[Ironic] Add Ironic API service

Following tasks introduces:
* ironic-api - API service for Ironic
* ironic-db - create and configure database for Ironic
* ironic-keystone - create service and endpoints in Keystone
* ironic-post-swift-key - post secret key for Swift tempurl

Partially Implemets: blueprint fuel-integrate-ironic

Change-Id: I168e7b831ccf12a9b3c7faf7063133ddf12ab670

deployment/puppet/osnailyfacter/modular/astute/ironic_post_swift_key.rb

@@ -0,0 +1,37 @@
+#!/usr/bin/env ruby
+require 'hiera'
+
+ENV['LANG'] = 'C'
+
+hiera = Hiera.new(:config => '/etc/hiera.yaml')
+glanced = hiera.lookup 'glance', {} , {}
+management_vip = hiera.lookup 'management_vip', nil, {}
+auth_addr = hiera.lookup 'service_endpoint', "#{management_vip}", {}
+tenant_name = glanced['tenant'].nil? ? "services" : glanced['tenant']
+user_name = glanced['user'].nil? ? "glance" : glanced['user']
+endpoint_type = glanced['endpoint_type'].nil? ? "internalURL" : glanced['endpoint_type']
+region_name = hiera.lookup 'region', 'RegionOne', {}
+ironic_hash = hiera.lookup 'ironic', {}, {}
+ironic_swift_tempurl_key = ironic_hash['swift_tempurl_key']
+
+ENV['OS_TENANT_NAME']="#{tenant_name}"
+ENV['OS_USERNAME']="#{user_name}"
+ENV['OS_PASSWORD']="#{glanced['user_password']}"
+ENV['OS_AUTH_URL']="http://#{auth_addr}:5000/v2.0"
+ENV['OS_ENDPOINT_TYPE'] = "#{endpoint_type}"
+ENV['OS_REGION_NAME']="#{region_name}"
+
+
+command = <<-EOF
+/usr/bin/swift post -m 'Temp-URL-Key:#{ironic_swift_tempurl_key}'
+EOF
+5.times.each do |retries|
+  sleep 10 if retries > 0
+  stdout = `#{command}`
+  return_code = $?.exitstatus
+  puts stdout
+  exit 0 if return_code == 0
+end
+
+puts "Secret key registration have FAILED!"
+exit 1

deployment/puppet/osnailyfacter/modular/astute/tasks.yaml

@@ -218,3 +218,15 @@
     puppet_modules: /etc/puppet/modules
     timeout: 180
     cwd: /
+
+- id: ironic_post_swift_key
+  type: shell
+  role: [primary-controller]
+  condition: "settings:additional_components.ironic.value == true"
+  requires: [enable_quorum]
+  required_for: [post_deployment_end]
+  parameters:
+    cmd: ruby /etc/puppet/modules/osnailyfacter/modular/astute/ironic_post_swift_key.rb
+    retries: 3
+    interval: 20
+    timeout: 180

