/puppet/templates/mariadb_ironic_noinstall.pp +++ /dev/null @@ -1,29 +0,0 @@ - -remote_database { 'ironic': - ensure => 'present', - charset => 'utf8', - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', -} - -$mariadb_ironic_noinstall_db_pw = hiera('CONFIG_IRONIC_DB_PW') - -remote_database_user { 'ironic@%%': - password_hash => mysql_password($mariadb_ironic_noinstall_db_pw), - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', - require => Remote_database['ironic'], -} - -remote_database_grant { 'ironic@%%/ironic': - privileges => 'all', - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', - require => Remote_database_user['ironic@%%'], -} diff --git a/packstack/puppet/templates/mariadb_keystone_install.pp b/packstack/puppet/templates/mariadb_keystone_install.pp deleted file mode 100644 index f1d95ef4e..000000000 --- a/packstack/puppet/templates/mariadb_keystone_install.pp +++ /dev/null @@ -1,6 +0,0 @@ -class { '::keystone::db::mysql': - user => 'keystone_admin', - password => hiera('CONFIG_KEYSTONE_DB_PW'), - allowed_hosts => '%%', - charset => 'utf8', -} diff --git a/packstack/puppet/templates/mariadb_keystone_noinstall.pp b/packstack/puppet/templates/mariadb_keystone_noinstall.pp deleted file mode 100644 index e454edbb3..000000000 --- a/packstack/puppet/templates/mariadb_keystone_noinstall.pp +++ /dev/null @@ -1,29 +0,0 @@ - -remote_database { 'keystone': - ensure => 'present', - charset => 'utf8', - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', -} - -$mariadb_keystone_noinstall_db_pw = hiera('CONFIG_KEYSTONE_DB_PW') - -remote_database_user { 'keystone_admin@%%': - password_hash => mysql_password($mariadb_keystone_noinstall_db_pw), - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', - require => Remote_database['keystone'], -} - -remote_database_grant { 'keystone_admin@%%/keystone': - privileges => 'all', - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', - require => Remote_database_user['keystone_admin@%%'], -} diff --git a/packstack/puppet/templates/mariadb_manila_install.pp b/packstack/puppet/templates/mariadb_manila_install.pp deleted file mode 100644 index 8d0fa48b6..000000000 --- a/packstack/puppet/templates/mariadb_manila_install.pp +++ /dev/null @@ -1,5 +0,0 @@ -class { '::manila::db::mysql': - password => hiera('CONFIG_MANILA_DB_PW'), - allowed_hosts => '%%', - charset => 'utf8', -} diff --git a/packstack/puppet/templates/mariadb_manila_noinstall.pp b/packstack/puppet/templates/mariadb_manila_noinstall.pp deleted file mode 100644 index 250cdbc54..000000000 --- a/packstack/puppet/templates/mariadb_manila_noinstall.pp +++ /dev/null @@ -1,29 +0,0 @@ - -remote_database { 'manila': - ensure => 'present', - charset => 'utf8', - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', -} - -$mariadb_manila_noinstall_db_pw = hiera('CONFIG_MANILA_DB_PW') - -remote_database_user { 'manila@%%': - password_hash => mysql_password($mariadb_manila_noinstall_db_pw), - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', - require => Remote_database['manila'], -} - -remote_database_grant { 'manila@%%/manila': - privileges => 'all', - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', - require => Remote_database_user['manila@%%'], -} diff --git a/packstack/puppet/templates/mariadb_neutron_install.pp b/packstack/puppet/templates/mariadb_neutron_install.pp deleted file mode 100644 index 2ccf06b85..000000000 --- a/packstack/puppet/templates/mariadb_neutron_install.pp +++ /dev/null @@ -1,7 +0,0 @@ -class { '::neutron::db::mysql': - password => hiera('CONFIG_NEUTRON_DB_PW'), - host => '%%', - allowed_hosts => '%%', - dbname => hiera('CONFIG_NEUTRON_L2_DBNAME'), - charset => 'utf8', -} diff --git a/packstack/puppet/templates/mariadb_neutron_noinstall.pp b/packstack/puppet/templates/mariadb_neutron_noinstall.pp deleted file mode 100644 index fd38d27a3..000000000 --- a/packstack/puppet/templates/mariadb_neutron_noinstall.pp +++ /dev/null @@ -1,30 +0,0 @@ - -$mariadb_neutron_noinstall_db_pw = hiera('CONFIG_NEUTRON_DB_PW') -$mariadb_neutron_noinstall_l2_dbname = hiera('CONFIG_NEUTRON_L2_DBNAME') - -remote_database { $mariadb_neutron_noinstall_l2_dbname: - ensure => present, - charset => 'utf8', - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', -} - -remote_database_user { 'neutron@%%': - password_hash => mysql_password($mariadb_neutron_noinstall_db_pw), - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', - require => Remote_database[$mariadb_neutron_noinstall_l2_dbname], -} - -remote_database_grant { "neutron@%%/${mariadb_neutron_noinstall_l2_dbname}": - privileges => 'all', - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', - require => Remote_database_user['neutron@%%'], -} diff --git a/packstack/puppet/templates/mariadb_noinstall.pp b/packstack/puppet/templates/mariadb_noinstall.pp deleted file mode 100644 index 21c725c70..000000000 --- a/packstack/puppet/templates/mariadb_noinstall.pp +++ /dev/null @@ -1,2 +0,0 @@ - -class { '::remote::db': } diff --git a/packstack/puppet/templates/mariadb_nova_install.pp b/packstack/puppet/templates/mariadb_nova_install.pp deleted file mode 100644 index 62fc6efe7..000000000 --- a/packstack/puppet/templates/mariadb_nova_install.pp +++ /dev/null @@ -1,12 +0,0 @@ -class { '::nova::db::mysql': - password => hiera('CONFIG_NOVA_DB_PW'), - host => '%%', - allowed_hosts => '%%', - charset => 'utf8', -} -class { '::nova::db::mysql_api': - password => hiera('CONFIG_NOVA_DB_PW'), - host => '%%', - allowed_hosts => '%%', - charset => 'utf8', -} \ No newline at end of file diff --git a/packstack/puppet/templates/mariadb_nova_noinstall.pp b/packstack/puppet/templates/mariadb_nova_noinstall.pp deleted file mode 100644 index 28b685107..000000000 --- a/packstack/puppet/templates/mariadb_nova_noinstall.pp +++ /dev/null @@ -1,29 +0,0 @@ - -remote_database { 'nova': - ensure => 'present', - charset => 'utf8', - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', -} - -$mariadb_nova_noinstall_db_pw = hiera('CONFIG_NOVA_DB_PW') - -remote_database_user { 'nova@%%': - password_hash => mysql_password($mariadb_nova_noinstall_db_pw), - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', - require => Remote_database['nova'], -} - -remote_database_grant { 'nova@%%/nova': - privileges => 'all', - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', - require => Remote_database_user['nova@%%'], -} diff --git a/packstack/puppet/templates/mariadb_sahara_install.pp b/packstack/puppet/templates/mariadb_sahara_install.pp deleted file mode 100644 index 575cef507..000000000 --- a/packstack/puppet/templates/mariadb_sahara_install.pp +++ /dev/null @@ -1,5 +0,0 @@ -class { '::sahara::db::mysql': - password => hiera('CONFIG_SAHARA_DB_PW'), - host => '%%', - allowed_hosts => '%%', -} diff --git a/packstack/puppet/templates/mariadb_sahara_noinstall.pp b/packstack/puppet/templates/mariadb_sahara_noinstall.pp deleted file mode 100644 index 3d7968ce3..000000000 --- a/packstack/puppet/templates/mariadb_sahara_noinstall.pp +++ /dev/null @@ -1,28 +0,0 @@ -remote_database { 'sahara': - ensure => 'present', - charset => 'utf8', - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', -} - -$sahara_cfg_sahara_db_pw = hiera('CONFIG_SAHARA_DB_PW') - -remote_database_user { 'sahara@%%': - password_hash => mysql_password($sahara_cfg_sahara_db_pw), - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', - require => Remote_database['sahara'], -} - -remote_database_grant { 'sahara@%%/sahara': - privileges => 'all', - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', - require => Remote_database_user['sahara@%%'], -} diff --git a/packstack/puppet/templates/mariadb_trove_install.pp b/packstack/puppet/templates/mariadb_trove_install.pp deleted file mode 100644 index 28bd91fba..000000000 --- a/packstack/puppet/templates/mariadb_trove_install.pp +++ /dev/null @@ -1,6 +0,0 @@ -class { '::trove::db::mysql': - password => hiera('CONFIG_TROVE_DB_PW'), - host => '%%', - allowed_hosts => '%%', - charset => 'utf8', -} diff --git a/packstack/puppet/templates/mariadb_trove_noinstall.pp b/packstack/puppet/templates/mariadb_trove_noinstall.pp deleted file mode 100644 index 0a72838a6..000000000 --- a/packstack/puppet/templates/mariadb_trove_noinstall.pp +++ /dev/null @@ -1,29 +0,0 @@ - -remote_database { 'trove': - ensure => 'present', - charset => 'utf8', - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', -} - -$trove_cfg_trove_db_pw = hiera('CONFIG_TROVE_DB_PW') - -remote_database_user { 'trove@%%': - password_hash => mysql_password($trove_cfg_trove_db_pw), - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', - require => Remote_database['trove'], -} - -remote_database_grant { 'trove@%%/trove': - privileges => 'all', - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', - require => Remote_database_user['trove@%%'], -} diff --git a/packstack/puppet/templates/mongodb.pp b/packstack/puppet/templates/mongodb.pp deleted file mode 100644 index 446a0cbc0..000000000 --- a/packstack/puppet/templates/mongodb.pp +++ /dev/null @@ -1,22 +0,0 @@ -$mongodb_host = hiera('CONFIG_MONGODB_HOST') - -# The MongoDB config files differ between versions -if (($::operatingsystem == 'fedora' and versioncmp($::operatingsystemrelease, '22') >= 0) - or - ($::operatingsystem != 'fedora' and versioncmp($::operatingsystemrelease, '7.0') >= 0) - ){ - $config_file = '/etc/mongod.conf' -} else { - $config_file = '/etc/mongodb.conf' -} - -class { '::mongodb::server': - ipv6 => hiera('CONFIG_IP_VERSION') ? { - 'ipv6' => true, - default => false, - # TO-DO(mmagr): Add IPv6 support when hostnames are used - }, - smallfiles => true, - bind_ip => force_ip($mongodb_host), - config => $config_file, -} diff --git a/packstack/puppet/templates/nagios_nrpe.pp b/packstack/puppet/templates/nagios_nrpe.pp deleted file mode 100644 index d109c81be..000000000 --- a/packstack/puppet/templates/nagios_nrpe.pp +++ /dev/null @@ -1,48 +0,0 @@ -package{ 'nrpe': - ensure => present, - before => Class['nagios_configs'], -} - -file{ '/etc/nagios/nrpe.cfg': - ensure => file, - mode => '0644', - owner => 'nagios', - group => 'nagios', - require => Package['nrpe'], -} - -class nagios_configs () { - $nagios_configs_cfg_ctrl_host = hiera('CONFIG_CONTROLLER_HOST') - - file_line{'allowed_hosts': - path => '/etc/nagios/nrpe.cfg', - match => 'allowed_hosts=', - line => "allowed_hosts=${nagios_configs_cfg_ctrl_host}", - } - - # 5 minute load average - file_line{'load5': - path => '/etc/nagios/nrpe.cfg', - match => 'command\[load5\]=', - line => 'command[load5]=cut /proc/loadavg -f 1 -d " "', - } - - # disk used on /var - file_line{'df_var': - path => '/etc/nagios/nrpe.cfg', - match => "command\[df_var\]=", - line => "command[df_var]=df /var/ | sed -re 's/.