openstack/puppet-tripleo
Code Issues Proposed changes

Merge "Make the bundle user configurable via hiera"

Browse Source
This commit is contained in:
Zuul 2020-01-17 05:15:40 +00:00 committed by Gerrit Code Review
commit 8c0d43a193
8 changed files with 67 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
manifests/profile/pacemaker/cinder/backup_bundle.pp
View File

@ -56,6 +56,10 @@
# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set
# Defaults to hiera('tripleo::pacemaker::tls_priorities', undef)
#
# [*bundle_user*]
# (optional) Set the --user= switch to be passed to pcmk
# Defaults to 'root'
#
class tripleo::profile::pacemaker::cinder::backup_bundle (
$bootstrap_node = hiera('cinder_backup_short_bootstrap_node_name'),
$cinder_backup_docker_image = hiera('tripleo::profile::pacemaker::cinder::backup_bundle::cinder_backup_docker_image', undef),
@ -64,6 +68,7 @@ class tripleo::profile::pacemaker::cinder::backup_bundle (
$container_backend = 'docker',
$log_driver = undef,
$tls_priorities = hiera('tripleo::pacemaker::tls_priorities', undef),
$bundle_user = 'root',
$pcs_tries = hiera('pcs_tries', 20),
$step = Integer(hiera('step')),
) {
@ -219,7 +224,9 @@ class tripleo::profile::pacemaker::cinder::backup_bundle (
expression => ['cinder-backup-role eq true'],
},
container_options => 'network=host',
options => "--ipc=host --privileged=true --user=root --log-driver=${log_driver_real} ${docker_env}${tls_priorities_real}",
# lint:ignore:140chars
options => "--ipc=host --privileged=true --user=${bundle_user} --log-driver=${log_driver_real} ${docker_env}${tls_priorities_real}",
# lint:endignore
run_command => '/bin/bash /usr/local/bin/kolla_start',
storage_maps => $storage_maps,
container_backend => $container_backend,

9
manifests/profile/pacemaker/cinder/volume_bundle.pp
View File

@ -56,6 +56,10 @@
# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set
# Defaults to hiera('tripleo::pacemaker::tls_priorities', undef)
#
# [*bundle_user*]
# (optional) Set the --user= switch to be passed to pcmk
# Defaults to 'root'
#
class tripleo::profile::pacemaker::cinder::volume_bundle (
$bootstrap_node = hiera('cinder_volume_short_bootstrap_node_name'),
$cinder_volume_docker_image = hiera('tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image', undef),
@ -66,6 +70,7 @@ class tripleo::profile::pacemaker::cinder::volume_bundle (
$container_backend = 'docker',
$log_driver = undef,
$tls_priorities = hiera('tripleo::pacemaker::tls_priorities', undef),
$bundle_user = 'root',
) {
if $::hostname == downcase($bootstrap_node) {
$pacemaker_master = true
@ -220,7 +225,9 @@ class tripleo::profile::pacemaker::cinder::volume_bundle (
expression => ['cinder-volume-role eq true'],
},
container_options => 'network=host',
options => "--ipc=host --privileged=true --user=root --log-driver=${log_driver_real} ${docker_env}${tls_priorities_real}",
# lint:ignore:140chars
options => "--ipc=host --privileged=true --user=${bundle_user} --log-driver=${log_driver_real} ${docker_env}${tls_priorities_real}",
# lint:endignore
run_command => '/bin/bash /usr/local/bin/kolla_start',
storage_maps => $storage_maps,
container_backend => $container_backend,

9
manifests/profile/pacemaker/database/mysql_bundle.pp
View File

@ -127,6 +127,10 @@
# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set
# Defaults to hiera('tripleo::pacemaker::tls_priorities', undef)
#
# [*bundle_user*]
# (optional) Set the --user= switch to be passed to pcmk
# Defaults to 'root'
#
class tripleo::profile::pacemaker::database::mysql_bundle (
$mysql_docker_image = hiera('tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image', undef),
$control_port = hiera('tripleo::profile::pacemaker::database::mysql_bundle::control_port', '3123'),
@ -148,6 +152,7 @@ class tripleo::profile::pacemaker::database::mysql_bundle (
$container_backend = 'docker',
$log_driver = undef,
$tls_priorities = hiera('tripleo::pacemaker::tls_priorities', undef),
$bundle_user = 'root',
$pcs_tries = hiera('pcs_tries', 20),
$step = Integer(hiera('step')),
) {
@ -438,7 +443,9 @@ MYSQL_HOST=localhost\n",
expression => ['galera-role eq true'],
},
container_options => 'network=host',
options => "--user=root --log-driver=${log_driver_real} -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS${tls_priorities_real}",
# lint:ignore:140chars
options => "--user=${bundle_user} --log-driver=${log_driver_real} -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS${tls_priorities_real}",
# lint:endignore
run_command => '/bin/bash /usr/local/bin/kolla_start',
network => "control-port=${control_port}",
storage_maps => merge($storage_maps, $storage_maps_tls),

