Retire Tripleo: remove repo content

TripleO project is retiring
- https://review.opendev.org/c/openstack/governance/+/905145

this commit remove the content of this project repo

Change-Id: I73df79a8698625815ea4e3099904da448a49887e
This commit is contained in:
Ghanshyam Mann 2024-02-24 11:32:37 -08:00
parent 019ec49518
commit e06f50cb06
680 changed files with 10 additions and 42085 deletions

27
.gitignore vendored
View File

@ -1,27 +0,0 @@
# Add patterns in here to exclude files created by tools integrated with this
# repository, such as test frameworks from the project's recommended workflow,
# rendered documentation and package builds.
#
# Don't add patterns to exclude files created by preferred personal tools
# (editors, IDEs, your operating system itself even). These should instead be
# maintained outside the repository, for example in a ~/.gitignore file added
# with:
#
# git config --global core.excludesfile '~/.gitignore'
pkg/
Gemfile.lock
vendor/
spec/fixtures/modules
spec/fixtures/manifests
.vagrant/
.bundle/
.bundle*/
coverage/
.idea/
*.iml
openstack/
# Files created from releasenotes build
releasenotes/build
.tox

View File

@ -1,3 +0,0 @@
---
spec/spec_helper.rb:
unmanaged: true

36
Gemfile
View File

@ -1,36 +0,0 @@
source ENV['GEM_SOURCE'] || "https://rubygems.org"
group :development, :test, :system_tests do
spec_helper_dir = '/home/zuul/src/opendev.org/openstack/puppet-openstack_spec_helper'
if File.directory?(spec_helper_dir)
if ENV['ZUUL_PROJECT'] == 'openstack/puppet-openstack_spec_helper'
gem 'puppet-openstack_spec_helper',
:path => '../..',
:require => 'false'
else
gem 'puppet-openstack_spec_helper',
:path => spec_helper_dir,
:require => 'false'
end
else
spec_helper_version = ENV['ZUUL_BRANCH'] || "master"
gem 'puppet-openstack_spec_helper',
:git => 'https://opendev.org/openstack/puppet-openstack_spec_helper',
:ref => spec_helper_version,
:require => 'false'
end
end
if facterversion = ENV['FACTER_GEM_VERSION']
gem 'facter', facterversion, :require => false
else
gem 'facter', :require => false
end
if puppetversion = ENV['PUPPET_GEM_VERSION']
gem 'puppet', puppetversion, :require => false
else
gem 'puppet', :require => false
end
# vim:ft=ruby

176
LICENSE
View File

@ -1,176 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.

View File

@ -1,34 +0,0 @@
## TripleO Puppet modules
mod 'haproxy',
:git => 'https://github.com/puppetlabs/puppetlabs-haproxy',
:ref => 'main'
mod 'etcd',
:git => 'https://github.com/puppet-etcd/puppet-etcd',
:ref => 'master'
mod 'systemd',
:git => 'https://github.com/camptocamp/puppet-systemd',
:ref => 'master'
mod 'rsyslog',
:git => 'https://github.com/voxpupuli/puppet-rsyslog',
:ref => 'master'
mod 'ssh',
:git => 'https://github.com/saz/puppet-ssh',
:ref => 'v3.0.1'
mod 'snmp',
:git => 'https://github.com/razorsedge/puppet-snmp',
:ref => 'master'
mod 'pacemaker',
:git => 'https://github.com/openstack/puppet-pacemaker',
:ref => 'master'
mod 'collectd',
:git => 'https://github.com/voxpupuli/puppet-collectd',
:ref => '20494e44a90073273a18fce71f4a602d5b5d0690'

View File

@ -1,20 +0,0 @@
Team and repository tags
========================
[![Team and repository tags](https://governance.openstack.org/tc/badges/puppet-tripleo.svg)](https://governance.openstack.org/tc/reference/tags/index.html)
<!-- Change things from this point on -->
# puppet-tripleo
Lightweight composition layer for Puppet TripleO.
## Contributing
* Free software: Apache License (2.0)
* Source: http://git.openstack.org/cgit/openstack/puppet-tripleo
* Bugs: http://bugs.launchpad.net/tripleo (tag: puppet)
* Documentation:
* TripleO: https://docs.openstack.org/tripleo-docs/latest/
* Testing with puppet: https://docs.openstack.org/puppet-openstack-guide/latest/contributor/testing.html
* Release Notes: https://docs.openstack.org/releasenotes/puppet-tripleo

10
README.rst Normal file
View File

@ -0,0 +1,10 @@
This project is no longer maintained.
The contents of this repository are still available in the Git
source code management system. To see the contents of this
repository before it reached its end of life, please check out the
previous commit with "git checkout HEAD^1".
For any further questions, please email
openstack-discuss@lists.openstack.org or join #openstack-dev on
OFTC.