* ([0-9]+)%%.*/\\1/' | grep -E '^[0-9]'", - } -} - -class{ '::nagios_configs': - notify => Service['nrpe'], -} - -service{'nrpe': - ensure => running, - enable => true, - hasstatus => true, -} - - diff --git a/packstack/puppet/templates/nagios_server.pp b/packstack/puppet/templates/nagios_server.pp deleted file mode 100644 index b44255580..000000000 --- a/packstack/puppet/templates/nagios_server.pp +++ /dev/null @@ -1,95 +0,0 @@ -package { ['nagios', 'nagios-plugins-nrpe']: - ensure => present, - before => Class['nagios_configs'], -} - -# We need to preferably install nagios-plugins-ping -exec { 'nagios-plugins-ping': - path => '/usr/bin', - command => 'yum install -y -d 0 -e 0 monitoring-plugins-ping', - onlyif => 'yum install -y -d 0 -e 0 nagios-plugins-ping &> /dev/null && exit 1 || exit 0', - before => Class['nagios_configs'], -} - -class nagios_configs(){ - file { ['/etc/nagios/nagios_command.cfg', '/etc/nagios/nagios_host.cfg', '/etc/nagios/nagios_service.cfg']: - ensure => file, - mode => '0644', - owner => 'nagios', - group => 'nagios', - } - - # Remove the entry for localhost, it contains services we're not - # monitoring - file { ['/etc/nagios/objects/localhost.cfg']: - ensure => file, - content => '', - } - - file_line { 'nagios_host': - path => '/etc/nagios/nagios.cfg', - line => 'cfg_file=/etc/nagios/nagios_host.cfg', - } - - file_line { 'nagios_command': - path => '/etc/nagios/nagios.cfg', - line => 'cfg_file=/etc/nagios/nagios_command.cfg', - } - - file_line { 'nagios_service': - path => '/etc/nagios/nagios.cfg', - line => 'cfg_file=/etc/nagios/nagios_service.cfg', - } - - $nagios_cfg_ks_adm_pw = hiera('CONFIG_KEYSTONE_ADMIN_PW') - $nagios_cfg_keystone_url = hiera('CONFIG_KEYSTONE_ADMIN_URL') - $keystone_admin_username = hiera('CONFIG_KEYSTONE_ADMIN_USERNAME') - - file { '/etc/nagios/keystonerc_admin': - ensure => file, - owner => 'nagios', - mode => '0600', - content => "export OS_USERNAME=${keystone_admin_username} -export OS_TENANT_NAME=admin -export OS_PASSWORD=${nagios_cfg_ks_adm_pw} -export OS_AUTH_URL=${nagios_cfg_keystone_url}", - } - - class { 'packstack::nagios_config_wrapper': - nagios_hosts => hiera('CONFIG_NAGIOS_NODES'), - nagios_openstack_services => hiera('CONFIG_NAGIOS_SERVICES'), - controller_host => hiera('CONFIG_CONTROLLER_HOST'), - require => Package['nagios'], - notify => Service['nagios'], - } -} - -class { '::nagios_configs': - notify => [ Service['nagios'], Service['httpd']], -} - -class { '::apache': - purge_configs => false, -} - -$cfg_nagios_pw = hiera('CONFIG_NAGIOS_PW') - -exec { 'nagiospasswd': - command => "/usr/bin/htpasswd -b /etc/nagios/passwd nagiosadmin ${cfg_nagios_pw}", - require => Package['nagios'], - before => Service['nagios'], -} - -class { '::apache::mod::php': } - -service { ['nagios']: - ensure => running, - enable => true, - hasstatus => true, -} - -firewall { '001 nagios incoming': - proto => 'tcp', - dport => ['80'], - action => 'accept', -} diff --git a/packstack/puppet/templates/network.pp b/packstack/puppet/templates/network.pp new file mode 100644 index 000000000..b6a6887d7 --- /dev/null +++ b/packstack/puppet/templates/network.pp @@ -0,0 +1,51 @@ +stage { "init": before => Stage["main"] } + +Exec { timeout => hiera('DEFAULT_EXEC_TIMEOUT') } + +class {'::packstack::prereqs': + stage => init, +} + +if hiera('CONFIG_NTP_SERVERS', undef) != undef { + include '::packstack::chrony' +} + +if hiera('CONFIG_NEUTRON_INSTALL') == 'y' { + include '::packstack::neutron::rabbitmq' + + if hiera('CONFIG_NEUTRON_VPNAAS') == 'y' { + include '::packstack::neutron::vpnaas' + } + if hiera('CONFIG_NEUTRON_FWAAS') == 'y' { + include '::packstack::neutron::fwaas' + } + if hiera('CONFIG_LBAAS_INSTALL') == 'y' { + include '::packstack::neutron::lbaas' + } + include '::packstack::neutron::l3' + if hiera('CONFIG_NEUTRON_OVS_BRIDGE_CREATE') == 'y' { + include '::packstack::neutron::ovs_bridge' + } + + case hiera('CONFIG_NEUTRON_L2_AGENT') { + 'openvswitch': { include '::packstack::neutron::ovs_agent' } + '': { include '::packstack::neutron::lb_agent' } + default: { include '::packstack::neutron::ovs_agent' } + } + include '::packstack::neutron::bridge' + include '::packstack::neutron::dhcp' + if hiera('CONFIG_NEUTRON_METERING_AGENT_INSTALL') == 'y' { + include '::packstack::neutron::metering' + } + if hiera('CONFIG_NOVA_INSTALL') == 'y' { + include '::packstack::neutron::metadata' + } + + if hiera('CONFIG_PROVISION_DEMO') == 'y' or hiera('CONFIG_PROVISION_TEMPEST') == 'y' { + include '::packstack::provision::bridge' + } +} + +if hiera('CONFIG_NAGIOS_INSTALL') == 'y' { + include '::packstack::nagios::nrpe' +} diff --git a/packstack/puppet/templates/neutron.pp b/packstack/puppet/templates/neutron.pp deleted file mode 100644 index 3c6e7fb8c..000000000 --- a/packstack/puppet/templates/neutron.pp +++ /dev/null @@ -1,8 +0,0 @@ -$neutron_db_host = hiera('CONFIG_MARIADB_HOST_URL') -$neutron_db_name = hiera('CONFIG_NEUTRON_L2_DBNAME') -$neutron_db_user = 'neutron' -$neutron_db_password = hiera('CONFIG_NEUTRON_DB_PW') -$neutron_sql_connection = "mysql+pymysql://${neutron_db_user}:${neutron_db_password}@${neutron_db_host}/${neutron_db_name}" -$neutron_user_password = hiera('CONFIG_NEUTRON_KS_PW') - - diff --git a/packstack/puppet/templates/neutron_api.pp b/packstack/puppet/templates/neutron_api.pp deleted file mode 100644 index 2ac8f19cd..000000000 --- a/packstack/puppet/templates/neutron_api.pp +++ /dev/null @@ -1,43 +0,0 @@ - -class { '::neutron::server': - database_connection => $neutron_sql_connection, - auth_password => $neutron_user_password, - auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), - identity_uri => hiera('CONFIG_KEYSTONE_ADMIN_URL'), - sync_db => true, - enabled => true, - api_workers => $service_workers, - rpc_workers => $service_workers, - service_providers => hiera_array('SERVICE_PROVIDERS') -} - -# TODO: FIXME: remove this hack after upstream resolves https://bugs.launchpad.net/puppet-neutron/+bug/1474961 -if hiera('CONFIG_NEUTRON_VPNAAS') == 'y' { - ensure_resource( 'package', 'neutron-vpnaas-agent', { - name => 'openstack-neutron-vpnaas', - tag => ['openstack', 'neutron-package'], - }) - Package['neutron-vpnaas-agent'] ~> Service<| tag == 'neutron-service' |> -} -if hiera('CONFIG_NEUTRON_FWAAS') == 'y' { - ensure_resource( 'package', 'neutron-fwaas', { - 'name' => 'openstack-neutron-fwaas', - 'tag' => 'openstack' - }) - Package['neutron-fwaas'] ~> Service<| tag == 'neutron-service' |> -} -if hiera('CONFIG_LBAAS_INSTALL') == 'y' { - ensure_resource( 'package', 'neutron-lbaas-agent', { - name => 'openstack-neutron-lbaas', - tag => ['openstack', 'neutron-package'], - }) - Package['neutron-lbaas-agent'] ~> Service<| tag == 'neutron-service' |> -} - -file { '/etc/neutron/api-paste.ini': - ensure => file, - mode => '0640', -} - -Class['::neutron::server'] -> File['/etc/neutron/api-paste.ini'] - diff --git a/packstack/puppet/templates/neutron_bridge_module.pp b/packstack/puppet/templates/neutron_bridge_module.pp deleted file mode 100644 index 0492dafd9..000000000 --- a/packstack/puppet/templates/neutron_bridge_module.pp +++ /dev/null @@ -1,2 +0,0 @@ - -class { '::packstack::neutron::bridge': } diff --git a/packstack/puppet/templates/neutron_dhcp.pp b/packstack/puppet/templates/neutron_dhcp.pp deleted file mode 100644 index a45cec682..000000000 --- a/packstack/puppet/templates/neutron_dhcp.pp +++ /dev/null @@ -1,5 +0,0 @@ -class { '::neutron::agents::dhcp': - interface_driver => hiera('CONFIG_NEUTRON_DHCP_INTERFACE_DRIVER'), - debug => hiera('CONFIG_DEBUG_MODE'), -} - diff --git a/packstack/puppet/templates/neutron_dhcp_mtu.pp b/packstack/puppet/templates/neutron_dhcp_mtu.pp deleted file mode 100644 index 6d3d93f38..000000000 --- a/packstack/puppet/templates/neutron_dhcp_mtu.pp +++ /dev/null @@ -1,4 +0,0 @@ -class { '::neutron::agents::dhcp': - interface_driver => hiera('CONFIG_NEUTRON_DHCP_INTERFACE_DRIVER'), - debug => hiera('CONFIG_DEBUG_MODE'), -} diff --git a/packstack/puppet/templates/neutron_fwaas.pp b/packstack/puppet/templates/neutron_fwaas.pp deleted file mode 100644 index dd579fd70..000000000 --- a/packstack/puppet/templates/neutron_fwaas.pp +++ /dev/null @@ -1,4 +0,0 @@ -class { '::neutron::services::fwaas': - enabled => true, - driver => 'neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver', -} diff --git a/packstack/puppet/templates/neutron_l3.pp b/packstack/puppet/templates/neutron_l3.pp deleted file mode 100644 index 8c166fbf2..000000000 --- a/packstack/puppet/templates/neutron_l3.pp +++ /dev/null @@ -1,21 +0,0 @@ - -$start_l3_agent = hiera('CONFIG_NEUTRON_VPNAAS') ? { - 'y' => false, - default => true -} - -class { '::neutron::agents::l3': - interface_driver => hiera('CONFIG_NEUTRON_L3_INTERFACE_DRIVER'), - external_network_bridge => hiera('CONFIG_NEUTRON_L3_EXT_BRIDGE'), - manage_service => $start_l3_agent, - enabled => $start_l3_agent, - debug => hiera('CONFIG_DEBUG_MODE'), -} - -if defined(Class['neutron::services::fwaas']) { - Class['neutron::services::fwaas'] -> Class['neutron::agents::l3'] -} - -sysctl::value { 'net.ipv4.ip_forward': - value => '1', -} diff --git a/packstack/puppet/templates/neutron_lb_agent.pp b/packstack/puppet/templates/neutron_lb_agent.pp deleted file mode 100644 index 20bf91a2e..000000000 --- a/packstack/puppet/templates/neutron_lb_agent.pp +++ /dev/null @@ -1,5 +0,0 @@ - -$neutron_lb_interface_mappings = hiera_array('CONFIG_NEUTRON_LB_INTERFACE_MAPPINGS') -class { '::neutron::agents::ml2::linuxbridge': - physical_interface_mappings => force_interface($neutron_lb_interface_mappings, $use_subnets), -} diff --git a/packstack/puppet/templates/neutron_lbaas.pp b/packstack/puppet/templates/neutron_lbaas.pp deleted file mode 100644 index 80acb8878..000000000 --- a/packstack/puppet/templates/neutron_lbaas.pp +++ /dev/null @@ -1,10 +0,0 @@ -class { '::neutron::agents::lbaas': - interface_driver => hiera('CONFIG_NEUTRON_LBAAS_INTERFACE_DRIVER'), - device_driver => 'neutron.