Retire Tripleo: remove repo content
TripleO project is retiring - https://review.opendev.org/c/openstack/governance/+/905145 this commit remove the content of this project repo Change-Id: I73df79a8698625815ea4e3099904da448a49887e
This commit is contained in:
parent
019ec49518
commit
e06f50cb06
27
.gitignore
vendored
27
.gitignore
vendored
@ -1,27 +0,0 @@
|
||||
# Add patterns in here to exclude files created by tools integrated with this
|
||||
# repository, such as test frameworks from the project's recommended workflow,
|
||||
# rendered documentation and package builds.
|
||||
#
|
||||
# Don't add patterns to exclude files created by preferred personal tools
|
||||
# (editors, IDEs, your operating system itself even). These should instead be
|
||||
# maintained outside the repository, for example in a ~/.gitignore file added
|
||||
# with:
|
||||
#
|
||||
# git config --global core.excludesfile '~/.gitignore'
|
||||
|
||||
pkg/
|
||||
Gemfile.lock
|
||||
vendor/
|
||||
spec/fixtures/modules
|
||||
spec/fixtures/manifests
|
||||
.vagrant/
|
||||
.bundle/
|
||||
.bundle*/
|
||||
coverage/
|
||||
.idea/
|
||||
*.iml
|
||||
openstack/
|
||||
|
||||
# Files created from releasenotes build
|
||||
releasenotes/build
|
||||
.tox
|
36
Gemfile
36
Gemfile
@ -1,36 +0,0 @@
|
||||
source ENV['GEM_SOURCE'] || "https://rubygems.org"
|
||||
|
||||
group :development, :test, :system_tests do
|
||||
spec_helper_dir = '/home/zuul/src/opendev.org/openstack/puppet-openstack_spec_helper'
|
||||
if File.directory?(spec_helper_dir)
|
||||
if ENV['ZUUL_PROJECT'] == 'openstack/puppet-openstack_spec_helper'
|
||||
gem 'puppet-openstack_spec_helper',
|
||||
:path => '../..',
|
||||
:require => 'false'
|
||||
else
|
||||
gem 'puppet-openstack_spec_helper',
|
||||
:path => spec_helper_dir,
|
||||
:require => 'false'
|
||||
end
|
||||
else
|
||||
spec_helper_version = ENV['ZUUL_BRANCH'] || "master"
|
||||
gem 'puppet-openstack_spec_helper',
|
||||
:git => 'https://opendev.org/openstack/puppet-openstack_spec_helper',
|
||||
:ref => spec_helper_version,
|
||||
:require => 'false'
|
||||
end
|
||||
end
|
||||
|
||||
if facterversion = ENV['FACTER_GEM_VERSION']
|
||||
gem 'facter', facterversion, :require => false
|
||||
else
|
||||
gem 'facter', :require => false
|
||||
end
|
||||
|
||||
if puppetversion = ENV['PUPPET_GEM_VERSION']
|
||||
gem 'puppet', puppetversion, :require => false
|
||||
else
|
||||
gem 'puppet', :require => false
|
||||
end
|
||||
|
||||
# vim:ft=ruby
|
176
LICENSE
176
LICENSE
@ -1,176 +0,0 @@
|
||||
|
||||
Apache License
|
||||
Version 2.0, January 2004
|
||||
http://www.apache.org/licenses/
|
||||
|
||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||
|
||||
1. Definitions.
|
||||
|
||||
"License" shall mean the terms and conditions for use, reproduction,
|
||||
and distribution as defined by Sections 1 through 9 of this document.
|
||||
|
||||
"Licensor" shall mean the copyright owner or entity authorized by
|
||||
the copyright owner that is granting the License.
|
||||
|
||||
"Legal Entity" shall mean the union of the acting entity and all
|
||||
other entities that control, are controlled by, or are under common
|
||||
control with that entity. For the purposes of this definition,
|
||||
"control" means (i) the power, direct or indirect, to cause the
|
||||
direction or management of such entity, whether by contract or
|
||||
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||
|
||||
"You" (or "Your") shall mean an individual or Legal Entity
|
||||
exercising permissions granted by this License.
|
||||
|
||||
"Source" form shall mean the preferred form for making modifications,
|
||||
including but not limited to software source code, documentation
|
||||
source, and configuration files.
|
||||
|
||||
"Object" form shall mean any form resulting from mechanical
|
||||
transformation or translation of a Source form, including but
|
||||
not limited to compiled object code, generated documentation,
|
||||
and conversions to other media types.
|
||||
|
||||
"Work" shall mean the work of authorship, whether in Source or
|
||||
Object form, made available under the License, as indicated by a
|
||||
copyright notice that is included in or attached to the work
|
||||
(an example is provided in the Appendix below).
|
||||
|
||||
"Derivative Works" shall mean any work, whether in Source or Object
|
||||
form, that is based on (or derived from) the Work and for which the
|
||||
editorial revisions, annotations, elaborations, or other modifications
|
||||
represent, as a whole, an original work of authorship. For the purposes
|
||||
of this License, Derivative Works shall not include works that remain
|
||||
separable from, or merely link (or bind by name) to the interfaces of,
|
||||
the Work and Derivative Works thereof.
|
||||
|
||||
"Contribution" shall mean any work of authorship, including
|
||||
the original version of the Work and any modifications or additions
|
||||
to that Work or Derivative Works thereof, that is intentionally
|
||||
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||
or by an individual or Legal Entity authorized to submit on behalf of
|
||||
the copyright owner. For the purposes of this definition, "submitted"
|
||||
means any form of electronic, verbal, or written communication sent
|
||||
to the Licensor or its representatives, including but not limited to
|
||||
communication on electronic mailing lists, source code control systems,
|
||||
and issue tracking systems that are managed by, or on behalf of, the
|
||||
Licensor for the purpose of discussing and improving the Work, but
|
||||
excluding communication that is conspicuously marked or otherwise
|
||||
designated in writing by the copyright owner as "Not a Contribution."
|
||||
|
||||
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||
on behalf of whom a Contribution has been received by Licensor and
|
||||
subsequently incorporated within the Work.
|
||||
|
||||
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
copyright license to reproduce, prepare Derivative Works of,
|
||||
publicly display, publicly perform, sublicense, and distribute the
|
||||
Work and such Derivative Works in Source or Object form.
|
||||
|
||||
3. Grant of Patent License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
(except as stated in this section) patent license to make, have made,
|
||||
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||
where such license applies only to those patent claims licensable
|
||||
by such Contributor that are necessarily infringed by their
|
||||
Contribution(s) alone or by combination of their Contribution(s)
|
||||
with the Work to which such Contribution(s) was submitted. If You
|
||||
institute patent litigation against any entity (including a
|
||||
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||
or a Contribution incorporated within the Work constitutes direct
|
||||
or contributory patent infringement, then any patent licenses
|
||||
granted to You under this License for that Work shall terminate
|
||||
as of the date such litigation is filed.
