Merge "Keystone DB sync - update puppet manifest for dcdbsync service" into f/keystone-db

2019-03-26 21:00:14 +00:00 · 2019-03-26 21:00:14 +00:00 · bcdf8c5905
parent b7bafc13bf 047eda8ea5
commit bcdf8c5905
9 changed files with 189 additions and 8 deletions
--- a/puppet-manifests/centos/build_srpm.data
+++ b/puppet-manifests/centos/build_srpm.data
@ -1,2 +1,2 @@
 SRC_DIR="src"
-TIS_PATCH_VER=80
+TIS_PATCH_VER=81
--- a/puppet-manifests/centos/puppet-manifests.spec
+++ b/puppet-manifests/centos/puppet-manifests.spec
@ -22,6 +22,7 @@ Requires: puppet-sysinv
 Requires: puppet-sshd
 Requires: puppet-smapi
 Requires: puppet-fm
+Requires: puppet-dcdbsync

 # Openstack puppet modules
 Requires: puppet-aodh
--- a/puppet-manifests/src/hieradata/controller.yaml
+++ b/puppet-manifests/src/hieradata/controller.yaml
@ -536,6 +536,11 @@ dcmanager::use_syslog: true
 dcmanager::log_facility: 'local2'
 dcmanager::debug: false

+# Dcdbsync
+dbsync::use_syslog: true
+dbsync::log_facility: 'local2'
+dbsync::debug: false
+
 # FM
 fm::use_syslog: true
 fm::log_facility: 'local2'
--- a/puppet-manifests/src/manifests/controller.pp
+++ b/puppet-manifests/src/manifests/controller.pp
@ -133,6 +133,9 @@ include ::platform::dcmanager::api

 include ::platform::dcorch::snmp

+include ::platform::dcdbsync
+include ::platform::dcdbsync::api
+
 include ::platform::smapi

 include ::openstack::swift
--- a/puppet-manifests/src/modules/openstack/templates/keystone-policy.json.erb
+++ b/puppet-manifests/src/modules/openstack/templates/keystone-policy.json.erb
@ -27,7 +27,8 @@
                           ["'murano':%(target.user.name)s"],
                           ["'panko':%(target.user.name)s"],
                           ["'gnocchi':%(target.user.name)s"],
-                           ["'fm':%(target.user.name)s"]],
+                           ["'fm':%(target.user.name)s"],
+                           ["'dcdbsync':%(target.user.name)s"]],

    "identity:delete_service": "rule:admin_required and not rule:protected_services",

--- a/puppet-manifests/src/modules/platform/manifests/dcdbsync.pp
+++ b/puppet-manifests/src/modules/platform/manifests/dcdbsync.pp
@ -0,0 +1,44 @@
+class platform::dcdbsync::params (
+  $api_port = 8219,
+  $region_name = undef,
+  $service_create = false,
+  $service_enabled = false,
+  $default_endpoint_type = 'internalURL',
+) {
+  include ::platform::params
+}
+
+class platform::dcdbsync
+  inherits ::platform::dcdbsync::params {
+  if ($::platform::params::distributed_cloud_role == 'systemcontroller' or
+      $::platform::params::distributed_cloud_role == 'subcloud') {
+    if $service_create {
+      if $::platform::params::init_keystone {
+        include ::dcdbsync::keystone::auth
+      }
+
+      class { '::dcdbsync': }
+    }
+  }
+}
+
+class platform::dcdbsync::api
+  inherits ::platform::dcdbsync::params {
+  if ($::platform::params::distributed_cloud_role == 'systemcontroller' or
+      $::platform::params::distributed_cloud_role == 'subcloud') {
+    if $service_create {
+      include ::platform::network::mgmt::params
+
+      $api_host = $::platform::network::mgmt::params::controller_address
+      $api_fqdn = $::platform::params::controller_hostname
+      $url_host = "http://${api_fqdn}:${api_port}"
+
+      class { '::dcdbsync::api':
+        bind_host => $api_host,
+        bind_port => $api_port,
+        enabled   => $service_enabled,
+      }
+    }
+  }
+}
+
--- a/puppet-manifests/src/modules/platform/manifests/sm.pp
+++ b/puppet-manifests/src/modules/platform/manifests/sm.pp
@ -572,6 +572,22 @@ class platform::sm
    if $::platform::params::distributed_cloud_role =='subcloud' {
      $configure_keystone = true

