9b95aa0a35
Signed-off-by: Dean Troyer <dtroyer@gmail.com>
289 lines
8.4 KiB
Puppet
289 lines
8.4 KiB
Puppet
class openstack::murano::params (
|
|
$api_port = 8082,
|
|
$auth_password = 'guest',
|
|
$auth_user = 'guest',
|
|
$service_enabled = false,
|
|
$disable_murano_agent = true,
|
|
$service_name = 'openstack-murano',
|
|
$database_idle_timeout = 60,
|
|
$database_max_pool_size = 1,
|
|
$database_max_overflow = 10,
|
|
$rabbit_normal_port = '5672',
|
|
$rabbit_ssl_port = '5671',
|
|
$rabbit_certs_dir = '/etc/ssl/private/murano-rabbit',
|
|
$tcp_listen_options,
|
|
$rabbit_tcp_listen_options,
|
|
$rabbit_cipher_list,
|
|
$tlsv2 = 'tlsv1.2',
|
|
$tlsv1 = 'tlsv1.1',
|
|
$ssl_fail_if_no_peer_cert = true,
|
|
$disk_free_limit = '10000000',
|
|
$heartbeat = '30',
|
|
$ssl = false,
|
|
) {}
|
|
|
|
class openstack::murano::firewall
|
|
inherits ::openstack::murano::params {
|
|
|
|
if $service_enabled {
|
|
platform::firewall::rule { 'murano-api':
|
|
service_name => 'murano',
|
|
ports => $api_port,
|
|
}
|
|
|
|
if $disable_murano_agent != true {
|
|
if $ssl == true {
|
|
platform::firewall::rule { 'murano-rabbit-ssl':
|
|
service_name => 'murano-rabbit-ssl',
|
|
ports => 5671,
|
|
}
|
|
platform::firewall::rule { 'murano-rabbit-regular':
|
|
service_name => 'murano-rabbit-regular',
|
|
ports => 5672,
|
|
ensure => absent,
|
|
}
|
|
} else {
|
|
platform::firewall::rule { 'murano-rabbit-regular':
|
|
service_name => 'murano-rabbit-regular',
|
|
ports => 5672,
|
|
}
|
|
platform::firewall::rule { 'murano-rabbit-ssl':
|
|
service_name => 'murano-rabbit-ssl',
|
|
ports => 5671,
|
|
ensure => absent,
|
|
}
|
|
}
|
|
} else {
|
|
platform::firewall::rule { 'murano-rabbit-regular':
|
|
service_name => 'murano-rabbit-regular',
|
|
ports => 5672,
|
|
ensure => absent,
|
|
}
|
|
platform::firewall::rule { 'murano-rabbit-ssl':
|
|
service_name => 'murano-rabbit-ssl',
|
|
ports => 5671,
|
|
ensure => absent,
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
class openstack::murano::haproxy
|
|
inherits ::openstack::murano::params {
|
|
|
|
if $service_enabled {
|
|
platform::haproxy::proxy { 'murano-restapi':
|
|
server_name => 's-murano-restapi',
|
|
public_port => $api_port,
|
|
private_port => $api_port,
|
|
}
|
|
}
|
|
}
|
|
|
|
class openstack::murano
|
|
inherits ::openstack::murano::params {
|
|
|
|
if $::platform::params::init_database {
|
|
include ::murano::db::postgresql
|
|
}
|
|
|
|
if str2bool($::is_initial_config_primary) {
|
|
class { '::murano::db::sync': }
|
|
}
|
|
|
|
include ::platform::params
|
|
include ::platform::amqp::params
|
|
|
|
include ::murano::client
|
|
|
|
class { '::murano::dashboard':
|
|
sync_db => false,
|
|
}
|
|
|
|
class { '::murano::engine':
|
|
workers => $::platform::params::eng_workers_by_4,
|
|
}
|
|
|
|
if $ssl {
|
|
$murano_rabbit_port = $rabbit_ssl_port
|
|
$murano_cacert = "${rabbit_certs_dir}/ca-cert.pem"
|
|
} else {
|
|
$murano_rabbit_port = $rabbit_normal_port
|
|
$murano_cacert = undef
|
|
}
|
|
|
|
include ::murano::params
|
|
|
|
class {'::murano':
|
|
use_syslog => true,
|
|
log_facility => 'local2',
|
|
service_host => $::platform::network::mgmt::params::controller_address,
|
|
service_port => '8082',
|
|
database_idle_timeout => $database_idle_timeout,
|
|
database_max_pool_size => $database_max_pool_size,
|
|
database_max_overflow => $database_max_overflow,
|
|
sync_db => false,
|
|
rabbit_own_user => $::openstack::murano::params::auth_user,
|
|
rabbit_own_password => $::openstack::murano::params::auth_password,
|
|
rabbit_own_host => $::platform::network::oam::params::controller_address,
|
|
rabbit_own_port => $murano_rabbit_port,
|
|
rabbit_own_vhost => "/",
|
|
rabbit_own_use_ssl => $ssl,
|
|
rabbit_own_ca_certs => $murano_cacert,
|
|
disable_murano_agent => $disable_murano_agent,
|
|
api_workers => $::platform::params::eng_workers_by_4,
|
|
default_transport_url => $::platform::amqp::params::transport_url,
|
|
}
|
|
|
|
# this rabbitmq is separate from the main one and used only for murano
|
|
case $::platform::amqp::params::backend {
|
|
'rabbitmq': {
|
|
enable_murano_agent_rabbitmq { 'rabbitmq': }
|
|
}
|
|
default: {}
|
|
}
|
|
}
|
|
|
|
class openstack::murano::api
|
|
inherits ::openstack::murano::params {
|
|
include ::platform::params
|
|
|
|
