openstack/puppet-tripleo
Code Issues Proposed changes

placement: Initial extraction of the Placement service from Nova

Browse Source 
This initial change duplicates the existing Nova Placement parameters
and classes with extracted versions to avoid disrupting CI during the
switch.

Change-Id: Ieb5b6586bfcdcf4fe5aef7338ee17f7c9e55b607
This commit is contained in:
Lee Yarwood 2018-12-10 20:01:01 +00:00 committed by Martin Schuppert
parent 78f66b76fc
commit 3af5c2f267
8 changed files with 338 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
manifests/haproxy.pp
View File

@ -212,6 +212,10 @@
# (optional) Enable or not Nova Placement API binding # (optional) Enable or not Nova Placement API binding
# Defaults to hiera('nova_placement_enabled', false) # Defaults to hiera('nova_placement_enabled', false)
# #
# [*placement*]
# (optional) Enable or not Placement API binding
# Defaults to hiera('placement_enabled', false)
#
# [*nova_metadata*] # [*nova_metadata*]
# (optional) Enable or not Nova metadata binding # (optional) Enable or not Nova metadata binding
# Defaults to hiera('nova_api_enabled', false) # Defaults to hiera('nova_api_enabled', false)
@ -463,6 +467,10 @@
# (optional) Specify the network nova_placement is running on. # (optional) Specify the network nova_placement is running on.
# Defaults to hiera('nova_placement_network', undef) # Defaults to hiera('nova_placement_network', undef)
# #
# [*placement_network*]
# (optional) Specify the network placement is running on.
# Defaults to hiera('placement_network', undef)
#
# [*ec2_api_network*] # [*ec2_api_network*]
# (optional) Specify the network ec2_api is running on. # (optional) Specify the network ec2_api is running on.
# Defaults to hiera('ec2_api_network', undef) # Defaults to hiera('ec2_api_network', undef)
@ -563,6 +571,8 @@
# 'opendaylight_api_port' (Defaults to 8081) # 'opendaylight_api_port' (Defaults to 8081)
# 'panko_api_port' (Defaults to 8977) # 'panko_api_port' (Defaults to 8977)
# 'panko_api_ssl_port' (Defaults to 13977) # 'panko_api_ssl_port' (Defaults to 13977)
# 'placement_port' (Defaults to 8778)
# 'placement_ssl_port' (Defaults to 13778)
# 'ovn_nbdb_port' (Defaults to 6641) # 'ovn_nbdb_port' (Defaults to 6641)
# 'ovn_nbdb_ssl_port' (Defaults to 13641) # 'ovn_nbdb_ssl_port' (Defaults to 13641)
# 'ovn_sbdb_port' (Defaults to 6642) # 'ovn_sbdb_port' (Defaults to 6642)
@ -625,6 +635,7 @@ class tripleo::haproxy (
$glance_api = hiera('glance_api_enabled', false), $glance_api = hiera('glance_api_enabled', false),
$nova_osapi = hiera('nova_api_enabled', false), $nova_osapi = hiera('nova_api_enabled', false),
$nova_placement = hiera('nova_placement_enabled', false), $nova_placement = hiera('nova_placement_enabled', false),
$placement = hiera('placement_enabled', false),
$nova_metadata = hiera('nova_api_enabled', false), $nova_metadata = hiera('nova_api_enabled', false),
$nova_novncproxy = hiera('nova_vnc_proxy_enabled', false), $nova_novncproxy = hiera('nova_vnc_proxy_enabled', false),
$ec2_api = hiera('ec2_api_enabled', false), $ec2_api = hiera('ec2_api_enabled', false),
@ -687,6 +698,7 @@ class tripleo::haproxy (
$nova_novncproxy_network = hiera('nova_vnc_proxy_network', undef), $nova_novncproxy_network = hiera('nova_vnc_proxy_network', undef),
$nova_osapi_network = hiera('nova_api_network', undef), $nova_osapi_network = hiera('nova_api_network', undef),
$nova_placement_network = hiera('nova_placement_network', undef), $nova_placement_network = hiera('nova_placement_network', undef),
$placement_network = hiera('placement_network', undef),
$octavia_network = hiera('octavia_api_network', undef), $octavia_network = hiera('octavia_api_network', undef),
$opendaylight_network = hiera('opendaylight_api_network', undef), $opendaylight_network = hiera('opendaylight_api_network', undef),
$openshift_master_network = hiera('openshift_master_network', undef), $openshift_master_network = hiera('openshift_master_network', undef),
@ -753,6 +765,8 @@ class tripleo::haproxy (
openshift_master_ssl_port => 18443, openshift_master_ssl_port => 18443,
panko_api_port => 8977, panko_api_port => 8977,
panko_api_ssl_port => 13977, panko_api_ssl_port => 13977,
placement_port => 8778,
placement_ssl_port => 13778,
ovn_nbdb_port => 6641, ovn_nbdb_port => 6641,
ovn_nbdb_ssl_port => 13641, ovn_nbdb_ssl_port => 13641,
ovn_sbdb_port => 6642, ovn_sbdb_port => 6642,
@ -1058,6 +1072,21 @@ class tripleo::haproxy (
} }
} }
$placement_vip = hiera('placement_vip', $controller_virtual_ip)
if $placement {
::tripleo::haproxy::endpoint { 'placement':
public_virtual_ip => $public_virtual_ip,
internal_ip => $placement_vip,
service_port => $ports[placement_port],
ip_addresses => hiera('placement_node_ips', $controller_hosts_real),
server_names => hiera('placement_node_names', $controller_hosts_names_real),
mode => 'http',
public_ssl_port => $ports[placement_ssl_port],
service_network => $placement_network,
member_options => union($haproxy_member_options, $internal_tls_member_options),
}
}
if $nova_metadata { if $nova_metadata {
::tripleo::haproxy::endpoint { 'nova_metadata': ::tripleo::haproxy::endpoint { 'nova_metadata':
internal_ip => hiera('nova_metadata_vip', $controller_virtual_ip), internal_ip => hiera('nova_metadata_vip', $controller_virtual_ip),

