openstack/fuel-library
Code Issues Proposed changes

Split keystone endpoint creation into respective tasks

Browse Source 
- Refactor ceilometer auth.pp. It's a part of
  https://review.openstack.org/#/c/201565/ though it's required by
  endpoint task separation
- Moved keystone endpoint creations to separate tasks with initial noop
  tests

Misc:
- Created Unified structure in creation tasks. They are separated as
  <task>/db.pp and <task>/keystone.pp
- Removed firewall.pp.dist.
- Removed database requirement in ceilometer/tasks.yaml
- Fixed notification in heat.pp
- many linting fixes

Partial blueprint: detach-components-from-controllers

Co-Authored-By: Bartłomiej Piotrowski <bpiotrowski@mirantis.com>
Co-Authored-By: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
Co-Authored-By: Alex Schultz <aschultz@mirantis.com>
Co-Authored-By: Matthew Mosesohn <mmosesohn@mirantis.com>

Change-Id: I61376f2bbeade23ae1d49a82f4e908be28144e78
This commit is contained in:
Mykyta Koshykov 2015-06-30 14:13:45 +02:00 committed by Sergii Golovatiuk
parent 5fb39aa71b
commit 5b50044c2a
49 changed files with 596 additions and 623 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

159
deployment/puppet/openstack/manifests/firewall.pp.dist
View File

@ -1,159 +0,0 @@
class openstack::firewall (
$ssh_port = 22,
$http_port = 80,
$https_port = 443,
$mysql_port = 3306,
$mysql_backend_port = 3307,
$mysql_gcomm_port = 4567,
$galera_ist_port = 4568,
$keystone_public_port = 5000,
$swift_proxy_port = 8080,
$swift_object_port = 6000,
$swift_container_port = 6001,
$swift_account_port = 6002,
$keystone_admin_port = 35357,
$glance_api_port = 9292,
$glance_reg_port = 9191,
$glance_nova_api_ec2_port = 8773,
$nova_api_compute_port = 8774,
$nova_api_metadata_port = 8775,
$nova_api_volume_port = 8776,
$nova_vncproxy_port = 6080,
$erlang_epmd_port = 4369,
$erlang_rabbitmq_port = 5672,
$erlang_inet_dist_port = 41055,
$memcached_port = 11211,
$rsync_port = 873,
$iscsi_port = 3260,
) {
exec { 'persist-firewall':
command => $operatingsystem ? {
'debian' => '/sbin/iptables-save > /etc/iptables/rules.v4',
/(RedHat|CentOS)/ => '/sbin/iptables-save > /etc/sysconfig/iptables',
},
# refreshonly => true,
}
Firewall {
notify => Exec['persist-firewall'],
proto => 'all',
# before => Class['my_fw::post'],
# require => Class['my_fw::pre'],
}
Firewallchain {
notify => Exec['persist-firewall'],
}
# Purge unmanaged firewall resources
#
# This will clear any existing rules, and make sure that only rules
# defined in puppet exist on the machine
resources { "firewall":
purge => true
}
require("::openstack::firewall::novachains")
firewall { '000 accept all icmp':
proto => 'icmp',
action => 'accept',
}->
firewall { '001 accept all to lo interface':
proto => 'all',
iniface => 'lo',
action => 'accept',
}->
firewall { '002 accept related established rules':
proto => 'all',
state => ['RELATED', 'ESTABLISHED'],
action => 'accept',
}->
firewall { '003 keepalived multicast':
destination => '224.0.0.18/32',
pkttype => 'multicast',
action => 'accept',
chain => 'INPUT'
}->
firewall {'99 nova-api-input':
chain => "INPUT",
table => 'filter',
jump => 'nova-api-INPUT'
}->
firewall {'98 nova-filter-top-forward':
chain => "FORWARD",
table => 'filter',
jump => 'nova-filter-top'
}->
firewall {'99 nova-api-forward':
chain => "FORWARD",
table => 'filter',
jump => 'nova-api-FORWARD'
}->
firewall {'98 nova-api-filter-top-output':
chain => "OUTPUT",
table => 'filter',
jump => 'nova-filter-top'
}->
firewall {'99 nova-api-output':
chain => "OUTPUT",
table => 'filter',
jump => 'nova-api-OUTPUT'
}->
firewall {'99 nova-api-prerouting':
chain => "PREROUTING",
table => 'nat',
jump => 'nova-api-PREROUTING'
}->
firewall {'98 nova-api-postrouting':
chain => "POSTROUTING",
table => 'nat',
jump => 'nova-api-POSTROUTING'
}->
firewall {'99 nova-api-postrouting-bottom':
chain => "POSTROUTING",
table => 'nat',
jump => 'nova-api-postrouting-bottom'
}->
firewall {'99 nova-api-output-nat':
chain => "OUTPUT",
table => 'nat',
jump => 'nova-api-OUTPUT'
}->
openstack::firewall::allow {[
$ssh_port,
$http_port,
$https_port,
$mysql_port,
$mysql_backend_port,
$galera_ist_port,
$mysql_gcomm_port,
$keystone_public_port,
$keystone_admin_port,
$glance_api_port,
$glance_reg_port,
$glance_nova_api_ec2_port,
$nova_api_compute_port,
$nova_api_metadata_port,
$nova_api_volume_port,
$nova_vncproxy_port,
$erlang_epmd_port,
$erlang_rabbitmq_port,
$erlang_inet_dist_port,
$memcached_port,
$rsync_port,
$swift_proxy_port,
$swift_object_port,
$swift_container_port,
$swift_account_port,
$iscsi_port,
]: }
}

44
deployment/puppet/openstack/manifests/heat.pp
View File

@ -120,50 +120,6 @@ class openstack::heat (
action => 'accept', action => 'accept',
} }
if ($keystone_auth){
# Auth
class { 'heat::keystone::auth' :
password => $keystone_password,
auth_name => $keystone_user,
public_address => $external_ip,
admin_address => $keystone_host,
internal_address => $keystone_host,
port => '8004',
version => 'v1',
region => $region,
tenant => $keystone_tenant,
email => "${keystone_user}@localhost",
public_protocol => $public_ssl ? {
true => 'https',
default => 'http',
},
admin_protocol => 'http',
internal_protocol => 'http',
configure_endpoint => true,
trusts_delegated_roles => $trusts_delegated_roles,
}
#todo(bogdando) clarify this new to fuel heat auth cfn patterns
class { 'heat::keystone::auth_cfn' :
password => $keystone_password,
auth_name => "${keystone_user}-cfn",
service_type => 'cloudformation',
public_address => $external_ip,
admin_address => $keystone_host,
internal_address => $keystone_host,
port => '8000',
version => 'v1',
region => $region,
tenant => $keystone_tenant,
email => "${keystone_user}-cfn@localhost",
public_protocol => $public_ssl ? {
true => 'https',
default => 'http',
},
admin_protocol => 'http',
internal_protocol => 'http',
configure_endpoint => true,
}
}
# Common configuration, logging and RPC # Common configuration, logging and RPC
class { '::heat': class { '::heat':
auth_uri => $auth_uri, auth_uri => $auth_uri,

