Keystone DB sync - update puppet manifest for dcdbsync service

This commit adds dcorch dbsync sysinv puppet plugin. It also updates controller manifest to deploy and configure the service, and sm manifest to manage the service. With this commit, dbsync service will be deployed, configured, and started after config_controller. Story: 2002842 Task: 22787 Signed-off-by: Andy Ning <andy.ning@windriver.com> (cherry picked from commit 047eda8ea5) Conflicts: puppet-manifests/centos/build_srpm.data puppet-manifests/src/modules/openstack/templates/keystone-policy.json.erb puppet-manifests/src/modules/platform/manifests/sm.pp sysinv/sysinv/sysinv/setup.cfg Depends-On: https://review.opendev.org/#/c/655903 Depends-On: https://review.opendev.org/#/c/655757 Change-Id: I3e361d6751f22ace3600206289dabb8c9d174661
2018-12-20 11:22:14 -05:00
parent c880860c59
commit 1906ebc5cb
9 changed files with 189 additions and 8 deletions
--- a/puppet-manifests/centos/build_srpm.data
+++ b/puppet-manifests/centos/build_srpm.data
@@ -1,2 +1,2 @@
 SRC_DIR="src"
-TIS_PATCH_VER=87
+TIS_PATCH_VER=88
--- a/puppet-manifests/centos/puppet-manifests.spec
+++ b/puppet-manifests/centos/puppet-manifests.spec
@@ -21,6 +21,7 @@ Requires: puppet-sysinv
 Requires: puppet-sshd
 Requires: puppet-smapi
 Requires: puppet-fm
+Requires: puppet-dcdbsync

 # Openstack puppet modules
 Requires: puppet-barbican
--- a/puppet-manifests/src/hieradata/controller.yaml
+++ b/puppet-manifests/src/hieradata/controller.yaml
@@ -213,6 +213,11 @@ dcmanager::use_syslog: true
 dcmanager::log_facility: 'local2'
 dcmanager::debug: false

+# Dcdbsync
+dbsync::use_syslog: true
+dbsync::log_facility: 'local2'
+dbsync::debug: false
+
 # FM
 fm::use_syslog: true
 fm::log_facility: 'local2'
--- a/puppet-manifests/src/manifests/controller.pp
+++ b/puppet-manifests/src/manifests/controller.pp
@@ -90,6 +90,9 @@ include ::platform::dcmanager::api

 include ::platform::dcorch::snmp

+include ::platform::dcdbsync
+include ::platform::dcdbsync::api
+
 include ::platform::smapi

 include ::openstack::barbican
--- a/puppet-manifests/src/modules/openstack/templates/keystone-policy.json.erb
+++ b/puppet-manifests/src/modules/openstack/templates/keystone-policy.json.erb
@@ -16,7 +16,8 @@
                           ["'patching':%(target.user.name)s"],
                           ["'sysinv':%(target.user.name)s"],
                           ["'mtce':%(target.user.name)s"],
-                           ["'fm':%(target.user.name)s"]],
+                           ["'fm':%(target.user.name)s"],
+                           ["'dcdbsync':%(target.user.name)s"]],

    "identity:delete_service": "rule:admin_required and not rule:protected_services",

--- a/puppet-manifests/src/modules/platform/manifests/dcdbsync.pp
+++ b/puppet-manifests/src/modules/platform/manifests/dcdbsync.pp
@@ -0,0 +1,44 @@
+class platform::dcdbsync::params (
+  $api_port = 8219,
+  $region_name = undef,
+  $service_create = false,
+  $service_enabled = false,
+  $default_endpoint_type = 'internalURL',
+) {
+  include ::platform::params
+}
+
+class platform::dcdbsync
+  inherits ::platform::dcdbsync::params {
+  if ($::platform::params::distributed_cloud_role == 'systemcontroller' or
+      $::platform::params::distributed_cloud_role == 'subcloud') {
+    if $service_create {
+      if $::platform::params::init_keystone {
+        include ::dcdbsync::keystone::auth
+      }
+
+      class { '::dcdbsync': }
+    }
+  }
+}
+
+class platform::dcdbsync::api
+  inherits ::platform::dcdbsync::params {
+  if ($::platform::params::distributed_cloud_role == 'systemcontroller' or
+      $::platform::params::distributed_cloud_role == 'subcloud') {
+    if $service_create {
+      include ::platform::network::mgmt::params
+
+      $api_host = $::platform::network::mgmt::params::controller_address
+      $api_fqdn = $::platform::params::controller_hostname
+      $url_host = "http://${api_fqdn}:${api_port}"
+
+      class { '::dcdbsync::api':
+        bind_host => $api_host,
+        bind_port => $api_port,
+        enabled   => $service_enabled,
+      }
+    }
+  }
+}
+
--- a/puppet-manifests/src/modules/platform/manifests/sm.pp
+++ b/puppet-manifests/src/modules/platform/manifests/sm.pp
@@ -421,6 +421,22 @@ class platform::sm
    if $::platform::params::distributed_cloud_role =='subcloud' {
      $configure_keystone = true