deployment/puppet/osnailyfacter/modular/ironic/db.pp

@@ -0,0 +1,51 @@
+notice('MODULAR: ironic/db.pp')
+
+$ironic_hash    = hiera_hash('ironic', {})
+$mysql_hash     = hiera_hash('mysql', {})
+$database_vip   = hiera('database_vip')
+
+$mysql_root_user     = pick($mysql_hash['root_user'], 'root')
+$mysql_db_create     = pick($mysql_hash['db_create'], true)
+$mysql_root_password = $mysql_hash['root_password']
+
+$db_user     = pick($ironic_hash['db_user'], 'ironic')
+$db_name     = pick($ironic_hash['db_name'], 'ironic')
+$db_password = pick($ironic_hash['db_password'], $mysql_root_password)
+
+$db_host          = pick($ironic_hash['db_host'], $database_vip)
+$db_create        = pick($ironic_hash['db_create'], $mysql_db_create)
+$db_root_user     = pick($ironic_hash['root_user'], $mysql_root_user)
+$db_root_password = pick($ironic_hash['root_password'], $mysql_root_password)
+
+$allowed_hosts = [ hiera('node_name'), 'localhost', '127.0.0.1', '%' ]
+
+validate_string($mysql_root_user)
+validate_string($database_vip)
+
+if $db_create {
+  class { 'galera::client':
+    custom_setup_class => hiera('mysql_custom_setup_class', 'galera'),
+  }
+
+  class { 'ironic::db::mysql':
+    user          => $db_user,
+    password      => $db_password,
+    dbname        => $db_name,
+    allowed_hosts => $allowed_hosts,
+  }
+
+  class { 'osnailyfacter::mysql_access':
+    db_host     => $db_host,
+    db_user     => $db_root_user,
+    db_password => $db_root_password,
+  }
+
+  Class['galera::client'] ->
+    Class['osnailyfacter::mysql_access'] ->
+      Class['ironic::db::mysql']
+}
+
+class mysql::config {}
+include mysql::config
+class mysql::server {}
+include mysql::server

deployment/puppet/osnailyfacter/modular/ironic/ironic.pp

@@ -0,0 +1,61 @@
+notice('MODULAR: ironic/ironic.pp')
+
+$ironic_hash                = hiera_hash('ironic', {})
+$public_vip                 = hiera('public_vip')
+$management_vip             = hiera('management_vip')
+
+$network_metadata           = hiera_hash('network_metadata', {})
+
+$database_vip               = hiera('database_vip')
+$keystone_endpoint          = hiera('service_endpoint')
+$neutron_endpoint           = hiera('neutron_endpoint', $management_vip)
+$glance_api_servers         = hiera('glance_api_servers', "${management_vip}:9292")
+$debug                      = hiera('debug', false)
+$verbose                    = hiera('verbose', true)
+$use_syslog                 = hiera('use_syslog', true)
+$syslog_log_facility_ironic = hiera('syslog_log_facility_ironic', 'LOG_USER')
+$rabbit_hash                = hiera_hash('rabbit_hash', {})
+$rabbit_ha_queues           = hiera('rabbit_ha_queues')
+$amqp_hosts                 = hiera('amqp_hosts')
+$amqp_port                  = hiera('amqp_port', '5673')
+$rabbit_hosts               = split($amqp_hosts, ',')
+$neutron_config             = hiera_hash('quantum_settings')
+
+$db_host                    = pick($ironic_hash['db_host'], $database_vip)
+$db_user                    = pick($ironic_hash['db_user'], 'ironic')
+$db_name                    = pick($ironic_hash['db_name'], 'ironic')
+$db_password                = pick($ironic_hash['db_password'], 'ironic')
+$database_connection        = "mysql://${db_name}:${db_password}@${db_host}/${db_name}?charset=utf8&read_timeout=60"
+
+$ironic_tenant              = pick($ironic_hash['tenant'],'services')
+$ironic_user                = pick($ironic_hash['auth_name'],'ironic')
+$ironic_user_password       = pick($ironic_hash['user_password'],'ironic')
+
+prepare_network_config(hiera('network_scheme', {}))
+
+$baremetal_vip = $network_metadata['vips']['baremetal']['ipaddr']
+
+class { 'ironic':
+  verbose             => $verbose,
+  debug               => $debug,
+  rabbit_hosts        => $rabbit_hosts,
+  rabbit_port         => $amqp_port,
+  rabbit_userid       => $rabbit_hash['user'],
+  rabbit_password     => $rabbit_hash['password'],
+  amqp_durable_queues => $rabbit_ha_queues,
+  use_syslog          => $use_syslog,
+  log_facility        => $syslog_log_facility_ironic,
+  database_connection => $database_connection,
+  glance_api_servers  => $glance_api_servers,
+}
+
+class { 'ironic::client': }
+
+class { 'ironic::api':
+  host_ip           => get_network_role_property('ironic/api', 'ipaddr'),
+  auth_host         => $keystone_endpoint,
+  admin_tenant_name => $ironic_tenant,
+  admin_user        => $ironic_user,
+  admin_password    => $ironic_user_password,
+  neutron_url       => "http://${neutron_endpoint}:9696",
+}