374
deployment/puppet/openstack/manifests/keystone.pp
View File

@ -8,8 +8,6 @@
# [db_host] Host where DB resides. Required. # [db_host] Host where DB resides. Required.
# [keystone_db_password] Password for keystone DB. Required. # [keystone_db_password] Password for keystone DB. Required.
# [keystone_admin_token]. Auth token for keystone admin. Required. # [keystone_admin_token]. Auth token for keystone admin. Required.
# [glance_user_password] Auth password for glance user. Required.
# [nova_user_password] Auth password for nova user. Required.
# [public_address] Public address where keystone can be accessed. Required. # [public_address] Public address where keystone can be accessed. Required.
# [db_type] Type of DB used. Currently only supports mysql. Optional. Defaults to 'mysql' # [db_type] Type of DB used. Currently only supports mysql. Optional. Defaults to 'mysql'
# [keystone_db_user] Name of keystone db user. Optional. Defaults to 'keystone' # [keystone_db_user] Name of keystone db user. Optional. Defaults to 'keystone'
@ -21,8 +19,6 @@
# [admin_bind_host] Address that keystone binds to. Optional. Defaults to '0.0.0.0' # [admin_bind_host] Address that keystone binds to. Optional. Defaults to '0.0.0.0'
# [internal_address] Internal address for keystone. Optional. Defaults to $public_address # [internal_address] Internal address for keystone. Optional. Defaults to $public_address
# [admin_address] Keystone admin address. Optional. Defaults to $internal_address # [admin_address] Keystone admin address. Optional. Defaults to $internal_address
# [glance] Set up glance endpoints and auth. Optional. Defaults to true
# [nova] Set up nova endpoints and auth. Optional. Defaults to true
# [enabled] If the service is active (true) or passive (false). # [enabled] If the service is active (true) or passive (false).
# Optional. Defaults to true # Optional. Defaults to true
# [use_syslog] Rather or not service should log to syslog. Optional. Default to false. # [use_syslog] Rather or not service should log to syslog. Optional. Default to false.
@ -48,11 +44,6 @@ class openstack::keystone (
$db_host, $db_host,
$db_password, $db_password,
$admin_token, $admin_token,
$glance_user_password,
$nova_user_password,
$cinder_user_password,
$ceilometer_user_password,
$neutron_user_password,
$public_address, $public_address,
$public_ssl = false, $public_ssl = false,
$public_hostname = false, $public_hostname = false,
@ -68,26 +59,6 @@ class openstack::keystone (
$memcache_servers = false, $memcache_servers = false,
$memcache_server_port = false, $memcache_server_port = false,
$memcache_pool_maxsize = false, $memcache_pool_maxsize = false,
$glance_public_address = false,
$glance_internal_address = false,
$glance_admin_address = false,
$nova_public_address = false,
$nova_internal_address = false,
$nova_admin_address = false,
$cinder_public_address = false,
$cinder_internal_address = false,
$cinder_admin_address = false,
$neutron_public_address = false,
$neutron_internal_address = false,
$neutron_admin_address = false,
$ceilometer_public_address = false,
$ceilometer_internal_address = false,
$ceilometer_admin_address = false,
$glance = true,
$nova = true,
$cinder = true,
$ceilometer = true,
$neutron = true,
$enabled = true, $enabled = true,
$package_ensure = present, $package_ensure = present,
$use_syslog = false, $use_syslog = false,
@ -115,92 +86,18 @@ class openstack::keystone (
# I have to do all of this crazy munging b/c parameters are not # I have to do all of this crazy munging b/c parameters are not
# set procedurally in Pupet # set procedurally in Pupet
if($internal_address) { if $internal_address {
$internal_real = $internal_address $internal_real = $internal_address
} else { } else {
$internal_real = $public_address $internal_real = $public_address
} }
if($admin_address) { if $admin_address {
$admin_real = $admin_address $admin_real = $admin_address
} else { } else {
$admin_real = $internal_real $admin_real = $internal_real
} }
if($glance_public_address) {
$glance_public_real = $glance_public_address if $ceilometer {
} else {
$glance_public_real = $public_address
}
if($glance_internal_address) {
$glance_internal_real = $glance_internal_address
} else {
$glance_internal_real = $internal_real
}
if($glance_admin_address) {
$glance_admin_real = $glance_admin_address
} else {
$glance_admin_real = $admin_real
}
if($nova_public_address) {
$nova_public_real = $nova_public_address
} else {
$nova_public_real = $public_address
}
if($nova_internal_address) {
$nova_internal_real = $nova_internal_address
} else {
$nova_internal_real = $internal_real
}
if($nova_admin_address) {
$nova_admin_real = $nova_admin_address
} else {
$nova_admin_real = $admin_real
}
if($cinder_public_address) {
$cinder_public_real = $cinder_public_address
} else {
$cinder_public_real = $public_address
}
if($cinder_internal_address) {
$cinder_internal_real = $cinder_internal_address
} else {
$cinder_internal_real = $internal_real
}
if($cinder_admin_address) {
$cinder_admin_real = $cinder_admin_address
} else {
$cinder_admin_real = $admin_real
}
if($neutron_public_address) {
$neutron_public_real = $neutron_public_address
} else {
$neutron_public_real = $public_address
}
if($neutron_internal_address) {
$neutron_internal_real = $neutron_internal_address
} else {
$neutron_internal_real = $internal_real
}
if($neutron_admin_address) {
$neutron_admin_real = $neutron_admin_address
} else {
$neutron_admin_real = $admin_real
}
if($ceilometer_public_address) {
$ceilometer_public_real = $ceilometer_public_address
} else {
$ceilometer_public_real = $public_address
}
if($ceilometer_internal_address) {
$ceilometer_internal_real = $ceilometer_internal_address
} else {
$ceilometer_internal_real = $internal_real
}
if($ceilometer_admin_address) {
$ceilometer_admin_real = $ceilometer_admin_address
} else {
$ceilometer_admin_real = $admin_real
}
if($ceilometer) {
$notification_driver = 'messaging' $notification_driver = 'messaging'
$notification_topics = 'notifications' $notification_topics = 'notifications'
} else { } else {
@ -209,7 +106,7 @@ class openstack::keystone (
} }
if $memcache_servers { if $memcache_servers {
$memcache_servers_real = suffix($memcache_servers, inline_template(":<%= @memcache_server_port %>")) $memcache_servers_real = suffix($memcache_servers, inline_template(':<%= @memcache_server_port %>'))
$token_driver = 'keystone.token.persistence.backends.memcache_pool.Token' $token_driver = 'keystone.token.persistence.backends.memcache_pool.Token'
} else { } else {
$memcache_servers_real = false $memcache_servers_real = false
@ -219,204 +116,105 @@ class openstack::keystone (
if $public_ssl { if $public_ssl {
$public_endpoint = $public_hostname ? { $public_endpoint = $public_hostname ? {
false => false, false => false,
default => "https://$public_hostname:5000", default => "https://${public_hostname}:5000",
} }
} }
class { '::keystone': if $enabled {
verbose => $verbose, class { '::keystone':
debug => $debug, verbose => $verbose,
catalog_type => 'sql', debug => $debug,
admin_token => $admin_token, catalog_type => 'sql',
enabled => $enabled, admin_token => $admin_token,
database_connection => $database_connection, enabled => $enabled,
public_bind_host => $public_bind_host, database_connection => $database_connection,
public_endpoint => $public_endpoint, public_bind_host => $public_bind_host,
admin_bind_host => $admin_bind_host, admin_bind_host => $admin_bind_host,
package_ensure => $package_ensure, package_ensure => $package_ensure,
use_syslog => $use_syslog, use_syslog => $use_syslog,
database_idle_timeout => $database_idle_timeout, database_idle_timeout => $database_idle_timeout,
rabbit_password => $rabbit_password, rabbit_password => $rabbit_password,
rabbit_userid => $rabbit_userid, rabbit_userid => $rabbit_userid,
rabbit_hosts => $rabbit_hosts, rabbit_hosts => $rabbit_hosts,
rabbit_virtual_host => $rabbit_virtual_host, rabbit_virtual_host => $rabbit_virtual_host,
memcache_servers => $memcache_servers_real, memcache_servers => $memcache_servers_real,
token_driver => $token_driver, token_driver => $token_driver,
token_provider => 'keystone.token.providers.uuid.Provider', token_provider => 'keystone.token.providers.uuid.Provider',
notification_driver => $notification_driver, notification_driver => $notification_driver,
notification_topics => $notification_topics, notification_topics => $notification_topics,
token_caching => $token_caching, token_caching => $token_caching,
cache_backend => $cache_backend, cache_backend => $cache_backend,
revoke_driver => $revoke_driver, revoke_driver => $revoke_driver,
} }
if $::operatingsystem == 'Ubuntu' { if $memcache_servers {
if $service_provider == 'pacemaker' { Service<| title == 'memcached' |> -> Service<| title == 'keystone'|>
tweaks::ubuntu_service_override { 'keystone': keystone_config {
package_name => 'keystone', 'cache/memcache_servers': value => join($memcache_servers_real, ',');
} 'cache/memcache_dead_retry': value => '30';
exec { 'remove-keystone-bootblockr': 'cache/memcache_socket_timeout': value => '1';
command => 'rm -rf /etc/init/keystone.override', 'cache/memcache_pool_maxsize': value => '1000';
path => ['/bin', '/usr/bin'], 'cache/memcache_pool_unused_timeout': value => '60';
require => Package['keystone'] 'memcache/dead_retry': value => '30';
'memcache/socket_timeout': value => '1';
} }
} }
}
if $memcache_servers { Package<| title == 'keystone'|> ~> Service<| title == 'keystone'|>
Service<| title == 'memcached' |> -> Service<| title == 'keystone'|> if !defined(Service['keystone']) {