View File

@ -1,7 +0,0 @@
require 'puppet-openstack_spec_helper/rake_tasks'
# We disable the unquoted node name check because puppet-pacemaker node
# properties make use of attributes called 'node' and puppet-lint breaks on
# them: https://github.com/rodjek/puppet-lint/issues/501
# We are not using site.pp with nodes so this is safe.
PuppetLint.configuration.send('disable_unquoted_node_name')

View File

@ -1,12 +0,0 @@
# This is a cross-platform list tracking distribution packages needed by tests;
# see http://docs.openstack.org/infra/bindep/ for additional information.
libxml2-devel [test platform:rpm]
libxml2-dev [test platform:dpkg]
libxslt-devel [test platform:rpm]
libxslt1-dev [test platform:dpkg]
ruby-devel [test platform:rpm]
ruby-dev [test platform:dpkg]
zlib1g-dev [test platform:dpkg]
zlib-devel [test platform:rpm]
puppet [build]

View File

@ -1,6 +0,0 @@
# This is required for the docs build jobs
sphinx>=2.0.0,!=2.1.0 # BSD
openstackdocstheme>=2.2.1 # Apache-2.0
# This is required for the releasenotes build jobs
reno>=3.1.0 # Apache-2.0

View File

@ -1,42 +0,0 @@
#!/usr/bin/env python3
import hashlib
import base64
import sys
from nacl.bindings.crypto_scalarmult import \
crypto_scalarmult_ed25519_base_noclamp
# https://github.com/MariaDB/server/blob/10.4/plugin/auth_ed25519/ref10/sign.c
# mariadb's use of ed25519:
# . password is the secret seed
# . ed25519's public key (computed from password) is what is stored in mariadb
# . the hash in mariadb is the base64 encoding of the pk minus the last '='
def _scalar_clamp(s32):
ba = bytearray(s32)
ba0 = bytes(bytearray([ba[0] & 248]))
ba31 = bytes(bytearray([(ba[31] & 127) | 64]))
return ba0 + bytes(s32[1:31]) + ba31
def mysql_ed25519_password(pwd):
# h = SHA512(password)
h = hashlib.sha512(pwd).digest()
# s = prune(first_half(h))
s = _scalar_clamp(h[:32])
# A = encoded point [s]B
A = crypto_scalarmult_ed25519_base_noclamp(s)
# encoded pk
encoded = base64.b64encode(A)[:-1]
return encoded
if __name__ == "__main__":
if len(sys.argv) <= 1:
print("Usage: %s PASSWORD" % sys.argv[0], file=sys.stderr)
sys.exit(1)
else:
pwd = sys.argv[1].encode()
res = mysql_ed25519_password(pwd)
print(res.decode(), end='')

View File

@ -1,34 +0,0 @@
# Copyright 2016 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
[
'external',
'internal_api',
'storage',
'storage_mgmt',
'tenant',
'management',
'ctlplane',
].each do |network|
Facter.add('fqdn_' + network) do
setcode do
hostname_parts = [
Facter.value(:hostname),
network.gsub('_', ''),
Facter.value(:domain),
].reject { |part| part.nil? || part.empty? }
hostname_parts.join(".")
end
end
end

View File

@ -1,49 +0,0 @@
require 'ipaddr'
def netmask6(value)
if value
ip = IPAddr.new('::0').mask(value)
ip.inspect.split('/')[1].gsub('>', '')
end
end
if Facter.value('facterversion')[0].to_i < 3
Facter::Util::IP::REGEX_MAP[:linux][:ipaddress6] =
/inet6 (?:addr: )?((?!(?:fe80|::1))(?>[0-9,a-f,A-F]*\:{1,2})+[0-9,a-f,A-F]{0,4})/
Facter::Util::IP.get_interfaces.each do |interface|
Facter.add('netmask6_' + Facter::Util::IP.alphafy(interface)) do
setcode do
tmp = []
regex = %r{inet6\s+.*\s+(?:prefixlen)\s+(\d+)}x
output_int = Facter::Util::IP.get_output_for_interface_and_label(interface, 'netmask6')
output_int.each_line do |line|
prefixlen = nil
matches = line.match(regex)
prefixlen = matches[1] if matches
if prefixlen
value = netmask6(prefixlen)
tmp.push(value)
end
end
tmp.shift if tmp
end
end
end
Facter.add('netmask6') do
setcode do
prefixlen = nil
regex = %r{#{Facter.value(:ipaddress6)}.*?(?:prefixlen)\s*(\d+)}x
String(Facter::Util::IP.exec_ifconfig(['2>/dev/null'])).split(/\n/).collect do |line|
matches = line.match(regex)
prefixlen = matches[1] if matches
end
netmask6(prefixlen) if prefixlen
end
end
end

