Retire Tripleo: remove repo content
TripleO project is retiring - https://review.opendev.org/c/openstack/governance/+/905145 this commit remove the content of this project repo Change-Id: I73df79a8698625815ea4e3099904da448a49887e
This commit is contained in:
parent
019ec49518
commit
e06f50cb06
27
.gitignore
vendored
27
.gitignore
vendored
@ -1,27 +0,0 @@
|
||||
# Add patterns in here to exclude files created by tools integrated with this
|
||||
# repository, such as test frameworks from the project's recommended workflow,
|
||||
# rendered documentation and package builds.
|
||||
#
|
||||
# Don't add patterns to exclude files created by preferred personal tools
|
||||
# (editors, IDEs, your operating system itself even). These should instead be
|
||||
# maintained outside the repository, for example in a ~/.gitignore file added
|
||||
# with:
|
||||
#
|
||||
# git config --global core.excludesfile '~/.gitignore'
|
||||
|
||||
pkg/
|
||||
Gemfile.lock
|
||||
vendor/
|
||||
spec/fixtures/modules
|
||||
spec/fixtures/manifests
|
||||
.vagrant/
|
||||
.bundle/
|
||||
.bundle*/
|
||||
coverage/
|
||||
.idea/
|
||||
*.iml
|
||||
openstack/
|
||||
|
||||
# Files created from releasenotes build
|
||||
releasenotes/build
|
||||
.tox
|
36
Gemfile
36
Gemfile
@ -1,36 +0,0 @@
|
||||
source ENV['GEM_SOURCE'] || "https://rubygems.org"
|
||||
|
||||
group :development, :test, :system_tests do
|
||||
spec_helper_dir = '/home/zuul/src/opendev.org/openstack/puppet-openstack_spec_helper'
|
||||
if File.directory?(spec_helper_dir)
|
||||
if ENV['ZUUL_PROJECT'] == 'openstack/puppet-openstack_spec_helper'
|
||||
gem 'puppet-openstack_spec_helper',
|
||||
:path => '../..',
|
||||
:require => 'false'
|
||||
else
|
||||
gem 'puppet-openstack_spec_helper',
|
||||
:path => spec_helper_dir,
|
||||
:require => 'false'
|
||||
end
|
||||
else
|
||||
spec_helper_version = ENV['ZUUL_BRANCH'] || "master"
|
||||
gem 'puppet-openstack_spec_helper',
|
||||
:git => 'https://opendev.org/openstack/puppet-openstack_spec_helper',
|
||||
:ref => spec_helper_version,
|
||||
:require => 'false'
|
||||
end
|
||||
end
|
||||
|
||||
if facterversion = ENV['FACTER_GEM_VERSION']
|
||||
gem 'facter', facterversion, :require => false
|
||||
else
|
||||
gem 'facter', :require => false
|
||||
end
|
||||
|
||||
if puppetversion = ENV['PUPPET_GEM_VERSION']
|
||||
gem 'puppet', puppetversion, :require => false
|
||||
else
|
||||
gem 'puppet', :require => false
|
||||
end
|
||||
|
||||
# vim:ft=ruby
|
176
LICENSE
176
LICENSE
@ -1,176 +0,0 @@
|
||||
|
||||
Apache License
|
||||
Version 2.0, January 2004
|
||||
http://www.apache.org/licenses/
|
||||
|
||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||
|
||||
1. Definitions.
|
||||
|
||||
"License" shall mean the terms and conditions for use, reproduction,
|
||||
and distribution as defined by Sections 1 through 9 of this document.
|
||||
|
||||
"Licensor" shall mean the copyright owner or entity authorized by
|
||||
the copyright owner that is granting the License.
|
||||
|
||||
"Legal Entity" shall mean the union of the acting entity and all
|
||||
other entities that control, are controlled by, or are under common
|
||||
control with that entity. For the purposes of this definition,
|
||||
"control" means (i) the power, direct or indirect, to cause the
|
||||
direction or management of such entity, whether by contract or
|
||||
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||
|
||||
"You" (or "Your") shall mean an individual or Legal Entity
|
||||
exercising permissions granted by this License.
|
||||
|
||||
"Source" form shall mean the preferred form for making modifications,
|
||||
including but not limited to software source code, documentation
|
||||
source, and configuration files.
|
||||
|
||||
"Object" form shall mean any form resulting from mechanical
|
||||
transformation or translation of a Source form, including but
|
||||
not limited to compiled object code, generated documentation,
|
||||
and conversions to other media types.
|
||||
|
||||
"Work" shall mean the work of authorship, whether in Source or
|
||||
Object form, made available under the License, as indicated by a
|
||||
copyright notice that is included in or attached to the work
|
||||
(an example is provided in the Appendix below).
|
||||
|
||||
"Derivative Works" shall mean any work, whether in Source or Object
|
||||
form, that is based on (or derived from) the Work and for which the
|
||||
editorial revisions, annotations, elaborations, or other modifications
|
||||
represent, as a whole, an original work of authorship. For the purposes
|
||||
of this License, Derivative Works shall not include works that remain
|
||||
separable from, or merely link (or bind by name) to the interfaces of,
|
||||
the Work and Derivative Works thereof.
|
||||
|
||||
"Contribution" shall mean any work of authorship, including
|
||||
the original version of the Work and any modifications or additions
|
||||
to that Work or Derivative Works thereof, that is intentionally
|
||||
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||
or by an individual or Legal Entity authorized to submit on behalf of
|
||||
the copyright owner. For the purposes of this definition, "submitted"
|
||||
means any form of electronic, verbal, or written communication sent
|
||||
to the Licensor or its representatives, including but not limited to
|
||||
communication on electronic mailing lists, source code control systems,
|
||||
and issue tracking systems that are managed by, or on behalf of, the
|
||||
Licensor for the purpose of discussing and improving the Work, but
|
||||
excluding communication that is conspicuously marked or otherwise
|
||||
designated in writing by the copyright owner as "Not a Contribution."
|
||||
|
||||
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||
on behalf of whom a Contribution has been received by Licensor and
|
||||
subsequently incorporated within the Work.
|
||||
|
||||
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
copyright license to reproduce, prepare Derivative Works of,
|
||||
publicly display, publicly perform, sublicense, and distribute the
|
||||
Work and such Derivative Works in Source or Object form.
|
||||
|
||||
3. Grant of Patent License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
(except as stated in this section) patent license to make, have made,
|
||||
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||
where such license applies only to those patent claims licensable
|
||||
by such Contributor that are necessarily infringed by their
|
||||
Contribution(s) alone or by combination of their Contribution(s)
|
||||
with the Work to which such Contribution(s) was submitted. If You
|
||||
institute patent litigation against any entity (including a
|
||||
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||
or a Contribution incorporated within the Work constitutes direct
|
||||
or contributory patent infringement, then any patent licenses
|
||||
granted to You under this License for that Work shall terminate
|
||||
as of the date such litigation is filed.
|
||||
|
||||
4. Redistribution. You may reproduce and distribute copies of the
|
||||
Work or Derivative Works thereof in any medium, with or without
|
||||
modifications, and in Source or Object form, provided that You
|
||||
meet the following conditions:
|
||||
|
||||
(a) You must give any other recipients of the Work or
|
||||
Derivative Works a copy of this License; and
|
||||
|
||||
(b) You must cause any modified files to carry prominent notices
|
||||
stating that You changed the files; and
|
||||
|
||||
(c) You must retain, in the Source form of any Derivative Works
|
||||
that You distribute, all copyright, patent, trademark, and
|
||||
attribution notices from the Source form of the Work,
|
||||
excluding those notices that do not pertain to any part of
|
||||
the Derivative Works; and
|
||||
|
||||
(d) If the Work includes a "NOTICE" text file as part of its
|
||||
distribution, then any Derivative Works that You distribute must
|
||||
include a readable copy of the attribution notices contained
|
||||
within such NOTICE file, excluding those notices that do not
|
||||
pertain to any part of the Derivative Works, in at least one
|
||||
of the following places: within a NOTICE text file distributed
|
||||
as part of the Derivative Works; within the Source form or
|
||||
documentation, if provided along with the Derivative Works; or,
|
||||
within a display generated by the Derivative Works, if and
|
||||
wherever such third-party notices normally appear. The contents
|
||||
of the NOTICE file are for informational purposes only and
|
||||
do not modify the License. You may add Your own attribution
|
||||
notices within Derivative Works that You distribute, alongside
|
||||
or as an addendum to the NOTICE text from the Work, provided
|
||||
that such additional attribution notices cannot be construed
|
||||
as modifying the License.
|
||||
|
||||
You may add Your own copyright statement to Your modifications and
|
||||
may provide additional or different license terms and conditions
|
||||
for use, reproduction, or distribution of Your modifications, or
|
||||
for any such Derivative Works as a whole, provided Your use,
|
||||
reproduction, and distribution of the Work otherwise complies with
|
||||
the conditions stated in this License.
|
||||
|
||||
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||
any Contribution intentionally submitted for inclusion in the Work
|
||||
by You to the Licensor shall be under the terms and conditions of
|
||||
this License, without any additional terms or conditions.
|
||||
Notwithstanding the above, nothing herein shall supersede or modify
|
||||
the terms of any separate license agreement you may have executed
|
||||
with Licensor regarding such Contributions.
|
||||
|
||||
6. Trademarks. This License does not grant permission to use the trade
|
||||
names, trademarks, service marks, or product names of the Licensor,
|
||||
except as required for reasonable and customary use in describing the
|
||||
origin of the Work and reproducing the content of the NOTICE file.
|
||||
|
||||
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||
agreed to in writing, Licensor provides the Work (and each
|
||||
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
implied, including, without limitation, any warranties or conditions
|
||||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||
appropriateness of using or redistributing the Work and assume any
|
||||
risks associated with Your exercise of permissions under this License.
|
||||
|
||||
8. Limitation of Liability. In no event and under no legal theory,
|
||||
whether in tort (including negligence), contract, or otherwise,
|
||||
unless required by applicable law (such as deliberate and grossly
|
||||
negligent acts) or agreed to in writing, shall any Contributor be
|
||||
liable to You for damages, including any direct, indirect, special,
|
||||
incidental, or consequential damages of any character arising as a
|
||||
result of this License or out of the use or inability to use the
|
||||
Work (including but not limited to damages for loss of goodwill,
|
||||
work stoppage, computer failure or malfunction, or any and all
|
||||
other commercial damages or losses), even if such Contributor
|
||||
has been advised of the possibility of such damages.
|
||||
|
||||
9. Accepting Warranty or Additional Liability. While redistributing
|
||||
the Work or Derivative Works thereof, You may choose to offer,
|
||||
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||
or other liability obligations and/or rights consistent with this
|
||||
License. However, in accepting such obligations, You may act only
|
||||
on Your own behalf and on Your sole responsibility, not on behalf
|
||||
of any other Contributor, and only if You agree to indemnify,
|
||||
defend, and hold each Contributor harmless for any liability
|
||||
incurred by, or claims asserted against, such Contributor by reason
|
||||
of your accepting any such warranty or additional liability.
|
||||
|
@ -1,34 +0,0 @@
|
||||
|
||||
## TripleO Puppet modules
|
||||
|
||||
mod 'haproxy',
|
||||
:git => 'https://github.com/puppetlabs/puppetlabs-haproxy',
|
||||
:ref => 'main'
|
||||
|
||||
mod 'etcd',
|
||||
:git => 'https://github.com/puppet-etcd/puppet-etcd',
|
||||
:ref => 'master'
|
||||
|
||||
mod 'systemd',
|
||||
:git => 'https://github.com/camptocamp/puppet-systemd',
|
||||
:ref => 'master'
|
||||
|
||||
mod 'rsyslog',
|
||||
:git => 'https://github.com/voxpupuli/puppet-rsyslog',
|
||||
:ref => 'master'
|
||||
|
||||
mod 'ssh',
|
||||
:git => 'https://github.com/saz/puppet-ssh',
|
||||
:ref => 'v3.0.1'
|
||||
|
||||
mod 'snmp',
|
||||
:git => 'https://github.com/razorsedge/puppet-snmp',
|
||||
:ref => 'master'
|
||||
|
||||
mod 'pacemaker',
|
||||
:git => 'https://github.com/openstack/puppet-pacemaker',
|
||||
:ref => 'master'
|
||||
|
||||
mod 'collectd',
|
||||
:git => 'https://github.com/voxpupuli/puppet-collectd',
|
||||
:ref => '20494e44a90073273a18fce71f4a602d5b5d0690'
|
20
README.md
20
README.md
@ -1,20 +0,0 @@
|
||||
Team and repository tags
|
||||
========================
|
||||
|
||||
[![Team and repository tags](https://governance.openstack.org/tc/badges/puppet-tripleo.svg)](https://governance.openstack.org/tc/reference/tags/index.html)
|
||||
|
||||
<!-- Change things from this point on -->
|
||||
|
||||
# puppet-tripleo
|
||||
|
||||
Lightweight composition layer for Puppet TripleO.
|
||||
|
||||
## Contributing
|
||||
|
||||
* Free software: Apache License (2.0)
|
||||
* Source: http://git.openstack.org/cgit/openstack/puppet-tripleo
|
||||
* Bugs: http://bugs.launchpad.net/tripleo (tag: puppet)
|
||||
* Documentation:
|
||||
* TripleO: https://docs.openstack.org/tripleo-docs/latest/
|
||||
* Testing with puppet: https://docs.openstack.org/puppet-openstack-guide/latest/contributor/testing.html
|
||||
* Release Notes: https://docs.openstack.org/releasenotes/puppet-tripleo
|
10
README.rst
Normal file
10
README.rst
Normal file
@ -0,0 +1,10 @@
|
||||
This project is no longer maintained.
|
||||
|
||||
The contents of this repository are still available in the Git
|
||||
source code management system. To see the contents of this
|
||||
repository before it reached its end of life, please check out the
|
||||
previous commit with "git checkout HEAD^1".
|
||||
|
||||
For any further questions, please email
|
||||
openstack-discuss@lists.openstack.org or join #openstack-dev on
|
||||
OFTC.
|
7
Rakefile
7
Rakefile
@ -1,7 +0,0 @@
|
||||
require 'puppet-openstack_spec_helper/rake_tasks'
|
||||
|
||||
# We disable the unquoted node name check because puppet-pacemaker node
|
||||
# properties make use of attributes called 'node' and puppet-lint breaks on
|
||||
# them: https://github.com/rodjek/puppet-lint/issues/501
|
||||
# We are not using site.pp with nodes so this is safe.
|
||||
PuppetLint.configuration.send('disable_unquoted_node_name')
|
12
bindep.txt
12
bindep.txt
@ -1,12 +0,0 @@
|
||||
# This is a cross-platform list tracking distribution packages needed by tests;
|
||||
# see http://docs.openstack.org/infra/bindep/ for additional information.
|
||||
|
||||
libxml2-devel [test platform:rpm]
|
||||
libxml2-dev [test platform:dpkg]
|
||||
libxslt-devel [test platform:rpm]
|
||||
libxslt1-dev [test platform:dpkg]
|
||||
ruby-devel [test platform:rpm]
|
||||
ruby-dev [test platform:dpkg]
|
||||
zlib1g-dev [test platform:dpkg]
|
||||
zlib-devel [test platform:rpm]
|
||||
puppet [build]
|
@ -1,6 +0,0 @@
|
||||
# This is required for the docs build jobs
|
||||
sphinx>=2.0.0,!=2.1.0 # BSD
|
||||
openstackdocstheme>=2.2.1 # Apache-2.0
|
||||
|
||||
# This is required for the releasenotes build jobs
|
||||
reno>=3.1.0 # Apache-2.0
|
@ -1,42 +0,0 @@
|
||||
#!/usr/bin/env python3
|
||||
import hashlib
|
||||
import base64
|
||||
import sys
|
||||
|
||||
from nacl.bindings.crypto_scalarmult import \
|
||||
crypto_scalarmult_ed25519_base_noclamp
|
||||
|
||||
# https://github.com/MariaDB/server/blob/10.4/plugin/auth_ed25519/ref10/sign.c
|
||||
# mariadb's use of ed25519:
|
||||
# . password is the secret seed
|
||||
# . ed25519's public key (computed from password) is what is stored in mariadb
|
||||
# . the hash in mariadb is the base64 encoding of the pk minus the last '='
|
||||
|
||||
|
||||
def _scalar_clamp(s32):
|
||||
ba = bytearray(s32)
|
||||
ba0 = bytes(bytearray([ba[0] & 248]))
|
||||
ba31 = bytes(bytearray([(ba[31] & 127) | 64]))
|
||||
return ba0 + bytes(s32[1:31]) + ba31
|
||||
|
||||
|
||||
def mysql_ed25519_password(pwd):
|
||||
# h = SHA512(password)
|
||||
h = hashlib.sha512(pwd).digest()
|
||||
# s = prune(first_half(h))
|
||||
s = _scalar_clamp(h[:32])
|
||||
# A = encoded point [s]B
|
||||
A = crypto_scalarmult_ed25519_base_noclamp(s)
|
||||
# encoded pk
|
||||
encoded = base64.b64encode(A)[:-1]
|
||||
return encoded
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
if len(sys.argv) <= 1:
|
||||
print("Usage: %s PASSWORD" % sys.argv[0], file=sys.stderr)
|
||||
sys.exit(1)
|
||||
else:
|
||||
pwd = sys.argv[1].encode()
|
||||
res = mysql_ed25519_password(pwd)
|
||||
print(res.decode(), end='')
|
@ -1,34 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
[
|
||||
'external',
|
||||
'internal_api',
|
||||
'storage',
|
||||
'storage_mgmt',
|
||||
'tenant',
|
||||
'management',
|
||||
'ctlplane',
|
||||
].each do |network|
|
||||
Facter.add('fqdn_' + network) do
|
||||
setcode do
|
||||
hostname_parts = [
|
||||
Facter.value(:hostname),
|
||||
network.gsub('_', ''),
|
||||
Facter.value(:domain),
|
||||
].reject { |part| part.nil? || part.empty? }
|
||||
hostname_parts.join(".")
|
||||
end
|
||||
end
|
||||
end
|
@ -1,49 +0,0 @@
|
||||
require 'ipaddr'
|
||||
|
||||
def netmask6(value)
|
||||
if value
|
||||
ip = IPAddr.new('::0').mask(value)
|
||||
ip.inspect.split('/')[1].gsub('>', '')
|
||||
end
|
||||
end
|
||||
|
||||
if Facter.value('facterversion')[0].to_i < 3
|
||||
Facter::Util::IP::REGEX_MAP[:linux][:ipaddress6] =
|
||||
/inet6 (?:addr: )?((?!(?:fe80|::1))(?>[0-9,a-f,A-F]*\:{1,2})+[0-9,a-f,A-F]{0,4})/
|
||||
Facter::Util::IP.get_interfaces.each do |interface|
|
||||
Facter.add('netmask6_' + Facter::Util::IP.alphafy(interface)) do
|
||||
setcode do
|
||||
tmp = []
|
||||
regex = %r{inet6\s+.*\s+(?:prefixlen)\s+(\d+)}x
|
||||
output_int = Facter::Util::IP.get_output_for_interface_and_label(interface, 'netmask6')
|
||||
|
||||
output_int.each_line do |line|
|
||||
prefixlen = nil
|
||||
matches = line.match(regex)
|
||||
prefixlen = matches[1] if matches
|
||||
|
||||
if prefixlen
|
||||
value = netmask6(prefixlen)
|
||||
tmp.push(value)
|
||||
end
|
||||
end
|
||||
|
||||
tmp.shift if tmp
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
Facter.add('netmask6') do
|
||||
setcode do
|
||||
prefixlen = nil
|
||||
regex = %r{#{Facter.value(:ipaddress6)}.*?(?:prefixlen)\s*(\d+)}x
|
||||
|
||||
String(Facter::Util::IP.exec_ifconfig(['2>/dev/null'])).split(/\n/).collect do |line|
|
||||
matches = line.match(regex)
|
||||
prefixlen = matches[1] if matches
|
||||
end
|
||||
|
||||
netmask6(prefixlen) if prefixlen
|
||||
end
|
||||
end
|
||||
end
|
@ -1,27 +0,0 @@
|
||||
# Copyright 2018 Red Hat, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
Facter.add('nic_alias') do
|
||||
setcode do
|
||||
os_net_config = '/usr/bin/os-net-config'
|
||||
mapping_report = ''
|
||||
if File.exist?(os_net_config)
|
||||
mapping_report =
|
||||
Facter::Core::Execution.execute("#{os_net_config} -i")
|
||||
mapping_report.delete("{}' ")
|
||||
end
|
||||
mapping_report
|
||||
end
|
||||
end
|
@ -1,27 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
Facter.add('stonith_levels') do
|
||||
setcode do
|
||||
|
||||
# If crm_node is present, return true. Otherwise, return false.
|
||||
if Facter::Core::Execution.which('crm_node')
|
||||
hostname = Facter::Core::Execution.execute("crm_node -n 2> /dev/null", {})
|
||||
stonith_levels = Facter::Core::Execution.execute("pcs stonith level 2>&1 | sed -n \"/^Target: #{hostname}$/,/^Target:/{/^Target: #{hostname}$/b;/^Target:/b;p}\" |tail -1 | awk '{print $2}' 2> /dev/null", {}).to_i
|
||||
stonith_levels
|
||||
end
|
||||
|
||||
end
|
||||
end
|
@ -1,44 +0,0 @@
|
||||
# This custom function converts an array of docker volumes to the storage_maps
|
||||
# hash required by the pacemaker::resource::bundle resource. A prefix is added
|
||||
# to each entry in the storage map to ensure the Puppet resources are unique.
|
||||
#
|
||||
# Given:
|
||||
# docker_volumes = ["/src/vol1:/tgt/vol1", "/src/vol2:/tgt/vol2:ro"]
|
||||
# prefix = "my-prefix"
|
||||
# Returns:
|
||||
# storage_maps = {
|
||||
# "my-prefix-src-vol1" => {
|
||||
# "source-dir" => "/src/vol1",
|
||||
# "target-dir" => "/tgt/vol1",
|
||||
# "options" => "rw",
|
||||
# },
|
||||
# "my-prefix-src-vol2" => {
|
||||
# "source-dir" => "/src/vol2",
|
||||
# "target-dir" => "/tgt/vol2",
|
||||
# "options" => "ro",
|
||||
# }
|
||||
# }
|
||||
Puppet::Functions.create_function(:'docker_volumes_to_storage_maps') do
|
||||
dispatch :docker_volumes_to_storage_maps do
|
||||
param 'Array', :docker_volumes
|
||||
param 'String', :prefix
|
||||
return_type 'Hash'
|
||||
end
|
||||
|
||||
def docker_volumes_to_storage_maps(docker_volumes, prefix)
|
||||
storage_maps = Hash.new
|
||||
docker_volumes.each do |docker_vol|
|
||||
source, target, options = docker_vol.split(":")
|
||||
unless options
|
||||
options = "rw"
|
||||
end
|
||||
storage_maps[prefix + source.gsub("/", "-")] = {
|
||||
"source-dir" => source,
|
||||
"target-dir" => target,
|
||||
"options" => options,
|
||||
}
|
||||
end
|
||||
return storage_maps
|
||||
end
|
||||
end
|
||||
|
@ -1,32 +0,0 @@
|
||||
require 'ipaddr'
|
||||
|
||||
# Custom function to convert an IP4/6 address from a string to the
|
||||
# erlang inet kernel format.
|
||||
# For example from "172.17.0.16" to {172,17,0,16}
|
||||
# See http://erlang.org/doc/man/kernel_app.html and http://erlang.org/doc/man/inet.html
|
||||
# for more information.
|
||||
Puppet::Functions.create_function(:ip_to_erl_format) do
|
||||
dispatch :ip_to_erl_format do
|
||||
param 'String', :ip_addr
|
||||
end
|
||||
|
||||
def ip_to_erl_format(ip_addr)
|
||||
ip = IPAddr.new(ip_addr)
|
||||
output = '{'
|
||||
if ip.ipv6?
|
||||
split_char = ':'
|
||||
base = 16
|
||||
else
|
||||
split_char = '.'
|
||||
base = 10
|
||||
end
|
||||
# to_string() prints the canonicalized form
|
||||
ip.to_string().split(split_char).each {
|
||||
|x| output += x.to_i(base).to_s + ','
|
||||
}
|
||||
# Remove the last spurious comma
|
||||
output = output.chomp(',')
|
||||
output += '}'
|
||||
return output
|
||||
end
|
||||
end
|
@ -1,31 +0,0 @@
|
||||
# This function is an hack because we are not enabling Puppet parser
|
||||
# that would allow us to manipulate data iterations directly in manifests.
|
||||
#
|
||||
# Example:
|
||||
# keystone_vips = ['192.168.0.1:5000', '192.168.0.2:5000']
|
||||
# $keystone_bind_opts = ['transparent']
|
||||
#
|
||||
# Using this function:
|
||||
# $keystone_vips_hash = list_to_hash($keystone_vips, $keystone_bind_opts)
|
||||
#
|
||||
# Would return:
|
||||
# $keystone_vips_hash = {
|
||||
# '192.168.0.1:5000' => ['transparent'],
|
||||
# '192.168.0.2:5000' => ['transparent'],
|
||||
# }
|
||||
#
|
||||
# Disclaimer: this function is an hack and will disappear once TripleO enable
|
||||
# Puppet parser.
|
||||
#
|
||||
|
||||
Puppet::Functions.create_function(:list_to_hash) do
|
||||
dispatch :list_to_hash do
|
||||
param 'Array', :arr1
|
||||
param 'Array', :arr2
|
||||
end
|
||||
|
||||
def list_to_hash(arr1, arr2)
|
||||
hh = arr1.each_with_object({}) { |v,h| h[v] = arr2 }
|
||||
return hh
|
||||
end
|
||||
end
|
@ -1,30 +0,0 @@
|
||||
# This function merges two hashes and concatenate the values of
|
||||
# identical keys
|
||||
#
|
||||
# Example:
|
||||
# $frontend = { 'option' => [ 'tcpka', 'tcplog' ],
|
||||
# 'timeout client' => '90m' }
|
||||
# $backend = { 'option' => [ 'httpchk' ],
|
||||
# 'timeout server' => '90m' }
|
||||
#
|
||||
# Using this function:
|
||||
# $merge = merge_hash_values($frontend, $backend)
|
||||
#
|
||||
# Would return:
|
||||
# $merge = { 'option' => [ 'tcpka', 'tcplog', 'httpchk' ],
|
||||
# 'timeout client' => '90m',
|
||||
# 'timeout server' => '90m' }
|
||||
#
|
||||
|
||||
Puppet::Functions.create_function(:'merge_hash_values') do
|
||||
dispatch :merge_hash_values do
|
||||
param 'Hash', :hash1
|
||||
param 'Hash', :hash2
|
||||
return_type 'Hash'
|
||||
end
|
||||
|
||||
def merge_hash_values(hash1, hash2)
|
||||
hh = hash1.merge(hash2) {|k, v1, v2| (v2 + v1).uniq()}
|
||||
return hh
|
||||
end
|
||||
end
|
@ -1,21 +0,0 @@
|
||||
# Custom function to generate password hash for MariaDB's auth_ed25519
|
||||
# Input is a regular mariadb user password
|
||||
# Output is the hashed password as expected by auth_ed25519
|
||||
Puppet::Functions.create_function(:'mysql_ed25519_password') do
|
||||
dispatch :mysql_ed25519_password do
|
||||
param 'String', :password
|
||||
return_type 'String'
|
||||
end
|
||||
|
||||
def mysql_ed25519_password(password)
|
||||
# mysql's auth_ed25519 consists in generating a ed25519 public key
|
||||
# out of the sha512(password). Unfortunately, there is no native
|
||||
# ruby implementation of ed25519's unclamped scalar multiplication
|
||||
# just yet, so rely on an binary to get the hash for now.
|
||||
python = `(which python3 || which python2 || which python) 2>/dev/null`
|
||||
raise Puppet::Error, 'python interpreter not found in path' unless $?.success?
|
||||
hashed = `#{python.rstrip()} /etc/puppet/modules/tripleo/files/mysql_ed25519_password.py #{password}`
|
||||
raise Puppet::Error, 'generated hash is not 43 bytes long.' unless hashed.length == 43
|
||||
return hashed
|
||||
end
|
||||
end
|
@ -1,93 +0,0 @@
|
||||
# Copyright 2017 Red Hat, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# Author: Dan Prince <dprince@redhat.com>
|
||||
#
|
||||
# A function to create noop providers (set as the default) for the named
|
||||
# resource. This works alongside of 'puppet apply --tags' to disable
|
||||
# some custom resource types that still attempt to run commands during
|
||||
# prefetch, etc.
|
||||
class Puppet::Provider::Noop < Puppet::Provider
|
||||
|
||||
# generic resource interfaces
|
||||
def create
|
||||
true
|
||||
end
|
||||
|
||||
def destroy
|
||||
true
|
||||
end
|
||||
|
||||
def exists?
|
||||
false
|
||||
end
|
||||
|
||||
# package resource
|
||||
def install
|
||||
true
|
||||
end
|
||||
|
||||
def uninstall
|
||||
true
|
||||
end
|
||||
|
||||
def latest
|
||||
true
|
||||
end
|
||||
|
||||
def update
|
||||
true
|
||||
end
|
||||
|
||||
def purge
|
||||
true
|
||||
end
|
||||
|
||||
def self.instances
|
||||
[]
|
||||
end
|
||||
|
||||
# service resource
|
||||
def status
|
||||
0
|
||||
end
|
||||
|
||||
def start
|
||||
true
|
||||
end
|
||||
|
||||
def stop
|
||||
true
|
||||
end
|
||||
|
||||
# some puppet-keystone resources require this
|
||||
def self.resource_to_name(domain, name, check_for_default = true)
|
||||
return name
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
Puppet::Functions.create_function(:noop_resource) do
|
||||
dispatch :noop_resource do
|
||||
param 'String', :res
|
||||
end
|
||||
|
||||
def noop_resource(res)
|
||||
Puppet::Type.type(res.downcase.to_sym).provide(:noop, :parent => Puppet::Provider::Noop) do
|
||||
defaultfor :osfamily => :redhat
|
||||
end
|
||||
return true
|
||||
end
|
||||
end
|
@ -1,24 +0,0 @@
|
||||
# Custom function to extract the current number of replicas for a pacemaker
|
||||
# resource, as defined in the pacemaker cluster.
|
||||
# Input is the name of a pacemaker bundle resource
|
||||
# Output is the number of replicas for that resource or 0 if not found
|
||||
Puppet::Functions.create_function(:'pacemaker_bundle_replicas') do
|
||||
dispatch :pacemaker_bundle_replicas do
|
||||
param 'String', :bundle
|
||||
return_type 'Integer'
|
||||
end
|
||||
|
||||
def pacemaker_bundle_replicas(bundle)
|
||||
# the name of the node holding the replicas attribute varies based on the
|
||||
# container engine used (podman, docker...), so match via attributes instead
|
||||
replicas = `cibadmin -Q | xmllint --xpath "string(//bundle[@id='#{bundle}']/*[boolean(@image) and boolean(@run-command)]/@replicas)" -`
|
||||
# strip line break
|
||||
replicas.strip!
|
||||
# post-condition: 0 in case the bundle does not exist or an error occurred
|
||||
if $?.success? && !replicas.empty?
|
||||
return Integer(replicas)
|
||||
else
|
||||
return 0
|
||||
end
|
||||
end
|
||||
end
|
@ -1,39 +0,0 @@
|
||||
# This adds to ssl profile hash a proper value of "caCertFile" key for "caCertFileContent" key.
|
||||
#
|
||||
# Given:
|
||||
# ssl_profiles = [{"name": "test", "caCertFileContent": "cert content", ...}, ...]
|
||||
# cert_dir = "/etc/pki/tls/certs/"
|
||||
# Returns:
|
||||
# ssl_profiles = [
|
||||
# {"name": "test",
|
||||
# "caCertFileContent": "cert content",
|
||||
# "caCertFile": "/etc/pki/tls/certs/CA_test.pem",
|
||||
# ... },
|
||||
# ...
|
||||
# ]
|
||||
Puppet::Functions.create_function(:qdr_ssl_certificate) do
|
||||
|
||||
dispatch :qdr_ssl_certificate do
|
||||
param 'Array', :ssl_profiles
|
||||
param 'String', :cert_dir
|
||||
return_type 'Array'
|
||||
end
|
||||
|
||||
def qdr_ssl_certificate(ssl_profiles, cert_dir)
|
||||
processed_profiles = Array.new
|
||||
ssl_profiles.each do |profile|
|
||||
if profile.key?("caCertFileContent")
|
||||
processed = profile.clone
|
||||
# create certificate path
|
||||
path = File.join(cert_dir, "CA_#{processed["name"]}.pem")
|
||||
# update profile
|
||||
processed["caCertFile"] = path
|
||||
processed_profiles.append(processed)
|
||||
else
|
||||
processed_profiles.append(profile)
|
||||
end
|
||||
end
|
||||
return processed_profiles
|
||||
end
|
||||
|
||||
end
|
@ -1,27 +0,0 @@
|
||||
# Build Swift devices list from the parts, e.g. for:
|
||||
# raw_disk_prefix = 'r1z1-'
|
||||
# swift_storage_node_ips = ['192.168.1.12', '192.168.1.13']
|
||||
# raw_disks = [':%PORT%/device1', ':%PORT%/device2']
|
||||
#
|
||||
# devices will be ['r1z1-192.168.1.12:%PORT%/device1',
|
||||
# 'r1z1-192.168.1.12:%PORT%/device2'
|
||||
# 'r1z1-192.168.1.13:%PORT%/device1'
|
||||
# 'r1z1-192.168.1.13:%PORT%/device2']
|
||||
Puppet::Functions.create_function(:tripleo_swift_devices) do
|
||||
dispatch :tripleo_swift_devices do
|
||||
param 'String', :raw_disk_prefix
|
||||
param 'Array', :swift_node_ips
|
||||
param 'Array', :raw_disks
|
||||
end
|
||||
|
||||
def tripleo_swift_devices(raw_disk_prefix, swift_node_ips, raw_disks)
|
||||
devices = []
|
||||
for ip in swift_node_ips do
|
||||
for disk in raw_disks do
|
||||
devices << "#{raw_disk_prefix}#{ip}#{disk}"
|
||||
end
|
||||
end
|
||||
|
||||
return devices
|
||||
end
|
||||
end
|
@ -1,85 +0,0 @@
|
||||
require 'ipaddr'
|
||||
|
||||
# Custom function to lookup the interface which matches the subnet
|
||||
# of the provided IP address.
|
||||
# The function iterates over all the interfaces and chooses the
|
||||
# first locally assigned interface which matches the IP.
|
||||
module Puppet::Parser::Functions
|
||||
newfunction(:interface_for_ip, :type => :rvalue, :doc => "Find the bind IP address for the provided subnet.") do |arg|
|
||||
if arg[0].class == String
|
||||
begin
|
||||
ip1 = IPAddr.new(arg[0])
|
||||
network_facts = lookupvar('networking')
|
||||
Dir.foreach('/sys/class/net/') do |interface|
|
||||
next if interface == '.' || interface == '..'
|
||||
# puppet downcases fact names, interface names can have capitals but
|
||||
# in facter 2.x they were lower case. In facter 3.x they can have
|
||||
# capitals
|
||||
iface_no_dash = interface.gsub('-', '_').downcase
|
||||
|
||||
if ip1.ipv4?
|
||||
ipaddress_name = "ipaddress_#{iface_no_dash}"
|
||||
netmask_name = "netmask_#{iface_no_dash}"
|
||||
facter_ip = 'ip'
|
||||
facter_netmask = 'netmask'
|
||||
else
|
||||
ipaddress_name = "ipaddress6_#{iface_no_dash}"
|
||||
netmask_name = "netmask6_#{iface_no_dash}"
|
||||
facter_ip = 'ip6'
|
||||
facter_netmask = 'netmask6'
|
||||
end
|
||||
|
||||
if network_facts.nil? or network_facts['interfaces'].nil? then
|
||||
# facter 2 facts
|
||||
interface_ip = lookupvar(ipaddress_name)
|
||||
next if interface_ip.nil?
|
||||
ip2 = IPAddr.new(interface_ip)
|
||||
netmask = lookupvar(netmask_name)
|
||||
return interface if ip1.mask(netmask) == ip2.mask(netmask)
|
||||
else
|
||||
# facter 3+ syntax:
|
||||
# networking => {
|
||||
# ...
|
||||
# interfaces => {
|
||||
# br-ctlplane => {
|
||||
# bindings => [
|
||||
# {
|
||||
# address => "192.168.24.1",
|
||||
# netmask => "255.255.255.0",
|
||||
# network => "192.168.24.0"
|
||||
# }
|
||||
# ],
|
||||
# bindings6 => [
|
||||
# {
|
||||
# address => "fe80::5054:ff:fe22:bac3",
|
||||
# netmask => "ffff:ffff:ffff:ffff::",
|
||||
# network => "fe80::"
|
||||
# }
|
||||
# ],
|
||||
# ip => "192.168.24.1",
|
||||
# ip6 => "fe80::5054:ff:fe22:bac3",
|
||||
# mac => "52:54:00:22:ba:c3",
|
||||
# mtu => 1500,
|
||||
# netmask => "255.255.255.0",
|
||||
# netmask6 => "ffff:ffff:ffff:ffff::",
|
||||
# network => "192.168.24.0",
|
||||
# network6 => "fe80::"
|
||||
# },
|
||||
# },
|
||||
# ...
|
||||
# }
|
||||
next if network_facts['interfaces'][interface].nil? or network_facts['interfaces'][interface][facter_ip].nil?
