openstack/fuel-library
Code Issues Proposed changes

Add support for external load-balancers

Browse Source 
Add new hiera configuration key 'external_lb'. If it's set to
true then we should not configure Haproxy LB on controllers and
also we should switch 'haproxy_backend_status' to 'http' provider.

We calculate 'external_lb' during 'globals.pp' task - if we have
no VIPs with 'haproxy' namespace, then it's set to 'true'.

It does not change the default deployment scheme.

Also fixing minor issue with default provider for
'haproxy_backend_status' type.

Closes-bug: #1522749
Change-Id: I5539d04d577465bd410494a6c0b7caff18857878
This commit is contained in:
Aleksandr Didenko 2015-12-21 16:31:01 +01:00
parent 1052755dea
commit ba7ed96778
57 changed files with 851 additions and 305 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
deployment/puppet/haproxy/lib/puppet/provider/haproxy_backend_status/haproxy.rb
View File

@ -7,7 +7,7 @@ require 'uri'
Puppet::Type.type(:haproxy_backend_status).provide(:haproxy) do
desc 'Wait for HAProxy backend to become online'
defaultfor :osfamily => :linux
defaultfor :kernel => :linux
# get the raw csv value using one of the methods
# retry if operations fails

24
deployment/puppet/osnailyfacter/modular/ceph/radosgw.pp
View File

@ -9,6 +9,8 @@ $service_endpoint = hiera('service_endpoint')
$public_ssl_hash = hiera('public_ssl')
$radosgw_large_pool_name = ".rgw"
$mon_address_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('ceph_monitor_nodes'), 'ceph/public')
$external_lb = hiera('external_lb', false)
$ssl_hash = hiera_hash('use_ssl', {})
if ($storage_hash['volumes_ceph'] or
$storage_hash['images_ceph'] or
@ -44,18 +46,36 @@ if $use_ceph and $storage_hash['objects_ceph'] {
$haproxy_stats_url = "http://${service_endpoint}:10000/;csv"
if $external_lb {
Haproxy_backend_status<||> {
provider => 'http',
}
$internal_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http')
$internal_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$service_endpoint, $management_vip])
$internal_auth_url = "${internal_auth_protocol}://${internal_auth_address}:5000"
$admin_identity_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http')
$admin_identity_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$service_endpoint, $management_vip])
$admin_identity_url = "${admin_identity_protocol}://${admin_identity_address}:35357"
}
haproxy_backend_status { 'keystone-admin' :
name => 'keystone-2',
count => '200',
step => '6',
url => $haproxy_stats_url,
url => $external_lb ? {
default => $haproxy_stats_url,
true => $admin_identity_url,
},
}
haproxy_backend_status { 'keystone-public' :
name => 'keystone-1',
count => '200',
step => '6',
url => $haproxy_stats_url,
url => $external_lb ? {
default => $haproxy_stats_url,
true => $internal_auth_url,
},
}
Haproxy_backend_status['keystone-admin'] -> Class ['ceph::keystone']

21
deployment/puppet/osnailyfacter/modular/cluster-haproxy/cluster-haproxy.pp
View File

@ -6,15 +6,18 @@ $database_vip = hiera('database_vip', '')
$service_endpoint = hiera('service_endpoint', '')
$primary_controller = hiera('primary_controller')
$haproxy_hash = hiera_hash('haproxy', {})
$external_lb = hiera('external_lb', false)
#FIXME(mattymo): Replace with only VIPs for roles assigned to this node
$stats_ipaddresses = delete_undef_values([$management_vip, $database_vip, $service_endpoint, '127.0.0.1'])
if !$external_lb {
#FIXME(mattymo): Replace with only VIPs for roles assigned to this node
$stats_ipaddresses = delete_undef_values([$management_vip, $database_vip, $service_endpoint, '127.0.0.1'])
class { 'cluster::haproxy':
haproxy_maxconn => '16000',
haproxy_bufsize => '32768',
primary_controller => $primary_controller,
debug => pick($haproxy_hash['debug'], hiera('debug', false)),
other_networks => direct_networks($network_scheme['endpoints']),
stats_ipaddresses => $stats_ipaddresses
class { 'cluster::haproxy':
haproxy_maxconn => '16000',
haproxy_bufsize => '32768',
primary_controller => $primary_controller,
debug => pick($haproxy_hash['debug'], hiera('debug', false)),
other_networks => direct_networks($network_scheme['endpoints']),
stats_ipaddresses => $stats_ipaddresses
}
}

15
deployment/puppet/osnailyfacter/modular/database/database.pp
View File

@ -35,6 +35,8 @@ $status_password = $mysql_hash['wsrep_password']
$backend_port = '3307'
$backend_timeout = '10'
$external_lb = hiera('external_lb', false)
#############################################################################
validate_string($status_password)
validate_string($mysql_database_password)
@ -113,9 +115,20 @@ if $enabled {
only_from => "127.0.0.1 240.0.0.2 ${management_networks}",
}
if $external_lb {
Haproxy_backend_status<||> {
provider => 'http',
}
}
haproxy_backend_status { 'mysql':
name => 'mysqld',
url => $haproxy_stats_url,
url => $external_lb ? {
default => $haproxy_stats_url,
# You should setup HTTP frontend for mysqld-status on yout external LB.
# Otherwise it's impossible to wait for mysql cluster to sync.
true => "http://${database_vip}:49000",
},
}
class { 'osnailyfacter::mysql_access':

20
deployment/puppet/osnailyfacter/modular/dns/dns-server.pp
View File

@ -4,13 +4,19 @@ $dns_servers = hiera('external_dns')
$primary_controller = hiera('primary_controller')
$master_ip = hiera('master_ip')
$management_vrouter_vip = hiera('management_vrouter_vip')
$network_metadata = hiera_hash('network_metadata', {})
$vrouter_name = hiera('vrouter_name', 'pub')
class { 'osnailyfacter::dnsmasq':
external_dns => strip(split($dns_servers['dns_list'], ',')),
master_ip => $master_ip,
management_vrouter_vip => $management_vrouter_vip,
} ->
# If VIP has namespace set to 'false' or 'undef' then we do not configure it
# under corosync cluster. So we should not configure anything listening it.
if $network_metadata['vips']["vrouter_${vrouter_name}"]['namespace'] {
class { 'osnailyfacter::dnsmasq':
external_dns => strip(split($dns_servers['dns_list'], ',')),
master_ip => $master_ip,
management_vrouter_vip => $management_vrouter_vip,
} ->
class { 'cluster::dns_ocf':
primary_controller => $primary_controller,
class { 'cluster::dns_ocf':
primary_controller => $primary_controller,
}
}

1
deployment/puppet/osnailyfacter/modular/globals/globals.pp
View File

@ -218,6 +218,7 @@ $public_vip = $network_metadata['vips']['public']['ipaddr']
$management_vip = $network_metadata['vips']['management']['ipaddr']
$public_vrouter_vip = $network_metadata['vips']['vrouter_pub']['ipaddr']
$management_vrouter_vip = $network_metadata['vips']['vrouter']['ipaddr']
$vips = $network_metadata['vips']
$database_vip = is_hash($network_metadata['vips']['database']) ? {
true => pick($network_metadata['vips']['database']['ipaddr'], $management_vip),

12
deployment/puppet/osnailyfacter/modular/heat/heat.pp
View File

@ -48,6 +48,7 @@ $database_name = hiera('heat_db_name', 'heat')
$read_timeout = '60'
$sql_connection = "mysql://${database_user}:${database_password}@${db_host}/${database_name}?read_timeout=${read_timeout}"
$region = hiera('region', 'RegionOne')
$external_lb = hiera('external_lb', false)
####### Disable upstart startup on install #######
if $::operatingsystem == 'Ubuntu' {
@ -148,11 +149,20 @@ class { 'heat::docker_resource' :
$haproxy_stats_url = "http://${service_endpoint}:10000/;csv"
if $external_lb {
Haproxy_backend_status<||> {
provider => 'http',
}
}
haproxy_backend_status { 'keystone-admin' :
name => 'keystone-2',
count => '200',
step => '6',
url => $haproxy_stats_url,
url => $external_lb ? {
default => $haproxy_stats_url,
true => $identity_uri,
},
}
class { 'heat::keystone::domain' :