keystone_config { notify{ "Module ${module_name} cannot notify service keystone on package update": }
'cache/memcache_servers': value => join($memcache_servers_real, ',');
'cache/memcache_dead_retry': value => '30';
'cache/memcache_socket_timeout': value => '1';
'cache/memcache_pool_maxsize': value => '1000';
'cache/memcache_pool_unused_timeout': value => '60';
'memcache/dead_retry': value => '30';
'memcache/socket_timeout': value => '1';
}
}
Package<| title == 'keystone'|> ~> Service<| title == 'keystone'|>
if !defined(Service['keystone']) {
notify{ "Module ${module_name} cannot notify service keystone on package update": }
}
if $use_syslog {
keystone_config {
'DEFAULT/use_syslog_rfc_format': value => true;
} }
}
keystone_config { if $use_syslog {
'memcache/pool_maxsize': value => $memcache_pool_maxsize; keystone_config {
'DATABASE/max_pool_size': value => $max_pool_size; 'DEFAULT/use_syslog_rfc_format': value => true;
'DATABASE/max_retries': value => $max_retries; }
'DATABASE/max_overflow': value => $max_overflow; }
'identity/driver': value =>"keystone.identity.backends.sql.Identity";
'policy/driver': value =>"keystone.policy.backends.sql.Policy";
'ec2/driver': value =>"keystone.contrib.ec2.backends.sql.Ec2";
'filter:debug/paste.filter_factory': value =>"keystone.common.wsgi:Debug.factory";
'filter:token_auth/paste.filter_factory': value =>"keystone.middleware:TokenAuthMiddleware.factory";
'filter:admin_token_auth/paste.filter_factory': value =>"keystone.middleware:AdminTokenAuthMiddleware.factory";
'filter:xml_body/paste.filter_factory': value =>"keystone.middleware:XmlBodyMiddleware.factory";
'filter:json_body/paste.filter_factory': value =>"keystone.middleware:JsonBodyMiddleware.factory";
'filter:user_crud_extension/paste.filter_factory': value =>"keystone.contrib.user_crud:CrudExtension.factory";
'filter:crud_extension/paste.filter_factory': value =>"keystone.contrib.admin_crud:CrudExtension.factory";
'filter:ec2_extension/paste.filter_factory': value =>"keystone.contrib.ec2:Ec2Extension.factory";
'filter:s3_extension/paste.filter_factory': value =>"keystone.contrib.s3:S3Extension.factory";
'filter:url_normalize/paste.filter_factory': value =>"keystone.middleware:NormalizingFilter.factory";
'filter:stats_monitoring/paste.filter_factory': value =>"keystone.contrib.stats:StatsMiddleware.factory";
'filter:stats_reporting/paste.filter_factory': value =>"keystone.contrib.stats:StatsExtension.factory";
'app:public_service/paste.app_factory': value =>"keystone.service:public_app_factory";
'app:admin_service/paste.app_factory': value =>"keystone.service:admin_app_factory";
'pipeline:public_api/pipeline': value =>"stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension user_crud_extension public_service";
'pipeline:admin_api/pipeline': value =>"stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug stats_reporting ec2_extension s3_extension crud_extension admin_service";
'app:public_version_service/paste.app_factory': value =>"keystone.service:public_version_app_factory";
'app:admin_version_service/paste.app_factory': value =>"keystone.service:admin_version_app_factory";
'pipeline:public_version_api/pipeline': value =>"stats_monitoring url_normalize xml_body public_version_service";
'pipeline:admin_version_api/pipeline': value =>"stats_monitoring url_normalize xml_body admin_version_service";
'composite:main/use': value =>"egg:Paste#urlmap";
'composite:main//v2.0': value =>"public_api";
'composite:main//': value =>"public_version_api";
'composite:admin/use': value =>"egg:Paste#urlmap";
'composite:admin//v2.0': value =>"admin_api";
'composite:admin//': value =>"admin_version_api";
}
if ($enabled) { keystone_config {
# Setup the admin user 'memcache/pool_maxsize': value => $memcache_pool_maxsize;
'DATABASE/max_pool_size': value => $max_pool_size;
'DATABASE/max_retries': value => $max_retries;
'DATABASE/max_overflow': value => $max_overflow;
'identity/driver': value =>'keystone.identity.backends.sql.Identity';
'policy/driver': value =>'keystone.policy.backends.sql.Policy';
'ec2/driver': value =>'keystone.contrib.ec2.backends.sql.Ec2';
'filter:debug/paste.filter_factory': value =>'keystone.common.wsgi:Debug.factory';
'filter:token_auth/paste.filter_factory': value =>'keystone.middleware:TokenAuthMiddleware.factory';
'filter:admin_token_auth/paste.filter_factory': value =>'keystone.middleware:AdminTokenAuthMiddleware.factory';
'filter:xml_body/paste.filter_factory': value =>'keystone.middleware:XmlBodyMiddleware.factory';
'filter:json_body/paste.filter_factory': value =>'keystone.middleware:JsonBodyMiddleware.factory';
'filter:user_crud_extension/paste.filter_factory': value =>'keystone.contrib.user_crud:CrudExtension.factory';
'filter:crud_extension/paste.filter_factory': value =>'keystone.contrib.admin_crud:CrudExtension.factory';
'filter:ec2_extension/paste.filter_factory': value =>'keystone.contrib.ec2:Ec2Extension.factory';
'filter:s3_extension/paste.filter_factory': value =>'keystone.contrib.s3:S3Extension.factory';
'filter:url_normalize/paste.filter_factory': value =>'keystone.middleware:NormalizingFilter.factory';
'filter:stats_monitoring/paste.filter_factory': value =>'keystone.contrib.stats:StatsMiddleware.factory';
'filter:stats_reporting/paste.filter_factory': value =>'keystone.contrib.stats:StatsExtension.factory';
'app:public_service/paste.app_factory': value =>'keystone.service:public_app_factory';
'app:admin_service/paste.app_factory': value =>'keystone.service:admin_app_factory';
'pipeline:public_api/pipeline': value =>'stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension user_crud_extension public_service';
'pipeline:admin_api/pipeline': value =>'stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug stats_reporting ec2_extension s3_extension crud_extension admin_service';
'app:public_version_service/paste.app_factory': value =>'keystone.service:public_version_app_factory';
'app:admin_version_service/paste.app_factory': value =>'keystone.service:admin_version_app_factory';
'pipeline:public_version_api/pipeline': value =>'stats_monitoring url_normalize xml_body public_version_service';
'pipeline:admin_version_api/pipeline': value =>'stats_monitoring url_normalize xml_body admin_version_service';
'composite:main/use': value =>'egg:Paste#urlmap';
'composite:main//v2.0': value =>'public_api';
'composite:main//': value =>'public_version_api';
'composite:admin/use': value =>'egg:Paste#urlmap';
'composite:admin//v2.0': value =>'admin_api';
'composite:admin//': value =>'admin_version_api';
}
# Setup the Keystone Identity Endpoint
class { 'keystone::endpoint': class { 'keystone::endpoint':
public_url => $public_url, public_url => $public_url,
admin_url => $admin_url, admin_url => $admin_url,
internal_url => $internal_url, internal_url => $internal_url,
region => $region, region => $region,
} }
Exec <| title == 'keystone-manage db_sync' |> -> Class['keystone::endpoint'] Exec <| title == 'keystone-manage db_sync' |> -> Class['keystone::endpoint']
Haproxy_backend_status<||> -> Class['keystone::endpoint'] Haproxy_backend_status<||> -> Class['keystone::endpoint']
# Configure Glance endpoint in Keystone
if $glance {
class { 'glance::keystone::auth':
password => $glance_user_password,
public_address => $glance_public_real,
admin_address => $glance_admin_real,
internal_address => $glance_internal_real,
region => $region,
public_protocol => $public_ssl ? {
true => 'https',
default => 'http',
},
}
Exec <| title == 'keystone-manage db_sync' |> -> Class['glance::keystone::auth']
Haproxy_backend_status<||> -> Class['glance::keystone::auth']
}
# Configure Nova endpoint in Keystone
if $nova {
class { 'nova::keystone::auth':
password => $nova_user_password,
public_address => $nova_public_real,
admin_address => $nova_admin_real,
internal_address => $nova_internal_real,
region => $region,
public_protocol => $public_ssl ? {
true => 'https',
default => 'http',
},
configure_endpoint_v3 => false,
}
Exec <| title == 'keystone-manage db_sync' |> -> Class['nova::keystone::auth']
Haproxy_backend_status<||> -> Class['nova::keystone::auth']
}
# Configure Cinder endpoint in Keystone
if $cinder {
class { 'cinder::keystone::auth':
password => $cinder_user_password,
public_address => $cinder_public_real,
admin_address => $cinder_admin_real,
internal_address => $cinder_internal_real,
region => $region,
public_protocol => $public_ssl ? {
true => 'https',
default => 'http',
},
}
Exec <| title == 'keystone-manage db_sync' |> -> Class['cinder::keystone::auth']
Haproxy_backend_status<||> -> Class['cinder::keystone::auth']
}
if $neutron {
class { 'neutron::keystone::auth':
password => $neutron_user_password,
public_address => $neutron_public_real,
admin_address => $neutron_admin_real,
internal_address => $neutron_internal_real,
region => $region,
public_protocol => $public_ssl ? {
true => 'https',
default => 'http',
},
}
Exec <| title == 'keystone-manage db_sync' |> -> Class['neutron::keystone::auth']
Haproxy_backend_status<||> -> Class['neutron::keystone::auth']
}
if $ceilometer {
class { 'ceilometer::keystone::auth':
password => $ceilometer_user_password,
public_address => $ceilometer_public_real,
admin_address => $ceilometer_admin_real,
internal_address => $ceilometer_internal_real,
region => $region,
public_protocol => $public_ssl ? {
true => 'https',
default => 'http',
},
}
Exec <| title == 'keystone-manage db_sync' |> -> Class['ceilometer::keystone::auth']
Haproxy_backend_status<||> -> Class['ceilometer::keystone::auth']
}
} }
} }