|
||||
ip2 = IPAddr.new(network_facts['interfaces'][interface][facter_ip])
|
||||
netmask = network_facts['interfaces'][interface][facter_netmask]
|
||||
return interface if ip1.mask(netmask) == ip2.mask(netmask)
|
||||
end
|
||||
end
|
||||
rescue IPAddr::InvalidAddressError => e
|
||||
raise Puppet::ParseError, "#{e}: #{arg[0]}"
|
||||
end
|
||||
else
|
||||
raise Puppet::ParseError, "Syntax error: #{arg[0]} must be a String"
|
||||
end
|
||||
return ''
|
||||
end
|
||||
end
|
@ -1,34 +0,0 @@
|
||||
module Puppet::Parser::Functions
|
||||
newfunction(:local_fence_devices, :arity =>2, :type => :rvalue,
|
||||
:doc => ("Given an array of fence device configs, limit them" +
|
||||
"to fence devices whose MAC address is present on" +
|
||||
"some of the local NICs, and prepare a hash which can be" +
|
||||
"passed to create_resources function")) do |args|
|
||||
agent = args[0]
|
||||
devices = args[1]
|
||||
unless agent.is_a?(String) && agent.length > 0
|
||||
raise Puppet::ParseError, "local_fence_devices: Argument 'agent' must be a non-empty string. The value given was: #{agent_type}"
|
||||
end
|
||||
unless devices.is_a?(Array)
|
||||
raise Puppet::ParseError, "local_fence_devices: Argument 'devices' must be an array. The value given was: #{devices}"
|
||||
end
|
||||
|
||||
# filter by agent type
|
||||
agent_type_devices = devices.select { |device| device['agent'] == agent }
|
||||
|
||||
# filter by local mac address
|
||||
local_devices = agent_type_devices.select do |device|
|
||||
function_has_interface_with(['macaddress', device['host_mac']])
|
||||
end
|
||||
|
||||
# construct a hash for create_resources
|
||||
return local_devices.each_with_object({}) do |device, hash|
|
||||
# disallow collisions
|
||||
if hash[device['host_mac']]
|
||||
raise Puppet::ParseError, "local_fence_devices: Only single fence device per agent per host is allowed. Collision on #{device['host_mac']} for #{agent}"
|
||||
end
|
||||
|
||||
hash[device['host_mac']] = device['params'] || {}
|
||||
end
|
||||
end
|
||||
end
|
@ -1,51 +0,0 @@
|
||||
# Copyright 2015 Red Hat, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
require 'puppet'
|
||||
require 'puppet/provider/package'
|
||||
|
||||
Puppet::Type.type(:package).provide :norpm, :source => :rpm, :parent => :rpm do
|
||||
desc "RPM packaging provider that does not install anything."
|
||||
|
||||
has_feature :virtual_packages
|
||||
|
||||
def latest
|
||||
@resource.fail "'latest' is unsupported by this provider."
|
||||
end
|
||||
|
||||
def install
|
||||
Puppet.warning("[norpm] Attempting to install #{name} but it will not be installed")
|
||||
true
|
||||
end
|
||||
|
||||
def uninstall
|
||||
Puppet.warning("[norpm] Attempting to uninstall #{name} but it will not be removed")
|
||||
true
|
||||
end
|
||||
|
||||
def update
|
||||
Puppet.warning("[norpm] Attempting to update #{name} but it will not be updated")
|
||||
true
|
||||
end
|
||||
|
||||
def purge
|
||||
Puppet.warning("[norpm] Attempting to purge #{name} but it will not be removed")
|
||||
true
|
||||
end
|
||||
|
||||
def self.instances
|
||||
return []
|
||||
end
|
||||
|
||||
end
|
@ -1,44 +0,0 @@
|
||||
# == Class: tripleo::config
|
||||
#
|
||||
# Configure services with Puppet
|
||||
#
|
||||
# === Parameters:
|
||||
#
|
||||
# [*configs*]
|
||||
# (optional) Configuration to inject.
|
||||
# Should be an hash.
|
||||
# Default to lookup('param_config', {})
|
||||
#
|
||||
# [*providers*]
|
||||
# (optional) Filter the providers we want
|
||||
# to use for config.
|
||||
# Should be an array.
|
||||
# Default to lookup('param_providers', Array[String], 'deep', [])
|
||||
#
|
||||
class tripleo::config(
|
||||
$configs = lookup('param_config', {}),
|
||||
$providers = lookup('param_providers', Array[String], 'deep', []),
|
||||
) {
|
||||
|
||||
if ! empty($configs) {
|
||||
# Allow composable services to load their own configurations.
|
||||
# Each service can load its config options by using this form:
|
||||
#
|
||||
# puppet_config:
|
||||
# param_config:
|
||||
# 'aodh_config':
|
||||
# DEFAULT:
|
||||
# foo: fooValue
|
||||
# bar: barValue
|
||||
$configs.each |$provider, $sections| {
|
||||
if empty($providers) or ($provider in $providers) {
|
||||
$sections.each |$section, $params| {
|
||||
$params.each |$param, $value| {
|
||||
create_resources($provider, {"${section}/${param}" => {'value' => $value }})
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
@ -1,222 +0,0 @@
|
||||
# == Class: tripleo::fencing
|
||||
#
|
||||
# Configure Pacemaker fencing devices for TripleO.
|
||||
#
|
||||
# === Parameters:
|
||||
#
|
||||
# [*config*]
|
||||
# JSON config of fencing devices, using the following structure:
|
||||
# {
|
||||
# "devices": [
|
||||
# {
|
||||
# "agent": "AGENT_NAME",
|
||||
# "host_mac": "HOST_MAC_ADDRESS",
|
||||
# "params": {"PARAM_NAME": "PARAM_VALUE"}
|
||||
# }
|
||||
# ]
|
||||
# }
|
||||
# For instance:
|
||||
# {
|
||||
# "devices": [
|
||||
# {
|
||||
# "agent": "fence_xvm",
|
||||
# "host_mac": "52:54:00:aa:bb:cc",
|
||||
# "params": {
|
||||
# "multicast_address": "225.0.0.12",
|
||||
# "port": "baremetal_0",
|
||||
# "manage_fw": true,
|
||||
# "manage_key_file": true,
|
||||
# "key_file": "/etc/fence_xvm.key",
|
||||
# "key_file_password": "abcdef"
|
||||
# }
|
||||
# }
|
||||
# ]
|
||||
# }
|
||||
# Defaults to {}
|
||||
#
|
||||
# [*tries*]
|
||||
# Number of attempts when creating fence devices and constraints.
|
||||
# Defaults to 10
|
||||
#
|
||||
# [*try_sleep*]
|
||||
# Delay (in seconds) between attempts when creating fence devices
|
||||
# and constraints.
|
||||
# Defaults to 3
|
||||
#
|
||||
# [*deep_compare*]
|
||||
# Enable deep comparing of resources and bundles
|
||||
# When set to true a resource will be compared in full (options, meta parameters,..)
|
||||
# to the existing one and in case of difference it will be repushed to the CIB
|
||||
# Defaults to false
|
||||
#
|
||||
# [*update_settle_secs*]
|
||||
# When deep_compare is enabled and puppet updates a resource, this
|
||||
# parameter represents the number (in seconds) to wait for the cluster to settle
|
||||
# after the resource update.
|
||||
# Defaults to 600 (seconds)
|
||||
#
|
||||
# [*watchdog_timeout*]
|
||||
# Only valid if sbd watchdog fencing is enabled.
|
||||
# Pacemaker will assume unseen nodes self-fence within this much time.
|
||||
# Defaults to 60 (seconds)
|
||||
#
|
||||
# [*enable_instanceha*]
|
||||
# (Optional) Boolean driving the Instance HA controlplane configuration
|
||||
# Defaults to lookup('tripleo::instanceha', undef, undef, false),
|
||||
#
|
||||
class tripleo::fencing(
|
||||
$config = {},
|
||||
$tries = 10,
|
||||
$try_sleep = 3,
|
||||
$deep_compare = false,
|
||||
$update_settle_secs = 600,
|
||||
$watchdog_timeout = 60,
|
||||
$enable_instanceha = lookup('tripleo::instanceha', undef, undef, false),
|
||||
) {
|
||||
$common_params = {
|
||||
'tries' => $tries,
|
||||
'try_sleep' => $try_sleep,
|
||||
'deep_compare' => $deep_compare,
|
||||
'update_settle_secs' => $update_settle_secs
|
||||
}
|
||||
|
||||
# check if instanceha is enabled
|
||||
if member(lookup('compute_instanceha_short_node_names', undef, undef, []), downcase($::hostname)) {
|
||||
$is_compute_instanceha_node = true
|
||||
} else {
|
||||
$is_compute_instanceha_node = false
|
||||
}
|
||||
|
||||
$content = $config['devices']
|
||||
|
||||
# check if the devices: section in fence.yaml contains levels.
|
||||
# if it doesn't, assume level=1 and build a hash with the content.
|
||||
$all_levels = $content ? {
|
||||
Array => {'level1' => $content},
|
||||
default => $content
|
||||
}
|
||||
|
||||
# collect the number of stonith levels currently defined for this system
|
||||
# and convert it to integer.
|
||||
$local_levels = 0 + $facts['stonith_levels']
|
||||
|
||||
# if the number of levels defined on this system is greater than the number in hiera
|
||||
# we need to delete the delta.
|
||||
if $local_levels > $all_levels.length {
|
||||
$begin = $all_levels.length + 1
|
||||
range("${begin}", "${local_levels}").each |$level|{
|
||||
pacemaker::stonith::level{ "stonith-${level}":
|
||||
ensure => 'absent',
|
||||
level => $level,
|
||||
target => '$(/usr/sbin/crm_node -n)',
|
||||
stonith_resources => [''],
|
||||
tries => $tries,
|
||||
try_sleep => $try_sleep,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$all_levels.each |$index, $levelx_devices |{
|
||||
|
||||
$level = regsubst($index, 'level', '', 'G')
|
||||
$all_devices = $levelx_devices
|
||||
|
||||
$xvm_devices = local_fence_devices('fence_xvm', $all_devices)
|
||||
create_resources('pacemaker::stonith::fence_xvm', $xvm_devices, $common_params)
|
||||
|
||||
$ironic_devices = local_fence_devices('fence_ironic', $all_devices)
|
||||
create_resources('pacemaker::stonith::fence_ironic', $ironic_devices, $common_params)
|
||||
|
||||
$redfish_devices = local_fence_devices('fence_redfish', $all_devices)
|
||||
create_resources('pacemaker::stonith::fence_redfish', $redfish_devices, $common_params)
|
||||
|
||||
$ipmilan_devices = local_fence_devices('fence_ipmilan', $all_devices)
|
||||
create_resources('pacemaker::stonith::fence_ipmilan', $ipmilan_devices, $common_params)
|
||||
|
||||
$kdump_devices = local_fence_devices('fence_kdump', $all_devices)
|
||||
create_resources('pacemaker::stonith::fence_kdump', $kdump_devices, $common_params)
|
||||
|
||||
$kubevirt_devices = local_fence_devices('fence_kubevirt', $all_devices)
|
||||
create_resources('pacemaker::stonith::fence_kubevirt', $kubevirt_devices, $common_params)
|
||||
|
||||
$rhev_devices = local_fence_devices('fence_rhevm', $all_devices)
|
||||
create_resources('pacemaker::stonith::fence_rhevm', $rhev_devices, $common_params)
|
||||
|
||||
$ucs_devices = local_fence_devices('fence_cisco_ucs', $all_devices)
|
||||
create_resources('pacemaker::stonith::fence_cisco_ucs', $ucs_devices, $common_params)
|
||||
|
||||
$data = {
|
||||
'xvm' => $xvm_devices, 'ironic' => $ironic_devices, 'redfish' => $redfish_devices,
|
||||
'ipmilan' => $ipmilan_devices, 'kdump' => $kdump_devices, 'kubevirt' => $kubevirt_devices,
|
||||
'rhevm' => $rhev_devices, 'cisco_ucs' => $ucs_devices
|
||||
}
|
||||
|
||||
# let's store the number of stonith devices created for this server.
|
||||
# this will be used to detect if there is a least one and fail if
|
||||
# instance_ha is configured and puppet is running on a compute node.
|
||||
$data_num = [
|
||||
length($ironic_devices), length($redfish_devices),
|
||||
length($ipmilan_devices), length($kdump_devices), length($rhev_devices)
|
||||
]
|
||||
|
||||
$sum = $data_num.reduce |$memo, $value| { $memo + $value }
|
||||
|
||||
$data.each |$items| {
|
||||
$driver = $items[0]
|
||||
$driver_devices = $items[1]
|
||||
|
||||
# if there is no valid stonith device and this is a compute-instanceha node we raise an exception
|
||||
if $level == '1' and $sum == 0 and $enable_instanceha and $is_compute_instanceha_node {
|
||||
fail('Instance HA requires at least one valid stonith device')
|
||||
}
|
||||
|
||||
if $driver_devices and length($driver_devices) == 1 {
|
||||
$mac = keys($driver_devices)[0]
|
||||
$safe_mac = regsubst($mac, ':', '', 'G')
|
||||
if ($enable_instanceha and $is_compute_instanceha_node) {
|
||||
$stonith_resources = [ "stonith-fence_${driver}-${safe_mac}", 'stonith-fence_compute-fence-nova' ]
|
||||
}
|
||||
else {
|
||||
$stonith_resources = [ "stonith-fence_${driver}-${safe_mac}" ]
|
||||
}
|
||||
pacemaker::stonith::level{ "stonith-${level}-${safe_mac}":
|
||||
level => $level,
|
||||
target => '$(/usr/sbin/crm_node -n)',
|
||||
stonith_resources => $stonith_resources,
|
||||
tries => $tries,
|
||||
try_sleep => $try_sleep,
|
||||
}
|
||||
Pcmk_stonith<||> -> Pcmk_stonith_level<||>
|
||||
}
|
||||
}
|
||||
# we use the boostrap_node to create the watchdog resource and the stonith
|
||||
# topology for all the nodes in the cluster, because the watchdog resource
|
||||
# is not per-node but cluster-wide
|
||||
$watchdog_devices = local_fence_devices('fence_watchdog', $all_devices)
|
||||
if length($watchdog_devices) > 0 {
|
||||
# check if this is the bootstrap node
|
||||
if downcase($::hostname) == lookup('pacemaker_short_bootstrap_node_name') {
|
||||
create_resources('pacemaker::stonith::fence_watchdog', $watchdog_devices, $common_params)
|
||||
$stonith_resources = [ 'watchdog' ]
|
||||
# if this is the boostrap node we set watchdog as levelX for all
|
||||
# the pacemaker nodes
|
||||
lookup('pacemaker_short_node_names').each |$node| {
|
||||
pacemaker::stonith::level{ "stonith-${level}-watchdog-${node}":
|
||||
level => $level,
|
||||
target => $node,
|
||||
stonith_resources => [ 'watchdog' ],
|
||||
tries => $tries,
|
||||
try_sleep => $try_sleep,
|
||||
}
|
||||
}
|
||||
pacemaker::property { 'stonith-watchdog-timeout':
|
||||
property => 'stonith-watchdog-timeout',
|
||||
value => $watchdog_timeout,
|
||||
tries => $tries,
|
||||
}
|
||||
Pcmk_property<||> -> Pcmk_stonith<||> -> Pcmk_stonith_level<||>
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
1839
manifests/haproxy.pp
1839
manifests/haproxy.pp
File diff suppressed because it is too large
Load Diff
@ -1,321 +0,0 @@
|
||||
# Copyright 2014 Red Hat, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
# == Class: tripleo::haproxy::endpoint
|
||||
#
|
||||
# Configure a HAProxy listen endpoint
|
||||
#
|
||||
# [*internal_ip*]
|
||||
# The IP in which the proxy endpoint will be listening in the internal
|
||||
# network.
|
||||
#
|
||||
# [*service_port*]
|
||||
# The default port on which the endpoint will be listening.
|
||||
#
|
||||
# [*member_options*]
|
||||
# Options for the balancer member, specified after the server declaration.
|
||||
# These should go in the member's configuration block.
|
||||
#
|
||||
# [*use_backend_syntax*]
|
||||
# (optional) When set to true, generate a config with frontend and
|
||||
# backend sections, otherwise use listen sections.
|
||||
# Defaults to lookup('haproxy_backend_syntax', undef, undef, false)
|
||||
#
|
||||
# [*haproxy_port*]
|
||||
# An alternative port, on which haproxy will listen for incoming requests.
|
||||
# Defaults to service_port.
|
||||
#
|
||||
# [*base_service_name*]
|
||||
# In cases where the service name doesn't match the endpoint name, you can
|
||||
# specify this option in order to get an appropriate value for $ip_addresses
|
||||
# and $server_names. So, this will be used in hiera to derive these, if set.
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*ip_addresses*]
|
||||
# The ordered list of IPs to be used to contact the balancer member.
|
||||
# Defaults to lookup("${name}_node_ips", undef, undef, undef)
|
||||
#
|
||||
# [*server_names*]
|
||||
# The names of the balancer members, which usually should be the hostname.
|
||||
# Defaults to lookup("${name}_node_names", undef, undef, undef)
|
||||
#
|
||||
# [*public_virtual_ip*]
|
||||
# Address in which the proxy endpoint will be listening in the public network.
|
||||
# If this service is internal only this should be omitted.
|
||||
# Defaults to undef.
|
||||
#
|
||||
# [*mode*]
|
||||
# HAProxy mode in which the endpoint will be listening. This can be undef,
|
||||
# tcp, http or health.
|
||||
# Defaults to undef.
|
||||
#
|
||||
# [*haproxy_listen_bind_param*]
|
||||
# A list of params to be added to the HAProxy listener bind directive.
|
||||
# Defaults to undef.
|
||||
#
|
||||
# [*listen_options*]
|
||||
# Options specified for the listening service's configuration block (in
|
||||
# HAproxy terms, the frontend).
|
||||
# defaults to {'option' => []}
|
||||
#
|
||||
# [*frontend_options*]
|
||||
# Options specified for the frontend service's configuration block
|
||||
# defaults to {'option' => []}
|
||||
#
|
||||
# [*backend_options*]
|
||||
# Options specified for the service's backend configuration block
|
||||
# defaults to {'option' => []}
|
||||
#
|
||||
# [*public_ssl_port*]
|
||||
# The port used for the public proxy endpoint if it differs from the default
|
||||
# one. This is used only if SSL is enabled, and it's used in order to avoid
|
||||
# overriding with the internal proxy endpoint (which could happen if they were
|
||||
# in the same network).
|
||||
# Defaults to undef.
|
||||
#
|
||||
# [*public_certificate*]
|
||||
# Certificate path used to enable TLS for the public proxy endpoint.
|
||||
# Defaults to undef.
|
||||
#
|
||||
# [*use_internal_certificates*]
|
||||
# Flag that indicates if we'll use an internal certificate for this specific
|
||||
# service. When set, enables SSL on the internal API endpoints using the file
|
||||
# that certmonger is tracking; this is derived from the network the service is
|
||||
# listening on.
|
||||
# Defaults to false
|
||||
#
|
||||
# [*internal_certificates_specs*]
|
||||
# A hash that should contain the specs that were used to create the
|
||||
# certificates. As the name indicates, only the internal certificates will be
|
||||
# fetched from here. And the keys should follow the following pattern
|
||||
# "haproxy-<network name>". The network name should be as it was defined in
|
||||
# tripleo-heat-templates.
|
||||
# Note that this is only taken into account if the $use_internal_certificates
|
||||
# flag is set.
|
||||
# Defaults to {}
|
||||
#
|
||||
# [*service_network*]
|
||||
# (optional) Indicates the network that the service is running on. Used for
|
||||
# fetching the certificate for that specific network.
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*authorized_userlist*]
|
||||
# (optional) Userlist that may access the endpoint. Activate Basic Authentication.
|
||||
# You'll need to create a tripleo::haproxy::userlist in order to use that option.
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*sticky_sessions*]
|
||||
# (optional) Enable sticky sessions for this frontend using a cookie
|
||||
#
|
||||
# [*session_cookie*]
|
||||
# (optional) Cookie name to use for sticky sessions. This should be different
|
||||
# for each service using sticky sessions.
|
||||
#
|
||||
define tripleo::haproxy::endpoint (
|
||||
$internal_ip,
|
||||
$service_port,
|
||||
$member_options,
|
||||
$use_backend_syntax = lookup('haproxy_backend_syntax', undef, undef, false),
|
||||
$haproxy_port = undef,
|
||||
$base_service_name = undef,
|
||||
$ip_addresses = lookup("${name}_node_ips", undef, undef, undef),
|
||||
$server_names = lookup("${name}_node_names", undef, undef, undef),
|
||||
$public_virtual_ip = undef,
|
||||
$mode = undef,
|
||||
$haproxy_listen_bind_param = undef,
|
||||
$listen_options = {
|
||||
'option' => [],
|
||||
},
|
||||
$frontend_options = {
|
||||
'option' => [],
|
||||
},
|
||||
$backend_options = {
|
||||
'option' => [],
|
||||
},
|
||||
$public_ssl_port = undef,
|
||||
$public_certificate = undef,
|
||||
$use_internal_certificates = false,
|
||||
$internal_certificates_specs = {},
|
||||
$service_network = undef,
|
||||
$authorized_userlist = undef,
|
||||
$sticky_sessions = false,
|
||||
$session_cookie = 'STICKYSESSION',
|
||||
) {
|
||||
|
||||
if $haproxy_port {
|
||||
$haproxy_port_real = $haproxy_port
|
||||
$service_port_real = $service_port
|
||||
} else {
|
||||
$haproxy_port_real = $service_port
|
||||
$service_port_real = $service_port
|
||||
}
|
||||
|
||||
if $base_service_name {
|
||||
$ip_addresses_real = lookup("${base_service_name}_node_ips", undef, undef, undef)
|
||||
} else {
|
||||
$ip_addresses_real = $ip_addresses
|
||||
}
|
||||
if $base_service_name {
|
||||
$server_names_real = lookup("${base_service_name}_node_names", undef, undef, undef)
|
||||
} else {
|
||||
$server_names_real = $server_names
|
||||
}
|
||||
# Let users override the options on a per-service basis
|
||||
$custom_options = lookup("tripleo::haproxy::${name}::options", undef, undef, undef)
|
||||
$custom_frontend_options = lookup("tripleo::haproxy::${name}::frontend_options", undef, undef, undef)
|
||||
$custom_backend_options = lookup("tripleo::haproxy::${name}::backend_options", undef, undef, undef)
|
||||
$custom_bind_options_public = delete(
|
||||
any2array(lookup("tripleo::haproxy::${name}::public_bind_options", undef, undef, undef)),
|
||||
undef).flatten()
|
||||
$custom_bind_options_internal = delete(
|
||||
any2array(lookup("tripleo::haproxy::${name}::internal_bind_options", undef, undef, undef)),
|
||||
undef).flatten()
|
||||
if $public_virtual_ip {
|
||||
# service exposed to the public network
|
||||
|
||||
if $public_certificate {
|
||||
if $mode == 'http' {
|
||||
$tls_listen_options = {
|
||||
'http-response' => 'replace-header Location http://(.*) https://\\1',
|
||||
'redirect' => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }",
|
||||
}
|
||||
$listen_options_precookie = merge($tls_listen_options, $listen_options, $custom_options)
|
||||
$frontend_options_precookie = merge($tls_listen_options, $frontend_options, $custom_frontend_options)
|
||||
} else {
|
||||
$listen_options_precookie = merge($listen_options, $custom_options)
|
||||
$frontend_options_precookie = merge($frontend_options, $custom_frontend_options)
|
||||
}
|
||||
$public_bind_opts = list_to_hash(suffix(any2array($public_virtual_ip), ":${public_ssl_port}"),
|
||||
union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate], $custom_bind_options_public))
|
||||
} else {
|
||||
$listen_options_precookie = merge($listen_options, $custom_options)
|
||||
$frontend_options_precookie = merge($frontend_options, $custom_frontend_options)
|
||||
$public_bind_opts = list_to_hash(suffix(any2array($public_virtual_ip), ":${haproxy_port_real}"),
|
||||
union($haproxy_listen_bind_param, $custom_bind_options_public))
|
||||
}
|
||||
} else {
|
||||
# internal service only
|
||||
$public_bind_opts = {}
|
||||
$listen_options_precookie = merge($listen_options, $custom_options)
|
||||
$frontend_options_precookie = merge($frontend_options, $custom_frontend_options)
|
||||
}
|
||||
if $sticky_sessions {
|
||||
$cookie_options = {
|
||||
'cookie' => "${session_cookie} insert indirect nocache",
|
||||
}
|
||||
$listen_options_real = merge($listen_options_precookie, $cookie_options)
|
||||
$frontend_options_real = merge($frontend_options_precookie, $cookie_options)
|
||||
} else {
|
||||
$listen_options_real = $listen_options_precookie
|
||||
$frontend_options_real = $frontend_options_precookie
|
||||
}
|
||||
if $use_internal_certificates {
|
||||
if !$service_network {
|
||||
fail("The service_network for this service is undefined. Can't configure TLS for the internal network.")
|
||||
}
|
||||
|
||||
if $service_network == 'external' and $public_certificate {
|
||||
# NOTE(jaosorior): This service has been configured to use the external
|
||||
# network. We should use the public certificate in this case.
|
||||
$internal_cert_path = $public_certificate
|
||||
} else {
|
||||
# NOTE(jaosorior): This service is configured for the internal network.
|
||||
# We use the certificate spec hash. The key of the
|
||||
# internal_certificates_specs hash must must match the convention
|
||||
# haproxy-<network name> or else this will fail. Further, it must
|
||||
# contain the path that we'll use under 'service_pem'.
|
||||
$internal_cert_path = $internal_certificates_specs["haproxy-${service_network}"]['service_pem']
|
||||
}
|
||||
$internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${haproxy_port_real}"),
|
||||
union($haproxy_listen_bind_param, ['ssl', 'crt', $internal_cert_path],
|
||||
$custom_bind_options_internal))
|
||||
} else {
|
||||
if $service_network == 'external' and $public_certificate {
|
||||
$internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${haproxy_port_real}"),
|
||||
union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate],
|
||||
$custom_bind_options_internal))
|
||||
} else {
|
||||
$internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${haproxy_port_real}"),
|
||||
union($haproxy_listen_bind_param, $custom_bind_options_internal))
|
||||
}
|
||||
}
|
||||
if $authorized_userlist {
|
||||
$access_rules = {
|
||||
'acl' => "acl Auth${name} http_auth(${authorized_userlist})",
|
||||
'http-request' => "auth realm ${name} if !Auth${name}",
|
||||
}
|
||||
if $use_backend_syntax {
|
||||
Haproxy::Frontend[$name] {
|
||||
require => Tripleo::Haproxy::Userlist[$authorized_userlist],
|
||||
}
|
||||
} else {
|
||||
Haproxy::Listen[$name] {
|
||||
require => Tripleo::Haproxy::Userlist[$authorized_userlist],
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$access_rules = {}
|
||||
}
|
||||
|
||||
$_real_options = merge($listen_options_real, $access_rules)
|
||||
$_real_frontend_options = merge($frontend_options_real, $access_rules,
|
||||
{ 'default_backend' => "${name}_be" })
|
||||
|
||||
$bind_opts = merge($internal_bind_opts, $public_bind_opts)
|
||||
|
||||
if $use_backend_syntax {
|
||||
haproxy::frontend { "${name}":
|
||||
bind => $bind_opts,
|
||||
collect_exported => false,
|
||||
mode => $mode,
|
||||
options => $_real_frontend_options,
|
||||
}
|
||||
haproxy::backend { "${name}_be":
|
||||
mode => $mode,
|
||||
options => merge($backend_options, $custom_backend_options),
|
||||
}
|
||||
$listening_service = "${name}_be"
|
||||
} else {
|
||||
haproxy::listen { "${name}":
|
||||
bind => $bind_opts,
|
||||
collect_exported => false,
|
||||
mode => $mode,
|
||||
options => $_real_options,
|
||||
}
|
||||
$listening_service = "${name}"
|
||||
}
|
||||
if $sticky_sessions {
|
||||
hash(zip($ip_addresses_real, $server_names_real)).each | $ip, $server | {
|
||||
# We need to be sure the IP (IPv6) don't have colons
|
||||
# which is a reserved character to reference manifests
|
||||
$non_colon_ip = regsubst($ip, ':', '-', 'G')
|
||||
haproxy::balancermember { "${name}_${non_colon_ip}_${server}":
|
||||
listening_service => $listening_service,
|
||||
ports => "${service_port_real}",
|
||||
ipaddresses => $ip,
|
||||
server_names => $server,
|
||||
options => union($member_options, ["cookie ${server}"]),
|
||||
}
|
||||
}
|
||||
} else {
|
||||
haproxy::balancermember { "${name}":
|
||||
listening_service => $listening_service,
|
||||
ports => "${service_port_real}",
|
||||
ipaddresses => $ip_addresses_real,
|
||||
server_names => $server_names_real,
|
||||
options => $member_options,
|
||||
}
|
||||
}
|
||||
}
|
@ -1,211 +0,0 @@
|
||||
# Copyright 2014 Red Hat, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
# == Class: tripleo::haproxy::endpoint
|
||||
#
|
||||
# Configure a HAProxy listen endpoint
|
||||
#
|
||||
# [*internal_ip*]
|
||||
# The IP in which the proxy endpoint will be listening in the internal
|
||||
# network.
|
||||
#
|
||||
# [*ip_addresses*]
|
||||
# The ordered list of IPs to be used to contact the balancer member.
|
||||
#
|
||||
# [*server_names*]
|
||||
# The names of the balancer members, which usually should be the hostname.
|
||||
#
|
||||
# [*member_options*]
|
||||
# Options for the balancer member, specified after the server declaration.
|
||||
# These should go in the member's configuration block.
|
||||
#
|
||||
# [*public_virtual_ip*]
|
||||
# Address in which the proxy endpoint will be listening in the public network.
|
||||
# If this service is internal only this should be omitted.
|
||||
# Defaults to undef.
|
||||
#
|
||||
# [*use_backend_syntax*]
|
||||
# (optional) When set to true, generate a config with frontend and
|
||||
# backend sections, otherwise use listen sections.
|
||||
# Defaults to lookup('haproxy_backend_syntax', undef, undef, false)
|
||||
#
|
||||
# [*haproxy_listen_bind_param*]
|
||||
# A list of params to be added to the HAProxy listener bind directive.
|
||||
# Defaults to undef.
|
||||
#
|
||||
# [*public_certificate*]
|
||||
# Certificate path used to enable TLS for the public proxy endpoint.
|
||||
# Defaults to undef.
|
||||
#
|
||||
# [*use_internal_certificates*]
|
||||
# Flag that indicates if we'll use an internal certificate for this specific
|
||||
# service. When set, enables SSL on the internal API endpoints using the file
|
||||
# that certmonger is tracking; this is derived from the network the service is
|
||||
# listening on.
|
||||
# Defaults to false
|
||||
#
|
||||
# [*internal_certificates_specs*]
|
||||
# A hash that should contain the specs that were used to create the
|
||||
# certificates. As the name indicates, only the internal certificates will be
|
||||
# fetched from here. And the keys should follow the following pattern
|
||||
# "haproxy-<network name>". The network name should be as it was defined in
|
||||
# tripleo-heat-templates.
|
||||
# Note that this is only taken into account if the $use_internal_certificates
|
||||
# flag is set.
|
||||
# Defaults to {}
|
||||
#
|
||||
# [*service_network*]
|
||||
# (optional) Indicates the network that the service is running on. Used for
|
||||
# fetching the certificate for that specific network.
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*hsts_header_value*]
|
||||
# (optional) Adds the HTTP Strict Transport Security (HSTS) header to
|
||||
# response. This takes effect only when public_certificate is set.
|
||||
# Defaults to undef
|
||||
#
|
||||
class tripleo::haproxy::horizon_endpoint (
|
||||
$internal_ip,
|
||||
$ip_addresses,
|
||||
$server_names,
|
||||
$member_options,
|
||||
$public_virtual_ip,
|
||||
$use_backend_syntax = lookup('haproxy_backend_syntax', undef, undef, false),
|
||||
$haproxy_listen_bind_param = undef,
|
||||
$public_certificate = undef,
|
||||
$use_internal_certificates = false,
|
||||
$internal_certificates_specs = {},
|
||||
$service_network = undef,
|
||||
$hsts_header_value = undef,
|
||||
) {
|
||||
# Let users override the options on a per-service basis
|
||||
$custom_options = lookup('tripleo::haproxy::horizon::options', undef, undef, undef)
|
||||
$custom_frontend_options = lookup('tripleo::haproxy::horizon::frontend_options', undef, undef, undef)
|
||||
$custom_backend_options = lookup('tripleo::haproxy::horizon::backend_options', undef, undef, undef)
|
||||
$custom_bind_options_public = delete(
|
||||
any2array(lookup('tripleo::haproxy::horizon::public_bind_options', undef, undef, undef)),
|
||||
undef).flatten()
|
||||
$custom_bind_options_internal = delete(
|
||||
any2array(lookup('tripleo::haproxy::horizon::internal_bind_options', undef, undef, undef)),
|
||||
undef).flatten()
|
||||
|
||||
# service exposed to the public network
|
||||
if $public_certificate {
|
||||
if $use_internal_certificates {
|
||||
if !$service_network {
|
||||
fail("The service_network for this service is undefined. Can't configure TLS for the internal network.")