9
manifests/profile/pacemaker/database/redis_bundle.pp
View File

@ -104,6 +104,10 @@
# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set
# Defaults to hiera('tripleo::pacemaker::tls_priorities', undef)
#
# [*bundle_user*]
# (optional) Set the --user= switch to be passed to pcmk
# Defaults to 'root'
#
class tripleo::profile::pacemaker::database::redis_bundle (
$certificate_specs = hiera('redis_certificate_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
@ -122,6 +126,7 @@ class tripleo::profile::pacemaker::database::redis_bundle (
$tls_proxy_fqdn = undef,
$tls_proxy_port = 6379,
$tls_priorities = hiera('tripleo::pacemaker::tls_priorities', undef),
$bundle_user = 'root',
) {
if $::hostname == downcase($bootstrap_node) {
$pacemaker_master = true
@ -348,7 +353,9 @@ slave-announce-port ${local_tuple[0][2]}
expression => ['redis-role eq true'],
},
container_options => 'network=host',
options => "--user=root --log-driver=${log_driver_real} -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS${tls_priorities_real}",
# lint:ignore:140chars
options => "--user=${bundle_user} --log-driver=${log_driver_real} -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS${tls_priorities_real}",
# lint:endignore
run_command => '/bin/bash /usr/local/bin/kolla_start',
network => "control-port=${redis_docker_control_port}",
storage_maps => merge($storage_maps, $storage_maps_tls),

9
manifests/profile/pacemaker/haproxy_bundle.pp
View File

@ -89,6 +89,10 @@
# (Optional) The number of times pcs commands should be retried.
# Defaults to hiera('pcs_tries', 20)
#
# [*bundle_user*]
# (optional) Set the --user= switch to be passed to pcmk
# Defaults to 'root'
#
class tripleo::profile::pacemaker::haproxy_bundle (
$haproxy_docker_image = hiera('tripleo::profile::pacemaker::haproxy::haproxy_docker_image', undef),
$bootstrap_node = hiera('haproxy_short_bootstrap_node_name'),
@ -103,6 +107,7 @@ class tripleo::profile::pacemaker::haproxy_bundle (
$op_params = '',
$container_backend = 'docker',
$tls_priorities = hiera('tripleo::pacemaker::tls_priorities', undef),
$bundle_user = 'root',
$log_driver = undef,
$step = Integer(hiera('step')),
$pcs_tries = hiera('pcs_tries', 20),
@ -270,7 +275,9 @@ class tripleo::profile::pacemaker::haproxy_bundle (
replicas => $haproxy_nodes_count,
location_rule => $haproxy_location_rule,
container_options => 'network=host',
options => "--user=root --log-driver=${log_driver_real} -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS${tls_priorities_real}",
# lint:ignore:140chars
options => "--user=${bundle_user} --log-driver=${log_driver_real} -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS${tls_priorities_real}",
# lint:endignore
run_command => '/bin/bash /usr/local/bin/kolla_start',
storage_maps => merge($storage_maps, $cert_storage_maps, $storage_maps_internal_tls),
container_backend => $container_backend,

