Retire Tripleo: remove repo content
TripleO project is retiring - https://review.opendev.org/c/openstack/governance/+/905145 this commit remove the content of this project repo Change-Id: I73df79a8698625815ea4e3099904da448a49887e
This commit is contained in:
parent
019ec49518
commit
e06f50cb06
27
.gitignore
vendored
27
.gitignore
vendored
@ -1,27 +0,0 @@
|
|||||||
# Add patterns in here to exclude files created by tools integrated with this
|
|
||||||
# repository, such as test frameworks from the project's recommended workflow,
|
|
||||||
# rendered documentation and package builds.
|
|
||||||
#
|
|
||||||
# Don't add patterns to exclude files created by preferred personal tools
|
|
||||||
# (editors, IDEs, your operating system itself even). These should instead be
|
|
||||||
# maintained outside the repository, for example in a ~/.gitignore file added
|
|
||||||
# with:
|
|
||||||
#
|
|
||||||
# git config --global core.excludesfile '~/.gitignore'
|
|
||||||
|
|
||||||
pkg/
|
|
||||||
Gemfile.lock
|
|
||||||
vendor/
|
|
||||||
spec/fixtures/modules
|
|
||||||
spec/fixtures/manifests
|
|
||||||
.vagrant/
|
|
||||||
.bundle/
|
|
||||||
.bundle*/
|
|
||||||
coverage/
|
|
||||||
.idea/
|
|
||||||
*.iml
|
|
||||||
openstack/
|
|
||||||
|
|
||||||
# Files created from releasenotes build
|
|
||||||
releasenotes/build
|
|
||||||
.tox
|
|
36
Gemfile
36
Gemfile
@ -1,36 +0,0 @@
|
|||||||
source ENV['GEM_SOURCE'] || "https://rubygems.org"
|
|
||||||
|
|
||||||
group :development, :test, :system_tests do
|
|
||||||
spec_helper_dir = '/home/zuul/src/opendev.org/openstack/puppet-openstack_spec_helper'
|
|
||||||
if File.directory?(spec_helper_dir)
|
|
||||||
if ENV['ZUUL_PROJECT'] == 'openstack/puppet-openstack_spec_helper'
|
|
||||||
gem 'puppet-openstack_spec_helper',
|
|
||||||
:path => '../..',
|
|
||||||
:require => 'false'
|
|
||||||
else
|
|
||||||
gem 'puppet-openstack_spec_helper',
|
|
||||||
:path => spec_helper_dir,
|
|
||||||
:require => 'false'
|
|
||||||
end
|
|
||||||
else
|
|
||||||
spec_helper_version = ENV['ZUUL_BRANCH'] || "master"
|
|
||||||
gem 'puppet-openstack_spec_helper',
|
|
||||||
:git => 'https://opendev.org/openstack/puppet-openstack_spec_helper',
|
|
||||||
:ref => spec_helper_version,
|
|
||||||
:require => 'false'
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
if facterversion = ENV['FACTER_GEM_VERSION']
|
|
||||||
gem 'facter', facterversion, :require => false
|
|
||||||
else
|
|
||||||
gem 'facter', :require => false
|
|
||||||
end
|
|
||||||
|
|
||||||
if puppetversion = ENV['PUPPET_GEM_VERSION']
|
|
||||||
gem 'puppet', puppetversion, :require => false
|
|
||||||
else
|
|
||||||
gem 'puppet', :require => false
|
|
||||||
end
|
|
||||||
|
|
||||||
# vim:ft=ruby
|
|
176
LICENSE
176
LICENSE
@ -1,176 +0,0 @@
|
|||||||
|
|
||||||
Apache License
|
|
||||||
Version 2.0, January 2004
|
|
||||||
http://www.apache.org/licenses/
|
|
||||||
|
|
||||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
|
||||||
|
|
||||||
1. Definitions.
|
|
||||||
|
|
||||||
"License" shall mean the terms and conditions for use, reproduction,
|
|
||||||
and distribution as defined by Sections 1 through 9 of this document.
|
|
||||||
|
|
||||||
"Licensor" shall mean the copyright owner or entity authorized by
|
|
||||||
the copyright owner that is granting the License.
|
|
||||||
|
|
||||||
"Legal Entity" shall mean the union of the acting entity and all
|
|
||||||
other entities that control, are controlled by, or are under common
|
|
||||||
control with that entity. For the purposes of this definition,
|
|
||||||
"control" means (i) the power, direct or indirect, to cause the
|
|
||||||
direction or management of such entity, whether by contract or
|
|
||||||
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
|
||||||
outstanding shares, or (iii) beneficial ownership of such entity.
|
|
||||||
|
|
||||||
"You" (or "Your") shall mean an individual or Legal Entity
|
|
||||||
exercising permissions granted by this License.
|
|
||||||
|
|
||||||
"Source" form shall mean the preferred form for making modifications,
|
|
||||||
including but not limited to software source code, documentation
|
|
||||||
source, and configuration files.
|
|
||||||
|
|
||||||
"Object" form shall mean any form resulting from mechanical
|
|
||||||
transformation or translation of a Source form, including but
|
|
||||||
not limited to compiled object code, generated documentation,
|
|
||||||
and conversions to other media types.
|
|
||||||
|
|
||||||
"Work" shall mean the work of authorship, whether in Source or
|
|
||||||
Object form, made available under the License, as indicated by a
|
|
||||||
copyright notice that is included in or attached to the work
|
|
||||||
(an example is provided in the Appendix below).
|
|
||||||
|
|
||||||
"Derivative Works" shall mean any work, whether in Source or Object
|
|
||||||
form, that is based on (or derived from) the Work and for which the
|
|
||||||
editorial revisions, annotations, elaborations, or other modifications
|
|
||||||
represent, as a whole, an original work of authorship. For the purposes
|
|
||||||
of this License, Derivative Works shall not include works that remain
|
|
||||||
separable from, or merely link (or bind by name) to the interfaces of,
|
|
||||||
the Work and Derivative Works thereof.
|
|
||||||
|
|
||||||
"Contribution" shall mean any work of authorship, including
|
|
||||||
the original version of the Work and any modifications or additions
|
|
||||||
to that Work or Derivative Works thereof, that is intentionally
|
|
||||||
submitted to Licensor for inclusion in the Work by the copyright owner
|
|
||||||
or by an individual or Legal Entity authorized to submit on behalf of
|
|
||||||
the copyright owner. For the purposes of this definition, "submitted"
|
|
||||||
means any form of electronic, verbal, or written communication sent
|
|
||||||
to the Licensor or its representatives, including but not limited to
|
|
||||||
communication on electronic mailing lists, source code control systems,
|
|
||||||
and issue tracking systems that are managed by, or on behalf of, the
|
|
||||||
Licensor for the purpose of discussing and improving the Work, but
|
|
||||||
excluding communication that is conspicuously marked or otherwise
|
|
||||||
designated in writing by the copyright owner as "Not a Contribution."
|
|
||||||
|
|
||||||
"Contributor" shall mean Licensor and any individual or Legal Entity
|
|
||||||
on behalf of whom a Contribution has been received by Licensor and
|
|
||||||
subsequently incorporated within the Work.
|
|
||||||
|
|
||||||
2. Grant of Copyright License. Subject to the terms and conditions of
|
|
||||||
this License, each Contributor hereby grants to You a perpetual,
|
|
||||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
|
||||||
copyright license to reproduce, prepare Derivative Works of,
|
|
||||||
publicly display, publicly perform, sublicense, and distribute the
|
|
||||||
Work and such Derivative Works in Source or Object form.
|
|
||||||
|
|
||||||
3. Grant of Patent License. Subject to the terms and conditions of
|
|
||||||
this License, each Contributor hereby grants to You a perpetual,
|
|
||||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
|
||||||
(except as stated in this section) patent license to make, have made,
|
|
||||||
use, offer to sell, sell, import, and otherwise transfer the Work,
|
|
||||||
where such license applies only to those patent claims licensable
|
|
||||||
by such Contributor that are necessarily infringed by their
|
|
||||||
Contribution(s) alone or by combination of their Contribution(s)
|
|
||||||
with the Work to which such Contribution(s) was submitted. If You
|
|
||||||
institute patent litigation against any entity (including a
|
|
||||||
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
|
||||||
or a Contribution incorporated within the Work constitutes direct
|
|
||||||
or contributory patent infringement, then any patent licenses
|
|
||||||
granted to You under this License for that Work shall terminate
|
|
||||||
as of the date such litigation is filed.
|
|
||||||
|
|
||||||
4. Redistribution. You may reproduce and distribute copies of the
|
|
||||||
Work or Derivative Works thereof in any medium, with or without
|
|
||||||
modifications, and in Source or Object form, provided that You
|
|
||||||
meet the following conditions:
|
|
||||||
|
|
||||||
(a) You must give any other recipients of the Work or
|
|
||||||
Derivative Works a copy of this License; and
|
|
||||||
|
|
||||||
(b) You must cause any modified files to carry prominent notices
|
|
||||||
stating that You changed the files; and
|
|
||||||
|
|
||||||
(c) You must retain, in the Source form of any Derivative Works
|
|
||||||
that You distribute, all copyright, patent, trademark, and
|
|
||||||
attribution notices from the Source form of the Work,
|
|
||||||
excluding those notices that do not pertain to any part of
|
|
||||||
the Derivative Works; and
|
|
||||||
|
|
||||||
(d) If the Work includes a "NOTICE" text file as part of its
|
|
||||||
distribution, then any Derivative Works that You distribute must
|
|
||||||
include a readable copy of the attribution notices contained
|
|
||||||
within such NOTICE file, excluding those notices that do not
|
|
||||||
pertain to any part of the Derivative Works, in at least one
|
|
||||||
of the following places: within a NOTICE text file distributed
|
|
||||||
as part of the Derivative Works; within the Source form or
|
|
||||||
documentation, if provided along with the Derivative Works; or,
|
|
||||||
within a display generated by the Derivative Works, if and
|
|
||||||
wherever such third-party notices normally appear. The contents
|
|
||||||
of the NOTICE file are for informational purposes only and
|
|
||||||
do not modify the License. You may add Your own attribution
|
|
||||||
notices within Derivative Works that You distribute, alongside
|
|
||||||
or as an addendum to the NOTICE text from the Work, provided
|
|
||||||
that such additional attribution notices cannot be construed
|
|
||||||
as modifying the License.
|
|
||||||
|
|
||||||
You may add Your own copyright statement to Your modifications and
|
|
||||||
may provide additional or different license terms and conditions
|
|
||||||
for use, reproduction, or distribution of Your modifications, or
|
|
||||||
for any such Derivative Works as a whole, provided Your use,
|
|
||||||
reproduction, and distribution of the Work otherwise complies with
|
|
||||||
the conditions stated in this License.
|
|
||||||
|
|
||||||
5. Submission of Contributions. Unless You explicitly state otherwise,
|
|
||||||
any Contribution intentionally submitted for inclusion in the Work
|
|
||||||
by You to the Licensor shall be under the terms and conditions of
|
|
||||||
this License, without any additional terms or conditions.
|
|
||||||
Notwithstanding the above, nothing herein shall supersede or modify
|
|
||||||
the terms of any separate license agreement you may have executed
|
|
||||||
with Licensor regarding such Contributions.
|
|
||||||
|
|
||||||
6. Trademarks. This License does not grant permission to use the trade
|
|
||||||
names, trademarks, service marks, or product names of the Licensor,
|
|
||||||
except as required for reasonable and customary use in describing the
|
|
||||||
origin of the Work and reproducing the content of the NOTICE file.
|
|
||||||
|
|
||||||
7. Disclaimer of Warranty. Unless required by applicable law or
|
|
||||||
agreed to in writing, Licensor provides the Work (and each
|
|
||||||
Contributor provides its Contributions) on an "AS IS" BASIS,
|
|
||||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
|
||||||
implied, including, without limitation, any warranties or conditions
|
|
||||||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
|
||||||
PARTICULAR PURPOSE. You are solely responsible for determining the
|
|
||||||
appropriateness of using or redistributing the Work and assume any
|
|
||||||
risks associated with Your exercise of permissions under this License.
|
|
||||||
|
|
||||||
8. Limitation of Liability. In no event and under no legal theory,
|
|
||||||
whether in tort (including negligence), contract, or otherwise,
|
|
||||||
unless required by applicable law (such as deliberate and grossly
|
|
||||||
negligent acts) or agreed to in writing, shall any Contributor be
|
|
||||||
liable to You for damages, including any direct, indirect, special,
|
|
||||||
incidental, or consequential damages of any character arising as a
|
|
||||||
result of this License or out of the use or inability to use the
|
|
||||||
Work (including but not limited to damages for loss of goodwill,
|
|
||||||
work stoppage, computer failure or malfunction, or any and all
|
|
||||||
other commercial damages or losses), even if such Contributor
|
|
||||||
has been advised of the possibility of such damages.
|
|
||||||
|
|
||||||
9. Accepting Warranty or Additional Liability. While redistributing
|
|
||||||
the Work or Derivative Works thereof, You may choose to offer,
|
|
||||||
and charge a fee for, acceptance of support, warranty, indemnity,
|
|
||||||
or other liability obligations and/or rights consistent with this
|
|
||||||
License. However, in accepting such obligations, You may act only
|
|
||||||
on Your own behalf and on Your sole responsibility, not on behalf
|
|
||||||
of any other Contributor, and only if You agree to indemnify,
|
|
||||||
defend, and hold each Contributor harmless for any liability
|
|
||||||
incurred by, or claims asserted against, such Contributor by reason
|
|
||||||
of your accepting any such warranty or additional liability.
|
|
||||||
|
|
@ -1,34 +0,0 @@
|
|||||||
|
|
||||||
## TripleO Puppet modules
|
|
||||||
|
|
||||||
mod 'haproxy',
|
|
||||||
:git => 'https://github.com/puppetlabs/puppetlabs-haproxy',
|
|
||||||
:ref => 'main'
|
|
||||||
|
|
||||||
mod 'etcd',
|
|
||||||
:git => 'https://github.com/puppet-etcd/puppet-etcd',
|
|
||||||
:ref => 'master'
|
|
||||||
|
|
||||||
mod 'systemd',
|
|
||||||
:git => 'https://github.com/camptocamp/puppet-systemd',
|
|
||||||
:ref => 'master'
|
|
||||||
|
|
||||||
mod 'rsyslog',
|
|
||||||
:git => 'https://github.com/voxpupuli/puppet-rsyslog',
|
|
||||||
:ref => 'master'
|
|
||||||
|
|
||||||
mod 'ssh',
|
|
||||||
:git => 'https://github.com/saz/puppet-ssh',
|
|
||||||
:ref => 'v3.0.1'
|
|
||||||
|
|
||||||
mod 'snmp',
|
|
||||||
:git => 'https://github.com/razorsedge/puppet-snmp',
|
|
||||||
:ref => 'master'
|
|
||||||
|
|
||||||
mod 'pacemaker',
|
|
||||||
:git => 'https://github.com/openstack/puppet-pacemaker',
|
|
||||||
:ref => 'master'
|
|
||||||
|
|
||||||
mod 'collectd',
|
|
||||||
:git => 'https://github.com/voxpupuli/puppet-collectd',
|
|
||||||
:ref => '20494e44a90073273a18fce71f4a602d5b5d0690'
|
|
20
README.md
20
README.md
@ -1,20 +0,0 @@
|
|||||||
Team and repository tags
|
|
||||||
========================
|
|
||||||
|
|
||||||
[![Team and repository tags](https://governance.openstack.org/tc/badges/puppet-tripleo.svg)](https://governance.openstack.org/tc/reference/tags/index.html)
|
|
||||||
|
|
||||||
<!-- Change things from this point on -->
|
|
||||||
|
|
||||||
# puppet-tripleo
|
|
||||||
|
|
||||||
Lightweight composition layer for Puppet TripleO.
|
|
||||||
|
|
||||||
## Contributing
|
|
||||||
|
|
||||||
* Free software: Apache License (2.0)
|
|
||||||
* Source: http://git.openstack.org/cgit/openstack/puppet-tripleo
|
|
||||||
* Bugs: http://bugs.launchpad.net/tripleo (tag: puppet)
|
|
||||||
* Documentation:
|
|
||||||
* TripleO: https://docs.openstack.org/tripleo-docs/latest/
|
|
||||||
* Testing with puppet: https://docs.openstack.org/puppet-openstack-guide/latest/contributor/testing.html
|
|
||||||
* Release Notes: https://docs.openstack.org/releasenotes/puppet-tripleo
|
|
10
README.rst
Normal file
10
README.rst
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
This project is no longer maintained.
|
||||||
|
|
||||||
|
The contents of this repository are still available in the Git
|
||||||
|
source code management system. To see the contents of this
|
||||||
|
repository before it reached its end of life, please check out the
|
||||||
|
previous commit with "git checkout HEAD^1".
|
||||||
|
|
||||||
|
For any further questions, please email
|
||||||
|
openstack-discuss@lists.openstack.org or join #openstack-dev on
|
||||||
|
OFTC.
|
7
Rakefile
7
Rakefile
@ -1,7 +0,0 @@
|
|||||||
require 'puppet-openstack_spec_helper/rake_tasks'
|
|
||||||
|
|
||||||
# We disable the unquoted node name check because puppet-pacemaker node
|
|
||||||
# properties make use of attributes called 'node' and puppet-lint breaks on
|
|
||||||
# them: https://github.com/rodjek/puppet-lint/issues/501
|
|
||||||
# We are not using site.pp with nodes so this is safe.
|
|
||||||
PuppetLint.configuration.send('disable_unquoted_node_name')
|
|
12
bindep.txt
12
bindep.txt
@ -1,12 +0,0 @@
|
|||||||
# This is a cross-platform list tracking distribution packages needed by tests;
|
|
||||||
# see http://docs.openstack.org/infra/bindep/ for additional information.
|
|
||||||
|
|
||||||
libxml2-devel [test platform:rpm]
|
|
||||||
libxml2-dev [test platform:dpkg]
|
|
||||||
libxslt-devel [test platform:rpm]
|
|
||||||
libxslt1-dev [test platform:dpkg]
|
|
||||||
ruby-devel [test platform:rpm]
|
|
||||||
ruby-dev [test platform:dpkg]
|
|
||||||
zlib1g-dev [test platform:dpkg]
|
|
||||||
zlib-devel [test platform:rpm]
|
|
||||||
puppet [build]
|
|
@ -1,6 +0,0 @@
|
|||||||
# This is required for the docs build jobs
|
|
||||||
sphinx>=2.0.0,!=2.1.0 # BSD
|
|
||||||
openstackdocstheme>=2.2.1 # Apache-2.0
|
|
||||||
|
|
||||||
# This is required for the releasenotes build jobs
|
|
||||||
reno>=3.1.0 # Apache-2.0
|
|
@ -1,42 +0,0 @@
|
|||||||
#!/usr/bin/env python3
|
|
||||||
import hashlib
|
|
||||||
import base64
|
|
||||||
import sys
|
|
||||||
|
|
||||||
from nacl.bindings.crypto_scalarmult import \
|
|
||||||
crypto_scalarmult_ed25519_base_noclamp
|
|
||||||
|
|
||||||
# https://github.com/MariaDB/server/blob/10.4/plugin/auth_ed25519/ref10/sign.c
|
|
||||||
# mariadb's use of ed25519:
|
|
||||||
# . password is the secret seed
|
|
||||||
# . ed25519's public key (computed from password) is what is stored in mariadb
|
|
||||||
# . the hash in mariadb is the base64 encoding of the pk minus the last '='
|
|
||||||
|
|
||||||
|
|
||||||
def _scalar_clamp(s32):
|
|
||||||
ba = bytearray(s32)
|
|
||||||
ba0 = bytes(bytearray([ba[0] & 248]))
|
|
||||||
ba31 = bytes(bytearray([(ba[31] & 127) | 64]))
|
|
||||||
return ba0 + bytes(s32[1:31]) + ba31
|
|
||||||
|
|
||||||
|
|
||||||
def mysql_ed25519_password(pwd):
|
|
||||||
# h = SHA512(password)
|
|
||||||
h = hashlib.sha512(pwd).digest()
|
|
||||||
# s = prune(first_half(h))
|
|
||||||
s = _scalar_clamp(h[:32])
|
|
||||||
# A = encoded point [s]B
|
|
||||||
A = crypto_scalarmult_ed25519_base_noclamp(s)
|
|
||||||
# encoded pk
|
|
||||||
encoded = base64.b64encode(A)[:-1]
|
|
||||||
return encoded
|
|
||||||
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
|
||||||
if len(sys.argv) <= 1:
|
|
||||||
print("Usage: %s PASSWORD" % sys.argv[0], file=sys.stderr)
|
|
||||||
sys.exit(1)
|
|
||||||
else:
|
|
||||||
pwd = sys.argv[1].encode()
|
|
||||||
res = mysql_ed25519_password(pwd)
|
|
||||||
print(res.decode(), end='')
|
|
@ -1,34 +0,0 @@
|
|||||||
# Copyright 2016 Red Hat, Inc.
|
|
||||||
# All Rights Reserved.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
[
|
|
||||||
'external',
|
|
||||||
'internal_api',
|
|
||||||
'storage',
|
|
||||||
'storage_mgmt',
|
|
||||||
'tenant',
|
|
||||||
'management',
|
|
||||||
'ctlplane',
|
|
||||||
].each do |network|
|
|
||||||
Facter.add('fqdn_' + network) do
|
|
||||||
setcode do
|
|
||||||
hostname_parts = [
|
|
||||||
Facter.value(:hostname),
|
|
||||||
network.gsub('_', ''),
|
|
||||||
Facter.value(:domain),
|
|
||||||
].reject { |part| part.nil? || part.empty? }
|
|
||||||
hostname_parts.join(".")
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
@ -1,49 +0,0 @@
|
|||||||
require 'ipaddr'
|
|
||||||
|
|
||||||
def netmask6(value)
|
|
||||||
if value
|
|
||||||
ip = IPAddr.new('::0').mask(value)
|
|
||||||
ip.inspect.split('/')[1].gsub('>', '')
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
if Facter.value('facterversion')[0].to_i < 3
|
|
||||||
Facter::Util::IP::REGEX_MAP[:linux][:ipaddress6] =
|
|
||||||
/inet6 (?:addr: )?((?!(?:fe80|::1))(?>[0-9,a-f,A-F]*\:{1,2})+[0-9,a-f,A-F]{0,4})/
|
|
||||||
Facter::Util::IP.get_interfaces.each do |interface|
|
|
||||||
Facter.add('netmask6_' + Facter::Util::IP.alphafy(interface)) do
|
|
||||||
setcode do
|
|
||||||
tmp = []
|
|
||||||
regex = %r{inet6\s+.*\s+(?:prefixlen)\s+(\d+)}x
|
|
||||||
output_int = Facter::Util::IP.get_output_for_interface_and_label(interface, 'netmask6')
|
|
||||||
|
|
||||||
output_int.each_line do |line|
|
|
||||||
prefixlen = nil
|
|
||||||
matches = line.match(regex)
|
|
||||||
prefixlen = matches[1] if matches
|
|
||||||
|
|
||||||
if prefixlen
|
|
||||||
value = netmask6(prefixlen)
|
|
||||||
tmp.push(value)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
tmp.shift if tmp
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
Facter.add('netmask6') do
|
|
||||||
setcode do
|
|
||||||
prefixlen = nil
|
|
||||||
regex = %r{#{Facter.value(:ipaddress6)}.*?(?:prefixlen)\s*(\d+)}x
|
|
||||||
|
|
||||||
String(Facter::Util::IP.exec_ifconfig(['2>/dev/null'])).split(/\n/).collect do |line|
|
|
||||||
matches = line.match(regex)
|
|
||||||
prefixlen = matches[1] if matches
|
|
||||||
end
|
|
||||||
|
|
||||||
netmask6(prefixlen) if prefixlen
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
@ -1,27 +0,0 @@
|
|||||||
# Copyright 2018 Red Hat, Inc.
|
|
||||||
# All Rights Reserved.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
|
|
||||||
Facter.add('nic_alias') do
|
|
||||||
setcode do
|
|
||||||
os_net_config = '/usr/bin/os-net-config'
|
|
||||||
mapping_report = ''
|
|
||||||
if File.exist?(os_net_config)
|
|
||||||
mapping_report =
|
|
||||||
Facter::Core::Execution.execute("#{os_net_config} -i")
|
|
||||||
mapping_report.delete("{}' ")
|
|
||||||
end
|
|
||||||
mapping_report
|
|
||||||
end
|
|
||||||
end
|
|
@ -1,27 +0,0 @@
|
|||||||
# Copyright 2016 Red Hat, Inc.
|
|
||||||
# All Rights Reserved.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
|
|
||||||
Facter.add('stonith_levels') do
|
|
||||||
setcode do
|
|
||||||
|
|
||||||
# If crm_node is present, return true. Otherwise, return false.
|
|
||||||
if Facter::Core::Execution.which('crm_node')
|
|
||||||
hostname = Facter::Core::Execution.execute("crm_node -n 2> /dev/null", {})
|
|
||||||
stonith_levels = Facter::Core::Execution.execute("pcs stonith level 2>&1 | sed -n \"/^Target: #{hostname}$/,/^Target:/{/^Target: #{hostname}$/b;/^Target:/b;p}\" |tail -1 | awk '{print $2}' 2> /dev/null", {}).to_i
|
|
||||||
stonith_levels
|
|
||||||
end
|
|
||||||
|
|
||||||
end
|
|
||||||
end
|
|
@ -1,44 +0,0 @@
|
|||||||
# This custom function converts an array of docker volumes to the storage_maps
|
|
||||||
# hash required by the pacemaker::resource::bundle resource. A prefix is added
|
|
||||||
# to each entry in the storage map to ensure the Puppet resources are unique.
|
|
||||||
#
|
|
||||||
# Given:
|
|
||||||
# docker_volumes = ["/src/vol1:/tgt/vol1", "/src/vol2:/tgt/vol2:ro"]
|
|
||||||
# prefix = "my-prefix"
|
|
||||||
# Returns:
|
|
||||||
# storage_maps = {
|
|
||||||
# "my-prefix-src-vol1" => {
|
|
||||||
# "source-dir" => "/src/vol1",
|
|
||||||
# "target-dir" => "/tgt/vol1",
|
|
||||||
# "options" => "rw",
|
|
||||||
# },
|
|
||||||
# "my-prefix-src-vol2" => {
|
|
||||||
# "source-dir" => "/src/vol2",
|
|
||||||
# "target-dir" => "/tgt/vol2",
|
|
||||||
# "options" => "ro",
|
|
||||||
# }
|
|
||||||
# }
|
|
||||||
Puppet::Functions.create_function(:'docker_volumes_to_storage_maps') do
|
|
||||||
dispatch :docker_volumes_to_storage_maps do
|
|
||||||
param 'Array', :docker_volumes
|
|
||||||
param 'String', :prefix
|
|
||||||
return_type 'Hash'
|
|
||||||
end
|
|
||||||
|
|
||||||
def docker_volumes_to_storage_maps(docker_volumes, prefix)
|
|
||||||
storage_maps = Hash.new
|
|
||||||
docker_volumes.each do |docker_vol|
|
|
||||||
source, target, options = docker_vol.split(":")
|
|
||||||
unless options
|
|
||||||
options = "rw"
|
|
||||||
end
|
|
||||||
storage_maps[prefix + source.gsub("/", "-")] = {
|
|
||||||
"source-dir" => source,
|
|
||||||
"target-dir" => target,
|
|
||||||
"options" => options,
|
|
||||||
}
|
|
||||||
end
|
|
||||||
return storage_maps
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
@ -1,32 +0,0 @@
|
|||||||
require 'ipaddr'
|
|
||||||
|
|
||||||
# Custom function to convert an IP4/6 address from a string to the
|
|
||||||
# erlang inet kernel format.
|
|
||||||
# For example from "172.17.0.16" to {172,17,0,16}
|
|
||||||
# See http://erlang.org/doc/man/kernel_app.html and http://erlang.org/doc/man/inet.html
|
|
||||||
# for more information.
|
|
||||||
Puppet::Functions.create_function(:ip_to_erl_format) do
|
|
||||||
dispatch :ip_to_erl_format do
|
|
||||||
param 'String', :ip_addr
|
|
||||||
end
|
|
||||||
|
|
||||||
def ip_to_erl_format(ip_addr)
|
|
||||||
ip = IPAddr.new(ip_addr)
|
|
||||||
output = '{'
|
|
||||||
if ip.ipv6?
|
|
||||||
split_char = ':'
|
|
||||||
base = 16
|
|
||||||
else
|
|
||||||
split_char = '.'
|
|
||||||
base = 10
|
|
||||||
end
|
|
||||||
# to_string() prints the canonicalized form
|
|
||||||
ip.to_string().split(split_char).each {
|
|
||||||
|x| output += x.to_i(base).to_s + ','
|
|
||||||
}
|
|
||||||
# Remove the last spurious comma
|
|
||||||
output = output.chomp(',')
|
|
||||||
output += '}'
|
|
||||||
return output
|
|
||||||
end
|
|
||||||
end
|
|
@ -1,31 +0,0 @@
|
|||||||
# This function is an hack because we are not enabling Puppet parser
|
|
||||||
# that would allow us to manipulate data iterations directly in manifests.
|
|
||||||
#
|
|
||||||
# Example:
|
|
||||||
# keystone_vips = ['192.168.0.1:5000', '192.168.0.2:5000']
|
|
||||||
# $keystone_bind_opts = ['transparent']
|
|
||||||
#
|
|
||||||
# Using this function:
|
|
||||||
# $keystone_vips_hash = list_to_hash($keystone_vips, $keystone_bind_opts)
|
|
||||||
#
|
|
||||||
# Would return:
|
|
||||||
# $keystone_vips_hash = {
|
|
||||||
# '192.168.0.1:5000' => ['transparent'],
|
|
||||||
# '192.168.0.2:5000' => ['transparent'],
|
|
||||||
# }
|
|
||||||
#
|
|
||||||
# Disclaimer: this function is an hack and will disappear once TripleO enable
|
|
||||||
# Puppet parser.
|
|
||||||
#
|
|
||||||
|
|
||||||
Puppet::Functions.create_function(:list_to_hash) do
|
|
||||||
dispatch :list_to_hash do
|
|
||||||
param 'Array', :arr1
|
|
||||||
param 'Array', :arr2
|
|
||||||
end
|
|
||||||
|
|
||||||
def list_to_hash(arr1, arr2)
|
|
||||||
hh = arr1.each_with_object({}) { |v,h| h[v] = arr2 }
|
|
||||||
return hh
|
|
||||||
end
|
|
||||||
end
|
|
@ -1,30 +0,0 @@
|
|||||||
# This function merges two hashes and concatenate the values of
|
|
||||||
# identical keys
|
|
||||||
#
|
|
||||||
# Example:
|
|
||||||
# $frontend = { 'option' => [ 'tcpka', 'tcplog' ],
|
|
||||||
# 'timeout client' => '90m' }
|
|
||||||
# $backend = { 'option' => [ 'httpchk' ],
|
|
||||||
# 'timeout server' => '90m' }
|
|
||||||
#
|
|
||||||
# Using this function:
|
|
||||||
# $merge = merge_hash_values($frontend, $backend)
|
|
||||||
#
|
|
||||||
# Would return:
|
|
||||||
# $merge = { 'option' => [ 'tcpka', 'tcplog', 'httpchk' ],
|
|
||||||
# 'timeout client' => '90m',
|
|
||||||
# 'timeout server' => '90m' }
|
|
||||||
#
|
|
||||||
|
|
||||||
Puppet::Functions.create_function(:'merge_hash_values') do
|
|
||||||
dispatch :merge_hash_values do
|
|
||||||
param 'Hash', :hash1
|
|
||||||
param 'Hash', :hash2
|
|
||||||
return_type 'Hash'
|
|
||||||
end
|
|
||||||
|
|
||||||
def merge_hash_values(hash1, hash2)
|
|
||||||
hh = hash1.merge(hash2) {|k, v1, v2| (v2 + v1).uniq()}
|
|
||||||
return hh
|
|
||||||
end
|
|
||||||
end
|
|
@ -1,21 +0,0 @@
|
|||||||
# Custom function to generate password hash for MariaDB's auth_ed25519
|
|
||||||
# Input is a regular mariadb user password
|
|
||||||
# Output is the hashed password as expected by auth_ed25519
|
|
||||||
Puppet::Functions.create_function(:'mysql_ed25519_password') do
|
|
||||||
dispatch :mysql_ed25519_password do
|
|
||||||
param 'String', :password
|
|
||||||
return_type 'String'
|
|
||||||
end
|
|
||||||
|
|
||||||
def mysql_ed25519_password(password)
|
|
||||||
# mysql's auth_ed25519 consists in generating a ed25519 public key
|
|
||||||
# out of the sha512(password). Unfortunately, there is no native
|
|
||||||
# ruby implementation of ed25519's unclamped scalar multiplication
|
|
||||||
# just yet, so rely on an binary to get the hash for now.
|
|
||||||
python = `(which python3 || which python2 || which python) 2>/dev/null`
|
|
||||||
raise Puppet::Error, 'python interpreter not found in path' unless $?.success?
|
|
||||||
hashed = `#{python.rstrip()} /etc/puppet/modules/tripleo/files/mysql_ed25519_password.py #{password}`
|
|
||||||
raise Puppet::Error, 'generated hash is not 43 bytes long.' unless hashed.length == 43
|
|
||||||
return hashed
|
|
||||||
end
|
|
||||||
end
|
|
@ -1,93 +0,0 @@
|
|||||||
# Copyright 2017 Red Hat, Inc.
|
|
||||||
# All Rights Reserved.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# Author: Dan Prince <dprince@redhat.com>
|
|
||||||
#
|
|
||||||
# A function to create noop providers (set as the default) for the named
|
|
||||||
# resource. This works alongside of 'puppet apply --tags' to disable
|
|
||||||
# some custom resource types that still attempt to run commands during
|
|
||||||
# prefetch, etc.
|
|
||||||
class Puppet::Provider::Noop < Puppet::Provider
|
|
||||||
|
|
||||||
# generic resource interfaces
|
|
||||||
def create
|
|
||||||
true
|
|
||||||
end
|
|
||||||
|
|
||||||
def destroy
|
|
||||||
true
|
|
||||||
end
|
|
||||||
|
|
||||||
def exists?
|
|
||||||
false
|
|
||||||
end
|
|
||||||
|
|
||||||
# package resource
|
|
||||||
def install
|
|
||||||
true
|
|
||||||
end
|
|
||||||
|
|
||||||
def uninstall
|
|
||||||
true
|
|
||||||
end
|
|
||||||
|
|
||||||
def latest
|
|
||||||
true
|
|
||||||
end
|
|
||||||
|
|
||||||
def update
|
|
||||||
true
|
|
||||||
end
|
|
||||||
|
|
||||||
def purge
|
|
||||||
true
|
|
||||||
end
|
|
||||||
|
|
||||||
def self.instances
|
|
||||||
[]
|
|
||||||
end
|
|
||||||
|
|
||||||
# service resource
|
|
||||||
def status
|
|
||||||
0
|
|
||||||
end
|
|
||||||
|
|
||||||
def start
|
|
||||||
true
|
|
||||||
end
|
|
||||||
|
|
||||||
def stop
|
|
||||||
true
|
|
||||||
end
|
|
||||||
|
|
||||||
# some puppet-keystone resources require this
|
|
||||||
def self.resource_to_name(domain, name, check_for_default = true)
|
|
||||||
return name
|
|
||||||
end
|
|
||||||
|
|
||||||
end
|
|
||||||
|
|
||||||
Puppet::Functions.create_function(:noop_resource) do
|
|
||||||
dispatch :noop_resource do
|
|
||||||
param 'String', :res
|
|
||||||
end
|
|
||||||
|
|
||||||
def noop_resource(res)
|
|
||||||
Puppet::Type.type(res.downcase.to_sym).provide(:noop, :parent => Puppet::Provider::Noop) do
|
|
||||||
defaultfor :osfamily => :redhat
|
|
||||||
end
|
|
||||||
return true
|
|
||||||
end
|
|
||||||
end
|
|
@ -1,24 +0,0 @@
|
|||||||
# Custom function to extract the current number of replicas for a pacemaker
|
|
||||||
# resource, as defined in the pacemaker cluster.
|
|
||||||
# Input is the name of a pacemaker bundle resource
|
|
||||||
# Output is the number of replicas for that resource or 0 if not found
|
|
||||||
Puppet::Functions.create_function(:'pacemaker_bundle_replicas') do
|
|
||||||
dispatch :pacemaker_bundle_replicas do
|
|
||||||
param 'String', :bundle
|
|
||||||
return_type 'Integer'
|
|
||||||
end
|
|
||||||
|
|
||||||
def pacemaker_bundle_replicas(bundle)
|
|
||||||
# the name of the node holding the replicas attribute varies based on the
|
|
||||||
# container engine used (podman, docker...), so match via attributes instead
|
|
||||||
replicas = `cibadmin -Q | xmllint --xpath "string(//bundle[@id='#{bundle}']/*[boolean(@image) and boolean(@run-command)]/@replicas)" -`
|
|
||||||
# strip line break
|
|
||||||
replicas.strip!
|
|
||||||
# post-condition: 0 in case the bundle does not exist or an error occurred
|
|
||||||
if $?.success? && !replicas.empty?
|
|
||||||
return Integer(replicas)
|
|
||||||
else
|
|
||||||
return 0
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
@ -1,39 +0,0 @@
|
|||||||
# This adds to ssl profile hash a proper value of "caCertFile" key for "caCertFileContent" key.
|
|
||||||
#
|
|
||||||
# Given:
|
|
||||||
# ssl_profiles = [{"name": "test", "caCertFileContent": "cert content", ...}, ...]
|
|
||||||
# cert_dir = "/etc/pki/tls/certs/"
|
|
||||||
# Returns:
|
|
||||||
# ssl_profiles = [
|
|
||||||
# {"name": "test",
|
|
||||||
# "caCertFileContent": "cert content",
|
|
||||||
# "caCertFile": "/etc/pki/tls/certs/CA_test.pem",
|
|
||||||
# ... },
|
|
||||||
# ...
|
|
||||||
# ]
|
|
||||||
Puppet::Functions.create_function(:qdr_ssl_certificate) do
|
|
||||||
|
|
||||||
dispatch :qdr_ssl_certificate do
|
|
||||||
param 'Array', :ssl_profiles
|
|
||||||
param 'String', :cert_dir
|
|
||||||
return_type 'Array'
|
|
||||||
end
|
|
||||||
|
|
||||||
def qdr_ssl_certificate(ssl_profiles, cert_dir)
|
|
||||||
processed_profiles = Array.new
|
|
||||||
ssl_profiles.each do |profile|
|
|
||||||
if profile.key?("caCertFileContent")
|
|
||||||
processed = profile.clone
|
|
||||||
# create certificate path
|
|
||||||
path = File.join(cert_dir, "CA_#{processed["name"]}.pem")
|
|
||||||
# update profile
|
|
||||||
processed["caCertFile"] = path
|
|
||||||
processed_profiles.append(processed)
|
|
||||||
else
|
|
||||||
processed_profiles.append(profile)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
return processed_profiles
|
|
||||||
end
|
|
||||||
|
|
||||||
end
|
|
@ -1,27 +0,0 @@
|
|||||||
# Build Swift devices list from the parts, e.g. for:
|
|
||||||
# raw_disk_prefix = 'r1z1-'
|
|
||||||
# swift_storage_node_ips = ['192.168.1.12', '192.168.1.13']
|
|
||||||
# raw_disks = [':%PORT%/device1', ':%PORT%/device2']
|
|
||||||
#
|
|
||||||
# devices will be ['r1z1-192.168.1.12:%PORT%/device1',
|
|
||||||
# 'r1z1-192.168.1.12:%PORT%/device2'
|
|
||||||
# 'r1z1-192.168.1.13:%PORT%/device1'
|
|
||||||
# 'r1z1-192.168.1.13:%PORT%/device2']
|
|
||||||
Puppet::Functions.create_function(:tripleo_swift_devices) do
|
|
||||||
dispatch :tripleo_swift_devices do
|
|
||||||
param 'String', :raw_disk_prefix
|
|
||||||
param 'Array', :swift_node_ips
|
|
||||||
param 'Array', :raw_disks
|
|
||||||
end
|
|
||||||
|
|
||||||
def tripleo_swift_devices(raw_disk_prefix, swift_node_ips, raw_disks)
|
|
||||||
devices = []
|
|
||||||
for ip in swift_node_ips do
|
|
||||||
for disk in raw_disks do
|
|
||||||
devices << "#{raw_disk_prefix}#{ip}#{disk}"
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
return devices
|
|
||||||
end
|
|
||||||
end
|
|
@ -1,85 +0,0 @@
|
|||||||
require 'ipaddr'
|
|
||||||
|
|
||||||
# Custom function to lookup the interface which matches the subnet
|
|
||||||
# of the provided IP address.
|
|
||||||
# The function iterates over all the interfaces and chooses the
|
|
||||||
# first locally assigned interface which matches the IP.
|
|
||||||
module Puppet::Parser::Functions
|
|
||||||
newfunction(:interface_for_ip, :type => :rvalue, :doc => "Find the bind IP address for the provided subnet.") do |arg|
|
|
||||||
if arg[0].class == String
|
|
||||||
begin
|
|
||||||
ip1 = IPAddr.new(arg[0])
|
|
||||||
network_facts = lookupvar('networking')
|
|
||||||
Dir.foreach('/sys/class/net/') do |interface|
|
|
||||||
next if interface == '.' || interface == '..'