2
deployment/puppet/osnailyfacter/modular/astute/upload_cirros.rb
View File

@ -11,7 +11,7 @@ auth_addr = hiera.lookup 'service_endpoint', "#{management_vip}", {}
tenant_name = glanced['tenant'].nil? ? "services" : glanced['tenant'] tenant_name = glanced['tenant'].nil? ? "services" : glanced['tenant']
user_name = glanced['user'].nil? ? "glance" : glanced['user'] user_name = glanced['user'].nil? ? "glance" : glanced['user']
endpoint_type = glanced['endpoint_type'].nil? ? "internalURL" : glanced['endpoint_type'] endpoint_type = glanced['endpoint_type'].nil? ? "internalURL" : glanced['endpoint_type']
region_name = hiera.lookup 'region', nil, {} region_name = hiera.lookup 'region', 'RegionOne', {}
ENV['OS_TENANT_NAME']="#{tenant_name}" ENV['OS_TENANT_NAME']="#{tenant_name}"
ENV['OS_USERNAME']="#{user_name}" ENV['OS_USERNAME']="#{user_name}"

30
deployment/puppet/osnailyfacter/modular/ceilometer/keystone.pp Normal file
View File

@ -0,0 +1,30 @@
notice('MODULAR: ceilometer/keystone.pp')
$ceilometer_hash = hiera_hash('ceilometer', {})
$public_address = hiera('public_vip')
$internal_address = hiera('management_vip', $public_address)
$region = pick($ceilometer_hash['region'], 'RegionOne')
$password = $ceilometer_hash['user_password']
$auth_name = pick($ceilometer_hash['auth_name'], 'ceilometer')
$configure_endpoint = pick($ceilometer_hash['configure_endpoint'], true)
$configure_user = pick($ceilometer_hash['configure_user'], true)
$configure_user_role = pick($ceilometer_hash['configure_user_role'], true)
$service_name = pick($ceilometer_hash['service_name'], 'ceilometer')
$tenant = pick($ceilometer_hash['tenant'], 'services')
validate_string($public_address)
validate_string($password)
class { '::ceilometer::keystone::auth':
password => $password,
auth_name => $auth_name,
configure_endpoint => $configure_endpoint,
configure_user => $configure_user,
configure_user_role => $configure_user_role,
service_name => $service_name,
public_address => $public_address,
admin_address => $internal_address,
internal_address => $internal_address,
region => $region,
}

12
deployment/puppet/osnailyfacter/modular/ceilometer/tasks.yaml
View File

@ -2,7 +2,7 @@
type: puppet type: puppet
groups: [primary-controller, controller] groups: [primary-controller, controller]
required_for: [openstack-controller, swift] required_for: [openstack-controller, swift]
requires: [mongo, primary-mongo, openstack-haproxy, database] requires: [mongo, primary-mongo, openstack-haproxy]
parameters: parameters:
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/ceilometer/controller.pp puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/ceilometer/controller.pp
puppet_modules: /etc/puppet/modules puppet_modules: /etc/puppet/modules
@ -25,3 +25,13 @@
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/ceilometer/compute_pre.rb cmd: ruby /etc/puppet/modules/osnailyfacter/modular/ceilometer/compute_pre.rb
test_post: test_post:
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/ceilometer/compute_post.rb cmd: ruby /etc/puppet/modules/osnailyfacter/modular/ceilometer/compute_post.rb
- id: ceilometer-keystone
type: puppet
groups: [primary-controller]
required_for: [ceilometer-controller]
requires: [keystone]
parameters:
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/ceilometer/keystone.pp
puppet_modules: /etc/puppet/modules
timeout: 1800

2
deployment/puppet/osnailyfacter/modular/glance/glance_db.pp → deployment/puppet/osnailyfacter/modular/glance/db.pp
View File

@ -1,4 +1,4 @@
notice('MODULAR: glance_db.pp') notice('MODULAR: glance/db.pp')
$glance_hash = hiera_hash('glance', {}) $glance_hash = hiera_hash('glance', {})
$mysql_hash = hiera_hash('mysql', {}) $mysql_hash = hiera_hash('mysql', {})

30
deployment/puppet/osnailyfacter/modular/glance/keystone.pp Normal file
View File

@ -0,0 +1,30 @@
notice('MODULAR: glance/keystone.pp')
$glance_hash = hiera_hash('glance', {})
$public_address = hiera('public_vip')
$internal_address = hiera('management_vip', $public_address)
$region = pick($glance_hash['region'], 'RegionOne')
$password = $glance_hash['user_password']
$auth_name = pick($glance_hash['auth_name'], 'glance')
$configure_endpoint = pick($glance_hash['configure_endpoint'], true)
$configure_user = pick($glance_hash['configure_user'], true)
$configure_user_role = pick($glance_hash['configure_user_role'], true)
$service_name = pick($glance_hash['service_name'], 'glance')
$tenant = pick($glance_hash['tenant'], 'services')
validate_string($public_address)
validate_string($password)
class { '::glance::keystone::auth':
password => $password,
auth_name => $auth_name,
configure_endpoint => $configure_endpoint,
configure_user => $configure_user,
configure_user_role => $configure_user_role,
service_name => $service_name,
public_address => $public_address,
admin_address => $internal_address,
internal_address => $internal_address,
region => $region,
}

15
deployment/puppet/osnailyfacter/modular/glance/tasks.yaml
View File

@ -2,7 +2,7 @@
type: puppet type: puppet
groups: [primary-controller, controller] groups: [primary-controller, controller]
required_for: [openstack-controller] required_for: [openstack-controller]
requires: [openstack-haproxy, keystone, database] requires: [openstack-haproxy, database]
parameters: parameters:
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/glance/glance.pp puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/glance/glance.pp
puppet_modules: /etc/puppet/modules puppet_modules: /etc/puppet/modules
@ -18,7 +18,16 @@
required_for: [glance] required_for: [glance]
requires: [database] requires: [database]
parameters: parameters:
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/glance/glance_db.pp puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/glance/db.pp
puppet_modules: /etc/puppet/modules puppet_modules: /etc/puppet/modules
timeout: 3600 timeout: 1800
- id: glance-keystone
type: puppet
groups: [primary-controller]
required_for: [glance]
requires: [keystone]
parameters:
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/glance/keystone.pp
puppet_modules: /etc/puppet/modules
timeout: 1800

2
deployment/puppet/osnailyfacter/modular/heat/heat_db.pp → deployment/puppet/osnailyfacter/modular/heat/db.pp
View File

@ -1,4 +1,4 @@
notice('MODULAR: heat_db.pp') notice('MODULAR: heat/db.pp')
$heat_hash = hiera_hash('heat', {}) $heat_hash = hiera_hash('heat', {})
$mysql_hash = hiera_hash('mysql', {}) $mysql_hash = hiera_hash('mysql', {})

13
deployment/puppet/osnailyfacter/modular/heat/heat.pp
View File

@ -42,15 +42,14 @@ if $::operatingsystem == 'Ubuntu' {
package_name => 'heat-engine', package_name => 'heat-engine',
} }
tweaks::ubuntu_service_override['heat-api'] -> Service['heat-api'] Tweaks::Ubuntu_service_override['heat-api'] -> Service['heat-api']
tweaks::ubuntu_service_override['heat-api-cfn'] -> Service['heat-api-cfn'] Tweaks::Ubuntu_service_override['heat-api-cfn'] -> Service['heat-api-cfn']
tweaks::ubuntu_service_override['heat-api-cloudwatch'] -> Service['heat-api-cloudwatch'] Tweaks::Ubuntu_service_override['heat-api-cloudwatch'] -> Service['heat-api-cloudwatch']
tweaks::ubuntu_service_override['heat-engine'] -> Service['heat-engine'] Tweaks::Ubuntu_service_override['heat-engine'] -> Service['heat-engine']
} }
class { 'openstack::heat' : class { '::openstack::heat' :
external_ip => $controller_node_public, external_ip => $controller_node_public,
keystone_auth => pick($heat_hash['keystone_auth'], true),
api_bind_host => $internal_address, api_bind_host => $internal_address,
api_cfn_bind_host => $internal_address, api_cfn_bind_host => $internal_address,
api_cloudwatch_bind_host => $internal_address, api_cloudwatch_bind_host => $internal_address,
@ -86,7 +85,7 @@ class { 'openstack::heat' :
if hiera('heat_ha_engine', true){ if hiera('heat_ha_engine', true){
if ($deployment_mode == 'ha') or ($deployment_mode == 'ha_compact') { if ($deployment_mode == 'ha') or ($deployment_mode == 'ha_compact') {
include heat_ha::engine include ::heat_ha::engine
} }
} }