|
||||
}
|
||||
# NOTE(jaosorior): The key of the internal_certificates_specs hash must
|
||||
# must match the convention haproxy-<network name> or else this
|
||||
# will fail. Further, it must contain the path that we'll use under
|
||||
# 'service_pem'.
|
||||
$internal_cert_path = $internal_certificates_specs["haproxy-${service_network}"]['service_pem']
|
||||
$internal_bind_opts = union($haproxy_listen_bind_param, ['ssl', 'crt', $internal_cert_path])
|
||||
} else {
|
||||
# If no internal cert is given, we still configure TLS for the internal
|
||||
# network, however, we expect that the public certificate has appropriate
|
||||
# subjectaltnames set.
|
||||
$internal_bind_opts = union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate])
|
||||
}
|
||||
# NOTE(jaosorior): If the internal_ip and the public_virtual_ip are the
|
||||
# same, the first option takes precedence. Which is the case when network
|
||||
# isolation is not enabled. This is not a problem as both options are
|
||||
# identical. If network isolation is enabled, this works correctly and
|
||||
# will add a TLS binding to both the internal_ip and the
|
||||
# public_virtual_ip.
|
||||
# Even though for the public_virtual_ip the port 80 is listening, we
|
||||
# redirect to https in the horizon_options below.
|
||||
$horizon_bind_opts = {
|
||||
"${internal_ip}:80" => union($haproxy_listen_bind_param, $custom_bind_options_internal),
|
||||
"${internal_ip}:443" => union($internal_bind_opts, $custom_bind_options_internal),
|
||||
"${public_virtual_ip}:80" => union($haproxy_listen_bind_param, $custom_bind_options_public),
|
||||
"${public_virtual_ip}:443" => union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate], $custom_bind_options_public),
|
||||
}
|
||||
|
||||
if $hsts_header_value != undef {
|
||||
$hsts_header_value_real = join(any2array($hsts_header_value), '; ')
|
||||
$hsts_response = "set-header Strict-Transport-Security \"${hsts_header_value_real};\""
|
||||
} else {
|
||||
$hsts_response = undef
|
||||
}
|
||||
|
||||
$horizon_frontend_options = {
|
||||
'http-response' => delete_undef_values([
|
||||
'replace-header Location http://(.*) https://\\1',
|
||||
$hsts_response]),
|
||||
# NOTE(jaosorior): We always redirect to https for the public_virtual_ip.
|
||||
'redirect' => 'scheme https code 301 if !{ ssl_fc }',
|
||||
'option' => [ 'forwardfor' ],
|
||||
'http-request' => [
|
||||
'set-header X-Forwarded-Proto https if { ssl_fc }',
|
||||
'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
|
||||
}
|
||||
} else {
|
||||
$horizon_bind_opts = {
|
||||
"${internal_ip}:80" => union($haproxy_listen_bind_param, $custom_bind_options_internal),
|
||||
"${public_virtual_ip}:80" => union($haproxy_listen_bind_param, $custom_bind_options_public),
|
||||
}
|
||||
$horizon_frontend_options = {
|
||||
'option' => [ 'forwardfor' ],
|
||||
}
|
||||
}
|
||||
$horizon_backend_options = {
|
||||
'cookie' => 'SERVERID insert indirect nocache',
|
||||
'option' => [ 'httpchk' ],
|
||||
}
|
||||
$horizon_options = merge_hash_values($horizon_backend_options,
|
||||
$horizon_frontend_options)
|
||||
|
||||
if $use_internal_certificates {
|
||||
# Use SSL port if TLS in the internal network is enabled.
|
||||
$backend_port = '443'
|
||||
} else {
|
||||
$backend_port = '80'
|
||||
}
|
||||
|
||||
if $use_backend_syntax {
|
||||
haproxy::frontend { 'horizon':
|
||||
bind => $horizon_bind_opts,
|
||||
options => merge($horizon_frontend_options,
|
||||
{ default_backend => 'horizon_be' },
|
||||
$custom_frontend_options),
|
||||
mode => 'http',
|
||||
collect_exported => false,
|
||||
}
|
||||
haproxy::backend { 'horizon_be':
|
||||
options => merge($horizon_backend_options, $custom_backend_options),
|
||||
mode => 'http',
|
||||
}
|
||||
} else {
|
||||
haproxy::listen { 'horizon':
|
||||
bind => $horizon_bind_opts,
|
||||
options => merge($horizon_options, $custom_options),
|
||||
mode => 'http',
|
||||
collect_exported => false,
|
||||
}
|
||||
}
|
||||
hash(zip($ip_addresses, $server_names)).each | $ip, $server | {
|
||||
# We need to be sure the IP (IPv6) don't have colons
|
||||
# which is a reserved character to reference manifests
|
||||
$non_colon_ip = regsubst($ip, ':', '-', 'G')
|
||||
haproxy::balancermember { "horizon_${non_colon_ip}_${server}":
|
||||
listening_service => 'horizon_be',
|
||||
ports => "${backend_port}",
|
||||
ipaddresses => $ip,
|
||||
server_names => $server,
|
||||
options => union($member_options, ["cookie ${server}"]),
|
||||
}
|
||||
}
|
||||
}
|
@ -1,48 +0,0 @@
|
||||
# Copyright 2017 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Define: tripleo::haproxy::service_endpoints
|
||||
#
|
||||
# Define used to create haproxyendpoints for composable services.
|
||||
#
|
||||
# === Parameters:
|
||||
#
|
||||
# [*service_name*]
|
||||
# (optional) The service_name to create the service endpoint(s) for.
|
||||
# Defaults to $title
|
||||
#
|
||||
define tripleo::haproxy::service_endpoints ($service_name = $title) {
|
||||
|
||||
$underscore_name = regsubst($service_name, '-', '_', 'G')
|
||||
|
||||
# This allows each composable service to load its own custom rules by
|
||||
# creating its own flat hiera key named:
|
||||
# tripleo.<service name with underscores>.haproxy_endpoints
|
||||
# tripleo.<service name with underscores>.haproxy_userlists
|
||||
$dots_endpoints = lookup("'tripleo.${underscore_name}.haproxy_endpoints'", undef, undef, {})
|
||||
$dots_userlists = lookup("'tripleo.${underscore_name}.haproxy_userlists'", undef, undef, {})
|
||||
|
||||
# Supports standard "::" notation
|
||||
# tripleo::<service name with underscores>::haproxy_endpoints
|
||||
# tripleo::<service name with underscores>::haproxy_userlists
|
||||
$colons_endpoints = lookup("tripleo::${underscore_name}::haproxy_endpoints", undef, undef, {})
|
||||
$colons_userlists = lookup("tripleo::${underscore_name}::haproxy_userlists", undef, undef, {})
|
||||
|
||||
# Merge hashes
|
||||
$service_endpoints = merge($colons_endpoints, $dots_endpoints)
|
||||
$service_userlists = merge($colons_userlists, $dots_userlists)
|
||||
|
||||
create_resources('tripleo::haproxy::userlist', $service_userlists)
|
||||
create_resources('tripleo::haproxy::endpoint', $service_endpoints)
|
||||
}
|
@ -1,101 +0,0 @@
|
||||
# Copyright 2014 Red Hat, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
# == Class: tripleo::haproxy::stats
|
||||
#
|
||||
# Configure the HAProxy stats interface
|
||||
#
|
||||
# [*haproxy_listen_bind_param*]
|
||||
# A list of params to be added to the HAProxy listener bind directive.
|
||||
#
|
||||
# [*ip*]
|
||||
# IP Address(es) on which the stats interface is listening on.
|
||||
# Can be a string or a list of ip addresses
|
||||
#
|
||||
# [*use_backend_syntax*]
|
||||
# (optional) When set to true, generate a config with frontend and
|
||||
# backend sections, otherwise use listen sections.
|
||||
# Defaults to lookup('haproxy_backend_syntax', undef, undef, false)
|
||||
#
|
||||
# [*port*]
|
||||
# Port on which to listen to for haproxy stats web interface
|
||||
# Defaults to '1993'
|
||||
#
|
||||
# [*password*]
|
||||
# Password for haproxy stats authentication. When set, authentication is
|
||||
# enabled on the haproxy stats endpoint.
|
||||
# A string.
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*certificate*]
|
||||
# Filename of an HAProxy-compatible certificate and key file
|
||||
# When set, enables SSL on the haproxy stats endpoint using the specified file.
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*user*]
|
||||
# Username for haproxy stats authentication.
|
||||
# A string.
|
||||
# Defaults to 'admin'
|
||||
#
|
||||
class tripleo::haproxy::stats (
|
||||
$haproxy_listen_bind_param,
|
||||
$ip,
|
||||
$use_backend_syntax = lookup('haproxy_backend_syntax', undef, undef, false),
|
||||
$port = '1993',
|
||||
$password = undef,
|
||||
$certificate = undef,
|
||||
$user = 'admin'
|
||||
) {
|
||||
if $certificate {
|
||||
$opts = union($haproxy_listen_bind_param, ['ssl', 'crt', $certificate])
|
||||
} else {
|
||||
$opts = $haproxy_listen_bind_param
|
||||
}
|
||||
|
||||
$haproxy_stats_bind_opts = list_to_hash(suffix(any2array($ip), ":${port}"), $opts)
|
||||
|
||||
$stats_base = ['enable', 'uri /']
|
||||
if $password {
|
||||
$stats_config = union($stats_base, ["auth ${user}:${password}"])
|
||||
} else {
|
||||
$stats_config = $stats_base
|
||||
}
|
||||
if $use_backend_syntax {
|
||||
haproxy::frontend { 'haproxy.stats':
|
||||
bind => $haproxy_stats_bind_opts,
|
||||
mode => 'http',
|
||||
options => {
|
||||
'default_backend' => 'haproxy.stats_be',
|
||||
'stats' => $stats_config,
|
||||
},
|
||||
collect_exported => false,
|
||||
}
|
||||
haproxy::backend { 'haproxy.stats_be':
|
||||
mode => 'http',
|
||||
options => {
|
||||
'stats' => $stats_config,
|
||||
},
|
||||
}
|
||||
} else {
|
||||
haproxy::listen { 'haproxy.stats':
|
||||
bind => $haproxy_stats_bind_opts,
|
||||
mode => 'http',
|
||||
options => {
|
||||
'stats' => $stats_config,
|
||||
},
|
||||
collect_exported => false,
|
||||
}
|
||||
}
|
||||
}
|
@ -1,54 +0,0 @@
|
||||
# Copyright 2017 Camptocamp SA.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Definition: tripleo::haproxy::userlist
|
||||
#
|
||||
# Configure an HAProxy userlist. It wrapps haproxy::userlist definition.
|
||||
#
|
||||
# [*groups*]
|
||||
# List of groups
|
||||
#
|
||||
# [*users*]
|
||||
# List of users
|
||||
#
|
||||
# == Example
|
||||
# ::tripleo::haproxy::userlist {'starwars':
|
||||
# groups => [
|
||||
# 'aldebaran users leia,luke',
|
||||
# 'deathstar users anakin,sith',
|
||||
# ],
|
||||
# users => [
|
||||
# 'leia insecure-password sister',
|
||||
# 'luke insecure-password jedi',
|
||||
# 'anakin insecure-password darthvador',
|
||||
# 'sith password $5$h9LsKUOeCr$UlD62CNEpuZQkGYdBoiFJLsM6TlXluRLBlhEnpjDdaC', # mkpasswd -m sha-256 darkSideOfTheForce
|
||||
# ]
|
||||
# }
|
||||
#
|
||||
# Please refer to the following HAProxy documentation for more options:
|
||||
# http://cbonte.github.io/haproxy-dconv/configuration-1.4.html#3.4-user
|
||||
# http://cbonte.github.io/haproxy-dconv/configuration-1.4.html#3.4-group
|
||||
#
|
||||
#
|
||||
define tripleo::haproxy::userlist(
|
||||
Optional[Array] $groups = [],
|
||||
Optional[Array] $users = [],
|
||||
) {
|
||||
|
||||
::haproxy::userlist {$name:
|
||||
users => $users,
|
||||
groups => $groups,
|
||||
}
|
||||
}
|
@ -1,23 +0,0 @@
|
||||
#
|
||||
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo
|
||||
#
|
||||
# Installs the system requirements
|
||||
#
|
||||
|
||||
class tripleo{
|
||||
|
||||
}
|
@ -1,68 +0,0 @@
|
||||
# Copyright 2015 Red Hat, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
# == Class: tripleo::noop
|
||||
#
|
||||
# Enable noop mode for various Puppet resource types via collectors.
|
||||
#
|
||||
# === Parameters:
|
||||
# [*package*]
|
||||
# Whether Package resources should be noop.
|
||||
# Defaults to true
|
||||
#
|
||||
# [*file*]
|
||||
# Whether File resources should be noop.
|
||||
# Defaults to true
|
||||
#
|
||||
# [*service*]
|
||||
# Whether Service resources should be noop.
|
||||
# Defaults to true
|
||||
#
|
||||
# [*exec*]
|
||||
# Whether Exec resources should be noop.
|
||||
# Defaults to true
|
||||
#
|
||||
# [*user*]
|
||||
# Whether User resources should be noop.
|
||||
# Defaults to true
|
||||
#
|
||||
# [*group*]
|
||||
# Whether Group resources should be noop.
|
||||
# Defaults to true
|
||||
#
|
||||
# [*cron*]
|
||||
# Whether Cron resources should be noop.
|
||||
# Defaults to true
|
||||
#
|
||||
#
|
||||
class tripleo::noop (
|
||||
$package = true,
|
||||
$file = true,
|
||||
$service = true,
|
||||
$exec = true,
|
||||
$user = true,
|
||||
$group = true,
|
||||
$cron = true,
|
||||
) {
|
||||
|
||||
Package <| |> { noop => $package}
|
||||
File <| |> { noop => $file}
|
||||
Service <| |> { noop => $service}
|
||||
Exec <| |> { noop => $exec}
|
||||
User <| |> { noop => $user}
|
||||
Group <| |> { noop => $group}
|
||||
Cron <| |> { noop => $cron}
|
||||
|
||||
}
|
@ -1,124 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Define: tripleo::pacemaker::haproxy_with_vip
|
||||
#
|
||||
# Configure the vip with the haproxy under pacemaker
|
||||
#
|
||||
# === Parameters:
|
||||
#
|
||||
# [*vip_name*]
|
||||
# (String) Logical name of the vip (control, public, storage ...)
|
||||
# Required
|
||||
#
|
||||
# [*ip_address*]
|
||||
# (String) IP address on which HAProxy is colocated
|
||||
# Required
|
||||
#
|
||||
# [*location_rule*]
|
||||
# (optional) Add a location constraint before actually enabling
|
||||
# the resource. Must be a hash like the following example:
|
||||
# location_rule => {
|
||||
# resource_discovery => 'exclusive', # optional
|
||||
# role => 'master|slave', # optional
|
||||
# score => 0, # optional
|
||||
# score_attribute => foo, # optional
|
||||
# # Multiple expressions can be used
|
||||
# expression => ['opsrole eq controller']
|
||||
# }
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*meta_params*]
|
||||
# (optional) Additional meta parameters to pass to "pcs resource create" for the VIP
|
||||
# Defaults to ''
|
||||
#
|
||||
# [*op_params*]
|
||||
# (optional) Additional op parameters to pass to "pcs resource create" for the VIP
|
||||
# Defaults to ''
|
||||
#
|
||||
# [*pcs_tries*]
|
||||
# (Optional) The number of times pcs commands should be retried.
|
||||
# Defaults to 1
|
||||
#
|
||||
# [*nic*]
|
||||
# (Optional) Specifies the nic interface on which the VIP should be added
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*ensure*]
|
||||
# (Boolean) Create the all the resources only if true. False won't
|
||||
# destroy the resource, it will just not create them.
|
||||
# Default to true
|
||||
#
|
||||
define tripleo::pacemaker::haproxy_with_vip(
|
||||
$vip_name,
|
||||
$ip_address,
|
||||
$location_rule = undef,
|
||||
$meta_params = '',
|
||||
$op_params = '',
|
||||
$pcs_tries = 1,
|
||||
$nic = undef,
|
||||
$ensure = true
|
||||
){
|
||||
if($ensure) {
|
||||
if $ip_address =~ Stdlib::Compat::Ipv6 {
|
||||
$netmask = '128'
|
||||
$vip_nic = interface_for_ip($ip_address)
|
||||
$ipv6_addrlabel = '99'
|
||||
} elsif $ip_address =~ Stdlib::Compat::Ip_address {
|
||||
$netmask = '32'
|
||||
$vip_nic = ''
|
||||
$ipv6_addrlabel = ''
|
||||
} else {
|
||||
fail("Haproxy VIP: ${ip_address} is not a proper IP address.")
|
||||
}
|
||||
|
||||
if $nic != undef {
|
||||
$nic_real = $nic
|
||||
} else {
|
||||
$nic_real = $vip_nic
|
||||
}
|
||||
|
||||
pacemaker::resource::ip { "${vip_name}_vip":
|
||||
ip_address => $ip_address,
|
||||
cidr_netmask => $netmask,
|
||||
nic => $nic_real,
|
||||
ipv6_addrlabel => $ipv6_addrlabel,
|
||||
meta_params => "resource-stickiness=INFINITY ${meta_params}",
|
||||
location_rule => $location_rule,
|
||||
op_params => $op_params,
|
||||
tries => $pcs_tries,
|
||||
}
|
||||
|
||||
pacemaker::constraint::order { "${vip_name}_vip-then-haproxy":
|
||||
first_resource => "ip-${ip_address}",
|
||||
second_resource => 'haproxy-bundle',
|
||||
first_action => 'start',
|
||||
second_action => 'start',
|
||||
constraint_params => 'kind=Optional',
|
||||
tries => $pcs_tries,
|
||||
}
|
||||
pacemaker::constraint::colocation { "${vip_name}_vip-with-haproxy":
|
||||
source => "ip-${ip_address}",
|
||||
target => 'haproxy-bundle',
|
||||
score => 'INFINITY',
|
||||
tries => $pcs_tries,
|
||||
}
|
||||
|
||||
Pacemaker::Resource::Ip["${vip_name}_vip"]
|
||||
-> Pacemaker::Resource::Bundle['haproxy-bundle']
|
||||
-> Pacemaker::Constraint::Order["${vip_name}_vip-then-haproxy"]
|
||||
-> Pacemaker::Constraint::Colocation["${vip_name}_vip-with-haproxy"]
|
||||
}
|
||||
}
|
@ -1,41 +0,0 @@
|
||||
# Copyright 2015 Red Hat, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
# == Class: tripleo::packages
|
||||
#
|
||||
# Configure package installation/upgrade defaults.
|
||||
#
|
||||
# === Parameters:
|
||||
#
|
||||
# [*enable_install*]
|
||||
# Whether to enable package installation via Puppet.
|
||||
# Defaults to false
|
||||
#
|
||||
class tripleo::packages (
|
||||
$enable_install = false,
|
||||
) {
|
||||
|
||||
# if both enable_install is false
|
||||
if (!str2bool($enable_install)) {
|
||||
case $::osfamily {
|
||||
'RedHat': {
|
||||
Package <| |> { provider => 'norpm' }
|
||||
}
|
||||
default: {
|
||||
warning('enable_install option not supported for this distro.')
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
@ -1,129 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::aodh
|
||||
#
|
||||
# aodh profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
# [*bootstrap_node*]
|
||||
# (Optional) The hostname of the node responsible for bootstrapping tasks
|
||||
# Defaults to lookup('aodh_api_bootstrap_node_name', undef, undef, undef)
|
||||
#
|
||||
# [*oslomsg_rpc_proto*]
|
||||
# Protocol driver for the oslo messaging rpc service
|
||||
# Defaults to lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit')
|
||||
#
|
||||
# [*oslomsg_rpc_hosts*]
|
||||
# list of the oslo messaging rpc host fqdns
|
||||
# Defaults to any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef))
|
||||
#
|
||||
# [*oslomsg_rpc_port*]
|
||||
# IP port for oslo messaging rpc service
|
||||
# Defaults to lookup('oslo_messaging_rpc_port', undef, undef, '5672')
|
||||
#
|
||||
# [*oslomsg_rpc_username*]
|
||||
# Username for oslo messaging rpc service
|
||||
# Defaults to lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest')
|
||||
#
|
||||
# [*oslomsg_rpc_password*]
|
||||
# Password for oslo messaging rpc service
|
||||
# Defaults to lookup('oslo_messaging_rpc_password')
|
||||
#
|
||||
# [*oslomsg_rpc_use_ssl*]
|
||||
# Enable ssl oslo messaging services
|
||||
# Defaults to lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0')
|
||||
#
|
||||
# [*oslomsg_notify_proto*]
|
||||
# Protocol driver for the oslo messaging notify service
|
||||
# Defaults to lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit')
|
||||
#
|
||||
# [*oslomsg_notify_hosts*]
|
||||
# list of the oslo messaging notify host fqdns
|
||||
# Defaults to any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef))
|
||||
#
|
||||
# [*oslomsg_notify_port*]
|
||||
# IP port for oslo messaging notify service
|
||||
# Defaults to lookup('oslo_messaging_notify_port', undef, undef, '5672')
|
||||
#
|
||||
# [*oslomsg_notify_username*]
|
||||
# Username for oslo messaging notify service
|
||||
# Defaults to lookup('oslo_messaging_notify_user_name', undef, undef, 'guest')
|
||||
#
|
||||
# [*oslomsg_notify_password*]
|
||||
# Password for oslo messaging notify service
|
||||
# Defaults to lookup('oslo_messaging_notify_password')
|
||||
#
|
||||
# [*oslomsg_notify_use_ssl*]
|
||||
# Enable ssl oslo messaging services
|
||||
# Defaults to lookup('oslo_messaging_notify_use_ssl', undef, undef, '0')
|
||||
|
||||
class tripleo::profile::base::aodh (
|
||||
$step = Integer(lookup('step')),
|
||||
$bootstrap_node = lookup('aodh_api_bootstrap_node_name', undef, undef, undef),
|
||||
$oslomsg_rpc_proto = lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'),
|
||||
$oslomsg_rpc_hosts = any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)),
|
||||
$oslomsg_rpc_password = lookup('oslo_messaging_rpc_password'),
|
||||
$oslomsg_rpc_port = lookup('oslo_messaging_rpc_port', undef, undef, '5672'),
|
||||
$oslomsg_rpc_username = lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest'),
|
||||
$oslomsg_rpc_use_ssl = lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0'),
|
||||
$oslomsg_notify_proto = lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit'),
|
||||
$oslomsg_notify_hosts = any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)),
|
||||
$oslomsg_notify_password = lookup('oslo_messaging_notify_password'),
|
||||
$oslomsg_notify_port = lookup('oslo_messaging_notify_port', undef, undef, '5672'),
|
||||
$oslomsg_notify_username = lookup('oslo_messaging_notify_user_name', undef, undef, 'guest'),
|
||||
$oslomsg_notify_use_ssl = lookup('oslo_messaging_notify_use_ssl', undef, undef, '0'),
|
||||
) {
|
||||
|
||||
if $bootstrap_node and $::hostname == downcase($bootstrap_node) {
|
||||
$sync_db = true
|
||||
} else {
|
||||
$sync_db = false
|
||||
}
|
||||
|
||||
if $step >= 4 or ($step >= 3 and $sync_db) {
|
||||
$oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl)))
|
||||
$oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl)))
|
||||
class { 'aodh' :
|
||||
default_transport_url => os_transport_url({
|
||||
'transport' => $oslomsg_rpc_proto,
|
||||
'hosts' => $oslomsg_rpc_hosts,
|
||||
'port' => $oslomsg_rpc_port,
|
||||
'username' => $oslomsg_rpc_username,
|
||||
'password' => $oslomsg_rpc_password,
|
||||
'ssl' => $oslomsg_rpc_use_ssl_real,
|
||||
}),
|
||||
notification_transport_url => os_transport_url({
|
||||
'transport' => $oslomsg_notify_proto,
|
||||
'hosts' => $oslomsg_notify_hosts,
|
||||
'port' => $oslomsg_notify_port,
|
||||
'username' => $oslomsg_notify_username,
|
||||
'password' => $oslomsg_notify_password,
|
||||
'ssl' => $oslomsg_notify_use_ssl_real,
|
||||
}),
|
||||
}
|
||||
include aodh::service_credentials
|
||||
include aodh::config
|
||||
include aodh::db
|
||||
include aodh::db::sync
|
||||
include aodh::logging
|
||||
}
|
||||
|
||||
}
|
@ -1,105 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::aodh::api
|
||||
#
|
||||
# aodh API profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*aodh_network*]
|
||||
# (Optional) The network name where the aodh endpoint is listening on.
|
||||
# This is set by t-h-t.
|
||||
# Defaults to lookup('aodh_api_network', undef, undef, undef)
|
||||
#
|
||||
# [*bootstrap_node*]
|
||||
# (Optional) The hostname of the node responsible for bootstrapping tasks
|
||||
# Defaults to lookup('aodh_api_bootstrap_node_name', undef, undef, undef)
|
||||
#
|
||||
# [*certificates_specs*]
|
||||
# (Optional) The specifications to give to certmonger for the certificate(s)
|
||||
# it will create.
|
||||
# Example with hiera:
|
||||
# apache_certificates_specs:
|
||||
# httpd-internal_api:
|
||||
# hostname: <overcloud controller fqdn>
|
||||
# service_certificate: <service certificate path>
|
||||
# service_key: <service key path>
|
||||
# principal: "haproxy/<overcloud controller fqdn>"
|
||||
# Defaults to lookup('apache_certificates_specs', undef, undef, {}).
|
||||
#
|
||||
# [*enable_internal_tls*]
|
||||
# (Optional) Whether TLS in the internal network is enabled or not.
|
||||
# Defaults to lookup('enable_internal_tls', undef, undef, false)
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
# [*enable_aodh_expirer*]
|
||||
# (Optional) Whether aodh expirer should be configured
|
||||
# Defaults to lookup('enable_aodh_expirer', undef, undef, true)
|
||||
#
|
||||
# [*configure_apache*]
|
||||
# (Optional) Whether apache is configured via puppet or not.
|
||||
# Defaults to lookup('configure_apache', undef, undef, true)
|
||||
#
|
||||
class tripleo::profile::base::aodh::api (
|
||||
$aodh_network = lookup('aodh_api_network', undef, undef, undef),
|
||||
$bootstrap_node = lookup('aodh_api_bootstrap_node_name', undef, undef, undef),
|
||||
$certificates_specs = lookup('apache_certificates_specs', undef, undef, {}),
|
||||
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
|
||||
$step = Integer(lookup('step')),
|
||||
$enable_aodh_expirer = true,
|
||||
$configure_apache = lookup('configure_apache', undef, undef, true),
|
||||
) {
|
||||
if $bootstrap_node and $::hostname == downcase($bootstrap_node) {
|
||||
$is_bootstrap = true
|
||||
} else {
|
||||
$is_bootstrap = false
|
||||
}
|
||||
|
||||
include tripleo::profile::base::aodh
|
||||
include tripleo::profile::base::aodh::authtoken
|
||||
|
||||
if $enable_internal_tls {
|
||||
if !$aodh_network {
|
||||
fail('aodh_api_network is not set in the hieradata.')
|
||||
}
|
||||
$tls_certfile = $certificates_specs["httpd-${aodh_network}"]['service_certificate']
|
||||
$tls_keyfile = $certificates_specs["httpd-${aodh_network}"]['service_key']
|
||||
} else {
|
||||
$tls_certfile = undef
|
||||
$tls_keyfile = undef
|
||||
}
|
||||
|
||||
if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
|
||||
include aodh::api
|
||||
include aodh::healthcheck
|
||||
if $configure_apache {
|
||||
include tripleo::profile::base::apache
|
||||
class { 'aodh::wsgi::apache':
|
||||
ssl_cert => $tls_certfile,
|
||||
ssl_key => $tls_keyfile,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if $step >= 5 {
|
||||
if $enable_aodh_expirer {
|
||||
include aodh::expirer
|
||||
}
|
||||
}
|
||||
}
|
@ -1,84 +0,0 @@
|
||||
# Copyright 2019 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::aodh::authtoken
|
||||
#
|
||||
# Aodh authtoken profile for TripleO
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
# [*memcached_hosts*]
|
||||
# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache.
|
||||
# Defaults to lookup('memcached_node_names', undef, undef, [])
|
||||
#
|
||||
# [*memcached_port*]
|
||||
# (Optional) Memcached port to use.
|
||||
# Defaults to lookup('memcached_authtoken_port', undef, undef, 11211)
|
||||
#
|
||||
# [*memcached_ipv6*]
|
||||
# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network.
|
||||
# Defaults to lookup('memcached_ipv6', undef, undef, false)
|
||||
#
|
||||
# [*security_strategy*]
|
||||
# (Optional) Memcached (authtoken) security strategy.
|
||||
# Defaults to lookup('memcached_authtoken_security_strategy', undef, undef, undef)
|
||||
#
|
||||
# [*secret_key*]
|
||||
# (Optional) Memcached (authtoken) secret key, used with security_strategy.
|
||||
# The key is hashed with a salt, to isolate services.
|
||||
# Defaults to lookup('memcached_authtoken_secret_key', undef, undef, undef)
|
||||
#
|
||||
# DEPRECATED PARAMETERS
|
||||
#
|
||||
# [*memcached_ips*]
|
||||
# (Optional) Array of ipv4 or ipv6 addresses for memcache.
|
||||
# Defaults to undef
|
||||
#
|
||||
class tripleo::profile::base::aodh::authtoken (
|
||||
$step = Integer(lookup('step')),
|
||||
$memcached_hosts = lookup('memcached_node_names', undef, undef, []),
|
||||
$memcached_port = lookup('memcached_authtoken_port', undef, undef, 11211),
|
||||
$memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false),
|
||||
$security_strategy = lookup('memcached_authtoken_security_strategy', undef, undef, undef),
|
||||
$secret_key = lookup('memcached_authtoken_secret_key', undef, undef, undef),
|
||||
# DEPRECATED PARAMETERS
|
||||
$memcached_ips = undef
|
||||
) {
|
||||
$memcached_hosts_real = any2array(pick($memcached_ips, $memcached_hosts))
|
||||
|
||||
if $step >= 3 {
|
||||
if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 {
|
||||
$memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" }
|
||||
} else {
|
||||
$memcache_servers = suffix($memcached_hosts_real, ":${memcached_port}")
|
||||
}
|
||||
|
||||
if $secret_key {
|
||||
$hashed_secret_key = sha256("${secret_key}+aodh")
|
||||
} else {
|
||||
$hashed_secret_key = undef
|
||||
}
|
||||
|
||||
class { 'aodh::keystone::authtoken':
|
||||
memcached_servers => $memcache_servers,
|
||||
memcache_security_strategy => $security_strategy,
|
||||
memcache_secret_key => $hashed_secret_key,
|
||||
}
|
||||
}
|
||||
}
|
@ -1,59 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::aodh::evaluator
|
||||
#
|
||||
# aodh evaluator profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*enable_internal_tls*]
|
||||
# (Optional) Whether TLS in the internal network is enabled or not.
|
||||
# Defaults to lookup('enable_internal_tls', undef, undef, false)
|
||||
#
|
||||
# [*aodh_redis_password*]
|
||||
# (Optional) redis password to configure coordination url
|
||||
# Defaults to lookup('aodh_redis_password')
|
||||
#
|
||||
# [*redis_vip*]
|
||||
# (Optional) redis vip to configure coordination url
|
||||
# Defaults to lookup('redis_vip')
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to lookup('step')
|
||||
#
|
||||
class tripleo::profile::base::aodh::evaluator (
|
||||
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
|
||||
$aodh_redis_password = lookup('aodh_redis_password'),
|
||||
$redis_vip = lookup('redis_vip'),
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
|
||||
include tripleo::profile::base::aodh
|
||||
if $enable_internal_tls {
|
||||
$tls_query_param = '?ssl=true'
|
||||
} else {
|
||||
$tls_query_param = ''
|
||||
}
|
||||
|
||||
if $step >= 4 {
|
||||
class { 'aodh::coordination':
|
||||
backend_url => join(['redis://:', $aodh_redis_password, '@', normalize_ip_for_uri($redis_vip), ':6379/', $tls_query_param]),
|
||||
}
|
||||
include aodh::evaluator
|
||||
}
|
||||
|
||||
}
|
@ -1,36 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::aodh::listener
|
||||
#
|
||||
# aodh listener profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
class tripleo::profile::base::aodh::listener (
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
|
||||
include tripleo::profile::base::aodh
|
||||
|
||||
if $step >= 4 {
|
||||
include aodh::listener
|
||||
}
|
||||
|
||||
}
|
@ -1,36 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::aodh::notifier
|
||||
#
|
||||
# aodh notifier profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
class tripleo::profile::base::aodh::notifier (
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
|
||||
include tripleo::profile::base::aodh
|
||||
|
||||
if $step >= 4 {
|
||||
include aodh::notifier
|
||||
}
|
||||
|
||||
}
|
@ -1,51 +0,0 @@
|
||||
# Copyright 2017 Camptocamp SA.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class tripleo::profile::base::apache
|
||||
#
|
||||
# Common apache modules and configuration for API listeners
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*enable_status_listener*]
|
||||
# Enable or not the localhost listener in httpd.
|
||||
# Accepted values: Boolean.
|
||||
# Default to false.
|
||||
#
|
||||
# [*status_listener*]
|
||||
# Where should apache listen for status page
|
||||
# Default to 127.0.0.1:80
|
||||
#
|
||||
# [*mpm_module*]
|
||||
# The MPM module to use.
|
||||
# Default to prefork.
|
||||
|
||||
class tripleo::profile::base::apache(
|
||||
Boolean $enable_status_listener = false,
|
||||
String $status_listener = '127.0.0.1:80',
|
||||
String $mpm_module = 'prefork',
|
||||
) {
|
||||
include apache::params
|
||||
class { 'apache':
|
||||
mpm_module => $mpm_module,
|
||||
}
|
||||
|
||||
include apache::mod::status
|
||||
include apache::mod::ssl
|
||||
if $enable_status_listener {
|
||||
if !defined(Apache::Listen[$status_listener]) {
|
||||
::apache::listen {$status_listener: }
|
||||
}
|
||||
}
|
||||
}
|
@ -1,36 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::barbican
|
||||
#
|
||||
# Barbican profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
|
||||
class tripleo::profile::base::barbican (
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
|
||||
if $step >= 3 {
|
||||
include barbican
|
||||
include barbican::config
|
||||
include barbican::db
|
||||
}
|
||||
}
|
@ -1,181 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::barbican::api
|
||||
#
|
||||
# Barbican profile for tripleo api
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*barbican_network*]
|
||||
# (Optional) The network name where the barbican endpoint is listening on.
|
||||
# This is set by t-h-t.
|
||||
# Defaults to lookup('barbican_api_network', undef, undef, undef)
|
||||
#
|
||||
# [*bootstrap_node*]
|
||||
# (Optional) The hostname of the node responsible for bootstrapping tasks
|
||||
# Defaults to lookup('barbican_api_bootstrap_node_name', undef, undef, undef)
|
||||
#
|
||||
# [*certificates_specs*]
|
||||
# (Optional) The specifications to give to certmonger for the certificate(s)
|
||||
# it will create.
|
||||
# Example with hiera:
|
||||
# apache_certificates_specs:
|
||||
# httpd-internal_api:
|
||||
# hostname: <overcloud controller fqdn>
|
||||
# service_certificate: <service certificate path>
|
||||
# service_key: <service key path>
|
||||
# principal: "haproxy/<overcloud controller fqdn>"
|
||||
# Defaults to lookup('apache_certificates_specs', undef, undef, {}).
|
||||
#
|
||||
# [*enable_internal_tls*]
|
||||
# (Optional) Whether TLS in the internal network is enabled or not.
|
||||
# Defaults to lookup('enable_internal_tls', undef, undef, false)
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
# [*oslomsg_rpc_proto*]
|
||||
# Protocol driver for the oslo messaging rpc service
|
||||
# Defaults to lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit')
|
||||
#
|
||||
# [*oslomsg_rpc_hosts*]
|
||||
# list of the oslo messaging rpc host fqdns
|
||||
# Defaults to any2array(lookup('oslo_messaging_rpc_node_names', unef, undef, undef))
|
||||
#
|
||||
# [*oslomsg_rpc_port*]
|
||||
# IP port for oslo messaging rpc service
|
||||
# Defaults to lookup('oslo_messaging_rpc_port', undef, undef, '5672')
|
||||
#
|
||||
# [*oslomsg_rpc_username*]
|
||||
# Username for oslo messaging rpc service
|
||||
# Defaults to lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest')
|
||||
#
|
||||
# [*oslomsg_rpc_password*]
|
||||
# Password for oslo messaging rpc service
|
||||
# Defaults to lookup('oslo_messaging_rpc_password')
|
||||
#
|
||||
# [*oslomsg_rpc_use_ssl*]
|
||||
# Enable ssl oslo messaging services
|
||||
# Defaults to lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0')
|
||||
#
|
||||
# [*oslomsg_notify_proto*]
|
||||
# Protocol driver for the oslo messaging notify service
|
||||
# Defaults to lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit')
|
||||
#
|
||||
# [*oslomsg_notify_hosts*]
|
||||
# list of the oslo messaging notify host fqdns
|
||||
# Defaults to any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef))
|
||||
#
|
||||
# [*oslomsg_notify_port*]
|
||||
# IP port for oslo messaging notify service
|
||||
# Defaults to lookup('oslo_messaging_notify_port', undef, undef, '5672')
|
||||
#
|
||||
# [*oslomsg_notify_username*]
|
||||
# Username for oslo messaging notify service
|
||||
# Defaults to lookup('oslo_messaging_notify_user_name', undef, undef, 'guest')
|
||||
#
|
||||
# [*oslomsg_notify_password*]
|
||||
# Password for oslo messaging notify service
|
||||
# Defaults to lookup('oslo_messaging_notify_password')
|
||||
#
|
||||
# [*oslomsg_notify_use_ssl*]
|
||||
# Enable ssl oslo messaging services
|
||||
# Defaults to lookup('oslo_messaging_notify_use_ssl', undef, undef, '0')
|
||||
#
|
||||
# [*configure_apache*]
|
||||
# (Optional) Whether apache is configured via puppet or not.
|
||||
# Defaults to lookup('configure_apache', undef, undef, true)
|
||||
#
|
||||
class tripleo::profile::base::barbican::api (
|
||||
$barbican_network = lookup('barbican_api_network', undef, undef, undef),
|
||||
$bootstrap_node = lookup('barbican_api_bootstrap_node_name', undef, undef, undef),
|
||||
$certificates_specs = lookup('apache_certificates_specs', undef, undef, {}),
|
||||
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
|
||||
$step = Integer(lookup('step')),
|
||||
$oslomsg_rpc_proto = lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'),
|
||||
$oslomsg_rpc_hosts = any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)),
|
||||
$oslomsg_rpc_password = lookup('oslo_messaging_rpc_password'),
|
||||
$oslomsg_rpc_port = lookup('oslo_messaging_rpc_port', undef, undef, '5672'),
|
||||
$oslomsg_rpc_username = lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest'),
|
||||
$oslomsg_rpc_use_ssl = lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0'),
|
||||
$oslomsg_notify_proto = lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit'),
|
||||
$oslomsg_notify_hosts = any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)),
|
||||
$oslomsg_notify_password = lookup('oslo_messaging_notify_password'),
|
||||
$oslomsg_notify_port = lookup('oslo_messaging_notify_port', undef, undef, '5672'),
|
||||
$oslomsg_notify_username = lookup('oslo_messaging_notify_user_name', undef, undef, 'guest'),
|
||||
$oslomsg_notify_use_ssl = lookup('oslo_messaging_notify_use_ssl', undef, undef, '0'),
|
||||
$configure_apache = lookup('configure_apache', undef, undef, true),
|
||||
) {
|
||||
if $bootstrap_node and $::hostname == downcase($bootstrap_node) {
|
||||
$sync_db = true
|
||||
} else {
|
||||
$sync_db = false
|
||||
}
|
||||
|
||||
if $enable_internal_tls {
|
||||
if !$barbican_network {
|
||||
fail('barbican_api_network is not set in the hieradata.')