3
manifests/profile/base/database/mysql.pp
View File

@ -247,6 +247,9 @@ class tripleo::profile::base::database::mysql (
if hiera('nova_placement_enabled', false) { if hiera('nova_placement_enabled', false) {
include ::nova::db::mysql_placement include ::nova::db::mysql_placement
} }
if hiera('placement_enabled', false) {
include ::placement::db::mysql
}
if hiera('octavia_api_enabled', false) { if hiera('octavia_api_enabled', false) {
include ::octavia::db::mysql include ::octavia::db::mysql
} }

3
manifests/profile/base/keystone.pp
View File

@ -393,6 +393,9 @@ class tripleo::profile::base::keystone (
if hiera('nova_placement_enabled', false) { if hiera('nova_placement_enabled', false) {
include ::nova::keystone::auth_placement include ::nova::keystone::auth_placement
} }
if hiera('placement_enabled', false) {
include ::placement::keystone::auth
}
if hiera('octavia_api_enabled', false) { if hiera('octavia_api_enabled', false) {
include ::octavia::keystone::auth include ::octavia::keystone::auth
} }

46
manifests/profile/base/placement.pp Normal file
View File

@ -0,0 +1,46 @@
# Copyright 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::placement
#
# Placement base profile for tripleo
#
# === Parameters
#
# [*bootstrap_node*]
# (Optional) The hostname of the node responsible for bootstrapping tasks
# Defaults to hiera('nova_api_short_bootstrap_node_name')
#
# [*step*]
# (Optional) The current step of the deployment
# Defaults to hiera('step')
class tripleo::profile::base::placement (
$bootstrap_node = hiera('placement_api_short_bootstrap_node_name', undef),
$step = Integer(hiera('step')),
) {
if $::hostname == downcase($bootstrap_node) {
$sync_db = true
} else {
$sync_db = false
}
if $step >= 4 or ($step >= 3 and $sync_db) {
include ::placement
include ::placement::config
include ::placement::logging
include ::placement::db
}
}

84
manifests/profile/base/placement/api.pp Normal file
View File

@ -0,0 +1,84 @@
# Copyright 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::placement::api
#
# Placement API profile for tripleo
#
# [*bootstrap_node*]
# (Optional) The hostname of the node responsible for bootstrapping tasks
# Defaults to hiera('placement_short_bootstrap_node_name')
#
# [*certificates_specs*]
# (Optional) The specifications to give to certmonger for the certificate(s)
# it will create.
# Example with hiera:
# apache_certificates_specs:
# httpd-internal_api:
# hostname: <overcloud controller fqdn>
# service_certificate: <service certificate path>
# service_key: <service key path>
# principal: "haproxy/<overcloud controller fqdn>"
# Defaults to hiera('apache_certificate_specs', {}).
#
# [*enable_internal_tls*]
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to hiera('enable_internal_tls', false)
#
# [*placement_network*]
# (Optional) The network name where the nova placement endpoint is listening on.
# This is set by t-h-t.
# Defaults to hiera('placement_network', undef)
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to hiera('step')
#
class tripleo::profile::base::placement::api (
$bootstrap_node = hiera('placement_short_bootstrap_node_name', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$placement_network = hiera('placement_network', undef),
$step = Integer(hiera('step')),
) {
if $::hostname == downcase($bootstrap_node) {
$is_bootstrap = true
} else {
$is_bootstrap = false
}
include ::tripleo::profile::base::placement
include ::tripleo::profile::base::placement::authtoken
if $enable_internal_tls {
if !$placement_network {
fail('placement_network is not set in the hieradata.')
}
$tls_certfile = $certificates_specs["httpd-${placement_network}"]['service_certificate']
$tls_keyfile = $certificates_specs["httpd-${placement_network}"]['service_key']
} else {
$tls_certfile = undef
$tls_keyfile = undef
}
if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::tripleo::profile::base::apache
class { '::placement::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
}
}
}