|
|
||||||
# puppet downcases fact names, interface names can have capitals but
|
|
||||||
# in facter 2.x they were lower case. In facter 3.x they can have
|
|
||||||
# capitals
|
|
||||||
iface_no_dash = interface.gsub('-', '_').downcase
|
|
||||||
|
|
||||||
if ip1.ipv4?
|
|
||||||
ipaddress_name = "ipaddress_#{iface_no_dash}"
|
|
||||||
netmask_name = "netmask_#{iface_no_dash}"
|
|
||||||
facter_ip = 'ip'
|
|
||||||
facter_netmask = 'netmask'
|
|
||||||
else
|
|
||||||
ipaddress_name = "ipaddress6_#{iface_no_dash}"
|
|
||||||
netmask_name = "netmask6_#{iface_no_dash}"
|
|
||||||
facter_ip = 'ip6'
|
|
||||||
facter_netmask = 'netmask6'
|
|
||||||
end
|
|
||||||
|
|
||||||
if network_facts.nil? or network_facts['interfaces'].nil? then
|
|
||||||
# facter 2 facts
|
|
||||||
interface_ip = lookupvar(ipaddress_name)
|
|
||||||
next if interface_ip.nil?
|
|
||||||
ip2 = IPAddr.new(interface_ip)
|
|
||||||
netmask = lookupvar(netmask_name)
|
|
||||||
return interface if ip1.mask(netmask) == ip2.mask(netmask)
|
|
||||||
else
|
|
||||||
# facter 3+ syntax:
|
|
||||||
# networking => {
|
|
||||||
# ...
|
|
||||||
# interfaces => {
|
|
||||||
# br-ctlplane => {
|
|
||||||
# bindings => [
|
|
||||||
# {
|
|
||||||
# address => "192.168.24.1",
|
|
||||||
# netmask => "255.255.255.0",
|
|
||||||
# network => "192.168.24.0"
|
|
||||||
# }
|
|
||||||
# ],
|
|
||||||
# bindings6 => [
|
|
||||||
# {
|
|
||||||
# address => "fe80::5054:ff:fe22:bac3",
|
|
||||||
# netmask => "ffff:ffff:ffff:ffff::",
|
|
||||||
# network => "fe80::"
|
|
||||||
# }
|
|
||||||
# ],
|
|
||||||
# ip => "192.168.24.1",
|
|
||||||
# ip6 => "fe80::5054:ff:fe22:bac3",
|
|
||||||
# mac => "52:54:00:22:ba:c3",
|
|
||||||
# mtu => 1500,
|
|
||||||
# netmask => "255.255.255.0",
|
|
||||||
# netmask6 => "ffff:ffff:ffff:ffff::",
|
|
||||||
# network => "192.168.24.0",
|
|
||||||
# network6 => "fe80::"
|
|
||||||
# },
|
|
||||||
# },
|
|
||||||
# ...
|
|
||||||
# }
|
|
||||||
next if network_facts['interfaces'][interface].nil? or network_facts['interfaces'][interface][facter_ip].nil?
|
|
||||||
ip2 = IPAddr.new(network_facts['interfaces'][interface][facter_ip])
|
|
||||||
netmask = network_facts['interfaces'][interface][facter_netmask]
|
|
||||||
return interface if ip1.mask(netmask) == ip2.mask(netmask)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
rescue IPAddr::InvalidAddressError => e
|
|
||||||
raise Puppet::ParseError, "#{e}: #{arg[0]}"
|
|
||||||
end
|
|
||||||
else
|
|
||||||
raise Puppet::ParseError, "Syntax error: #{arg[0]} must be a String"
|
|
||||||
end
|
|
||||||
return ''
|
|
||||||
end
|
|
||||||
end
|
|
@ -1,34 +0,0 @@
|
|||||||
module Puppet::Parser::Functions
|
|
||||||
newfunction(:local_fence_devices, :arity =>2, :type => :rvalue,
|
|
||||||
:doc => ("Given an array of fence device configs, limit them" +
|
|
||||||
"to fence devices whose MAC address is present on" +
|
|
||||||
"some of the local NICs, and prepare a hash which can be" +
|
|
||||||
"passed to create_resources function")) do |args|
|
|
||||||
agent = args[0]
|
|
||||||
devices = args[1]
|
|
||||||
unless agent.is_a?(String) && agent.length > 0
|
|
||||||
raise Puppet::ParseError, "local_fence_devices: Argument 'agent' must be a non-empty string. The value given was: #{agent_type}"
|
|
||||||
end
|
|
||||||
unless devices.is_a?(Array)
|
|
||||||
raise Puppet::ParseError, "local_fence_devices: Argument 'devices' must be an array. The value given was: #{devices}"
|
|
||||||
end
|
|
||||||
|
|
||||||
# filter by agent type
|
|
||||||
agent_type_devices = devices.select { |device| device['agent'] == agent }
|
|
||||||
|
|
||||||
# filter by local mac address
|
|
||||||
local_devices = agent_type_devices.select do |device|
|
|
||||||
function_has_interface_with(['macaddress', device['host_mac']])
|
|
||||||
end
|
|
||||||
|
|
||||||
# construct a hash for create_resources
|
|
||||||
return local_devices.each_with_object({}) do |device, hash|
|
|
||||||
# disallow collisions
|
|
||||||
if hash[device['host_mac']]
|
|
||||||
raise Puppet::ParseError, "local_fence_devices: Only single fence device per agent per host is allowed. Collision on #{device['host_mac']} for #{agent}"
|
|
||||||
end
|
|
||||||
|
|
||||||
hash[device['host_mac']] = device['params'] || {}
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
@ -1,51 +0,0 @@
|
|||||||
# Copyright 2015 Red Hat, Inc.
|
|
||||||
# All Rights Reserved.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
require 'puppet'
|
|
||||||
require 'puppet/provider/package'
|
|
||||||
|
|
||||||
Puppet::Type.type(:package).provide :norpm, :source => :rpm, :parent => :rpm do
|
|
||||||
desc "RPM packaging provider that does not install anything."
|
|
||||||
|
|
||||||
has_feature :virtual_packages
|
|
||||||
|
|
||||||
def latest
|
|
||||||
@resource.fail "'latest' is unsupported by this provider."
|
|
||||||
end
|
|
||||||
|
|
||||||
def install
|
|
||||||
Puppet.warning("[norpm] Attempting to install #{name} but it will not be installed")
|
|
||||||
true
|
|
||||||
end
|
|
||||||
|
|
||||||
def uninstall
|
|
||||||
Puppet.warning("[norpm] Attempting to uninstall #{name} but it will not be removed")
|
|
||||||
true
|
|
||||||
end
|
|
||||||
|
|
||||||
def update
|
|
||||||
Puppet.warning("[norpm] Attempting to update #{name} but it will not be updated")
|
|
||||||
true
|
|
||||||
end
|
|
||||||
|
|
||||||
def purge
|
|
||||||
Puppet.warning("[norpm] Attempting to purge #{name} but it will not be removed")
|
|
||||||
true
|
|
||||||
end
|
|
||||||
|
|
||||||
def self.instances
|
|
||||||
return []
|
|
||||||
end
|
|
||||||
|
|
||||||
end
|
|
@ -1,44 +0,0 @@
|
|||||||
# == Class: tripleo::config
|
|
||||||
#
|
|
||||||
# Configure services with Puppet
|
|
||||||
#
|
|
||||||
# === Parameters:
|
|
||||||
#
|
|
||||||
# [*configs*]
|
|
||||||
# (optional) Configuration to inject.
|
|
||||||
# Should be an hash.
|
|
||||||
# Default to lookup('param_config', {})
|
|
||||||
#
|
|
||||||
# [*providers*]
|
|
||||||
# (optional) Filter the providers we want
|
|
||||||
# to use for config.
|
|
||||||
# Should be an array.
|
|
||||||
# Default to lookup('param_providers', Array[String], 'deep', [])
|
|
||||||
#
|
|
||||||
class tripleo::config(
|
|
||||||
$configs = lookup('param_config', {}),
|
|
||||||
$providers = lookup('param_providers', Array[String], 'deep', []),
|
|
||||||
) {
|
|
||||||
|
|
||||||
if ! empty($configs) {
|
|
||||||
# Allow composable services to load their own configurations.
|
|
||||||
# Each service can load its config options by using this form:
|
|
||||||
#
|
|
||||||
# puppet_config:
|
|
||||||
# param_config:
|
|
||||||
# 'aodh_config':
|
|
||||||
# DEFAULT:
|
|
||||||
# foo: fooValue
|
|
||||||
# bar: barValue
|
|
||||||
$configs.each |$provider, $sections| {
|
|
||||||
if empty($providers) or ($provider in $providers) {
|
|
||||||
$sections.each |$section, $params| {
|
|
||||||
$params.each |$param, $value| {
|
|
||||||
create_resources($provider, {"${section}/${param}" => {'value' => $value }})
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,222 +0,0 @@
|
|||||||
# == Class: tripleo::fencing
|
|
||||||
#
|
|
||||||
# Configure Pacemaker fencing devices for TripleO.
|
|
||||||
#
|
|
||||||
# === Parameters:
|
|
||||||
#
|
|
||||||
# [*config*]
|
|
||||||
# JSON config of fencing devices, using the following structure:
|
|
||||||
# {
|
|
||||||
# "devices": [
|
|
||||||
# {
|
|
||||||
# "agent": "AGENT_NAME",
|
|
||||||
# "host_mac": "HOST_MAC_ADDRESS",
|
|
||||||
# "params": {"PARAM_NAME": "PARAM_VALUE"}
|
|
||||||
# }
|
|
||||||
# ]
|
|
||||||
# }
|
|
||||||
# For instance:
|
|
||||||
# {
|
|
||||||
# "devices": [
|
|
||||||
# {
|
|
||||||
# "agent": "fence_xvm",
|
|
||||||
# "host_mac": "52:54:00:aa:bb:cc",
|
|
||||||
# "params": {
|
|
||||||
# "multicast_address": "225.0.0.12",
|
|
||||||
# "port": "baremetal_0",
|
|
||||||
# "manage_fw": true,
|
|
||||||
# "manage_key_file": true,
|
|
||||||
# "key_file": "/etc/fence_xvm.key",
|
|
||||||
# "key_file_password": "abcdef"
|
|
||||||
# }
|
|
||||||
# }
|
|
||||||
# ]
|
|
||||||
# }
|
|
||||||
# Defaults to {}
|
|
||||||
#
|
|
||||||
# [*tries*]
|
|
||||||
# Number of attempts when creating fence devices and constraints.
|
|
||||||
# Defaults to 10
|
|
||||||
#
|
|
||||||
# [*try_sleep*]
|
|
||||||
# Delay (in seconds) between attempts when creating fence devices
|
|
||||||
# and constraints.
|
|
||||||
# Defaults to 3
|
|
||||||
#
|
|
||||||
# [*deep_compare*]
|
|
||||||
# Enable deep comparing of resources and bundles
|
|
||||||
# When set to true a resource will be compared in full (options, meta parameters,..)
|
|
||||||
# to the existing one and in case of difference it will be repushed to the CIB
|
|
||||||
# Defaults to false
|
|
||||||
#
|
|
||||||
# [*update_settle_secs*]
|
|
||||||
# When deep_compare is enabled and puppet updates a resource, this
|
|
||||||
# parameter represents the number (in seconds) to wait for the cluster to settle
|
|
||||||
# after the resource update.
|
|
||||||
# Defaults to 600 (seconds)
|
|
||||||
#
|
|
||||||
# [*watchdog_timeout*]
|
|
||||||
# Only valid if sbd watchdog fencing is enabled.
|
|
||||||
# Pacemaker will assume unseen nodes self-fence within this much time.
|
|
||||||
# Defaults to 60 (seconds)
|
|
||||||
#
|
|
||||||
# [*enable_instanceha*]
|
|
||||||
# (Optional) Boolean driving the Instance HA controlplane configuration
|
|
||||||
# Defaults to lookup('tripleo::instanceha', undef, undef, false),
|
|
||||||
#
|
|
||||||
class tripleo::fencing(
|
|
||||||
$config = {},
|
|
||||||
$tries = 10,
|
|
||||||
$try_sleep = 3,
|
|
||||||
$deep_compare = false,
|
|
||||||
$update_settle_secs = 600,
|
|
||||||
$watchdog_timeout = 60,
|
|
||||||
$enable_instanceha = lookup('tripleo::instanceha', undef, undef, false),
|
|
||||||
) {
|
|
||||||
$common_params = {
|
|
||||||
'tries' => $tries,
|
|
||||||
'try_sleep' => $try_sleep,
|
|
||||||
'deep_compare' => $deep_compare,
|
|
||||||
'update_settle_secs' => $update_settle_secs
|
|
||||||
}
|
|
||||||
|
|
||||||
# check if instanceha is enabled
|
|
||||||
if member(lookup('compute_instanceha_short_node_names', undef, undef, []), downcase($::hostname)) {
|
|
||||||
$is_compute_instanceha_node = true
|
|
||||||
} else {
|
|
||||||
$is_compute_instanceha_node = false
|
|
||||||
}
|
|
||||||
|
|
||||||
$content = $config['devices']
|
|
||||||
|
|
||||||
# check if the devices: section in fence.yaml contains levels.
|
|
||||||
# if it doesn't, assume level=1 and build a hash with the content.
|
|
||||||
$all_levels = $content ? {
|
|
||||||
Array => {'level1' => $content},
|
|
||||||
default => $content
|
|
||||||
}
|
|
||||||
|
|
||||||
# collect the number of stonith levels currently defined for this system
|
|
||||||
# and convert it to integer.
|
|
||||||
$local_levels = 0 + $facts['stonith_levels']
|
|
||||||
|
|
||||||
# if the number of levels defined on this system is greater than the number in hiera
|
|
||||||
# we need to delete the delta.
|
|
||||||
if $local_levels > $all_levels.length {
|
|
||||||
$begin = $all_levels.length + 1
|
|
||||||
range("${begin}", "${local_levels}").each |$level|{
|
|
||||||
pacemaker::stonith::level{ "stonith-${level}":
|
|
||||||
ensure => 'absent',
|
|
||||||
level => $level,
|
|
||||||
target => '$(/usr/sbin/crm_node -n)',
|
|
||||||
stonith_resources => [''],
|
|
||||||
tries => $tries,
|
|
||||||
try_sleep => $try_sleep,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
$all_levels.each |$index, $levelx_devices |{
|
|
||||||
|
|
||||||
$level = regsubst($index, 'level', '', 'G')
|
|
||||||
$all_devices = $levelx_devices
|
|
||||||
|
|
||||||
$xvm_devices = local_fence_devices('fence_xvm', $all_devices)
|
|
||||||
create_resources('pacemaker::stonith::fence_xvm', $xvm_devices, $common_params)
|
|
||||||
|
|
||||||
$ironic_devices = local_fence_devices('fence_ironic', $all_devices)
|
|
||||||
create_resources('pacemaker::stonith::fence_ironic', $ironic_devices, $common_params)
|
|
||||||
|
|
||||||
$redfish_devices = local_fence_devices('fence_redfish', $all_devices)
|
|
||||||
create_resources('pacemaker::stonith::fence_redfish', $redfish_devices, $common_params)
|
|
||||||
|
|
||||||
$ipmilan_devices = local_fence_devices('fence_ipmilan', $all_devices)
|
|
||||||
create_resources('pacemaker::stonith::fence_ipmilan', $ipmilan_devices, $common_params)
|
|
||||||
|
|
||||||
$kdump_devices = local_fence_devices('fence_kdump', $all_devices)
|
|
||||||
create_resources('pacemaker::stonith::fence_kdump', $kdump_devices, $common_params)
|
|
||||||
|
|
||||||
$kubevirt_devices = local_fence_devices('fence_kubevirt', $all_devices)
|
|
||||||
create_resources('pacemaker::stonith::fence_kubevirt', $kubevirt_devices, $common_params)
|
|
||||||
|
|
||||||
$rhev_devices = local_fence_devices('fence_rhevm', $all_devices)
|
|
||||||
create_resources('pacemaker::stonith::fence_rhevm', $rhev_devices, $common_params)
|
|
||||||
|
|
||||||
$ucs_devices = local_fence_devices('fence_cisco_ucs', $all_devices)
|
|
||||||
create_resources('pacemaker::stonith::fence_cisco_ucs', $ucs_devices, $common_params)
|
|
||||||
|
|
||||||
$data = {
|
|
||||||
'xvm' => $xvm_devices, 'ironic' => $ironic_devices, 'redfish' => $redfish_devices,
|
|
||||||
'ipmilan' => $ipmilan_devices, 'kdump' => $kdump_devices, 'kubevirt' => $kubevirt_devices,
|
|
||||||
'rhevm' => $rhev_devices, 'cisco_ucs' => $ucs_devices
|
|
||||||
}
|
|
||||||
|
|
||||||
# let's store the number of stonith devices created for this server.
|
|
||||||
# this will be used to detect if there is a least one and fail if
|
|
||||||
# instance_ha is configured and puppet is running on a compute node.
|
|
||||||
$data_num = [
|
|
||||||
length($ironic_devices), length($redfish_devices),
|
|
||||||
length($ipmilan_devices), length($kdump_devices), length($rhev_devices)
|
|
||||||
]
|
|
||||||
|
|
||||||
$sum = $data_num.reduce |$memo, $value| { $memo + $value }
|
|
||||||
|
|
||||||
$data.each |$items| {
|
|
||||||
$driver = $items[0]
|
|
||||||
$driver_devices = $items[1]
|
|
||||||
|
|
||||||
# if there is no valid stonith device and this is a compute-instanceha node we raise an exception
|
|
||||||
if $level == '1' and $sum == 0 and $enable_instanceha and $is_compute_instanceha_node {
|
|
||||||
fail('Instance HA requires at least one valid stonith device')
|
|
||||||
}
|
|
||||||
|
|
||||||
if $driver_devices and length($driver_devices) == 1 {
|
|
||||||
$mac = keys($driver_devices)[0]
|
|
||||||
$safe_mac = regsubst($mac, ':', '', 'G')
|
|
||||||
if ($enable_instanceha and $is_compute_instanceha_node) {
|
|
||||||
$stonith_resources = [ "stonith-fence_${driver}-${safe_mac}", 'stonith-fence_compute-fence-nova' ]
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$stonith_resources = [ "stonith-fence_${driver}-${safe_mac}" ]
|
|
||||||
}
|
|
||||||
pacemaker::stonith::level{ "stonith-${level}-${safe_mac}":
|
|
||||||
level => $level,
|
|
||||||
target => '$(/usr/sbin/crm_node -n)',
|
|
||||||
stonith_resources => $stonith_resources,
|
|
||||||
tries => $tries,
|
|
||||||
try_sleep => $try_sleep,
|
|
||||||
}
|
|
||||||
Pcmk_stonith<||> -> Pcmk_stonith_level<||>
|
|
||||||
}
|
|
||||||
}
|
|
||||||
# we use the boostrap_node to create the watchdog resource and the stonith
|
|
||||||
# topology for all the nodes in the cluster, because the watchdog resource
|
|
||||||
# is not per-node but cluster-wide
|
|
||||||
$watchdog_devices = local_fence_devices('fence_watchdog', $all_devices)
|
|
||||||
if length($watchdog_devices) > 0 {
|
|
||||||
# check if this is the bootstrap node
|
|
||||||
if downcase($::hostname) == lookup('pacemaker_short_bootstrap_node_name') {
|
|
||||||
create_resources('pacemaker::stonith::fence_watchdog', $watchdog_devices, $common_params)
|
|
||||||
$stonith_resources = [ 'watchdog' ]
|
|
||||||
# if this is the boostrap node we set watchdog as levelX for all
|
|
||||||
# the pacemaker nodes
|
|
||||||
lookup('pacemaker_short_node_names').each |$node| {
|
|
||||||
pacemaker::stonith::level{ "stonith-${level}-watchdog-${node}":
|
|
||||||
level => $level,
|
|
||||||
target => $node,
|
|
||||||
stonith_resources => [ 'watchdog' ],
|
|
||||||
tries => $tries,
|
|
||||||
try_sleep => $try_sleep,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
pacemaker::property { 'stonith-watchdog-timeout':
|
|
||||||
property => 'stonith-watchdog-timeout',
|
|
||||||
value => $watchdog_timeout,
|
|
||||||
tries => $tries,
|
|
||||||
}
|
|
||||||
Pcmk_property<||> -> Pcmk_stonith<||> -> Pcmk_stonith_level<||>
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
1839
manifests/haproxy.pp
1839
manifests/haproxy.pp
File diff suppressed because it is too large
Load Diff
@ -1,321 +0,0 @@
|
|||||||
# Copyright 2014 Red Hat, Inc.
|
|
||||||
# All Rights Reserved.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
|
|
||||||
# == Class: tripleo::haproxy::endpoint
|
|
||||||
#
|
|
||||||
# Configure a HAProxy listen endpoint
|
|
||||||
#
|
|
||||||
# [*internal_ip*]
|
|
||||||
# The IP in which the proxy endpoint will be listening in the internal
|
|
||||||
# network.
|
|
||||||
#
|
|
||||||
# [*service_port*]
|
|
||||||
# The default port on which the endpoint will be listening.
|
|
||||||
#
|
|
||||||
# [*member_options*]
|
|
||||||
# Options for the balancer member, specified after the server declaration.
|
|
||||||
# These should go in the member's configuration block.
|
|
||||||
#
|
|
||||||
# [*use_backend_syntax*]
|
|
||||||
# (optional) When set to true, generate a config with frontend and
|
|
||||||
# backend sections, otherwise use listen sections.
|
|
||||||
# Defaults to lookup('haproxy_backend_syntax', undef, undef, false)
|
|
||||||
#
|
|
||||||
# [*haproxy_port*]
|
|
||||||
# An alternative port, on which haproxy will listen for incoming requests.
|
|
||||||
# Defaults to service_port.
|
|
||||||
#
|
|
||||||
# [*base_service_name*]
|
|
||||||
# In cases where the service name doesn't match the endpoint name, you can
|
|
||||||
# specify this option in order to get an appropriate value for $ip_addresses
|
|
||||||
# and $server_names. So, this will be used in hiera to derive these, if set.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*ip_addresses*]
|
|
||||||
# The ordered list of IPs to be used to contact the balancer member.
|
|
||||||
# Defaults to lookup("${name}_node_ips", undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*server_names*]
|
|
||||||
# The names of the balancer members, which usually should be the hostname.
|
|
||||||
# Defaults to lookup("${name}_node_names", undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*public_virtual_ip*]
|
|
||||||
# Address in which the proxy endpoint will be listening in the public network.
|
|
||||||
# If this service is internal only this should be omitted.
|
|
||||||
# Defaults to undef.
|
|
||||||
#
|
|
||||||
# [*mode*]
|
|
||||||
# HAProxy mode in which the endpoint will be listening. This can be undef,
|
|
||||||
# tcp, http or health.
|
|
||||||
# Defaults to undef.
|
|
||||||
#
|
|
||||||
# [*haproxy_listen_bind_param*]
|
|
||||||
# A list of params to be added to the HAProxy listener bind directive.
|
|
||||||
# Defaults to undef.
|
|
||||||
#
|
|
||||||
# [*listen_options*]
|
|
||||||
# Options specified for the listening service's configuration block (in
|
|
||||||
# HAproxy terms, the frontend).
|
|
||||||
# defaults to {'option' => []}
|
|
||||||
#
|
|
||||||
# [*frontend_options*]
|
|
||||||
# Options specified for the frontend service's configuration block
|
|
||||||
# defaults to {'option' => []}
|
|
||||||
#
|
|
||||||
# [*backend_options*]
|
|
||||||
# Options specified for the service's backend configuration block
|
|
||||||
# defaults to {'option' => []}
|
|
||||||
#
|
|
||||||
# [*public_ssl_port*]
|
|
||||||
# The port used for the public proxy endpoint if it differs from the default
|
|
||||||
# one. This is used only if SSL is enabled, and it's used in order to avoid
|
|
||||||
# overriding with the internal proxy endpoint (which could happen if they were
|
|
||||||
# in the same network).
|
|
||||||
# Defaults to undef.
|
|
||||||
#
|
|
||||||
# [*public_certificate*]
|
|
||||||
# Certificate path used to enable TLS for the public proxy endpoint.
|
|
||||||
# Defaults to undef.
|
|
||||||
#
|
|
||||||
# [*use_internal_certificates*]
|
|
||||||
# Flag that indicates if we'll use an internal certificate for this specific
|
|
||||||
# service. When set, enables SSL on the internal API endpoints using the file
|
|
||||||
# that certmonger is tracking; this is derived from the network the service is
|
|
||||||
# listening on.
|
|
||||||
# Defaults to false
|
|
||||||
#
|
|
||||||
# [*internal_certificates_specs*]
|
|
||||||
# A hash that should contain the specs that were used to create the
|
|
||||||
# certificates. As the name indicates, only the internal certificates will be
|
|
||||||
# fetched from here. And the keys should follow the following pattern
|
|
||||||
# "haproxy-<network name>". The network name should be as it was defined in
|
|
||||||
# tripleo-heat-templates.
|
|
||||||
# Note that this is only taken into account if the $use_internal_certificates
|
|
||||||
# flag is set.
|
|
||||||
# Defaults to {}
|
|
||||||
#
|
|
||||||
# [*service_network*]
|
|
||||||
# (optional) Indicates the network that the service is running on. Used for
|
|
||||||
# fetching the certificate for that specific network.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*authorized_userlist*]
|
|
||||||
# (optional) Userlist that may access the endpoint. Activate Basic Authentication.
|
|
||||||
# You'll need to create a tripleo::haproxy::userlist in order to use that option.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*sticky_sessions*]
|
|
||||||
# (optional) Enable sticky sessions for this frontend using a cookie
|
|
||||||
#
|
|
||||||
# [*session_cookie*]
|
|
||||||
# (optional) Cookie name to use for sticky sessions. This should be different
|
|
||||||
# for each service using sticky sessions.
|
|
||||||
#
|
|
||||||
define tripleo::haproxy::endpoint (
|
|
||||||
$internal_ip,
|
|
||||||
$service_port,
|
|
||||||
$member_options,
|
|
||||||
$use_backend_syntax = lookup('haproxy_backend_syntax', undef, undef, false),
|
|
||||||
$haproxy_port = undef,
|
|
||||||
$base_service_name = undef,
|
|
||||||
$ip_addresses = lookup("${name}_node_ips", undef, undef, undef),
|
|
||||||
$server_names = lookup("${name}_node_names", undef, undef, undef),
|
|
||||||
$public_virtual_ip = undef,
|
|
||||||
$mode = undef,
|
|
||||||
$haproxy_listen_bind_param = undef,
|
|
||||||
$listen_options = {
|
|
||||||
'option' => [],
|
|
||||||
},
|
|
||||||
$frontend_options = {
|
|
||||||
'option' => [],
|
|
||||||
},
|
|
||||||
$backend_options = {
|
|
||||||
'option' => [],
|
|
||||||
},
|
|
||||||
$public_ssl_port = undef,
|
|
||||||
$public_certificate = undef,
|
|
||||||
$use_internal_certificates = false,
|
|
||||||
$internal_certificates_specs = {},
|
|
||||||
$service_network = undef,
|
|
||||||
$authorized_userlist = undef,
|
|
||||||
$sticky_sessions = false,
|
|
||||||
$session_cookie = 'STICKYSESSION',
|
|
||||||
) {
|
|
||||||
|
|
||||||
if $haproxy_port {
|
|
||||||
$haproxy_port_real = $haproxy_port
|
|
||||||
$service_port_real = $service_port
|
|
||||||
} else {
|
|
||||||
$haproxy_port_real = $service_port
|
|
||||||
$service_port_real = $service_port
|
|
||||||
}
|
|
||||||
|
|
||||||
if $base_service_name {
|
|
||||||
$ip_addresses_real = lookup("${base_service_name}_node_ips", undef, undef, undef)
|
|
||||||
} else {
|
|
||||||
$ip_addresses_real = $ip_addresses
|
|
||||||
}
|
|
||||||
if $base_service_name {
|
|
||||||
$server_names_real = lookup("${base_service_name}_node_names", undef, undef, undef)
|
|
||||||
} else {
|
|
||||||
$server_names_real = $server_names
|
|
||||||
}
|
|
||||||
# Let users override the options on a per-service basis
|
|
||||||
$custom_options = lookup("tripleo::haproxy::${name}::options", undef, undef, undef)
|
|
||||||
$custom_frontend_options = lookup("tripleo::haproxy::${name}::frontend_options", undef, undef, undef)
|
|
||||||
$custom_backend_options = lookup("tripleo::haproxy::${name}::backend_options", undef, undef, undef)
|
|
||||||
$custom_bind_options_public = delete(
|
|
||||||
any2array(lookup("tripleo::haproxy::${name}::public_bind_options", undef, undef, undef)),
|
|
||||||
undef).flatten()
|
|
||||||
$custom_bind_options_internal = delete(
|
|
||||||
any2array(lookup("tripleo::haproxy::${name}::internal_bind_options", undef, undef, undef)),
|
|
||||||
undef).flatten()
|
|
||||||
if $public_virtual_ip {
|
|
||||||
# service exposed to the public network
|
|
||||||
|
|
||||||
if $public_certificate {
|
|
||||||
if $mode == 'http' {
|
|
||||||
$tls_listen_options = {
|
|
||||||
'http-response' => 'replace-header Location http://(.*) https://\\1',
|
|
||||||
'redirect' => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }",
|
|
||||||
}
|
|
||||||
$listen_options_precookie = merge($tls_listen_options, $listen_options, $custom_options)
|
|
||||||
$frontend_options_precookie = merge($tls_listen_options, $frontend_options, $custom_frontend_options)
|
|
||||||
} else {
|
|
||||||
$listen_options_precookie = merge($listen_options, $custom_options)
|
|
||||||
$frontend_options_precookie = merge($frontend_options, $custom_frontend_options)
|
|
||||||
}
|
|
||||||
$public_bind_opts = list_to_hash(suffix(any2array($public_virtual_ip), ":${public_ssl_port}"),
|
|
||||||
union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate], $custom_bind_options_public))
|
|
||||||
} else {
|
|
||||||
$listen_options_precookie = merge($listen_options, $custom_options)
|
|
||||||
$frontend_options_precookie = merge($frontend_options, $custom_frontend_options)
|
|
||||||
$public_bind_opts = list_to_hash(suffix(any2array($public_virtual_ip), ":${haproxy_port_real}"),
|
|
||||||
union($haproxy_listen_bind_param, $custom_bind_options_public))
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
# internal service only
|
|
||||||
$public_bind_opts = {}
|
|
||||||
$listen_options_precookie = merge($listen_options, $custom_options)
|
|
||||||
$frontend_options_precookie = merge($frontend_options, $custom_frontend_options)
|
|
||||||
}
|
|
||||||
if $sticky_sessions {
|
|
||||||
$cookie_options = {
|
|
||||||
'cookie' => "${session_cookie} insert indirect nocache",
|
|
||||||
}
|
|
||||||
$listen_options_real = merge($listen_options_precookie, $cookie_options)
|
|
||||||
$frontend_options_real = merge($frontend_options_precookie, $cookie_options)
|
|
||||||
} else {
|
|
||||||
$listen_options_real = $listen_options_precookie
|
|
||||||
$frontend_options_real = $frontend_options_precookie
|
|
||||||
}
|
|
||||||
if $use_internal_certificates {
|
|
||||||
if !$service_network {
|
|
||||||
fail("The service_network for this service is undefined. Can't configure TLS for the internal network.")
|
|
||||||
}
|
|
||||||
|
|
||||||
if $service_network == 'external' and $public_certificate {
|
|
||||||
# NOTE(jaosorior): This service has been configured to use the external
|
|
||||||
# network. We should use the public certificate in this case.
|
|
||||||
$internal_cert_path = $public_certificate
|
|
||||||
} else {
|
|
||||||
# NOTE(jaosorior): This service is configured for the internal network.
|
|
||||||
# We use the certificate spec hash. The key of the
|
|
||||||
# internal_certificates_specs hash must must match the convention
|
|
||||||
# haproxy-<network name> or else this will fail. Further, it must
|
|
||||||
# contain the path that we'll use under 'service_pem'.
|
|
||||||
$internal_cert_path = $internal_certificates_specs["haproxy-${service_network}"]['service_pem']
|
|
||||||
}
|
|
||||||
$internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${haproxy_port_real}"),
|
|
||||||
union($haproxy_listen_bind_param, ['ssl', 'crt', $internal_cert_path],
|
|
||||||
$custom_bind_options_internal))
|
|
||||||
} else {
|
|
||||||
if $service_network == 'external' and $public_certificate {
|
|
||||||
$internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${haproxy_port_real}"),
|
|
||||||
union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate],
|
|
||||||
$custom_bind_options_internal))
|
|
||||||
} else {
|
|
||||||
$internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${haproxy_port_real}"),
|
|
||||||
union($haproxy_listen_bind_param, $custom_bind_options_internal))
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if $authorized_userlist {
|
|
||||||
$access_rules = {
|
|
||||||
'acl' => "acl Auth${name} http_auth(${authorized_userlist})",
|
|
||||||
'http-request' => "auth realm ${name} if !Auth${name}",
|
|
||||||
}
|
|
||||||
if $use_backend_syntax {
|
|
||||||
Haproxy::Frontend[$name] {
|
|
||||||
require => Tripleo::Haproxy::Userlist[$authorized_userlist],
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
Haproxy::Listen[$name] {
|
|
||||||
require => Tripleo::Haproxy::Userlist[$authorized_userlist],
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
$access_rules = {}
|
|
||||||
}
|
|
||||||
|
|
||||||
$_real_options = merge($listen_options_real, $access_rules)
|
|
||||||
$_real_frontend_options = merge($frontend_options_real, $access_rules,
|
|
||||||
{ 'default_backend' => "${name}_be" })
|
|
||||||
|
|
||||||
$bind_opts = merge($internal_bind_opts, $public_bind_opts)
|
|
||||||
|
|
||||||
if $use_backend_syntax {
|
|
||||||
haproxy::frontend { "${name}":
|
|
||||||
bind => $bind_opts,
|
|
||||||
collect_exported => false,
|
|
||||||
mode => $mode,
|
|
||||||
options => $_real_frontend_options,
|
|
||||||
}
|
|
||||||
haproxy::backend { "${name}_be":
|
|
||||||
mode => $mode,
|
|
||||||
options => merge($backend_options, $custom_backend_options),
|
|
||||||
}
|
|
||||||
$listening_service = "${name}_be"
|
|
||||||
} else {
|
|
||||||
haproxy::listen { "${name}":
|
|
||||||
bind => $bind_opts,
|
|
||||||
collect_exported => false,
|
|
||||||
mode => $mode,
|
|
||||||
options => $_real_options,
|
|
||||||
}
|
|
||||||
$listening_service = "${name}"
|
|
||||||
}
|
|
||||||
if $sticky_sessions {
|
|
||||||
hash(zip($ip_addresses_real, $server_names_real)).each | $ip, $server | {
|
|
||||||
# We need to be sure the IP (IPv6) don't have colons
|
|
||||||
# which is a reserved character to reference manifests
|
|
||||||
$non_colon_ip = regsubst($ip, ':', '-', 'G')
|
|
||||||
haproxy::balancermember { "${name}_${non_colon_ip}_${server}":
|
|
||||||
listening_service => $listening_service,
|
|
||||||
ports => "${service_port_real}",
|
|
||||||
ipaddresses => $ip,
|
|
||||||
server_names => $server,
|
|
||||||
options => union($member_options, ["cookie ${server}"]),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
haproxy::balancermember { "${name}":
|
|
||||||
listening_service => $listening_service,
|
|
||||||
ports => "${service_port_real}",
|
|
||||||
ipaddresses => $ip_addresses_real,
|
|
||||||
server_names => $server_names_real,
|
|
||||||
options => $member_options,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,211 +0,0 @@
|
|||||||
# Copyright 2014 Red Hat, Inc.
|
|
||||||
# All Rights Reserved.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
|
|
||||||
# == Class: tripleo::haproxy::endpoint
|
|
||||||
#
|
|
||||||
# Configure a HAProxy listen endpoint
|
|
||||||
#
|
|
||||||
# [*internal_ip*]
|
|
||||||
# The IP in which the proxy endpoint will be listening in the internal
|
|
||||||
# network.
|
|
||||||
#
|
|
||||||
# [*ip_addresses*]
|
|
||||||
# The ordered list of IPs to be used to contact the balancer member.
|
|
||||||
#
|
|
||||||
# [*server_names*]
|
|
||||||
# The names of the balancer members, which usually should be the hostname.
|
|
||||||
#
|
|
||||||
# [*member_options*]
|
|
||||||
# Options for the balancer member, specified after the server declaration.
|
|
||||||
# These should go in the member's configuration block.
|
|
||||||
#
|
|
||||||
# [*public_virtual_ip*]
|
|
||||||
# Address in which the proxy endpoint will be listening in the public network.
|
|
||||||
# If this service is internal only this should be omitted.
|
|
||||||
# Defaults to undef.
|
|
||||||
#
|
|
||||||
# [*use_backend_syntax*]
|
|
||||||
# (optional) When set to true, generate a config with frontend and
|
|
||||||
# backend sections, otherwise use listen sections.
|
|
||||||
# Defaults to lookup('haproxy_backend_syntax', undef, undef, false)
|
|
||||||
#
|
|
||||||
# [*haproxy_listen_bind_param*]
|
|
||||||
# A list of params to be added to the HAProxy listener bind directive.
|
|
||||||
# Defaults to undef.
|
|
||||||
#
|
|
||||||
# [*public_certificate*]
|
|
||||||
# Certificate path used to enable TLS for the public proxy endpoint.
|
|
||||||
# Defaults to undef.
|
|
||||||
#
|
|
||||||
# [*use_internal_certificates*]
|
|
||||||
# Flag that indicates if we'll use an internal certificate for this specific
|
|
||||||
# service. When set, enables SSL on the internal API endpoints using the file
|
|
||||||
# that certmonger is tracking; this is derived from the network the service is
|
|
||||||
# listening on.
|
|
||||||
# Defaults to false
|
|
||||||
#
|
|
||||||
# [*internal_certificates_specs*]
|
|
||||||
# A hash that should contain the specs that were used to create the
|
|
||||||
# certificates. As the name indicates, only the internal certificates will be
|
|
||||||
# fetched from here. And the keys should follow the following pattern
|
|
||||||
# "haproxy-<network name>". The network name should be as it was defined in
|
|
||||||
# tripleo-heat-templates.
|
|
||||||
# Note that this is only taken into account if the $use_internal_certificates
|
|
||||||
# flag is set.
|
|
||||||
# Defaults to {}
|
|
||||||
#
|
|
||||||
# [*service_network*]
|
|
||||||
# (optional) Indicates the network that the service is running on. Used for
|
|
||||||
# fetching the certificate for that specific network.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*hsts_header_value*]
|
|
||||||
# (optional) Adds the HTTP Strict Transport Security (HSTS) header to
|
|
||||||
# response. This takes effect only when public_certificate is set.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
class tripleo::haproxy::horizon_endpoint (
|
|
||||||
$internal_ip,
|
|
||||||
$ip_addresses,
|
|
||||||
$server_names,
|
|
||||||
$member_options,
|
|
||||||
$public_virtual_ip,
|
|
||||||
$use_backend_syntax = lookup('haproxy_backend_syntax', undef, undef, false),
|
|
||||||
$haproxy_listen_bind_param = undef,
|
|
||||||
$public_certificate = undef,
|
|
||||||
$use_internal_certificates = false,
|
|
||||||
$internal_certificates_specs = {},
|
|
||||||
$service_network = undef,
|
|
||||||
$hsts_header_value = undef,
|
|
||||||
) {
|
|
||||||
# Let users override the options on a per-service basis
|
|
||||||
$custom_options = lookup('tripleo::haproxy::horizon::options', undef, undef, undef)
|
|
||||||
$custom_frontend_options = lookup('tripleo::haproxy::horizon::frontend_options', undef, undef, undef)
|
|
||||||
$custom_backend_options = lookup('tripleo::haproxy::horizon::backend_options', undef, undef, undef)
|
|
||||||
$custom_bind_options_public = delete(
|
|
||||||
any2array(lookup('tripleo::haproxy::horizon::public_bind_options', undef, undef, undef)),
|
|
||||||
undef).flatten()
|
|
||||||
$custom_bind_options_internal = delete(
|
|
||||||
any2array(lookup('tripleo::haproxy::horizon::internal_bind_options', undef, undef, undef)),
|
|
||||||
undef).flatten()
|
|
||||||
|
|
||||||
# service exposed to the public network
|
|
||||||
if $public_certificate {
|
|
||||||
if $use_internal_certificates {
|
|
||||||
if !$service_network {
|
|
||||||
fail("The service_network for this service is undefined. Can't configure TLS for the internal network.")