28
deployment/puppet/osnailyfacter/modular/horizon/horizon.pp
View File

@ -9,6 +9,7 @@ $neutron_advanced_config = hiera_hash('neutron_advanced_configuration', {})
$public_ssl = hiera('public_ssl')
$ssl_no_verify = $public_ssl['horizon']
$overview_days_range = pick($horizon_hash['overview_days_range'], 1)
$external_lb = hiera('external_lb', false)
if $horizon_hash['secret_key'] {
$secret_key = $horizon_hash['secret_key']
@ -68,18 +69,33 @@ class { 'openstack::horizon':
$haproxy_stats_url = "http://${service_endpoint}:10000/;csv"
haproxy_backend_status { 'keystone-admin' :
name => 'keystone-2',
count => '30',
step => '3',
url => $haproxy_stats_url,
if $external_lb {
Haproxy_backend_status<||> {
provider => 'http',
}
$admin_identity_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http')
$admin_identity_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$service_endpoint, $management_vip])
$admin_identity_url = "${admin_identity_protocol}://${admin_identity_address}:35357"
}
haproxy_backend_status { 'keystone-public' :
name => 'keystone-1',
count => '30',
step => '3',
url => $haproxy_stats_url,
url => $external_lb ? {
default => $haproxy_stats_url,
true => $keystone_url,
},
}
haproxy_backend_status { 'keystone-admin' :
name => 'keystone-2',
count => '30',
step => '3',
url => $external_lb ? {
default => $haproxy_stats_url,
true => $admin_identity_url,
},
}
Class['openstack::horizon'] -> Haproxy_backend_status['keystone-admin']

18
deployment/puppet/osnailyfacter/modular/keystone/keystone.pp
View File

@ -96,6 +96,8 @@ if has_key($murano_settings_hash, 'murano_repo_url') {
$murano_repo_url = 'http://storage.apps.openstack.org'
}
$external_lb = hiera('external_lb', false)
###############################################################################
####### KEYSTONE ###########
@ -218,14 +220,26 @@ Class['openstack::auth_file']
$haproxy_stats_url = "http://${service_endpoint}:10000/;csv"
if $external_lb {
Haproxy_backend_status<||> {
provider => 'http',
}
}
haproxy_backend_status { 'keystone-public' :
name => 'keystone-1',
url => $haproxy_stats_url,
url => $external_lb ? {
default => $haproxy_stats_url,
true => $internal_url,
},
}
haproxy_backend_status { 'keystone-admin' :
name => 'keystone-2',
url => $haproxy_stats_url,
url => $external_lb ? {
default => $haproxy_stats_url,
true => $admin_url,
},
}
Service['keystone'] -> Haproxy_backend_status<||>

17
deployment/puppet/osnailyfacter/modular/keystone/workloads_collector_add.pp
View File

@ -2,14 +2,29 @@ notice('MODULAR: keystone/workloads_collector_add.pp')
$workloads_hash = hiera('workloads_collector', {})
$service_endpoint = hiera('service_endpoint')
$external_lb = hiera('external_lb', false)
$ssl_hash = hiera_hash('use_ssl', {})
$management_vip = hiera('management_vip')
$haproxy_stats_url = "http://${service_endpoint}:10000/;csv"
if $external_lb {
Haproxy_backend_status<||> {
provider => 'http',
}
$admin_identity_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http')
$admin_identity_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$service_endpoint, $management_vip])
$admin_identity_url = "${admin_identity_protocol}://${admin_identity_address}:35357"
}
haproxy_backend_status { 'keystone-admin' :
name => 'keystone-2',
count => '200',
step => '6',
url => $haproxy_stats_url,
url => $external_lb ? {
default => $haproxy_stats_url,
true => $admin_identity_url,
},
} ->
class { 'openstack::workloads_collector':

17
deployment/puppet/osnailyfacter/modular/keystone/workloads_collector_remove.pp
View File

@ -2,16 +2,31 @@ notice('MODULAR: keystone/workloads_collector_remove.pp')
$workloads_hash = hiera('workloads_collector', {})
$service_endpoint = hiera('service_endpoint')
$external_lb = hiera('external_lb', false)
$ssl_hash = hiera_hash('use_ssl', {})
$management_vip = hiera('management_vip')
$haproxy_stats_url = "http://${service_endpoint}:10000/;csv"
$workloads_username = $workloads_hash['username']
$workloads_tenant = $workloads_hash['tenant']
if $external_lb {
Haproxy_backend_status<||> {
provider => 'http',
}
$admin_identity_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http')
$admin_identity_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$service_endpoint, $management_vip])
$admin_identity_url = "${admin_identity_protocol}://${admin_identity_address}:35357"
}
haproxy_backend_status { 'keystone-admin' :
name => 'keystone-2',
count => '200',
step => '6',
url => $haproxy_stats_url,
url => $external_lb ? {
default => $haproxy_stats_url,
true => $admin_identity_url,
},
} ->
keystone_user_role { "$workloads_username@$workloads_tenant" :

17
deployment/puppet/osnailyfacter/modular/murano/cfapi.pp
View File

@ -15,6 +15,9 @@ $public_auth_address = get_ssl_property($ssl_hash, $public_ssl_hash, 'key
$internal_api_protocol = 'http'
$cfapi_bind_host = get_network_role_property('murano/cfapi', 'ipaddr')
$service_endpoint = hiera('service_endpoint')
$external_lb = hiera('external_lb', false)
#################################################################
if $murano_cfapi_hash['enabled'] {
@ -43,9 +46,21 @@ if $murano_cfapi_hash['enabled'] {
$haproxy_stats_url = "http://${management_ip}:10000/;csv"
if $external_lb {
Haproxy_backend_status<||> {
provider => 'http',
}
$murano_cfapi_protocol = get_ssl_property($ssl_hash, {}, 'murano', 'internal', 'protocol', 'http')
$murano_cfapi_address = get_ssl_property($ssl_hash, {}, 'murano', 'internal', 'hostname', [$service_endpoint, $management_vip])
$murano_cfapi_url = "${murano_cfapi_protocol}://${murano_cfapi_address}:${cfapi_bind_port}"
}
haproxy_backend_status { 'murano-cfapi' :
name => 'murano-cfapi',
url => $haproxy_stats_url,
url => $external_lb ? {
default => $haproxy_stats_url,
true => $murano_cfapi_url,
},
}
Firewall[$firewall_rule] -> Class['murano::cfapi']

32
deployment/puppet/osnailyfacter/modular/murano/murano.pp
View File

@ -35,9 +35,10 @@ $internal_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'inter
$admin_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http')
$admin_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [hiera('keystone_endpoint', ''), $service_endpoint, $management_vip])
$internal_api_protocol = 'http'
$api_bind_host = get_network_role_property('murano/api', 'ipaddr')
$external_lb = hiera('external_lb', false)
#################################################################
if $murano_hash['enabled'] {
@ -48,7 +49,6 @@ if $murano_hash['enabled'] {
$murano_user = pick($murano_hash['user'], 'murano')
$tenant = pick($murano_hash['tenant'], 'services')
$internal_url = "${internal_api_protocol}://${api_bind_host}:${api_bind_port}"
$db_user = pick($murano_hash['db_user'], 'murano')
$db_name = pick($murano_hash['db_name'], 'murano')
$db_password = pick($murano_hash['db_password'])
@ -141,20 +141,42 @@ if $murano_hash['enabled'] {
$haproxy_stats_url = "http://${management_ip}:10000/;csv"
if $external_lb {
Haproxy_backend_status<||> {
provider => 'http',
}
$murano_protocol = get_ssl_property($ssl_hash, {}, 'murano', 'internal', 'protocol', 'http')
$murano_address = get_ssl_property($ssl_hash, {}, 'murano', 'internal', 'hostname', [$service_endpoint, $management_vip])
$murano_url = "${murano_protocol}://${murano_address}:${api_bind_port}"
}
haproxy_backend_status { 'murano-api' :
name => 'murano-api',
url => $haproxy_stats_url,
url => $external_lb ? {
default => $haproxy_stats_url,
true => $murano_url,
},
}
if roles_include('primary-controller') {
$internal_auth_url = "${internal_auth_protocol}://${internal_auth_address}:5000"
$admin_identity_url = "${admin_auth_protocol}://${admin_auth_address}:35357"
haproxy_backend_status { 'keystone-public' :
name => 'keystone-1',
url => $haproxy_stats_url,
url => $external_lb ? {
default => $haproxy_stats_url,
true => $internal_auth_url,
},
}
haproxy_backend_status { 'keystone-admin' :
name => 'keystone-2',
url => $haproxy_stats_url,
url => $external_lb ? {
default => $haproxy_stats_url,
true => $admin_identity_url,
},
}
murano::application { 'io.murano' : }

18
deployment/puppet/osnailyfacter/modular/openstack-controller/openstack-controller.pp
View File

@ -67,6 +67,8 @@ $memcached_port = hiera('memcache_server_port', '11211')
$roles = node_roles($nodes_hash, hiera('uid'))
$openstack_controller_hash = hiera_hash('openstack_controller', {})
$external_lb = hiera('external_lb', false)
$floating_hash = {}
if $use_neutron {
@ -173,9 +175,23 @@ if $primary_controller {
$haproxy_stats_url = "http://${management_vip}:10000/;csv"
$nova_endpoint = hiera('nova_endpoint', $management_vip)
$nova_internal_protocol = get_ssl_property($ssl_hash, {}, 'nova', 'internal', 'protocol', 'http')
$nova_internal_endpoint = get_ssl_property($ssl_hash, {}, 'nova', 'internal', 'hostname', [$nova_endpoint])
$nova_url = "${nova_internal_protocol}://${nova_internal_endpoint}:8774"
if $external_lb {
Haproxy_backend_status<||> {
provider => 'http',
}
}
haproxy_backend_status { 'nova-api' :
name => 'nova-api-2',
url => $haproxy_stats_url,
url => $external_lb ? {
default => $haproxy_stats_url,
true => $nova_url,
},
}
Openstack::Ha::Haproxy_service <| |> -> Haproxy_backend_status <| |>