58
deployment/puppet/osnailyfacter/modular/heat/keystone.pp Normal file
View File

@ -0,0 +1,58 @@
notice('MODULAR: heat/keystone.pp')
$heat_hash = hiera_hash('heat', {})
$public_address = hiera('public_vip')
$internal_address = hiera('management_vip', $public_address)
$region = pick($heat_hash['region'], 'RegionOne')
$public_ssl_hash = hiera('public_ssl')
$public_protocol = $public_ssl_hash['services'] ? {
true => 'https',
default => 'http',
}
$password = $heat_hash['user_password']
$auth_name = pick($heat_hash['auth_name'], 'heat')
$configure_endpoint = pick($heat_hash['configure_endpoint'], true)
$configure_user = pick($heat_hash['configure_user'], true)
$configure_user_role = pick($heat_hash['configure_user_role'], true)
$service_name = pick($heat_hash['service_name'], 'heat')
$tenant = pick($heat_hash['tenant'], 'services')
validate_string($public_address)
validate_string($password)
class { '::heat::keystone::auth' :
password => $password,
auth_name => $auth_name,
public_address => $public_address,
admin_address => $internal_address,
internal_address => $internal_address,
port => '8004',
version => 'v1',
region => $region,
tenant => $keystone_tenant,
email => "${auth_name}@localhost",
public_protocol => $public_protocol,
admin_protocol => 'http',
internal_protocol => 'http',
configure_endpoint => true,
trusts_delegated_roles => $trusts_delegated_roles,
}
class { '::heat::keystone::auth_cfn' :
password => $password,
auth_name => "${auth_name}-cfn",
service_type => 'cloudformation',
public_address => $public_address,
admin_address => $internal_address,
internal_address => $internal_address,
port => '8000',
version => 'v1',
region => $region,
tenant => $keystone_tenant,
email => "${auth_name}-cfn@localhost",
public_protocol => $public_protocol,
admin_protocol => 'http',
internal_protocol => 'http',
configure_endpoint => true,
}

14
deployment/puppet/osnailyfacter/modular/heat/tasks.yaml
View File

@ -18,6 +18,16 @@
required_for: [heat] required_for: [heat]
requires: [database] requires: [database]
parameters: parameters:
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/heat/heat_db.pp puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/heat/db.pp
puppet_modules: /etc/puppet/modules puppet_modules: /etc/puppet/modules
timeout: 3600 timeout: 1800
- id: heat-keystone
type: puppet
groups: [primary-controller]
required_for: [heat]
requires: [keystone]
parameters:
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/heat/keystone.pp
puppet_modules: /etc/puppet/modules
timeout: 1800

2
deployment/puppet/osnailyfacter/modular/keystone/keystone_db.pp → deployment/puppet/osnailyfacter/modular/keystone/db.pp
View File

@ -1,4 +1,4 @@
notice('MODULAR: keystone_db.pp') notice('MODULAR: keystone/db.pp')
$node_name = hiera('node_name') $node_name = hiera('node_name')
$network_metadata = hiera_hash('network_metadata', {}) $network_metadata = hiera_hash('network_metadata', {})

36
deployment/puppet/osnailyfacter/modular/keystone/keystone.pp
View File

@ -13,7 +13,7 @@ $use_syslog = hiera('use_syslog', true)
$keystone_hash = hiera_hash('keystone', {}) $keystone_hash = hiera_hash('keystone', {})
$access_hash = hiera_hash('access',{}) $access_hash = hiera_hash('access',{})
$management_vip = hiera('management_vip') $management_vip = hiera('management_vip')
$database_vip = hiera('database_vip') $database_vip = hiera('database_vip', $management_vip)
$public_vip = hiera('public_vip') $public_vip = hiera('public_vip')
$glance_hash = hiera_hash('glance', {}) $glance_hash = hiera_hash('glance', {})
$nova_hash = hiera_hash('nova', {}) $nova_hash = hiera_hash('nova', {})
@ -38,11 +38,11 @@ $admin_password = $access_hash['password']
$region = hiera('region', 'RegionOne') $region = hiera('region', 'RegionOne')
$public_ssl_hash = hiera('public_ssl') $public_ssl_hash = hiera('public_ssl')
$public_address = $public_ssl_hash['services'] ? {
$public_address = $public_ssl_hash['services'] ? {
true => $public_ssl_hash['hostname'], true => $public_ssl_hash['hostname'],
default => $public_vip, default => $public_vip,
} }
$admin_address = $management_vip $admin_address = $management_vip
$local_address_for_bind = get_network_role_property('keystone/api', 'ipaddr') $local_address_for_bind = get_network_role_property('keystone/api', 'ipaddr')
@ -50,28 +50,20 @@ $memcache_server_port = hiera('memcache_server_port', '11211')
$memcache_pool_maxsize = '100' $memcache_pool_maxsize = '100'
$memcache_address_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('memcache_nodes'), 'mgmt/memcache') $memcache_address_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('memcache_nodes'), 'mgmt/memcache')
$public_port = '5000'
$public_port = '5000' $admin_port = '35357'
$admin_port = '35357' $internal_port = '5000'
$internal_port = '5000'
$public_protocol = $public_ssl_hash['services'] ? { $public_protocol = $public_ssl_hash['services'] ? {
true => 'https', true => 'https',
default => 'http', default => 'http',
} }
$public_url = "${public_protocol}://${public_address}:${public_port}" $public_url = "${public_protocol}://${public_address}:${public_port}"
$admin_url = "http://${admin_address}:${admin_port}" $admin_url = "http://${admin_address}:${admin_port}"
$internal_url = "http://${management_vip}:${internal_port}" $internal_url = "http://${management_vip}:${internal_port}"
$revoke_driver = 'keystone.contrib.revoke.backends.sql.Revoke' $revoke_driver = 'keystone.contrib.revoke.backends.sql.Revoke'
$glance_user_password = $glance_hash['user_password']
$nova_user_password = $nova_hash['user_password']
$cinder_user_password = $cinder_hash['user_password']
$ceilometer_user_password = $ceilometer_hash['user_password']
$cinder = true
$ceilometer = $ceilometer_hash['enabled']
$enabled = true $enabled = true
$ssl = false $ssl = false
@ -107,16 +99,8 @@ class { 'openstack::keystone':
public_address => $public_address, public_address => $public_address,
public_ssl => $public_ssl_hash['services'], public_ssl => $public_ssl_hash['services'],
public_hostname => $public_ssl_hash['hostname'], public_hostname => $public_ssl_hash['hostname'],
internal_address => $management_vip, # send traffic through HAProxy internal_address => $management_vip,
admin_address => $admin_address, admin_address => $admin_address,
glance_user_password => $glance_user_password,
nova_user_password => $nova_user_password,
cinder => $cinder,
cinder_user_password => $cinder_user_password,
neutron => $use_neutron,
neutron_user_password => $neutron_user_password,
ceilometer => $ceilometer,
ceilometer_user_password => $ceilometer_user_password,
public_bind_host => $local_address_for_bind, public_bind_host => $local_address_for_bind,
admin_bind_host => $local_address_for_bind, admin_bind_host => $local_address_for_bind,
enabled => $enabled, enabled => $enabled,
@ -217,7 +201,7 @@ Service<| title == 'httpd' |> -> Haproxy_backend_status<||>
Haproxy_backend_status<||> -> Class['keystone::roles::admin'] Haproxy_backend_status<||> -> Class['keystone::roles::admin']
####### Disable upstart startup on install ####### ####### Disable upstart startup on install #######
if($::operatingsystem == 'Ubuntu') { if ($::operatingsystem == 'Ubuntu') {
tweaks::ubuntu_service_override { 'keystone': tweaks::ubuntu_service_override { 'keystone':
package_name => 'keystone', package_name => 'keystone',
} }

4
deployment/puppet/osnailyfacter/modular/keystone/tasks.yaml
View File

@ -18,6 +18,6 @@
required_for: [keystone] required_for: [keystone]
requires: [database] requires: [database]
parameters: parameters:
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/keystone/keystone_db.pp puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/keystone/db.pp
puppet_modules: /etc/puppet/modules puppet_modules: /etc/puppet/modules
timeout: 3600 timeout: 1800

2
deployment/puppet/osnailyfacter/modular/murano/murano_db.pp → deployment/puppet/osnailyfacter/modular/murano/db.pp
View File