|
|
||||||
}
|
|
||||||
# NOTE(jaosorior): The key of the internal_certificates_specs hash must
|
|
||||||
# must match the convention haproxy-<network name> or else this
|
|
||||||
# will fail. Further, it must contain the path that we'll use under
|
|
||||||
# 'service_pem'.
|
|
||||||
$internal_cert_path = $internal_certificates_specs["haproxy-${service_network}"]['service_pem']
|
|
||||||
$internal_bind_opts = union($haproxy_listen_bind_param, ['ssl', 'crt', $internal_cert_path])
|
|
||||||
} else {
|
|
||||||
# If no internal cert is given, we still configure TLS for the internal
|
|
||||||
# network, however, we expect that the public certificate has appropriate
|
|
||||||
# subjectaltnames set.
|
|
||||||
$internal_bind_opts = union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate])
|
|
||||||
}
|
|
||||||
# NOTE(jaosorior): If the internal_ip and the public_virtual_ip are the
|
|
||||||
# same, the first option takes precedence. Which is the case when network
|
|
||||||
# isolation is not enabled. This is not a problem as both options are
|
|
||||||
# identical. If network isolation is enabled, this works correctly and
|
|
||||||
# will add a TLS binding to both the internal_ip and the
|
|
||||||
# public_virtual_ip.
|
|
||||||
# Even though for the public_virtual_ip the port 80 is listening, we
|
|
||||||
# redirect to https in the horizon_options below.
|
|
||||||
$horizon_bind_opts = {
|
|
||||||
"${internal_ip}:80" => union($haproxy_listen_bind_param, $custom_bind_options_internal),
|
|
||||||
"${internal_ip}:443" => union($internal_bind_opts, $custom_bind_options_internal),
|
|
||||||
"${public_virtual_ip}:80" => union($haproxy_listen_bind_param, $custom_bind_options_public),
|
|
||||||
"${public_virtual_ip}:443" => union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate], $custom_bind_options_public),
|
|
||||||
}
|
|
||||||
|
|
||||||
if $hsts_header_value != undef {
|
|
||||||
$hsts_header_value_real = join(any2array($hsts_header_value), '; ')
|
|
||||||
$hsts_response = "set-header Strict-Transport-Security \"${hsts_header_value_real};\""
|
|
||||||
} else {
|
|
||||||
$hsts_response = undef
|
|
||||||
}
|
|
||||||
|
|
||||||
$horizon_frontend_options = {
|
|
||||||
'http-response' => delete_undef_values([
|
|
||||||
'replace-header Location http://(.*) https://\\1',
|
|
||||||
$hsts_response]),
|
|
||||||
# NOTE(jaosorior): We always redirect to https for the public_virtual_ip.
|
|
||||||
'redirect' => 'scheme https code 301 if !{ ssl_fc }',
|
|
||||||
'option' => [ 'forwardfor' ],
|
|
||||||
'http-request' => [
|
|
||||||
'set-header X-Forwarded-Proto https if { ssl_fc }',
|
|
||||||
'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
$horizon_bind_opts = {
|
|
||||||
"${internal_ip}:80" => union($haproxy_listen_bind_param, $custom_bind_options_internal),
|
|
||||||
"${public_virtual_ip}:80" => union($haproxy_listen_bind_param, $custom_bind_options_public),
|
|
||||||
}
|
|
||||||
$horizon_frontend_options = {
|
|
||||||
'option' => [ 'forwardfor' ],
|
|
||||||
}
|
|
||||||
}
|
|
||||||
$horizon_backend_options = {
|
|
||||||
'cookie' => 'SERVERID insert indirect nocache',
|
|
||||||
'option' => [ 'httpchk' ],
|
|
||||||
}
|
|
||||||
$horizon_options = merge_hash_values($horizon_backend_options,
|
|
||||||
$horizon_frontend_options)
|
|
||||||
|
|
||||||
if $use_internal_certificates {
|
|
||||||
# Use SSL port if TLS in the internal network is enabled.
|
|
||||||
$backend_port = '443'
|
|
||||||
} else {
|
|
||||||
$backend_port = '80'
|
|
||||||
}
|
|
||||||
|
|
||||||
if $use_backend_syntax {
|
|
||||||
haproxy::frontend { 'horizon':
|
|
||||||
bind => $horizon_bind_opts,
|
|
||||||
options => merge($horizon_frontend_options,
|
|
||||||
{ default_backend => 'horizon_be' },
|
|
||||||
$custom_frontend_options),
|
|
||||||
mode => 'http',
|
|
||||||
collect_exported => false,
|
|
||||||
}
|
|
||||||
haproxy::backend { 'horizon_be':
|
|
||||||
options => merge($horizon_backend_options, $custom_backend_options),
|
|
||||||
mode => 'http',
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
haproxy::listen { 'horizon':
|
|
||||||
bind => $horizon_bind_opts,
|
|
||||||
options => merge($horizon_options, $custom_options),
|
|
||||||
mode => 'http',
|
|
||||||
collect_exported => false,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
hash(zip($ip_addresses, $server_names)).each | $ip, $server | {
|
|
||||||
# We need to be sure the IP (IPv6) don't have colons
|
|
||||||
# which is a reserved character to reference manifests
|
|
||||||
$non_colon_ip = regsubst($ip, ':', '-', 'G')
|
|
||||||
haproxy::balancermember { "horizon_${non_colon_ip}_${server}":
|
|
||||||
listening_service => 'horizon_be',
|
|
||||||
ports => "${backend_port}",
|
|
||||||
ipaddresses => $ip,
|
|
||||||
server_names => $server,
|
|
||||||
options => union($member_options, ["cookie ${server}"]),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,48 +0,0 @@
|
|||||||
# Copyright 2017 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Define: tripleo::haproxy::service_endpoints
|
|
||||||
#
|
|
||||||
# Define used to create haproxyendpoints for composable services.
|
|
||||||
#
|
|
||||||
# === Parameters:
|
|
||||||
#
|
|
||||||
# [*service_name*]
|
|
||||||
# (optional) The service_name to create the service endpoint(s) for.
|
|
||||||
# Defaults to $title
|
|
||||||
#
|
|
||||||
define tripleo::haproxy::service_endpoints ($service_name = $title) {
|
|
||||||
|
|
||||||
$underscore_name = regsubst($service_name, '-', '_', 'G')
|
|
||||||
|
|
||||||
# This allows each composable service to load its own custom rules by
|
|
||||||
# creating its own flat hiera key named:
|
|
||||||
# tripleo.<service name with underscores>.haproxy_endpoints
|
|
||||||
# tripleo.<service name with underscores>.haproxy_userlists
|
|
||||||
$dots_endpoints = lookup("'tripleo.${underscore_name}.haproxy_endpoints'", undef, undef, {})
|
|
||||||
$dots_userlists = lookup("'tripleo.${underscore_name}.haproxy_userlists'", undef, undef, {})
|
|
||||||
|
|
||||||
# Supports standard "::" notation
|
|
||||||
# tripleo::<service name with underscores>::haproxy_endpoints
|
|
||||||
# tripleo::<service name with underscores>::haproxy_userlists
|
|
||||||
$colons_endpoints = lookup("tripleo::${underscore_name}::haproxy_endpoints", undef, undef, {})
|
|
||||||
$colons_userlists = lookup("tripleo::${underscore_name}::haproxy_userlists", undef, undef, {})
|
|
||||||
|
|
||||||
# Merge hashes
|
|
||||||
$service_endpoints = merge($colons_endpoints, $dots_endpoints)
|
|
||||||
$service_userlists = merge($colons_userlists, $dots_userlists)
|
|
||||||
|
|
||||||
create_resources('tripleo::haproxy::userlist', $service_userlists)
|
|
||||||
create_resources('tripleo::haproxy::endpoint', $service_endpoints)
|
|
||||||
}
|
|
@ -1,101 +0,0 @@
|
|||||||
# Copyright 2014 Red Hat, Inc.
|
|
||||||
# All Rights Reserved.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
|
|
||||||
# == Class: tripleo::haproxy::stats
|
|
||||||
#
|
|
||||||
# Configure the HAProxy stats interface
|
|
||||||
#
|
|
||||||
# [*haproxy_listen_bind_param*]
|
|
||||||
# A list of params to be added to the HAProxy listener bind directive.
|
|
||||||
#
|
|
||||||
# [*ip*]
|
|
||||||
# IP Address(es) on which the stats interface is listening on.
|
|
||||||
# Can be a string or a list of ip addresses
|
|
||||||
#
|
|
||||||
# [*use_backend_syntax*]
|
|
||||||
# (optional) When set to true, generate a config with frontend and
|
|
||||||
# backend sections, otherwise use listen sections.
|
|
||||||
# Defaults to lookup('haproxy_backend_syntax', undef, undef, false)
|
|
||||||
#
|
|
||||||
# [*port*]
|
|
||||||
# Port on which to listen to for haproxy stats web interface
|
|
||||||
# Defaults to '1993'
|
|
||||||
#
|
|
||||||
# [*password*]
|
|
||||||
# Password for haproxy stats authentication. When set, authentication is
|
|
||||||
# enabled on the haproxy stats endpoint.
|
|
||||||
# A string.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*certificate*]
|
|
||||||
# Filename of an HAProxy-compatible certificate and key file
|
|
||||||
# When set, enables SSL on the haproxy stats endpoint using the specified file.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*user*]
|
|
||||||
# Username for haproxy stats authentication.
|
|
||||||
# A string.
|
|
||||||
# Defaults to 'admin'
|
|
||||||
#
|
|
||||||
class tripleo::haproxy::stats (
|
|
||||||
$haproxy_listen_bind_param,
|
|
||||||
$ip,
|
|
||||||
$use_backend_syntax = lookup('haproxy_backend_syntax', undef, undef, false),
|
|
||||||
$port = '1993',
|
|
||||||
$password = undef,
|
|
||||||
$certificate = undef,
|
|
||||||
$user = 'admin'
|
|
||||||
) {
|
|
||||||
if $certificate {
|
|
||||||
$opts = union($haproxy_listen_bind_param, ['ssl', 'crt', $certificate])
|
|
||||||
} else {
|
|
||||||
$opts = $haproxy_listen_bind_param
|
|
||||||
}
|
|
||||||
|
|
||||||
$haproxy_stats_bind_opts = list_to_hash(suffix(any2array($ip), ":${port}"), $opts)
|
|
||||||
|
|
||||||
$stats_base = ['enable', 'uri /']
|
|
||||||
if $password {
|
|
||||||
$stats_config = union($stats_base, ["auth ${user}:${password}"])
|
|
||||||
} else {
|
|
||||||
$stats_config = $stats_base
|
|
||||||
}
|
|
||||||
if $use_backend_syntax {
|
|
||||||
haproxy::frontend { 'haproxy.stats':
|
|
||||||
bind => $haproxy_stats_bind_opts,
|
|
||||||
mode => 'http',
|
|
||||||
options => {
|
|
||||||
'default_backend' => 'haproxy.stats_be',
|
|
||||||
'stats' => $stats_config,
|
|
||||||
},
|
|
||||||
collect_exported => false,
|
|
||||||
}
|
|
||||||
haproxy::backend { 'haproxy.stats_be':
|
|
||||||
mode => 'http',
|
|
||||||
options => {
|
|
||||||
'stats' => $stats_config,
|
|
||||||
},
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
haproxy::listen { 'haproxy.stats':
|
|
||||||
bind => $haproxy_stats_bind_opts,
|
|
||||||
mode => 'http',
|
|
||||||
options => {
|
|
||||||
'stats' => $stats_config,
|
|
||||||
},
|
|
||||||
collect_exported => false,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,54 +0,0 @@
|
|||||||
# Copyright 2017 Camptocamp SA.
|
|
||||||
# All Rights Reserved.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Definition: tripleo::haproxy::userlist
|
|
||||||
#
|
|
||||||
# Configure an HAProxy userlist. It wrapps haproxy::userlist definition.
|
|
||||||
#
|
|
||||||
# [*groups*]
|
|
||||||
# List of groups
|
|
||||||
#
|
|
||||||
# [*users*]
|
|
||||||
# List of users
|
|
||||||
#
|
|
||||||
# == Example
|
|
||||||
# ::tripleo::haproxy::userlist {'starwars':
|
|
||||||
# groups => [
|
|
||||||
# 'aldebaran users leia,luke',
|
|
||||||
# 'deathstar users anakin,sith',
|
|
||||||
# ],
|
|
||||||
# users => [
|
|
||||||
# 'leia insecure-password sister',
|
|
||||||
# 'luke insecure-password jedi',
|
|
||||||
# 'anakin insecure-password darthvador',
|
|
||||||
# 'sith password $5$h9LsKUOeCr$UlD62CNEpuZQkGYdBoiFJLsM6TlXluRLBlhEnpjDdaC', # mkpasswd -m sha-256 darkSideOfTheForce
|
|
||||||
# ]
|
|
||||||
# }
|
|
||||||
#
|
|
||||||
# Please refer to the following HAProxy documentation for more options:
|
|
||||||
# http://cbonte.github.io/haproxy-dconv/configuration-1.4.html#3.4-user
|
|
||||||
# http://cbonte.github.io/haproxy-dconv/configuration-1.4.html#3.4-group
|
|
||||||
#
|
|
||||||
#
|
|
||||||
define tripleo::haproxy::userlist(
|
|
||||||
Optional[Array] $groups = [],
|
|
||||||
Optional[Array] $users = [],
|
|
||||||
) {
|
|
||||||
|
|
||||||
::haproxy::userlist {$name:
|
|
||||||
users => $users,
|
|
||||||
groups => $groups,
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,23 +0,0 @@
|
|||||||
#
|
|
||||||
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo
|
|
||||||
#
|
|
||||||
# Installs the system requirements
|
|
||||||
#
|
|
||||||
|
|
||||||
class tripleo{
|
|
||||||
|
|
||||||
}
|
|
@ -1,68 +0,0 @@
|
|||||||
# Copyright 2015 Red Hat, Inc.
|
|
||||||
# All Rights Reserved.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
|
|
||||||
# == Class: tripleo::noop
|
|
||||||
#
|
|
||||||
# Enable noop mode for various Puppet resource types via collectors.
|
|
||||||
#
|
|
||||||
# === Parameters:
|
|
||||||
# [*package*]
|
|
||||||
# Whether Package resources should be noop.
|
|
||||||
# Defaults to true
|
|
||||||
#
|
|
||||||
# [*file*]
|
|
||||||
# Whether File resources should be noop.
|
|
||||||
# Defaults to true
|
|
||||||
#
|
|
||||||
# [*service*]
|
|
||||||
# Whether Service resources should be noop.
|
|
||||||
# Defaults to true
|
|
||||||
#
|
|
||||||
# [*exec*]
|
|
||||||
# Whether Exec resources should be noop.
|
|
||||||
# Defaults to true
|
|
||||||
#
|
|
||||||
# [*user*]
|
|
||||||
# Whether User resources should be noop.
|
|
||||||
# Defaults to true
|
|
||||||
#
|
|
||||||
# [*group*]
|
|
||||||
# Whether Group resources should be noop.
|
|
||||||
# Defaults to true
|
|
||||||
#
|
|
||||||
# [*cron*]
|
|
||||||
# Whether Cron resources should be noop.
|
|
||||||
# Defaults to true
|
|
||||||
#
|
|
||||||
#
|
|
||||||
class tripleo::noop (
|
|
||||||
$package = true,
|
|
||||||
$file = true,
|
|
||||||
$service = true,
|
|
||||||
$exec = true,
|
|
||||||
$user = true,
|
|
||||||
$group = true,
|
|
||||||
$cron = true,
|
|
||||||
) {
|
|
||||||
|
|
||||||
Package <| |> { noop => $package}
|
|
||||||
File <| |> { noop => $file}
|
|
||||||
Service <| |> { noop => $service}
|
|
||||||
Exec <| |> { noop => $exec}
|
|
||||||
User <| |> { noop => $user}
|
|
||||||
Group <| |> { noop => $group}
|
|
||||||
Cron <| |> { noop => $cron}
|
|
||||||
|
|
||||||
}
|
|
@ -1,124 +0,0 @@
|
|||||||
# Copyright 2016 Red Hat, Inc.
|
|
||||||
# All Rights Reserved.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Define: tripleo::pacemaker::haproxy_with_vip
|
|
||||||
#
|
|
||||||
# Configure the vip with the haproxy under pacemaker
|
|
||||||
#
|
|
||||||
# === Parameters:
|
|
||||||
#
|
|
||||||
# [*vip_name*]
|
|
||||||
# (String) Logical name of the vip (control, public, storage ...)
|
|
||||||
# Required
|
|
||||||
#
|
|
||||||
# [*ip_address*]
|
|
||||||
# (String) IP address on which HAProxy is colocated
|
|
||||||
# Required
|
|
||||||
#
|
|
||||||
# [*location_rule*]
|
|
||||||
# (optional) Add a location constraint before actually enabling
|
|
||||||
# the resource. Must be a hash like the following example:
|
|
||||||
# location_rule => {
|
|
||||||
# resource_discovery => 'exclusive', # optional
|
|
||||||
# role => 'master|slave', # optional
|
|
||||||
# score => 0, # optional
|
|
||||||
# score_attribute => foo, # optional
|
|
||||||
# # Multiple expressions can be used
|
|
||||||
# expression => ['opsrole eq controller']
|
|
||||||
# }
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*meta_params*]
|
|
||||||
# (optional) Additional meta parameters to pass to "pcs resource create" for the VIP
|
|
||||||
# Defaults to ''
|
|
||||||
#
|
|
||||||
# [*op_params*]
|
|
||||||
# (optional) Additional op parameters to pass to "pcs resource create" for the VIP
|
|
||||||
# Defaults to ''
|
|
||||||
#
|
|
||||||
# [*pcs_tries*]
|
|
||||||
# (Optional) The number of times pcs commands should be retried.
|
|
||||||
# Defaults to 1
|
|
||||||
#
|
|
||||||
# [*nic*]
|
|
||||||
# (Optional) Specifies the nic interface on which the VIP should be added
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*ensure*]
|
|
||||||
# (Boolean) Create the all the resources only if true. False won't
|
|
||||||
# destroy the resource, it will just not create them.
|
|
||||||
# Default to true
|
|
||||||
#
|
|
||||||
define tripleo::pacemaker::haproxy_with_vip(
|
|
||||||
$vip_name,
|
|
||||||
$ip_address,
|
|
||||||
$location_rule = undef,
|
|
||||||
$meta_params = '',
|
|
||||||
$op_params = '',
|
|
||||||
$pcs_tries = 1,
|
|
||||||
$nic = undef,
|
|
||||||
$ensure = true
|
|
||||||
){
|
|
||||||
if($ensure) {
|
|
||||||
if $ip_address =~ Stdlib::Compat::Ipv6 {
|
|
||||||
$netmask = '128'
|
|
||||||
$vip_nic = interface_for_ip($ip_address)
|
|
||||||
$ipv6_addrlabel = '99'
|
|
||||||
} elsif $ip_address =~ Stdlib::Compat::Ip_address {
|
|
||||||
$netmask = '32'
|
|
||||||
$vip_nic = ''
|
|
||||||
$ipv6_addrlabel = ''
|
|
||||||
} else {
|
|
||||||
fail("Haproxy VIP: ${ip_address} is not a proper IP address.")
|
|
||||||
}
|
|
||||||
|
|
||||||
if $nic != undef {
|
|
||||||
$nic_real = $nic
|
|
||||||
} else {
|
|
||||||
$nic_real = $vip_nic
|
|
||||||
}
|
|
||||||
|
|
||||||
pacemaker::resource::ip { "${vip_name}_vip":
|
|
||||||
ip_address => $ip_address,
|
|
||||||
cidr_netmask => $netmask,
|
|
||||||
nic => $nic_real,
|
|
||||||
ipv6_addrlabel => $ipv6_addrlabel,
|
|
||||||
meta_params => "resource-stickiness=INFINITY ${meta_params}",
|
|
||||||
location_rule => $location_rule,
|
|
||||||
op_params => $op_params,
|
|
||||||
tries => $pcs_tries,
|
|
||||||
}
|
|
||||||
|
|
||||||
pacemaker::constraint::order { "${vip_name}_vip-then-haproxy":
|
|
||||||
first_resource => "ip-${ip_address}",
|
|
||||||
second_resource => 'haproxy-bundle',
|
|
||||||
first_action => 'start',
|
|
||||||
second_action => 'start',
|
|
||||||
constraint_params => 'kind=Optional',
|
|
||||||
tries => $pcs_tries,
|
|
||||||
}
|
|
||||||
pacemaker::constraint::colocation { "${vip_name}_vip-with-haproxy":
|
|
||||||
source => "ip-${ip_address}",
|
|
||||||
target => 'haproxy-bundle',
|
|
||||||
score => 'INFINITY',
|
|
||||||
tries => $pcs_tries,
|
|
||||||
}
|
|
||||||
|
|
||||||
Pacemaker::Resource::Ip["${vip_name}_vip"]
|
|
||||||
-> Pacemaker::Resource::Bundle['haproxy-bundle']
|
|
||||||
-> Pacemaker::Constraint::Order["${vip_name}_vip-then-haproxy"]
|
|
||||||
-> Pacemaker::Constraint::Colocation["${vip_name}_vip-with-haproxy"]
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,41 +0,0 @@
|
|||||||
# Copyright 2015 Red Hat, Inc.
|
|
||||||
# All Rights Reserved.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
|
|
||||||
# == Class: tripleo::packages
|
|
||||||
#
|
|
||||||
# Configure package installation/upgrade defaults.
|
|
||||||
#
|
|
||||||
# === Parameters:
|
|
||||||
#
|
|
||||||
# [*enable_install*]
|
|
||||||
# Whether to enable package installation via Puppet.
|
|
||||||
# Defaults to false
|
|
||||||
#
|
|
||||||
class tripleo::packages (
|
|
||||||
$enable_install = false,
|
|
||||||
) {
|
|
||||||
|
|
||||||
# if both enable_install is false
|
|
||||||
if (!str2bool($enable_install)) {
|
|
||||||
case $::osfamily {
|
|
||||||
'RedHat': {
|
|
||||||
Package <| |> { provider => 'norpm' }
|
|
||||||
}
|
|
||||||
default: {
|
|
||||||
warning('enable_install option not supported for this distro.')
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,129 +0,0 @@
|
|||||||
# Copyright 2016 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::aodh
|
|
||||||
#
|
|
||||||
# aodh profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
# [*bootstrap_node*]
|
|
||||||
# (Optional) The hostname of the node responsible for bootstrapping tasks
|
|
||||||
# Defaults to lookup('aodh_api_bootstrap_node_name', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_proto*]
|
|
||||||
# Protocol driver for the oslo messaging rpc service
|
|
||||||
# Defaults to lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit')
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_hosts*]
|
|
||||||
# list of the oslo messaging rpc host fqdns
|
|
||||||
# Defaults to any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef))
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_port*]
|
|
||||||
# IP port for oslo messaging rpc service
|
|
||||||
# Defaults to lookup('oslo_messaging_rpc_port', undef, undef, '5672')
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_username*]
|
|
||||||
# Username for oslo messaging rpc service
|
|
||||||
# Defaults to lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest')
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_password*]
|
|
||||||
# Password for oslo messaging rpc service
|
|
||||||
# Defaults to lookup('oslo_messaging_rpc_password')
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_use_ssl*]
|
|
||||||
# Enable ssl oslo messaging services
|
|
||||||
# Defaults to lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0')
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_proto*]
|
|
||||||
# Protocol driver for the oslo messaging notify service
|
|
||||||
# Defaults to lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit')
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_hosts*]
|
|
||||||
# list of the oslo messaging notify host fqdns
|
|
||||||
# Defaults to any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef))
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_port*]
|
|
||||||
# IP port for oslo messaging notify service
|
|
||||||
# Defaults to lookup('oslo_messaging_notify_port', undef, undef, '5672')
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_username*]
|
|
||||||
# Username for oslo messaging notify service
|
|
||||||
# Defaults to lookup('oslo_messaging_notify_user_name', undef, undef, 'guest')
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_password*]
|
|
||||||
# Password for oslo messaging notify service
|
|
||||||
# Defaults to lookup('oslo_messaging_notify_password')
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_use_ssl*]
|
|
||||||
# Enable ssl oslo messaging services
|
|
||||||
# Defaults to lookup('oslo_messaging_notify_use_ssl', undef, undef, '0')
|
|
||||||
|
|
||||||
class tripleo::profile::base::aodh (
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
$bootstrap_node = lookup('aodh_api_bootstrap_node_name', undef, undef, undef),
|
|
||||||
$oslomsg_rpc_proto = lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'),
|
|
||||||
$oslomsg_rpc_hosts = any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)),
|
|
||||||
$oslomsg_rpc_password = lookup('oslo_messaging_rpc_password'),
|
|
||||||
$oslomsg_rpc_port = lookup('oslo_messaging_rpc_port', undef, undef, '5672'),
|
|
||||||
$oslomsg_rpc_username = lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest'),
|
|
||||||
$oslomsg_rpc_use_ssl = lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0'),
|
|
||||||
$oslomsg_notify_proto = lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit'),
|
|
||||||
$oslomsg_notify_hosts = any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)),
|
|
||||||
$oslomsg_notify_password = lookup('oslo_messaging_notify_password'),
|
|
||||||
$oslomsg_notify_port = lookup('oslo_messaging_notify_port', undef, undef, '5672'),
|
|
||||||
$oslomsg_notify_username = lookup('oslo_messaging_notify_user_name', undef, undef, 'guest'),
|
|
||||||
$oslomsg_notify_use_ssl = lookup('oslo_messaging_notify_use_ssl', undef, undef, '0'),
|
|
||||||
) {
|
|
||||||
|
|
||||||
if $bootstrap_node and $::hostname == downcase($bootstrap_node) {
|
|
||||||
$sync_db = true
|
|
||||||
} else {
|
|
||||||
$sync_db = false
|
|
||||||
}
|
|
||||||
|
|
||||||
if $step >= 4 or ($step >= 3 and $sync_db) {
|
|
||||||
$oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl)))
|
|
||||||
$oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl)))
|
|
||||||
class { 'aodh' :
|
|
||||||
default_transport_url => os_transport_url({
|
|
||||||
'transport' => $oslomsg_rpc_proto,
|
|
||||||
'hosts' => $oslomsg_rpc_hosts,
|
|
||||||
'port' => $oslomsg_rpc_port,
|
|
||||||
'username' => $oslomsg_rpc_username,
|
|
||||||
'password' => $oslomsg_rpc_password,
|
|
||||||
'ssl' => $oslomsg_rpc_use_ssl_real,
|
|
||||||
}),
|
|
||||||
notification_transport_url => os_transport_url({
|
|
||||||
'transport' => $oslomsg_notify_proto,
|
|
||||||
'hosts' => $oslomsg_notify_hosts,
|
|
||||||
'port' => $oslomsg_notify_port,
|
|
||||||
'username' => $oslomsg_notify_username,
|
|
||||||
'password' => $oslomsg_notify_password,
|
|
||||||
'ssl' => $oslomsg_notify_use_ssl_real,
|
|
||||||
}),
|
|
||||||
}
|
|
||||||
include aodh::service_credentials
|
|
||||||
include aodh::config
|
|
||||||
include aodh::db
|
|
||||||
include aodh::db::sync
|
|
||||||
include aodh::logging
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,105 +0,0 @@
|
|||||||
# Copyright 2016 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::aodh::api
|
|
||||||
#
|
|
||||||
# aodh API profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*aodh_network*]
|
|
||||||
# (Optional) The network name where the aodh endpoint is listening on.
|
|
||||||
# This is set by t-h-t.
|
|
||||||
# Defaults to lookup('aodh_api_network', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*bootstrap_node*]
|
|
||||||
# (Optional) The hostname of the node responsible for bootstrapping tasks
|
|
||||||
# Defaults to lookup('aodh_api_bootstrap_node_name', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*certificates_specs*]
|
|
||||||
# (Optional) The specifications to give to certmonger for the certificate(s)
|
|
||||||
# it will create.
|
|
||||||
# Example with hiera:
|
|
||||||
# apache_certificates_specs:
|
|
||||||
# httpd-internal_api:
|
|
||||||
# hostname: <overcloud controller fqdn>
|
|
||||||
# service_certificate: <service certificate path>
|
|
||||||
# service_key: <service key path>
|
|
||||||
# principal: "haproxy/<overcloud controller fqdn>"
|
|
||||||
# Defaults to lookup('apache_certificates_specs', undef, undef, {}).
|
|
||||||
#
|
|
||||||
# [*enable_internal_tls*]
|
|
||||||
# (Optional) Whether TLS in the internal network is enabled or not.
|
|
||||||
# Defaults to lookup('enable_internal_tls', undef, undef, false)
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
# [*enable_aodh_expirer*]
|
|
||||||
# (Optional) Whether aodh expirer should be configured
|
|
||||||
# Defaults to lookup('enable_aodh_expirer', undef, undef, true)
|
|
||||||
#
|
|
||||||
# [*configure_apache*]
|
|
||||||
# (Optional) Whether apache is configured via puppet or not.
|
|
||||||
# Defaults to lookup('configure_apache', undef, undef, true)
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::aodh::api (
|
|
||||||
$aodh_network = lookup('aodh_api_network', undef, undef, undef),
|
|
||||||
$bootstrap_node = lookup('aodh_api_bootstrap_node_name', undef, undef, undef),
|
|
||||||
$certificates_specs = lookup('apache_certificates_specs', undef, undef, {}),
|
|
||||||
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
$enable_aodh_expirer = true,
|
|
||||||
$configure_apache = lookup('configure_apache', undef, undef, true),
|
|
||||||
) {
|
|
||||||
if $bootstrap_node and $::hostname == downcase($bootstrap_node) {
|
|
||||||
$is_bootstrap = true
|
|
||||||
} else {
|
|
||||||
$is_bootstrap = false
|
|
||||||
}
|
|
||||||
|
|
||||||
include tripleo::profile::base::aodh
|
|
||||||
include tripleo::profile::base::aodh::authtoken
|
|
||||||
|
|
||||||
if $enable_internal_tls {
|
|
||||||
if !$aodh_network {
|
|
||||||
fail('aodh_api_network is not set in the hieradata.')
|
|
||||||
}
|
|
||||||
$tls_certfile = $certificates_specs["httpd-${aodh_network}"]['service_certificate']
|
|
||||||
$tls_keyfile = $certificates_specs["httpd-${aodh_network}"]['service_key']
|
|
||||||
} else {
|
|
||||||
$tls_certfile = undef
|
|
||||||
$tls_keyfile = undef
|
|
||||||
}
|
|
||||||
|
|
||||||
if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
|
|
||||||
include aodh::api
|
|
||||||
include aodh::healthcheck
|
|
||||||
if $configure_apache {
|
|
||||||
include tripleo::profile::base::apache
|
|
||||||
class { 'aodh::wsgi::apache':
|
|
||||||
ssl_cert => $tls_certfile,
|
|
||||||
ssl_key => $tls_keyfile,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if $step >= 5 {
|
|
||||||
if $enable_aodh_expirer {
|
|
||||||
include aodh::expirer
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,84 +0,0 @@
|
|||||||
# Copyright 2019 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::aodh::authtoken
|
|
||||||
#
|
|
||||||
# Aodh authtoken profile for TripleO
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
# [*memcached_hosts*]
|
|
||||||
# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache.
|
|
||||||
# Defaults to lookup('memcached_node_names', undef, undef, [])
|
|
||||||
#
|
|
||||||
# [*memcached_port*]
|
|
||||||
# (Optional) Memcached port to use.
|
|
||||||
# Defaults to lookup('memcached_authtoken_port', undef, undef, 11211)
|
|
||||||
#
|
|
||||||
# [*memcached_ipv6*]
|
|
||||||
# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network.
|
|
||||||
# Defaults to lookup('memcached_ipv6', undef, undef, false)
|
|
||||||
#
|
|
||||||
# [*security_strategy*]
|
|
||||||
# (Optional) Memcached (authtoken) security strategy.
|
|
||||||
# Defaults to lookup('memcached_authtoken_security_strategy', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*secret_key*]
|
|
||||||
# (Optional) Memcached (authtoken) secret key, used with security_strategy.
|
|
||||||
# The key is hashed with a salt, to isolate services.
|
|
||||||
# Defaults to lookup('memcached_authtoken_secret_key', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# DEPRECATED PARAMETERS
|
|
||||||
#
|
|
||||||
# [*memcached_ips*]
|
|
||||||
# (Optional) Array of ipv4 or ipv6 addresses for memcache.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::aodh::authtoken (
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
$memcached_hosts = lookup('memcached_node_names', undef, undef, []),
|
|
||||||
$memcached_port = lookup('memcached_authtoken_port', undef, undef, 11211),
|
|
||||||
$memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false),
|
|
||||||
$security_strategy = lookup('memcached_authtoken_security_strategy', undef, undef, undef),
|
|
||||||
$secret_key = lookup('memcached_authtoken_secret_key', undef, undef, undef),
|
|
||||||
# DEPRECATED PARAMETERS
|
|
||||||
$memcached_ips = undef
|
|
||||||
) {
|
|
||||||
$memcached_hosts_real = any2array(pick($memcached_ips, $memcached_hosts))
|
|
||||||
|
|
||||||
if $step >= 3 {
|
|
||||||
if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 {
|
|
||||||
$memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" }
|
|
||||||
} else {
|
|
||||||
$memcache_servers = suffix($memcached_hosts_real, ":${memcached_port}")
|
|
||||||
}
|
|
||||||
|
|
||||||
if $secret_key {
|
|
||||||
$hashed_secret_key = sha256("${secret_key}+aodh")
|
|
||||||
} else {
|
|
||||||
$hashed_secret_key = undef
|
|
||||||
}
|
|
||||||
|
|
||||||
class { 'aodh::keystone::authtoken':
|
|
||||||
memcached_servers => $memcache_servers,
|
|
||||||
memcache_security_strategy => $security_strategy,
|
|
||||||
memcache_secret_key => $hashed_secret_key,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,59 +0,0 @@
|
|||||||
# Copyright 2016 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::aodh::evaluator
|
|
||||||
#
|
|
||||||
# aodh evaluator profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*enable_internal_tls*]
|
|
||||||
# (Optional) Whether TLS in the internal network is enabled or not.
|
|
||||||
# Defaults to lookup('enable_internal_tls', undef, undef, false)
|
|
||||||
#
|
|
||||||
# [*aodh_redis_password*]
|
|
||||||
# (Optional) redis password to configure coordination url
|
|
||||||
# Defaults to lookup('aodh_redis_password')
|
|
||||||
#
|
|
||||||
# [*redis_vip*]
|
|
||||||
# (Optional) redis vip to configure coordination url
|
|
||||||
# Defaults to lookup('redis_vip')
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to lookup('step')
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::aodh::evaluator (
|
|
||||||
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
|
|
||||||
$aodh_redis_password = lookup('aodh_redis_password'),
|
|
||||||
$redis_vip = lookup('redis_vip'),
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
|
|
||||||
include tripleo::profile::base::aodh
|
|
||||||
if $enable_internal_tls {
|
|
||||||
$tls_query_param = '?ssl=true'
|
|
||||||
} else {
|
|
||||||
$tls_query_param = ''
|
|
||||||
}
|
|
||||||
|
|
||||||
if $step >= 4 {
|
|
||||||
class { 'aodh::coordination':
|
|
||||||
backend_url => join(['redis://:', $aodh_redis_password, '@', normalize_ip_for_uri($redis_vip), ':6379/', $tls_query_param]),
|
|
||||||
}
|
|
||||||
include aodh::evaluator
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,36 +0,0 @@
|
|||||||
# Copyright 2016 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::aodh::listener
|
|
||||||
#
|
|
||||||
# aodh listener profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::aodh::listener (
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
|
|
||||||
include tripleo::profile::base::aodh
|
|
||||||
|
|
||||||
if $step >= 4 {
|
|
||||||
include aodh::listener
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,36 +0,0 @@
|
|||||||
# Copyright 2016 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::aodh::notifier
|
|
||||||
#
|
|
||||||
# aodh notifier profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::aodh::notifier (
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
|
|
||||||
include tripleo::profile::base::aodh
|
|
||||||
|
|
||||||
if $step >= 4 {
|
|
||||||
include aodh::notifier
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,51 +0,0 @@
|
|||||||
# Copyright 2017 Camptocamp SA.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class tripleo::profile::base::apache
|
|
||||||
#
|
|
||||||
# Common apache modules and configuration for API listeners
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*enable_status_listener*]
|
|
||||||
# Enable or not the localhost listener in httpd.
|
|
||||||
# Accepted values: Boolean.
|
|
||||||
# Default to false.
|
|
||||||
#
|
|
||||||
# [*status_listener*]
|
|
||||||
# Where should apache listen for status page
|
|
||||||
# Default to 127.0.0.1:80
|
|
||||||
#
|
|
||||||
# [*mpm_module*]
|
|
||||||
# The MPM module to use.
|
|
||||||
# Default to prefork.
|
|
||||||
|
|
||||||
class tripleo::profile::base::apache(
|
|
||||||
Boolean $enable_status_listener = false,
|
|
||||||
String $status_listener = '127.0.0.1:80',
|
|
||||||
String $mpm_module = 'prefork',
|
|
||||||
) {
|
|
||||||
include apache::params
|
|
||||||
class { 'apache':
|
|
||||||
mpm_module => $mpm_module,
|
|
||||||
}
|
|
||||||
|
|
||||||
include apache::mod::status
|
|
||||||
include apache::mod::ssl
|
|
||||||
if $enable_status_listener {
|
|
||||||
if !defined(Apache::Listen[$status_listener]) {
|
|
||||||
::apache::listen {$status_listener: }
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,36 +0,0 @@
|
|||||||
# Copyright 2016 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::barbican
|
|
||||||
#
|
|
||||||
# Barbican profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
|
|
||||||
class tripleo::profile::base::barbican (
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
|
|
||||||
if $step >= 3 {
|
|
||||||
include barbican
|
|
||||||
include barbican::config
|
|
||||||
include barbican::db
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,181 +0,0 @@
|
|||||||
# Copyright 2016 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::barbican::api
|
|
||||||
#
|
|
||||||
# Barbican profile for tripleo api
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*barbican_network*]
|
|
||||||
# (Optional) The network name where the barbican endpoint is listening on.
|
|
||||||
# This is set by t-h-t.
|
|
||||||
# Defaults to lookup('barbican_api_network', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*bootstrap_node*]
|
|
||||||
# (Optional) The hostname of the node responsible for bootstrapping tasks
|
|
||||||
# Defaults to lookup('barbican_api_bootstrap_node_name', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*certificates_specs*]
|
|
||||||
# (Optional) The specifications to give to certmonger for the certificate(s)
|
|
||||||
# it will create.
|
|
||||||
# Example with hiera:
|
|
||||||
# apache_certificates_specs:
|
|
||||||
# httpd-internal_api:
|
|
||||||
# hostname: <overcloud controller fqdn>
|
|
||||||
# service_certificate: <service certificate path>
|
|
||||||
# service_key: <service key path>
|
|
||||||
# principal: "haproxy/<overcloud controller fqdn>"
|
|
||||||
# Defaults to lookup('apache_certificates_specs', undef, undef, {}).
|
|
||||||
#
|
|
||||||
# [*enable_internal_tls*]
|
|
||||||
# (Optional) Whether TLS in the internal network is enabled or not.
|
|
||||||
# Defaults to lookup('enable_internal_tls', undef, undef, false)
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_proto*]
|
|
||||||
# Protocol driver for the oslo messaging rpc service
|
|
||||||
# Defaults to lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit')
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_hosts*]
|
|
||||||
# list of the oslo messaging rpc host fqdns
|
|
||||||
# Defaults to any2array(lookup('oslo_messaging_rpc_node_names', unef, undef, undef))
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_port*]
|
|
||||||
# IP port for oslo messaging rpc service
|
|
||||||
# Defaults to lookup('oslo_messaging_rpc_port', undef, undef, '5672')
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_username*]
|
|
||||||
# Username for oslo messaging rpc service
|
|
||||||
# Defaults to lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest')
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_password*]
|
|
||||||
# Password for oslo messaging rpc service
|
|
||||||
# Defaults to lookup('oslo_messaging_rpc_password')
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_use_ssl*]
|
|
||||||
# Enable ssl oslo messaging services
|
|
||||||
# Defaults to lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0')
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_proto*]
|
|
||||||
# Protocol driver for the oslo messaging notify service
|
|
||||||
# Defaults to lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit')
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_hosts*]
|
|
||||||
# list of the oslo messaging notify host fqdns
|
|
||||||
# Defaults to any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef))
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_port*]
|
|
||||||
# IP port for oslo messaging notify service
|
|
||||||
# Defaults to lookup('oslo_messaging_notify_port', undef, undef, '5672')
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_username*]
|
|
||||||
# Username for oslo messaging notify service
|
|
||||||
# Defaults to lookup('oslo_messaging_notify_user_name', undef, undef, 'guest')
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_password*]
|
|
||||||
# Password for oslo messaging notify service
|
|
||||||
# Defaults to lookup('oslo_messaging_notify_password')
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_use_ssl*]
|
|
||||||
# Enable ssl oslo messaging services
|
|
||||||
# Defaults to lookup('oslo_messaging_notify_use_ssl', undef, undef, '0')
|
|
||||||
#
|
|
||||||
# [*configure_apache*]
|
|
||||||
# (Optional) Whether apache is configured via puppet or not.
|
|
||||||
# Defaults to lookup('configure_apache', undef, undef, true)
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::barbican::api (
|
|
||||||
$barbican_network = lookup('barbican_api_network', undef, undef, undef),
|
|
||||||
$bootstrap_node = lookup('barbican_api_bootstrap_node_name', undef, undef, undef),
|
|
||||||
$certificates_specs = lookup('apache_certificates_specs', undef, undef, {}),
|
|
||||||
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
$oslomsg_rpc_proto = lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'),
|
|
||||||
$oslomsg_rpc_hosts = any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)),
|
|
||||||
$oslomsg_rpc_password = lookup('oslo_messaging_rpc_password'),
|
|
||||||
$oslomsg_rpc_port = lookup('oslo_messaging_rpc_port', undef, undef, '5672'),
|
|
||||||
$oslomsg_rpc_username = lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest'),
|
|
||||||
$oslomsg_rpc_use_ssl = lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0'),
|
|
||||||
$oslomsg_notify_proto = lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit'),
|
|
||||||
$oslomsg_notify_hosts = any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)),
|
|
||||||
$oslomsg_notify_password = lookup('oslo_messaging_notify_password'),
|
|
||||||
$oslomsg_notify_port = lookup('oslo_messaging_notify_port', undef, undef, '5672'),
|
|
||||||
$oslomsg_notify_username = lookup('oslo_messaging_notify_user_name', undef, undef, 'guest'),
|
|
||||||
$oslomsg_notify_use_ssl = lookup('oslo_messaging_notify_use_ssl', undef, undef, '0'),
|
|
||||||
$configure_apache = lookup('configure_apache', undef, undef, true),
|
|
||||||
) {
|
|
||||||
if $bootstrap_node and $::hostname == downcase($bootstrap_node) {
|
|
||||||
$sync_db = true
|
|
||||||
} else {
|
|
||||||
$sync_db = false
|
|
||||||
}
|
|
||||||
|
|
||||||
if $enable_internal_tls {
|
|
||||||
if !$barbican_network {
|
|
||||||
fail('barbican_api_network is not set in the hieradata.')
