placement: Initial extraction of the Placement service from Nova

This initial change duplicates the existing Nova Placement parameters and classes with extracted versions to avoid disrupting CI during the switch. Change-Id: Ieb5b6586bfcdcf4fe5aef7338ee17f7c9e55b607
2018-12-10 20:01:01 +00:00 · 2018-12-10 20:01:01 +00:00 · 3af5c2f267
commit 3af5c2f267
parent 78f66b76fc
8 changed files with 338 additions and 0 deletions
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@ -212,6 +212,10 @@
 #  (optional) Enable or not Nova Placement API binding
 #  Defaults to hiera('nova_placement_enabled', false)
 #
+# [*placement*]
+#  (optional) Enable or not Placement API binding
+#  Defaults to hiera('placement_enabled', false)
+#
 # [*nova_metadata*]
 #  (optional) Enable or not Nova metadata binding
 #  Defaults to hiera('nova_api_enabled', false)
@ -463,6 +467,10 @@
 #  (optional) Specify the network nova_placement is running on.
 #  Defaults to hiera('nova_placement_network', undef)
 #
+# [*placement_network*]
+#  (optional) Specify the network placement is running on.
+#  Defaults to hiera('placement_network', undef)
+#
 # [*ec2_api_network*]
 #  (optional) Specify the network ec2_api is running on.
 #  Defaults to hiera('ec2_api_network', undef)
@ -563,6 +571,8 @@
 #    'opendaylight_api_port' (Defaults to 8081)
 #    'panko_api_port' (Defaults to 8977)
 #    'panko_api_ssl_port' (Defaults to 13977)
+#    'placement_port' (Defaults to 8778)
+#    'placement_ssl_port' (Defaults to 13778)
 #    'ovn_nbdb_port' (Defaults to 6641)
 #    'ovn_nbdb_ssl_port' (Defaults to 13641)
 #    'ovn_sbdb_port' (Defaults to 6642)
@ -625,6 +635,7 @@ class tripleo::haproxy (
  $glance_api                  = hiera('glance_api_enabled', false),
  $nova_osapi                  = hiera('nova_api_enabled', false),
  $nova_placement              = hiera('nova_placement_enabled', false),
+  $placement                   = hiera('placement_enabled', false),
  $nova_metadata               = hiera('nova_api_enabled', false),
  $nova_novncproxy             = hiera('nova_vnc_proxy_enabled', false),
  $ec2_api                     = hiera('ec2_api_enabled', false),
@ -687,6 +698,7 @@ class tripleo::haproxy (
  $nova_novncproxy_network     = hiera('nova_vnc_proxy_network', undef),
  $nova_osapi_network          = hiera('nova_api_network', undef),
  $nova_placement_network      = hiera('nova_placement_network', undef),
+  $placement_network           = hiera('placement_network', undef),
  $octavia_network             = hiera('octavia_api_network', undef),
  $opendaylight_network        = hiera('opendaylight_api_network', undef),
  $openshift_master_network    = hiera('openshift_master_network', undef),
@ -753,6 +765,8 @@ class tripleo::haproxy (
    openshift_master_ssl_port => 18443,
    panko_api_port => 8977,
    panko_api_ssl_port => 13977,
+    placement_port => 8778,
+    placement_ssl_port => 13778,
    ovn_nbdb_port => 6641,
    ovn_nbdb_ssl_port => 13641,
    ovn_sbdb_port => 6642,
@ -1058,6 +1072,21 @@ class tripleo::haproxy (
    }
  }

+  $placement_vip = hiera('placement_vip', $controller_virtual_ip)
+  if $placement {
+    ::tripleo::haproxy::endpoint { 'placement':
+      public_virtual_ip => $public_virtual_ip,
+      internal_ip       => $placement_vip,
+      service_port      => $ports[placement_port],
+      ip_addresses      => hiera('placement_node_ips', $controller_hosts_real),
+      server_names      => hiera('placement_node_names', $controller_hosts_names_real),
+      mode              => 'http',
+      public_ssl_port   => $ports[placement_ssl_port],
+      service_network   => $placement_network,
+      member_options    => union($haproxy_member_options, $internal_tls_member_options),
+    }
+  }
+
  if $nova_metadata {
    ::tripleo::haproxy::endpoint { 'nova_metadata':
      internal_ip     => hiera('nova_metadata_vip', $controller_virtual_ip),
--- a/manifests/profile/base/database/mysql.pp
+++ b/manifests/profile/base/database/mysql.pp
@ -247,6 +247,9 @@ class tripleo::profile::base::database::mysql (
    if hiera('nova_placement_enabled', false) {
      include ::nova::db::mysql_placement
    }
+    if hiera('placement_enabled', false) {
+      include ::placement::db::mysql
+    }
    if hiera('octavia_api_enabled', false) {
      include ::octavia::db::mysql
    }
--- a/manifests/profile/base/keystone.pp