deployment/puppet/osnailyfacter/modular/ironic/keystone.pp

@@ -0,0 +1,39 @@
+notice('MODULAR: ironic/keystone.pp')
+
+$ironic_hash                = hiera_hash('ironic', {})
+$public_vip                 = hiera('public_vip')
+$management_vip             = hiera('management_vip')
+$public_ssl_hash            = hiera('public_ssl')
+$ironic_tenant              = pick($ironic_hash['tenant'],'services')
+$ironic_user                = pick($ironic_hash['auth_name'],'ironic')
+$ironic_user_password       = pick($ironic_hash['user_password'],'ironic')
+$configure_endpoint         = pick($ironic_hash['configure_endpoint'], true)
+$configure_user             = pick($ironic_hash['configure_user'], true)
+$configure_user_role        = pick($ironic_hash['configure_user_role'], true)
+$service_name               = pick($ironic_hash['service_name'], 'ironic')
+
+$public_address = $public_ssl_hash['services'] ? {
+  true    => $public_ssl_hash['hostname'],
+  default => $public_vip,
+}
+$public_protocol = $public_ssl_hash['services'] ? {
+  true    => 'https',
+  default => 'http',
+}
+
+$region                     = hiera('region', 'RegionOne')
+$public_url                 = "${public_protocol}://${public_address}:6385"
+$admin_url                  = "http://${management_vip}:6385"
+$internal_url               = "http://${management_vip}:6385"
+
+class { 'ironic::keystone::auth':
+  password            => $ironic_user_password,
+  region              => $region,
+  public_url          => $public_url,
+  internal_url        => $internal_url,
+  admin_url           => $admin_url,
+  configure_endpoint  => $configure_endpoint,
+  configure_user      => $configure_user,
+  configure_user_role => $configure_user_role,
+  service_name        => $service_name,
+}

deployment/puppet/osnailyfacter/modular/ironic/tasks.yaml

@@ -0,0 +1,32 @@
+- id: ironic-api
+  type: puppet
+  groups: [primary-controller, controller]
+  condition: "settings:additional_components.ironic.value == true"
+  required_for: [openstack-controller]
+  requires: [openstack-haproxy, ironic-db, ironic-keystone]
+  parameters:
+    puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/ironic/ironic.pp
+    puppet_modules: /etc/puppet/modules
+    timeout: 3600
+
+- id: ironic-db
+  type: puppet
+  groups: [primary-controller]
+  condition: "settings:additional_components.ironic.value == true"
+  required_for: [ironic-api]
+  requires: [database]
+  parameters:
+    puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/ironic/db.pp
+    puppet_modules: /etc/puppet/modules
+    timeout: 1800
+
+- id: ironic-keystone
+  type: puppet
+  groups: [primary-controller]
+  condition: "settings:additional_components.ironic.value == true"
+  required_for: [ironic-api]
+  requires: [keystone]
+  parameters:
+    puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/ironic/keystone.pp
+    puppet_modules: /etc/puppet/modules
+    timeout: 1800