class { '::murano::api':
|
|
enabled => false,
|
|
host => $::platform::network::mgmt::params::controller_address,
|
|
}
|
|
|
|
$upgrade = $::platform::params::controller_upgrade
|
|
if $service_enabled and (str2bool($::is_controller_active) or $upgrade) {
|
|
include ::murano::keystone::auth
|
|
}
|
|
|
|
include ::openstack::murano::haproxy
|
|
include ::openstack::murano::firewall
|
|
|
|
}
|
|
|
|
define enable_murano_agent_rabbitmq {
|
|
include ::openstack::murano::params
|
|
include ::platform::params
|
|
|
|
# Rabbit configuration parameters
|
|
$amqp_platform_sw_version = $::platform::params::software_version
|
|
$kombu_ssl_ca_certs = "$::openstack::murano::params::rabbit_certs_dir/ca-cert.pem"
|
|
$kombu_ssl_keyfile = "$::openstack::murano::params::rabbit_certs_dir/key.pem"
|
|
$kombu_ssl_certfile = "$::openstack::murano::params::rabbit_certs_dir/cert.pem"
|
|
|
|
$murano_rabbit_dir = "/var/lib/rabbitmq/murano"
|
|
$rabbit_home = "${murano_rabbit_dir}/${amqp_platform_sw_version}"
|
|
$mnesia_base = "${rabbit_home}/mnesia"
|
|
$rabbit_node = $::platform::amqp::params::node
|
|
$murano_rabbit_node = "murano-${rabbit_node}"
|
|
$default_user = $::openstack::murano::params::auth_user
|
|
$default_pass = $::openstack::murano::params::auth_password
|
|
$disk_free_limit = $::openstack::murano::params::disk_free_limit
|
|
$heartbeat = $::openstack::murano::params::heartbeat
|
|
$port = $::openstack::murano::params::rabbit_normal_port
|
|
|
|
$rabbit_cipher_list = $::openstack::murano::params::rabbit_cipher_list
|
|
|
|
$ssl_interface = $::platform::network::oam::params::controller_address
|
|
$ssl_port = $::openstack::murano::params::rabbit_ssl_port
|
|
$tlsv2 = $::openstack::murano::params::tlsv2
|
|
$tlsv1 = $::openstack::murano::params::tlsv1
|
|
$fail_if_no_peer_cert = $::openstack::murano::params::ssl_fail_if_no_peer_cert
|
|
|
|
$tcp_listen_options = $::openstack::murano::params::tcp_listen_options
|
|
$rabbit_tcp_listen_options = $::openstack::murano::params::rabbit_tcp_listen_options
|
|
|
|
# murano rabbit ssl certificates are placed here
|
|
file { "$::openstack::murano::params::rabbit_certs_dir":
|
|
ensure => 'directory',
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0755',
|
|
}
|
|
|
|
if $::platform::params::init_database {
|
|
file { "${murano_rabbit_dir}":
|
|
ensure => 'directory',
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0755',
|
|
} ->
|
|
|
|
file { "${rabbit_home}":
|
|
ensure => 'directory',
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0755',
|
|
} ->
|
|
|
|
file { "${mnesia_base}":
|
|
ensure => 'directory',
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0755',
|
|
} -> Class['::rabbitmq']
|
|
}
|
|
|
|
if $::openstack::murano::params::ssl {
|
|
$files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ]
|
|
file { $files_to_set_owner:
|
|
owner => 'rabbitmq',
|
|
group => 'rabbitmq',
|
|
require => Package['rabbitmq-server'],
|
|
notify => Service['rabbitmq-server'],
|
|
}
|
|
$rabbitmq_conf_template= 'openstack/murano-rabbitmq.config.ssl.erb'
|
|
|
|
} else {
|
|
$rabbitmq_conf_template= 'openstack/murano-rabbitmq.config.erb'
|
|
}
|
|
|
|
file { "/etc/rabbitmq/murano-rabbitmq.config":
|
|
ensure => present,
|
|
owner => 'rabbitmq',
|
|
group => 'rabbitmq',
|
|
mode => '0640',
|
|
content => template($rabbitmq_conf_template),
|
|
}
|
|
|
|
file { "/etc/rabbitmq/murano-rabbitmq-env.conf":
|
|
ensure => present,
|
|
owner => 'rabbitmq',
|
|
group => 'rabbitmq',
|
|
mode => '0640',
|
|
content => template('openstack/murano-rabbitmq-env.conf.erb'),
|
|
}
|
|
}
|
|
|
|
class openstack::murano::upgrade {
|
|
include ::platform::params
|
|
|
|
$amqp_platform_sw_version = $::platform::params::software_version
|
|
$murano_rabbit_dir = "/var/lib/rabbitmq/murano"
|
|
$rabbit_home = "${murano_rabbit_dir}/${amqp_platform_sw_version}"
|
|
$mnesia_base = "${rabbit_home}/mnesia"
|
|
|
|
file { "${murano_rabbit_dir}":
|
|
ensure => 'directory',
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0755',
|
|
} ->
|
|
|
|
file { "${rabbit_home}":
|
|
ensure => 'directory',
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0755',
|
|
} ->
|
|
|
|
file { "${mnesia_base}":
|
|
ensure => 'directory',
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0755',
|
|
}
|
|
}
|