|
||||
|
||||
4. Redistribution. You may reproduce and distribute copies of the
|
||||
Work or Derivative Works thereof in any medium, with or without
|
||||
modifications, and in Source or Object form, provided that You
|
||||
meet the following conditions:
|
||||
|
||||
(a) You must give any other recipients of the Work or
|
||||
Derivative Works a copy of this License; and
|
||||
|
||||
(b) You must cause any modified files to carry prominent notices
|
||||
stating that You changed the files; and
|
||||
|
||||
(c) You must retain, in the Source form of any Derivative Works
|
||||
that You distribute, all copyright, patent, trademark, and
|
||||
attribution notices from the Source form of the Work,
|
||||
excluding those notices that do not pertain to any part of
|
||||
the Derivative Works; and
|
||||
|
||||
(d) If the Work includes a "NOTICE" text file as part of its
|
||||
distribution, then any Derivative Works that You distribute must
|
||||
include a readable copy of the attribution notices contained
|
||||
within such NOTICE file, excluding those notices that do not
|
||||
pertain to any part of the Derivative Works, in at least one
|
||||
of the following places: within a NOTICE text file distributed
|
||||
as part of the Derivative Works; within the Source form or
|
||||
documentation, if provided along with the Derivative Works; or,
|
||||
within a display generated by the Derivative Works, if and
|
||||
wherever such third-party notices normally appear. The contents
|
||||
of the NOTICE file are for informational purposes only and
|
||||
do not modify the License. You may add Your own attribution
|
||||
notices within Derivative Works that You distribute, alongside
|
||||
or as an addendum to the NOTICE text from the Work, provided
|
||||
that such additional attribution notices cannot be construed
|
||||
as modifying the License.
|
||||
|
||||
You may add Your own copyright statement to Your modifications and
|
||||
may provide additional or different license terms and conditions
|
||||
for use, reproduction, or distribution of Your modifications, or
|
||||
for any such Derivative Works as a whole, provided Your use,
|
||||
reproduction, and distribution of the Work otherwise complies with
|
||||
the conditions stated in this License.
|
||||
|
||||
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||
any Contribution intentionally submitted for inclusion in the Work
|
||||
by You to the Licensor shall be under the terms and conditions of
|
||||
this License, without any additional terms or conditions.
|
||||
Notwithstanding the above, nothing herein shall supersede or modify
|
||||
the terms of any separate license agreement you may have executed
|
||||
with Licensor regarding such Contributions.
|
||||
|
||||
6. Trademarks. This License does not grant permission to use the trade
|
||||
names, trademarks, service marks, or product names of the Licensor,
|
||||
except as required for reasonable and customary use in describing the
|
||||
origin of the Work and reproducing the content of the NOTICE file.
|
||||
|
||||
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||
agreed to in writing, Licensor provides the Work (and each
|
||||
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
implied, including, without limitation, any warranties or conditions
|
||||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||
appropriateness of using or redistributing the Work and assume any
|
||||
risks associated with Your exercise of permissions under this License.
|
||||
|
||||
8. Limitation of Liability. In no event and under no legal theory,
|
||||
whether in tort (including negligence), contract, or otherwise,
|
||||
unless required by applicable law (such as deliberate and grossly
|
||||
negligent acts) or agreed to in writing, shall any Contributor be
|
||||
liable to You for damages, including any direct, indirect, special,
|
||||
incidental, or consequential damages of any character arising as a
|
||||
result of this License or out of the use or inability to use the
|
||||
Work (including but not limited to damages for loss of goodwill,
|
||||
work stoppage, computer failure or malfunction, or any and all
|
||||
other commercial damages or losses), even if such Contributor
|
||||
has been advised of the possibility of such damages.
|
||||
|
||||
9. Accepting Warranty or Additional Liability. While redistributing
|
||||
the Work or Derivative Works thereof, You may choose to offer,
|
||||
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||
or other liability obligations and/or rights consistent with this
|
||||
License. However, in accepting such obligations, You may act only
|
||||
on Your own behalf and on Your sole responsibility, not on behalf
|
||||
of any other Contributor, and only if You agree to indemnify,
|
||||
defend, and hold each Contributor harmless for any liability
|
||||
incurred by, or claims asserted against, such Contributor by reason
|
||||
of your accepting any such warranty or additional liability.
|
||||
|
@ -1,34 +0,0 @@
|
||||
|
||||
## TripleO Puppet modules
|
||||
|
||||
mod 'haproxy',
|
||||
:git => 'https://github.com/puppetlabs/puppetlabs-haproxy',
|
||||
:ref => 'main'
|
||||
|
||||
mod 'etcd',
|
||||
:git => 'https://github.com/puppet-etcd/puppet-etcd',
|
||||
:ref => 'master'
|
||||
|
||||
mod 'systemd',
|
||||
:git => 'https://github.com/camptocamp/puppet-systemd',
|
||||
:ref => 'master'
|
||||
|
||||
mod 'rsyslog',
|
||||
:git => 'https://github.com/voxpupuli/puppet-rsyslog',
|
||||
:ref => 'master'
|
||||
|
||||
mod 'ssh',
|
||||
:git => 'https://github.com/saz/puppet-ssh',
|
||||
:ref => 'v3.0.1'
|
||||
|
||||
mod 'snmp',
|
||||
:git => 'https://github.com/razorsedge/puppet-snmp',
|
||||
:ref => 'master'
|
||||
|
||||
mod 'pacemaker',
|
||||
:git => 'https://github.com/openstack/puppet-pacemaker',
|
||||
:ref => 'master'
|
||||
|
||||
mod 'collectd',
|
||||
:git => 'https://github.com/voxpupuli/puppet-collectd',
|
||||
:ref => '20494e44a90073273a18fce71f4a602d5b5d0690'
|
20
README.md
20
README.md
@ -1,20 +0,0 @@
|
||||
Team and repository tags
|
||||
========================
|
||||
|
||||
[![Team and repository tags](https://governance.openstack.org/tc/badges/puppet-tripleo.svg)](https://governance.openstack.org/tc/reference/tags/index.html)
|
||||
|
||||
<!-- Change things from this point on -->
|
||||
|
||||
# puppet-tripleo
|
||||
|
||||
Lightweight composition layer for Puppet TripleO.
|
||||
|
||||
## Contributing
|
||||
|
||||
* Free software: Apache License (2.0)
|
||||
* Source: http://git.openstack.org/cgit/openstack/puppet-tripleo
|
||||
* Bugs: http://bugs.launchpad.net/tripleo (tag: puppet)
|
||||
* Documentation:
|
||||
* TripleO: https://docs.openstack.org/tripleo-docs/latest/
|
||||
* Testing with puppet: https://docs.openstack.org/puppet-openstack-guide/latest/contributor/testing.html
|
||||
* Release Notes: https://docs.openstack.org/releasenotes/puppet-tripleo
|
10
README.rst
Normal file
10
README.rst
Normal file
@ -0,0 +1,10 @@
|
||||
This project is no longer maintained.
|
||||
|
||||
The contents of this repository are still available in the Git
|
||||
source code management system. To see the contents of this
|
||||
repository before it reached its end of life, please check out the
|
||||
previous commit with "git checkout HEAD^1".
|
||||
|
||||
For any further questions, please email
|
||||
openstack-discuss@lists.openstack.org or join #openstack-dev on
|
||||
OFTC.