@ -1,4 +1,4 @@
notice('MODULAR: murano_db.pp') notice('MODULAR: murano/db.pp')
$murano_hash = hiera_hash('murano', {}) $murano_hash = hiera_hash('murano', {})
$murano_enabled = pick($murano_hash['enabled'], false) $murano_enabled = pick($murano_hash['enabled'], false)

4
deployment/puppet/osnailyfacter/modular/murano/tasks.yaml
View File

@ -18,6 +18,6 @@
required_for: [murano] required_for: [murano]
requires: [database] requires: [database]
parameters: parameters:
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/murano/murano_db.pp puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/murano/db.pp
puppet_modules: /etc/puppet/modules puppet_modules: /etc/puppet/modules
timeout: 3600 timeout: 1800

2
deployment/puppet/osnailyfacter/modular/openstack-cinder/cinder_db.pp → deployment/puppet/osnailyfacter/modular/openstack-cinder/db.pp
View File

@ -1,4 +1,4 @@
notice('MODULAR: cinder_db.pp') notice('MODULAR: cinder/db.pp')
$cinder_hash = hiera_hash('cinder', {}) $cinder_hash = hiera_hash('cinder', {})
$mysql_hash = hiera_hash('mysql', {}) $mysql_hash = hiera_hash('mysql', {})

30
deployment/puppet/osnailyfacter/modular/openstack-cinder/keystone.pp Normal file
View File

@ -0,0 +1,30 @@
notice('MODULAR: cinder/keystone.pp')
$cinder_hash = hiera_hash('cinder', {})
$public_address = hiera('public_vip')
$internal_address = hiera('internal_address', $public_address)
$region = pick($cinder_hash['region'], 'RegionOne')
$password = $cinder_hash['user_password']
$auth_name = pick($cinder_hash['auth_name'], 'cinder')
$configure_endpoint = pick($cinder_hash['configure_endpoint'], true)
$configure_user = pick($cinder_hash['configure_user'], true)
$configure_user_role = pick($cinder_hash['configure_user_role'], true)
$service_name = pick($cinder_hash['service_name'], 'cinder')
$tenant = pick($cinder_hash['tenant'], 'services')
validate_string($public_address)
validate_string($password)
class { '::cinder::keystone::auth':
password => $password,
auth_name => $auth_name,
configure_endpoint => $configure_endpoint,
configure_user => $configure_user,
configure_user_role => $configure_user_role,
service_name => $service_name,
public_address => $public_address,
admin_address => $internal_address,
internal_address => $internal_address,
region => $region,
}

16
deployment/puppet/osnailyfacter/modular/openstack-cinder/tasks.yaml
View File

@ -8,12 +8,22 @@
puppet_modules: /etc/puppet/modules puppet_modules: /etc/puppet/modules
timeout: 1200 timeout: 1200
- id: cinder_db - id: cinder-db
type: puppet type: puppet
groups: [primary-controller] groups: [primary-controller]
required_for: [openstack-cinder] required_for: [openstack-cinder]
requires: [database] requires: [database]
parameters: parameters:
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/openstack-cinder/cinder_db.pp puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/openstack-cinder/db.pp
puppet_modules: /etc/puppet/modules puppet_modules: /etc/puppet/modules
timeout: 1200 timeout: 1800
- id: cinder-keystone
type: puppet
groups: [primary-controller]
required_for: [openstack-cinder]
requires: [keystone]
parameters:
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/openstack-cinder/keystone.pp
puppet_modules: /etc/puppet/modules/
timeout: 1800

2
deployment/puppet/osnailyfacter/modular/openstack-controller/nova_db.pp → deployment/puppet/osnailyfacter/modular/openstack-controller/db.pp
View File

@ -1,4 +1,4 @@
notice('MODULAR: nova_db.pp') notice('MODULAR: openstack-controller/db.pp')
$nova_hash = hiera_hash('nova', {}) $nova_hash = hiera_hash('nova', {})
$mysql_hash = hiera_hash('mysql', {}) $mysql_hash = hiera_hash('mysql', {})

30
deployment/puppet/osnailyfacter/modular/openstack-controller/keystone.pp Normal file
View File

@ -0,0 +1,30 @@
notice('MODULAR: openstack-controller/keystone.pp')
$nova_hash = hiera_hash('nova', {})
$public_address = hiera('public_vip')
$internal_address = hiera('internal_address', $public_address)
$region = pick($nova_hash['region'], 'RegionOne')
$password = $nova_hash['user_password']
$auth_name = pick($nova_hash['auth_name'], 'nova')
$configure_endpoint = pick($nova_hash['configure_endpoint'], true)
$configure_user = pick($nova_hash['configure_user'], true)
$configure_user_role = pick($nova_hash['configure_user_role'], true)
$service_name = pick($nova_hash['service_name'], 'nova')
$tenant = pick($nova_hash['tenant'], 'services')
validate_string($public_address)
validate_string($password)
class { '::nova::keystone::auth':
password => $password,
auth_name => $auth_name,
configure_endpoint => $configure_endpoint,
configure_user => $configure_user,
configure_user_role => $configure_user_role,
service_name => $service_name,
public_address => $public_address,
admin_address => $internal_address,
internal_address => $internal_address,
region => $region,
}

14
deployment/puppet/osnailyfacter/modular/openstack-controller/tasks.yaml
View File

@ -14,6 +14,16 @@
required_for: [openstack-controller] required_for: [openstack-controller]
requires: [database] requires: [database]
parameters: parameters:
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/openstack-controller/nova_db.pp puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/openstack-controller/db.pp
puppet_modules: /etc/puppet/modules puppet_modules: /etc/puppet/modules
timeout: 3600 timeout: 1800
- id: nova-keystone
type: puppet
groups: [primary-controller]
required_for: [openstack-controller]
requires: [keystone]
parameters:
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/openstack-controller/keystone.pp
puppet_modules: /etc/puppet/modules
timeout: 1800

2
deployment/puppet/osnailyfacter/modular/openstack-network/neutron_db.pp → deployment/puppet/osnailyfacter/modular/openstack-network/db.pp
View File

@ -1,4 +1,4 @@
notice('MODULAR: neutron_db.pp') notice('MODULAR: openstack-network/db.pp')
$use_neutron = hiera('use_neutron', false) $use_neutron = hiera('use_neutron', false)
$neutron_hash = hiera_hash('quantum_settings', {}) $neutron_hash = hiera_hash('quantum_settings', {})

30
deployment/puppet/osnailyfacter/modular/openstack-network/keystone.pp Normal file
View File

@ -0,0 +1,30 @@
notice('MODULAR: openstack-network/keystone.pp')
$neutron_hash = hiera_hash('quantum_settings', {})
$public_address = hiera('public_vip')
$internal_address = hiera('management_vip', $public_address)
$region = pick($neutron_hash['region'], 'RegionOne')
$password = $neutron_hash['keystone']['admin_password']
$auth_name = pick($neutron_hash['auth_name'], 'neutron')
$configure_endpoint = pick($neutron_hash['configure_endpoint'], true)
$configure_user = pick($neutron_hash['configure_user'], true)
$configure_user_role = pick($neutron_hash['configure_user_role'], true)
$service_name = pick($neutron_hash['service_name'], 'neutron')
$tenant = pick($neutron_hash['tenant'], 'services')
validate_string($public_address)
validate_string($password)
class { '::neutron::keystone::auth':
password => $password,
auth_name => $auth_name,
configure_endpoint => $configure_endpoint,
configure_user => $configure_user,
configure_user_role => $configure_user_role,
service_name => $service_name,
public_address => $public_address,
admin_address => $internal_address,
internal_address => $internal_address,
region => $region,
}

14
deployment/puppet/osnailyfacter/modular/openstack-network/tasks.yaml
View File

@ -32,6 +32,16 @@
required_for: [openstack-network] required_for: [openstack-network]
requires: [database] requires: [database]
parameters: parameters:
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/openstack-network/neutron_db.pp puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/openstack-network/db.pp
puppet_modules: /etc/puppet/modules puppet_modules: /etc/puppet/modules
timeout: 3600 timeout: 1800
- id: neutron-keystone
type: puppet
groups: [primary-controller]
required_for: [openstack-network]
requires: [keystone]
parameters:
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/openstack-network/keystone.pp
puppet_modules: /etc/puppet/modules
timeout: 1800

2
deployment/puppet/osnailyfacter/modular/sahara/sahara_db.pp → deployment/puppet/osnailyfacter/modular/sahara/db.pp
View File

@ -1,4 +1,4 @@
notice('MODULAR: sahara_db.pp') notice('MODULAR: sahara/db.pp')
$sahara_hash = hiera_hash('sahara', {}) $sahara_hash = hiera_hash('sahara', {})
$sahara_enabled = pick($sahara_hash['enabled'], false) $sahara_enabled = pick($sahara_hash['enabled'], false)