|
|
||||||
}
|
|
||||||
$tls_certfile = $certificates_specs["httpd-${barbican_network}"]['service_certificate']
|
|
||||||
$tls_keyfile = $certificates_specs["httpd-${barbican_network}"]['service_key']
|
|
||||||
} else {
|
|
||||||
$tls_certfile = undef
|
|
||||||
$tls_keyfile = undef
|
|
||||||
}
|
|
||||||
|
|
||||||
include tripleo::profile::base::barbican
|
|
||||||
include tripleo::profile::base::barbican::authtoken
|
|
||||||
|
|
||||||
if $step >= 4 or ( $step >= 3 and $sync_db ) {
|
|
||||||
include tripleo::profile::base::barbican::backends
|
|
||||||
|
|
||||||
$oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl)))
|
|
||||||
$oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl)))
|
|
||||||
class { 'barbican::api':
|
|
||||||
sync_db => $sync_db,
|
|
||||||
default_transport_url => os_transport_url({
|
|
||||||
'transport' => $oslomsg_rpc_proto,
|
|
||||||
'hosts' => $oslomsg_rpc_hosts,
|
|
||||||
'port' => $oslomsg_rpc_port,
|
|
||||||
'username' => $oslomsg_rpc_username,
|
|
||||||
'password' => $oslomsg_rpc_password,
|
|
||||||
'ssl' => $oslomsg_rpc_use_ssl_real,
|
|
||||||
}),
|
|
||||||
notification_transport_url => os_transport_url({
|
|
||||||
'transport' => $oslomsg_notify_proto,
|
|
||||||
'hosts' => $oslomsg_notify_hosts,
|
|
||||||
'port' => $oslomsg_notify_port,
|
|
||||||
'username' => $oslomsg_notify_username,
|
|
||||||
'password' => $oslomsg_notify_password,
|
|
||||||
'ssl' => $oslomsg_notify_use_ssl_real,
|
|
||||||
}),
|
|
||||||
multiple_secret_stores_enabled => true,
|
|
||||||
enabled_secret_stores => $::tripleo::profile::base::barbican::backends::enabled_secret_stores,
|
|
||||||
}
|
|
||||||
include barbican::api::logging
|
|
||||||
include barbican::healthcheck
|
|
||||||
include barbican::keystone::notification
|
|
||||||
include barbican::quota
|
|
||||||
if $configure_apache {
|
|
||||||
include tripleo::profile::base::apache
|
|
||||||
class { 'barbican::wsgi::apache':
|
|
||||||
ssl_cert => $tls_certfile,
|
|
||||||
ssl_key => $tls_keyfile,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,84 +0,0 @@
|
|||||||
# Copyright 2019 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::barbican::authtoken
|
|
||||||
#
|
|
||||||
# Barbican authtoken profile for TripleO
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
# [*memcached_hosts*]
|
|
||||||
# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache.
|
|
||||||
# Defaults to lookup('memcached_node_names', undef, undef, [])
|
|
||||||
#
|
|
||||||
# [*memcached_port*]
|
|
||||||
# (Optional) Memcached port to use.
|
|
||||||
# Defaults to lookup('memcached_authtoken_port', undef, undef, 11211)
|
|
||||||
#
|
|
||||||
# [*memcached_ipv6*]
|
|
||||||
# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network.
|
|
||||||
# Defauls to lookup('memcached_ipv6', undef, undef, false)
|
|
||||||
#
|
|
||||||
# [*security_strategy*]
|
|
||||||
# (Optional) Memcached (authtoken) security strategy.
|
|
||||||
# Defaults to lookup('memcached_authtoken_security_strategy', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*secret_key*]
|
|
||||||
# (Optional) Memcached (authtoken) secret key, used with security_strategy.
|
|
||||||
# The key is hashed with a salt, to isolate services.
|
|
||||||
# Defaults to lookup('memcached_authtoken_secret_key', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# DEPRECATED PARAMETERS
|
|
||||||
#
|
|
||||||
# [*memcached_ips*]
|
|
||||||
# (Optional) Array of ipv4 or ipv6 addresses for memcache.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::barbican::authtoken (
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
$memcached_hosts = lookup('memcached_node_names', undef, undef, []),
|
|
||||||
$memcached_port = lookup('memcached_authtoken_port', undef, undef, 11211),
|
|
||||||
$memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false),
|
|
||||||
$security_strategy = lookup('memcached_authtoken_security_strategy', undef, undef, undef),
|
|
||||||
$secret_key = lookup('memcached_authtoken_secret_key', undef, undef, undef),
|
|
||||||
# DEPRECATED PARAMETERS
|
|
||||||
$memcached_ips = undef
|
|
||||||
) {
|
|
||||||
$memcached_hosts_real = any2array(pick($memcached_ips, $memcached_hosts))
|
|
||||||
|
|
||||||
if $step >= 3 {
|
|
||||||
if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 {
|
|
||||||
$memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" }
|
|
||||||
} else {
|
|
||||||
$memcache_servers = suffix($memcached_hosts_real, ":${memcached_port}")
|
|
||||||
}
|
|
||||||
|
|
||||||
if $secret_key {
|
|
||||||
$hashed_secret_key = sha256("${secret_key}+barbican")
|
|
||||||
} else {
|
|
||||||
$hashed_secret_key = undef
|
|
||||||
}
|
|
||||||
|
|
||||||
class { 'barbican::keystone::authtoken':
|
|
||||||
memcached_servers => $memcache_servers,
|
|
||||||
memcache_security_strategy => $security_strategy,
|
|
||||||
memcache_secret_key => $hashed_secret_key,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,77 +0,0 @@
|
|||||||
# Copyright 2017 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::barbican::backends
|
|
||||||
#
|
|
||||||
# Barbican's secret store plugin profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*simple_crypto_backend_enabled*]
|
|
||||||
# (Optional) Whether the simple crypto backend is enabled or not. This is
|
|
||||||
# dynamically set via t-h-t.
|
|
||||||
# Defaults to lookup('barbican_backend_simple_crypto_enabled', undef, undef, false)
|
|
||||||
#
|
|
||||||
# [*dogtag_backend_enabled*]
|
|
||||||
# (Optional) Whether the Dogtag backend is enabled or not. This is
|
|
||||||
# dynamically set via t-h-t.
|
|
||||||
# Defaults to lookup('barbican_backend_dogtag_enabled', undef, undef, false)
|
|
||||||
#
|
|
||||||
# [*p11_crypto_backend_enabled*]
|
|
||||||
# (Optional) Whether the pkcs11 crypto backend is enabled or not. This is
|
|
||||||
# dynamically set via t-h-t.
|
|
||||||
# Defaults to lookup('barbican_backend_pkcs11_crypto_enabled', undef, undef, false)
|
|
||||||
#
|
|
||||||
# [*kmip_backend_enabled*]
|
|
||||||
# (Optional) Whether the KMIP backend is enabled or not. This is
|
|
||||||
# dynamically set via t-h-t.
|
|
||||||
# Defaults to lookup('barbican_backend_kmip_enabled', undef, undef, false)
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::barbican::backends (
|
|
||||||
$simple_crypto_backend_enabled = lookup('barbican_backend_simple_crypto_enabled', undef, undef, false),
|
|
||||||
$dogtag_backend_enabled = lookup('barbican_backend_dogtag_enabled', undef, undef, false),
|
|
||||||
$p11_crypto_backend_enabled = lookup('barbican_backend_pkcs11_crypto_enabled', undef, undef, false),
|
|
||||||
$kmip_backend_enabled = lookup('barbican_backend_kmip_enabled', undef, undef, false),
|
|
||||||
) {
|
|
||||||
if $simple_crypto_backend_enabled {
|
|
||||||
include barbican::plugins::simple_crypto
|
|
||||||
$backend1 = 'simple_crypto'
|
|
||||||
} else {
|
|
||||||
$backend1 = undef
|
|
||||||
}
|
|
||||||
|
|
||||||
if $dogtag_backend_enabled {
|
|
||||||
include barbican::plugins::dogtag
|
|
||||||
$backend2 = 'dogtag'
|
|
||||||
} else {
|
|
||||||
$backend2 = undef
|
|
||||||
}
|
|
||||||
|
|
||||||
if $p11_crypto_backend_enabled {
|
|
||||||
include barbican::plugins::p11_crypto
|
|
||||||
$backend3 = 'pkcs11'
|
|
||||||
} else {
|
|
||||||
$backend3 = undef
|
|
||||||
}
|
|
||||||
|
|
||||||
if $kmip_backend_enabled {
|
|
||||||
include barbican::plugins::kmip
|
|
||||||
$backend4 = 'kmip'
|
|
||||||
} else {
|
|
||||||
$backend4 = undef
|
|
||||||
}
|
|
||||||
|
|
||||||
$enabled_backends_list = delete_undef_values([$backend1, $backend2, $backend3, $backend4])
|
|
||||||
$enabled_secret_stores = join($enabled_backends_list, ',')
|
|
||||||
}
|
|
@ -1,155 +0,0 @@
|
|||||||
# Copyright 2016 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::ceilometer
|
|
||||||
#
|
|
||||||
# Ceilometer profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_proto*]
|
|
||||||
# Protocol driver for the oslo messaging rpc service
|
|
||||||
# Defaults to lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit')
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_hosts*]
|
|
||||||
# list of the oslo messaging rpc host fqdns
|
|
||||||
# Defaults to any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef))
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_port*]
|
|
||||||
# IP port for oslo messaging rpc service
|
|
||||||
# Defaults to lookup('oslo_messaging_rpc_port', undef, undef, '5672')
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_username*]
|
|
||||||
# Username for oslo messaging rpc service
|
|
||||||
# Defaults to lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest')
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_password*]
|
|
||||||
# Password for oslo messaging rpc service
|
|
||||||
# Defaults to lookup('oslo_messaging_rpc_password')
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_use_ssl*]
|
|
||||||
# Enable ssl oslo messaging services
|
|
||||||
# Defaults to lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0')
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_proto*]
|
|
||||||
# Protocol driver for the oslo messaging notify service
|
|
||||||
# Defaults to lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit')
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_hosts*]
|
|
||||||
# list of the oslo messaging notify host fqdns
|
|
||||||
# Defaults to any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef))
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_port*]
|
|
||||||
# IP port for oslo messaging notify service
|
|
||||||
# Defaults to lookup('oslo_messaging_notify_port', undef, undef, '5672')
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_username*]
|
|
||||||
# Username for oslo messaging notify service
|
|
||||||
# Defaults to lookup('oslo_messaging_notify_user_name', undef, undef, 'guest')
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_password*]
|
|
||||||
# Password for oslo messaging notify service
|
|
||||||
# Defaults to lookup('oslo_messaging_notify_password')
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_use_ssl*]
|
|
||||||
# Enable ssl oslo messaging services
|
|
||||||
# Defaults to lookup('oslo_messaging_notify_use_ssl', undef, undef, '0')
|
|
||||||
#
|
|
||||||
# [*memcached_hosts*]
|
|
||||||
# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache.
|
|
||||||
# Defaults to lookup('memcached_node_names', undef, undef, [])
|
|
||||||
#
|
|
||||||
# [*memcached_port*]
|
|
||||||
# (Optional) Memcached port to use.
|
|
||||||
# Defaults to lookup('memcached_port', undef, undef, 11211)
|
|
||||||
#
|
|
||||||
# [*memcached_ipv6*]
|
|
||||||
# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network.
|
|
||||||
# Defauls to lookup('memcached_ipv6', undef, undef, false)
|
|
||||||
#
|
|
||||||
# [*cache_backend*]
|
|
||||||
# (Optional) oslo.cache backend used for caching.
|
|
||||||
# Defaults to lookup('ceilometer::cache::backend', undef, undef, false)
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::ceilometer (
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
$oslomsg_rpc_proto = lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'),
|
|
||||||
$oslomsg_rpc_hosts = any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)),
|
|
||||||
$oslomsg_rpc_password = lookup('oslo_messaging_rpc_password'),
|
|
||||||
$oslomsg_rpc_port = lookup('oslo_messaging_rpc_port', undef, undef, '5672'),
|
|
||||||
$oslomsg_rpc_username = lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest'),
|
|
||||||
$oslomsg_rpc_use_ssl = lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0'),
|
|
||||||
$oslomsg_notify_proto = lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit'),
|
|
||||||
$oslomsg_notify_hosts = any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)),
|
|
||||||
$oslomsg_notify_password = lookup('oslo_messaging_notify_password'),
|
|
||||||
$oslomsg_notify_port = lookup('oslo_messaging_notify_port', undef, undef, '5672'),
|
|
||||||
$oslomsg_notify_username = lookup('oslo_messaging_notify_user_name', undef, undef, 'guest'),
|
|
||||||
$oslomsg_notify_use_ssl = lookup('oslo_messaging_notify_use_ssl', undef, undef, '0'),
|
|
||||||
$memcached_hosts = lookup('memcached_node_names', undef, undef, []),
|
|
||||||
$memcached_port = lookup('memcached_port', undef, undef, 11211),
|
|
||||||
$memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false),
|
|
||||||
$cache_backend = lookup('ceilometer::cache::backend', undef, undef, false),
|
|
||||||
) {
|
|
||||||
|
|
||||||
$memcached_hosts_real = any2array($memcached_hosts)
|
|
||||||
|
|
||||||
if $step >= 3 {
|
|
||||||
$oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl)))
|
|
||||||
$oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl)))
|
|
||||||
|
|
||||||
if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 {
|
|
||||||
if $cache_backend in ['oslo_cache.memcache_pool', 'dogpile.cache.memcached'] {
|
|
||||||
# NOTE(tkajinm): The inet6 prefix is required for backends using
|
|
||||||
# python-memcached
|
|
||||||
$cache_memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" }
|
|
||||||
} else {
|
|
||||||
# NOTE(tkajinam): The other backends like pymemcache don't require
|
|
||||||
# the inet6 prefix
|
|
||||||
$cache_memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_hosts_real)), ":${memcached_port}")
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
$cache_memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_hosts_real)), ":${memcached_port}")
|
|
||||||
}
|
|
||||||
class { 'ceilometer::cache':
|
|
||||||
memcache_servers => $cache_memcache_servers
|
|
||||||
}
|
|
||||||
|
|
||||||
class { 'ceilometer' :
|
|
||||||
default_transport_url => os_transport_url({
|
|
||||||
'transport' => $oslomsg_rpc_proto,
|
|
||||||
'hosts' => $oslomsg_rpc_hosts,
|
|
||||||
'port' => $oslomsg_rpc_port,
|
|
||||||
'username' => $oslomsg_rpc_username,
|
|
||||||
'password' => $oslomsg_rpc_password,
|
|
||||||
'ssl' => $oslomsg_rpc_use_ssl_real,
|
|
||||||
}),
|
|
||||||
notification_transport_url => os_transport_url({
|
|
||||||
'transport' => $oslomsg_notify_proto,
|
|
||||||
'hosts' => $oslomsg_notify_hosts,
|
|
||||||
'port' => $oslomsg_notify_port,
|
|
||||||
'username' => $oslomsg_notify_username,
|
|
||||||
'password' => $oslomsg_notify_password,
|
|
||||||
'ssl' => $oslomsg_notify_use_ssl_real,
|
|
||||||
}),
|
|
||||||
}
|
|
||||||
|
|
||||||
include ceilometer::config
|
|
||||||
include ceilometer::logging
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,111 +0,0 @@
|
|||||||
# Copyright 2016 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::ceilometer::agent::notification
|
|
||||||
#
|
|
||||||
# Ceilometer Notification Agent profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
# [*notifier_enabled*]
|
|
||||||
# (optional) Enable configuration of notifier as pipeline publisher.
|
|
||||||
# Defaults to false
|
|
||||||
#
|
|
||||||
# [*notifier_events_enabled*]
|
|
||||||
# (optional) Enable configuration of event notifier as pipeline publisher.
|
|
||||||
# Defaults to false
|
|
||||||
#
|
|
||||||
# [*notifier_host_addr*]
|
|
||||||
# (optional) IP address of Ceilometer notifier (edge qdr Endpoint)
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*notifier_host_port*]
|
|
||||||
# (optional) Ceilometer notifier port
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*notifier_params*]
|
|
||||||
# (optional) Query parameters for notifier URL
|
|
||||||
# Defaults to {'driver' => 'amqp', 'topic' => 'ceilometer/metering.sample'}
|
|
||||||
#
|
|
||||||
# [*notifier_event_params*]
|
|
||||||
# (optional) Query parameters for event notifier URL
|
|
||||||
# Defaults to {'driver' => 'amqp', 'topic' => 'ceilometer/event.sample'}
|
|
||||||
#
|
|
||||||
# [*event_pipeline_publishers*]
|
|
||||||
# (Optional) A list of event pipeline publishers
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*pipeline_publishers*]
|
|
||||||
# (Optional) A list of pipeline publishers
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::ceilometer::agent::notification (
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
$notifier_enabled = false,
|
|
||||||
$notifier_events_enabled = false,
|
|
||||||
$notifier_host_addr = undef,
|
|
||||||
$notifier_host_port = undef,
|
|
||||||
$notifier_params = {'driver' => 'amqp', 'topic' => 'ceilometer/metering.sample'},
|
|
||||||
$notifier_event_params = {'driver' => 'amqp', 'topic' => 'ceilometer/event.sample'},
|
|
||||||
$pipeline_publishers = undef,
|
|
||||||
$event_pipeline_publishers = undef,
|
|
||||||
) {
|
|
||||||
include tripleo::profile::base::ceilometer
|
|
||||||
|
|
||||||
if $step >= 4 {
|
|
||||||
include ceilometer::agent::service_credentials
|
|
||||||
|
|
||||||
if $pipeline_publishers {
|
|
||||||
$other_publishers = Array($pipeline_publishers, true)
|
|
||||||
} else {
|
|
||||||
$other_publishers = []
|
|
||||||
}
|
|
||||||
if $notifier_enabled {
|
|
||||||
$real_pipeline_publishers = $other_publishers + [os_transport_url({
|
|
||||||
'transport' => 'notifier',
|
|
||||||
'host' => $notifier_host_addr,
|
|
||||||
'port' => $notifier_host_port,
|
|
||||||
'query' => $notifier_params,
|
|
||||||
})]
|
|
||||||
} else {
|
|
||||||
$real_pipeline_publishers = $other_publishers
|
|
||||||
}
|
|
||||||
|
|
||||||
if $event_pipeline_publishers {
|
|
||||||
$other_event_publishers = Array($event_pipeline_publishers, true)
|
|
||||||
} else {
|
|
||||||
$other_event_publishers = []
|
|
||||||
}
|
|
||||||
if $notifier_events_enabled {
|
|
||||||
$real_event_pipeline_publishers = $other_event_publishers + [os_transport_url({
|
|
||||||
'transport' => 'notifier',
|
|
||||||
'host' => $notifier_host_addr,
|
|
||||||
'port' => $notifier_host_port,
|
|
||||||
'query' => $notifier_event_params,
|
|
||||||
})]
|
|
||||||
} else {
|
|
||||||
$real_event_pipeline_publishers = $other_event_publishers
|
|
||||||
}
|
|
||||||
|
|
||||||
class { 'ceilometer::agent::notification':
|
|
||||||
event_pipeline_publishers => $real_event_pipeline_publishers,
|
|
||||||
pipeline_publishers => $real_pipeline_publishers,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,78 +0,0 @@
|
|||||||
# Copyright 2016 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::ceilometer::agent::polling
|
|
||||||
#
|
|
||||||
# Ceilometer polling Agent profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*central_namespace*]
|
|
||||||
# (Optional) Use central namespace for polling agent.
|
|
||||||
# Defaults to lookup('central_namespace', undef, undef, false)
|
|
||||||
#
|
|
||||||
# [*compute_namespace*]
|
|
||||||
# (Optional) Use compute namespace for polling agent.
|
|
||||||
# Defaults to lookup('compute_namespace', undef, undef, false)
|
|
||||||
#
|
|
||||||
# [*enable_internal_tls*]
|
|
||||||
# (Optional) Whether TLS in the internal network is enabled or not.
|
|
||||||
# Defaults to lookup('enable_internal_tls', undef, undef, false)
|
|
||||||
#
|
|
||||||
# [*ipmi_namespace*]
|
|
||||||
# (Optional) Use ipmi namespace for polling agent.
|
|
||||||
# Defaults to lookup('ipmi_namespace', undef, undef, false)
|
|
||||||
#
|
|
||||||
# [*ceilometer_redis_password*]
|
|
||||||
# (Optional) redis password to configure coordination url
|
|
||||||
# Defaults to lookup('ceilometer_redis_password')
|
|
||||||
#
|
|
||||||
# [*redis_vip*]
|
|
||||||
# (Optional) redis vip to configure coordination url
|
|
||||||
# Defaults to lookup('redis_vip')
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::ceilometer::agent::polling (
|
|
||||||
$central_namespace = lookup('central_namespace', undef, undef, false),
|
|
||||||
$compute_namespace = lookup('compute_namespace', undef, undef, false),
|
|
||||||
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
|
|
||||||
$ipmi_namespace = lookup('ipmi_namespace', undef, undef, false),
|
|
||||||
$ceilometer_redis_password = lookup('ceilometer_redis_password'),
|
|
||||||
$redis_vip = lookup('redis_vip'),
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
include tripleo::profile::base::ceilometer
|
|
||||||
|
|
||||||
if $enable_internal_tls {
|
|
||||||
$tls_query_param = '?ssl=true'
|
|
||||||
} else {
|
|
||||||
$tls_query_param = ''
|
|
||||||
}
|
|
||||||
|
|
||||||
if $step >= 4 {
|
|
||||||
include ceilometer::agent::service_credentials
|
|
||||||
class { 'ceilometer::coordination':
|
|
||||||
backend_url => join(['redis://:', $ceilometer_redis_password, '@', normalize_ip_for_uri($redis_vip), ':6379/', $tls_query_param]),
|
|
||||||
}
|
|
||||||
class { 'ceilometer::agent::polling':
|
|
||||||
central_namespace => $central_namespace,
|
|
||||||
compute_namespace => $compute_namespace,
|
|
||||||
ipmi_namespace => $ipmi_namespace,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,142 +0,0 @@
|
|||||||
# Copyright 2016 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::cinder
|
|
||||||
#
|
|
||||||
# Cinder common profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*bootstrap_node*]
|
|
||||||
# (Optional) The hostname of the node responsible for bootstrapping tasks
|
|
||||||
# Defaults to lookup('cinder_api_short_bootstrap_node_name', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*cinder_enable_db_purge*]
|
|
||||||
# (Optional) Whether to enable db purging
|
|
||||||
# Defaults to true
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step of the deployment
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_proto*]
|
|
||||||
# Protocol driver for the oslo messaging rpc service
|
|
||||||
# Defaults to lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit')
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_hosts*]
|
|
||||||
# list of the oslo messaging rpc host fqdns
|
|
||||||
# Defaults to any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef))
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_port*]
|
|
||||||
# IP port for oslo messaging rpc service
|
|
||||||
# Defaults to lookup('oslo_messaging_rpc_port', undef, undef, '5672')
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_username*]
|
|
||||||
# Username for oslo messaging rpc service
|
|
||||||
# Defaults to lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest')
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_password*]
|
|
||||||
# Password for oslo messaging rpc service
|
|
||||||
# Defaults to lookup('oslo_messaging_rpc_password')
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_use_ssl*]
|
|
||||||
# Enable ssl oslo messaging services
|
|
||||||
# Defaults to lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0')
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_proto*]
|
|
||||||
# Protocol driver for the oslo messaging notify service
|
|
||||||
# Defaults to lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit')
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_hosts*]
|
|
||||||
# list of the oslo messaging notify host fqdns
|
|
||||||
# Defaults to any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef))
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_port*]
|
|
||||||
# IP port for oslo messaging notify service
|
|
||||||
# Defaults to lookup('oslo_messaging_notify_port', undef, undef, '5672')
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_username*]
|
|
||||||
# Username for oslo messaging notify service
|
|
||||||
# Defaults to lookup('oslo_messaging_notify_user_name', undef, undef, 'guest')
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_password*]
|
|
||||||
# Password for oslo messaging notify service
|
|
||||||
# Defaults to lookup('oslo_messaging_notify_password')
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_use_ssl*]
|
|
||||||
# Enable ssl oslo messaging services
|
|
||||||
# Defaults to lookup('oslo_messaging_notify_use_ssl', undef, undef, '0')
|
|
||||||
|
|
||||||
class tripleo::profile::base::cinder (
|
|
||||||
$bootstrap_node = lookup('cinder_api_short_bootstrap_node_name', undef, undef, undef),
|
|
||||||
$cinder_enable_db_purge = true,
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
$oslomsg_rpc_proto = lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'),
|
|
||||||
$oslomsg_rpc_hosts = any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)),
|
|
||||||
$oslomsg_rpc_password = lookup('oslo_messaging_rpc_password'),
|
|
||||||
$oslomsg_rpc_port = lookup('oslo_messaging_rpc_port', undef, undef, '5672'),
|
|
||||||
$oslomsg_rpc_username = lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest'),
|
|
||||||
$oslomsg_rpc_use_ssl = lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0'),
|
|
||||||
$oslomsg_notify_proto = lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit'),
|
|
||||||
$oslomsg_notify_hosts = any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)),
|
|
||||||
$oslomsg_notify_password = lookup('oslo_messaging_notify_password'),
|
|
||||||
$oslomsg_notify_port = lookup('oslo_messaging_notify_port', undef, undef, '5672'),
|
|
||||||
$oslomsg_notify_username = lookup('oslo_messaging_notify_user_name', undef, undef, 'guest'),
|
|
||||||
$oslomsg_notify_use_ssl = lookup('oslo_messaging_notify_use_ssl', undef, undef, '0'),
|
|
||||||
) {
|
|
||||||
if $bootstrap_node and $::hostname == downcase($bootstrap_node) {
|
|
||||||
$sync_db = true
|
|
||||||
} else {
|
|
||||||
$sync_db = false
|
|
||||||
}
|
|
||||||
|
|
||||||
if $step >= 4 or ($step >= 3 and $sync_db) {
|
|
||||||
$oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl)))
|
|
||||||
$oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl)))
|
|
||||||
class { 'cinder' :
|
|
||||||
default_transport_url => os_transport_url({
|
|
||||||
'transport' => $oslomsg_rpc_proto,
|
|
||||||
'hosts' => $oslomsg_rpc_hosts,
|
|
||||||
'port' => $oslomsg_rpc_port,
|
|
||||||
'username' => $oslomsg_rpc_username,
|
|
||||||
'password' => $oslomsg_rpc_password,
|
|
||||||
'ssl' => $oslomsg_rpc_use_ssl_real,
|
|
||||||
}),
|
|
||||||
notification_transport_url => os_transport_url({
|
|
||||||
'transport' => $oslomsg_notify_proto,
|
|
||||||
'hosts' => $oslomsg_notify_hosts,
|
|
||||||
'port' => $oslomsg_notify_port,
|
|
||||||
'username' => $oslomsg_notify_username,
|
|
||||||
'password' => $oslomsg_notify_password,
|
|
||||||
'ssl' => $oslomsg_notify_use_ssl_real,
|
|
||||||
}),
|
|
||||||
}
|
|
||||||
include cinder::config
|
|
||||||
include cinder::db
|
|
||||||
include cinder::glance
|
|
||||||
include cinder::nova
|
|
||||||
include cinder::logging
|
|
||||||
include cinder::quota
|
|
||||||
include cinder::keystone::service_user
|
|
||||||
include cinder::key_manager
|
|
||||||
include cinder::key_manager::barbican
|
|
||||||
}
|
|
||||||
|
|
||||||
if $step >= 5 {
|
|
||||||
if $cinder_enable_db_purge {
|
|
||||||
include cinder::cron::db_purge
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,97 +0,0 @@
|
|||||||
# Copyright 2016 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::cinder::api
|
|
||||||
#
|
|
||||||
# Cinder API profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*bootstrap_node*]
|
|
||||||
# (Optional) The hostname of the node responsible for bootstrapping tasks
|
|
||||||
# Defaults to lookup('cinder_api_short_bootstrap_node_name', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*certificates_specs*]
|
|
||||||
# (Optional) The specifications to give to certmonger for the certificate(s)
|
|
||||||
# it will create.
|
|
||||||
# Example with hiera:
|
|
||||||
# apache_certificates_specs:
|
|
||||||
# httpd-internal_api:
|
|
||||||
# hostname: <overcloud controller fqdn>
|
|
||||||
# service_certificate: <service certificate path>
|
|
||||||
# service_key: <service key path>
|
|
||||||
# principal: "haproxy/<overcloud controller fqdn>"
|
|
||||||
# Defaults to lookup('apache_certificates_specs', undef, undef, {}).
|
|
||||||
#
|
|
||||||
# [*cinder_api_network*]
|
|
||||||
# (Optional) The network name where the cinder API endpoint is listening on.
|
|
||||||
# This is set by t-h-t.
|
|
||||||
# Defaults to lookup('cinder_api_network', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*enable_internal_tls*]
|
|
||||||
# (Optional) Whether TLS in the internal network is enabled or not.
|
|
||||||
# Defaults to lookup('enable_internal_tls', undef, undef, false)
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
# [*configure_apache*]
|
|
||||||
# (Optional) Whether apache is configured via puppet or not.
|
|
||||||
# Defaults to lookup('configure_apache', undef, undef, true)
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::cinder::api (
|
|
||||||
$bootstrap_node = lookup('cinder_api_short_bootstrap_node_name', undef, undef, undef),
|
|
||||||
$certificates_specs = lookup('apache_certificates_specs', undef, undef, {}),
|
|
||||||
$cinder_api_network = lookup('cinder_api_network', undef, undef, undef),
|
|
||||||
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
$configure_apache = lookup('configure_apache', undef, undef, true),
|
|
||||||
) {
|
|
||||||
|
|
||||||
if $bootstrap_node and $::hostname == downcase($bootstrap_node) {
|
|
||||||
$sync_db = true
|
|
||||||
} else {
|
|
||||||
$sync_db = false
|
|
||||||
}
|
|
||||||
|
|
||||||
include tripleo::profile::base::cinder
|
|
||||||
include tripleo::profile::base::cinder::authtoken
|
|
||||||
|
|
||||||
if $enable_internal_tls {
|
|
||||||
if !$cinder_api_network {
|
|
||||||
fail('cinder_api_network is not set in the hieradata.')
|
|
||||||
}
|
|
||||||
$tls_certfile = $certificates_specs["httpd-${cinder_api_network}"]['service_certificate']
|
|
||||||
$tls_keyfile = $certificates_specs["httpd-${cinder_api_network}"]['service_key']
|
|
||||||
} else {
|
|
||||||
$tls_certfile = undef
|
|
||||||
$tls_keyfile = undef
|
|
||||||
}
|
|
||||||
|
|
||||||
if $step >= 4 or ($step >= 3 and $sync_db) {
|
|
||||||
class { 'cinder::api':
|
|
||||||
sync_db => $sync_db,
|
|
||||||
}
|
|
||||||
include cinder::healthcheck
|
|
||||||
if $configure_apache {
|
|
||||||
include tripleo::profile::base::apache
|
|
||||||
class { 'cinder::wsgi::apache':
|
|
||||||
ssl_cert => $tls_certfile,
|
|
||||||
ssl_key => $tls_keyfile,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,84 +0,0 @@
|
|||||||
# Copyright 2019 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::cinder::authtoken
|
|
||||||
#
|
|
||||||
# Cinder authtoken profile for TripleO
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
# [*memcached_hosts*]
|
|
||||||
# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache.
|
|
||||||
# Defaults to lookup('memcached_node_names', undef, undef, [])
|
|
||||||
#
|
|
||||||
# [*memcached_port*]
|
|
||||||
# (Optional) Memcached port to use.
|
|
||||||
# Defaults to lookup('memcached_authtoken_port', undef, undef, 11211)
|
|
||||||
#
|
|
||||||
# [*memcached_ipv6*]
|
|
||||||
# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network.