View File

@ -1,27 +0,0 @@
# Copyright 2018 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
Facter.add('nic_alias') do
setcode do
os_net_config = '/usr/bin/os-net-config'
mapping_report = ''
if File.exist?(os_net_config)
mapping_report =
Facter::Core::Execution.execute("#{os_net_config} -i")
mapping_report.delete("{}' ")
end
mapping_report
end
end

View File

@ -1,27 +0,0 @@
# Copyright 2016 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
Facter.add('stonith_levels') do
setcode do
# If crm_node is present, return true. Otherwise, return false.
if Facter::Core::Execution.which('crm_node')
hostname = Facter::Core::Execution.execute("crm_node -n 2> /dev/null", {})
stonith_levels = Facter::Core::Execution.execute("pcs stonith level 2>&1 | sed -n \"/^Target: #{hostname}$/,/^Target:/{/^Target: #{hostname}$/b;/^Target:/b;p}\" |tail -1 | awk '{print $2}' 2> /dev/null", {}).to_i
stonith_levels
end
end
end

View File

@ -1,44 +0,0 @@
# This custom function converts an array of docker volumes to the storage_maps
# hash required by the pacemaker::resource::bundle resource. A prefix is added
# to each entry in the storage map to ensure the Puppet resources are unique.
#
# Given:
# docker_volumes = ["/src/vol1:/tgt/vol1", "/src/vol2:/tgt/vol2:ro"]
# prefix = "my-prefix"
# Returns:
# storage_maps = {
# "my-prefix-src-vol1" => {
# "source-dir" => "/src/vol1",
# "target-dir" => "/tgt/vol1",
# "options" => "rw",
# },
# "my-prefix-src-vol2" => {
# "source-dir" => "/src/vol2",
# "target-dir" => "/tgt/vol2",
# "options" => "ro",
# }
# }
Puppet::Functions.create_function(:'docker_volumes_to_storage_maps') do
dispatch :docker_volumes_to_storage_maps do
param 'Array', :docker_volumes
param 'String', :prefix
return_type 'Hash'
end
def docker_volumes_to_storage_maps(docker_volumes, prefix)
storage_maps = Hash.new
docker_volumes.each do |docker_vol|
source, target, options = docker_vol.split(":")
unless options
options = "rw"
end
storage_maps[prefix + source.gsub("/", "-")] = {
"source-dir" => source,
"target-dir" => target,
"options" => options,
}
end
return storage_maps
end
end

View File

@ -1,32 +0,0 @@
require 'ipaddr'
# Custom function to convert an IP4/6 address from a string to the
# erlang inet kernel format.
# For example from "172.17.0.16" to {172,17,0,16}
# See http://erlang.org/doc/man/kernel_app.html and http://erlang.org/doc/man/inet.html
# for more information.
Puppet::Functions.create_function(:ip_to_erl_format) do
dispatch :ip_to_erl_format do
param 'String', :ip_addr
end
def ip_to_erl_format(ip_addr)
ip = IPAddr.new(ip_addr)
output = '{'
if ip.ipv6?
split_char = ':'
base = 16
else
split_char = '.'
base = 10
end
# to_string() prints the canonicalized form
ip.to_string().split(split_char).each {
|x| output += x.to_i(base).to_s + ','
}
# Remove the last spurious comma
output = output.chomp(',')
output += '}'
return output
end
end

View File

@ -1,31 +0,0 @@
# This function is an hack because we are not enabling Puppet parser
# that would allow us to manipulate data iterations directly in manifests.
#
# Example:
# keystone_vips = ['192.168.0.1:5000', '192.168.0.2:5000']
# $keystone_bind_opts = ['transparent']
#
# Using this function:
# $keystone_vips_hash = list_to_hash($keystone_vips, $keystone_bind_opts)
#
# Would return:
# $keystone_vips_hash = {
# '192.168.0.1:5000' => ['transparent'],
# '192.168.0.2:5000' => ['transparent'],
# }
#
# Disclaimer: this function is an hack and will disappear once TripleO enable
# Puppet parser.
#
Puppet::Functions.create_function(:list_to_hash) do
dispatch :list_to_hash do
param 'Array', :arr1
param 'Array', :arr2
end
def list_to_hash(arr1, arr2)
hh = arr1.each_with_object({}) { |v,h| h[v] = arr2 }
return hh
end
end