|
||||
}
|
||||
$tls_certfile = $certificates_specs["httpd-${barbican_network}"]['service_certificate']
|
||||
$tls_keyfile = $certificates_specs["httpd-${barbican_network}"]['service_key']
|
||||
} else {
|
||||
$tls_certfile = undef
|
||||
$tls_keyfile = undef
|
||||
}
|
||||
|
||||
include tripleo::profile::base::barbican
|
||||
include tripleo::profile::base::barbican::authtoken
|
||||
|
||||
if $step >= 4 or ( $step >= 3 and $sync_db ) {
|
||||
include tripleo::profile::base::barbican::backends
|
||||
|
||||
$oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl)))
|
||||
$oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl)))
|
||||
class { 'barbican::api':
|
||||
sync_db => $sync_db,
|
||||
default_transport_url => os_transport_url({
|
||||
'transport' => $oslomsg_rpc_proto,
|
||||
'hosts' => $oslomsg_rpc_hosts,
|
||||
'port' => $oslomsg_rpc_port,
|
||||
'username' => $oslomsg_rpc_username,
|
||||
'password' => $oslomsg_rpc_password,
|
||||
'ssl' => $oslomsg_rpc_use_ssl_real,
|
||||
}),
|
||||
notification_transport_url => os_transport_url({
|
||||
'transport' => $oslomsg_notify_proto,
|
||||
'hosts' => $oslomsg_notify_hosts,
|
||||
'port' => $oslomsg_notify_port,
|
||||
'username' => $oslomsg_notify_username,
|
||||
'password' => $oslomsg_notify_password,
|
||||
'ssl' => $oslomsg_notify_use_ssl_real,
|
||||
}),
|
||||
multiple_secret_stores_enabled => true,
|
||||
enabled_secret_stores => $::tripleo::profile::base::barbican::backends::enabled_secret_stores,
|
||||
}
|
||||
include barbican::api::logging
|
||||
include barbican::healthcheck
|
||||
include barbican::keystone::notification
|
||||
include barbican::quota
|
||||
if $configure_apache {
|
||||
include tripleo::profile::base::apache
|
||||
class { 'barbican::wsgi::apache':
|
||||
ssl_cert => $tls_certfile,
|
||||
ssl_key => $tls_keyfile,
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
@ -1,84 +0,0 @@
|
||||
# Copyright 2019 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::barbican::authtoken
|
||||
#
|
||||
# Barbican authtoken profile for TripleO
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
# [*memcached_hosts*]
|
||||
# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache.
|
||||
# Defaults to lookup('memcached_node_names', undef, undef, [])
|
||||
#
|
||||
# [*memcached_port*]
|
||||
# (Optional) Memcached port to use.
|
||||
# Defaults to lookup('memcached_authtoken_port', undef, undef, 11211)
|
||||
#
|
||||
# [*memcached_ipv6*]
|
||||
# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network.
|
||||
# Defauls to lookup('memcached_ipv6', undef, undef, false)
|
||||
#
|
||||
# [*security_strategy*]
|
||||
# (Optional) Memcached (authtoken) security strategy.
|
||||
# Defaults to lookup('memcached_authtoken_security_strategy', undef, undef, undef)
|
||||
#
|
||||
# [*secret_key*]
|
||||
# (Optional) Memcached (authtoken) secret key, used with security_strategy.
|
||||
# The key is hashed with a salt, to isolate services.
|
||||
# Defaults to lookup('memcached_authtoken_secret_key', undef, undef, undef)
|
||||
#
|
||||
# DEPRECATED PARAMETERS
|
||||
#
|
||||
# [*memcached_ips*]
|
||||
# (Optional) Array of ipv4 or ipv6 addresses for memcache.
|
||||
# Defaults to undef
|
||||
#
|
||||
class tripleo::profile::base::barbican::authtoken (
|
||||
$step = Integer(lookup('step')),
|
||||
$memcached_hosts = lookup('memcached_node_names', undef, undef, []),
|
||||
$memcached_port = lookup('memcached_authtoken_port', undef, undef, 11211),
|
||||
$memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false),
|
||||
$security_strategy = lookup('memcached_authtoken_security_strategy', undef, undef, undef),
|
||||
$secret_key = lookup('memcached_authtoken_secret_key', undef, undef, undef),
|
||||
# DEPRECATED PARAMETERS
|
||||
$memcached_ips = undef
|
||||
) {
|
||||
$memcached_hosts_real = any2array(pick($memcached_ips, $memcached_hosts))
|
||||
|
||||
if $step >= 3 {
|
||||
if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 {
|
||||
$memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" }
|
||||
} else {
|
||||
$memcache_servers = suffix($memcached_hosts_real, ":${memcached_port}")
|
||||
}
|
||||
|
||||
if $secret_key {
|
||||
$hashed_secret_key = sha256("${secret_key}+barbican")
|
||||
} else {
|
||||
$hashed_secret_key = undef
|
||||
}
|
||||
|
||||
class { 'barbican::keystone::authtoken':
|
||||
memcached_servers => $memcache_servers,
|
||||
memcache_security_strategy => $security_strategy,
|
||||
memcache_secret_key => $hashed_secret_key,
|
||||
}
|
||||
}
|
||||
}
|
@ -1,77 +0,0 @@
|
||||
# Copyright 2017 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::barbican::backends
|
||||
#
|
||||
# Barbican's secret store plugin profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*simple_crypto_backend_enabled*]
|
||||
# (Optional) Whether the simple crypto backend is enabled or not. This is
|
||||
# dynamically set via t-h-t.
|
||||
# Defaults to lookup('barbican_backend_simple_crypto_enabled', undef, undef, false)
|
||||
#
|
||||
# [*dogtag_backend_enabled*]
|
||||
# (Optional) Whether the Dogtag backend is enabled or not. This is
|
||||
# dynamically set via t-h-t.
|
||||
# Defaults to lookup('barbican_backend_dogtag_enabled', undef, undef, false)
|
||||
#
|
||||
# [*p11_crypto_backend_enabled*]
|
||||
# (Optional) Whether the pkcs11 crypto backend is enabled or not. This is
|
||||
# dynamically set via t-h-t.
|
||||
# Defaults to lookup('barbican_backend_pkcs11_crypto_enabled', undef, undef, false)
|
||||
#
|
||||
# [*kmip_backend_enabled*]
|
||||
# (Optional) Whether the KMIP backend is enabled or not. This is
|
||||
# dynamically set via t-h-t.
|
||||
# Defaults to lookup('barbican_backend_kmip_enabled', undef, undef, false)
|
||||
#
|
||||
class tripleo::profile::base::barbican::backends (
|
||||
$simple_crypto_backend_enabled = lookup('barbican_backend_simple_crypto_enabled', undef, undef, false),
|
||||
$dogtag_backend_enabled = lookup('barbican_backend_dogtag_enabled', undef, undef, false),
|
||||
$p11_crypto_backend_enabled = lookup('barbican_backend_pkcs11_crypto_enabled', undef, undef, false),
|
||||
$kmip_backend_enabled = lookup('barbican_backend_kmip_enabled', undef, undef, false),
|
||||
) {
|
||||
if $simple_crypto_backend_enabled {
|
||||
include barbican::plugins::simple_crypto
|
||||
$backend1 = 'simple_crypto'
|
||||
} else {
|
||||
$backend1 = undef
|
||||
}
|
||||
|
||||
if $dogtag_backend_enabled {
|
||||
include barbican::plugins::dogtag
|
||||
$backend2 = 'dogtag'
|
||||
} else {
|
||||
$backend2 = undef
|
||||
}
|
||||
|
||||
if $p11_crypto_backend_enabled {
|
||||
include barbican::plugins::p11_crypto
|
||||
$backend3 = 'pkcs11'
|
||||
} else {
|
||||
$backend3 = undef
|
||||
}
|
||||
|
||||
if $kmip_backend_enabled {
|
||||
include barbican::plugins::kmip
|
||||
$backend4 = 'kmip'
|
||||
} else {
|
||||
$backend4 = undef
|
||||
}
|
||||
|
||||
$enabled_backends_list = delete_undef_values([$backend1, $backend2, $backend3, $backend4])
|
||||
$enabled_secret_stores = join($enabled_backends_list, ',')
|
||||
}
|
@ -1,155 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::ceilometer
|
||||
#
|
||||
# Ceilometer profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
# [*oslomsg_rpc_proto*]
|
||||
# Protocol driver for the oslo messaging rpc service
|
||||
# Defaults to lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit')
|
||||
#
|
||||
# [*oslomsg_rpc_hosts*]
|
||||
# list of the oslo messaging rpc host fqdns
|
||||
# Defaults to any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef))
|
||||
#
|
||||
# [*oslomsg_rpc_port*]
|
||||
# IP port for oslo messaging rpc service
|
||||
# Defaults to lookup('oslo_messaging_rpc_port', undef, undef, '5672')
|
||||
#
|
||||
# [*oslomsg_rpc_username*]
|
||||
# Username for oslo messaging rpc service
|
||||
# Defaults to lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest')
|
||||
#
|
||||
# [*oslomsg_rpc_password*]
|
||||
# Password for oslo messaging rpc service
|
||||
# Defaults to lookup('oslo_messaging_rpc_password')
|
||||
#
|
||||
# [*oslomsg_rpc_use_ssl*]
|
||||
# Enable ssl oslo messaging services
|
||||
# Defaults to lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0')
|
||||
#
|
||||
# [*oslomsg_notify_proto*]
|
||||
# Protocol driver for the oslo messaging notify service
|
||||
# Defaults to lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit')
|
||||
#
|
||||
# [*oslomsg_notify_hosts*]
|
||||
# list of the oslo messaging notify host fqdns
|
||||
# Defaults to any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef))
|
||||
#
|
||||
# [*oslomsg_notify_port*]
|
||||
# IP port for oslo messaging notify service
|
||||
# Defaults to lookup('oslo_messaging_notify_port', undef, undef, '5672')
|
||||
#
|
||||
# [*oslomsg_notify_username*]
|
||||
# Username for oslo messaging notify service
|
||||
# Defaults to lookup('oslo_messaging_notify_user_name', undef, undef, 'guest')
|
||||
#
|
||||
# [*oslomsg_notify_password*]
|
||||
# Password for oslo messaging notify service
|
||||
# Defaults to lookup('oslo_messaging_notify_password')
|
||||
#
|
||||
# [*oslomsg_notify_use_ssl*]
|
||||
# Enable ssl oslo messaging services
|
||||
# Defaults to lookup('oslo_messaging_notify_use_ssl', undef, undef, '0')
|
||||
#
|
||||
# [*memcached_hosts*]
|
||||
# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache.
|
||||
# Defaults to lookup('memcached_node_names', undef, undef, [])
|
||||
#
|
||||
# [*memcached_port*]
|
||||
# (Optional) Memcached port to use.
|
||||
# Defaults to lookup('memcached_port', undef, undef, 11211)
|
||||
#
|
||||
# [*memcached_ipv6*]
|
||||
# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network.
|
||||
# Defauls to lookup('memcached_ipv6', undef, undef, false)
|
||||
#
|
||||
# [*cache_backend*]
|
||||
# (Optional) oslo.cache backend used for caching.
|
||||
# Defaults to lookup('ceilometer::cache::backend', undef, undef, false)
|
||||
#
|
||||
class tripleo::profile::base::ceilometer (
|
||||
$step = Integer(lookup('step')),
|
||||
$oslomsg_rpc_proto = lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'),
|
||||
$oslomsg_rpc_hosts = any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)),
|
||||
$oslomsg_rpc_password = lookup('oslo_messaging_rpc_password'),
|
||||
$oslomsg_rpc_port = lookup('oslo_messaging_rpc_port', undef, undef, '5672'),
|
||||
$oslomsg_rpc_username = lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest'),
|
||||
$oslomsg_rpc_use_ssl = lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0'),
|
||||
$oslomsg_notify_proto = lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit'),
|
||||
$oslomsg_notify_hosts = any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)),
|
||||
$oslomsg_notify_password = lookup('oslo_messaging_notify_password'),
|
||||
$oslomsg_notify_port = lookup('oslo_messaging_notify_port', undef, undef, '5672'),
|
||||
$oslomsg_notify_username = lookup('oslo_messaging_notify_user_name', undef, undef, 'guest'),
|
||||
$oslomsg_notify_use_ssl = lookup('oslo_messaging_notify_use_ssl', undef, undef, '0'),
|
||||
$memcached_hosts = lookup('memcached_node_names', undef, undef, []),
|
||||
$memcached_port = lookup('memcached_port', undef, undef, 11211),
|
||||
$memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false),
|
||||
$cache_backend = lookup('ceilometer::cache::backend', undef, undef, false),
|
||||
) {
|
||||
|
||||
$memcached_hosts_real = any2array($memcached_hosts)
|
||||
|
||||
if $step >= 3 {
|
||||
$oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl)))
|
||||
$oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl)))
|
||||
|
||||
if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 {
|
||||
if $cache_backend in ['oslo_cache.memcache_pool', 'dogpile.cache.memcached'] {
|
||||
# NOTE(tkajinm): The inet6 prefix is required for backends using
|
||||
# python-memcached
|
||||
$cache_memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" }
|
||||
} else {
|
||||
# NOTE(tkajinam): The other backends like pymemcache don't require
|
||||
# the inet6 prefix
|
||||
$cache_memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_hosts_real)), ":${memcached_port}")
|
||||
}
|
||||
} else {
|
||||
$cache_memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_hosts_real)), ":${memcached_port}")
|
||||
}
|
||||
class { 'ceilometer::cache':
|
||||
memcache_servers => $cache_memcache_servers
|
||||
}
|
||||
|
||||
class { 'ceilometer' :
|
||||
default_transport_url => os_transport_url({
|
||||
'transport' => $oslomsg_rpc_proto,
|
||||
'hosts' => $oslomsg_rpc_hosts,
|
||||
'port' => $oslomsg_rpc_port,
|
||||
'username' => $oslomsg_rpc_username,
|
||||
'password' => $oslomsg_rpc_password,
|
||||
'ssl' => $oslomsg_rpc_use_ssl_real,
|
||||
}),
|
||||
notification_transport_url => os_transport_url({
|
||||
'transport' => $oslomsg_notify_proto,
|
||||
'hosts' => $oslomsg_notify_hosts,
|
||||
'port' => $oslomsg_notify_port,
|
||||
'username' => $oslomsg_notify_username,
|
||||
'password' => $oslomsg_notify_password,
|
||||
'ssl' => $oslomsg_notify_use_ssl_real,
|
||||
}),
|
||||
}
|
||||
|
||||
include ceilometer::config
|
||||
include ceilometer::logging
|
||||
}
|
||||
}
|
@ -1,111 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::ceilometer::agent::notification
|
||||
#
|
||||
# Ceilometer Notification Agent profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
# [*notifier_enabled*]
|
||||
# (optional) Enable configuration of notifier as pipeline publisher.
|
||||
# Defaults to false
|
||||
#
|
||||
# [*notifier_events_enabled*]
|
||||
# (optional) Enable configuration of event notifier as pipeline publisher.
|
||||
# Defaults to false
|
||||
#
|
||||
# [*notifier_host_addr*]
|
||||
# (optional) IP address of Ceilometer notifier (edge qdr Endpoint)
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*notifier_host_port*]
|
||||
# (optional) Ceilometer notifier port
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*notifier_params*]
|
||||
# (optional) Query parameters for notifier URL
|
||||
# Defaults to {'driver' => 'amqp', 'topic' => 'ceilometer/metering.sample'}
|
||||
#
|
||||
# [*notifier_event_params*]
|
||||
# (optional) Query parameters for event notifier URL
|
||||
# Defaults to {'driver' => 'amqp', 'topic' => 'ceilometer/event.sample'}
|
||||
#
|
||||
# [*event_pipeline_publishers*]
|
||||
# (Optional) A list of event pipeline publishers
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*pipeline_publishers*]
|
||||
# (Optional) A list of pipeline publishers
|
||||
# Defaults to undef
|
||||
#
|
||||
class tripleo::profile::base::ceilometer::agent::notification (
|
||||
$step = Integer(lookup('step')),
|
||||
$notifier_enabled = false,
|
||||
$notifier_events_enabled = false,
|
||||
$notifier_host_addr = undef,
|
||||
$notifier_host_port = undef,
|
||||
$notifier_params = {'driver' => 'amqp', 'topic' => 'ceilometer/metering.sample'},
|
||||
$notifier_event_params = {'driver' => 'amqp', 'topic' => 'ceilometer/event.sample'},
|
||||
$pipeline_publishers = undef,
|
||||
$event_pipeline_publishers = undef,
|
||||
) {
|
||||
include tripleo::profile::base::ceilometer
|
||||
|
||||
if $step >= 4 {
|
||||
include ceilometer::agent::service_credentials
|
||||
|
||||
if $pipeline_publishers {
|
||||
$other_publishers = Array($pipeline_publishers, true)
|
||||
} else {
|
||||
$other_publishers = []
|
||||
}
|
||||
if $notifier_enabled {
|
||||
$real_pipeline_publishers = $other_publishers + [os_transport_url({
|
||||
'transport' => 'notifier',
|
||||
'host' => $notifier_host_addr,
|
||||
'port' => $notifier_host_port,
|
||||
'query' => $notifier_params,
|
||||
})]
|
||||
} else {
|
||||
$real_pipeline_publishers = $other_publishers
|
||||
}
|
||||
|
||||
if $event_pipeline_publishers {
|
||||
$other_event_publishers = Array($event_pipeline_publishers, true)
|
||||
} else {
|
||||
$other_event_publishers = []
|
||||
}
|
||||
if $notifier_events_enabled {
|
||||
$real_event_pipeline_publishers = $other_event_publishers + [os_transport_url({
|
||||
'transport' => 'notifier',
|
||||
'host' => $notifier_host_addr,
|
||||
'port' => $notifier_host_port,
|
||||
'query' => $notifier_event_params,
|
||||
})]
|
||||
} else {
|
||||
$real_event_pipeline_publishers = $other_event_publishers
|
||||
}
|
||||
|
||||
class { 'ceilometer::agent::notification':
|
||||
event_pipeline_publishers => $real_event_pipeline_publishers,
|
||||
pipeline_publishers => $real_pipeline_publishers,
|
||||
}
|
||||
}
|
||||
}
|
@ -1,78 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::ceilometer::agent::polling
|
||||
#
|
||||
# Ceilometer polling Agent profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*central_namespace*]
|
||||
# (Optional) Use central namespace for polling agent.
|
||||
# Defaults to lookup('central_namespace', undef, undef, false)
|
||||
#
|
||||
# [*compute_namespace*]
|
||||
# (Optional) Use compute namespace for polling agent.
|
||||
# Defaults to lookup('compute_namespace', undef, undef, false)
|
||||
#
|
||||
# [*enable_internal_tls*]
|
||||
# (Optional) Whether TLS in the internal network is enabled or not.
|
||||
# Defaults to lookup('enable_internal_tls', undef, undef, false)
|
||||
#
|
||||
# [*ipmi_namespace*]
|
||||
# (Optional) Use ipmi namespace for polling agent.
|
||||
# Defaults to lookup('ipmi_namespace', undef, undef, false)
|
||||
#
|
||||
# [*ceilometer_redis_password*]
|
||||
# (Optional) redis password to configure coordination url
|
||||
# Defaults to lookup('ceilometer_redis_password')
|
||||
#
|
||||
# [*redis_vip*]
|
||||
# (Optional) redis vip to configure coordination url
|
||||
# Defaults to lookup('redis_vip')
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
class tripleo::profile::base::ceilometer::agent::polling (
|
||||
$central_namespace = lookup('central_namespace', undef, undef, false),
|
||||
$compute_namespace = lookup('compute_namespace', undef, undef, false),
|
||||
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
|
||||
$ipmi_namespace = lookup('ipmi_namespace', undef, undef, false),
|
||||
$ceilometer_redis_password = lookup('ceilometer_redis_password'),
|
||||
$redis_vip = lookup('redis_vip'),
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
include tripleo::profile::base::ceilometer
|
||||
|
||||
if $enable_internal_tls {
|
||||
$tls_query_param = '?ssl=true'
|
||||
} else {
|
||||
$tls_query_param = ''
|
||||
}
|
||||
|
||||
if $step >= 4 {
|
||||
include ceilometer::agent::service_credentials
|
||||
class { 'ceilometer::coordination':
|
||||
backend_url => join(['redis://:', $ceilometer_redis_password, '@', normalize_ip_for_uri($redis_vip), ':6379/', $tls_query_param]),
|
||||
}
|
||||
class { 'ceilometer::agent::polling':
|
||||
central_namespace => $central_namespace,
|
||||
compute_namespace => $compute_namespace,
|
||||
ipmi_namespace => $ipmi_namespace,
|
||||
}
|
||||
}
|
||||
}
|
@ -1,142 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::cinder
|
||||
#
|
||||
# Cinder common profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*bootstrap_node*]
|
||||
# (Optional) The hostname of the node responsible for bootstrapping tasks
|
||||
# Defaults to lookup('cinder_api_short_bootstrap_node_name', undef, undef, undef)
|
||||
#
|
||||
# [*cinder_enable_db_purge*]
|
||||
# (Optional) Whether to enable db purging
|
||||
# Defaults to true
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step of the deployment
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
# [*oslomsg_rpc_proto*]
|
||||
# Protocol driver for the oslo messaging rpc service
|
||||
# Defaults to lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit')
|
||||
#
|
||||
# [*oslomsg_rpc_hosts*]
|
||||
# list of the oslo messaging rpc host fqdns
|
||||
# Defaults to any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef))
|
||||
#
|
||||
# [*oslomsg_rpc_port*]
|
||||
# IP port for oslo messaging rpc service
|
||||
# Defaults to lookup('oslo_messaging_rpc_port', undef, undef, '5672')
|
||||
#
|
||||
# [*oslomsg_rpc_username*]
|
||||
# Username for oslo messaging rpc service
|
||||
# Defaults to lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest')
|
||||
#
|
||||
# [*oslomsg_rpc_password*]
|
||||
# Password for oslo messaging rpc service
|
||||
# Defaults to lookup('oslo_messaging_rpc_password')
|
||||
#
|
||||
# [*oslomsg_rpc_use_ssl*]
|
||||
# Enable ssl oslo messaging services
|
||||
# Defaults to lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0')
|
||||
#
|
||||
# [*oslomsg_notify_proto*]
|
||||
# Protocol driver for the oslo messaging notify service
|
||||
# Defaults to lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit')
|
||||
#
|
||||
# [*oslomsg_notify_hosts*]
|
||||
# list of the oslo messaging notify host fqdns
|
||||
# Defaults to any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef))
|
||||
#
|
||||
# [*oslomsg_notify_port*]
|
||||
# IP port for oslo messaging notify service
|
||||
# Defaults to lookup('oslo_messaging_notify_port', undef, undef, '5672')
|
||||
#
|
||||
# [*oslomsg_notify_username*]
|
||||
# Username for oslo messaging notify service
|
||||
# Defaults to lookup('oslo_messaging_notify_user_name', undef, undef, 'guest')
|
||||
#
|
||||
# [*oslomsg_notify_password*]
|
||||
# Password for oslo messaging notify service
|
||||
# Defaults to lookup('oslo_messaging_notify_password')
|
||||
#
|
||||
# [*oslomsg_notify_use_ssl*]
|
||||
# Enable ssl oslo messaging services
|
||||
# Defaults to lookup('oslo_messaging_notify_use_ssl', undef, undef, '0')
|
||||
|
||||
class tripleo::profile::base::cinder (
|
||||
$bootstrap_node = lookup('cinder_api_short_bootstrap_node_name', undef, undef, undef),
|
||||
$cinder_enable_db_purge = true,
|
||||
$step = Integer(lookup('step')),
|
||||
$oslomsg_rpc_proto = lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'),
|
||||
$oslomsg_rpc_hosts = any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)),
|
||||
$oslomsg_rpc_password = lookup('oslo_messaging_rpc_password'),
|
||||
$oslomsg_rpc_port = lookup('oslo_messaging_rpc_port', undef, undef, '5672'),
|
||||
$oslomsg_rpc_username = lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest'),
|
||||
$oslomsg_rpc_use_ssl = lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0'),
|
||||
$oslomsg_notify_proto = lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit'),
|
||||
$oslomsg_notify_hosts = any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)),
|
||||
$oslomsg_notify_password = lookup('oslo_messaging_notify_password'),
|
||||
$oslomsg_notify_port = lookup('oslo_messaging_notify_port', undef, undef, '5672'),
|
||||
$oslomsg_notify_username = lookup('oslo_messaging_notify_user_name', undef, undef, 'guest'),
|
||||
$oslomsg_notify_use_ssl = lookup('oslo_messaging_notify_use_ssl', undef, undef, '0'),
|
||||
) {
|
||||
if $bootstrap_node and $::hostname == downcase($bootstrap_node) {
|
||||
$sync_db = true
|
||||
} else {
|
||||
$sync_db = false
|
||||
}
|
||||
|
||||
if $step >= 4 or ($step >= 3 and $sync_db) {
|
||||
$oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl)))
|
||||
$oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl)))
|
||||
class { 'cinder' :
|
||||
default_transport_url => os_transport_url({
|
||||
'transport' => $oslomsg_rpc_proto,
|
||||
'hosts' => $oslomsg_rpc_hosts,
|
||||
'port' => $oslomsg_rpc_port,
|
||||
'username' => $oslomsg_rpc_username,
|
||||
'password' => $oslomsg_rpc_password,
|
||||
'ssl' => $oslomsg_rpc_use_ssl_real,
|
||||
}),
|
||||
notification_transport_url => os_transport_url({
|
||||
'transport' => $oslomsg_notify_proto,
|
||||
'hosts' => $oslomsg_notify_hosts,
|
||||
'port' => $oslomsg_notify_port,
|
||||
'username' => $oslomsg_notify_username,
|
||||
'password' => $oslomsg_notify_password,
|
||||
'ssl' => $oslomsg_notify_use_ssl_real,
|
||||
}),
|
||||
}
|
||||
include cinder::config
|
||||
include cinder::db
|
||||
include cinder::glance
|
||||
include cinder::nova
|
||||
include cinder::logging
|
||||
include cinder::quota
|
||||
include cinder::keystone::service_user
|
||||
include cinder::key_manager
|
||||
include cinder::key_manager::barbican
|
||||
}
|
||||
|
||||
if $step >= 5 {
|
||||
if $cinder_enable_db_purge {
|
||||
include cinder::cron::db_purge
|
||||
}
|
||||
}
|
||||
|
||||
}
|
@ -1,97 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::cinder::api
|
||||
#
|
||||
# Cinder API profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*bootstrap_node*]
|
||||
# (Optional) The hostname of the node responsible for bootstrapping tasks
|
||||
# Defaults to lookup('cinder_api_short_bootstrap_node_name', undef, undef, undef)
|
||||
#
|
||||
# [*certificates_specs*]
|
||||
# (Optional) The specifications to give to certmonger for the certificate(s)
|
||||
# it will create.
|
||||
# Example with hiera:
|
||||
# apache_certificates_specs:
|
||||
# httpd-internal_api:
|
||||
# hostname: <overcloud controller fqdn>
|
||||
# service_certificate: <service certificate path>
|
||||
# service_key: <service key path>
|
||||
# principal: "haproxy/<overcloud controller fqdn>"
|
||||
# Defaults to lookup('apache_certificates_specs', undef, undef, {}).
|
||||
#
|
||||
# [*cinder_api_network*]
|
||||
# (Optional) The network name where the cinder API endpoint is listening on.
|
||||
# This is set by t-h-t.
|
||||
# Defaults to lookup('cinder_api_network', undef, undef, undef)
|
||||
#
|
||||
# [*enable_internal_tls*]
|
||||
# (Optional) Whether TLS in the internal network is enabled or not.
|
||||
# Defaults to lookup('enable_internal_tls', undef, undef, false)
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
# [*configure_apache*]
|
||||
# (Optional) Whether apache is configured via puppet or not.
|
||||
# Defaults to lookup('configure_apache', undef, undef, true)
|
||||
#
|
||||
class tripleo::profile::base::cinder::api (
|
||||
$bootstrap_node = lookup('cinder_api_short_bootstrap_node_name', undef, undef, undef),
|
||||
$certificates_specs = lookup('apache_certificates_specs', undef, undef, {}),
|
||||
$cinder_api_network = lookup('cinder_api_network', undef, undef, undef),
|
||||
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
|
||||
$step = Integer(lookup('step')),
|
||||
$configure_apache = lookup('configure_apache', undef, undef, true),
|
||||
) {
|
||||
|
||||
if $bootstrap_node and $::hostname == downcase($bootstrap_node) {
|
||||
$sync_db = true
|
||||
} else {
|
||||
$sync_db = false
|
||||
}
|
||||
|
||||
include tripleo::profile::base::cinder
|
||||
include tripleo::profile::base::cinder::authtoken
|
||||
|
||||
if $enable_internal_tls {
|
||||
if !$cinder_api_network {
|
||||
fail('cinder_api_network is not set in the hieradata.')
|
||||
}
|
||||
$tls_certfile = $certificates_specs["httpd-${cinder_api_network}"]['service_certificate']
|
||||
$tls_keyfile = $certificates_specs["httpd-${cinder_api_network}"]['service_key']
|
||||
} else {
|
||||
$tls_certfile = undef
|
||||
$tls_keyfile = undef
|
||||
}
|
||||
|
||||
if $step >= 4 or ($step >= 3 and $sync_db) {
|
||||
class { 'cinder::api':
|
||||
sync_db => $sync_db,
|
||||
}
|
||||
include cinder::healthcheck
|
||||
if $configure_apache {
|
||||
include tripleo::profile::base::apache
|
||||
class { 'cinder::wsgi::apache':
|
||||
ssl_cert => $tls_certfile,
|
||||
ssl_key => $tls_keyfile,
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
@ -1,84 +0,0 @@
|
||||
# Copyright 2019 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::cinder::authtoken
|
||||
#
|
||||
# Cinder authtoken profile for TripleO
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
# [*memcached_hosts*]
|
||||
# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache.
|
||||
# Defaults to lookup('memcached_node_names', undef, undef, [])
|
||||
#
|
||||
# [*memcached_port*]
|
||||
# (Optional) Memcached port to use.
|
||||
# Defaults to lookup('memcached_authtoken_port', undef, undef, 11211)
|
||||
#
|
||||
# [*memcached_ipv6*]
|
||||
# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network.
|
||||
# Defaults to lookup('memcached_ipv6', undef, undef, false)
|
||||
#
|
||||
# [*security_strategy*]
|
||||
# (Optional) Memcached (authtoken) security strategy.
|
||||
# Defaults to lookup('memcached_authtoken_security_strategy', undef, undef, undef)
|
||||
#
|
||||
# [*secret_key*]
|
||||
# (Optional) Memcached (authtoken) secret key, used with security_strategy.
|
||||
# The key is hashed with a salt, to isolate services.
|
||||
# Defaults to lookup('memcached_authtoken_secret_key', undef, undef, undef)
|
||||
#
|
||||
# DEPRECATED PARAMETERS
|
||||
#
|
||||
# [*memcached_ips*]
|
||||
# (Optional) Array of ipv4 or ipv6 addresses for memcache.
|
||||
# Defaults to undef
|
||||
#
|
||||
class tripleo::profile::base::cinder::authtoken (
|
||||
$step = Integer(lookup('step')),
|
||||
$memcached_hosts = lookup('memcached_node_names', undef, undef, []),
|
||||
$memcached_port = lookup('memcached_authtoken_port', undef, undef, 11211),
|
||||
$memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false),
|
||||
$security_strategy = lookup('memcached_authtoken_security_strategy', undef, undef, undef),
|
||||
$secret_key = lookup('memcached_authtoken_secret_key', undef, undef, undef),
|
||||
# DEPRECATED PARAMETERS
|
||||
$memcached_ips = undef
|
||||
) {
|
||||
$memcached_hosts_real = any2array(pick($memcached_ips, $memcached_hosts))
|
||||
|
||||
if $step >= 3 {
|
||||
if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 {
|
||||
$memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" }
|
||||
} else {
|
||||
$memcache_servers = suffix($memcached_hosts_real, ":${memcached_port}")
|
||||
}
|
||||
|
||||
if $secret_key {
|
||||
$hashed_secret_key = sha256("${secret_key}+cinder")
|
||||
} else {
|
||||
$hashed_secret_key = undef
|
||||
}
|
||||
|
||||
class { 'cinder::keystone::authtoken':
|
||||
memcached_servers => $memcache_servers,
|
||||
memcache_security_strategy => $security_strategy,
|
||||
memcache_secret_key => $hashed_secret_key,
|
||||
}
|
||||
}
|
||||
}
|
@ -1,36 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::cinder::backup
|
||||
#
|
||||
# Cinder Backup profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
class tripleo::profile::base::cinder::backup (
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
|
||||
include tripleo::profile::base::cinder
|
||||
|
||||
if $step >= 4 {
|
||||
include cinder::backup
|
||||
}
|
||||
|
||||
}
|
@ -1,36 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::cinder::backup::ceph
|
||||
#
|
||||
# Cinder Backup Ceph profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
class tripleo::profile::base::cinder::backup::ceph (
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
|
||||
include tripleo::profile::base::cinder::backup
|
||||
|
||||
if $step >= 4 {
|
||||
include cinder::backup::ceph
|
||||
}
|
||||
|
||||
}
|
@ -1,56 +0,0 @@
|
||||
# Copyright 2021 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::cinder::backup::gcs
|
||||
#
|
||||
# Cinder Backup Google Cloud Service (GCS) profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*credentials*]
|
||||
# (required) The GCS service account credentials, in JSON format.
|
||||
#
|
||||
# [*credential_file*]
|
||||
# (Optional) Absolute path of GCS service account credential file, to
|
||||
# be created with content from the credentials input.
|
||||
# Defaults to '/etc/cinder/gcs-backup.json'
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
class tripleo::profile::base::cinder::backup::gcs (
|
||||
$credentials,
|
||||
$credential_file = '/etc/cinder/gcs-backup.json',
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
|
||||
include tripleo::profile::base::cinder::backup
|
||||
|
||||
if $step >= 4 {
|
||||
file { "${credential_file}" :
|
||||
ensure => file,
|
||||
content => to_json_pretty($credentials),
|
||||
owner => 'root',
|
||||
group => 'cinder',
|
||||
mode => '0640',
|
||||
}
|
||||
|
||||
class { 'cinder::backup::google':
|
||||
backup_gcs_credential_file => $credential_file,
|
||||
}
|
||||
}
|
||||
|
||||
}
|
@ -1,36 +0,0 @@
|
||||
# Copyright 2018 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::cinder::backup::nfs
|
||||
#
|
||||
# Cinder Backup NFS profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
class tripleo::profile::base::cinder::backup::nfs (
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
|
||||
include tripleo::profile::base::cinder::backup
|
||||
|
||||
if $step >= 4 {
|
||||
include cinder::backup::nfs
|
||||
}
|
||||
|
||||
}
|
@ -1,36 +0,0 @@
|
||||
# Copyright 2021 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::cinder::backup::s3
|
||||
#
|
||||
# Cinder Backup S3 profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
class tripleo::profile::base::cinder::backup::s3 (
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
|
||||
include tripleo::profile::base::cinder::backup
|
||||
|
||||
if $step >= 4 {
|
||||
include cinder::backup::s3
|
||||
}
|
||||
|
||||
}
|
@ -1,36 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::cinder::backup::swift
|
||||
#
|
||||
# Cinder Backup Swift profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
class tripleo::profile::base::cinder::backup::swift (
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
|
||||
include tripleo::profile::base::cinder::backup
|
||||
|
||||
if $step >= 4 {
|
||||
include cinder::backup::swift
|
||||
}
|
||||
|
||||
}
|
@ -1,35 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::cinder::scheduler
|
||||
#
|
||||
# Cinder Scheduler profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
class tripleo::profile::base::cinder::scheduler (
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
include tripleo::profile::base::cinder
|
||||
|
||||
if $step >= 4 {
|
||||
include cinder::scheduler
|
||||
}
|
||||
|
||||
}
|
@ -1,346 +0,0 @@
|
||||
# Copyright 2022 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::cinder::volume
|
||||
#
|
||||
# Cinder Volume profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*cinder_enable_pure_backend*]
|
||||
# (Optional) Whether to enable the pure backend
|
||||
# Defaults to false
|
||||
#
|
||||
# [*cinder_enable_dellemc_sc_backend*]
|
||||
# (Optional) Whether to enable the sc backend
|
||||
# Defaults to false
|
||||
#
|
||||
# [*cinder_enable_dellemc_unity_backend*]
|
||||
# (Optional) Whether to enable the unity backend
|
||||
# Defaults to false
|
||||
#
|
||||
# [*cinder_enable_dellemc_powerflex_backend*]
|
||||
# (Optional) Whether to enable the powerflex backend
|
||||
# Defaults to false
|
||||
#
|
||||
# [*cinder_enable_dellemc_powermax_backend*]
|
||||
# (Optional) Whether to enable the powermax backend
|
||||
# Defaults to false
|
||||
#
|
||||
# [*cinder_enable_dellemc_powerstore_backend*]
|
||||
# (Optional) Whether to enable the powerstore backend
|
||||
# Defaults to false
|
||||
#
|
||||
# [*cinder_enable_dellemc_vnx_backend*]
|
||||
# (Optional) Whether to enable the vnx backend
|
||||
# Defaults to false
|
||||
#
|
||||
# [*cinder_enable_dellemc_xtremio_backend*]
|
||||
# (Optional) Whether to enable the xtremio backend
|
||||
# Defaults to false
|
||||
#
|
||||
# [*cinder_enable_ibm_svf_backend*]
|
||||
# (Optional) Whether to enable the ibm_svf backend
|
||||
# Defaults to false
|
||||
#
|
||||
# [*cinder_enable_iscsi_backend*]
|
||||
# (Optional) Whether to enable the iscsi backend
|
||||
# Defaults to true
|
||||
#
|
||||
# [*cinder_enable_netapp_backend*]
|
||||
# (Optional) Whether to enable the netapp backend
|
||||
# Defaults to false
|
||||
#
|
||||
# [*cinder_enable_nfs_backend*]
|
||||
# (Optional) Whether to enable the nfs backend
|
||||
# Defaults to false
|
||||
#
|
||||
# [*cinder_enable_rbd_backend*]
|
||||
# (Optional) Whether to enable the rbd backend
|
||||
# Defaults to false
|
||||
#
|
||||
#[*cinder_enable_nvmeof_backend*]
|
||||
# (Optional) Whether to enable the NVMeOF backend
|
||||
# Defaults to false
|
||||
#
|
||||
# [*cinder_user_enabled_backends*]
|
||||
# (Optional) List of additional backend stanzas to activate
|
||||
# Defaults to lookup('cinder_user_enabled_backends', undef, undef, undef)
|
||||
#
|
||||
# [*cinder_volume_cluster*]
|
||||
# (Optional) Name of the cluster when running in active-active mode
|
||||
# Defaults to ''
|
||||
#
|
||||
# [*enable_internal_tls*]
|
||||
# (Optional) Whether TLS in the internal network is enabled or not
|
||||
# Defaults to lookup('enable_internal_tls', undef, undef, false)
|
||||
#
|
||||
# [*etcd_certificate_specs*]
|
||||
# (optional) TLS certificate specs for the etcd service
|
||||
# Defaults to lookup('tripleo::profile::base::etcd::certificate_specs', undef, undef, {})
|
||||
#
|
||||
# [*etcd_enabled*]
|
||||
# (optional) Whether the etcd service is enabled or not
|
||||
# Defaults to lookup('etcd_enabled', undef, undef, false)
|
||||
#
|
||||
# [*etcd_host*]
|
||||
# (optional) IP address (VIP) of the etcd service
|
||||
# Defaults to lookup('etcd_vip', undef, undef, undef)
|
||||
#
|
||||
# [*etcd_port*]
|
||||
# (optional) Port used by the etcd service
|
||||
# Defaults to lookup('tripleo::profile::base::etcd::client_port', undef, undef, '2379')
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
# DEPRECATED PARAMETERS
|
||||
#
|
||||
# [*cinder_rbd_client_name*]
|
||||
# (Optional) Name of RBD client
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*cinder_rbd_ceph_conf_path*]
|
||||
# (Optional) The path where the Ceph Cluster config files are stored on the host
|
||||
# Defaults to undef
|
||||
#
|
||||
class tripleo::profile::base::cinder::volume (
|
||||
$cinder_enable_pure_backend = false,
|
||||
$cinder_enable_dellemc_sc_backend = false,
|
||||
$cinder_enable_dellemc_unity_backend = false,
|
||||
$cinder_enable_dellemc_powerflex_backend = false,
|
||||
$cinder_enable_dellemc_powermax_backend = false,
|
||||
$cinder_enable_dellemc_powerstore_backend = false,
|
||||
$cinder_enable_dellemc_vnx_backend = false,
|
||||
$cinder_enable_dellemc_xtremio_backend = false,
|
||||
$cinder_enable_ibm_svf_backend = false,
|
||||
$cinder_enable_iscsi_backend = true,
|
||||
$cinder_enable_netapp_backend = false,
|
||||
$cinder_enable_nfs_backend = false,
|
||||
$cinder_enable_rbd_backend = false,
|
||||
$cinder_enable_nvmeof_backend = false,
|
||||
$cinder_user_enabled_backends = lookup('cinder_user_enabled_backends', undef, undef, undef),
|
||||
$cinder_volume_cluster = '',
|
||||
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
|
||||
$etcd_certificate_specs = lookup('tripleo::profile::base::etcd::certificate_specs', undef, undef, {}),
|
||||
$etcd_enabled = lookup('etcd_enabled', undef, undef, false),
|
||||
$etcd_host = lookup('etcd_vip', undef, undef, undef),
|
||||
$etcd_port = lookup('tripleo::profile::base::etcd::client_port', undef, undef, '2379'),
|
||||
$step = Integer(lookup('step')),
|
||||
# DEPRECATED PARAMETERS
|
||||
$cinder_rbd_ceph_conf_path = undef,
|
||||
$cinder_rbd_client_name = undef,
|
||||
) {
|
||||
include tripleo::profile::base::cinder
|
||||
|
||||
if $step >= 4 {
|
||||
if $cinder_volume_cluster == '' {
|
||||
$cinder_volume_cluster_real = undef
|
||||
} else {
|
||||
$cinder_volume_cluster_real = $cinder_volume_cluster
|
||||
}
|
||||
|
||||
if $cinder_volume_cluster_real {
|
||||
unless $etcd_enabled {
|
||||
fail('Running cinder-volume in active-active mode with a cluster name requires the etcd service.')
