openstack/puppet-openstack-integration
Code Issues Proposed changes
375686a1ae
puppet-openstack-integration/manifests/octavia.pp
Takashi Kajinami 126d20f076 octavia: Enable jobboard settings 
Octavia introduced the jobboard driver for amphora v2. Although we are
using noop drivers in our CI at this moment, we can enable the feature
for testing.

Depends-on: https://review.opendev.org/907685
Change-Id: I4789a9b6aa289cf6926931bf82dab5b5dd02fa8f
2024-02-04 17:20:40 +00:00

221 lines
7.9 KiB
Puppet
Raw Blame History

# Configure the octavia service
#
# [*notification_topics*]
# (optional) AMQP topic used for OpenStack notifications
# Defaults to $facts['os_service_default'].
#
# [*provider_driver*]
# (optional) Provider driver used in Octavia.
# Defaults to 'amphora'.
#
class openstack_integration::octavia (
$notification_topics = $facts['os_service_default'],
$provider_driver = 'amphora',
) {
include openstack_integration::config
include openstack_integration::params
openstack_integration::mq_user { 'octavia':
password => 'an_even_bigger_secret',
before => Anchor['octavia::service::begin'],
}
if $::openstack_integration::config::ssl {
openstack_integration::ssl_key { 'octavia':
notify => Service['httpd'],
require => Anchor['octavia::install::end'],
}
Exec['update-ca-certificates'] ~> Service['httpd']
if $provider_driver == 'ovn' {
openstack_integration::ovn::ssl_key { 'octavia':
notify => Anchor['octavia::service::begin'],
require => Anchor['octavia::install::end'],
}
}
}
class { 'octavia::logging':
debug => true,
}
class { 'octavia::db':
database_connection => os_database_connection({
'dialect' => 'mysql+pymysql',
'host' => $::openstack_integration::config::ip_for_url,
'username' => 'octavia',
'password' => 'octavia',
'database' => 'octavia',
'charset' => 'utf8',
'extra' => $::openstack_integration::config::db_extra,
}),
}
class { 'octavia':
default_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'octavia',
'password' => 'an_even_bigger_secret',
}),
notification_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_notify_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_notify_port,
'username' => 'octavia',
'password' => 'an_even_bigger_secret',
}),
rabbit_use_ssl => $::openstack_integration::config::ssl,
notification_topics => $notification_topics,
notification_driver => 'messagingv2',
}
class { 'octavia::db::mysql':
charset => $::openstack_integration::params::mysql_charset,
collate => $::openstack_integration::params::mysql_collate,
password => 'octavia',
host => $::openstack_integration::config::host,
persistence_dbname => 'octavia_persistence',
}
class { 'octavia::db::sync': }
class { 'octavia::db::sync_persistence': }
class { 'octavia::keystone::auth':
public_url => "${::openstack_integration::config::base_url}:9876",
internal_url => "${::openstack_integration::config::base_url}:9876",
admin_url => "${::openstack_integration::config::base_url}:9876",
roles => ['admin', 'service'],
password => 'a_big_secret',
}
class { 'octavia::keystone::authtoken':
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
service_token_roles_required => true,
}
File { '/etc/octavia/certs':
ensure => directory,
owner => 'octavia',
group => 'octavia',
mode => '0700',
tag => 'octavia-certs',
}
[
'server_ca.cert.pem',
'server_ca.key.pem',
'client_ca.cert.pem',
'client.cert-and-key.pem'
].each |String $cert | {
File { "/etc/octavia/certs/${cert}":
ensure => present,
owner => 'octavia',
group => 'octavia',
mode => '0700',
source => "puppet:///modules/${module_name}/octavia-certs/${cert}",
tag => 'octavia-certs',
}
}
Anchor['octavia::config::begin'] -> File<| tag == 'octavia-certs' |> -> Anchor['octavia::config::end']
class { 'octavia::certificates':
ca_private_key_passphrase => 'not-secure-passphrase',
ca_certificate => '/etc/octavia/certs/server_ca.cert.pem',
ca_private_key => '/etc/octavia/certs/server_ca.key.pem',
client_ca => '/etc/octavia/certs/client_ca.cert.pem',
client_cert => '/etc/octavia/certs/client.cert-and-key.pem',
}
if $provider_driver == 'ovn' {
# NOTE(tkajinam): Because noop drivers does not work with the ovn provider,
# amphora provider is also enabled. All tests are currently
# executed with amphora provider + noop drivers but we
# might want to revisit this later.
$enabled_provider_drivers = {
'amphora' => 'The Octavia Amphora driver.',
'octavia' => 'Deprecated alias of the Octavia Amphora driver.',
'ovn' => 'OVN provider driver.'
}
$enabled_provider_agents = 'ovn'
class { 'octavia::provider::ovn':
ovn_nb_connection => $::openstack_integration::config::ovn_nb_connection,
ovn_nb_private_key => '/etc/octavia/ovnnb-privkey.pem',
ovn_nb_certificate => '/etc/octavia/ovnnb-cert.pem',
ovn_nb_ca_cert => '/etc/octavia/switchcacert.pem',
ovn_sb_connection => $::openstack_integration::config::ovn_sb_connection,
ovn_sb_private_key => '/etc/octavia/ovnsb-privkey.pem',
ovn_sb_certificate => '/etc/octavia/ovnsb-cert.pem',
ovn_sb_ca_cert => '/etc/octavia/switchcacert.pem',
}
} else{
$enabled_provider_drivers = undef
$enabled_provider_agents = undef
}
class { 'octavia::api':
enabled => true,
service_name => 'httpd',
sync_db => true,
enabled_provider_drivers => $enabled_provider_drivers,
}
class { 'octavia::wsgi::apache':
bind_host => $::openstack_integration::config::host,
ssl => $::openstack_integration::config::ssl,
ssl_key => "/etc/octavia/ssl/private/${facts['networking']['fqdn']}.pem",
ssl_cert => $::openstack_integration::params::cert_path,
workers => 2,
}
class { 'octavia::client': }
class { 'octavia::networking':
}
class { 'octavia::controller':
amp_flavor_id => '65',
amphora_driver => 'amphora_noop_driver',
compute_driver => 'compute_noop_driver',
image_driver => 'image_noop_driver',
network_driver => 'network_noop_driver',
heartbeat_key => 'abcdefghijkl',
}
class { 'octavia::task_flow':
max_workers => 2,
persistence_connection => os_database_connection({
'dialect' => 'mysql+pymysql',
'host' => $::openstack_integration::config::ip_for_url,
'username' => 'octavia',
'password' => 'octavia',
'database' => 'octavia_persistence',
'charset' => 'utf8',
'extra' => $::openstack_integration::config::db_extra,
}),
jobboard_enabled => true,
jobboard_backend_hosts => $::openstack_integration::config::host,
jobboard_backend_port => 6379,
jobboard_backend_password => 'a_big_secret',
jobboard_redis_backend_ssl_options => {
'ssl' => $::openstack_integration::config::ssl
},
}
class { 'octavia::worker':
workers => 2,
}
class { 'octavia::health_manager':
health_update_threads => 2,
stats_update_threads => 2,
}
class { 'octavia::housekeeping':
}
class { 'octavia::driver_agent':
enabled_provider_agents => $enabled_provider_agents,
}
class { 'octavia::service_auth':
auth_url => $::openstack_integration::config::keystone_admin_uri,
password => 'a_big_secret',
}
}
View Git Blame Copy Permalink