View File

@ -1,30 +0,0 @@
# This function merges two hashes and concatenate the values of
# identical keys
#
# Example:
# $frontend = { 'option' => [ 'tcpka', 'tcplog' ],
# 'timeout client' => '90m' }
# $backend = { 'option' => [ 'httpchk' ],
# 'timeout server' => '90m' }
#
# Using this function:
# $merge = merge_hash_values($frontend, $backend)
#
# Would return:
# $merge = { 'option' => [ 'tcpka', 'tcplog', 'httpchk' ],
# 'timeout client' => '90m',
# 'timeout server' => '90m' }
#
Puppet::Functions.create_function(:'merge_hash_values') do
dispatch :merge_hash_values do
param 'Hash', :hash1
param 'Hash', :hash2
return_type 'Hash'
end
def merge_hash_values(hash1, hash2)
hh = hash1.merge(hash2) {|k, v1, v2| (v2 + v1).uniq()}
return hh
end
end

View File

@ -1,21 +0,0 @@
# Custom function to generate password hash for MariaDB's auth_ed25519
# Input is a regular mariadb user password
# Output is the hashed password as expected by auth_ed25519
Puppet::Functions.create_function(:'mysql_ed25519_password') do
dispatch :mysql_ed25519_password do
param 'String', :password
return_type 'String'
end
def mysql_ed25519_password(password)
# mysql's auth_ed25519 consists in generating a ed25519 public key
# out of the sha512(password). Unfortunately, there is no native
# ruby implementation of ed25519's unclamped scalar multiplication
# just yet, so rely on an binary to get the hash for now.
python = `(which python3 || which python2 || which python) 2>/dev/null`
raise Puppet::Error, 'python interpreter not found in path' unless $?.success?
hashed = `#{python.rstrip()} /etc/puppet/modules/tripleo/files/mysql_ed25519_password.py #{password}`
raise Puppet::Error, 'generated hash is not 43 bytes long.' unless hashed.length == 43
return hashed
end
end

View File

@ -1,93 +0,0 @@
# Copyright 2017 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Author: Dan Prince <dprince@redhat.com>
#
# A function to create noop providers (set as the default) for the named
# resource. This works alongside of 'puppet apply --tags' to disable
# some custom resource types that still attempt to run commands during
# prefetch, etc.
class Puppet::Provider::Noop < Puppet::Provider
# generic resource interfaces
def create
true
end
def destroy
true
end
def exists?
false
end
# package resource
def install
true
end
def uninstall
true
end
def latest
true
end
def update
true
end
def purge
true
end
def self.instances
[]
end
# service resource
def status
0
end
def start
true
end
def stop
true
end
# some puppet-keystone resources require this
def self.resource_to_name(domain, name, check_for_default = true)
return name
end
end
Puppet::Functions.create_function(:noop_resource) do
dispatch :noop_resource do
param 'String', :res
end
def noop_resource(res)
Puppet::Type.type(res.downcase.to_sym).provide(:noop, :parent => Puppet::Provider::Noop) do
defaultfor :osfamily => :redhat
end
return true
end
end

View File

@ -1,24 +0,0 @@
# Custom function to extract the current number of replicas for a pacemaker
# resource, as defined in the pacemaker cluster.
# Input is the name of a pacemaker bundle resource
# Output is the number of replicas for that resource or 0 if not found
Puppet::Functions.create_function(:'pacemaker_bundle_replicas') do
dispatch :pacemaker_bundle_replicas do
param 'String', :bundle
return_type 'Integer'
end
def pacemaker_bundle_replicas(bundle)
# the name of the node holding the replicas attribute varies based on the
# container engine used (podman, docker...), so match via attributes instead
replicas = `cibadmin -Q | xmllint --xpath "string(//bundle[@id='#{bundle}']/*[boolean(@image) and boolean(@run-command)]/@replicas)" -`
# strip line break
replicas.strip!
# post-condition: 0 in case the bundle does not exist or an error occurred
if $?.success? && !replicas.empty?
return Integer(replicas)
else
return 0
end
end
end

View File

@ -1,39 +0,0 @@
# This adds to ssl profile hash a proper value of "caCertFile" key for "caCertFileContent" key.
#
# Given:
# ssl_profiles = [{"name": "test", "caCertFileContent": "cert content", ...}, ...]
# cert_dir = "/etc/pki/tls/certs/"
# Returns:
# ssl_profiles = [
# {"name": "test",
# "caCertFileContent": "cert content",
# "caCertFile": "/etc/pki/tls/certs/CA_test.pem",
# ... },
# ...
# ]
Puppet::Functions.create_function(:qdr_ssl_certificate) do
dispatch :qdr_ssl_certificate do
param 'Array', :ssl_profiles
param 'String', :cert_dir
return_type 'Array'
end
def qdr_ssl_certificate(ssl_profiles, cert_dir)
processed_profiles = Array.new
ssl_profiles.each do |profile|
if profile.key?("caCertFileContent")
processed = profile.clone
# create certificate path
path = File.join(cert_dir, "CA_#{processed["name"]}.pem")
# update profile
processed["caCertFile"] = path
processed_profiles.append(processed)
else
processed_profiles.append(profile)
end
end
return processed_profiles
end
end