|
||||
}
|
||||
if empty($etcd_host) {
|
||||
fail('etcd_vip not set in hieradata')
|
||||
}
|
||||
case $::operatingsystemmajrelease {
|
||||
# el8 uses etcd version 3.2, which supports v3alpha path
|
||||
'8' : { $api_version = 'v3alpha' }
|
||||
# el9 uses etcd version 3.4, which supports v3 path
|
||||
default : { $api_version = 'v3' }
|
||||
}
|
||||
$options_init = "?api_version=${api_version}"
|
||||
if $enable_internal_tls {
|
||||
$protocol = 'https'
|
||||
$tls_keyfile = $etcd_certificate_specs['service_key']
|
||||
$tls_certfile = $etcd_certificate_specs['service_certificate']
|
||||
$options_tls = sprintf('&cert_key=%s&cert_cert=%s', $tls_keyfile, $tls_certfile)
|
||||
$options = "${options_init}${options_tls}"
|
||||
} else {
|
||||
$protocol = 'http'
|
||||
$options = "${options_init}"
|
||||
}
|
||||
$backend_url = sprintf('etcd3+%s://%s:%s%s', $protocol, normalize_ip_for_uri($etcd_host), $etcd_port, $options)
|
||||
class { 'cinder::coordination' :
|
||||
backend_url => $backend_url,
|
||||
}
|
||||
}
|
||||
|
||||
class { 'cinder::volume' :
|
||||
cluster => $cinder_volume_cluster_real,
|
||||
}
|
||||
|
||||
if $cinder_enable_pure_backend {
|
||||
include tripleo::profile::base::cinder::volume::pure
|
||||
$cinder_pure_backend_name = lookup('cinder::backend::pure::volume_backend_name', undef, undef, 'tripleo_pure')
|
||||
} else {
|
||||
$cinder_pure_backend_name = undef
|
||||
}
|
||||
|
||||
if $cinder_enable_dellemc_sc_backend {
|
||||
include tripleo::profile::base::cinder::volume::dellemc_sc
|
||||
$cinder_dellemc_sc_backend_name = lookup('cinder::backend::dellemc_sc::volume_backend_name', undef, undef, 'tripleo_dellemc_sc')
|
||||
} else {
|
||||
$cinder_dellemc_sc_backend_name = undef
|
||||
}
|
||||
|
||||
if $cinder_enable_dellemc_unity_backend {
|
||||
include tripleo::profile::base::cinder::volume::dellemc_unity
|
||||
$cinder_dellemc_unity_backend_name = lookup('cinder::backend::dellemc_unity::volume_backend_name',
|
||||
undef, undef, 'tripleo_dellemc_unity')
|
||||
} else {
|
||||
$cinder_dellemc_unity_backend_name = undef
|
||||
}
|
||||
|
||||
if $cinder_enable_dellemc_powerflex_backend {
|
||||
include tripleo::profile::base::cinder::volume::dellemc_powerflex
|
||||
$cinder_dellemc_powerflex_backend_name = lookup('cinder::backend::dellemc_powerflex::volume_backend_name',
|
||||
undef, undef, 'tripleo_dellemc_powerflex')
|
||||
} else {
|
||||
$cinder_dellemc_powerflex_backend_name = undef
|
||||
}
|
||||
|
||||
if $cinder_enable_dellemc_powermax_backend {
|
||||
include tripleo::profile::base::cinder::volume::dellemc_powermax
|
||||
$cinder_dellemc_powermax_backend_name = lookup('cinder::backend::dellemc_powermax::volume_backend_name',
|
||||
undef, undef, 'tripleo_dellemc_powermax')
|
||||
} else {
|
||||
$cinder_dellemc_powermax_backend_name = undef
|
||||
}
|
||||
|
||||
if $cinder_enable_dellemc_powerstore_backend {
|
||||
include tripleo::profile::base::cinder::volume::dellemc_powerstore
|
||||
$cinder_dellemc_powerstore_backend_name = lookup('cinder::backend::dellemc_powerstore::volume_backend_name',
|
||||
undef, undef, 'tripleo_dellemc_powerstore')
|
||||
} else {
|
||||
$cinder_dellemc_powerstore_backend_name = undef
|
||||
}
|
||||
|
||||
if $cinder_enable_dellemc_vnx_backend {
|
||||
include tripleo::profile::base::cinder::volume::dellemc_vnx
|
||||
$cinder_dellemc_vnx_backend_name = lookup('cinder::backend::emc_vnx::volume_backend_name',
|
||||
undef, undef, 'tripleo_dellemc_vnx')
|
||||
} else {
|
||||
$cinder_dellemc_vnx_backend_name = undef
|
||||
}
|
||||
|
||||
if $cinder_enable_dellemc_xtremio_backend {
|
||||
include tripleo::profile::base::cinder::volume::dellemc_xtremio
|
||||
$cinder_dellemc_xtremio_backend_name = lookup('cinder::backend::dellemc_xtremio::volume_backend_name',
|
||||
undef, undef, 'tripleo_dellemc_xtremio')
|
||||
} else {
|
||||
$cinder_dellemc_xtremio_backend_name = undef
|
||||
}
|
||||
|
||||
if $cinder_enable_ibm_svf_backend {
|
||||
include tripleo::profile::base::cinder::volume::ibm_svf
|
||||
$cinder_ibm_svf_backend_name = lookup('cinder::backend::ibm_svf::volume_backend_name',
|
||||
undef, undef, 'tripleo_ibm_svf')
|
||||
} else {
|
||||
$cinder_ibm_svf_backend_name = undef
|
||||
}
|
||||
|
||||
if $cinder_enable_iscsi_backend {
|
||||
include tripleo::profile::base::cinder::volume::iscsi
|
||||
$cinder_iscsi_backend_name = lookup('cinder::backend::iscsi::volume_backend_name', undef, undef, 'tripleo_iscsi')
|
||||
} else {
|
||||
$cinder_iscsi_backend_name = undef
|
||||
}
|
||||
|
||||
if $cinder_enable_netapp_backend {
|
||||
include tripleo::profile::base::cinder::volume::netapp
|
||||
$cinder_netapp_backend_name = lookup('cinder::backend::netapp::volume_backend_name', undef, undef, 'tripleo_netapp')
|
||||
} else {
|
||||
$cinder_netapp_backend_name = undef
|
||||
}
|
||||
|
||||
if $cinder_enable_nfs_backend {
|
||||
include tripleo::profile::base::cinder::volume::nfs
|
||||
$cinder_nfs_backend_name = lookup('tripleo::profile::base::cinder::volume::nfs::backend_name',
|
||||
undef, undef, lookup('cinder::backend::nfs::volume_backend_name',
|
||||
undef, undef, 'tripleo_nfs'))
|
||||
} else {
|
||||
$cinder_nfs_backend_name = undef
|
||||
}
|
||||
|
||||
if $cinder_enable_rbd_backend {
|
||||
include tripleo::profile::base::cinder::volume::rbd
|
||||
$cinder_rbd_backend_name = lookup('tripleo::profile::base::cinder::volume::rbd::backend_name',
|
||||
undef, undef, ['tripleo_ceph'])
|
||||
|
||||
$extra_pools = lookup('tripleo::profile::base::cinder::volume::rbd::cinder_rbd_extra_pools', undef, undef, undef)
|
||||
if empty($extra_pools) {
|
||||
$extra_backend_names = []
|
||||
} else {
|
||||
# These $extra_pools are associated with the first backend
|
||||
$base_name = any2array($cinder_rbd_backend_name)[0]
|
||||
$extra_backend_names = any2array($extra_pools).map |$pool_name| { "${base_name}_${pool_name}" }
|
||||
}
|
||||
|
||||
# Each $multi_config backend can specify its own list of extra pools. The
|
||||
# backend names are the $multi_config hash keys.
|
||||
$multi_config = lookup('tripleo::profile::base::cinder::volume::rbd::multi_config', undef, undef, {})
|
||||
$extra_multiconfig_backend_names = $multi_config.map |$base_name, $backend_config| {
|
||||
$backend_extra_pools = $backend_config['CinderRbdExtraPools']
|
||||
any2array($backend_extra_pools).map |$pool_name| { "${base_name}_${pool_name}" }
|
||||
}
|
||||
|
||||
$cinder_rbd_extra_backend_names = flatten($extra_backend_names, $extra_multiconfig_backend_names)
|
||||
} else {
|
||||
$cinder_rbd_backend_name = undef
|
||||
$cinder_rbd_extra_backend_names = undef
|
||||
}
|
||||
|
||||
if $cinder_enable_nvmeof_backend {
|
||||
include tripleo::profile::base::cinder::volume::nvmeof
|
||||
$cinder_nvmeof_backend_name = lookup('cinder::backend::nvmeof::volume_backend_name', undef, undef, 'tripleo_nvmeof')
|
||||
} else {
|
||||
$cinder_nvmeof_backend_name = undef
|
||||
}
|
||||
|
||||
$backends = delete_undef_values(concat([], $cinder_iscsi_backend_name,
|
||||
$cinder_rbd_backend_name,
|
||||
$cinder_rbd_extra_backend_names,
|
||||
$cinder_pure_backend_name,
|
||||
$cinder_dellemc_sc_backend_name,
|
||||
$cinder_dellemc_unity_backend_name,
|
||||
$cinder_dellemc_powerflex_backend_name,
|
||||
$cinder_dellemc_powermax_backend_name,
|
||||
$cinder_dellemc_powerstore_backend_name,
|
||||
$cinder_dellemc_vnx_backend_name,
|
||||
$cinder_dellemc_xtremio_backend_name,
|
||||
$cinder_ibm_svf_backend_name,
|
||||
$cinder_netapp_backend_name,
|
||||
$cinder_nfs_backend_name,
|
||||
$cinder_user_enabled_backends,
|
||||
$cinder_nvmeof_backend_name))
|
||||
# NOTE(aschultz): during testing it was found that puppet 3 may incorrectly
|
||||
# include a "" in the previous array which is not removed by the
|
||||
# delete_undef_values function. So we need to make sure we don't have any
|
||||
# "" strings in our array.
|
||||
$cinder_enabled_backends = delete($backends, '')
|
||||
|
||||
class { 'cinder::backends' :
|
||||
enabled_backends => $cinder_enabled_backends,
|
||||
}
|
||||
include cinder::backend::defaults
|
||||
}
|
||||
|
||||
}
|
@ -1,65 +0,0 @@
|
||||
# Copyright (c) 2020 Dell Inc, or its subsidiaries.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::cinder::volume::dellemc_powerflex
|
||||
#
|
||||
# Cinder Volume dellemc_powerflex profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*backend_name*]
|
||||
# (Optional) Name given to the Cinder backend stanza
|
||||
# Defaults to lookup('cinder::backend::dellemc_powerflex::volume_backend_name', undef, undef, 'tripleo_dellemc_powerflex')
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
class tripleo::profile::base::cinder::volume::dellemc_powerflex (
|
||||
$backend_name = lookup('cinder::backend::dellemc_powerflex::volume_backend_name', undef, undef, 'tripleo_dellemc_powerflex'),
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
include tripleo::profile::base::cinder::volume
|
||||
|
||||
if $step >= 4 {
|
||||
create_resources('cinder::backend::dellemc_powerflex', { $backend_name => delete_undef_values({
|
||||
'backend_availability_zone' => lookup('cinder::backend::dellemc_powerflex::backend_availability_zone',
|
||||
undef, undef, undef),
|
||||
'san_login' => lookup('cinder::backend::dellemc_powerflex::san_login', undef, undef, undef),
|
||||
'san_password' => lookup('cinder::backend::dellemc_powerflex::san_password', undef, undef, undef),
|
||||
'san_ip' => lookup('cinder::backend::dellemc_powerflex::san_ip', undef, undef, undef),
|
||||
'powerflex_storage_pools' => lookup('cinder::backend::dellemc_powerflex::powerflex_storage_pools',
|
||||
undef, undef, undef),
|
||||
'powerflex_allow_migration_during_rebuild' => lookup('cinder::backend::dellemc_powerflex::powerflex_allow_migration_during_rebuild',
|
||||
undef, undef, undef),
|
||||
'powerflex_allow_non_padded_volumes' => lookup('cinder::backend::dellemc_powerflex::powerflex_allow_non_padded_volumes',
|
||||
undef, undef, undef),
|
||||
'powerflex_max_over_subscription_ratio' => lookup('cinder::backend::dellemc_powerflex::powerflex_max_over_subscription_ratio',
|
||||
undef, undef, undef),
|
||||
'powerflex_rest_server_port' => lookup('cinder::backend::dellemc_powerflex::powerflex_rest_server_port',
|
||||
undef, undef, undef),
|
||||
'powerflex_round_volume_capacity' => lookup('cinder::backend::dellemc_powerflex::powerflex_round_volume_capacity',
|
||||
undef, undef, undef),
|
||||
'powerflex_server_api_version' => lookup('cinder::backend::dellemc_powerflex::powerflex_server_api_version',
|
||||
undef, undef, undef),
|
||||
'powerflex_unmap_volume_before_deletion' => lookup('cinder::backend::dellemc_powerflex::powerflex_unmap_volume_before_deletion',
|
||||
undef, undef, undef),
|
||||
'san_thin_provision' => lookup('cinder::backend::dellemc_powerflex::san_thin_provision', undef, undef, undef),
|
||||
'driver_ssl_cert_verify' => lookup('cinder::backend::dellemc_powerflex::driver_ssl_cert_verify',
|
||||
undef, undef, undef),
|
||||
'driver_ssl_cert_path' => lookup('cinder::backend::dellemc_powerflex::driver_ssl_cert_path', undef, undef, undef)
|
||||
})})
|
||||
}
|
||||
}
|
@ -1,70 +0,0 @@
|
||||
# Copyright (c) 2020 Dell Inc, or its subsidiaries.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::cinder::volume::dellemc_powermax
|
||||
#
|
||||
# Cinder Volume dellemc_powermax profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*backend_name*]
|
||||
# (Optional) List of names given to the Cinder backend stanza.
|
||||
# Defaults to lookup('cinder::backend:dellemc_powermax::volume_backend_name', undef, undef,
|
||||
# ['tripleo_dellemc_powermax'])
|
||||
#
|
||||
# [*multi_config*]
|
||||
# (Optional) A config hash when multiple backends are used.
|
||||
# Defaults to lookup('cinder::backend::dellemc_powermax::volume_multi_config', undef, undef, {})
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
class tripleo::profile::base::cinder::volume::dellemc_powermax (
|
||||
$backend_name = lookup('cinder::backend::dellemc_powermax::volume_backend_name', undef, undef, ['tripleo_dellemc_powermax']),
|
||||
$multi_config = lookup('cinder::backend::dellemc_powermax::volume_multi_config', undef, undef, {}),
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
include tripleo::profile::base::cinder::volume
|
||||
|
||||
if $step >= 4 {
|
||||
$backend_defaults = {
|
||||
'CinderPowermaxAvailabilityZone' => lookup('cinder::backend::dellemc_powermax::backend_availability_zone', undef, undef, undef),
|
||||
'CinderPowermaxSanIp' => lookup('cinder::backend::dellemc_powermax::san_ip', undef, undef, undef),
|
||||
'CinderPowermaxSanLogin' => lookup('cinder::backend::dellemc_powermax::san_login', undef, undef, undef),
|
||||
'CinderPowermaxSanPassword' => lookup('cinder::backend::dellemc_powermax::san_password', undef, undef, undef),
|
||||
'CinderPowermaxStorageProtocol' => lookup('cinder::backend::dellemc_powermax::powermax_storage_protocol', undef, undef, undef),
|
||||
'CinderPowermaxArray' => lookup('cinder::backend::dellemc_powermax::powermax_array', undef, undef, undef),
|
||||
'CinderPowermaxSrp' => lookup('cinder::backend::dellemc_powermax::powermax_srp', undef, undef, undef),
|
||||
'CinderPowermaxPortGroups' => lookup('cinder::backend::dellemc_powermax::powermax_port_groups', undef, undef, undef),
|
||||
}
|
||||
|
||||
any2array($backend_name).each |String $backend| {
|
||||
$backend_config = merge($backend_defaults, pick($multi_config[$backend], {}))
|
||||
|
||||
create_resources('cinder::backend::dellemc_powermax', { $backend => delete_undef_values({
|
||||
'backend_availability_zone' => $backend_config['CinderPowermaxAvailabilityZone'],
|
||||
'san_ip' => $backend_config['CinderPowermaxSanIp'],
|
||||
'san_login' => $backend_config['CinderPowermaxSanLogin'],
|
||||
'san_password' => $backend_config['CinderPowermaxSanPassword'],
|
||||
'powermax_storage_protocol' => $backend_config['CinderPowermaxStorageProtocol'],
|
||||
'powermax_array' => $backend_config['CinderPowermaxArray'],
|
||||
'powermax_srp' => $backend_config['CinderPowermaxSrp'],
|
||||
'powermax_port_groups' => $backend_config['CinderPowermaxPortGroups'],
|
||||
})})
|
||||
}
|
||||
}
|
||||
|
||||
}
|
@ -1,66 +0,0 @@
|
||||
# Copyright (c) 2020 Dell Inc, or its subsidiaries.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::cinder::volume::dellemc_powerstore
|
||||
#
|
||||
# Cinder Volume dellemc_powerstore profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*backend_name*]
|
||||
# (Optional) List of names given to the Cinder backend stanza.
|
||||
# Defaults to lookup('cinder::backend:dellemc_powerstore::volume_backend_name', undef, undef,
|
||||
# ['tripleo_dellemc_powerstore'])
|
||||
#
|
||||
# [*multi_config*]
|
||||
# (Optional) A config hash when multiple backends are used.
|
||||
# Defaults to lookup('cinder::backend::dellemc_powerstore::volume_multi_config', undef, undef, {})
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
class tripleo::profile::base::cinder::volume::dellemc_powerstore (
|
||||
$backend_name = lookup('cinder::backend::dellemc_powerstore::volume_backend_name', undef, undef, ['tripleo_dellemc_powerstore']),
|
||||
$multi_config = lookup('cinder::backend::dellemc_powerstore::volume_multi_config', undef, undef, {}),
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
include tripleo::profile::base::cinder::volume
|
||||
|
||||
if $step >= 4 {
|
||||
$backend_defaults = {
|
||||
'CinderPowerStoreAvailabilityZone' => lookup('cinder::backend::dellemc_powerstore::backend_availability_zone', undef, undef, undef),
|
||||
'CinderPowerStoreSanIp' => lookup('cinder::backend::dellemc_powerstore::san_ip', undef, undef, undef),
|
||||
'CinderPowerStoreSanLogin' => lookup('cinder::backend::dellemc_powerstore::san_login', undef, undef, undef),
|
||||
'CinderPowerStoreSanPassword' => lookup('cinder::backend::dellemc_powerstore::san_password', undef, undef, undef),
|
||||
'CinderPowerStoreStorageProtocol' => lookup('cinder::backend::dellemc_powerstore::storage_protocol', undef, undef, undef),
|
||||
'CinderPowerStorePorts' => lookup('cinder::backend::dellemc_powerstore::powerstore_ports', undef, undef, undef),
|
||||
}
|
||||
|
||||
any2array($backend_name).each |String $backend| {
|
||||
$backend_config = merge($backend_defaults, pick($multi_config[$backend], {}))
|
||||
|
||||
create_resources('cinder::backend::dellemc_powerstore', { $backend => delete_undef_values({
|
||||
'backend_availability_zone' => $backend_config['CinderPowerStoreAvailabilityZone'],
|
||||
'san_ip' => $backend_config['CinderPowerStoreSanIp'],
|
||||
'san_login' => $backend_config['CinderPowerStoreSanLogin'],
|
||||
'san_password' => $backend_config['CinderPowerStoreSanPassword'],
|
||||
'storage_protocol' => $backend_config['CinderPowerStoreStorageProtocol'],
|
||||
'powerstore_ports' => $backend_config['CinderPowerStorePorts'],
|
||||
})})
|
||||
}
|
||||
}
|
||||
|
||||
}
|
@ -1,87 +0,0 @@
|
||||
# Copyright (c) 2020 Dell Inc, or its subsidiaries.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::cinder::volume::dellemc_sc
|
||||
#
|
||||
# Cinder Volume dellemc_sc profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*backend_name*]
|
||||
# (Optional) Name given to the Cinder backend stanza
|
||||
# Defaults to lookup('cinder::backend::dellemc_sc::volume_backend_name', undef, undef, ['tripleo_dellemc_sc'])
|
||||
#
|
||||
# [*multi_config*]
|
||||
# (Optional) A config hash when multiple backends are used.
|
||||
# Defaults to lookup('cinder::backend::dellemc_sc::volume_multi_config', undef, undef, {})
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
class tripleo::profile::base::cinder::volume::dellemc_sc (
|
||||
$backend_name = lookup('cinder::backend::dellemc_sc::volume_backend_name', undef, undef, ['tripleo_dellemc_sc']),
|
||||
$multi_config = lookup('cinder::backend::dellemc_sc::volume_multi_config', undef, undef, {}),
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
include tripleo::profile::base::cinder::volume
|
||||
|
||||
if $step >= 4 {
|
||||
|
||||
$backend_defaults = {
|
||||
'CinderSCAvailabilityZone' => lookup('cinder::backend::dellemc_sc::backend_availability_zone', undef, undef, undef),
|
||||
'CinderSCSanIp' => lookup('cinder::backend::dellemc_sc::san_ip', undef, undef, undef),
|
||||
'CinderSCSanLogin' => lookup('cinder::backend::dellemc_sc::san_login', undef, undef, undef),
|
||||
'CinderSCSanPassword' => lookup('cinder::backend::dellemc_sc::san_password', undef, undef, undef),
|
||||
'CinderSCStorageProtocol' => lookup('cinder::backend::dellemc_sc::sc_storage_protocol', undef, undef, undef),
|
||||
'CinderSCSSN' => lookup('cinder::backend::dellemc_sc::dell_sc_ssn', undef, undef, undef),
|
||||
'CinderSCTargetIpAddress' => lookup('cinder::backend::dellemc_sc::iscsi_ip_address', undef, undef, undef),
|
||||
'CinderSCTargetPort' => lookup('cinder::backend::dellemc_sc::iscsi_port', undef, undef, undef),
|
||||
'CinderSCApiPort' => lookup('cinder::backend::dellemc_sc::dell_sc_api_port', undef, undef, undef),
|
||||
'CinderSCServerFolder' => lookup('cinder::backend::dellemc_sc::dell_sc_server_folder', undef, undef, undef),
|
||||
'CinderSCVolumeFolder' => lookup('cinder::backend::dellemc_sc::dell_sc_volume_folder', undef, undef, undef),
|
||||
'CinderSCExcludedDomainIps' => lookup('cinder::backend::dellemc_sc::excluded_domain_ips', undef, undef, undef),
|
||||
'CinderSCSecondarySanIp' => lookup('cinder::backend::dellemc_sc::secondary_san_ip', undef, undef, undef),
|
||||
'CinderSCSecondarySanLogin' => lookup('cinder::backend::dellemc_sc::secondary_san_login', undef, undef, undef),
|
||||
'CinderSCSecondarySanPassword' => lookup('cinder::backend::dellemc_sc::secondary_san_password', undef, undef, undef),
|
||||
'CinderSCSecondaryApiPort' => lookup('cinder::backend::dellemc_sc::secondary_sc_api_port', undef, undef, undef),
|
||||
'CinderSCUseMultipathForImageXfer' => lookup('cinder::backend::dellemc_sc::use_multipath_for_image_xfer', undef, undef, undef),
|
||||
}
|
||||
|
||||
any2array($backend_name).each |String $backend| {
|
||||
$backend_config = merge($backend_defaults, pick($multi_config[$backend], {}))
|
||||
|
||||
create_resources('cinder::backend::dellemc_sc', { $backend => delete_undef_values({
|
||||
'backend_availability_zone' => $backend_config['CinderSCAvailabilityZone'],
|
||||
'san_ip' => $backend_config['CinderSCSanIp'],
|
||||
'san_login' => $backend_config['CinderSCSanLogin'],
|
||||
'san_password' => $backend_config['CinderSCSanPassword'],
|
||||
'sc_storage_protocol' => $backend_config['CinderSCStorageProtocol'],
|
||||
'dell_sc_ssn' => $backend_config['CinderSCSSN'],
|
||||
'target_ip_address' => $backend_config['CinderSCTargetIpAddress'],
|
||||
'target_port' => $backend_config['CinderSCTargetPort'],
|
||||
'dell_sc_api_port' => $backend_config['CinderSCApiPort'],
|
||||
'dell_sc_server_folder' => $backend_config['CinderSCServerFolder'],
|
||||
'dell_sc_volume_folder' => $backend_config['CinderSCVolumeFolder'],
|
||||
'excluded_domain_ips' => $backend_config['CinderSCExcludedDomainIps'],
|
||||
'secondary_san_ip' => $backend_config['CinderSCSecondarySanIp'],
|
||||
'secondary_san_login' => $backend_config['CinderSCSecondarySanLogin'],
|
||||
'secondary_san_password' => $backend_config['CinderSCSecondarySanPassword'],
|
||||
'secondary_sc_api_port' => $backend_config['CinderSCSecondaryApiPort'],
|
||||
'use_multipath_for_image_xfer' => $backend_config['CinderSCUseMultipathForImageXfer'],
|
||||
})})
|
||||
}
|
||||
}
|
||||
}
|
@ -1,66 +0,0 @@
|
||||
# Copyright (c) 2016-2017 Dell Inc, or its subsidiaries.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::cinder::volume::dellemc_unity
|
||||
#
|
||||
# Cinder Volume dellemc_unity profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*backend_name*]
|
||||
# (Optional) List of names given to the Cinder backend stanza.
|
||||
# Defaults to lookup('cinder::backend::dellemc_unity::volume_backend_name', undef, undef, ['tripleo_dellemc_unity'])
|
||||
#
|
||||
# [*multi_config*]
|
||||
# (Optional) A config hash when multiple backends are used.
|
||||
# Defaults to lookup('cinder::backend::dellemc_unity::volume_multi_config', undef, undef, {})
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
class tripleo::profile::base::cinder::volume::dellemc_unity (
|
||||
$backend_name = lookup('cinder::backend::dellemc_unity::volume_backend_name', undef, undef, ['tripleo_dellemc_unity']),
|
||||
$multi_config = lookup('cinder::backend::dellemc_unity::volume_multi_config', undef, undef, {}),
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
include tripleo::profile::base::cinder::volume
|
||||
|
||||
if $step >= 4 {
|
||||
$backend_defaults = {
|
||||
'CinderDellEMCUnityAvailabilityZone' => lookup('cinder::backend::dellemc_unity::backend_availability_zone', undef, undef, undef),
|
||||
'CinderDellEMCUnitySanIp' => lookup('cinder::backend::dellemc_unity::san_ip', undef, undef, undef),
|
||||
'CinderDellEMCUnitySanLogin' => lookup('cinder::backend::dellemc_unity::san_login', undef, undef, undef),
|
||||
'CinderDellEMCUnitySanPassword' => lookup('cinder::backend::dellemc_unity::san_password', undef, undef, undef),
|
||||
'CinderDellEMCUnityStorageProtocol' => lookup('cinder::backend::dellemc_unity::storage_protocol', undef, undef, undef),
|
||||
'CinderDellEMCUnityIoPorts' => lookup('cinder::backend::dellemc_unity::unity_io_ports', undef, undef, undef),
|
||||
'CinderDellEMCUnityStoragePoolNames' => lookup('cinder::backend::dellemc_unity::unity_storage_pool_names', undef, undef, undef),
|
||||
}
|
||||
any2array($backend_name).each |String $backend| {
|
||||
$backend_config = merge($backend_defaults, pick($multi_config[$backend], {}))
|
||||
|
||||
create_resources('cinder::backend::dellemc_unity', { $backend => delete_undef_values({
|
||||
'backend_availability_zone' => $backend_config['CinderDellEMCUnityAvailabilityZone'],
|
||||
'san_ip' => $backend_config['CinderDellEMCUnitySanIp'],
|
||||
'san_login' => $backend_config['CinderDellEMCUnitySanLogin'],
|
||||
'san_password' => $backend_config['CinderDellEMCUnitySanPassword'],
|
||||
'storage_protocol' => $backend_config['CinderDellEMCUnityStorageProtocol'],
|
||||
'unity_io_ports' => $backend_config['CinderDellEMCUnityIoPorts'],
|
||||
'unity_storage_pool_names' => $backend_config['CinderDellEMCUnityStoragePoolNames'],
|
||||
})})
|
||||
}
|
||||
}
|
||||
|
||||
}
|
@ -1,76 +0,0 @@
|
||||
# Copyright (c) 2016-2018 Dell Inc, or its subsidiaries.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::cinder::volume::dellemc_vnx
|
||||
#
|
||||
# Cinder Volume dellemc_vnx profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*backend_name*]
|
||||
# (Optional) List of names given to the Cinder backend stanza
|
||||
# Defaults to lookup('cinder::backend::emc_vnx::volume_backend_name', undef, undef, ['tripleo_dellemc_vnx'])
|
||||
#
|
||||
# [*multi_config*]
|
||||
# (Optional) A config hash when multiple backends are used.
|
||||
# Defaults to lookup('cinder::backend::emc_vnx::volume_multi_config', undef, undef, {})
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
class tripleo::profile::base::cinder::volume::dellemc_vnx (
|
||||
$backend_name = lookup('cinder::backend::emc_vnx::volume_backend_name', undef, undef, ['tripleo_dellemc_vnx']),
|
||||
$multi_config = lookup('cinder::backend::emc_vnx::volume_multi_config', undef, undef, {}),
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
include tripleo::profile::base::cinder::volume
|
||||
|
||||
if $step >= 4 {
|
||||
$backend_defaults = {
|
||||
'CinderDellEMCVNXAvailabilityZone' => lookup('cinder::backend::emc_vnx::backend_availability_zone', undef, undef, undef),
|
||||
'CinderDellEMCVNXSanIp' => lookup('cinder::backend::emc_vnx::san_ip', undef, undef, undef),
|
||||
'CinderDellEMCVNXSanLogin' => lookup('cinder::backend::emc_vnx::san_login', undef, undef, undef),
|
||||
'CinderDellEMCVNXSanPassword' => lookup('cinder::backend::emc_vnx::san_password', undef, undef, undef),
|
||||
'CinderDellEMCVNXStorageProtocol' => lookup('cinder::backend::emc_vnx::storage_protocol', undef, undef, undef),
|
||||
'CinderDellEMCVNXStoragePoolNames' => lookup('cinder::backend::emc_vnx::storage_vnx_pool_names', undef, undef, undef),
|
||||
'CinderDellEMCVNXDefaultTimeout' => lookup('cinder::backend::emc_vnx::default_timeout', undef, undef, undef),
|
||||
'CinderDellEMCVNXMaxLunsPerStorageGroup' => lookup('cinder::backend::emc_vnx::max_luns_per_storage_group', undef, undef, undef),
|
||||
'CinderDellEMCVNXInitiatorAutoRegistration' => lookup('cinder::backend::emc_vnx::initiator_auto_registration', undef, undef, undef),
|
||||
'CinderDellEMCVNXAuthType' => lookup('cinder::backend::emc_vnx::storage_vnx_auth_type', undef, undef, undef),
|
||||
'CinderDellEMCVNXStorageSecurityFileDir' => lookup('cinder::backend::emc_vnx::storage_vnx_security_file_dir', undef, undef, undef),
|
||||
'CinderDellEMCVNXNaviseccliPath' => lookup('cinder::backend::emc_vnx::naviseccli_path', undef, undef, undef),
|
||||
}
|
||||
any2array($backend_name).each |String $backend| {
|
||||
$backend_config = merge($backend_defaults, pick($multi_config[$backend], {}))
|
||||
|
||||
create_resources('cinder::backend::emc_vnx', { $backend => delete_undef_values({
|
||||
'backend_availability_zone' => $backend_config['CinderDellEMCVNXAvailabilityZone'],
|
||||
'san_ip' => $backend_config['CinderDellEMCVNXSanIp'],
|
||||
'san_login' => $backend_config['CinderDellEMCVNXSanLogin'],
|
||||
'san_password' => $backend_config['CinderDellEMCVNXSanPassword'],
|
||||
'storage_protocol' => $backend_config['CinderDellEMCVNXStorageProtocol'],
|
||||
'storage_vnx_pool_names' => $backend_config['CinderDellEMCVNXStoragePoolNames'],
|
||||
'default_timeout' => $backend_config['CinderDellEMCVNXDefaultTimeout'],
|
||||
'max_luns_per_storage_group' => $backend_config['CinderDellEMCVNXMaxLunsPerStorageGroup'],
|
||||
'initiator_auto_registration' => $backend_config['CinderDellEMCVNXInitiatorAutoRegistration'],
|
||||
'storage_vnx_auth_type' => $backend_config['CinderDellEMCVNXAuthType'],
|
||||
'storage_vnx_security_file_dir' => $backend_config['CinderDellEMCVNXStorageSecurityFileDir'],
|
||||
'naviseccli_path' => $backend_config['CinderDellEMCVNXNaviseccliPath'],
|
||||
})})
|
||||
}
|
||||
}
|
||||
|
||||
}
|
@ -1,76 +0,0 @@
|
||||
# Copyright (c) 2020 Dell Inc, or its subsidiaries.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::cinder::volume::dellemc_xtremio