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver', - user_group => 'haproxy', - debug => hiera('CONFIG_DEBUG_MODE'), -} - -class {'::neutron::services::lbaas': - service_providers => 'LOADBALANCER:Haproxy:neutron_lbaas.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default', -} diff --git a/packstack/puppet/templates/neutron_metadata.pp b/packstack/puppet/templates/neutron_metadata.pp deleted file mode 100644 index 83af14642..000000000 --- a/packstack/puppet/templates/neutron_metadata.pp +++ /dev/null @@ -1,6 +0,0 @@ -class { '::neutron::agents::metadata': - shared_secret => hiera('CONFIG_NEUTRON_METADATA_PW'), - metadata_ip => force_ip(hiera('CONFIG_KEYSTONE_HOST_URL')), - debug => hiera('CONFIG_DEBUG_MODE'), - metadata_workers => $service_workers -} diff --git a/packstack/puppet/templates/neutron_metering_agent.pp b/packstack/puppet/templates/neutron_metering_agent.pp deleted file mode 100644 index c1e9f7031..000000000 --- a/packstack/puppet/templates/neutron_metering_agent.pp +++ /dev/null @@ -1,4 +0,0 @@ -class { '::neutron::agents::metering': - interface_driver => hiera('CONFIG_NEUTRON_METERING_IFCE_DRIVER'), - debug => hiera('CONFIG_DEBUG_MODE'), -} diff --git a/packstack/puppet/templates/neutron_ml2_plugin.pp b/packstack/puppet/templates/neutron_ml2_plugin.pp deleted file mode 100644 index 26e572c08..000000000 --- a/packstack/puppet/templates/neutron_ml2_plugin.pp +++ /dev/null @@ -1,29 +0,0 @@ - -if hiera('CONFIG_NEUTRON_ML2_VXLAN_GROUP') == '' { - $vxlan_group_value = undef -} else { - $vxlan_group_value = hiera('CONFIG_NEUTRON_ML2_VXLAN_GROUP') -} - -class { '::neutron::plugins::ml2': - type_drivers => hiera_array('CONFIG_NEUTRON_ML2_TYPE_DRIVERS'), - tenant_network_types => hiera_array('CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES'), - mechanism_drivers => hiera_array('CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS'), - flat_networks => hiera_array('CONFIG_NEUTRON_ML2_FLAT_NETWORKS'), - network_vlan_ranges => hiera_array('CONFIG_NEUTRON_ML2_VLAN_RANGES'), - tunnel_id_ranges => hiera_array('CONFIG_NEUTRON_ML2_TUNNEL_ID_RANGES'), - vxlan_group => $vxlan_group_value, - vni_ranges => hiera_array('CONFIG_NEUTRON_ML2_VNI_RANGES'), - enable_security_group => true, - firewall_driver => hiera('FIREWALL_DRIVER'), - supported_pci_vendor_devs => hiera_array('CONFIG_NEUTRON_ML2_SUPPORTED_PCI_VENDOR_DEVS'), - sriov_agent_required => hiera('CONFIG_NEUTRON_ML2_SRIOV_AGENT_REQUIRED'), -} - -# For cases where "neutron-db-manage upgrade" command is called -# we need to fill config file first -if defined(Exec['neutron-db-manage upgrade']) { - Neutron_plugin_ml2<||> -> - File['/etc/neutron/plugin.ini'] -> - Exec['neutron-db-manage upgrade'] -} diff --git a/packstack/puppet/templates/neutron_notifications.pp b/packstack/puppet/templates/neutron_notifications.pp deleted file mode 100644 index 7954ac3a6..000000000 --- a/packstack/puppet/templates/neutron_notifications.pp +++ /dev/null @@ -1,11 +0,0 @@ -$neutron_notif_cfg_ctrl_host = hiera('CONFIG_KEYSTONE_HOST_URL') - -# Configure nova notifications system -class { '::neutron::server::notifications': - username => 'nova', - password => hiera('CONFIG_NOVA_KS_PW'), - tenant_name => 'services', - nova_url => "http://${neutron_notif_cfg_ctrl_host}:8774/v2", - auth_url => hiera('CONFIG_KEYSTONE_ADMIN_URL'), - region_name => hiera('CONFIG_KEYSTONE_REGION'), -} diff --git a/packstack/puppet/templates/neutron_ovs_agent.pp b/packstack/puppet/templates/neutron_ovs_agent.pp deleted file mode 100644 index fb0446264..000000000 --- a/packstack/puppet/templates/neutron_ovs_agent.pp +++ /dev/null @@ -1,41 +0,0 @@ - -$neutron_ovs_tunnel_if = hiera('CONFIG_NEUTRON_OVS_TUNNEL_IF', undef) -if $neutron_ovs_tunnel_if { - $ovs_agent_vxlan_cfg_neut_ovs_tun_if = force_interface($neutron_ovs_tunnel_if, $use_subnets) -} else { - $ovs_agent_vxlan_cfg_neut_ovs_tun_if = undef -} - -if $ovs_agent_vxlan_cfg_neut_ovs_tun_if != '' { - $iface = regsubst($ovs_agent_vxlan_cfg_neut_ovs_tun_if, '[\.\-\:]', '_', 'G') - $localip = inline_template("<%%= scope.lookupvar('::ipaddress_${iface}') %%>") -} else { - $localip = $cfg_neutron_ovs_host -} - -if $network_host { - $bridge_ifaces_param = 'CONFIG_NEUTRON_OVS_BRIDGE_IFACES' - $bridge_mappings_param = 'CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS' -} else { - $bridge_ifaces_param = 'CONFIG_NEUTRON_OVS_BRIDGE_IFACES_COMPUTE' - $bridge_mappings_param = 'CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS_COMPUTE' -} - -if $create_bridges { - $bridge_uplinks = hiera_array($bridge_ifaces_param) - $bridge_mappings = hiera_array($bridge_mappings_param) -} else { - $bridge_uplinks = [] - $bridge_mappings = [] -} - -class { '::neutron::agents::ml2::ovs': - bridge_uplinks => $bridge_uplinks, - bridge_mappings => $bridge_mappings, - enable_tunneling => hiera('CONFIG_NEUTRON_OVS_TUNNELING'), - tunnel_types => hiera_array('CONFIG_NEUTRON_OVS_TUNNEL_TYPES'), - local_ip => force_ip($localip), - vxlan_udp_port => hiera('CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT',undef), - l2_population => hiera('CONFIG_NEUTRON_USE_L2POPULATION'), - firewall_driver => hiera('FIREWALL_DRIVER'), -} diff --git a/packstack/puppet/templates/neutron_ovs_bridge.pp b/packstack/puppet/templates/neutron_ovs_bridge.pp deleted file mode 100644 index d12019461..000000000 --- a/packstack/puppet/templates/neutron_ovs_bridge.pp +++ /dev/null @@ -1,8 +0,0 @@ -$agent_service = 'neutron-ovs-agent-service' - -$config_neutron_ovs_bridge = hiera('CONFIG_NEUTRON_OVS_BRIDGE') - -vs_bridge { $config_neutron_ovs_bridge: - ensure => present, - require => Service[$agent_service], -} diff --git a/packstack/puppet/templates/neutron_rabbitmq.pp b/packstack/puppet/templates/neutron_rabbitmq.pp deleted file mode 100644 index 00872b3df..000000000 --- a/packstack/puppet/templates/neutron_rabbitmq.pp +++ /dev/null @@ -1,37 +0,0 @@ -$bind_host = hiera('CONFIG_IP_VERSION') ? { - 'ipv6' => '::0', - default => '0.0.0.0', - # TO-DO(mmagr): Add IPv6 support when hostnames are used -} - -$kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', undef) -$kombu_ssl_keyfile = hiera('CONFIG_NEUTRON_SSL_KEY', undef) -$kombu_ssl_certfile = hiera('CONFIG_NEUTRON_SSL_CERT', undef) - -if $kombu_ssl_keyfile { - $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] - file { $files_to_set_owner: - owner => 'neutron', - group => 'neutron', - require => Package['openstack-neutron'], - } - File[$files_to_set_owner] ~> Service<||> -} - - -class { '::neutron': - bind_host => $bind_host, - rabbit_host => hiera('CONFIG_AMQP_HOST_URL'), - rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), - rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'), - rabbit_user => hiera('CONFIG_AMQP_AUTH_USER'), - rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), - core_plugin => hiera('CONFIG_NEUTRON_CORE_PLUGIN'), - allow_overlapping_ips => true, - service_plugins => hiera_array('SERVICE_PLUGINS'), - verbose => true, - debug => hiera('CONFIG_DEBUG_MODE'), - kombu_ssl_ca_certs => $kombu_ssl_ca_certs, - kombu_ssl_keyfile => $kombu_ssl_keyfile, - kombu_ssl_certfile => $kombu_ssl_certfile, -} diff --git a/packstack/puppet/templates/neutron_sriov.pp b/packstack/puppet/templates/neutron_sriov.pp deleted file mode 100644 index 8c964efa5..000000000 --- a/packstack/puppet/templates/neutron_sriov.pp +++ /dev/null @@ -1,3 +0,0 @@ -class { 'neutron::agents::ml2::sriov' : - physical_device_mappings => hiera_array('CONFIG_NEUTRON_ML2_SRIOV_INTERFACE_MAPPINGS'), -} diff --git a/packstack/puppet/templates/neutron_vpnaas.pp b/packstack/puppet/templates/neutron_vpnaas.pp deleted file mode 100644 index eaa4a7742..000000000 --- a/packstack/puppet/templates/neutron_vpnaas.pp +++ /dev/null @@ -1,9 +0,0 @@ -class { '::neutron::agents::vpnaas': - enabled => true, - vpn_device_driver => 'neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver', -} -> -class { '::neutron::services::vpnaas': - service_providers => 'VPN:libreswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default', - notify => Service['neutron-server'], -} - diff --git a/packstack/puppet/templates/nova_api.pp b/packstack/puppet/templates/nova_api.pp deleted file mode 100644 index 6a6c55898..000000000 --- a/packstack/puppet/templates/nova_api.pp +++ /dev/null @@ -1,87 +0,0 @@ - -require 'keystone::python' -$bind_host = hiera('CONFIG_IP_VERSION') ? { - 'ipv6' => '::0', - default => '0.0.0.0', - # TO-DO(mmagr): Add IPv6 support when hostnames are used -} - -$config_use_neutron = hiera('CONFIG_NEUTRON_INSTALL') -if $config_use_neutron == 'y' { - $default_floating_pool = 'public' -} else { - $default_floating_pool = 'nova' -} - -$auth_uri = hiera('CONFIG_KEYSTONE_PUBLIC_URL') -$admin_password = hiera('CONFIG_NOVA_KS_PW') - -class { '::nova::api': - api_bind_address => $bind_host, - metadata_listen => $bind_host, - enabled => true, - auth_uri => $auth_uri, - identity_uri => hiera('CONFIG_KEYSTONE_ADMIN_URL'), - admin_password => $admin_password, - neutron_metadata_proxy_shared_secret => hiera('CONFIG_NEUTRON_METADATA_PW_UNQUOTED', undef), - default_floating_pool => $default_floating_pool, - pci_alias => hiera('CONFIG_NOVA_PCI_ALIAS'), - sync_db_api => true, - osapi_compute_workers => $service_workers, - metadata_workers => $service_workers -} - -Package<| title == 'nova-common' |> -> Class['nova::api'] - -$db_purge = hiera('CONFIG_NOVA_DB_PURGE_ENABLE') -if $db_purge { - class { '::nova::cron::archive_deleted_rows': - hour => '*/12', - destination => '/dev/null', - } -} - -$manage_flavors = str2bool(hiera('CONFIG_NOVA_MANAGE_FLAVORS')) -if $manage_flavors { - Class['::nova::api'] -> Nova_flavor<||> - - nova_flavor { 'm1.tiny': - ensure => present, - id => '1', - ram => '512', - disk => '1', - vcpus => '1', - } - - nova_flavor { 'm1.small': - ensure => present, - id => '2', - ram => '2048', - disk => '20', - vcpus => '1', - } - - nova_flavor { 'm1.medium': - ensure => present, - id => '3', - ram => '4096', - disk => '40', - vcpus => '2', - } - - nova_flavor { 'm1.large': - ensure => present, - id => '4', - ram => '8192', - disk => '80', - vcpus => '4', - } - - nova_flavor { 'm1.xlarge': - ensure => present, - id => '5', - ram => '16384', - disk => '160', - vcpus => '8', - } -} diff --git a/packstack/puppet/templates/nova_ceilometer.pp b/packstack/puppet/templates/nova_ceilometer.pp deleted file mode 100644 index c8d1fbe4e..000000000 --- a/packstack/puppet/templates/nova_ceilometer.pp +++ /dev/null @@ -1,8 +0,0 @@ -class { '::ceilometer::agent::auth': - auth_url => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), - auth_password => hiera('CONFIG_CEILOMETER_KS_PW'), - auth_region => hiera('CONFIG_KEYSTONE_REGION'), -} - -class { '::ceilometer::agent::compute': } - diff --git a/packstack/puppet/templates/nova_ceilometer_rabbitmq.pp b/packstack/puppet/templates/nova_ceilometer_rabbitmq.pp deleted file mode 100644 index 3a65e6936..000000000 --- a/packstack/puppet/templates/nova_ceilometer_rabbitmq.pp +++ /dev/null @@ -1,30 +0,0 @@ -$ceilometer_kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', undef) -$ceilometer_kombu_ssl_keyfile = hiera('CONFIG_CEILOMETER_SSL_KEY', undef) -$ceilometer_kombu_ssl_certfile = hiera('CONFIG_CEILOMETER_SSL_CERT', undef) - -if $ceilometer_kombu_ssl_keyfile { - $ceilometer_files_to_set_owner = [ $ceilometer_kombu_ssl_keyfile, $ceilometer_kombu_ssl_certfile ] - file { $ceilometer_files_to_set_owner: - owner => 'ceilometer', - group => 'ceilometer', - require => Package['nova-common'], - } - File[$ceilometer_files_to_set_owner] ~> Service<||> -} - -class { '::ceilometer': - metering_secret => hiera('CONFIG_CEILOMETER_SECRET'), - rabbit_host => hiera('CONFIG_AMQP_HOST_URL'), - rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), - rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'), - rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'), - rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), - verbose => true, - debug => hiera('CONFIG_DEBUG_MODE'), - # for some strange reason ceilometer needs to be in nova group - require => Package['nova-common'], - kombu_ssl_ca_certs => $ceilometer_kombu_ssl_ca_certs, - kombu_ssl_keyfile => $ceilometer_kombu_ssl_keyfile, - kombu_ssl_certfile => $ceilometer_kombu_ssl_certfile, -} - diff --git a/packstack/puppet/templates/nova_cert.pp b/packstack/puppet/templates/nova_cert.pp deleted file mode 100644 index f84828a73..000000000 --- a/packstack/puppet/templates/nova_cert.pp +++ /dev/null @@ -1,4 +0,0 @@ - -class { '::nova::cert': - enabled => true, -} diff --git a/packstack/puppet/templates/nova_common_nopw.pp b/packstack/puppet/templates/nova_common_nopw.pp deleted file mode 100644 index 1ab00d4a5..000000000 --- a/packstack/puppet/templates/nova_common_nopw.pp +++ /dev/null @@ -1,7 +0,0 @@ -# Ensure Firewall changes happen before nova services start -# preventing a clash with rules being set by nova-compute and nova-network -Firewall <| |> -> Class['nova'] - -nova_config{ - 'DEFAULT/metadata_host': value => hiera('CONFIG_CONTROLLER_HOST'); -} diff --git a/packstack/puppet/templates/nova_common_pw.pp b/packstack/puppet/templates/nova_common_pw.pp deleted file mode 100644 index 941578cae..000000000 --- a/packstack/puppet/templates/nova_common_pw.pp +++ /dev/null @@ -1,8 +0,0 @@ -# Ensure Firewall changes happen before nova services start -# preventing a clash with rules being set by nova-compute and nova-network -Firewall <| |> -> Class['nova'] - -nova_config{ - # metadata_host has to be IP - 'DEFAULT/metadata_host': value => force_ip(hiera('CONFIG_CONTROLLER_HOST')); -} diff --git a/packstack/puppet/templates/nova_common_rabbitmq.pp b/packstack/puppet/templates/nova_common_rabbitmq.pp deleted file mode 100644 index 473522190..000000000 --- a/packstack/puppet/templates/nova_common_rabbitmq.pp +++ /dev/null @@ -1,56 +0,0 @@ -$nova_db_pw = hiera('CONFIG_NOVA_DB_PW') -$nova_mariadb_host = hiera('CONFIG_MARIADB_HOST_URL') - -$private_key = { - 'type' => hiera('NOVA_MIGRATION_KEY_TYPE'), - key => hiera('NOVA_MIGRATION_KEY_SECRET'), -} -$public_key = { - 'type' => hiera('NOVA_MIGRATION_KEY_TYPE'), - key => hiera('NOVA_MIGRATION_KEY_PUBLIC'), -} - - -$kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', undef) -$kombu_ssl_keyfile = hiera('CONFIG_NOVA_SSL_KEY', undef) -$kombu_ssl_certfile = hiera('CONFIG_NOVA_SSL_CERT', undef) - -if $kombu_ssl_keyfile { - $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] - file { $files_to_set_owner: - owner => 'nova', - group => 'nova', - require => Package['nova-common'], - } - File[$files_to_set_owner] ~> Service<||> -} - -$nova_common_rabbitmq_cfg_storage_host = hiera('CONFIG_STORAGE_HOST_URL') - -if hiera('CONFIG_CEILOMETER_INSTALL') == 'y' { - $nova_common_notification_driver = 'messagingv2' - $notify_on_state_change = 'vm_and_task_state' -} else { - $nova_common_notification_driver = undef - $notify_on_state_change = undef -} - -class { '::nova': - glance_api_servers => "${nova_common_rabbitmq_cfg_storage_host}:9292", - rabbit_host => hiera('CONFIG_AMQP_HOST_URL'), - rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), - rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'), - rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'), - rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), - verbose => true, - debug => hiera('CONFIG_DEBUG_MODE'), - nova_public_key => $public_key, - nova_private_key => $private_key, - kombu_ssl_ca_certs => $kombu_ssl_ca_certs, - kombu_ssl_keyfile => $kombu_ssl_keyfile, - kombu_ssl_certfile => $kombu_ssl_certfile, - notification_driver => $nova_common_notification_driver, - notify_on_state_change => $notify_on_state_change, - database_connection => "mysql+pymysql://nova:${nova_db_pw}@${nova_mariadb_host}/nova", - api_database_connection => "mysql+pymysql://nova_api:${nova_db_pw}@${nova_mariadb_host}/nova_api", -} diff --git a/packstack/puppet/templates/nova_compute.pp b/packstack/puppet/templates/nova_compute.pp deleted file mode 100644 index ab496e7dd..000000000 --- a/packstack/puppet/templates/nova_compute.pp +++ /dev/null @@ -1,74 +0,0 @@ - -package{ 'python-cinderclient': - before => Class['nova'], -} - -# Install the private key to be used for live migration. This needs to be -# configured into libvirt/live_migration_uri in nova.conf. -file { '/etc/nova/ssh': - ensure => directory, - owner => root, - group => root, - mode => '0700', - require => Package['nova-common'], -} - -file { '/etc/nova/ssh/nova_migration_key': - content => hiera('NOVA_MIGRATION_KEY_SECRET'), - mode => '0600', - owner => root, - group => root, - require => File['/etc/nova/ssh'], -} - -nova_config{ - 'DEFAULT/volume_api_class': - value => 'nova.volume.cinder.API'; - 'libvirt/live_migration_uri': - value => hiera('CONFIG_NOVA_COMPUTE_MIGRATE_URL'); -} - -if ($::fqdn == '' or $::fqdn =~ /localhost/) { - # For cases where FQDNs have not been correctly set - $vncproxy_server = choose_my_ip(hiera('HOST_LIST')) -} else { - $vncproxy_server = $::fqdn -} - -if hiera('CONFIG_CEILOMETER_INSTALL') == 'y' { - $instance_usage_audit = true - $instance_usage_audit_period = 'hour' -} else { - $instance_usage_audit = false - $instance_usage_audit_period = 'month' -} - -class { '::nova::compute': - enabled => true, - vncproxy_host => hiera('CONFIG_KEYSTONE_HOST_URL'), - vncproxy_protocol => hiera('CONFIG_VNCPROXY_PROTOCOL'), - vncserver_proxyclient_address => $vncproxy_server, - compute_manager => hiera('CONFIG_NOVA_COMPUTE_MANAGER'), - pci_passthrough => hiera('CONFIG_NOVA_PCI_PASSTHROUGH_WHITELIST'), - instance_usage_audit => $instance_usage_audit, - instance_usage_audit_period => $instance_usage_audit_period, -} - -# Tune the host with a virtual hosts profile -package { 'tuned': - ensure => present, -} - -service { 'tuned': - ensure => running, - require => Package['tuned'], -} - -# tries/try_sleep to try and circumvent rhbz1320744 -exec { 'tuned-virtual-host': - unless => '/usr/sbin/tuned-adm active | /bin/grep virtual-host', - command => '/usr/sbin/tuned-adm profile virtual-host', - require => Service['tuned'], - tries => 3, - try_sleep => 5 -} diff --git a/packstack/puppet/templates/nova_compute_flat.pp b/packstack/puppet/templates/nova_compute_flat.pp deleted file mode 100644 index c4f2c6f84..000000000 --- a/packstack/puppet/templates/nova_compute_flat.pp +++ /dev/null @@ -1,6 +0,0 @@ - -$nova_compute_privif = hiera('CONFIG_NOVA_COMPUTE_PRIVIF') - -nova_config { - 'DEFAULT/flat_interface': value => force_interface($nova_compute_privif, $use_subnets); -} diff --git a/packstack/puppet/templates/nova_compute_ironic.pp b/packstack/puppet/templates/nova_compute_ironic.pp deleted file mode 100644 index 641e88504..000000000 --- a/packstack/puppet/templates/nova_compute_ironic.pp +++ /dev/null @@ -1,11 +0,0 @@ -$ironic_config_controller_host = hiera('CONFIG_KEYSTONE_HOST_URL') -$ironic_config_keystone_admin = hiera('CONFIG_KEYSTONE_ADMIN_URL') -$ironic_config_keystone_version = hiera('CONFIG_KEYSTONE_API_VERSION') - -class { '::nova::compute::ironic': - admin_user => 'ironic', - admin_passwd => hiera('CONFIG_IRONIC_KS_PW'), - admin_url => "${ironic_config_keystone_admin}/${ironic_config_keystone_version}", - admin_tenant_name => 'services', - api_endpoint => "http://${ironic_config_controller_host}:6385/v1", -} diff --git a/packstack/puppet/templates/nova_compute_libvirt.pp b/packstack/puppet/templates/nova_compute_libvirt.pp deleted file mode 100644 index c1cce2965..000000000 --- a/packstack/puppet/templates/nova_compute_libvirt.pp +++ /dev/null @@ -1,80 +0,0 @@ -Firewall <| |> -> Class['nova::compute::libvirt'] - -# Ensure Firewall changes happen before libvirt service start -# preventing a clash with rules being set by libvirt - -if str2bool($::is_virtual) { - $libvirt_virt_type = 'qemu' - $libvirt_cpu_mode = 'none' -} else { - $libvirt_virt_type = 'kvm' -} - -# We need to preferably install qemu-kvm-rhev -exec { 'qemu-kvm': - path => '/usr/bin', - command => 'yum install -y -d 0 -e 0 qemu-kvm', - onlyif => 'yum install -y -d 0 -e 0 qemu-kvm-rhev &> /dev/null && exit 1 || exit 0', - before => Class['nova::compute::libvirt'], -} -> -# chmod is workaround for https://bugzilla.redhat.com/show_bug.cgi?id=950436 -file { '/dev/kvm': - owner => 'root', - group => 'kvm', - mode => '666', - before => Class['nova::compute::libvirt'], -} - -$libvirt_vnc_bind_host = hiera('CONFIG_IP_VERSION') ? { - 'ipv6' => '::0', - default => '0.0.0.0', - # TO-DO(mmagr): Add IPv6 support when hostnames are used -} - -class { '::nova::compute::libvirt': - libvirt_virt_type => $libvirt_virt_type, - libvirt_cpu_mode => $libvirt_cpu_mode, - vncserver_listen => $libvirt_vnc_bind_host, - migration_support => true, - libvirt_inject_partition => '-1', -} - -file_line { 'libvirt-guests': - path => '/etc/sysconfig/libvirt-guests', - line => 'ON_BOOT=ignore', - match => '^[\s#]*ON_BOOT=.