4
deployment/puppet/osnailyfacter/modular/openstack-haproxy/openstack-haproxy-ceilometer.pp
View File

@ -13,7 +13,9 @@ $public_ssl_path = get_ssl_property($ssl_hash, $public_ssl_hash, 'ceilom
$internal_ssl = get_ssl_property($ssl_hash, {}, 'ceilometer', 'internal', 'usage', false)
$internal_ssl_path = get_ssl_property($ssl_hash, {}, 'ceilometer', 'internal', 'path', [''])
if ($use_ceilometer) {
$external_lb = hiera('external_lb', false)
if ($use_ceilometer and !$external_lb) {
$server_names = hiera_array('ceilometer_names', keys($ceilometer_address_map))
$ipaddresses = hiera_array('ceilometer_ipaddresses', values($ceilometer_address_map))
$public_virtual_ip = hiera('public_vip')

4
deployment/puppet/osnailyfacter/modular/openstack-haproxy/openstack-haproxy-cinder.pp
View File

@ -14,7 +14,9 @@ $internal_ssl = get_ssl_property($ssl_hash, {}, 'cinder', 'internal', 'usa
$internal_ssl_path = get_ssl_property($ssl_hash, {}, 'cinder', 'internal', 'path', [''])
$cinder_address_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('cinder_nodes'), 'cinder/api')
if ($use_cinder) {
$external_lb = hiera('external_lb', false)
if ($use_cinder and !$external_lb) {
$server_names = hiera_array('cinder_names', keys($cinder_address_map))
$ipaddresses = hiera_array('cinder_ipaddresses', values($cinder_address_map))
$public_virtual_ip = hiera('public_vip')

4
deployment/puppet/osnailyfacter/modular/openstack-haproxy/openstack-haproxy-glance.pp
View File

@ -16,7 +16,9 @@ $internal_ssl_path = get_ssl_property($ssl_hash, {}, 'glance', 'internal', 'path
#todo(sv): change to 'glance' as soon as glance as node-role was ready
$glances_address_map = get_node_to_ipaddr_map_by_network_role(get_nodes_hash_by_roles($network_metadata, ['primary-controller', 'controller']), 'glance/api')
if ($use_glance) {
$external_lb = hiera('external_lb', false)
if ($use_glance and !$external_lb) {
$server_names = hiera_array('glance_names', keys($glances_address_map))
$ipaddresses = hiera_array('glance_ipaddresses', values($glances_address_map))
$public_virtual_ip = hiera('public_vip')

4
deployment/puppet/osnailyfacter/modular/openstack-haproxy/openstack-haproxy-heat.pp
View File

@ -15,7 +15,9 @@ $internal_ssl_path = get_ssl_property($ssl_hash, {}, 'heat', 'internal', 'path',
$network_metadata = hiera_hash('network_metadata')
$heat_address_map = get_node_to_ipaddr_map_by_network_role(get_nodes_hash_by_roles($network_metadata, hiera('heat_roles')), 'heat/api')
if ($use_heat) {
$external_lb = hiera('external_lb', false)
if ($use_heat and !$external_lb) {
$server_names = hiera_array('heat_names',keys($heat_address_map))
$ipaddresses = hiera_array('heat_ipaddresses', values($heat_address_map))
$public_virtual_ip = hiera('public_vip')

4
deployment/puppet/osnailyfacter/modular/openstack-haproxy/openstack-haproxy-horizon.pp
View File

@ -11,7 +11,9 @@ $public_ssl = get_ssl_property($ssl_hash, $public_ssl_hash, 'horizon',
$public_ssl_path = get_ssl_property($ssl_hash, $public_ssl_hash, 'horizon', 'public', 'path', [''])
$horizon_address_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('horizon_nodes'), 'horizon')
if ($use_horizon) {
$external_lb = hiera('external_lb', false)
if ($use_horizon and !$external_lb) {
$server_names = hiera_array('horizon_names', keys($horizon_address_map))
$ipaddresses = hiera_array('horizon_ipaddresses', values($horizon_address_map))
$public_virtual_ip = hiera('public_vip')

19
deployment/puppet/osnailyfacter/modular/openstack-haproxy/openstack-haproxy-ironic.pp
View File

@ -15,13 +15,16 @@ $ipaddresses = hiera_array('ironic_ipaddresses', values($ironic_address
$public_virtual_ip = hiera('public_vip')
$internal_virtual_ip = hiera('management_vip')
$baremetal_virtual_ip = $network_metadata['vips']['baremetal']['ipaddr']
$external_lb = hiera('external_lb', false)
class { '::openstack::ha::ironic':
internal_virtual_ip => $internal_virtual_ip,
ipaddresses => $ipaddresses,
public_virtual_ip => $public_virtual_ip,
server_names => $server_names,
public_ssl => $public_ssl,
public_ssl_path => $public_ssl_path,
baremetal_virtual_ip => $baremetal_virtual_ip,
if !$external_lb {
class { '::openstack::ha::ironic':
internal_virtual_ip => $internal_virtual_ip,
ipaddresses => $ipaddresses,
public_virtual_ip => $public_virtual_ip,
server_names => $server_names,
public_ssl => $public_ssl,
public_ssl_path => $public_ssl_path,
baremetal_virtual_ip => $baremetal_virtual_ip,
}
}

4
deployment/puppet/osnailyfacter/modular/openstack-haproxy/openstack-haproxy-keystone.pp
View File

@ -19,7 +19,9 @@ $admin_ssl_path = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'p
#todo(sv): change to 'keystone' as soon as keystone as node-role was ready
$keystones_address_map = get_node_to_ipaddr_map_by_network_role(get_nodes_hash_by_roles($network_metadata, ['primary-controller', 'controller']), 'keystone/api')
if ($use_keystone) {
$external_lb = hiera('external_lb', false)
if ($use_keystone and !$external_lb) {
$server_names = pick(hiera_array('keystone_names', undef),
keys($keystones_address_map))
$ipaddresses = pick(hiera_array('keystone_ipaddresses', undef),

3
deployment/puppet/osnailyfacter/modular/openstack-haproxy/openstack-haproxy-murano.pp
View File

@ -14,8 +14,9 @@ $internal_ssl_path = get_ssl_property($ssl_hash, {}, 'murano', 'internal', 'pat
$network_metadata = hiera_hash('network_metadata')
$murano_address_map = get_node_to_ipaddr_map_by_network_role(get_nodes_hash_by_roles($network_metadata, hiera('murano_roles')), 'murano/api')
$external_lb = hiera('external_lb', false)
if ($use_murano) {
if ($use_murano and !$external_lb) {
$server_names = hiera_array('murano_names',keys($murano_address_map))
$ipaddresses = hiera_array('murano_ipaddresses', values($murano_address_map))
$public_virtual_ip = hiera('public_vip')

4
deployment/puppet/osnailyfacter/modular/openstack-haproxy/openstack-haproxy-mysqld.pp
View File

@ -10,8 +10,10 @@ $public_ssl_hash = hiera('public_ssl')
$database_address_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('database_nodes'), 'mgmt/database')
$external_lb = hiera('external_lb', false)
# only do this if mysql is enabled and we are using one of the galera/percona classes
if $use_mysql and ($custom_mysql_setup_class in ['galera', 'percona', 'percona_packages']) {
if !$external_lb and $use_mysql and ($custom_mysql_setup_class in ['galera', 'percona', 'percona_packages']) {
$server_names = hiera_array('mysqld_names', keys($database_address_map))
$ipaddresses = hiera_array('mysqld_ipaddresses', values($database_address_map))
$public_virtual_ip = hiera('public_vip')

5
deployment/puppet/osnailyfacter/modular/openstack-haproxy/openstack-haproxy-neutron.pp
View File

@ -12,7 +12,10 @@ $internal_ssl = get_ssl_property($ssl_hash, {}, 'neutron', 'internal', 'u
$internal_ssl_path = get_ssl_property($ssl_hash, {}, 'neutron', 'internal', 'path', [''])
$neutron_address_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('neutron_nodes'), 'neutron/api')
if ($use_neutron) {
$external_lb = hiera('external_lb', false)
if ($use_neutron and !$external_lb) {
$server_names = hiera_array('neutron_names', keys($neutron_address_map))
$ipaddresses = hiera_array('neutron_ipaddresses', values($neutron_address_map))
$public_virtual_ip = hiera('public_vip')

4
deployment/puppet/osnailyfacter/modular/openstack-haproxy/openstack-haproxy-nova.pp
View File