|
7
Rakefile
7
Rakefile
@ -1,7 +0,0 @@
|
||||
require 'puppet-openstack_spec_helper/rake_tasks'
|
||||
|
||||
# We disable the unquoted node name check because puppet-pacemaker node
|
||||
# properties make use of attributes called 'node' and puppet-lint breaks on
|
||||
# them: https://github.com/rodjek/puppet-lint/issues/501
|
||||
# We are not using site.pp with nodes so this is safe.
|
||||
PuppetLint.configuration.send('disable_unquoted_node_name')
|
12
bindep.txt
12
bindep.txt
@ -1,12 +0,0 @@
|
||||
# This is a cross-platform list tracking distribution packages needed by tests;
|
||||
# see http://docs.openstack.org/infra/bindep/ for additional information.
|
||||
|
||||
libxml2-devel [test platform:rpm]
|
||||
libxml2-dev [test platform:dpkg]
|
||||
libxslt-devel [test platform:rpm]
|
||||
libxslt1-dev [test platform:dpkg]
|
||||
ruby-devel [test platform:rpm]
|
||||
ruby-dev [test platform:dpkg]
|
||||
zlib1g-dev [test platform:dpkg]
|
||||
zlib-devel [test platform:rpm]
|
||||
puppet [build]
|
@ -1,6 +0,0 @@
|
||||
# This is required for the docs build jobs
|
||||
sphinx>=2.0.0,!=2.1.0 # BSD
|
||||
openstackdocstheme>=2.2.1 # Apache-2.0
|
||||
|
||||
# This is required for the releasenotes build jobs
|
||||
reno>=3.1.0 # Apache-2.0
|
@ -1,42 +0,0 @@
|
||||
#!/usr/bin/env python3
|
||||
import hashlib
|
||||
import base64
|
||||
import sys
|
||||
|
||||
from nacl.bindings.crypto_scalarmult import \
|
||||
crypto_scalarmult_ed25519_base_noclamp
|
||||
|
||||
# https://github.com/MariaDB/server/blob/10.4/plugin/auth_ed25519/ref10/sign.c
|
||||
# mariadb's use of ed25519:
|
||||
# . password is the secret seed
|
||||
# . ed25519's public key (computed from password) is what is stored in mariadb
|
||||
# . the hash in mariadb is the base64 encoding of the pk minus the last '='
|
||||
|
||||
|
||||
def _scalar_clamp(s32):
|
||||
ba = bytearray(s32)
|
||||
ba0 = bytes(bytearray([ba[0] & 248]))
|
||||
ba31 = bytes(bytearray([(ba[31] & 127) | 64]))
|
||||
return ba0 + bytes(s32[1:31]) + ba31
|
||||
|
||||
|
||||
def mysql_ed25519_password(pwd):
|
||||
# h = SHA512(password)
|
||||
h = hashlib.sha512(pwd).digest()
|
||||
# s = prune(first_half(h))
|
||||
s = _scalar_clamp(h[:32])
|
||||
# A = encoded point [s]B
|
||||
A = crypto_scalarmult_ed25519_base_noclamp(s)
|
||||
# encoded pk
|
||||
encoded = base64.b64encode(A)[:-1]
|
||||
return encoded
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
if len(sys.argv) <= 1:
|
||||
print("Usage: %s PASSWORD" % sys.argv[0], file=sys.stderr)
|
||||
sys.exit(1)
|
||||
else:
|
||||
pwd = sys.argv[1].encode()
|
||||
res = mysql_ed25519_password(pwd)
|
||||
print(res.decode(), end='')
|
@ -1,34 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
[
|
||||
'external',
|
||||
'internal_api',
|
||||
'storage',
|
||||
'storage_mgmt',
|
||||
'tenant',
|
||||
'management',
|
||||
'ctlplane',
|
||||
].each do |network|
|
||||
Facter.add('fqdn_' + network) do
|
||||
setcode do
|
||||
hostname_parts = [
|
||||
Facter.value(:hostname),
|
||||
network.gsub('_', ''),
|
||||
Facter.value(:domain),
|
||||
].reject { |part| part.nil? || part.empty? }
|
||||
hostname_parts.join(".")
|
||||
end
|
||||
end
|
||||
end
|
@ -1,49 +0,0 @@
|
||||
require 'ipaddr'
|
||||
|
||||
def netmask6(value)
|
||||
if value
|
||||
ip = IPAddr.new('::0').mask(value)
|
||||
ip.inspect.split('/')[1].gsub('>', '')
|
||||
end
|
||||
end
|
||||
|
||||
if Facter.value('facterversion')[0].to_i < 3
|
||||
Facter::Util::IP::REGEX_MAP[:linux][:ipaddress6] =
|
||||
/inet6 (?:addr: )?((?!(?:fe80|::1))(?>[0-9,a-f,A-F]*\:{1,2})+[0-9,a-f,A-F]{0,4})/
|
||||
Facter::Util::IP.get_interfaces.each do |interface|
|
||||
Facter.add('netmask6_' + Facter::Util::IP.alphafy(interface)) do
|
||||
setcode do
|
||||
tmp = []
|
||||
regex = %r{inet6\s+.*\s+(?:prefixlen)\s+(\d+)}x
|
||||
output_int = Facter::Util::IP.get_output_for_interface_and_label(interface, 'netmask6')
|
||||
|
||||
output_int.each_line do |line|
|
||||
prefixlen = nil
|
||||
matches = line.match(regex)
|
||||
prefixlen = matches[1] if matches
|
||||
|
||||
if prefixlen
|
||||
value = netmask6(prefixlen)
|
||||
tmp.push(value)
|
||||
end
|
||||
end
|
||||
|
||||
tmp.shift if tmp
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
Facter.add('netmask6') do
|
||||
setcode do
|
||||
prefixlen = nil
|
||||
regex = %r{#{Facter.value(:ipaddress6)}.*?(?:prefixlen)\s*(\d+)}x
|
||||
|
||||
String(Facter::Util::IP.exec_ifconfig(['2>/dev/null'])).split(/\n/).collect do |line|
|
||||
matches = line.match(regex)
|
||||
prefixlen = matches[1] if matches
|
||||
end
|
||||
|
||||
netmask6(prefixlen) if prefixlen
|
||||
end
|
||||
end
|
||||
end
|
@ -1,27 +0,0 @@
|
||||
# Copyright 2018 Red Hat, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
Facter.add('nic_alias') do
|
||||
setcode do
|
||||
os_net_config = '/usr/bin/os-net-config'
|
||||
mapping_report = ''
|
||||
if File.exist?(os_net_config)
|
||||
mapping_report =
|
||||
Facter::Core::Execution.execute("#{os_net_config} -i")
|
||||
mapping_report.delete("{}' ")