+      # Provision and configure dcorch dbsync when running as a subcloud
+      exec { 'Provision distributed-cloud-services (service-domain-member distributed-cloud-services)':
+        command => 'sm-provision service-domain-member controller distributed-cloud-services',
+      }
+      -> exec { 'Provision distributed-cloud-services (service-group distributed-cloud-services)':
+        command => 'sm-provision service-group distributed-cloud-services',
+      }
+      -> exec { 'Provision DCDBsync-RestApi (service-group-member dcdbsync-api)':
+        command => 'sm-provision service-group-member distributed-cloud-services dcdbsync-api',
+      }
+      -> exec { 'Provision DCDBsync-RestApi in SM (service dcdbsync-api)':
+        command => 'sm-provision service dcdbsync-api',
+      }
+      -> exec { 'Configure OpenStack - DCDBsync-API':
+        command => "sm-configure service_instance dcdbsync-api dcdbsync-api \"\"",
+      }
      # Deprovision Horizon when running as a subcloud
      exec { 'Deprovision OpenStack - Horizon (service-group-member)':
        command => 'sm-deprovision service-group-member web-services horizon',
@@ -842,6 +858,12 @@ class platform::sm
    -> exec { 'Provision DCOrch-Patch-Api-Proxy in SM (service dcorch-patch-api-proxy)':
      command => 'sm-provision service dcorch-patch-api-proxy',
    }
+    -> exec { 'Provision DCDBsync-RestApi (service-group-member dcdbsync-api)':
+      command => 'sm-provision service-group-member distributed-cloud-services dcdbsync-api',
+    }
+    -> exec { 'Provision DCDBsync-RestApi in SM (service dcdbsync-api)':
+      command => 'sm-provision service dcdbsync-api',
+    }
    -> exec { 'Configure Platform - DCManager-Manager':
      command => "sm-configure service_instance dcmanager-manager dcmanager-manager \"\"",
    }
@@ -863,6 +885,9 @@ class platform::sm
    -> exec { 'Configure OpenStack - DCOrch-patch-api-proxy':
      command => "sm-configure service_instance dcorch-patch-api-proxy dcorch-patch-api-proxy \"\"",
    }
+    -> exec { 'Configure OpenStack - DCDBsync-API':
+      command => "sm-configure service_instance dcdbsync-api dcdbsync-api \"\"",
+    }
  }

  # lint:endignore:140chars
--- a/sysinv/sysinv/sysinv/setup.cfg
+++ b/sysinv/sysinv/sysinv/setup.cfg
@@ -65,12 +65,13 @@ systemconfig.puppet_plugins =
    025_ironic = sysinv.puppet.ironic:IronicPuppet
    027_dcmanager = sysinv.puppet.dcmanager:DCManagerPuppet
    028_dcorch = sysinv.puppet.dcorch:DCOrchPuppet
-    029_kubernetes = sysinv.puppet.kubernetes:KubernetesPuppet
-    030_smapi = sysinv.puppet.smapi:SmPuppet
-    031_fm = sysinv.puppet.fm:FmPuppet
-    032_swift = sysinv.puppet.swift:SwiftPuppet
-    033_barbican = sysinv.puppet.barbican:BarbicanPuppet
-    034_dockerdistribution = sysinv.puppet.dockerdistribution:DockerDistributionPuppet
+    029_dcdbsync = sysinv.puppet.dcdbsync:DCDBsyncPuppet
+    030_kubernetes = sysinv.puppet.kubernetes:KubernetesPuppet
+    031_smapi = sysinv.puppet.smapi:SmPuppet
+    032_fm = sysinv.puppet.fm:FmPuppet
+    033_swift = sysinv.puppet.swift:SwiftPuppet
+    034_barbican = sysinv.puppet.barbican:BarbicanPuppet
+    035_dockerdistribution = sysinv.puppet.dockerdistribution:DockerDistributionPuppet
    099_service_parameter = sysinv.puppet.service_parameter:ServiceParamPuppet