@ -14,7 +14,9 @@ $internal_ssl_path = get_ssl_property($ssl_hash, {}, 'nova', 'internal', 'pat
$nova_api_address_map = get_node_to_ipaddr_map_by_network_role(hiera('nova_api_nodes'), 'nova/api')
if ($use_nova) {
$external_lb = hiera('external_lb', false)
if ($use_nova and !$external_lb) {
$server_names = hiera_array('nova_names', keys($nova_api_address_map))
$ipaddresses = hiera_array('nova_ipaddresses', values($nova_api_address_map))
$public_virtual_ip = hiera('public_vip')

61
deployment/puppet/osnailyfacter/modular/openstack-haproxy/openstack-haproxy-radosgw.pp
View File

@ -8,37 +8,40 @@ $ssl_hash = hiera_hash('use_ssl', {})
$public_ssl = get_ssl_property($ssl_hash, $public_ssl_hash, 'radosgw', 'public', 'usage', false)
$public_ssl_path = get_ssl_property($ssl_hash, $public_ssl_hash, 'radosgw', 'public', 'path', [''])
$ironic_hash = hiera_hash('ironic', {})
$external_lb = hiera('external_lb', false)
if !($storage_hash['images_ceph'] and $storage_hash['objects_ceph']) and !$storage_hash['images_vcenter'] {
$use_swift = true
} else {
$use_swift = false
}
if !($use_swift) and ($storage_hash['objects_ceph']) {
$use_radosgw = true
} else {
$use_radosgw = false
}
if $use_radosgw {
$rgw_address_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('ceph_rgw_nodes'), 'ceph/radosgw')
$server_names = hiera_array('radosgw_server_names', keys($rgw_address_map))
$ipaddresses = hiera_array('radosgw_ipaddresses', values($rgw_address_map))
$public_virtual_ip = hiera('public_vip')
$internal_virtual_ip = hiera('management_vip')
if $ironic_hash['enabled'] {
$baremetal_virtual_ip = $network_metadata['vips']['baremetal']['ipaddr']
if !$external_lb {
if !($storage_hash['images_ceph'] and $storage_hash['objects_ceph']) and !$storage_hash['images_vcenter'] {
$use_swift = true
} else {
$use_swift = false
}
if !($use_swift) and ($storage_hash['objects_ceph']) {
$use_radosgw = true
} else {
$use_radosgw = false
}
# configure radosgw ha proxy
class { '::openstack::ha::radosgw':
internal_virtual_ip => $internal_virtual_ip,
ipaddresses => $ipaddresses,
public_virtual_ip => $public_virtual_ip,
server_names => $server_names,
public_ssl => $public_ssl,
public_ssl_path => $public_ssl_path,
baremetal_virtual_ip => $baremetal_virtual_ip,
if $use_radosgw {
$rgw_address_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('ceph_rgw_nodes'), 'ceph/radosgw')
$server_names = hiera_array('radosgw_server_names', keys($rgw_address_map))
$ipaddresses = hiera_array('radosgw_ipaddresses', values($rgw_address_map))
$public_virtual_ip = hiera('public_vip')
$internal_virtual_ip = hiera('management_vip')
if $ironic_hash['enabled'] {
$baremetal_virtual_ip = $network_metadata['vips']['baremetal']['ipaddr']
}
# configure radosgw ha proxy
class { '::openstack::ha::radosgw':
internal_virtual_ip => $internal_virtual_ip,
ipaddresses => $ipaddresses,
public_virtual_ip => $public_virtual_ip,
server_names => $server_names,
public_ssl => $public_ssl,
public_ssl_path => $public_ssl_path,
baremetal_virtual_ip => $baremetal_virtual_ip,
}
}
}

3
deployment/puppet/osnailyfacter/modular/openstack-haproxy/openstack-haproxy-sahara.pp
View File

@ -14,8 +14,9 @@ $internal_ssl_path = get_ssl_property($ssl_hash, {}, 'sahara', 'internal', 'pat
$network_metadata = hiera_hash('network_metadata')
$sahara_address_map = get_node_to_ipaddr_map_by_network_role(get_nodes_hash_by_roles($network_metadata, hiera('sahara_roles')), 'sahara/api')
$external_lb = hiera('external_lb', false)
if ($use_sahara) {
if ($use_sahara and !$external_lb) {
$server_names = hiera_array('sahara_names',keys($sahara_address_map))
$ipaddresses = hiera_array('sahara_ipaddresses', values($sahara_address_map))
$public_virtual_ip = hiera('public_vip')

7
deployment/puppet/osnailyfacter/modular/openstack-haproxy/openstack-haproxy-stats.pp
View File

@ -1,7 +1,10 @@
notice('MODULAR: openstack-haproxy-stats.pp')
$external_lb = hiera('external_lb', false)
$internal_virtual_ip = unique([hiera('management_vip'), hiera('database_vip'), hiera('service_endpoint')])
class { '::openstack::ha::stats':
internal_virtual_ip => $internal_virtual_ip,
if !$external_lb {
class { '::openstack::ha::stats':
internal_virtual_ip => $internal_virtual_ip,
}
}

4
deployment/puppet/osnailyfacter/modular/openstack-haproxy/openstack-haproxy-swift.pp
View File

@ -14,6 +14,8 @@ $internal_ssl_path = get_ssl_property($ssl_hash, {}, 'swift', 'internal', 'path'
$ironic_hash = hiera_hash('ironic', {})
$external_lb = hiera('external_lb', false)
if !($storage_hash['images_ceph'] and $storage_hash['objects_ceph']) and !$storage_hash['images_vcenter'] {
$use_swift = true
} else {
@ -22,7 +24,7 @@ if !($storage_hash['images_ceph'] and $storage_hash['objects_ceph']) and !$stora
$swift_proxies_address_map = get_node_to_ipaddr_map_by_network_role($swift_proxies, 'swift/api')
if ($use_swift) {
if ($use_swift and !$external_lb) {
$server_names = hiera_array('swift_server_names', keys($swift_proxies_address_map))
$ipaddresses = hiera_array('swift_ipaddresses', values($swift_proxies_address_map))

35
deployment/puppet/osnailyfacter/modular/sahara/sahara.pp
View File

@ -23,6 +23,8 @@ $use_stderr = hiera('use_stderr', false)
$rabbit_ha_queues = hiera('rabbit_ha_queues')
$amqp_port = hiera('amqp_port')
$amqp_hosts = hiera('amqp_hosts')
$external_lb = hiera('external_lb', false)
$ssl_hash = hiera_hash('use_ssl', {})
#################################################################
@ -121,20 +123,47 @@ if $sahara_hash['enabled'] {
$haproxy_stats_url = "http://${management_vip}:10000/;csv"
if $external_lb {
Haproxy_backend_status<||> {
provider => 'http',
}
$sahara_protocol = get_ssl_property($ssl_hash, {}, 'sahara', 'internal', 'protocol', 'http')
$sahara_address = get_ssl_property($ssl_hash, {}, 'sahara', 'internal', 'hostname', [$service_endpoint, $management_vip])
$sahara_url = "${sahara_protocol}://${sahara_address}:${api_bind_port}"
}
haproxy_backend_status { 'sahara' :
name => 'sahara',
url => $haproxy_stats_url,
url => $external_lb ? {
default => $haproxy_stats_url,
true => $sahara_url,
},
}
if $primary_controller {
$internal_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http')
$internal_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$service_endpoint, $management_vip])
$internal_auth_url = "${internal_auth_protocol}://${internal_auth_address}:5000"
$admin_identity_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http')
$admin_identity_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$service_endpoint, $management_vip])
$admin_identity_url = "${admin_identity_protocol}://${admin_identity_address}:35357"
haproxy_backend_status { 'keystone-public' :
name => 'keystone-1',
url => $haproxy_stats_url,
url => $external_lb ? {
default => $haproxy_stats_url,
true => $internal_auth_url,
},
}
haproxy_backend_status { 'keystone-admin' :
name => 'keystone-2',
url => $haproxy_stats_url,
url => $external_lb ? {
default => $haproxy_stats_url,
true => $admin_identity_url,
},
}
class { 'sahara_templates::create_templates' :