44
manifests/profile/base/placement/authtoken.pp Normal file
View File

@ -0,0 +1,44 @@
# Copyright 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::placement::authtoken
#
# Placement authtoken profile for TripleO
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to hiera('step')
#
# [*memcached_ips*]
# (Optional) Array of ipv4 or ipv6 addresses for memcache.
# Defaults to hiera('memcached_node_ips')
#
class tripleo::profile::base::placement::authtoken (
$step = Integer(hiera('step')),
$memcached_ips = hiera('memcached_node_ips'),
) {
if $step >= 3 {
if is_ipv6_address($memcached_ips[0]) {
$memcache_servers = prefix(suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211'), 'inet6:')
} else {
$memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211')
}
class { '::placement::keystone::authtoken':
memcached_servers => $memcache_servers,
}
}
}

126
spec/classes/tripleo_profile_base_placement_spec.rb Normal file
View File

@ -0,0 +1,126 @@
#
# Copyright (C) 2017 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
require 'spec_helper'
describe 'tripleo::profile::base::placement::api' do
shared_examples_for 'tripleo::profile::base::placement::api' do
let(:pre_condition) do
<<-eos
class { '::tripleo::profile::base::placement':
step => #{params[:step]},
}
class { '::tripleo::profile::base::placement::authtoken':
step => #{params[:step]},
}
eos
end
context 'with step less than 3' do
let(:params) { {
:step => 1,
} }
it {
is_expected.to contain_class('tripleo::profile::base::placement::api')
is_expected.to_not contain_class('placement::keystone::authtoken')
is_expected.to_not contain_class('placement::wsgi::apache')
}
end
context 'with step less than 3 and internal tls and generate certs' do
let(:params) { {
:step => 1,
:enable_internal_tls => true,
:placement_network => 'bar',
:certificates_specs => {
'httpd-bar' => {
'hostname' => 'foo',
'service_certificate' => '/foo.pem',
'service_key' => '/foo.key',
},
}
} }
it {
is_expected.to contain_class('tripleo::profile::base::placement::api')
is_expected.to_not contain_class('placement::keystone::authtoken')
is_expected.to_not contain_class('placement::wsgi::apache')
}
end
context 'with step 3 and not bootstrap' do
let(:params) { {
:step => 3,
} }
it {
is_expected.to contain_class('tripleo::profile::base::placement::api')
is_expected.to contain_class('placement::keystone::authtoken')
is_expected.not_to contain_class('placement::wsgi::apache')
}
end
context 'with step 3 and bootstrap' do
let(:params) { {
:step => 3,
:bootstrap_node => 'node.example.com'
} }
it {
is_expected.to contain_class('tripleo::profile::base::placement::api')
is_expected.to contain_class('placement::keystone::authtoken')
is_expected.to contain_class('placement::wsgi::apache')
}
end
context 'with step 3 and bootstrap with enable_internal_tls and skip generate certs' do
let(:params) { {
:step => 3,
:enable_internal_tls => true,
:placement_network => 'bar',
:bootstrap_node => 'node.example.com',
:certificates_specs => {
'httpd-bar' => {
'hostname' => 'foo',
'service_certificate' => '/foo.pem',
'service_key' => '/foo.key',
},
}
} }
it {
is_expected.to contain_class('tripleo::profile::base::placement::api')
is_expected.to contain_class('placement::keystone::authtoken')
is_expected.to contain_class('placement::wsgi::apache').with(
:ssl_cert => '/foo.pem',
:ssl_key => '/foo.key')
}
end
end
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) do
facts.merge({ :hostname => 'node.example.com' })
end
it_behaves_like 'tripleo::profile::base::placement::api'
end
end
end

3
spec/fixtures/hieradata/default.yaml vendored
View File

@ -55,6 +55,9 @@ manila_share_short_node_names:
nova::rabbit_password: 'password' nova::rabbit_password: 'password'
nova::keystone::authtoken::password: 'password' nova::keystone::authtoken::password: 'password'
nova::network::neutron::neutron_password: 'password' nova::network::neutron::neutron_password: 'password'
# placement related items
placement::rabbit_password: 'password'
placement::keystone::authtoken::password: 'password'
# memcache related items # memcache related items
memcached_node_ips_v6: memcached_node_ips_v6:
- '::1' - '::1'