4
deployment/puppet/osnailyfacter/modular/sahara/tasks.yaml
View File

@ -18,6 +18,6 @@
required_for: [sahara] required_for: [sahara]
requires: [database] requires: [database]
parameters: parameters:
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/sahara/sahara_db.pp puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/sahara/db.pp
puppet_modules: /etc/puppet/modules puppet_modules: /etc/puppet/modules
timeout: 3600 timeout: 1800

32
deployment/puppet/osnailyfacter/modular/swift/keystone.pp Normal file
View File

@ -0,0 +1,32 @@
notice('MODULAR: swift/keystone.pp')
$swift_hash = hiera_hash('swift', {})
$public_address = hiera('public_vip')
$internal_address = hiera('management_vip', $public_address)
$region = pick($swift_hash['region'], 'RegionOne')
$public_ssl_hash = hiera('public_ssl')
$public_protocol = $public_ssl_hash['services'] ? {
true => 'https',
default => 'http',
}
$password = $swift_hash['user_password']
$auth_name = pick($swift_hash['auth_name'], 'swift')
$configure_endpoint = pick($swift_hash['configure_endpoint'], true)
$service_name = pick($swift_hash['service_name'], 'swift')
$tenant = pick($swift_hash['tenant'], 'services')
validate_string($public_address)
validate_string($password)
class { '::swift::keystone::auth':
password => $password,
auth_name => $auth_name,
configure_endpoint => $configure_endpoint,
service_name => $service_name,
public_address => $public_address,
public_protocol => $public_protocol,
admin_address => $internal_address,
internal_address => $internal_address,
region => $region,
}

68
deployment/puppet/osnailyfacter/modular/swift/swift.pp
View File

@ -31,29 +31,28 @@ $keystone_password = pick($swift_hash['user_password'], 'passsword')
$keystone_tenant = pick($swift_hash['tenant'], 'services') $keystone_tenant = pick($swift_hash['tenant'], 'services')
$keystone_protocol = pick($swift_hash['auth_protocol'], 'http') $keystone_protocol = pick($swift_hash['auth_protocol'], 'http')
$region = hiera('region', 'RegionOne') $region = hiera('region', 'RegionOne')
$public_ssl_hash = hiera('public_ssl')
# Use Swift if it isn't replaced by vCenter, Ceph for BOTH images and objects # Use Swift if it isn't replaced by vCenter, Ceph for BOTH images and objects
if !($storage_hash['images_ceph'] and $storage_hash['objects_ceph']) and !$storage_hash['images_vcenter'] { if !($storage_hash['images_ceph'] and $storage_hash['objects_ceph']) and !$storage_hash['images_vcenter'] {
$master_swift_proxy_nodes = get_nodes_hash_by_roles($network_metadata, [$swift_master_role]) $master_swift_proxy_nodes = get_nodes_hash_by_roles($network_metadata, [$swift_master_role])
$master_swift_proxy_nodes_list = values($master_swift_proxy_nodes) $master_swift_proxy_nodes_list = values($master_swift_proxy_nodes)
$master_swift_proxy_ip = regsubst($master_swift_proxy_nodes_list[0]['network_roles']['swift/api'], '\/\d+$', '') $master_swift_proxy_ip = regsubst($master_swift_proxy_nodes_list[0]['network_roles']['swift/api'], '\/\d+$', '')
$master_swift_replication_ip = regsubst($master_swift_proxy_nodes_list[0]['network_roles']['swift/replication'], '\/\d+$', '') $master_swift_replication_ip = regsubst($master_swift_proxy_nodes_list[0]['network_roles']['swift/replication'], '\/\d+$', '')
if ($deploy_swift_storage){ if ($deploy_swift_storage){
class { 'openstack::swift::storage_node': class { 'openstack::swift::storage_node':
storage_type => false, storage_type => false,
loopback_size => '5243780', loopback_size => '5243780',
storage_mnt_base_dir => $swift_partition, storage_mnt_base_dir => $swift_partition,
storage_devices => filter_hash($mp_hash,'point'), storage_devices => filter_hash($mp_hash,'point'),
swift_zone => $master_swift_proxy_nodes_list[0]['swift_zone'], swift_zone => $master_swift_proxy_nodes_list[0]['swift_zone'],
swift_local_net_ip => $swift_storage_ipaddr, swift_local_net_ip => $swift_storage_ipaddr,
master_swift_proxy_ip => $master_swift_proxy_ip, master_swift_proxy_ip => $master_swift_proxy_ip,
master_swift_replication_ip => $master_swift_replication_ip, master_swift_replication_ip => $master_swift_replication_ip,
sync_rings => ! $is_primary_swift_proxy, sync_rings => ! $is_primary_swift_proxy,
debug => $debug, debug => $debug,
verbose => $verbose, verbose => $verbose,
log_facility => 'LOG_SYSLOG', log_facility => 'LOG_SYSLOG',
} }
} }
@ -64,32 +63,32 @@ if !($storage_hash['images_ceph'] and $storage_hash['objects_ceph']) and !$stora
} }
} }
if ($deploy_swift_proxy){ if $deploy_swift_proxy {
$resize_value = pick($swift_hash['resize_value'], 2) $resize_value = pick($swift_hash['resize_value'], 2)
$ring_part_power = calc_ring_part_power($swift_nodes,$resize_value) $ring_part_power = calc_ring_part_power($swift_nodes,$resize_value)
$sto_net = get_network_role_property('swift/replication', 'network') $sto_net = get_network_role_property('swift/replication', 'network')
$man_net = get_network_role_property('swift/api', 'network') $man_net = get_network_role_property('swift/api', 'network')
class { 'openstack::swift::proxy': class { 'openstack::swift::proxy':
swift_user_password => $swift_hash['user_password'], swift_user_password => $swift_hash['user_password'],
swift_proxies_cache => $memcaches_addr_list, swift_proxies_cache => $memcaches_addr_list,
ring_part_power => $ring_part_power, ring_part_power => $ring_part_power,
primary_proxy => $is_primary_swift_proxy, primary_proxy => $is_primary_swift_proxy,
swift_proxy_local_ipaddr => $swift_api_ipaddr, swift_proxy_local_ipaddr => $swift_api_ipaddr,
swift_replication_local_ipaddr => $swift_storage_ipaddr, swift_replication_local_ipaddr => $swift_storage_ipaddr,
master_swift_proxy_ip => $master_swift_proxy_ip, master_swift_proxy_ip => $master_swift_proxy_ip,
master_swift_replication_ip => $master_swift_replication_ip, master_swift_replication_ip => $master_swift_replication_ip,
proxy_port => $proxy_port, proxy_port => $proxy_port,
debug => $debug, debug => $debug,
verbose => $verbose, verbose => $verbose,
log_facility => 'LOG_SYSLOG', log_facility => 'LOG_SYSLOG',
ceilometer => hiera('use_ceilometer',false), ceilometer => hiera('use_ceilometer',false),
ring_min_part_hours => $ring_min_part_hours, ring_min_part_hours => $ring_min_part_hours,
admin_user => $keystone_user, admin_user => $keystone_user,
admin_tenant_name => $keystone_tenant, admin_tenant_name => $keystone_tenant,
admin_password => $keystone_password, admin_password => $keystone_password,
auth_host => $service_endpoint, auth_host => $service_endpoint,
auth_protocol => $keystone_protocol, auth_protocol => $keystone_protocol,
} -> } ->
class { 'openstack::swift::status': class { 'openstack::swift::status':
endpoint => "http://${swift_api_ipaddr}:${proxy_port}", endpoint => "http://${swift_api_ipaddr}:${proxy_port}",
@ -98,19 +97,6 @@ if !($storage_hash['images_ceph'] and $storage_hash['objects_ceph']) and !$stora
con_timeout => 5 con_timeout => 5
} }
if ($create_keystone_auth){
class { 'swift::keystone::auth':
password => $swift_hash['user_password'],
public_address => $public_vip,
region => $region,
public_protocol => $public_ssl_hash['services'] ? {
true => 'https',
default => 'http',
},
internal_address => $management_vip,
admin_address => $management_vip,
}
}
} }
} }

10
deployment/puppet/osnailyfacter/modular/swift/tasks.yaml
View File

@ -25,3 +25,13 @@
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/swift/swift_post.rb cmd: ruby /etc/puppet/modules/osnailyfacter/modular/swift/swift_post.rb
test_post: test_post:
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/swift/rebalance_cronjob_post.rb cmd: ruby /etc/puppet/modules/osnailyfacter/modular/swift/rebalance_cronjob_post.rb
- id: swift-keystone
type: puppet
groups: [primary-controller]
required_for: [swift]
requires: [keystone]
parameters:
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/swift/keystone.pp
puppet_modules: /etc/puppet/modules
timeout: 1800