*', - require => Class['nova::compute::libvirt'], -} - -# Remove libvirt's default network (usually virbr0) as it's unnecessary and -# can be confusing -exec {'virsh-net-destroy-default': - onlyif => '/usr/bin/virsh net-list | grep default', - command => '/usr/bin/virsh net-destroy default', - require => Service['libvirt'], -} - -exec {'virsh-net-undefine-default': - onlyif => '/usr/bin/virsh net-list --inactive | grep default', - command => '/usr/bin/virsh net-undefine default', - require => Exec['virsh-net-destroy-default'], -} - -$libvirt_debug = hiera('CONFIG_DEBUG_MODE') -if $libvirt_debug { - - file_line { '/etc/libvirt/libvirt.conf log_filters': - path => '/etc/libvirt/libvirtd.conf', - line => 'log_filters = "1:libvirt 1:qemu 1:conf 1:security 3:event 3:json 3:file 1:util"', - match => 'log_filters =', - notify => Service['libvirt'], - } - - file_line { '/etc/libvirt/libvirt.conf log_outputs': - path => '/etc/libvirt/libvirtd.conf', - line => 'log_outputs = "1:file:/var/log/libvirt/libvirtd.log"', - match => 'log_outputs =', - notify => Service['libvirt'], - } - -} diff --git a/packstack/puppet/templates/nova_compute_vmware.pp b/packstack/puppet/templates/nova_compute_vmware.pp deleted file mode 100644 index 20f2a5e5a..000000000 --- a/packstack/puppet/templates/nova_compute_vmware.pp +++ /dev/null @@ -1,7 +0,0 @@ - -class { '::nova::compute::vmware': - host_ip => hiera('CONFIG_VCENTER_HOST'), - host_username => hiera('CONFIG_VCENTER_USER'), - host_password => hiera('CONFIG_VCENTER_PASSWORD'), - cluster_name => $nova_vcenter_cluster_name, -} diff --git a/packstack/puppet/templates/nova_conductor.pp b/packstack/puppet/templates/nova_conductor.pp deleted file mode 100644 index afa54e0c9..000000000 --- a/packstack/puppet/templates/nova_conductor.pp +++ /dev/null @@ -1,4 +0,0 @@ - -class { '::nova::conductor': - enabled => true, -} diff --git a/packstack/puppet/templates/nova_gluster.pp b/packstack/puppet/templates/nova_gluster.pp deleted file mode 100644 index 9531638bc..000000000 --- a/packstack/puppet/templates/nova_gluster.pp +++ /dev/null @@ -1 +0,0 @@ -package { 'glusterfs-fuse': ensure => present } diff --git a/packstack/puppet/templates/nova_metadata.pp b/packstack/puppet/templates/nova_metadata.pp deleted file mode 100644 index 68926c0a6..000000000 --- a/packstack/puppet/templates/nova_metadata.pp +++ /dev/null @@ -1,7 +0,0 @@ - -nova::generic_service { 'metadata-api': - enabled => true, - ensure_package => 'present', - package_name => 'openstack-nova-api', - service_name => 'openstack-nova-metadata-api', -} diff --git a/packstack/puppet/templates/nova_network.pp b/packstack/puppet/templates/nova_network.pp deleted file mode 100644 index 28d202e71..000000000 --- a/packstack/puppet/templates/nova_network.pp +++ /dev/null @@ -1,50 +0,0 @@ - -$multihost = hiera('CONFIG_NOVA_NETWORK_MULTIHOST') -if $multihost { - nova_config { - 'DEFAULT/send_arp_for_ha': value => true; - } -} - -$manager = hiera('CONFIG_NOVA_NETWORK_MANAGER') - -$nova_net_manager_list = [ - 'nova.network.manager.VlanManager', - 'nova.network.manager.FlatDHCPManager', -] - -$overrides = {} - -if $manager in $nova_net_manager_list { - $overrides['force_dhcp_release'] = false -} - -if $manager == 'nova.network.manager.VlanManager' { - $overrides['vlan_start'] = hiera('CONFIG_NOVA_NETWORK_VLAN_START') - $net_size = hiera('CONFIG_NOVA_NETWORK_SIZE') - $net_num = hiera('CONFIG_NOVA_NETWORK_NUMBER') -} else { - $net_size = hiera('CONFIG_NOVA_NETWORK_FIXEDSIZE') - $net_num = 1 -} - -$nova_network_privif = hiera('CONFIG_NOVA_NETWORK_PRIVIF') -$nova_network_pubif = hiera('CONFIG_NOVA_NETWORK_PUBIF') - -class { '::nova::network': - enabled => true, - network_manager => $manager, - num_networks => $net_num , - network_size => $net_size, - private_interface => force_interface($nova_network_privif, $use_subnets), - public_interface => force_interface($nova_network_pubif, $use_subnets), - fixed_range => hiera('CONFIG_NOVA_NETWORK_FIXEDRANGE'), - floating_range => hiera('CONFIG_NOVA_NETWORK_FLOATRANGE'), - config_overrides => $overrides, - auto_assign_floating_ip => hiera('CONFIG_NOVA_NETWORK_AUTOASSIGNFLOATINGIP'), - multi_host => $multihost -} - -package { 'dnsmasq': - ensure => present, -} diff --git a/packstack/puppet/templates/nova_network_libvirt.pp b/packstack/puppet/templates/nova_network_libvirt.pp deleted file mode 100644 index a29a26090..000000000 --- a/packstack/puppet/templates/nova_network_libvirt.pp +++ /dev/null @@ -1,10 +0,0 @@ -$vmware_backend = hiera('CONFIG_VMWARE_BACKEND') - -if $vmware_backend == 'n' { - exec { 'libvirtd_reload': - path => ['/usr/sbin/', '/sbin'], - command => 'service libvirtd reload', - logoutput => 'on_failure', - require => Class['nova::network'], - } -} diff --git a/packstack/puppet/templates/nova_neutron.pp b/packstack/puppet/templates/nova_neutron.pp deleted file mode 100644 index ccf08dbe1..000000000 --- a/packstack/puppet/templates/nova_neutron.pp +++ /dev/null @@ -1,15 +0,0 @@ -$nova_neutron_cfg_ctrl_host = hiera('CONFIG_KEYSTONE_HOST_URL') -$neutron_auth_url = hiera('CONFIG_KEYSTONE_ADMIN_URL') - -class { '::nova::network::neutron': - neutron_password => hiera('CONFIG_NEUTRON_KS_PW'), - neutron_auth_plugin => 'v3password', - neutron_url => "http://${nova_neutron_cfg_ctrl_host}:9696", - neutron_project_name => 'services', - neutron_auth_url => "${neutron_auth_url}/v3", - neutron_region_name => hiera('CONFIG_KEYSTONE_REGION'), -} - -class { '::nova::compute::neutron': - libvirt_vif_driver => hiera('CONFIG_NOVA_LIBVIRT_VIF_DRIVER'), -} diff --git a/packstack/puppet/templates/nova_nfs.pp b/packstack/puppet/templates/nova_nfs.pp deleted file mode 100644 index 01bdfef0e..000000000 --- a/packstack/puppet/templates/nova_nfs.pp +++ /dev/null @@ -1 +0,0 @@ -package { 'nfs-utils': ensure => present } diff --git a/packstack/puppet/templates/nova_sched.pp b/packstack/puppet/templates/nova_sched.pp deleted file mode 100644 index f886bf3d7..000000000 --- a/packstack/puppet/templates/nova_sched.pp +++ /dev/null @@ -1,13 +0,0 @@ -nova_config{ - # OpenStack doesn't include the CoreFilter (= CPU Filter) by default - 'DEFAULT/scheduler_default_filters': - value => 'RetryFilter,AvailabilityZoneFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,CoreFilter'; - 'DEFAULT/cpu_allocation_ratio': - value => hiera('CONFIG_NOVA_SCHED_CPU_ALLOC_RATIO'); - 'DEFAULT/ram_allocation_ratio': - value => hiera('CONFIG_NOVA_SCHED_RAM_ALLOC_RATIO'); -} - -class { '::nova::scheduler': - enabled => true, -} diff --git a/packstack/puppet/templates/nova_sched_ironic.pp b/packstack/puppet/templates/nova_sched_ironic.pp deleted file mode 100644 index 126d9ea75..000000000 --- a/packstack/puppet/templates/nova_sched_ironic.pp +++ /dev/null @@ -1,4 +0,0 @@ -nova_config { - 'DEFAULT/scheduler_host_manager': - value => 'nova.scheduler.ironic_host_manager.IronicHostManager'; -} diff --git a/packstack/puppet/templates/nova_vncproxy.pp b/packstack/puppet/templates/nova_vncproxy.pp deleted file mode 100644 index e8c5d718f..000000000 --- a/packstack/puppet/templates/nova_vncproxy.pp +++ /dev/null @@ -1,28 +0,0 @@ -if hiera('CONFIG_HORIZON_SSL') == 'y' { - nova_config { - 'DEFAULT/ssl_only': value => true; - 'DEFAULT/cert': value => hiera('CONFIG_VNC_SSL_CERT'); - 'DEFAULT/key': value => hiera('CONFIG_VNC_SSL_KEY'); - } -} - -$vnc_bind_host = hiera('CONFIG_IP_VERSION') ? { - 'ipv6' => '::0', - default => '0.0.0.0', - # TO-DO(mmagr): Add IPv6 support when hostnames are used -} - -class { '::nova::vncproxy': - enabled => true, - host => $vnc_bind_host, -} - -class { '::nova::consoleauth': - enabled => true, -} - -firewall { '001 novncproxy incoming': - proto => 'tcp', - dport => ['6080'], - action => 'accept', -} diff --git a/packstack/puppet/templates/ntpd.pp b/packstack/puppet/templates/ntpd.pp deleted file mode 100644 index 1a969c2a3..000000000 --- a/packstack/puppet/templates/ntpd.pp +++ /dev/null @@ -1,102 +0,0 @@ -$cfg_ntp_server_def = hiera('CONFIG_NTP_SERVER_DEF') -$cfg_ntp_servers = hiera('CONFIG_NTP_SERVERS') - -$config_content = " -driftfile /var/lib/ntp/drift - -# Permit time synchronization with our time source, but do not -# permit the source to query or modify the service on this system. -restrict default kod nomodify notrap nopeer noquery -restrict -6 default kod nomodify notrap nopeer noquery - -# Permit all access over the loopback interface. This could -# be tightened as well, but to do so would effect some of -# the administrative functions. -restrict 127.0.0.1 -restrict -6 ::1 - -# Hosts on local network are less restricted. -#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap - -# Use public servers from the pool.ntp.org project. -# Please consider joining the pool (http://www.pool.ntp.org/join.html). -${cfg_ntp_server_def} - -#broadcast 192.168.1.255 autokey # broadcast server -#broadcastclient # broadcast client -#broadcast 224.0.1.1 autokey # multicast server -#multicastclient 224.0.1.1 # multicast client -#manycastserver 239.255.254.254 # manycast server -#manycastclient 239.255.254.254 autokey # manycast client - -# Undisciplined Local Clock. This is a fake driver intended for backup -# and when no outside source of synchronized time is available. -#server 127.127.1.0 # local clock -#fudge 127.127.1.0 stratum 10 - -# Enable public key cryptography. -#crypto - -includefile /etc/ntp/crypto/pw - -# Key file containing the keys and key identifiers used when operating -# with symmetric key cryptography. -keys /etc/ntp/keys - -# Specify the key identifiers which are trusted. -#trustedkey 4 8 42 - -# Specify the key identifier to use with the ntpdc utility. -#requestkey 8 - -# Specify the key identifier to use with the ntpq utility. -#controlkey 8 - -# Enable writing of statistics records. -#statistics clockstats cryptostats loopstats peerstats -" - -package { 'ntp': - ensure => 'installed', - name => 'ntp', -} - -file { 'ntp_config': - ensure => file, - path => '/etc/ntp.conf', - mode => '0644', - content => $config_content, -} - -# Unfortunately, the RedHat osfamily doesn't only include RHEL and -# derivatives thereof but also Fedora so further differentiation by -# operatingsystem is necessary. -$command = $osfamily ? { - 'RedHat' => $operatingsystem ? { - 'Fedora' => '/usr/bin/systemctl stop ntpd.service', - default => '/sbin/service ntpd stop', - }, -} - -exec { 'stop-ntpd': - command => $command, -} - -exec { 'ntpdate': - command => "/usr/sbin/ntpdate ${cfg_ntp_servers}", - tries => 3, -} - -service { 'ntpd': - ensure => running, - enable => true, - name => 'ntpd', - hasstatus => true, - hasrestart => true, -} - -Package['ntp'] -> -File['ntp_config'] -> -Exec['stop-ntpd'] -> -Exec['ntpdate'] -> -Service['ntpd'] diff --git a/packstack/puppet/templates/openstack_client.pp b/packstack/puppet/templates/openstack_client.pp deleted file mode 100644 index ca77fff68..000000000 --- a/packstack/puppet/templates/openstack_client.pp +++ /dev/null @@ -1,92 +0,0 @@ - -$clientlibs = ['python-novaclient', - 'python-glanceclient', 'python-swiftclient', - 'python-cinderclient', 'python-openstackclient'] - -package { $clientlibs: } - -if hiera('CONFIG_MANILA_INSTALL') == 'y' { - package { 'python-manilaclient': } -} - -$ost_cl_keystone_admin_username = hiera('CONFIG_KEYSTONE_ADMIN_USERNAME') -$ost_cl_keystone_admin_pw = hiera('CONFIG_KEYSTONE_ADMIN_PW') -$ost_cl_ctrl_keystone_url = hiera('CONFIG_KEYSTONE_PUBLIC_URL') -$ost_cl_keystone_region = hiera('CONFIG_KEYSTONE_REGION') -$ost_cl_keystone_demo_pw = hiera('CONFIG_KEYSTONE_DEMO_PW') - -$config_keystone_api_version = hiera('CONFIG_KEYSTONE_API_VERSION') -if $config_keystone_api_version =~ /^v(\d+).