|
||||
end
|
||||
mapping_report
|
||||
end
|
||||
end
|
@ -1,27 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
Facter.add('stonith_levels') do
|
||||
setcode do
|
||||
|
||||
# If crm_node is present, return true. Otherwise, return false.
|
||||
if Facter::Core::Execution.which('crm_node')
|
||||
hostname = Facter::Core::Execution.execute("crm_node -n 2> /dev/null", {})
|
||||
stonith_levels = Facter::Core::Execution.execute("pcs stonith level 2>&1 | sed -n \"/^Target: #{hostname}$/,/^Target:/{/^Target: #{hostname}$/b;/^Target:/b;p}\" |tail -1 | awk '{print $2}' 2> /dev/null", {}).to_i
|
||||
stonith_levels
|
||||
end
|
||||
|
||||
end
|
||||
end
|
@ -1,44 +0,0 @@
|
||||
# This custom function converts an array of docker volumes to the storage_maps
|
||||
# hash required by the pacemaker::resource::bundle resource. A prefix is added
|
||||
# to each entry in the storage map to ensure the Puppet resources are unique.
|
||||
#
|
||||
# Given:
|
||||
# docker_volumes = ["/src/vol1:/tgt/vol1", "/src/vol2:/tgt/vol2:ro"]
|
||||
# prefix = "my-prefix"
|
||||
# Returns:
|
||||
# storage_maps = {
|
||||
# "my-prefix-src-vol1" => {
|
||||
# "source-dir" => "/src/vol1",
|
||||
# "target-dir" => "/tgt/vol1",
|
||||
# "options" => "rw",
|
||||
# },
|
||||
# "my-prefix-src-vol2" => {
|
||||
# "source-dir" => "/src/vol2",
|
||||
# "target-dir" => "/tgt/vol2",
|
||||
# "options" => "ro",
|
||||
# }
|
||||
# }
|
||||
Puppet::Functions.create_function(:'docker_volumes_to_storage_maps') do
|
||||
dispatch :docker_volumes_to_storage_maps do
|
||||
param 'Array', :docker_volumes
|
||||
param 'String', :prefix
|
||||
return_type 'Hash'
|
||||
end
|
||||
|
||||
def docker_volumes_to_storage_maps(docker_volumes, prefix)
|
||||
storage_maps = Hash.new
|
||||
docker_volumes.each do |docker_vol|
|
||||
source, target, options = docker_vol.split(":")
|
||||
unless options
|
||||
options = "rw"
|
||||
end
|
||||
storage_maps[prefix + source.gsub("/", "-")] = {
|
||||
"source-dir" => source,
|
||||
"target-dir" => target,
|
||||
"options" => options,
|
||||
}
|
||||
end
|
||||
return storage_maps
|
||||
end
|
||||
end
|
||||
|
@ -1,32 +0,0 @@
|
||||
require 'ipaddr'
|
||||
|
||||
# Custom function to convert an IP4/6 address from a string to the
|
||||
# erlang inet kernel format.
|
||||
# For example from "172.17.0.16" to {172,17,0,16}
|
||||
# See http://erlang.org/doc/man/kernel_app.html and http://erlang.org/doc/man/inet.html
|
||||
# for more information.
|
||||
Puppet::Functions.create_function(:ip_to_erl_format) do
|
||||
dispatch :ip_to_erl_format do
|
||||
param 'String', :ip_addr
|
||||
end
|
||||
|
||||
def ip_to_erl_format(ip_addr)
|
||||
ip = IPAddr.new(ip_addr)
|
||||
output = '{'
|
||||
if ip.ipv6?
|
||||
split_char = ':'
|
||||
base = 16
|
||||
else
|
||||
split_char = '.'
|
||||
base = 10
|
||||
end
|
||||
# to_string() prints the canonicalized form
|
||||
ip.to_string().split(split_char).each {
|
||||
|x| output += x.to_i(base).to_s + ','
|
||||
}
|
||||
# Remove the last spurious comma
|
||||
output = output.chomp(',')
|
||||
output += '}'
|
||||
return output
|
||||
end
|
||||
end
|
@ -1,31 +0,0 @@
|
||||
# This function is an hack because we are not enabling Puppet parser
|
||||
# that would allow us to manipulate data iterations directly in manifests.
|
||||
#
|
||||
# Example:
|
||||
# keystone_vips = ['192.168.0.1:5000', '192.168.0.2:5000']
|
||||
# $keystone_bind_opts = ['transparent']
|
||||
#
|
||||
# Using this function:
|
||||
# $keystone_vips_hash = list_to_hash($keystone_vips, $keystone_bind_opts)
|
||||
#
|
||||
# Would return:
|
||||
# $keystone_vips_hash = {
|
||||
# '192.168.0.1:5000' => ['transparent'],
|
||||
# '192.168.0.2:5000' => ['transparent'],
|
||||
# }
|
||||
#
|
||||
# Disclaimer: this function is an hack and will disappear once TripleO enable
|
||||
# Puppet parser.
|
||||
#
|
||||
|
||||
Puppet::Functions.create_function(:list_to_hash) do
|
||||
dispatch :list_to_hash do
|
||||
param 'Array', :arr1
|
||||
param 'Array', :arr2
|
||||
end
|
||||
|
||||
def list_to_hash(arr1, arr2)
|
||||
hh = arr1.each_with_object({}) { |v,h| h[v] = arr2 }
|
||||
return hh
|
||||
end
|
||||
end
|
@ -1,30 +0,0 @@
|
||||
# This function merges two hashes and concatenate the values of
|
||||
# identical keys
|
||||
#
|
||||
# Example:
|
||||
# $frontend = { 'option' => [ 'tcpka', 'tcplog' ],
|
||||
# 'timeout client' => '90m' }
|
||||
# $backend = { 'option' => [ 'httpchk' ],
|
||||
# 'timeout server' => '90m' }
|
||||
#
|
||||
# Using this function:
|
||||
# $merge = merge_hash_values($frontend, $backend)
|
||||
#
|
||||
# Would return:
|
||||
# $merge = { 'option' => [ 'tcpka', 'tcplog', 'httpchk' ],
|
||||
# 'timeout client' => '90m',
|
||||
# 'timeout server' => '90m' }
|
||||
#
|
||||
|
||||
Puppet::Functions.create_function(:'merge_hash_values') do
|
||||
dispatch :merge_hash_values do
|
||||
param 'Hash', :hash1
|
||||
param 'Hash', :hash2
|
||||
return_type 'Hash'
|
||||
end
|
||||
|
||||
def merge_hash_values(hash1, hash2)
|
||||
hh = hash1.merge(hash2) {|k, v1, v2| (v2 + v1).uniq()}
|
||||
return hh
|
||||
end
|
||||
end
|
@ -1,21 +0,0 @@
|
||||
# Custom function to generate password hash for MariaDB's auth_ed25519
|
||||
# Input is a regular mariadb user password
|
||||
# Output is the hashed password as expected by auth_ed25519
|
||||
Puppet::Functions.create_function(:'mysql_ed25519_password') do
|
||||
dispatch :mysql_ed25519_password do
|
||||
param 'String', :password
|
||||
return_type 'String'
|
||||
end
|
||||
|
||||
def mysql_ed25519_password(password)
|
||||
# mysql's auth_ed25519 consists in generating a ed25519 public key
|
||||
# out of the sha512(password). Unfortunately, there is no native
|
||||
# ruby implementation of ed25519's unclamped scalar multiplication
|
||||
# just yet, so rely on an binary to get the hash for now.
|
||||
python = `(which python3 || which python2 || which python) 2>/dev/null`
|
||||
raise Puppet::Error, 'python interpreter not found in path' unless $?.success?