129
deployment/puppet/osnailyfacter/modular/virtual_ips/conntrackd.pp
View File

@ -1,5 +1,6 @@
notice('MODULAR: conntrackd.pp')
$network_metadata = hiera_hash('network_metadata', {})
prepare_network_config(hiera('network_scheme', {}))
$vrouter_name = hiera('vrouter_name', 'pub')
@ -8,72 +9,74 @@ case $operatingsystem {
Ubuntu: { $conntrackd_package = 'conntrackd' }
}
# If VIP has namespace set to 'false' or 'undef' then we do not configure
# it under corosync cluster. So we should not configure colocation with it.
if $network_metadata['vips']["vrouter_${vrouter_name}"]['namespace'] {
### CONNTRACKD for CentOS 6 doesn't work under namespaces ##
if $operatingsystem == 'Ubuntu' {
$bind_address = get_network_role_property('mgmt/vip', 'ipaddr')
$mgmt_bridge = get_network_role_property('mgmt/vip', 'interface')
### CONNTRACKD for CentOS 6 doesn't work under namespaces ##
package { $conntrackd_package:
ensure => installed,
} ->
if $operatingsystem == 'Ubuntu' {
$bind_address = get_network_role_property('mgmt/vip', 'ipaddr')
$mgmt_bridge = get_network_role_property('mgmt/vip', 'interface')
file { '/etc/conntrackd/conntrackd.conf':
content => template('cluster/conntrackd.conf.erb'),
} ->
package { $conntrackd_package:
ensure => installed,
} ->
file { '/etc/conntrackd/conntrackd.conf':
content => template('cluster/conntrackd.conf.erb'),
} ->
cs_resource {'p_conntrackd':
ensure => present,
primitive_class => 'ocf',
provided_by => 'fuel',
primitive_type => 'ns_conntrackd',
metadata => {
'migration-threshold' => 'INFINITY',
'failure-timeout' => '180s'
},
parameters => {
'bridge' => $mgmt_bridge,
},
complex_type => 'master',
ms_metadata => {
'notify' => 'true',
'ordered' => 'false',
'interleave' => 'true',
'clone-node-max' => '1',
'master-max' => '1',
'master-node-max' => '1',
'target-role' => 'Master'
},
operations => {
'monitor' => {
'interval' => '30',
'timeout' => '60'
},
'monitor:Master' => {
'role' => 'Master',
'interval' => '27',
'timeout' => '60'
cs_resource {'p_conntrackd':
ensure => present,
primitive_class => 'ocf',
provided_by => 'fuel',
primitive_type => 'ns_conntrackd',
metadata => {
'migration-threshold' => 'INFINITY',
'failure-timeout' => '180s'
},
},
parameters => {
'bridge' => $mgmt_bridge,
},
complex_type => 'master',
ms_metadata => {
'notify' => 'true',
'ordered' => 'false',
'interleave' => 'true',
'clone-node-max' => '1',
'master-max' => '1',
'master-node-max' => '1',
'target-role' => 'Master'
},
operations => {
'monitor' => {
'interval' => '30',
'timeout' => '60'
},
'monitor:Master' => {
'role' => 'Master',
'interval' => '27',
'timeout' => '60'
},
},
}
cs_colocation { "conntrackd-with-${vrouter_name}-vip":
primitives => [ 'master_p_conntrackd:Master', "vip__vrouter_${vrouter_name}" ],
}
File['/etc/conntrackd/conntrackd.conf'] -> Cs_resource['p_conntrackd'] -> Service['p_conntrackd'] -> Cs_colocation["conntrackd-with-${vrouter_name}-vip"]
service { 'p_conntrackd':
ensure => 'running',
enable => true,
provider => 'pacemaker',
}
# Workaround to ensure log is rotated properly
file { '/etc/logrotate.d/conntrackd':
content => template('openstack/95-conntrackd.conf.erb'),
}
Package[$conntrackd_package] -> File['/etc/logrotate.d/conntrackd']
}
cs_colocation { "conntrackd-with-${vrouter_name}-vip":
primitives => [ 'master_p_conntrackd:Master', "vip__vrouter_${vrouter_name}" ],
}
File['/etc/conntrackd/conntrackd.conf'] -> Cs_resource['p_conntrackd'] -> Service['p_conntrackd'] -> Cs_colocation["conntrackd-with-${vrouter_name}-vip"]
service { 'p_conntrackd':
ensure => 'running',
enable => true,
provider => 'pacemaker',
}
# Workaround to ensure log is rotated properly
file { '/etc/logrotate.d/conntrackd':
content => template('openstack/95-conntrackd.conf.erb'),
}
Package[$conntrackd_package] -> File['/etc/logrotate.d/conntrackd']
}

6
deployment/puppet/osnailyfacter/templates/globals_yaml.erb
View File

@ -112,5 +112,11 @@
<% globals.store "is_primary_swift_proxy", @is_primary_swift_proxy -%>
<% globals.store "nova_api_nodes", @nova_api_nodes -%>
<% globals.store "ironic_api_nodes", @ironic_api_nodes -%>
<% # If we have no VIPs with 'haproxy' namespace, then we're using external LB
if @vips.select{|key, hash| hash['namespace'] == 'haproxy' }.length == 0
globals.store "external_lb", true
else
globals.store "external_lb", false
end -%>
<%= YAML.dump globals %>

61
tests/noop/spec/hosts/ceph/radosgw_spec.rb
View File

@ -6,6 +6,39 @@ describe manifest do
shared_examples 'catalog' do
storage_hash = Noop.hiera 'storage'
ceph_monitor_nodes = Noop.hiera 'ceph_monitor_nodes'
public_ssl_hash = Noop.hiera('public_ssl')
let(:ssl_hash) { Noop.hiera_hash 'use_ssl', {} }
let(:internal_auth_protocol) {
Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone',
'internal','protocol','http'
}
let(:internal_auth_address) {
Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone',
'internal','hostname',
[Noop.hiera('service_endpoint', Noop.hiera('management_vip'))]
}
let(:admin_auth_protocol) {
Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone',
'admin','protocol','http'
}
let(:admin_auth_address) {
Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','admin',
'hostname',
[Noop.hiera('service_endpoint', Noop.hiera('management_vip'))]
}
let(:internal_url) {
"#{internal_auth_protocol}://#{internal_auth_address}:5000"
}
let(:admin_url) {
"#{admin_auth_protocol}://#{admin_auth_address}:35357"
}
if (storage_hash['images_ceph'] or storage_hash['objects_ceph'])
rgw_large_pool_name = '.rgw'
@ -42,6 +75,34 @@ describe manifest do
)
}
it {
if Noop.hiera('external_lb', false)
url = internal_url
provider = 'http'
else
url = 'http://' + Noop.hiera('service_endpoint').to_s + ':10000/;csv'
provider = nil
end
should contain_haproxy_backend_status('keystone-public').with(
:url => url,
:provider => provider
)
}
it {
if Noop.hiera('external_lb', false)
url = admin_url
provider = 'http'
else
url = 'http://' + Noop.hiera('service_endpoint').to_s + ':10000/;csv'
provider = nil
end
should contain_haproxy_backend_status('keystone-admin').with(
:url => url,
:provider => provider
)
}
end
end

18
tests/noop/spec/hosts/cluster-haproxy/cluster-haproxy_spec.rb
View File

@ -8,16 +8,18 @@ describe manifest do
Noop.hiera('network_scheme', {}).fetch('endpoints', {})
end
it "should delcare cluster::haproxy with correct other_networks" do
expect(subject).to contain_class('cluster::haproxy').with(
'other_networks' => Noop.puppet_function('direct_networks', endpoints),
)
end
unless Noop.hiera('external_lb', false)
it "should setup rsyslog configuration for haproxy" do
expect(subject).to contain_file('/etc/rsyslog.d/haproxy.conf')
end
it "should delcare cluster::haproxy with correct other_networks" do
expect(subject).to contain_class('cluster::haproxy').with(
'other_networks' => Noop.puppet_function('direct_networks', endpoints),
)
end
it "should setup rsyslog configuration for haproxy" do
expect(subject).to contain_file('/etc/rsyslog.d/haproxy.conf')
end
end
end
test_ubuntu_and_centos manifest
end

15
tests/noop/spec/hosts/database/database_spec.rb
View File

@ -53,6 +53,21 @@ describe manifest do
it { should contain_class('openstack::galera::status').that_comes_before('Haproxy_backend_status[mysql]') }
it { should contain_haproxy_backend_status('mysql').that_comes_before('Class[osnailyfacter::mysql_access]') }
if Noop.hiera('external_lb', false)
database_vip = Noop.hiera('database_vip', Noop.hiera('management_vip'))
url = "http://#{database_vip}:49000"
provider = 'http'
else
url = 'http://' + Noop.hiera('service_endpoint').to_s + ':10000/;csv'
provider = nil
end
it {
should contain_haproxy_backend_status('mysql').with(
:url => url,
:provider => provider
)
}
end
test_ubuntu_and_centos manifest
end

15
tests/noop/spec/hosts/heat/heat_spec.rb
View File

@ -96,6 +96,21 @@ describe manifest do
)
end
if Noop.hiera('external_lb', false)
url = "#{admin_auth_protocol}://#{admin_auth_address}:35357/"
provider = 'http'
else
url = 'http://' + Noop.hiera('service_endpoint').to_s + ':10000/;csv'
provider = nil
end
it {
should contain_haproxy_backend_status('keystone-admin').with(
:url => url,
:provider => provider
)
}
end # end of shared_examples
test_ubuntu_and_centos manifest