View File

@ -1,27 +0,0 @@
# Build Swift devices list from the parts, e.g. for:
# raw_disk_prefix = 'r1z1-'
# swift_storage_node_ips = ['192.168.1.12', '192.168.1.13']
# raw_disks = [':%PORT%/device1', ':%PORT%/device2']
#
# devices will be ['r1z1-192.168.1.12:%PORT%/device1',
# 'r1z1-192.168.1.12:%PORT%/device2'
# 'r1z1-192.168.1.13:%PORT%/device1'
# 'r1z1-192.168.1.13:%PORT%/device2']
Puppet::Functions.create_function(:tripleo_swift_devices) do
dispatch :tripleo_swift_devices do
param 'String', :raw_disk_prefix
param 'Array', :swift_node_ips
param 'Array', :raw_disks
end
def tripleo_swift_devices(raw_disk_prefix, swift_node_ips, raw_disks)
devices = []
for ip in swift_node_ips do
for disk in raw_disks do
devices << "#{raw_disk_prefix}#{ip}#{disk}"
end
end
return devices
end
end

View File

@ -1,85 +0,0 @@
require 'ipaddr'
# Custom function to lookup the interface which matches the subnet
# of the provided IP address.
# The function iterates over all the interfaces and chooses the
# first locally assigned interface which matches the IP.
module Puppet::Parser::Functions
newfunction(:interface_for_ip, :type => :rvalue, :doc => "Find the bind IP address for the provided subnet.") do |arg|
if arg[0].class == String
begin
ip1 = IPAddr.new(arg[0])
network_facts = lookupvar('networking')
Dir.foreach('/sys/class/net/') do |interface|
next if interface == '.' || interface == '..'
# puppet downcases fact names, interface names can have capitals but
# in facter 2.x they were lower case. In facter 3.x they can have
# capitals
iface_no_dash = interface.gsub('-', '_').downcase
if ip1.ipv4?
ipaddress_name = "ipaddress_#{iface_no_dash}"
netmask_name = "netmask_#{iface_no_dash}"
facter_ip = 'ip'
facter_netmask = 'netmask'
else
ipaddress_name = "ipaddress6_#{iface_no_dash}"
netmask_name = "netmask6_#{iface_no_dash}"
facter_ip = 'ip6'
facter_netmask = 'netmask6'
end
if network_facts.nil? or network_facts['interfaces'].nil? then
# facter 2 facts
interface_ip = lookupvar(ipaddress_name)
next if interface_ip.nil?
ip2 = IPAddr.new(interface_ip)
netmask = lookupvar(netmask_name)
return interface if ip1.mask(netmask) == ip2.mask(netmask)
else
# facter 3+ syntax:
# networking => {
# ...
# interfaces => {
# br-ctlplane => {
# bindings => [
# {
# address => "192.168.24.1",
# netmask => "255.255.255.0",
# network => "192.168.24.0"
# }
# ],
# bindings6 => [
# {
# address => "fe80::5054:ff:fe22:bac3",
# netmask => "ffff:ffff:ffff:ffff::",
# network => "fe80::"
# }
# ],
# ip => "192.168.24.1",
# ip6 => "fe80::5054:ff:fe22:bac3",
# mac => "52:54:00:22:ba:c3",
# mtu => 1500,
# netmask => "255.255.255.0",
# netmask6 => "ffff:ffff:ffff:ffff::",
# network => "192.168.24.0",
# network6 => "fe80::"
# },
# },
# ...
# }
next if network_facts['interfaces'][interface].nil? or network_facts['interfaces'][interface][facter_ip].nil?
ip2 = IPAddr.new(network_facts['interfaces'][interface][facter_ip])
netmask = network_facts['interfaces'][interface][facter_netmask]
return interface if ip1.mask(netmask) == ip2.mask(netmask)
end
end
rescue IPAddr::InvalidAddressError => e
raise Puppet::ParseError, "#{e}: #{arg[0]}"
end
else
raise Puppet::ParseError, "Syntax error: #{arg[0]} must be a String"
end
return ''
end
end