*$/ { - # we need to force integer here - $int_api_version = 0 + $1 -} else { - fail("${config_keystone_api_version} is an incorrect Keystone API Version!") -} - -$rcadmin_common_content = "unset OS_SERVICE_TOKEN -export OS_USERNAME=${ost_cl_keystone_admin_username} -export OS_PASSWORD=${ost_cl_keystone_admin_pw} -export OS_AUTH_URL=${ost_cl_ctrl_keystone_url} -export PS1='[\\u@\\h \\W(keystone_admin)]\\$ ' -" - -if $int_api_version < 3 { - $rcadmin_content = "${rcadmin_common_content} -export OS_TENANT_NAME=admin -export OS_REGION_NAME=${ost_cl_keystone_region} -" -} -else { - $rcadmin_content = "${rcadmin_common_content} -export OS_PROJECT_NAME=admin -export OS_USER_DOMAIN_NAME=Default -export OS_PROJECT_DOMAIN_NAME=Default -export OS_IDENTITY_API_VERSION=${int_api_version} -" -} - -file { "${::home_dir}/keystonerc_admin": - ensure => file, - mode => '0600', - content => $rcadmin_content, -} - -if hiera('CONFIG_PROVISION_DEMO') == 'y' { - $demo_common_content = "unset OS_SERVICE_TOKEN -export OS_USERNAME=demo -export OS_PASSWORD=${ost_cl_keystone_demo_pw} -export PS1='[\\u@\\h \\W(keystone_demo)]\\$ ' -export OS_AUTH_URL=${ost_cl_ctrl_keystone_url} -" - - if $int_api_version < 3 { - $demo_content = "${demo_common_content} -export OS_TENANT_NAME=demo -export OS_IDENTITY_API_VERSION=${int_api_version}.0 -" - } else { - $demo_content = "${demo_common_content} -export OS_PROJECT_NAME=demo -export OS_USER_DOMAIN_NAME=Default -export OS_PROJECT_DOMAIN_NAME=Default -export OS_IDENTITY_API_VERSION=${int_api_version} -" - } - - file { "${::home_dir}/keystonerc_demo": - ensure => file, - mode => '0600', - content => $demo_content, - } -} - -if hiera('NO_ROOT_USER_ALLINONE') == true { - $ost_cl_home_dir = hiera('HOME_DIR') - file { "${ost_cl_home_dir}/keystonerc_admin": - ensure => file, - owner => hiera('NO_ROOT_USER'), - group => hiera('NO_ROOT_GROUP'), - mode => '0600', - content => $rcadmin_content, - } -} diff --git a/packstack/puppet/templates/prescript.pp b/packstack/puppet/templates/prescript.pp deleted file mode 100644 index d238b3fd2..000000000 --- a/packstack/puppet/templates/prescript.pp +++ /dev/null @@ -1,35 +0,0 @@ -include ::firewall - -# We don't have openstack-selinux package for Fedora -if $::operatingsystem != 'Fedora' { - package{ 'openstack-selinux': - ensure => present, - } -} - -package { 'sos': - ensure => present, -} - -package { 'audit': - ensure => present, -} -> -service { 'auditd': - ensure => running, - enable => true, -} - -# The following kernel parameters help alleviate some RabbitMQ -# connection issues - -sysctl::value { 'net.ipv4.tcp_keepalive_intvl': - value => '1', -} - -sysctl::value { 'net.ipv4.tcp_keepalive_probes': - value => '5', -} - -sysctl::value { 'net.ipv4.tcp_keepalive_time': - value => '5', -} diff --git a/packstack/puppet/templates/provision.pp b/packstack/puppet/templates/provision.pp deleted file mode 100644 index 505e445c5..000000000 --- a/packstack/puppet/templates/provision.pp +++ /dev/null @@ -1,96 +0,0 @@ -$provision_demo = str2bool(hiera('CONFIG_PROVISION_DEMO')) -$provision_tempest = str2bool(hiera('CONFIG_PROVISION_TEMPEST')) -$provision_neutron = str2bool(hiera('CONFIG_NEUTRON_INSTALL')) -$heat_available = str2bool(hiera('CONFIG_HEAT_INSTALL')) - -if $provision_demo { - $username = 'demo' - $password = hiera('CONFIG_KEYSTONE_DEMO_PW') - $tenant_name = 'demo' - $floating_range = hiera('CONFIG_PROVISION_DEMO_FLOATRANGE') -} elsif $provision_tempest { - $username = hiera('CONFIG_PROVISION_TEMPEST_USER') - $password = hiera('CONFIG_PROVISION_TEMPEST_USER_PW') - $tenant_name = 'tempest' - $floating_range = hiera('CONFIG_PROVISION_TEMPEST_FLOATRANGE') - if (empty($tempest_user) or empty($tempest_password)) { - fail("Both CONFIG_PROVISION_TEMPEST_USER and - CONFIG_PROVISION_TEMPEST_USER_PW need to be configured.") - } -} - -if $provision_demo or $provision_tempest { - - # Keystone - $admin_tenant_name = 'admin' - keystone_tenant { $tenant_name: - ensure => present, - enabled => true, - description => 'default tenant', - } - - keystone_user { $username: - ensure => present, - enabled => true, - password => $password, - } - - if $heat_available { - keystone_user_role { "${username}@${tenant_name}": - ensure => present, - roles => ['_member_', 'heat_stack_owner'], - } - } else { - keystone_user_role { "${username}@${tenant_name}": - ensure => present, - roles => ['_member_'], - } - } - - ## Neutron - if $provision_neutron { - $public_network_name = 'public' - $public_subnet_name = 'public_subnet' - $private_network_name = 'private' - $private_subnet_name = 'private_subnet' - $fixed_range = '10.0.0.0/24' - $router_name = 'router1' - - $neutron_deps = [Neutron_network[$public_network_name]] - - neutron_network { $public_network_name: - ensure => present, - router_external => true, - tenant_name => $admin_tenant_name, - } - neutron_subnet { $public_subnet_name: - ensure => 'present', - cidr => $floating_range, - enable_dhcp => false, - network_name => $public_network_name, - tenant_name => $admin_tenant_name, - } - neutron_network { $private_network_name: - ensure => present, - tenant_name => $tenant_name, - } - neutron_subnet { $private_subnet_name: - ensure => present, - cidr => $fixed_range, - network_name => $private_network_name, - tenant_name => $tenant_name, - } - # Tenant-owned router - assumes network namespace isolation - neutron_router { $router_name: - ensure => present, - tenant_name => $tenant_name, - gateway_network_name => $public_network_name, - # A neutron_router resource must explicitly declare a dependency on - # the first subnet of the gateway network. - require => Neutron_subnet[$public_subnet_name], - } - neutron_router_interface { "${router_name}:${private_subnet_name}": - ensure => present, - } - } -} diff --git a/packstack/puppet/templates/provision_bridge.pp b/packstack/puppet/templates/provision_bridge.pp deleted file mode 100644 index 45017d8d2..000000000 --- a/packstack/puppet/templates/provision_bridge.pp +++ /dev/null @@ -1,51 +0,0 @@ -$provision_neutron_br = str2bool(hiera('CONFIG_NEUTRON_INSTALL')) -$setup_ovs_bridge = str2bool(hiera('CONFIG_PROVISION_OVS_BRIDGE')) -$public_bridge_name = hiera('CONFIG_NEUTRON_L3_EXT_BRIDGE', 'br-ex') -$provision_tempest_br = str2bool(hiera('CONFIG_PROVISION_TEMPEST')) -$provision_demo_br = str2bool(hiera('CONFIG_PROVISION_DEMO')) - -if $provision_demo_br { - $floating_range_br = hiera('CONFIG_PROVISION_DEMO_FLOATRANGE') -} elsif $provision_tempest_br { - $floating_range_br = hiera('CONFIG_PROVISION_TEMPEST_FLOATRANGE') -} - -neutron_config { - 'keystone_authtoken/identity_uri': value => hiera('CONFIG_KEYSTONE_ADMIN_URL'); - 'keystone_authtoken/auth_uri': value => hiera('CONFIG_KEYSTONE_PUBLIC_URL'); - 'keystone_authtoken/admin_tenant_name': value => 'services'; - 'keystone_authtoken/admin_user': value => 'neutron'; - 'keystone_authtoken/admin_password': value => hiera('CONFIG_NEUTRON_KS_PW'); -} - -if $provision_neutron_br and $setup_ovs_bridge { - Neutron_config<||> -> Neutron_l3_ovs_bridge['demo_bridge'] - neutron_l3_ovs_bridge { 'demo_bridge': - name => $public_bridge_name, - ensure => present, - subnet_name => 'public_subnet', - } - - firewall { '000 nat': - chain => 'POSTROUTING', - jump => 'MASQUERADE', - source => $floating_range_br, - outiface => $::gateway_device, - table => 'nat', - proto => 'all', - } - - firewall { '000 forward out': - chain => 'FORWARD', - action => 'accept', - outiface => $public_bridge_name, - proto => 'all', - } - - firewall { '000 forward in': - chain => 'FORWARD', - action => 'accept', - iniface => $public_bridge_name, - proto => 'all', - } -} diff --git a/packstack/puppet/templates/provision_glance.pp b/packstack/puppet/templates/provision_glance.pp deleted file mode 100644 index 72699be19..000000000 --- a/packstack/puppet/templates/provision_glance.pp +++ /dev/null @@ -1,58 +0,0 @@ -$image_name = hiera('CONFIG_PROVISION_IMAGE_NAME') -$image_source = hiera('CONFIG_PROVISION_IMAGE_URL') -$image_format = hiera('CONFIG_PROVISION_IMAGE_FORMAT') -$uec_image_name = hiera('CONFIG_PROVISION_UEC_IMAGE_NAME') -$uec_image_source_kernel = hiera('CONFIG_PROVISION_UEC_IMAGE_KERNEL_URL') -$uec_image_source_ramdisk = hiera('CONFIG_PROVISION_UEC_IMAGE_RAMDISK_URL') -$uec_image_source_disk = hiera('CONFIG_PROVISION_UEC_IMAGE_DISK_URL') - -glance_image { $image_name: - ensure => present, - is_public => 'yes', - container_format => 'bare', - disk_format => $image_format, - source => $image_source, -} - -if str2bool(hiera('CONFIG_PROVISION_TEMPEST')) { - $image_name_alt = "${uec_image_name}_alt" - - glance_image{"${uec_image_name}-kernel": - ensure => present, - is_public => 'yes', - container_format => 'aki', - disk_format => 'aki', - source => $uec_image_source_kernel, - id => '146d4a6b-ad1e-4d9f-8b08-98eae3c3dab4' - } - - glance_image{"${uec_image_name}-ramdisk": - ensure => present, - is_public => 'yes', - container_format => 'ari', - disk_format => 'ari', - source => $uec_image_source_ramdisk, - id => '0b50e2e5-1440-4654-b568-4e120ddf28c1' - } - - glance_image{$uec_image_name: - ensure => present, - is_public => 'yes', - container_format => 'ami', - disk_format => 'ami', - source => $uec_image_source_disk, - properties => { 'kernel_id' => '146d4a6b-ad1e-4d9f-8b08-98eae3c3dab4', 'ramdisk_id' => '0b50e2e5-1440-4654-b568-4e120ddf28c1' }, - require => [ Glance_image["${uec_image_name}-kernel"], Glance_image["${uec_image_name}-ramdisk"] ] - } - - glance_image{$image_name_alt: - ensure => present, - is_public => 'yes', - container_format => 'ami', - disk_format => 'ami', - source => $uec_image_source_disk, - properties => { 'kernel_id' => '146d4a6b-ad1e-4d9f-8b08-98eae3c3dab4', 'ramdisk_id' => '0b50e2e5-1440-4654-b568-4e120ddf28c1' }, - require => [ Glance_image["${uec_image_name}-kernel"], Glance_image["${uec_image_name}-ramdisk"] ] - } - -} diff --git a/packstack/puppet/templates/provision_tempest.pp b/packstack/puppet/templates/provision_tempest.pp deleted file mode 100644 index 40e1b1797..000000000 --- a/packstack/puppet/templates/provision_tempest.pp +++ /dev/null @@ -1,138 +0,0 @@ -$provision_demo = str2bool(hiera('CONFIG_PROVISION_DEMO')) -if $provision_demo { - $username = 'demo' - $password = hiera('CONFIG_KEYSTONE_DEMO_PW') - $tenant_name = 'demo' - $floating_range = hiera('CONFIG_PROVISION_DEMO_FLOATRANGE') -} else { - $username = hiera('CONFIG_PROVISION_TEMPEST_USER') - $password = hiera('CONFIG_PROVISION_TEMPEST_USER_PW') - $tenant_name = 'tempest' - $floating_range = hiera('CONFIG_PROVISION_TEMPEST_FLOATRANGE') -} - -# Authentication/Keystone -$identity_uri = hiera('CONFIG_KEYSTONE_PUBLIC_URL') -$identity_uri_v3 = regsubst($identity_uri, 'v2.0', 'v3') -$auth_version = regsubst(hiera('CONFIG_KEYSTONE_API_VERSION'), '.0', '') -$admin_username = hiera('CONFIG_KEYSTONE_ADMIN_USERNAME') -$admin_password = hiera('CONFIG_KEYSTONE_ADMIN_PW') -$admin_tenant_name = 'admin' -$admin_domain_name = 'Default' - -# get image and network id -$configure_images = true -$configure_networks = true - -# Image -$uec_image_name = hiera('CONFIG_PROVISION_UEC_IMAGE_NAME') -$image_ssh_user = hiera('CONFIG_PROVISION_IMAGE_SSH_USER') -$image_name_alt = "${uec_image_name}_alt" -$image_alt_ssh_user = hiera('CONFIG_PROVISION_IMAGE_SSH_USER') -$image_source = hiera('CONFIG_PROVISION_IMAGE_URL') -$image_format = hiera('CONFIG_PROVISION_IMAGE_FORMAT') - -# network name -$public_network_name = 'public' - -# nova should be able to resize with packstack setup -$resize_available = true - -$change_password_available = undef -$allow_tenant_isolation = true -$dir_log = hiera('DIR_LOG') -$log_file = "${dir_log}/tempest.log" -$use_stderr = false -$debug = true -$public_router_id = undef - -# Tempest -$tempest_repo_uri = hiera('CONFIG_PROVISION_TEMPEST_REPO_URI') -$tempest_repo_revision = hiera('CONFIG_PROVISION_TEMPEST_REPO_REVISION') -$tempest_clone_path = '/var/lib/tempest' -$tempest_clone_owner = 'root' -$tempest_user = hiera('CONFIG_PROVISION_TEMPEST_USER') -$tempest_password = hiera('CONFIG_PROVISION_TEMPEST_USER_PW') - -# Nano and Micro flavors are used, otherwise flavors used by default too much resources for nothing -$tempest_flavor_ref = "42" -$tempest_flavor_ref_alt = "84" - -nova_flavor { 'm1.nano': - ensure => present, - id => $tempest_flavor_ref, - ram => '128', - disk => '0', - vcpus => '1', -} -nova_flavor { 'm1.micro': - ensure => present, - id => $tempest_flavor_ref_alt, - ram => '128', - disk => '0', - vcpus => '1', -} - -# Service availability for testing based on configuration -$cinder_available = str2bool(hiera('CONFIG_CINDER_INSTALL')) -$glance_available = str2bool(hiera('CONFIG_GLANCE_INSTALL')) -$horizon_available = str2bool(hiera('CONFIG_HORIZON_INSTALL')) -$nova_available = str2bool(hiera('CONFIG_NOVA_INSTALL')) -$neutron_available = str2bool(hiera('CONFIG_NEUTRON_INSTALL')) -$ceilometer_available = str2bool(hiera('CONFIG_CEILOMETER_INSTALL')) -$aodh_available = str2bool(hiera('CONFIG_AODH_INSTALL')) -$trove_available = str2bool(hiera('CONFIG_TROVE_INSTALL')) -$sahara_available = str2bool(hiera('CONFIG_SAHARA_INSTALL')) -$heat_available = str2bool(hiera('CONFIG_HEAT_INSTALL')) -$swift_available = str2bool(hiera('CONFIG_SWIFT_INSTALL')) -$configure_tempest = str2bool(hiera('CONFIG_PROVISION_TEMPEST')) - -class { '::tempest': - admin_domain_name => $admin_domain_name, - admin_password => $admin_password, - admin_tenant_name => $admin_tenant_name, - admin_username => $admin_username, - allow_tenant_isolation => $allow_tenant_isolation, - aodh_available => $aodh_available, - auth_version => $auth_version, - ceilometer_available => $ceilometer_available, - cinder_available => $cinder_available, - change_password_available => $change_password_available, - configure_images => $configure_images, - configure_networks => $configure_networks, - debug => $debug, - flavor_ref => $tempest_flavor_ref, - flavor_ref_alt => $tempest_flavor_ref_alt, - glance_available => $glance_available, - heat_available => $heat_available, - horizon_available => $horizon_available, - identity_uri => $identity_uri, - identity_uri_v3 => $identity_uri_v3, - image_alt_ssh_user => $image_alt_ssh_user, - image_name_alt => $image_name_alt, - image_name => $uec_image_name, - image_ssh_user => $image_ssh_user, - log_file => $log_file, - neutron_available => $neutron_available, - nova_available => $nova_available, - password => $password, - public_network_name => $public_network_name, - public_router_id => $public_router_id, - resize_available => $resize_available, - sahara_available => $sahara_available, - swift_available => $swift_available, - tempest_clone_owner => $tempest_clone_owner, - tempest_clone_path => $tempest_clone_path, - tempest_repo_revision => $tempest_repo_revision, - tempest_repo_uri => $tempest_repo_uri, - tenant_name => $tenant_name, - trove_available => $trove_available, - username => $username, - use_stderr => $use_stderr, -} - -tempest_config { 'object-storage/operator_role': - value => 'SwiftOperator', - path => "${tempest_clone_path}/etc/tempest.conf", -} - diff --git a/packstack/puppet/templates/redis.pp b/packstack/puppet/templates/redis.pp deleted file mode 100644 index 2f886127e..000000000 --- a/packstack/puppet/templates/redis.pp +++ /dev/null @@ -1,9 +0,0 @@ -$redis_port = hiera('CONFIG_REDIS_PORT') -$redis_master_host = hiera('CONFIG_REDIS_MASTER_HOST') - -class { '::redis': - bind => $redis_master_host, - port => $redis_port, - appendonly => true, - daemonize => false, -} diff --git a/packstack/puppet/templates/redis_sentinel.pp b/packstack/puppet/templates/redis_sentinel.pp deleted file mode 100644 index a4b452e28..000000000 --- a/packstack/puppet/templates/redis_sentinel.pp +++ /dev/null @@ -1,14 +0,0 @@ -$redis_master_host = hiera('CONFIG_REDIS_MASTER_HOST') -$redis_master_port = hiera('CONFIG_REDIS_PORT') -$redis_master_name = hiera('CONFIG_REDIS_MASTER_NAME') -$redis_sentinel_quorum = hiera('CONFIG_REDIS_SENTINEL_QUORUM') -$redis_sentinel_port = hiera('CONFIG_REDIS_SENTINEL_PORT') - -class { '::redis::sentinel': - master_name => $redis_master_name, - redis_host => $redis_master_host, - redis_port => $redis_master_port, - quorum => $redis_sentinel_quorum, - sentinel_port => $redis_sentinel_port, - log_file => '/var/log/redis/sentinel.log', -} diff --git a/packstack/puppet/templates/redis_slave.pp b/packstack/puppet/templates/redis_slave.pp deleted file mode 100644 index c5f472f2b..000000000 --- a/packstack/puppet/templates/redis_slave.pp +++ /dev/null @@ -1,11 +0,0 @@ -$redis_host = hiera('CONFIG_REDIS_HOST') -$redis_port = hiera('CONFIG_REDIS_PORT') -$redis_master_host = hiera('CONFIG_REDIS_MASTER_HOST') - -class { '::redis': - bind => '0.0.0.0', - port => $redis_port, - appendonly => true, - daemonize => false, - slaveof => "${redis_master_host} ${redis_port}", -} diff --git a/packstack/puppet/templates/sahara.pp b/packstack/puppet/templates/sahara.pp deleted file mode 100644 index 16bc813c9..000000000 --- a/packstack/puppet/templates/sahara.pp +++ /dev/null @@ -1,5 +0,0 @@ -class { '::sahara::service::api': - api_workers => $service_workers -} - -class { '::sahara::service::engine': } diff --git a/packstack/puppet/templates/sahara_ceilometer.pp b/packstack/puppet/templates/sahara_ceilometer.pp deleted file mode 100644 index 36cb227db..000000000 --- a/packstack/puppet/templates/sahara_ceilometer.pp +++ /dev/null @@ -1,6 +0,0 @@ -class { '::sahara::notify': - enable_notifications => true, - notification_driver => 'messagingv2', -} - - diff --git a/packstack/puppet/templates/sahara_rabbitmq.pp b/packstack/puppet/templates/sahara_rabbitmq.pp deleted file mode 100644 index 508552dee..000000000 --- a/packstack/puppet/templates/sahara_rabbitmq.pp +++ /dev/null @@ -1,40 +0,0 @@ -$sahara_cfg_sahara_db_pw = hiera('CONFIG_SAHARA_DB_PW') -$sahara_cfg_sahara_mariadb_host = hiera('CONFIG_MARIADB_HOST_URL') -$sahara_cfg_config_neutron_install = hiera('CONFIG_NEUTRON_INSTALL') - -$kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', $::os_service_default) -$kombu_ssl_keyfile = hiera('CONFIG_SAHARA_SSL_KEY', $::os_service_default) -$kombu_ssl_certfile = hiera('CONFIG_SAHARA_SSL_CERT', $::os_service_default) - -if ! is_service_default($kombu_ssl_keyfile) { - $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] - file { $files_to_set_owner: - owner => 'sahara', - group => 'sahara', - require => Package['sahara-common'], - } - File[$files_to_set_owner] ~> Service<||> -} - -class { '::sahara': - database_connection => - "mysql+pymysql://sahara:${sahara_cfg_sahara_db_pw}@${sahara_cfg_sahara_mariadb_host}/sahara", - verbose => true, - debug => hiera('CONFIG_DEBUG_MODE'), - admin_user => 'sahara', - admin_password => hiera('CONFIG_SAHARA_KS_PW'), - admin_tenant_name => 'services', - auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), - identity_uri => hiera('CONFIG_KEYSTONE_ADMIN_URL'), - use_neutron => ($sahara_cfg_config_neutron_install == 'y'), - host => hiera('CONFIG_SAHARA_HOST'), - rpc_backend => 'rabbit', - rabbit_host => hiera('CONFIG_AMQP_HOST_URL'), - rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), - rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'), - rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'), - rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), - kombu_ssl_ca_certs => $kombu_ssl_ca_certs, - kombu_ssl_keyfile => $kombu_ssl_keyfile, - kombu_ssl_certfile => $kombu_ssl_certfile, -} diff --git a/packstack/puppet/templates/sshkey.pp b/packstack/puppet/templates/sshkey.pp deleted file mode 100644 index 212fa8d4c..000000000 --- a/packstack/puppet/templates/sshkey.pp +++ /dev/null @@ -1,2 +0,0 @@ - -create_resources(sshkey, hiera('SSH_KEYS', {})) diff --git a/packstack/puppet/templates/swift_builder.pp b/packstack/puppet/templates/swift_builder.pp deleted file mode 100644 index 1fb1a2d81..000000000 --- a/packstack/puppet/templates/swift_builder.pp +++ /dev/null @@ -1,19 +0,0 @@ - -class { '::swift::ringbuilder': - part_power => '18', - replicas => hiera('CONFIG_SWIFT_STORAGE_REPLICAS'), - min_part_hours => 1, - require => Class['swift'], -} - -# sets up an rsync db that can be used to sync the ring DB -class { '::swift::ringserver': - local_net_ip => hiera('CONFIG_STORAGE_HOST_URL'), -} - -if str2bool($::selinux) { - selboolean { 'rsync_export_all_ro': - value => on, - persistent => true, - } -} diff --git a/packstack/puppet/templates/swift_ceilometer_rabbitmq.pp b/packstack/puppet/templates/swift_ceilometer_rabbitmq.pp deleted file mode 100644 index f5edf7772..000000000 --- a/packstack/puppet/templates/swift_ceilometer_rabbitmq.pp +++ /dev/null @@ -1,14 +0,0 @@ -class { '::swift::proxy::ceilometer': - rabbit_user => hiera('CONFIG_AMQP_AUTH_USER'), - rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), - rabbit_host => hiera('CONFIG_AMQP_HOST_URL'), - rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), - topic => 'notifications', - control_exchange => 'swift', - driver => 'messaging', -} - -# A basic Ceilometer class is required by ::swift::proxy::ceilometer -class { '::ceilometer': - metering_secret => hiera('CONFIG_CEILOMETER_SECRET'), -} diff --git a/packstack/puppet/templates/swift_common.pp b/packstack/puppet/templates/swift_common.pp deleted file mode 100644 index 792212a7d..000000000 --- a/packstack/puppet/templates/swift_common.pp +++ /dev/null @@ -1,8 +0,0 @@ - -Class['swift'] -> Service <| |> - -class { '::swift': - # not sure how I want to deal with this shared secret - swift_hash_path_suffix => hiera('CONFIG_SWIFT_HASH'), - package_ensure => latest, -} diff --git a/packstack/puppet/templates/swift_loopback.pp b/packstack/puppet/templates/swift_loopback.pp deleted file mode 100644 index 80abf4e3a..000000000 --- a/packstack/puppet/templates/swift_loopback.pp +++ /dev/null @@ -1,10 +0,0 @@ - -swift::storage::loopback { 'swiftloopback': - base_dir => '/srv/loopback-device', - mnt_base_dir => '/srv/node', - require => Class['swift'], - fstype => hiera('CONFIG_SWIFT_STORAGE_FSTYPE'), - seek => hiera('CONFIG_SWIFT_STORAGE_SEEK'), -} - - diff --git a/packstack/puppet/templates/swift_proxy.pp b/packstack/puppet/templates/swift_proxy.pp deleted file mode 100644 index ea72a7b8c..000000000 --- a/packstack/puppet/templates/swift_proxy.pp +++ /dev/null @@ -1,112 +0,0 @@ - -package { 'curl': ensure => present } - -$bind_host = hiera('CONFIG_IP_VERSION') ? { - 'ipv6' => '::0', - default => '0.0.0.0', - # TO-DO(mmagr): Add IPv6 support when hostnames are used -} - -# hack for memcached, for now we bind to localhost on ipv6 -# https://bugzilla.redhat.com/show_bug.cgi?id=1210658 -$memcached_bind_host = hiera('CONFIG_IP_VERSION') ? { - 'ipv6' => 'localhost6', - default => '0.0.0.0', - # TO-DO(mmagr): Add IPv6 support when hostnames are used -} - -class { '::memcached': - listen_ip => $memcached_bind_host, - max_memory => '10%%', -} - -if hiera('CONFIG_CEILOMETER_INSTALL') == 'y' { - $swift_pipeline = [ - 'catch_errors', - 'bulk', - 'healthcheck', - 'cache', - 'crossdomain', - 'ratelimit', - 'authtoken', - 'keystone', - 'staticweb', - 'tempurl', - 'slo', - 'formpost', - 'account_quotas', - 'container_quotas', - 'ceilometer', - 'proxy-server', - ] -} else { - $swift_pipeline = [ - 'catch_errors', - 'bulk', - 'healthcheck', - 'cache', - 'crossdomain', - 'ratelimit', - 'authtoken', - 'keystone', - 'staticweb', - 'tempurl', - 'slo', - 'formpost', - 'account_quotas', - 'container_quotas', - 'proxy-server', - ] -} - -class { '::swift::proxy': - # swift seems to require ipv6 address without brackets - proxy_local_net_ip => hiera('CONFIG_STORAGE_HOST'), - pipeline => $swift_pipeline, - account_autocreate => true, - workers => $service_workers -} - -# configure all of the middlewares -class { [ - '::swift::proxy::catch_errors', - '::swift::proxy::healthcheck', - '::swift::proxy::cache', - '::swift::proxy::crossdomain', - '::swift::proxy::staticweb', - '::swift::proxy::tempurl', - '::swift::proxy::account_quotas', - '::swift::proxy::formpost', - '::swift::proxy::slo', - '::swift::proxy::container_quotas', -]: } - -class { '::swift::proxy::bulk': - max_containers_per_extraction => 10000, - max_failed_extractions => 1000, - max_deletes_per_request => 10000, - yield_frequency => 60, -} - -class { '::swift::proxy::ratelimit': - clock_accuracy => 1000, - max_sleep_time_seconds => 60, - log_sleep_time_seconds => 0, - rate_buffer_seconds => 5, - account_ratelimit => 0, -} - -class { '::swift::proxy::keystone': - operator_roles => ['admin', 'SwiftOperator', '_member_'], -} - -class { '::swift::proxy::authtoken': - admin_user => 'swift', - admin_tenant_name => 'services', - admin_password => hiera('CONFIG_SWIFT_KS_PW'), - # assume that the controller host is the swift api server - auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), - identity_uri => hiera('CONFIG_KEYSTONE_ADMIN_URL'), -} - -class { '::swift::objectexpirer': } diff --git a/packstack/puppet/templates/swift_storage.pp b/packstack/puppet/templates/swift_storage.pp deleted file mode 100644 index 9bb6cd8ec..000000000 --- a/packstack/puppet/templates/swift_storage.pp +++ /dev/null @@ -1,23 +0,0 @@ - -# install all swift storage servers together -class { '::swift::storage::all': - # looks like ipv6 address without brackets is required here - storage_local_net_ip => hiera('CONFIG_STORAGE_HOST'), - allow_versions => true, - require => Class['swift'], -} - -if (!defined(File['/srv/node'])) { - file { '/srv/node': - ensure => directory, - owner => 'swift', - group => 'swift', - require => Package['swift'], - } -} - -swift::ringsync{ ['account', 'container', 'object']: - ring_server => hiera('CONFIG_STORAGE_HOST_URL'), - before => Class['swift::storage::all'], - require => Class['swift'], -} diff --git a/packstack/puppet/templates/trove.pp b/packstack/puppet/templates/trove.pp deleted file mode 100644 index 591482aaa..000000000 --- a/packstack/puppet/templates/trove.pp +++ /dev/null @@ -1,30 +0,0 @@ -$bind_host = hiera('CONFIG_IP_VERSION') ? { - 'ipv6' => '::0', - default => '0.0.0.0', - # TO-DO(mmagr): Add IPv6 support when hostnames are used -} - -class { '::trove::api': - bind_host => $bind_host, - enabled => true, - keystone_password => hiera('CONFIG_TROVE_KS_PW'), - auth_url => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), - cert_file => false, - key_file => false, - ca_file => false, - verbose => true, - debug => hiera('CONFIG_DEBUG_MODE'), - workers => $service_workers -} - -class { '::trove::conductor': - auth_url => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), - verbose => true, - debug => hiera('CONFIG_DEBUG_MODE'), -} - -class { '::trove::taskmanager': - auth_url => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), - verbose => true, - debug => hiera('CONFIG_DEBUG_MODE'), -} diff --git a/packstack/puppet/templates/trove_rabbitmq.pp b/packstack/puppet/templates/trove_rabbitmq.pp deleted file mode 100644 index 30dbe2cc0..000000000 --- a/packstack/puppet/templates/trove_rabbitmq.pp +++ /dev/null @@ -1,38 +0,0 @@ -$trove_rabmq_cfg_trove_db_pw = hiera('CONFIG_TROVE_DB_PW') -$trove_rabmq_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST_URL') -$trove_rabmq_cfg_controller_host = hiera('CONFIG_KEYSTONE_HOST_URL') - -$kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', undef) -$kombu_ssl_keyfile = hiera('CONFIG_TROVE_SSL_KEY', undef) -$kombu_ssl_certfile = hiera('CONFIG_TROVE_SSL_CERT', undef) - -if $kombu_ssl_keyfile { - $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] - file { $files_to_set_owner: - owner => 'trove', - group => 'trove', - } - Package<|tag=='trove'|> -> File[$files_to_set_owner] - File[$files_to_set_owner] ~> Service<||> -} - - -class { '::trove': - rpc_backend => 'rabbit', - rabbit_host => hiera('CONFIG_AMQP_HOST_URL'), - rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'), - rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), - rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'), - rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), - database_connection => "mysql+pymysql://trove:${trove_rabmq_cfg_trove_db_pw}@${trove_rabmq_cfg_mariadb_host}/trove", - nova_proxy_admin_user => hiera('CONFIG_TROVE_NOVA_USER'), - nova_proxy_admin_tenant_name => hiera('CONFIG_TROVE_NOVA_TENANT'), - nova_proxy_admin_pass => hiera('CONFIG_TROVE_NOVA_PW'), - nova_compute_url => "http://${trove_rabmq_cfg_controller_host}:8774/v2", - cinder_url => "http://${trove_rabmq_cfg_controller_host}:8776/v1", - swift_url => "http://${trove_rabmq_cfg_controller_host}:8080/v1/AUTH_", - use_neutron => hiera('CONFIG_NEUTRON_INSTALL'), - kombu_ssl_ca_certs => $kombu_ssl_ca_certs, - kombu_ssl_keyfile => $kombu_ssl_keyfile, - kombu_ssl_certfile => $kombu_ssl_certfile, -} diff --git a/releasenotes/notes/manifest-execution-refactor-418c27bbc03df064.yaml b/releasenotes/notes/manifest-execution-refactor-418c27bbc03df064.yaml new file mode 100644 index 000000000..825c843a6 --- /dev/null +++ b/releasenotes/notes/manifest-execution-refactor-418c27bbc03df064.yaml @@ -0,0 +1,25 @@ +--- +features: + - Previously, Packstack created many individual manifest files from + smaller snippets (templates), and executed them following a certain + order. This is sub-optimal, since it forces code duplication and goes + against the Puppet design of running a single manifest. + + This patch refactors the manifest execution, with the following changes + + - Only 4 templates used, so max 4 Puppet executions on a host. Controller + manifest, network node manifest, compute node manifest, and a firewall + manifest, which is still generated on the fly for simplicity. + + - The previous snippets are now part of the Packstack Puppet module, and + included as needed by the controller/network/compute manifests. This + concept is similar to the one used by the puppet-openstack-integration + project. + + - The remaining Python code is left untouched, so we can keep complete + compatibility with previous answer files. + +deprecations: + - | + Redis HA support has been removed from Packstack. +