|
|
||||||
# Defaults to lookup('memcached_ipv6', undef, undef, false)
|
|
||||||
#
|
|
||||||
# [*security_strategy*]
|
|
||||||
# (Optional) Memcached (authtoken) security strategy.
|
|
||||||
# Defaults to lookup('memcached_authtoken_security_strategy', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*secret_key*]
|
|
||||||
# (Optional) Memcached (authtoken) secret key, used with security_strategy.
|
|
||||||
# The key is hashed with a salt, to isolate services.
|
|
||||||
# Defaults to lookup('memcached_authtoken_secret_key', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# DEPRECATED PARAMETERS
|
|
||||||
#
|
|
||||||
# [*memcached_ips*]
|
|
||||||
# (Optional) Array of ipv4 or ipv6 addresses for memcache.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::cinder::authtoken (
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
$memcached_hosts = lookup('memcached_node_names', undef, undef, []),
|
|
||||||
$memcached_port = lookup('memcached_authtoken_port', undef, undef, 11211),
|
|
||||||
$memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false),
|
|
||||||
$security_strategy = lookup('memcached_authtoken_security_strategy', undef, undef, undef),
|
|
||||||
$secret_key = lookup('memcached_authtoken_secret_key', undef, undef, undef),
|
|
||||||
# DEPRECATED PARAMETERS
|
|
||||||
$memcached_ips = undef
|
|
||||||
) {
|
|
||||||
$memcached_hosts_real = any2array(pick($memcached_ips, $memcached_hosts))
|
|
||||||
|
|
||||||
if $step >= 3 {
|
|
||||||
if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 {
|
|
||||||
$memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" }
|
|
||||||
} else {
|
|
||||||
$memcache_servers = suffix($memcached_hosts_real, ":${memcached_port}")
|
|
||||||
}
|
|
||||||
|
|
||||||
if $secret_key {
|
|
||||||
$hashed_secret_key = sha256("${secret_key}+cinder")
|
|
||||||
} else {
|
|
||||||
$hashed_secret_key = undef
|
|
||||||
}
|
|
||||||
|
|
||||||
class { 'cinder::keystone::authtoken':
|
|
||||||
memcached_servers => $memcache_servers,
|
|
||||||
memcache_security_strategy => $security_strategy,
|
|
||||||
memcache_secret_key => $hashed_secret_key,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,36 +0,0 @@
|
|||||||
# Copyright 2016 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::cinder::backup
|
|
||||||
#
|
|
||||||
# Cinder Backup profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::cinder::backup (
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
|
|
||||||
include tripleo::profile::base::cinder
|
|
||||||
|
|
||||||
if $step >= 4 {
|
|
||||||
include cinder::backup
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,36 +0,0 @@
|
|||||||
# Copyright 2016 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::cinder::backup::ceph
|
|
||||||
#
|
|
||||||
# Cinder Backup Ceph profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::cinder::backup::ceph (
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
|
|
||||||
include tripleo::profile::base::cinder::backup
|
|
||||||
|
|
||||||
if $step >= 4 {
|
|
||||||
include cinder::backup::ceph
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,56 +0,0 @@
|
|||||||
# Copyright 2021 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::cinder::backup::gcs
|
|
||||||
#
|
|
||||||
# Cinder Backup Google Cloud Service (GCS) profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*credentials*]
|
|
||||||
# (required) The GCS service account credentials, in JSON format.
|
|
||||||
#
|
|
||||||
# [*credential_file*]
|
|
||||||
# (Optional) Absolute path of GCS service account credential file, to
|
|
||||||
# be created with content from the credentials input.
|
|
||||||
# Defaults to '/etc/cinder/gcs-backup.json'
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::cinder::backup::gcs (
|
|
||||||
$credentials,
|
|
||||||
$credential_file = '/etc/cinder/gcs-backup.json',
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
|
|
||||||
include tripleo::profile::base::cinder::backup
|
|
||||||
|
|
||||||
if $step >= 4 {
|
|
||||||
file { "${credential_file}" :
|
|
||||||
ensure => file,
|
|
||||||
content => to_json_pretty($credentials),
|
|
||||||
owner => 'root',
|
|
||||||
group => 'cinder',
|
|
||||||
mode => '0640',
|
|
||||||
}
|
|
||||||
|
|
||||||
class { 'cinder::backup::google':
|
|
||||||
backup_gcs_credential_file => $credential_file,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,36 +0,0 @@
|
|||||||
# Copyright 2018 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::cinder::backup::nfs
|
|
||||||
#
|
|
||||||
# Cinder Backup NFS profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::cinder::backup::nfs (
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
|
|
||||||
include tripleo::profile::base::cinder::backup
|
|
||||||
|
|
||||||
if $step >= 4 {
|
|
||||||
include cinder::backup::nfs
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,36 +0,0 @@
|
|||||||
# Copyright 2021 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::cinder::backup::s3
|
|
||||||
#
|
|
||||||
# Cinder Backup S3 profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::cinder::backup::s3 (
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
|
|
||||||
include tripleo::profile::base::cinder::backup
|
|
||||||
|
|
||||||
if $step >= 4 {
|
|
||||||
include cinder::backup::s3
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,36 +0,0 @@
|
|||||||
# Copyright 2016 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::cinder::backup::swift
|
|
||||||
#
|
|
||||||
# Cinder Backup Swift profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::cinder::backup::swift (
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
|
|
||||||
include tripleo::profile::base::cinder::backup
|
|
||||||
|
|
||||||
if $step >= 4 {
|
|
||||||
include cinder::backup::swift
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,35 +0,0 @@
|
|||||||
# Copyright 2016 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::cinder::scheduler
|
|
||||||
#
|
|
||||||
# Cinder Scheduler profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::cinder::scheduler (
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
include tripleo::profile::base::cinder
|
|
||||||
|
|
||||||
if $step >= 4 {
|
|
||||||
include cinder::scheduler
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,346 +0,0 @@
|
|||||||
# Copyright 2022 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::cinder::volume
|
|
||||||
#
|
|
||||||
# Cinder Volume profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*cinder_enable_pure_backend*]
|
|
||||||
# (Optional) Whether to enable the pure backend
|
|
||||||
# Defaults to false
|
|
||||||
#
|
|
||||||
# [*cinder_enable_dellemc_sc_backend*]
|
|
||||||
# (Optional) Whether to enable the sc backend
|
|
||||||
# Defaults to false
|
|
||||||
#
|
|
||||||
# [*cinder_enable_dellemc_unity_backend*]
|
|
||||||
# (Optional) Whether to enable the unity backend
|
|
||||||
# Defaults to false
|
|
||||||
#
|
|
||||||
# [*cinder_enable_dellemc_powerflex_backend*]
|
|
||||||
# (Optional) Whether to enable the powerflex backend
|
|
||||||
# Defaults to false
|
|
||||||
#
|
|
||||||
# [*cinder_enable_dellemc_powermax_backend*]
|
|
||||||
# (Optional) Whether to enable the powermax backend
|
|
||||||
# Defaults to false
|
|
||||||
#
|
|
||||||
# [*cinder_enable_dellemc_powerstore_backend*]
|
|
||||||
# (Optional) Whether to enable the powerstore backend
|
|
||||||
# Defaults to false
|
|
||||||
#
|
|
||||||
# [*cinder_enable_dellemc_vnx_backend*]
|
|
||||||
# (Optional) Whether to enable the vnx backend
|
|
||||||
# Defaults to false
|
|
||||||
#
|
|
||||||
# [*cinder_enable_dellemc_xtremio_backend*]
|
|
||||||
# (Optional) Whether to enable the xtremio backend
|
|
||||||
# Defaults to false
|
|
||||||
#
|
|
||||||
# [*cinder_enable_ibm_svf_backend*]
|
|
||||||
# (Optional) Whether to enable the ibm_svf backend
|
|
||||||
# Defaults to false
|
|
||||||
#
|
|
||||||
# [*cinder_enable_iscsi_backend*]
|
|
||||||
# (Optional) Whether to enable the iscsi backend
|
|
||||||
# Defaults to true
|
|
||||||
#
|
|
||||||
# [*cinder_enable_netapp_backend*]
|
|
||||||
# (Optional) Whether to enable the netapp backend
|
|
||||||
# Defaults to false
|
|
||||||
#
|
|
||||||
# [*cinder_enable_nfs_backend*]
|
|
||||||
# (Optional) Whether to enable the nfs backend
|
|
||||||
# Defaults to false
|
|
||||||
#
|
|
||||||
# [*cinder_enable_rbd_backend*]
|
|
||||||
# (Optional) Whether to enable the rbd backend
|
|
||||||
# Defaults to false
|
|
||||||
#
|
|
||||||
#[*cinder_enable_nvmeof_backend*]
|
|
||||||
# (Optional) Whether to enable the NVMeOF backend
|
|
||||||
# Defaults to false
|
|
||||||
#
|
|
||||||
# [*cinder_user_enabled_backends*]
|
|
||||||
# (Optional) List of additional backend stanzas to activate
|
|
||||||
# Defaults to lookup('cinder_user_enabled_backends', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*cinder_volume_cluster*]
|
|
||||||
# (Optional) Name of the cluster when running in active-active mode
|
|
||||||
# Defaults to ''
|
|
||||||
#
|
|
||||||
# [*enable_internal_tls*]
|
|
||||||
# (Optional) Whether TLS in the internal network is enabled or not
|
|
||||||
# Defaults to lookup('enable_internal_tls', undef, undef, false)
|
|
||||||
#
|
|
||||||
# [*etcd_certificate_specs*]
|
|
||||||
# (optional) TLS certificate specs for the etcd service
|
|
||||||
# Defaults to lookup('tripleo::profile::base::etcd::certificate_specs', undef, undef, {})
|
|
||||||
#
|
|
||||||
# [*etcd_enabled*]
|
|
||||||
# (optional) Whether the etcd service is enabled or not
|
|
||||||
# Defaults to lookup('etcd_enabled', undef, undef, false)
|
|
||||||
#
|
|
||||||
# [*etcd_host*]
|
|
||||||
# (optional) IP address (VIP) of the etcd service
|
|
||||||
# Defaults to lookup('etcd_vip', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*etcd_port*]
|
|
||||||
# (optional) Port used by the etcd service
|
|
||||||
# Defaults to lookup('tripleo::profile::base::etcd::client_port', undef, undef, '2379')
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
# DEPRECATED PARAMETERS
|
|
||||||
#
|
|
||||||
# [*cinder_rbd_client_name*]
|
|
||||||
# (Optional) Name of RBD client
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*cinder_rbd_ceph_conf_path*]
|
|
||||||
# (Optional) The path where the Ceph Cluster config files are stored on the host
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::cinder::volume (
|
|
||||||
$cinder_enable_pure_backend = false,
|
|
||||||
$cinder_enable_dellemc_sc_backend = false,
|
|
||||||
$cinder_enable_dellemc_unity_backend = false,
|
|
||||||
$cinder_enable_dellemc_powerflex_backend = false,
|
|
||||||
$cinder_enable_dellemc_powermax_backend = false,
|
|
||||||
$cinder_enable_dellemc_powerstore_backend = false,
|
|
||||||
$cinder_enable_dellemc_vnx_backend = false,
|
|
||||||
$cinder_enable_dellemc_xtremio_backend = false,
|
|
||||||
$cinder_enable_ibm_svf_backend = false,
|
|
||||||
$cinder_enable_iscsi_backend = true,
|
|
||||||
$cinder_enable_netapp_backend = false,
|
|
||||||
$cinder_enable_nfs_backend = false,
|
|
||||||
$cinder_enable_rbd_backend = false,
|
|
||||||
$cinder_enable_nvmeof_backend = false,
|
|
||||||
$cinder_user_enabled_backends = lookup('cinder_user_enabled_backends', undef, undef, undef),
|
|
||||||
$cinder_volume_cluster = '',
|
|
||||||
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
|
|
||||||
$etcd_certificate_specs = lookup('tripleo::profile::base::etcd::certificate_specs', undef, undef, {}),
|
|
||||||
$etcd_enabled = lookup('etcd_enabled', undef, undef, false),
|
|
||||||
$etcd_host = lookup('etcd_vip', undef, undef, undef),
|
|
||||||
$etcd_port = lookup('tripleo::profile::base::etcd::client_port', undef, undef, '2379'),
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
# DEPRECATED PARAMETERS
|
|
||||||
$cinder_rbd_ceph_conf_path = undef,
|
|
||||||
$cinder_rbd_client_name = undef,
|
|
||||||
) {
|
|
||||||
include tripleo::profile::base::cinder
|
|
||||||
|
|
||||||
if $step >= 4 {
|
|
||||||
if $cinder_volume_cluster == '' {
|
|
||||||
$cinder_volume_cluster_real = undef
|
|
||||||
} else {
|
|
||||||
$cinder_volume_cluster_real = $cinder_volume_cluster
|
|
||||||
}
|
|
||||||
|
|
||||||
if $cinder_volume_cluster_real {
|
|
||||||
unless $etcd_enabled {
|
|
||||||
fail('Running cinder-volume in active-active mode with a cluster name requires the etcd service.')
|
|
||||||
}
|
|
||||||
if empty($etcd_host) {
|
|
||||||
fail('etcd_vip not set in hieradata')
|
|
||||||
}
|
|
||||||
case $::operatingsystemmajrelease {
|
|
||||||
# el8 uses etcd version 3.2, which supports v3alpha path
|
|
||||||
'8' : { $api_version = 'v3alpha' }
|
|
||||||
# el9 uses etcd version 3.4, which supports v3 path
|
|
||||||
default : { $api_version = 'v3' }
|
|
||||||
}
|
|
||||||
$options_init = "?api_version=${api_version}"
|
|
||||||
if $enable_internal_tls {
|
|
||||||
$protocol = 'https'
|
|
||||||
$tls_keyfile = $etcd_certificate_specs['service_key']
|
|
||||||
$tls_certfile = $etcd_certificate_specs['service_certificate']
|
|
||||||
$options_tls = sprintf('&cert_key=%s&cert_cert=%s', $tls_keyfile, $tls_certfile)
|
|
||||||
$options = "${options_init}${options_tls}"
|
|
||||||
} else {
|
|
||||||
$protocol = 'http'
|
|
||||||
$options = "${options_init}"
|
|
||||||
}
|
|
||||||
$backend_url = sprintf('etcd3+%s://%s:%s%s', $protocol, normalize_ip_for_uri($etcd_host), $etcd_port, $options)
|
|
||||||
class { 'cinder::coordination' :
|
|
||||||
backend_url => $backend_url,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
class { 'cinder::volume' :
|
|
||||||
cluster => $cinder_volume_cluster_real,
|
|
||||||
}
|
|
||||||
|
|
||||||
if $cinder_enable_pure_backend {
|
|
||||||
include tripleo::profile::base::cinder::volume::pure
|
|
||||||
$cinder_pure_backend_name = lookup('cinder::backend::pure::volume_backend_name', undef, undef, 'tripleo_pure')
|
|
||||||
} else {
|
|
||||||
$cinder_pure_backend_name = undef
|
|
||||||
}
|
|
||||||
|
|
||||||
if $cinder_enable_dellemc_sc_backend {
|
|
||||||
include tripleo::profile::base::cinder::volume::dellemc_sc
|
|
||||||
$cinder_dellemc_sc_backend_name = lookup('cinder::backend::dellemc_sc::volume_backend_name', undef, undef, 'tripleo_dellemc_sc')
|
|
||||||
} else {
|
|
||||||
$cinder_dellemc_sc_backend_name = undef
|
|
||||||
}
|
|
||||||
|
|
||||||
if $cinder_enable_dellemc_unity_backend {
|
|
||||||
include tripleo::profile::base::cinder::volume::dellemc_unity
|
|
||||||
$cinder_dellemc_unity_backend_name = lookup('cinder::backend::dellemc_unity::volume_backend_name',
|
|
||||||
undef, undef, 'tripleo_dellemc_unity')
|
|
||||||
} else {
|
|
||||||
$cinder_dellemc_unity_backend_name = undef
|
|
||||||
}
|
|
||||||
|
|
||||||
if $cinder_enable_dellemc_powerflex_backend {
|
|
||||||
include tripleo::profile::base::cinder::volume::dellemc_powerflex
|
|
||||||
$cinder_dellemc_powerflex_backend_name = lookup('cinder::backend::dellemc_powerflex::volume_backend_name',
|
|
||||||
undef, undef, 'tripleo_dellemc_powerflex')
|
|
||||||
} else {
|
|
||||||
$cinder_dellemc_powerflex_backend_name = undef
|
|
||||||
}
|
|
||||||
|
|
||||||
if $cinder_enable_dellemc_powermax_backend {
|
|
||||||
include tripleo::profile::base::cinder::volume::dellemc_powermax
|
|
||||||
$cinder_dellemc_powermax_backend_name = lookup('cinder::backend::dellemc_powermax::volume_backend_name',
|
|
||||||
undef, undef, 'tripleo_dellemc_powermax')
|
|
||||||
} else {
|
|
||||||
$cinder_dellemc_powermax_backend_name = undef
|
|
||||||
}
|
|
||||||
|
|
||||||
if $cinder_enable_dellemc_powerstore_backend {
|
|
||||||
include tripleo::profile::base::cinder::volume::dellemc_powerstore
|
|
||||||
$cinder_dellemc_powerstore_backend_name = lookup('cinder::backend::dellemc_powerstore::volume_backend_name',
|
|
||||||
undef, undef, 'tripleo_dellemc_powerstore')
|
|
||||||
} else {
|
|
||||||
$cinder_dellemc_powerstore_backend_name = undef
|
|
||||||
}
|
|
||||||
|
|
||||||
if $cinder_enable_dellemc_vnx_backend {
|
|
||||||
include tripleo::profile::base::cinder::volume::dellemc_vnx
|
|
||||||
$cinder_dellemc_vnx_backend_name = lookup('cinder::backend::emc_vnx::volume_backend_name',
|
|
||||||
undef, undef, 'tripleo_dellemc_vnx')
|
|
||||||
} else {
|
|
||||||
$cinder_dellemc_vnx_backend_name = undef
|
|
||||||
}
|
|
||||||
|
|
||||||
if $cinder_enable_dellemc_xtremio_backend {
|
|
||||||
include tripleo::profile::base::cinder::volume::dellemc_xtremio
|
|
||||||
$cinder_dellemc_xtremio_backend_name = lookup('cinder::backend::dellemc_xtremio::volume_backend_name',
|
|
||||||
undef, undef, 'tripleo_dellemc_xtremio')
|
|
||||||
} else {
|
|
||||||
$cinder_dellemc_xtremio_backend_name = undef
|
|
||||||
}
|
|
||||||
|
|
||||||
if $cinder_enable_ibm_svf_backend {
|
|
||||||
include tripleo::profile::base::cinder::volume::ibm_svf
|
|
||||||
$cinder_ibm_svf_backend_name = lookup('cinder::backend::ibm_svf::volume_backend_name',
|
|
||||||
undef, undef, 'tripleo_ibm_svf')
|
|
||||||
} else {
|
|
||||||
$cinder_ibm_svf_backend_name = undef
|
|
||||||
}
|
|
||||||
|
|
||||||
if $cinder_enable_iscsi_backend {
|
|
||||||
include tripleo::profile::base::cinder::volume::iscsi
|
|
||||||
$cinder_iscsi_backend_name = lookup('cinder::backend::iscsi::volume_backend_name', undef, undef, 'tripleo_iscsi')
|
|
||||||
} else {
|
|
||||||
$cinder_iscsi_backend_name = undef
|
|
||||||
}
|
|
||||||
|
|
||||||
if $cinder_enable_netapp_backend {
|
|
||||||
include tripleo::profile::base::cinder::volume::netapp
|
|
||||||
$cinder_netapp_backend_name = lookup('cinder::backend::netapp::volume_backend_name', undef, undef, 'tripleo_netapp')
|
|
||||||
} else {
|
|
||||||
$cinder_netapp_backend_name = undef
|
|
||||||
}
|
|
||||||
|
|
||||||
if $cinder_enable_nfs_backend {
|
|
||||||
include tripleo::profile::base::cinder::volume::nfs
|
|
||||||
$cinder_nfs_backend_name = lookup('tripleo::profile::base::cinder::volume::nfs::backend_name',
|
|
||||||
undef, undef, lookup('cinder::backend::nfs::volume_backend_name',
|
|
||||||
undef, undef, 'tripleo_nfs'))
|
|
||||||
} else {
|
|
||||||
$cinder_nfs_backend_name = undef
|
|
||||||
}
|
|
||||||
|
|
||||||
if $cinder_enable_rbd_backend {
|
|
||||||
include tripleo::profile::base::cinder::volume::rbd
|
|
||||||
$cinder_rbd_backend_name = lookup('tripleo::profile::base::cinder::volume::rbd::backend_name',
|
|
||||||
undef, undef, ['tripleo_ceph'])
|
|
||||||
|
|
||||||
$extra_pools = lookup('tripleo::profile::base::cinder::volume::rbd::cinder_rbd_extra_pools', undef, undef, undef)
|
|
||||||
if empty($extra_pools) {
|
|
||||||
$extra_backend_names = []
|
|
||||||
} else {
|
|
||||||
# These $extra_pools are associated with the first backend
|
|
||||||
$base_name = any2array($cinder_rbd_backend_name)[0]
|
|
||||||
$extra_backend_names = any2array($extra_pools).map |$pool_name| { "${base_name}_${pool_name}" }
|
|
||||||
}
|
|
||||||
|
|
||||||
# Each $multi_config backend can specify its own list of extra pools. The
|
|
||||||
# backend names are the $multi_config hash keys.
|
|
||||||
$multi_config = lookup('tripleo::profile::base::cinder::volume::rbd::multi_config', undef, undef, {})
|
|
||||||
$extra_multiconfig_backend_names = $multi_config.map |$base_name, $backend_config| {
|
|
||||||
$backend_extra_pools = $backend_config['CinderRbdExtraPools']
|
|
||||||
any2array($backend_extra_pools).map |$pool_name| { "${base_name}_${pool_name}" }
|
|
||||||
}
|
|
||||||
|
|
||||||
$cinder_rbd_extra_backend_names = flatten($extra_backend_names, $extra_multiconfig_backend_names)
|
|
||||||
} else {
|
|
||||||
$cinder_rbd_backend_name = undef
|
|
||||||
$cinder_rbd_extra_backend_names = undef
|
|
||||||
}
|
|
||||||
|
|
||||||
if $cinder_enable_nvmeof_backend {
|
|
||||||
include tripleo::profile::base::cinder::volume::nvmeof
|
|
||||||
$cinder_nvmeof_backend_name = lookup('cinder::backend::nvmeof::volume_backend_name', undef, undef, 'tripleo_nvmeof')
|
|
||||||
} else {
|
|
||||||
$cinder_nvmeof_backend_name = undef
|
|
||||||
}
|
|
||||||
|
|
||||||
$backends = delete_undef_values(concat([], $cinder_iscsi_backend_name,
|
|
||||||
$cinder_rbd_backend_name,
|
|
||||||
$cinder_rbd_extra_backend_names,
|
|
||||||
$cinder_pure_backend_name,
|
|
||||||
$cinder_dellemc_sc_backend_name,
|
|
||||||
$cinder_dellemc_unity_backend_name,
|
|
||||||
$cinder_dellemc_powerflex_backend_name,
|
|
||||||
$cinder_dellemc_powermax_backend_name,
|
|
||||||
$cinder_dellemc_powerstore_backend_name,
|
|
||||||
$cinder_dellemc_vnx_backend_name,
|
|
||||||
$cinder_dellemc_xtremio_backend_name,
|
|
||||||
$cinder_ibm_svf_backend_name,
|
|
||||||
$cinder_netapp_backend_name,
|
|
||||||
$cinder_nfs_backend_name,
|
|
||||||
$cinder_user_enabled_backends,
|
|
||||||
$cinder_nvmeof_backend_name))
|
|
||||||
# NOTE(aschultz): during testing it was found that puppet 3 may incorrectly
|
|
||||||
# include a "" in the previous array which is not removed by the
|
|
||||||
# delete_undef_values function. So we need to make sure we don't have any
|
|
||||||
# "" strings in our array.
|
|
||||||
$cinder_enabled_backends = delete($backends, '')
|
|
||||||
|
|
||||||
class { 'cinder::backends' :
|
|
||||||
enabled_backends => $cinder_enabled_backends,
|
|
||||||
}
|
|
||||||
include cinder::backend::defaults
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,65 +0,0 @@
|
|||||||
# Copyright (c) 2020 Dell Inc, or its subsidiaries.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::cinder::volume::dellemc_powerflex
|
|
||||||
#
|
|
||||||
# Cinder Volume dellemc_powerflex profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*backend_name*]
|
|
||||||
# (Optional) Name given to the Cinder backend stanza
|
|
||||||
# Defaults to lookup('cinder::backend::dellemc_powerflex::volume_backend_name', undef, undef, 'tripleo_dellemc_powerflex')
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::cinder::volume::dellemc_powerflex (
|
|
||||||
$backend_name = lookup('cinder::backend::dellemc_powerflex::volume_backend_name', undef, undef, 'tripleo_dellemc_powerflex'),
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
include tripleo::profile::base::cinder::volume
|
|
||||||
|
|
||||||
if $step >= 4 {
|
|
||||||
create_resources('cinder::backend::dellemc_powerflex', { $backend_name => delete_undef_values({
|
|
||||||
'backend_availability_zone' => lookup('cinder::backend::dellemc_powerflex::backend_availability_zone',
|
|
||||||
undef, undef, undef),
|
|
||||||
'san_login' => lookup('cinder::backend::dellemc_powerflex::san_login', undef, undef, undef),
|
|
||||||
'san_password' => lookup('cinder::backend::dellemc_powerflex::san_password', undef, undef, undef),
|
|
||||||
'san_ip' => lookup('cinder::backend::dellemc_powerflex::san_ip', undef, undef, undef),
|
|
||||||
'powerflex_storage_pools' => lookup('cinder::backend::dellemc_powerflex::powerflex_storage_pools',
|
|
||||||
undef, undef, undef),
|
|
||||||
'powerflex_allow_migration_during_rebuild' => lookup('cinder::backend::dellemc_powerflex::powerflex_allow_migration_during_rebuild',
|
|
||||||
undef, undef, undef),
|
|
||||||
'powerflex_allow_non_padded_volumes' => lookup('cinder::backend::dellemc_powerflex::powerflex_allow_non_padded_volumes',
|
|
||||||
undef, undef, undef),
|
|
||||||
'powerflex_max_over_subscription_ratio' => lookup('cinder::backend::dellemc_powerflex::powerflex_max_over_subscription_ratio',
|
|
||||||
undef, undef, undef),
|
|
||||||
'powerflex_rest_server_port' => lookup('cinder::backend::dellemc_powerflex::powerflex_rest_server_port',
|
|
||||||
undef, undef, undef),
|
|
||||||
'powerflex_round_volume_capacity' => lookup('cinder::backend::dellemc_powerflex::powerflex_round_volume_capacity',
|
|
||||||
undef, undef, undef),
|
|
||||||
'powerflex_server_api_version' => lookup('cinder::backend::dellemc_powerflex::powerflex_server_api_version',
|
|
||||||
undef, undef, undef),
|
|
||||||
'powerflex_unmap_volume_before_deletion' => lookup('cinder::backend::dellemc_powerflex::powerflex_unmap_volume_before_deletion',
|
|
||||||
undef, undef, undef),
|
|
||||||
'san_thin_provision' => lookup('cinder::backend::dellemc_powerflex::san_thin_provision', undef, undef, undef),
|
|
||||||
'driver_ssl_cert_verify' => lookup('cinder::backend::dellemc_powerflex::driver_ssl_cert_verify',
|
|
||||||
undef, undef, undef),
|
|
||||||
'driver_ssl_cert_path' => lookup('cinder::backend::dellemc_powerflex::driver_ssl_cert_path', undef, undef, undef)
|
|
||||||
})})
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,70 +0,0 @@
|
|||||||
# Copyright (c) 2020 Dell Inc, or its subsidiaries.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::cinder::volume::dellemc_powermax
|
|
||||||
#
|
|
||||||
# Cinder Volume dellemc_powermax profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*backend_name*]
|
|
||||||
# (Optional) List of names given to the Cinder backend stanza.
|
|
||||||
# Defaults to lookup('cinder::backend:dellemc_powermax::volume_backend_name', undef, undef,
|
|
||||||
# ['tripleo_dellemc_powermax'])
|
|
||||||
#
|
|
||||||
# [*multi_config*]
|
|
||||||
# (Optional) A config hash when multiple backends are used.
|
|
||||||
# Defaults to lookup('cinder::backend::dellemc_powermax::volume_multi_config', undef, undef, {})
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::cinder::volume::dellemc_powermax (
|
|
||||||
$backend_name = lookup('cinder::backend::dellemc_powermax::volume_backend_name', undef, undef, ['tripleo_dellemc_powermax']),
|
|
||||||
$multi_config = lookup('cinder::backend::dellemc_powermax::volume_multi_config', undef, undef, {}),
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
include tripleo::profile::base::cinder::volume
|
|
||||||
|
|
||||||
if $step >= 4 {
|
|
||||||
$backend_defaults = {
|
|
||||||
'CinderPowermaxAvailabilityZone' => lookup('cinder::backend::dellemc_powermax::backend_availability_zone', undef, undef, undef),
|
|
||||||
'CinderPowermaxSanIp' => lookup('cinder::backend::dellemc_powermax::san_ip', undef, undef, undef),
|
|
||||||
'CinderPowermaxSanLogin' => lookup('cinder::backend::dellemc_powermax::san_login', undef, undef, undef),
|
|
||||||
'CinderPowermaxSanPassword' => lookup('cinder::backend::dellemc_powermax::san_password', undef, undef, undef),
|
|
||||||
'CinderPowermaxStorageProtocol' => lookup('cinder::backend::dellemc_powermax::powermax_storage_protocol', undef, undef, undef),
|
|
||||||
'CinderPowermaxArray' => lookup('cinder::backend::dellemc_powermax::powermax_array', undef, undef, undef),
|
|
||||||
'CinderPowermaxSrp' => lookup('cinder::backend::dellemc_powermax::powermax_srp', undef, undef, undef),
|
|
||||||
'CinderPowermaxPortGroups' => lookup('cinder::backend::dellemc_powermax::powermax_port_groups', undef, undef, undef),
|
|
||||||
}
|
|
||||||
|
|
||||||
any2array($backend_name).each |String $backend| {
|
|
||||||
$backend_config = merge($backend_defaults, pick($multi_config[$backend], {}))
|
|
||||||
|
|
||||||
create_resources('cinder::backend::dellemc_powermax', { $backend => delete_undef_values({
|
|
||||||
'backend_availability_zone' => $backend_config['CinderPowermaxAvailabilityZone'],
|
|
||||||
'san_ip' => $backend_config['CinderPowermaxSanIp'],
|
|
||||||
'san_login' => $backend_config['CinderPowermaxSanLogin'],
|
|
||||||
'san_password' => $backend_config['CinderPowermaxSanPassword'],
|
|
||||||
'powermax_storage_protocol' => $backend_config['CinderPowermaxStorageProtocol'],
|
|
||||||
'powermax_array' => $backend_config['CinderPowermaxArray'],
|
|
||||||
'powermax_srp' => $backend_config['CinderPowermaxSrp'],
|
|
||||||
'powermax_port_groups' => $backend_config['CinderPowermaxPortGroups'],
|
|
||||||
})})
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,66 +0,0 @@
|
|||||||
# Copyright (c) 2020 Dell Inc, or its subsidiaries.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::cinder::volume::dellemc_powerstore
|
|
||||||
#
|
|
||||||
# Cinder Volume dellemc_powerstore profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*backend_name*]
|
|
||||||
# (Optional) List of names given to the Cinder backend stanza.
|
|
||||||
# Defaults to lookup('cinder::backend:dellemc_powerstore::volume_backend_name', undef, undef,
|
|
||||||
# ['tripleo_dellemc_powerstore'])
|
|
||||||
#
|
|
||||||
# [*multi_config*]
|
|
||||||
# (Optional) A config hash when multiple backends are used.
|
|
||||||
# Defaults to lookup('cinder::backend::dellemc_powerstore::volume_multi_config', undef, undef, {})
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::cinder::volume::dellemc_powerstore (
|
|
||||||
$backend_name = lookup('cinder::backend::dellemc_powerstore::volume_backend_name', undef, undef, ['tripleo_dellemc_powerstore']),
|
|
||||||
$multi_config = lookup('cinder::backend::dellemc_powerstore::volume_multi_config', undef, undef, {}),
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
include tripleo::profile::base::cinder::volume
|
|
||||||
|
|
||||||
if $step >= 4 {
|
|
||||||
$backend_defaults = {
|
|
||||||
'CinderPowerStoreAvailabilityZone' => lookup('cinder::backend::dellemc_powerstore::backend_availability_zone', undef, undef, undef),
|
|
||||||
'CinderPowerStoreSanIp' => lookup('cinder::backend::dellemc_powerstore::san_ip', undef, undef, undef),
|
|
||||||
'CinderPowerStoreSanLogin' => lookup('cinder::backend::dellemc_powerstore::san_login', undef, undef, undef),
|
|
||||||
'CinderPowerStoreSanPassword' => lookup('cinder::backend::dellemc_powerstore::san_password', undef, undef, undef),
|
|
||||||
'CinderPowerStoreStorageProtocol' => lookup('cinder::backend::dellemc_powerstore::storage_protocol', undef, undef, undef),
|
|
||||||
'CinderPowerStorePorts' => lookup('cinder::backend::dellemc_powerstore::powerstore_ports', undef, undef, undef),
|
|
||||||
}
|
|
||||||
|
|
||||||
any2array($backend_name).each |String $backend| {
|
|
||||||
$backend_config = merge($backend_defaults, pick($multi_config[$backend], {}))
|
|
||||||
|
|
||||||
create_resources('cinder::backend::dellemc_powerstore', { $backend => delete_undef_values({
|
|
||||||
'backend_availability_zone' => $backend_config['CinderPowerStoreAvailabilityZone'],
|
|
||||||
'san_ip' => $backend_config['CinderPowerStoreSanIp'],
|
|
||||||
'san_login' => $backend_config['CinderPowerStoreSanLogin'],
|
|
||||||
'san_password' => $backend_config['CinderPowerStoreSanPassword'],
|
|
||||||
'storage_protocol' => $backend_config['CinderPowerStoreStorageProtocol'],
|
|
||||||
'powerstore_ports' => $backend_config['CinderPowerStorePorts'],
|
|
||||||
})})
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,87 +0,0 @@
|
|||||||
# Copyright (c) 2020 Dell Inc, or its subsidiaries.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::cinder::volume::dellemc_sc
|
|
||||||
#
|
|
||||||
# Cinder Volume dellemc_sc profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*backend_name*]
|
|
||||||
# (Optional) Name given to the Cinder backend stanza
|
|
||||||
# Defaults to lookup('cinder::backend::dellemc_sc::volume_backend_name', undef, undef, ['tripleo_dellemc_sc'])
|
|
||||||
#
|
|
||||||
# [*multi_config*]
|
|
||||||
# (Optional) A config hash when multiple backends are used.
|
|
||||||
# Defaults to lookup('cinder::backend::dellemc_sc::volume_multi_config', undef, undef, {})
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::cinder::volume::dellemc_sc (
|
|
||||||
$backend_name = lookup('cinder::backend::dellemc_sc::volume_backend_name', undef, undef, ['tripleo_dellemc_sc']),
|
|
||||||
$multi_config = lookup('cinder::backend::dellemc_sc::volume_multi_config', undef, undef, {}),
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
include tripleo::profile::base::cinder::volume
|
|
||||||
|
|
||||||
if $step >= 4 {
|
|
||||||
|
|
||||||
$backend_defaults = {
|
|
||||||
'CinderSCAvailabilityZone' => lookup('cinder::backend::dellemc_sc::backend_availability_zone', undef, undef, undef),
|
|
||||||
'CinderSCSanIp' => lookup('cinder::backend::dellemc_sc::san_ip', undef, undef, undef),
|
|
||||||
'CinderSCSanLogin' => lookup('cinder::backend::dellemc_sc::san_login', undef, undef, undef),
|
|
||||||
'CinderSCSanPassword' => lookup('cinder::backend::dellemc_sc::san_password', undef, undef, undef),
|
|
||||||
'CinderSCStorageProtocol' => lookup('cinder::backend::dellemc_sc::sc_storage_protocol', undef, undef, undef),
|
|
||||||
'CinderSCSSN' => lookup('cinder::backend::dellemc_sc::dell_sc_ssn', undef, undef, undef),
|
|
||||||
'CinderSCTargetIpAddress' => lookup('cinder::backend::dellemc_sc::iscsi_ip_address', undef, undef, undef),
|
|
||||||
'CinderSCTargetPort' => lookup('cinder::backend::dellemc_sc::iscsi_port', undef, undef, undef),
|
|
||||||
'CinderSCApiPort' => lookup('cinder::backend::dellemc_sc::dell_sc_api_port', undef, undef, undef),
|
|
||||||
'CinderSCServerFolder' => lookup('cinder::backend::dellemc_sc::dell_sc_server_folder', undef, undef, undef),
|
|
||||||
'CinderSCVolumeFolder' => lookup('cinder::backend::dellemc_sc::dell_sc_volume_folder', undef, undef, undef),
|
|
||||||
'CinderSCExcludedDomainIps' => lookup('cinder::backend::dellemc_sc::excluded_domain_ips', undef, undef, undef),
|
|
||||||
'CinderSCSecondarySanIp' => lookup('cinder::backend::dellemc_sc::secondary_san_ip', undef, undef, undef),
|
|
||||||
'CinderSCSecondarySanLogin' => lookup('cinder::backend::dellemc_sc::secondary_san_login', undef, undef, undef),
|
|
||||||
'CinderSCSecondarySanPassword' => lookup('cinder::backend::dellemc_sc::secondary_san_password', undef, undef, undef),
|
|
||||||
'CinderSCSecondaryApiPort' => lookup('cinder::backend::dellemc_sc::secondary_sc_api_port', undef, undef, undef),
|
|
||||||
'CinderSCUseMultipathForImageXfer' => lookup('cinder::backend::dellemc_sc::use_multipath_for_image_xfer', undef, undef, undef),
|
|
||||||
}
|
|
||||||
|
|
||||||
any2array($backend_name).each |String $backend| {
|
|
||||||
$backend_config = merge($backend_defaults, pick($multi_config[$backend], {}))
|
|
||||||
|
|
||||||
create_resources('cinder::backend::dellemc_sc', { $backend => delete_undef_values({
|
|
||||||
'backend_availability_zone' => $backend_config['CinderSCAvailabilityZone'],
|
|
||||||
'san_ip' => $backend_config['CinderSCSanIp'],
|
|
||||||
'san_login' => $backend_config['CinderSCSanLogin'],
|
|
||||||
'san_password' => $backend_config['CinderSCSanPassword'],
|
|
||||||
'sc_storage_protocol' => $backend_config['CinderSCStorageProtocol'],
|
|
||||||
'dell_sc_ssn' => $backend_config['CinderSCSSN'],
|
|
||||||
'target_ip_address' => $backend_config['CinderSCTargetIpAddress'],
|
|
||||||
'target_port' => $backend_config['CinderSCTargetPort'],
|
|
||||||
'dell_sc_api_port' => $backend_config['CinderSCApiPort'],
|
|
||||||
'dell_sc_server_folder' => $backend_config['CinderSCServerFolder'],
|
|
||||||
'dell_sc_volume_folder' => $backend_config['CinderSCVolumeFolder'],
|
|
||||||
'excluded_domain_ips' => $backend_config['CinderSCExcludedDomainIps'],
|
|
||||||
'secondary_san_ip' => $backend_config['CinderSCSecondarySanIp'],
|
|
||||||
'secondary_san_login' => $backend_config['CinderSCSecondarySanLogin'],
|
|
||||||
'secondary_san_password' => $backend_config['CinderSCSecondarySanPassword'],
|
|
||||||
'secondary_sc_api_port' => $backend_config['CinderSCSecondaryApiPort'],
|
|
||||||
'use_multipath_for_image_xfer' => $backend_config['CinderSCUseMultipathForImageXfer'],
|
|
||||||
})})
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,66 +0,0 @@
|
|||||||
# Copyright (c) 2016-2017 Dell Inc, or its subsidiaries.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::cinder::volume::dellemc_unity
|
|
||||||
#
|
|
||||||
# Cinder Volume dellemc_unity profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*backend_name*]
|
|
||||||
# (Optional) List of names given to the Cinder backend stanza.
|
|
||||||
# Defaults to lookup('cinder::backend::dellemc_unity::volume_backend_name', undef, undef, ['tripleo_dellemc_unity'])
|
|
||||||
#
|
|
||||||
# [*multi_config*]
|
|
||||||
# (Optional) A config hash when multiple backends are used.
|
|
||||||
# Defaults to lookup('cinder::backend::dellemc_unity::volume_multi_config', undef, undef, {})
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::cinder::volume::dellemc_unity (
|
|
||||||
$backend_name = lookup('cinder::backend::dellemc_unity::volume_backend_name', undef, undef, ['tripleo_dellemc_unity']),
|
|
||||||
$multi_config = lookup('cinder::backend::dellemc_unity::volume_multi_config', undef, undef, {}),
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
include tripleo::profile::base::cinder::volume
|
|
||||||
|
|
||||||
if $step >= 4 {
|
|
||||||
$backend_defaults = {
|
|
||||||
'CinderDellEMCUnityAvailabilityZone' => lookup('cinder::backend::dellemc_unity::backend_availability_zone', undef, undef, undef),
|
|
||||||
'CinderDellEMCUnitySanIp' => lookup('cinder::backend::dellemc_unity::san_ip', undef, undef, undef),
|
|
||||||
'CinderDellEMCUnitySanLogin' => lookup('cinder::backend::dellemc_unity::san_login', undef, undef, undef),
|
|
||||||
'CinderDellEMCUnitySanPassword' => lookup('cinder::backend::dellemc_unity::san_password', undef, undef, undef),
|
|
||||||
'CinderDellEMCUnityStorageProtocol' => lookup('cinder::backend::dellemc_unity::storage_protocol', undef, undef, undef),
|
|
||||||
'CinderDellEMCUnityIoPorts' => lookup('cinder::backend::dellemc_unity::unity_io_ports', undef, undef, undef),
|
|
||||||
'CinderDellEMCUnityStoragePoolNames' => lookup('cinder::backend::dellemc_unity::unity_storage_pool_names', undef, undef, undef),
|
|
||||||
}
|
|
||||||
any2array($backend_name).each |String $backend| {
|
|
||||||
$backend_config = merge($backend_defaults, pick($multi_config[$backend], {}))
|
|
||||||
|
|
||||||
create_resources('cinder::backend::dellemc_unity', { $backend => delete_undef_values({
|
|
||||||
'backend_availability_zone' => $backend_config['CinderDellEMCUnityAvailabilityZone'],
|
|
||||||
'san_ip' => $backend_config['CinderDellEMCUnitySanIp'],
|
|
||||||
'san_login' => $backend_config['CinderDellEMCUnitySanLogin'],
|
|
||||||
'san_password' => $backend_config['CinderDellEMCUnitySanPassword'],
|
|
||||||
'storage_protocol' => $backend_config['CinderDellEMCUnityStorageProtocol'],
|
|
||||||
'unity_io_ports' => $backend_config['CinderDellEMCUnityIoPorts'],
|
|
||||||
'unity_storage_pool_names' => $backend_config['CinderDellEMCUnityStoragePoolNames'],
|
|
||||||
})})
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,76 +0,0 @@
|
|||||||
# Copyright (c) 2016-2018 Dell Inc, or its subsidiaries.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::cinder::volume::dellemc_vnx
|
|
||||||
#
|
|
||||||
# Cinder Volume dellemc_vnx profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*backend_name*]
|
|
||||||
# (Optional) List of names given to the Cinder backend stanza
|
|
||||||
# Defaults to lookup('cinder::backend::emc_vnx::volume_backend_name', undef, undef, ['tripleo_dellemc_vnx'])
|
|
||||||
#
|
|
||||||
# [*multi_config*]
|
|
||||||
# (Optional) A config hash when multiple backends are used.
|
|
||||||
# Defaults to lookup('cinder::backend::emc_vnx::volume_multi_config', undef, undef, {})
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::cinder::volume::dellemc_vnx (
|
|
||||||
$backend_name = lookup('cinder::backend::emc_vnx::volume_backend_name', undef, undef, ['tripleo_dellemc_vnx']),
|
|
||||||
$multi_config = lookup('cinder::backend::emc_vnx::volume_multi_config', undef, undef, {}),
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
include tripleo::profile::base::cinder::volume
|
|
||||||
|
|
||||||
if $step >= 4 {
|
|
||||||
$backend_defaults = {
|
|
||||||
'CinderDellEMCVNXAvailabilityZone' => lookup('cinder::backend::emc_vnx::backend_availability_zone', undef, undef, undef),
|
|
||||||
'CinderDellEMCVNXSanIp' => lookup('cinder::backend::emc_vnx::san_ip', undef, undef, undef),
|
|
||||||
'CinderDellEMCVNXSanLogin' => lookup('cinder::backend::emc_vnx::san_login', undef, undef, undef),
|
|
||||||
'CinderDellEMCVNXSanPassword' => lookup('cinder::backend::emc_vnx::san_password', undef, undef, undef),
|
|
||||||
'CinderDellEMCVNXStorageProtocol' => lookup('cinder::backend::emc_vnx::storage_protocol', undef, undef, undef),
|
|
||||||
'CinderDellEMCVNXStoragePoolNames' => lookup('cinder::backend::emc_vnx::storage_vnx_pool_names', undef, undef, undef),
|
|
||||||
'CinderDellEMCVNXDefaultTimeout' => lookup('cinder::backend::emc_vnx::default_timeout', undef, undef, undef),
|
|
||||||
'CinderDellEMCVNXMaxLunsPerStorageGroup' => lookup('cinder::backend::emc_vnx::max_luns_per_storage_group', undef, undef, undef),
|
|
||||||
'CinderDellEMCVNXInitiatorAutoRegistration' => lookup('cinder::backend::emc_vnx::initiator_auto_registration', undef, undef, undef),
|
|
||||||
'CinderDellEMCVNXAuthType' => lookup('cinder::backend::emc_vnx::storage_vnx_auth_type', undef, undef, undef),
|
|
||||||
'CinderDellEMCVNXStorageSecurityFileDir' => lookup('cinder::backend::emc_vnx::storage_vnx_security_file_dir', undef, undef, undef),
|
|
||||||
'CinderDellEMCVNXNaviseccliPath' => lookup('cinder::backend::emc_vnx::naviseccli_path', undef, undef, undef),
|
|
||||||
}
|
|
||||||
any2array($backend_name).each |String $backend| {
|
|
||||||
$backend_config = merge($backend_defaults, pick($multi_config[$backend], {}))
|
|
||||||
|
|
||||||
create_resources('cinder::backend::emc_vnx', { $backend => delete_undef_values({
|
|
||||||
'backend_availability_zone' => $backend_config['CinderDellEMCVNXAvailabilityZone'],
|
|
||||||
'san_ip' => $backend_config['CinderDellEMCVNXSanIp'],
|
|
||||||
'san_login' => $backend_config['CinderDellEMCVNXSanLogin'],
|
|
||||||
'san_password' => $backend_config['CinderDellEMCVNXSanPassword'],
|
|
||||||
'storage_protocol' => $backend_config['CinderDellEMCVNXStorageProtocol'],
|
|
||||||
'storage_vnx_pool_names' => $backend_config['CinderDellEMCVNXStoragePoolNames'],
|
|
||||||
'default_timeout' => $backend_config['CinderDellEMCVNXDefaultTimeout'],
|
|
||||||
'max_luns_per_storage_group' => $backend_config['CinderDellEMCVNXMaxLunsPerStorageGroup'],
|
|
||||||
'initiator_auto_registration' => $backend_config['CinderDellEMCVNXInitiatorAutoRegistration'],
|
|
||||||
'storage_vnx_auth_type' => $backend_config['CinderDellEMCVNXAuthType'],
|
|
||||||
'storage_vnx_security_file_dir' => $backend_config['CinderDellEMCVNXStorageSecurityFileDir'],
|
|
||||||
'naviseccli_path' => $backend_config['CinderDellEMCVNXNaviseccliPath'],
|
|
||||||
})})
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,76 +0,0 @@
|
|||||||
# Copyright (c) 2020 Dell Inc, or its subsidiaries.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::cinder::volume::dellemc_xtremio