+      # Provision and configure dcorch dbsync when running as a subcloud
+      exec { 'Provision distributed-cloud-services (service-domain-member distributed-cloud-services)':
+        command => 'sm-provision service-domain-member controller distributed-cloud-services',
+      }
+      -> exec { 'Provision distributed-cloud-services (service-group distributed-cloud-services)':
+        command => 'sm-provision service-group distributed-cloud-services',
+      }
+      -> exec { 'Provision DCDBsync-RestApi (service-group-member dcdbsync-api)':
+        command => 'sm-provision service-group-member distributed-cloud-services dcdbsync-api',
+      }
+      -> exec { 'Provision DCDBsync-RestApi in SM (service dcdbsync-api)':
+        command => 'sm-provision service dcdbsync-api',
+      }
+      -> exec { 'Configure OpenStack - DCDBsync-API':
+        command => "sm-configure service_instance dcdbsync-api dcdbsync-api \"\"",
+      }
      # Deprovision Horizon when running as a subcloud
      exec { 'Deprovision OpenStack - Horizon (service-group-member)':
        command => 'sm-deprovision service-group-member web-services horizon',
@ -1698,6 +1714,12 @@ class platform::sm
    -> exec { 'Provision DCOrch-Patch-Api-Proxy in SM (service dcorch-patch-api-proxy)':
      command => 'sm-provision service dcorch-patch-api-proxy',
    }
+    -> exec { 'Provision DCDBsync-RestApi (service-group-member dcdbsync-api)':
+      command => 'sm-provision service-group-member distributed-cloud-services dcdbsync-api',
+    }
+    -> exec { 'Provision DCDBsync-RestApi in SM (service dcdbsync-api)':
+      command => 'sm-provision service dcdbsync-api',
+    }
    -> exec { 'Configure Platform - DCManager-Manager':
      command => "sm-configure service_instance dcmanager-manager dcmanager-manager \"\"",
    }
@ -1725,6 +1747,9 @@ class platform::sm
    -> exec { 'Configure OpenStack - DCOrch-patch-api-proxy':
      command => "sm-configure service_instance dcorch-patch-api-proxy dcorch-patch-api-proxy \"\"",
    }
+    -> exec { 'Configure OpenStack - DCDBsync-API':
+      command => "sm-configure service_instance dcdbsync-api dcdbsync-api \"\"",
+    }
    if $cinder_service_enabled {
      notice('Enable cinder-api-proxy')
      exec { 'Provision DCOrch-Cinder-Api-Proxy (service-group-member dcorch-cinder-api-proxy)':
--- a/sysinv/sysinv/sysinv/setup.cfg
+++ b/sysinv/sysinv/sysinv/setup.cfg
@ -66,12 +66,13 @@ systemconfig.puppet_plugins =
    026_panko = sysinv.puppet.panko:PankoPuppet
    027_dcmanager = sysinv.puppet.dcmanager:DCManagerPuppet
    028_dcorch = sysinv.puppet.dcorch:DCOrchPuppet
-    029_kubernetes = sysinv.puppet.kubernetes:KubernetesPuppet
-    030_smapi = sysinv.puppet.smapi:SmPuppet
-    031_fm = sysinv.puppet.fm:FmPuppet
-    032_swift = sysinv.puppet.swift:SwiftPuppet
-    033_service_parameter = sysinv.puppet.service_parameter:ServiceParamPuppet
-    034_barbican = sysinv.puppet.barbican:BarbicanPuppet
+    029_dcdbsync = sysinv.puppet.dcdbsync:DCDBsyncPuppet
+    030_kubernetes = sysinv.puppet.kubernetes:KubernetesPuppet
+    031_smapi = sysinv.puppet.smapi:SmPuppet
+    032_fm = sysinv.puppet.fm:FmPuppet
+    033_swift = sysinv.puppet.swift:SwiftPuppet
+    034_service_parameter = sysinv.puppet.service_parameter:ServiceParamPuppet
+    035_barbican = sysinv.puppet.barbican:BarbicanPuppet