43
tests/noop/spec/hosts/keystone/keystone_spec.rb
View File

@ -230,22 +230,37 @@ describe manifest do
end
end
it {
should contain_service('httpd').with(
'hasrestart' => true,
'restart' => 'sleep 30 && apachectl graceful || apachectl restart'
)
}
it {
should contain_service('httpd').with(
'hasrestart' => true,
'restart' => 'sleep 30 && apachectl graceful || apachectl restart'
)
}
# LP#1508489: Breaks internal-only API
it 'should have undefined DEFAULT/public_endpoint' do
should contain_keystone_config('DEFAULT/public_endpoint').with(:value => nil)
end
# LP#1508489: Breaks internal-only API
it 'should have undefined DEFAULT/public_endpoint' do
should contain_keystone_config('DEFAULT/public_endpoint').with(:value => nil)
end
# FIXME(mattymo): Remove this after LP#1528258 is fixed.
it 'should have configured DEFAULT/secure_proxy_ssl_header' do
should contain_keystone_config('DEFAULT/secure_proxy_ssl_header').with(:value => 'HTTP_X_FORWARDED_PROTO')
end
it {
if Noop.hiera('external_lb', false)
url = internal_url
provider = 'http'
else
url = 'http://' + Noop.hiera('service_endpoint').to_s + ':10000/;csv'
provider = nil
end
should contain_haproxy_backend_status('keystone-public').with(
:url => url,
:provider => provider
)
}
# FIXME(mattymo): Remove this after LP#1528258 is fixed.
it 'should have configured DEFAULT/secure_proxy_ssl_header' do
should contain_keystone_config('DEFAULT/secure_proxy_ssl_header').with(:value => 'HTTP_X_FORWARDED_PROTO')
end
end # end of shared_examples
test_ubuntu_and_centos manifest

31
tests/noop/spec/hosts/keystone/workloads_collector_add_spec.rb
View File

@ -3,5 +3,36 @@ require 'shared-examples'
manifest = 'keystone/workloads_collector_add.pp'
describe manifest do
shared_examples 'catalog' do
management_vip= Noop.hiera('management_vip')
let(:ssl_hash) { Noop.hiera_hash 'use_ssl', {} }
let(:admin_auth_protocol) {
Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','admin',
'protocol','http'
}
let(:admin_auth_address) {
Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','admin',
'hostname',[Noop.hiera('service_endpoint', ''), management_vip]
}
let(:admin_url) { "#{admin_auth_protocol}://#{admin_auth_address}:35357" }
it {
if Noop.hiera('external_lb', false)
url = admin_url
provider = 'http'
else
url = 'http://' + Noop.hiera('service_endpoint').to_s + ':10000/;csv'
provider = nil
end
should contain_haproxy_backend_status('keystone-admin').with(
:url => url,
:provider => provider
)
}
end
test_ubuntu_and_centos manifest
end

31
tests/noop/spec/hosts/keystone/workloads_collector_remove_spec.rb
View File

@ -3,5 +3,36 @@ require 'shared-examples'
manifest = 'keystone/workloads_collector_remove.pp'
describe manifest do
shared_examples 'catalog' do
management_vip= Noop.hiera('management_vip')
let(:ssl_hash) { Noop.hiera_hash 'use_ssl', {} }
let(:admin_auth_protocol) {
Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','admin',
'protocol','http'
}
let(:admin_auth_address) {
Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','admin',
'hostname',[Noop.hiera('service_endpoint', ''), management_vip]
}
let(:admin_url) { "#{admin_auth_protocol}://#{admin_auth_address}:35357" }
it {
if Noop.hiera('external_lb', false)
url = admin_url
provider = 'http'
else
url = 'http://' + Noop.hiera('service_endpoint').to_s + ':10000/;csv'
provider = nil
end
should contain_haproxy_backend_status('keystone-admin').with(
:url => url,
:provider => provider
)
}
end
test_ubuntu_and_centos manifest
end

29
tests/noop/spec/hosts/murano/cfapi_spec.rb
View File

@ -32,6 +32,23 @@ describe manifest do
let(:bind_port) { '8083' }
let(:ssl_hash) { Noop.hiera_hash 'use_ssl', {} }
let (:murano_cfapi_protocol){
Noop.puppet_function 'get_ssl_property', ssl_hash, {}, 'murano',
'internal', 'protocol', 'http'
}
let (:murano_cfapi_address){
Noop.puppet_function 'get_ssl_property', ssl_hash, {}, 'murano',
'internal', 'hostname',
[Noop.hiera('service_endpoint', ''), Noop.hiera('management_vip')]
}
let (:murano_cfapi_url){
"#{murano_cfapi_protocol}://#{murano_cfapi_address}:#{bind_port}"
}
if Noop.hiera_structure('use_ssl', false)
public_auth_protocol = 'https'
public_auth_address = Noop.hiera_structure('use_ssl/keystone_public_hostname')
@ -58,7 +75,17 @@ describe manifest do
end
it {
should contain_haproxy_backend_status('murano-cfapi')
if Noop.hiera('external_lb', false)
url = murano_cfapi_url
provider = 'http'
else
url = 'http://' + Noop.hiera('service_endpoint').to_s + ':10000/;csv'
provider = nil
end
should contain_haproxy_backend_status('murano-cfapi').with(
:url => url,
:provider => provider
)
}
end

63
tests/noop/spec/hosts/murano/murano_spec.rb
View File

@ -58,21 +58,45 @@ describe manifest do
let(:repository_url) { Noop.hiera_structure('murano_settings/murano_repo_url', default_repository_url) }
let(:api_bind_port) { '8082' }
let(:internal_url) { "http://#{bind_address}:#{api_bind_port}" }
let(:sql_connection) do
read_timeout = '60'
"mysql://#{db_user}:#{db_password}@#{db_host}/#{db_name}?read_timeout=#{read_timeout}"
end
admin_auth_protocol = 'http'
admin_auth_address = Noop.hiera('service_endpoint')
let(:ssl_hash) { Noop.hiera_hash 'use_ssl', {} }
let(:admin_auth_protocol) {
Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','admin',
'protocol','http'
}
let(:admin_auth_address) {
Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','admin',
'hostname',[Noop.hiera('service_endpoint', ''), Noop.hiera('management_vip')]
}
let(:admin_url) { "#{admin_auth_protocol}://#{admin_auth_address}:35357" }
let (:murano_protocol){
Noop.puppet_function 'get_ssl_property', ssl_hash, {}, 'murano',
'internal', 'protocol', 'http'
}
let (:murano_address){
Noop.puppet_function 'get_ssl_property', ssl_hash, {}, 'murano',
'internal', 'hostname',
[Noop.hiera('service_endpoint', ''), Noop.hiera('management_vip')]
}
let (:murano_url){
"#{murano_protocol}://#{murano_address}:#{api_bind_port}"
}
primary_controller = Noop.hiera 'primary_controller'
if Noop.hiera_structure('use_ssl', false)
public_auth_protocol = 'https'
public_auth_address = Noop.hiera_structure('use_ssl/keystone_public_hostname')
admin_auth_protocol = 'https'
admin_auth_address = Noop.hiera_structure('use_ssl/keystone_admin_hostname')
elsif Noop.hiera_structure('public_ssl/services', false)
public_auth_protocol = 'https'
public_auth_address = Noop.hiera_structure('public_ssl/hostname')
@ -177,9 +201,36 @@ describe manifest do
it {
should contain_haproxy_backend_status('murano-api').that_comes_before('Murano::Application[io.murano]')
}
# Test for non-haproxy backend
it {
if Noop.hiera('external_lb', false)
url = admin_url
provider = 'http'
else
url = 'http://' + Noop.hiera('service_endpoint').to_s + ':10000/;csv'
provider = nil
end
should contain_haproxy_backend_status('keystone-admin').with(
:url => url,
:provider => provider
)
}
end
end
it {
if Noop.hiera('external_lb', false)
url = murano_url
provider = 'http'
else
url = 'http://' + Noop.hiera('service_endpoint').to_s + ':10000/;csv'
provider = nil
end
should contain_haproxy_backend_status('murano-api').with(
:url => url,
:provider => provider
)
}
end
end
test_ubuntu_and_centos manifest

24
tests/noop/spec/hosts/openstack-controller/openstack-controller_spec.rb
View File

@ -67,6 +67,13 @@ describe manifest do
default_log_levels = Noop.puppet_function 'join_keys_to_values',default_log_levels_hash,'='
storage_hash = Noop.hiera_structure 'storage'
nova_internal_protocol = Noop.puppet_function 'get_ssl_property',
Noop.hiera_hash('use_ssl', {}), {}, 'nova', 'internal', 'protocol',
'http'
nova_endpoint = Noop.hiera('nova_endpoint', Noop.hiera('management_vip'))
nova_internal_endpoint = Noop.puppet_function 'get_ssl_property',
Noop.hiera_hash('use_ssl', {}), {}, 'nova', 'internal', 'hostname',
[nova_endpoint]
# TODO All this stuff should be moved to shared examples controller* tests.
@ -190,6 +197,23 @@ describe manifest do
should contain_package('open-iscsi').with('ensure' => 'present')
end
end
if primary_controller
if Noop.hiera('external_lb', false)
url = "#{nova_internal_protocol}://#{nova_internal_endpoint}:8774"
provider = 'http'
else
url = 'http://' + Noop.hiera('service_endpoint').to_s + ':10000/;csv'
provider = nil
end
it {
should contain_haproxy_backend_status('nova-api').with(
:url => url,
:provider => provider
)
}
end
end # end of shared_examples
test_ubuntu_and_centos manifest

