openstack/fuel-library
Code Issues Proposed changes

Add heat auth_encryption_key handling

Browse Source 
* Heat auth_encryption_key now readed from nailgun
via osnailyfacter and it should be used for heat-engine
instances in cloud.
* Disabled start-up and run via pacemaker in case
of HA mode for heat-engine.

Change-Id: Icc65f5316762421f1477e32fbd9c3f7071f0a2aa
Related-Bug: #1387345
This commit is contained in:
Igor Yozhikov 2014-11-07 18:08:40 +03:00 committed by Dmitry Ilyin
parent b9d4068bcb
commit e96c4d1fd3
8 changed files with 26 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
deployment/puppet/heat/manifests/engine.pp
View File

@ -33,17 +33,15 @@
#
class heat::engine (
$pacemaker = false, # unused
$ocf_scripts_dir = '/usr/lib/ocf/resource.d',
$ocf_scripts_provider = 'mirantis',
$auth_encryption_key,
$auth_encryption_key = '%ENCRYPTION_KEY%',
$enabled = true,
$heat_stack_user_role = 'heat_stack_user',
$heat_metadata_server_url = 'http://127.0.0.1:8000',
$heat_waitcondition_server_url = 'http://127.0.0.1:8000/v1/waitcondition',
$heat_watch_server_url = 'http://127.0.0.1:8003',
$engine_life_check_timeout = '2',
$primary_controller = false, # unused
) {
include heat::params
@ -77,12 +75,6 @@ class heat::engine (
Heat_config<||> ~> Service['heat-engine']
Heat_engine_config<||> ~> Service['heat-engine']
exec {'heat-encryption-key-replacement':
command => 'sed -i "s/%ENCRYPTION_KEY%/`hexdump -n 16 -v -e \'/1 "%02x"\' /dev/random`/" /etc/heat/heat.conf',
path => [ '/usr/bin', '/bin' ],
onlyif => 'grep -c ENCRYPTION_KEY /etc/heat/heat.conf',
}
heat_config {
'DEFAULT/auth_encryption_key' : value => $auth_encryption_key;
'DEFAULT/heat_stack_user_role' : value => $heat_stack_user_role;
@ -92,6 +84,6 @@ class heat::engine (
'DEFAULT/engine_life_check_timeout' : value => $engine_life_check_timeout;
}
File['/etc/heat/heat.conf'] -> Exec['heat-encryption-key-replacement'] -> Service['heat-engine']
File['/etc/heat/heat.conf'] -> Service['heat-engine']
}

1
deployment/puppet/heat/tests/heat.pp
View File

@ -1,5 +1,4 @@
class { 'heat' :
pacemaker => false,
rabbit_host => '127.0.0.1',
rabbit_login => 'heat',
rabbit_password => 'secret',

12
deployment/puppet/pacemaker_wrappers/manifests/heat.pp → deployment/puppet/heat_ha/manifests/engine.pp
View File

@ -1,4 +1,4 @@
class pacemaker_wrappers::heat inherits heat::engine {
class heat_ha::engine inherits heat::engine {
$primitive_type = 'heat-engine'
if $::osfamily == 'RedHat' {
@ -24,9 +24,19 @@ class pacemaker_wrappers::heat inherits heat::engine {
},
}
$multistate_hash = {
'type' => 'clone',
}
$ms_metadata = {
'interleave' => true,
}
pacemaker_wrappers::service { $service_name :
primitive_type => $primitive_type,
metadata => $metadata,
multistate_hash => $multistate_hash,
ms_metadata => $ms_metadata,
operations => $operations,
ocf_script_template => $ocf_script_template,
}

4
deployment/puppet/openstack/manifests/heat.pp
View File

@ -2,7 +2,6 @@
#TODO(bogdando) sync extended qpid rpc backend configuration here as well
class openstack::heat (
$pacemaker = false,
$external_ip = '127.0.0.1',
$enabled = true,
@ -54,7 +53,6 @@ class openstack::heat (
$api_cfn_bind_port = '8000',
$api_cloudwatch_bind_host = '0.0.0.0',
$api_cloudwatch_bind_port = '8003',
$primary_controller = false,
){
# No empty passwords allowed
@ -214,8 +212,6 @@ class openstack::heat (
# Engine
class { 'heat::engine' :
pacemaker => $pacemaker,
primary_controller => $primary_controller,
auth_encryption_key => $auth_encryption_key,
heat_stack_user_role => $heat_stack_user_role,
heat_metadata_server_url => $metadata_server_url,

7
deployment/puppet/osnailyfacter/manifests/cluster_ha.pp
View File

@ -654,8 +654,6 @@ class osnailyfacter::cluster_ha {
}
class { 'openstack::heat' :
pacemaker => true,
primary_controller => $primary_controller,
external_ip => $controller_node_public,
keystone_host => $controller_node_address,
@ -684,8 +682,11 @@ class osnailyfacter::cluster_ha {
verbose => $::verbose,
use_syslog => $::use_syslog,
syslog_log_facility => $::syslog_log_facility_heat,
auth_encryption_key => $heat_hash['auth_encryption_key'],
}
include pacemaker_wrappers::heat
include heat_ha::engine
if $murano_hash['enabled'] {

3
deployment/puppet/osnailyfacter/manifests/cluster_simple.pp
View File

@ -380,7 +380,6 @@ class osnailyfacter::cluster_simple {
class { 'openstack::heat' :
pacemaker => false,
external_ip => $controller_node_public,
keystone_host => $controller_node_address,
@ -408,6 +407,8 @@ class osnailyfacter::cluster_simple {
verbose => $::verbose,
use_syslog => $::use_syslog,
syslog_log_facility => $::syslog_log_facility_heat,
auth_encryption_key => $heat_hash['auth_encryption_key'],
}

4
deployment/puppet/pacemaker_wrappers/manifests/service.pp
View File

@ -34,6 +34,10 @@ define pacemaker_wrappers::service (
provider => 'pacemaker',
}
Service<| name == $service_name |> {
provider => 'pacemaker',
}
if $create_primitive {
cs_resource { $primitive_name :
ensure => $ensure,

5
deployment/puppet/pacemaker_wrappers/templates/ocf_handler.erb
View File

@ -5,6 +5,7 @@ export OCF_RA_VERSION_MAJOR='1'
export OCF_RA_VERSION_MINOR='0'
export OCF_RESOURCE_INSTANCE='<%= @primitive_name %>'
# OCF Parameters
<% if @parameters.is_a? Hash -%>
<% @parameters.each do |k,v| -%>
<% v = v.to_s -%>
@ -64,7 +65,7 @@ blue() {
ec2error() {
case "${1}" in
0) green 'Running' ;;
0) green 'Success' ;;
1) red 'Error: Generic' ;;
2) red 'Error: Arguments' ;;
3) red 'Error: Unimplemented' ;;
@ -114,4 +115,4 @@ ec="${?}"
message="$(ec2error ${ec})"
echo "Exit status: ${message} (${ec})"
exit "${ec}"
exit "${ec}"