|
|
||||||
#
|
|
||||||
# Cinder Volume dellemc_xtremio profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*backend_name*]
|
|
||||||
# (Optional) Name given to the Cinder backend stanza
|
|
||||||
# Defaults to lookup('cinder::backend::dellemc_xtremio::volume_backend_name', undef, undef, ['tripleo_dellemc_xtremio'])
|
|
||||||
#
|
|
||||||
# [*multi_config*]
|
|
||||||
# (Optional) A config hash when multiple backends are used.
|
|
||||||
# Defaults to lookup('cinder::backend::dellemc_xtremio::volume_multi_config', undef, undef, {})
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::cinder::volume::dellemc_xtremio (
|
|
||||||
$backend_name = lookup('cinder::backend::dellemc_xtremio::volume_backend_name', undef, undef, ['tripleo_dellemc_xtremio']),
|
|
||||||
$multi_config = lookup('cinder::backend::dellemc_xtremio::volume_multi_config', undef, undef, {}),
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
include tripleo::profile::base::cinder::volume
|
|
||||||
|
|
||||||
if $step >= 4 {
|
|
||||||
|
|
||||||
$backend_defaults = {
|
|
||||||
'CinderXtremioAvailabilityZone' => lookup('cinder::backend::dellemc_xtremio::backend_availability_zone', undef, undef, undef),
|
|
||||||
'CinderXtremioSanIp' => lookup('cinder::backend::dellemc_xtremio::san_ip', undef, undef, undef),
|
|
||||||
'CinderXtremioSanLogin' => lookup('cinder::backend::dellemc_xtremio::san_login', undef, undef, undef),
|
|
||||||
'CinderXtremioSanPassword' => lookup('cinder::backend::dellemc_xtremio::san_password', undef, undef, undef),
|
|
||||||
'CinderXtremioStorageProtocol' => lookup('cinder::backend::dellemc_xtremio::xtremio_storage_protocol', undef, undef, undef),
|
|
||||||
'CinderXtremioClusterName' => lookup('cinder::backend::dellemc_xtremio::xtremio_cluster_name', undef, undef, undef),
|
|
||||||
'CinderXtremioArrayBusyRetryCount' => lookup('cinder::backend::dellemc_xtremio::xtremio_array_busy_retry_count',
|
|
||||||
undef, undef, undef),
|
|
||||||
'CinderXtremioArrayBusyRetryInterval'=> lookup('cinder::backend::dellemc_xtremio::xtremio_array_busy_retry_interval',
|
|
||||||
undef, undef, undef),
|
|
||||||
'CinderXtremioVolumesPerGlanceCache' => lookup('cinder::backend::dellemc_xtremio::xtremio_volumes_per_glance_cache',
|
|
||||||
undef, undef, undef),
|
|
||||||
'CinderXtremioPorts' => lookup('cinder::backend::dellemc_xtremio::xtremio_ports', undef, undef, undef),
|
|
||||||
}
|
|
||||||
|
|
||||||
any2array($backend_name).each |String $backend| {
|
|
||||||
$backend_config = merge($backend_defaults, pick($multi_config[$backend], {}))
|
|
||||||
|
|
||||||
create_resources('cinder::backend::dellemc_xtremio', { $backend => delete_undef_values({
|
|
||||||
'backend_availability_zone' => $backend_config['CinderXtremioAvailabilityZone'],
|
|
||||||
'san_ip' => $backend_config['CinderXtremioSanIp'],
|
|
||||||
'san_login' => $backend_config['CinderXtremioSanLogin'],
|
|
||||||
'san_password' => $backend_config['CinderXtremioSanPassword'],
|
|
||||||
'xtremio_storage_protocol' => $backend_config['CinderXtremioStorageProtocol'],
|
|
||||||
'xtremio_cluster_name' => $backend_config['CinderXtremioClusterName'],
|
|
||||||
'xtremio_array_busy_retry_count' => $backend_config['CinderXtremioArrayBusyRetryCount'],
|
|
||||||
'xtremio_array_busy_retry_interval' => $backend_config['CinderXtremioArrayBusyRetryInterval'],
|
|
||||||
'xtremio_volumes_per_glance_cache' => $backend_config['CinderXtremioVolumesPerGlanceCache'],
|
|
||||||
'xtremio_ports' => $backend_config['CinderXtremioPorts'],
|
|
||||||
})})
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,60 +0,0 @@
|
|||||||
#
|
|
||||||
# == Class: tripleo::profile::base::cinder::volume::ibm_svf
|
|
||||||
#
|
|
||||||
# Cinder Volume IBM Spectrum Virtualize family (Svf) profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*backend_name*]
|
|
||||||
# (Optional) List of names given to the Cinder backend stanza.
|
|
||||||
# Defaults to lookup('cinder::backend:ibm_svf::volume_backend_name', undef, undef,
|
|
||||||
# ['tripleo_ibm_svf'])
|
|
||||||
#
|
|
||||||
# [*multi_config*]
|
|
||||||
# (Optional) A config hash when multiple backends are used.
|
|
||||||
# Defaults to lookup('cinder::backend::ibm_svf::volume_multi_config', undef, undef, {})
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::cinder::volume::ibm_svf (
|
|
||||||
$backend_name = lookup('cinder::backend::ibm_svf::volume_backend_name', undef, undef, ['tripleo_ibm_svf']),
|
|
||||||
$multi_config = lookup('cinder::backend::ibm_svf::volume_multi_config', undef, undef, {}),
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
include tripleo::profile::base::cinder::volume
|
|
||||||
# NOTE: Svf was earlier called as storwize/svc driver, so the cinder
|
|
||||||
# configuration parameters were named accordingly.
|
|
||||||
if $step >= 4 {
|
|
||||||
$backend_defaults = {
|
|
||||||
'CinderSvfAvailabilityZone' => lookup('cinder::backend::ibm_svf::backend_availability_zone', undef, undef, undef),
|
|
||||||
'CinderSvfSanIp' => lookup('cinder::backend::ibm_svf::san_ip', undef, undef, undef),
|
|
||||||
'CinderSvfSanLogin' => lookup('cinder::backend::ibm_svf::san_login', undef, undef, undef),
|
|
||||||
'CinderSvfSanPassword' => lookup('cinder::backend::ibm_svf::san_password', undef, undef, undef),
|
|
||||||
'CinderSvfAllowTenantQos' => lookup('cinder::backend::ibm_svf::storwize_svc_allow_tenant_qos', undef, undef, undef),
|
|
||||||
'CinderSvfConnectionProtocol' => lookup('cinder::backend::ibm_svf::storwize_svc_connection_protocol', undef, undef, undef),
|
|
||||||
'CinderSvfIscsiChapEnabled' => lookup('cinder::backend::ibm_svf::storwize_svc_iscsi_chap_enabled', undef, undef, undef),
|
|
||||||
'CinderSvfRetainAuxVolume' => lookup('cinder::backend::ibm_svf::storwize_svc_retain_aux_volume', undef, undef, undef),
|
|
||||||
'CinderSvfVolumePoolName' => lookup('cinder::backend::ibm_svf::storwize_svc_volpool_name', undef, undef, undef),
|
|
||||||
}
|
|
||||||
|
|
||||||
any2array($backend_name).each |String $backend| {
|
|
||||||
$backend_config = merge($backend_defaults, pick($multi_config[$backend], {}))
|
|
||||||
|
|
||||||
create_resources('cinder::backend::ibm_svf', { $backend => delete_undef_values({
|
|
||||||
'backend_availability_zone' => $backend_config['CinderSvfAvailabilityZone'],
|
|
||||||
'san_ip' => $backend_config['CinderSvfSanIp'],
|
|
||||||
'san_login' => $backend_config['CinderSvfSanLogin'],
|
|
||||||
'san_password' => $backend_config['CinderSvfSanPassword'],
|
|
||||||
'storwize_svc_allow_tenant_qos' => $backend_config['CinderSvfAllowTenantQos'],
|
|
||||||
'storwize_svc_connection_protocol' => $backend_config['CinderSvfConnectionProtocol'],
|
|
||||||
'storwize_svc_iscsi_chap_enabled' => $backend_config['CinderSvfIscsiChapEnabled'],
|
|
||||||
'storwize_svc_retain_aux_volume' => $backend_config['CinderSvfRetainAuxVolume'],
|
|
||||||
'storwize_svc_volpool_name' => $backend_config['CinderSvfVolumePoolName'],
|
|
||||||
})})
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,67 +0,0 @@
|
|||||||
# Copyright 2016 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::cinder::volume::iscsi
|
|
||||||
#
|
|
||||||
# Cinder Volume iscsi profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*cinder_iscsi_address*]
|
|
||||||
# The address where to bind the iscsi targets daemon
|
|
||||||
#
|
|
||||||
# [*backend_name*]
|
|
||||||
# (Optional) Name given to the Cinder backend stanza
|
|
||||||
# Defaults to lookup('cinder::backend::iscsi::volume_backend_name', undef, undef, 'tripleo_iscsi')
|
|
||||||
#
|
|
||||||
# [*backend_availability_zone*]
|
|
||||||
# (Optional) Availability zone for this volume backend
|
|
||||||
# Defaults to lookup('cinder::backend::iscsi::backend_availability_zone', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*cinder_iscsi_helper*]
|
|
||||||
# (Optional) The iscsi helper to use
|
|
||||||
# Defaults to 'tgtadm'
|
|
||||||
#
|
|
||||||
# [*cinder_iscsi_protocol*]
|
|
||||||
# (Optional) The iscsi protocol to use
|
|
||||||
# Defaults to 'iscsi'
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::cinder::volume::iscsi (
|
|
||||||
$cinder_iscsi_address,
|
|
||||||
$backend_name = lookup('cinder::backend::iscsi::volume_backend_name', undef, undef, 'tripleo_iscsi'),
|
|
||||||
$backend_availability_zone = lookup('cinder::backend::iscsi::backend_availability_zone', undef, undef, undef),
|
|
||||||
$cinder_iscsi_helper = 'tgtadm',
|
|
||||||
$cinder_iscsi_protocol = 'iscsi',
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
include tripleo::profile::base::cinder::volume
|
|
||||||
|
|
||||||
if $step >= 4 {
|
|
||||||
# NOTE(gfidente): never emit in hieradata:
|
|
||||||
# key: [ipv6]
|
|
||||||
# as it will cause hiera parsing errors
|
|
||||||
create_resources('cinder::backend::iscsi', { $backend_name => delete_undef_values({
|
|
||||||
'backend_availability_zone' => $backend_availability_zone,
|
|
||||||
'target_ip_address' => normalize_ip_for_uri($cinder_iscsi_address),
|
|
||||||
'target_helper' => $cinder_iscsi_helper,
|
|
||||||
'target_protocol' => $cinder_iscsi_protocol,
|
|
||||||
})})
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,89 +0,0 @@
|
|||||||
# Copyright 2016 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::cinder::volume::netapp
|
|
||||||
#
|
|
||||||
# Cinder Volume netapp profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*backend_name*]
|
|
||||||
# (Optional) List of names given to the Cinder backend stanza.
|
|
||||||
# Defaults to lookup('cinder::backend::netapp::volume_backend_name', undef, undef, ['tripleo_netapp'])
|
|
||||||
#
|
|
||||||
# [*multi_config*]
|
|
||||||
# (Optional) A config hash when multiple backends are used.
|
|
||||||
# Defaults to lookup('cinder::backend::netapp::volume_multi_config', undef, undef, {})
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::cinder::volume::netapp (
|
|
||||||
$backend_name = lookup('cinder::backend::netapp::volume_backend_name', undef, undef, ['tripleo_netapp']),
|
|
||||||
$multi_config = lookup('cinder::backend::netapp::volume_multi_config', undef, undef, {}),
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
include tripleo::profile::base::cinder::volume
|
|
||||||
|
|
||||||
if $step >= 4 {
|
|
||||||
$backend_defaults = {
|
|
||||||
'CinderNetappAvailabilityZone' => lookup('cinder::backend::netapp::backend_availability_zone', undef, undef, undef),
|
|
||||||
'CinderNetappLogin' => lookup('cinder::backend::netapp::netapp_login', undef, undef, undef),
|
|
||||||
'CinderNetappPassword' => lookup('cinder::backend::netapp::netapp_password', undef, undef, undef),
|
|
||||||
'CinderNetappServerHostname' => lookup('cinder::backend::netapp::netapp_server_hostname', undef, undef, undef),
|
|
||||||
'CinderNetappServerPort' => lookup('cinder::backend::netapp::netapp_server_port', undef, undef, undef),
|
|
||||||
'CinderNetappSizeMultiplier' => lookup('cinder::backend::netapp::netapp_size_multiplier', undef, undef, undef),
|
|
||||||
'CinderNetappStorageFamily' => lookup('cinder::backend::netapp::netapp_storage_family', undef, undef, undef),
|
|
||||||
'CinderNetappStorageProtocol' => lookup('cinder::backend::netapp::netapp_storage_protocol', undef, undef, undef),
|
|
||||||
'CinderNetappTransportType' => lookup('cinder::backend::netapp::netapp_transport_type', undef, undef, undef),
|
|
||||||
'CinderNetappVserver' => lookup('cinder::backend::netapp::netapp_vserver', undef, undef, undef),
|
|
||||||
'CinderNetappNfsShares' => lookup('cinder::backend::netapp::nfs_shares', undef, undef, undef),
|
|
||||||
'CinderNetappNfsSharesConfig' => lookup('cinder::backend::netapp::nfs_shares_config', undef, undef, undef),
|
|
||||||
'CinderNetappNfsMountOptions' => lookup('cinder::backend::netapp::nfs_mount_options', undef, undef, undef),
|
|
||||||
'CinderNetappCopyOffloadToolPath' => lookup('cinder::backend::netapp::netapp_copyoffload_tool_path', undef, undef, undef),
|
|
||||||
'CinderNetappHostType' => lookup('cinder::backend::netapp::netapp_host_type', undef, undef, undef),
|
|
||||||
'CinderNetappNasSecureFileOperations' => lookup('cinder::backend::netapp::nas_secure_file_operations', undef, undef, undef),
|
|
||||||
'CinderNetappNasSecureFilePermissions' => lookup('cinder::backend::netapp::nas_secure_file_permissions', undef, undef, undef),
|
|
||||||
'CinderNetappPoolNameSearchPattern' => lookup('cinder::backend::netapp::netapp_pool_name_search_pattern', undef, undef, undef),
|
|
||||||
}
|
|
||||||
|
|
||||||
any2array($backend_name).each |String $backend| {
|
|
||||||
$backend_config = merge($backend_defaults, pick($multi_config[$backend], {}))
|
|
||||||
|
|
||||||
create_resources('cinder::backend::netapp', { $backend => delete_undef_values({
|
|
||||||
'backend_availability_zone' => $backend_config['CinderNetappAvailabilityZone'],
|
|
||||||
'netapp_login' => $backend_config['CinderNetappLogin'],
|
|
||||||
'netapp_password' => $backend_config['CinderNetappPassword'],
|
|
||||||
'netapp_server_hostname' => $backend_config['CinderNetappServerHostname'],
|
|
||||||
'netapp_server_port' => $backend_config['CinderNetappServerPort'],
|
|
||||||
'netapp_size_multiplier' => $backend_config['CinderNetappSizeMultiplier'],
|
|
||||||
'netapp_storage_family' => $backend_config['CinderNetappStorageFamily'],
|
|
||||||
'netapp_storage_protocol' => $backend_config['CinderNetappStorageProtocol'],
|
|
||||||
'netapp_transport_type' => $backend_config['CinderNetappTransportType'],
|
|
||||||
'netapp_vserver' => $backend_config['CinderNetappVserver'],
|
|
||||||
'nfs_shares' => any2array($backend_config['CinderNetappNfsShares']),
|
|
||||||
'nfs_shares_config' => $backend_config['CinderNetappNfsSharesConfig'],
|
|
||||||
'nfs_mount_options' => $backend_config['CinderNetappNfsMountOptions'],
|
|
||||||
'netapp_copyoffload_tool_path' => $backend_config['CinderNetappCopyOffloadToolPath'],
|
|
||||||
'netapp_host_type' => $backend_config['CinderNetappHostType'],
|
|
||||||
'nas_secure_file_operations' => $backend_config['CinderNetappNasSecureFileOperations'],
|
|
||||||
'nas_secure_file_permissions' => $backend_config['CinderNetappNasSecureFilePermissions'],
|
|
||||||
'netapp_pool_name_search_pattern' => $backend_config['CinderNetappPoolNameSearchPattern'],
|
|
||||||
})})
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,116 +0,0 @@
|
|||||||
# Copyright 2016 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::cinder::volume::nfs
|
|
||||||
#
|
|
||||||
# Cinder Volume nfs profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*cinder_nfs_servers*]
|
|
||||||
# List of NFS shares to mount
|
|
||||||
#
|
|
||||||
# [*backend_name*]
|
|
||||||
# (Optional) List of names given to the Cinder backend stanza.
|
|
||||||
# Defaults to lookup('cinder::backend::nfs::volume_backend_name', undef, undef, ['tripleo_nfs'])
|
|
||||||
#
|
|
||||||
# [*backend_availability_zone*]
|
|
||||||
# (Optional) Availability zone for this volume backend
|
|
||||||
# Defaults to lookup('cinder::backend::nfs::backend_availability_zone', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*cinder_nfs_mount_options*]
|
|
||||||
# (Optional) List of mount options for the NFS share
|
|
||||||
# Defaults to ''
|
|
||||||
#
|
|
||||||
# [*cinder_nfs_shares_config*]
|
|
||||||
# (Optional) NFS shares configuration file
|
|
||||||
# Defaults to '/etc/cinder/shares-nfs.conf'
|
|
||||||
#
|
|
||||||
# [*cinder_nfs_snapshot_support*]
|
|
||||||
# (Optional) Whether to enable support for snapshots in the NFS driver.
|
|
||||||
# Defaults to $::os_service_default
|
|
||||||
#
|
|
||||||
# [*cinder_nas_secure_file_operations*]
|
|
||||||
# (Optional) Allow network-attached storage systems to operate in a secure
|
|
||||||
# environment where root level access is not permitted. If set to False,
|
|
||||||
# access is as the root user and insecure. If set to True, access is not as
|
|
||||||
# root. If set to auto, a check is done to determine if this is a new
|
|
||||||
# installation: True is used if so, otherwise False. Default is auto.
|
|
||||||
# Defaults to $::os_service_default
|
|
||||||
#
|
|
||||||
# [*cinder_nas_secure_file_permissions*]
|
|
||||||
# (Optional) Set more secure file permissions on network-attached storage
|
|
||||||
# volume files to restrict broad other/world access. If set to False,
|
|
||||||
# volumes are created with open permissions. If set to True, volumes are
|
|
||||||
# created with permissions for the cinder user and group (660). If set to
|
|
||||||
# auto, a check is done to determine if this is a new installation: True is
|
|
||||||
# used if so, otherwise False. Default is auto.
|
|
||||||
# Defaults to $::os_service_default
|
|
||||||
#
|
|
||||||
# [*multi_config*]
|
|
||||||
# (Optional) A config hash when multiple backends are used.
|
|
||||||
# Defaults to {}
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::cinder::volume::nfs (
|
|
||||||
$cinder_nfs_servers,
|
|
||||||
$backend_name = lookup('cinder::backend::nfs::volume_backend_name', undef, undef, ['tripleo_nfs']),
|
|
||||||
$backend_availability_zone = lookup('cinder::backend::nfs::backend_availability_zone', undef, undef, undef),
|
|
||||||
$cinder_nfs_mount_options = '',
|
|
||||||
$cinder_nfs_shares_config = '/etc/cinder/shares-nfs.conf',
|
|
||||||
$cinder_nfs_snapshot_support = $::os_service_default,
|
|
||||||
$cinder_nas_secure_file_operations = $::os_service_default,
|
|
||||||
$cinder_nas_secure_file_permissions = $::os_service_default,
|
|
||||||
$multi_config = {},
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
include tripleo::profile::base::cinder::volume
|
|
||||||
|
|
||||||
if $step >= 4 {
|
|
||||||
package {'nfs-utils': }
|
|
||||||
$backend_defaults = {
|
|
||||||
'CinderNfsAvailabilityZone' => $backend_availability_zone,
|
|
||||||
'CinderNfsServers' => $cinder_nfs_servers,
|
|
||||||
'CinderNfsMountOptions' => $cinder_nfs_mount_options,
|
|
||||||
'CinderNfsSharesConfig' => $cinder_nfs_shares_config,
|
|
||||||
'CinderNfsSnapshotSupport' => $cinder_nfs_snapshot_support,
|
|
||||||
'CinderNasSecureFileOperations' => $cinder_nas_secure_file_operations,
|
|
||||||
'CinderNasSecureFilePermissions' => $cinder_nas_secure_file_permissions,
|
|
||||||
}
|
|
||||||
any2array($backend_name).each |String $backend| {
|
|
||||||
$backend_config = merge($backend_defaults, pick($multi_config[$backend], {}))
|
|
||||||
create_resources('cinder::backend::nfs', { $backend => delete_undef_values({
|
|
||||||
'backend_availability_zone' => $backend_config['CinderNfsAvailabilityZone'],
|
|
||||||
'nfs_servers' => $backend_config['CinderNfsServers'],
|
|
||||||
'nfs_mount_options' => $backend_config['CinderNfsMountOptions'],
|
|
||||||
'nfs_shares_config' => $backend_config['CinderNfsSharesConfig'],
|
|
||||||
'nfs_snapshot_support' => $backend_config['CinderNfsSnapshotSupport'],
|
|
||||||
'nas_secure_file_operations' => $backend_config['CinderNasSecureFileOperations'],
|
|
||||||
'nas_secure_file_permissions' => $backend_config['CinderNasSecureFilePermissions'],
|
|
||||||
})})
|
|
||||||
Package['nfs-utils'] -> Cinder::Backend::Nfs[$backend]
|
|
||||||
}
|
|
||||||
if str2bool($::selinux) {
|
|
||||||
selboolean { 'virt_use_nfs':
|
|
||||||
value => on,
|
|
||||||
persistent => true,
|
|
||||||
require => Package['nfs-utils'],
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,80 +0,0 @@
|
|||||||
#
|
|
||||||
# == Class: tripleo::profile::base::cinder::volume::nvmeof
|
|
||||||
#
|
|
||||||
# NVMeOF Cinder Volume profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*target_ip_address*]
|
|
||||||
# (Required) The IP address of NVMe target
|
|
||||||
#
|
|
||||||
# [*target_port*]
|
|
||||||
# (Required) Port that NVMe target is listening on
|
|
||||||
#
|
|
||||||
# [*target_helper*]
|
|
||||||
# (Required) Target user-land tool to use
|
|
||||||
#
|
|
||||||
# [*target_protocol*]
|
|
||||||
# (Required) Target protocol to use
|
|
||||||
#
|
|
||||||
# [*target_prefix*]
|
|
||||||
# (Optional) Prefix for LVM volumes
|
|
||||||
# Defaults to 'nvme-subsystem'
|
|
||||||
#
|
|
||||||
# [*nvmet_port_id*]
|
|
||||||
# (Optional) Port id of the NVMe target
|
|
||||||
# Defaults to '1'
|
|
||||||
#
|
|
||||||
# [*nvmet_ns_id*]
|
|
||||||
# (Optional) The namespace id associated with the subsystem
|
|
||||||
# Defaults to '10'
|
|
||||||
#
|
|
||||||
# [*volume_backend_name*]
|
|
||||||
# (Optional) Name given to the Cinder backend
|
|
||||||
# Defaults to lookup('cinder::backend::nvmeof::volume_backend_name', undef, undef, 'tripleo_nvmeof')
|
|
||||||
#
|
|
||||||
# [*backend_availability_zone*]
|
|
||||||
# (Optional) Availability zone for this volume backend
|
|
||||||
# Defaults to lookup('cinder::backend::nvmeof::backend_availability_zone', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*volume_driver*]
|
|
||||||
# (Optional) Driver to use for volume creation
|
|
||||||
# Defaults to 'cinder.volume.drivers.lvm.LVMVolumeDriver'
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::cinder::volume::nvmeof (
|
|
||||||
$target_ip_address,
|
|
||||||
$target_port,
|
|
||||||
$target_helper,
|
|
||||||
$target_protocol,
|
|
||||||
$target_prefix = 'nvme-subsystem',
|
|
||||||
$nvmet_port_id = '1',
|
|
||||||
$nvmet_ns_id = '10',
|
|
||||||
$volume_backend_name = lookup('cinder::backend::nvmeof::volume_backend_name', undef, undef, 'tripleo_nvmeof'),
|
|
||||||
$backend_availability_zone = lookup('cinder::backend::nvmeof::backend_availability_zone', undef, undef, undef),
|
|
||||||
$volume_driver = 'cinder.volume.drivers.lvm.LVMVolumeDriver',
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
include tripleo::profile::base::cinder::volume
|
|
||||||
|
|
||||||
if $step >= 4 {
|
|
||||||
create_resources('cinder::backend::nvmeof', { $volume_backend_name => delete_undef_values({
|
|
||||||
'target_ip_address' => normalize_ip_for_uri($target_ip_address),
|
|
||||||
'target_port' => $target_port,
|
|
||||||
'target_helper' => $target_helper,
|
|
||||||
'target_protocol' => $target_protocol,
|
|
||||||
'target_prefix' => $target_prefix,
|
|
||||||
'nvmet_port_id' => $nvmet_port_id,
|
|
||||||
'nvmet_ns_id' => $nvmet_ns_id,
|
|
||||||
'volume_backend_name' => $volume_backend_name,
|
|
||||||
'backend_availability_zone' => $backend_availability_zone,
|
|
||||||
'volume_driver' => $volume_driver,
|
|
||||||
})})
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
@ -1,80 +0,0 @@
|
|||||||
# Copyright 2016 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::cinder::volume::pure
|
|
||||||
#
|
|
||||||
# Cinder Volume pure profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*backend_name*]
|
|
||||||
# (Optional) List of names given to the Cinder backend stanza.
|
|
||||||
# Defaults to lookup('cinder::backend::pure::volume_backend_name', undef, undef, ['tripleo_pure'])
|
|
||||||
#
|
|
||||||
# [*multi_config*]
|
|
||||||
# (Optional) A config hash when multiple backends are used.
|
|
||||||
# Defaults to lookup('cinder::backend::pure::volume_multi_config', undef, undef, {})
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::cinder::volume::pure (
|
|
||||||
$backend_name = lookup('cinder::backend::pure::volume_backend_name', undef, undef, ['tripleo_pure']),
|
|
||||||
$multi_config = lookup('cinder::backend::pure::volume_multi_config', undef, undef, {}),
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
include tripleo::profile::base::cinder::volume
|
|
||||||
|
|
||||||
if $step >= 4 {
|
|
||||||
$backend_defaults = {
|
|
||||||
'CinderPureAvailabilityZone' => lookup('cinder::backend::pure::backend_availability_zone', undef, undef, undef),
|
|
||||||
'CinderPureSanIp' => lookup('cinder::backend::pure::san_ip', undef, undef, undef),
|
|
||||||
'CinderPureAPIToken' => lookup('cinder::backend::pure::pure_api_token', undef, undef, undef),
|
|
||||||
'CinderPureStorageProtocol' => lookup('cinder::backend::pure::pure_storage_protocol', undef, undef, undef),
|
|
||||||
'CinderPureUseChap' => lookup('cinder::backend::pure::use_chap_auth', undef, undef, undef),
|
|
||||||
'CinderPureMultipathXfer' => lookup('cinder::backend::pure::use_multipath_for_image_xfer', undef, undef, undef),
|
|
||||||
'CinderPureImageCache' => lookup('cinder::backend::pure::image_volume_cache_enabled', undef, undef, undef),
|
|
||||||
'CinderPureIscsiCidr' => lookup('cinder::backend::pure::pure_iscsi_cidr', undef, undef, undef),
|
|
||||||
'CinderPureIscsiCidrList' => lookup('cinder::backend::pure::pure_iscsi_cidr_list', undef, undef, undef),
|
|
||||||
'CinderPureHostPersonality' => lookup('cinder::backend::pure::pure_host_personality', undef, undef, undef),
|
|
||||||
'CinderPureEradicateOnDelete' => lookup('cinder::backend::pure::pure_eradicate_on_delete', undef, undef, undef),
|
|
||||||
'CinderPureNvmeTransport' => lookup('cinder::backend::pure::pure_nvme_transport', undef, undef, undef),
|
|
||||||
'CinderPureNvmeCidr' => lookup('cinder::backend::pure::pure_nvme_cidr', undef, undef, undef),
|
|
||||||
'CinderPureNvmeCidrList' => lookup('cinder::backend::pure::pure_nvme_cidr_list', undef, undef, undef),
|
|
||||||
}
|
|
||||||
|
|
||||||
$backend_name.each |String $backend| {
|
|
||||||
$backend_config = merge($backend_defaults, pick($multi_config[$backend], {}))
|
|
||||||
|
|
||||||
create_resources('cinder::backend::pure', { $backend => delete_undef_values({
|
|
||||||
'backend_availability_zone' => $backend_config['CinderPureAvailabilityZone'],
|
|
||||||
'san_ip' => $backend_config['CinderPureSanIp'],
|
|
||||||
'pure_api_token' => $backend_config['CinderPureAPIToken'],
|
|
||||||
'pure_storage_protocol' => $backend_config['CinderPureStorageProtocol'],
|
|
||||||
'use_chap_auth' => $backend_config['CinderPureUseChap'],
|
|
||||||
'use_multipath_for_image_xfer' => $backend_config['CinderPureMultipathXfer'],
|
|
||||||
'image_volume_cache_enabled' => $backend_config['CinderPureImageCache'],
|
|
||||||
'pure_iscsi_cidr' => $backend_config['CinderPureIscsiCidr'],
|
|
||||||
'pure_iscsi_cidr_list' => $backend_config['CinderPureIscsiCidrList'],
|
|
||||||
'pure_host_personality' => $backend_config['CinderPureHostPersonality'],
|
|
||||||
'pure_eradicate_on_delete' => $backend_config['CinderPureEradicateOnDelete'],
|
|
||||||
'pure_nvme_transport' => $backend_config['CinderPureNvmeTransport'],
|
|
||||||
'pure_nvme_cidr' => $backend_config['CinderPureNvmeCidr'],
|
|
||||||
'pure_nvme_cidr_list' => $backend_config['CinderPureNvmeCidrList'],
|
|
||||||
})})
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,147 +0,0 @@
|
|||||||
# Copyright 2016 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::cinder::volume::rbd
|
|
||||||
#
|
|
||||||
# Cinder Volume rbd profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*backend_name*]
|
|
||||||
# (Optional) List of names given to the Cinder backend stanza.
|
|
||||||
# Defaults to lookup('cinder::backend::rbd::volume_backend_name', undef, undef, ['tripleo_ceph'])
|
|
||||||
#
|
|
||||||
# [*backend_availability_zone*]
|
|
||||||
# (Optional) Availability zone for this volume backend
|
|
||||||
# Defaults to lookup('cinder::backend::rbd::backend_availability_zone', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*cinder_rbd_backend_host*]
|
|
||||||
# (Optional) String to use as backend_host in the backend stanza
|
|
||||||
# Defaults to lookup('cinder::backend_host', undef, undef, lookup('cinder::host', undef, undef, $::hostname))
|
|
||||||
#
|
|
||||||
# [*cinder_rbd_ceph_conf*]
|
|
||||||
# (Optional) The path to the Ceph cluster config file
|
|
||||||
# Defaults to '/etc/ceph/ceph.conf'
|
|
||||||
#
|
|
||||||
# [*cinder_rbd_pool_name*]
|
|
||||||
# (Optional) The name of the RBD pool to use
|
|
||||||
# Defaults to 'volumes'
|
|
||||||
#
|
|
||||||
# [*cinder_rbd_extra_pools*]
|
|
||||||
# (Optional) List of additional pools to use for Cinder. A separate RBD
|
|
||||||
# backend is created for each additional pool.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*cinder_rbd_secret_uuid*]
|
|
||||||
# (Optional) UUID of the of the libvirt secret storing the Cephx key
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*cinder_rbd_user_name*]
|
|
||||||
# (Optional) The user name for the RBD client
|
|
||||||
# Defaults to 'openstack'
|
|
||||||
#
|
|
||||||
# [*cinder_rbd_flatten_volume_from_snapshot*]
|
|
||||||
# (Optional) Whether volumes created from a snapshot should be flattened
|
|
||||||
# in order to remove a dependency on the snapshot.
|
|
||||||
# Defaults to lookup('cinder::backend::rbd::flatten_volume_from_snapshot, undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*multi_config*]
|
|
||||||
# (Optional) A config hash when multiple backends are used.
|
|
||||||
# Defaults to {}
|
|
||||||
#
|
|
||||||
# [*extra_options*]
|
|
||||||
# (optional) Hash of extra options to configure for the RBD backends.
|
|
||||||
# Example: { 'tripleo_ceph/param1' => { 'value' => value1 } }
|
|
||||||
# Defaults to: {}
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::cinder::volume::rbd (
|
|
||||||
$backend_name = lookup('cinder::backend::rbd::volume_backend_name', undef, undef, ['tripleo_ceph']),
|
|
||||||
$backend_availability_zone = lookup('cinder::backend::rbd::backend_availability_zone', undef, undef, undef),
|
|
||||||
# lint:ignore:parameter_documentation
|
|
||||||
$cinder_rbd_backend_host = lookup('cinder::backend_host', undef, undef, lookup('cinder::host',
|
|
||||||
undef, undef, $::hostname)),
|
|
||||||
# lint:endignore
|
|
||||||
$cinder_rbd_ceph_conf = lookup('cinder::backend::rbd::rbd_ceph_conf', undef, undef, '/etc/ceph/ceph.conf'),
|
|
||||||
$cinder_rbd_pool_name = 'volumes',
|
|
||||||
$cinder_rbd_extra_pools = undef,
|
|
||||||
$cinder_rbd_secret_uuid = undef,
|
|
||||||
$cinder_rbd_user_name = 'openstack',
|
|
||||||
$cinder_rbd_flatten_volume_from_snapshot = lookup('cinder::backend::rbd::flatten_volume_from_snapshot', undef, undef, undef),
|
|
||||||
$multi_config = {},
|
|
||||||
$extra_options = {},
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
include tripleo::profile::base::cinder::volume
|
|
||||||
|
|
||||||
if $step >= 4 {
|
|
||||||
$backend_defaults = {
|
|
||||||
'CephClusterFSID' => $cinder_rbd_secret_uuid,
|
|
||||||
'CephClientUserName' => $cinder_rbd_user_name,
|
|
||||||
'CinderRbdAvailabilityZone' => $backend_availability_zone,
|
|
||||||
'CinderRbdPoolName' => $cinder_rbd_pool_name,
|
|
||||||
'CinderRbdExtraPools' => $cinder_rbd_extra_pools,
|
|
||||||
'CinderRbdFlattenVolumeFromSnapshot' => $cinder_rbd_flatten_volume_from_snapshot,
|
|
||||||
}
|
|
||||||
|
|
||||||
$backends_array = any2array($backend_name)
|
|
||||||
$backends_array.each |String $backend| {
|
|
||||||
$backend_multi_config = pick($multi_config[$backend], {})
|
|
||||||
|
|
||||||
$multi_config_cluster = $backend_multi_config['CephClusterName']
|
|
||||||
if $multi_config_cluster {
|
|
||||||
$backend_ceph_conf = "/etc/ceph/${multi_config_cluster}.conf"
|
|
||||||
} else {
|
|
||||||
$backend_ceph_conf = $cinder_rbd_ceph_conf
|
|
||||||
}
|
|
||||||
|
|
||||||
# Ensure extra_options are only applied once.
|
|
||||||
if $backend == $backends_array[0] {
|
|
||||||
$extra_options_real = $extra_options
|
|
||||||
} else {
|
|
||||||
$extra_options_real = undef
|
|
||||||
}
|
|
||||||
|
|
||||||
$backend_config = merge($backend_defaults, $backend_multi_config)
|
|
||||||
|
|
||||||
create_resources('cinder::backend::rbd', { $backend => delete_undef_values({
|
|
||||||
'backend_availability_zone' => $backend_config['CinderRbdAvailabilityZone'],
|
|
||||||
'backend_host' => $cinder_rbd_backend_host,
|
|
||||||
'rbd_ceph_conf' => $backend_ceph_conf,
|
|
||||||
'rbd_pool' => $backend_config['CinderRbdPoolName'],
|
|
||||||
'rbd_user' => $backend_config['CephClientUserName'],
|
|
||||||
'rbd_secret_uuid' => $backend_config['CephClusterFSID'],
|
|
||||||
'rbd_flatten_volume_from_snapshot' => $backend_config['CinderRbdFlattenVolumeFromSnapshot'],
|
|
||||||
'extra_options' => $extra_options_real,
|
|
||||||
})})
|
|
||||||
|
|
||||||
any2array($backend_config['CinderRbdExtraPools']).each |String $pool_name| {
|
|
||||||
create_resources('cinder::backend::rbd', { "${backend}_${pool_name}" => delete_undef_values({
|
|
||||||
'backend_availability_zone' => $backend_config['CinderRbdAvailabilityZone'],
|
|
||||||
'backend_host' => $cinder_rbd_backend_host,
|
|
||||||
'rbd_ceph_conf' => $backend_ceph_conf,
|
|
||||||
'rbd_pool' => $pool_name,
|
|
||||||
'rbd_user' => $backend_config['CephClientUserName'],
|
|
||||||
'rbd_secret_uuid' => $backend_config['CephClusterFSID'],
|
|
||||||
'rbd_flatten_volume_from_snapshot' => $backend_config['CinderRbdFlattenVolumeFromSnapshot'],
|
|
||||||
})})
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,279 +0,0 @@
|
|||||||
# Copyright 2016 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::database::mysql
|
|
||||||
#
|
|
||||||
# MySQL profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*bind_address*]
|
|
||||||
# (Optional) The address that the local mysql instance should bind to.
|
|
||||||
# Defaults to $::hostname
|
|
||||||
#
|
|
||||||
# [*bootstrap_node*]
|
|
||||||
# (Optional) The hostname of the node responsible for bootstrapping tasks
|
|
||||||
# Defaults to lookup('mysql_short_bootstrap_node_name', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*certificate_specs*]