|
||||
#
|
||||
# Cinder Volume dellemc_xtremio profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*backend_name*]
|
||||
# (Optional) Name given to the Cinder backend stanza
|
||||
# Defaults to lookup('cinder::backend::dellemc_xtremio::volume_backend_name', undef, undef, ['tripleo_dellemc_xtremio'])
|
||||
#
|
||||
# [*multi_config*]
|
||||
# (Optional) A config hash when multiple backends are used.
|
||||
# Defaults to lookup('cinder::backend::dellemc_xtremio::volume_multi_config', undef, undef, {})
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
class tripleo::profile::base::cinder::volume::dellemc_xtremio (
|
||||
$backend_name = lookup('cinder::backend::dellemc_xtremio::volume_backend_name', undef, undef, ['tripleo_dellemc_xtremio']),
|
||||
$multi_config = lookup('cinder::backend::dellemc_xtremio::volume_multi_config', undef, undef, {}),
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
include tripleo::profile::base::cinder::volume
|
||||
|
||||
if $step >= 4 {
|
||||
|
||||
$backend_defaults = {
|
||||
'CinderXtremioAvailabilityZone' => lookup('cinder::backend::dellemc_xtremio::backend_availability_zone', undef, undef, undef),
|
||||
'CinderXtremioSanIp' => lookup('cinder::backend::dellemc_xtremio::san_ip', undef, undef, undef),
|
||||
'CinderXtremioSanLogin' => lookup('cinder::backend::dellemc_xtremio::san_login', undef, undef, undef),
|
||||
'CinderXtremioSanPassword' => lookup('cinder::backend::dellemc_xtremio::san_password', undef, undef, undef),
|
||||
'CinderXtremioStorageProtocol' => lookup('cinder::backend::dellemc_xtremio::xtremio_storage_protocol', undef, undef, undef),
|
||||
'CinderXtremioClusterName' => lookup('cinder::backend::dellemc_xtremio::xtremio_cluster_name', undef, undef, undef),
|
||||
'CinderXtremioArrayBusyRetryCount' => lookup('cinder::backend::dellemc_xtremio::xtremio_array_busy_retry_count',
|
||||
undef, undef, undef),
|
||||
'CinderXtremioArrayBusyRetryInterval'=> lookup('cinder::backend::dellemc_xtremio::xtremio_array_busy_retry_interval',
|
||||
undef, undef, undef),
|
||||
'CinderXtremioVolumesPerGlanceCache' => lookup('cinder::backend::dellemc_xtremio::xtremio_volumes_per_glance_cache',
|
||||
undef, undef, undef),
|
||||
'CinderXtremioPorts' => lookup('cinder::backend::dellemc_xtremio::xtremio_ports', undef, undef, undef),
|
||||
}
|
||||
|
||||
any2array($backend_name).each |String $backend| {
|
||||
$backend_config = merge($backend_defaults, pick($multi_config[$backend], {}))
|
||||
|
||||
create_resources('cinder::backend::dellemc_xtremio', { $backend => delete_undef_values({
|
||||
'backend_availability_zone' => $backend_config['CinderXtremioAvailabilityZone'],
|
||||
'san_ip' => $backend_config['CinderXtremioSanIp'],
|
||||
'san_login' => $backend_config['CinderXtremioSanLogin'],
|
||||
'san_password' => $backend_config['CinderXtremioSanPassword'],
|
||||
'xtremio_storage_protocol' => $backend_config['CinderXtremioStorageProtocol'],
|
||||
'xtremio_cluster_name' => $backend_config['CinderXtremioClusterName'],
|
||||
'xtremio_array_busy_retry_count' => $backend_config['CinderXtremioArrayBusyRetryCount'],
|
||||
'xtremio_array_busy_retry_interval' => $backend_config['CinderXtremioArrayBusyRetryInterval'],
|
||||
'xtremio_volumes_per_glance_cache' => $backend_config['CinderXtremioVolumesPerGlanceCache'],
|
||||
'xtremio_ports' => $backend_config['CinderXtremioPorts'],
|
||||
})})
|
||||
}
|
||||
}
|
||||
}
|
@ -1,60 +0,0 @@
|
||||
#
|
||||
# == Class: tripleo::profile::base::cinder::volume::ibm_svf
|
||||
#
|
||||
# Cinder Volume IBM Spectrum Virtualize family (Svf) profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*backend_name*]
|
||||
# (Optional) List of names given to the Cinder backend stanza.
|
||||
# Defaults to lookup('cinder::backend:ibm_svf::volume_backend_name', undef, undef,
|
||||
# ['tripleo_ibm_svf'])
|
||||
#
|
||||
# [*multi_config*]
|
||||
# (Optional) A config hash when multiple backends are used.
|
||||
# Defaults to lookup('cinder::backend::ibm_svf::volume_multi_config', undef, undef, {})
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
class tripleo::profile::base::cinder::volume::ibm_svf (
|
||||
$backend_name = lookup('cinder::backend::ibm_svf::volume_backend_name', undef, undef, ['tripleo_ibm_svf']),
|
||||
$multi_config = lookup('cinder::backend::ibm_svf::volume_multi_config', undef, undef, {}),
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
include tripleo::profile::base::cinder::volume
|
||||
# NOTE: Svf was earlier called as storwize/svc driver, so the cinder
|
||||
# configuration parameters were named accordingly.
|
||||
if $step >= 4 {
|
||||
$backend_defaults = {
|
||||
'CinderSvfAvailabilityZone' => lookup('cinder::backend::ibm_svf::backend_availability_zone', undef, undef, undef),
|
||||
'CinderSvfSanIp' => lookup('cinder::backend::ibm_svf::san_ip', undef, undef, undef),
|
||||
'CinderSvfSanLogin' => lookup('cinder::backend::ibm_svf::san_login', undef, undef, undef),
|
||||
'CinderSvfSanPassword' => lookup('cinder::backend::ibm_svf::san_password', undef, undef, undef),
|
||||
'CinderSvfAllowTenantQos' => lookup('cinder::backend::ibm_svf::storwize_svc_allow_tenant_qos', undef, undef, undef),
|
||||
'CinderSvfConnectionProtocol' => lookup('cinder::backend::ibm_svf::storwize_svc_connection_protocol', undef, undef, undef),
|
||||
'CinderSvfIscsiChapEnabled' => lookup('cinder::backend::ibm_svf::storwize_svc_iscsi_chap_enabled', undef, undef, undef),
|
||||
'CinderSvfRetainAuxVolume' => lookup('cinder::backend::ibm_svf::storwize_svc_retain_aux_volume', undef, undef, undef),
|
||||
'CinderSvfVolumePoolName' => lookup('cinder::backend::ibm_svf::storwize_svc_volpool_name', undef, undef, undef),
|
||||
}
|
||||
|
||||
any2array($backend_name).each |String $backend| {
|
||||
$backend_config = merge($backend_defaults, pick($multi_config[$backend], {}))
|
||||
|
||||
create_resources('cinder::backend::ibm_svf', { $backend => delete_undef_values({
|
||||
'backend_availability_zone' => $backend_config['CinderSvfAvailabilityZone'],
|
||||
'san_ip' => $backend_config['CinderSvfSanIp'],
|
||||
'san_login' => $backend_config['CinderSvfSanLogin'],
|
||||
'san_password' => $backend_config['CinderSvfSanPassword'],
|
||||
'storwize_svc_allow_tenant_qos' => $backend_config['CinderSvfAllowTenantQos'],
|
||||
'storwize_svc_connection_protocol' => $backend_config['CinderSvfConnectionProtocol'],
|
||||
'storwize_svc_iscsi_chap_enabled' => $backend_config['CinderSvfIscsiChapEnabled'],
|
||||
'storwize_svc_retain_aux_volume' => $backend_config['CinderSvfRetainAuxVolume'],
|
||||
'storwize_svc_volpool_name' => $backend_config['CinderSvfVolumePoolName'],
|
||||
})})
|
||||
}
|
||||
}
|
||||
|
||||
}
|
@ -1,67 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::cinder::volume::iscsi
|
||||
#
|
||||
# Cinder Volume iscsi profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*cinder_iscsi_address*]
|
||||
# The address where to bind the iscsi targets daemon
|
||||
#
|
||||
# [*backend_name*]
|
||||
# (Optional) Name given to the Cinder backend stanza
|
||||
# Defaults to lookup('cinder::backend::iscsi::volume_backend_name', undef, undef, 'tripleo_iscsi')
|
||||
#
|
||||
# [*backend_availability_zone*]
|
||||
# (Optional) Availability zone for this volume backend
|
||||
# Defaults to lookup('cinder::backend::iscsi::backend_availability_zone', undef, undef, undef)
|
||||
#
|
||||
# [*cinder_iscsi_helper*]
|
||||
# (Optional) The iscsi helper to use
|
||||
# Defaults to 'tgtadm'
|
||||
#
|
||||
# [*cinder_iscsi_protocol*]
|
||||
# (Optional) The iscsi protocol to use
|
||||
# Defaults to 'iscsi'
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
class tripleo::profile::base::cinder::volume::iscsi (
|
||||
$cinder_iscsi_address,
|
||||
$backend_name = lookup('cinder::backend::iscsi::volume_backend_name', undef, undef, 'tripleo_iscsi'),
|
||||
$backend_availability_zone = lookup('cinder::backend::iscsi::backend_availability_zone', undef, undef, undef),
|
||||
$cinder_iscsi_helper = 'tgtadm',
|
||||
$cinder_iscsi_protocol = 'iscsi',
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
include tripleo::profile::base::cinder::volume
|
||||
|
||||
if $step >= 4 {
|
||||
# NOTE(gfidente): never emit in hieradata:
|
||||
# key: [ipv6]
|
||||
# as it will cause hiera parsing errors
|
||||
create_resources('cinder::backend::iscsi', { $backend_name => delete_undef_values({
|
||||
'backend_availability_zone' => $backend_availability_zone,
|
||||
'target_ip_address' => normalize_ip_for_uri($cinder_iscsi_address),
|
||||
'target_helper' => $cinder_iscsi_helper,
|
||||
'target_protocol' => $cinder_iscsi_protocol,
|
||||
})})
|
||||
}
|
||||
|
||||
}
|
@ -1,89 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::cinder::volume::netapp
|
||||
#
|
||||
# Cinder Volume netapp profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*backend_name*]
|
||||
# (Optional) List of names given to the Cinder backend stanza.
|
||||
# Defaults to lookup('cinder::backend::netapp::volume_backend_name', undef, undef, ['tripleo_netapp'])
|
||||
#
|
||||
# [*multi_config*]
|
||||
# (Optional) A config hash when multiple backends are used.
|
||||
# Defaults to lookup('cinder::backend::netapp::volume_multi_config', undef, undef, {})
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
class tripleo::profile::base::cinder::volume::netapp (
|
||||
$backend_name = lookup('cinder::backend::netapp::volume_backend_name', undef, undef, ['tripleo_netapp']),
|
||||
$multi_config = lookup('cinder::backend::netapp::volume_multi_config', undef, undef, {}),
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
include tripleo::profile::base::cinder::volume
|
||||
|
||||
if $step >= 4 {
|
||||
$backend_defaults = {
|
||||
'CinderNetappAvailabilityZone' => lookup('cinder::backend::netapp::backend_availability_zone', undef, undef, undef),
|
||||
'CinderNetappLogin' => lookup('cinder::backend::netapp::netapp_login', undef, undef, undef),
|
||||
'CinderNetappPassword' => lookup('cinder::backend::netapp::netapp_password', undef, undef, undef),
|
||||
'CinderNetappServerHostname' => lookup('cinder::backend::netapp::netapp_server_hostname', undef, undef, undef),
|
||||
'CinderNetappServerPort' => lookup('cinder::backend::netapp::netapp_server_port', undef, undef, undef),
|
||||
'CinderNetappSizeMultiplier' => lookup('cinder::backend::netapp::netapp_size_multiplier', undef, undef, undef),
|
||||
'CinderNetappStorageFamily' => lookup('cinder::backend::netapp::netapp_storage_family', undef, undef, undef),
|
||||
'CinderNetappStorageProtocol' => lookup('cinder::backend::netapp::netapp_storage_protocol', undef, undef, undef),
|
||||
'CinderNetappTransportType' => lookup('cinder::backend::netapp::netapp_transport_type', undef, undef, undef),
|
||||
'CinderNetappVserver' => lookup('cinder::backend::netapp::netapp_vserver', undef, undef, undef),
|
||||
'CinderNetappNfsShares' => lookup('cinder::backend::netapp::nfs_shares', undef, undef, undef),
|
||||
'CinderNetappNfsSharesConfig' => lookup('cinder::backend::netapp::nfs_shares_config', undef, undef, undef),
|
||||
'CinderNetappNfsMountOptions' => lookup('cinder::backend::netapp::nfs_mount_options', undef, undef, undef),
|
||||
'CinderNetappCopyOffloadToolPath' => lookup('cinder::backend::netapp::netapp_copyoffload_tool_path', undef, undef, undef),
|
||||
'CinderNetappHostType' => lookup('cinder::backend::netapp::netapp_host_type', undef, undef, undef),
|
||||
'CinderNetappNasSecureFileOperations' => lookup('cinder::backend::netapp::nas_secure_file_operations', undef, undef, undef),
|
||||
'CinderNetappNasSecureFilePermissions' => lookup('cinder::backend::netapp::nas_secure_file_permissions', undef, undef, undef),
|
||||
'CinderNetappPoolNameSearchPattern' => lookup('cinder::backend::netapp::netapp_pool_name_search_pattern', undef, undef, undef),
|
||||
}
|
||||
|
||||
any2array($backend_name).each |String $backend| {
|
||||
$backend_config = merge($backend_defaults, pick($multi_config[$backend], {}))
|
||||
|
||||
create_resources('cinder::backend::netapp', { $backend => delete_undef_values({
|
||||
'backend_availability_zone' => $backend_config['CinderNetappAvailabilityZone'],
|
||||
'netapp_login' => $backend_config['CinderNetappLogin'],
|
||||
'netapp_password' => $backend_config['CinderNetappPassword'],
|
||||
'netapp_server_hostname' => $backend_config['CinderNetappServerHostname'],
|
||||
'netapp_server_port' => $backend_config['CinderNetappServerPort'],
|
||||
'netapp_size_multiplier' => $backend_config['CinderNetappSizeMultiplier'],
|
||||
'netapp_storage_family' => $backend_config['CinderNetappStorageFamily'],
|
||||
'netapp_storage_protocol' => $backend_config['CinderNetappStorageProtocol'],
|
||||
'netapp_transport_type' => $backend_config['CinderNetappTransportType'],
|
||||
'netapp_vserver' => $backend_config['CinderNetappVserver'],
|
||||
'nfs_shares' => any2array($backend_config['CinderNetappNfsShares']),
|
||||
'nfs_shares_config' => $backend_config['CinderNetappNfsSharesConfig'],
|
||||
'nfs_mount_options' => $backend_config['CinderNetappNfsMountOptions'],
|
||||
'netapp_copyoffload_tool_path' => $backend_config['CinderNetappCopyOffloadToolPath'],
|
||||
'netapp_host_type' => $backend_config['CinderNetappHostType'],
|
||||
'nas_secure_file_operations' => $backend_config['CinderNetappNasSecureFileOperations'],
|
||||
'nas_secure_file_permissions' => $backend_config['CinderNetappNasSecureFilePermissions'],
|
||||
'netapp_pool_name_search_pattern' => $backend_config['CinderNetappPoolNameSearchPattern'],
|
||||
})})
|
||||
}
|
||||
}
|
||||
|
||||
}
|
@ -1,116 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::cinder::volume::nfs
|
||||
#
|
||||
# Cinder Volume nfs profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*cinder_nfs_servers*]
|
||||
# List of NFS shares to mount
|
||||
#
|
||||
# [*backend_name*]
|
||||
# (Optional) List of names given to the Cinder backend stanza.
|
||||
# Defaults to lookup('cinder::backend::nfs::volume_backend_name', undef, undef, ['tripleo_nfs'])
|
||||
#
|
||||
# [*backend_availability_zone*]
|
||||
# (Optional) Availability zone for this volume backend
|
||||
# Defaults to lookup('cinder::backend::nfs::backend_availability_zone', undef, undef, undef)
|
||||
#
|
||||
# [*cinder_nfs_mount_options*]
|
||||
# (Optional) List of mount options for the NFS share
|
||||
# Defaults to ''
|
||||
#
|
||||
# [*cinder_nfs_shares_config*]
|
||||
# (Optional) NFS shares configuration file
|
||||
# Defaults to '/etc/cinder/shares-nfs.conf'
|
||||
#
|
||||
# [*cinder_nfs_snapshot_support*]
|
||||
# (Optional) Whether to enable support for snapshots in the NFS driver.
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*cinder_nas_secure_file_operations*]
|
||||
# (Optional) Allow network-attached storage systems to operate in a secure
|
||||
# environment where root level access is not permitted. If set to False,
|
||||
# access is as the root user and insecure. If set to True, access is not as
|
||||
# root. If set to auto, a check is done to determine if this is a new
|
||||
# installation: True is used if so, otherwise False. Default is auto.
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*cinder_nas_secure_file_permissions*]
|
||||
# (Optional) Set more secure file permissions on network-attached storage
|
||||
# volume files to restrict broad other/world access. If set to False,
|
||||
# volumes are created with open permissions. If set to True, volumes are
|
||||
# created with permissions for the cinder user and group (660). If set to
|
||||
# auto, a check is done to determine if this is a new installation: True is
|
||||
# used if so, otherwise False. Default is auto.
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*multi_config*]
|
||||
# (Optional) A config hash when multiple backends are used.
|
||||
# Defaults to {}
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
class tripleo::profile::base::cinder::volume::nfs (
|
||||
$cinder_nfs_servers,
|
||||
$backend_name = lookup('cinder::backend::nfs::volume_backend_name', undef, undef, ['tripleo_nfs']),
|
||||
$backend_availability_zone = lookup('cinder::backend::nfs::backend_availability_zone', undef, undef, undef),
|
||||
$cinder_nfs_mount_options = '',
|
||||
$cinder_nfs_shares_config = '/etc/cinder/shares-nfs.conf',
|
||||
$cinder_nfs_snapshot_support = $::os_service_default,
|
||||
$cinder_nas_secure_file_operations = $::os_service_default,
|
||||
$cinder_nas_secure_file_permissions = $::os_service_default,
|
||||
$multi_config = {},
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
include tripleo::profile::base::cinder::volume
|
||||
|
||||
if $step >= 4 {
|
||||
package {'nfs-utils': }
|
||||
$backend_defaults = {
|
||||
'CinderNfsAvailabilityZone' => $backend_availability_zone,
|
||||
'CinderNfsServers' => $cinder_nfs_servers,
|
||||
'CinderNfsMountOptions' => $cinder_nfs_mount_options,
|
||||
'CinderNfsSharesConfig' => $cinder_nfs_shares_config,
|
||||
'CinderNfsSnapshotSupport' => $cinder_nfs_snapshot_support,
|
||||
'CinderNasSecureFileOperations' => $cinder_nas_secure_file_operations,
|
||||
'CinderNasSecureFilePermissions' => $cinder_nas_secure_file_permissions,
|
||||
}
|
||||
any2array($backend_name).each |String $backend| {
|
||||
$backend_config = merge($backend_defaults, pick($multi_config[$backend], {}))
|
||||
create_resources('cinder::backend::nfs', { $backend => delete_undef_values({
|
||||
'backend_availability_zone' => $backend_config['CinderNfsAvailabilityZone'],
|
||||
'nfs_servers' => $backend_config['CinderNfsServers'],
|
||||
'nfs_mount_options' => $backend_config['CinderNfsMountOptions'],
|
||||
'nfs_shares_config' => $backend_config['CinderNfsSharesConfig'],
|
||||
'nfs_snapshot_support' => $backend_config['CinderNfsSnapshotSupport'],
|
||||
'nas_secure_file_operations' => $backend_config['CinderNasSecureFileOperations'],
|
||||
'nas_secure_file_permissions' => $backend_config['CinderNasSecureFilePermissions'],
|
||||
})})
|
||||
Package['nfs-utils'] -> Cinder::Backend::Nfs[$backend]
|
||||
}
|
||||
if str2bool($::selinux) {
|
||||
selboolean { 'virt_use_nfs':
|
||||
value => on,
|
||||
persistent => true,
|
||||
require => Package['nfs-utils'],
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
@ -1,80 +0,0 @@
|
||||
#
|
||||
# == Class: tripleo::profile::base::cinder::volume::nvmeof
|
||||
#
|
||||
# NVMeOF Cinder Volume profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*target_ip_address*]
|
||||
# (Required) The IP address of NVMe target
|
||||
#
|
||||
# [*target_port*]
|
||||
# (Required) Port that NVMe target is listening on
|
||||
#
|
||||
# [*target_helper*]
|
||||
# (Required) Target user-land tool to use
|
||||
#
|
||||
# [*target_protocol*]
|
||||
# (Required) Target protocol to use
|
||||
#
|
||||
# [*target_prefix*]
|
||||
# (Optional) Prefix for LVM volumes
|
||||
# Defaults to 'nvme-subsystem'
|
||||
#
|
||||
# [*nvmet_port_id*]
|
||||
# (Optional) Port id of the NVMe target
|
||||
# Defaults to '1'
|
||||
#
|
||||
# [*nvmet_ns_id*]
|
||||
# (Optional) The namespace id associated with the subsystem
|
||||
# Defaults to '10'
|
||||
#
|
||||
# [*volume_backend_name*]
|
||||
# (Optional) Name given to the Cinder backend
|
||||
# Defaults to lookup('cinder::backend::nvmeof::volume_backend_name', undef, undef, 'tripleo_nvmeof')
|
||||
#
|
||||
# [*backend_availability_zone*]
|
||||
# (Optional) Availability zone for this volume backend
|
||||
# Defaults to lookup('cinder::backend::nvmeof::backend_availability_zone', undef, undef, undef)
|
||||
#
|
||||
# [*volume_driver*]
|
||||
# (Optional) Driver to use for volume creation
|
||||
# Defaults to 'cinder.volume.drivers.lvm.LVMVolumeDriver'
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
class tripleo::profile::base::cinder::volume::nvmeof (
|
||||
$target_ip_address,
|
||||
$target_port,
|
||||
$target_helper,
|
||||
$target_protocol,
|
||||
$target_prefix = 'nvme-subsystem',
|
||||
$nvmet_port_id = '1',
|
||||
$nvmet_ns_id = '10',
|
||||
$volume_backend_name = lookup('cinder::backend::nvmeof::volume_backend_name', undef, undef, 'tripleo_nvmeof'),
|
||||
$backend_availability_zone = lookup('cinder::backend::nvmeof::backend_availability_zone', undef, undef, undef),
|
||||
$volume_driver = 'cinder.volume.drivers.lvm.LVMVolumeDriver',
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
include tripleo::profile::base::cinder::volume
|
||||
|
||||
if $step >= 4 {
|
||||
create_resources('cinder::backend::nvmeof', { $volume_backend_name => delete_undef_values({
|
||||
'target_ip_address' => normalize_ip_for_uri($target_ip_address),
|
||||
'target_port' => $target_port,
|
||||
'target_helper' => $target_helper,
|
||||
'target_protocol' => $target_protocol,
|
||||
'target_prefix' => $target_prefix,
|
||||
'nvmet_port_id' => $nvmet_port_id,
|
||||
'nvmet_ns_id' => $nvmet_ns_id,
|
||||
'volume_backend_name' => $volume_backend_name,
|
||||
'backend_availability_zone' => $backend_availability_zone,
|
||||
'volume_driver' => $volume_driver,
|
||||
})})
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -1,80 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::cinder::volume::pure
|
||||
#
|
||||
# Cinder Volume pure profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*backend_name*]
|
||||
# (Optional) List of names given to the Cinder backend stanza.
|
||||
# Defaults to lookup('cinder::backend::pure::volume_backend_name', undef, undef, ['tripleo_pure'])
|
||||
#
|
||||
# [*multi_config*]
|
||||
# (Optional) A config hash when multiple backends are used.
|
||||
# Defaults to lookup('cinder::backend::pure::volume_multi_config', undef, undef, {})
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
class tripleo::profile::base::cinder::volume::pure (
|
||||
$backend_name = lookup('cinder::backend::pure::volume_backend_name', undef, undef, ['tripleo_pure']),
|
||||
$multi_config = lookup('cinder::backend::pure::volume_multi_config', undef, undef, {}),
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
include tripleo::profile::base::cinder::volume
|
||||
|
||||
if $step >= 4 {
|
||||
$backend_defaults = {
|
||||
'CinderPureAvailabilityZone' => lookup('cinder::backend::pure::backend_availability_zone', undef, undef, undef),
|
||||
'CinderPureSanIp' => lookup('cinder::backend::pure::san_ip', undef, undef, undef),
|
||||
'CinderPureAPIToken' => lookup('cinder::backend::pure::pure_api_token', undef, undef, undef),
|
||||
'CinderPureStorageProtocol' => lookup('cinder::backend::pure::pure_storage_protocol', undef, undef, undef),
|
||||
'CinderPureUseChap' => lookup('cinder::backend::pure::use_chap_auth', undef, undef, undef),
|
||||
'CinderPureMultipathXfer' => lookup('cinder::backend::pure::use_multipath_for_image_xfer', undef, undef, undef),
|
||||
'CinderPureImageCache' => lookup('cinder::backend::pure::image_volume_cache_enabled', undef, undef, undef),
|
||||
'CinderPureIscsiCidr' => lookup('cinder::backend::pure::pure_iscsi_cidr', undef, undef, undef),
|
||||
'CinderPureIscsiCidrList' => lookup('cinder::backend::pure::pure_iscsi_cidr_list', undef, undef, undef),
|
||||
'CinderPureHostPersonality' => lookup('cinder::backend::pure::pure_host_personality', undef, undef, undef),
|
||||
'CinderPureEradicateOnDelete' => lookup('cinder::backend::pure::pure_eradicate_on_delete', undef, undef, undef),
|
||||
'CinderPureNvmeTransport' => lookup('cinder::backend::pure::pure_nvme_transport', undef, undef, undef),
|
||||
'CinderPureNvmeCidr' => lookup('cinder::backend::pure::pure_nvme_cidr', undef, undef, undef),
|
||||
'CinderPureNvmeCidrList' => lookup('cinder::backend::pure::pure_nvme_cidr_list', undef, undef, undef),
|
||||
}
|
||||
|
||||
$backend_name.each |String $backend| {
|
||||
$backend_config = merge($backend_defaults, pick($multi_config[$backend], {}))
|
||||
|
||||
create_resources('cinder::backend::pure', { $backend => delete_undef_values({
|
||||
'backend_availability_zone' => $backend_config['CinderPureAvailabilityZone'],
|
||||
'san_ip' => $backend_config['CinderPureSanIp'],
|
||||
'pure_api_token' => $backend_config['CinderPureAPIToken'],
|
||||
'pure_storage_protocol' => $backend_config['CinderPureStorageProtocol'],
|
||||
'use_chap_auth' => $backend_config['CinderPureUseChap'],
|
||||
'use_multipath_for_image_xfer' => $backend_config['CinderPureMultipathXfer'],
|
||||
'image_volume_cache_enabled' => $backend_config['CinderPureImageCache'],
|
||||
'pure_iscsi_cidr' => $backend_config['CinderPureIscsiCidr'],
|
||||
'pure_iscsi_cidr_list' => $backend_config['CinderPureIscsiCidrList'],
|
||||
'pure_host_personality' => $backend_config['CinderPureHostPersonality'],
|
||||
'pure_eradicate_on_delete' => $backend_config['CinderPureEradicateOnDelete'],
|
||||
'pure_nvme_transport' => $backend_config['CinderPureNvmeTransport'],
|
||||
'pure_nvme_cidr' => $backend_config['CinderPureNvmeCidr'],
|
||||
'pure_nvme_cidr_list' => $backend_config['CinderPureNvmeCidrList'],
|
||||
})})
|
||||
}
|
||||
}
|
||||
}
|
@ -1,147 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::cinder::volume::rbd
|
||||
#
|
||||
# Cinder Volume rbd profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*backend_name*]
|
||||
# (Optional) List of names given to the Cinder backend stanza.
|
||||
# Defaults to lookup('cinder::backend::rbd::volume_backend_name', undef, undef, ['tripleo_ceph'])
|
||||
#
|
||||
# [*backend_availability_zone*]
|
||||
# (Optional) Availability zone for this volume backend
|
||||
# Defaults to lookup('cinder::backend::rbd::backend_availability_zone', undef, undef, undef)
|
||||
#
|
||||
# [*cinder_rbd_backend_host*]
|
||||
# (Optional) String to use as backend_host in the backend stanza
|
||||
# Defaults to lookup('cinder::backend_host', undef, undef, lookup('cinder::host', undef, undef, $::hostname))
|
||||
#
|
||||
# [*cinder_rbd_ceph_conf*]
|
||||
# (Optional) The path to the Ceph cluster config file
|
||||
# Defaults to '/etc/ceph/ceph.conf'
|
||||
#
|
||||
# [*cinder_rbd_pool_name*]
|
||||
# (Optional) The name of the RBD pool to use
|
||||
# Defaults to 'volumes'
|
||||
#
|
||||
# [*cinder_rbd_extra_pools*]
|
||||
# (Optional) List of additional pools to use for Cinder. A separate RBD
|
||||
# backend is created for each additional pool.
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*cinder_rbd_secret_uuid*]
|
||||
# (Optional) UUID of the of the libvirt secret storing the Cephx key
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*cinder_rbd_user_name*]
|
||||
# (Optional) The user name for the RBD client
|
||||
# Defaults to 'openstack'
|
||||
#
|
||||
# [*cinder_rbd_flatten_volume_from_snapshot*]
|
||||
# (Optional) Whether volumes created from a snapshot should be flattened
|
||||
# in order to remove a dependency on the snapshot.
|
||||
# Defaults to lookup('cinder::backend::rbd::flatten_volume_from_snapshot, undef, undef, undef)
|
||||
#
|
||||
# [*multi_config*]
|
||||
# (Optional) A config hash when multiple backends are used.
|
||||
# Defaults to {}
|
||||
#
|
||||
# [*extra_options*]
|
||||
# (optional) Hash of extra options to configure for the RBD backends.
|
||||
# Example: { 'tripleo_ceph/param1' => { 'value' => value1 } }
|
||||
# Defaults to: {}
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
class tripleo::profile::base::cinder::volume::rbd (
|
||||
$backend_name = lookup('cinder::backend::rbd::volume_backend_name', undef, undef, ['tripleo_ceph']),
|
||||
$backend_availability_zone = lookup('cinder::backend::rbd::backend_availability_zone', undef, undef, undef),
|
||||
# lint:ignore:parameter_documentation
|
||||
$cinder_rbd_backend_host = lookup('cinder::backend_host', undef, undef, lookup('cinder::host',
|
||||
undef, undef, $::hostname)),
|
||||
# lint:endignore
|
||||
$cinder_rbd_ceph_conf = lookup('cinder::backend::rbd::rbd_ceph_conf', undef, undef, '/etc/ceph/ceph.conf'),
|
||||
$cinder_rbd_pool_name = 'volumes',
|
||||
$cinder_rbd_extra_pools = undef,
|
||||
$cinder_rbd_secret_uuid = undef,
|
||||
$cinder_rbd_user_name = 'openstack',
|
||||
$cinder_rbd_flatten_volume_from_snapshot = lookup('cinder::backend::rbd::flatten_volume_from_snapshot', undef, undef, undef),
|
||||
$multi_config = {},
|
||||
$extra_options = {},
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
include tripleo::profile::base::cinder::volume
|
||||
|
||||
if $step >= 4 {
|
||||
$backend_defaults = {
|
||||
'CephClusterFSID' => $cinder_rbd_secret_uuid,
|
||||
'CephClientUserName' => $cinder_rbd_user_name,
|
||||
'CinderRbdAvailabilityZone' => $backend_availability_zone,
|
||||
'CinderRbdPoolName' => $cinder_rbd_pool_name,
|
||||
'CinderRbdExtraPools' => $cinder_rbd_extra_pools,
|
||||
'CinderRbdFlattenVolumeFromSnapshot' => $cinder_rbd_flatten_volume_from_snapshot,
|
||||
}
|
||||
|
||||
$backends_array = any2array($backend_name)
|
||||
$backends_array.each |String $backend| {
|
||||
$backend_multi_config = pick($multi_config[$backend], {})
|
||||
|
||||
$multi_config_cluster = $backend_multi_config['CephClusterName']
|
||||
if $multi_config_cluster {
|
||||
$backend_ceph_conf = "/etc/ceph/${multi_config_cluster}.conf"
|
||||
} else {
|
||||
$backend_ceph_conf = $cinder_rbd_ceph_conf
|
||||
}
|
||||
|
||||
# Ensure extra_options are only applied once.
|
||||
if $backend == $backends_array[0] {
|
||||
$extra_options_real = $extra_options
|
||||
} else {
|
||||
$extra_options_real = undef
|
||||
}
|
||||
|
||||
$backend_config = merge($backend_defaults, $backend_multi_config)
|
||||
|
||||
create_resources('cinder::backend::rbd', { $backend => delete_undef_values({
|
||||
'backend_availability_zone' => $backend_config['CinderRbdAvailabilityZone'],
|
||||
'backend_host' => $cinder_rbd_backend_host,
|
||||
'rbd_ceph_conf' => $backend_ceph_conf,
|
||||
'rbd_pool' => $backend_config['CinderRbdPoolName'],
|
||||
'rbd_user' => $backend_config['CephClientUserName'],
|
||||
'rbd_secret_uuid' => $backend_config['CephClusterFSID'],
|
||||
'rbd_flatten_volume_from_snapshot' => $backend_config['CinderRbdFlattenVolumeFromSnapshot'],
|
||||
'extra_options' => $extra_options_real,
|
||||
})})
|
||||
|
||||
any2array($backend_config['CinderRbdExtraPools']).each |String $pool_name| {
|
||||
create_resources('cinder::backend::rbd', { "${backend}_${pool_name}" => delete_undef_values({
|
||||
'backend_availability_zone' => $backend_config['CinderRbdAvailabilityZone'],
|
||||
'backend_host' => $cinder_rbd_backend_host,
|
||||
'rbd_ceph_conf' => $backend_ceph_conf,
|
||||
'rbd_pool' => $pool_name,
|
||||
'rbd_user' => $backend_config['CephClientUserName'],
|
||||
'rbd_secret_uuid' => $backend_config['CephClusterFSID'],
|
||||
'rbd_flatten_volume_from_snapshot' => $backend_config['CinderRbdFlattenVolumeFromSnapshot'],
|
||||
})})