View File

@ -1,34 +0,0 @@
module Puppet::Parser::Functions
newfunction(:local_fence_devices, :arity =>2, :type => :rvalue,
:doc => ("Given an array of fence device configs, limit them" +
"to fence devices whose MAC address is present on" +
"some of the local NICs, and prepare a hash which can be" +
"passed to create_resources function")) do |args|
agent = args[0]
devices = args[1]
unless agent.is_a?(String) && agent.length > 0
raise Puppet::ParseError, "local_fence_devices: Argument 'agent' must be a non-empty string. The value given was: #{agent_type}"
end
unless devices.is_a?(Array)
raise Puppet::ParseError, "local_fence_devices: Argument 'devices' must be an array. The value given was: #{devices}"
end
# filter by agent type
agent_type_devices = devices.select { |device| device['agent'] == agent }
# filter by local mac address
local_devices = agent_type_devices.select do |device|
function_has_interface_with(['macaddress', device['host_mac']])
end
# construct a hash for create_resources
return local_devices.each_with_object({}) do |device, hash|
# disallow collisions
if hash[device['host_mac']]
raise Puppet::ParseError, "local_fence_devices: Only single fence device per agent per host is allowed. Collision on #{device['host_mac']} for #{agent}"
end
hash[device['host_mac']] = device['params'] || {}
end
end
end

View File

@ -1,51 +0,0 @@
# Copyright 2015 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
require 'puppet'
require 'puppet/provider/package'
Puppet::Type.type(:package).provide :norpm, :source => :rpm, :parent => :rpm do
desc "RPM packaging provider that does not install anything."
has_feature :virtual_packages
def latest
@resource.fail "'latest' is unsupported by this provider."
end
def install
Puppet.warning("[norpm] Attempting to install #{name} but it will not be installed")
true
end
def uninstall
Puppet.warning("[norpm] Attempting to uninstall #{name} but it will not be removed")
true
end
def update
Puppet.warning("[norpm] Attempting to update #{name} but it will not be updated")
true
end
def purge
Puppet.warning("[norpm] Attempting to purge #{name} but it will not be removed")
true
end
def self.instances
return []
end
end

View File

@ -1,44 +0,0 @@
# == Class: tripleo::config
#
# Configure services with Puppet
#
# === Parameters:
#
# [*configs*]
# (optional) Configuration to inject.
# Should be an hash.
# Default to lookup('param_config', {})
#
# [*providers*]
# (optional) Filter the providers we want
# to use for config.
# Should be an array.
# Default to lookup('param_providers', Array[String], 'deep', [])
#
class tripleo::config(
$configs = lookup('param_config', {}),
$providers = lookup('param_providers', Array[String], 'deep', []),
) {
if ! empty($configs) {
# Allow composable services to load their own configurations.
# Each service can load its config options by using this form:
#
# puppet_config:
# param_config:
# 'aodh_config':
# DEFAULT:
# foo: fooValue
# bar: barValue
$configs.each |$provider, $sections| {
if empty($providers) or ($provider in $providers) {
$sections.each |$section, $params| {
$params.each |$param, $value| {
create_resources($provider, {"${section}/${param}" => {'value' => $value }})
}
}
}
}
}
}