 systemconfig.helm_plugins =
    aodh = sysinv.helm.aodh:AodhHelm
--- a/sysinv/sysinv/sysinv/sysinv/puppet/dcdbsync.py
+++ b/sysinv/sysinv/sysinv/sysinv/puppet/dcdbsync.py
@ -0,0 +1,101 @@
+#
+# Copyright (c) 2019 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+from sysinv.common import constants
+from sysinv.puppet import openstack
+
+
+class DCDBsyncPuppet(openstack.OpenstackBasePuppet):
+    """Class to encapsulate puppet operations for dcdbsync
+     configuration"""
+
+    SERVICE_NAME = 'dcdbsync'
+    SERVICE_PORT = 8219
+    SERVICE_PATH = 'v1.0'
+    IDENTITY_SERVICE_NAME = 'keystone'
+    IDENTITY_SERVICE_DB = 'keystone'
+
+    def get_static_config(self):
+        dbuser = self._get_database_username(self.IDENTITY_SERVICE_NAME)
+
+        return {
+            'dcdbsync::db::postgresql::user': dbuser,
+        }
+
+    def get_secure_static_config(self):
+        dbpass = self._get_database_password(self.IDENTITY_SERVICE_NAME)
+        kspass = self._get_service_password(self.SERVICE_NAME)
+
+        # initial bootstrap is bound to localhost
+        dburl = self._format_database_connection(self.IDENTITY_SERVICE_NAME,
+                                                 constants.LOCALHOST_HOSTNAME,
+                                                 database=self.IDENTITY_SERVICE_DB)
+        return {
+            'dcdbsync::database_connection': dburl,
+            'dcdbsync::db::postgresql::password': dbpass,
+            'dcdbsync::keystone::auth::password': kspass,
+            'dcdbsync::api::keystone_password': kspass,
+        }
+
+    def get_system_config(self):
+        ksuser = self._get_service_user_name(self.SERVICE_NAME)
+
+        return {
+            # The region in which the identity server can be found
+            'dcdbsync::region_name': self._keystone_region_name(),
+
+            'dcdbsync::keystone::auth::public_url': self.get_public_url(),
+            'dcdbsync::keystone::auth::internal_url': self.get_internal_url(),
+            'dcdbsync::keystone::auth::admin_url': self.get_admin_url(),
+            'dcdbsync::keystone::auth::region': self._region_name(),
+            'dcdbsync::keystone::auth::auth_name': ksuser,
+            'dcdbsync::keystone::auth::auth_domain':
+                self._get_service_user_domain_name(),
+            'dcdbsync::keystone::auth::service_name': self.SERVICE_NAME,
+            'dcdbsync::keystone::auth::tenant': self._get_service_tenant_name(),
+            'dcdbsync::api::bind_host': self._get_management_address(),
+            'dcdbsync::api::keystone_auth_uri': self._keystone_auth_uri(),
+            'dcdbsync::api::keystone_identity_uri':
+                self._keystone_identity_uri(),
+            'dcdbsync::api::keystone_tenant': self._get_service_project_name(),
+            'dcdbsync::api::keystone_user_domain':
+                self._get_service_user_domain_name(),
+            'dcdbsync::api::keystone_project_domain':
+                self._get_service_project_domain_name(),
+            'dcdbsync::api::keystone_user': ksuser,
+            'platform::dcdbsync::params::region_name': self.get_region_name(),
+            'platform::dcdbsync::params::service_create':
+                self._to_create_services(),
+        }
+
+    def get_secure_system_config(self):
+        dbpass = self._get_database_password(self.IDENTITY_SERVICE_NAME)
+        kspass = self._get_service_password(self.SERVICE_NAME)
+
+        return {
+            'dcdbsync::database_connection':
+                self._format_database_connection(
+                    self.IDENTITY_SERVICE_NAME,
+                    database=self.IDENTITY_SERVICE_DB),
+            'dcdbsync::db::postgresql::password': dbpass,
+            'dcdbsync::keystone::auth::password': kspass,
+            'dcdbsync::api::keystone_password': kspass,
+        }
+
+    def get_public_url(self):
+        return self._format_public_endpoint(self.SERVICE_PORT,
+                                            path=self.SERVICE_PATH)
+
+    def get_internal_url(self):
+        return self._format_private_endpoint(self.SERVICE_PORT,
+                                             path=self.SERVICE_PATH)
+
+    def get_admin_url(self):
+        return self._format_private_endpoint(self.SERVICE_PORT,
+                                             path=self.SERVICE_PATH)
+
+    def get_region_name(self):
+        return self._get_service_region_name(self.SERVICE_NAME)