tests/noop/spec/hosts/ironic/db_spec.rb

@@ -0,0 +1,41 @@
+require 'spec_helper'
+require 'shared-examples'
+manifest = 'ironic/db.pp'
+
+describe manifest do
+  shared_examples 'catalog' do
+    ironic_enabled = Noop.hiera_structure 'ironic/enabled'
+
+    if ironic_enabled
+      ironic_db_user = 'ironic'
+      ironic_db_dbname = 'ironic'
+      ironic_db_password = Noop.hiera_structure 'ironic/db_password'
+      allowed_hosts = [Noop.hostname,'localhost','127.0.0.1','%']
+
+      it 'should install proper mysql-client' do
+        if facts[:osfamily] == 'RedHat'
+          pkg_name = 'MySQL-client-wsrep'
+        elsif facts[:osfamily] == 'Debian'
+          pkg_name = 'mysql-client-5.6'
+        end
+        should contain_package('mysql-client').with(
+          'name' => pkg_name,
+        )
+      end
+      it 'should declare ironic::db::mysql class with user,password,dbname' do
+        should contain_class('ironic::db::mysql').with(
+          'user' => ironic_db_user,
+          'password' => ironic_db_password,
+          'dbname' => ironic_db_dbname,
+          'allowed_hosts' => allowed_hosts,
+        )
+      end
+      allowed_hosts.each do |host|
+        it "should define openstacklib::db::mysql::host_access for #{ironic_db_dbname} DB for #{host}" do
+          should contain_openstacklib__db__mysql__host_access("#{ironic_db_dbname}_#{host}")
+        end
+      end
+    end
+  end
+  test_ubuntu_and_centos manifest
+end

tests/noop/spec/hosts/ironic/ironic_spec.rb

@@ -0,0 +1,22 @@
+require 'spec_helper'
+require 'shared-examples'
+manifest = 'ironic/ironic.pp'
+
+ironic_enabled = Noop.hiera_structure 'ironic/enabled'
+if ironic_enabled
+
+  describe manifest do
+    shared_examples 'catalog' do
+      rabbit_user = Noop.hiera_structure 'rabbit/user', 'nova'
+      rabbit_password = Noop.hiera_structure 'rabbit/password'
+
+      it 'should declare ironic class correctly' do
+        should contain_class('ironic').with(
+          'rabbit_userid'   => rabbit_user,
+          'rabbit_password' => rabbit_password,
+        )
+      end
+    end
+    test_ubuntu_and_centos manifest
+  end
+end

tests/noop/spec/hosts/ironic/keystone_spec.rb

@@ -0,0 +1,49 @@
+require 'spec_helper'
+require 'shared-examples'
+manifest = 'ironic/keystone.pp'
+
+describe manifest do
+  shared_examples 'catalog' do
+    ironic_enabled = Noop.hiera_structure 'ironic/enabled'
+
+    if ironic_enabled
+      public_vip    = Noop.hiera('public_vip')
+      admin_address = Noop.hiera('management_vip')
+      public_ssl    = Noop.hiera_structure('public_ssl/services')
+
+      if public_ssl
+        public_address  = Noop.hiera_structure('public_ssl/hostname')
+        public_protocol = 'https'
+      else
+        public_address  = public_vip
+        public_protocol = 'http'
+      end
+
+      auth_name           = Noop.hiera_structure('ironic/auth_name', 'ironic')
+      password            = Noop.hiera_structure('ironic/user_password')
+      configure_endpoint  = Noop.hiera_structure('ironic/configure_endpoint', true)
+      configure_user      = Noop.hiera_structure('ironic/configure_user', true)
+      configure_user_role = Noop.hiera_structure('ironic/configure_user_role', true)
+      region              = Noop.hiera_structure('ironic/region', 'RegionOne')
+      service_name        = Noop.hiera_structure('ironic/service_name', 'ironic')
+      public_url          = "#{public_protocol}://#{public_address}:6385"
+      admin_url           = "http://#{admin_address}:6385"
+
+      it 'should declare ironic::keystone::auth class correctly' do
+        should contain_class('ironic::keystone::auth').with(
+          'auth_name'           => auth_name,
+          'password'            => password,
+          'configure_endpoint'  => configure_endpoint,
+          'configure_user'      => configure_user,
+          'configure_user_role' => configure_user_role,
+          'service_name'        => service_name,
+          'public_url'          => public_url,
+          'admin_url'           => admin_url,
+          'internal_url'        => admin_url,
+          'region'              => region,
+        )
+      end
+    end
+  end
+  test_ubuntu_and_centos manifest
+end