View File

@ -1,222 +0,0 @@
# == Class: tripleo::fencing
#
# Configure Pacemaker fencing devices for TripleO.
#
# === Parameters:
#
# [*config*]
# JSON config of fencing devices, using the following structure:
# {
# "devices": [
# {
# "agent": "AGENT_NAME",
# "host_mac": "HOST_MAC_ADDRESS",
# "params": {"PARAM_NAME": "PARAM_VALUE"}
# }
# ]
# }
# For instance:
# {
# "devices": [
# {
# "agent": "fence_xvm",
# "host_mac": "52:54:00:aa:bb:cc",
# "params": {
# "multicast_address": "225.0.0.12",
# "port": "baremetal_0",
# "manage_fw": true,
# "manage_key_file": true,
# "key_file": "/etc/fence_xvm.key",
# "key_file_password": "abcdef"
# }
# }
# ]
# }
# Defaults to {}
#
# [*tries*]
# Number of attempts when creating fence devices and constraints.
# Defaults to 10
#
# [*try_sleep*]
# Delay (in seconds) between attempts when creating fence devices
# and constraints.
# Defaults to 3
#
# [*deep_compare*]
# Enable deep comparing of resources and bundles
# When set to true a resource will be compared in full (options, meta parameters,..)
# to the existing one and in case of difference it will be repushed to the CIB
# Defaults to false
#
# [*update_settle_secs*]
# When deep_compare is enabled and puppet updates a resource, this
# parameter represents the number (in seconds) to wait for the cluster to settle
# after the resource update.
# Defaults to 600 (seconds)
#
# [*watchdog_timeout*]
# Only valid if sbd watchdog fencing is enabled.
# Pacemaker will assume unseen nodes self-fence within this much time.
# Defaults to 60 (seconds)
#
# [*enable_instanceha*]
# (Optional) Boolean driving the Instance HA controlplane configuration
# Defaults to lookup('tripleo::instanceha', undef, undef, false),
#
class tripleo::fencing(
$config = {},
$tries = 10,
$try_sleep = 3,
$deep_compare = false,
$update_settle_secs = 600,
$watchdog_timeout = 60,
$enable_instanceha = lookup('tripleo::instanceha', undef, undef, false),
) {
$common_params = {
'tries' => $tries,
'try_sleep' => $try_sleep,
'deep_compare' => $deep_compare,
'update_settle_secs' => $update_settle_secs
}
# check if instanceha is enabled
if member(lookup('compute_instanceha_short_node_names', undef, undef, []), downcase($::hostname)) {
$is_compute_instanceha_node = true
} else {
$is_compute_instanceha_node = false
}
$content = $config['devices']
# check if the devices: section in fence.yaml contains levels.
# if it doesn't, assume level=1 and build a hash with the content.
$all_levels = $content ? {
Array => {'level1' => $content},
default => $content
}
# collect the number of stonith levels currently defined for this system
# and convert it to integer.
$local_levels = 0 + $facts['stonith_levels']
# if the number of levels defined on this system is greater than the number in hiera
# we need to delete the delta.
if $local_levels > $all_levels.length {
$begin = $all_levels.length + 1
range("${begin}", "${local_levels}").each |$level|{
pacemaker::stonith::level{ "stonith-${level}":
ensure => 'absent',
level => $level,
target => '$(/usr/sbin/crm_node -n)',
stonith_resources => [''],
tries => $tries,
try_sleep => $try_sleep,
}
}
}
$all_levels.each |$index, $levelx_devices |{
$level = regsubst($index, 'level', '', 'G')
$all_devices = $levelx_devices
$xvm_devices = local_fence_devices('fence_xvm', $all_devices)
create_resources('pacemaker::stonith::fence_xvm', $xvm_devices, $common_params)
$ironic_devices = local_fence_devices('fence_ironic', $all_devices)
create_resources('pacemaker::stonith::fence_ironic', $ironic_devices, $common_params)
$redfish_devices = local_fence_devices('fence_redfish', $all_devices)
create_resources('pacemaker::stonith::fence_redfish', $redfish_devices, $common_params)
$ipmilan_devices = local_fence_devices('fence_ipmilan', $all_devices)
create_resources('pacemaker::stonith::fence_ipmilan', $ipmilan_devices, $common_params)
$kdump_devices = local_fence_devices('fence_kdump', $all_devices)
create_resources('pacemaker::stonith::fence_kdump', $kdump_devices, $common_params)
$kubevirt_devices = local_fence_devices('fence_kubevirt', $all_devices)
create_resources('pacemaker::stonith::fence_kubevirt', $kubevirt_devices, $common_params)
$rhev_devices = local_fence_devices('fence_rhevm', $all_devices)
create_resources('pacemaker::stonith::fence_rhevm', $rhev_devices, $common_params)
$ucs_devices = local_fence_devices('fence_cisco_ucs', $all_devices)
create_resources('pacemaker::stonith::fence_cisco_ucs', $ucs_devices, $common_params)
$data = {
'xvm' => $xvm_devices, 'ironic' => $ironic_devices, 'redfish' => $redfish_devices,
'ipmilan' => $ipmilan_devices, 'kdump' => $kdump_devices, 'kubevirt' => $kubevirt_devices,
'rhevm' => $rhev_devices, 'cisco_ucs' => $ucs_devices
}
# let's store the number of stonith devices created for this server.
# this will be used to detect if there is a least one and fail if
# instance_ha is configured and puppet is running on a compute node.
$data_num = [
length($ironic_devices), length($redfish_devices),
length($ipmilan_devices), length($kdump_devices), length($rhev_devices)
]
$sum = $data_num.reduce |$memo, $value| { $memo + $value }
$data.each |$items| {
$driver = $items[0]
$driver_devices = $items[1]
# if there is no valid stonith device and this is a compute-instanceha node we raise an exception
if $level == '1' and $sum == 0 and $enable_instanceha and $is_compute_instanceha_node {
fail('Instance HA requires at least one valid stonith device')
}
if $driver_devices and length($driver_devices) == 1 {
$mac = keys($driver_devices)[0]
$safe_mac = regsubst($mac, ':', '', 'G')
if ($enable_instanceha and $is_compute_instanceha_node) {
$stonith_resources = [ "stonith-fence_${driver}-${safe_mac}", 'stonith-fence_compute-fence-nova' ]
}
else {
$stonith_resources = [ "stonith-fence_${driver}-${safe_mac}" ]
}
pacemaker::stonith::level{ "stonith-${level}-${safe_mac}":
level => $level,
target => '$(/usr/sbin/crm_node -n)',
stonith_resources => $stonith_resources,
tries => $tries,
try_sleep => $try_sleep,
}
Pcmk_stonith<||> -> Pcmk_stonith_level<||>
}
}
# we use the boostrap_node to create the watchdog resource and the stonith
# topology for all the nodes in the cluster, because the watchdog resource
# is not per-node but cluster-wide
$watchdog_devices = local_fence_devices('fence_watchdog', $all_devices)
if length($watchdog_devices) > 0 {
# check if this is the bootstrap node
if downcase($::hostname) == lookup('pacemaker_short_bootstrap_node_name') {
create_resources('pacemaker::stonith::fence_watchdog', $watchdog_devices, $common_params)
$stonith_resources = [ 'watchdog' ]
# if this is the boostrap node we set watchdog as levelX for all
# the pacemaker nodes
lookup('pacemaker_short_node_names').each |$node| {
pacemaker::stonith::level{ "stonith-${level}-watchdog-${node}":
level => $level,
target => $node,
stonith_resources => [ 'watchdog' ],
tries => $tries,
try_sleep => $try_sleep,
}
}
pacemaker::property { 'stonith-watchdog-timeout':
property => 'stonith-watchdog-timeout',
value => $watchdog_timeout,
tries => $tries,
}
Pcmk_property<||> -> Pcmk_stonith<||> -> Pcmk_stonith_level<||>
}
}
}
}