13
tests/noop/spec/hosts/ceilometer/keystone_spec.rb Normal file
View File

@ -0,0 +1,13 @@
require 'spec_helper'
require 'shared-examples'
manifest = 'ceilometer/keystone.pp'
describe manifest do
shared_examples 'catalog' do
it 'should set empty trusts_delegated_roles for ceilometer auth' do
contain_class('ceilometer::keystone::auth')
end
end
test_ubuntu_and_centos manifest
end

3
tests/noop/spec/hosts/glance/glance_db_spec.rb → tests/noop/spec/hosts/glance/db_spec.rb
View File

@ -1,6 +1,6 @@
require 'spec_helper' require 'spec_helper'
require 'shared-examples' require 'shared-examples'
manifest = 'glance/glance_db.pp' manifest = 'glance/db.pp'
describe manifest do describe manifest do
shared_examples 'catalog' do shared_examples 'catalog' do
@ -25,4 +25,3 @@ describe manifest do
end end
test_ubuntu_and_centos manifest test_ubuntu_and_centos manifest
end end

13
tests/noop/spec/hosts/glance/keystone_spec.rb Normal file
View File

@ -0,0 +1,13 @@
require 'spec_helper'
require 'shared-examples'
manifest = 'glance/keystone.pp'
describe manifest do
shared_examples 'catalog' do
it 'should set empty trusts_delegated_roles for glance auth' do
contain_class('glance::keystone::auth')
end
end
test_ubuntu_and_centos manifest
end

27
tests/noop/spec/hosts/heat/db_spec.rb Normal file
View File

@ -0,0 +1,27 @@
require 'spec_helper'
require 'shared-examples'
manifest = 'heat/db.pp'
describe manifest do
shared_examples 'catalog' do
heat_db_user = 'heat'
heat_db_dbname = 'heat'
heat_db_password = Noop.hiera_structure 'heat/db_password'
allowed_hosts = [Noop.hostname,'localhost','127.0.0.1','%']
it 'should declare heat::db::mysql class with user,password,dbname' do
should contain_class('heat::db::mysql').with(
'user' => heat_db_user,
'password' => heat_db_password,
'dbname' => heat_db_dbname,
'allowed_hosts' => allowed_hosts,
)
end
allowed_hosts.each do |host|
it "should define openstacklib::db::mysql::host_access for #{heat_db_dbname} DB for #{host}" do
should contain_openstacklib__db__mysql__host_access("#{heat_db_dbname}_#{host}")
end
end
end
test_ubuntu_and_centos manifest
end

17
tests/noop/spec/hosts/heat/heat_db_spec.rb
View File

@ -1,17 +0,0 @@
require 'spec_helper'
require 'shared-examples'
manifest = 'heat/heat_db.pp'
describe manifest do
shared_examples 'catalog' do
it 'should contain openstack::heat class with db_allowed_hosts parameter' do
hostname = Noop.hostname
db_allowed_hosts = [ hostname, 'localhost', '127.0.0.1', '%' ]
should contain_class('heat::db::mysql').with('allowed_hosts' => db_allowed_hosts)
end
end # end of shared_examples
test_ubuntu_and_centos manifest
end

5
tests/noop/spec/hosts/heat/heat_spec.rb
View File

@ -7,10 +7,7 @@ describe manifest do
use_syslog = Noop.hiera 'use_syslog' use_syslog = Noop.hiera 'use_syslog'
it 'should set empty trusts_delegated_roles for heat authentication and engine' do it 'should set empty trusts_delegated_roles for heat engine' do
should contain_class('heat::keystone::auth').with(
'trusts_delegated_roles' => [],
)
should contain_class('heat::engine').with( should contain_class('heat::engine').with(
'trusts_delegated_roles' => [], 'trusts_delegated_roles' => [],
) )

15
tests/noop/spec/hosts/heat/keystone_spec.rb Normal file
View File

@ -0,0 +1,15 @@
require 'spec_helper'
require 'shared-examples'
manifest = 'heat/keystone.pp'
describe manifest do
shared_examples 'catalog' do
it 'should set empty trusts_delegated_roles for heat auth' do
contain_class('heat::keystone::auth').with(
'trusts_delegated_roles' => [],
)
end
end
test_ubuntu_and_centos manifest
end

3
tests/noop/spec/hosts/keystone/keystone_db_spec.rb → tests/noop/spec/hosts/keystone/db_spec.rb
View File

@ -1,6 +1,7 @@
require 'spec_helper' require 'spec_helper'
require 'shared-examples' require 'shared-examples'
manifest = 'keystone/keystone_db.pp' manifest = 'keystone/db.pp'
describe manifest do describe manifest do
shared_examples 'catalog' do shared_examples 'catalog' do
keystone_db_user = 'keystone' keystone_db_user = 'keystone'

3
tests/noop/spec/hosts/murano/murano_db_spec.rb → tests/noop/spec/hosts/murano/db_spec.rb
View File

@ -1,8 +1,9 @@
require 'spec_helper' require 'spec_helper'
require 'shared-examples' require 'shared-examples'
manifest = 'murano/murano_db.pp' manifest = 'murano/db.pp'
describe manifest do describe manifest do
test_ubuntu_and_centos manifest test_ubuntu_and_centos manifest
end end

2
tests/noop/spec/hosts/openstack-cinder/cinder_db_spec.rb → tests/noop/spec/hosts/openstack-cinder/db_spec.rb
View File

@ -1,6 +1,6 @@
require 'spec_helper' require 'spec_helper'
require 'shared-examples' require 'shared-examples'
manifest = 'openstack-cinder/cinder_db.pp' manifest = 'openstack-cinder/db.pp'
describe manifest do describe manifest do
shared_examples 'catalog' do shared_examples 'catalog' do

13
tests/noop/spec/hosts/openstack-cinder/keystone_spec.rb Normal file
View File

@ -0,0 +1,13 @@
require 'spec_helper'
require 'shared-examples'
manifest = 'openstack-cinder/keystone.pp'
describe manifest do
shared_examples 'catalog' do
it 'should set empty trusts_delegated_roles for cinder auth' do
contain_class('cinder::keystone::auth')
end
end
test_ubuntu_and_centos manifest
end

2
tests/noop/spec/hosts/openstack-controller/nova_db_spec.rb → tests/noop/spec/hosts/openstack-controller/db_spec.rb
View File

@ -1,6 +1,6 @@
require 'spec_helper' require 'spec_helper'
require 'shared-examples' require 'shared-examples'
manifest = 'openstack-controller/nova_db.pp' manifest = 'openstack-controller/db.pp'
describe manifest do describe manifest do
shared_examples 'catalog' do shared_examples 'catalog' do

13
tests/noop/spec/hosts/openstack-controller/keystone_spec.rb Normal file
View File

@ -0,0 +1,13 @@
require 'spec_helper'
require 'shared-examples'
manifest = 'openstack-controller/keystone.pp'
describe manifest do
shared_examples 'catalog' do
it 'should set empty trusts_delegated_roles for nova auth' do
contain_class('nova::keystone::auth')
end
end
test_ubuntu_and_centos manifest
end

2
tests/noop/spec/hosts/openstack-network/neutron_db_spec.rb → tests/noop/spec/hosts/openstack-network/db_spec.rb
View File

@ -1,6 +1,6 @@
require 'spec_helper' require 'spec_helper'
require 'shared-examples' require 'shared-examples'
manifest = 'openstack-network/neutron_db.pp' manifest = 'openstack-network/db.pp'
describe manifest do describe manifest do
#TODO: uncomment in neutron module adaptation patch #TODO: uncomment in neutron module adaptation patch

13
tests/noop/spec/hosts/openstack-network/keystone_spec.rb Normal file
View File

@ -0,0 +1,13 @@
require 'spec_helper'
require 'shared-examples'
manifest = 'openstack-network/keystone.pp'
describe manifest do
shared_examples 'catalog' do
it 'should set empty trusts_delegated_roles for neutron auth' do
contain_class('neutron::keystone::auth')
end
end
test_ubuntu_and_centos manifest
end

3
tests/noop/spec/hosts/sahara/sahara_db_spec.rb → tests/noop/spec/hosts/sahara/db_spec.rb
View File

@ -1,8 +1,7 @@
require 'spec_helper' require 'spec_helper'
require 'shared-examples' require 'shared-examples'
manifest = 'sahara/sahara_db.pp' manifest = 'sahara/db.pp'
describe manifest do describe manifest do
test_ubuntu_and_centos manifest test_ubuntu_and_centos manifest
end end

13
tests/noop/spec/hosts/swift/keystone_spec.rb Normal file
View File

@ -0,0 +1,13 @@
require 'spec_helper'
require 'shared-examples'
manifest = 'swift/keystone.pp'
describe manifest do
shared_examples 'catalog' do
it 'should set empty trusts_delegated_roles for swift auth' do
contain_class('swift::keystone::auth')
end
end
test_ubuntu_and_centos manifest
end