|
||||
hashed = `#{python.rstrip()} /etc/puppet/modules/tripleo/files/mysql_ed25519_password.py #{password}`
|
||||
raise Puppet::Error, 'generated hash is not 43 bytes long.' unless hashed.length == 43
|
||||
return hashed
|
||||
end
|
||||
end
|
@ -1,93 +0,0 @@
|
||||
# Copyright 2017 Red Hat, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# Author: Dan Prince <dprince@redhat.com>
|
||||
#
|
||||
# A function to create noop providers (set as the default) for the named
|
||||
# resource. This works alongside of 'puppet apply --tags' to disable
|
||||
# some custom resource types that still attempt to run commands during
|
||||
# prefetch, etc.
|
||||
class Puppet::Provider::Noop < Puppet::Provider
|
||||
|
||||
# generic resource interfaces
|
||||
def create
|
||||
true
|
||||
end
|
||||
|
||||
def destroy
|
||||
true
|
||||
end
|
||||
|
||||
def exists?
|
||||
false
|
||||
end
|
||||
|
||||
# package resource
|
||||
def install
|
||||
true
|
||||
end
|
||||
|
||||
def uninstall
|
||||
true
|
||||
end
|
||||
|
||||
def latest
|
||||
true
|
||||
end
|
||||
|
||||
def update
|
||||
true
|
||||
end
|
||||
|
||||
def purge
|
||||
true
|
||||
end
|
||||
|
||||
def self.instances
|
||||
[]
|
||||
end
|
||||
|
||||
# service resource
|
||||
def status
|
||||
0
|
||||
end
|
||||
|
||||
def start
|
||||
true
|
||||
end
|
||||
|
||||
def stop
|
||||
true
|
||||
end
|
||||
|
||||
# some puppet-keystone resources require this
|
||||
def self.resource_to_name(domain, name, check_for_default = true)
|
||||
return name
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
Puppet::Functions.create_function(:noop_resource) do
|
||||
dispatch :noop_resource do
|
||||
param 'String', :res
|
||||
end
|
||||
|
||||
def noop_resource(res)
|
||||
Puppet::Type.type(res.downcase.to_sym).provide(:noop, :parent => Puppet::Provider::Noop) do
|
||||
defaultfor :osfamily => :redhat
|
||||
end
|
||||
return true
|
||||
end
|
||||
end
|
@ -1,24 +0,0 @@
|
||||
# Custom function to extract the current number of replicas for a pacemaker
|
||||
# resource, as defined in the pacemaker cluster.
|
||||
# Input is the name of a pacemaker bundle resource
|
||||
# Output is the number of replicas for that resource or 0 if not found
|
||||
Puppet::Functions.create_function(:'pacemaker_bundle_replicas') do
|
||||
dispatch :pacemaker_bundle_replicas do
|
||||
param 'String', :bundle
|
||||
return_type 'Integer'
|
||||
end
|
||||
|
||||
def pacemaker_bundle_replicas(bundle)
|
||||
# the name of the node holding the replicas attribute varies based on the
|
||||
# container engine used (podman, docker...), so match via attributes instead
|
||||
replicas = `cibadmin -Q | xmllint --xpath "string(//bundle[@id='#{bundle}']/*[boolean(@image) and boolean(@run-command)]/@replicas)" -`
|
||||
# strip line break
|
||||
replicas.strip!
|
||||
# post-condition: 0 in case the bundle does not exist or an error occurred
|
||||
if $?.success? && !replicas.empty?
|
||||
return Integer(replicas)
|
||||
else
|
||||
return 0
|
||||
end
|
||||
end
|
||||
end
|
@ -1,39 +0,0 @@
|
||||
# This adds to ssl profile hash a proper value of "caCertFile" key for "caCertFileContent" key.
|
||||
#
|
||||
# Given:
|
||||
# ssl_profiles = [{"name": "test", "caCertFileContent": "cert content", ...}, ...]
|
||||
# cert_dir = "/etc/pki/tls/certs/"
|
||||
# Returns:
|
||||
# ssl_profiles = [
|
||||
# {"name": "test",
|
||||
# "caCertFileContent": "cert content",
|
||||
# "caCertFile": "/etc/pki/tls/certs/CA_test.pem",
|
||||
# ... },
|
||||
# ...
|
||||
# ]
|
||||
Puppet::Functions.create_function(:qdr_ssl_certificate) do
|
||||
|
||||
dispatch :qdr_ssl_certificate do
|
||||
param 'Array', :ssl_profiles
|
||||
param 'String', :cert_dir
|
||||
return_type 'Array'
|
||||
end
|
||||
|
||||
def qdr_ssl_certificate(ssl_profiles, cert_dir)
|
||||
processed_profiles = Array.new
|
||||
ssl_profiles.each do |profile|
|
||||
if profile.key?("caCertFileContent")
|
||||
processed = profile.clone
|
||||
# create certificate path
|
||||
path = File.join(cert_dir, "CA_#{processed["name"]}.pem")
|
||||
# update profile
|
||||
processed["caCertFile"] = path
|
||||
processed_profiles.append(processed)
|
||||
else
|
||||
processed_profiles.append(profile)
|
||||
end
|
||||
end
|
||||
return processed_profiles
|
||||
end
|
||||
|
||||
end
|
@ -1,27 +0,0 @@
|
||||
# Build Swift devices list from the parts, e.g. for:
|
||||
# raw_disk_prefix = 'r1z1-'
|
||||
# swift_storage_node_ips = ['192.168.1.12', '192.168.1.13']
|
||||
# raw_disks = [':%PORT%/device1', ':%PORT%/device2']
|
||||
#
|
||||
# devices will be ['r1z1-192.168.1.12:%PORT%/device1',
|
||||
# 'r1z1-192.168.1.12:%PORT%/device2'
|
||||
# 'r1z1-192.168.1.13:%PORT%/device1'
|
||||
# 'r1z1-192.168.1.13:%PORT%/device2']
|
||||
Puppet::Functions.create_function(:tripleo_swift_devices) do
|
||||
dispatch :tripleo_swift_devices do
|
||||
param 'String', :raw_disk_prefix
|
||||
param 'Array', :swift_node_ips
|
||||
param 'Array', :raw_disks
|
||||
end
|
||||
|
||||
def tripleo_swift_devices(raw_disk_prefix, swift_node_ips, raw_disks)
|
||||
devices = []
|
||||
for ip in swift_node_ips do
|
||||
for disk in raw_disks do
|
||||
devices << "#{raw_disk_prefix}#{ip}#{disk}"
|
||||
end
|
||||
end
|
||||
|
||||
return devices
|
||||
end
|
||||
end
|
@ -1,85 +0,0 @@
|
||||
require 'ipaddr'
|
||||
|
||||
# Custom function to lookup the interface which matches the subnet
|
||||
# of the provided IP address.
|
||||
# The function iterates over all the interfaces and chooses the
|
||||
# first locally assigned interface which matches the IP.
|
||||
module Puppet::Parser::Functions
|
||||
newfunction(:interface_for_ip, :type => :rvalue, :doc => "Find the bind IP address for the provided subnet.") do |arg|
|
||||
if arg[0].class == String
|
||||
begin
|
||||
ip1 = IPAddr.new(arg[0])
|
||||
network_facts = lookupvar('networking')
|
||||
Dir.foreach('/sys/class/net/') do |interface|
|
||||
next if interface == '.' || interface == '..'