+++ b/manifests/profile/base/keystone.pp
@ -393,6 +393,9 @@ class tripleo::profile::base::keystone (
    if hiera('nova_placement_enabled', false) {
      include ::nova::keystone::auth_placement
    }
+    if hiera('placement_enabled', false) {
+      include ::placement::keystone::auth
+    }
    if hiera('octavia_api_enabled', false) {
      include ::octavia::keystone::auth
    }
--- a/manifests/profile/base/placement.pp
+++ b/manifests/profile/base/placement.pp
@ -0,0 +1,46 @@
+# Copyright 2018 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::placement
+#
+# Placement base profile for tripleo
+#
+# === Parameters
+#
+# [*bootstrap_node*]
+#   (Optional) The hostname of the node responsible for bootstrapping tasks
+#   Defaults to hiera('nova_api_short_bootstrap_node_name')
+#
+# [*step*]
+#   (Optional) The current step of the deployment
+#   Defaults to hiera('step')
+
+class tripleo::profile::base::placement (
+  $bootstrap_node          = hiera('placement_api_short_bootstrap_node_name', undef),
+  $step                    = Integer(hiera('step')),
+) {
+
+  if $::hostname == downcase($bootstrap_node) {
+    $sync_db = true
+  } else {
+    $sync_db = false
+  }
+
+  if $step >= 4 or ($step >= 3 and $sync_db) {
+    include ::placement
+    include ::placement::config
+    include ::placement::logging
+    include ::placement::db
+  }
+}
--- a/manifests/profile/base/placement/api.pp
+++ b/manifests/profile/base/placement/api.pp
@ -0,0 +1,84 @@
+# Copyright 2018 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::placement::api
+#
+# Placement API profile for tripleo
+#
+# [*bootstrap_node*]
+#   (Optional) The hostname of the node responsible for bootstrapping tasks
+#   Defaults to hiera('placement_short_bootstrap_node_name')
+#
+# [*certificates_specs*]
+#   (Optional) The specifications to give to certmonger for the certificate(s)
+#   it will create.
+#   Example with hiera:
+#     apache_certificates_specs:
+#       httpd-internal_api:
+#         hostname: <overcloud controller fqdn>
+#         service_certificate: <service certificate path>
+#         service_key: <service key path>
+#         principal: "haproxy/<overcloud controller fqdn>"
+#   Defaults to hiera('apache_certificate_specs', {}).
+#
+# [*enable_internal_tls*]
+#   (Optional) Whether TLS in the internal network is enabled or not.
+#   Defaults to hiera('enable_internal_tls', false)
+#
+# [*placement_network*]
+#   (Optional) The network name where the nova placement endpoint is listening on.
+#   This is set by t-h-t.
+#   Defaults to hiera('placement_network', undef)
+#
+# [*step*]
+#   (Optional) The current step in deployment. See tripleo-heat-templates
+#   for more details.
+#   Defaults to hiera('step')
+#
+class tripleo::profile::base::placement::api (
+  $bootstrap_node                = hiera('placement_short_bootstrap_node_name', undef),
+  $certificates_specs            = hiera('apache_certificates_specs', {}),
+  $enable_internal_tls           = hiera('enable_internal_tls', false),
+  $placement_network             = hiera('placement_network', undef),
+  $step                          = Integer(hiera('step')),
+) {
+  if $::hostname == downcase($bootstrap_node) {
+    $is_bootstrap = true
+  } else {
+    $is_bootstrap = false
+  }
+
+  include ::tripleo::profile::base::placement
+  include ::tripleo::profile::base::placement::authtoken
+
+  if $enable_internal_tls {
+    if !$placement_network {
+      fail('placement_network is not set in the hieradata.')
+    }
+    $tls_certfile = $certificates_specs["httpd-${placement_network}"]['service_certificate']
+    $tls_keyfile = $certificates_specs["httpd-${placement_network}"]['service_key']
+  } else {
+    $tls_certfile = undef
+    $tls_keyfile = undef
+  }
+
+  if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
+    include ::tripleo::profile::base::apache
+    class { '::placement::wsgi::apache':
+      ssl_cert => $tls_certfile,
+      ssl_key  => $tls_keyfile,
+    }
+  }
+}
+
--- a/manifests/profile/base/placement/authtoken.pp
+++ b/manifests/profile/base/placement/authtoken.pp
@ -0,0 +1,44 @@
+# Copyright 2018 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::placement::authtoken
+#
+# Placement authtoken profile for TripleO
+#
+# [*step*]
+#   (Optional) The current step in deployment. See tripleo-heat-templates
+#   for more details.