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
@ -1,279 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::database::mysql
|
||||
#
|
||||
# MySQL profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*bind_address*]
|
||||
# (Optional) The address that the local mysql instance should bind to.
|
||||
# Defaults to $::hostname
|
||||
#
|
||||
# [*bootstrap_node*]
|
||||
# (Optional) The hostname of the node responsible for bootstrapping tasks
|
||||
# Defaults to lookup('mysql_short_bootstrap_node_name', undef, undef, undef)
|
||||
#
|
||||
# [*certificate_specs*]
|
||||
# (Optional) The specifications to give to certmonger for the certificate
|
||||
# it will create. Note that the certificate nickname must be 'mysql' in
|
||||
# the case of this service.
|
||||
# Example with hiera:
|
||||
# tripleo::profile::base::database::mysql::certificate_specs:
|
||||
# hostname: <overcloud controller fqdn>
|
||||
# service_certificate: <service certificate path>
|
||||
# service_key: <service key path>
|
||||
# principal: "mysql/<overcloud controller fqdn>"
|
||||
# Defaults to {}.
|
||||
#
|
||||
# [*cipher_list*]
|
||||
# (Optional) When enable_internal_tls is true, defines the list of allowed
|
||||
# ciphers for the mysql server.
|
||||
# Defaults to '!SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES:!SSLv3:!TLSv1'
|
||||
#
|
||||
# [*enable_internal_tls*]
|
||||
# (Optional) Whether TLS in the internal network is enabled or not.
|
||||
# Defaults to lookup('enable_internal_tls', undef, undef, false)
|
||||
#
|
||||
# [*innodb_buffer_pool_size*]
|
||||
# (Optional) Configure the size of the MySQL buffer pool.
|
||||
# Defaults to lookup('innodb_buffer_pool_size', undef, undef, undef)
|
||||
#
|
||||
# [*innodb_log_file_size*]
|
||||
# (Optional) Configure the size in bytes of each log file in a log group.
|
||||
# Defaults to undef.
|
||||
#
|
||||
# [*innodb_flush_method*]
|
||||
# (Optional) Defines the method used to flush data to InnoDB data files and log files.
|
||||
# Defaults to undef.
|
||||
#
|
||||
# [*innodb_lock_wait_timeout*]
|
||||
# (Option) Time in seconds that an InnoDB transaction waits for an InnoDB row lock (not table lock).
|
||||
# When this occurs, the statement (not transaction) is rolled back.
|
||||
# Defaults to undef.
|
||||
#
|
||||
# [*innodb_strict_mode*]
|
||||
# (Optional) InnoDB strict mode enforcement. When set to 'ON', InnoDB
|
||||
# performs validity checks on DDL statements such as table creation,
|
||||
# or table row size. When set to 'OFF', the same checks only return
|
||||
# warnings rather than error.
|
||||
# Defaults to lookup('innodb_strict_mode', undef, undef, 'OFF')
|
||||
#
|
||||
# [*table_open_cache*]
|
||||
# (Optional) Configure the number of open tables for all threads.
|
||||
# Increasing this value increases the number of file descriptors that mysqld requires.
|
||||
# Defaults to undef.
|
||||
#
|
||||
# [*manage_resources*]
|
||||
# (Optional) Whether or not manage root user, root my.cnf, and service.
|
||||
# Defaults to true
|
||||
#
|
||||
# [*mysql_server_options*]
|
||||
# (Optional) Extras options to deploy MySQL. Useful when deploying Galera cluster.
|
||||
# Should be an hash.
|
||||
# Defaults to {}
|
||||
#
|
||||
# [*mysql_max_connections*]
|
||||
# (Optional) Maximum number of connections to MySQL.
|
||||
# Defaults to lookup('mysql_max_connections', undef, undef, undef)
|
||||
#
|
||||
# [*mysql_auth_ed25519*]
|
||||
# (Optional) Use MariaDB's ed25519 authentication plugin to authenticate
|
||||
# a user when connecting to the server
|
||||
# Defaults to lookup('mysql_auth_ed25519', undef, undef, false)
|
||||
#
|
||||
# [*remove_default_accounts*]
|
||||
# (Optional) Whether or not remove default MySQL accounts.
|
||||
# Defaults to true
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
#
|
||||
class tripleo::profile::base::database::mysql (
|
||||
$bind_address = $::hostname,
|
||||
$bootstrap_node = lookup('mysql_short_bootstrap_node_name', undef, undef, undef),
|
||||
$certificate_specs = {},
|
||||
$cipher_list = '!SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES:!SSLv3:!TLSv1',
|
||||
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
|
||||
$innodb_buffer_pool_size = lookup('innodb_buffer_pool_size', undef, undef, undef),
|
||||
$innodb_log_file_size = undef,
|
||||
$innodb_lock_wait_timeout = lookup('innodb_lock_wait_timeout', undef, undef, undef),
|
||||
$innodb_strict_mode = lookup('innodb_strict_mode', undef, undef, 'OFF'),
|
||||
$table_open_cache = undef,
|
||||
$innodb_flush_method = undef,
|
||||
$manage_resources = true,
|
||||
$mysql_server_options = {},
|
||||
$mysql_max_connections = lookup('mysql_max_connections', undef, undef, undef),
|
||||
$mysql_auth_ed25519 = lookup('mysql_auth_ed25519', undef, undef, false),
|
||||
$remove_default_accounts = true,
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
|
||||
if $bootstrap_node and $::hostname == downcase($bootstrap_node) {
|
||||
$sync_db = true
|
||||
} else {
|
||||
$sync_db = false
|
||||
}
|
||||
|
||||
validate_legacy(Hash, 'validate_hash', $mysql_server_options)
|
||||
validate_legacy(Hash, 'validate_hash', $certificate_specs)
|
||||
|
||||
if $enable_internal_tls {
|
||||
$tls_certfile = $certificate_specs['service_certificate']
|
||||
$tls_keyfile = $certificate_specs['service_key']
|
||||
$tls_cipher_list = $cipher_list
|
||||
|
||||
# Force users/grants created to use TLS connections
|
||||
Openstacklib::Db::Mysql <||> { tls_options => ['SSL'] }
|
||||
} else {
|
||||
$tls_certfile = undef
|
||||
$tls_keyfile = undef
|
||||
$tls_cipher_list = undef
|
||||
}
|
||||
|
||||
# non-ha scenario
|
||||
if $manage_resources {
|
||||
$mysql_step = 2
|
||||
} else {
|
||||
# ha scenario
|
||||
$mysql_step = 1
|
||||
}
|
||||
if $step >= $mysql_step {
|
||||
if str2bool(lookup('enable_galera', undef, undef, true)) {
|
||||
$mysql_config_file = '/etc/my.cnf.d/galera.cnf'
|
||||
} else {
|
||||
$mysql_config_file = '/etc/my.cnf.d/server.cnf'
|
||||
}
|
||||
# TODO Galera
|
||||
# FIXME: due to https://bugzilla.redhat.com/show_bug.cgi?id=1298671 we
|
||||
# set bind-address to a hostname instead of an ip address; to move Mysql
|
||||
# from internal_api on another network we'll have to customize both
|
||||
# MysqlNetwork and ControllerHostnameResolveNetwork in ServiceNetMap
|
||||
$mysql_server_default = {
|
||||
'mysqld' => {
|
||||
'bind-address' => $bind_address,
|
||||
'max_connections' => $mysql_max_connections,
|
||||
'open_files_limit' => '65536',
|
||||
'innodb_buffer_pool_size' => $innodb_buffer_pool_size,
|
||||
'innodb_file_per_table' => 'ON',
|
||||
'innodb_log_file_size' => $innodb_log_file_size,
|
||||
'innodb_lock_wait_timeout' => $innodb_lock_wait_timeout,
|
||||
'innodb_strict_mode' => $innodb_strict_mode,
|
||||
'log_warnings' => '1',
|
||||
'table_open_cache' => $table_open_cache,
|
||||
'innodb_flush_method' => $innodb_flush_method,
|
||||
'query_cache_size' => '0',
|
||||
'query_cache_type' => '0',
|
||||
'ssl' => $enable_internal_tls,
|
||||
'ssl-key' => $tls_keyfile,
|
||||
'ssl-cert' => $tls_certfile,
|
||||
'ssl-cipher' => $tls_cipher_list,
|
||||
'ssl-ca' => undef,
|
||||
'plugin_load_add' => 'auth_ed25519',
|
||||
}
|
||||
}
|
||||
$mysql_server_options_real = deep_merge($mysql_server_default, $mysql_server_options)
|
||||
class { 'mysql::server':
|
||||
config_file => $mysql_config_file,
|
||||
override_options => $mysql_server_options_real,
|
||||
create_root_user => $manage_resources,
|
||||
create_root_my_cnf => $manage_resources,
|
||||
service_manage => $manage_resources,
|
||||
service_enabled => $manage_resources,
|
||||
remove_default_accounts => $remove_default_accounts,
|
||||
}
|
||||
}
|
||||
|
||||
$service_names = lookup('enabled_services', undef, undef, undef)
|
||||
|
||||
if $service_names {
|
||||
tripleo::profile::base::database::mysql::users { $service_names: }
|
||||
}
|
||||
|
||||
if $step >= 2 and $sync_db {
|
||||
Class['mysql::server'] -> Mysql_database<||>
|
||||
if ($manage_resources) {
|
||||
# the mysql module handles password for user 'root@localhost', but it
|
||||
# doesn't modify 'root@%'. So make sure this user password is managed
|
||||
# as well by creating a resource appropriately.
|
||||
mysql_user { 'root@%':
|
||||
ensure => present,
|
||||
password_hash => mysql::password(lookup('mysql::server::root_password')),
|
||||
}
|
||||
}
|
||||
if ($mysql_auth_ed25519) {
|
||||
['root@localhost', 'root@%'].each |$user| {
|
||||
Mysql_user<| title == $user |> {
|
||||
plugin => 'ed25519',
|
||||
password_hash => mysql_ed25519_password(lookup('mysql::server::root_password'))
|
||||
}
|
||||
}
|
||||
}
|
||||
# Note: use 'include_and_check_auth' below rather than 'include'
|
||||
# to support ed25519 authentication
|
||||
if lookup('aodh_api_enabled', undef, undef, false) {
|
||||
tripleo::profile::base::database::mysql::include_and_check_auth{'aodh::db::mysql':}
|
||||
}
|
||||
if lookup('cinder_api_enabled', undef, undef, false) {
|
||||
tripleo::profile::base::database::mysql::include_and_check_auth{'cinder::db::mysql':}
|
||||
}
|
||||
if lookup('barbican_api_enabled', undef, undef, false) {
|
||||
tripleo::profile::base::database::mysql::include_and_check_auth{'barbican::db::mysql':}
|
||||
}
|
||||
if lookup('designate_api_enabled', undef, undef, false) {
|
||||
tripleo::profile::base::database::mysql::include_and_check_auth{'designate::db::mysql':}
|
||||
}
|
||||
if lookup('glance_api_enabled', undef, undef, false) {
|
||||
tripleo::profile::base::database::mysql::include_and_check_auth{'glance::db::mysql':}
|
||||
}
|
||||
if lookup('gnocchi_api_enabled', undef, undef, false) {
|
||||
tripleo::profile::base::database::mysql::include_and_check_auth{'gnocchi::db::mysql':}
|
||||
}
|
||||
if lookup('heat_engine_enabled', undef, undef, false) {
|
||||
tripleo::profile::base::database::mysql::include_and_check_auth{'heat::db::mysql':}
|
||||
}
|
||||
if lookup('ironic_api_enabled', undef, undef, false) {
|
||||
tripleo::profile::base::database::mysql::include_and_check_auth{'ironic::db::mysql':}
|
||||
}
|
||||
if lookup('ironic_inspector_enabled', undef, undef, false) {
|
||||
tripleo::profile::base::database::mysql::include_and_check_auth{'ironic::inspector::db::mysql':}
|
||||
}
|
||||
if lookup('keystone_enabled', undef, undef, false) {
|
||||
tripleo::profile::base::database::mysql::include_and_check_auth{'keystone::db::mysql':}
|
||||
}
|
||||
if lookup('manila_api_enabled', undef, undef, false) {
|
||||
tripleo::profile::base::database::mysql::include_and_check_auth{'manila::db::mysql':}
|
||||
}
|
||||
if lookup('neutron_api_enabled', undef, undef, false) {
|
||||
tripleo::profile::base::database::mysql::include_and_check_auth{'neutron::db::mysql':}
|
||||
}
|
||||
if lookup('nova_conductor_enabled', undef, undef, false) {
|
||||
tripleo::profile::base::database::mysql::include_and_check_auth{'nova::db::mysql':}
|
||||
}
|
||||
if lookup('nova_api_enabled', undef, undef, false) {
|
||||
tripleo::profile::base::database::mysql::include_and_check_auth{'nova::db::mysql_api':}
|
||||
}
|
||||
if lookup('placement_enabled', undef, undef, false) {
|
||||
tripleo::profile::base::database::mysql::include_and_check_auth{'placement::db::mysql':}
|
||||
}
|
||||
if lookup('octavia_api_enabled', undef, undef, false) {
|
||||
tripleo::profile::base::database::mysql::include_and_check_auth{'octavia::db::mysql':}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
@ -1,104 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::haproxy
|
||||
#
|
||||
# Loadbalancer profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*enable_ssl*]
|
||||
# (Optional) Whether SSL should be used for the connection to the server or
|
||||
# not.
|
||||
# Defaults to false
|
||||
#
|
||||
# [*mysql_read_default_file*]
|
||||
# (Optional) Name of the file that will be passed to pymysql connection strings
|
||||
# Defaults to '/etc/my.cnf.d/tripleo.cnf'
|
||||
#
|
||||
# [*mysql_read_default_group*]
|
||||
# (Optional) Name of the ini section to be passed to pymysql connection strings
|
||||
# Defaults to 'tripleo'
|
||||
#
|
||||
# [*mysql_client_bind_address*]
|
||||
# (Optional) Client IP address of the host that will be written in the mysql_read_default_file
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*ssl_ca*]
|
||||
# (Optional) The SSL CA file to use to verify the MySQL server's certificate.
|
||||
# Defaults to '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt'
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
class tripleo::profile::base::database::mysql::client (
|
||||
$enable_ssl = false,
|
||||
$mysql_read_default_file = '/etc/my.cnf.d/tripleo.cnf',
|
||||
$mysql_read_default_group = 'tripleo',
|
||||
$mysql_client_bind_address = undef,
|
||||
$ssl_ca = '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt',
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
if $step >= 1 {
|
||||
if $mysql_client_bind_address =~ Stdlib::Compat::Ip_address {
|
||||
$client_bind_changes = [
|
||||
"set ${mysql_read_default_group}/bind-address '${mysql_client_bind_address}'"
|
||||
]
|
||||
} else {
|
||||
$client_bind_changes = [
|
||||
"rm ${mysql_read_default_group}/bind-address"
|
||||
]
|
||||
}
|
||||
|
||||
if $enable_ssl {
|
||||
$changes_ssl = [
|
||||
"set ${mysql_read_default_group}/ssl '1'",
|
||||
"set ${mysql_read_default_group}/ssl-ca '${ssl_ca}'",
|
||||
'set client/ssl \'1\'',
|
||||
"set client/ssl-ca '${ssl_ca}'"
|
||||
]
|
||||
} else {
|
||||
$changes_ssl = [
|
||||
"rm ${mysql_read_default_group}/ssl",
|
||||
"rm ${mysql_read_default_group}/ssl-ca",
|
||||
'rm client/ssl',
|
||||
'rm client/ssl-ca'
|
||||
]
|
||||
}
|
||||
|
||||
$conf_changes = union($client_bind_changes, $changes_ssl)
|
||||
|
||||
# When generating configuration with docker-puppet, services do
|
||||
# not include any profile that would ensure creation of /etc/my.cnf.d,
|
||||
# so we enforce the check here.
|
||||
file {'/etc/my.cnf.d':
|
||||
ensure => 'directory'
|
||||
}
|
||||
file { $mysql_read_default_file:
|
||||
ensure => file,
|
||||
}
|
||||
augeas { 'tripleo-mysql-client-conf':
|
||||
incl => $mysql_read_default_file,
|
||||
lens => 'Puppet.lns',
|
||||
changes => $conf_changes,
|
||||
require => File[$mysql_read_default_file],
|
||||
}
|
||||
|
||||
# If a profile created a file resource for the parent directory,
|
||||
# ensure it is being run before the config file generation
|
||||
File<| title == '/etc/my.cnf.d' |> -> Augeas['tripleo-mysql-client-conf']
|
||||
}
|
||||
}
|
@ -1,49 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: include_and_check_auth
|
||||
#
|
||||
# Include an OpenStack MySQL profile and configures it for alternative
|
||||
# client authentication like e.g. ed25519
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*module*]
|
||||
# (Optional) The puppet module to include
|
||||
# Defaults to $title
|
||||
#
|
||||
# [*mysql_auth_ed25519*]
|
||||
# (Optional) Use MariaDB's ed25519 authentication plugin to authenticate
|
||||
# a user when connecting to the server
|
||||
# Defaults to lookup('mysql_auth_ed25519', undef, undef, false)
|
||||
#
|
||||
define tripleo::profile::base::database::mysql::include_and_check_auth(
|
||||
$module = $title,
|
||||
$mysql_auth_ed25519 = lookup('mysql_auth_ed25519', undef, undef, false),
|
||||
) {
|
||||
include $module
|
||||
if ($mysql_auth_ed25519) {
|
||||
# currently all openstack puppet modules create MySQL users
|
||||
# by hashing their password for the default auth method.
|
||||
# If ed25519 auth is enabled, we must hash the password
|
||||
# differently; so do it with a collector until all
|
||||
# openstack modules support ed25519 auth natively.
|
||||
$stripped_module_name = regsubst($module,'^::','')
|
||||
$password_key = "${stripped_module_name}::password"
|
||||
Openstacklib::Db::Mysql<| tag == $stripped_module_name |> {
|
||||
plugin => 'ed25519',
|
||||
password_hash => mysql_ed25519_password(lookup($password_key))
|
||||
}
|
||||
}
|
||||
}
|
@ -1,62 +0,0 @@
|
||||
# The tripleo::profile::base::database::mysql::user resource implements
|
||||
# a generic resource to create databases, users and grants in MySQL
|
||||
#
|
||||
# == parameters
|
||||
#
|
||||
# [*password*]
|
||||
# (Required) Password to connect to the database.
|
||||
#
|
||||
# [*dbname*]
|
||||
# (Required) Name of the database.
|
||||
#
|
||||
# [*user*]
|
||||
# (Required) User to connect to the database.
|
||||
#
|
||||
# [*host*]
|
||||
# (Optional) The default source host user is allowed to connect from.
|
||||
# Defaults to '127.0.0.1'
|
||||
#
|
||||
# [*allowed_hosts*]
|
||||
# (Optional) Other hosts the user is allowed to connect from.
|
||||
# Defaults to 'undef'.
|
||||
#
|
||||
# [*charset*]
|
||||
# (Optional) The database charset.
|
||||
# Defaults to 'utf8'
|
||||
#
|
||||
# [*collate*]
|
||||
# (Optional) The database collate.
|
||||
# Only used with mysql modules >= 2.2.
|
||||
# Defaults to 'utf8_general_ci'
|
||||
#
|
||||
# == Dependencies
|
||||
# Class['mysql::server']
|
||||
#
|
||||
# == Examples
|
||||
#
|
||||
# == Authors
|
||||
#
|
||||
# == Copyright
|
||||
#
|
||||
define tripleo::profile::base::database::mysql::user (
|
||||
$password,
|
||||
$dbname,
|
||||
$user,
|
||||
$host = '127.0.0.1',
|
||||
$charset = 'utf8',
|
||||
$collate = 'utf8_general_ci',
|
||||
$allowed_hosts = undef
|
||||
) {
|
||||
|
||||
validate_legacy(String, 'validate_string', $password)
|
||||
|
||||
::openstacklib::db::mysql { $title :
|
||||
user => $user,
|
||||
password => $password,
|
||||
dbname => $dbname,
|
||||
host => $host,
|
||||
charset => $charset,
|
||||
collate => $collate,
|
||||
allowed_hosts => $allowed_hosts,
|
||||
}
|
||||
}
|
@ -1,37 +0,0 @@
|
||||
# Copyright 2017 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Define: tripleo::haproxy::service_endpoints
|
||||
#
|
||||
# Define used to create haproxyendpoints for composable services.
|
||||
#
|
||||
# === Parameters:
|
||||
#
|
||||
# [*service_name*]
|
||||
# (optional) The service_name to create the myql resources for.
|
||||
# Defaults to $title
|
||||
#
|
||||
define tripleo::profile::base::database::mysql::users ($service_name = $title) {
|
||||
|
||||
$underscore_name = regsubst($service_name, '-', '_', 'G')
|
||||
|
||||
# This allows each composable service to load its own custom rules by
|
||||
# creating its own flat hiera key named:
|
||||
# tripleo::<service name with underscores>::mysql_user
|
||||
$mysql_users = lookup("tripleo::${underscore_name}::mysql_user", undef, undef, undef)
|
||||
|
||||
if $mysql_users {
|
||||
ensure_resource('tripleo::profile::base::database::mysql::user', $service_name, $mysql_users)
|
||||
}
|
||||
}
|
@ -1,119 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::database::redis
|
||||
#
|
||||
# Redis profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*certificate_specs*]
|
||||
# (Optional) The specifications to give to certmonger for the certificate(s)
|
||||
# it will create.
|
||||
# Example with hiera:
|
||||
# redis_certificate_specs:
|
||||
# hostname: <overcloud controller fqdn>
|
||||
# service_certificate: <service certificate path>
|
||||
# service_key: <service key path>
|
||||
# principal: "haproxy/<overcloud controller fqdn>"
|
||||
# Defaults to lookup('redis_certificate_specs', undef, undef, {}).
|
||||
#
|
||||
# [*enable_internal_tls*]
|
||||
# (Optional) Whether TLS in the internal network is enabled or not.
|
||||
# Defaults to lookup('enable_internal_tls', undef, undef, false)
|
||||
#
|
||||
# [*redis_network*]
|
||||
# (Optional) The network name where the redis endpoint is listening on.
|
||||
# This is set by t-h-t.
|
||||
# Defaults to lookup('redis_network', undef, undef, undef)
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
# [*pacemaker_managed*]
|
||||
# (Optional) Whether the redis service is managed by Pacemaker
|
||||
# Defaults to false
|
||||
#
|
||||
# [*tls_tunnel_local_name*]
|
||||
# (Optional) When TLS proxy is in use, name of the localhost to forward
|
||||
# unencryption Redis traffic to.
|
||||
# This is set by t-h-t.
|
||||
# Defaults to 'localhost'
|
||||
#
|
||||
# [*tls_proxy_bind_ip*]
|
||||
# IP on which the TLS proxy will listen on. Required only if
|
||||
# enable_internal_tls is set.
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*tls_proxy_fqdn*]
|
||||
# fqdn on which the tls proxy will listen on. required only used if
|
||||
# enable_internal_tls is set.
|
||||
# defaults to undef
|
||||
#
|
||||
# [*tls_proxy_port*]
|
||||
# port on which the tls proxy will listen on. Only used if
|
||||
# enable_internal_tls is set.
|
||||
# defaults to 6379
|
||||
#
|
||||
class tripleo::profile::base::database::redis (
|
||||
$certificate_specs = lookup('redis_certificate_specs', undef, undef, {}),
|
||||
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
|
||||
$redis_network = lookup('redis_network', undef, undef, undef),
|
||||
$step = Integer(lookup('step')),
|
||||
$pacemaker_managed = false,
|
||||
$tls_tunnel_local_name = 'localhost',
|
||||
$tls_proxy_bind_ip = undef,
|
||||
$tls_proxy_fqdn = undef,
|
||||
$tls_proxy_port = 6379,
|
||||
) {
|
||||
|
||||
# When Redis is managed by pacemaker then the configuration is generated
|
||||
# before cluster is being set up.
|
||||
if $pacemaker_managed {
|
||||
$redis_step = 1
|
||||
} else {
|
||||
$redis_step = 2
|
||||
}
|
||||
if $step >= $redis_step {
|
||||
if $enable_internal_tls {
|
||||
if !$redis_network {
|
||||
fail('redis_network is not set in the hieradata.')
|
||||
}
|
||||
if !$tls_proxy_bind_ip {
|
||||
fail('tls_proxy_bind_ip is not set in the hieradata.')
|
||||
}
|
||||
if !$tls_proxy_fqdn {
|
||||
fail('tls_proxy_fqdn is required if internal TLS is enabled.')
|
||||
}
|
||||
$tls_certfile = $certificate_specs['service_certificate']
|
||||
$tls_keyfile = $certificate_specs['service_key']
|
||||
|
||||
include tripleo::stunnel
|
||||
|
||||
tripleo::stunnel::service_proxy { 'redis':
|
||||
accept_host => $tls_proxy_bind_ip,
|
||||
accept_port => $tls_proxy_port,
|
||||
connect_host => $tls_tunnel_local_name,
|
||||
connect_port => $tls_proxy_port,
|
||||
certificate => $tls_certfile,
|
||||
key => $tls_keyfile,
|
||||
notify => Class['redis'],
|
||||
}
|
||||
}
|
||||
|
||||
include redis
|
||||
}
|
||||
}
|
@ -1,139 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::designate
|
||||
#
|
||||
# Designate server profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step of the deployment
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
# [*oslomsg_rpc_proto*]
|
||||
# Protocol driver for the oslo messaging rpc service
|
||||
# Defaults to lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit')
|
||||
#
|
||||
# [*oslomsg_rpc_hosts*]
|
||||
# list of the oslo messaging rpc host fqdns
|
||||
# Defaults to any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef))
|
||||
#
|
||||
# [*oslomsg_rpc_port*]
|
||||
# IP port for oslo messaging rpc service
|
||||
# Defaults to lookup('oslo_messaging_rpc_port', undef, undef, '5672')
|
||||
#
|
||||
# [*oslomsg_rpc_username*]
|
||||
# Username for oslo messaging rpc service
|
||||
# Defaults to lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest')
|
||||
#
|
||||
# [*oslomsg_rpc_password*]
|
||||
# Password for oslo messaging rpc service
|
||||
# Defaults to lookup('oslo_messaging_rpc_password')
|
||||
#
|
||||
# [*oslomsg_rpc_use_ssl*]
|
||||
# Enable ssl oslo messaging services
|
||||
# Defaults to lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0')
|
||||
#
|
||||
# [*oslomsg_notify_proto*]
|
||||
# Protocol driver for the oslo messaging notify service
|
||||
# Defaults to lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit')
|
||||
#
|
||||
# [*oslomsg_notify_hosts*]
|
||||
# list of the oslo messaging notify host fqdns
|
||||
# Defaults to any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef))
|
||||
#
|
||||
# [*oslomsg_notify_port*]
|
||||
# IP port for oslo messaging notify service
|
||||
# Defaults to lookup('oslo_messaging_notify_port', undef, undef, '5672')
|
||||
#
|
||||
# [*oslomsg_notify_username*]
|
||||
# Username for oslo messaging notify service
|
||||
# Defaults to lookup('oslo_messaging_notify_user_name', undef, undef, 'guest')
|
||||
#
|
||||
# [*oslomsg_notify_password*]
|
||||
# Password for oslo messaging notify service
|
||||
# Defaults to lookup('oslo_messaging_notify_password')
|
||||
#
|
||||
# [*oslomsg_notify_use_ssl*]
|
||||
# Enable ssl oslo messaging services
|
||||
# Defaults to lookup('oslo_messaging_notify_use_ssl', undef, undef, '0')
|
||||
#
|
||||
# [* DEPRECATED PARAMETERS *]
|
||||
#
|
||||
# [*rndc_host*]
|
||||
# The address on which rndc should listen
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*rndc_port*]
|
||||
# The port on which rndc should listen
|
||||
# Defaults undef
|
||||
#
|
||||
# [*rndc_keys*]
|
||||
# A list of keys that rndc should accept
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*rndc_allowed_addresses*]
|
||||
# A list of addresses that are allowed to send rndc commands
|
||||
# Defaults to undef
|
||||
#
|
||||
class tripleo::profile::base::designate (
|
||||
$step = Integer(lookup('step')),
|
||||
$oslomsg_rpc_proto = lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'),
|
||||
$oslomsg_rpc_hosts = any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)),
|
||||
$oslomsg_rpc_password = lookup('oslo_messaging_rpc_password'),
|
||||
$oslomsg_rpc_port = lookup('oslo_messaging_rpc_port', undef, undef, '5672'),
|
||||
$oslomsg_rpc_username = lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest'),
|
||||
$oslomsg_rpc_use_ssl = lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0'),
|
||||
$oslomsg_notify_proto = lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit'),
|
||||
$oslomsg_notify_hosts = any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)),
|
||||
$oslomsg_notify_password = lookup('oslo_messaging_notify_password'),
|
||||
$oslomsg_notify_port = lookup('oslo_messaging_notify_port', undef, undef, '5672'),
|
||||
$oslomsg_notify_username = lookup('oslo_messaging_notify_user_name', undef, undef, 'guest'),
|
||||
$oslomsg_notify_use_ssl = lookup('oslo_messaging_notify_use_ssl', undef, undef, '0'),
|
||||
# DEPRECATED PARAMETERS
|
||||
$rndc_host = undef,
|
||||
$rndc_port = undef,
|
||||
$rndc_keys = undef,
|
||||
$rndc_allowed_addresses = undef,
|
||||
) {
|
||||
if $step >= 3 {
|
||||
$oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl)))
|
||||
$oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl)))
|
||||
class { 'designate' :
|
||||
default_transport_url => os_transport_url({
|
||||
'transport' => $oslomsg_rpc_proto,
|
||||
'hosts' => $oslomsg_rpc_hosts,
|
||||
'port' => $oslomsg_rpc_port,
|
||||
'username' => $oslomsg_rpc_username,
|
||||
'password' => $oslomsg_rpc_password,
|
||||
'ssl' => $oslomsg_rpc_use_ssl_real,
|
||||
}),
|
||||
notification_transport_url => os_transport_url({
|
||||
'transport' => $oslomsg_notify_proto,
|
||||
'hosts' => $oslomsg_notify_hosts,
|
||||
'port' => $oslomsg_notify_port,
|
||||
'username' => $oslomsg_notify_username,
|
||||
'password' => $oslomsg_notify_password,
|
||||
'ssl' => $oslomsg_notify_use_ssl_real,
|
||||
}),
|
||||
}
|
||||
if ($rndc_host or $rndc_allowed_addresses or $rndc_keys or $rndc_allowed_addresses) {
|
||||
warning('rndc/named configuration through puppet is no longer supported.')
|
||||
}
|
||||
include designate::config
|
||||
include designate::logging
|
||||
include designate::network_api::neutron
|
||||
}
|
||||
}
|
@ -1,105 +0,0 @@
|
||||
# Copyright 2017 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::designate::api
|
||||
#
|
||||
# Designate API server profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
# [*certificates_specs*]
|
||||
# (Optional) The specifications to give to certmonger for the certificate(s)
|
||||
# it will create.
|
||||
# Example with hiera:
|
||||
# apache_certificates_specs:
|
||||
# httpd-internal_api:
|
||||
# hostname: <overcloud controller fqdn>
|
||||
# service_certificate: <service certificate path>
|
||||
# service_key: <service key path>
|
||||
# principal: "haproxy/<overcloud controller fqdn>"
|
||||
# Defaults to lookup('apache_certificates_specs', undef, undef, {}).
|
||||
#
|
||||
# [*enable_internal_tls*]
|
||||
# (Optional) Whether TLS in the internal network is enabled or not.
|
||||
# Defaults to lookup('enable_internal_tls', undef, undef, false)
|
||||
#
|
||||
# [*designate_network*]
|
||||
# (Optional) The network name where the designate endpoint is listening on.
|
||||
# This is set by t-h-t.
|
||||
# Defaults to lookup('designate_api_network', undef, undef, undef)
|
||||
#
|
||||
# DEPRECATED PARAMETERS
|
||||
#
|
||||
# [*listen_ip*]
|
||||
# (Optional) The IP on which the API should listen. (now set by hiera via
|
||||
# designate::wsgi::apache)
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*listen_port*]
|
||||
# (Optional) The port on which the API should listen. (no longer needed,
|
||||
# listen port gets default value from designate::wsgi::apache)
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*configure_apache*]
|
||||
# (Optional) Whether apache is configured via puppet or not.
|
||||
# Defaults to lookup('configure_apache', undef, undef, true)
|
||||
#
|
||||
class tripleo::profile::base::designate::api (
|
||||
$step = Integer(lookup('step')),
|
||||
$certificates_specs = lookup('apache_certificates_specs', undef, undef, {}),
|
||||
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
|
||||
$designate_network = lookup('designate_api_network', undef, undef, undef),
|
||||
$listen_ip = undef,
|
||||
$listen_port = undef,
|
||||
$configure_apache = lookup('configure_apache', undef, undef, true),
|
||||
) {
|
||||
include tripleo::profile::base::designate
|
||||
include tripleo::profile::base::designate::authtoken
|
||||
|
||||
if $enable_internal_tls {
|
||||
if !$designate_network {
|
||||
fail('designate_api_network is not set in the hieradata.')
|
||||
}
|
||||
$tls_certfile = $certificates_specs["httpd-${designate_network}"]['service_certificate']
|
||||
$tls_keyfile = $certificates_specs["httpd-${designate_network}"]['service_key']
|
||||
} else {
|
||||
$tls_certfile = undef
|
||||
$tls_keyfile = undef
|
||||
}
|
||||
|
||||
if ($step >= 3) {
|
||||
# TODO: remove once the tripleo heat template changes merge
|
||||
if $listen_ip and $listen_port {
|
||||
$listen_uri = normalize_ip_for_uri($listen_ip)
|
||||
class { 'designate::api':
|
||||
listen => "${listen_uri}:${listen_port}"
|
||||
}
|
||||
} else {
|
||||
if $configure_apache {
|
||||
include tripleo::profile::base::apache
|
||||
class { 'designate::wsgi::apache':
|
||||
ssl_cert => $tls_certfile,
|
||||
ssl_key => $tls_keyfile
|
||||
}
|
||||
}
|
||||
include designate::api
|
||||
}
|
||||
include designate::healthcheck
|
||||
}
|
||||
}
|
@ -1,84 +0,0 @@
|
||||
# Copyright 2020 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::designate::authtoken
|
||||
#
|
||||
# Designate authtoken profile for TripleO
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
# [*memcached_hosts*]
|
||||
# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache.
|
||||
# Defaults to lookup('memcached_node_names', undef, undef, [])
|
||||
#
|
||||
# [*memcached_port*]
|
||||
# (Optional) Memcached port to use.
|
||||
# Defaults to lookup('memcached_authtoken_port', undef, undef, 11211)
|
||||
#
|
||||
# [*memcached_ipv6*]
|
||||
# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network.
|
||||
# Defaults to lookup('memcached_ipv6', undef, undef, false)
|
||||
#
|
||||
# [*security_strategy*]
|
||||
# (Optional) Memcached (authtoken) security strategy.
|
||||
# Defaults to lookup('memcached_authtoken_security_strategy', undef, undef, undef)
|
||||
#
|
||||
# [*secret_key*]
|
||||
# (Optional) Memcached (authtoken) secret key, used with security_strategy.
|
||||
# The key is hashed with a salt, to isolate services.
|
||||
# Defaults to lookup('memcached_authtoken_secret_key', undef, undef, undef)
|
||||
#
|
||||
# DEPRECATED PARAMETERS
|
||||
#
|
||||
# [*memcached_ips*]
|
||||
# (Optional) Array of ipv4 or ipv6 addresses for memcache.
|
||||
# Defaults to undef
|
||||
#
|
||||
class tripleo::profile::base::designate::authtoken (
|
||||
$step = Integer(lookup('step')),
|
||||
$memcached_hosts = lookup('memcached_node_names', undef, undef, []),
|
||||
$memcached_port = lookup('memcached_authtoken_port', undef, undef, 11211),
|
||||
$memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false),
|
||||
$security_strategy = lookup('memcached_authtoken_security_strategy', undef, undef, undef),
|
||||
$secret_key = lookup('memcached_authtoken_secret_key', undef, undef, undef),
|
||||
# DEPRECATED PARAMETERS
|
||||
$memcached_ips = undef
|
||||
) {
|
||||
$memcached_hosts_real = any2array(pick($memcached_ips, $memcached_hosts))
|
||||
|
||||
if $step >= 3 {
|
||||
if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 {
|
||||
$memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" }
|
||||
} else {
|
||||
$memcache_servers = suffix($memcached_hosts_real, ":${memcached_port}")
|
||||
}
|
||||
|
||||
if $secret_key {
|
||||
$hashed_secret_key = sha256("${secret_key}+designate")
|
||||
} else {
|
||||
$hashed_secret_key = undef
|
||||
}
|
||||
|
||||
class { 'designate::keystone::authtoken':
|
||||
memcached_servers => $memcache_servers,
|
||||
memcache_security_strategy => $security_strategy,
|
||||
memcache_secret_key => $hashed_secret_key,
|
||||
}
|
||||
}
|
||||
}
|
@ -1,43 +0,0 @@
|
||||
# Copyright 2021 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::designate::backend
|
||||
#
|
||||
# Designate backend profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
# [*backend*]
|
||||
# (Optional) Specify a backend used.
|
||||
# Defaults to lookup('designate_backend', undef, undef, 'bind9'),
|
||||
#
|
||||
class tripleo::profile::base::designate::backend (
|
||||
$step = Integer(lookup('step')),
|
||||
$backend = lookup('designate_backend', undef, undef, 'bind9'),
|
||||
) {
|
||||
if $step >= 4 {
|
||||
if $backend == 'bind9' {
|
||||
class{ 'designate::backend::bind9':
|
||||
configure_bind => false
|
||||
}
|
||||
} else {
|
||||
fail("${backend} is not supported by designate")
|
||||
}
|
||||
}
|
||||
}
|
@ -1,63 +0,0 @@
|
||||
# Copyright 2017 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::designate::central
|
||||
#
|
||||
# Designate Central profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*bootstrap_node*]
|
||||
# (Optional) The hostname of the node responsible for bootstrapping tasks
|
||||
# Defaults to lookup('designate_central_short_bootstrap_node_name', undef, undef, undef)
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
# DEPRECATED PARAMETERS
|
||||
#
|
||||
# [*pools_file_content*]
|
||||
# (Optional) The content of /etc/designate/pools.yaml
|
||||
# Defaults to the content of templates/designate/pools.yaml.erb
|
||||
#
|
||||
class tripleo::profile::base::designate::central (
|
||||
$bootstrap_node = lookup('designate_central_short_bootstrap_node_name', undef, undef, undef),
|
||||
$step = Integer(lookup('step')),
|
||||
# DEPRECATED PARAMETERS
|
||||
$pools_file_content = undef,
|
||||
) {
|
||||
if $bootstrap_node and $::hostname == downcase($bootstrap_node) {
|
||||
$sync_db = true
|
||||
} else {
|
||||
$sync_db = false
|
||||
}
|
||||
|
||||
if $pools_file_content {
|
||||
warning('pool file content is no longer manually configurable')
|
||||
}
|
||||
|
||||
include tripleo::profile::base::designate
|
||||
include tripleo::profile::base::designate::coordination
|
||||
|
||||
if ($step >= 4 or ($step >= 3 and $sync_db)) {
|
||||
class { 'designate::db':