|
||||
# puppet downcases fact names, interface names can have capitals but
|
||||
# in facter 2.x they were lower case. In facter 3.x they can have
|
||||
# capitals
|
||||
iface_no_dash = interface.gsub('-', '_').downcase
|
||||
|
||||
if ip1.ipv4?
|
||||
ipaddress_name = "ipaddress_#{iface_no_dash}"
|
||||
netmask_name = "netmask_#{iface_no_dash}"
|
||||
facter_ip = 'ip'
|
||||
facter_netmask = 'netmask'
|
||||
else
|
||||
ipaddress_name = "ipaddress6_#{iface_no_dash}"
|
||||
netmask_name = "netmask6_#{iface_no_dash}"
|
||||
facter_ip = 'ip6'
|
||||
facter_netmask = 'netmask6'
|
||||
end
|
||||
|
||||
if network_facts.nil? or network_facts['interfaces'].nil? then
|
||||
# facter 2 facts
|
||||
interface_ip = lookupvar(ipaddress_name)
|
||||
next if interface_ip.nil?
|
||||
ip2 = IPAddr.new(interface_ip)
|
||||
netmask = lookupvar(netmask_name)
|
||||
return interface if ip1.mask(netmask) == ip2.mask(netmask)
|
||||
else
|
||||
# facter 3+ syntax:
|
||||
# networking => {
|
||||
# ...
|
||||
# interfaces => {
|
||||
# br-ctlplane => {
|
||||
# bindings => [
|
||||
# {
|
||||
# address => "192.168.24.1",
|
||||
# netmask => "255.255.255.0",
|
||||
# network => "192.168.24.0"
|
||||
# }
|
||||
# ],
|
||||
# bindings6 => [
|
||||
# {
|
||||
# address => "fe80::5054:ff:fe22:bac3",
|
||||
# netmask => "ffff:ffff:ffff:ffff::",
|
||||
# network => "fe80::"
|
||||
# }
|
||||
# ],
|
||||
# ip => "192.168.24.1",
|
||||
# ip6 => "fe80::5054:ff:fe22:bac3",
|
||||
# mac => "52:54:00:22:ba:c3",
|
||||
# mtu => 1500,
|
||||
# netmask => "255.255.255.0",
|
||||
# netmask6 => "ffff:ffff:ffff:ffff::",
|
||||
# network => "192.168.24.0",
|
||||
# network6 => "fe80::"
|
||||
# },
|
||||
# },
|
||||
# ...
|
||||
# }
|
||||
next if network_facts['interfaces'][interface].nil? or network_facts['interfaces'][interface][facter_ip].nil?
|
||||
ip2 = IPAddr.new(network_facts['interfaces'][interface][facter_ip])
|
||||
netmask = network_facts['interfaces'][interface][facter_netmask]
|
||||
return interface if ip1.mask(netmask) == ip2.mask(netmask)
|
||||
end
|
||||
end
|
||||
rescue IPAddr::InvalidAddressError => e
|
||||
raise Puppet::ParseError, "#{e}: #{arg[0]}"
|
||||
end
|
||||
else
|
||||
raise Puppet::ParseError, "Syntax error: #{arg[0]} must be a String"
|
||||
end
|
||||
return ''
|
||||
end
|
||||
end
|
@ -1,34 +0,0 @@
|
||||
module Puppet::Parser::Functions
|
||||
newfunction(:local_fence_devices, :arity =>2, :type => :rvalue,
|
||||
:doc => ("Given an array of fence device configs, limit them" +
|
||||
"to fence devices whose MAC address is present on" +
|
||||
"some of the local NICs, and prepare a hash which can be" +
|
||||
"passed to create_resources function")) do |args|
|
||||
agent = args[0]
|
||||
devices = args[1]
|
||||
unless agent.is_a?(String) && agent.length > 0
|
||||
raise Puppet::ParseError, "local_fence_devices: Argument 'agent' must be a non-empty string. The value given was: #{agent_type}"
|
||||
end
|
||||
unless devices.is_a?(Array)
|
||||
raise Puppet::ParseError, "local_fence_devices: Argument 'devices' must be an array. The value given was: #{devices}"
|
||||
end
|
||||
|
||||
# filter by agent type
|
||||
agent_type_devices = devices.select { |device| device['agent'] == agent }
|
||||
|
||||
# filter by local mac address
|
||||
local_devices = agent_type_devices.select do |device|
|
||||
function_has_interface_with(['macaddress', device['host_mac']])
|
||||
end
|
||||
|
||||
# construct a hash for create_resources
|
||||
return local_devices.each_with_object({}) do |device, hash|
|
||||
# disallow collisions
|
||||
if hash[device['host_mac']]
|
||||
raise Puppet::ParseError, "local_fence_devices: Only single fence device per agent per host is allowed. Collision on #{device['host_mac']} for #{agent}"
|
||||
end
|
||||
|
||||
hash[device['host_mac']] = device['params'] || {}
|
||||
end
|
||||
end
|
||||
end
|
@ -1,51 +0,0 @@
|
||||
# Copyright 2015 Red Hat, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
require 'puppet'
|
||||
require 'puppet/provider/package'
|
||||
|
||||
Puppet::Type.type(:package).provide :norpm, :source => :rpm, :parent => :rpm do
|
||||
desc "RPM packaging provider that does not install anything."
|
||||
|
||||
has_feature :virtual_packages
|
||||
|
||||
def latest
|
||||
@resource.fail "'latest' is unsupported by this provider."
|
||||
end
|
||||
|
||||
def install
|
||||
Puppet.warning("[norpm] Attempting to install #{name} but it will not be installed")
|
||||
true
|
||||
end
|
||||
|
||||
def uninstall
|
||||
Puppet.warning("[norpm] Attempting to uninstall #{name} but it will not be removed")
|
||||
true
|
||||
end
|
||||
|
||||
def update
|
||||
Puppet.warning("[norpm] Attempting to update #{name} but it will not be updated")
|
||||
true
|
||||
end
|
||||
|
||||
def purge
|
||||
Puppet.warning("[norpm] Attempting to purge #{name} but it will not be removed")
|
||||
true
|
||||
end
|
||||
|
||||
def self.instances
|
||||
return []