+#   Defaults to hiera('step')
+#
+# [*memcached_ips*]
+#   (Optional) Array of ipv4 or ipv6 addresses for memcache.
+#   Defaults to hiera('memcached_node_ips')
+#
+class tripleo::profile::base::placement::authtoken (
+  $step                = Integer(hiera('step')),
+  $memcached_ips       = hiera('memcached_node_ips'),
+) {
+
+  if $step >= 3 {
+    if is_ipv6_address($memcached_ips[0]) {
+      $memcache_servers = prefix(suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211'), 'inet6:')
+    } else {
+      $memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211')
+    }
+
+    class { '::placement::keystone::authtoken':
+      memcached_servers => $memcache_servers,
+    }
+  }
+}
--- a/spec/classes/tripleo_profile_base_placement_spec.rb
+++ b/spec/classes/tripleo_profile_base_placement_spec.rb
@ -0,0 +1,126 @@
+#
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::placement::api' do
+  shared_examples_for 'tripleo::profile::base::placement::api' do
+    let(:pre_condition) do
+      <<-eos
+      class { '::tripleo::profile::base::placement':
+        step => #{params[:step]},
+      }
+      class { '::tripleo::profile::base::placement::authtoken':
+        step     => #{params[:step]},
+      }
+eos
+    end
+
+    context 'with step less than 3' do
+      let(:params) { {
+        :step => 1,
+      } }
+
+      it {
+        is_expected.to contain_class('tripleo::profile::base::placement::api')
+        is_expected.to_not contain_class('placement::keystone::authtoken')
+        is_expected.to_not contain_class('placement::wsgi::apache')
+      }
+    end
+
+    context 'with step less than 3 and internal tls and generate certs' do
+      let(:params) { {
+        :step                          => 1,
+        :enable_internal_tls           => true,
+        :placement_network             => 'bar',
+        :certificates_specs            => {
+            'httpd-bar' => {
+                'hostname'            => 'foo',
+                'service_certificate' => '/foo.pem',
+                'service_key'         => '/foo.key',
+            },
+        }
+      } }
+
+      it {
+        is_expected.to contain_class('tripleo::profile::base::placement::api')
+        is_expected.to_not contain_class('placement::keystone::authtoken')
+        is_expected.to_not contain_class('placement::wsgi::apache')
+      }
+    end
+
+    context 'with step 3 and not bootstrap' do
+      let(:params) { {
+        :step => 3,
+      } }
+
+      it {
+        is_expected.to contain_class('tripleo::profile::base::placement::api')
+        is_expected.to contain_class('placement::keystone::authtoken')
+        is_expected.not_to contain_class('placement::wsgi::apache')
+      }
+    end
+
+    context 'with step 3 and bootstrap' do
+      let(:params) { {
+        :step           => 3,
+        :bootstrap_node => 'node.example.com'
+      } }
+
+      it {
+        is_expected.to contain_class('tripleo::profile::base::placement::api')
+        is_expected.to contain_class('placement::keystone::authtoken')
+        is_expected.to contain_class('placement::wsgi::apache')
+      }
+    end
+
+    context 'with step 3 and bootstrap with enable_internal_tls and skip generate certs' do
+      let(:params) { {
+        :step => 3,
+        :enable_internal_tls           => true,
+        :placement_network             => 'bar',
+        :bootstrap_node                => 'node.example.com',
+        :certificates_specs            => {
+            'httpd-bar' => {
+                 'hostname'           => 'foo',
+                'service_certificate' => '/foo.pem',
+                'service_key'         => '/foo.key',
+            },
+        }
+
+      } }
+
+      it {
+        is_expected.to contain_class('tripleo::profile::base::placement::api')
+        is_expected.to contain_class('placement::keystone::authtoken')
+        is_expected.to contain_class('placement::wsgi::apache').with(
+          :ssl_cert => '/foo.pem',
+          :ssl_key  => '/foo.key')
+      }
+    end
+  end
+
+
+  on_supported_os.each do |os, facts|
+    context "on #{os}" do
+      let(:facts) do
+        facts.merge({ :hostname => 'node.example.com' })
+      end
+
+      it_behaves_like 'tripleo::profile::base::placement::api'
+    end
+  end
+end
--- a/spec/fixtures/hieradata/default.yaml
+++ b/spec/fixtures/hieradata/default.yaml
@ -55,6 +55,9 @@ manila_share_short_node_names:
 nova::rabbit_password: 'password'
 nova::keystone::authtoken::password: 'password'
 nova::network::neutron::neutron_password: 'password'
+# placement related items
+placement::rabbit_password: 'password'
+placement::keystone::authtoken::password: 'password'
 # memcache related items
 memcached_node_ips_v6:
 - '::1'