|
|
||||||
# (Optional) The specifications to give to certmonger for the certificate
|
|
||||||
# it will create. Note that the certificate nickname must be 'mysql' in
|
|
||||||
# the case of this service.
|
|
||||||
# Example with hiera:
|
|
||||||
# tripleo::profile::base::database::mysql::certificate_specs:
|
|
||||||
# hostname: <overcloud controller fqdn>
|
|
||||||
# service_certificate: <service certificate path>
|
|
||||||
# service_key: <service key path>
|
|
||||||
# principal: "mysql/<overcloud controller fqdn>"
|
|
||||||
# Defaults to {}.
|
|
||||||
#
|
|
||||||
# [*cipher_list*]
|
|
||||||
# (Optional) When enable_internal_tls is true, defines the list of allowed
|
|
||||||
# ciphers for the mysql server.
|
|
||||||
# Defaults to '!SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES:!SSLv3:!TLSv1'
|
|
||||||
#
|
|
||||||
# [*enable_internal_tls*]
|
|
||||||
# (Optional) Whether TLS in the internal network is enabled or not.
|
|
||||||
# Defaults to lookup('enable_internal_tls', undef, undef, false)
|
|
||||||
#
|
|
||||||
# [*innodb_buffer_pool_size*]
|
|
||||||
# (Optional) Configure the size of the MySQL buffer pool.
|
|
||||||
# Defaults to lookup('innodb_buffer_pool_size', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*innodb_log_file_size*]
|
|
||||||
# (Optional) Configure the size in bytes of each log file in a log group.
|
|
||||||
# Defaults to undef.
|
|
||||||
#
|
|
||||||
# [*innodb_flush_method*]
|
|
||||||
# (Optional) Defines the method used to flush data to InnoDB data files and log files.
|
|
||||||
# Defaults to undef.
|
|
||||||
#
|
|
||||||
# [*innodb_lock_wait_timeout*]
|
|
||||||
# (Option) Time in seconds that an InnoDB transaction waits for an InnoDB row lock (not table lock).
|
|
||||||
# When this occurs, the statement (not transaction) is rolled back.
|
|
||||||
# Defaults to undef.
|
|
||||||
#
|
|
||||||
# [*innodb_strict_mode*]
|
|
||||||
# (Optional) InnoDB strict mode enforcement. When set to 'ON', InnoDB
|
|
||||||
# performs validity checks on DDL statements such as table creation,
|
|
||||||
# or table row size. When set to 'OFF', the same checks only return
|
|
||||||
# warnings rather than error.
|
|
||||||
# Defaults to lookup('innodb_strict_mode', undef, undef, 'OFF')
|
|
||||||
#
|
|
||||||
# [*table_open_cache*]
|
|
||||||
# (Optional) Configure the number of open tables for all threads.
|
|
||||||
# Increasing this value increases the number of file descriptors that mysqld requires.
|
|
||||||
# Defaults to undef.
|
|
||||||
#
|
|
||||||
# [*manage_resources*]
|
|
||||||
# (Optional) Whether or not manage root user, root my.cnf, and service.
|
|
||||||
# Defaults to true
|
|
||||||
#
|
|
||||||
# [*mysql_server_options*]
|
|
||||||
# (Optional) Extras options to deploy MySQL. Useful when deploying Galera cluster.
|
|
||||||
# Should be an hash.
|
|
||||||
# Defaults to {}
|
|
||||||
#
|
|
||||||
# [*mysql_max_connections*]
|
|
||||||
# (Optional) Maximum number of connections to MySQL.
|
|
||||||
# Defaults to lookup('mysql_max_connections', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*mysql_auth_ed25519*]
|
|
||||||
# (Optional) Use MariaDB's ed25519 authentication plugin to authenticate
|
|
||||||
# a user when connecting to the server
|
|
||||||
# Defaults to lookup('mysql_auth_ed25519', undef, undef, false)
|
|
||||||
#
|
|
||||||
# [*remove_default_accounts*]
|
|
||||||
# (Optional) Whether or not remove default MySQL accounts.
|
|
||||||
# Defaults to true
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::database::mysql (
|
|
||||||
$bind_address = $::hostname,
|
|
||||||
$bootstrap_node = lookup('mysql_short_bootstrap_node_name', undef, undef, undef),
|
|
||||||
$certificate_specs = {},
|
|
||||||
$cipher_list = '!SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES:!SSLv3:!TLSv1',
|
|
||||||
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
|
|
||||||
$innodb_buffer_pool_size = lookup('innodb_buffer_pool_size', undef, undef, undef),
|
|
||||||
$innodb_log_file_size = undef,
|
|
||||||
$innodb_lock_wait_timeout = lookup('innodb_lock_wait_timeout', undef, undef, undef),
|
|
||||||
$innodb_strict_mode = lookup('innodb_strict_mode', undef, undef, 'OFF'),
|
|
||||||
$table_open_cache = undef,
|
|
||||||
$innodb_flush_method = undef,
|
|
||||||
$manage_resources = true,
|
|
||||||
$mysql_server_options = {},
|
|
||||||
$mysql_max_connections = lookup('mysql_max_connections', undef, undef, undef),
|
|
||||||
$mysql_auth_ed25519 = lookup('mysql_auth_ed25519', undef, undef, false),
|
|
||||||
$remove_default_accounts = true,
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
|
|
||||||
if $bootstrap_node and $::hostname == downcase($bootstrap_node) {
|
|
||||||
$sync_db = true
|
|
||||||
} else {
|
|
||||||
$sync_db = false
|
|
||||||
}
|
|
||||||
|
|
||||||
validate_legacy(Hash, 'validate_hash', $mysql_server_options)
|
|
||||||
validate_legacy(Hash, 'validate_hash', $certificate_specs)
|
|
||||||
|
|
||||||
if $enable_internal_tls {
|
|
||||||
$tls_certfile = $certificate_specs['service_certificate']
|
|
||||||
$tls_keyfile = $certificate_specs['service_key']
|
|
||||||
$tls_cipher_list = $cipher_list
|
|
||||||
|
|
||||||
# Force users/grants created to use TLS connections
|
|
||||||
Openstacklib::Db::Mysql <||> { tls_options => ['SSL'] }
|
|
||||||
} else {
|
|
||||||
$tls_certfile = undef
|
|
||||||
$tls_keyfile = undef
|
|
||||||
$tls_cipher_list = undef
|
|
||||||
}
|
|
||||||
|
|
||||||
# non-ha scenario
|
|
||||||
if $manage_resources {
|
|
||||||
$mysql_step = 2
|
|
||||||
} else {
|
|
||||||
# ha scenario
|
|
||||||
$mysql_step = 1
|
|
||||||
}
|
|
||||||
if $step >= $mysql_step {
|
|
||||||
if str2bool(lookup('enable_galera', undef, undef, true)) {
|
|
||||||
$mysql_config_file = '/etc/my.cnf.d/galera.cnf'
|
|
||||||
} else {
|
|
||||||
$mysql_config_file = '/etc/my.cnf.d/server.cnf'
|
|
||||||
}
|
|
||||||
# TODO Galera
|
|
||||||
# FIXME: due to https://bugzilla.redhat.com/show_bug.cgi?id=1298671 we
|
|
||||||
# set bind-address to a hostname instead of an ip address; to move Mysql
|
|
||||||
# from internal_api on another network we'll have to customize both
|
|
||||||
# MysqlNetwork and ControllerHostnameResolveNetwork in ServiceNetMap
|
|
||||||
$mysql_server_default = {
|
|
||||||
'mysqld' => {
|
|
||||||
'bind-address' => $bind_address,
|
|
||||||
'max_connections' => $mysql_max_connections,
|
|
||||||
'open_files_limit' => '65536',
|
|
||||||
'innodb_buffer_pool_size' => $innodb_buffer_pool_size,
|
|
||||||
'innodb_file_per_table' => 'ON',
|
|
||||||
'innodb_log_file_size' => $innodb_log_file_size,
|
|
||||||
'innodb_lock_wait_timeout' => $innodb_lock_wait_timeout,
|
|
||||||
'innodb_strict_mode' => $innodb_strict_mode,
|
|
||||||
'log_warnings' => '1',
|
|
||||||
'table_open_cache' => $table_open_cache,
|
|
||||||
'innodb_flush_method' => $innodb_flush_method,
|
|
||||||
'query_cache_size' => '0',
|
|
||||||
'query_cache_type' => '0',
|
|
||||||
'ssl' => $enable_internal_tls,
|
|
||||||
'ssl-key' => $tls_keyfile,
|
|
||||||
'ssl-cert' => $tls_certfile,
|
|
||||||
'ssl-cipher' => $tls_cipher_list,
|
|
||||||
'ssl-ca' => undef,
|
|
||||||
'plugin_load_add' => 'auth_ed25519',
|
|
||||||
}
|
|
||||||
}
|
|
||||||
$mysql_server_options_real = deep_merge($mysql_server_default, $mysql_server_options)
|
|
||||||
class { 'mysql::server':
|
|
||||||
config_file => $mysql_config_file,
|
|
||||||
override_options => $mysql_server_options_real,
|
|
||||||
create_root_user => $manage_resources,
|
|
||||||
create_root_my_cnf => $manage_resources,
|
|
||||||
service_manage => $manage_resources,
|
|
||||||
service_enabled => $manage_resources,
|
|
||||||
remove_default_accounts => $remove_default_accounts,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
$service_names = lookup('enabled_services', undef, undef, undef)
|
|
||||||
|
|
||||||
if $service_names {
|
|
||||||
tripleo::profile::base::database::mysql::users { $service_names: }
|
|
||||||
}
|
|
||||||
|
|
||||||
if $step >= 2 and $sync_db {
|
|
||||||
Class['mysql::server'] -> Mysql_database<||>
|
|
||||||
if ($manage_resources) {
|
|
||||||
# the mysql module handles password for user 'root@localhost', but it
|
|
||||||
# doesn't modify 'root@%'. So make sure this user password is managed
|
|
||||||
# as well by creating a resource appropriately.
|
|
||||||
mysql_user { 'root@%':
|
|
||||||
ensure => present,
|
|
||||||
password_hash => mysql::password(lookup('mysql::server::root_password')),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if ($mysql_auth_ed25519) {
|
|
||||||
['root@localhost', 'root@%'].each |$user| {
|
|
||||||
Mysql_user<| title == $user |> {
|
|
||||||
plugin => 'ed25519',
|
|
||||||
password_hash => mysql_ed25519_password(lookup('mysql::server::root_password'))
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
# Note: use 'include_and_check_auth' below rather than 'include'
|
|
||||||
# to support ed25519 authentication
|
|
||||||
if lookup('aodh_api_enabled', undef, undef, false) {
|
|
||||||
tripleo::profile::base::database::mysql::include_and_check_auth{'aodh::db::mysql':}
|
|
||||||
}
|
|
||||||
if lookup('cinder_api_enabled', undef, undef, false) {
|
|
||||||
tripleo::profile::base::database::mysql::include_and_check_auth{'cinder::db::mysql':}
|
|
||||||
}
|
|
||||||
if lookup('barbican_api_enabled', undef, undef, false) {
|
|
||||||
tripleo::profile::base::database::mysql::include_and_check_auth{'barbican::db::mysql':}
|
|
||||||
}
|
|
||||||
if lookup('designate_api_enabled', undef, undef, false) {
|
|
||||||
tripleo::profile::base::database::mysql::include_and_check_auth{'designate::db::mysql':}
|
|
||||||
}
|
|
||||||
if lookup('glance_api_enabled', undef, undef, false) {
|
|
||||||
tripleo::profile::base::database::mysql::include_and_check_auth{'glance::db::mysql':}
|
|
||||||
}
|
|
||||||
if lookup('gnocchi_api_enabled', undef, undef, false) {
|
|
||||||
tripleo::profile::base::database::mysql::include_and_check_auth{'gnocchi::db::mysql':}
|
|
||||||
}
|
|
||||||
if lookup('heat_engine_enabled', undef, undef, false) {
|
|
||||||
tripleo::profile::base::database::mysql::include_and_check_auth{'heat::db::mysql':}
|
|
||||||
}
|
|
||||||
if lookup('ironic_api_enabled', undef, undef, false) {
|
|
||||||
tripleo::profile::base::database::mysql::include_and_check_auth{'ironic::db::mysql':}
|
|
||||||
}
|
|
||||||
if lookup('ironic_inspector_enabled', undef, undef, false) {
|
|
||||||
tripleo::profile::base::database::mysql::include_and_check_auth{'ironic::inspector::db::mysql':}
|
|
||||||
}
|
|
||||||
if lookup('keystone_enabled', undef, undef, false) {
|
|
||||||
tripleo::profile::base::database::mysql::include_and_check_auth{'keystone::db::mysql':}
|
|
||||||
}
|
|
||||||
if lookup('manila_api_enabled', undef, undef, false) {
|
|
||||||
tripleo::profile::base::database::mysql::include_and_check_auth{'manila::db::mysql':}
|
|
||||||
}
|
|
||||||
if lookup('neutron_api_enabled', undef, undef, false) {
|
|
||||||
tripleo::profile::base::database::mysql::include_and_check_auth{'neutron::db::mysql':}
|
|
||||||
}
|
|
||||||
if lookup('nova_conductor_enabled', undef, undef, false) {
|
|
||||||
tripleo::profile::base::database::mysql::include_and_check_auth{'nova::db::mysql':}
|
|
||||||
}
|
|
||||||
if lookup('nova_api_enabled', undef, undef, false) {
|
|
||||||
tripleo::profile::base::database::mysql::include_and_check_auth{'nova::db::mysql_api':}
|
|
||||||
}
|
|
||||||
if lookup('placement_enabled', undef, undef, false) {
|
|
||||||
tripleo::profile::base::database::mysql::include_and_check_auth{'placement::db::mysql':}
|
|
||||||
}
|
|
||||||
if lookup('octavia_api_enabled', undef, undef, false) {
|
|
||||||
tripleo::profile::base::database::mysql::include_and_check_auth{'octavia::db::mysql':}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,104 +0,0 @@
|
|||||||
# Copyright 2016 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::haproxy
|
|
||||||
#
|
|
||||||
# Loadbalancer profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*enable_ssl*]
|
|
||||||
# (Optional) Whether SSL should be used for the connection to the server or
|
|
||||||
# not.
|
|
||||||
# Defaults to false
|
|
||||||
#
|
|
||||||
# [*mysql_read_default_file*]
|
|
||||||
# (Optional) Name of the file that will be passed to pymysql connection strings
|
|
||||||
# Defaults to '/etc/my.cnf.d/tripleo.cnf'
|
|
||||||
#
|
|
||||||
# [*mysql_read_default_group*]
|
|
||||||
# (Optional) Name of the ini section to be passed to pymysql connection strings
|
|
||||||
# Defaults to 'tripleo'
|
|
||||||
#
|
|
||||||
# [*mysql_client_bind_address*]
|
|
||||||
# (Optional) Client IP address of the host that will be written in the mysql_read_default_file
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*ssl_ca*]
|
|
||||||
# (Optional) The SSL CA file to use to verify the MySQL server's certificate.
|
|
||||||
# Defaults to '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt'
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::database::mysql::client (
|
|
||||||
$enable_ssl = false,
|
|
||||||
$mysql_read_default_file = '/etc/my.cnf.d/tripleo.cnf',
|
|
||||||
$mysql_read_default_group = 'tripleo',
|
|
||||||
$mysql_client_bind_address = undef,
|
|
||||||
$ssl_ca = '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt',
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
if $step >= 1 {
|
|
||||||
if $mysql_client_bind_address =~ Stdlib::Compat::Ip_address {
|
|
||||||
$client_bind_changes = [
|
|
||||||
"set ${mysql_read_default_group}/bind-address '${mysql_client_bind_address}'"
|
|
||||||
]
|
|
||||||
} else {
|
|
||||||
$client_bind_changes = [
|
|
||||||
"rm ${mysql_read_default_group}/bind-address"
|
|
||||||
]
|
|
||||||
}
|
|
||||||
|
|
||||||
if $enable_ssl {
|
|
||||||
$changes_ssl = [
|
|
||||||
"set ${mysql_read_default_group}/ssl '1'",
|
|
||||||
"set ${mysql_read_default_group}/ssl-ca '${ssl_ca}'",
|
|
||||||
'set client/ssl \'1\'',
|
|
||||||
"set client/ssl-ca '${ssl_ca}'"
|
|
||||||
]
|
|
||||||
} else {
|
|
||||||
$changes_ssl = [
|
|
||||||
"rm ${mysql_read_default_group}/ssl",
|
|
||||||
"rm ${mysql_read_default_group}/ssl-ca",
|
|
||||||
'rm client/ssl',
|
|
||||||
'rm client/ssl-ca'
|
|
||||||
]
|
|
||||||
}
|
|
||||||
|
|
||||||
$conf_changes = union($client_bind_changes, $changes_ssl)
|
|
||||||
|
|
||||||
# When generating configuration with docker-puppet, services do
|
|
||||||
# not include any profile that would ensure creation of /etc/my.cnf.d,
|
|
||||||
# so we enforce the check here.
|
|
||||||
file {'/etc/my.cnf.d':
|
|
||||||
ensure => 'directory'
|
|
||||||
}
|
|
||||||
file { $mysql_read_default_file:
|
|
||||||
ensure => file,
|
|
||||||
}
|
|
||||||
augeas { 'tripleo-mysql-client-conf':
|
|
||||||
incl => $mysql_read_default_file,
|
|
||||||
lens => 'Puppet.lns',
|
|
||||||
changes => $conf_changes,
|
|
||||||
require => File[$mysql_read_default_file],
|
|
||||||
}
|
|
||||||
|
|
||||||
# If a profile created a file resource for the parent directory,
|
|
||||||
# ensure it is being run before the config file generation
|
|
||||||
File<| title == '/etc/my.cnf.d' |> -> Augeas['tripleo-mysql-client-conf']
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,49 +0,0 @@
|
|||||||
# Copyright 2016 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: include_and_check_auth
|
|
||||||
#
|
|
||||||
# Include an OpenStack MySQL profile and configures it for alternative
|
|
||||||
# client authentication like e.g. ed25519
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*module*]
|
|
||||||
# (Optional) The puppet module to include
|
|
||||||
# Defaults to $title
|
|
||||||
#
|
|
||||||
# [*mysql_auth_ed25519*]
|
|
||||||
# (Optional) Use MariaDB's ed25519 authentication plugin to authenticate
|
|
||||||
# a user when connecting to the server
|
|
||||||
# Defaults to lookup('mysql_auth_ed25519', undef, undef, false)
|
|
||||||
#
|
|
||||||
define tripleo::profile::base::database::mysql::include_and_check_auth(
|
|
||||||
$module = $title,
|
|
||||||
$mysql_auth_ed25519 = lookup('mysql_auth_ed25519', undef, undef, false),
|
|
||||||
) {
|
|
||||||
include $module
|
|
||||||
if ($mysql_auth_ed25519) {
|
|
||||||
# currently all openstack puppet modules create MySQL users
|
|
||||||
# by hashing their password for the default auth method.
|
|
||||||
# If ed25519 auth is enabled, we must hash the password
|
|
||||||
# differently; so do it with a collector until all
|
|
||||||
# openstack modules support ed25519 auth natively.
|
|
||||||
$stripped_module_name = regsubst($module,'^::','')
|
|
||||||
$password_key = "${stripped_module_name}::password"
|
|
||||||
Openstacklib::Db::Mysql<| tag == $stripped_module_name |> {
|
|
||||||
plugin => 'ed25519',
|
|
||||||
password_hash => mysql_ed25519_password(lookup($password_key))
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,62 +0,0 @@
|
|||||||
# The tripleo::profile::base::database::mysql::user resource implements
|
|
||||||
# a generic resource to create databases, users and grants in MySQL
|
|
||||||
#
|
|
||||||
# == parameters
|
|
||||||
#
|
|
||||||
# [*password*]
|
|
||||||
# (Required) Password to connect to the database.
|
|
||||||
#
|
|
||||||
# [*dbname*]
|
|
||||||
# (Required) Name of the database.
|
|
||||||
#
|
|
||||||
# [*user*]
|
|
||||||
# (Required) User to connect to the database.
|
|
||||||
#
|
|
||||||
# [*host*]
|
|
||||||
# (Optional) The default source host user is allowed to connect from.
|
|
||||||
# Defaults to '127.0.0.1'
|
|
||||||
#
|
|
||||||
# [*allowed_hosts*]
|
|
||||||
# (Optional) Other hosts the user is allowed to connect from.
|
|
||||||
# Defaults to 'undef'.
|
|
||||||
#
|
|
||||||
# [*charset*]
|
|
||||||
# (Optional) The database charset.
|
|
||||||
# Defaults to 'utf8'
|
|
||||||
#
|
|
||||||
# [*collate*]
|
|
||||||
# (Optional) The database collate.
|
|
||||||
# Only used with mysql modules >= 2.2.
|
|
||||||
# Defaults to 'utf8_general_ci'
|
|
||||||
#
|
|
||||||
# == Dependencies
|
|
||||||
# Class['mysql::server']
|
|
||||||
#
|
|
||||||
# == Examples
|
|
||||||
#
|
|
||||||
# == Authors
|
|
||||||
#
|
|
||||||
# == Copyright
|
|
||||||
#
|
|
||||||
define tripleo::profile::base::database::mysql::user (
|
|
||||||
$password,
|
|
||||||
$dbname,
|
|
||||||
$user,
|
|
||||||
$host = '127.0.0.1',
|
|
||||||
$charset = 'utf8',
|
|
||||||
$collate = 'utf8_general_ci',
|
|
||||||
$allowed_hosts = undef
|
|
||||||
) {
|
|
||||||
|
|
||||||
validate_legacy(String, 'validate_string', $password)
|
|
||||||
|
|
||||||
::openstacklib::db::mysql { $title :
|
|
||||||
user => $user,
|
|
||||||
password => $password,
|
|
||||||
dbname => $dbname,
|
|
||||||
host => $host,
|
|
||||||
charset => $charset,
|
|
||||||
collate => $collate,
|
|
||||||
allowed_hosts => $allowed_hosts,
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,37 +0,0 @@
|
|||||||
# Copyright 2017 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Define: tripleo::haproxy::service_endpoints
|
|
||||||
#
|
|
||||||
# Define used to create haproxyendpoints for composable services.
|
|
||||||
#
|
|
||||||
# === Parameters:
|
|
||||||
#
|
|
||||||
# [*service_name*]
|
|
||||||
# (optional) The service_name to create the myql resources for.
|
|
||||||
# Defaults to $title
|
|
||||||
#
|
|
||||||
define tripleo::profile::base::database::mysql::users ($service_name = $title) {
|
|
||||||
|
|
||||||
$underscore_name = regsubst($service_name, '-', '_', 'G')
|
|
||||||
|
|
||||||
# This allows each composable service to load its own custom rules by
|
|
||||||
# creating its own flat hiera key named:
|
|
||||||
# tripleo::<service name with underscores>::mysql_user
|
|
||||||
$mysql_users = lookup("tripleo::${underscore_name}::mysql_user", undef, undef, undef)
|
|
||||||
|
|
||||||
if $mysql_users {
|
|
||||||
ensure_resource('tripleo::profile::base::database::mysql::user', $service_name, $mysql_users)
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,119 +0,0 @@
|
|||||||
# Copyright 2016 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::database::redis
|
|
||||||
#
|
|
||||||
# Redis profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*certificate_specs*]
|
|
||||||
# (Optional) The specifications to give to certmonger for the certificate(s)
|
|
||||||
# it will create.
|
|
||||||
# Example with hiera:
|
|
||||||
# redis_certificate_specs:
|
|
||||||
# hostname: <overcloud controller fqdn>
|
|
||||||
# service_certificate: <service certificate path>
|
|
||||||
# service_key: <service key path>
|
|
||||||
# principal: "haproxy/<overcloud controller fqdn>"
|
|
||||||
# Defaults to lookup('redis_certificate_specs', undef, undef, {}).
|
|
||||||
#
|
|
||||||
# [*enable_internal_tls*]
|
|
||||||
# (Optional) Whether TLS in the internal network is enabled or not.
|
|
||||||
# Defaults to lookup('enable_internal_tls', undef, undef, false)
|
|
||||||
#
|
|
||||||
# [*redis_network*]
|
|
||||||
# (Optional) The network name where the redis endpoint is listening on.
|
|
||||||
# This is set by t-h-t.
|
|
||||||
# Defaults to lookup('redis_network', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
# [*pacemaker_managed*]
|
|
||||||
# (Optional) Whether the redis service is managed by Pacemaker
|
|
||||||
# Defaults to false
|
|
||||||
#
|
|
||||||
# [*tls_tunnel_local_name*]
|
|
||||||
# (Optional) When TLS proxy is in use, name of the localhost to forward
|
|
||||||
# unencryption Redis traffic to.
|
|
||||||
# This is set by t-h-t.
|
|
||||||
# Defaults to 'localhost'
|
|
||||||
#
|
|
||||||
# [*tls_proxy_bind_ip*]
|
|
||||||
# IP on which the TLS proxy will listen on. Required only if
|
|
||||||
# enable_internal_tls is set.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*tls_proxy_fqdn*]
|
|
||||||
# fqdn on which the tls proxy will listen on. required only used if
|
|
||||||
# enable_internal_tls is set.
|
|
||||||
# defaults to undef
|
|
||||||
#
|
|
||||||
# [*tls_proxy_port*]
|
|
||||||
# port on which the tls proxy will listen on. Only used if
|
|
||||||
# enable_internal_tls is set.
|
|
||||||
# defaults to 6379
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::database::redis (
|
|
||||||
$certificate_specs = lookup('redis_certificate_specs', undef, undef, {}),
|
|
||||||
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
|
|
||||||
$redis_network = lookup('redis_network', undef, undef, undef),
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
$pacemaker_managed = false,
|
|
||||||
$tls_tunnel_local_name = 'localhost',
|
|
||||||
$tls_proxy_bind_ip = undef,
|
|
||||||
$tls_proxy_fqdn = undef,
|
|
||||||
$tls_proxy_port = 6379,
|
|
||||||
) {
|
|
||||||
|
|
||||||
# When Redis is managed by pacemaker then the configuration is generated
|
|
||||||
# before cluster is being set up.
|
|
||||||
if $pacemaker_managed {
|
|
||||||
$redis_step = 1
|
|
||||||
} else {
|
|
||||||
$redis_step = 2
|
|
||||||
}
|
|
||||||
if $step >= $redis_step {
|
|
||||||
if $enable_internal_tls {
|
|
||||||
if !$redis_network {
|
|
||||||
fail('redis_network is not set in the hieradata.')
|
|
||||||
}
|
|
||||||
if !$tls_proxy_bind_ip {
|
|
||||||
fail('tls_proxy_bind_ip is not set in the hieradata.')
|
|
||||||
}
|
|
||||||
if !$tls_proxy_fqdn {
|
|
||||||
fail('tls_proxy_fqdn is required if internal TLS is enabled.')
|
|
||||||
}
|
|
||||||
$tls_certfile = $certificate_specs['service_certificate']
|
|
||||||
$tls_keyfile = $certificate_specs['service_key']
|
|
||||||
|
|
||||||
include tripleo::stunnel
|
|
||||||
|
|
||||||
tripleo::stunnel::service_proxy { 'redis':
|
|
||||||
accept_host => $tls_proxy_bind_ip,
|
|
||||||
accept_port => $tls_proxy_port,
|
|
||||||
connect_host => $tls_tunnel_local_name,
|
|
||||||
connect_port => $tls_proxy_port,
|
|
||||||
certificate => $tls_certfile,
|
|
||||||
key => $tls_keyfile,
|
|
||||||
notify => Class['redis'],
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
include redis
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,139 +0,0 @@
|
|||||||
# Copyright 2016 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::designate
|
|
||||||
#
|
|
||||||
# Designate server profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step of the deployment
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_proto*]
|
|
||||||
# Protocol driver for the oslo messaging rpc service
|
|
||||||
# Defaults to lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit')
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_hosts*]
|
|
||||||
# list of the oslo messaging rpc host fqdns
|
|
||||||
# Defaults to any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef))
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_port*]
|
|
||||||
# IP port for oslo messaging rpc service
|
|
||||||
# Defaults to lookup('oslo_messaging_rpc_port', undef, undef, '5672')
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_username*]
|
|
||||||
# Username for oslo messaging rpc service
|
|
||||||
# Defaults to lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest')
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_password*]
|
|
||||||
# Password for oslo messaging rpc service
|
|
||||||
# Defaults to lookup('oslo_messaging_rpc_password')
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_use_ssl*]
|
|
||||||
# Enable ssl oslo messaging services
|
|
||||||
# Defaults to lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0')
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_proto*]
|
|
||||||
# Protocol driver for the oslo messaging notify service
|
|
||||||
# Defaults to lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit')
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_hosts*]
|
|
||||||
# list of the oslo messaging notify host fqdns
|
|
||||||
# Defaults to any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef))
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_port*]
|
|
||||||
# IP port for oslo messaging notify service
|
|
||||||
# Defaults to lookup('oslo_messaging_notify_port', undef, undef, '5672')
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_username*]
|
|
||||||
# Username for oslo messaging notify service
|
|
||||||
# Defaults to lookup('oslo_messaging_notify_user_name', undef, undef, 'guest')
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_password*]
|
|
||||||
# Password for oslo messaging notify service
|
|
||||||
# Defaults to lookup('oslo_messaging_notify_password')
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_use_ssl*]
|
|
||||||
# Enable ssl oslo messaging services
|
|
||||||
# Defaults to lookup('oslo_messaging_notify_use_ssl', undef, undef, '0')
|
|
||||||
#
|
|
||||||
# [* DEPRECATED PARAMETERS *]
|
|
||||||
#
|
|
||||||
# [*rndc_host*]
|
|
||||||
# The address on which rndc should listen
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*rndc_port*]
|
|
||||||
# The port on which rndc should listen
|
|
||||||
# Defaults undef
|
|
||||||
#
|
|
||||||
# [*rndc_keys*]
|
|
||||||
# A list of keys that rndc should accept
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*rndc_allowed_addresses*]
|
|
||||||
# A list of addresses that are allowed to send rndc commands
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::designate (
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
$oslomsg_rpc_proto = lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'),
|
|
||||||
$oslomsg_rpc_hosts = any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)),
|
|
||||||
$oslomsg_rpc_password = lookup('oslo_messaging_rpc_password'),
|
|
||||||
$oslomsg_rpc_port = lookup('oslo_messaging_rpc_port', undef, undef, '5672'),
|
|
||||||
$oslomsg_rpc_username = lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest'),
|
|
||||||
$oslomsg_rpc_use_ssl = lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0'),
|
|
||||||
$oslomsg_notify_proto = lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit'),
|
|
||||||
$oslomsg_notify_hosts = any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)),
|
|
||||||
$oslomsg_notify_password = lookup('oslo_messaging_notify_password'),
|
|
||||||
$oslomsg_notify_port = lookup('oslo_messaging_notify_port', undef, undef, '5672'),
|
|
||||||
$oslomsg_notify_username = lookup('oslo_messaging_notify_user_name', undef, undef, 'guest'),
|
|
||||||
$oslomsg_notify_use_ssl = lookup('oslo_messaging_notify_use_ssl', undef, undef, '0'),
|
|
||||||
# DEPRECATED PARAMETERS
|
|
||||||
$rndc_host = undef,
|
|
||||||
$rndc_port = undef,
|
|
||||||
$rndc_keys = undef,
|
|
||||||
$rndc_allowed_addresses = undef,
|
|
||||||
) {
|
|
||||||
if $step >= 3 {
|
|
||||||
$oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl)))
|
|
||||||
$oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl)))
|
|
||||||
class { 'designate' :
|
|
||||||
default_transport_url => os_transport_url({
|
|
||||||
'transport' => $oslomsg_rpc_proto,
|
|
||||||
'hosts' => $oslomsg_rpc_hosts,
|
|
||||||
'port' => $oslomsg_rpc_port,
|
|
||||||
'username' => $oslomsg_rpc_username,
|
|
||||||
'password' => $oslomsg_rpc_password,
|
|
||||||
'ssl' => $oslomsg_rpc_use_ssl_real,
|
|
||||||
}),
|
|
||||||
notification_transport_url => os_transport_url({
|
|
||||||
'transport' => $oslomsg_notify_proto,
|
|
||||||
'hosts' => $oslomsg_notify_hosts,
|
|
||||||
'port' => $oslomsg_notify_port,
|
|
||||||
'username' => $oslomsg_notify_username,
|
|
||||||
'password' => $oslomsg_notify_password,
|
|
||||||
'ssl' => $oslomsg_notify_use_ssl_real,
|
|
||||||
}),
|
|
||||||
}
|
|
||||||
if ($rndc_host or $rndc_allowed_addresses or $rndc_keys or $rndc_allowed_addresses) {
|
|
||||||
warning('rndc/named configuration through puppet is no longer supported.')
|
|
||||||
}
|
|
||||||
include designate::config
|
|
||||||
include designate::logging
|
|
||||||
include designate::network_api::neutron
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,105 +0,0 @@
|
|||||||
# Copyright 2017 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::designate::api
|
|
||||||
#
|
|
||||||
# Designate API server profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
# [*certificates_specs*]
|
|
||||||
# (Optional) The specifications to give to certmonger for the certificate(s)
|
|
||||||
# it will create.
|
|
||||||
# Example with hiera:
|
|
||||||
# apache_certificates_specs:
|
|
||||||
# httpd-internal_api:
|
|
||||||
# hostname: <overcloud controller fqdn>
|
|
||||||
# service_certificate: <service certificate path>
|
|
||||||
# service_key: <service key path>
|
|
||||||
# principal: "haproxy/<overcloud controller fqdn>"
|
|
||||||
# Defaults to lookup('apache_certificates_specs', undef, undef, {}).
|
|
||||||
#
|
|
||||||
# [*enable_internal_tls*]
|
|
||||||
# (Optional) Whether TLS in the internal network is enabled or not.
|
|
||||||
# Defaults to lookup('enable_internal_tls', undef, undef, false)
|
|
||||||
#
|
|
||||||
# [*designate_network*]
|
|
||||||
# (Optional) The network name where the designate endpoint is listening on.
|
|
||||||
# This is set by t-h-t.
|
|
||||||
# Defaults to lookup('designate_api_network', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# DEPRECATED PARAMETERS
|
|
||||||
#
|
|
||||||
# [*listen_ip*]
|
|
||||||
# (Optional) The IP on which the API should listen. (now set by hiera via
|
|
||||||
# designate::wsgi::apache)
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*listen_port*]
|
|
||||||
# (Optional) The port on which the API should listen. (no longer needed,
|
|
||||||
# listen port gets default value from designate::wsgi::apache)
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*configure_apache*]
|
|
||||||
# (Optional) Whether apache is configured via puppet or not.
|
|
||||||
# Defaults to lookup('configure_apache', undef, undef, true)
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::designate::api (
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
$certificates_specs = lookup('apache_certificates_specs', undef, undef, {}),
|
|
||||||
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
|
|
||||||
$designate_network = lookup('designate_api_network', undef, undef, undef),
|
|
||||||
$listen_ip = undef,
|
|
||||||
$listen_port = undef,
|
|
||||||
$configure_apache = lookup('configure_apache', undef, undef, true),
|
|
||||||
) {
|
|
||||||
include tripleo::profile::base::designate
|
|
||||||
include tripleo::profile::base::designate::authtoken
|
|
||||||
|
|
||||||
if $enable_internal_tls {
|
|
||||||
if !$designate_network {
|
|
||||||
fail('designate_api_network is not set in the hieradata.')
|
|
||||||
}
|
|
||||||
$tls_certfile = $certificates_specs["httpd-${designate_network}"]['service_certificate']
|
|
||||||
$tls_keyfile = $certificates_specs["httpd-${designate_network}"]['service_key']
|
|
||||||
} else {
|
|
||||||
$tls_certfile = undef
|
|
||||||
$tls_keyfile = undef
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($step >= 3) {
|
|
||||||
# TODO: remove once the tripleo heat template changes merge
|
|
||||||
if $listen_ip and $listen_port {
|
|
||||||
$listen_uri = normalize_ip_for_uri($listen_ip)
|
|
||||||
class { 'designate::api':
|
|
||||||
listen => "${listen_uri}:${listen_port}"
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
if $configure_apache {
|
|
||||||
include tripleo::profile::base::apache
|
|
||||||
class { 'designate::wsgi::apache':
|
|
||||||
ssl_cert => $tls_certfile,
|
|
||||||
ssl_key => $tls_keyfile
|
|
||||||
}
|
|
||||||
}
|
|
||||||
include designate::api
|
|
||||||
}
|
|
||||||
include designate::healthcheck
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,84 +0,0 @@
|
|||||||
# Copyright 2020 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::designate::authtoken
|
|
||||||
#
|
|
||||||
# Designate authtoken profile for TripleO
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
# [*memcached_hosts*]
|
|
||||||
# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache.
|
|
||||||
# Defaults to lookup('memcached_node_names', undef, undef, [])
|
|
||||||
#
|
|
||||||
# [*memcached_port*]
|
|
||||||
# (Optional) Memcached port to use.
|
|
||||||
# Defaults to lookup('memcached_authtoken_port', undef, undef, 11211)
|
|
||||||
#
|
|
||||||
# [*memcached_ipv6*]
|
|
||||||
# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network.
