From 21eed9350afeeb56210923a1e9aa68d7eb8fc7e6 Mon Sep 17 00:00:00 2001 From: Giulio Fidente Date: Wed, 18 Mar 2015 14:57:56 -0400 Subject: [PATCH] Ensure all Rabbit params are propagated to interested nodes. Change-Id: I1bb8ee15d361638d77c5df7f8c03561c34f4c88f --- cinder-storage.yaml | 10 ++++++ compute.yaml | 10 ++++++ overcloud-without-mergepy.yaml | 7 +++- puppet/cinder-storage-puppet.yaml | 14 ++++++++ puppet/compute-puppet.yaml | 42 ++++++++++++++++++------ puppet/controller-puppet.yaml | 27 +++++++++++---- puppet/manifests/overcloud_controller.pp | 31 ++--------------- 7 files changed, 94 insertions(+), 47 deletions(-) diff --git a/cinder-storage.yaml b/cinder-storage.yaml index 895b9d5cff..7eab89a602 100644 --- a/cinder-storage.yaml +++ b/cinder-storage.yaml @@ -76,6 +76,16 @@ parameters: RabbitUserName: default: '' type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number SnmpdReadonlyUserName: default: ro_snmp_user description: The user name for SNMPd with readonly rights running on all Overcloud nodes diff --git a/compute.yaml b/compute.yaml index c776d9ddd8..1bc59e1423 100644 --- a/compute.yaml +++ b/compute.yaml @@ -222,6 +222,16 @@ parameters: default: guest description: The username for RabbitMQ type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number SnmpdReadonlyUserName: default: ro_snmp_user description: The user name for SNMPd with readonly rights running on all Overcloud nodes diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml index e3e3e936dc..7d484f8317 100644 --- a/overcloud-without-mergepy.yaml +++ b/overcloud-without-mergepy.yaml @@ -183,6 +183,7 @@ parameters: type: string default: unset description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change. + # FIXME: 'guest' is provisioned in RabbitMQ by default, we should create a user if these are changed RabbitUserName: default: guest description: The username for RabbitMQ @@ -571,8 +572,8 @@ resources: NovaPassword: {get_param: NovaPassword} NtpServer: {get_param: NtpServer} PublicVirtualInterface: {get_param: PublicVirtualInterface} - RabbitUserName: {get_param: RabbitUserName} RabbitPassword: {get_param: RabbitPassword} + RabbitUserName: {get_param: RabbitUserName} RabbitCookie: {get_attr: [RabbitCookie, value]} RabbitClientUseSSL: {get_param: RabbitClientUseSSL} RabbitClientPort: {get_param: RabbitClientPort} @@ -638,6 +639,8 @@ resources: RabbitHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} RabbitPassword: {get_param: RabbitPassword} RabbitUserName: {get_param: RabbitUserName} + RabbitClientUseSSL: {get_param: RabbitClientUseSSL} + RabbitClientPort: {get_param: RabbitClientPort} SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName} SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword} @@ -658,6 +661,8 @@ resources: Flavor: {get_param: OvercloudBlockStorageFlavor} RabbitPassword: {get_param: RabbitPassword} RabbitUserName: {get_param: RabbitUserName} + RabbitClientUseSSL: {get_param: RabbitClientUseSSL} + RabbitClientPort: {get_param: RabbitClientPort} NtpServer: {get_param: NtpServer} ObjectStorage: diff --git a/puppet/cinder-storage-puppet.yaml b/puppet/cinder-storage-puppet.yaml index 2f7a04c80f..104130b37b 100644 --- a/puppet/cinder-storage-puppet.yaml +++ b/puppet/cinder-storage-puppet.yaml @@ -76,6 +76,16 @@ parameters: RabbitUserName: default: '' type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number SnmpdReadonlyUserName: default: ro_snmp_user description: The user name for SNMPd with readonly rights running on all Overcloud nodes @@ -128,6 +138,8 @@ resources: host: {get_param: VirtualIP} rabbit_username: {get_param: RabbitUserName} rabbit_password: {get_param: RabbitPassword} + rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} + rabbit_client_port: {get_param: RabbitClientPort} ntp_servers: str_replace: template: '["server"]' @@ -162,6 +174,8 @@ resources: cinder::rabbit_hosts: {get_input: rabbit_hosts} cinder::rabbit_userid: {get_input: rabbit_username} cinder::rabbit_password: {get_input: rabbit_password} + cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} + cinder::rabbit_port: {get_input: rabbit_client_port} cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend} ntp::servers: {get_input: ntp_servers} enable_package_install: {get_input: enable_package_install} diff --git a/puppet/compute-puppet.yaml b/puppet/compute-puppet.yaml index c98d1b0e59..874afd7554 100644 --- a/puppet/compute-puppet.yaml +++ b/puppet/compute-puppet.yaml @@ -222,6 +222,16 @@ parameters: default: guest description: The username for RabbitMQ type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number SnmpdReadonlyUserName: default: ro_snmp_user description: The user name for SNMPd with readonly rights running on all Overcloud nodes @@ -287,6 +297,11 @@ resources: nova::compute::vncserver_proxyclient_address: local-ipv4 mapped_data: #nova::debug: {get_input: debug} + nova::rabbit_hosts: {get_input: rabbit_hosts} + nova::rabbit_userid: {get_input: rabbit_username} + nova::rabbit_password: {get_input: rabbit_password} + nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} + nova::rabbit_port: {get_input: rabbit_client_port} nova_compute_driver: {get_input: nova_compute_driver} nova::compute::libvirt::libvirt_virt_type: {get_input: nova_compute_libvirt_type} nova_api_host: {get_input: nova_api_host} @@ -294,6 +309,11 @@ resources: nova_enable_rbd_backend: {get_input: nova_enable_rbd_backend} nova_password: {get_input: nova_password} #ceilometer::debug: {get_input: debug} + ceilometer::rabbit_hosts: {get_input: rabbit_hosts} + ceilometer::rabbit_userid: {get_input: rabbit_username} + ceilometer::rabbit_password: {get_input: rabbit_password} + ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} + ceilometer::rabbit_port: {get_input: rabbit_client_port} ceilometer::metering_secret: {get_input: ceilometer_metering_secret} ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} ceilometer::agent::auth::auth_url: {get_input: ceilometer_agent_auth_url} @@ -302,6 +322,11 @@ resources: snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} nova::glance_api_servers: {get_input: glance_api_servers} #neutron::debug: {get_input: debug} + neutron::rabbit_hosts: {get_input: rabbit_hosts} + neutron::rabbit_password: {get_input: rabbit_password} + neutron::rabbit_user: {get_input: rabbit_user} + neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} + neutron::rabbit_port: {get_input: rabbit_client_port} neutron_flat_networks: {get_input: neutron_flat_networks} neutron_host: {get_input: neutron_host} neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip} @@ -323,15 +348,6 @@ resources: neutron_allow_l3agent_failover: {get_input: neutron_allow_l3agent_failover} neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device} admin_password: {get_input: admin_password} - nova::rabbit_host: {get_input: rabbit_host} - neutron::rabbit_host: {get_input: rabbit_host} - ceilometer::rabbit_host: {get_input: rabbit_host} - nova::rabbit_userid: {get_input: rabbit_username} - neutron::rabbit_user: {get_input: rabbit_username} - ceilometer::rabbit_userid: {get_input: rabbit_username} - nova::rabbit_password: {get_input: rabbit_password} - neutron::rabbit_password: {get_input: rabbit_password} - ceilometer::rabbit_password: {get_input: rabbit_password} ntp::servers: {get_input: ntp_servers} enable_package_install: {get_input: enable_package_install} @@ -398,9 +414,15 @@ resources: - {get_param: NeutronHost} - ':35357/v2.0' admin_password: {get_param: AdminPassword} - rabbit_host: {get_param: RabbitHost} + rabbit_hosts: + str_replace: + template: '["host"]' + params: + host: {get_param: RabbitHost} rabbit_username: {get_param: RabbitUserName} rabbit_password: {get_param: RabbitPassword} + rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} + rabbit_client_port: {get_param: RabbitClientPort} ntp_servers: str_replace: template: '["server"]' diff --git a/puppet/controller-puppet.yaml b/puppet/controller-puppet.yaml index 0c623aafd6..a2377db32f 100644 --- a/puppet/controller-puppet.yaml +++ b/puppet/controller-puppet.yaml @@ -561,6 +561,11 @@ resources: - - 'mysql://nova:unset@' - {get_param: VirtualIP} - '/nova' + rabbit_hosts: + str_replace: + template: '["host"]' + params: + host: {get_param: VirtualIP} rabbit_username: {get_param: RabbitUserName} rabbit_password: {get_param: RabbitPassword} rabbit_cookie: {get_param: RabbitCookie} @@ -637,8 +642,11 @@ resources: cinder::api::auth_uri: {get_input: keystone_auth_uri} cinder::api::identity_uri: {get_input: keystone_identity_uri} cinder::api::bind_host: {get_input: controller_host} + cinder::rabbit_hosts: {get_input: rabbit_hosts} cinder::rabbit_userid: {get_input: rabbit_username} cinder::rabbit_password: {get_input: rabbit_password} + cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} + cinder::rabbit_port: {get_input: rabbit_client_port} cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend} #cinder::debug: {get_input: debug} # Glance @@ -669,9 +677,11 @@ resources: heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url} heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url} heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key} + heat::rabbit_hosts: {get_input: rabbit_hosts} heat::rabbit_userid: {get_input: rabbit_username} heat::rabbit_password: {get_input: rabbit_password} - heat::rabbit_host: {get_input: controller_virtual_ip} + heat::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} + heat::rabbit_port: {get_input: rabbit_client_port} heat::auth_uri: {get_input: keystone_auth_uri} heat::identity_uri: {get_input: keystone_identity_uri} heat::keystone_password: {get_input: heat_password} @@ -699,8 +709,11 @@ resources: mysql_cluster_name: {get_input: mysql_cluster_name} # Neutron neutron::bind_host: {get_input: controller_host} + neutron::rabbit_hosts: {get_input: rabbit_hosts} neutron::rabbit_password: {get_input: rabbit_password} neutron::rabbit_user: {get_input: rabbit_user} + neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} + neutron::rabbit_port: {get_input: rabbit_client_port} #neutron::debug: {get_input: debug} neutron::server::auth_uri: {get_input: keystone_auth_uri} neutron::server::identity_uri: {get_input: keystone_identity_uri} @@ -728,9 +741,11 @@ resources: neutron_dsn: {get_input: neutron_dsn} # Ceilometer ceilometer::metering_secret: {get_input: ceilometer_metering_secret} + ceilometer::rabbit_hosts: {get_input: rabbit_hosts} ceilometer::rabbit_userid: {get_input: rabbit_username} ceilometer::rabbit_password: {get_input: rabbit_password} - ceilometer::rabbit_host: {get_input: controller_virtual_ip} + ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} + ceilometer::rabbit_port: {get_input: rabbit_client_port} ceilometer::api::host: {get_input: controller_host} ceilometer::api::keystone_password: {get_input: ceilometer_password} ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri} @@ -740,8 +755,11 @@ resources: snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} # Nova + nova::rabbit_hosts: {get_input: rabbit_hosts} nova::rabbit_userid: {get_input: rabbit_username} nova::rabbit_password: {get_input: rabbit_password} + nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} + nova::rabbit_port: {get_input: rabbit_client_port} nova::api::auth_uri: {get_input: keystone_auth_uri} nova::api::identity_uri: {get_input: keystone_identity_uri} nova::api::api_bind_address: {get_input: controller_host} @@ -752,12 +770,7 @@ resources: nova::network::neutron::neutron_admin_password: {get_input: neutron_password} nova::network::neutron::neutron_url: {get_input: neutron_url} nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url} - # Rabbit - rabbit_username: {get_input: rabbit_username} - rabbit_password: {get_input: rabbit_password} - rabbit_client_use_ssl: {get_input: rabbit_client_use_ssl} - rabbit_client_port: {get_input: rabbit_client_port} rabbitmq::erlang_cookie: {get_input: rabbit_cookie} # Misc neutron_public_interface_ip: {get_input: neutron_public_interface_ip} diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 4136303971..577f50525c 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -129,29 +129,9 @@ if hiera('step') >= 2 { cluster_nodes => $rabbit_nodes, node_ip_address => hiera('controller_host'), } - rabbitmq_vhost { '/': provider => 'rabbitmqctl', } - rabbitmq_user { ['nova','glance','neutron','cinder','ceilometer','heat']: - admin => true, - password => hiera('rabbit_password'), - provider => 'rabbitmqctl', - } - - rabbitmq_user_permissions {[ - 'nova@/', - 'glance@/', - 'neutron@/', - 'cinder@/', - 'ceilometer@/', - 'heat@/', - ]: - configure_permission => '.*', - write_permission => '.*', - read_permission => '.*', - provider => 'rabbitmqctl', - } # pre-install swift here so we can build rings include ::swift @@ -220,7 +200,6 @@ if hiera('step') >= 3 { include ::glance::backend::swift class { 'nova': - rabbit_hosts => [hiera('controller_virtual_ip')], glance_api_servers => join([hiera('glance_protocol'), '://', hiera('controller_virtual_ip'), ':', hiera('glance_port')]), } @@ -232,10 +211,7 @@ if hiera('step') >= 3 { include ::nova::vncproxy include ::nova::scheduler - class {'neutron': - rabbit_hosts => [hiera('controller_virtual_ip')], - } - + include ::neutron include ::neutron::server include ::neutron::agents::dhcp include ::neutron::agents::l3 @@ -268,10 +244,7 @@ if hiera('step') >= 3 { Service['neutron-server'] -> Service['neutron-ovs-agent-service'] Service['neutron-server'] -> Service['neutron-metadata'] - class {'cinder': - rabbit_hosts => [hiera('controller_virtual_ip')], - } - + include ::cinder include ::cinder::api include ::cinder::glance include ::cinder::scheduler