 systemconfig.helm_applications =
--- a/sysinv/sysinv/sysinv/sysinv/puppet/dcdbsync.py
+++ b/sysinv/sysinv/sysinv/sysinv/puppet/dcdbsync.py
@@ -0,0 +1,101 @@
+#
+# Copyright (c) 2019 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+from sysinv.common import constants
+from sysinv.puppet import openstack
+
+
+class DCDBsyncPuppet(openstack.OpenstackBasePuppet):
+    """Class to encapsulate puppet operations for dcdbsync
+     configuration"""
+
+    SERVICE_NAME = 'dcdbsync'
+    SERVICE_PORT = 8219
+    SERVICE_PATH = 'v1.0'
+    IDENTITY_SERVICE_NAME = 'keystone'
+    IDENTITY_SERVICE_DB = 'keystone'
+
+    def get_static_config(self):
+        dbuser = self._get_database_username(self.IDENTITY_SERVICE_NAME)
+
+        return {
+            'dcdbsync::db::postgresql::user': dbuser,
+        }
+
+    def get_secure_static_config(self):
+        dbpass = self._get_database_password(self.IDENTITY_SERVICE_NAME)
+        kspass = self._get_service_password(self.SERVICE_NAME)
+
+        # initial bootstrap is bound to localhost
+        dburl = self._format_database_connection(self.IDENTITY_SERVICE_NAME,
+                                                 constants.LOCALHOST_HOSTNAME,
+                                                 database=self.IDENTITY_SERVICE_DB)
+        return {
+            'dcdbsync::database_connection': dburl,
+            'dcdbsync::db::postgresql::password': dbpass,
+            'dcdbsync::keystone::auth::password': kspass,
+            'dcdbsync::api::keystone_password': kspass,
+        }
+
+    def get_system_config(self):
+        ksuser = self._get_service_user_name(self.SERVICE_NAME)
+
+        return {
+            # The region in which the identity server can be found
+            'dcdbsync::region_name': self._keystone_region_name(),
+
+            'dcdbsync::keystone::auth::public_url': self.get_public_url(),
+            'dcdbsync::keystone::auth::internal_url': self.get_internal_url(),
+            'dcdbsync::keystone::auth::admin_url': self.get_admin_url(),
+            'dcdbsync::keystone::auth::region': self._region_name(),
+            'dcdbsync::keystone::auth::auth_name': ksuser,
+            'dcdbsync::keystone::auth::auth_domain':
+                self._get_service_user_domain_name(),
+            'dcdbsync::keystone::auth::service_name': self.SERVICE_NAME,
+            'dcdbsync::keystone::auth::tenant': self._get_service_tenant_name(),
+            'dcdbsync::api::bind_host': self._get_management_address(),
+            'dcdbsync::api::keystone_auth_uri': self._keystone_auth_uri(),
+            'dcdbsync::api::keystone_identity_uri':
+                self._keystone_identity_uri(),
+            'dcdbsync::api::keystone_tenant': self._get_service_project_name(),
+            'dcdbsync::api::keystone_user_domain':
+                self._get_service_user_domain_name(),
+            'dcdbsync::api::keystone_project_domain':
+                self._get_service_project_domain_name(),
+            'dcdbsync::api::keystone_user': ksuser,
+            'platform::dcdbsync::params::region_name': self.get_region_name(),
+            'platform::dcdbsync::params::service_create':
+                self._to_create_services(),
+        }
+
+    def get_secure_system_config(self):
+        dbpass = self._get_database_password(self.IDENTITY_SERVICE_NAME)
+        kspass = self._get_service_password(self.SERVICE_NAME)
+
+        return {
+            'dcdbsync::database_connection':
+                self._format_database_connection(
+                    self.IDENTITY_SERVICE_NAME,
+                    database=self.IDENTITY_SERVICE_DB),
+            'dcdbsync::db::postgresql::password': dbpass,
+            'dcdbsync::keystone::auth::password': kspass,
+            'dcdbsync::api::keystone_password': kspass,
+        }
+
+    def get_public_url(self):
+        return self._format_public_endpoint(self.SERVICE_PORT,
+                                            path=self.SERVICE_PATH)
+
+    def get_internal_url(self):
+        return self._format_private_endpoint(self.SERVICE_PORT,
+                                             path=self.SERVICE_PATH)
+
+    def get_admin_url(self):
+        return self._format_private_endpoint(self.SERVICE_PORT,
+                                             path=self.SERVICE_PATH)
+
+    def get_region_name(self):
+        return self._get_service_region_name(self.SERVICE_NAME)