9
manifests/profile/pacemaker/manila/share_bundle.pp
View File

@ -60,6 +60,10 @@
# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set
# Defaults to hiera('tripleo::pacemaker::tls_priorities', undef)
#
# [*bundle_user*]
# (optional) Set the --user= switch to be passed to pcmk
# Defaults to 'root'
#
class tripleo::profile::pacemaker::manila::share_bundle (
$bootstrap_node = hiera('manila_share_short_bootstrap_node_name'),
$manila_share_docker_image = hiera('tripleo::profile::pacemaker::manila::share_bundle::manila_share_docker_image', undef),
@ -68,6 +72,7 @@ class tripleo::profile::pacemaker::manila::share_bundle (
$ceph_nfs_enabled = hiera('ceph_nfs_enabled', false),
$container_backend = 'docker',
$tls_priorities = hiera('tripleo::pacemaker::tls_priorities', undef),
$bundle_user = 'root',
$log_driver = undef,
$pcs_tries = hiera('pcs_tries', 20),
$step = Integer(hiera('step')),
@ -243,7 +248,9 @@ class tripleo::profile::pacemaker::manila::share_bundle (
expression => ['manila-share-role eq true'],
},
container_options => 'network=host',
options => "--ipc=host --privileged=true --user=root --log-driver=${log_driver_real} ${docker_env}${tls_priorities_real}",
# lint:ignore:140chars
options => "--ipc=host --privileged=true --user=${bundle_user} --log-driver=${log_driver_real} ${docker_env}${tls_priorities_real}",
# lint:endignore
run_command => '/bin/bash /usr/local/bin/kolla_start',
storage_maps => $storage_maps,
container_backend => $container_backend,

14
manifests/profile/pacemaker/ovn_dbs_bundle.pp
View File

@ -73,6 +73,10 @@
# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set
# Defaults to hiera('tripleo::pacemaker::tls_priorities', undef)
#
# [*bundle_user*]
# (optional) Set the --user= switch to be passed to pcmk
# Defaults to undef
#
# [*enable_internal_tls*]
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to hiera('enable_internal_tls', false)
@ -106,6 +110,7 @@ class tripleo::profile::pacemaker::ovn_dbs_bundle (
$op_params = '',
$container_backend = 'docker',
$tls_priorities = hiera('tripleo::pacemaker::tls_priorities', undef),
$bundle_user = undef,
$log_driver = undef,
$enable_internal_tls = hiera('enable_internal_tls', false),
$ca_file = undef,
@ -232,6 +237,11 @@ nb_master_protocol=ssl sb_master_protocol=ssl"
$tls_params = ''
$ovn_storage_maps_tls = {}
}
if $bundle_user == undef {
$bundle_user_real = ''
} else {
$bundle_user_real = "--user=${bundle_user} "
}
$resource_map = "${resource_params}${tls_params}"
pacemaker::resource::bundle { 'ovn-dbs-bundle':
image => $ovn_dbs_docker_image,
@ -239,7 +249,9 @@ nb_master_protocol=ssl sb_master_protocol=ssl"
masters => 1,
location_rule => $ovn_dbs_location_rule,
container_options => 'network=host',
options => "--log-driver=${log_driver_real} -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS${tls_priorities_real}",
# lint:ignore:140chars
options => "${bundle_user_real}--log-driver=${log_driver_real} -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS${tls_priorities_real}",
# lint:endignore
run_command => '/bin/bash /usr/local/bin/kolla_start',
network => "control-port=${ovn_dbs_control_port}",
storage_maps => merge($storage_maps, $ovn_storage_maps_tls),

7
manifests/profile/pacemaker/rabbitmq_bundle.pp
View File

@ -92,6 +92,10 @@
# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set
# Defaults to hiera('tripleo::pacemaker::tls_priorities', undef)
#
# [*bundle_user*]
# (optional) Set the --user= switch to be passed to pcmk
# Defaults to 'root'
#
class tripleo::profile::pacemaker::rabbitmq_bundle (
$rabbitmq_docker_image = hiera('tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image', undef),
$rabbitmq_docker_control_port = hiera('tripleo::profile::pacemaker::rabbitmq_bundle::control_port', '3122'),
@ -112,6 +116,7 @@ class tripleo::profile::pacemaker::rabbitmq_bundle (
$container_backend = 'docker',
$log_driver = undef,
$tls_priorities = hiera('tripleo::pacemaker::tls_priorities', undef),
$bundle_user = 'root',
) {
# is this an additional nova cell?
if hiera('nova_is_additional_cell', undef) {
@ -284,7 +289,7 @@ class tripleo::profile::pacemaker::rabbitmq_bundle (
},
container_options => 'network=host',
# lint:ignore:140chars
options => "--user=root --log-driver=${log_driver_real} -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS -e LANG=en_US.UTF-8 -e LC_ALL=en_US.UTF-8${tls_priorities_real}",
options => "--user=${bundle_user} --log-driver=${log_driver_real} -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS -e LANG=en_US.UTF-8 -e LC_ALL=en_US.UTF-8${tls_priorities_real}",
# lint:endignore
run_command => '/bin/bash /usr/local/bin/kolla_start',
network => "control-port=${rabbitmq_docker_control_port}",