|
|
||||||
# Defaults to lookup('memcached_ipv6', undef, undef, false)
|
|
||||||
#
|
|
||||||
# [*security_strategy*]
|
|
||||||
# (Optional) Memcached (authtoken) security strategy.
|
|
||||||
# Defaults to lookup('memcached_authtoken_security_strategy', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*secret_key*]
|
|
||||||
# (Optional) Memcached (authtoken) secret key, used with security_strategy.
|
|
||||||
# The key is hashed with a salt, to isolate services.
|
|
||||||
# Defaults to lookup('memcached_authtoken_secret_key', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# DEPRECATED PARAMETERS
|
|
||||||
#
|
|
||||||
# [*memcached_ips*]
|
|
||||||
# (Optional) Array of ipv4 or ipv6 addresses for memcache.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::designate::authtoken (
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
$memcached_hosts = lookup('memcached_node_names', undef, undef, []),
|
|
||||||
$memcached_port = lookup('memcached_authtoken_port', undef, undef, 11211),
|
|
||||||
$memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false),
|
|
||||||
$security_strategy = lookup('memcached_authtoken_security_strategy', undef, undef, undef),
|
|
||||||
$secret_key = lookup('memcached_authtoken_secret_key', undef, undef, undef),
|
|
||||||
# DEPRECATED PARAMETERS
|
|
||||||
$memcached_ips = undef
|
|
||||||
) {
|
|
||||||
$memcached_hosts_real = any2array(pick($memcached_ips, $memcached_hosts))
|
|
||||||
|
|
||||||
if $step >= 3 {
|
|
||||||
if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 {
|
|
||||||
$memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" }
|
|
||||||
} else {
|
|
||||||
$memcache_servers = suffix($memcached_hosts_real, ":${memcached_port}")
|
|
||||||
}
|
|
||||||
|
|
||||||
if $secret_key {
|
|
||||||
$hashed_secret_key = sha256("${secret_key}+designate")
|
|
||||||
} else {
|
|
||||||
$hashed_secret_key = undef
|
|
||||||
}
|
|
||||||
|
|
||||||
class { 'designate::keystone::authtoken':
|
|
||||||
memcached_servers => $memcache_servers,
|
|
||||||
memcache_security_strategy => $security_strategy,
|
|
||||||
memcache_secret_key => $hashed_secret_key,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,43 +0,0 @@
|
|||||||
# Copyright 2021 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::designate::backend
|
|
||||||
#
|
|
||||||
# Designate backend profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
# [*backend*]
|
|
||||||
# (Optional) Specify a backend used.
|
|
||||||
# Defaults to lookup('designate_backend', undef, undef, 'bind9'),
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::designate::backend (
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
$backend = lookup('designate_backend', undef, undef, 'bind9'),
|
|
||||||
) {
|
|
||||||
if $step >= 4 {
|
|
||||||
if $backend == 'bind9' {
|
|
||||||
class{ 'designate::backend::bind9':
|
|
||||||
configure_bind => false
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
fail("${backend} is not supported by designate")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,63 +0,0 @@
|
|||||||
# Copyright 2017 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::designate::central
|
|
||||||
#
|
|
||||||
# Designate Central profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*bootstrap_node*]
|
|
||||||
# (Optional) The hostname of the node responsible for bootstrapping tasks
|
|
||||||
# Defaults to lookup('designate_central_short_bootstrap_node_name', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
# DEPRECATED PARAMETERS
|
|
||||||
#
|
|
||||||
# [*pools_file_content*]
|
|
||||||
# (Optional) The content of /etc/designate/pools.yaml
|
|
||||||
# Defaults to the content of templates/designate/pools.yaml.erb
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::designate::central (
|
|
||||||
$bootstrap_node = lookup('designate_central_short_bootstrap_node_name', undef, undef, undef),
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
# DEPRECATED PARAMETERS
|
|
||||||
$pools_file_content = undef,
|
|
||||||
) {
|
|
||||||
if $bootstrap_node and $::hostname == downcase($bootstrap_node) {
|
|
||||||
$sync_db = true
|
|
||||||
} else {
|
|
||||||
$sync_db = false
|
|
||||||
}
|
|
||||||
|
|
||||||
if $pools_file_content {
|
|
||||||
warning('pool file content is no longer manually configurable')
|
|
||||||
}
|
|
||||||
|
|
||||||
include tripleo::profile::base::designate
|
|
||||||
include tripleo::profile::base::designate::coordination
|
|
||||||
|
|
||||||
if ($step >= 4 or ($step >= 3 and $sync_db)) {
|
|
||||||
class { 'designate::db':
|
|
||||||
sync_db => $sync_db,
|
|
||||||
}
|
|
||||||
include designate::central
|
|
||||||
include designate::quota
|
|
||||||
include designate::network_api::neutron
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,57 +0,0 @@
|
|||||||
# Copyright 2022 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::designate::coordination
|
|
||||||
#
|
|
||||||
# Designate Coordination profile for tripleo for setting coordination/redis
|
|
||||||
# related configuration.
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
# [*designate_redis_password*]
|
|
||||||
# (Optional) Password for the neutron redis user for the coordination url
|
|
||||||
# Defaults to lookup('designate_redis_password', undef, undef, undef),
|
|
||||||
#
|
|
||||||
# [*redis_vip*]
|
|
||||||
# (Optional) Redis ip address for the coordination url
|
|
||||||
# Defaults to lookup('redis_vip', undef, undef, undef),
|
|
||||||
#
|
|
||||||
# [*enable_internal_tls*]
|
|
||||||
# (Optional) Whether TLS in the internal network is enabled or not.
|
|
||||||
# Defaults to lookup('enable_internal_tls', undef, undef, false)
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::designate::coordination (
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
$designate_redis_password = lookup('designate_redis_password', undef, undef, undef),
|
|
||||||
$redis_vip = lookup('redis_vip', undef, undef, undef),
|
|
||||||
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
|
|
||||||
) {
|
|
||||||
if $step >= 4 {
|
|
||||||
if $redis_vip {
|
|
||||||
if $enable_internal_tls {
|
|
||||||
$tls_query_param = '?ssl=true'
|
|
||||||
} else {
|
|
||||||
$tls_query_param = ''
|
|
||||||
}
|
|
||||||
class { 'designate::coordination':
|
|
||||||
backend_url => join(['redis://:', $designate_redis_password, '@', normalize_ip_for_uri($redis_vip), ':6379/', $tls_query_param])
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,33 +0,0 @@
|
|||||||
# Copyright 2017 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::designate::mdns
|
|
||||||
#
|
|
||||||
# Designate MiniDNS profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::designate::mdns (
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
include tripleo::profile::base::designate
|
|
||||||
if $step >= 4 {
|
|
||||||
include designate::mdns
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,40 +0,0 @@
|
|||||||
# Copyright 2017 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::designate::producer
|
|
||||||
#
|
|
||||||
# Designate Producer profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::designate::producer (
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
include tripleo::profile::base::designate
|
|
||||||
include tripleo::profile::base::designate::coordination
|
|
||||||
|
|
||||||
if $step >= 4 {
|
|
||||||
include designate::producer
|
|
||||||
include designate::producer_task::delayed_notify
|
|
||||||
include designate::producer_task::periodic_exists
|
|
||||||
include designate::producer_task::periodic_secondary_refresh
|
|
||||||
include designate::producer_task::worker_periodic_recovery
|
|
||||||
include designate::producer_task::zone_purge
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,33 +0,0 @@
|
|||||||
# Copyright 2017 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::designate::sink
|
|
||||||
#
|
|
||||||
# Designate Sink profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::designate::sink (
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
include tripleo::profile::base::designate
|
|
||||||
if $step >= 4 {
|
|
||||||
include designate::sink
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,45 +0,0 @@
|
|||||||
# Copyright 2017 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::designate::worker
|
|
||||||
#
|
|
||||||
# Designate Worker profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
# DEPRECATED PARAMETERS
|
|
||||||
#
|
|
||||||
# [*rndc_key*]
|
|
||||||
# (Optional) The base64-encoded key secret for /etc/rndc.key.
|
|
||||||
# Defaults to lookup('designate_rndc_key', undef, undef, false)
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::designate::worker (
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
# DEPRECATED PARAMETERS
|
|
||||||
$rndc_key = lookup('designate_rndc_key', undef, undef, false),
|
|
||||||
) {
|
|
||||||
include tripleo::profile::base::designate
|
|
||||||
|
|
||||||
if $step >= 4 {
|
|
||||||
if $rndc_key {
|
|
||||||
warning('Configuring rndc keys through puppet has been deprecated')
|
|
||||||
}
|
|
||||||
include designate::worker
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,98 +0,0 @@
|
|||||||
# Copyright 2016 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::etcd
|
|
||||||
#
|
|
||||||
# etcd profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*bind_ip*]
|
|
||||||
# (optional) IP to bind etcd service to.
|
|
||||||
# Defaults to '127.0.0.1'.
|
|
||||||
#
|
|
||||||
# [*client_port*]
|
|
||||||
# (optional) etcd client listening port.
|
|
||||||
# Defaults to '2379'.
|
|
||||||
#
|
|
||||||
# [*peer_port*]
|
|
||||||
# (optional) etcd peer listening port.
|
|
||||||
# Defaults to '2380'.
|
|
||||||
#
|
|
||||||
# [*nodes*]
|
|
||||||
# (Optional) Array of host(s) for etcd nodes.
|
|
||||||
# Defaults to lookup('etcd_node_ips', undef, undef, []).
|
|
||||||
#
|
|
||||||
# [*certificate_specs*]
|
|
||||||
# (Optional) The specifications to give to certmonger for the certificate
|
|
||||||
# it will create. Note that the certificate nickname must be 'etcd' in
|
|
||||||
# the case of this service.
|
|
||||||
# Example with hiera:
|
|
||||||
# tripleo::profile::base::etcd::certificate_specs:
|
|
||||||
# hostname: <overcloud controller fqdn>
|
|
||||||
# service_certificate: <service certificate path>
|
|
||||||
# service_key: <service key path>
|
|
||||||
# principal: "etcd/<overcloud controller fqdn>"
|
|
||||||
# Defaults to {}.
|
|
||||||
#
|
|
||||||
# [*enable_internal_tls*]
|
|
||||||
# (Optional) Whether TLS in the internal network is enabled or not.
|
|
||||||
# Defaults to lookup('enable_internal_tls', undef, undef, false)
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::etcd (
|
|
||||||
$bind_ip = '127.0.0.1',
|
|
||||||
$client_port = '2379',
|
|
||||||
$peer_port = '2380',
|
|
||||||
$nodes = lookup('etcd_node_names', undef, undef, []),
|
|
||||||
$certificate_specs = {},
|
|
||||||
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
|
|
||||||
validate_legacy(Hash, 'validate_hash', $certificate_specs)
|
|
||||||
|
|
||||||
if $enable_internal_tls {
|
|
||||||
$tls_certfile = $certificate_specs['service_certificate']
|
|
||||||
$tls_keyfile = $certificate_specs['service_key']
|
|
||||||
$protocol = 'https'
|
|
||||||
} else {
|
|
||||||
$tls_certfile = undef
|
|
||||||
$tls_keyfile = undef
|
|
||||||
$protocol = 'http'
|
|
||||||
}
|
|
||||||
|
|
||||||
if $step >= 2 {
|
|
||||||
$bind_ip_normalized = normalize_ip_for_uri($bind_ip)
|
|
||||||
|
|
||||||
class {'etcd':
|
|
||||||
listen_client_urls => "${protocol}://${bind_ip_normalized}:${client_port}",
|
|
||||||
advertise_client_urls => "${protocol}://${bind_ip_normalized}:${client_port}",
|
|
||||||
listen_peer_urls => "${protocol}://${bind_ip_normalized}:${peer_port}",
|
|
||||||
initial_advertise_peer_urls => "${protocol}://${bind_ip_normalized}:${peer_port}",
|
|
||||||
initial_cluster => regsubst($nodes, '.+', "\\0=${protocol}://\\0:${peer_port}"),
|
|
||||||
proxy => 'off',
|
|
||||||
cert_file => $tls_certfile,
|
|
||||||
key_file => $tls_keyfile,
|
|
||||||
client_cert_auth => $enable_internal_tls,
|
|
||||||
peer_cert_file => $tls_certfile,
|
|
||||||
peer_key_file => $tls_keyfile,
|
|
||||||
peer_client_cert_auth => $enable_internal_tls,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,317 +0,0 @@
|
|||||||
# Copyright 2016 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::glance::api
|
|
||||||
#
|
|
||||||
# Glance API profile for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*bootstrap_node*]
|
|
||||||
# (Optional) The hostname of the node responsible for bootstrapping tasks
|
|
||||||
# Defaults to lookup('glance_api_short_bootstrap_node_name', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*certificates_specs*]
|
|
||||||
# (Optional) The specifications to give to certmonger for the certificate(s)
|
|
||||||
# it will create.
|
|
||||||
# Example with hiera:
|
|
||||||
# apache_certificates_specs:
|
|
||||||
# httpd-internal_api:
|
|
||||||
# hostname: <overcloud controller fqdn>
|
|
||||||
# service_certificate: <service certificate path>
|
|
||||||
# service_key: <service key path>
|
|
||||||
# principal: "haproxy/<overcloud controller fqdn>"
|
|
||||||
# Defaults to lookup('apache_certificates_specs', undef, undef, {}).
|
|
||||||
#
|
|
||||||
# [*enable_internal_tls*]
|
|
||||||
# (Optional) Whether TLS in the internal network is enabled or not.
|
|
||||||
# Defaults to lookup('enable_internal_tls', undef, undef, false)
|
|
||||||
#
|
|
||||||
# [*glance_backend*]
|
|
||||||
# (Optional) Default glance backend type.
|
|
||||||
# Defaults to downcase(lookup('glance_backend', undef, undef, 'swift'))
|
|
||||||
#
|
|
||||||
# [*glance_backend_id*]
|
|
||||||
# (Optional) Default glance backend identifier.
|
|
||||||
# Defaults to 'default_backend'
|
|
||||||
#
|
|
||||||
# [*glance_network*]
|
|
||||||
# (Optional) The network name where the glance endpoint is listening on.
|
|
||||||
# This is set by t-h-t.
|
|
||||||
# Defaults to lookup('glance_api_network', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*bind_port*]
|
|
||||||
# (optional) The port the server should bind to.
|
|
||||||
# Default: 9292
|
|
||||||
#
|
|
||||||
# [*log_dir*]
|
|
||||||
# (Optional) Directory where logs should be stored.
|
|
||||||
# If set to $::os_service_default, it will not log to any directory.
|
|
||||||
# Defaults to '/var/log/glance'.
|
|
||||||
#
|
|
||||||
# [*log_file*]
|
|
||||||
# (Optional) File where logs should be stored.
|
|
||||||
# If set to $::os_service_default, it will not log to any file.
|
|
||||||
# Defaults to '/var/log/glance/api.log'.
|
|
||||||
#
|
|
||||||
# [*show_image_direct_url*]
|
|
||||||
# (optional) Expose image location to trusted clients.
|
|
||||||
# Defaults to false
|
|
||||||
#
|
|
||||||
# [*show_multiple_locations*]
|
|
||||||
# (optional) Whether to include the backend image locations in image
|
|
||||||
# properties.
|
|
||||||
# Defaults to false
|
|
||||||
#
|
|
||||||
# [*multistore_config*]
|
|
||||||
# (Optional) Hash of settings for configuring additional glance-api backends.
|
|
||||||
# Defaults to {}
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_proto*]
|
|
||||||
# Protocol driver for the oslo messaging rpc service
|
|
||||||
# Defaults to lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit')
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_hosts*]
|
|
||||||
# list of the oslo messaging rpc host fqdns
|
|
||||||
# Defaults to any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef))
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_port*]
|
|
||||||
# IP port for oslo messaging rpc service
|
|
||||||
# Defaults to lookup('oslo_messaging_rpc_port', undef, undef, '5672')
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_username*]
|
|
||||||
# Username for oslo messaging rpc service
|
|
||||||
# Defaults to lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest')
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_password*]
|
|
||||||
# Password for oslo messaging rpc service
|
|
||||||
# Defaults to lookup('oslo_messaging_rpc_password')
|
|
||||||
#
|
|
||||||
# [*oslomsg_rpc_use_ssl*]
|
|
||||||
# Enable ssl oslo messaging services
|
|
||||||
# Defaults to lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0')
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_proto*]
|
|
||||||
# Protocol driver for the oslo messaging notify service
|
|
||||||
# Defaults to lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit')
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_hosts*]
|
|
||||||
# list of the oslo messaging notify host fqdns
|
|
||||||
# Defaults to any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef))
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_port*]
|
|
||||||
# IP port for oslo messaging notify service
|
|
||||||
# Defaults to lookup('oslo_messaging_notify_port', undef, undef, '5672')
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_username*]
|
|
||||||
# Username for oslo messaging notify service
|
|
||||||
# Defaults to lookup('oslo_messaging_notify_user_name', undef, undef, 'guest')
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_password*]
|
|
||||||
# Password for oslo messaging notify service
|
|
||||||
# Defaults to lookup('oslo_messaging_notify_password')
|
|
||||||
#
|
|
||||||
# [*oslomsg_notify_use_ssl*]
|
|
||||||
# Enable ssl oslo messaging services
|
|
||||||
# Defaults to lookup('oslo_messaging_notify_use_ssl', undef, undef, '0')
|
|
||||||
#
|
|
||||||
# [*tls_proxy_bind_ip*]
|
|
||||||
# IP on which the TLS proxy will listen on. Required only if
|
|
||||||
# enable_internal_tls is set.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
# [*tls_proxy_fqdn*]
|
|
||||||
# fqdn on which the tls proxy will listen on. required only used if
|
|
||||||
# enable_internal_tls is set.
|
|
||||||
# defaults to undef
|
|
||||||
#
|
|
||||||
# [*tls_proxy_port*]
|
|
||||||
# port on which the tls proxy will listen on. Only used if
|
|
||||||
# enable_internal_tls is set.
|
|
||||||
# defaults to 9292
|
|
||||||
#
|
|
||||||
# [*glance_enable_db_purge*]
|
|
||||||
# (optional) Whether to enable db purging
|
|
||||||
# defaults to true
|
|
||||||
#
|
|
||||||
# [*glance_enable_cache*]
|
|
||||||
# (optional) Whether to enable caching
|
|
||||||
# defaults to false
|
|
||||||
#
|
|
||||||
# [*configure_apache*]
|
|
||||||
# (Optional) Whether apache is configured via puppet or not.
|
|
||||||
# Defaults to lookup('configure_apache', undef, undef, true)
|
|
||||||
#
|
|
||||||
# DEPRECATED PARAMETERS
|
|
||||||
#
|
|
||||||
# [*glance_rbd_client_name*]
|
|
||||||
# (optional) Deprecated. RBD client name
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::glance::api (
|
|
||||||
$bootstrap_node = lookup('glance_api_short_bootstrap_node_name', undef, undef, undef),
|
|
||||||
$certificates_specs = lookup('apache_certificates_specs', undef, undef, {}),
|
|
||||||
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
|
|
||||||
$glance_backend = downcase(lookup('glance_backend', undef, undef, 'swift')),
|
|
||||||
$glance_backend_id = 'default_backend',
|
|
||||||
$glance_network = lookup('glance_api_network', undef, undef, undef),
|
|
||||||
$bind_port = 9292,
|
|
||||||
$log_dir = '/var/log/glance',
|
|
||||||
$log_file = '/var/log/glance/api.log',
|
|
||||||
$show_image_direct_url = false,
|
|
||||||
$show_multiple_locations = false,
|
|
||||||
$multistore_config = {},
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
$oslomsg_rpc_proto = lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'),
|
|
||||||
$oslomsg_rpc_hosts = any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)),
|
|
||||||
$oslomsg_rpc_password = lookup('oslo_messaging_rpc_password'),
|
|
||||||
$oslomsg_rpc_port = lookup('oslo_messaging_rpc_port', undef, undef, '5672'),
|
|
||||||
$oslomsg_rpc_username = lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest'),
|
|
||||||
$oslomsg_rpc_use_ssl = lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0'),
|
|
||||||
$oslomsg_notify_proto = lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit'),
|
|
||||||
$oslomsg_notify_hosts = any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)),
|
|
||||||
$oslomsg_notify_password = lookup('oslo_messaging_notify_password'),
|
|
||||||
$oslomsg_notify_port = lookup('oslo_messaging_notify_port', undef, undef, '5672'),
|
|
||||||
$oslomsg_notify_username = lookup('oslo_messaging_notify_user_name', undef, undef, 'guest'),
|
|
||||||
$oslomsg_notify_use_ssl = lookup('oslo_messaging_notify_use_ssl', undef, undef, '0'),
|
|
||||||
$tls_proxy_bind_ip = undef,
|
|
||||||
$tls_proxy_fqdn = undef,
|
|
||||||
$tls_proxy_port = 9292,
|
|
||||||
$glance_enable_db_purge = true,
|
|
||||||
$glance_enable_cache = false,
|
|
||||||
$configure_apache = lookup('configure_apache', undef, undef, true),
|
|
||||||
# DEPRECATED PARAMETERS
|
|
||||||
$glance_rbd_client_name = undef,
|
|
||||||
) {
|
|
||||||
if $bootstrap_node and $::hostname == downcase($bootstrap_node) {
|
|
||||||
$sync_db = true
|
|
||||||
} else {
|
|
||||||
$sync_db = false
|
|
||||||
}
|
|
||||||
|
|
||||||
include tripleo::profile::base::glance::authtoken
|
|
||||||
|
|
||||||
if $step >= 4 or ($step >= 3 and $sync_db) {
|
|
||||||
if $enable_internal_tls {
|
|
||||||
if !$glance_network {
|
|
||||||
fail('glance_api_network is not set in the hieradata.')
|
|
||||||
}
|
|
||||||
if !$tls_proxy_bind_ip {
|
|
||||||
fail('glance_api_tls_proxy_bind_ip is not set in the hieradata.')
|
|
||||||
}
|
|
||||||
if !$tls_proxy_fqdn {
|
|
||||||
fail('tls_proxy_fqdn is required if internal TLS is enabled.')
|
|
||||||
}
|
|
||||||
$tls_certfile = $certificates_specs["httpd-${glance_network}"]['service_certificate']
|
|
||||||
$tls_keyfile = $certificates_specs["httpd-${glance_network}"]['service_key']
|
|
||||||
|
|
||||||
if $configure_apache {
|
|
||||||
tripleo::tls_proxy { 'glance-api':
|
|
||||||
servername => $tls_proxy_fqdn,
|
|
||||||
ip => $tls_proxy_bind_ip,
|
|
||||||
port => $tls_proxy_port,
|
|
||||||
tls_cert => $tls_certfile,
|
|
||||||
tls_key => $tls_keyfile,
|
|
||||||
notify => Class['glance::api'],
|
|
||||||
}
|
|
||||||
include tripleo::profile::base::apache
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
$multistore_backends = $multistore_config.map |$backend_config| {
|
|
||||||
unless has_key($backend_config[1], 'GlanceBackend') {
|
|
||||||
fail("multistore_config '${backend_config[0]}' does not specify a glance_backend.")
|
|
||||||
}
|
|
||||||
"${backend_config[0]}:${backend_config[1]['GlanceBackend']}"
|
|
||||||
}
|
|
||||||
|
|
||||||
$enabled_backends = ["${glance_backend_id}:${glance_backend}"] + $multistore_backends
|
|
||||||
|
|
||||||
include glance
|
|
||||||
include glance::config
|
|
||||||
include glance::healthcheck
|
|
||||||
include glance::api::db
|
|
||||||
class { 'glance::api::logging':
|
|
||||||
log_dir => $log_dir,
|
|
||||||
log_file => $log_file,
|
|
||||||
}
|
|
||||||
class { 'glance::api':
|
|
||||||
bind_port => $bind_port,
|
|
||||||
enabled_backends => $enabled_backends,
|
|
||||||
default_backend => $glance_backend_id,
|
|
||||||
show_image_direct_url => $show_image_direct_url,
|
|
||||||
show_multiple_locations => $show_multiple_locations,
|
|
||||||
sync_db => $sync_db,
|
|
||||||
}
|
|
||||||
include glance::key_manager
|
|
||||||
include glance::key_manager::barbican
|
|
||||||
|
|
||||||
['cinder', 'file', 'rbd', 'swift'].each |String $backend_type| {
|
|
||||||
|
|
||||||
# Generate a list of backend names for a given backend type
|
|
||||||
$backend_names = $enabled_backends.reduce([]) |$accum, String $backend| {
|
|
||||||
$backend_info = $backend.split(':')
|
|
||||||
if $backend_info[1] == $backend_type {
|
|
||||||
$accum << $backend_info[0]
|
|
||||||
} else {
|
|
||||||
$accum
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
unless empty($backend_names) {
|
|
||||||
class { "tripleo::profile::base::glance::backend::${backend_type}":
|
|
||||||
backend_names => $backend_names,
|
|
||||||
multistore_config => $multistore_config,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
$oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl)))
|
|
||||||
$oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl)))
|
|
||||||
class { 'glance::notify::rabbitmq' :
|
|
||||||
default_transport_url => os_transport_url({
|
|
||||||
'transport' => $oslomsg_rpc_proto,
|
|
||||||
'hosts' => $oslomsg_rpc_hosts,
|
|
||||||
'port' => $oslomsg_rpc_port,
|
|
||||||
'username' => $oslomsg_rpc_username,
|
|
||||||
'password' => $oslomsg_rpc_password,
|
|
||||||
'ssl' => $oslomsg_rpc_use_ssl_real,
|
|
||||||
}),
|
|
||||||
notification_transport_url => os_transport_url({
|
|
||||||
'transport' => $oslomsg_notify_proto,
|
|
||||||
'hosts' => $oslomsg_notify_hosts,
|
|
||||||
'port' => $oslomsg_notify_port,
|
|
||||||
'username' => $oslomsg_notify_username,
|
|
||||||
'password' => $oslomsg_notify_password,
|
|
||||||
'ssl' => $oslomsg_notify_use_ssl_real,
|
|
||||||
}),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if $step >= 5 {
|
|
||||||
if $glance_enable_db_purge {
|
|
||||||
include glance::cron::db_purge
|
|
||||||
}
|
|
||||||
if $glance_enable_cache {
|
|
||||||
include glance::cache::cleaner
|
|
||||||
include glance::cache::pruner
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,84 +0,0 @@
|
|||||||
# Copyright 2019 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::glance::authtoken
|
|
||||||
#
|
|
||||||
# Glance authtoken profile for TripleO
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
# [*memcached_hosts*]
|
|
||||||
# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache.
|
|
||||||
# Defaults to lookup('memcached_node_names', undef, undef, [])
|
|
||||||
#
|
|
||||||
# [*memcached_port*]
|
|
||||||
# (Optional) Memcached port to use.
|
|
||||||
# Defaults to lookup('memcached_authtoken_port', undef, undef, 11211)
|
|
||||||
#
|
|
||||||
# [*memcached_ipv6*]
|
|
||||||
# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network.
|
|
||||||
# Defaults to lookup('memcached_ipv6', undef, undef, false)
|
|
||||||
#
|
|
||||||
# [*security_strategy*]
|
|
||||||
# (Optional) Memcached (authtoken) security strategy.
|
|
||||||
# Defaults to lookup('memcached_authtoken_security_strategy', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*secret_key*]
|
|
||||||
# (Optional) Memcached (authtoken) secret key, used with security_strategy.
|
|
||||||
# The key is hashed with a salt, to isolate services.
|
|
||||||
# Defaults to lookup('memcached_authtoken_secret_key', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# DEPRECATED PARAMETERS
|
|
||||||
#
|
|
||||||
# [*memcached_ips*]
|
|
||||||
# (Optional) Array of ipv4 or ipv6 addresses for memcache.
|
|
||||||
# Defaults to undef
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::glance::authtoken (
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
$memcached_hosts = lookup('memcached_node_names', undef, undef, []),
|
|
||||||
$memcached_port = lookup('memcached_authtoken_port', undef, undef, 11211),
|
|
||||||
$memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false),
|
|
||||||
$security_strategy = lookup('memcached_authtoken_security_strategy', undef, undef, undef),
|
|
||||||
$secret_key = lookup('memcached_authtoken_secret_key', undef, undef, undef),
|
|
||||||
# DEPRECATED PARAMETERS
|
|
||||||
$memcached_ips = undef
|
|
||||||
) {
|
|
||||||
$memcached_hosts_real = any2array(pick($memcached_ips, $memcached_hosts))
|
|
||||||
|
|
||||||
if $step >= 3 {
|
|
||||||
if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 {
|
|
||||||
$memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" }
|
|
||||||
} else {
|
|
||||||
$memcache_servers = suffix($memcached_hosts_real, ":${memcached_port}")
|
|
||||||
}
|
|
||||||
|
|
||||||
if $secret_key {
|
|
||||||
$hashed_secret_key = sha256("${secret_key}+glance")
|
|
||||||
} else {
|
|
||||||
$hashed_secret_key = undef
|
|
||||||
}
|
|
||||||
|
|
||||||
class { 'glance::api::authtoken':
|
|
||||||
memcached_servers => $memcache_servers,
|
|
||||||
memcache_security_strategy => $security_strategy,
|
|
||||||
memcache_secret_key => $hashed_secret_key,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,146 +0,0 @@
|
|||||||
# Copyright 2020 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::glance::backend::cinder
|
|
||||||
#
|
|
||||||
# Glance API cinder backend configuration for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*backend_names*]
|
|
||||||
# Array of cinder store backend names.
|
|
||||||
#
|
|
||||||
# [*multistore_config*]
|
|
||||||
# (Optional) Hash containing multistore data for configuring multiple backends.
|
|
||||||
# Defaults to {}
|
|
||||||
#
|
|
||||||
# [*cinder_ca_certificates_file*]
|
|
||||||
# (Optional) Location of ca certificate file to use for cinder client requests.
|
|
||||||
# Defaults to lookup('glance::backend::cinder::cinder_ca_certificates_file', undef, undef, undef).
|
|
||||||
#
|
|
||||||
# [*cinder_api_insecure*]
|
|
||||||
# (Optional) Allow to perform insecure SSL requests to cinder.
|
|
||||||
# Defaults to lookup('glance::backend::cinder::cinder_api_insecure', undef, undef, undef).
|
|
||||||
#
|
|
||||||
# [*cinder_catalog_info*]
|
|
||||||
# (Optional) Info to match when looking for cinder in the service catalog.
|
|
||||||
# Defaults to lookup('glance::backend::cinder::cinder_catalog_info', undef, undef, undef).
|
|
||||||
#
|
|
||||||
# [*cinder_endpoint_template*]
|
|
||||||
# (Optional) Override service catalog lookup with template for cinder endpoint.
|
|
||||||
# Defaults to lookup('glance::backend::cinder::cinder_endpoint_template', undef, undef, undef).
|
|
||||||
#
|
|
||||||
# [*cinder_http_retries*]
|
|
||||||
# (Optional) Number of cinderclient retries on failed http calls.
|
|
||||||
# Defaults to lookup('glance::backend::cinder::cinder_http_retries', undef, undef, undef).
|
|
||||||
#
|
|
||||||
# [*cinder_store_auth_address*]
|
|
||||||
# (Optional) A valid authentication service address.
|
|
||||||
# Defaults to lookup('glance::backend::cinder::cinder_store_auth_address', undef, undef, undef).
|
|
||||||
#
|
|
||||||
# [*cinder_store_project_name*]
|
|
||||||
# (Optional) Project name where the image volume is stored in cinder.
|
|
||||||
# Defaults to lookup('glance::backend::cinder::cinder_store_project_name', undef, undef, undef).
|
|
||||||
#
|
|
||||||
# [*cinder_store_user_name*]
|
|
||||||
# (Optional) User name to authenticate against cinder.
|
|
||||||
# Defaults to lookup('glance::backend::cinder::cinder_store_user_name', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*cinder_store_password*]
|
|
||||||
# (Optional) A valid password for the user specified by `cinder_store_user_name'
|
|
||||||
# Defaults to lookup('glance::backend::cinder::cinder_store_password', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*cinder_os_region_name*]
|
|
||||||
# (optional) Sets the keystone region to use.
|
|
||||||
# Defaults to lookup('glance::backend::cinder::cinder_os_region_name', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*cinder_enforce_multipath*]
|
|
||||||
# (Optional) Set to True when multipathd is enabled
|
|
||||||
# Defaults to lookup('glance::backend::cinder::cinder_enforce_multipath', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*cinder_use_multipath*]
|
|
||||||
# (Optional) Set to True when multipathd is enabled
|
|
||||||
# Defaults to lookup('glance::backend::cinder::cinder_use_multipath', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*cinder_mount_point_base*]
|
|
||||||
# (Optional) Directory where the NFS volume is mounted on the glance node.
|
|
||||||
# Defaults to lookup('glance::backend::cinder::cinder_mount_point_base', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*cinder_volume_type*]
|
|
||||||
# (Optional) The volume type to be used to create image volumes in cinder.
|
|
||||||
# Defaults to lookup('glance::backend::cinder::cinder_volume_type', undef, undef, undef)
|
|
||||||
#
|
|
||||||
# [*store_description*]
|
|
||||||
# (Optional) Provides constructive information about the store backend to
|
|
||||||
# end users.
|
|
||||||
# Defaults to lookup('tripleo::profile::base::glance::api::glance_store_description', undef, undef, 'Cinder store').
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::glance::backend::cinder (
|
|
||||||
$backend_names,
|
|
||||||
$multistore_config = {},
|
|
||||||
$cinder_ca_certificates_file = lookup('glance::backend::cinder::cinder_ca_certificates_file', undef, undef, undef),
|
|
||||||
$cinder_api_insecure = lookup('glance::backend::cinder::cinder_api_insecure', undef, undef, undef),
|
|
||||||
$cinder_catalog_info = lookup('glance::backend::cinder::cinder_catalog_info', undef, undef, undef),
|
|
||||||
$cinder_endpoint_template = lookup('glance::backend::cinder::cinder_endpoint_template', undef, undef, undef),
|
|
||||||
$cinder_http_retries = lookup('glance::backend::cinder::cinder_http_retries', undef, undef, undef),
|
|
||||||
$cinder_store_auth_address = lookup('glance::backend::cinder::cinder_store_auth_address', undef, undef, undef),
|
|
||||||
$cinder_store_project_name = lookup('glance::backend::cinder::cinder_store_project_name', undef, undef, undef),
|
|
||||||
$cinder_store_user_name = lookup('glance::backend::cinder::cinder_store_user_name', undef, undef, undef),
|
|
||||||
$cinder_store_password = lookup('glance::backend::cinder::cinder_store_password', undef, undef, undef),
|
|
||||||
$cinder_os_region_name = lookup('glance::backend::cinder::cinder_os_region_name', undef, undef, undef),
|
|
||||||
$cinder_enforce_multipath = lookup('glance::backend::cinder::cinder_enforce_multipath', undef, undef, undef),
|
|
||||||
$cinder_use_multipath = lookup('glance::backend::cinder::cinder_use_multipath', undef, undef, undef),
|
|
||||||
$cinder_mount_point_base = lookup('glance::backend::cinder::cinder_mount_point_base', undef, undef, undef),
|
|
||||||
$cinder_volume_type = lookup('glance::backend::cinder::cinder_volume_type', undef, undef, undef),
|
|
||||||
$store_description = lookup('tripleo::profile::base::glance::api::glance_store_description', undef, undef, 'Cinder store'),
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
|
|
||||||
|
|
||||||
if $step >= 4 {
|
|
||||||
$backend_names.each |String $backend_name| {
|
|
||||||
$backend_config = pick($multistore_config[$backend_name], {})
|
|
||||||
$store_description_real = pick($backend_config['GlanceStoreDescription'], $store_description)
|
|
||||||
|
|
||||||
if $backend_config['GlanceCinderVolumeType'] {
|
|
||||||
$cinder_volume_type_real = $backend_config['GlanceCinderVolumeType']
|
|
||||||
} else {
|
|
||||||
$cinder_volume_type_real = $cinder_volume_type
|
|
||||||
}
|
|
||||||
|
|
||||||
create_resources('glance::backend::multistore::cinder', { $backend_name => delete_undef_values({
|
|
||||||
'cinder_api_insecure' => $cinder_api_insecure,
|
|
||||||
'cinder_catalog_info' => $cinder_catalog_info,
|
|
||||||
'cinder_http_retries' => $cinder_http_retries,
|
|
||||||
'cinder_endpoint_template' => $cinder_endpoint_template,
|
|
||||||
'cinder_ca_certificates_file' => $cinder_ca_certificates_file,
|
|
||||||
'cinder_store_auth_address' => $cinder_store_auth_address,
|
|
||||||
'cinder_store_project_name' => $cinder_store_project_name,
|
|
||||||
'cinder_store_user_name' => $cinder_store_user_name,
|
|
||||||
'cinder_store_password' => $cinder_store_password,
|
|
||||||
'cinder_os_region_name' => $cinder_os_region_name,
|
|
||||||
'cinder_enforce_multipath' => $cinder_enforce_multipath,
|
|
||||||
'cinder_use_multipath' => $cinder_use_multipath,
|
|
||||||
'cinder_mount_point_base' => $cinder_mount_point_base,
|
|
||||||
'cinder_volume_type' => $cinder_volume_type_real,
|
|
||||||
'store_description' => $store_description_real,
|
|
||||||
})})
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,71 +0,0 @@
|
|||||||
# Copyright 2020 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::glance::backend::file
|
|
||||||
#
|
|
||||||
# Glance API file backend configuration for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*backend_names*]
|
|
||||||
# Array of file store backend names.
|
|
||||||
#
|
|
||||||
# [*multistore_config*]
|
|
||||||
# (Optional) Hash containing multistore data for configuring multiple backends.
|
|
||||||
# Defaults to {}
|
|
||||||
#
|
|
||||||
# [*filesystem_store_datadir*]
|
|
||||||
# (Optional) Location where dist images are stored when the backend type is file.
|
|
||||||
# Defaults to lookup('glance::backend::file::filesystem_store_datadir', undef, undef, undef).
|
|
||||||
#
|
|
||||||
# [*filesystem_thin_provisioning*]
|
|
||||||
# (Optional) Boolean describing if thin provisioning is enabled or not
|
|
||||||
# Defaults to lookup('glance::backend::file::filesystem_thin_provisioning', undef, undef, undef).
|
|
||||||
#
|
|
||||||
# [*store_description*]
|
|
||||||
# (Optional) Provides constructive information about the store backend to
|
|
||||||
# end users.
|
|
||||||
# Defaults to lookup('tripleo::profile::base::glance::api::glance_store_description', undef, undef, 'File store').
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::glance::backend::file (
|
|
||||||
$backend_names,
|
|
||||||
$multistore_config = {},
|
|
||||||
$filesystem_store_datadir = lookup('glance::backend::file::filesystem_store_datadir', undef, undef, undef),
|
|
||||||
$filesystem_thin_provisioning = lookup('glance::backend::file::filesystem_thin_provisioning', undef, undef, undef),
|
|
||||||
$store_description = lookup('tripleo::profile::base::glance::api::glance_store_description', undef, undef, 'File store'),
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
|
|
||||||
if $backend_names.length() > 1 {
|
|
||||||
fail('Multiple file backends are not supported.')
|
|
||||||
}
|
|
||||||
|
|
||||||
if $step >= 4 {
|
|
||||||
$backend_name = $backend_names[0]
|
|
||||||
|
|
||||||
$multistore_description = pick($multistore_config[$backend_name], {})['GlanceStoreDescription']
|
|
||||||
$store_description_real = pick($multistore_description, $store_description)
|
|
||||||
|
|
||||||
create_resources('glance::backend::multistore::file', { $backend_name => delete_undef_values({
|
|
||||||
'filesystem_store_datadir' => $filesystem_store_datadir,
|
|
||||||
'filesystem_thin_provisioning' => $filesystem_thin_provisioning,
|
|
||||||
'store_description' => $store_description_real,
|
|
||||||
})})
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,102 +0,0 @@
|
|||||||
# Copyright 2020 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
#
|
|
||||||
# == Class: tripleo::profile::base::glance::backend::rbd
|
|
||||||
#
|
|
||||||
# Glance API rbd backend configuration for tripleo
|
|
||||||
#
|
|
||||||
# === Parameters
|
|
||||||
#
|
|
||||||
# [*backend_names*]
|
|
||||||
# Array of rbd store backend names.
|
|
||||||
#
|
|
||||||
# [*multistore_config*]
|
|
||||||
# (Optional) Hash containing multistore data for configuring multiple backends.
|
|
||||||
# Defaults to {}
|
|
||||||
#
|
|
||||||
# [*rbd_store_ceph_conf*]
|
|
||||||
# (Optional) Ceph cluster config file.
|
|
||||||
# Defaults to lookup('glance::backend::rbd::rbd_store_ceph_conf', undef, undef, '/etc/ceph/ceph.conf').
|
|
||||||
#
|
|
||||||
# [*rbd_store_user*]
|
|
||||||
# (Optional) Ceph client username.
|
|
||||||
# Defaults to lookup('glance::backend::rbd::rbd_store_user', undef, undef, 'openstack').
|
|
||||||
#
|
|
||||||
# [*rbd_store_pool*]
|
|
||||||
# (Optional) Ceph pool for storing images.
|
|
||||||
# Defaults to lookup('glance::backend::rbd::rbd_store_pool', undef, undef, 'images').
|
|
||||||
#
|
|
||||||
# [*rbd_store_chunk_size*]
|
|
||||||
# (Optional) RBD chunk size.
|
|
||||||
# Defaults to lookup('glance::backend::rbd::rbd_store_chunk_size', undef, undef, undef).
|
|
||||||
#
|
|
||||||
# [*rbd_thin_provisioning*]
|
|
||||||
# (Optional) Boolean describing if thin provisioning is enabled or not
|
|
||||||
# Defaults to lookup('glance::backend::rbd::rbd_thin_provisioning', undef, undef, undef).
|
|
||||||
#
|
|
||||||
# [*rados_connect_timeout*]
|
|
||||||
# (Optional) RADOS connection timeout.
|
|
||||||
# Defaults to lookup('glance::backend::rbd::rados_connect_timeout', undef, undef, undef).
|
|
||||||
#
|
|
||||||
# [*store_description*]
|
|
||||||
# (Optional) Provides constructive information about the store backend to
|
|
||||||
# end users.
|
|
||||||
# Defaults to lookup('tripleo::profile::base::glance::api::glance_store_description', undef, undef, 'RBD store').
|
|
||||||
#
|
|
||||||
# [*step*]
|
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
||||||
# for more details.
|
|
||||||
# Defaults to Integer(lookup('step'))
|
|
||||||
#
|
|
||||||
class tripleo::profile::base::glance::backend::rbd (
|
|
||||||
$backend_names,
|
|
||||||
$multistore_config = {},
|
|
||||||
$rbd_store_ceph_conf = lookup('glance::backend::rbd::rbd_store_ceph_conf', undef, undef, '/etc/ceph/ceph.conf'),
|
|
||||||
$rbd_store_user = lookup('glance::backend::rbd::rbd_store_user', undef, undef, 'openstack'),
|
|
||||||
$rbd_store_pool = lookup('glance::backend::rbd::rbd_store_pool', undef, undef, 'images'),
|
|
||||||
$rbd_store_chunk_size = lookup('glance::backend::rbd::rbd_store_chunk_size', undef, undef, undef),
|
|
||||||
$rbd_thin_provisioning = lookup('glance::backend::rbd::rbd_thin_provisioning', undef, undef, undef),
|
|
||||||
$rados_connect_timeout = lookup('glance::backend::rbd::rados_connect_timeout', undef, undef, undef),
|
|
||||||
$store_description = lookup('tripleo::profile::base::glance::api::glance_store_description', undef, undef, 'RBD store'),
|
|
||||||
$step = Integer(lookup('step')),
|
|
||||||
) {
|
|
||||||
|
|
||||||
if $step >= 4 {
|
|
||||||
$backend_names.each |String $backend_name| {
|
|
||||||
$backend_config = pick($multistore_config[$backend_name], {})
|
|
||||||
|
|
||||||
$rbd_store_user_real = pick($backend_config['CephClientUserName'], $rbd_store_user)
|
|
||||||
$rbd_store_pool_real = pick($backend_config['GlanceRbdPoolName'], $rbd_store_pool)
|
|
||||||
$store_description_real = pick($backend_config['GlanceStoreDescription'], $store_description)
|
|
||||||
|
|
||||||
$ceph_cluster_name = $backend_config['CephClusterName']
|
|
||||||
|
|
||||||
if $ceph_cluster_name {
|
|
||||||
$rbd_store_ceph_conf_real = "/etc/ceph/${ceph_cluster_name}.conf"
|
|
||||||
} else {
|
|
||||||
$rbd_store_ceph_conf_real = $rbd_store_ceph_conf
|
|
||||||
}
|
|
||||||
|
|
||||||
create_resources('glance::backend::multistore::rbd', { $backend_name => delete_undef_values({
|
|
||||||
'rbd_store_ceph_conf' => $rbd_store_ceph_conf_real,
|
|
||||||
'rbd_store_user' => $rbd_store_user_real,
|
|
||||||
'rbd_store_pool' => $rbd_store_pool_real,
|
|
||||||
'rbd_store_chunk_size' => $rbd_store_chunk_size,
|
|
||||||
'rbd_thin_provisioning' => $rbd_thin_provisioning,
|
|
||||||
'rados_connect_timeout' => $rados_connect_timeout,
|
|
||||||
'store_description' => $store_description_real,
|
|
||||||
})})
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user