|
||||
sync_db => $sync_db,
|
||||
}
|
||||
include designate::central
|
||||
include designate::quota
|
||||
include designate::network_api::neutron
|
||||
}
|
||||
}
|
@ -1,57 +0,0 @@
|
||||
# Copyright 2022 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::designate::coordination
|
||||
#
|
||||
# Designate Coordination profile for tripleo for setting coordination/redis
|
||||
# related configuration.
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
# [*designate_redis_password*]
|
||||
# (Optional) Password for the neutron redis user for the coordination url
|
||||
# Defaults to lookup('designate_redis_password', undef, undef, undef),
|
||||
#
|
||||
# [*redis_vip*]
|
||||
# (Optional) Redis ip address for the coordination url
|
||||
# Defaults to lookup('redis_vip', undef, undef, undef),
|
||||
#
|
||||
# [*enable_internal_tls*]
|
||||
# (Optional) Whether TLS in the internal network is enabled or not.
|
||||
# Defaults to lookup('enable_internal_tls', undef, undef, false)
|
||||
#
|
||||
class tripleo::profile::base::designate::coordination (
|
||||
$step = Integer(lookup('step')),
|
||||
$designate_redis_password = lookup('designate_redis_password', undef, undef, undef),
|
||||
$redis_vip = lookup('redis_vip', undef, undef, undef),
|
||||
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
|
||||
) {
|
||||
if $step >= 4 {
|
||||
if $redis_vip {
|
||||
if $enable_internal_tls {
|
||||
$tls_query_param = '?ssl=true'
|
||||
} else {
|
||||
$tls_query_param = ''
|
||||
}
|
||||
class { 'designate::coordination':
|
||||
backend_url => join(['redis://:', $designate_redis_password, '@', normalize_ip_for_uri($redis_vip), ':6379/', $tls_query_param])
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
@ -1,33 +0,0 @@
|
||||
# Copyright 2017 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::designate::mdns
|
||||
#
|
||||
# Designate MiniDNS profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
class tripleo::profile::base::designate::mdns (
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
include tripleo::profile::base::designate
|
||||
if $step >= 4 {
|
||||
include designate::mdns
|
||||
}
|
||||
}
|
@ -1,40 +0,0 @@
|
||||
# Copyright 2017 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::designate::producer
|
||||
#
|
||||
# Designate Producer profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
class tripleo::profile::base::designate::producer (
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
include tripleo::profile::base::designate
|
||||
include tripleo::profile::base::designate::coordination
|
||||
|
||||
if $step >= 4 {
|
||||
include designate::producer
|
||||
include designate::producer_task::delayed_notify
|
||||
include designate::producer_task::periodic_exists
|
||||
include designate::producer_task::periodic_secondary_refresh
|
||||
include designate::producer_task::worker_periodic_recovery
|
||||
include designate::producer_task::zone_purge
|
||||
}
|
||||
}
|
@ -1,33 +0,0 @@
|
||||
# Copyright 2017 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::designate::sink
|
||||
#
|
||||
# Designate Sink profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
class tripleo::profile::base::designate::sink (
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
include tripleo::profile::base::designate
|
||||
if $step >= 4 {
|
||||
include designate::sink
|
||||
}
|
||||
}
|
@ -1,45 +0,0 @@
|
||||
# Copyright 2017 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::designate::worker
|
||||
#
|
||||
# Designate Worker profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
# DEPRECATED PARAMETERS
|
||||
#
|
||||
# [*rndc_key*]
|
||||
# (Optional) The base64-encoded key secret for /etc/rndc.key.
|
||||
# Defaults to lookup('designate_rndc_key', undef, undef, false)
|
||||
#
|
||||
class tripleo::profile::base::designate::worker (
|
||||
$step = Integer(lookup('step')),
|
||||
# DEPRECATED PARAMETERS
|
||||
$rndc_key = lookup('designate_rndc_key', undef, undef, false),
|
||||
) {
|
||||
include tripleo::profile::base::designate
|
||||
|
||||
if $step >= 4 {
|
||||
if $rndc_key {
|
||||
warning('Configuring rndc keys through puppet has been deprecated')
|
||||
}
|
||||
include designate::worker
|
||||
}
|
||||
}
|
@ -1,98 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::etcd
|
||||
#
|
||||
# etcd profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*bind_ip*]
|
||||
# (optional) IP to bind etcd service to.
|
||||
# Defaults to '127.0.0.1'.
|
||||
#
|
||||
# [*client_port*]
|
||||
# (optional) etcd client listening port.
|
||||
# Defaults to '2379'.
|
||||
#
|
||||
# [*peer_port*]
|
||||
# (optional) etcd peer listening port.
|
||||
# Defaults to '2380'.
|
||||
#
|
||||
# [*nodes*]
|
||||
# (Optional) Array of host(s) for etcd nodes.
|
||||
# Defaults to lookup('etcd_node_ips', undef, undef, []).
|
||||
#
|
||||
# [*certificate_specs*]
|
||||
# (Optional) The specifications to give to certmonger for the certificate
|
||||
# it will create. Note that the certificate nickname must be 'etcd' in
|
||||
# the case of this service.
|
||||
# Example with hiera:
|
||||
# tripleo::profile::base::etcd::certificate_specs:
|
||||
# hostname: <overcloud controller fqdn>
|
||||
# service_certificate: <service certificate path>
|
||||
# service_key: <service key path>
|
||||
# principal: "etcd/<overcloud controller fqdn>"
|
||||
# Defaults to {}.
|
||||
#
|
||||
# [*enable_internal_tls*]
|
||||
# (Optional) Whether TLS in the internal network is enabled or not.
|
||||
# Defaults to lookup('enable_internal_tls', undef, undef, false)
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
class tripleo::profile::base::etcd (
|
||||
$bind_ip = '127.0.0.1',
|
||||
$client_port = '2379',
|
||||
$peer_port = '2380',
|
||||
$nodes = lookup('etcd_node_names', undef, undef, []),
|
||||
$certificate_specs = {},
|
||||
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
|
||||
validate_legacy(Hash, 'validate_hash', $certificate_specs)
|
||||
|
||||
if $enable_internal_tls {
|
||||
$tls_certfile = $certificate_specs['service_certificate']
|
||||
$tls_keyfile = $certificate_specs['service_key']
|
||||
$protocol = 'https'
|
||||
} else {
|
||||
$tls_certfile = undef
|
||||
$tls_keyfile = undef
|
||||
$protocol = 'http'
|
||||
}
|
||||
|
||||
if $step >= 2 {
|
||||
$bind_ip_normalized = normalize_ip_for_uri($bind_ip)
|
||||
|
||||
class {'etcd':
|
||||
listen_client_urls => "${protocol}://${bind_ip_normalized}:${client_port}",
|
||||
advertise_client_urls => "${protocol}://${bind_ip_normalized}:${client_port}",
|
||||
listen_peer_urls => "${protocol}://${bind_ip_normalized}:${peer_port}",
|
||||
initial_advertise_peer_urls => "${protocol}://${bind_ip_normalized}:${peer_port}",
|
||||
initial_cluster => regsubst($nodes, '.+', "\\0=${protocol}://\\0:${peer_port}"),
|
||||
proxy => 'off',
|
||||
cert_file => $tls_certfile,
|
||||
key_file => $tls_keyfile,
|
||||
client_cert_auth => $enable_internal_tls,
|
||||
peer_cert_file => $tls_certfile,
|
||||
peer_key_file => $tls_keyfile,
|
||||
peer_client_cert_auth => $enable_internal_tls,
|
||||
}
|
||||
}
|
||||
}
|
@ -1,317 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::glance::api
|
||||
#
|
||||
# Glance API profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*bootstrap_node*]
|
||||
# (Optional) The hostname of the node responsible for bootstrapping tasks
|
||||
# Defaults to lookup('glance_api_short_bootstrap_node_name', undef, undef, undef)
|
||||
#
|
||||
# [*certificates_specs*]
|
||||
# (Optional) The specifications to give to certmonger for the certificate(s)
|
||||
# it will create.
|
||||
# Example with hiera:
|
||||
# apache_certificates_specs:
|
||||
# httpd-internal_api:
|
||||
# hostname: <overcloud controller fqdn>
|
||||
# service_certificate: <service certificate path>
|
||||
# service_key: <service key path>
|
||||
# principal: "haproxy/<overcloud controller fqdn>"
|
||||
# Defaults to lookup('apache_certificates_specs', undef, undef, {}).
|
||||
#
|
||||
# [*enable_internal_tls*]
|
||||
# (Optional) Whether TLS in the internal network is enabled or not.
|
||||
# Defaults to lookup('enable_internal_tls', undef, undef, false)
|
||||
#
|
||||
# [*glance_backend*]
|
||||
# (Optional) Default glance backend type.
|
||||
# Defaults to downcase(lookup('glance_backend', undef, undef, 'swift'))
|
||||
#
|
||||
# [*glance_backend_id*]
|
||||
# (Optional) Default glance backend identifier.
|
||||
# Defaults to 'default_backend'
|
||||
#
|
||||
# [*glance_network*]
|
||||
# (Optional) The network name where the glance endpoint is listening on.
|
||||
# This is set by t-h-t.
|
||||
# Defaults to lookup('glance_api_network', undef, undef, undef)
|
||||
#
|
||||
# [*bind_port*]
|
||||
# (optional) The port the server should bind to.
|
||||
# Default: 9292
|
||||
#
|
||||
# [*log_dir*]
|
||||
# (Optional) Directory where logs should be stored.
|
||||
# If set to $::os_service_default, it will not log to any directory.
|
||||
# Defaults to '/var/log/glance'.
|
||||
#
|
||||
# [*log_file*]
|
||||
# (Optional) File where logs should be stored.
|
||||
# If set to $::os_service_default, it will not log to any file.
|
||||
# Defaults to '/var/log/glance/api.log'.
|
||||
#
|
||||
# [*show_image_direct_url*]
|
||||
# (optional) Expose image location to trusted clients.
|
||||
# Defaults to false
|
||||
#
|
||||
# [*show_multiple_locations*]
|
||||
# (optional) Whether to include the backend image locations in image
|
||||
# properties.
|
||||
# Defaults to false
|
||||
#
|
||||
# [*multistore_config*]
|
||||
# (Optional) Hash of settings for configuring additional glance-api backends.
|
||||
# Defaults to {}
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
# [*oslomsg_rpc_proto*]
|
||||
# Protocol driver for the oslo messaging rpc service
|
||||
# Defaults to lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit')
|
||||
#
|
||||
# [*oslomsg_rpc_hosts*]
|
||||
# list of the oslo messaging rpc host fqdns
|
||||
# Defaults to any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef))
|
||||
#
|
||||
# [*oslomsg_rpc_port*]
|
||||
# IP port for oslo messaging rpc service
|
||||
# Defaults to lookup('oslo_messaging_rpc_port', undef, undef, '5672')
|
||||
#
|
||||
# [*oslomsg_rpc_username*]
|
||||
# Username for oslo messaging rpc service
|
||||
# Defaults to lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest')
|
||||
#
|
||||
# [*oslomsg_rpc_password*]
|
||||
# Password for oslo messaging rpc service
|
||||
# Defaults to lookup('oslo_messaging_rpc_password')
|
||||
#
|
||||
# [*oslomsg_rpc_use_ssl*]
|
||||
# Enable ssl oslo messaging services
|
||||
# Defaults to lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0')
|
||||
#
|
||||
# [*oslomsg_notify_proto*]
|
||||
# Protocol driver for the oslo messaging notify service
|
||||
# Defaults to lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit')
|
||||
#
|
||||
# [*oslomsg_notify_hosts*]
|
||||
# list of the oslo messaging notify host fqdns
|
||||
# Defaults to any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef))
|
||||
#
|
||||
# [*oslomsg_notify_port*]
|
||||
# IP port for oslo messaging notify service
|
||||
# Defaults to lookup('oslo_messaging_notify_port', undef, undef, '5672')
|
||||
#
|
||||
# [*oslomsg_notify_username*]
|
||||
# Username for oslo messaging notify service
|
||||
# Defaults to lookup('oslo_messaging_notify_user_name', undef, undef, 'guest')
|
||||
#
|
||||
# [*oslomsg_notify_password*]
|
||||
# Password for oslo messaging notify service
|
||||
# Defaults to lookup('oslo_messaging_notify_password')
|
||||
#
|
||||
# [*oslomsg_notify_use_ssl*]
|
||||
# Enable ssl oslo messaging services
|
||||
# Defaults to lookup('oslo_messaging_notify_use_ssl', undef, undef, '0')
|
||||
#
|
||||
# [*tls_proxy_bind_ip*]
|
||||
# IP on which the TLS proxy will listen on. Required only if
|
||||
# enable_internal_tls is set.
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*tls_proxy_fqdn*]
|
||||
# fqdn on which the tls proxy will listen on. required only used if
|
||||
# enable_internal_tls is set.
|
||||
# defaults to undef
|
||||
#
|
||||
# [*tls_proxy_port*]
|
||||
# port on which the tls proxy will listen on. Only used if
|
||||
# enable_internal_tls is set.
|
||||
# defaults to 9292
|
||||
#
|
||||
# [*glance_enable_db_purge*]
|
||||
# (optional) Whether to enable db purging
|
||||
# defaults to true
|
||||
#
|
||||
# [*glance_enable_cache*]
|
||||
# (optional) Whether to enable caching
|
||||
# defaults to false
|
||||
#
|
||||
# [*configure_apache*]
|
||||
# (Optional) Whether apache is configured via puppet or not.
|
||||
# Defaults to lookup('configure_apache', undef, undef, true)
|
||||
#
|
||||
# DEPRECATED PARAMETERS
|
||||
#
|
||||
# [*glance_rbd_client_name*]
|
||||
# (optional) Deprecated. RBD client name
|
||||
# Defaults to undef
|
||||
#
|
||||
class tripleo::profile::base::glance::api (
|
||||
$bootstrap_node = lookup('glance_api_short_bootstrap_node_name', undef, undef, undef),
|
||||
$certificates_specs = lookup('apache_certificates_specs', undef, undef, {}),
|
||||
$enable_internal_tls = lookup('enable_internal_tls', undef, undef, false),
|
||||
$glance_backend = downcase(lookup('glance_backend', undef, undef, 'swift')),
|
||||
$glance_backend_id = 'default_backend',
|
||||
$glance_network = lookup('glance_api_network', undef, undef, undef),
|
||||
$bind_port = 9292,
|
||||
$log_dir = '/var/log/glance',
|
||||
$log_file = '/var/log/glance/api.log',
|
||||
$show_image_direct_url = false,
|
||||
$show_multiple_locations = false,
|
||||
$multistore_config = {},
|
||||
$step = Integer(lookup('step')),
|
||||
$oslomsg_rpc_proto = lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'),
|
||||
$oslomsg_rpc_hosts = any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)),
|
||||
$oslomsg_rpc_password = lookup('oslo_messaging_rpc_password'),
|
||||
$oslomsg_rpc_port = lookup('oslo_messaging_rpc_port', undef, undef, '5672'),
|
||||
$oslomsg_rpc_username = lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest'),
|
||||
$oslomsg_rpc_use_ssl = lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0'),
|
||||
$oslomsg_notify_proto = lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit'),
|
||||
$oslomsg_notify_hosts = any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)),
|
||||
$oslomsg_notify_password = lookup('oslo_messaging_notify_password'),
|
||||
$oslomsg_notify_port = lookup('oslo_messaging_notify_port', undef, undef, '5672'),
|
||||
$oslomsg_notify_username = lookup('oslo_messaging_notify_user_name', undef, undef, 'guest'),
|
||||
$oslomsg_notify_use_ssl = lookup('oslo_messaging_notify_use_ssl', undef, undef, '0'),
|
||||
$tls_proxy_bind_ip = undef,
|
||||
$tls_proxy_fqdn = undef,
|
||||
$tls_proxy_port = 9292,
|
||||
$glance_enable_db_purge = true,
|
||||
$glance_enable_cache = false,
|
||||
$configure_apache = lookup('configure_apache', undef, undef, true),
|
||||
# DEPRECATED PARAMETERS
|
||||
$glance_rbd_client_name = undef,
|
||||
) {
|
||||
if $bootstrap_node and $::hostname == downcase($bootstrap_node) {
|
||||
$sync_db = true
|
||||
} else {
|
||||
$sync_db = false
|
||||
}
|
||||
|
||||
include tripleo::profile::base::glance::authtoken
|
||||
|
||||
if $step >= 4 or ($step >= 3 and $sync_db) {
|
||||
if $enable_internal_tls {
|
||||
if !$glance_network {
|
||||
fail('glance_api_network is not set in the hieradata.')
|
||||
}
|
||||
if !$tls_proxy_bind_ip {
|
||||
fail('glance_api_tls_proxy_bind_ip is not set in the hieradata.')
|
||||
}
|
||||
if !$tls_proxy_fqdn {
|
||||
fail('tls_proxy_fqdn is required if internal TLS is enabled.')
|
||||
}
|
||||
$tls_certfile = $certificates_specs["httpd-${glance_network}"]['service_certificate']
|
||||
$tls_keyfile = $certificates_specs["httpd-${glance_network}"]['service_key']
|
||||
|
||||
if $configure_apache {
|
||||
tripleo::tls_proxy { 'glance-api':
|
||||
servername => $tls_proxy_fqdn,
|
||||
ip => $tls_proxy_bind_ip,
|
||||
port => $tls_proxy_port,
|
||||
tls_cert => $tls_certfile,
|
||||
tls_key => $tls_keyfile,
|
||||
notify => Class['glance::api'],
|
||||
}
|
||||
include tripleo::profile::base::apache
|
||||
}
|
||||
}
|
||||
|
||||
$multistore_backends = $multistore_config.map |$backend_config| {
|
||||
unless has_key($backend_config[1], 'GlanceBackend') {
|
||||
fail("multistore_config '${backend_config[0]}' does not specify a glance_backend.")
|
||||
}
|
||||
"${backend_config[0]}:${backend_config[1]['GlanceBackend']}"
|
||||
}
|
||||
|
||||
$enabled_backends = ["${glance_backend_id}:${glance_backend}"] + $multistore_backends
|
||||
|
||||
include glance
|
||||
include glance::config
|
||||
include glance::healthcheck
|
||||
include glance::api::db
|
||||
class { 'glance::api::logging':
|
||||
log_dir => $log_dir,
|
||||
log_file => $log_file,
|
||||
}
|
||||
class { 'glance::api':
|
||||
bind_port => $bind_port,
|
||||
enabled_backends => $enabled_backends,
|
||||
default_backend => $glance_backend_id,
|
||||
show_image_direct_url => $show_image_direct_url,
|
||||
show_multiple_locations => $show_multiple_locations,
|
||||
sync_db => $sync_db,
|
||||
}
|
||||
include glance::key_manager
|
||||
include glance::key_manager::barbican
|
||||
|
||||
['cinder', 'file', 'rbd', 'swift'].each |String $backend_type| {
|
||||
|
||||
# Generate a list of backend names for a given backend type
|
||||
$backend_names = $enabled_backends.reduce([]) |$accum, String $backend| {
|
||||
$backend_info = $backend.split(':')
|
||||
if $backend_info[1] == $backend_type {
|
||||
$accum << $backend_info[0]
|
||||
} else {
|
||||
$accum
|
||||
}
|
||||
}
|
||||
|
||||
unless empty($backend_names) {
|
||||
class { "tripleo::profile::base::glance::backend::${backend_type}":
|
||||
backend_names => $backend_names,
|
||||
multistore_config => $multistore_config,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl)))
|
||||
$oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl)))
|
||||
class { 'glance::notify::rabbitmq' :
|
||||
default_transport_url => os_transport_url({
|
||||
'transport' => $oslomsg_rpc_proto,
|
||||
'hosts' => $oslomsg_rpc_hosts,
|
||||
'port' => $oslomsg_rpc_port,
|
||||
'username' => $oslomsg_rpc_username,
|
||||
'password' => $oslomsg_rpc_password,
|
||||
'ssl' => $oslomsg_rpc_use_ssl_real,
|
||||
}),
|
||||
notification_transport_url => os_transport_url({
|
||||
'transport' => $oslomsg_notify_proto,
|
||||
'hosts' => $oslomsg_notify_hosts,
|
||||
'port' => $oslomsg_notify_port,
|
||||
'username' => $oslomsg_notify_username,
|
||||
'password' => $oslomsg_notify_password,
|
||||
'ssl' => $oslomsg_notify_use_ssl_real,
|
||||
}),
|
||||
}
|
||||
}
|
||||
|
||||
if $step >= 5 {
|
||||
if $glance_enable_db_purge {
|
||||
include glance::cron::db_purge
|
||||
}
|
||||
if $glance_enable_cache {
|
||||
include glance::cache::cleaner
|
||||
include glance::cache::pruner
|
||||
}
|
||||
}
|
||||
|
||||
}
|
@ -1,84 +0,0 @@
|
||||
# Copyright 2019 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::glance::authtoken
|
||||
#
|
||||
# Glance authtoken profile for TripleO
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
# [*memcached_hosts*]
|
||||
# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache.
|
||||
# Defaults to lookup('memcached_node_names', undef, undef, [])
|
||||
#
|
||||
# [*memcached_port*]
|
||||
# (Optional) Memcached port to use.
|
||||
# Defaults to lookup('memcached_authtoken_port', undef, undef, 11211)
|
||||
#
|
||||
# [*memcached_ipv6*]
|
||||
# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network.
|
||||
# Defaults to lookup('memcached_ipv6', undef, undef, false)
|
||||
#
|
||||
# [*security_strategy*]
|
||||
# (Optional) Memcached (authtoken) security strategy.
|
||||
# Defaults to lookup('memcached_authtoken_security_strategy', undef, undef, undef)
|
||||
#
|
||||
# [*secret_key*]
|
||||
# (Optional) Memcached (authtoken) secret key, used with security_strategy.
|
||||
# The key is hashed with a salt, to isolate services.
|
||||
# Defaults to lookup('memcached_authtoken_secret_key', undef, undef, undef)
|
||||
#
|
||||
# DEPRECATED PARAMETERS
|
||||
#
|
||||
# [*memcached_ips*]
|
||||
# (Optional) Array of ipv4 or ipv6 addresses for memcache.
|
||||
# Defaults to undef
|
||||
#
|
||||
class tripleo::profile::base::glance::authtoken (
|
||||
$step = Integer(lookup('step')),
|
||||
$memcached_hosts = lookup('memcached_node_names', undef, undef, []),
|
||||
$memcached_port = lookup('memcached_authtoken_port', undef, undef, 11211),
|
||||
$memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false),
|
||||
$security_strategy = lookup('memcached_authtoken_security_strategy', undef, undef, undef),
|
||||
$secret_key = lookup('memcached_authtoken_secret_key', undef, undef, undef),
|
||||
# DEPRECATED PARAMETERS
|
||||
$memcached_ips = undef
|
||||
) {
|
||||
$memcached_hosts_real = any2array(pick($memcached_ips, $memcached_hosts))
|
||||
|
||||
if $step >= 3 {
|
||||
if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 {
|
||||
$memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" }
|
||||
} else {
|
||||
$memcache_servers = suffix($memcached_hosts_real, ":${memcached_port}")
|
||||
}
|
||||
|
||||
if $secret_key {
|
||||
$hashed_secret_key = sha256("${secret_key}+glance")
|
||||
} else {
|
||||
$hashed_secret_key = undef
|
||||
}
|
||||
|
||||
class { 'glance::api::authtoken':
|
||||
memcached_servers => $memcache_servers,
|
||||
memcache_security_strategy => $security_strategy,
|
||||
memcache_secret_key => $hashed_secret_key,
|
||||
}
|
||||
}
|
||||
}
|
@ -1,146 +0,0 @@
|
||||
# Copyright 2020 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::glance::backend::cinder
|
||||
#
|
||||
# Glance API cinder backend configuration for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*backend_names*]
|
||||
# Array of cinder store backend names.
|
||||
#
|
||||
# [*multistore_config*]
|
||||
# (Optional) Hash containing multistore data for configuring multiple backends.
|
||||
# Defaults to {}
|
||||
#
|
||||
# [*cinder_ca_certificates_file*]
|
||||
# (Optional) Location of ca certificate file to use for cinder client requests.
|
||||
# Defaults to lookup('glance::backend::cinder::cinder_ca_certificates_file', undef, undef, undef).
|
||||
#
|
||||
# [*cinder_api_insecure*]
|
||||
# (Optional) Allow to perform insecure SSL requests to cinder.
|
||||
# Defaults to lookup('glance::backend::cinder::cinder_api_insecure', undef, undef, undef).
|
||||
#
|
||||
# [*cinder_catalog_info*]
|
||||
# (Optional) Info to match when looking for cinder in the service catalog.
|
||||
# Defaults to lookup('glance::backend::cinder::cinder_catalog_info', undef, undef, undef).
|
||||
#
|
||||
# [*cinder_endpoint_template*]
|
||||
# (Optional) Override service catalog lookup with template for cinder endpoint.
|
||||
# Defaults to lookup('glance::backend::cinder::cinder_endpoint_template', undef, undef, undef).
|
||||
#
|
||||
# [*cinder_http_retries*]
|
||||
# (Optional) Number of cinderclient retries on failed http calls.
|
||||
# Defaults to lookup('glance::backend::cinder::cinder_http_retries', undef, undef, undef).
|
||||
#
|
||||
# [*cinder_store_auth_address*]
|
||||
# (Optional) A valid authentication service address.
|
||||
# Defaults to lookup('glance::backend::cinder::cinder_store_auth_address', undef, undef, undef).
|
||||
#
|
||||
# [*cinder_store_project_name*]
|
||||
# (Optional) Project name where the image volume is stored in cinder.
|
||||
# Defaults to lookup('glance::backend::cinder::cinder_store_project_name', undef, undef, undef).
|
||||
#
|
||||
# [*cinder_store_user_name*]
|
||||
# (Optional) User name to authenticate against cinder.
|
||||
# Defaults to lookup('glance::backend::cinder::cinder_store_user_name', undef, undef, undef)
|
||||
#
|
||||
# [*cinder_store_password*]
|
||||
# (Optional) A valid password for the user specified by `cinder_store_user_name'
|
||||
# Defaults to lookup('glance::backend::cinder::cinder_store_password', undef, undef, undef)
|
||||
#
|
||||
# [*cinder_os_region_name*]
|
||||
# (optional) Sets the keystone region to use.
|
||||
# Defaults to lookup('glance::backend::cinder::cinder_os_region_name', undef, undef, undef)
|
||||
#
|
||||
# [*cinder_enforce_multipath*]
|
||||
# (Optional) Set to True when multipathd is enabled
|
||||
# Defaults to lookup('glance::backend::cinder::cinder_enforce_multipath', undef, undef, undef)
|
||||
#
|
||||
# [*cinder_use_multipath*]
|
||||
# (Optional) Set to True when multipathd is enabled
|
||||
# Defaults to lookup('glance::backend::cinder::cinder_use_multipath', undef, undef, undef)
|
||||
#
|
||||
# [*cinder_mount_point_base*]
|
||||
# (Optional) Directory where the NFS volume is mounted on the glance node.
|
||||
# Defaults to lookup('glance::backend::cinder::cinder_mount_point_base', undef, undef, undef)
|
||||
#
|
||||
# [*cinder_volume_type*]
|
||||
# (Optional) The volume type to be used to create image volumes in cinder.
|
||||
# Defaults to lookup('glance::backend::cinder::cinder_volume_type', undef, undef, undef)
|
||||
#
|
||||
# [*store_description*]
|
||||
# (Optional) Provides constructive information about the store backend to
|
||||
# end users.
|
||||
# Defaults to lookup('tripleo::profile::base::glance::api::glance_store_description', undef, undef, 'Cinder store').
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
class tripleo::profile::base::glance::backend::cinder (
|
||||
$backend_names,
|
||||
$multistore_config = {},
|
||||
$cinder_ca_certificates_file = lookup('glance::backend::cinder::cinder_ca_certificates_file', undef, undef, undef),
|
||||
$cinder_api_insecure = lookup('glance::backend::cinder::cinder_api_insecure', undef, undef, undef),
|
||||
$cinder_catalog_info = lookup('glance::backend::cinder::cinder_catalog_info', undef, undef, undef),
|
||||
$cinder_endpoint_template = lookup('glance::backend::cinder::cinder_endpoint_template', undef, undef, undef),
|
||||
$cinder_http_retries = lookup('glance::backend::cinder::cinder_http_retries', undef, undef, undef),
|
||||
$cinder_store_auth_address = lookup('glance::backend::cinder::cinder_store_auth_address', undef, undef, undef),
|
||||
$cinder_store_project_name = lookup('glance::backend::cinder::cinder_store_project_name', undef, undef, undef),
|
||||
$cinder_store_user_name = lookup('glance::backend::cinder::cinder_store_user_name', undef, undef, undef),
|
||||
$cinder_store_password = lookup('glance::backend::cinder::cinder_store_password', undef, undef, undef),
|
||||
$cinder_os_region_name = lookup('glance::backend::cinder::cinder_os_region_name', undef, undef, undef),
|
||||
$cinder_enforce_multipath = lookup('glance::backend::cinder::cinder_enforce_multipath', undef, undef, undef),
|
||||
$cinder_use_multipath = lookup('glance::backend::cinder::cinder_use_multipath', undef, undef, undef),
|
||||
$cinder_mount_point_base = lookup('glance::backend::cinder::cinder_mount_point_base', undef, undef, undef),
|
||||
$cinder_volume_type = lookup('glance::backend::cinder::cinder_volume_type', undef, undef, undef),
|
||||
$store_description = lookup('tripleo::profile::base::glance::api::glance_store_description', undef, undef, 'Cinder store'),
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
|
||||
|
||||
if $step >= 4 {
|
||||
$backend_names.each |String $backend_name| {
|
||||
$backend_config = pick($multistore_config[$backend_name], {})
|
||||
$store_description_real = pick($backend_config['GlanceStoreDescription'], $store_description)
|
||||
|
||||
if $backend_config['GlanceCinderVolumeType'] {
|
||||
$cinder_volume_type_real = $backend_config['GlanceCinderVolumeType']
|
||||
} else {
|
||||
$cinder_volume_type_real = $cinder_volume_type
|
||||
}
|
||||
|
||||
create_resources('glance::backend::multistore::cinder', { $backend_name => delete_undef_values({
|
||||
'cinder_api_insecure' => $cinder_api_insecure,
|
||||
'cinder_catalog_info' => $cinder_catalog_info,
|
||||
'cinder_http_retries' => $cinder_http_retries,
|
||||
'cinder_endpoint_template' => $cinder_endpoint_template,
|
||||
'cinder_ca_certificates_file' => $cinder_ca_certificates_file,
|
||||
'cinder_store_auth_address' => $cinder_store_auth_address,
|
||||
'cinder_store_project_name' => $cinder_store_project_name,
|
||||
'cinder_store_user_name' => $cinder_store_user_name,
|
||||
'cinder_store_password' => $cinder_store_password,
|
||||
'cinder_os_region_name' => $cinder_os_region_name,
|
||||
'cinder_enforce_multipath' => $cinder_enforce_multipath,
|
||||
'cinder_use_multipath' => $cinder_use_multipath,
|
||||
'cinder_mount_point_base' => $cinder_mount_point_base,
|
||||
'cinder_volume_type' => $cinder_volume_type_real,
|
||||
'store_description' => $store_description_real,
|
||||
})})
|
||||
}
|
||||
}
|
||||
}
|
@ -1,71 +0,0 @@
|
||||
# Copyright 2020 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::glance::backend::file
|
||||
#
|
||||
# Glance API file backend configuration for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*backend_names*]
|
||||
# Array of file store backend names.
|
||||
#
|
||||
# [*multistore_config*]
|
||||
# (Optional) Hash containing multistore data for configuring multiple backends.
|
||||
# Defaults to {}
|
||||
#
|
||||
# [*filesystem_store_datadir*]
|
||||
# (Optional) Location where dist images are stored when the backend type is file.
|
||||
# Defaults to lookup('glance::backend::file::filesystem_store_datadir', undef, undef, undef).
|
||||
#
|
||||
# [*filesystem_thin_provisioning*]
|
||||
# (Optional) Boolean describing if thin provisioning is enabled or not
|
||||
# Defaults to lookup('glance::backend::file::filesystem_thin_provisioning', undef, undef, undef).
|
||||
#
|
||||
# [*store_description*]
|
||||
# (Optional) Provides constructive information about the store backend to
|
||||
# end users.
|
||||
# Defaults to lookup('tripleo::profile::base::glance::api::glance_store_description', undef, undef, 'File store').
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
class tripleo::profile::base::glance::backend::file (
|
||||
$backend_names,
|
||||
$multistore_config = {},
|
||||
$filesystem_store_datadir = lookup('glance::backend::file::filesystem_store_datadir', undef, undef, undef),
|
||||
$filesystem_thin_provisioning = lookup('glance::backend::file::filesystem_thin_provisioning', undef, undef, undef),
|
||||
$store_description = lookup('tripleo::profile::base::glance::api::glance_store_description', undef, undef, 'File store'),
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
|
||||
if $backend_names.length() > 1 {
|
||||
fail('Multiple file backends are not supported.')
|
||||
}
|
||||
|
||||
if $step >= 4 {
|
||||
$backend_name = $backend_names[0]
|
||||
|
||||
$multistore_description = pick($multistore_config[$backend_name], {})['GlanceStoreDescription']
|
||||
$store_description_real = pick($multistore_description, $store_description)
|
||||
|
||||
create_resources('glance::backend::multistore::file', { $backend_name => delete_undef_values({
|
||||
'filesystem_store_datadir' => $filesystem_store_datadir,
|
||||
'filesystem_thin_provisioning' => $filesystem_thin_provisioning,
|
||||
'store_description' => $store_description_real,
|
||||
})})
|
||||
}
|
||||
}
|
@ -1,102 +0,0 @@
|
||||
# Copyright 2020 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::glance::backend::rbd
|
||||
#
|
||||
# Glance API rbd backend configuration for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*backend_names*]
|
||||
# Array of rbd store backend names.
|
||||
#
|
||||
# [*multistore_config*]
|
||||
# (Optional) Hash containing multistore data for configuring multiple backends.
|
||||
# Defaults to {}
|
||||
#
|
||||
# [*rbd_store_ceph_conf*]
|
||||
# (Optional) Ceph cluster config file.
|
||||
# Defaults to lookup('glance::backend::rbd::rbd_store_ceph_conf', undef, undef, '/etc/ceph/ceph.conf').
|
||||
#
|
||||
# [*rbd_store_user*]
|
||||
# (Optional) Ceph client username.
|
||||
# Defaults to lookup('glance::backend::rbd::rbd_store_user', undef, undef, 'openstack').
|
||||
#
|
||||
# [*rbd_store_pool*]
|
||||
# (Optional) Ceph pool for storing images.
|
||||
# Defaults to lookup('glance::backend::rbd::rbd_store_pool', undef, undef, 'images').
|
||||
#
|
||||
# [*rbd_store_chunk_size*]
|
||||
# (Optional) RBD chunk size.
|
||||
# Defaults to lookup('glance::backend::rbd::rbd_store_chunk_size', undef, undef, undef).
|
||||
#
|
||||
# [*rbd_thin_provisioning*]
|
||||
# (Optional) Boolean describing if thin provisioning is enabled or not
|
||||
# Defaults to lookup('glance::backend::rbd::rbd_thin_provisioning', undef, undef, undef).
|
||||
#
|
||||
# [*rados_connect_timeout*]
|
||||
# (Optional) RADOS connection timeout.
|
||||
# Defaults to lookup('glance::backend::rbd::rados_connect_timeout', undef, undef, undef).
|
||||
#
|
||||
# [*store_description*]
|
||||
# (Optional) Provides constructive information about the store backend to
|
||||
# end users.
|
||||
# Defaults to lookup('tripleo::profile::base::glance::api::glance_store_description', undef, undef, 'RBD store').
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to Integer(lookup('step'))
|
||||
#
|
||||
class tripleo::profile::base::glance::backend::rbd (
|
||||
$backend_names,
|
||||
$multistore_config = {},
|
||||
$rbd_store_ceph_conf = lookup('glance::backend::rbd::rbd_store_ceph_conf', undef, undef, '/etc/ceph/ceph.conf'),
|
||||
$rbd_store_user = lookup('glance::backend::rbd::rbd_store_user', undef, undef, 'openstack'),
|
||||
$rbd_store_pool = lookup('glance::backend::rbd::rbd_store_pool', undef, undef, 'images'),
|
||||
$rbd_store_chunk_size = lookup('glance::backend::rbd::rbd_store_chunk_size', undef, undef, undef),
|
||||
$rbd_thin_provisioning = lookup('glance::backend::rbd::rbd_thin_provisioning', undef, undef, undef),
|
||||
$rados_connect_timeout = lookup('glance::backend::rbd::rados_connect_timeout', undef, undef, undef),
|
||||
$store_description = lookup('tripleo::profile::base::glance::api::glance_store_description', undef, undef, 'RBD store'),
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
|
||||
if $step >= 4 {
|
||||
$backend_names.each |String $backend_name| {
|
||||
$backend_config = pick($multistore_config[$backend_name], {})
|
||||
|
||||
$rbd_store_user_real = pick($backend_config['CephClientUserName'], $rbd_store_user)
|
||||
$rbd_store_pool_real = pick($backend_config['GlanceRbdPoolName'], $rbd_store_pool)
|
||||
$store_description_real = pick($backend_config['GlanceStoreDescription'], $store_description)
|
||||
|
||||
$ceph_cluster_name = $backend_config['CephClusterName']
|
||||
|
||||
if $ceph_cluster_name {
|
||||
$rbd_store_ceph_conf_real = "/etc/ceph/${ceph_cluster_name}.conf"
|
||||
} else {
|
||||
$rbd_store_ceph_conf_real = $rbd_store_ceph_conf
|
||||
}
|
||||
|
||||
create_resources('glance::backend::multistore::rbd', { $backend_name => delete_undef_values({
|
||||
'rbd_store_ceph_conf' => $rbd_store_ceph_conf_real,
|
||||
'rbd_store_user' => $rbd_store_user_real,
|
||||
'rbd_store_pool' => $rbd_store_pool_real,
|
||||
'rbd_store_chunk_size' => $rbd_store_chunk_size,
|
||||
'rbd_thin_provisioning' => $rbd_thin_provisioning,
|
||||
'rados_connect_timeout' => $rados_connect_timeout,
|
||||
'store_description' => $store_description_real,
|
||||
})})
|
||||
}
|
||||
}
|
||||
}
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user