2
tests/noop/spec/hosts/openstack-haproxy/openstack-haproxy-ceilometer_spec.rb
View File

@ -6,7 +6,7 @@ describe manifest do
shared_examples 'catalog' do
use_ceilometer = Noop.hiera_structure('ceilometer/enabled', false)
if use_ceilometer
if use_ceilometer and !Noop.hiera('external_lb', false)
it "should properly configure ceilometer haproxy based on ssl" do
public_ssl_ceilometer = Noop.hiera_structure('public_ssl/services', false)
should contain_openstack__ha__haproxy_service('ceilometer').with(

2
tests/noop/spec/hosts/openstack-haproxy/openstack-haproxy-cinder_spec.rb
View File

@ -6,7 +6,7 @@ describe manifest do
use_cinder = Noop.hiera_structure('cinder/enabled', true)
shared_examples 'catalog' do
if use_cinder
if use_cinder and !Noop.hiera('external_lb', false)
it "should properly configure cinder haproxy based on ssl" do
public_ssl_cinder = Noop.hiera_structure('public_ssl/services', false)
should contain_openstack__ha__haproxy_service('cinder-api').with(

56
tests/noop/spec/hosts/openstack-haproxy/openstack-haproxy-glance_spec.rb
View File

@ -26,35 +26,37 @@ describe manifest do
internal_virtual_ip = Noop.hiera('management_vip')
public_ssl = Noop.hiera_structure('public_ssl/services')
it 'should configure glance haproxy' do
should contain_openstack__ha__haproxy_service('glance-api').with(
'order' => '080',
'listen_port' => 9292,
'require_service' => 'glance-api',
unless Noop.hiera('external_lb', false)
it 'should configure glance haproxy' do
should contain_openstack__ha__haproxy_service('glance-api').with(
'order' => '080',
'listen_port' => 9292,
'require_service' => 'glance-api',
# common parameters
'internal_virtual_ip' => internal_virtual_ip,
'ipaddresses' => ipaddresses,
'public_virtual_ip' => public_virtual_ip,
'server_names' => server_names,
'public' => 'true',
'public_ssl' => public_ssl,
'require_service' => 'glance-api',
'haproxy_config_options' => {
'option' => ['httpchk /versions', 'httplog', 'httpclose'],
'http-request' => 'set-header X-Forwarded-Proto https if { ssl_fc }',
'timeout server' => '11m',
},
'balancermember_options' => 'check inter 10s fastinter 2s downinter 3s rise 3 fall 3'
)
# common parameters
'internal_virtual_ip' => internal_virtual_ip,
'ipaddresses' => ipaddresses,
'public_virtual_ip' => public_virtual_ip,
'server_names' => server_names,
'public' => 'true',
'public_ssl' => public_ssl,
'require_service' => 'glance-api',
'haproxy_config_options' => {
'option' => ['httpchk /versions', 'httplog', 'httpclose'],
'http-request' => 'set-header X-Forwarded-Proto https if { ssl_fc }',
'timeout server' => '11m',
},
'balancermember_options' => 'check inter 10s fastinter 2s downinter 3s rise 3 fall 3'
)
should contain_openstack__ha__haproxy_service('glance-registry').with(
'order' => '090',
'listen_port' => 9191,
'haproxy_config_options' => {
'timeout server' => '11m',
},
)
should contain_openstack__ha__haproxy_service('glance-registry').with(
'order' => '090',
'listen_port' => 9191,
'haproxy_config_options' => {
'timeout server' => '11m',
},
)
end
end
end
test_ubuntu_and_centos manifest

62
tests/noop/spec/hosts/openstack-haproxy/openstack-haproxy-heat_spec.rb
View File

@ -26,39 +26,41 @@ describe manifest do
public_virtual_ip = Noop.hiera('public_vip')
internal_virtual_ip = Noop.hiera('management_vip')
public_ssl = Noop.hiera_structure('public_ssl/services')
it 'should configure heat haproxy' do
should contain_openstack__ha__haproxy_service('heat-api').with(
'order' => '160',
'listen_port' => 8004,
'require_service' => 'heat-api',
unless Noop.hiera('external_lb', false)
it 'should configure heat haproxy' do
should contain_openstack__ha__haproxy_service('heat-api').with(
'order' => '160',
'listen_port' => 8004,
'require_service' => 'heat-api',
# common parameters
'internal_virtual_ip' => internal_virtual_ip,
'ipaddresses' => ipaddresses,
'public_virtual_ip' => public_virtual_ip,
'server_names' => server_names,
'public' => 'true',
'public_ssl' => public_ssl,
'require_service' => 'heat-api',
'haproxy_config_options' => {
'option' => ['httpchk', 'httplog', 'httpclose'],
'timeout server' => '660s',
'http-request' => 'set-header X-Forwarded-Proto https if { ssl_fc }',
},
'balancermember_options' => 'check inter 10s fastinter 2s downinter 3s rise 3 fall 3'
)
# common parameters
'internal_virtual_ip' => internal_virtual_ip,
'ipaddresses' => ipaddresses,
'public_virtual_ip' => public_virtual_ip,
'server_names' => server_names,
'public' => 'true',
'public_ssl' => public_ssl,
'require_service' => 'heat-api',
'haproxy_config_options' => {
'option' => ['httpchk', 'httplog', 'httpclose'],
'timeout server' => '660s',
'http-request' => 'set-header X-Forwarded-Proto https if { ssl_fc }',
},
'balancermember_options' => 'check inter 10s fastinter 2s downinter 3s rise 3 fall 3'
)
should contain_openstack__ha__haproxy_service('heat-api-cfn').with(
'order' => '161',
'listen_port' => 8000,
'require_service' => 'heat-api'
)
should contain_openstack__ha__haproxy_service('heat-api-cfn').with(
'order' => '161',
'listen_port' => 8000,
'require_service' => 'heat-api'
)
should contain_openstack__ha__haproxy_service('heat-api-cloudwatch').with(
'order' => '162',
'listen_port' => 8003,
'require_service' => 'heat-api'
)
should contain_openstack__ha__haproxy_service('heat-api-cloudwatch').with(
'order' => '162',
'listen_port' => 8003,
'require_service' => 'heat-api'
)
end
end
end
test_ubuntu_and_centos manifest

94
tests/noop/spec/hosts/openstack-haproxy/openstack-haproxy-horizon_spec.rb
View File

@ -4,55 +4,55 @@ manifest = 'openstack-haproxy/openstack-haproxy-horizon.pp'
describe manifest do
shared_examples 'catalog' do
it "should properly configure horizon haproxy based on ssl" do
public_ssl_horizon = Noop.hiera_structure('public_ssl/horizon', false)
if public_ssl_horizon
# http horizon should redirect to ssl horizon
should contain_openstack__ha__haproxy_service('horizon').with(
'server_names' => nil,
'ipaddresses' => nil,
'haproxy_config_options' => {
'redirect' => 'scheme https if !{ ssl_fc }'
}
)
should_not contain_haproxy__balancermember('horizon')
should contain_openstack__ha__haproxy_service('horizon-ssl').with(
'order' => '017',
'listen_port' => 443,
'balancermember_port' => 80,
'public_ssl' => public_ssl_horizon,
'haproxy_config_options' => {
'option' => ['forwardfor', 'httpchk', 'httpclose', 'httplog'],
'stick-table' => 'type ip size 200k expire 30m',
'stick' => 'on src',
'balance' => 'source',
'timeout' => ['client 3h', 'server 3h'],
'mode' => 'http',
'reqadd' => 'X-Forwarded-Proto:\ https',
},
'balancermember_options' => 'weight 1 check'
)
should contain_haproxy__balancermember('horizon-ssl')
else
# http horizon only
should contain_openstack__ha__haproxy_service('horizon').with(
'haproxy_config_options' => {
'option' => ['forwardfor', 'httpchk', 'httpclose', 'httplog'],
'stick-table' => 'type ip size 200k expire 30m',
'stick' => 'on src',
'balance' => 'source',
'timeout' => ['client 3h', 'server 3h'],
'mode' => 'http',
'reqadd' => 'X-Forwarded-Proto:\ https',
}
)
should contain_haproxy__balancermember('horizon')
should_not contain_openstack__ha__haproxy_service('horizon-ssl')
should_not contain_haproxy__balancermember('horizon-ssl')
unless Noop.hiera('external_lb', false)
it "should properly configure horizon haproxy based on ssl" do
public_ssl_horizon = Noop.hiera_structure('public_ssl/horizon', false)
if public_ssl_horizon
# http horizon should redirect to ssl horizon
should contain_openstack__ha__haproxy_service('horizon').with(
'server_names' => nil,
'ipaddresses' => nil,
'haproxy_config_options' => {
'redirect' => 'scheme https if !{ ssl_fc }'
}
)
should_not contain_haproxy__balancermember('horizon')
should contain_openstack__ha__haproxy_service('horizon-ssl').with(
'order' => '017',
'listen_port' => 443,
'balancermember_port' => 80,
'public_ssl' => public_ssl_horizon,
'haproxy_config_options' => {
'option' => ['forwardfor', 'httpchk', 'httpclose', 'httplog'],
'stick-table' => 'type ip size 200k expire 30m',
'stick' => 'on src',
'balance' => 'source',
'timeout' => ['client 3h', 'server 3h'],
'mode' => 'http',
'reqadd' => 'X-Forwarded-Proto:\ https',
},
'balancermember_options' => 'weight 1 check'
)
should contain_haproxy__balancermember('horizon-ssl')
else
# http horizon only
should contain_openstack__ha__haproxy_service('horizon').with(
'haproxy_config_options' => {
'option' => ['forwardfor', 'httpchk', 'httpclose', 'httplog'],
'stick-table' => 'type ip size 200k expire 30m',
'stick' => 'on src',
'balance' => 'source',
'timeout' => ['client 3h', 'server 3h'],
'mode' => 'http',
'reqadd' => 'X-Forwarded-Proto:\ https',
}
)
should contain_haproxy__balancermember('horizon')
should_not contain_openstack__ha__haproxy_service('horizon-ssl')
should_not contain_haproxy__balancermember('horizon-ssl')
end
end
end
end
test_ubuntu_and_centos manifest