|
||||
end
|
||||
|
||||
end
|
@ -1,44 +0,0 @@
|
||||
# == Class: tripleo::config
|
||||
#
|
||||
# Configure services with Puppet
|
||||
#
|
||||
# === Parameters:
|
||||
#
|
||||
# [*configs*]
|
||||
# (optional) Configuration to inject.
|
||||
# Should be an hash.
|
||||
# Default to lookup('param_config', {})
|
||||
#
|
||||
# [*providers*]
|
||||
# (optional) Filter the providers we want
|
||||
# to use for config.
|
||||
# Should be an array.
|
||||
# Default to lookup('param_providers', Array[String], 'deep', [])
|
||||
#
|
||||
class tripleo::config(
|
||||
$configs = lookup('param_config', {}),
|
||||
$providers = lookup('param_providers', Array[String], 'deep', []),
|
||||
) {
|
||||
|
||||
if ! empty($configs) {
|
||||
# Allow composable services to load their own configurations.
|
||||
# Each service can load its config options by using this form:
|
||||
#
|
||||
# puppet_config:
|
||||
# param_config:
|
||||
# 'aodh_config':
|
||||
# DEFAULT:
|
||||
# foo: fooValue
|
||||
# bar: barValue
|
||||
$configs.each |$provider, $sections| {
|
||||
if empty($providers) or ($provider in $providers) {
|
||||
$sections.each |$section, $params| {
|
||||
$params.each |$param, $value| {
|
||||
create_resources($provider, {"${section}/${param}" => {'value' => $value }})
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
@ -1,222 +0,0 @@
|
||||
# == Class: tripleo::fencing
|
||||
#
|
||||
# Configure Pacemaker fencing devices for TripleO.
|
||||
#
|
||||
# === Parameters:
|
||||
#
|
||||
# [*config*]
|
||||
# JSON config of fencing devices, using the following structure:
|
||||
# {
|
||||
# "devices": [
|
||||
# {
|
||||
# "agent": "AGENT_NAME",
|
||||
# "host_mac": "HOST_MAC_ADDRESS",
|
||||
# "params": {"PARAM_NAME": "PARAM_VALUE"}
|
||||
# }
|
||||
# ]
|
||||
# }
|
||||
# For instance:
|
||||
# {
|
||||
# "devices": [
|
||||
# {
|
||||
# "agent": "fence_xvm",
|
||||
# "host_mac": "52:54:00:aa:bb:cc",
|
||||
# "params": {
|
||||
# "multicast_address": "225.0.0.12",
|
||||
# "port": "baremetal_0",
|
||||
# "manage_fw": true,
|
||||
# "manage_key_file": true,
|
||||
# "key_file": "/etc/fence_xvm.key",
|
||||
# "key_file_password": "abcdef"
|
||||
# }
|
||||
# }
|
||||
# ]
|
||||
# }
|
||||
# Defaults to {}
|
||||
#
|
||||
# [*tries*]
|
||||
# Number of attempts when creating fence devices and constraints.
|
||||
# Defaults to 10
|
||||
#
|
||||
# [*try_sleep*]
|
||||
# Delay (in seconds) between attempts when creating fence devices
|
||||
# and constraints.
|
||||
# Defaults to 3
|
||||
#
|
||||
# [*deep_compare*]
|
||||
# Enable deep comparing of resources and bundles
|
||||
# When set to true a resource will be compared in full (options, meta parameters,..)
|
||||
# to the existing one and in case of difference it will be repushed to the CIB
|
||||
# Defaults to false
|
||||
#
|
||||
# [*update_settle_secs*]
|
||||
# When deep_compare is enabled and puppet updates a resource, this
|
||||
# parameter represents the number (in seconds) to wait for the cluster to settle
|
||||
# after the resource update.
|
||||
# Defaults to 600 (seconds)
|
||||
#
|
||||
# [*watchdog_timeout*]
|
||||
# Only valid if sbd watchdog fencing is enabled.
|
||||
# Pacemaker will assume unseen nodes self-fence within this much time.
|
||||
# Defaults to 60 (seconds)
|
||||
#
|
||||
# [*enable_instanceha*]
|
||||
# (Optional) Boolean driving the Instance HA controlplane configuration
|
||||
# Defaults to lookup('tripleo::instanceha', undef, undef, false),
|
||||
#
|
||||
class tripleo::fencing(
|
||||
$config = {},
|
||||
$tries = 10,
|
||||
$try_sleep = 3,
|
||||
$deep_compare = false,
|
||||
$update_settle_secs = 600,
|
||||
$watchdog_timeout = 60,
|
||||
$enable_instanceha = lookup('tripleo::instanceha', undef, undef, false),
|
||||
) {
|
||||
$common_params = {
|
||||
'tries' => $tries,
|
||||
'try_sleep' => $try_sleep,
|
||||
'deep_compare' => $deep_compare,
|
||||
'update_settle_secs' => $update_settle_secs
|
||||
}
|
||||
|
||||
# check if instanceha is enabled
|
||||
if member(lookup('compute_instanceha_short_node_names', undef, undef, []), downcase($::hostname)) {
|
||||
$is_compute_instanceha_node = true
|
||||
} else {
|
||||
$is_compute_instanceha_node = false
|
||||
}
|
||||
|
||||
$content = $config['devices']
|
||||
|
||||
# check if the devices: section in fence.yaml contains levels.
|
||||
# if it doesn't, assume level=1 and build a hash with the content.
|
||||
$all_levels = $content ? {
|
||||
Array => {'level1' => $content},
|
||||
default => $content
|
||||
}
|
||||
|
||||
# collect the number of stonith levels currently defined for this system
|
||||
# and convert it to integer.
|
||||
$local_levels = 0 + $facts['stonith_levels']
|
||||
|
||||
# if the number of levels defined on this system is greater than the number in hiera
|
||||
# we need to delete the delta.
|
||||
if $local_levels > $all_levels.length {
|
||||
$begin = $all_levels.length + 1
|
||||
range("${begin}", "${local_levels}").each |$level|{
|
||||
pacemaker::stonith::level{ "stonith-${level}":
|
||||
ensure => 'absent',
|
||||
level => $level,
|
||||
target => '$(/usr/sbin/crm_node -n)',
|
||||
stonith_resources => [''],
|
||||
tries => $tries,
|
||||
try_sleep => $try_sleep,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$all_levels.each |$index, $levelx_devices |{
|
||||
|
||||
$level = regsubst($index, 'level', '', 'G')
|
||||
$all_devices = $levelx_devices
|
||||
|
||||
$xvm_devices = local_fence_devices('fence_xvm', $all_devices)
|
||||
create_resources('pacemaker::stonith::fence_xvm', $xvm_devices, $common_params)
|
||||
|
||||
$ironic_devices = local_fence_devices('fence_ironic', $all_devices)
|
||||
create_resources('pacemaker::stonith::fence_ironic', $ironic_devices, $common_params)
|
||||
|
||||
$redfish_devices = local_fence_devices('fence_redfish', $all_devices)
|
||||
create_resources('pacemaker::stonith::fence_redfish', $redfish_devices, $common_params)
|
||||
|
||||
$ipmilan_devices = local_fence_devices('fence_ipmilan', $all_devices)
|
||||
create_resources('pacemaker::stonith::fence_ipmilan', $ipmilan_devices, $common_params)
|
||||
|
||||
$kdump_devices = local_fence_devices('fence_kdump', $all_devices)
|
||||
create_resources('pacemaker::stonith::fence_kdump', $kdump_devices, $common_params)
|
||||
|
||||
$kubevirt_devices = local_fence_devices('fence_kubevirt', $all_devices)
|
||||
create_resources('pacemaker::stonith::fence_kubevirt', $kubevirt_devices, $common_params)
|
||||
|
||||
$rhev_devices = local_fence_devices('fence_rhevm', $all_devices)
|
||||
create_resources('pacemaker::stonith::fence_rhevm', $rhev_devices, $common_params)
|
||||
|
||||
$ucs_devices = local_fence_devices('fence_cisco_ucs', $all_devices)
|
||||
create_resources('pacemaker::stonith::fence_cisco_ucs', $ucs_devices, $common_params)
|
||||
|
||||
$data = {
|
||||
'xvm' => $xvm_devices, 'ironic' => $ironic_devices, 'redfish' => $redfish_devices,
|
||||
'ipmilan' => $ipmilan_devices, 'kdump' => $kdump_devices, 'kubevirt' => $kubevirt_devices,