File diff suppressed because it is too large Load Diff

View File

@ -1,321 +0,0 @@
# Copyright 2014 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# == Class: tripleo::haproxy::endpoint
#
# Configure a HAProxy listen endpoint
#
# [*internal_ip*]
# The IP in which the proxy endpoint will be listening in the internal
# network.
#
# [*service_port*]
# The default port on which the endpoint will be listening.
#
# [*member_options*]
# Options for the balancer member, specified after the server declaration.
# These should go in the member's configuration block.
#
# [*use_backend_syntax*]
# (optional) When set to true, generate a config with frontend and
# backend sections, otherwise use listen sections.
# Defaults to lookup('haproxy_backend_syntax', undef, undef, false)
#
# [*haproxy_port*]
# An alternative port, on which haproxy will listen for incoming requests.
# Defaults to service_port.
#
# [*base_service_name*]
# In cases where the service name doesn't match the endpoint name, you can
# specify this option in order to get an appropriate value for $ip_addresses
# and $server_names. So, this will be used in hiera to derive these, if set.
# Defaults to undef
#
# [*ip_addresses*]
# The ordered list of IPs to be used to contact the balancer member.
# Defaults to lookup("${name}_node_ips", undef, undef, undef)
#
# [*server_names*]
# The names of the balancer members, which usually should be the hostname.
# Defaults to lookup("${name}_node_names", undef, undef, undef)
#
# [*public_virtual_ip*]
# Address in which the proxy endpoint will be listening in the public network.
# If this service is internal only this should be omitted.
# Defaults to undef.
#
# [*mode*]
# HAProxy mode in which the endpoint will be listening. This can be undef,
# tcp, http or health.
# Defaults to undef.
#
# [*haproxy_listen_bind_param*]
# A list of params to be added to the HAProxy listener bind directive.
# Defaults to undef.
#
# [*listen_options*]
# Options specified for the listening service's configuration block (in
# HAproxy terms, the frontend).
# defaults to {'option' => []}
#
# [*frontend_options*]
# Options specified for the frontend service's configuration block
# defaults to {'option' => []}
#
# [*backend_options*]
# Options specified for the service's backend configuration block
# defaults to {'option' => []}
#
# [*public_ssl_port*]
# The port used for the public proxy endpoint if it differs from the default
# one. This is used only if SSL is enabled, and it's used in order to avoid
# overriding with the internal proxy endpoint (which could happen if they were
# in the same network).
# Defaults to undef.
#
# [*public_certificate*]
# Certificate path used to enable TLS for the public proxy endpoint.
# Defaults to undef.
#
# [*use_internal_certificates*]
# Flag that indicates if we'll use an internal certificate for this specific
# service. When set, enables SSL on the internal API endpoints using the file
# that certmonger is tracking; this is derived from the network the service is
# listening on.
# Defaults to false
#
# [*internal_certificates_specs*]
# A hash that should contain the specs that were used to create the
# certificates. As the name indicates, only the internal certificates will be
# fetched from here. And the keys should follow the following pattern
# "haproxy-<network name>". The network name should be as it was defined in
# tripleo-heat-templates.
# Note that this is only taken into account if the $use_internal_certificates
# flag is set.
# Defaults to {}
#
# [*service_network*]
# (optional) Indicates the network that the service is running on. Used for
# fetching the certificate for that specific network.
# Defaults to undef
#
# [*authorized_userlist*]
# (optional) Userlist that may access the endpoint. Activate Basic Authentication.
# You'll need to create a tripleo::haproxy::userlist in order to use that option.
# Defaults to undef