2
tests/noop/spec/hosts/openstack-haproxy/openstack-haproxy-ironic_spec.rb
View File

@ -10,7 +10,7 @@ if ironic_enabled
baremetal_virtual_ip = Noop.hiera_structure 'network_metadata/vips/baremetal/ipaddr'
public_ssl_ironic = Noop.hiera_structure('public_ssl/services', false)
if use_ironic
if use_ironic and !Noop.hiera('external_lb', false)
it "should properly configure ironic haproxy based on ssl" do
should contain_openstack__ha__haproxy_service('ironic').with(
'order' => '180',

2
tests/noop/spec/hosts/openstack-haproxy/openstack-haproxy-keystone_spec.rb
View File

@ -6,7 +6,7 @@ describe manifest do
shared_examples 'catalog' do
use_keystone = Noop.hiera_structure('keystone/enabled', true)
if use_keystone
if use_keystone and !Noop.hiera('external_lb', false)
it "should properly configure keystone haproxy based on ssl" do
public_ssl_keystone = Noop.hiera_structure('public_ssl/services', false)
should contain_openstack__ha__haproxy_service('keystone-1').with(

2
tests/noop/spec/hosts/openstack-haproxy/openstack-haproxy-murano_spec.rb
View File

@ -7,7 +7,7 @@ describe manifest do
use_murano = Noop.hiera_structure('murano/enabled', false)
use_cfapi_murano = Noop.hiera_structure('murano-cfapi/enabled', false)
if use_murano
if use_murano and !Noop.hiera('external_lb', false)
it "should properly configure murano haproxy based on ssl" do
public_ssl_murano = Noop.hiera_structure('public_ssl/services', false)
should contain_openstack__ha__haproxy_service('murano-api').with(

2
tests/noop/spec/hosts/openstack-haproxy/openstack-haproxy-neutron_spec.rb
View File

@ -6,7 +6,7 @@ describe manifest do
shared_examples 'catalog' do
use_neutron = Noop.hiera('use_neutron', false)
if use_neutron
if use_neutron and !Noop.hiera('external_lb', false)
it "should properly configure neutron haproxy based on ssl" do
public_ssl_neutron = Noop.hiera_structure('public_ssl/services', false)
should contain_openstack__ha__haproxy_service('neutron').with(

2
tests/noop/spec/hosts/openstack-haproxy/openstack-haproxy-nova_spec.rb
View File

@ -6,7 +6,7 @@ describe manifest do
shared_examples 'catalog' do
use_nova = Noop.hiera_structure('nova/enabled', true)
if use_nova
if use_nova and !Noop.hiera('external_lb', false)
it "should properly configure nova haproxy based on ssl" do
public_ssl_nova = Noop.hiera_structure('public_ssl/services', false)
should contain_openstack__ha__haproxy_service('nova-api-1').with(

2
tests/noop/spec/hosts/openstack-haproxy/openstack-haproxy-radosgw_spec.rb
View File

@ -6,7 +6,7 @@ describe manifest do
shared_examples 'catalog' do
images_ceph = Noop.hiera_structure 'storage/images_ceph'
objects_ceph = Noop.hiera_structure 'storage/objects_ceph'
if images_ceph and objects_ceph
if images_ceph and objects_ceph and !Noop.hiera('external_lb', false)
ironic_enabled = Noop.hiera_structure 'ironic/enabled'
if ironic_enabled
baremetal_virtual_ip = Noop.hiera_structure 'network_metadata/vips/baremetal/ipaddr'

2
tests/noop/spec/hosts/openstack-haproxy/openstack-haproxy-sahara_spec.rb
View File

@ -6,7 +6,7 @@ describe manifest do
shared_examples 'catalog' do
use_sahara = Noop.hiera_structure('sahara/enabled', false)
if use_sahara
if use_sahara and !Noop.hiera('external_lb', false)
it "should properly configure sahara haproxy based on ssl" do
public_ssl_sahara = Noop.hiera_structure('public_ssl/services', false)
should contain_openstack__ha__haproxy_service('sahara').with(

12
tests/noop/spec/hosts/openstack-haproxy/openstack-haproxy-stats_spec.rb
View File

@ -8,11 +8,13 @@ describe manifest do
database_vip = Noop.hiera 'database_vip'
database_vip ||= management_vip
it "should contain stats fragment and listen #{[management_vip, database_vip].uniq.inspect}" do
[management_vip, database_vip].each do |ip|
should contain_concat__fragment('stats_listen_block').with_content(
%r{\n\s*bind\s+#{ip}:10000\s*$\n}
)
unless Noop.hiera('external_lb', false)
it "should contain stats fragment and listen #{[management_vip, database_vip].uniq.inspect}" do
[management_vip, database_vip].each do |ip|
should contain_concat__fragment('stats_listen_block').with_content(
%r{\n\s*bind\s+#{ip}:10000\s*$\n}
)
end
end
end
end

5
tests/noop/spec/hosts/openstack-haproxy/openstack-haproxy-swift_spec.rb
View File

@ -39,7 +39,7 @@ describe manifest do
}
end
if use_swift
if use_swift and !Noop.hiera('external_lb', false)
it "should declare openstack::ha:swift class with valid params" do
should contain_class('openstack::ha::swift').with(
'bind_to_one' => bind_to_one,
@ -58,10 +58,9 @@ describe manifest do
)
end
if ironic_enabled
baremetal_virtual_ip = Noop.hiera_structure 'network_metadata/vips/baremetal/ipaddr'
it 'should declare ::openstack::ha::swift class with baremetal_virtual_ip' do
should contain_class('openstack::ha::swift').with(
'baremetal_virtual_ip' => baremetal_virtual_ip,

33
tests/noop/spec/hosts/sahara/sahara_spec.rb
View File

@ -49,6 +49,25 @@ describe manifest do
let(:public_protocol) { public_ssl ? 'https' : 'http' }
let(:public_address) { public_ssl ? public_ssl_hostname : public_ip }
let(:api_bind_port) { '8386' }
let(:ssl_hash) { Noop.hiera_hash 'use_ssl', {} }
let (:sahara_protocol){
Noop.puppet_function 'get_ssl_property', ssl_hash, {}, 'sahara',
'internal', 'protocol', 'http'
}
let (:sahara_address){
Noop.puppet_function 'get_ssl_property', ssl_hash, {}, 'sahara',
'internal', 'hostname',
[Noop.hiera('service_endpoint', ''), Noop.hiera('management_vip')]
}
let (:sahara_url){
"#{sahara_protocol}://#{sahara_address}:#{api_bind_port}"
}
############################################################################
enable = Noop.hiera_structure('sahara/enabled')
@ -168,6 +187,20 @@ describe manifest do
should contain_haproxy_backend_status('sahara').that_comes_before('Class[sahara_templates::create_templates]')
}
end
it {
if Noop.hiera('external_lb', false)
url = sahara_url
provider = 'http'
else
url = 'http://' + Noop.hiera('service_endpoint').to_s + ':10000/;csv'
provider = nil
end
should contain_haproxy_backend_status('sahara').with(
:url => url,
:provider => provider
)
}
end
end