|
||||
'rhevm' => $rhev_devices, 'cisco_ucs' => $ucs_devices
|
||||
}
|
||||
|
||||
# let's store the number of stonith devices created for this server.
|
||||
# this will be used to detect if there is a least one and fail if
|
||||
# instance_ha is configured and puppet is running on a compute node.
|
||||
$data_num = [
|
||||
length($ironic_devices), length($redfish_devices),
|
||||
length($ipmilan_devices), length($kdump_devices), length($rhev_devices)
|
||||
]
|
||||
|
||||
$sum = $data_num.reduce |$memo, $value| { $memo + $value }
|
||||
|
||||
$data.each |$items| {
|
||||
$driver = $items[0]
|
||||
$driver_devices = $items[1]
|
||||
|
||||
# if there is no valid stonith device and this is a compute-instanceha node we raise an exception
|
||||
if $level == '1' and $sum == 0 and $enable_instanceha and $is_compute_instanceha_node {
|
||||
fail('Instance HA requires at least one valid stonith device')
|
||||
}
|
||||
|
||||
if $driver_devices and length($driver_devices) == 1 {
|
||||
$mac = keys($driver_devices)[0]
|
||||
$safe_mac = regsubst($mac, ':', '', 'G')
|
||||
if ($enable_instanceha and $is_compute_instanceha_node) {
|
||||
$stonith_resources = [ "stonith-fence_${driver}-${safe_mac}", 'stonith-fence_compute-fence-nova' ]
|
||||
}
|
||||
else {
|
||||
$stonith_resources = [ "stonith-fence_${driver}-${safe_mac}" ]
|
||||
}
|
||||
pacemaker::stonith::level{ "stonith-${level}-${safe_mac}":
|
||||
level => $level,
|
||||
target => '$(/usr/sbin/crm_node -n)',
|
||||
stonith_resources => $stonith_resources,
|
||||
tries => $tries,
|
||||
try_sleep => $try_sleep,
|
||||
}
|
||||
Pcmk_stonith<||> -> Pcmk_stonith_level<||>
|
||||
}
|
||||
}
|
||||
# we use the boostrap_node to create the watchdog resource and the stonith
|
||||
# topology for all the nodes in the cluster, because the watchdog resource
|
||||
# is not per-node but cluster-wide
|
||||
$watchdog_devices = local_fence_devices('fence_watchdog', $all_devices)
|
||||
if length($watchdog_devices) > 0 {
|
||||
# check if this is the bootstrap node
|
||||
if downcase($::hostname) == lookup('pacemaker_short_bootstrap_node_name') {
|
||||
create_resources('pacemaker::stonith::fence_watchdog', $watchdog_devices, $common_params)
|
||||
$stonith_resources = [ 'watchdog' ]
|
||||
# if this is the boostrap node we set watchdog as levelX for all
|
||||
# the pacemaker nodes
|
||||
lookup('pacemaker_short_node_names').each |$node| {
|
||||
pacemaker::stonith::level{ "stonith-${level}-watchdog-${node}":
|
||||
level => $level,
|
||||
target => $node,
|
||||
stonith_resources => [ 'watchdog' ],
|
||||
tries => $tries,
|
||||
try_sleep => $try_sleep,
|
||||
}
|
||||
}
|
||||
pacemaker::property { 'stonith-watchdog-timeout':
|
||||
property => 'stonith-watchdog-timeout',
|
||||
value => $watchdog_timeout,
|
||||
tries => $tries,
|
||||
}
|
||||
Pcmk_property<||> -> Pcmk_stonith<||> -> Pcmk_stonith_level<||>
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
1839
manifests/haproxy.pp
1839
manifests/haproxy.pp
File diff suppressed because it is too large
Load Diff
@ -1,321 +0,0 @@
|
||||
# Copyright 2014 Red Hat, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
# == Class: tripleo::haproxy::endpoint
|
||||
#
|
||||
# Configure a HAProxy listen endpoint
|
||||
#
|
||||
# [*internal_ip*]
|
||||
# The IP in which the proxy endpoint will be listening in the internal
|
||||
# network.
|
||||
#
|
||||
# [*service_port*]
|
||||
# The default port on which the endpoint will be listening.
|
||||
#
|
||||
# [*member_options*]
|
||||
# Options for the balancer member, specified after the server declaration.
|
||||
# These should go in the member's configuration block.
|
||||
#
|
||||
# [*use_backend_syntax*]
|
||||
# (optional) When set to true, generate a config with frontend and
|
||||
# backend sections, otherwise use listen sections.
|
||||
# Defaults to lookup('haproxy_backend_syntax', undef, undef, false)
|
||||
#
|
||||
# [*haproxy_port*]
|
||||
# An alternative port, on which haproxy will listen for incoming requests.
|
||||
# Defaults to service_port.
|
||||
#
|
||||
# [*base_service_name*]
|
||||
# In cases where the service name doesn't match the endpoint name, you can
|
||||
# specify this option in order to get an appropriate value for $ip_addresses
|
||||
# and $server_names. So, this will be used in hiera to derive these, if set.
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*ip_addresses*]
|
||||
# The ordered list of IPs to be used to contact the balancer member.
|
||||
# Defaults to lookup("${name}_node_ips", undef, undef, undef)
|
||||
#
|
||||
# [*server_names*]
|
||||
# The names of the balancer members, which usually should be the hostname.
|
||||
# Defaults to lookup("${name}_node_names", undef, undef, undef)
|
||||
#
|
||||
# [*public_virtual_ip*]
|
||||
# Address in which the proxy endpoint will be listening in the public network.
|
||||
# If this service is internal only this should be omitted.
|
||||
# Defaults to undef.
|
||||
#
|
||||
# [*mode*]
|
||||
# HAProxy mode in which the endpoint will be listening. This can be undef,
|
||||
# tcp, http or health.
|
||||
# Defaults to undef.
|
||||
#
|
||||
# [*haproxy_listen_bind_param*]
|
||||
# A list of params to be added to the HAProxy listener bind directive.
|
||||
# Defaults to undef.
|
||||
#
|
||||
# [*listen_options*]
|
||||
# Options specified for the listening service's configuration block (in
|
||||
# HAproxy terms, the frontend).
|
||||
# defaults to {'option' => []}
|
||||
#
|
||||
# [*frontend_options*]
|
||||
# Options specified for the frontend service's configuration block
|
||||
# defaults to {'option' => []}
|
||||
#
|
||||
# [*backend_options*]
|
||||
# Options specified for the service's backend configuration block
|
||||
# defaults to {'option' => []}
|
||||
#
|
||||
# [*public_ssl_port*]
|
||||
# The port used for the public proxy endpoint if it differs from the default
|
||||
# one. This is used only if SSL is enabled, and it's used in order to avoid
|
||||